From 91620486aa4ac7103efc4dc644a5e6317b1619af Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 1 Jul 2022 13:21:21 +0200
Subject: [PATCH] Adds regression test against forced filestore

Cf https://redmine.openinfosecfoundation.org/issues/5408
---
 tests/filestore-5408/README.md     |   8 ++++++++
 tests/filestore-5408/input.pcap    | Bin 0 -> 67409 bytes
 tests/filestore-5408/suricata.yaml |  13 +++++++++++++
 tests/filestore-5408/test.yaml     |   8 ++++++++
 4 files changed, 29 insertions(+)
 create mode 100644 tests/filestore-5408/README.md
 create mode 100644 tests/filestore-5408/input.pcap
 create mode 100644 tests/filestore-5408/suricata.yaml
 create mode 100644 tests/filestore-5408/test.yaml

diff --git a/tests/filestore-5408/README.md b/tests/filestore-5408/README.md
new file mode 100644
index 000000000..3abd7ebb0
--- /dev/null
+++ b/tests/filestore-5408/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test against bug 5408 with forced filestore
+
+# PCAP
+
+The pcap comes from https://tcpreplay.appneta.com/wiki/captures.html#bigflows-pcap
+The bigFlows.pcap was reduced to the pair of ip addresses causing the bug
diff --git a/tests/filestore-5408/input.pcap b/tests/filestore-5408/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..eca84a48b50852a86384d1d1ab7f16f2bb1113e9
GIT binary patch
literal 67409
zc-rk<378bswJsPK0Rh1cOw^1h6N&UpZM^{lQ@!u|E~crjs^0gmUiAr)7%}4Rb4gx|
zCUHw#qA^M|8ndcIaf4{oxWq(FUgAq)5;Yom_ts29_bdeij2WQ)EV{b8=C4z?@A=QU
z=bn4+_MhH!<8)*O()@4dP6U|-UKvc{j8pRv6*z|na@qRT)1Th{@UP9M)n_4E1R+-k
z29XWj-(PwAg7amj`bGJVPDC6x{Ql$V@Zt^Adyv~NLy+k+X5Krkt84nSX)~rnM3YJs
zF(@Fe*oAl!;@BKWoZCe7-Z&a@^Rv4Vhp>il0b&nABFG>j?_R}2G>D2gK00yZS?Y^`
zoLw7^KK|)<el&~-&;aUeh!}cq9<mCctr|<l(^rQC8MPyxx(lFgb}SfN*1fXXk`U{L
z7v~{=oQVj>NUWJJuU-qW?z(h5to8E|M6dPq^k;K?B3kcHM2mEWTf^0u_yEn;dK2t`
zl=ds71w3hKXe(ZiO7BX0tG-m)9ZBWAA)k-5WlRB^FQ0S;Tzn8^?X)iMvw3uZNT!5Z
zu(a15NQZnnAL;SueXJJa{Ta;eY*1B?&!u9~TELZw!|zc~+EoNN;QGAXg=y>lOx|U6
zD{6L)k+5oFHLHfH+BC7cHJPeflMH5Q7;$TZsoB(un$42}-v=u;wbJj-n6y@nv1;?0
zoU|Y1LmC@t%eowlo-a8urQO;{$E^l7N@Fga7fqLK8C#Y~u}Mp{KW2@yxftGHvz|o4
z?~kU4MnfAXDTkcuErF)Mq)H5x^)lcTml1M|?9CSw3^(9)qqSg_vPSDwvrR46=bS22
zq#&`$iK596liNxre^o>E5_u*y5a;>)ivE6@Wzq>I)fekybLB{y8+w=J_<ov6r<M}B
z61|krq?h6{Iss19fvnvTY-o8e-H=$B2#ZpNaw?}cs`*AG8P=*Wli8cCmAzS$Iva9P
zDkG(G#;nnJjdI26!3du)x>IsWqNZGIGU&#ttl!An8rp_683cz_YD;SCHV;*^7AO^I
zFNEZj!$>)^F)F6cQB{3GWl^X+N>w}?jF!TzDiVmee8FfvulIS`vL<Zx<;@J2$BK5)
z;wfod=3!Jm-f7JH@<u)^&DW)xm|qc6l(PwswqYtMHH`%32<r>kP^FSe1{$uiG8IMx
zfn++DOSsexjV4FC6IDa5Zf6{hU=WvS^+AJ~caof}UiMV8)~HgQ3b>L!Wq_*3xM)7&
zE`*7CCJ@T#!d9KC#A!0wNKmHC_(@sXmdNE?QG+WIv#0g3LX0=_#sr;aYI>R0CDR*9
z7F>amY}p(yy8>#fyjZ5tAg@nI)D90(3E0SnI~r3_dP-GNrxcu?#8^77s)C;<Th4&r
z2LorNL=2o!c8!b-<9Vkv8w`6A@qF6kiBnn9o~{u}n-|qM!KL8W=CVAvnxQ56azrA>
z2+*N$LMg*=DT?9nXJ^aBG`OP2;PE*6u|90x97C?eujq*+Se7gHWoSOm)3H7#mzg)m
zTjGimDh4oD^jLF^L^@6POZ(8C)BTAoo2!<3Y@QxjAGWf`Z}-c{l|9AE3QXCDF6+^A
zOe)upqZkVQ$9i;$A{Wio`r()J=1>gyNdY3y)%gB6pGhyL^LfxuX+Dw5_SfJiXVgZ1
znn|xL44{3=<)7>SoN%US0!b`%Hddx%+=?D9EAhIQb6Md6>8=a3StiFOvauCCu|^`l
zyocqYX`1Ke&2e#2uE-Tv^bBiHsoLl((P_F^htJ<XbXrX`=px&1q3gLa?`DdLJYVW}
zR~zZDB{w8pA6?4V)+BS06j!h2itK=uE~Yph+;J(6+VfmdxT@5f9=^VLnF=&~F54St
zvvjeTs{$dpfq8S(xm+p%9;RFdd_dzkEd@WG1dm2Z2?^R$LesQVB2_9moFG|Ql$5UQ
z$?)M!E<d1Lfe|uHffF*R@*Hp}E)_l?l$Z=9;Rl#}=n7OuD5T(np?4TAR}OuRH<|xY
zK>Cl4Wkr6l`Yg!&_uk#c{BL&MFEIb&!DWRAf(WqSrnnS`uqfVoA97d(LMfG>gA*<9
zR`wWN7R3O87fg*vRS}e9CAW*zqkct!31@ZkJd61#T|Gj3t)R=ggE87!&4qH#M3M1H
zoUq}tS&o4XyrL(?ad`=yPE^3JJZ}zstiQcFL34Z3$*;(IfDvC0&F$<5N1NMwUlTRA
z>jZPVW`s+y9-y8AP2?%ER&(pyFdwl22Lv7?rJFw3^F0KSPYXWKl&)*W4WC7T8P@i6
zXP_xAbwBvZn5G!~ASb-vF~x_oDP}?Mx>M36=FELbaOSv<GuP=s9cQlN%ypc(L&KSa
z%zwoHcJ1;}MtMD_Uvo6{dTz>$2r_Jj4xM8Ga`fQ!O&<kfT?4R09K+3mV|d;{<ru=p
z!Y`R2)<nk$O_UzpL^BMai53mcYHcFbRWo)O+L2f@U%uv8i1qdR$HUTn5kZ=o+=HWN
zkKH_Pjs|q@6+NCZx4Z|J_2{?=_y!|-aC`+yuE4P#z11^sj)gAq5-ZS)Xo6$My&6*v
zU0su8G7>fdRH&NE3eCd<R*+b@Y>bbu=pjHK+x@Ahp66QBd-$*80?mMaFBzg5NexGr
zx4#D}>*k6TsF7ByO4CpD;W%WB@qdj~L!L!XsmKg08P?)Tf~)q?Je%PKEv6`Ue*%8i
zPZAjTpHRs9SwKh(zp|R>ljDk&@kE~z?MJbGpgVF@fuVAgRN%N0#pTj9f(31w*L<SJ
zrCT|&U--H|kpUd718PVoSV-HWaRBv#uZ3@iZ2Zs%G&}SMs7y)>Ujy|Xe6%;3KlBIC
z{)0b&A}+<H1hq#m09*w90Pq4m0jb~%z&9OlV2XMJ(jk8U{zjPa4*CS}-QIWw(p`Q5
z{EKlt18LJYfLDQzRpf@01oW&WJ%W-&fUa`IfhFjYo)S~crPIK`4J^s#mh@!kVl0u3
zbBS1-7rr0*pqgO$xbU9O<%d2J-le%H-}07Dr*l=lNM}oVy2xdj`oI#tSmu`W4F5e)
z(Iq`ia3#8AHBkGKV269s!=`^=iHWYzL&h204e$@Zfc%pL9}is%|BTHs<qT+vzG^YS
zbEki{H_fl4d*Z-3*+m{A8op*ozX!(9?p{H+o8J4dUJndub?>lFx7l*Y{11sU|8WBI
z-`CFk#=$1@UkCnbJYMJ>W(9$^mhJ^3bjAgpalz2Iptq^_O_K+@#|UE@%k7gT1$qf|
zo&!1@jsU$)E$NN%E1?Dg)!LK&-e>c@q`!HWej1*AcG*h69{od<uzFQC*F5{r&_G9l
z4?6{h%>NN!{@GoKaEuDwet6CCkomuHbvyIh{w^^8Vr0?ZA3%^phz3@#f&|d&Tuc@h
z^z^S@)lY+Cx7rU!CRaBdiq?BGY<5`Lz=$Lf9f}FC6+RyZSM?=JYZ$&ZKq{3|RNl*E
z@&lMmDwoR?Lm@pmfy#RGX=VV!aRnGq;WD|R7yN1iy#gnIe=G1Z0s~y30Pjl0$^b40
z%^m}zoB;yujqu=n0K5!+*UJ=n;h!uJ7o5bi>49FL9pJ+}#DmPz3xuO%K-d9UAJzwi
z9M=`v&49ztJ@$3&&CwU(fS1M&g+@R(slzr{NweYV0Bm}25+6{aE14XmKyZ=;uY^pY
zT*)!?E*d;%DA;+<5J$F1A`Gl`*Ub={AGuVRA6d{IFPLH2c$V`~7<K;Z1I>Xo2e4jz
zWtvC?d(C2qb?0;AVQu`~K@h>VR;@{G!`3ijHVs8sJx;=wG}f9CY-@e5BiI<D2^HMB
zygp*Ek!&*UU<_K+n=-lBl+9(S_Ul4wT1_@Wfr?a;tX67Ob$~M(Obx209W#PWv_!B&
zPD*Fc=gc;Bv685&!WOGJRw+5T6t9t+3T|bix?d4&bF3x}d4Qqg3Z%{+_Mw!%6wVof
zYTJ;ZE1EdL&?%#I!d06DLuW;Sq0_LE5Q!(Xq&t_#xU8nENm)W>vdBv@T{>-wDwvo`
z9aa@ROjb`QD5WczPv+%LK5t2ylxCaFT2Oi=6{(h_N<=xOvyzsms+b6+(mbV;VuU^t
zlq>u`S>1r5HW^l7c%4h(tfRojdvt6pYYn22x=UFsv80znGct>+UbDE(fuN&c$E8jq
zDygL$d2N-CRgAfM#UC+JN`KfKq+=1Lk<QeLjzGFrQaS?#Pl62veL<XXcuR3F4BDWQ
z1gZ1JLwTn*oL4H<@uHfSq&0@D-)qpyl9;~8rL8faJ(aUNsEoB1Bs`firKN(DJ_-0R
zOIlnFx=2#a@x9lete`i?lVKTevJhdHUPgK8dQ_kCr(&I`b|<Pmk*GFg{+9srzXVAC
zrLnBYlWR_Z%>TXD+nIm%M*{ON9$fb5lL#_aY<$W^qT!?7wt2c(62QGe62K33Cjrb?
z4<`Y90UE$k_k;7tG=QKPJ~g*v01sya2zysGJ4?)k`Y*wS%8r+=a{KoVh8|S2CR3zU
zW5w(ms$tW_Fk2%<?n4ql*@p8@CMET`yiC<&2$gBCvf%cbXs3@=fgYsRWi-Z`F<`2j
zU4EPiCT*@1>e3_>d~T0P0H6oi)f5VP5Sp^YC}YK)2vcgZ8g^Qw6-z~<i0xkwvisaZ
z4+`Q=yV*m79;8eKHC1XvtYGq7s49#V<WX<XXanvBBTJhrCPPJ5&gN=FAYqhh+$vYV
zSz~=ARjwvc1yyoI3N_hM)ntWqhjK1Oh>({{s+7zVkraZoO=n9JMM_Tk+|_u-K*rsM
zq_xOqNPp5DiTlEZXf+&D*_le1j60MuEmLCTsZudu591|eh?M7QMrlf83;H<)N7)ql
zG?}#9^laV{_ZF&Hyb<C(em0Uys5mnu2m)9!i>AaAwlL?9a4{KYRN7_XvWfPaN-Ryu
zb!O6LG8=ssL$vNSq&y~>$;oEa>V%w;(>i&YO<298#v{ojt$f}|x!pDn_)Dr76`}GD
