From c05f82dd6b0d4b7d3db397de266e8f1c4cc41c94 Mon Sep 17 00:00:00 2001
From: Giuseppe Longo <giuseppe@glongo.it>
Date: Thu, 13 Apr 2023 18:59:03 +0200
Subject: [PATCH] sip: add tests for sip over tcp

---
 tests/sip-tcp-body-frames/README.md    |   1 +
 tests/sip-tcp-body-frames/test.rules   |  11 ++
 tests/sip-tcp-body-frames/test.yaml    |  47 +++++++++
 tests/sip-tcp-method/README.md         |   1 +
 tests/sip-tcp-method/sip-tcp.pcap      | Bin 0 -> 2018 bytes
 tests/sip-tcp-method/sip_client.c      | 137 ++++++++++++++++++++++++
 tests/sip-tcp-method/sip_server.c      | 140 +++++++++++++++++++++++++
 tests/sip-tcp-method/test.rules        |   1 +
 tests/sip-tcp-method/test.yaml         |  16 +++
 tests/sip-tcp-protocol/README.md       |   1 +
 tests/sip-tcp-protocol/test.rules      |   2 +
 tests/sip-tcp-protocol/test.yaml       |  26 +++++
 tests/sip-tcp-request-line/README.md   |   1 +
 tests/sip-tcp-request-line/test.rules  |   1 +
 tests/sip-tcp-request-line/test.yaml   |  16 +++
 tests/sip-tcp-response-line/README.md  |   1 +
 tests/sip-tcp-response-line/test.rules |   1 +
 tests/sip-tcp-response-line/test.yaml  |  16 +++
 tests/sip-tcp-stat-code/README.md      |   1 +
 tests/sip-tcp-stat-code/test.rules     |   1 +
 tests/sip-tcp-stat-code/test.yaml      |  16 +++
 tests/sip-tcp-stat-msg/README.md       |   1 +
 tests/sip-tcp-stat-msg/test.rules      |   1 +
 tests/sip-tcp-stat-msg/test.yaml       |  16 +++
 tests/sip-tcp-uri/README.md            |   1 +
 tests/sip-tcp-uri/test.rules           |   1 +
 tests/sip-tcp-uri/test.yaml            |  16 +++
 27 files changed, 473 insertions(+)
 create mode 100644 tests/sip-tcp-body-frames/README.md
 create mode 100644 tests/sip-tcp-body-frames/test.rules
 create mode 100644 tests/sip-tcp-body-frames/test.yaml
 create mode 100644 tests/sip-tcp-method/README.md
 create mode 100755 tests/sip-tcp-method/sip-tcp.pcap
 create mode 100644 tests/sip-tcp-method/sip_client.c
 create mode 100644 tests/sip-tcp-method/sip_server.c
 create mode 100644 tests/sip-tcp-method/test.rules
 create mode 100644 tests/sip-tcp-method/test.yaml
 create mode 100644 tests/sip-tcp-protocol/README.md
 create mode 100644 tests/sip-tcp-protocol/test.rules
 create mode 100644 tests/sip-tcp-protocol/test.yaml
 create mode 100644 tests/sip-tcp-request-line/README.md
 create mode 100644 tests/sip-tcp-request-line/test.rules
 create mode 100755 tests/sip-tcp-request-line/test.yaml
 create mode 100644 tests/sip-tcp-response-line/README.md
 create mode 100644 tests/sip-tcp-response-line/test.rules
 create mode 100755 tests/sip-tcp-response-line/test.yaml
 create mode 100644 tests/sip-tcp-stat-code/README.md
 create mode 100644 tests/sip-tcp-stat-code/test.rules
 create mode 100644 tests/sip-tcp-stat-code/test.yaml
 create mode 100644 tests/sip-tcp-stat-msg/README.md
 create mode 100644 tests/sip-tcp-stat-msg/test.rules
 create mode 100644 tests/sip-tcp-stat-msg/test.yaml
 create mode 100644 tests/sip-tcp-uri/README.md
 create mode 100644 tests/sip-tcp-uri/test.rules
 create mode 100755 tests/sip-tcp-uri/test.yaml

diff --git a/tests/sip-tcp-body-frames/README.md b/tests/sip-tcp-body-frames/README.md
new file mode 100644
index 000000000..21918c677
--- /dev/null
+++ b/tests/sip-tcp-body-frames/README.md
@@ -0,0 +1 @@
+Match on SIP frames.
