test/stream: Update drop reason per new reason code

Issue: 6235

diff --git a/tests/exception-policy-stream-reassembly-memcap-01/README.md b/tests/exception-policy-stream-reassembly-memcap-01/README.md
new file mode 100644 (file)
index 0000000..88a687f
--- /dev/null
+++ b/tests/exception-policy-stream-reassembly-memcap-01/README.md
@@ -0,0 +1,5 @@
+# Description
+
+Test exception policy logic for stream reassembly.
+
+DEBUG is required to enable the "eps" logic.

diff --git a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml
index dfccb8afa643b645d9977f7c442e1fc612fbbf3b..3c973a2beb9dc6c5aff8cc4417cbdd7fe96f9bdb 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml
@@ -1,6 +1,9 @@
 %YAML 1.1
 ---
 
+stats:
+  enabled: yes
+
 outputs:
   - eve-log:
       enabled: yes
@@ -20,6 +23,10 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats:
+            totals: yes       # stats for all threads merged together
+            threads: no       # per thread stats
+            deltas: no        # include delta values
 action-order:
   - pass
   - drop

diff --git a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
index eb6c5305ecfb9ae89b89e6992f09f6a66dfdd56e..f20281159430ffcfdcffa167409ee4ae778baeb8 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
@@ -23,7 +23,7 @@ checks:
       count: 1
       match:
         event_type: drop
-        drop.reason: "stream memcap"
+        drop.reason: "stream reassembly"
   - filter:
       count: 28
       match:
@@ -48,3 +48,8 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_reassembly: 1

diff --git a/tests/exception-policy-stream-reassembly-memcap-04/README.md b/tests/exception-policy-stream-reassembly-memcap-04/README.md
new file mode 100644 (file)
index 0000000..88a687f
--- /dev/null
+++ b/tests/exception-policy-stream-reassembly-memcap-04/README.md
@@ -0,0 +1,5 @@
+# Description
+
+Test exception policy logic for stream reassembly.
+
+DEBUG is required to enable the "eps" logic.

diff --git a/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml
index 758f7208528ae36ae1c3af2fa89b6b131673a305..aac4c605a75d949de9d4deed8eab8097d9cb7d3a 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml
@@ -14,3 +14,7 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats:
+            totals: yes       # stats for all threads merged together
+            threads: no       # per thread stats
+            deltas: no        # include delta values

diff --git a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
index eb6c5305ecfb9ae89b89e6992f09f6a66dfdd56e..f20281159430ffcfdcffa167409ee4ae778baeb8 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
@@ -23,7 +23,7 @@ checks:
       count: 1
       match:
         event_type: drop
-        drop.reason: "stream memcap"
+        drop.reason: "stream reassembly"
   - filter:
       count: 28
       match:
@@ -48,3 +48,8 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_reassembly: 1

diff --git a/tests/exception-policy-stream-reassembly-memcap-05/README.md b/tests/exception-policy-stream-reassembly-memcap-05/README.md
new file mode 100644 (file)
index 0000000..88a687f
--- /dev/null
+++ b/tests/exception-policy-stream-reassembly-memcap-05/README.md
@@ -0,0 +1,5 @@
+# Description
+
+Test exception policy logic for stream reassembly.
+
+DEBUG is required to enable the "eps" logic.

diff --git a/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml
index 758f7208528ae36ae1c3af2fa89b6b131673a305..aac4c605a75d949de9d4deed8eab8097d9cb7d3a 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml
@@ -14,3 +14,7 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats:
+            totals: yes       # stats for all threads merged together
+            threads: no       # per thread stats
+            deltas: no        # include delta values

diff --git a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
index 7901c6b4de9002a0424f90301885e7b615ae488c..d19e9ad87479d39f0e7db260e07e3e78014dee23 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
@@ -24,7 +24,7 @@ checks:
       count: 1
       match:
         event_type: drop
-        drop.reason: "stream memcap"
+        drop.reason: "stream reassembly"
   - filter:
       count: 0
       match:
@@ -49,3 +49,8 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_reassembly: 1