From: Jason Ish Date: Mon, 15 Mar 2021 21:36:05 +0000 (-0600) Subject: dns-tcp-www-google-com: add dns eve v2 test X-Git-Tag: suricata-6.0.4~109 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c54d001867fe0a26f7597df357f6882b70b79545;p=thirdparty%2Fsuricata-verify.git dns-tcp-www-google-com: add dns eve v2 test --- diff --git a/tests/dns-tcp-www-google-com-v1/README.md b/tests/dns-tcp-www-google-com-v1/README.md new file mode 100644 index 000000000..d1db12dc6 --- /dev/null +++ b/tests/dns-tcp-www-google-com-v1/README.md @@ -0,0 +1,2 @@ +A basic TCP DNS test that sends one request with a response that +contains multiple answers. diff --git a/tests/dns-tcp-www-google-com-v1/dns.pcap b/tests/dns-tcp-www-google-com-v1/dns.pcap new file mode 100644 index 000000000..55378094c Binary files /dev/null and b/tests/dns-tcp-www-google-com-v1/dns.pcap differ diff --git a/tests/dns-tcp-www-google-com-v1/suricata.yaml b/tests/dns-tcp-www-google-com-v1/suricata.yaml new file mode 100644 index 000000000..6e0f4008d --- /dev/null +++ b/tests/dns-tcp-www-google-com-v1/suricata.yaml @@ -0,0 +1,13 @@ +%YAML 1.1 +--- + +# Remove stats logging. +stats: + enabled: no + +outputs: + - eve-log: + enabled: yes + types: + - dns: + version: 1 diff --git a/tests/dns-tcp-www-google-com-v1/test.yaml b/tests/dns-tcp-www-google-com-v1/test.yaml new file mode 100644 index 000000000..90fec6b9b --- /dev/null +++ b/tests/dns-tcp-www-google-com-v1/test.yaml @@ -0,0 +1,21 @@ +requires: + features: + - HAVE_LIBJANSSON + - RUST + lt-version: 7 + +checks: + - filter: + count: 1 + match: + src_ip: "10.16.1.11" + dest_ip: "8.8.4.4" + event_type: dns + dns.type: query + - filter: + count: 12 + match: + src_ip: "10.16.1.11" + dest_ip: "8.8.4.4" + event_type: dns + dns.type: answer diff --git a/tests/dns-tcp-www-google-com/suricata.yaml b/tests/dns-tcp-www-google-com/suricata.yaml index 6e0f4008d..6bc3c0ded 100644 --- a/tests/dns-tcp-www-google-com/suricata.yaml +++ b/tests/dns-tcp-www-google-com/suricata.yaml @@ -10,4 +10,3 @@ outputs: enabled: yes types: - dns: - version: 1 diff --git a/tests/dns-tcp-www-google-com/test.yaml b/tests/dns-tcp-www-google-com/test.yaml index 00c255e6f..16f4a6432 100644 --- a/tests/dns-tcp-www-google-com/test.yaml +++ b/tests/dns-tcp-www-google-com/test.yaml @@ -1,7 +1,6 @@ requires: features: - HAVE_LIBJANSSON - - RUST checks: - filter: @@ -12,7 +11,7 @@ checks: event_type: dns dns.type: query - filter: - count: 12 + count: 1 match: src_ip: "10.16.1.11" dest_ip: "8.8.4.4"