From: Victor Julien <victor@inliniac.net>
Date: Fri, 5 Sep 2025 05:38:47 +0000 (+0200)
Subject: tests: add issue 3844 test
X-Git-Tag: suricata-8.0.2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7793937bafc8d174ac7103306621d431ad3a05d;p=thirdparty%2Fsuricata-verify.git

tests: add issue 3844 test
---

diff --git a/tests/bug-3844/input.pcap b/tests/bug-3844/input.pcap
new file mode 100644
index 000000000..00e8a858d
Binary files /dev/null and b/tests/bug-3844/input.pcap differ
diff --git a/tests/bug-3844/test.yaml b/tests/bug-3844/test.yaml
new file mode 100644
index 000000000..2da4489c3
--- /dev/null
+++ b/tests/bug-3844/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /
diff --git a/tests/bug-3844/writepcap.py b/tests/bug-3844/writepcap.py
new file mode 100755
index 000000000..da27ab11b
--- /dev/null
+++ b/tests/bug-3844/writepcap.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='S',seq=1111,options=[('WScale', 5),('Timestamp', (1234,5678))])
+pkts += Ether(src='05:04:03:02:01:00', dst='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='2.2.2.2')/TCP(sport=8080,dport=12345,flags='R',seq=2222,ack=1112)
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='S',seq=3333,options=[('WScale', 5)])
+pkts += Ether(src='05:04:03:02:01:00', dst='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='2.2.2.2')/TCP(sport=8080,dport=12345,flags='SA',seq=4444,ack=3334)
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='A',seq=3334,ack=4445)
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='A',seq=3334,ack=4445)/"GET /"
+pkts += Ether(src='05:04:03:02:01:00', dst='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='2.2.2.2')/TCP(sport=8080,dport=12345,flags='A',seq=4445,ack=3339)/"<html>hi</html>"
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='R',seq=3339)
+
+wrpcap('input.pcap', pkts)
+