From: Jason Ish Date: Wed, 14 May 2025 22:35:04 +0000 (-0600) Subject: tests: add mdns test X-Git-Tag: suricata-7.0.11~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=797cb6c05964de6ecc873b7a44ba24d74c46674c;p=thirdparty%2Fsuricata-verify.git tests: add mdns test Ticket: #3952 --- diff --git a/tests/mdns/test.rules b/tests/mdns/test.rules new file mode 100644 index 000000000..44f36faa0 --- /dev/null +++ b/tests/mdns/test.rules @@ -0,0 +1,3 @@ +alert mdns any any -> any any (mdns.queries.rrname; content: "_apple"; sid:1;) +alert mdns any any -> any any (mdns.answers.rrname; content: "Mac"; sid:2;) +alert mdns any any -> any any (mdns.response.rrname; content: "John’s iMac._companion-link._tcp.local"; sid:3;) diff --git a/tests/mdns/test.yaml b/tests/mdns/test.yaml new file mode 100644 index 000000000..3fcd63d5b --- /dev/null +++ b/tests/mdns/test.yaml @@ -0,0 +1,41 @@ +requires: + min-version: 8.0.0 + +pcap: ../ipv6-evasion/ipv6-malformed-fragments-9/frag-9.pcap + +checks: + - filter: + count: 1 + match: + pcap_cnt: 6 + event_type: mdns + mdns.type: response + mdns.answers[0].rrname: "John’s iMac._device-info._tcp.local" + mdns.answers[0].txt: ["model=iMac17,1", "osxvers=17"] + mdns.answers[1].rrname: "_companion-link._tcp.local" + mdns.answers[1].ptr: "John’s iMac._companion-link._tcp.local" + - filter: + count: 1 + match: + pcap_cnt: 11 + event_type: mdns + mdns.type: request + mdns.queries[0].rrname: "_apple-mobdev._tcp.local" + mdns.queries[0].rrtype: "ptr" + mdns.queries[1].rrname: "92e80812._sub._apple-mobdev2._tcp.local" + mdns.queries[1].rrtype: "ptr" + mdns.queries[2].rrname: "_apple-pairable._tcp.local" + mdns.queries[2].rrtype: "ptr" + - filter: + count: 1 + match: + alert.signature_id: 1 + - filter: + count: 1 + match: + alert.signature_id: 2 + - filter: + count: 1 + match: + alert.signature_id: 3 +