test: add test for vlan.id

Ticket: #1065

tests/detect-vlan-id/README.md

@@ -0,0 +1,3 @@
+Test for checking the working of vlan.id keyword by creating rules and matching a crafted packet against them. The packet is an ICMP packet with 3 different VLAN ids [200,300,400].
+
+PCAP created with scapy.

tests/detect-vlan-id/test.rules

@@ -0,0 +1,3 @@
+alert ip any any -> any any (msg:"Vlan ID is equal to 200 with especific layer"; vlan.id:200,1; sid:1;)
+alert ip any any -> any any (msg:"Vlan ID is equal to 300 with explicit 'any' layer "; vlan.id:300,any; sid:2;)
+alert ip any any -> any any (msg:"Vlan ID is equal to 400"; vlan.id:300; sid:3;)

tests/detect-vlan-id/test.yaml

@@ -0,0 +1,22 @@
+requires:
+ min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+   count: 1
+   match:
+     event_type: alert
+     alert.signature_id: 1
+- filter:
+   count: 1
+   match:
+     event_type: alert
+     alert.signature_id: 2
+- filter:
+   count: 1
+   match:
+     event_type: alert
+     alert.signature_id: 3