From 3f1a111141ae5e49c63e5f485600b4c59c10db30 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 1 Jul 2019 14:47:00 +0200 Subject: [PATCH] tests: add ipv4.hdr and ipv6.hdr tests --- tests/ipv4-hdr-keyword/input.pcap | Bin 0 -> 86 bytes tests/ipv4-hdr-keyword/test.rules | 1 + tests/ipv4-hdr-keyword/test.yaml | 12 ++++++++++++ tests/ipv4-hdr-keyword/writepcap.py | 10 ++++++++++ tests/ipv6-hdr-keyword-01/input.pcap | Bin 0 -> 106 bytes tests/ipv6-hdr-keyword-01/test.rules | 1 + tests/ipv6-hdr-keyword-01/test.yaml | 12 ++++++++++++ tests/ipv6-hdr-keyword-01/writepcap.py | 10 ++++++++++ tests/ipv6-hdr-keyword-02/input.pcap | Bin 0 -> 130 bytes tests/ipv6-hdr-keyword-02/test.rules | 1 + tests/ipv6-hdr-keyword-02/test.yaml | 12 ++++++++++++ tests/ipv6-hdr-keyword-02/writepcap.py | 10 ++++++++++ 12 files changed, 69 insertions(+) create mode 100644 tests/ipv4-hdr-keyword/input.pcap create mode 100644 tests/ipv4-hdr-keyword/test.rules create mode 100644 tests/ipv4-hdr-keyword/test.yaml create mode 100755 tests/ipv4-hdr-keyword/writepcap.py create mode 100644 tests/ipv6-hdr-keyword-01/input.pcap create mode 100644 tests/ipv6-hdr-keyword-01/test.rules create mode 100644 tests/ipv6-hdr-keyword-01/test.yaml create mode 100755 tests/ipv6-hdr-keyword-01/writepcap.py create mode 100644 tests/ipv6-hdr-keyword-02/input.pcap create mode 100644 tests/ipv6-hdr-keyword-02/test.rules create mode 100644 tests/ipv6-hdr-keyword-02/test.yaml create mode 100755 tests/ipv6-hdr-keyword-02/writepcap.py diff --git a/tests/ipv4-hdr-keyword/input.pcap b/tests/ipv4-hdr-keyword/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b42bb8b289d7db7dd2fc7b0ee1a1d5297239d904 GIT binary patch literal 86 zc-p&ic+)~A1{MYw_+QV!zzC!#H;cr+f5gO~2V{fre=uNRWMXDvZDe3z<6v-QV2}an Wa1h+3abN`lBUs*)A%KCyZUX?e=@&8p literal 0 Hc-jL100001 diff --git a/tests/ipv4-hdr-keyword/test.rules b/tests/ipv4-hdr-keyword/test.rules new file mode 100644 index 000000000..10d00fc6c --- /dev/null +++ b/tests/ipv4-hdr-keyword/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (ipv4.hdr; content:"|00 00|"; offset:4; depth:2; sid:1234;) diff --git a/tests/ipv4-hdr-keyword/test.yaml b/tests/ipv4-hdr-keyword/test.yaml new file mode 100644 index 000000000..b658eca6f --- /dev/null +++ b/tests/ipv4-hdr-keyword/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 5.0.0 + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1234 + diff --git a/tests/ipv4-hdr-keyword/writepcap.py b/tests/ipv4-hdr-keyword/writepcap.py new file mode 100755 index 000000000..96b3fc698 --- /dev/null +++ b/tests/ipv4-hdr-keyword/writepcap.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +from scapy.all import * + +pkts = [] + +pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \ + Dot1Q(vlan=6)/ \ + IP(dst='255.255.255.255', src='192.168.0.1', id=0)/UDP(dport=80) + +wrpcap('input.pcap', pkts) diff --git a/tests/ipv6-hdr-keyword-01/input.pcap b/tests/ipv6-hdr-keyword-01/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f836869f7961b6a8f908e500c2ac28d7588eb779 GIT binary patch literal 106 zc-p&ic+)~A1{MYw_+QV!zzC$f$|Pc!u3}(tVu0ZPV8Fo0#LU9l$iTqXb~gc}oI}uo R0TnP}@J$&47&!ii0|3A25=j66 literal 0 Hc-jL100001 diff --git a/tests/ipv6-hdr-keyword-01/test.rules b/tests/ipv6-hdr-keyword-01/test.rules new file mode 100644 index 000000000..17d7bcccb --- /dev/null +++ b/tests/ipv6-hdr-keyword-01/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (ipv6.hdr; content:"|40|"; offset:7; depth:1; sid:1234;) diff --git a/tests/ipv6-hdr-keyword-01/test.yaml b/tests/ipv6-hdr-keyword-01/test.yaml new file mode 100644 index 000000000..b658eca6f --- /dev/null +++ b/tests/ipv6-hdr-keyword-01/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 5.0.0 + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1234 + diff --git a/tests/ipv6-hdr-keyword-01/writepcap.py b/tests/ipv6-hdr-keyword-01/writepcap.py new file mode 100755 index 000000000..a871541dc --- /dev/null +++ b/tests/ipv6-hdr-keyword-01/writepcap.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +from scapy.all import * + +pkts = [] + +pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \ + Dot1Q(vlan=6)/ \ + IPv6()/UDP(dport=80) + +wrpcap('input.pcap', pkts) diff --git a/tests/ipv6-hdr-keyword-02/input.pcap b/tests/ipv6-hdr-keyword-02/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e872c8e95f6189efb3e4184fc7135cebce57ec1c GIT binary patch literal 130 zc-p&ic+)~A1{MYw_+QV!zzC#cCQHUT74tAe0ofq@9}E~6nV4Bv8yOhb+U_QRlq)be cFrWfPbiNG(BiMLtC@lz+F=Yr~;P@X704v=RWB>pF literal 0 Hc-jL100001 diff --git a/tests/ipv6-hdr-keyword-02/test.rules b/tests/ipv6-hdr-keyword-02/test.rules new file mode 100644 index 000000000..4186008fe --- /dev/null +++ b/tests/ipv6-hdr-keyword-02/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (ipv6.hdr; content:"|11 00 00 00 00 00 00 00|"; offset:40; endswith; sid:1234;) diff --git a/tests/ipv6-hdr-keyword-02/test.yaml b/tests/ipv6-hdr-keyword-02/test.yaml new file mode 100644 index 000000000..b658eca6f --- /dev/null +++ b/tests/ipv6-hdr-keyword-02/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 5.0.0 + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1234 + diff --git a/tests/ipv6-hdr-keyword-02/writepcap.py b/tests/ipv6-hdr-keyword-02/writepcap.py new file mode 100755 index 000000000..dc40cb1da --- /dev/null +++ b/tests/ipv6-hdr-keyword-02/writepcap.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +from scapy.all import * + +pkts = [] + +pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \ + Dot1Q(vlan=6)/ \ + IPv6()/IPv6ExtHdrHopByHop()/IPv6ExtHdrDestOpt()/IPv6ExtHdrRouting()/UDP(dport=80) + +wrpcap('input.pcap', pkts) -- 2.47.2