diff --git a/tests/sip-tcp-body-frames/test.rules b/tests/sip-tcp-body-frames/test.rules
new file mode 100644
index 000000000..2767052c1
--- /dev/null
+++ b/tests/sip-tcp-body-frames/test.rules
@@ -0,0 +1,11 @@
+alert sip any any -> any any (flow:to_server; frame:pdu; content:"REGISTER"; startswith; sid:2;)
+alert sip any any -> any any (flow:to_client; frame:pdu; content:"SIP/2.0 200 OK|0D 0A|"; startswith; sid:11;)
+
+alert sip any any -> any any (flow:to_server; frame:request.line; content:"REGISTER"; startswith; sid:21;)
+alert sip any any -> any any (flow:to_server; frame:request.line; content:"SIP/2.0|0D 0A|"; endswith; sid:22;)
+
+alert sip any any -> any any (flow:to_server; frame:request.headers; content:"Via:"; startswith; sid:31;)
+alert sip any any -> any any (flow:to_server; frame:request.headers; content:"Via:"; startswith; content:"0|0d 0a|"; endswith; sid:32;)
+
+alert sip any any -> any any (flow:to_client; frame:response.headers; content:"Via:"; startswith; sid:41;)
+alert sip any any -> any any (flow:to_client; frame:response.headers; content:"Via:"; startswith; content:"Content-Length: 0|0d 0a|"; endswith; sid:42;)
diff --git a/tests/sip-tcp-body-frames/test.yaml b/tests/sip-tcp-body-frames/test.yaml
new file mode 100644
index 000000000..9b9df1ea7
--- /dev/null
+++ b/tests/sip-tcp-body-frames/test.yaml
@@ -0,0 +1,47 @@
+requires:
+  min-version: 7
+
+args:
+  - -k none
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: sip
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 22
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 31
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 32
+        frame.type: "request.headers"
+        frame.complete: true
+        frame.length: 532
+        frame.direction: toserver
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 41
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 42
diff --git a/tests/sip-tcp-method/README.md b/tests/sip-tcp-method/README.md
new file mode 100644
index 000000000..83094d8f3
--- /dev/null
+++ b/tests/sip-tcp-method/README.md
@@ -0,0 +1 @@
+Match on SIP over TCP method field.
diff --git a/tests/sip-tcp-method/sip-tcp.pcap b/tests/sip-tcp-method/sip-tcp.pcap
new file mode 100755
index 0000000000000000000000000000000000000000..4820afad5fdcd9d53930cc494c7a15ee68b3ed6b
GIT binary patch
literal 2018
zcmc(g-)q}e6vwaC(6uHeO}mG_?d~mQk|N2nEXnbR?a9GQ8@rKRNMD95T_sxNACtAj
z9h7$a2gV-uyzX(Ydl;iMFqXg`#>f^1eJhkeVU)4wwP~_*<%l}LH54{>;ed62e9pP&
ze2?$%+uwf8pb7MHOrQjOJlcC^Nxz;)@566u!{Zz>5SrWldmhc7^?$g7P=eYM=F-mo
z^!*>{&U?(!!$ScfX5#4K1amI=DEszxI-fXm<_$`|K9-CSCC}ZD$(MGXFkbDCKG3)C
