From: Jason Ish Date: Wed, 3 Jun 2020 05:48:39 +0000 (-0600) Subject: dhcp test: fix test for new unicode encoding X-Git-Tag: suricata-6.0.4~286 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F241%2Fhead;p=thirdparty%2Fsuricata-verify.git dhcp test: fix test for new unicode encoding With JsonBuilder, NUL bytes in a string are now encoded as unicode (\u0000) instead of our previous convention of \\x00. Rename the old test as its still required for pre version 6.0. --- diff --git a/tests/dhcp-eve-extended-pre-6/input.pcap b/tests/dhcp-eve-extended-pre-6/input.pcap new file mode 100644 index 000000000..93617129f Binary files /dev/null and b/tests/dhcp-eve-extended-pre-6/input.pcap differ diff --git a/tests/dhcp-eve-extended-pre-6/suricata.yaml b/tests/dhcp-eve-extended-pre-6/suricata.yaml new file mode 100644 index 000000000..7f2fafa63 --- /dev/null +++ b/tests/dhcp-eve-extended-pre-6/suricata.yaml @@ -0,0 +1,11 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: true + filename: eve.json + types: + - dhcp: + extended: true + - flow diff --git a/tests/dhcp-eve-extended-pre-6/test.yaml b/tests/dhcp-eve-extended-pre-6/test.yaml new file mode 100644 index 000000000..69ddd7a37 --- /dev/null +++ b/tests/dhcp-eve-extended-pre-6/test.yaml @@ -0,0 +1,69 @@ +requires: + lt-version: 6.0.0 + +checks: +- filter: + count: 1 + match: + dest_ip: 10.16.1.1 + dest_port: 67 + dhcp.assigned_ip: 0.0.0.0 + dhcp.client_id: 00:11:32:17:49:f0 + dhcp.client_ip: 10.16.1.4 + dhcp.client_mac: 00:11:32:17:49:f0 + dhcp.dhcp_type: request + dhcp.hostname: nas1\x00 + dhcp.id: 4016330564 + dhcp.params[0]: subnet_mask + dhcp.params[1]: router + dhcp.params[2]: domain + dhcp.params[3]: dns_server + dhcp.type: request + event_type: dhcp + pcap_cnt: 1 + proto: UDP + src_ip: 10.16.1.4 + src_port: 68 +- filter: + count: 1 + match: + dest_ip: 10.16.1.4 + dest_port: 68 + dhcp.assigned_ip: 10.16.1.4 + dhcp.client_ip: 10.16.1.4 + dhcp.client_mac: 00:11:32:17:49:f0 + dhcp.dhcp_type: ack + dhcp.dns_servers[0]: 10.16.1.1 + dhcp.hostname: nas1\x00 + dhcp.id: 4016330564 + dhcp.lease_time: 3600 + dhcp.next_server_ip: 10.16.1.1 + dhcp.rebinding_time: 3031 + dhcp.relay_ip: 0.0.0.0 + dhcp.renewal_time: 1681 + dhcp.routers[0]: 10.16.1.1 + dhcp.subnet_mask: 255.255.0.0 + dhcp.type: reply + event_type: dhcp + pcap_cnt: 2 + proto: UDP + src_ip: 10.16.1.1 + src_port: 67 +- filter: + count: 1 + match: + app_proto: dhcp + dest_ip: 10.16.1.1 + dest_port: 67 + event_type: flow + flow.age: 0 + flow.alerted: false + flow.bytes_toclient: 350 + flow.bytes_toserver: 342 + flow.pkts_toclient: 1 + flow.pkts_toserver: 1 + flow.reason: shutdown + flow.state: established + proto: UDP + src_ip: 10.16.1.4 + src_port: 68 diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml index 3494287b7..68644dc01 100644 --- a/tests/dhcp-eve-extended/test.yaml +++ b/tests/dhcp-eve-extended/test.yaml @@ -1,4 +1,5 @@ -# *** Add configuration here *** +requires: + min-version: 6.0.0 checks: - filter: @@ -11,7 +12,7 @@ checks: dhcp.client_ip: 10.16.1.4 dhcp.client_mac: 00:11:32:17:49:f0 dhcp.dhcp_type: request - dhcp.hostname: nas1\x00 + dhcp.hostname: "nas1\u0000" dhcp.id: 4016330564 dhcp.params[0]: subnet_mask dhcp.params[1]: router @@ -33,7 +34,7 @@ checks: dhcp.client_mac: 00:11:32:17:49:f0 dhcp.dhcp_type: ack dhcp.dns_servers[0]: 10.16.1.1 - dhcp.hostname: nas1\x00 + dhcp.hostname: "nas1\u0000" dhcp.id: 4016330564 dhcp.lease_time: 3600 dhcp.next_server_ip: 10.16.1.1