Tests that a DHCP request flood doesn't take an excessive amount
of time.
Skipped by default.
Related ticket #3345:
https://redmine.openinfosecfoundation.org/issues/3345
--- /dev/null
+Test that Suricata can process this DHCP request flood without
+significant slowdown.
+
+DHCP rules are required to trigger this condition.
+
+Related ticket:
+https://redmine.openinfosecfoundation.org/issues/3345
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - dhcp:
+ enabled: yes
+ extended: yes
--- /dev/null
+# DHCP app-layer event rules. See
+#
+# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer
+# for SID allocation.
+
+alert dhcp any any -> any any (msg:"SURICATA DHCP malformed options"; app-layer-event:dhcp.malformed_options; classtype:protocol-command-decode; sid:2227000; rev:1;)
+alert dhcp any any -> any any (msg:"SURICATA DHCP truncated options"; app-layer-event:dhcp.truncated_options; classtype:protocol-command-decode; sid:2227001; rev:1;)
--- /dev/null
+# Skip by default, can take a long time to run until Suricata is fixed
+# for this case.
+skip: true
+
+checks:
+ - filter:
+ count: 10000
+ match:
+ event_type: dhcp
projects / thirdparty / suricata-verify.git / commitdiff
