-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: add rule type check for tcp-window #2104
tests: add rule type check for tcp-window #2104
Conversation
Ticket: 6352
match: | ||
id: 1 | ||
lists.packet.matches[0].name: "window" | ||
lists.packet.matches[0].window.equql: 30336 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo?
match: | ||
id: 2 | ||
lists.packet.matches[0].name: "tcp.window" | ||
lists.packet.matches[0].window.not.equal: 1024 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm I don't think this will match the Suricata PR. Have you tried running it with your Suricata work? Please note that this PR must pass with your Suricata PR OISF/suricata#12024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let us know if you need assistance in how to do that, ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let us know if you need assistance in how to do that, ok?
yes, i need some assistance on how to test
python3 ../suricata-verify/run.py tcp_window
am using that
do I need a pcap file in the directory, i have been trying to check documentation but am not sure
a kick in the right direction will be much appreciated @jufajardini @inashivb
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, i need some assistance on how to test python3 ../suricata-verify/run.py tcp_window am using that do I need a pcap file in the directory, i have been trying to check documentation but am not sure a kick in the right direction will be much appreciated @jufajardini @inashivb
When you run that, what do you see? If you ran that from the Suricata directory with patch changes to Suricata, invoking the suricata-verify folder where you have this SV test, you should see the result of Suricata running the test. And as Shivani has pointed out, if the test is still like in this PR, the checks should fail, as these checks won't match on the output generated by the patch you've shared. Does this make sense?
You don't need a pcap, as the test.yaml
indicates:
requires:
pcap: false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you're unsure what the output should look like, you can try running a different test from the tests/rules
directory, and check what SV reports, and also what the output
folder for that specific test will have
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good first shot. :) Some changes are needed though. Make sure to run it with Suricata work to see if the tests pass. 😉
thank you @inashivb ...working on it |
work coninued in #2107 |
Ticket: 6352
Ticket
If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:
Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6352