--- /dev/null
+# Test Description
+
+Tests that no traffic is bypassed even with minimal reassembly depth
+
+## PCAP
+
+Source: https://wiki.wireshark.org/SampleCaptures
+File: dump.pcapng
+
+## Related issues
+
+Created with a work to decouple stream.bypass setting from TLS encrypted bypass.
+https://redmine.openinfosecfoundation.org/issues/6788
--- /dev/null
+requires:
+ min-version: 7
+
+args:
+- -k none
+- --set app-layer.protocols.tls.encryption-handling=full
+- --set app-layer.protocols.ssh.encryption-handling=full
+- --set stream.reassembly.depth=1
+- --set stream.bypass=false
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: stats
+ - stats:
+ flow_bypassed.local_pkts: 0
+ flow_bypassed.local_bytes: 0
--- /dev/null
+# Test Description
+
+Tests that traffic is bypassed after reaching the reassembly depth
+
+## PCAP
+
+Source: https://wiki.wireshark.org/SampleCaptures
+File: dump.pcapng
+
+## Related issues
+
+Created with a work to decouple stream.bypass setting from TLS encrypted bypass.
+https://redmine.openinfosecfoundation.org/issues/6788
--- /dev/null
+pcap: ../bypass-depth-disabled/input.pcap
+
+requires:
+ min-version: 7
+
+args:
+- -k none
+- --set app-layer.protocols.tls.encryption-handling=full
+- --set app-layer.protocols.ssh.encryption-handling=full
+- --set stream.reassembly.depth=1
+- --set stream.bypass=true
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: stats
+ - stats:
+ flow_bypassed.local_pkts: 11
+ flow_bypassed.local_bytes: 6126
--- /dev/null
+# Test Description
+
+Tests that the encrypted part of the SSH traffic is bypassed but it should not
+bypass based on the depth
+
+## PCAP
+
+Source: https://www.cloudshark.org/captures/9b72eb8febf9
+File: ssh-server-client.pcapng
+
+## Related issues
+
+Created with a work to decouple stream.bypass setting from TLS encrypted bypass.
+https://redmine.openinfosecfoundation.org/issues/6788
--- /dev/null
+requires:
+ min-version: 8
+
+args:
+- -k none
+- --set app-layer.protocols.tls.encryption-handling=full
+- --set app-layer.protocols.ssh.encryption-handling=bypass
+- --set stream.reassembly.depth=1MB
+- --set stream.bypass=false
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: stats
+ - stats:
+ flow_bypassed.local_pkts: 45
+ flow_bypassed.local_bytes: 3972
--- /dev/null
+# Test Description
+
+Tests that no traffic is bypassed with disabled bypass settings
+
+## PCAP
+
+Source: https://wiki.wireshark.org/SampleCaptures
+File: dump.pcapng
+
+## Related issues
+
+Created with a work to decouple stream.bypass setting from TLS encrypted bypass.
+https://redmine.openinfosecfoundation.org/issues/6788
--- /dev/null
+pcap: ../bypass-depth-disabled/input.pcap
+
+requires:
+ min-version: 7
+
+args:
+- -k none
+- --set app-layer.protocols.tls.encryption-handling=full
+- --set app-layer.protocols.ssh.encryption-handling=full
+- --set stream.reassembly.depth=1MB
+- --set stream.bypass=false
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: stats
+ - stats:
+ flow_bypassed.local_pkts: 0
+ flow_bypassed.local_bytes: 0
--- /dev/null
+# Test Description
+
+Tests that the encrypted part of the traffic is bypassed but it should not
+bypass based on the depth
+
+## PCAP
+
+Source: https://wiki.wireshark.org/SampleCaptures
+File: dump.pcapng
+
+## Related issues
+
+Created with a work to decouple stream.bypass setting from TLS encrypted bypass.
+https://redmine.openinfosecfoundation.org/issues/6788
--- /dev/null
+pcap: ../bypass-depth-disabled/input.pcap
+
+requires:
+ min-version: 8
+
+args:
+- -k none
+- --set app-layer.protocols.tls.encryption-handling=bypass
+- --set app-layer.protocols.ssh.encryption-handling=full
+- --set stream.reassembly.depth=1MB
+- --set stream.bypass=false
+
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: stats
+ - stats:
+ flow_bypassed.local_pkts: 4
+ flow_bypassed.local_bytes: 275
projects / thirdparty / suricata-verify.git / commitdiff
