Firewall/v1 #2058
Firewall/v1 #2058
Conversation
Tests that flow is TLS and if SNI is expected.
victorjulien
force-pushed
the
firewall/v1
branch
from
bb2000c to
ce48af6
Compare
|
This is a draft, right ? |
Why? |
|
The wording |
|
If possible, it might be nice to see what "user" story each scenario is testing? |
|
Not sure I get it. Each test has a README that describes the test. What else is needed? |
Was thinking of something more applicable to an end-user looking for examples.. Like:
Where stuff like 3whs is a lower level implementation detail. Or perhaps that is better suited for the firewall chapter in the docs? |
|
This is not for users, but are tests for supporting development. The tests are self documenting in my opinion. |
I guess we can add explanations in docs and link to the tests, and then one would complement the other 🤔 |
|
|
||
| # allow tls | ||
|
|
||
| pass tls any any <> any 443 (flow:established; tls.sni; content:"raw.githubusercontent.com"; sid:2;) |
There was a problem hiding this comment.
And would you like to add a rule like
pass tls any any <> any 443 (flow:established; tx.progress:<tls.sni; sid:3;)
right ?
There was a problem hiding this comment.
I think so, ya. We'd have to think about how to expose the internal progress tracking to users, but I think we'd need something like this.
There was a problem hiding this comment.
Cool
Do you have a redmine ticket for this improvement ?
SV PR is good like that, and you can make a special SV-only merge
https://github.com/OISF/suricata-verify/pulls?q=is%3Apr+is%3Aopen+review%3Aapproved+label%3A%22tests+pass%22
|
Merged in #2139, thanks! |
Some initial tests towards https://redmine.openinfosecfoundation.org/issues/7269