From becb64007ced45aaafa93208bf50301bd17e0d79 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 18 Jul 2025 16:11:27 +0200
Subject: [PATCH] flow: add test for community id with same ip

Ticket: 5689
---
 tests/community-id-sameip/README.md     |  11 +++++++++++
 tests/community-id-sameip/input.pcap    | Bin 0 -> 6567 bytes
 tests/community-id-sameip/suricata.yaml |  10 ++++++++++
 tests/community-id-sameip/test.yaml     |  17 +++++++++++++++++
 4 files changed, 38 insertions(+)
 create mode 100644 tests/community-id-sameip/README.md
 create mode 100644 tests/community-id-sameip/input.pcap
 create mode 100644 tests/community-id-sameip/suricata.yaml
 create mode 100644 tests/community-id-sameip/test.yaml

diff --git a/tests/community-id-sameip/README.md b/tests/community-id-sameip/README.md
new file mode 100644
index 000000000..9cc19d19d
--- /dev/null
+++ b/tests/community-id-sameip/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Community ID test when same IP address
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/5689
+
+# Pcap
+
+From ticket
diff --git a/tests/community-id-sameip/input.pcap b/tests/community-id-sameip/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..bfc4d794db3f52abdaddf9b6c281d919aeff1f8e
GIT binary patch
literal 6567
zc-qaFe^6A{702&;yR2JS8zlZ9wQZinRB(vn;)d3a8W-3AE-aBB{)TngeZZPsR@g-n
zZ4iOjiPK4_qr{kuAx_nHOq{B<u~n?C#?&gd7*k0!v5+66I+H;r9UGO{bME6UdmlG1
zlmEKIF1!2ge!k~?&%Ni~-Aktqy(SVPQE&I|5hB3<KY!Vj_wV~fvIw3pBJ9mf9E8l1
zPc0-1O^aVY`D^kO-mg?zuAlEcR)`}y#pdKcE+#}YF0>d$b37UR@OgY+Fc?foo-$F7
zObC+S45?(x^(&R#w(XaJ?&?fxCXL-1GTc>iCXlm$l*J?4<kK|f!<v{~K<{l%6oraG
zh*21&B5??a>w&O-EYVB?&Lv2EvQHChFH)P6Mbf&TCEDPV@sG}$J?l{$setDTnx@+t
zA~oqGefKnx6<CmI&B$N6VnJ2S(q*(B<0k3m_7=_U(AeBM5@~Kn$L5wiStM;hXyfI!
zPCi44)m&n-D6}47i3{N6vwID+(9;P27O4u!_2Gz2CVoB~EUSEW>RTOa66_DH`Dn;m
zarZRFG<)*bW@#oi=TeL*kj(nskqB|MLzbkXacq{IK*VWT$Rj@HTt<l&E)gr(#1hBB
z<Ri)*;Z;*aQVq|mdGO`(+tk8VjfL$XFqK-kBMN^3;b@y7EC*z7L|V9T9a!ZL)w;c*
zU{J1&NCAJ)ACasmYlO&l!{FUK*=^3{bXNXelhag?K0<SPhmn0jz?U;1DT7b00?LFj
z+Qc%AIN{2$KprF{4x;=DJ@_6W#s_lYdMG3n_-h-Ul7df%>jIA`GaQD+(P0>|{jgqL
z<-by+_Gyed0#R?k*;{@*8u6PL@fjfgq02&+0bv=BxJW)riS1k>TK}9%{GtbmNoakE
zqrj0}D&^Qq?OFB`M`{}C1Ws5;3tVmC=|r3>sMqgmyxss>=cw0*V|Bjhp<YX)UdNA$
zp~?8xFkwuFPZ;k+y~K#xAR-+v|3)+4qsjanM0E_kw8pa$Au;<;7Fu5?k2qgGM~N?U
ziRk6eSYjM5kcb?PAbJm=b(Y^sy8OPQvF{k*FR{x{L61}RCtQ9A-*wVL%HVk!51uQZ
z=gxskAaI7py_tpIN0(nss8RBHBA!Z5SPr8|?q4kA09-o26X|rWq7z`BCWA8|G(a=B
z78SV|od8yK0+>s(^BjdR1&BFkL^DBo%k8okI$%beRF)ly&WIFpKg@_Ee{EH$KIn<y
zDh+#U<e&%Vh!JgvCnh=&qaTLoi{aD7yy$b}Zfen1jYR|9wih#~MXgNq7cEhXAlQK7
z&y7<S(uvzXPhqRGoci-S)}I$MK;;(or-xOb{>)YVNr1&s;GkZVknfgKO}D?+jcLY@
