diff --git a/tests/7.0/bug-1158/test.yaml b/tests/7.0/bug-1158/test.yaml index 04b87a23a..842ca6814 100644 --- a/tests/7.0/bug-1158/test.yaml +++ b/tests/7.0/bug-1158/test.yaml @@ -1,4 +1,5 @@ requires: + lt-version: 8 min-version: 7 args: diff --git a/tests/7.0/bug-856/test.yaml b/tests/7.0/bug-856/test.yaml index f8a2c9428..8e3d29a6e 100644 --- a/tests/7.0/bug-856/test.yaml +++ b/tests/7.0/bug-856/test.yaml @@ -1,6 +1,7 @@ pcap: ../../dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap requires: + lt-version: 8 min-version: 6 args: diff --git a/tests/7.0/bug-990/test.yaml b/tests/7.0/bug-990/test.yaml index 4499ae802..cf890a618 100644 --- a/tests/7.0/bug-990/test.yaml +++ b/tests/7.0/bug-990/test.yaml @@ -1,3 +1,6 @@ +requires: + lt-version: 8 + args: - -k none diff --git a/tests/7.0/decode-teredo-01/test.yaml b/tests/7.0/decode-teredo-01/test.yaml index fa107662a..352db7671 100644 --- a/tests/7.0/decode-teredo-01/test.yaml +++ b/tests/7.0/decode-teredo-01/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 7 + lt-version: 8 args: - -k none diff --git a/tests/7.0/dns-eve-log-https-only/test.yaml b/tests/7.0/dns-eve-log-https-only/test.yaml index 43aaf832e..d048cd9ab 100644 --- a/tests/7.0/dns-eve-log-https-only/test.yaml +++ b/tests/7.0/dns-eve-log-https-only/test.yaml @@ -1,3 +1,6 @@ +requires: + lt-version: 8 + checks: # Check that we only have requests and responses for HTTPS records. - filter: diff --git a/tests/7.0/dns-eve-type-filtering/test.yaml b/tests/7.0/dns-eve-type-filtering/test.yaml index 24dc33066..d5d3ace70 100644 --- a/tests/7.0/dns-eve-type-filtering/test.yaml +++ b/tests/7.0/dns-eve-type-filtering/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 4.1 + lt-version: 8 checks: diff --git a/tests/7.0/dns-eve/test.yaml b/tests/7.0/dns-eve/test.yaml index ef6d02622..1bc9c57af 100644 --- a/tests/7.0/dns-eve/test.yaml +++ b/tests/7.0/dns-eve/test.yaml @@ -1,6 +1,5 @@ requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-incomplete/test.yaml b/tests/7.0/dns-incomplete/test.yaml index 85a743807..6745b4afc 100644 --- a/tests/7.0/dns-incomplete/test.yaml +++ b/tests/7.0/dns-incomplete/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 6.0 + lt-version: 8 # disables checksum verification args: diff --git a/tests/7.0/dns-json-log/expected/dns.json b/tests/7.0/dns-json-log/expected/dns.json deleted file mode 100644 index afec32e8f..000000000 --- a/tests/7.0/dns-json-log/expected/dns.json +++ /dev/null @@ -1,9 +0,0 @@ -{"timestamp":"2016-05-24T23:27:01.960780+0000","flow_id":15684738590988,"pcap_cnt":1,"event_type":"dns","src_ip":"10.16.1.11","src_port":53679,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39339,"rrname":"client-cf.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:02.333141+0000","flow_id":15684738590988,"pcap_cnt":2,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":53679,"proto":"UDP","dns":{"type":"answer","id":39339,"rcode":"NOERROR","rrname":"client-cf.dropbox.com","rrtype":"A","ttl":47,"rdata":"52.85.112.21"}} -{"timestamp":"2016-05-24T23:27:02.832606+0000","flow_id":542660046009438,"pcap_cnt":3,"event_type":"dns","src_ip":"10.16.1.11","src_port":49697,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3407,"rrname":"block.