From: Victor Julien <victor@inliniac.net>
Date: Tue, 18 Jun 2019 13:51:28 +0000 (+0200)
Subject: tests: add test for tcp.mss keyword
X-Git-Tag: suricata-6.0.4~423
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f35bab51a83c7d31440de9ac03c236d8ad50f38c;p=thirdparty%2Fsuricata-verify.git

tests: add test for tcp.mss keyword
---

diff --git a/tests/tcp-mss-keyword/input.pcap b/tests/tcp-mss-keyword/input.pcap
new file mode 100644
index 000000000..2745f6f4c
Binary files /dev/null and b/tests/tcp-mss-keyword/input.pcap differ
diff --git a/tests/tcp-mss-keyword/test.rules b/tests/tcp-mss-keyword/test.rules
new file mode 100644
index 000000000..a1aa40a19
--- /dev/null
+++ b/tests/tcp-mss-keyword/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (tcp.mss:<536; sid:1234; rev:5;)
diff --git a/tests/tcp-mss-keyword/test.yaml b/tests/tcp-mss-keyword/test.yaml
new file mode 100644
index 000000000..b658eca6f
--- /dev/null
+++ b/tests/tcp-mss-keyword/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1234 
+
diff --git a/tests/tcp-mss-keyword/writepcap.py b/tests/tcp-mss-keyword/writepcap.py
new file mode 100755
index 000000000..672bdef8d
--- /dev/null
+++ b/tests/tcp-mss-keyword/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='255.255.255.255', src='192.168.0.1')/TCP(dport=80,flags="S",options=[("MSS", 8)])
+
+wrpcap('input.pcap', pkts)