tests: add RST with unacked data file tests

Add tests for bad handling of unacked data following a RST.
OISF · Dec 3, 2024 · b7cf987 · b7cf987
1 parent 2ea1528
commit b7cf987
Show file tree

Hide file tree

Showing 16 changed files with 2,359 additions and 0 deletions.
diff --git a/tests/tcp-rst-unacked-stream-09/README.md b/tests/tcp-rst-unacked-stream-09/README.md
@@ -0,0 +1,5 @@
+PCAP
+====
+
+Pcap from a pcap known as TLPW1 in the team. Originally from:
+malware-traffic-analysis.net
diff --git a/tests/tcp-rst-unacked-stream-09/TLPW1-tcp-110.37.219.134-10.12.14.101-tcp-990-49230.pcap b/tests/tcp-rst-unacked-stream-09/TLPW1-tcp-110.37.219.134-10.12.14.101-tcp-990-49230.pcap
diff --git a/tests/tcp-rst-unacked-stream-09/suricata.yaml b/tests/tcp-rst-unacked-stream-09/suricata.yaml
diff --git a/tests/tcp-rst-unacked-stream-09/test.yaml b/tests/tcp-rst-unacked-stream-09/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.sha256: b95aa84c9ac4948c8565202e016933644c592c366525b2790857615ca7e6f665
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.app_layer.tx.http: 1
+        stats.app_layer.flow.http: 1
diff --git a/tests/tcp-rst-unacked-stream-10/README.md b/tests/tcp-rst-unacked-stream-10/README.md
@@ -0,0 +1,5 @@
+PCAP
+====
+
+Pcap from a pcap known as TLPW1 in the team. Originally from:
+malware-traffic-analysis.net
diff --git a/tests/tcp-rst-unacked-stream-10/TLPW1-tcp-174.56.47.59-10.3.11.101-tcp-80-49309.pcap b/tests/tcp-rst-unacked-stream-10/TLPW1-tcp-174.56.47.59-10.3.11.101-tcp-80-49309.pcap