From: Victor Julien Date: Mon, 18 Jan 2021 09:37:04 +0000 (+0100) Subject: tests: add bug 990 test X-Git-Tag: suricata-6.0.4~190 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3ecbc43fda8534c0b921c5c9e8398f0d470c30d;p=thirdparty%2Fsuricata-verify.git tests: add bug 990 test --- diff --git a/tests/bug-990/input.pcap b/tests/bug-990/input.pcap new file mode 100644 index 000000000..d932ccee5 Binary files /dev/null and b/tests/bug-990/input.pcap differ diff --git a/tests/bug-990/test.rules b/tests/bug-990/test.rules new file mode 100644 index 000000000..81f44a60a --- /dev/null +++ b/tests/bug-990/test.rules @@ -0,0 +1,2 @@ +#alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC 0 ttl"; ttl:0; reference:url,support.microsoft.com/default.aspx?scid=kb\;EN-US\;q138268; reference:url,www.isi.edu/in-notes/rfc1122.txt; classtype:misc-activity; sid:1321; rev:8;) +alert ip any any -> any any (msg:"BAD-TRAFFIC 0 ttl"; ttl:0; reference:url,support.microsoft.com/default.aspx?scid=kb\;EN-US\;q138268; reference:url,www.isi.edu/in-notes/rfc1122.txt; classtype:misc-activity; sid:1321; rev:8;) diff --git a/tests/bug-990/test.yaml b/tests/bug-990/test.yaml new file mode 100644 index 000000000..4499ae802 --- /dev/null +++ b/tests/bug-990/test.yaml @@ -0,0 +1,41 @@ +args: +- -k none + +checks: +- filter: + count: 0 + match: + event_type: alert +- filter: + count: 1 + match: + dest_ip: 192.38.129.234 + dest_port: 53 + dns.id: 28390 + dns.rrname: code.msdn.microsoft.com + dns.rrtype: A + dns.tx_id: 0 + dns.type: query + event_type: dns + pcap_cnt: 1 + proto: UDP + src_ip: 192.168.69.156 + src_port: 49379 +- filter: + count: 1 + match: + app_proto: dns + dest_ip: 192.38.129.234 + dest_port: 53 + event_type: flow + flow.age: 0 + flow.alerted: false + flow.bytes_toclient: 0 + flow.bytes_toserver: 83 + flow.pkts_toclient: 0 + flow.pkts_toserver: 1 + flow.reason: shutdown + flow.state: new + proto: UDP + src_ip: 192.168.69.156 + src_port: 49379