From 336260f1d6154b18f9d38710974a504062754c0a Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 5 Mar 2020 08:25:36 -0500
Subject: [PATCH] tests: ERSPAN Type I packet decode if config

This commit adds tests for ERSPAN Type I decoding based on configuration
settings.
---
 tests/decode-erspan-typeI-02/README.md  |   1 +
 tests/decode-erspan-typeI-02/input.pcap | Bin 0 -> 6576 bytes
 tests/decode-erspan-typeI-02/test.yaml  |  35 ++++++++++++++++++++++++
 tests/decode-erspan-typeI-03/README.md  |   1 +
 tests/decode-erspan-typeI-03/input.pcap | Bin 0 -> 6576 bytes
 tests/decode-erspan-typeI-03/test.yaml  |  18 ++++++++++++
 6 files changed, 55 insertions(+)
 create mode 100644 tests/decode-erspan-typeI-02/README.md
 create mode 100644 tests/decode-erspan-typeI-02/input.pcap
 create mode 100644 tests/decode-erspan-typeI-02/test.yaml
 create mode 100644 tests/decode-erspan-typeI-03/README.md
 create mode 100644 tests/decode-erspan-typeI-03/input.pcap
 create mode 100644 tests/decode-erspan-typeI-03/test.yaml

diff --git a/tests/decode-erspan-typeI-02/README.md b/tests/decode-erspan-typeI-02/README.md
new file mode 100644
index 000000000..18aaf211d
--- /dev/null
+++ b/tests/decode-erspan-typeI-02/README.md
@@ -0,0 +1 @@
+Ensure ERSPAN Type I packets are decoded when configured
diff --git a/tests/decode-erspan-typeI-02/input.pcap b/tests/decode-erspan-typeI-02/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..961075040b145e070ef1b8f75411d3c3aaff35d9
GIT binary patch
literal 6576
zc-pPlSxD4T6vy%Ff*DknW~HTNWoDVCGdh!wHkR5$K^O)>ltn`H5K-1cw4hLs&`TuL
z<W|1*5>eP{TDj%E%qT^HMGkJcmw`xi&g~D!SMNOo4ubRZ|K-DfmjAeFo;>gr-hyu4
z!UOK#4~-nDEL|jS!teM~o0WE>*pXKrUs(OlSELJZ6(5@tQ{kDDE&Ot_|KtmCqYD3C
z9}o8#mPh%*Yf3&c>&|t%Nb%?~<z#y{=45-F@)dt~9_SXacnth6Ti`f&Te{3YV0qw*
zm8*h+SFZ^PUAr!9{f3R<n<6$xZrK{OEjng<Y@Ep)pJ2h=;j;O*32{^`biiW^{N2#j
z|G#ZGL<qab+am13J|Py^b=qoR7hJ~Ub~hc}x^u~`KLy(2YK*p2g|;(XZh6wpN^WCX
zZMCqQW;);Q-j;6R<hBCaOtnVaGKIEeCbu7c=vMuZ+(Nb5>R|Vo$<1*P-CQTgZPW&B
z<~pOzs?e6p<#tTE9U`}Bt+sl`=c(hAblXpEvq{hvUvIQUDzxq6a&x0wm6P1OZ8~iY
zu<K<y-|p=}H|JS$8%%_@ga)H6NuljHliSEz>E<A}39Ysdu<Pe?bE8|Alid8VO&&w#
zH3WBwTyCT2_NIy4g0<QjVK>a=Run4T?vdND722$gMw>;U?IM%gXtH#>L~c`BZB2~N
z)1pG@wvpUsEYP;2$!LpEXgkK`Hj8eRmE`7W)oE*nT@=&%LU94Qb;gjJI|14fn-yO}
zaF@m8Hg-q4g^}BcR$B|~W|_{n;tJ{JMQ)3+Evdz5^H*q#;BxCjx7RLm3)E_Bg`Jbh
zt>g&0bsU~^y<mnmTdU%02<|R0xsAKf?N#5L>jka0HrPGoa;rhN_Fv>?!?xr$qwQPC
z{M!afncO}}w_b8f(`svnT|Sdr=@sdgL~c<gXiI4~+Qt>y0+`OXiF48|gWSwoZ5@o?
zhm@T}x3)}jv&KQ&&JLsPyF%L!rt@v$C%V0?B{#cPTPN%Wx!m5NTkCIfTM!Fv_D-WM
zpmhFio0-nHNnh#qnB4rd+PYvD$n-hneuQ+pMQ)QZ(3aYz_!+5-@%xa;FX;B-3%Si`
zwK-wu$K`fey4lFBHyYY@IgPd*3T<51r&H&pTN=6bYqhyx=fmXo;553m>?JoJY}@Tp
zyavQwG?&|T>1HCgC0cFWu#04JD>tKC^EGn&8U<}>-9}r2LR%)6+gEgZ{*l}UwAy-L
n=Vp3eD7Q$rd~yrIw)7sOZMJ0oZCsy2ezu|8vmtT|(`x$%dN}GJ