zL%eJY_zO;ET>pu%vkW26%3_(a$8T@M0!6<kR3!Ay1l{qUI{wo{vjQOV*8uas07(CZ
zv0SLFYt9v1sP*m4pCbh32fo82>xL)pr@a4^x@fk@O#V{|7>UaqKO)8R6!@$#+2PFV
zS_2NxUn`206tIpP18WDI&k6ml73-**W{b=XJ(Yr3v328NZ9aFxSpoP&vI3ep1bfN~
zAW3}USpgV1<+1_@3|E5QC<O<pkjj;ceas3Ng>z731$5klgTy`9Lz;lNo6t!UIN)gl
zqtty*^MjE2B{z#Qe_CMva69v_+|gwIi!2E83C=QhsG&1*IKUHzqm<^8$Qu}a)5**m
zm@qGNH2P52Xvq8p!2GMa5aAff{9S!dWgzn>=e9FHb)mrgi;+eDH48xwZ(f+JM1nEy
z+({&u!ifY>mrnimY>`BQHD4AM9vn9!ezD`^S2UNx$o1S}b1WVOSg)!Pu_*X&geds@
zP9i~P9;K5=&`Bid1i}xEKsaRnKb|{HY@OF4VVzgJJx|m5C`={*WAT%gAJb|@PTL@w
zl<<ZSQD1b>Cndl~{r$4(V$HT#XtvnsW}9;(Xtq<&h_^P|L)dh&MG_|nizMzD59`8T
zOmZL`-OE6@RB`YukCV5!!UT#!R~XRaurG|_7$L`{Bnq4^xeUklH4;7&XJjOtn39q3
zj*D>6xCnb%GbidQ9Q46(ptrk&;XvA{5Dg!x@~u%XqCM&bng3p?DD!_xVE((?ncshQ
zllf=<1wlUX*ja}jIwOdE3w%w;<{q$!_{8oysUh(RkV8kU4`H>2%>MykeoGf39HRo^
ztFQUAusqJz&irTf3(UV5IaPfLf^^8?0ENXTc<WAFe3Ihgu<eDoIB5Ne1jdQhz&O+`
z)5_^$f$={HVTkXwhau+NxbduYS{TfJ`Hkk-JP)vz94i(cc`7R;ye({>u+m&AOjs>M
z7Fjm7V%>AxG!eNdp;+=gx-kOwmk9y;LMzr6j~B%fiW=Xe9TRIIz{<B_JtOvv!!;l`
zjCjV&0N$@)I)>%ER;=?sH&-k!a-t9yVcL0ZomSwrg~+KV{-G6%J!7ueGlqp{9310!
z)Cs@iZ(FfmTrP?wRHeLU&6rrAy<UF373(uw=T5A>;4|s~-Z!Ave&X9rtRn2I3ucNG
z&{p}NTz3!blIwcJQF~{@1<eB5&M&kV(1wU7ygqYc6+N#vq4(SjP&dJfo@f1}y`m>X
zT=d(SB5kJ<%7)*qA0gu=fO-r39m)f(&%1W#Op%Eum7oLPxnex5V@^I8YAym#$4T0f
zUexAc2&>220O!?xskvxHoqWj8S6MCE2xfdyyT{nz0u0J&t*E8iA0|0TSx>r3)lxde
z&;}XmvQ-RNm?u+vTyDX{C{vMv%PrFOvQw4tr(~79(wB;6yy>!ES`F-9&BeSnP-T+9
zpJa%LsU&x!l!2}p4Mw%{6DrMMrGP)FHbnF8sx}5ZXl0Ss$qM$M)*g@)GmImrZY1sc
zYRwvQs6ENLAI(|iK8LGnR~hJFt|%*})ov^iuhUdfZ7<oidJ7c>-9fG@<4RS=C09yq
zv?j&lntZCrdR@h$hIANfQP%0sOJsgs6{nMg(P*?(8mQK#<U@{_rY!M#qXkX8hy^*9
zm-PlsfwU##OZrS^mDC+1P=_;+;Tg_o)ymL-%U$<G$%3s=NH&N}!Bb(K$ubu(B{j0R
zUhOMm4rAFEDsdUAT=JS}2Sb}AM!B?v>ODGBI;Llp6G?_ZvxHI=Ro1LlT<7$d6D1;V
zuO_9TQa#%#y7-CDD!DnJVZ139ndr3A@O;v8@U4}aLPZxL^PdHn|1m)NkBwzT9#9D$
z%Xh!m&ir3mB{2Wu!DV-^Ly)OA69k_tdw;ixH!$!Fw6`DMIl|uF0-p^ouej@mR_pkz
zIM%ZQ)*WMDZG)cJU9(%UF8@KdNNjQ7If(WC`{QA~wq>HTN`!PGvq}WHw?!ApiO(u2
zr(VrPFoaadq$C*JVN#$*=)Trm9Eo#Ktgh&I15?x+*uw;pxL43wO>y9hE{;_131>}1
z=Ku5qqRhWtVE*^onSaZfP3FJh?8z*;*r9^MbzpGd%B_u5l24@S;;5TWYSqR4=7Ej|
