From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 4 Jun 2021 08:36:04 +0000 (+0200)
Subject: Adds check about ssh bypass
X-Git-Tag: suricata-6.0.4~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a030314fede8589f091cfcc54ad51da5c9c414ef;p=thirdparty%2Fsuricata-verify.git

Adds check about ssh bypass
---

diff --git a/tests/ssh-hassh/test.yaml b/tests/ssh-hassh/test.yaml
index fec75ab60..e380e19e8 100644
--- a/tests/ssh-hassh/test.yaml
+++ b/tests/ssh-hassh/test.yaml
@@ -4,7 +4,7 @@ features:
     - RUST
 
 args:
- - -k none
+ - -k none --set stream.bypass=yes
 
 checks:
   # Check that we have the following events in eve.json
@@ -35,3 +35,8 @@ checks:
         event_type: ssh
         ssh.client.hassh.hash: "2dd6531c7e89d3c925db9214711be76a"
         ssh.server.hassh.hash: "6832f1ce43d4397c2c0a3e2f8c94334e"
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        flow.state: bypassed