From c0e567c63eb8135e3aa6773dc6d5fe16226cb5c2 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 28 Mar 2024 16:51:03 +0100 Subject: [PATCH] doh: adds test for dns over http2 with post Ticket: 5773 --- tests/dns-over-http2-post/README.md | 9 +++++++ .../dns_over_https_POST.pcap | Bin 0 -> 21044 bytes tests/dns-over-http2-post/test.yaml | 24 ++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 tests/dns-over-http2-post/README.md create mode 100644 tests/dns-over-http2-post/dns_over_https_POST.pcap create mode 100644 tests/dns-over-http2-post/test.yaml diff --git a/tests/dns-over-http2-post/README.md b/tests/dns-over-http2-post/README.md new file mode 100644 index 000000000..0afd21b71 --- /dev/null +++ b/tests/dns-over-http2-post/README.md @@ -0,0 +1,9 @@ +# Description + +Test DNS over HTTP2 with POST +https://redmine.openinfosecfoundation.org/issues/5773 + +# PCAP + +The pcap comes from https://redmine.openinfosecfoundation.org/issues/5773 + diff --git a/tests/dns-over-http2-post/dns_over_https_POST.pcap b/tests/dns-over-http2-post/dns_over_https_POST.pcap new file mode 100644 index 0000000000000000000000000000000000000000..930c062511d425ac74c7796033ba03384370187e GIT binary patch literal 21044 zcmc&+30%}w9)B~;Fd&C`Yi1rmd4y+bmIf#@YDVJGu5Gq10wRfm;#FyXK$9u+D9cTE z+YUR{OD?Kn+Lm_pM8G*<9}fOzw`S$-ZAVg zedkp(voJZTsu(lj&4Vr1KHR&i9_xjBx;#e+voqE{$zUuYm@(I1Ese)VUH*B;=PX5j zD#cvIKDr>N%+piJ7gUG>QDP~eBZeuZA*dV`RF>(f6ewjOMNBDCpmI!5`J*X}ZN(4i z@*G^FkCF;CRGL?@pF$W*89um8$2NmTj!fy&y>r)ydJ*+TB-1Nn4Xcf4;`XyJGZJLo)xKxa9R;cG!bPKYvSQ>?_lo zWOeL+tY3W5W9vUL#=Tas_KU+Ku3QUwV(*bw@7{Xo-5$%|p0)CuZ`)1&`@6TFoxFLU z?c$s5maN<#1wfldgs!^%t@EXe*3=)dxYe{z#zx%Q@4msqo4)?ngyUU?&5s+Bd+@^V zHe5}x9!Od6r^>gl4DY`!VfUCfqW>{!-d|6)y=`sr7{8}R7iOJJC>(6eOPreomL?;Ox64%~LwP0~jnOH>_{YpRsVJM6N1IORh+%&0-Mg z&dHH0ffP5nT_1i9^zkx}L=`A-}!