test/unknown: Use host order for ethtype check

author Jeff Lucovsky <jlucovsky@oisf.net>

Fri, 3 Oct 2025 14:21:18 +0000 (10:21 -0400)

committer Victor Julien <victor@inliniac.net>

Fri, 10 Oct 2025 05:11:49 +0000 (07:11 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Fri, 3 Oct 2025 14:21:18 +0000 (10:21 -0400)
committer Victor Julien <victor@inliniac.net>
Fri, 10 Oct 2025 05:11:49 +0000 (07:11 +0200)
diff --git a/tests/decode-unknown-2/test.yaml b/tests/decode-unknown-2/test.yaml

index 88ecbd74dc432fcf579664c4f16998a804f81dcc..94d1be34bbcf5a30b08d437a5472f311238183d3 100644 (file)
--- a/tests/decode-unknown-2/test.yaml
+++ b/tests/decode-unknown-2/test.yaml
@@ -1,5 +1,3 @@
-requires:
-    min-version: 8
  
  args:
  - -k none
@@ -16,6 +14,16 @@ checks:
        decoder.unknown_ethertype: 1
    - filter:
        count: 1
+      min-version: 9
+      match:
+        event_type: anomaly
+        ether.ether_type: 64439
+        anomaly.type: decode
+        anomaly.event: decoder.ethernet.unknown_ethertype
+  - filter:
+      count: 1
+      min-version: 8
+      lt-version: 9
        match:
          event_type: anomaly
          ether.ether_type: 47099
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Fri, 3 Oct 2025 14:21:18 +0000 (10:21 -0400)
committer	Victor Julien <victor@inliniac.net>
	Fri, 10 Oct 2025 05:11:49 +0000 (07:11 +0200)