From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 25 Aug 2022 15:11:26 +0000 (+0200)
Subject: dhcp: adds check about rebinding_time keyword
X-Git-Tag: suricata-6.0.8~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ac1f2e548050b85bccc76a130493ba43d123311;p=thirdparty%2Fsuricata-verify.git

dhcp: adds check about rebinding_time keyword
---

diff --git a/tests/dhcp-eve-extended/min7.rules b/tests/dhcp-eve-extended/min7.rules
index 841a842fe..ee9e9902d 100644
--- a/tests/dhcp-eve-extended/min7.rules
+++ b/tests/dhcp-eve-extended/min7.rules
@@ -1 +1,2 @@
 alert dhcp any any -> any any (msg:"small DHCP lease time (<2hours)"; dhcp.leasetime:<7200; sid:1; rev:1;)
+alert dhcp any any -> any any (msg:"big DHCP rebinding time (>3000seconds)"; dhcp.rebinding_time:>3000; sid:2; rev:1;)
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml
index 58782b34e..ca0ae29cc 100644
--- a/tests/dhcp-eve-extended/test.yaml
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -72,3 +72,9 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 1
+- filter:
+    min-version: 7
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2