From: Jason Ish Date: Wed, 17 Jan 2018 20:25:50 +0000 (-0600) Subject: filestore v2 tests X-Git-Tag: suricata-6.0.4~524 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3be510d6b399103f675b5e2be82d674022e84093;p=thirdparty%2Fsuricata-verify.git filestore v2 tests --- diff --git a/tests/filestore-v2.1-forced/suricata-update-pdf.pcap b/tests/filestore-v2.1-forced/suricata-update-pdf.pcap new file mode 100644 index 000000000..98dd0605e Binary files /dev/null and b/tests/filestore-v2.1-forced/suricata-update-pdf.pcap differ diff --git a/tests/filestore-v2.1-forced/suricata.yaml b/tests/filestore-v2.1-forced/suricata.yaml new file mode 100644 index 000000000..4d28bb659 --- /dev/null +++ b/tests/filestore-v2.1-forced/suricata.yaml @@ -0,0 +1,25 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-4.0.3.yaml + +outputs: + - eve-log: + enabled: yes + types: + - files + - stats + - file-store: + version: 2 + enabled: yes + force-filestore: yes + stream-depth: 0 + +app-layer: + protocols: + http: + enabled: yes + libhtp: + default-config: + personality: IDS + response-body-limit: 200kb diff --git a/tests/filestore-v2.1-forced/test.yaml b/tests/filestore-v2.1-forced/test.yaml new file mode 100644 index 000000000..a5dcf595e --- /dev/null +++ b/tests/filestore-v2.1-forced/test.yaml @@ -0,0 +1,11 @@ +requires: + files: + - src/output-filestore.c + +checks: + + - shell: + args: test -e output/filestore/48/48d179a2f8d17331446c7a75a082851eee9ad841705ed5fbce730f51a0598d62 + + - stats: + file_store.fs_errors: 0 diff --git a/tests/filestore-v2.2-forced-with-open-files/suricata.yaml b/tests/filestore-v2.2-forced-with-open-files/suricata.yaml new file mode 100644 index 000000000..d6e80d7e6 --- /dev/null +++ b/tests/filestore-v2.2-forced-with-open-files/suricata.yaml @@ -0,0 +1,26 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-4.0.3.yaml + +outputs: + - eve-log: + enabled: yes + types: + - files + - stats + - file-store: + version: 2 + enabled: yes + force-filestore: yes + stream-depth: 0 + max-open-files: 100 + +app-layer: + protocols: + http: + enabled: yes + libhtp: + default-config: + personality: IDS + response-body-limit: 200kb diff --git a/tests/filestore-v2.2-forced-with-open-files/test.yaml b/tests/filestore-v2.2-forced-with-open-files/test.yaml new file mode 100644 index 000000000..5f9aee7aa --- /dev/null +++ b/tests/filestore-v2.2-forced-with-open-files/test.yaml @@ -0,0 +1,15 @@ +requires: + files: + - src/output-filestore.c + +pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap + +checks: + + - shell: + args: test -e output/filestore/48/48d179a2f8d17331446c7a75a082851eee9ad841705ed5fbce730f51a0598d62 + + - stats: + file_store.fs_errors: 0 + + diff --git a/tests/filestore-v2.3-fserror/README.md b/tests/filestore-v2.3-fserror/README.md new file mode 100644 index 000000000..c178b566b --- /dev/null +++ b/tests/filestore-v2.3-fserror/README.md @@ -0,0 +1,2 @@ +Test the case where a file system operation fails and make sure that +it is counted. diff --git a/tests/filestore-v2.3-fserror/suricata.yaml b/tests/filestore-v2.3-fserror/suricata.yaml new file mode 100644 index 000000000..4d28bb659 --- /dev/null +++ b/tests/filestore-v2.3-fserror/suricata.yaml @@ -0,0 +1,25 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-4.0.3.yaml + +outputs: + - eve-log: + enabled: yes + types: + - files + - stats + - file-store: + version: 2 + enabled: yes + force-filestore: yes + stream-depth: 0 + +app-layer: + protocols: + http: + enabled: yes + libhtp: + default-config: + personality: IDS + response-body-limit: 200kb diff --git a/tests/filestore-v2.3-fserror/test.yaml b/tests/filestore-v2.3-fserror/test.yaml new file mode 100644 index 000000000..bd598b1b2 --- /dev/null +++ b/tests/filestore-v2.3-fserror/test.yaml @@ -0,0 +1,16 @@ +requires: + files: + - src/output-filestore.c + +pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap + +setup: + # Create a filestore directory where the rename to will fail. + - script: | + mkdir -p output/filestore/48 + chmod 444 output/filestore/48 + +checks: + # We should have one file_store.fs_errors. + - stats: + file_store.fs_errors: 1