From: Giuseppe Longo Date: Mon, 18 Mar 2024 08:27:02 +0000 (+0100) Subject: sdp: add test X-Git-Tag: suricata-6.0.20~71 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1797%2Fhead;p=thirdparty%2Fsuricata-verify.git sdp: add test This adds a test for SDP protocol. --- diff --git a/tests/sip-sdp/Makefile b/tests/sip-sdp/Makefile new file mode 100644 index 000000000..75ef2fa6e --- /dev/null +++ b/tests/sip-sdp/Makefile @@ -0,0 +1,3 @@ +sdp.pcap: sdp.syn + flowsynth.py -f pcap -w $@ $^ + diff --git a/tests/sip-sdp/README.md b/tests/sip-sdp/README.md new file mode 100644 index 000000000..60959b0c0 --- /dev/null +++ b/tests/sip-sdp/README.md @@ -0,0 +1,7 @@ +# Test Purpose + +Match on SDP fields. + +## PCAP + +This PCAP was generated with flowsynth. diff --git a/tests/sip-sdp/sdp.pcap b/tests/sip-sdp/sdp.pcap new file mode 100644 index 000000000..075d66180 Binary files /dev/null and b/tests/sip-sdp/sdp.pcap differ diff --git a/tests/sip-sdp/sdp.syn b/tests/sip-sdp/sdp.syn new file mode 100644 index 000000000..4a912a1dd --- /dev/null +++ b/tests/sip-sdp/sdp.syn @@ -0,0 +1,33 @@ +flow default udp 1.1.1.1:5555 > 2.2.2.2:5060; +default > (content:"INVITE sip:97239287044@voip.brujula.net SIP/2.0\x0d +Via: SIP/2.0/UDP 192.168.1.2:5060;branch=z9hG4bKnp104984053-44ce4a41192.168.1.2;rport\x0d +From: \"arik\" ;tag=6433ef9\x0d +To: \x0d +Call-ID: 105090259-446faf7a@192.168.1.2\x0d +CSeq: 1 INVITE\x0d +User-Agent: Nero SIPPS IP Phone Version 2.0.51.16\x0d +Expires: 120\x0d +Accept: application/sdp\x0d +Content-Type: application/sdp\x0d +Content-Length: 272\x0d +Contact: \x0d +Max-Forwards: 70\x0d +Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, INFO\x0d +\x0d +v=0\x0d +o=SIPPS 105015165 105015162 IN IP4 192.168.1.2\x0d +s=SIP call\x0d +i=Session Description Protocol\x0d +u=https://www.sdp.proto\x0d +e=j.doe@example.com (Jane Doe)\x0d +p=+1 617 555-6011 (Jane Doe)\x0d +c=IN IP4 192.168.1.2\x0d +b=AS:64\x0d +t=3034423619 3042462419\x0d +r=604800 3600 0 90000\x0d +z=2882844526 -1h 2898848070 0\x0d +k=prompt\x0d +a=sendrecv\x0d +m=audio 30000 RTP/AVP 0 8 97 2 3\x0d +a=rtpmap:0 pcmu/8000\x0d\x0a";); + diff --git a/tests/sip-sdp/test.yaml b/tests/sip-sdp/test.yaml new file mode 100644 index 000000000..1dcd1107d --- /dev/null +++ b/tests/sip-sdp/test.yaml @@ -0,0 +1,30 @@ +requires: + min-version: 8 + +args: + - -k none + +pcap: sdp.pcap + +checks: + - filter: + count: 1 + match: + event_type: sip + pcap_cnt: 1 + sip.sdp.origin: SIPPS 105015165 105015162 IN IP4 192.168.1.2 + sip.sdp.session_name: SIP call + sip.sdp.session_info: Session Description Protocol + sip.sdp.uri: https://www.sdp.proto + sip.sdp.email: j.doe@example.com (Jane Doe) + sip.sdp.phone_number: +1 617 555-6011 (Jane Doe) + sip.sdp.connection_data: IN IP4 192.168.1.2 + sip.sdp.bandwidths[0]: AS:64 + sip.sdp.time: 3034423619 3042462419 + sip.sdp.repeat_time: 604800 3600 0 90000 + sip.sdp.timezone: 2882844526 -1h 2898848070 0 + sip.sdp.encryption_key: prompt + sip.sdp.attributes[0]: sendrecv + sip.sdp.media_descriptions[0].media: audio 30000 RTP/AVP 0 8 97 2 3 + sip.sdp.media_descriptions[0].attributes[0]: rtpmap:0 pcmu/8000 +