Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDP: add tests for sticky buffers v3 #2210

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

SDP: add tests for sticky buffers v3 #2210

wants to merge 2 commits into from

Conversation

glongo
Copy link
Contributor

@glongo glongo commented Dec 30, 2024

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket:

@glongo glongo mentioned this pull request Dec 30, 2024
Open
5 tasks
@glongo
Copy link
Contributor Author

glongo commented Dec 30, 2024

Suricata PR: OISF/suricata#12327

@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Jan 24, 2025
catenacyber
catenacyber approved these changes Jan 28, 2025
View reviewed changes
Copy link
Collaborator

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good tests for the new keywords (and changed behavior for time logging)

catenacyber
catenacyber reviewed Jan 28, 2025
View reviewed changes
tests/sip-sdp/sdp.syn
Content-Length: 272\x0d
Contact: <sip:[email protected]>\x0d
Max-Forwards: 70\x0d
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, INFO\x0d
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit : do you have a pcap that is real traffic captured from real client and server (not synthetic one ?)

catenacyber
catenacyber reviewed Jan 28, 2025
View reviewed changes
tests/sip-sdp/test.yaml
count: 1
match:
event_type: alert
alert.signature_id: 1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit you can test that sdp metadata is logged with the alert and matches

and other nit : you can test that some other signatures do not match §so that we do not have FPs)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber approved these changes

Assignees
No one assigned
Labels
requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@glongo @catenacyber