]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d671725)
snmp: adds test for pdu_type keyword
authorPhilippe Antoine <pantoine@oisf.net>
Mon, 8 Sep 2025 08:51:50 +0000 (10:51 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 23 Sep 2025 08:38:12 +0000 (10:38 +0200)
Ticket: 6723

tests/snmp-pdu-type/README.md [new file with mode: 0644] patch | blob
tests/snmp-pdu-type/test.rules [new file with mode: 0644] patch | blob
tests/snmp-pdu-type/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/snmp-pdu-type/README.md b/tests/snmp-pdu-type/README.md
new file mode 100644 (file)
index 0000000..3b436c6
--- /dev/null
+++ b/tests/snmp-pdu-type/README.md
@@ -0,0 +1,7 @@
+# Test Purpose
+
+Match on SNMP pdu_type keyword
+
+## PCAP
+
+This PCAP from snmp-v2c-get is reused
diff --git a/tests/snmp-pdu-type/test.rules b/tests/snmp-pdu-type/test.rules
new file mode 100644 (file)
index 0000000..03514a4
--- /dev/null
+++ b/tests/snmp-pdu-type/test.rules
@@ -0,0 +1,2 @@
+alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.pdu_type: get_next_request; sid:1; rev:1;)
+alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.pdu_type: 1; sid:2; rev:1;)
diff --git a/tests/snmp-pdu-type/test.yaml b/tests/snmp-pdu-type/test.yaml
new file mode 100644 (file)
index 0000000..580f079
--- /dev/null
+++ b/tests/snmp-pdu-type/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 9
+
+pcap: ../snmp-v2c-get/SNMPv2c_get_requests.pcap
+
+checks:
+ - filter:
+     count: 1
+     match:
+       event_type: alert
+       alert.signature_id: 1
+       snmp.pdu_type: get_next_request
+
+ - filter:
+     count: 1
+     match:
+       event_type: alert
+       alert.signature_id: 2
+       snmp.pdu_type: get_next_request
Mirror of https://github.com/OISF/suricata-verify.git