- add test to check presence of ethernet metadata in events
triggered on flow timeout pseudopackets
--- /dev/null
+# Test
+
+This test checks bug 5867 for missing ethernet metadata in
+events triggered on flow timeout pseudopackets.
+
+Ticket: https://redmine.openinfosecfoundation.org/issues/5486
+
+# Pcap
+
+Pcap comes from the ticket, where it demonstrates the bug:
+https://redmine.openinfosecfoundation.org/issues/5486
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ ethernet: yes
+ types:
+ - http
--- /dev/null
+requires:
+ min-version: 8
+
+pcap: 154.pcap
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: http
+ has-key: ether
+ ether.src_mac: 00:08:02:1c:47:ae
+ ether.dest_mac: 20:e5:2a:b6:93:f1
projects / thirdparty / suricata-verify.git / commitdiff
