From a8ce2d97bb90691717baa84255607553f4149b75 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Tue, 30 May 2023 19:12:14 -0300
Subject: [PATCH] tests/midstream: update test with midstream-policy

exception-policy-midstream-03: make README more explanatory.
bug-2491-02: adjust midstream-policy config value, as "drop-flow" is no
longer valid when midstream is enabled.

Related to
Bug #5825
---
 tests/bug-2491-02/test.yaml                       | 2 +-
 tests/exception-policy-midstream-03/README.md     | 7 ++++---
 tests/exception-policy-midstream-03/suricata.yaml | 9 +++++++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/tests/bug-2491-02/test.yaml b/tests/bug-2491-02/test.yaml
index d403ee8ae..d96342920 100644
--- a/tests/bug-2491-02/test.yaml
+++ b/tests/bug-2491-02/test.yaml
@@ -4,7 +4,7 @@ requires:
 args:
 - --set stream.async-oneside=true
 - --set stream.midstream=true
-- --set stream.midstream-policy=drop-flow
+- --set stream.midstream-policy=ignore
 
 checks:
   - filter:
diff --git a/tests/exception-policy-midstream-03/README.md b/tests/exception-policy-midstream-03/README.md
index 1c1f48d09..0875bfa79 100644
--- a/tests/exception-policy-midstream-03/README.md
+++ b/tests/exception-policy-midstream-03/README.md
@@ -1,14 +1,15 @@
 # Test
 
 Check that Suricata behaves as expected with no midstream-policy set (that is,
-with default behavior), in IPS mode, in a stream first seen by Suricata in
-SYNACK stage.
+with default behavior) and midstream enabled, in IPS mode, in a stream first
+seen by Suricata in SYNACK stage.
 
 # Behavior
 
 With midstream true but no exception policy for midstream set we expect to see
 alerts and ``http`` events logged, as the portion of the flow available will be
-inspected and no exception policy for midstream will be applied.
+inspected and no exception policy for midstream will be applied, as with
+midstream enabled, "auto" is set to "ignore" in IPS mode as well.
 
 # Pcap
 
diff --git a/tests/exception-policy-midstream-03/suricata.yaml b/tests/exception-policy-midstream-03/suricata.yaml
index 49d9203a7..1d909b80a 100644
--- a/tests/exception-policy-midstream-03/suricata.yaml
+++ b/tests/exception-policy-midstream-03/suricata.yaml
@@ -15,3 +15,12 @@ outputs:
             http: yes
         - flow
         - http
+
+logging:
+  default-log-level: notice
+  outputs:
+  - file:
+      enabled: yes
+      level: notice
+      filename: suricata.json
+      type: json
-- 
2.47.2