From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 22 Oct 2025 02:11:32 +0000 (-0700)
Subject: test/bug-2491-02: add more checks
X-Git-Tag: suricata-7.0.14~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36dd3da48e3b5234bb4a42fdacaf7f95d58719b8;p=thirdparty%2Fsuricata-verify.git

test/bug-2491-02: add more checks

As part of the investigation for Suricata's behavior for stream-async.

Related to
Task #6063
Task #8011
---

diff --git a/tests/bug-2491-02/test.yaml b/tests/bug-2491-02/test.yaml
index f4b6244ef..91421b151 100644
--- a/tests/bug-2491-02/test.yaml
+++ b/tests/bug-2491-02/test.yaml
@@ -9,14 +9,55 @@ checks:
       match:
         event_type: alert
   - filter:
+      min-version: 8.0
       count: 1
       match:
         event_type: alert
         alert.signature_id: 1
+        pcap_cnt: 2
   - filter:
+      min-version: 8.0
       count: 1
       match:
         event_type: alert
         alert.signature_id: 2
+        pcap_cnt: 2
+  - filter:
+      lt-version: 8.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 11
+  - filter:
+      lt-version: 8.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        pcap_cnt: 11
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        proto: TCP
+        app_proto: http
+        flow.pkts_toserver: 11
+        flow.pkts_toclient: 0
+        flow.bytes_toserver: 1787
+        flow.bytes_toclient: 0
+        flow.age: 10
+        flow.state: established
+        flow.reason: shutdown
+        flow.alerted: true
+        tcp.tcp_flags: '19'
+        tcp.tcp_flags_ts: '19'
+        tcp.tcp_flags_tc: '00'
+        tcp.fin: true
+        tcp.psh: true
+        tcp.ack: true
+        tcp.state: close_wait
+        tcp.ts_max_regions: 1
+        tcp.tc_max_regions: 1