From: Juliana Fajardini <jufajardini@oisf.net>
Date: Mon, 23 Oct 2023 20:01:37 +0000 (-0300)
Subject: tests/tcp-hdr: actually test tcp-hdr keyword
X-Git-Tag: suricata-6.0.16~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=474961952ff5ef620b7a0de3fa3254b15fa4bedf;p=thirdparty%2Fsuricata-verify.git

tests/tcp-hdr: actually test tcp-hdr keyword

Noticed that the tcp-hdr keyword test rule was actually using tcp.mss.
Adjusted it to use tcp.hdr instead.
---

diff --git a/tests/tcp-hdr-keyword/test.rules b/tests/tcp-hdr-keyword/test.rules
index a1aa40a19..8204ac8cb 100644
--- a/tests/tcp-hdr-keyword/test.rules
+++ b/tests/tcp-hdr-keyword/test.rules
@@ -1 +1 @@
-alert tcp any any -> any any (tcp.mss:<536; sid:1234; rev:5;)
+alert tcp any any -> any any (tcp.hdr; content:"|02 04|"; offset:20; byte_test:2,<,536,0,big,relative; sid:1234; rev:5;)