From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 13 Jul 2020 14:06:45 +0000 (+0200)
Subject: Adds http2 ugrade test
X-Git-Tag: suricata-6.0.4~233
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0a4b805c8d922563b8110581a197ff61c3eba4e;p=thirdparty%2Fsuricata-verify.git

Adds http2 ugrade test

Adds http2 connection upgrade from http1 test
---

diff --git a/tests/http2-basic/test.yaml b/tests/http2-basic/test.yaml
index d3668b198..c049301bc 100644
--- a/tests/http2-basic/test.yaml
+++ b/tests/http2-basic/test.yaml
@@ -37,7 +37,9 @@ checks:
         http.length: 22617
         http.status: 200
         http.http_method: "GET"
+        http.url: "/doc/manual/html/index.html"
         http.http_user_agent: "nghttp2/0.5.2-DEV"
+        http.version: "2"
         http.http2.stream_id: 1
         http.request_headers[0].name: ":authority"
         http.request_headers[0].value: "localhost:3000"
diff --git a/tests/http2-upgrade/README.md b/tests/http2-upgrade/README.md
new file mode 100644
index 000000000..ae593c231
--- /dev/null
+++ b/tests/http2-upgrade/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test HTTP2 traffic after HTTP1 upgrade mechanism
+
+# PCAP
+
+The pcap comes from https://wiki.wireshark.org/HTTP2
diff --git a/tests/http2-upgrade/input.pcap b/tests/http2-upgrade/input.pcap
new file mode 100644
index 000000000..a77847ae7
Binary files /dev/null and b/tests/http2-upgrade/input.pcap differ
diff --git a/tests/http2-upgrade/suricata.yaml b/tests/http2-upgrade/suricata.yaml
new file mode 100644
index 000000000..82124d619
--- /dev/null
+++ b/tests/http2-upgrade/suricata.yaml
@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - alert:
+            tagged-packets: yes
+        - http:
+            extended: yes
+        - http2
+        - files
+
+app-layer:
+  protocols:
+    http2:
+      enabled: yes
diff --git a/tests/http2-upgrade/test.yaml b/tests/http2-upgrade/test.yaml
new file mode 100644
index 000000000..0e24fb778
--- /dev/null
+++ b/tests/http2-upgrade/test.yaml
@@ -0,0 +1,52 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6.0.0
+
+# disables checksum verification
+args:
+  - -k none --set stream.midstream=true
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: /robots.txt
+        http.status: 101
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 0
+        http.http2.response.settings[2].settings_id: "SETTINGSHEADERTABLESIZE"
+        http.http2.response.settings[2].settings_value: 8192
+  - filter:
+      count: 2
+      match:
+        event_type: http
+        http.http2.stream_id: 0
+        http.http2.request.settings[2].settings_id: "SETTINGSENABLEPUSH"
+        http.http2.request.settings[2].settings_value: 0
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 1
+        http.version: "2"
+        http.http_method: "GET"
+        http.url: "/robots.txt"
+        http.request_headers[2].name: "Host"
+        http.request_headers[2].value: "nghttp2.org"
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 3
+        http.request_headers[0].table_size_update: 4096
+        http.http_method: "GET"
+        http.url: "/humans.txt"
+        http.status: 404