suricata-verify icon indicating copy to clipboard operation
suricata-verify copied to clipboard

Published 20 hours ago verified publisher icon OISF

tests: update ips-state-1 test - v4

Open jufajardini opened this issue 10 months ago • 2 comments

This test indicated that there were FP drops for http and that another check was failing, but currently the are no more FP for HTTP. Updated the checks to reflect this. flow.action still not set to drop with the tls drops...

Related to Bug #6976

Previous PR: #1781

Changes from last PR:

  • rebased
  • added ticket reference
  • add lt-version for checks specific to 6.0.x, as the number of generated alerts for TLS is different - not sure if this is expected, or another bug. I seem to remember some work around packets done by Philippe which I imagine could impact this, but can't recall more than this...

Ticket

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6976

jufajardini avatar Apr 22 '24 19:04 jufajardini

Why are all the branches failing ? Should there be some min-version: 8 ?

catenacyber avatar Apr 29 '24 08:04 catenacyber

Why are all the branches failing ? Should there be some min-version: 8 ?

I left it run with all Suri versions, because we have flow.action as a log field, so thought it's worth checking. The test for flow.action: pass works, so I think it makes sense that the check for flow.action: drop should, too... 🤔

jufajardini avatar Apr 29 '24 19:04 jufajardini

Need to be green for version 6 and 7 even if red for master, right ?

Why, if 6 and 7 also have flow.action? Or more like in terms of incremental fixes?

jufajardini avatar Jun 12 '24 08:06 jufajardini

Or more like in terms of incremental fixes?

Yes I meant for incremental fixes.

Is this PR only meant to show the bug and not be merged ?

catenacyber avatar Jun 12 '24 13:06 catenacyber

Replaced by https://github.com/OISF/suricata-verify/pull/1973

jufajardini avatar Jul 10 '24 20:07 jufajardini