Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: add test for vlan.id - v4 #2176

Closed
wants to merge 1 commit into from
Closed

test: add test for vlan.id - v4 #2176

wants to merge 1 commit into from

Conversation

AkakiAlice
Copy link
Contributor

Ticket: #1065

Description:

  • Add Suricata-Verify test for vlan.id keyword

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/1065

Previous PR: #2134

@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Dec 11, 2024
@catenacyber
Copy link
Collaborator

Thanks @AkakiAlice I added the label requires Suricata pr ;-)

catenacyber
catenacyber reviewed Dec 11, 2024
View reviewed changes
tests/detect-vlan-id/test.rules
@@ -0,0 +1,2 @@
alert ip any any -> any any (msg:"Vlan ID is equal to 200 with specific layer"; vlan.id:200,1; sid:1;)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be vlan.id:200,0; as we see vlan[0]: 200

catenacyber
catenacyber reviewed Dec 11, 2024
View reviewed changes
tests/detect-vlan-id/README.md
@@ -0,0 +1,3 @@
Test for checking the working of vlan.id keyword by creating rules and matching a crafted packet against them. The packet is an ICMP packet with 3 different VLAN ids [200,300,400].

PCAP created with scapy.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can include the scapy script in the PR

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When you do so, please also include the scapy version used, as things sometimes change from version to version

@AkakiAlice AkakiAlice closed this Dec 12, 2024
@AkakiAlice AkakiAlice mentioned this pull request Dec 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@jufajardini jufajardini jufajardini left review comments

Assignees
No one assigned
Labels
requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AkakiAlice @catenacyber @jufajardini