From d671725d7d53e8006aa6db225a5a8c20a297c4de Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 4 Sep 2025 15:33:32 +0200
Subject: [PATCH] krb5: adds test for krb5_msg_type keyword

Ticket: 6723

Uses enumeration stringers and not equal mode
---
 tests/krb5-krb5_msg_type-enum/README.md  | 11 +++++++++
 tests/krb5-krb5_msg_type-enum/test.rules |  3 +++
 tests/krb5-krb5_msg_type-enum/test.yaml  | 29 ++++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 tests/krb5-krb5_msg_type-enum/README.md
 create mode 100644 tests/krb5-krb5_msg_type-enum/test.rules
 create mode 100644 tests/krb5-krb5_msg_type-enum/test.yaml

diff --git a/tests/krb5-krb5_msg_type-enum/README.md b/tests/krb5-krb5_msg_type-enum/README.md
new file mode 100644
index 000000000..5c8d2c395
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test krb5_msg_type keyword
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/6723
+
+# Pcap
+
+reused
diff --git a/tests/krb5-krb5_msg_type-enum/test.rules b/tests/krb5-krb5_msg_type-enum/test.rules
new file mode 100644
index 000000000..60e790d44
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/test.rules
@@ -0,0 +1,3 @@
+alert krb5 any any -> any any (msg:"not AS-REQ"; krb5_msg_type:!AS_REQ; sid:10;)
+alert krb5 any any -> any any (msg:"AS-REP"; krb5_msg_type:AS_REP; sid:11;)
+alert krb5 any any -> any any (msg:"no KRB-ERROR"; krb5_msg_type:!30; sid:30;)
\ No newline at end of file
diff --git a/tests/krb5-krb5_msg_type-enum/test.yaml b/tests/krb5-krb5_msg_type-enum/test.yaml
new file mode 100644
index 000000000..c9d1187c0
--- /dev/null
+++ b/tests/krb5-krb5_msg_type-enum/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+
+pcap: ../krb5-krb5_msg_type/input.pcap
+
+checks:
+- filter:
+    count: 8
+    match:
+      event_type: alert
+      alert.signature_id: 10
+
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 11
+
+- filter:
+    count: 9
+    match:
+      event_type: alert
+      alert.signature_id: 30
+
+
+
-- 
2.47.3