]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
tcp: fast open detection on first packet when inline 2805/head 2823/head
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 15 Jul 2025 08:14:13 +0000 (10:14 +0200)
committerVictor Julien <victor@inliniac.net>
Thu, 18 Dec 2025 12:50:11 +0000 (13:50 +0100)
Ticket: 6744

tests/tcp-fastopen-13/README.md [new file with mode: 0644]
tests/tcp-fastopen-13/test.rules [new file with mode: 0644]
tests/tcp-fastopen-13/test.yaml [new file with mode: 0644]
tests/tcp-fastopen-13/tfo.pcap [new file with mode: 0644]

diff --git a/tests/tcp-fastopen-13/README.md b/tests/tcp-fastopen-13/README.md
new file mode 100644 (file)
index 0000000..d2c7e7f
--- /dev/null
@@ -0,0 +1,11 @@
+# Test
+
+Test fast-open with stream.inline to test detection on first packet
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/6744
+
+# Pcap
+
+part of tcp-fastopen-03/tfo.pcap
diff --git a/tests/tcp-fastopen-13/test.rules b/tests/tcp-fastopen-13/test.rules
new file mode 100644 (file)
index 0000000..bc92c5e
--- /dev/null
@@ -0,0 +1 @@
+alert http any any -> any any (http.uri; content:"/index.php"; sid:1;)
diff --git a/tests/tcp-fastopen-13/test.yaml b/tests/tcp-fastopen-13/test.yaml
new file mode 100644 (file)
index 0000000..c343439
--- /dev/null
@@ -0,0 +1,13 @@
+requires:
+  min-version: 9
+
+args:
+  - --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 1
diff --git a/tests/tcp-fastopen-13/tfo.pcap b/tests/tcp-fastopen-13/tfo.pcap
new file mode 100644 (file)
index 0000000..ce1cee8
Binary files /dev/null and b/tests/tcp-fastopen-13/tfo.pcap differ