Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: linktype_name test #2006

Closed
wants to merge 2 commits into from
Closed

tests: linktype_name test #2006

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Aug 13, 2024
edited
Loading

Continuation of #1996

Issue: 6954

Ensure that the linktype_name is included in the alerts.

Updates:

  • Modify existing test cases to expand the range of linktype name values.
  • Remove unnecessary changes to existing tests
  • Trim suricata configuration file for decode-chdlc-02 test

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6954

Suricata PR: OISF/suricata#11584

@jlucovsky
tests: linktype_name test
4fe8d00 
Issue: 6954

Ensure that the linktype_name is included in the alerts.
@jlucovsky
test/linktype: Expand linktype_name coverage
bde83b9 
Issue: 4974

This commit extends the linktype_name validation across the existing
tests so that more linktype name values are checked:
    - C_HDLC
    - PPP
    - IPV4
    - IPV6
    - RAW
    - EN10B
    - LINUX_SLL

Some existing tests required suricata.yaml configuration to enable the
packet values to be in the alerts.
This was referenced Aug 13, 2024
Closed
Closed
jufajardini
jufajardini reviewed Aug 16, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still miss the addition of the ticket reference to the new tests that were created :P

@jufajardini
Copy link
Contributor

Wondering if the CI failures we're seeing mean we'll need a rebase/new version so we actually get the tests to be run.

catenacyber
catenacyber reviewed Aug 27, 2024
View reviewed changes
tests/decode-chdlc-01/test.yaml

- stats:
decoder.ipv4: 17
decoder.chdlc: 17
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is not changed but for white spaces, is it ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the only changes were whitespace related.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we keep it as before then ?

catenacyber
catenacyber reviewed Aug 27, 2024
View reviewed changes
tests/defrag/bug-6887-defrag-ipv6-tcp-02/test.yaml
alert.signature_id: 1
packet: "YAAAAAP8BkAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAATA5H5AAAAABAAAAAFAQIADIrQAAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ=="
packet_info.linktype: 229
packet_info.linktype_name: IPV6
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you have added a check in tests/defrag/bug-6887-defrag-ipv6-tcp-01 ? Rather than creating a new test ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes.

@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Aug 27, 2024
@jlucovsky jlucovsky mentioned this pull request Aug 28, 2024
Open
@jlucovsky
Copy link
Contributor Author

Continued in #2023

@jlucovsky jlucovsky closed this Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini left review comments

@catenacyber catenacyber catenacyber left review comments

Assignees
No one assigned
Labels
requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @jufajardini @catenacyber