]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8c378e)
tests: linktype_name test
authorJeff Lucovsky <jlucovsky@oisf.net>
Thu, 25 Apr 2024 14:18:48 +0000 (10:18 -0400)
committerVictor Julien <victor@inliniac.net>
Tue, 1 Apr 2025 08:16:58 +0000 (10:16 +0200)
Issue: 6954

Ensure that the linktype_name is included in the alerts.

tests/linktype_name/test.rules [new file with mode: 0644] patch | blob
tests/linktype_name/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/linktype_name/test.rules b/tests/linktype_name/test.rules
new file mode 100644 (file)
index 0000000..f2edf25
--- /dev/null
+++ b/tests/linktype_name/test.rules
@@ -0,0 +1 @@
+alert http $HOME_NET any -> any 443 (msg:"ET POLICY HTTP traffic on port 443 (CONNECT)"; flow:to_server,established; content:"CONNECT"; http_method; classtype:bad-unknown; sid:2013933; rev:4; metadata:created_at 2011_11_17, updated_at 2011_11_17;)
diff --git a/tests/linktype_name/test.yaml b/tests/linktype_name/test.yaml
new file mode 100644 (file)
index 0000000..4c1f80d
--- /dev/null
+++ b/tests/linktype_name/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 8
+
+pcap:  ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+- -k none --set outputs.1.eve-log.types.0.alert.packet=yes
+
+checks:
+  - filter:
+      count: 86
+      match:
+        event_type: alert
+        packet_info.linktype_name: RAW
Mirror of https://github.com/OISF/suricata-verify.git