From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 19 Jun 2022 11:08:18 +0000 (+0200)
Subject: tests: add ipv6 dataset test
X-Git-Tag: suricata-6.0.9~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0e74b623e434c1b7dc4013d03a213f6ab41339a;p=thirdparty%2Fsuricata-verify.git

tests: add ipv6 dataset test

Also this test ip.src keyword
---

diff --git a/tests/datasets-08-state-ipv6/expected/state.csv b/tests/datasets-08-state-ipv6/expected/state.csv
new file mode 100644
index 000000000..887004bd1
--- /dev/null
+++ b/tests/datasets-08-state-ipv6/expected/state.csv
@@ -0,0 +1,2 @@
+0004:0005:0000:0000:0000:0000:0000:0006
+0007:0008:0000:0000:0000:0000:0000:0009
diff --git a/tests/datasets-08-state-ipv6/input.pcap b/tests/datasets-08-state-ipv6/input.pcap
new file mode 100644
index 000000000..6e23b773a
Binary files /dev/null and b/tests/datasets-08-state-ipv6/input.pcap differ
diff --git a/tests/datasets-08-state-ipv6/test.rules b/tests/datasets-08-state-ipv6/test.rules
new file mode 100644
index 000000000..c5ef55ae6
--- /dev/null
+++ b/tests/datasets-08-state-ipv6/test.rules
@@ -0,0 +1 @@
+alert dns any any -> any any (ip.src; dataset:set,dns-client, type ipv6, state state.csv; sid:1;)
diff --git a/tests/datasets-08-state-ipv6/test.yaml b/tests/datasets-08-state-ipv6/test.yaml
new file mode 100644
index 000000000..d368d010c
--- /dev/null
+++ b/tests/datasets-08-state-ipv6/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/detect-ipaddr.c
+
+args:
+  - --data-dir=${OUTPUT_DIR}
+
+checks:
+  - file-compare:
+      filename: state.csv
+      expected: expected/state.csv
diff --git a/tests/datasets-08-state-ipv6/writepcap.py b/tests/datasets-08-state-ipv6/writepcap.py
new file mode 100755
index 000000000..a3ae83e04
--- /dev/null
+++ b/tests/datasets-08-state-ipv6/writepcap.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IPv6(dst='2::1', src='4:5::6')/UDP(dport=53)/DNS(id=1, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IPv6(dst='2::1', src='4:5::6')/UDP(dport=53)/DNS(id=2, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IPv6(dst='2::1', src='7:8::9')/UDP(dport=53)/DNS(id=3, rd=1, qd=DNSQR(qname='example.com'))
+
+wrpcap('input.pcap', pkts)