From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 18 Nov 2019 18:51:40 +0000 (-0600)
Subject: dns: add some checks on source and destination addresses
X-Git-Tag: suricata-6.0.4~337
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff28da223404245acc0b473300000fb11eebb02e;p=thirdparty%2Fsuricata-verify.git

dns: add some checks on source and destination addresses

Ticket #3340:
https://redmine.openinfosecfoundation.org/issues/3340
---

diff --git a/tests/dns-eve-type-filtering/test.yaml b/tests/dns-eve-type-filtering/test.yaml
index 610a49070..24dc33066 100644
--- a/tests/dns-eve-type-filtering/test.yaml
+++ b/tests/dns-eve-type-filtering/test.yaml
@@ -22,6 +22,29 @@ checks:
         event_type: "dns"
         dns.rrtype: "A"
 
+  # Also check that the source and destination addresses and ports are
+  # as expected.
+  - filter:
+      filename: only-a.json
+      count: 1
+      match:
+        pcap_cnt: 1
+        src_ip: "10.16.1.11"
+        src_port: 54888
+        dest_ip: "8.8.8.8"
+        dest_port: 53
+        dns.type: "query"
+  - filter:
+      filename: only-a.json
+      count: 1
+      match:
+        pcap_cnt: 2
+        src_ip: "10.16.1.11"
+        src_port: 54888
+        dest_ip: "8.8.8.8"
+        dest_port: 53
+        dns.type: "answer"
+
   # Check that we only have A and AAAA requests.
   - filter:
       filename: a-and-aaaa-requests-only.json
diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml
index a63d7af33..025ebfcc0 100644
--- a/tests/dns-reversed-tcp-1/test.yaml
+++ b/tests/dns-reversed-tcp-1/test.yaml
@@ -16,3 +16,11 @@ checks:
       match:
         event_type: dns
         dns.type: answer
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml
index 1e8b827a5..70875fa51 100644
--- a/tests/dns-reversed-udp-1/test.yaml
+++ b/tests/dns-reversed-udp-1/test.yaml
@@ -22,3 +22,11 @@ checks:
         dns.answers[0].rrtype: CNAME
         dns.answers[1].rrtype: A
         dns.answers[2].rrtype: A
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        src_ip: "10.16.1.11"
+        dest_ip: "10.16.1.1"
diff --git a/tests/dns-tcp-www-google-com/test.yaml b/tests/dns-tcp-www-google-com/test.yaml
index 6abaebc5b..db2676a77 100644
--- a/tests/dns-tcp-www-google-com/test.yaml
+++ b/tests/dns-tcp-www-google-com/test.yaml
@@ -6,10 +6,14 @@ checks:
   - filter:
       count: 1
       match:
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
         event_type: dns
         dns.type: query
   - filter:
       count: 12
       match:
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
         event_type: dns
         dns.type: answer