From 13789a1d4e45fc8cd72e9c399891495c2b7a4f1d Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Tue, 22 Aug 2023 10:57:52 -0400 Subject: [PATCH] test/stream: Update drop reason per new reason code Issue: 6235 --- .../exception-policy-stream-reassembly-memcap-01/README.md | 5 +++++ .../suricata.yaml | 7 +++++++ .../exception-policy-stream-reassembly-memcap-01/test.yaml | 7 ++++++- .../exception-policy-stream-reassembly-memcap-04/README.md | 5 +++++ .../suricata.yaml | 4 ++++ .../exception-policy-stream-reassembly-memcap-04/test.yaml | 7 ++++++- .../exception-policy-stream-reassembly-memcap-05/README.md | 5 +++++ .../suricata.yaml | 4 ++++ .../exception-policy-stream-reassembly-memcap-05/test.yaml | 7 ++++++- 9 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 tests/exception-policy-stream-reassembly-memcap-01/README.md create mode 100644 tests/exception-policy-stream-reassembly-memcap-04/README.md create mode 100644 tests/exception-policy-stream-reassembly-memcap-05/README.md diff --git a/tests/exception-policy-stream-reassembly-memcap-01/README.md b/tests/exception-policy-stream-reassembly-memcap-01/README.md new file mode 100644 index 000000000..88a687fc3 --- /dev/null +++ b/tests/exception-policy-stream-reassembly-memcap-01/README.md @@ -0,0 +1,5 @@ +# Description + +Test exception policy logic for stream reassembly. + +DEBUG is required to enable the "eps" logic. diff --git a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml index dfccb8afa..3c973a2be 100644 --- a/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-01/suricata.yaml @@ -1,6 +1,9 @@ %YAML 1.1 --- +stats: + enabled: yes + outputs: - eve-log: enabled: yes @@ -20,6 +23,10 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats: + totals: yes # stats for all threads merged together + threads: no # per thread stats + deltas: no # include delta values action-order: - pass - drop diff --git a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml index eb6c5305e..f20281159 100644 --- a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml @@ -23,7 +23,7 @@ checks: count: 1 match: event_type: drop - drop.reason: "stream memcap" + drop.reason: "stream reassembly" - filter: count: 28 match: @@ -48,3 +48,8 @@ checks: match: event_type: flow flow.action: drop + - filter: + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_reassembly: 1 diff --git a/tests/exception-policy-stream-reassembly-memcap-04/README.md b/tests/exception-policy-stream-reassembly-memcap-04/README.md new file mode 100644 index 000000000..88a687fc3 --- /dev/null +++ b/tests/exception-policy-stream-reassembly-memcap-04/README.md @@ -0,0 +1,5 @@ +# Description + +Test exception policy logic for stream reassembly. + +DEBUG is required to enable the "eps" logic. diff --git a/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml index 758f72085..aac4c605a 100644 --- a/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-04/suricata.yaml @@ -14,3 +14,7 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats: + totals: yes # stats for all threads merged together + threads: no # per thread stats + deltas: no # include delta values diff --git a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml index eb6c5305e..f20281159 100644 --- a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml @@ -23,7 +23,7 @@ checks: count: 1 match: event_type: drop - drop.reason: "stream memcap" + drop.reason: "stream reassembly" - filter: count: 28 match: @@ -48,3 +48,8 @@ checks: match: event_type: flow flow.action: drop + - filter: + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_reassembly: 1 diff --git a/tests/exception-policy-stream-reassembly-memcap-05/README.md b/tests/exception-policy-stream-reassembly-memcap-05/README.md new file mode 100644 index 000000000..88a687fc3 --- /dev/null +++ b/tests/exception-policy-stream-reassembly-memcap-05/README.md @@ -0,0 +1,5 @@ +# Description + +Test exception policy logic for stream reassembly. + +DEBUG is required to enable the "eps" logic. diff --git a/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml b/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml index 758f72085..aac4c605a 100644 --- a/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-05/suricata.yaml @@ -14,3 +14,7 @@ outputs: flows: all # start or all: 'start' logs only a single drop # per flow direction. All logs each dropped pkt. - flow + - stats: + totals: yes # stats for all threads merged together + threads: no # per thread stats + deltas: no # include delta values diff --git a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml index 7901c6b4d..d19e9ad87 100644 --- a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml +++ b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml @@ -24,7 +24,7 @@ checks: count: 1 match: event_type: drop - drop.reason: "stream memcap" + drop.reason: "stream reassembly" - filter: count: 0 match: @@ -49,3 +49,8 @@ checks: match: event_type: flow flow.action: drop + - filter: + count: 1 + match: + event_type: stats + stats.ips.drop_reason.stream_reassembly: 1