From: Jason Ish Date: Thu, 4 Jul 2024 21:20:43 +0000 (-0600) Subject: dns-udp-unsolicited-response: v2 and v3 tests X-Git-Tag: suricata-7.0.7~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f62718fd45f9e5d74925572f9545f3e412c6ae19;p=thirdparty%2Fsuricata-verify.git dns-udp-unsolicited-response: v2 and v3 tests --- diff --git a/tests/dns-udp-unsolicited-response/README.md b/tests/dns/dns-udp-unsolicited-response/README.md similarity index 100% rename from tests/dns-udp-unsolicited-response/README.md rename to tests/dns/dns-udp-unsolicited-response/README.md diff --git a/tests/dns-udp-unsolicited-response/suricata.yaml b/tests/dns/dns-udp-unsolicited-response/suricata.yaml similarity index 100% rename from tests/dns-udp-unsolicited-response/suricata.yaml rename to tests/dns/dns-udp-unsolicited-response/suricata.yaml diff --git a/tests/dns/dns-udp-unsolicited-response/test.yaml b/tests/dns/dns-udp-unsolicited-response/test.yaml new file mode 100644 index 000000000..3f857b39b --- /dev/null +++ b/tests/dns/dns-udp-unsolicited-response/test.yaml @@ -0,0 +1,16 @@ +requires: + min-version: 8 + +pcap: ../../dns-udp-unsolicited-response-v1/dns-response-2x.pcap + +checks: + - filter: + count: 1 + match: + event_type: dns + dns.type: request + - filter: + count: 2 + match: + event_type: dns + dns.type: response diff --git a/tests/dns/v2/dns-udp-unsolicited-response/README.md b/tests/dns/v2/dns-udp-unsolicited-response/README.md new file mode 100644 index 000000000..e202ff97b --- /dev/null +++ b/tests/dns/v2/dns-udp-unsolicited-response/README.md @@ -0,0 +1,11 @@ +Test the following sequence of DNS messages on a flow: + +- DNS request with ID 0x99ab. +- DNS response with ID 0x9941 (unsolicited response). +- DNS response with ID 0x99ab (expected response). + +Check that all 3 DNS message are logged, and that an unsolicted dns +response event is logged. + +NOTE: Unsolicited responses do not exist with the Rust DNS parser as +it doesn't correlate responses with requests. diff --git a/tests/dns/v2/dns-udp-unsolicited-response/suricata.yaml b/tests/dns/v2/dns-udp-unsolicited-response/suricata.yaml new file mode 100644 index 000000000..8ebe4e4aa --- /dev/null +++ b/tests/dns/v2/dns-udp-unsolicited-response/suricata.yaml @@ -0,0 +1,11 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: true + filename: eve.json + types: + - alert + - dns: + version: 2 diff --git a/tests/dns-udp-unsolicited-response/test.yaml b/tests/dns/v2/dns-udp-unsolicited-response/test.yaml similarity index 73% rename from tests/dns-udp-unsolicited-response/test.yaml rename to tests/dns/v2/dns-udp-unsolicited-response/test.yaml index 0c6222324..03619f38e 100644 --- a/tests/dns-udp-unsolicited-response/test.yaml +++ b/tests/dns/v2/dns-udp-unsolicited-response/test.yaml @@ -1,4 +1,4 @@ -pcap: ../dns-udp-unsolicited-response-v1/dns-response-2x.pcap +pcap: ../../../dns-udp-unsolicited-response-v1/dns-response-2x.pcap checks: - filter: