mqtt: add test with type keyword and index

Ticket: 7480

diff --git a/tests/mqtt-connect-rules-3/suricata.yaml b/tests/mqtt-connect-rules-3/suricata.yaml
new file mode 100644 (file)
index 0000000..6fb68aa
--- /dev/null
+++ b/tests/mqtt-connect-rules-3/suricata.yaml
@@ -0,0 +1,16 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mqtt
+        - alert
+
+app-layer:
+  protocols:
+    mqtt:
+      enabled: yes
\ No newline at end of file

diff --git a/tests/mqtt-connect-rules-3/test.rules b/tests/mqtt-connect-rules-3/test.rules
new file mode 100644 (file)
index 0000000..fdea335
--- /dev/null
+++ b/tests/mqtt-connect-rules-3/test.rules
@@ -0,0 +1,2 @@
+alert mqtt any any -> any any (msg:"MQTT CONNACK reason code 0"; mqtt.type:CONNECT,0; mqtt.type:CONNACK,1; mqtt.reason_code:0; sid:4;)
+

diff --git a/tests/mqtt-connect-rules-3/test.yaml b/tests/mqtt-connect-rules-3/test.yaml
new file mode 100644 (file)
index 0000000..b2b88cd
--- /dev/null
+++ b/tests/mqtt-connect-rules-3/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 9
+
+args:
+  - -k none
+
+pcap: ../mqtt-connect-rules/mqtt5_pub_jpeg.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 4