tests: add test for issue 7521

author Victor Julien <victor@inliniac.net>

Thu, 23 Jan 2025 15:48:05 +0000 (16:48 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 28 Jan 2025 21:34:28 +0000 (22:34 +0100)
author Victor Julien <victor@inliniac.net>
Thu, 23 Jan 2025 15:48:05 +0000 (16:48 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 28 Jan 2025 21:34:28 +0000 (22:34 +0100)
diff --git a/tests/iponly-midstream-01/test.rules b/tests/iponly-midstream-01/test.rules

new file mode 100644 (file)

index 0000000..5fd5494
--- /dev/null
+++ b/tests/iponly-midstream-01/test.rules
@@ -0,0 +1,4 @@
+alert tcp 192.168.1.5 any -> 192.168.1.1 any (sid:1;)
+alert tcp 192.168.1.1 any -> 192.168.1.5 any (sid:2;)
+alert tcp any any -> any any (sid:3;)
+alert tcp 192.168.1.0/24 any -> 192.168.1.0/24 any (sid:4;)
diff --git a/tests/iponly-midstream-01/test.yaml b/tests/iponly-midstream-01/test.yaml

new file mode 100644 (file)

index 0000000..661971f
--- /dev/null
+++ b/tests/iponly-midstream-01/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 8
+
+args:
+- --set stream.midstream=true
+
+pcap: ../uricontent/detect-uricontent-06/input.pcap
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 2
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 3
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 4
author	Victor Julien <victor@inliniac.net>
	Thu, 23 Jan 2025 15:48:05 +0000 (16:48 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 28 Jan 2025 21:34:28 +0000 (22:34 +0100)
tests/iponly-midstream-01/test.rules	[new file with mode: 0644]	patch \| blob
tests/iponly-midstream-01/test.yaml	[new file with mode: 0644]	patch \| blob