From 9c0102c0ca5effd0ecf9c7215606c6703fd87a8e Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 5 Nov 2020 07:44:53 -0500
Subject: [PATCH] tests: ICMPv4 header tests

---
 tests/icmp-hdr-01/input.pcap  | Bin 0 -> 100 bytes
 tests/icmp-hdr-01/input.rules |   1 +
 tests/icmp-hdr-01/test.yaml   |  11 +++++++++++
 tests/icmp-hdr-02/input.pcap  | Bin 0 -> 110 bytes
 tests/icmp-hdr-02/input.rules |   1 +
 tests/icmp-hdr-02/test.yaml   |  11 +++++++++++
 6 files changed, 24 insertions(+)
 create mode 100644 tests/icmp-hdr-01/input.pcap
 create mode 100644 tests/icmp-hdr-01/input.rules
 create mode 100644 tests/icmp-hdr-01/test.yaml
 create mode 100644 tests/icmp-hdr-02/input.pcap
 create mode 100644 tests/icmp-hdr-02/input.rules
 create mode 100644 tests/icmp-hdr-02/test.yaml

diff --git a/tests/icmp-hdr-01/input.pcap b/tests/icmp-hdr-01/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..170b5e89d7cd3ac080ee79fbc8298b43e888f22c
GIT binary patch
literal 100
zc-p&ic+)~A1{MYcU}0bck{pwZoMzi{G1vgvAp9Q;7`R<GfB(b5;L5<DvhXeg10&<s
YEWUscCy*Q`!{kIpCI&7Lp8*8`00CbZjQ{`u

literal 0
Hc-jL100001

diff --git a/tests/icmp-hdr-01/input.rules b/tests/icmp-hdr-01/input.rules
new file mode 100644
index 000000000..1b5c89535
--- /dev/null
+++ b/tests/icmp-hdr-01/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content:"|0a 0e 50 54 42|"; sid:1; rev:1;)
diff --git a/tests/icmp-hdr-01/test.yaml b/tests/icmp-hdr-01/test.yaml
new file mode 100644
index 000000000..15983c6af
--- /dev/null
+++ b/tests/icmp-hdr-01/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 0
+      icmp_type: 9
diff --git a/tests/icmp-hdr-02/input.pcap b/tests/icmp-hdr-02/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..bf5c4e573e6bd7af6607a1352b578ab6f4732556
GIT binary patch
literal 110
zc-p&ic+)~A1{MZ55MW?n1XAI;TO+<N=VovNvO##&?lTOG0w9t}fP=x6fx&{&f`Q>b
q<I*Wy)eKBP%*e_pybnk-1LaZ}SQ!}pF|HB-iL(F!2g8+vAY%c~jTK7(

literal 0
Hc-jL100001

diff --git a/tests/icmp-hdr-02/input.rules b/tests/icmp-hdr-02/input.rules
new file mode 100644
index 000000000..b8c187dc5
--- /dev/null
+++ b/tests/icmp-hdr-02/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content: "|be 0a 7b 00 03|"; sid:1; rev:1;)
diff --git a/tests/icmp-hdr-02/test.yaml b/tests/icmp-hdr-02/test.yaml
new file mode 100644
index 000000000..8b5f98f27
--- /dev/null
+++ b/tests/icmp-hdr-02/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 1
+      icmp_type: 5
-- 
2.47.2