From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 25 Aug 2022 15:13:15 +0000 (+0200)
Subject: dhcp: adds check about renewal_time keyword
X-Git-Tag: suricata-6.0.8~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d47fffee461918d246336487bf739dbec207f62;p=thirdparty%2Fsuricata-verify.git

dhcp: adds check about renewal_time keyword
---

diff --git a/tests/dhcp-eve-extended/min7.rules b/tests/dhcp-eve-extended/min7.rules
index ee9e9902d..cb3f8e63a 100644
--- a/tests/dhcp-eve-extended/min7.rules
+++ b/tests/dhcp-eve-extended/min7.rules
@@ -1,2 +1,3 @@
 alert dhcp any any -> any any (msg:"small DHCP lease time (<2hours)"; dhcp.leasetime:<7200; sid:1; rev:1;)
 alert dhcp any any -> any any (msg:"big DHCP rebinding time (>3000seconds)"; dhcp.rebinding_time:>3000; sid:2; rev:1;)
+alert dhcp any any -> any any (msg:"intermediate DHCP renewal time (between 1000 and 2000 seconds)"; dhcp.renewal_time:1000<>2000; sid:3; rev:1;)
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml
index ca0ae29cc..d7607d096 100644
--- a/tests/dhcp-eve-extended/test.yaml
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -78,3 +78,9 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 2
+- filter:
+    min-version: 7
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 3