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:03.085375+0000","flow_id":1585332076629375,"pcap_cnt":4,"event_type":"dns","src_ip":"10.16.1.11","src_port":33458,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44779,"rrname":"codemonkey.net","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:03.213624+0000","flow_id":542660046009438,"pcap_cnt":5,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":49697,"proto":"UDP","dns":{"type":"answer","id":3407,"rcode":"NOERROR","rrname":"block.dropbox.com","rrtype":"CNAME","ttl":9,"rdata":"block.g1.dropbox.com"}} -{"timestamp":"2016-05-24T23:27:03.213624+0000","flow_id":542660046009438,"pcap_cnt":5,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":49697,"proto":"UDP","dns":{"type":"answer","id":3407,"rcode":"NOERROR","rrname":"block.g1.dropbox.com","rrtype":"A","ttl":8,"rdata":"45.58.70.33"}} -{"timestamp":"2016-05-24T23:27:03.493333+0000","flow_id":1585332076629375,"pcap_cnt":6,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":33458,"proto":"UDP","dns":{"type":"answer","id":44779,"rcode":"NOERROR","rrname":"codemonkey.net","rrtype":"A","ttl":435,"rdata":"104.131.202.103"}} -{"timestamp":"2016-05-24T23:27:04.653864+0000","flow_id":848126710184488,"pcap_cnt":7,"event_type":"dns","src_ip":"10.16.1.11","src_port":57634,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14681,"rrname":"client-cf.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:04.654238+0000","flow_id":848126710184488,"pcap_cnt":8,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":57634,"proto":"UDP","dns":{"type":"answer","id":14681,"rcode":"NOERROR","rrname":"client-cf.dropbox.com","rrtype":"A","ttl":45,"rdata":"52.85.112.21"}} diff --git a/tests/7.0/dns-json-log/suricata.yaml b/tests/7.0/dns-json-log/suricata.yaml deleted file mode 100644 index 4daa2b75f..000000000 --- a/tests/7.0/dns-json-log/suricata.yaml +++ /dev/null @@ -1,8 +0,0 @@ -%YAML 1.1 ---- - -outputs: - - dns-json-log: - version: 1 - enabled: yes - filename: dns.json diff --git a/tests/7.0/dns-json-log/test.yaml b/tests/7.0/dns-json-log/test.yaml deleted file mode 100644 index 8bea7cd6e..000000000 --- a/tests/7.0/dns-json-log/test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -pcap: ../../dns-eve/input.pcap - -requires: - lt-version: 6 - features: - - HAVE_LIBJANSSON - -checks: - - filter: - count: 9 - filename: dns.json - match: - event_type: dns - - filter: - count: 4 - filename: dns.json - match: - event_type: dns - dns.type: query - - filter: - count: 5 - filename: dns.json - match: - event_type: dns - dns.type: answer diff --git a/tests/7.0/dns-reversed-tcp-1/test.yaml b/tests/7.0/dns-reversed-tcp-1/test.yaml index 025ebfcc0..7795fbb8e 100644 --- a/tests/7.0/dns-reversed-tcp-1/test.yaml +++ b/tests/7.0/dns-reversed-tcp-1/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 5.0.0 + lt-version: 8 args: - --set stream.midstream=true diff --git a/tests/7.0/dns-reversed-udp-1/test.yaml b/tests/7.0/dns-reversed-udp-1/test.yaml index 70875fa51..38aa5f490 100644 --- a/tests/7.0/dns-reversed-udp-1/test.yaml +++ b/tests/7.0/dns-reversed-udp-1/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 5.0.0 + lt-version: 8 args: - --set stream.midstream=true diff --git a/tests/7.0/dns-single-request/test.yaml b/tests/7.0/dns-single-request/test.yaml index 9ab1066c0..dcd1c5586 100644 --- a/tests/7.0/dns-single-request/test.yaml +++ b/tests/7.0/dns-single-request/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-single-request-v1/input.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-tcp-multirequest-buffer/test.yaml b/tests/7.0/dns-tcp-multirequest-buffer/test.yaml index 9bdb3c8b4..90f704e7a 100644 --- a/tests/7.0/dns-tcp-multirequest-buffer/test.yaml +++ b/tests/7.0/dns-tcp-multirequest-buffer/test.yaml @@ -1,6 +1,5 @@ requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-tcp-ts-gap/test.yaml b/tests/7.0/dns-tcp-ts-gap/test.yaml index 2a8791658..3a08d15ee 100644 --- a/tests/7.0/dns-tcp-ts-gap/test.yaml +++ b/tests/7.0/dns-tcp-ts-gap/test.yaml @@ -1,8 +1,7 @@ requires: # App-layer gap handling didn't happen until v4. min-version: 4.0.0 - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-tcp-www-google-com/test.yaml b/tests/7.0/dns-tcp-www-google-com/test.yaml index dc6dcc8d0..576a63c20 100644 --- a/tests/7.0/dns-tcp-www-google-com/test.yaml +++ b/tests/7.0/dns-tcp-www-google-com/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-tcp-www-google-com-v1/dns.