zT|D~vG?~(4atp{s@I-BRL@~>|&!U)ripj?@Zv*|--3tsloPih<gLo;G#`+Bq_aG(I
zh6g1kc6Ogr;<_@Dc$q;*-=8Ed8w(Y)ZY<-T*VRQ$;zdQ}<uoq}LM{xfcCXtB!hF3{
z!)B#6EAc`qdBd~x_-mG~3?I{FHJw#*O*m?=<v-EZ7Ubq4myu*i&2l2gagOcE#Bp59
z)m%|ZYq@}WNF}dXeXiUIHm$(v={O61N}YCS*`bc-Xl$CARWkDY2w#EM?uFov<eNky
zwx&9QE2l|Tu!n9C+TC|k$$ID2w9^-c?d71;dW{3Q&|1xFO-&P(tPAm5zRy+O)3I7@
zg)5DQYB;{-HrC`-`9rU;$@8$qBp>Nm#Bmi;Nm}9W#%gA2o>rLqEUxge8gK1SKQQlJ
zNW2)OnO}hT9K=Fxctk4vbN3)p;bcr4sPKUqsSq@C`1qt|jDFV(2vkWCpiBkd?`-P0
zvUH<TH&|RKEwZ>&SSlG;SzKI!nWbvIQeI)<l4WC=#n%keEG)o$wN|fGmrNFpma8l_
z8%49UTqzo<WTQs{uCPklQ2d)6uS)_PY=ATcKFv$V9ywzJ)**;4ghHVDEMD)nd=`h6
zzdjHTtaDdMdo^6sF$6kD?qB1RTZoeTX`G6e$=#ZS<Q|Ml?&rUqM;wD9JDptSt*Ig<
zzVqcs;^o8vdh=v*kJ}7Of`F@w|4p~$<utT;E+97XHi(lSZmQR8l7Z$OM-g3D5s4~D
zj!L8^aWk$cE0Rduv@P)&TWtO>?ewqzhvdjW{P{@xCJ8o3pyPF`WqH2W!7~{ibc$#C
zs`7y%&-z~b<NlQ^W90Z1h-b|E@FMEWomf1B&fJ>xYEPY4_4?VpvBblOxIL0MJ^ID@
f;&yUOj8mnkW$whpLCZXK_NTW}r&{JVeZ&3%@faB0

literal 0
HcmV?d00001

diff --git a/tests/sip-tcp-method/sip_client.c b/tests/sip-tcp-method/sip_client.c
new file mode 100644
index 000000000..7ff4dd441
--- /dev/null
+++ b/tests/sip-tcp-method/sip_client.c
@@ -0,0 +1,137 @@
+#include <arpa/inet.h> // inet_addr()
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h> // bzero()
+#include <sys/socket.h>
+#include <unistd.h> // read(), write(), close()
+#define MAX 1024
+#define PORT 5060
+#define SA struct sockaddr
+
+void func(int sockfd)
+{
+	char msg1[] = {
+		0x52, 0x45, 0x47, 0x49, 0x53, 0x54, 0x45, 0x52,
+		0x20, 0x73, 0x69, 0x70, 0x3a, 0x31, 0x39, 0x32,
+		0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34, 0x33, 0x2e,
+		0x31, 0x30, 0x30, 0x3b, 0x74, 0x72, 0x61, 0x6e,
+		0x73, 0x70, 0x6f, 0x72, 0x74, 0x3d, 0x54, 0x43,
+		0x50, 0x20, 0x53, 0x49, 0x50, 0x2f, 0x32, 0x2e,
+		0x30, 0x0d, 0x0a, 0x56, 0x69, 0x61, 0x3a, 0x20,
+		0x53, 0x49, 0x50, 0x2f, 0x32, 0x2e, 0x30, 0x2f,
+		0x54, 0x43, 0x50, 0x20, 0x31, 0x39, 0x32, 0x2e,
+		0x31, 0x36, 0x38, 0x2e, 0x34, 0x33, 0x2e, 0x31,
+		0x3a, 0x34, 0x38, 0x33, 0x37, 0x36, 0x3b, 0x62,
+		0x72, 0x61, 0x6e, 0x63, 0x68, 0x3d, 0x7a, 0x39,
+		0x68, 0x47, 0x34, 0x62, 0x4b, 0x2d, 0x35, 0x32,
+		0x34, 0x32, 0x38, 0x37, 0x2d, 0x31, 0x2d, 0x2d,
+		0x2d, 0x64, 0x63, 0x66, 0x34, 0x65, 0x64, 0x64,
+		0x66, 0x61, 0x66, 0x39, 0x66, 0x31, 0x32, 0x33,
+		0x39, 0x3b, 0x72, 0x70, 0x6f, 0x72, 0x74, 0x0d,
+		0x0a, 0x4d, 0x61, 0x78, 0x2d, 0x46, 0x6f, 0x72,
+		0x77, 0x61, 0x72, 0x64, 0x73, 0x3a, 0x20, 0x37,
+		0x30, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x61,
+		0x63, 0x74, 0x3a, 0x20, 0x3c, 0x73, 0x69, 0x70,
+		0x3a, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x40,
