diff --git a/tests/dns-over-http2/README.md b/tests/dns-over-http2/README.md new file mode 100644 index 000000000..f9fb01d63 --- /dev/null +++ b/tests/dns-over-http2/README.md @@ -0,0 +1,9 @@ +# Description + +Test DNS over HTTP2 +https://redmine.openinfosecfoundation.org/issues/5773 + +# PCAP + +The pcap comes from https://redmine.openinfosecfoundation.org/issues/5773 + diff --git a/tests/dns-over-http2/dns_over_https.pcap b/tests/dns-over-http2/dns_over_https.pcap new file mode 100644 index 000000000..afc2809a4 Binary files /dev/null and b/tests/dns-over-http2/dns_over_https.pcap differ diff --git a/tests/dns-over-http2/test.rules b/tests/dns-over-http2/test.rules new file mode 100644 index 000000000..deebb56d5 --- /dev/null +++ b/tests/dns-over-http2/test.rules @@ -0,0 +1,2 @@ +alert http2 any any -> any any (http.uri; content: "/dns"; sid:10; ) +alert dns any any -> any any (dns.query; content: "www.gstatic.com"; sid:20; ) diff --git a/tests/dns-over-http2/test.yaml b/tests/dns-over-http2/test.yaml new file mode 100644 index 000000000..22161e704 --- /dev/null +++ b/tests/dns-over-http2/test.yaml @@ -0,0 +1,47 @@ +requires: + min-version: 8.0.0 + +# disables checksum verification +args: + - -k none + +checks: + - filter: + count: 4 + match: + event_type: alert + alert.signature_id: 10 + - filter: + count: 2 + match: + event_type: alert + alert.signature_id: 20 + - filter: + count: 2 + match: + event_type: dns + dns.type: query + dns.rrname: www.gstatic.com + - filter: + count: 2 + match: + event_type: dns + dns.type: query + dns.rrname: nav-edge.smartscreen.microsoft.com + - filter: + count: 2 + match: + event_type: dns + dns.type: answer + dns.rrname: www.gstatic.com + - filter: + count: 2 + match: + event_type: dns + dns.type: answer + dns.rrname: nav-edge.smartscreen.microsoft.com + - filter: + count: 1 + match: + event_type: flow + app_proto: http2