]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2717a6)
Add test about enip stats with _udp prefix
authorPhilippe Antoine <pantoine@oisf.net>
Fri, 1 Dec 2023 20:56:03 +0000 (21:56 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 19 Dec 2023 08:51:19 +0000 (09:51 +0100)
Ticket: 6304

tests/enip-stats-udp/README.md [new file with mode: 0644] patch | blob
tests/enip-stats-udp/suricata.yaml [new file with mode: 0644] patch | blob
tests/enip-stats-udp/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/enip-stats-udp/README.md b/tests/enip-stats-udp/README.md
new file mode 100644 (file)
index 0000000..a49716d
--- /dev/null
+++ b/tests/enip-stats-udp/README.md
@@ -0,0 +1,11 @@
+# Description
+
+Test ENIP stats always have `_udp` or `_tcp` prefix
+
+# Issue
+
+https://redmine.openinfosecfoundation.org/issues/6304
+
+# PCAP
+
+The pcap is reused enip-alert test
diff --git a/tests/enip-stats-udp/suricata.yaml b/tests/enip-stats-udp/suricata.yaml
new file mode 100644 (file)
index 0000000..205735a
--- /dev/null
+++ b/tests/enip-stats-udp/suricata.yaml
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - flow
+        - stats
+
+app-layer:
+  protocols:
+    enip:
+      enabled: detection-only
+      detection-ports:
+        dp: 44818
diff --git a/tests/enip-stats-udp/test.yaml b/tests/enip-stats-udp/test.yaml
new file mode 100644 (file)
index 0000000..2fc6e23
--- /dev/null
+++ b/tests/enip-stats-udp/test.yaml
@@ -0,0 +1,28 @@
+requires:
+  min-version: 8
+
+pcap: ../enip-alert/enip_test1.pcap
+
+# disables checksum verification
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        app_proto: enip
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        # not stats.app_layer.flow.enip
+        stats.app_layer.flow.enip_tcp: 1
+        stats.app_layer.flow.enip_udp: 0
+  - filter:
+      count: 0
+      match:
+        event_type: stats
+        # this key does not exist in eve output
+        stats.app_layer.flow.enip: 0
Mirror of https://github.com/OISF/suricata-verify.git