test/bug-2491-02: add more checks

As part of the investigation for Suricata's behavior for stream-async.

Related to
Task #6063
Task #8011

diff --git a/tests/bug-2491-02/test.yaml b/tests/bug-2491-02/test.yaml
index f4b6244ef99e219797ca239e7eb0b4bf16589e45..91421b151743762ea8b9f210c0164d18fda36786 100644 (file)
--- a/tests/bug-2491-02/test.yaml
+++ b/tests/bug-2491-02/test.yaml
@@ -9,14 +9,55 @@ checks:
       match:
         event_type: alert
   - filter:
+      min-version: 8.0
       count: 1
       match:
         event_type: alert
         alert.signature_id: 1
+        pcap_cnt: 2
   - filter:
+      min-version: 8.0
       count: 1
       match:
         event_type: alert
         alert.signature_id: 2
+        pcap_cnt: 2
+  - filter:
+      lt-version: 8.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 11
+  - filter:
+      lt-version: 8.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        pcap_cnt: 11
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: TCP
+        app_proto: http
+        flow.pkts_toserver: 11
+        flow.pkts_toclient: 0
+        flow.bytes_toserver: 1787
+        flow.bytes_toclient: 0
+        flow.age: 10
+        flow.state: established
+        flow.reason: shutdown
+        flow.alerted: true
+        tcp.tcp_flags: '19'
+        tcp.tcp_flags_ts: '19'
+        tcp.tcp_flags_tc: '00'
+        tcp.fin: true
+        tcp.psh: true
+        tcp.ack: true
+        tcp.state: close_wait
+        tcp.ts_max_regions: 1
+        tcp.tc_max_regions: 1