From d8b73c4590368fc77a09f14586e9efc71b4c1bee Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 26 Jul 2023 12:18:58 -0300
Subject: [PATCH] stats: add checks for drop reason counters

Leaving checks for stream reassembly aside as those were already added
by another commit.

Related to Task #6230
Task #6571
---
 tests/exception-policy-applayer-01/suricata.yaml          | 2 ++
 tests/exception-policy-applayer-01/test.yaml              | 6 ++++++
 tests/exception-policy-defrag-01/suricata.yaml            | 2 ++
 tests/exception-policy-defrag-01/test.yaml                | 6 ++++++
 tests/exception-policy-midstream-02/suricata.yaml         | 1 +
 tests/exception-policy-midstream-02/test.yaml             | 6 ++++++
 tests/exception-policy-simulated-flow-memcap/test.yaml    | 6 ++++++
 tests/exception-policy-stream-ssn-memcap-01/suricata.yaml | 2 ++
 tests/exception-policy-stream-ssn-memcap-01/test.yaml     | 6 ++++++
 9 files changed, 37 insertions(+)

diff --git a/tests/exception-policy-applayer-01/suricata.yaml b/tests/exception-policy-applayer-01/suricata.yaml
index dfccb8afa..aa46e9763 100644
--- a/tests/exception-policy-applayer-01/suricata.yaml
+++ b/tests/exception-policy-applayer-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop
diff --git a/tests/exception-policy-applayer-01/test.yaml b/tests/exception-policy-applayer-01/test.yaml
index 1a210454e..d4d09ebaf 100644
--- a/tests/exception-policy-applayer-01/test.yaml
+++ b/tests/exception-policy-applayer-01/test.yaml
@@ -48,3 +48,9 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.applayer_error: 1
diff --git a/tests/exception-policy-defrag-01/suricata.yaml b/tests/exception-policy-defrag-01/suricata.yaml
index dfccb8afa..aa46e9763 100644
--- a/tests/exception-policy-defrag-01/suricata.yaml
+++ b/tests/exception-policy-defrag-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop
diff --git a/tests/exception-policy-defrag-01/test.yaml b/tests/exception-policy-defrag-01/test.yaml
index 22be53c71..9daab6297 100644
--- a/tests/exception-policy-defrag-01/test.yaml
+++ b/tests/exception-policy-defrag-01/test.yaml
@@ -34,3 +34,9 @@ checks:
         event_type: flow
         flow.action: drop
         proto: ICMP
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.defrag_memcap: 1
diff --git a/tests/exception-policy-midstream-02/suricata.yaml b/tests/exception-policy-midstream-02/suricata.yaml
index d4e75dae9..c390fff3b 100644
--- a/tests/exception-policy-midstream-02/suricata.yaml
+++ b/tests/exception-policy-midstream-02/suricata.yaml
@@ -17,3 +17,4 @@ outputs:
             flows: start     # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
diff --git a/tests/exception-policy-midstream-02/test.yaml b/tests/exception-policy-midstream-02/test.yaml
index 79fe323b3..83a2f4671 100644
--- a/tests/exception-policy-midstream-02/test.yaml
+++ b/tests/exception-policy-midstream-02/test.yaml
@@ -24,3 +24,9 @@ checks:
       count: 0
       match:
         event_type: anomaly
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_midstream: 1
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
index 11632c687..2429daf06 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -30,3 +30,9 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.flow_memcap: 1
diff --git a/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml b/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml
index dfccb8afa..aa46e9763 100644
--- a/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml
+++ b/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop
diff --git a/tests/exception-policy-stream-ssn-memcap-01/test.yaml b/tests/exception-policy-stream-ssn-memcap-01/test.yaml
index 830934f48..88576cade 100644
--- a/tests/exception-policy-stream-ssn-memcap-01/test.yaml
+++ b/tests/exception-policy-stream-ssn-memcap-01/test.yaml
@@ -47,3 +47,9 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_memcap: 1
-- 
2.47.2