detect/integers: add check for count argument

author Philippe Antoine <pantoine@oisf.net>

Wed, 24 Sep 2025 12:50:06 +0000 (14:50 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 16 Oct 2025 19:33:29 +0000 (21:33 +0200)
author Philippe Antoine <pantoine@oisf.net>
Wed, 24 Sep 2025 12:50:06 +0000 (14:50 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 16 Oct 2025 19:33:29 +0000 (21:33 +0200)
diff --git a/tests/http2-window-index/test.rules b/tests/http2-window-index/test.rules

index fd65785d4dc52b7212cbc36e85dab53d9e9be04c..cc1e9083b7a530caf79ae71a4df4b5afddabf6a4 100644 (file)
--- a/tests/http2-window-index/test.rules
+++ b/tests/http2-window-index/test.rules
@@ -14,3 +14,5 @@ alert http2 any any -> any any (http2.window:32768,or_absent; sid:9; rev:1;)
  alert http2 any any -> any any (http2.window:123,oob_or 2; sid:10; rev:1;)
  
  alert http2 any any -> any any (http2.window:>36000,nb>1,1:-1; sid:11; rev:1;)
+
+alert http2 any any -> any any (http2.window:count>5; sid:12; rev:1;)
diff --git a/tests/http2-window-index/test.yaml b/tests/http2-window-index/test.yaml

index 463f633c258ed493f29760d8529a3196cc5c3e73..abf863b75732c6b149b53af02d08463db9bde42d 100644 (file)
--- a/tests/http2-window-index/test.yaml
+++ b/tests/http2-window-index/test.yaml
@@ -52,3 +52,9 @@ checks:
          event_type: alert
          alert.signature_id: 11
          http.http2.stream_id: 5
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 12
+        http.http2.stream_id: 5
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 24 Sep 2025 12:50:06 +0000 (14:50 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 16 Oct 2025 19:33:29 +0000 (21:33 +0200)
tests/http2-window-index/test.rules		patch \| blob \| blame \| history
tests/http2-window-index/test.yaml		patch \| blob \| blame \| history