tests: fix drop tests

author Victor Julien <victor@inliniac.net>

Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)
author Victor Julien <victor@inliniac.net>
Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)
diff --git a/tests/bug-5802/test.rules b/tests/bug-5802/test.rules

index ca13c4b2a06024371d8512e111106ecae44a1542..f5a1cf38f4d571f65a6d11d0da4f6a83f95469a1 100644 (file)
--- a/tests/bug-5802/test.rules
+++ b/tests/bug-5802/test.rules
@@ -1,2 +1,2 @@
  alert tcp any any -> any any (flow:to_server; sid:1;)
-drop udp any any -> any any (flow:to_server; sid:2;)
+drop udp 200.57.7.195 any -> any any (sid:2;)
diff --git a/tests/bug-5802/test.yaml b/tests/bug-5802/test.yaml

index 2e06568c2d5a894e4acda3efdf9399db972f9cd7..47a95af7a95bb2f2a6483618955a83fe836bb29e 100644 (file)
--- a/tests/bug-5802/test.yaml
+++ b/tests/bug-5802/test.yaml
@@ -10,11 +10,16 @@ checks:
          event_type: alert
          alert.signature_id: 1
    - filter:
-      count: 4
+      count: 1
        match:
          event_type: alert
          alert.signature_id: 2
+        alert.action: blocked
    - filter:
-      count: 3
+      count: 1
        match:
          event_type: sip
+  - filter:
+      count: 10
+      match:
+        event_type: drop
diff --git a/tests/droped-flow-applayer-event-logged-dcerpc/test.yaml b/tests/droped-flow-applayer-event-logged-dcerpc/test.yaml

index f3622529e6ea54dc37c50ef19de765bfd058f2b4..a65ab9b1395a2f0882a3b4de39e7249cc1c1441f 100644 (file)
--- a/tests/droped-flow-applayer-event-logged-dcerpc/test.yaml
+++ b/tests/droped-flow-applayer-event-logged-dcerpc/test.yaml
@@ -5,7 +5,16 @@ args:
  
  checks:
    - filter:
-      count: 0
+      count: 1
+      match:
+        pcap_cnt: 2
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+  - filter:
+      count: 1
        match:
          pcap_cnt: 2
          event_type: smb
diff --git a/tests/droped-flow-applayer-event-logged-smb/test.yaml b/tests/droped-flow-applayer-event-logged-smb/test.yaml

index 3cfc1fb67bc46e0384d8da81a96e8896e5d3399c..53d1978694e341963130286de6c952c76938084b 100644 (file)
--- a/tests/droped-flow-applayer-event-logged-smb/test.yaml
+++ b/tests/droped-flow-applayer-event-logged-smb/test.yaml
@@ -1,15 +1,23 @@
  args:
  - --simulate-ips
+- --set stream.midstream=true
  - --set stream.reassembly.depth=0
-- --set stream.midstream-policy=drop-flow
  - -k none
  
  checks:
    - filter:
        count: 1
        match:
-        event_type: smb
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
          pcap_cnt: 2
+  - filter:
+      count: 1
+      match:
+        event_type: smb
    - filter:
        count: 53
        match:
author	Victor Julien <victor@inliniac.net>
	Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 31 May 2023 14:14:34 +0000 (16:14 +0200)
tests/bug-5802/test.rules		patch \| blob \| blame \| history
tests/bug-5802/test.yaml		patch \| blob \| blame \| history
tests/droped-flow-applayer-event-logged-dcerpc/test.yaml		patch \| blob \| blame \| history
tests/droped-flow-applayer-event-logged-smb/test.yaml		patch \| blob \| blame \| history