tests: expand http2 file test

Limit to 7.

diff --git a/tests/http2-files/expected/fast.log b/tests/http2-files/expected/fast.log
index 6152138dfd1810fe3b2842453eb7d7ae594541e9..8796be6463327153b690c956b99305ac5436f304 100644 (file)
--- a/tests/http2-files/expected/fast.log
+++ b/tests/http2-files/expected/fast.log
@@ -1,12 +1,27 @@
 08/02/2014-10:50:25.823699  [**] [1:6:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.823699  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.823699  [**] [1:8:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:9:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:11:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:12:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.828791  [**] [1:3:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.828986  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.828986  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.828986  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.830473  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.830473  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.830719  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.830719  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:10:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:13:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.832311  [**] [1:4:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.833220  [**] [1:4:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.833365  [**] [1:5:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508

diff --git a/tests/http2-files/test.rules b/tests/http2-files/test.rules
index d1126b8b76b6c8a2548bb6ebc36792f4d3abe45c..8897c05ff042e77df40199f5632563e7d7e030b7 100644 (file)
--- a/tests/http2-files/test.rules
+++ b/tests/http2-files/test.rules
@@ -5,3 +5,8 @@ alert http2 any any -> any any (flow:established,to_client; filemd5:test.md5; si
 alert http2 any any -> any any (file.data; content:"nghttp2 - HTTP/2 C Library"; sid:6; rev:1;)
 alert http2 any any -> any any (file.data; content:!"html"; startswith; sid:7; rev:1;)
 alert http2 any any -> any any (file.data; content:"|0a 0a|<!DOCTYPE"; startswith; sid:8; rev:1;)
+alert http2 any any -> any any (http.response_body; content:"nghttp2 - HTTP/2 C Library"; sid:9; rev:1;)
+alert http2 any any -> any any (http.response_body; content:!"html"; startswith; sid:10; rev:1;)
+alert http2 any any -> any any (http.response_body; content:"|0a 0a|<!DOCTYPE"; startswith; sid:11; rev:1;)
+alert http2 any any -> any any (http.response_body; strip_whitespace; content:"nghttp2-HTTP/2CLibrary"; sid:12; rev:1;)
+alert http2 any any -> any any (http.response_body; strip_whitespace; content:!"html"; startswith; sid:13; rev:1;)

diff --git a/tests/http2-files/test.yaml b/tests/http2-files/test.yaml
index f61522bd52d89e2ba005049b4a2c715a306cc308..ea4352ef41c7c8a329ab71aa1d9a605340fe4d89 100644 (file)
--- a/tests/http2-files/test.yaml
+++ b/tests/http2-files/test.yaml
@@ -2,7 +2,7 @@ requires:
   features:
     - HAVE_NSS
     - HAVE_LIBJANSSON
-  min-version: 6.0.0
+  min-version: 7
 
 # disables checksum verification
 args:
@@ -91,6 +91,31 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 8
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 9
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 10
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 11
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 12
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 13
   - filter:
       count: 6
       match: