tests/exception-policy: update READMEs #7884

Add more information concerning flow output for exception policies
in cases of flow-memcap and defrag-memcap.

Related to
Ticket #7884

diff --git a/tests/exception-policy-defrag-01/README.md b/tests/exception-policy-defrag-01/README.md
index de98e6b684ec492541aea03613dfeba22dacafcd..69130c257d310f19b848512118f61834b3d79a58 100644 (file)
--- a/tests/exception-policy-defrag-01/README.md
+++ b/tests/exception-policy-defrag-01/README.md
@@ -1 +1,11 @@
+Expected Behavior
+-----------------
+
+Please note that there will be no exception-policy output associated with the
+``flow`` event for the defrag-memcap, as in the defrag engine logic is run before
+flow processing. (Cf ticket #7884 - https://redmine.openinfosecfoundation.org/issues/7884)
+
+Pcap
+----
+
 pcap from https://wiki.wireshark.org/SampleCaptures

diff --git a/tests/exception-policy-simulated-flow-memcap/README.md b/tests/exception-policy-simulated-flow-memcap/README.md
index b23c22a0f1c3571d69bc2bed2b668ed2cfe5f75e..6b2abeb00d77d2d8fcdb3540341b13a8cc42d0cf 100644 (file)
--- a/tests/exception-policy-simulated-flow-memcap/README.md
+++ b/tests/exception-policy-simulated-flow-memcap/README.md
@@ -8,10 +8,14 @@ Expected Behavior
 =================
 
 When Suricata tries to create a new flow reaching packet 6, it will simulate a
-failure, therefore dropping said packet. As midstream pickup is said to true,
+failure, therefore dropping said packet. As midstream pickup is set to true,
 Suri will later on register a midstream flow for that. Other packets/flows will
 be decoded and inspected normally.
 
+Please note that there will be no exception-policy output associated with the
+``flow`` event for the flow-memcap, as in this scenario the engine wasn't able
+to get a new flow. (Cf ticket #7884 - https://redmine.openinfosecfoundation.org/issues/7884)
+
 PCAP
 ====