zUgP^@0-xeM)zF_tmXG4d_S1SZQocYP>CiZG3u11kjx@3H!i*$FDnj9(0el{WF;5r^
z7iKvts2Ni<X0)I0JuaddZ9x`36Aw+`gHl!{75XUpeeh>_j7&tf0Xu;(d;W-PV@6xN
z4dF;A=*DSnWnWAqH3DrpaJvHl!#4sl*cV!W@f!hi*cS|d>2n9m$LsaEztci>vV}S>
zcH4Grfj*Zs>ul7^+vsI45P#z}k^vwL@QClp|3Kmsx4Fb*F{v$ign08O!$^D$7lXH6
z_C#c5IY?Eo5vKZmQdWL$zN<7<vd)&$q%v1Yey+=rBe{x7C0AKNfn+Z$Epq3(vWp#s
z4p*u4L~(why?D9gbSzJoJhlFyCm=1c7iZ_$i&HagY0=N6OSPV$%w9rVj^lBAS%ESp
zO>($E+ab-D3YX`X*b6c3Wpzfq9_*$)IF6l^JGMaT`ylNJ(HVbpu7Ih>^k9T<2Dna@
zdT5n)X*}Hr0^6}ld-`MHbA>)2eqNbCo&mx$JYq<`NQsqPB2=mMfJ!VMMB<OJO8(lg
zTpyAAa8yx>q}Z%DnkKFD1RCV9l$zoTRi~s&DY>Cg)zc|y7>rF$(DQCJ_0FjAZaW0j
z&w7W!ln+wx1OdH6xC`Jq-n~OJeMOULKL~W9cPme@@K1nv_v3id41{JLv0lDJiRD}(
zdUsGI2G=6-r{BgquO~vi^VC=Q<$y0G4dYqyX}q3&9%`RKV_)a_-Y$u?590~0RqPYd
zK7@w>u4CW3G})bOvRx7g>__|NHL&pOK-}py>m4fp$ve-F5YayMP<gYt1c^y8=lPjZ
zRedOk2BOY@&#bH>&Ne}YoRxH&DAL%nAG9*jmNsitrxdkt&ooSr?fwSP!FzO{h)4KC
zXjFP^lUK)?l$wtGi*Bch@R%Cg)79}ttUY~D$C8n)SJ`LboL~~H23SsUbS=TrYMhW^
zfGJ{D=Ld{6)3NA>Ae;3nd71jYL*sj9x9ufAR5E4KS;mjjK_HgwF%sBK>3s~*E%#Dl
zfJ;mkQ(AYa#EuI{oPm|}K_#Kpt96tbYvg)a>B#~Ald?49;ZW$|87SVpSGVDM>8uyn
z^1kGU06grhNAZpe%B%;c2toL#dvzP`d%W{Ymj?tQ=+$StSokd<{^tV|@dCliBbLeU
zQ(}ZmM6b4~#6w4s_=B(a3bw}ik`*N<Uo+`B<f9G|jYAQTZDAck$wNnDwj_kl2Dpwx
zS7<)lH2JiEz(#cFx4T&QJs`HfZX#|VxOv3I@>NP)$0ede?JBY71`;2L=?mUaLv18=
zW?IxLl-u}*iEM&Fn|N|zr%c<!IgL9TLGo4V&Y@Vjo*VQ?{ln4koMu&%Kx3GMZ)}P=
zH;ZVaQLsjjVi?elH*_8SfcGt;>s1Kq1Ug!Gl?`ap?WVjhe<kR3+7Bsl1DA-7s-1S|
zN54cOztf`5BYOohh%1Mu)9<XJR<6`oc>=VK&`vuos<Rcf{@*&SNbbW<JEpUaqt`J1
z$02{6%3b4qMeaJ%ZQB`u%FTKED3kxz?*lPnHIOAhSi&Rb$^YV3P9Y|Xb6S6{60?es
zn8@iCsB$vHpw}R(Y2Aj|y6p^r(pjcKP?fBrkrs*#0^#oiT*s6?n!@v%6wZP`Bbw6w
zAPY|c;=#~(y<Z~wDRDiQh^DB&L=3H}KqCDm!dD+!JNmr>MM8Ds^*pJep4`=V(g;FV
zSx;8EQ7EQqBK)~J-EUhT(F}f}$>1sow4f&|`xv-;IuN_PCXx$;Tpn?*{4phN<`U79
zr&MC)Y9!Lr5@M(O^m>ugPqz+}#)TF@_cc!tCluX@#a6CH;$&I3yM00f-J%J!52&p`
hoKti;O7y72bX}rz4euM*&Q_rIgP9YG{>u<O{{yA!P>TQn

literal 0
Hc-jL100001

diff --git a/tests/community-id-sameip/suricata.yaml b/tests/community-id-sameip/suricata.yaml
new file mode 100644
index 000000000..df7bcdcff
--- /dev/null
+++ b/tests/community-id-sameip/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      community-id: true
+      community-id-seed: 1
+      types:
+        - flow
diff --git a/tests/community-id-sameip/test.yaml b/tests/community-id-sameip/test.yaml
new file mode 100644
index 000000000..bf43f308b
--- /dev/null
+++ b/tests/community-id-sameip/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      community_id: 1:IJQHtzXv/tXud3FtXIufkDsfEd4=
+      dest_ip: 192.168.0.254
+      dest_port: 3306
+      event_type: flow
+      proto: TCP
+      src_ip: 192.168.0.254
+      src_port: 56162
-- 
2.47.3