tests: datasets set for IP

diff --git a/tests/datasets/datasets-set-ip/README.md b/tests/datasets/datasets-set-ip/README.md
new file mode 100644 (file)
index 0000000..3daacb0
--- /dev/null
+++ b/tests/datasets/datasets-set-ip/README.md
@@ -0,0 +1,2 @@
+Test that the configuration option to allow absolute dataset filenames
+in rules works.

diff --git a/tests/datasets/datasets-set-ip/test.rules b/tests/datasets/datasets-set-ip/test.rules
new file mode 100644 (file)
index 0000000..37c1951
--- /dev/null
+++ b/tests/datasets/datasets-set-ip/test.rules
@@ -0,0 +1,2 @@
+alert ip any any -> any any (ip.dst; dataset: set, ip-list, type ip, state ip-list.lst; sid:1; rev:1;)
+alert ip any any -> any any (ip.dst; dataset: set, ipv4-list, type ipv4, state ipv4-list.lst; sid:2; rev:1;)

diff --git a/tests/datasets/datasets-set-ip/test.yaml b/tests/datasets/datasets-set-ip/test.yaml
new file mode 100644 (file)
index 0000000..ce44d94
--- /dev/null
+++ b/tests/datasets/datasets-set-ip/test.yaml
@@ -0,0 +1,17 @@
+pcap: ../../snmp-v2c-get/SNMPv2c_get_requests.pcap
+
+args:
+  - --data-dir=${OUTPUT_DIR}
+  - --set datasets.enabled=yes
+  - --set datasets.save-directory=.
+  - --runmode=single
+
+checks:
+  - filter:
+      count: 2
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 2
+      match:
+        alert.signature_id: 2