From 9fdb95c786fb2f9f2b6e61af4c051a0b43ed2a6a Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Mon, 8 Sep 2025 10:19:55 -0300
Subject: [PATCH] tests/exception-policy: update READMEs #7884

Add more information concerning flow output for exception policies
in cases of flow-memcap and defrag-memcap.

Related to
Ticket #7884
---
 tests/exception-policy-defrag-01/README.md             | 10 ++++++++++
 tests/exception-policy-simulated-flow-memcap/README.md |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/tests/exception-policy-defrag-01/README.md b/tests/exception-policy-defrag-01/README.md
index de98e6b68..69130c257 100644
--- a/tests/exception-policy-defrag-01/README.md
+++ b/tests/exception-policy-defrag-01/README.md
@@ -1 +1,11 @@
+Expected Behavior
+-----------------
+
+Please note that there will be no exception-policy output associated with the
+``flow`` event for the defrag-memcap, as in the defrag engine logic is run before
+flow processing. (Cf ticket #7884 - https://redmine.openinfosecfoundation.org/issues/7884)
+
+Pcap
+----
+
 pcap from https://wiki.wireshark.org/SampleCaptures
diff --git a/tests/exception-policy-simulated-flow-memcap/README.md b/tests/exception-policy-simulated-flow-memcap/README.md
index b23c22a0f..6b2abeb00 100644
--- a/tests/exception-policy-simulated-flow-memcap/README.md
+++ b/tests/exception-policy-simulated-flow-memcap/README.md
@@ -8,10 +8,14 @@ Expected Behavior
 =================
 
 When Suricata tries to create a new flow reaching packet 6, it will simulate a
-failure, therefore dropping said packet. As midstream pickup is said to true,
+failure, therefore dropping said packet. As midstream pickup is set to true,
 Suri will later on register a midstream flow for that. Other packets/flows will
 be decoded and inspected normally.
 
+Please note that there will be no exception-policy output associated with the
+``flow`` event for the flow-memcap, as in this scenario the engine wasn't able
+to get a new flow. (Cf ticket #7884 - https://redmine.openinfosecfoundation.org/issues/7884)
+
 PCAP
 ====
 
-- 
2.47.3