From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 18 Jul 2025 14:11:27 +0000 (+0200)
Subject: flow: add test for community id with same ip
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=becb64007ced45aaafa93208bf50301bd17e0d79;p=thirdparty%2Fsuricata-verify.git

flow: add test for community id with same ip

Ticket: 5689
---

diff --git a/tests/community-id-sameip/README.md b/tests/community-id-sameip/README.md
new file mode 100644
index 000000000..9cc19d19d
--- /dev/null
+++ b/tests/community-id-sameip/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Community ID test when same IP address
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/5689
+
+# Pcap
+
+From ticket
diff --git a/tests/community-id-sameip/input.pcap b/tests/community-id-sameip/input.pcap
new file mode 100644
index 000000000..bfc4d794d
Binary files /dev/null and b/tests/community-id-sameip/input.pcap differ
diff --git a/tests/community-id-sameip/suricata.yaml b/tests/community-id-sameip/suricata.yaml
new file mode 100644
index 000000000..df7bcdcff
--- /dev/null
+++ b/tests/community-id-sameip/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      community-id: true
+      community-id-seed: 1
+      types:
+        - flow
diff --git a/tests/community-id-sameip/test.yaml b/tests/community-id-sameip/test.yaml
new file mode 100644
index 000000000..bf43f308b
--- /dev/null
+++ b/tests/community-id-sameip/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      community_id: 1:IJQHtzXv/tXud3FtXIufkDsfEd4=
+      dest_ip: 192.168.0.254
+      dest_port: 3306
+      event_type: flow
+      proto: TCP
+      src_ip: 192.168.0.254
+      src_port: 56162