From: Jason Ish <ish@unx.ca>
Date: Fri, 9 Jun 2017 16:10:22 +0000 (-0600)
Subject: dns-tcp-ts-gap: test gap in tcp dns traffic
X-Git-Tag: suricata-6.0.4~582
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f3a2f15a6d2b26fd22743531b7ace65f3b68417;p=thirdparty%2Fsuricata-verify.git

dns-tcp-ts-gap: test gap in tcp dns traffic
---

diff --git a/dns-tcp-ts-gap/README.md b/dns-tcp-ts-gap/README.md
new file mode 100644
index 000000000..133917027
--- /dev/null
+++ b/dns-tcp-ts-gap/README.md
@@ -0,0 +1,2 @@
+Test TCP DNS application layer handling with a missing packet (gap) in
+the to-server direction.
diff --git a/dns-tcp-ts-gap/check.sh b/dns-tcp-ts-gap/check.sh
new file mode 100755
index 000000000..4ba1a637d
--- /dev/null
+++ b/dns-tcp-ts-gap/check.sh
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+. ../functions.sh
+
+# As a request was missing, we should have 2 requests, but 26
+# responses, as each request resulted in 12 responses.
+log=./output/eve.json
+
+n=$(cat ${log} | \
+	jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | \
+	wc -l)
+assert_eq 2 $n
+
+n=$(cat ${log} | \
+	jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | \
+	wc -l)
+assert_eq 36 $n
+
+exit 0
diff --git a/dns-tcp-ts-gap/input.pcap b/dns-tcp-ts-gap/input.pcap
new file mode 100644
index 000000000..88957a911
Binary files /dev/null and b/dns-tcp-ts-gap/input.pcap differ
diff --git a/dns-tcp-ts-gap/original.pcap_ b/dns-tcp-ts-gap/original.pcap_
new file mode 100644
index 000000000..63219fd59
Binary files /dev/null and b/dns-tcp-ts-gap/original.pcap_ differ