Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: linktype_name test #2023

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

tests: linktype_name test #2023

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Aug 28, 2024
edited
Loading

Continuation of #2006

Issue: 6954

Ensure that the linktype_name is included in the alerts.

Updates:

  • Modify existing test cases to expand the range of linktype name values.
  • Remove unnecessary changes to existing tests
  • Trim suricata configuration file for decode-chdlc-02 test
  • Removed additional tests and used the filter "min-version" attribute instead.

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6954

Suricata PR: OISF/suricata#11670

@jlucovsky
tests: linktype_name test
4fe8d00 
Issue: 6954

Ensure that the linktype_name is included in the alerts.
@jlucovsky
test/linktype: Expand linktype_name coverage
4ab1813 
Issue: 4974

This commit extends the linktype_name validation across the existing
tests so that more linktype name values are checked:
    - C_HDLC
    - PPP
    - IPV4
    - IPV6
    - RAW
    - EN10B
    - LINUX_SLL

Some existing tests required suricata.yaml configuration to enable the
packet values to be in the alerts.
@jlucovsky jlucovsky changed the title tests/reference; Tests for reference inclusion tests: linktype_name test Aug 28, 2024
This was referenced Aug 28, 2024
Closed
Open
@jufajardini jufajardini added the requires suricata pr Depends on a PR in Suricata label Aug 29, 2024
jufajardini
jufajardini approved these changes Aug 29, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks :)

catenacyber
catenacyber reviewed Sep 3, 2024
View reviewed changes
tests/vxlan-decoder-04/test.yaml
match:
event_type: alert
tunnel.dest_port: 4789
packet_info.linktype_name: RAW
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, @jlucovsky could we have packet_info.ethernet_type for your other PR ? ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@jufajardini jufajardini jufajardini approved these changes

@victorjulien victorjulien victorjulien approved these changes

Assignees
No one assigned
Labels
requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jlucovsky @jufajardini @victorjulien @catenacyber