From: Giuseppe Longo Date: Thu, 18 Jul 2024 15:14:55 +0000 (+0200) Subject: ldap: add tests for udp and frames X-Git-Tag: suricata-7.0.7~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2009%2Fhead;p=thirdparty%2Fsuricata-verify.git ldap: add tests for udp and frames --- diff --git a/tests/ldap-frames/README.md b/tests/ldap-frames/README.md new file mode 100644 index 000000000..479850a6b --- /dev/null +++ b/tests/ldap-frames/README.md @@ -0,0 +1,7 @@ +# Test Purpose + +Test that LDAP over UDP is parsed correctly. + +## PCAP + +PCAP downloaded from cloudshark. diff --git a/tests/ldap-frames/suricata.yaml b/tests/ldap-frames/suricata.yaml new file mode 100644 index 000000000..554239918 --- /dev/null +++ b/tests/ldap-frames/suricata.yaml @@ -0,0 +1,8 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + types: + - frame diff --git a/tests/ldap-frames/test.yaml b/tests/ldap-frames/test.yaml new file mode 100644 index 000000000..53350958b --- /dev/null +++ b/tests/ldap-frames/test.yaml @@ -0,0 +1,34 @@ +requires: + min-version: 8 + +args: + - -k none + +pcap: ../ldap-udp/cldap.pcap + +checks: + - filter: + count: 1 + match: + pcap_cnt: 1 + event_type: frame + frame.direction: toserver + frame.length: 137 + frame.complete: true + - filter: + count: 1 + match: + pcap_cnt: 2 + event_type: frame + frame.direction: toclient + frame.length: 137 + frame.complete: true + - filter: + count: 1 + match: + pcap_cnt: 2 + event_type: frame + frame.direction: toclient + frame.length: 14 + frame.complete: true + frame.tx_id: 1 diff --git a/tests/ldap-udp/README.md b/tests/ldap-udp/README.md new file mode 100644 index 000000000..479850a6b --- /dev/null +++ b/tests/ldap-udp/README.md @@ -0,0 +1,7 @@ +# Test Purpose + +Test that LDAP over UDP is parsed correctly. + +## PCAP + +PCAP downloaded from cloudshark. diff --git a/tests/ldap-udp/cldap.pcap b/tests/ldap-udp/cldap.pcap new file mode 100644 index 000000000..3aeb6bb54 Binary files /dev/null and b/tests/ldap-udp/cldap.pcap differ diff --git a/tests/ldap-udp/test.yaml b/tests/ldap-udp/test.yaml new file mode 100644 index 000000000..3dfa28996 --- /dev/null +++ b/tests/ldap-udp/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 8 + +args: + - -k none + +pcap: cldap.pcap + +checks: + - filter: + count: 1 + match: + event_type: ldap + ldap.request.message_id: 1 + ldap.request.operation: search_request + ldap.request.search_request.base_object: "" + ldap.request.search_request.scope: 0 + ldap.request.search_request.deref_alias: 0 + ldap.request.search_request.size_limit: 0 + ldap.request.search_request.time_limit: 0 + ldap.request.search_request.types_only: false + ldap.request.search_request.attributes[0]: Netlogon + ldap.responses[0].operation: search_result_entry + ldap.responses[0].search_result_entry.base_object: "" + ldap.responses[0].search_result_entry.attributes[0].type: netlogon + ldap.responses[1].operation: search_result_done + ldap.responses[1].search_result_done.result_code: success + ldap.responses[1].search_result_done.matched_dn: "" + ldap.responses[1].search_result_done.message: ""