From: Victor Julien <victor@inliniac.net>
Date: Fri, 21 Feb 2020 15:54:11 +0000 (+0100)
Subject: decoder: initial hdlc test
X-Git-Tag: suricata-6.0.4~314
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F213%2Fhead;p=thirdparty%2Fsuricata-verify.git

decoder: initial hdlc test
---

diff --git a/tests/decode-chdlc-01/README.md b/tests/decode-chdlc-01/README.md
new file mode 100644
index 000000000..5fa361331
--- /dev/null
+++ b/tests/decode-chdlc-01/README.md
@@ -0,0 +1 @@
+Ensure Cisco HDLC packets are decoded
diff --git a/tests/decode-chdlc-01/hdlc-http_1tx.pcap b/tests/decode-chdlc-01/hdlc-http_1tx.pcap
new file mode 100644
index 000000000..43d736c1b
Binary files /dev/null and b/tests/decode-chdlc-01/hdlc-http_1tx.pcap differ
diff --git a/tests/decode-chdlc-01/test.rules b/tests/decode-chdlc-01/test.rules
new file mode 100644
index 000000000..90536fb91
--- /dev/null
+++ b/tests/decode-chdlc-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.method; content:"GET"; sid:666;)
diff --git a/tests/decode-chdlc-01/test.yaml b/tests/decode-chdlc-01/test.yaml
new file mode 100644
index 000000000..0d40b8851
--- /dev/null
+++ b/tests/decode-chdlc-01/test.yaml
@@ -0,0 +1,36 @@
+requires:
+
+  min-version: 6.0.0
+
+
+checks:
+
+    - filter:
+        count: 1
+        match:
+            event_type: http
+            http.hostname: "view.atdmt.com"
+            http.status: 200
+            http.length: 8079
+
+    - filter:
+        count: 1
+        match:
+            event_type: fileinfo
+            fileinfo.state: CLOSED
+
+    - filter:
+        count: 1
+        match:
+            event_type: alert
+            alert.signature_id: 666
+
+    - filter:
+        count: 1
+        match:
+            event_type: flow
+            proto: TCP
+
+    - stats:
+        decoder.ipv4: 17
+        decoder.chdlc: 17