test: truncated ipv4 test

Test that no src_ip, dest_ip are logged instead of just empty strings. Ticket: https://redmine.openinfosecfoundation.org/issues/7460
OISF · Jan 8, 2025 · 169fd2f · 169fd2f
1 parent b6bfa2e
commit 169fd2f
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 0 deletions.
diff --git a/tests/ipv4-truncated/README.md b/tests/ipv4-truncated/README.md
@@ -0,0 +1,3 @@
+Test that alerts that have unknown IP addresses and ports don't log them.
+
+Ticket: https://redmine.openinfosecfoundation.org/issues/7460
diff --git a/tests/ipv4-truncated/decoder-events.rules b/tests/ipv4-truncated/decoder-events.rules
@@ -0,0 +1 @@
+alert pkthdr any any -> any any (msg:"SURICATA IPv4 truncated packet"; decode-event:ipv4.trunc_pkt; classtype:protocol-command-decode; sid:2200003; rev:2;)
diff --git a/tests/ipv4-truncated/test.yaml b/tests/ipv4-truncated/test.yaml
@@ -0,0 +1,9 @@
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        src_ip: null
+        dest_ip: null
+        src_port: null
+        dest_port: null
diff --git a/tests/ipv4-truncated/truncated.pcap b/tests/ipv4-truncated/truncated.pcap
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		Test that alerts that have unknown IP addresses and ports don't log them.

		Ticket: https://redmine.openinfosecfoundation.org/issues/7460
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		alert pkthdr any any -> any any (msg:"SURICATA IPv4 truncated packet"; decode-event:ipv4.trunc_pkt; classtype:protocol-command-decode; sid:2200003; rev:2;)