zA8r~9ng2|{{6}^n!ZE5;&c6qCK<58&M?3RBe3Zcai;+dQy$QxxhY}A=TG_?Xckavz
zP2trNP&FQYxLYiUE$rWQw`xTAVVenk<aaReylz+7#WKJ;-Zfn;i2X6d`u3m4!+QJj
zgCU45wI;Pyo5zdWk`!)hP=vLiC3Xd|6N(!6yk<?t_7ub}dbK_ygJPvf+U52IoPgVH
zHcpGFJbEK(srH+Az0z)0)+})co;6trna3N9#QiR<g&FGZGSI^nyMx%WmLN9kq>Mx^
zX11xb8CR8ZDOD(y2-f6U97~s_fjqu{t0hcDO_~+f2_}?ANyGyz9hxK6q-sP`#N=5z
zEli5YX7WX6sop5L;|)|+K;5YlQ}fd-TF`oOUNfNtmZKtJv?-r8l}WH_Wk%*sn{X@_
z@{-0Nj++Y>#v_SUOn$vqZStEkoFW`VQ!bQIG9gaxkm@;HZP$A!#>(ZDl(S;-E6uD*
z;bhBYZNVi^<9d^qGT0?dyymX)COv~jyz*SCnrHo3)Midvi&QmP3!y3|6<6y#wF(<4
z(NSJzYv2iESewb}Yeosi`mCJVr!E#!VJw|CguRxA!=S>`MoL+7nUZR6+T?1)QbkuP
zqzcGwL@-^or=xnwQ2GL)^kl+Ozd>P?XGPK%h?-PS`x6m^gs)nO08yy1A#Jpr&KgtI
zP8_=v$KIbfHe~)qfcbw3NdK2(S&@fSJB1+jk?qXC`8<L77Y{B=f}!=4T+sj@E%Fc1
zGK=3A$}Dc#U1o9ajNvki1!(X}-S;cTG<a~Y#g94$?{GGFuy@5@?G|yF)F%lp)3%Pw
z)agMTm#O12bzG)H$7NC~XNk>e|4NwCzO6kb^~mp_+XNSwe)Z_qf%j)t%o1_G)TaqM
z_P%*gx?e}UCE85S3(a)v=w`Zj5lkxlO0~6_PWX71*aXlE!UWK}<6&*>pYYVbVnS2@
z^1WP8ilGO~)W4Dt$sxy;IEG54G8rn9qjCb1@9W(ENSu*#|FWq#_uugdrmjb@r(%kt
zo<V2*=p@Ylk5uv2c|X}6=KUb^UnS1`zZRJPZ|%(gi))+A?|1@1CVBR-LkEZP0AWH?
ze-pE*2Py|(f_I(NB!K-PgN_;>MrsV1|5t$dKi!20$EXFR^9EiNrv4vkXZ|NF0`o6M
zPK{oQAcrs+>`x-VL~q^61eglzLxm9NP%40|H5CA=%CTKyg%j0%!X!?iJ&JJgA`|))
z24m5d(^`kx7u+^aEUujw;@W4Ahjr=i5034FG+NBAfm;Z90W(`sYchrIL*c}HB;fL}
z9#<ox)1_EL-snra8o`FG;cNuqdN#h2&6xEGc~GU$7FkC{XS1ths4MI$IrmsNk&RJ$
zBWE?+)Esy?iqF+KUnan~!r(qtUQ^aN_baaL3ZZ@$CcSYEjo#vLpp-s|lT?tfOB@QP
zzLb`_qk5^ENtxNSmeR&3otmmi3|f_5V~Uq?W8Ca1X-K0=huh+ofC>vHP{Qi5)<J95
zt&J3J^%ybG%Jm#&h{^KV5~YZ#)EuRz%rOl`=d@L)&VlNk8aeIsaS{cUqz(Q|BP+31
z6|$JcSjs8XX+U@(PowN|DkYkb%jYSEGZ}Tf8VG1fqd!P^aHA`i_r?o0IYnr+fto**
z3uN`Wa>(E?NFy0T2y^mG(v)*(SQ>Y5#!{-l;>L1D8&1elMYUBOt&_MyS=1UN9!E9A
zO7j_0B<F~i%k{jb9LTxLAr+~R%VT6Uk&zlWeZ!2p0(B-Iqe*vOV@@?Jc1BgBv%IC8
zFx8aqkRtC0$Kq@{V%O&QdXi(*gdxqvJsz~2wKtr&p&>O|=mu+xX2RjvP|_Ris8kBk
z7;mr@Dlyf#b_&xOGYv30bVQ0Jw@Rw>6*DQh&f&|WcB&KA?nJfsZ$TSm{!M`S9|xrW
z_*hotL3KfhMSr!O`LFn;!2F8`mwjmwf=tm!^m^lbu|$CTghYV*cP9e86&p?j$U$>g
z>b~!>G0h!J1o&6S+#Sy5t^#`3+ta#43LdC05S*{MyL!-lh{GIRm1q_`_~}vY1rH!1
zzeN=BA^~yMF2ws0$9r?$i!>3}=0_t|S`hcDgu;D~uKnpHK+YsAp+K!_FQEVtKlg(!
