From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 23 Feb 2021 13:50:44 +0000 (+0100)
Subject: Adds test about decoder against too many layers
X-Git-Tag: suricata-6.0.4~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d14fbbd3372732132a6e62a859b8e014b0f947da;p=thirdparty%2Fsuricata-verify.git

Adds test about decoder against too many layers
---

diff --git a/tests/decode-too-many-layers/README.md b/tests/decode-too-many-layers/README.md
new file mode 100644
index 000000000..957c845cf
--- /dev/null
+++ b/tests/decode-too-many-layers/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test decode against too many recursive layers
+
+# PCAP
+
+The pcap comes from funning fuzzpcap against the file produced by ethmpls.py
diff --git a/tests/decode-too-many-layers/ethmpls.py b/tests/decode-too-many-layers/ethmpls.py
new file mode 100644
index 000000000..8a21d8fe7
--- /dev/null
+++ b/tests/decode-too-many-layers/ethmpls.py
@@ -0,0 +1,11 @@
+import sys
+
+# write header
+sys.stdout.buffer.write(b"FPC\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+for i in range(32):
+    # ethernet layer with mpls following
+    sys.stdout.buffer.write(b"\x01\x02\x03\x04\x05\x06\x01\x02\x03\x04\x05\x07\x88\x47")
+    # mpls layer with ethernet following
+    sys.stdout.buffer.write(b"\x00\x01\x01\x00\x00\x00\x00\x00")
+# write footer
+sys.stdout.buffer.write(b"FPC0")
diff --git a/tests/decode-too-many-layers/input.pcap b/tests/decode-too-many-layers/input.pcap
new file mode 100644
index 000000000..1e40a8025
Binary files /dev/null and b/tests/decode-too-many-layers/input.pcap differ
diff --git a/tests/decode-too-many-layers/test.yaml b/tests/decode-too-many-layers/test.yaml
new file mode 100644
index 000000000..0d625ee77
--- /dev/null
+++ b/tests/decode-too-many-layers/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5
+
+# disables checksum verification
+args:
+- -k none
+
+checks:
+    - stats:
+        decoder.too_many_layers: 1