Add test for multi-dns request without response in-between.

diff --git a/dns-udp-double-request-response/README.txt b/dns-udp-double-request-response/README.txt
new file mode 100644 (file)
index 0000000..d0a46a6
--- /dev/null
+++ b/dns-udp-double-request-response/README.txt
@@ -0,0 +1,8 @@
+Test 2 UDP DNS requests followed back to back with no response, then
+the 2 responses being received.
+
+Prior to Suricata 3.2 the first request would be marked as having a
+reply lost when the second request was seen.
+
+Related issue:
+https://redmine.openinfosecfoundation.org/issues/1923

diff --git a/dns-udp-double-request-response/dns-udp-double-request-response.pcap b/dns-udp-double-request-response/dns-udp-double-request-response.pcap
new file mode 100644 (file)
index 0000000..43b47e6
Binary files /dev/null and b/dns-udp-double-request-response/dns-udp-double-request-response.pcap differ

diff --git a/dns-udp-double-request-response/verify.sh b/dns-udp-double-request-response/verify.sh
new file mode 100755 (executable)
index 0000000..fbee97b
--- /dev/null
+++ b/dns-udp-double-request-response/verify.sh
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+# Check queries.
+c=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l)
+if [ "${c}" != 2 ]; then
+    echo "error: expected 2 DNS queries, got ${c}"
+    exit 1
+fi
+
+# Check answer count.
+c=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l)
+if [ "${c}" != 9 ]; then
+    echo "error: expected 9 DNS answers, got ${c}"
+    exit 1
+fi