zF_&|*AmcG3o;nFog<9Q#`<pH&#M<=3E-{z$V!`G7{CHURXATM-v^Bhh&Eu?DVaf!o
z)$P&lO9_Rt%OApAC?D`PT$&JS#q1ti)UC_oevi%ubTAim6|^z6BCn&3#k|&#00KLJ
z8P6oVdn};<bkGuTlRyVCz8a&9Dox&Rk~GwzSSC~rqYS%$J639>xK_|XS|+n_1l*-U
zn=-1M8rvti&Vnl0By>aW3Fr-VzqO#PbHSuaipEkhcL~!K<=$AVW=|U;2}!hQ;aoh5
zsw!234>x23nWE8A)1x*e%T;_NCo8%AiCQ_}vK7+tM$r?nY2BW@$75CmV|A>Nl0{wV
zq!E``{c?9LKt}K)TTan-Z<03a>Wyl=M5;Yyp5_X!vWvr1L7OBS2P9py`pQum?ofrW
zjGJXNrL-gOcT>`$*<!|(4FcsoS*a{4*XMHaNU)xY#GI}Sk3}51pox+goE*u@<K?1S
zPSLtJ>n!LpC6C3Z<!beYOFg0eBs8*=-NY#?xkSOxFqiT+9~wawN@pU{DWTBuIQO@N
zLX-K&FQK5mL~uFRw==)$WP$mC_jT2aQ?Y~se6AzCGbUzl?>9bk(M7<DGtk~%cE)IX
z`vO1|vA0)_@G^#c0tTRNhBoq+n_KN|EI32VAHHAkhwt0%4?pqtus@uIwix)sw~uLy
zp+EdV#}*&Xwix!Vt5%5ZKd!!0@a6_O-dv{#b-cNbH`npz4jpf9?%QG+pG#*!uV+zh
zM3muD=+VK#QCEJd)kpFFVV0O@c(33Y1`j^Z@MqVE?Ki%3w$Mh^G1}<6u$0La8(Z7R
z@)faNXP3@_SPOqL9@e)Wns8REaza_Lib*Vp^`F{iMRdnOxl}GCG0+4UDVJjCKJPa^
z0_UKph}Cfirl>oxr<7Pxx1duIYZCSsAEDk8t%L)azwdfc=08$k{vWq9|KsW=^Ao)Y
zGKr~l9V$3nM+OIQ-{28S^2zKcKJuoMyPx=e@<2y}4>t{l%%1_wKer1Jj#07OkC)Dc
z%zy0l?aaUJJ%RZbBa2=<6+sRy9+<rS!$;k@lLtG6D`G+2*nXpE8tfJ!X7JXCn8A0U
ze!$4Hes=5FdX?@-<nzG0`uwga_9K^*TmQX5h+;dIzl<P*3;(bMV10c1f(?JT?##uH
z&Rn(W3UDpFe%d3qUOioanxT1N;jwGCfwNigb8u`yPJ9<;f6Rk|9{uV+-awB0?PuZp
z4G1!Q_!@XzHuO4U3q*mb9mpwp24A;Z+h^Q-*XBXwuibb5ecc&Xpg<DMv<LsR+4|_(
z?OTx3PH-&#Z|ymQ2(qYa+Kl?Oe?F^$oy9Ebc?w(hnf1Zrf4nAl*TyA1n~s+R7hu!B
z&L8pOpVzN_E%@xqpPIAk!EN6;_Kt_XF&htFr&|3r%j~U+u2YUZ>t=lWuw0vf{K?(&
z|I;;&{Og8aUBmJ_fc&wzw<X#!_{3)h5p?07&esf{2<w!2duBbl7Fqt=<j$Sb{ysyJ
z`S7pXR=)nQ=8cOUaesv_-}MW_G0xz&tAGE}k6t@_wp(c3W_zYu<at`WJ*UlUw&&3A
zxl0}d`B2g`h^+5suLZI!yM4h$|9a}?;|8VXHE&-2S-l@dmDcSTo|{m+jc(x|qZ?SR
zJ~o~1UsL1?Wv;}p!D*I236_>9qNH3xDwwE50ft2q0+5IlZoH(x=#^^l$HQ{*K>qY@
z`QJ;ABfn+%b#PezRr?b?YPol2_r2ervA6d|F8h$woYr#hzH_SxBAvFXIzxLE(1`N^
z>Xz?+4e7t+PY<nM=h^Z7{&U~dUtzqK?Y(SWOFzoC+}k>leiYWX_M>Bpupiwd1^oyn
zrhlqu){gba^1uIe=g#TdqVFxqoWywl6#laM?@w(0QsvthedV#0Cp>e@SEm_HSaJ19
z>9&59Ymw(+@qRS(`dxZ?*@tUhQMHV}Hpg{vmh{36Prk6=cR-#kh~tO<+=S<@xq9_A
z*EkmZ`*Ns0xO~OhGK%8zQmJR?L~r#Boh(_t#M;mH*TH|_G`=E}>EU^B20s|OLNfGX
