From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 5 Nov 2020 12:44:53 +0000 (-0500)
Subject: tests: ICMPv4 header tests
X-Git-Tag: suricata-6.0.4~216
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c0102c0ca5effd0ecf9c7215606c6703fd87a8e;p=thirdparty%2Fsuricata-verify.git

tests: ICMPv4 header tests
---

diff --git a/tests/icmp-hdr-01/input.pcap b/tests/icmp-hdr-01/input.pcap
new file mode 100644
index 000000000..170b5e89d
Binary files /dev/null and b/tests/icmp-hdr-01/input.pcap differ
diff --git a/tests/icmp-hdr-01/input.rules b/tests/icmp-hdr-01/input.rules
new file mode 100644
index 000000000..1b5c89535
--- /dev/null
+++ b/tests/icmp-hdr-01/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content:"|0a 0e 50 54 42|"; sid:1; rev:1;)
diff --git a/tests/icmp-hdr-01/test.yaml b/tests/icmp-hdr-01/test.yaml
new file mode 100644
index 000000000..15983c6af
--- /dev/null
+++ b/tests/icmp-hdr-01/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 0
+      icmp_type: 9
diff --git a/tests/icmp-hdr-02/input.pcap b/tests/icmp-hdr-02/input.pcap
new file mode 100644
index 000000000..bf5c4e573
Binary files /dev/null and b/tests/icmp-hdr-02/input.pcap differ
diff --git a/tests/icmp-hdr-02/input.rules b/tests/icmp-hdr-02/input.rules
new file mode 100644
index 000000000..b8c187dc5
--- /dev/null
+++ b/tests/icmp-hdr-02/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content: "|be 0a 7b 00 03|"; sid:1; rev:1;)
diff --git a/tests/icmp-hdr-02/test.yaml b/tests/icmp-hdr-02/test.yaml
new file mode 100644
index 000000000..8b5f98f27
--- /dev/null
+++ b/tests/icmp-hdr-02/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 1
+      icmp_type: 5