From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 25 Apr 2024 14:18:48 +0000 (-0400)
Subject: tests: linktype_name test
X-Git-Tag: suricata-7.0.11~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e23b1fd3732663f4cbc7e5d0fb8de88c788e9586;p=thirdparty%2Fsuricata-verify.git

tests: linktype_name test

Issue: 6954

Ensure that the linktype_name is included in the alerts.
---

diff --git a/tests/linktype_name/test.rules b/tests/linktype_name/test.rules
new file mode 100644
index 000000000..f2edf25e5
--- /dev/null
+++ b/tests/linktype_name/test.rules
@@ -0,0 +1 @@
+alert http $HOME_NET any -> any 443 (msg:"ET POLICY HTTP traffic on port 443 (CONNECT)"; flow:to_server,established; content:"CONNECT"; http_method; classtype:bad-unknown; sid:2013933; rev:4; metadata:created_at 2011_11_17, updated_at 2011_11_17;)
diff --git a/tests/linktype_name/test.yaml b/tests/linktype_name/test.yaml
new file mode 100644
index 000000000..4c1f80da5
--- /dev/null
+++ b/tests/linktype_name/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 8
+
+pcap:  ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+- -k none --set outputs.1.eve-log.types.0.alert.packet=yes
+
+checks:
+  - filter:
+      count: 86
+      match:
+        event_type: alert
+        packet_info.linktype_name: RAW