--- /dev/null
+# Test Description
+
+Test to demonstrate the port grouping and SGH distribution when a two port points
+are single as well as the endpoints for a range.
+
+## PCAP
+
+None
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6843
--- /dev/null
+alert tcp any any -> any 80 (flow:to_server; content:"abc"; sid:2;)
+alert tcp any any -> any 100 (flow:to_server; content:"abc"; sid:3;)
+alert tcp any any -> any 80:100 (flow:to_server; content:"abc"; sid:4;)
--- /dev/null
+requires:
+ min-version: 8
+
+pcap: false
+
+args:
+ - --engine-analysis
+
+checks:
+ - filter:
+ filename: rule_group.json
+ count: 1
+ match:
+ tcp.toserver.__len: 3
+ - filter:
+ filename: rule_group.json
+ count: 1
+ match:
+ tcp.toserver[0].port: 80
+ tcp.toserver[0].port2: 80
+ tcp.toserver[0].rulegroup.id: 0
+ tcp.toserver[0].rulegroup.rules[0].sig_id: 2
+ tcp.toserver[0].rulegroup.rules[1].sig_id: 4
+ - filter:
+ filename: rule_group.json
+ count: 1
+ match:
+ tcp.toserver[1].port: 100
+ tcp.toserver[1].port2: 100
+ tcp.toserver[1].rulegroup.id: 1
+ tcp.toserver[1].rulegroup.rules[0].sig_id: 3
+ tcp.toserver[1].rulegroup.rules[1].sig_id: 4
+ - filter:
+ filename: rule_group.json
+ count: 1
+ match:
+ tcp.toserver[2].port: 81
+ tcp.toserver[2].port2: 99
+ tcp.toserver[2].rulegroup.id: 2
+ tcp.toserver[2].rulegroup.rules[0].sig_id: 4
+