From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 20 Mar 2023 12:15:20 +0000 (+0100)
Subject: Adds test with multiple HTTP 100 responses
X-Git-Tag: suricata-6.0.12~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4dfed81398659651126cabfb82e0285efcabc4bc;p=thirdparty%2Fsuricata-verify.git

Adds test with multiple HTTP 100 responses
---

diff --git a/tests/http-multiple100/README.md b/tests/http-multiple100/README.md
new file mode 100644
index 000000000..4007fa362
--- /dev/null
+++ b/tests/http-multiple100/README.md
@@ -0,0 +1,5 @@
+# HTTP multiple 100
+
+This test verifies that Suricata continues parsing even if a HTTP server replies multiple times the status 100 Continue.
+
+The pcap file is downloaded from https://github.com/OISF/libhtp/issues/377
diff --git a/tests/http-multiple100/input.pcap b/tests/http-multiple100/input.pcap
new file mode 100644
index 000000000..9aeb6c1e4
Binary files /dev/null and b/tests/http-multiple100/input.pcap differ
diff --git a/tests/http-multiple100/test.yaml b/tests/http-multiple100/test.yaml
new file mode 100644
index 000000000..0692cb174
--- /dev/null
+++ b/tests/http-multiple100/test.yaml
@@ -0,0 +1,15 @@
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.size: 34293
+
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.status: 200