tests: add test for bug-7752 backport

author Juliana Fajardini <jufajardini@oisf.net>

Fri, 11 Jul 2025 21:49:06 +0000 (18:49 -0300)

committer Victor Julien <victor@inliniac.net>

Mon, 18 Aug 2025 13:29:54 +0000 (15:29 +0200)
author Juliana Fajardini <jufajardini@oisf.net>
Fri, 11 Jul 2025 21:49:06 +0000 (18:49 -0300)
committer Victor Julien <victor@inliniac.net>
Mon, 18 Aug 2025 13:29:54 +0000 (15:29 +0200)
diff --git a/tests/bug-4571-03-pre-8/README.md b/tests/bug-4571-03-pre-8/README.md

new file mode 100644 (file)

index 0000000..e0a45c4
--- /dev/null
+++ b/tests/bug-4571-03-pre-8/README.md
@@ -0,0 +1,13 @@
+# Test
+
+Check for proper engine behavior for IPv6 over IPv6 tunneling, including the
+setting of the parent flow in such cases.
+
+## Pcap
+
+Shared by reporter on Redmine ticket.
+
+## Ticket
+
+https://redmine.openinfosecfoundation.org/issues/7752
+https://redmine.openinfosecfoundation.org/issues/7777
diff --git a/tests/bug-4571-03-pre-8/suricata.yaml b/tests/bug-4571-03-pre-8/suricata.yaml

new file mode 100644 (file)

index 0000000..360204f
--- /dev/null
+++ b/tests/bug-4571-03-pre-8/suricata.yaml
@@ -0,0 +1,28 @@
+%YAML 1.1
+---
+decoder:
+  ipv6:
+    ipip-ipv6:
+      track-parent-flow: true
+
+stats:
+  enabled: yes
+  interval: 8
+
+logging:
+  default-log-level: notice
+  default-output-filter:
+  outputs:
+  - console:
+      enabled: yes
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - alert
+        - drop:
+            alerts: yes
+        - flow
diff --git a/tests/bug-4571-03-pre-8/test.rules b/tests/bug-4571-03-pre-8/test.rules

new file mode 100644 (file)

index 0000000..859286d
--- /dev/null
+++ b/tests/bug-4571-03-pre-8/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"found"; content: "hello"; sid:1;)
diff --git a/tests/bug-4571-03-pre-8/test.yaml b/tests/bug-4571-03-pre-8/test.yaml

new file mode 100644 (file)

index 0000000..1d28721
--- /dev/null
+++ b/tests/bug-4571-03-pre-8/test.yaml
@@ -0,0 +1,42 @@
+requires:
+  min-version: 7.0.12
+
+pcap: ../bug-4571-03/ipv6_over_ipv6.pcap
+
+args:
+- -k none
+- --simulate-ips
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pkt_src: ipv6 tunnel
+        proto: TCP
+        src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:8334
+        dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:8335
+        tunnel.src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+        tunnel.dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7335
+        tunnel.proto: IPv6
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: TCP
+        src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:8334
+        dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:8335
+        flow.alerted: true
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: IPv6
+        src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+        dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7335
+  - filter:
+      count: 2
+      match:
+        event_type: flow
diff --git a/tests/bug-4571-06-pre-8/README.md b/tests/bug-4571-06-pre-8/README.md

new file mode 100644 (file)

index 0000000..01e22d6
--- /dev/null
+++ b/tests/bug-4571-06-pre-8/README.md
@@ -0,0 +1,11 @@
+# Test
+
+Check for proper engine behavior for IPv4 over IPv6 tunneling.
+
+## Pcap
+
+Shared by reporter on Redmine ticket.
+
+## Ticket
+
+https://redmine.openinfosecfoundation.org/issues/4571
diff --git a/tests/bug-4571-06-pre-8/suricata.yaml b/tests/bug-4571-06-pre-8/suricata.yaml

new file mode 100644 (file)

index 0000000..8ed10d7
--- /dev/null
+++ b/tests/bug-4571-06-pre-8/suricata.yaml
@@ -0,0 +1,29 @@
+%YAML 1.1
+---
+
+decoder:
+  ipv6:
+    ipip-ipv4:
+      track-parent-flow: true
+
+stats:
+  enabled: yes
+  interval: 8
+
+logging:
+  default-log-level: notice
+  default-output-filter:
+  outputs:
+  - console:
+      enabled: yes
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - alert
+        - drop:
+            alerts: yes
+        - flow
diff --git a/tests/bug-4571-06-pre-8/test.rules b/tests/bug-4571-06-pre-8/test.rules

new file mode 100644 (file)

index 0000000..859286d
--- /dev/null
+++ b/tests/bug-4571-06-pre-8/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"found"; content: "hello"; sid:1;)
diff --git a/tests/bug-4571-06-pre-8/test.yaml b/tests/bug-4571-06-pre-8/test.yaml

new file mode 100644 (file)

index 0000000..3899289
--- /dev/null
+++ b/tests/bug-4571-06-pre-8/test.yaml
@@ -0,0 +1,39 @@
+requires:
+  min-version: 7.0.12
+
+pcap: ../bug-4571-06/ipv4_over_ipv6.pcap
+
+args:
+- -k none
+- --simulate-ips
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        proto: TCP
+        pkt_src: ipv6 tunnel
+        src_ip: 10.1.0.1
+        dest_ip: 10.1.0.2
+        tunnel.src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+        tunnel.dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7335
+        tunnel.proto: IP-in-IP
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: TCP
+        src_ip: 10.1.0.1
+        dest_ip: 10.1.0.2
+        flow.alerted: true
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: IP-in-IP
+        src_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+        dest_ip: 2001:0db8:85a3:0000:0000:8a2e:0370:7335
+        flow.alerted: false
author	Juliana Fajardini <jufajardini@oisf.net>
	Fri, 11 Jul 2025 21:49:06 +0000 (18:49 -0300)
committer	Victor Julien <victor@inliniac.net>
	Mon, 18 Aug 2025 13:29:54 +0000 (15:29 +0200)
tests/bug-4571-03-pre-8/README.md	[new file with mode: 0644]	patch \| blob
tests/bug-4571-03-pre-8/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/bug-4571-03-pre-8/test.rules	[new file with mode: 0644]	patch \| blob
tests/bug-4571-03-pre-8/test.yaml	[new file with mode: 0644]	patch \| blob
tests/bug-4571-06-pre-8/README.md	[new file with mode: 0644]	patch \| blob
tests/bug-4571-06-pre-8/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/bug-4571-06-pre-8/test.rules	[new file with mode: 0644]	patch \| blob
tests/bug-4571-06-pre-8/test.yaml	[new file with mode: 0644]	patch \| blob