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-double-request-response/test.yaml b/tests/7.0/dns-udp-double-request-response/test.yaml index 5a6bd680f..375b6908b 100644 --- a/tests/7.0/dns-udp-double-request-response/test.yaml +++ b/tests/7.0/dns-udp-double-request-response/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-eve-log-aaaa-only/test.yaml b/tests/7.0/dns-udp-eve-log-aaaa-only/test.yaml index 939cdb3e5..01d7d562c 100644 --- a/tests/7.0/dns-udp-eve-log-aaaa-only/test.yaml +++ b/tests/7.0/dns-udp-eve-log-aaaa-only/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-eve-log-answer-only/test.yaml b/tests/7.0/dns-udp-eve-log-answer-only/test.yaml index 203db7461..a9e4396aa 100644 --- a/tests/7.0/dns-udp-eve-log-answer-only/test.yaml +++ b/tests/7.0/dns-udp-eve-log-answer-only/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-eve-log-mx-only/test.yaml b/tests/7.0/dns-udp-eve-log-mx-only/test.yaml index db9a4aa12..1616cea8d 100644 --- a/tests/7.0/dns-udp-eve-log-mx-only/test.yaml +++ b/tests/7.0/dns-udp-eve-log-mx-only/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-eve-log-query-only/test.yaml b/tests/7.0/dns-udp-eve-log-query-only/test.yaml index 7808c3b1c..b709e58d3 100644 --- a/tests/7.0/dns-udp-eve-log-query-only/test.yaml +++ b/tests/7.0/dns-udp-eve-log-query-only/test.yaml @@ -1,8 +1,7 @@ pcap: ../../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap requires: - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-eve-log-srv/test.yaml b/tests/7.0/dns-udp-eve-log-srv/test.yaml index a1791329a..10819d3cc 100644 --- a/tests/7.0/dns-udp-eve-log-srv/test.yaml +++ b/tests/7.0/dns-udp-eve-log-srv/test.yaml @@ -1,5 +1,6 @@ requires: min-version: 7 + lt-version: 8 args: - -k none diff --git a/tests/7.0/dns-udp-eve-v2-dig/test.yaml b/tests/7.0/dns-udp-eve-v2-dig/test.yaml index 09b598ac9..a8ab795d2 100644 --- a/tests/7.0/dns-udp-eve-v2-dig/test.yaml +++ b/tests/7.0/dns-udp-eve-v2-dig/test.yaml @@ -1,5 +1,8 @@ pcap: ../../cond-log-dns-dig/input.pcap +requires: + lt-version: 8 + checks: - filter: count: 2 diff --git a/tests/7.0/dns-udp-eve-v2-txt/test.yaml b/tests/7.0/dns-udp-eve-v2-txt/test.yaml index 5f7461fc7..1c4af50aa 100644 --- a/tests/7.0/dns-udp-eve-v2-txt/test.yaml +++ b/tests/7.0/dns-udp-eve-v2-txt/test.yaml @@ -1,4 +1,5 @@ -# *** Add configuration here *** +requires: + lt-version: 8 checks: - filter: diff --git a/tests/7.0/dns-udp-junkrequest-first/test.yaml b/tests/7.0/dns-udp-junkrequest-first/test.yaml index f4860936b..acc677b54 100644 --- a/tests/7.0/dns-udp-junkrequest-first/test.yaml +++ b/tests/7.0/dns-udp-junkrequest-first/test.yaml @@ -1,7 +1,6 @@ requires: min-version: 7 - features: - - HAVE_LIBJANSSON + lt-version: 8 checks: diff --git a/tests/7.0/dns-udp-null/test.yaml b/tests/7.0/dns-udp-null/test.yaml index 46ea076c4..05928735f 100644 --- a/tests/7.0/dns-udp-null/test.yaml +++ b/tests/7.0/dns-udp-null/test.yaml @@ -1,4 +1,5 @@ requires: + lt-version: 8 min-version: 7 checks: diff --git a/tests/7.0/dns-udp-unsolicited-response/test.yaml b/tests/7.0/dns-udp-unsolicited-response/test.yaml index 65836ac1c..d32711d32 100644 --- a/tests/7.0/dns-udp-unsolicited-response/test.yaml +++ b/tests/7.0/dns-udp-unsolicited-response/test.yaml @@ -1,3 +1,6 @@ +requires: + lt-version: 8 + pcap: ../../dns-udp-unsolicited-response-v1/dns-response-2x.pcap checks: diff --git a/tests/7.0/dns-z-bit/test.yaml b/tests/7.0/dns-z-bit/test.yaml index bb5c377dd..f28ee4fbe 100644 --- a/tests/7.0/dns-z-bit/test.yaml +++ b/tests/7.0/dns-z-bit/test.yaml @@ -1,3 +1,6 @@ +requires: + lt-version: 8 + args: - -k none diff --git a/tests/7.0/dns/dns-invalid-opcode/test.yaml b/tests/7.0/dns/dns-invalid-opcode/test.yaml index de64bae65..6c4f58dfa 100644 --- a/tests/7.0/dns/dns-invalid-opcode/test.yaml +++ b/tests/7.0/dns/dns-invalid-opcode/test.yaml @@ -1,4 +1,5 @@ requires: + lt-version: 8 min-version: 7 args: diff --git a/tests/7.0/vxlan-decoder-03/test.yaml b/tests/7.0/vxlan-decoder-03/test.yaml index d8b017df3..115b77a3f 100644 --- a/tests/7.0/vxlan-decoder-03/test.yaml +++ b/tests/7.0/vxlan-decoder-03/test.yaml @@ -1,7 +1,6 @@ requires: - features: - - HAVE_LIBJANSSON - - RUST + lt-version: 8 + args: - --set decoder.vxlan.enabled=true diff --git a/tests/bug-4953/test.yaml b/tests/bug-4953/test.yaml index 9e4577edc..761f6cea8 100644 --- a/tests/bug-4953/test.yaml +++ b/tests/bug-4953/test.yaml @@ -16,16 +16,6 @@ checks: fileinfo.gaps: true fileinfo.state: TRUNCATED fileinfo.size: 137708 - - filter: - requires: - lt-version: 6 - count: 1 - match: - event_type: fileinfo - fileinfo.filename: "/IEyF/EN3GUkgHakZ3iVe/YBqssWlF8iWaHTr/" - fileinfo.gaps: false - fileinfo.state: TRUNCATED - fileinfo.size: 1176 - filter: count: 1 match: diff --git a/tests/decode-erspan-typeI-03/README.md b/tests/decode-erspan-typeI-03/README.md deleted file mode 100644 index 18aaf211d..000000000 --- a/tests/decode-erspan-typeI-03/README.md +++ /dev/null @@ -1 +0,0 @@ -Ensure ERSPAN Type I packets are decoded when configured diff --git a/tests/decode-erspan-typeI-03/test.yaml b/tests/decode-erspan-typeI-03/test.yaml deleted file mode 100644 index 17aee506c..000000000 --- a/tests/decode-erspan-typeI-03/test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -pcap: ../decode-erspan-typeI-02/input.pcap - -requires: - - min-version: 5 - lt-version: 6 - - -args: - - --set decoder.erspan.typeI.enabled=false - -checks: - - - filter: - count: 0 - match: - event_type: flow - - - stats: - decoder.erspan: 0 diff --git a/tests/dhcp-eve-extended-pre-6/suricata.yaml b/tests/dhcp-eve-extended-pre-6/suricata.yaml deleted file mode 100644 index 7f2fafa63..000000000 --- a/tests/dhcp-eve-extended-pre-6/suricata.yaml +++ /dev/null @@ -1,11 +0,0 @@ -%YAML 1.1 ---- - -outputs: - - eve-log: - enabled: true - filename: eve.json - types: - - dhcp: - extended: true - - flow diff --git a/tests/dhcp-eve-extended-pre-6/test.yaml b/tests/dhcp-eve-extended-pre-6/test.yaml deleted file mode 100644 index 0220ccba3..000000000 --- a/tests/dhcp-eve-extended-pre-6/test.yaml +++ /dev/null @@ -1,74 +0,0 @@ -pcap: ../dhcp-eve-extended/input.pcap - -requires: - lt-version: 6.0.0 - features: - - HAVE_LIBJANSSON - - RUST - -checks: -- filter: - count: 1 - match: - dest_ip: 10.16.1.1 - dest_port: 67 - dhcp.assigned_ip: 0.0.0.0 - dhcp.client_id: 00:11:32:17:49:f0 - dhcp.client_ip: 10.16.1.4 - dhcp.client_mac: 00:11:32:17:49:f0 - dhcp.dhcp_type: request - dhcp.hostname: nas1\x00 - dhcp.id: 4016330564 - dhcp.params[0]: subnet_mask - dhcp.params[1]: router - dhcp.params[2]: domain - dhcp.params[3]: dns_server - dhcp.type: request - event_type: dhcp - pcap_cnt: 1 - proto: UDP - src_ip: 10.16.1.4 - src_port: 68 -- filter: - count: 1 - match: - dest_ip: 10.16.1.4 - dest_port: 68 - dhcp.assigned_ip: 10.16.1.4 - dhcp.client_ip: 10.16.1.4 - dhcp.client_mac: 00:11:32:17:49:f0 - dhcp.dhcp_type: ack - dhcp.dns_servers[0]: 10.16.1.1 - dhcp.hostname: nas1\x00 - dhcp.id: 4016330564 - dhcp.lease_time: 3600 - dhcp.next_server_ip: 10.16.1.1 - dhcp.rebinding_time: 3031 - dhcp.relay_ip: 0.0.0.0 - dhcp.renewal_time: 1681 - dhcp.routers[0]: 10.16.1.1 - dhcp.subnet_mask: 255.255.0.0 - dhcp.type: reply - event_type: dhcp - pcap_cnt: 2 - proto: UDP - src_ip: 10.16.1.1 - src_port: 67 -- filter: - count: 1 - match: - app_proto: dhcp - dest_ip: 10.16.1.1 - dest_port: 67 - event_type: flow - flow.age: 0 - flow.alerted: false - flow.bytes_toclient: 350 - flow.bytes_toserver: 342 - flow.pkts_toclient: 1 - flow.pkts_toserver: 1 - flow.reason: shutdown - flow.state: established - proto: UDP - src_ip: 10.16.1.4 - src_port: 68 diff --git a/tests/dns-json-log/expected/dns.json b/tests/dns-json-log/expected/dns.json deleted file mode 100644 index afec32e8f..000000000 --- a/tests/dns-json-log/expected/dns.json +++ /dev/null @@ -1,9 +0,0 @@ -{"timestamp":"2016-05-24T23:27:01.960780+0000","flow_id":15684738590988,"pcap_cnt":1,"event_type":"dns","src_ip":"10.16.1.11","src_port":53679,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39339,"rrname":"client-cf.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:02.333141+0000","flow_id":15684738590988,"pcap_cnt":2,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":53679,"proto":"UDP","dns":{"type":"answer","id":39339,"rcode":"NOERROR","rrname":"client-cf.dropbox.com","rrtype":"A","ttl":47,"rdata":"52.85.112.21"}} -{"timestamp":"2016-05-24T23:27:02.832606+0000","flow_id":542660046009438,"pcap_cnt":3,"event_type":"dns","src_ip":"10.16.1.11","src_port":49697,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3407,"rrname":"block.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:03.085375+0000","flow_id":1585332076629375,"pcap_cnt":4,"event_type":"dns","src_ip":"10.16.1.11","src_port":33458,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44779,"rrname":"codemonkey.net","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:03.213624+0000","flow_id":542660046009438,"pcap_cnt":5,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":49697,"proto":"UDP","dns":{"type":"answer","id":3407,"rcode":"NOERROR","rrname":"block.dropbox.com","rrtype":"CNAME","ttl":9,"rdata":"block.g1.dropbox.com"}} -{"timestamp":"2016-05-24T23:27:03.213624+0000","flow_id":542660046009438,"pcap_cnt":5,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":49697,"proto":"UDP","dns":{"type":"answer","id":3407,"rcode":"NOERROR","rrname":"block.g1.dropbox.com","rrtype":"A","ttl":8,"rdata":"45.58.70.33"}} -{"timestamp":"2016-05-24T23:27:03.493333+0000","flow_id":1585332076629375,"pcap_cnt":6,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":33458,"proto":"UDP","dns":{"type":"answer","id":44779,"rcode":"NOERROR","rrname":"codemonkey.net","rrtype":"A","ttl":435,"rdata":"104.131.202.103"}} -{"timestamp":"2016-05-24T23:27:04.653864+0000","flow_id":848126710184488,"pcap_cnt":7,"event_type":"dns","src_ip":"10.16.1.11","src_port":57634,"dest_ip":"10.16.1.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14681,"rrname":"client-cf.dropbox.com","rrtype":"A","tx_id":0}} -{"timestamp":"2016-05-24T23:27:04.654238+0000","flow_id":848126710184488,"pcap_cnt":8,"event_type":"dns","src_ip":"10.16.1.1","src_port":53,"dest_ip":"10.16.1.11","dest_port":57634,"proto":"UDP","dns":{"type":"answer","id":14681,"rcode":"NOERROR","rrname":"client-cf.dropbox.com","rrtype":"A","ttl":45,"rdata":"52.85.112.21"}} diff --git a/tests/dns-json-log/suricata.yaml b/tests/dns-json-log/suricata.yaml deleted file mode 100644 index 4daa2b75f..000000000 --- a/tests/dns-json-log/suricata.yaml +++ /dev/null @@ -1,8 +0,0 @@ -%YAML 1.1 ---- - -outputs: - - dns-json-log: - version: 1 - enabled: yes - filename: dns.json diff --git a/tests/dns-json-log/test.yaml b/tests/dns-json-log/test.yaml deleted file mode 100644 index 356210c9b..000000000 --- a/tests/dns-json-log/test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -pcap: ../dns-eve/input.pcap - -requires: - lt-version: 6 - features: - - HAVE_LIBJANSSON - -checks: - - filter: - count: 9 - filename: dns.json - match: - event_type: dns - - filter: - count: 4 - filename: dns.json - match: - event_type: dns - dns.type: query - - filter: - count: 5 - filename: dns.json - match: - event_type: dns - dns.type: response diff --git a/tests/filestore-v1-stream-depth/suricata.yaml b/tests/filestore-v1-stream-depth/suricata.yaml deleted file mode 100644 index 7e3cc1577..000000000 --- a/tests/filestore-v1-stream-depth/suricata.yaml +++ /dev/null @@ -1,23 +0,0 @@ -%YAML 1.1 ---- - -outputs: - - eve-log: - enabled: yes - types: - - files - - stats - - file-store: - version: 1 - enabled: yes - force-filestore: yes - stream-depth: 0 - -app-layer: - protocols: - http: - enabled: yes - libhtp: - default-config: - personality: IDS - response-body-limit: 100kb diff --git a/tests/filestore-v1-stream-depth/test.rules b/tests/filestore-v1-stream-depth/test.rules deleted file mode 100644 index 582397ffc..000000000 --- a/tests/filestore-v1-stream-depth/test.rules +++ /dev/null @@ -1 +0,0 @@ -alert http any any -> any any (filestore; sid:1; rev:1;) diff --git a/tests/filestore-v1-stream-depth/test.yaml b/tests/filestore-v1-stream-depth/test.yaml deleted file mode 100644 index 3fe361b0e..000000000 --- a/tests/filestore-v1-stream-depth/test.yaml +++ /dev/null @@ -1,19 +0,0 @@ -requires: - features: - - HAVE_LIBJANSSON - min-version: 5.0.0 - lt-version: 6 - -args: - - -k none - -pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap - -checks: - - - filter: - count: 1 - match: - event_type: fileinfo - fileinfo.state: "CLOSED" - fileinfo.stored: true diff --git a/tests/test-bad-byte-extract-rule-3/eve.json b/tests/test-bad-byte-extract-rule-3/eve.json deleted file mode 100644 index aa71d9143..000000000 --- a/tests/test-bad-byte-extract-rule-3/eve.json +++ /dev/null @@ -1,40 +0,0 @@ -{"timestamp":"2020-06-07T21:15:31.170962+0000","log_level":"Notice","event_type":"engine","engine":{"message":"This is Suricata version 4.1.0-dev (rev 32990c9ad)"}} -{"timestamp":"2020-06-07T21:15:31.171398+0000","log_level":"Info","event_type":"engine","engine":{"message":"CPUs\/cores online: 2"}} -{"timestamp":"2020-06-07T21:15:31.179917+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":307,"error":"SC_ERR_SMB_CONFIG","message":"no SMB TCP config found, enabling SMB detection on port 445."}} -{"timestamp":"2020-06-07T21:15:31.183113+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":240,"error":"SC_ERR_DNS_CONFIG","message":"no DNS UDP config found, enabling DNS detection on port 53."}} -{"timestamp":"2020-06-07T21:15:31.183282+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":240,"error":"SC_ERR_DNS_CONFIG","message":"no DNS TCP config found, enabling DNS detection on port 53."}} -{"timestamp":"2020-06-07T21:15:31.197576+0000","log_level":"Info","event_type":"engine","engine":{"message":"No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'"}} -{"timestamp":"2020-06-07T21:15:31.219781+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":261,"error":"SC_WARN_NO_STATS_LOGGERS","message":"stats are enabled but no loggers are active"}} -{"timestamp":"2020-06-07T21:15:31.220772+0000","log_level":"Info","event_type":"engine","engine":{"message":"Added \"42\" classification types from the classification file"}} -{"timestamp":"2020-06-07T21:15:31.220967+0000","log_level":"Info","event_type":"engine","engine":{"message":"Added \"19\" reference types from the reference.config file"}} -{"timestamp":"2020-06-07T21:15:31.221365+0000","log_level":"Error","event_type":"engine","engine":{"error_code":39,"error":"SC_ERR_INVALID_SIGNATURE","message":"unknown byte_extract var seen in depth - d\n"}} -{"timestamp":"2020-06-07T21:15:31.221461+0000","log_level":"Error","event_type":"engine","engine":{"error_code":39,"error":"SC_ERR_INVALID_SIGNATURE","message":"error parsing signature \"alert tcp any any -> any any (msg:\"Byte_Extract Example Using depth\"; content:\"Alice\"; depth:d; byte_extract:2,1,size; content:\"Bob\"; sid:1111;)\" from file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/test.rules at line 1"}} -{"timestamp":"2020-06-07T21:15:31.221578+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":43,"error":"SC_ERR_NO_RULES_LOADED","message":"1 rule files specified, but no rule was loaded at all!"