decoder: initial hdlc test

diff --git a/tests/decode-chdlc-01/README.md b/tests/decode-chdlc-01/README.md
new file mode 100644 (file)
index 0000000..5fa3613
--- /dev/null
+++ b/tests/decode-chdlc-01/README.md
@@ -0,0 +1 @@
+Ensure Cisco HDLC packets are decoded

diff --git a/tests/decode-chdlc-01/hdlc-http_1tx.pcap b/tests/decode-chdlc-01/hdlc-http_1tx.pcap
new file mode 100644 (file)
index 0000000..43d736c
Binary files /dev/null and b/tests/decode-chdlc-01/hdlc-http_1tx.pcap differ

diff --git a/tests/decode-chdlc-01/test.rules b/tests/decode-chdlc-01/test.rules
new file mode 100644 (file)
index 0000000..90536fb
--- /dev/null
+++ b/tests/decode-chdlc-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.method; content:"GET"; sid:666;)

diff --git a/tests/decode-chdlc-01/test.yaml b/tests/decode-chdlc-01/test.yaml
new file mode 100644 (file)
index 0000000..0d40b88
--- /dev/null
+++ b/tests/decode-chdlc-01/test.yaml
@@ -0,0 +1,36 @@
+requires:
+
+  min-version: 6.0.0
+
+
+checks:
+
+    - filter:
+        count: 1
+        match:
+            event_type: http
+            http.hostname: "view.atdmt.com"
+            http.status: 200
+            http.length: 8079
+
+    - filter:
+        count: 1
+        match:
+            event_type: fileinfo
+            fileinfo.state: CLOSED
+
+    - filter:
+        count: 1
+        match:
+            event_type: alert
+            alert.signature_id: 666
+
+    - filter:
+        count: 1
+        match:
+            event_type: flow
+            proto: TCP
+
+    - stats:
+        decoder.ipv4: 17
+        decoder.chdlc: 17