$W2~3-%+Jh&jnb8~sYrn#*Xin=V{nzSmZs#yHU zb;mi=g*TpDbuo5A_8qOaf1f=5{nDmQ|FQpt)oZssH|IdiKO;-l4A{LfX64xX#znWU zcUjH%4y_ZCyC zs}rDLUB&6PXW=Y{-_`O$zRlaH_3cwCXP6$9&RAJ0Sdb^{PX@V^I5T?~Z|L$I9C<^N z)(UdorNOiem(Vjkcx-_gR1kPH1D~wI$Wuu$|p8E_Kz%VTWo+=x)jqX0E`yKzh zdn&SKK4%Us3i6=^38T~km=V8CW|sYT?U`GH89OkO$cg+fFJzM33uayJ`9Nh7^H6D$ zH=h>#NreVPZq~A39iV<0!K5u)h&G0jNf}^8(c7BAAvNv~XgvigqVY|PP;*`=BEOmA*}FoO!D1zv4wIg|1-CQYp)sJc~YRlcN@B27v$ zN9gh#oY7ZFh$C{ZcQ0ff1x6v z9W)itK7q^@NxHvtkeG^G2_t*>x$e1g#xR>EG1yTB{jDDq2?=f`30`|us7)c&h!iUS ztjA0ed%r1_e622fV@?gAlCQx4EOeMv7Y>f0E3v&`YnLvF1mqEH0j@O#fs?>dl)cxhJ1%EPS6C&5&6vB?;4PBmt$HixM zOfnRv#B5BM@=ogCSxX)l&75W1w{0y&Y#71S7Tl2HQ>EYo4+|>r<2K+8tWrxuLUdrn zyv$!^%N(ilOScO%kp-KP1>24a(NrmWJweX9?FqUSP4P2??f7FvPNeJ>xKpMuBd9RD zbqO&GemI0p#>eRL9Nb-LcFY7xb{}TRlG&=|^h|f2vcU{0kQR6~XQkJ%K7}s$>?p#Xk9un5_KMoYCuE1a$W2Ev|(CZ zn<_>4PKxli5)wh^+6s3{T{m)Fn>-Mzt93{~{zk>ZMYT~^qHxPv2S(ny)-gg>9u8$E zL4_{Q!9(<*Jz7ZM-Dy~dAVdd}TlegvXQFvVZRy;+Yv&FbAqg{(UX6M*p{#5)WpV$- z=~?5ae=lnjJW~@OO3%1MWEa(@CM#+}t_U2+~!x>Pr_2b5Ve_qyR}j z6RN9Cu}X5GlAL8PkrTD4m2=CdpX{nYzA?f?idoPw!KXIC-`*DV^|#xAH?TJKy`Z%q z%7(&%?@5)H?60w4E3)7{hwAB4OeaCkyIfcXG8SA+SbXy=krQD@J(DKvUi_w>F6>Y< z6=C;?Wc0==VkBBjF#4~;ZqSl29ay?4EmsW7y-BJ@v>^!uSXw)`?*8s0NE@UdHW;)HN^tl#JR-MsHvOBbyg6@&-#?nwKfiHRl2J zaClU`(q~Ulnhv?unnAjD$s!TNN?){UrEhHqtXO}xcaOW!=OO(VQ36dnA_vBJryi)` zjV3=e+=XiA4XN~Gl1&ea9fo+)&13K;r<*-dX%Z|b36nfMQ#?XwiY9U|UJuftX@Jtn z8H|OR$igo@OXNiAiN&2V^%R#7qhzy1ho&SYBlO&YQLjv5BwArGszH+_H8(5Iw_iYm z<-0*cA}n2P(e;M|Ri+CCD{DFFx{;F<{b8)rweR!KBy2i|?cKB6Xvq7+sFHK@y*C^n zZb3dIHbViEQe2?MN-DLCVxgAY>}h$XY*zzU9DYP@dW}QLV`-`j3unN1od>CYeVs*@ zg9a&8M|UGsFZ!KeM&iU0xmJI+>QHm9(wXIOChu;R^EtFY&21p5M9oHynxa>&x`Kt~ z-M_oBV)h~!E$d8ji-HA45T7)_YaKTmNY!Bv1?xa_ztVE(Zh~V7G=KUF@e`oA%~?{p ze_u6d3iic+{@Grmu>eg)S99XCZ@hZoEjg)xv>Y@fuTolfrn&FNY$}lIy?-C90}Zwh z{JWfbQ>E&2Q6OlL3bzrtNo~V)%Qe85zb}I^bE!9*EZGKqq+G7)fIB5<3`^m}L#4zl zGdhe>uB*;>^ei7dO+I2Dtz-r`31;IzqYwAtvV&O-a6(hlX*)10Eu)S(#~2f)iQH{buIhl1$ zuRA{t(=AY?2?