From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sun, 15 Jun 2025 14:27:00 +0000 (-0400)
Subject: analyzer/tests: ICMP icode engine analysis test
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;p=thirdparty%2Fsuricata-verify.git

analyzer/tests: ICMP icode engine analysis test

Test the ICMP icode engine analysis additions.

Issue: 6359
---

diff --git a/tests/rules/icmp_code/test.rules b/tests/rules/icmp_code/test.rules
new file mode 100644
index 00000000..e275479e
--- /dev/null
+++ b/tests/rules/icmp_code/test.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"Testing icode"; icode:2; sid:1;)
diff --git a/tests/rules/icmp_code/test.yaml b/tests/rules/icmp_code/test.yaml
new file mode 100644
index 00000000..66e0b15e
--- /dev/null
+++ b/tests/rules/icmp_code/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    min-version: 8.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "icode"
+      lists.packet.matches[0].code.equal: 2