+		0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e,
+		0x34, 0x33, 0x2e, 0x31, 0x3a, 0x34, 0x38, 0x33,
+		0x37, 0x36, 0x3b, 0x72, 0x69, 0x6e, 0x73, 0x74,
+		0x61, 0x6e, 0x63, 0x65, 0x3d, 0x62, 0x65, 0x32,
+		0x65, 0x63, 0x39, 0x38, 0x64, 0x30, 0x66, 0x34,
+		0x33, 0x65, 0x37, 0x30, 0x63, 0x3b, 0x74, 0x72,
+		0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x3d,
+		0x74, 0x63, 0x70, 0x3e, 0x0d, 0x0a, 0x54, 0x6f,
+		0x3a, 0x20, 0x3c, 0x73, 0x69, 0x70, 0x3a, 0x39,
+		0x38, 0x37, 0x36, 0x35, 0x34, 0x40, 0x31, 0x39,
+		0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34, 0x33,
+		0x2e, 0x31, 0x30, 0x30, 0x3b, 0x74, 0x72, 0x61,
+		0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x3d, 0x54,
+		0x43, 0x50, 0x3e, 0x0d, 0x0a, 0x46, 0x72, 0x6f,
+		0x6d, 0x3a, 0x20, 0x3c, 0x73, 0x69, 0x70, 0x3a,
+		0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x40, 0x31,
+		0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34,
+		0x33, 0x2e, 0x31, 0x30, 0x30, 0x3b, 0x74, 0x72,
+		0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x3d,
+		0x54, 0x43, 0x50, 0x3e, 0x3b, 0x74, 0x61, 0x67,
+		0x3d, 0x39, 0x62, 0x39, 0x39, 0x31, 0x36, 0x37,
+		0x66, 0x0d, 0x0a, 0x43, 0x61, 0x6c, 0x6c, 0x2d,
+		0x49, 0x44, 0x3a, 0x20, 0x38, 0x4f, 0x6d, 0x74,
+		0x59, 0x55, 0x55, 0x38, 0x45, 0x64, 0x6c, 0x61,
+		0x66, 0x55, 0x68, 0x34, 0x67, 0x34, 0x6a, 0x69,
+		0x41, 0x77, 0x2e, 0x2e, 0x0d, 0x0a, 0x43, 0x53,
+		0x65, 0x71, 0x3a, 0x20, 0x31, 0x20, 0x52, 0x45,
+		0x47, 0x49, 0x53, 0x54, 0x45, 0x52, 0x0d, 0x0a
+	};
+
+	char msg2[] = {
+		0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x3a,
+		0x20, 0x36, 0x30, 0x30, 0x0d, 0x0a, 0x41, 0x6c,
+		0x6c, 0x6f, 0x77, 0x3a, 0x20, 0x49, 0x4e, 0x56,
+		0x49, 0x54, 0x45, 0x2c, 0x20, 0x41, 0x43, 0x4b,
+		0x2c, 0x20, 0x43, 0x41, 0x4e, 0x43, 0x45, 0x4c,
+		0x2c, 0x20, 0x42, 0x59, 0x45, 0x2c, 0x20, 0x4e,
+		0x4f, 0x54, 0x49, 0x46, 0x59, 0x2c, 0x20, 0x52,
+		0x45, 0x46, 0x45, 0x52, 0x2c, 0x20, 0x4d, 0x45,
+		0x53, 0x53, 0x41, 0x47, 0x45, 0x2c, 0x20, 0x4f,
+		0x50, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x2c, 0x20,
+		0x49, 0x4e, 0x46, 0x4f, 0x2c, 0x20, 0x53, 0x55,
+		0x42, 0x53, 0x43, 0x52, 0x49, 0x42, 0x45, 0x0d,
+		0x0a, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67,
+		0x65, 0x6e, 0x74, 0x3a, 0x20, 0x5a, 0x6f, 0x69,
+		0x70, 0x65, 0x72, 0x20, 0x72, 0x76, 0x32, 0x2e,
+		0x31, 0x30, 0x2e, 0x33, 0x2e, 0x32, 0x0d, 0x0a,
+		0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x2d, 0x45, 0x76,
+		0x65, 0x6e, 0x74, 0x73, 0x3a, 0x20, 0x70, 0x72,
+		0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x2c, 0x20,