@NX-}Pn#E~m)92cWcEpz7c(JMcxNjFe09`}cirH04#fasH$4`1E-2 zPfdOe>>rtA*&o==A-SoU8L8=a^fG0KrRPi=o1KxCos~90?C{be9bt9{<=w{U!{mBa zGvr+?4fzd%+mU_R2|!eY0R zEOi~E`ArtC!IZXF%2%Q~0|E3(ch#=@==DjRchVv#rwB$WYZ zSPLiaDkEm=e;>|f;A3=o4xV+g>=RVXY`~OYHUMj_jNQp$0A@8o=!a@^9uTG8+aodF zj*8GlVvf>;SE1cV(z);qi6P(<=d3vN)j0iQ+p4EE`dA#)9U0?I5g z#IkD%#BSBF@(aY~fEAWb{RinjvWa%Km8;S{e4W(&u}=h5f=?WgyEZ#Q2cJBpM@KRi zzMf1O0wBqv)dhE6@Y!CpjVEv;xN!2{%ZXXTf(T~dV{~~A4xh<(lvaPNQm_kVEwDy~ zPjL8vnFoBtu?mzfQ>I_O)4*tYT%@k`L231`|KaPQWf|$-@_Q0Tv_4&&TaO$*Bw>`0 z^VPvGjhlJv(;%_=VDEkzqI;mIHqqT^+Q}k3(z>g;i>f!d(GNbY0Us>d1{~yxpl*@6 z*5^@`>Jf-5q56#11aV^Dg~)xiNIPf8e!jx7WsF74BuhSl=3jOJ)CGB=Xh#tir_l$v zID+neE>hR_pxP=JeJdG_zK0lzwg-$n5cHq6JwL?P*DdoDDD4M8h47Sw%MjFUyY8HvHG1{bC>UmmeKFsez7LdMQK}@;S(?hw`Lx&T;Id)X$pf)qU zK62P-BM_DTTrZza2&!lhB~@_)YC;`L*>>NaGGHkqlYGOthzrI~b7k%dY}FTfE)3t4#PLqtp>&^w*ktO^~czu*`q5GtEq`QDn&u2g` zbe0xEe^z?-XLz=hOgXJ15fc#VjXNcT%F2mR(Gw=!Y!<63{&g($X35C7NQ}g67K~~j zRL6B6l3++D-62!^%Sy|YV&#b+fsAcL5{RYe-v0S$PHtyfdOq>}chz7jSZe@TMl1(Y zOwLD@KCLyh;9!C(wX6qqzcK4UWRiwmwP1QhWs<1H(j3iS)_b#{x`!KvoH+QVu3tJKX_O`xi<^XsZRI4-b*l;(#d_)qp9`p+ZF(B6WK# z(yDt{DaD6UiX4xEes>^sOSrmEJs+%FX+NT5^p#|^5Z$0$X$PYkb(P2N0_Zw#Z?G=q z9v32bF9k&{!(voR$`gBbk_aN@-tBaqI(b5-+|KWQ|J}F7Z6ZqM-ag5v4}`oPQKC8w zi!>`{1#5UEj)wf!Rm6?`Dn~KM&tV6&tEMoof68qzRO+6AH3AwG=ywyj@Z(xjVy#<2 z4pAaZnaigR!jyfSC1*~blBVnucJjpcMh9Wag}5DrhgTv*Aicy;>Twvd`yNE8KNKVlo>*ln;0;P$4BV$9K6}?WGa%`5waS zxTnN3ePLM_IU0YrOKFN z3zbvqkDUstnOpryrC)d<;I^K^7eUDiIUdBTy-^C(`xSFGFwnKj@+a@Blwe21e8so>o^`YLf6DVx{5g4*+zRt5G7rq>vhR! zav13<0t1Y^b*;mG47v6E679*hUxWnSm8szltkCu$x2~H*5{SS^be8{c?rhoVQzwm1 zJTTg(KhfW(AVJFie_*s+sy*3OrBb;OkStUl?J);PBn!5AQFqGH0sHu;mPW9fAZI>G z78I+3@y<=>e>mqZNI_@MoHpY4s$knOv+UldEP*j^OZs8kon!vVw;@*CfYLs0xz3Uf z0McLe#&=59A5JILMT&_hOK!ZNJ0s`_5#+qj2!^3BH%=rhj?E@wBJ2j>PMKmv*xi3g zcSg_=s$?