mqtt: check reason codes for CONNACK

diff --git a/tests/mqtt-connect-rules/test.rules b/tests/mqtt-connect-rules/test.rules
index 4668f5cb635b75ccd7c5643ecbd3e90f2103214f..36015db66551905e1041197e9811b3cdc24ec874 100644 (file)
--- a/tests/mqtt-connect-rules/test.rules
+++ b/tests/mqtt-connect-rules/test.rules
@@ -1,4 +1,6 @@
 alert mqtt any any -> any any (msg:"MQTT CONNECT protocol string SUCCESS"; mqtt.connect.protocol_string; content:"MQTT"; sid:1;)
 alert mqtt any any -> any any (msg:"MQTT CONNECT protocol string SUCCESS2"; mqtt.connect.protocol_string; content:"M"; sid:2;)
 alert mqtt any any -> any any (msg:"MQTT CONNECT protocol string FAIL"; mqtt.connect.protocol_string; content:"Foobar"; sid:3;)
+alert mqtt any any -> any any (msg:"MQTT CONNACK reason code 0"; mqtt.type:CONNACK; mqtt.reason_code:0; sid:4;)
+alert mqtt any any -> any any (msg:"MQTT DISCONNECT reason code 0"; mqtt.type:DISCONNECT; mqtt.reason_code:0; sid:5;)
 

diff --git a/tests/mqtt-connect-rules/test.yaml b/tests/mqtt-connect-rules/test.yaml
index c72b79ae9388b84480b59b92cd311b4d3f69be33..b097714f82296eb857516c2bac5824306e5b7ee6 100644 (file)
--- a/tests/mqtt-connect-rules/test.yaml
+++ b/tests/mqtt-connect-rules/test.yaml
@@ -60,3 +60,15 @@ checks:
       match:
         event_type: alert
         alert.signature: MQTT CONNECT protocol string FAIL
+
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature: MQTT CONNACK reason code 0
+
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature: MQTT DISCONNECT reason code 0