}} -{"timestamp":"2020-06-07T21:15:31.221749+0000","log_level":"Info","event_type":"engine","engine":{"message":"Threshold config parsed: 0 rule(s) found"}} -{"timestamp":"2020-06-07T21:15:31.222071+0000","log_level":"Info","event_type":"engine","engine":{"message":"0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only"}} -{"timestamp":"2020-06-07T21:15:31.227159+0000","log_level":"Info","event_type":"engine","engine":{"message":"Checking file or directory \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/"}} -{"timestamp":"2020-06-07T21:15:31.227479+0000","log_level":"Info","event_type":"engine","engine":{"message":"Argument \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/ was a directory"}} -{"timestamp":"2020-06-07T21:15:31.253874+0000","log_level":"Notice","event_type":"engine","engine":{"message":"all 3 packet processing threads, 2 management threads initialized, engine started."}} -{"timestamp":"2020-06-07T21:15:31.254027+0000","log_level":"Info","event_type":"engine","engine":{"message":"Starting directory run for \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/"}} -{"timestamp":"2020-06-07T21:15:31.254116+0000","log_level":"Info","event_type":"engine","engine":{"message":"Processing pcaps directory \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/, files must be newer than 0 and older than 18446744073709550616"}} -{"timestamp":"2020-06-07T21:15:31.254266+0000","log_level":"Info","event_type":"engine","engine":{"message":"Found \"\/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/eve.json\" at 1591564531251"}} -{"timestamp":"2020-06-07T21:15:31.254327+0000","log_level":"Info","event_type":"engine","engine":{"message":"Found \"\/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/test.yaml\" at 1591564527947"}} -{"timestamp":"2020-06-07T21:15:31.254369+0000","log_level":"Info","event_type":"engine","engine":{"message":"Found \"\/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/.test.yaml.swp\" at 1591564527951"}} -{"timestamp":"2020-06-07T21:15:31.254426+0000","log_level":"Info","event_type":"engine","engine":{"message":"Found \"\/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/suricata.yaml\" at 1562592701002"}} -{"timestamp":"2020-06-07T21:15:31.254468+0000","log_level":"Info","event_type":"engine","engine":{"message":"Found \"\/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/test.rules\" at 1562592701002"}} -{"timestamp":"2020-06-07T21:15:31.254636+0000","log_level":"Error","event_type":"engine","engine":{"error_code":44,"error":"SC_ERR_FOPEN","message":"unknown file format"}} -{"timestamp":"2020-06-07T21:15:31.254687+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":20,"error":"SC_ERR_PCAP_DISPATCH","message":"Failed to init pcap file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/suricata.yaml, skipping"}} -{"timestamp":"2020-06-07T21:15:31.254779+0000","log_level":"Error","event_type":"engine","engine":{"error_code":44,"error":"SC_ERR_FOPEN","message":"unknown file format"}} -{"timestamp":"2020-06-07T21:15:31.254807+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":20,"error":"SC_ERR_PCAP_DISPATCH","message":"Failed to init pcap