From 5cfca66d3b8033cd497a805bf8f226221e4e1fee Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 15 Mar 2021 15:50:01 -0600
Subject: [PATCH] dns-udp-eve-log-answer-only: dns eve v2 test

---
 .../check.sh                                      |   0
 .../dns-udp-google.com-a-aaaa-mx.pcap             | Bin 0 -> 934 bytes
 .../dns-udp-eve-log-answer-only-v1/suricata.yaml  |  14 ++++++++++++++
 tests/dns-udp-eve-log-answer-only-v1/test.yaml    |   4 ++++
 tests/dns-udp-eve-log-answer-only/suricata.yaml   |   6 ++----
 tests/dns-udp-eve-log-answer-only/test.yaml       |  11 +++++++++++
 6 files changed, 31 insertions(+), 4 deletions(-)
 rename tests/{dns-udp-eve-log-answer-only => dns-udp-eve-log-answer-only-v1}/check.sh (100%)
 create mode 100644 tests/dns-udp-eve-log-answer-only-v1/dns-udp-google.com-a-aaaa-mx.pcap
 create mode 100644 tests/dns-udp-eve-log-answer-only-v1/suricata.yaml
 create mode 100644 tests/dns-udp-eve-log-answer-only-v1/test.yaml

diff --git a/tests/dns-udp-eve-log-answer-only/check.sh b/tests/dns-udp-eve-log-answer-only-v1/check.sh
similarity index 100%
rename from tests/dns-udp-eve-log-answer-only/check.sh
rename to tests/dns-udp-eve-log-answer-only-v1/check.sh
diff --git a/tests/dns-udp-eve-log-answer-only-v1/dns-udp-google.com-a-aaaa-mx.pcap b/tests/dns-udp-eve-log-answer-only-v1/dns-udp-google.com-a-aaaa-mx.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..def918f219a189e35c795ffaeca9f2e5379dc4a7
GIT binary patch
literal 934
zc-p&ic+)~A1{MYcU}0bclC$)MB6a&%83KW95M~e+=VkkT<8;^Cg>D=St_%#$|Nk>E
zI0(i!a0xJSa{$4OGzL=!{VkiMbQu-EMldiivZd$er{|<HC+Ft^c_2|u0jM<~3nY8l
z7zBZWAPg}YVhzXwM&?gIrIv!l>p_NtEMYJOTJe7Rc`4n-2B1+q*ep1}1F?otn}OxV
z(NAB{_&3q`H_-T((D-lB_|MV!@6h<q(D)C~_`lKk_tE%YfdRw>4WPNe0804EfhPvo
zj(}nyVh=0^Hs*q2Aj7w}07neSpu_;k0-g7q3_uAmMvno8_+^tpF|hvvA_jm~c+YR^
zEda*=BQ^_wK9Yg@NI;GK#|8&}4v1426!?&Qw*YAQJ$oiRz7seI@}1v)nD4ISfP7c8
zHB1bL@Ay%C2eLrXf|+42ki8e1@76yHXJD`rtlNX|9ngx|zkwEjeaDK;0-*1})-Z(w
z(;pXWVsSxk1!K+u9wc#21`(FToD#zWS}1~YAVDKEK@E_gF`A$eNYLbf7E)*d0E=?Q
Ad;kCd

literal 0
Hc-jL100001

diff --git a/tests/dns-udp-eve-log-answer-only-v1/suricata.yaml b/tests/dns-udp-eve-log-answer-only-v1/suricata.yaml
new file mode 100644
index 000000000..e4ac0832e
--- /dev/null
+++ b/tests/dns-udp-eve-log-answer-only-v1/suricata.yaml
@@ -0,0 +1,14 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            version: 1
+            query: no
+            answer: yes
+        
diff --git a/tests/dns-udp-eve-log-answer-only-v1/test.yaml b/tests/dns-udp-eve-log-answer-only-v1/test.yaml
new file mode 100644
index 000000000..9ee272d75
--- /dev/null
+++ b/tests/dns-udp-eve-log-answer-only-v1/test.yaml
@@ -0,0 +1,4 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  lt-version: 7
diff --git a/tests/dns-udp-eve-log-answer-only/suricata.yaml b/tests/dns-udp-eve-log-answer-only/suricata.yaml
index e4ac0832e..314990072 100644
--- a/tests/dns-udp-eve-log-answer-only/suricata.yaml
+++ b/tests/dns-udp-eve-log-answer-only/suricata.yaml
@@ -8,7 +8,5 @@ outputs:
       filename: eve.json
       types:
         - dns:
-            version: 1
-            query: no
-            answer: yes
-        
+            requests: no
+            responses: yes
diff --git a/tests/dns-udp-eve-log-answer-only/test.yaml b/tests/dns-udp-eve-log-answer-only/test.yaml
index 56ea9b0d5..9d5319d27 100644
--- a/tests/dns-udp-eve-log-answer-only/test.yaml
+++ b/tests/dns-udp-eve-log-answer-only/test.yaml
@@ -1,3 +1,14 @@
 requires:
   features:
     - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 0
+      match:
+        dns.type: query
+  - filter:
+      count: 3
+      match:
+        dns.type: answer
+        
-- 
2.47.2