From 169fd2f285d59574d22ac267480f6b2581cc2352 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 16 Dec 2024 12:50:54 -0600 Subject: [PATCH] test: truncated ipv4 test Test that no src_ip, dest_ip are logged instead of just empty strings. Ticket: https://redmine.openinfosecfoundation.org/issues/7460 --- tests/ipv4-truncated/README.md | 3 +++ tests/ipv4-truncated/decoder-events.rules | 1 + tests/ipv4-truncated/test.yaml | 9 +++++++++ tests/ipv4-truncated/truncated.pcap | Bin 0 -> 1570 bytes 4 files changed, 13 insertions(+) create mode 100644 tests/ipv4-truncated/README.md create mode 100644 tests/ipv4-truncated/decoder-events.rules create mode 100644 tests/ipv4-truncated/test.yaml create mode 100644 tests/ipv4-truncated/truncated.pcap diff --git a/tests/ipv4-truncated/README.md b/tests/ipv4-truncated/README.md new file mode 100644 index 000000000..7e3f006af --- /dev/null +++ b/tests/ipv4-truncated/README.md @@ -0,0 +1,3 @@ +Test that alerts that have unknown IP addresses and ports don't log them. + +Ticket: https://redmine.openinfosecfoundation.org/issues/7460 diff --git a/tests/ipv4-truncated/decoder-events.rules b/tests/ipv4-truncated/decoder-events.rules new file mode 100644 index 000000000..c7ffb2624 --- /dev/null +++ b/tests/ipv4-truncated/decoder-events.rules @@ -0,0 +1 @@ +alert pkthdr any any -> any any (msg:"SURICATA IPv4 truncated packet"; decode-event:ipv4.trunc_pkt; classtype:protocol-command-decode; sid:2200003; rev:2;) diff --git a/tests/ipv4-truncated/test.yaml b/tests/ipv4-truncated/test.yaml new file mode 100644 index 000000000..80d4513c6 --- /dev/null +++ b/tests/ipv4-truncated/test.yaml @@ -0,0 +1,9 @@ +checks: + - filter: + count: 1 + match: + event_type: alert + src_ip: null + dest_ip: null + src_port: null + dest_port: null diff --git a/tests/ipv4-truncated/truncated.pcap b/tests/ipv4-truncated/truncated.pcap new file mode 100644 index 0000000000000000000000000000000000000000..1d7f1c02c6385fba2c3e1bf5a0dd050088dbb98a GIT binary patch literal 1570 zc-p&ic+)~A1{MYcU}0bclAnqb($(g%F#KX=0ONqy-)dil