literal 0
Hc-jL100001

diff --git a/tests/decode-erspan-typeI-02/test.yaml b/tests/decode-erspan-typeI-02/test.yaml
new file mode 100644
index 000000000..eb966e6ef
--- /dev/null
+++ b/tests/decode-erspan-typeI-02/test.yaml
@@ -0,0 +1,35 @@
+requires:
+
+  min-version: 5.0.0
+
+
+args:
+    - --set decoder.erspan.typeI.enabled=true
+
+checks:
+
+    - filter:
+        count: 2
+        match:
+            event_type: flow
+
+    - filter:
+        count: 1
+        match:
+            event_type: flow
+            src_ip: 100.95.2.201
+            proto: ICMP
+            vlan: [1011]
+
+    - filter:
+        count: 1
+        match:
+            event_type: flow
+            src_ip: 100.95.3.105
+            proto: ICMP
+            vlan: [999]
+
+    - stats:
+        decoder.ipv4: 84
+        decoder.gre: 42
+        decoder.erspan: 42
diff --git a/tests/decode-erspan-typeI-03/README.md b/tests/decode-erspan-typeI-03/README.md
new file mode 100644
index 000000000..18aaf211d
--- /dev/null
+++ b/tests/decode-erspan-typeI-03/README.md
@@ -0,0 +1 @@
+Ensure ERSPAN Type I packets are decoded when configured
diff --git a/tests/decode-erspan-typeI-03/input.pcap b/tests/decode-erspan-typeI-03/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..961075040b145e070ef1b8f75411d3c3aaff35d9
GIT binary patch
literal 6576
zc-pPlSxD4T6vy%Ff*DknW~HTNWoDVCGdh!wHkR5$K^O)>ltn`H5K-1cw4hLs&`TuL
z<W|1*5>eP{TDj%E%qT^HMGkJcmw`xi&g~D!SMNOo4ubRZ|K-DfmjAeFo;>gr-hyu4
z!UOK#4~-nDEL|jS!teM~o0WE>*pXKrUs(OlSELJZ6(5@tQ{kDDE&Ot_|KtmCqYD3C
z9}o8#mPh%*Yf3&c>&|t%Nb%?~<z#y{=45-F@)dt~9_SXacnth6Ti`f&Te{3YV0qw*
zm8*h+SFZ^PUAr!9{f3R<n<6$xZrK{OEjng<Y@Ep)pJ2h=;j;O*32{^`biiW^{N2#j
z|G#ZGL<qab+am13J|Py^b=qoR7hJ~Ub~hc}x^u~`KLy(2YK*p2g|;(XZh6wpN^WCX
zZMCqQW;);Q-j;6R<hBCaOtnVaGKIEeCbu7c=vMuZ+(Nb5>R|Vo$<1*P-CQTgZPW&B
z<~pOzs?e6p<#tTE9U`}Bt+sl`=c(hAblXpEvq{hvUvIQUDzxq6a&x0wm6P1OZ8~iY
zu<K<y-|p=}H|JS$8%%_@ga)H6NuljHliSEz>E<A}39Ysdu<Pe?bE8|Alid8VO&&w#
zH3WBwTyCT2_NIy4g0<QjVK>a=Run4T?vdND722$gMw>;U?IM%gXtH#>L~c`BZB2~N
z)1pG@wvpUsEYP;2$!LpEXgkK`Hj8eRmE`7W)oE*nT@=&%LU94Qb;gjJI|14fn-yO}
zaF@m8Hg-q4g^}BcR$B|~W|_{n;tJ{JMQ)3+Evdz5^H*q#;BxCjx7RLm3)E_Bg`Jbh
zt>g&0bsU~^y<mnmTdU%02<|R0xsAKf?N#5L>jka0HrPGoa;rhN_Fv>?!?xr$qwQPC
z{M!afncO}}w_b8f(`svnT|Sdr=@sdgL~c<gXiI4~+Qt>y0+`OXiF48|gWSwoZ5@o?
zhm@T}x3)}jv&KQ&&JLsPyF%L!rt@v$C%V0?B{#cPTPN%Wx!m5NTkCIfTM!Fv_D-WM
zpmhFio0-nHNnh#qnB4rd+PYvD$n-hneuQ+pMQ)QZ(3aYz_!+5-@%xa;FX;B-3%Si`
zwK-wu$K`fey4lFBHyYY@IgPd*3T<51r&H&pTN=6bYqhyx=fmXo;553m>?JoJY}@Tp
zyavQwG?&|T>1HCgC0cFWu#04JD>tKC^EGn&8U<}>-9}r2LR%)6+gEgZ{*l}UwAy-L
n=Vp3eD7Q$rd~yrIw)7sOZMJ0oZCsy2ezu|8vmtT|(`x$%dN}GJ

literal 0
Hc-jL100001

diff --git a/tests/decode-erspan-typeI-03/test.yaml b/tests/decode-erspan-typeI-03/test.yaml
new file mode 100644
index 000000000..cfed3ce78
--- /dev/null
+++ b/tests/decode-erspan-typeI-03/test.yaml
@@ -0,0 +1,18 @@
+requires:
+
+  min-version: 5
+  lt-version: 6
+
+
+args:
+    - --set decoder.erspan.typeI.enabled=false
+
+checks:
+
+    - filter:
+        count: 0
+        match:
+            event_type: flow
+
+    - stats:
+        decoder.erspan: 0
-- 
2.47.2