detect/prefilter: test u8 prefilter with lte mode

author Philippe Antoine <pantoine@oisf.net>

Tue, 26 Aug 2025 19:22:07 +0000 (21:22 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 29 Aug 2025 07:09:43 +0000 (09:09 +0200)
author Philippe Antoine <pantoine@oisf.net>
Tue, 26 Aug 2025 19:22:07 +0000 (21:22 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 29 Aug 2025 07:09:43 +0000 (09:09 +0200)
diff --git a/tests/detect-itype-prefilter/test.rules b/tests/detect-itype-prefilter/test.rules

index 50f59820f6ff0a0fbc6daa3180b8c418240ff06c..649ca83a8884b9682019ade9fcbb63e67cf8c3b3 100644 (file)
--- a/tests/detect-itype-prefilter/test.rules
+++ b/tests/detect-itype-prefilter/test.rules
@@ -1,2 +1,6 @@
  alert icmp any any -> any any (itype:8; sid:1;)
  alert icmp any any -> any any (itype:8; prefilter; sid:2;)
+
+alert icmp any any -> any any (itype: <= 8; prefilter; sid:3;)
+alert icmp any any -> any any (itype: >= 8; prefilter; sid:4;)
+alert icmp any any -> any any (itype: != 0; prefilter; sid:5;)
diff --git a/tests/detect-itype-prefilter/test.yaml b/tests/detect-itype-prefilter/test.yaml

index 1a443af3c2786716268951b42fb663c40ffa5afd..7e6187fc94ea2793a964fd14ab9b4064a9a7006d 100644 (file)
--- a/tests/detect-itype-prefilter/test.yaml
+++ b/tests/detect-itype-prefilter/test.yaml
@@ -12,4 +12,21 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 2
-
+  - filter:
+      min-version: 8.0.1
+      count: 150
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      min-version: 8.0.1
+      count: 75
+      match:
+        event_type: alert
+        alert.signature_id: 4
+  - filter:
+      min-version: 8.0.1
+      count: 75
+      match:
+        event_type: alert
+        alert.signature_id: 5
author	Philippe Antoine <pantoine@oisf.net>
	Tue, 26 Aug 2025 19:22:07 +0000 (21:22 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 29 Aug 2025 07:09:43 +0000 (09:09 +0200)
tests/detect-itype-prefilter/test.rules		patch \| blob \| blame \| history
tests/detect-itype-prefilter/test.yaml		patch \| blob \| blame \| history