zwZhjH`SZKw|KN;$*8_hI>cNVWf$V0e2akr28~lauxt*z7bay~Ku>J2|=m9XW7|lf^
z5@}Qp^ng^-5}Lpi5~);9$Y@%L;xbau1IV^F95q*L&hTkr&hXQnMF*WM%+8{N&Z2|P
zq~W14X(;41-6Xb+o%&h9XMb|E&;HDljs<H<nm@Gq?BT!76RSA$l2CExTkR`GpTgiG
z2H+i?{-r`IR^(mL#SqU4aw!k8#Srkp%uml3YowQjM*8OHM!NFzppp8{f1$OJ7C$#%
ztT@AOgyIbEjEA+6nB)n_y)Daw9y~kph;Ho)s86a;Dp09XMv%CY+~*0%5jZ0!Ac?6s
z0om~_rmAnThZ#t5AEQ&0XELTBM=1Ej_HBpEf2lb0zalXIpWB&#`|q2~|IOck0q|r_
zV06gfupMX|z+Ku$s>uPHgq+x2CwCTdzo?+2#D|p<L+0NBnE$vgL^wv3<vC*DRiP};
zkK395#p?v-UyStq$qIb_Ly-#hYaVifx9&_tPKAOzEi;kC$eGAzpPw%l)z~3K54N^P
z53c;Y3H?nC#<S&DHwW2g1FUmOvqZ2oO9ZU{8gu2>!og*?+|-I?N5!&_Pu4@_Jy|(o
zUD{@V$2t}wbKm-LE0zNjn{Cw$l`cMegj_7ZyI5F}_N^w?dVuxu%DG}eiPwan#Mj$N
z<u^5fR2CwA)yrD3zA_*dQPQju<YLBX`?}Ef|J{mJUoDC?AYett!~$(Ezp52W`Ks76
z4zCH^Fya~O051$(=IW(QtPKF`3vMy2rSpV&z*74>;4@DO^MDJHMPJmkV$JZ1KBHcE
z#=sa6xNSlN?(J5rg+5U%gMj596Kf&BdaD)dOS9)qti9kfZUcCC!@15cs+(9B0Ic^<
zm?=_GL2HC^-D%n-*K3Gl>jxXLW<`aME^M!;01>?sQACS?sNaS7I^uZY{7au`BL0>h
zjretG_r%tWzP4%8;9EdW9IhE%g}1L6g@{MXCW!cY&NK}Nay|(W8~+}Sc)Lt&&oQk{
zcxvZ}cEo|4Z$sU3-_iP;+$oM_7qA>7TJT9AApx<jsI_9fx<YI-4y^-X-TKw><htgH
zgJJ%#VNH4oTf<7&JPc-Q7*Si2k?vY^Sl{c-I2u;3wh{5DLT=oaVzsrBOPeDjfl$NZ
z@#!qp{zh0vDwA<8o@vPCI<%xT*CY<!9Y`3-F*oCox6B{LtCZR7gPU>iWfP^s0^Uqc
z!-h(!5GFAwFgLk>n{nWJ&Ju5c5doWYo9%KxN*P#LP9LNA_Pj)8luo#6laQBaL1A8^
zBvO_Z)KXP~4Aa^K<wH}xGGEFwbzcgTtFq-V9SLiFSVS43Y+lx?a<L9SsjG(_+M3p>
zP`Io$r@rAt-Em``FPDR;nOD>>Lk^?tXw_&hB`O}mkRv?~x566JvhkQ*Ue=Z^MTN;u
zunD_YS=A;QOy1#VbT}KXC`^__iM7>rjM+q38HZDjrV3nCjcfU|oR_I|d5Seh{0h6-
zfhn<y!jfy`<tcBH@aF1;jD#;x^=v6l7>mG1E0OU~Fc`J!(^$xrGpPNRbis|P7?s-_
zs_60I(SWN+*Cka`p^*rp<NNU_n`n4Q8QzHM+_<a~E3?)N9c4q_a-%bMIJt9&8k(mg
zbcvJfnim9TS#aB;#FUFjG~AG{3WODA691zM2lr!^tjYWr1Jb{EEGx2J>x9gI$9wI}
zzv)eZ`4<l^d-XO1nWVWkDBRUsyAcyGNv5%q2v<p*LK30BEs5~-KRh)$iBNmo!eg&L
z7MvZiJK5(S>Rrh`uf4Ez56MbTH<Nuv#cCf`T#q2K?p5+TesadDAvfT|m%jN$X48!y
z-L}=SpzDwCR>zp7a}bUdJ^38y^7Yn`Q!JN@r8zLt8-vmFp!?Bmi~O1v`M2*u{&$-4
zukD@Fb<F*(vF6QR97J5*Uyi9>z8037S}^Uww;ub-<F7pT@#k*73^;<4C<l`ur_cP0
z=E}2HpZ)&YH@piTKj(rqYkzS0a~XdA%Q_G7Tnc%8<HOE3YVyd<H=TCtV%;O3dR2yf
