From: Victor Julien Date: Sat, 26 Dec 2020 07:39:57 +0000 (+0100) Subject: tests/tcp: test for tcp invalid option fp X-Git-Tag: suricata-6.0.4~122 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d455819cd7341dff8c26881a8fa8649ebb9b5eea;p=thirdparty%2Fsuricata-verify.git tests/tcp: test for tcp invalid option fp --- diff --git a/tests/tcp-fastopen-09/tcp-opt-invalid-warning.pcap b/tests/tcp-fastopen-09/tcp-opt-invalid-warning.pcap new file mode 100644 index 000000000..c92c61a78 Binary files /dev/null and b/tests/tcp-fastopen-09/tcp-opt-invalid-warning.pcap differ diff --git a/tests/tcp-fastopen-09/test.rules b/tests/tcp-fastopen-09/test.rules new file mode 100644 index 000000000..71e22529c --- /dev/null +++ b/tests/tcp-fastopen-09/test.rules @@ -0,0 +1,5 @@ +alert pkthdr any any -> any any (msg:"SURICATA TCP packet too small"; decode-event:tcp.pkt_too_small; classtype:protocol-command-decode; sid:2200033; rev:2;) +alert pkthdr any any -> any any (msg:"SURICATA TCP header length too small"; decode-event:tcp.hlen_too_small; classtype:protocol-command-decode; sid:2200034; rev:2;) +alert pkthdr any any -> any any (msg:"SURICATA TCP invalid option length"; decode-event:tcp.invalid_optlen; classtype:protocol-command-decode; sid:2200035; rev:2;) +alert pkthdr any any -> any any (msg:"SURICATA TCP option invalid length"; decode-event:tcp.opt_invalid_len; classtype:protocol-command-decode; sid:2200036; rev:2;) +alert pkthdr any any -> any any (msg:"SURICATA TCP duplicated option"; decode-event:tcp.opt_duplicate; classtype:protocol-command-decode; sid:2200037; rev:2;) diff --git a/tests/tcp-fastopen-09/test.yaml b/tests/tcp-fastopen-09/test.yaml new file mode 100644 index 000000000..2a2b7d944 --- /dev/null +++ b/tests/tcp-fastopen-09/test.yaml @@ -0,0 +1,15 @@ +requires: + features: + - HAVE_LIBJANSSON + min-version: 5.0.0 + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 2200036 + - filter: + count: 1 + match: + event_type: flow