+		0x6b, 0x70, 0x6d, 0x6c, 0x2c, 0x20, 0x74, 0x61,
+		0x6c, 0x6b, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74,
+		0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67,
+		0x74, 0x68, 0x3a, 0x20, 0x30, 0x0d, 0x0a, 0x0d,
+		0x0a
+	};
+
+	char buff[MAX];
+
+    write(sockfd, msg1, sizeof(msg1));
+    write(sockfd, msg2, sizeof(msg2));
+    bzero(buff, sizeof(buff));
+    read(sockfd, buff, sizeof(buff));
+
+}
+
+int main()
+{
+	int sockfd, connfd;
+	struct sockaddr_in servaddr, cli;
+
+	// socket create and verification
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd == -1) {
+		printf("socket creation failed...\n");
+		exit(0);
+	}
+	else
+		printf("Socket successfully created..\n");
+	bzero(&servaddr, sizeof(servaddr));
+
+	// assign IP, PORT
+	servaddr.sin_family = AF_INET;
+	servaddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	servaddr.sin_port = htons(PORT);
+
+	// connect the client socket to server socket
+	if (connect(sockfd, (SA*)&servaddr, sizeof(servaddr))
+		!= 0) {
+		printf("connection with the server failed...\n");
+		exit(0);
+	}
+	else
+		printf("connected to the server..\n");
+
+	func(sockfd);
+
+	close(sockfd);
+}
+
diff --git a/tests/sip-tcp-method/sip_server.c b/tests/sip-tcp-method/sip_server.c
new file mode 100644
index 000000000..f8bd4f57a
--- /dev/null
+++ b/tests/sip-tcp-method/sip_server.c
@@ -0,0 +1,140 @@
+#include <stdio.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h> // read(), write(), close()
+#define MAX 1024
+#define PORT 5060
+#define SA struct sockaddr
+
+void func(int connfd)
+{
+	char msg[] = {
+		0x53, 0x49, 0x50, 0x2f, 0x32, 0x2e, 0x30, 0x20,
+		0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d, 0x0a,
+		0x56, 0x69, 0x61, 0x3a, 0x20, 0x53, 0x49, 0x50,
+		0x2f, 0x32, 0x2e, 0x30, 0x2f, 0x54, 0x43, 0x50,
+		0x20, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38,
+		0x2e, 0x34, 0x33, 0x2e, 0x31, 0x3a, 0x34, 0x38,
+		0x33, 0x37, 0x36, 0x3b, 0x62, 0x72, 0x61, 0x6e,
+		0x63, 0x68, 0x3d, 0x7a, 0x39, 0x68, 0x47, 0x34,
+		0x62, 0x4b, 0x2d, 0x35, 0x32, 0x34, 0x32, 0x38,
+		0x37, 0x2d, 0x31, 0x2d, 0x2d, 0x2d, 0x64, 0x63,
+		0x66, 0x34, 0x65, 0x64, 0x64, 0x66, 0x61, 0x66,
+		0x39, 0x66, 0x31, 0x32, 0x33, 0x39, 0x3b, 0x72,
+		0x70, 0x6f, 0x72, 0x74, 0x3d, 0x34, 0x33, 0x31,
+		0x36, 0x38, 0x3b, 0x72, 0x65, 0x63, 0x65, 0x69,
+		0x76, 0x65, 0x64, 0x3d, 0x31, 0x39, 0x32, 0x2e,
+		0x31, 0x36, 0x38, 0x2e, 0x34, 0x33, 0x2e, 0x31,
+		0x0d, 0x0a, 0x54, 0x6f, 0x3a, 0x20, 0x3c, 0x73,
+		0x69, 0x70, 0x3a, 0x39, 0x38, 0x37, 0x36, 0x35,
+		0x34, 0x40, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36,
