krb5: adds test for krb5_msg_type keyword

Ticket: 6723

Uses enumeration stringers and not equal mode

diff --git a/tests/krb5-krb5_msg_type-enum/README.md b/tests/krb5-krb5_msg_type-enum/README.md
new file mode 100644 (file)
index 0000000..5c8d2c3
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test krb5_msg_type keyword
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/6723
+
+# Pcap
+
+reused

diff --git a/tests/krb5-krb5_msg_type-enum/test.rules b/tests/krb5-krb5_msg_type-enum/test.rules
new file mode 100644 (file)
index 0000000..60e790d
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/test.rules
@@ -0,0 +1,3 @@
+alert krb5 any any -> any any (msg:"not AS-REQ"; krb5_msg_type:!AS_REQ; sid:10;)
+alert krb5 any any -> any any (msg:"AS-REP"; krb5_msg_type:AS_REP; sid:11;)
+alert krb5 any any -> any any (msg:"no KRB-ERROR"; krb5_msg_type:!30; sid:30;)
\ No newline at end of file

diff --git a/tests/krb5-krb5_msg_type-enum/test.yaml b/tests/krb5-krb5_msg_type-enum/test.yaml
new file mode 100644 (file)
index 0000000..c9d1187
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+
+pcap: ../krb5-krb5_msg_type/input.pcap
+
+checks:
+- filter:
+    count: 8
+    match:
+      event_type: alert
+      alert.signature_id: 10
+
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 11
+
+- filter:
+    count: 9
+    match:
+      event_type: alert
+      alert.signature_id: 30
+
+
+