From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Fri, 3 Oct 2025 14:21:18 +0000 (-0400)
Subject: test/unknown: Use host order for ethtype check
X-Git-Tag: suricata-8.0.2~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2685%2Fhead;p=thirdparty%2Fsuricata-verify.git

test/unknown: Use host order for ethtype check

Issue: 7855

Version 9+: Match the ethertype value using host order.
Version 8: Match the ethertype value using network order.
---

diff --git a/tests/decode-unknown-2/test.yaml b/tests/decode-unknown-2/test.yaml
index 88ecbd74d..94d1be34b 100644
--- a/tests/decode-unknown-2/test.yaml
+++ b/tests/decode-unknown-2/test.yaml
@@ -1,5 +1,3 @@
-requires:
-    min-version: 8
 
 args:
 - -k none
@@ -16,6 +14,16 @@ checks:
       decoder.unknown_ethertype: 1
   - filter:
       count: 1
+      min-version: 9
+      match:
+        event_type: anomaly
+        ether.ether_type: 64439
+        anomaly.type: decode
+        anomaly.event: decoder.ethernet.unknown_ethertype
+  - filter:
+      count: 1
+      min-version: 8
+      lt-version: 9
       match:
         event_type: anomaly
         ether.ether_type: 47099