stats: add checks for drop reason counters

Leaving checks for stream reassembly aside as those were already added by another commit. Related to Task #6230 Task #6571
jmtaylor90 · Dec 27, 2023 · d8b73c4 · d8b73c4
1 parent 30f3f9b
commit d8b73c4
Show file tree

Hide file tree

Showing 9 changed files with 37 additions and 0 deletions.
diff --git a/tests/exception-policy-applayer-01/suricata.yaml b/tests/exception-policy-applayer-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop

diff --git a/tests/exception-policy-applayer-01/test.yaml b/tests/exception-policy-applayer-01/test.yaml
@@ -48,3 +48,9 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.applayer_error: 1
diff --git a/tests/exception-policy-defrag-01/suricata.yaml b/tests/exception-policy-defrag-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop

diff --git a/tests/exception-policy-defrag-01/test.yaml b/tests/exception-policy-defrag-01/test.yaml
@@ -34,3 +34,9 @@ checks:
         event_type: flow
         flow.action: drop
         proto: ICMP
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.defrag_memcap: 1
diff --git a/tests/exception-policy-midstream-02/suricata.yaml b/tests/exception-policy-midstream-02/suricata.yaml
@@ -17,3 +17,4 @@ outputs:
             flows: start     # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
diff --git a/tests/exception-policy-midstream-02/test.yaml b/tests/exception-policy-midstream-02/test.yaml
@@ -24,3 +24,9 @@ checks:
       count: 0
       match:
         event_type: anomaly
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_midstream: 1
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -30,3 +30,9 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.flow_memcap: 1
diff --git a/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml b/tests/exception-policy-stream-ssn-memcap-01/suricata.yaml
@@ -20,6 +20,8 @@ outputs:
             flows: all       # start or all: 'start' logs only a single drop
                              # per flow direction. All logs each dropped pkt.
         - flow
+        - stats
+
 action-order:
   - pass
   - drop

diff --git a/tests/exception-policy-stream-ssn-memcap-01/test.yaml b/tests/exception-policy-stream-ssn-memcap-01/test.yaml
@@ -47,3 +47,9 @@ checks:
       match:
         event_type: flow
         flow.action: drop
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: stats
+        stats.ips.drop_reason.stream_memcap: 1
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,6 +20,8 @@ outputs: @@
                 flows: all       # start or all: 'start' logs only a single drop
                                  # per flow direction. All logs each dropped pkt.
             - flow
+            - stats
     action-order:
       - pass
       - drop
@@ Expand Down @@