]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 16c4a9f)
decode: Tests for unknown/arp counters
authorJeff Lucovsky <jlucovsky@oisf.net>
Fri, 16 Dec 2022 14:31:34 +0000 (09:31 -0500)
committerJason Ish <jason.ish@oisf.net>
Tue, 31 Jan 2023 21:33:16 +0000 (15:33 -0600)
Issue: 5761

This commit adds tests for decode counters which are new
- decode.arp
- decode.unknown_ethertype

tests/decode-arp-1/input.pcap [new file with mode: 0644] patch | blob
tests/decode-arp-1/test.rules [new file with mode: 0644] patch | blob
tests/decode-arp-1/test.yaml [new file with mode: 0644] patch | blob
tests/decode-unknown-1/input.pcap [new file with mode: 0644] patch | blob
tests/decode-unknown-1/test.rules [new file with mode: 0644] patch | blob
tests/decode-unknown-1/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/decode-arp-1/input.pcap b/tests/decode-arp-1/input.pcap
new file mode 100644 (file)
index 0000000..34f8d97
Binary files /dev/null and b/tests/decode-arp-1/input.pcap differ
diff --git a/tests/decode-arp-1/test.rules b/tests/decode-arp-1/test.rules
new file mode 100644 (file)
index 0000000..9ccfe57
--- /dev/null
+++ b/tests/decode-arp-1/test.rules
@@ -0,0 +1 @@
+alert udp any any -> any any (content:"data|0a 0a|"; startswith; endswith; sid:1;)
diff --git a/tests/decode-arp-1/test.yaml b/tests/decode-arp-1/test.yaml
new file mode 100644 (file)
index 0000000..5a765b9
--- /dev/null
+++ b/tests/decode-arp-1/test.yaml
@@ -0,0 +1,14 @@
+requires:
+    min-version: 7
+
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+  - stats:
+      decoder.ethernet: 1
+      decoder.arp: 1
diff --git a/tests/decode-unknown-1/input.pcap b/tests/decode-unknown-1/input.pcap
new file mode 100644 (file)
index 0000000..d3c406f
Binary files /dev/null and b/tests/decode-unknown-1/input.pcap differ
diff --git a/tests/decode-unknown-1/test.rules b/tests/decode-unknown-1/test.rules
new file mode 100644 (file)
index 0000000..9ccfe57
--- /dev/null
+++ b/tests/decode-unknown-1/test.rules
@@ -0,0 +1 @@
+alert udp any any -> any any (content:"data|0a 0a|"; startswith; endswith; sid:1;)
diff --git a/tests/decode-unknown-1/test.yaml b/tests/decode-unknown-1/test.yaml
new file mode 100644 (file)
index 0000000..8e826e2
--- /dev/null
+++ b/tests/decode-unknown-1/test.yaml
@@ -0,0 +1,14 @@
+requires:
+    min-version: 7
+
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+  - stats:
+      decoder.ethernet: 1
+      decoder.unknown_ethertype: 1
Mirror of https://github.com/OISF/suricata-verify.git