http2: test all frames types

diff --git a/tests/http2-frames/test.rules b/tests/http2-frames/test.rules
index 47b1f41546634a783d06c39049f38eca38105210..307023c4feb3cc881f733da3ca595cfd76ba2747 100644 (file)
--- a/tests/http2-frames/test.rules
+++ b/tests/http2-frames/test.rules
@@ -1 +1,3 @@
 alert http2 any any -> any any (frame:http2.hdr; content:"|00 00 04 08 00|"; flow:to_server; sid:1;)
+alert http2 any any -> any any (frame:http2.data; content:"|3f ff 00 01|"; bsize: 4; flow:to_server; sid:2;)
+alert http2 any any -> any any (frame:http2.pdu; content:"|00 00 04 08 00 00 00 00 00 3f ff 00 01|"; flow:to_server; sid:3;)

diff --git a/tests/http2-frames/test.yaml b/tests/http2-frames/test.yaml
index 4e835921c3ca0031aee522ef222fc20159c7340e..858e184f2944598fce6514bb54db6d7534344e85 100644 (file)
--- a/tests/http2-frames/test.yaml
+++ b/tests/http2-frames/test.yaml
@@ -8,9 +8,18 @@ args:
 pcap:  ../http2-keywords2/input.pcap
 
 checks:
-# checks for http.uri keyword : 1 for HTTP1, 1 for mimicked HTTP2 response, so 2 for whole HTTP
   - filter:
       count: 1
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3