From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 4 Jul 2024 23:56:09 +0000 (-0600)
Subject: bug-990: dns v2 and v3 tests
X-Git-Tag: suricata-7.0.7~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a31c196ab91c81da003c4313f20ffae937fdca2;p=thirdparty%2Fsuricata-verify.git

bug-990: dns v2 and v3 tests

As this is a DNS test move into dns/.
---

diff --git a/tests/bug-990/input.pcap b/tests/dns/bug-990/input.pcap
similarity index 100%
rename from tests/bug-990/input.pcap
rename to tests/dns/bug-990/input.pcap
diff --git a/tests/bug-990/test.rules b/tests/dns/bug-990/test.rules
similarity index 100%
rename from tests/bug-990/test.rules
rename to tests/dns/bug-990/test.rules
diff --git a/tests/dns/bug-990/test.yaml b/tests/dns/bug-990/test.yaml
new file mode 100644
index 000000000..4b61a4295
--- /dev/null
+++ b/tests/dns/bug-990/test.yaml
@@ -0,0 +1,44 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 0
+    match:
+      event_type: alert
+- filter:
+    count: 1
+    match:
+      dest_ip: 192.38.129.234
+      dest_port: 53
+      dns.id: 28390
+      dns.queries[0].rrname: code.msdn.microsoft.com
+      dns.queries[0].rrtype: A
+      dns.tx_id: 0
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 192.168.69.156
+      src_port: 49379
+- filter:
+    count: 1
+    match:
+      app_proto: dns
+      dest_ip: 192.38.129.234
+      dest_port: 53
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 0
+      flow.bytes_toserver: 83
+      flow.pkts_toclient: 0
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.state: new
+      proto: UDP
+      src_ip: 192.168.69.156
+      src_port: 49379
diff --git a/tests/dns/v2/bug-990/test.rules b/tests/dns/v2/bug-990/test.rules
new file mode 100644
index 000000000..81f44a60a
--- /dev/null
+++ b/tests/dns/v2/bug-990/test.rules
@@ -0,0 +1,2 @@
+#alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC 0 ttl"; ttl:0; reference:url,support.microsoft.com/default.aspx?scid=kb\;EN-US\;q138268; reference:url,www.isi.edu/in-notes/rfc1122.txt; classtype:misc-activity; sid:1321; rev:8;)
+alert ip any any -> any any (msg:"BAD-TRAFFIC 0 ttl"; ttl:0; reference:url,support.microsoft.com/default.aspx?scid=kb\;EN-US\;q138268; reference:url,www.isi.edu/in-notes/rfc1122.txt; classtype:misc-activity; sid:1321; rev:8;)
diff --git a/tests/bug-990/test.yaml b/tests/dns/v2/bug-990/test.yaml
similarity index 92%
rename from tests/bug-990/test.yaml
rename to tests/dns/v2/bug-990/test.yaml
index 4499ae802..f33660258 100644
--- a/tests/bug-990/test.yaml
+++ b/tests/dns/v2/bug-990/test.yaml
@@ -1,6 +1,11 @@
 args:
 - -k none
 
+env:
+  SURICATA_EVE_DNS_VERSION: 2
+
+pcap: ../../bug-990/input.pcap
+
 checks:
 - filter:
     count: 0