+		0x38, 0x2e, 0x34, 0x33, 0x2e, 0x31, 0x30, 0x30,
+		0x3b, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+		0x72, 0x74, 0x3d, 0x54, 0x43, 0x50, 0x3e, 0x3b,
+		0x74, 0x61, 0x67, 0x3d, 0x39, 0x64, 0x64, 0x36,
+		0x31, 0x66, 0x66, 0x36, 0x31, 0x65, 0x38, 0x30,
+		0x32, 0x64, 0x38, 0x65, 0x32, 0x62, 0x65, 0x66,
+		0x35, 0x66, 0x31, 0x34, 0x36, 0x32, 0x31, 0x65,
+		0x66, 0x33, 0x63, 0x32, 0x2e, 0x35, 0x63, 0x31,
+		0x62, 0x0d, 0x0a, 0x46, 0x72, 0x6f, 0x6d, 0x3a,
+		0x20, 0x3c, 0x73, 0x69, 0x70, 0x3a, 0x39, 0x38,
+		0x37, 0x36, 0x35, 0x34, 0x40, 0x31, 0x39, 0x32,
+		0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34, 0x33, 0x2e,
+		0x31, 0x30, 0x30, 0x3b, 0x74, 0x72, 0x61, 0x6e,
+		0x73, 0x70, 0x6f, 0x72, 0x74, 0x3d, 0x54, 0x43,
+		0x50, 0x3e, 0x3b, 0x74, 0x61, 0x67, 0x3d, 0x39,
+		0x62, 0x39, 0x39, 0x31, 0x36, 0x37, 0x66, 0x0d,
+		0x0a, 0x43, 0x61, 0x6c, 0x6c, 0x2d, 0x49, 0x44,
+		0x3a, 0x20, 0x38, 0x4f, 0x6d, 0x74, 0x59, 0x55,
+		0x55, 0x38, 0x45, 0x64, 0x6c, 0x61, 0x66, 0x55,
+		0x68, 0x34, 0x67, 0x34, 0x6a, 0x69, 0x41, 0x77,
+		0x2e, 0x2e, 0x0d, 0x0a, 0x43, 0x53, 0x65, 0x71,
+		0x3a, 0x20, 0x31, 0x20, 0x52, 0x45, 0x47, 0x49,
+		0x53, 0x54, 0x45, 0x52, 0x0d, 0x0a, 0x43, 0x6f,
+		0x6e, 0x74, 0x61, 0x63, 0x74, 0x3a, 0x20, 0x3c,
+		0x73, 0x69, 0x70, 0x3a, 0x39, 0x38, 0x37, 0x36,
+		0x35, 0x34, 0x40, 0x31, 0x39, 0x32, 0x2e, 0x31,
+		0x36, 0x38, 0x2e, 0x34, 0x33, 0x2e, 0x31, 0x3a,
+		0x34, 0x38, 0x33, 0x37, 0x36, 0x3b, 0x72, 0x69,
+		0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x3d,
+		0x62, 0x65, 0x32, 0x65, 0x63, 0x39, 0x38, 0x64,
+		0x30, 0x66, 0x34, 0x33, 0x65, 0x37, 0x30, 0x63,
+		0x3b, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+		0x72, 0x74, 0x3d, 0x74, 0x63, 0x70, 0x3e, 0x3b,
+		0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x3d,
+		0x36, 0x30, 0x30, 0x0d, 0x0a, 0x53, 0x65, 0x72,
+		0x76, 0x65, 0x72, 0x3a, 0x20, 0x6b, 0x61, 0x6d,
+		0x61, 0x69, 0x6c, 0x69, 0x6f, 0x20, 0x28, 0x35,
+		0x2e, 0x32, 0x2e, 0x31, 0x20, 0x28, 0x78, 0x38,
+		0x36, 0x5f, 0x36, 0x34, 0x2f, 0x6c, 0x69, 0x6e,
+		0x75, 0x78, 0x29, 0x29, 0x0d, 0x0a, 0x43, 0x6f,
+		0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65,
+		0x6e, 0x67, 0x74, 0x68, 0x3a, 0x20, 0x30, 0x0d,
+		0x0a, 0x0d, 0x0a
+	};
+
+	char buff[MAX];
+
+	bzero(buff, sizeof(buff));
+	read(connfd, buff, sizeof(buff));
+	read(connfd, buff, sizeof(buff));
+	write(connfd, msg, sizeof(msg));
+}
+
+int main()
+{
+	int sockfd, connfd, len;
+	struct sockaddr_in servaddr, cli;
+
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd == -1) {
+		printf("socket creation failed...\n");
+		exit(0);
+	}
+	else
