analyzer/tests: ICMP icode engine analysis test

author Jeff Lucovsky <jlucovsky@oisf.net>

Sun, 15 Jun 2025 14:27:00 +0000 (10:27 -0400)

committer Victor Julien <victor@inliniac.net>

Fri, 27 Jun 2025 02:11:49 +0000 (04:11 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Sun, 15 Jun 2025 14:27:00 +0000 (10:27 -0400)
committer Victor Julien <victor@inliniac.net>
Fri, 27 Jun 2025 02:11:49 +0000 (04:11 +0200)
diff --git a/tests/rules/icmp_code/test.rules b/tests/rules/icmp_code/test.rules

new file mode 100644 (file)

index 0000000..e275479
--- /dev/null
+++ b/tests/rules/icmp_code/test.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"Testing icode"; icode:2; sid:1;)
diff --git a/tests/rules/icmp_code/test.yaml b/tests/rules/icmp_code/test.yaml

new file mode 100644 (file)

index 0000000..66e0b15
--- /dev/null
+++ b/tests/rules/icmp_code/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    min-version: 8.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "icode"
+      lists.packet.matches[0].code.equal: 2
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Sun, 15 Jun 2025 14:27:00 +0000 (10:27 -0400)
committer	Victor Julien <victor@inliniac.net>
	Fri, 27 Jun 2025 02:11:49 +0000 (04:11 +0200)
tests/rules/icmp_code/test.rules	[new file with mode: 0644]	patch \| blob
tests/rules/icmp_code/test.yaml	[new file with mode: 0644]	patch \| blob