`;GMWetWY~exe-(Dk-qxKFbfAx$>N4r<)_OTrGl`5l336)2oBcuUqvjGbLmO(+fjbul2 zr4L_(4=<4g$2>&D1X%32Q-Z}+PK+LHq1!okv`{koP%`R^=0+|dgHa7w{Pu%__}8h` zn^+{r>GCkmf}rCTrTs3!e%DFiTT$8N1l+EifYXBD#h)(73Hau!AJ6|_bmNeE_MJgj zhkJhm3A%7dnL*VQSQh|`ALYT9s_VAP{EqL6V4z)QGRc{(T1d54nWPB}Ax!c>V={?= zl%2@E+Fy6<)DfffG^%kE-r|gIOT+}E2I5W$sbUVP?7_NiQAezbQFt54=%%}fkyv5| zBMqeFx~!tjA$><&3)jp_9ax?6PeM&l`@>TSQU7XBVu-2KK&R{SrHc|ehpT?N@T1W~ zKxfnZ==0vtfy^4{NSWQp8CDB&c#g2}V7}5+kuE z3Pv6f3b@axz|KM_{6Tl!VP;2PrTxG%g8xB}u4hROv7$UgRnWT7it_bqS7lb(Tnu~} zcM3>-{_?bC-jD)e4@d>n#f_z;TGEm{Hnpy<1&vH{6vjtqA7I_ZfprD{aB7ZLN0?;D zd@_lE)DR-~0s{X*{D3acA@)oi2`W!Vz$?w$Qi30jZb?Ea8FxxZ6_*pEMT>NMrjA4< zqX#6TsCC3h6f`i>KuQ*e0ElWc*u+kQ6kVQ!>wCyySDLRa%(s;EUCgs^EdRn=veQ+? zez`8ObJ)0c^@?$qz|Q_nS9g0?GzhK1juhGros?RjBP*I8bOKg1@sBIHubjb)aG? z7=0ia9e06xbwvXs5A4)d6#`(W;4fxIsf8}j!7+5ialg`xN3i{GCcU>L&@;Dj3=MUb zRGF(xRm@$~KK$kSHKVUU(Q#+9bnmZIKzt7r)h50hP45IMYJTvkt*DXP552D2({iM! z)Nip|s&DTjOhzag`Ygz;pKH||7jq0(IXBXbuO+V_YwmIpIdR%>819rPGHivp@tcU* zo+2xog^$tYIk@X4IYua%b&$;7&!T7g5ri0+)gUQ6J!5J{+SJ^fDN|FkZR4`0WQ@z1 zshh2lEHC8-vx}fXm**f^Oy4;sEA6-fcFZBg3wqHrYdDOCsft_Th^7lve_JZ3d(U3< z$EC!d>dEh1b%X!5l+mA~xkIbxCk?9po_w{!Fd;{?6^fYjCUiqNhTY=zNlWgOob=#{ zIgh2zsQz~4XW64KQm6{PCb?BN?oyL7g>-(R4xlDQ}k43DrG5vEEDN3DH4@`1B7nm ACIA2c literal 0 HcmV?d00001 diff --git a/tests/dns-over-http2-post/test.yaml b/tests/dns-over-http2-post/test.yaml new file mode 100644 index 000000000..6b453a404 --- /dev/null +++ b/tests/dns-over-http2-post/test.yaml @@ -0,0 +1,24 @@ +requires: + min-version: 8.0.0 + +# disables checksum verification +args: + - -k none + +checks: + - filter: + count: 1 + match: + event_type: doh2 + dns.queries[0].rrname: example.com + dns.queries[0].rrtype: NS + dns.answers[0].rrname: example.com + dns.answers[0].rrtype: NS + dns.answers[0].rdata: b.iana-servers.net + dns.grouped.NS[0]: b.iana-servers.net + - filter: + count: 1 + match: + event_type: flow + app_proto: doh2 + app_proto_orig: http2