+		printf("Socket successfully created..\n");
+	bzero(&servaddr, sizeof(servaddr));
+
+	// assign IP, PORT
+	servaddr.sin_family = AF_INET;
+	servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
+	servaddr.sin_port = htons(PORT);
+
+	// Binding newly created socket to given IP and verification
+	if ((bind(sockfd, (SA*)&servaddr, sizeof(servaddr))) != 0) {
+		printf("socket bind failed...\n");
+		exit(0);
+	}
+	else
+		printf("Socket successfully binded..\n");
+
+	// Now server is ready to listen and verification
+	if ((listen(sockfd, 5)) != 0) {
+		printf("Listen failed...\n");
+		exit(0);
+	}
+	else
+		printf("Server listening..\n");
+	len = sizeof(cli);
+
+	// Accept the data packet from client and verification
+	connfd = accept(sockfd, (SA*)&cli, &len);
+	if (connfd < 0) {
+		printf("server accept failed...\n");
+		exit(0);
+	}
+	else
+		printf("server accept the client...\n");
+
+	// Function for chatting between client and server
+	//func(connfd);
+	func(connfd);
+
+	// After chatting close the socket
+	close(sockfd);
+}
+
diff --git a/tests/sip-tcp-method/test.rules b/tests/sip-tcp-method/test.rules
new file mode 100644
index 000000000..1fd849f78
--- /dev/null
+++ b/tests/sip-tcp-method/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_server; sip.method; content:"REGISTER"; sid:1;)
diff --git a/tests/sip-tcp-method/test.yaml b/tests/sip-tcp-method/test.yaml
new file mode 100644
index 000000000..4602feb0a
--- /dev/null
+++ b/tests/sip-tcp-method/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/sip-tcp-protocol/README.md b/tests/sip-tcp-protocol/README.md
new file mode 100644
index 000000000..2d175aa3e
--- /dev/null
+++ b/tests/sip-tcp-protocol/README.md
@@ -0,0 +1 @@
+Match on SIP version field.
diff --git a/tests/sip-tcp-protocol/test.rules b/tests/sip-tcp-protocol/test.rules
new file mode 100644
index 000000000..b68e37811
--- /dev/null
+++ b/tests/sip-tcp-protocol/test.rules
@@ -0,0 +1,2 @@
+alert sip any any -> any any (flow:to_server; sip.protocol; content:"SIP/2.0"; sid:1;)
+alert sip any any -> any any (flow:to_client; sip.protocol; content:"SIP/2.0"; sid:2;)
diff --git a/tests/sip-tcp-protocol/test.yaml b/tests/sip-tcp-protocol/test.yaml
new file mode 100644
index 000000000..3da57aa54
--- /dev/null
+++ b/tests/sip-tcp-protocol/test.yaml
@@ -0,0 +1,26 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
diff --git a/tests/sip-tcp-request-line/README.md b/tests/sip-tcp-request-line/README.md
new file mode 100644
index 000000000..7881b9897
--- /dev/null
+++ b/tests/sip-tcp-request-line/README.md
@@ -0,0 +1 @@
+Match on the whole SIP request line.
