From 61efc7401c46621447f89d17e66b85299f74c70b Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Wed, 26 Jul 2023 12:18:58 -0300 Subject: [PATCH] stats: add checks for drop reason counters --- tests/exception-policy-applayer-01/suricata.yaml | 2 ++ tests/exception-policy-applayer-01/test.yaml | 6 ++++++ tests/exception-policy-defrag-01/suricata.yaml | 2 ++ tests/exception-policy-defrag-01/test.yaml | 6 ++++++ tests/exception-policy-midstream-02/suricata.yaml | 1 + tests/exception-policy-midstream-02/test.yaml | 6 ++++++ tests/exception-policy-simulated-flow-memcap/test.yaml | 6 ++++++ .../suricata.yaml | 2 ++ .../exception-policy-stream-reassembly-memcap-01/test.yaml | 6 ++++++ tests/exception-policy-stream-ssn-memcap-01/suricata.yaml | 2 ++ tests/exception-policy-stream-ssn-memcap-01/test.yaml | 6 ++++++ 11 files changed, 45 insertions(+) diff --git a/tests/exception-policy-applayer-01/suricata.yaml b/tests/exception-policy-applayer-01/suricata.yaml index dfccb8afa..aa46e9763 100644 --- a/tests/exception-policy-applayer-01/suricata.yaml +++ b/tests/exception-policy-applayer-01/suricata.yaml @@ -20,6 +20,8 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats + action-order: - pass - drop diff --git a/tests/exception-policy-applayer-01/test.yaml b/tests/exception-policy-applayer-01/test.yaml index 9991bf4c6..9ac3800e0 100644 --- a/tests/exception-policy-applayer-01/test.yaml +++ b/tests/exception-policy-applayer-01/test.yaml @@ -48,3 +48,9 @@ checks: match: event_type: flow flow.action: drop + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.applayer_error: 1 diff --git a/tests/exception-policy-defrag-01/suricata.yaml b/tests/exception-policy-defrag-01/suricata.yaml index dfccb8afa..aa46e9763 100644 --- a/tests/exception-policy-defrag-01/suricata.yaml +++ b/tests/exception-policy-defrag-01/suricata.yaml @@ -20,6 +20,8 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats + action-order: - pass - drop diff --git a/tests/exception-policy-defrag-01/test.yaml b/tests/exception-policy-defrag-01/test.yaml index 22be53c71..9daab6297 100644 --- a/tests/exception-policy-defrag-01/test.yaml +++ b/tests/exception-policy-defrag-01/test.yaml @@ -34,3 +34,9 @@ checks: event_type: flow flow.action: drop proto: ICMP + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.defrag_memcap: 1 diff --git a/tests/exception-policy-midstream-02/suricata.yaml b/tests/exception-policy-midstream-02/suricata.yaml index d4e75dae9..c390fff3b 100644 --- a/tests/exception-policy-midstream-02/suricata.yaml +++ b/tests/exception-policy-midstream-02/suricata.yaml @@ -17,3 +17,4 @@ outputs: flows: start # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats diff --git a/tests/exception-policy-midstream-02/test.yaml b/tests/exception-policy-midstream-02/test.yaml index 46e4d1fc6..d481f4d45 100644 --- a/tests/exception-policy-midstream-02/test.yaml +++ b/tests/exception-policy-midstream-02/test.yaml @@ -22,3 +22,9 @@ checks: count: 0 match: event_type: anomaly + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_midstream: 1 diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml index 11632c687..2429daf06 100644 --- a/tests/exception-policy-simulated-flow-memcap/test.yaml +++ b/tests/exception-policy-simulated-flow-memcap/test.yaml @@ -30,3 +30,9 @@ checks: match: event_type: stats stats.tcp.midstream_pickups: 1 + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.flow_memcap: 1 diff --git a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml index dfccb8afa..aa46e9763 100644 --- a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml @@ -20,6 +20,8 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats + action-order: - pass - drop diff --git a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml index eb6c5305e..8105af085 100644 --- a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml @@ -48,3 +48,9 @@ checks: match: event_type: flow flow.action: drop + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_memcap: 1 diff --git a/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml b/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml index dfccb8afa..aa46e9763 100644 --- a/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml +++ b/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml @@ -20,6 +20,8 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats + action-order: - pass - drop diff --git a/tests/exception-policy-stream-ssn-memcap-01/test.yaml b/tests/exception-policy-stream-ssn-memcap-01/test.yaml index 5fde4c8e9..2439aa027 100644 --- a/tests/exception-policy-stream-ssn-memcap-01/test.yaml +++ b/tests/exception-policy-stream-ssn-memcap-01/test.yaml @@ -47,3 +47,9 @@ checks: match: event_type: flow flow.action: drop + - filter: + min-version: 7 + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_memcap: 1