Adds regression test against forced filestore

Cf https://redmine.openinfosecfoundation.org/issues/5408

diff --git a/tests/filestore-5408/README.md b/tests/filestore-5408/README.md
new file mode 100644 (file)
index 0000000..3abd7eb
--- /dev/null
+++ b/tests/filestore-5408/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test against bug 5408 with forced filestore
+
+# PCAP
+
+The pcap comes from https://tcpreplay.appneta.com/wiki/captures.html#bigflows-pcap
+The bigFlows.pcap was reduced to the pair of ip addresses causing the bug

diff --git a/tests/filestore-5408/input.pcap b/tests/filestore-5408/input.pcap
new file mode 100644 (file)
index 0000000..eca84a4
Binary files /dev/null and b/tests/filestore-5408/input.pcap differ

diff --git a/tests/filestore-5408/suricata.yaml b/tests/filestore-5408/suricata.yaml
new file mode 100644 (file)
index 0000000..c0378fa
--- /dev/null
+++ b/tests/filestore-5408/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes

diff --git a/tests/filestore-5408/test.yaml b/tests/filestore-5408/test.yaml
new file mode 100644 (file)
index 0000000..6b45dda
--- /dev/null
+++ b/tests/filestore-5408/test.yaml
@@ -0,0 +1,8 @@
+requires:
+  min-version: 6
+
+checks:
+  - filter:
+      count: 5
+      match:
+        event_type: fileinfo