From e23b1fd3732663f4cbc7e5d0fb8de88c788e9586 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 25 Apr 2024 10:18:48 -0400
Subject: [PATCH] tests: linktype_name test

Issue: 6954

Ensure that the linktype_name is included in the alerts.
---
 tests/linktype_name/test.rules |  1 +
 tests/linktype_name/test.yaml  | 14 ++++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 tests/linktype_name/test.rules
 create mode 100644 tests/linktype_name/test.yaml

diff --git a/tests/linktype_name/test.rules b/tests/linktype_name/test.rules
new file mode 100644
index 000000000..f2edf25e5
--- /dev/null
+++ b/tests/linktype_name/test.rules
@@ -0,0 +1 @@
+alert http $HOME_NET any -> any 443 (msg:"ET POLICY HTTP traffic on port 443 (CONNECT)"; flow:to_server,established; content:"CONNECT"; http_method; classtype:bad-unknown; sid:2013933; rev:4; metadata:created_at 2011_11_17, updated_at 2011_11_17;)
diff --git a/tests/linktype_name/test.yaml b/tests/linktype_name/test.yaml
new file mode 100644
index 000000000..4c1f80da5
--- /dev/null
+++ b/tests/linktype_name/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 8
+
+pcap:  ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+- -k none --set outputs.1.eve-log.types.0.alert.packet=yes
+
+checks:
+  - filter:
+      count: 86
+      match:
+        event_type: alert
+        packet_info.linktype_name: RAW
-- 
2.47.2