From 53be882b1c5b29515cbffa69dc7046e16c2e8572 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 13 Feb 2021 10:36:11 -0500
Subject: [PATCH] tests: Add test case for 2982

---
 tests/test-unreachable-distance-1/input.pcap | Bin 0 -> 571 bytes
 tests/test-unreachable-distance-1/test.rules |   5 +++++
 tests/test-unreachable-distance-1/test.yaml  |  17 +++++++++++++++++
 3 files changed, 22 insertions(+)
 create mode 100644 tests/test-unreachable-distance-1/input.pcap
 create mode 100644 tests/test-unreachable-distance-1/test.rules
 create mode 100644 tests/test-unreachable-distance-1/test.yaml

diff --git a/tests/test-unreachable-distance-1/input.pcap b/tests/test-unreachable-distance-1/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..bc6ba8ff9464e18bcba05a79b5252977d0a7caae
GIT binary patch
literal 571
zc-p&ic+)~A1{MYcU}0bclE0UAhkxJ7%@74-gD}@F>)RHm8T>t!jF~tXTp1XA7{VDC
z8U&{@9$3M|I%k#}<F_&fQwEEz>sDw3^)o`uVlFQ)=Sayf&&$bAOyMoh%mcEEOAAsG
zOH!GW^K(J!7(q6Dd&|wR5~v4+A$CCQ1KGqln}NZB!9;KYC&(6%Z49R0${5>UonN8d
z*Z?$v6$FW~=>QK<CC~<LZ3YECBV7YSUE}05b6o=i154)QlnVCb)RfeU%wp!e)DngR
zHW0N8%NcZ-($eu5&6v!YmY-izP?VWhav=Ob2FNC$z6A^{9Dg<aQ28!)Xnel|Z468x
zzS0&3UiQ*r-LxECBc{CK18qnWTp)?`L|wxJH;_bG7!y(WU{!gQy2hBIWe~j=z*aL=
zeqdlZ=68JNftL_|3M<el|14%6_>aVwx-NN;AIxWrO9Amu%s!|Jk@rnwU^(01IU4{V
Ct(Oh}

literal 0
Hc-jL100001

diff --git a/tests/test-unreachable-distance-1/test.rules b/tests/test-unreachable-distance-1/test.rules
new file mode 100644
index 000000000..a26c3383c
--- /dev/null
+++ b/tests/test-unreachable-distance-1/test.rules
@@ -0,0 +1,5 @@
+alert udp any any -> any any (msg:"dsize/distance INVALID combination #1"; dsize:10; content:"boom"; content:"loom"; distance:10; sid:1; rev:1;)
+alert udp any any -> any any (msg:"dsize/distance INVALID combination #2"; dsize:6; content:"boom"; content:"loom"; distance:3; sid:2; rev:1;)
+alert udp any any -> any any (msg:"dsize/distance INVALID combination #3"; dsize:6; content:"boom"; content:"loom"; distance:2; sid:3; rev:1;)
+alert udp any any -> any any (msg:"dsize/distance VALID combination #1"; dsize:10; content:"boom"; content:"loom"; distance:-10; sid:4; rev:1;)
+alert udp any any -> any any (msg:"dsize/distance VALID combination #2"; dsize:10; content:"boom"; content:"loom"; distance:-15; sid:5; rev:1;)
diff --git a/tests/test-unreachable-distance-1/test.yaml b/tests/test-unreachable-distance-1/test.yaml
new file mode 100644
index 000000000..af39ec497
--- /dev/null
+++ b/tests/test-unreachable-distance-1/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 7
+
+checks:
+    - shell:
+        args: grep "signature can't match" suricata.log | wc -l | xargs
+        expect: 3
+
+    - shell:
+        args: grep SC_ERR_INVALID_SIGNATURE suricata.log | wc -l | xargs
+        expect: 6
+
+    - shell:
+        args: grep "1 rule files processed. 2 rules successfully loaded, 3 rules failed" suricata.log | wc -l | xargs
+        expect: 1
+
+exit-code: 1
-- 
2.47.2