zcWsE8`TP;bDu1=^DF5@0)U9l6%PYAS`L(;{|FvRo<p=G5`YA-K{KoBr$Qj+UqIZ5_
z@oXUfXQw^*;ZfhX_`cG=eoIdW^8ae_0|+wzyyd6ep-%nJKd-y@+MB&wum9jU^y-b*
z9AUlF|N51|pMIJ8N%YJ)k6(4tyZW71KHED#|I*gbS@+&3`IfT0y|MGfGXu#FZoT;C
zWx8*ka<8IAeqD?F7m3S{yx5ZL)}HwHSowC~?=C#|H|dq{{sboe&AsKj(~*1My=TLD
z7yS8!zZRd6J$U83x!nk&upU1b{A)tyAdk&J=6A!_1#_Cohzq;nwMTspK`78KDA2YP
zkdM-X!vGE=I85N6TIAR7mj6ZRezgBzg!VVJwf`l)Q=9GodEf^BtaRUz=en|ilTO?E
z^E=MI?f%NsZ_h8;cYb=&&!z7?b!>F`H>Q2<oeS42`SA+;*$0eXQ|VipFJEhZH~90v
zRz5IYW_|8ESmkBUD@)&cvg`a|xy}Ld8(QQaFX_`W{Hhz4U$g&id~3qvKa9I&c*(c#
zZD^7SZ8)Q?4KMxunawsl<pKmbzWcl*Ok2;s_U#}2S)RYV{C{uV;CuVJUwwJ!QQI-e
z_80%}k&WM7wl?sy+rkmFf_3lswq5ty8(q&A?)&GB%JbfQ;+3@vjGMl;pyAp2IHiEh
zy5pU0u@W|0gc3I2-(A86Uo>38hJb^CQup^y8*?xKOV~Wz84MiGg8|sPtZ&W{8&0N$
z;pF<xaI({bI>X7%aI!O;JamSWcV2v?NYMF*PeWg8{aqu1uy4a5B`jfc$%59P<U^Mn
zDK<0}c2c<Gh5yjd^yGfA8H67`BRuGxqaXCb0r;R7|Dg3juawReNe24ivk<HP!FX78
z%|z2crLu{nfl8%&S%*d;op>53_MfRkqr^p4t`fLZE+^pfRXI+|<jQ?b109JoG7VHd
z71KaFHhn7E^gX12ire;15t;*^0XkB*ThqSedzbbFng1H4DDyujF#r4Q%&+^OCi7o@
zJc3MC@>qul4olyDVtcSn#EKrU{TL^7(@D+!JOCunQQyN*eT4ulVE(QyL^wtTVE^&M
z?U4D;d8M8CEe?VC7b8cnxfekW2@=?^eHbTp=T6q=6evH_vJ0cUHR%(o#OzgK$#2?{
zkkGWeeY}6+08|SYHCC-?4yiW*toRX#7?!XF(4EJQ#<HK}Sg@u%cuEuNVt{4)-gFTx
z{dExQ_U<tgtriY0yQ12P^{tP(M8XDNxD~4X1J93`iy{EtHkd&A?3Jxpcl=vy3nBeY
zP_FO%YlK|e03InMfK{4UR{*S6j+!nO&e$P@GrrwUNA{BhI$DSvy?$dW*69ny+RL~}
zC`PepjJ7{nX#1X4tb4_=E)=ki9}{aK!1_!p*5f~#KCy&I_>3n5yw%XzUVmN_>;D0j
CpWl-J

literal 0
Hc-jL100001

diff --git a/tests/filestore-5408/suricata.yaml b/tests/filestore-5408/suricata.yaml
new file mode 100644
index 000000000..c0378fa4f
--- /dev/null
+++ b/tests/filestore-5408/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes
diff --git a/tests/filestore-5408/test.yaml b/tests/filestore-5408/test.yaml
new file mode 100644
index 000000000..6b45ddac2
--- /dev/null
+++ b/tests/filestore-5408/test.yaml
@@ -0,0 +1,8 @@
+requires:
+  min-version: 6
+
+checks:
+  - filter:
+      count: 5
+      match:
+        event_type: fileinfo
-- 
2.47.2