From 482aa308ed7bdbf8386e46f5510eb6dd750c4c5f Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 19 Jun 2022 13:03:13 +0200
Subject: [PATCH] tests: add ipv4 set save test

---
 tests/datasets-07-state-ip/expected/state.csv |   1 +
 tests/datasets-07-state-ip/input.pcap         | Bin 0 -> 297 bytes
 tests/datasets-07-state-ip/test.rules         |   1 +
 tests/datasets-07-state-ip/test.yaml          |  13 +++++++++++++
 tests/datasets-07-state-ip/writepcap.py       |  16 ++++++++++++++++
 5 files changed, 31 insertions(+)
 create mode 100644 tests/datasets-07-state-ip/expected/state.csv
 create mode 100644 tests/datasets-07-state-ip/input.pcap
 create mode 100644 tests/datasets-07-state-ip/test.rules
 create mode 100644 tests/datasets-07-state-ip/test.yaml
 create mode 100755 tests/datasets-07-state-ip/writepcap.py

diff --git a/tests/datasets-07-state-ip/expected/state.csv b/tests/datasets-07-state-ip/expected/state.csv
new file mode 100644
index 000000000..817280424
--- /dev/null
+++ b/tests/datasets-07-state-ip/expected/state.csv
@@ -0,0 +1 @@
+1.2.3.4
diff --git a/tests/datasets-07-state-ip/input.pcap b/tests/datasets-07-state-ip/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..790a6a1555058d9739dfd6fd89506a08a8d4d1c5
GIT binary patch
literal 297
zc-p&ic+)~A1{MYw`2U}Qfe}a_6p@de$Ii~+4P<+R#X*39k%^gwwUL2=jf26Jfx!}_
z)Il(70V^9j2S|#+6bM!2cQ7zALW}_d_SA~R+=84`=H&cbkRT(-XhnW9jo!|{M8N1$
NQ8JC*#=wlnXaIwdHoE`-

literal 0
Hc-jL100001

diff --git a/tests/datasets-07-state-ip/test.rules b/tests/datasets-07-state-ip/test.rules
new file mode 100644
index 000000000..e4107b809
--- /dev/null
+++ b/tests/datasets-07-state-ip/test.rules
@@ -0,0 +1 @@
+alert dns any any -> any any (ip.dst; dataset:set,dns-srv, type ipv4, state state.csv; sid:1;)
diff --git a/tests/datasets-07-state-ip/test.yaml b/tests/datasets-07-state-ip/test.yaml
new file mode 100644
index 000000000..d368d010c
--- /dev/null
+++ b/tests/datasets-07-state-ip/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/detect-ipaddr.c
+
+args:
+  - --data-dir=${OUTPUT_DIR}
+
+checks:
+  - file-compare:
+      filename: state.csv
+      expected: expected/state.csv
diff --git a/tests/datasets-07-state-ip/writepcap.py b/tests/datasets-07-state-ip/writepcap.py
new file mode 100755
index 000000000..f5a1b7a5e
--- /dev/null
+++ b/tests/datasets-07-state-ip/writepcap.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=1, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=2, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=3, rd=1, qd=DNSQR(qname='example.com'))
+
+wrpcap('input.pcap', pkts)
-- 
2.47.2