file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/test.rules, skipping"}} -{"timestamp":"2020-06-07T21:15:31.254869+0000","log_level":"Error","event_type":"engine","engine":{"error_code":44,"error":"SC_ERR_FOPEN","message":"unknown file format"}} -{"timestamp":"2020-06-07T21:15:31.254896+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":20,"error":"SC_ERR_PCAP_DISPATCH","message":"Failed to init pcap file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/test.yaml, skipping"}} -{"timestamp":"2020-06-07T21:15:31.254956+0000","log_level":"Error","event_type":"engine","engine":{"error_code":44,"error":"SC_ERR_FOPEN","message":"unknown file format"}} -{"timestamp":"2020-06-07T21:15:31.254984+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":20,"error":"SC_ERR_PCAP_DISPATCH","message":"Failed to init pcap file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/.test.yaml.swp, skipping"}} -{"timestamp":"2020-06-07T21:15:31.255056+0000","log_level":"Error","event_type":"engine","engine":{"error_code":44,"error":"SC_ERR_FOPEN","message":"unknown file format"}} -{"timestamp":"2020-06-07T21:15:31.255096+0000","log_level":"Warning","event_type":"engine","engine":{"error_code":20,"error":"SC_ERR_PCAP_DISPATCH","message":"Failed to init pcap file \/home\/jlucovsky\/src\/jal\/suricata-verify\/tests\/test-bad-byte-extract-rule-3\/\/eve.json, skipping"}} -{"timestamp":"2020-06-07T21:15:31.255127+0000","log_level":"Info","event_type":"engine","engine":{"message":"Directory run mode complete"}} -{"timestamp":"2020-06-07T21:15:31.264063+0000","log_level":"Notice","event_type":"engine","engine":{"message":"Signal Received. Stopping engine."}} -{"timestamp":"2020-06-07T21:15:31.279036+0000","log_level":"Info","event_type":"engine","engine":{"message":"time elapsed 0.056s"}} -{"timestamp":"2020-06-07T21:15:31.286147+0000","log_level":"Notice","event_type":"engine","engine":{"message":"Pcap-file module read 0 files, 0 packets, 0 bytes"}} -{"timestamp":"2020-06-07T21:15:31.288407+0000","log_level":"Info","event_type":"engine","engine":{"message":"Alerts: 0"}} -{"timestamp":"2020-06-07T21:15:31.302139+0000","log_level":"Info","event_type":"engine","engine":{"message":"cleaning up signature grouping structure... complete"}} diff --git a/tests/test-bad-byte-extract-rule-3/suricata.yaml b/tests/test-bad-byte-extract-rule-3/suricata.yaml deleted file mode 100644 index dcaae57fe..000000000 --- a/tests/test-bad-byte-extract-rule-3/suricata.yaml +++ /dev/null @@ -1,10 +0,0 @@ -%YAML 1.1 ---- - -logging: - default-log-level: info - outputs: - - file: - enabled: yes - filename: eve.json - type: json diff --git a/tests/test-bad-byte-extract-rule-3/test.rules b/tests/test-bad-byte-extract-rule-3/test.rules deleted file mode 100644 index ede658126..000000000 --- a/tests/test-bad-byte-extract-rule-3/test.rules +++ /dev/null @@ -1 +0,0 @@ -alert tcp any any -> any any (msg:"Byte_Extract Example Using depth"; content:"Alice"; depth:d; byte_extract:2,1,size; content:"Bob"; sid:1111;) diff --git a/tests/test-bad-byte-extract-rule-3/test.yaml b/tests/test-bad-byte-extract-rule-3/test.yaml deleted file mode 100644 index b432da4c4..000000000 --- a/tests/test-bad-byte-extract-rule-3/test.yaml +++ /dev/null @@ -1,24 +0,0 @@ -requires: - version: 5 - lt-version: 6 - - features: - - HAVE_LIBJANSSON - -command: | - ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules - -checks: - # check that we have the following entries in eve.json - # match 1 specific rule load failure reason - - filter: - count: 1 - match: - event_type: engine - engine.message: "unknown byte_extract var seen in depth - d." - - - filter: - count: 1 - match: - event_type: engine - engine.error: "SC_ERR_NO_RULES_LOADED"