diff --git a/tests/sip-tcp-request-line/test.rules b/tests/sip-tcp-request-line/test.rules
new file mode 100644
index 000000000..812e51ab7
--- /dev/null
+++ b/tests/sip-tcp-request-line/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_server; sip.request_line; content:"REGISTER sip:192.168.43.100\;transport=TCP SIP/2.0"; sid:1;)
diff --git a/tests/sip-tcp-request-line/test.yaml b/tests/sip-tcp-request-line/test.yaml
new file mode 100755
index 000000000..97e51fb2b
--- /dev/null
+++ b/tests/sip-tcp-request-line/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/sip-tcp-response-line/README.md b/tests/sip-tcp-response-line/README.md
new file mode 100644
index 000000000..136ca58ae
--- /dev/null
+++ b/tests/sip-tcp-response-line/README.md
@@ -0,0 +1 @@
+Match on the whole SIP response line.
diff --git a/tests/sip-tcp-response-line/test.rules b/tests/sip-tcp-response-line/test.rules
new file mode 100644
index 000000000..01dfd77ad
--- /dev/null
+++ b/tests/sip-tcp-response-line/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_client; sip.response_line; content:"SIP/2.0 200 OK"; sid:1;)
diff --git a/tests/sip-tcp-response-line/test.yaml b/tests/sip-tcp-response-line/test.yaml
new file mode 100755
index 000000000..97e51fb2b
--- /dev/null
+++ b/tests/sip-tcp-response-line/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/sip-tcp-stat-code/README.md b/tests/sip-tcp-stat-code/README.md
new file mode 100644
index 000000000..e96cf40e9
--- /dev/null
+++ b/tests/sip-tcp-stat-code/README.md
@@ -0,0 +1 @@
+Match on SIP stat code field.
diff --git a/tests/sip-tcp-stat-code/test.rules b/tests/sip-tcp-stat-code/test.rules
new file mode 100644
index 000000000..099c902e4
--- /dev/null
+++ b/tests/sip-tcp-stat-code/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_client; sip.stat_code; content:"200"; sid:1;)
diff --git a/tests/sip-tcp-stat-code/test.yaml b/tests/sip-tcp-stat-code/test.yaml
new file mode 100644
index 000000000..97e51fb2b
--- /dev/null
+++ b/tests/sip-tcp-stat-code/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/sip-tcp-stat-msg/README.md b/tests/sip-tcp-stat-msg/README.md
new file mode 100644
index 000000000..56ba3ba2c
--- /dev/null
+++ b/tests/sip-tcp-stat-msg/README.md
@@ -0,0 +1 @@
+Match on SIP stat msg field.
diff --git a/tests/sip-tcp-stat-msg/test.rules b/tests/sip-tcp-stat-msg/test.rules
new file mode 100644
index 000000000..f86c9da06
--- /dev/null
+++ b/tests/sip-tcp-stat-msg/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_client; sip.stat_msg; content:"OK"; sid:1;)
diff --git a/tests/sip-tcp-stat-msg/test.yaml b/tests/sip-tcp-stat-msg/test.yaml
new file mode 100644
index 000000000..97e51fb2b
--- /dev/null
+++ b/tests/sip-tcp-stat-msg/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/sip-tcp-uri/README.md b/tests/sip-tcp-uri/README.md
new file mode 100644
index 000000000..c1c134a6d
--- /dev/null
+++ b/tests/sip-tcp-uri/README.md
@@ -0,0 +1 @@
+Match on SIP URI field.
diff --git a/tests/sip-tcp-uri/test.rules b/tests/sip-tcp-uri/test.rules
new file mode 100644
index 000000000..ef6bfba9c
--- /dev/null
+++ b/tests/sip-tcp-uri/test.rules
@@ -0,0 +1 @@
+alert sip any any -> any any (flow:to_server; sip.uri; content:"sip:192.168.43.100\;transport=TCP"; sid:1;)
diff --git a/tests/sip-tcp-uri/test.yaml b/tests/sip-tcp-uri/test.yaml
new file mode 100755
index 000000000..97e51fb2b
--- /dev/null
+++ b/tests/sip-tcp-uri/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+args:
+  - -k none
+  - --set app-layer.protocols.sip.enabled=yes
+
+pcap: ../sip-tcp-method/sip-tcp.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert