Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add rule type check for tcp-window #2104

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

tests: add rule type check for tcp-window #2104

wants to merge 1 commit into from

Conversation

Nancyenos
Copy link

Ticket: 6352

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6352

@Nancyenos Nancyenos mentioned this pull request Oct 24, 2024
Open
2 tasks
inashivb
inashivb reviewed Oct 24, 2024
View reviewed changes
tests/rules/tcp_window/test.yaml
match:
id: 1
lists.packet.matches[0].name: "window"
lists.packet.matches[0].window.equql: 30336
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo?

inashivb
inashivb reviewed Oct 24, 2024
View reviewed changes
tests/rules/tcp_window/test.yaml
match:
id: 2
lists.packet.matches[0].name: "tcp.window"
lists.packet.matches[0].window.not.equal: 1024
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm I don't think this will match the Suricata PR. Have you tried running it with your Suricata work? Please note that this PR must pass with your Suricata PR OISF/suricata#12024

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let us know if you need assistance in how to do that, ok?

Copy link
Author

@Nancyenos Nancyenos Oct 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let us know if you need assistance in how to do that, ok?

yes, i need some assistance on how to test
python3 ../suricata-verify/run.py tcp_window
am using that
do I need a pcap file in the directory, i have been trying to check documentation but am not sure
a kick in the right direction will be much appreciated @jufajardini @inashivb

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, i need some assistance on how to test python3 ../suricata-verify/run.py tcp_window am using that do I need a pcap file in the directory, i have been trying to check documentation but am not sure a kick in the right direction will be much appreciated @jufajardini @inashivb

When you run that, what do you see? If you ran that from the Suricata directory with patch changes to Suricata, invoking the suricata-verify folder where you have this SV test, you should see the result of Suricata running the test. And as Shivani has pointed out, if the test is still like in this PR, the checks should fail, as these checks won't match on the output generated by the patch you've shared. Does this make sense?

You don't need a pcap, as the test.yaml indicates:

requires:
    pcap: false

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you're unsure what the output should look like, you can try running a different test from the tests/rules directory, and check what SV reports, and also what the output folder for that specific test will have

inashivb
inashivb requested changes Oct 24, 2024
View reviewed changes
Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good first shot. :) Some changes are needed though. Make sure to run it with Suricata work to see if the tests pass. 😉

@jufajardini jufajardini added the outreachy Contributions made by Outreachy applicants label Oct 24, 2024
@Nancyenos
Copy link
Author

thank you @inashivb ...working on it

@Nancyenos Nancyenos closed this Oct 24, 2024
@Nancyenos Nancyenos reopened this Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini left review comments

@inashivb inashivb inashivb requested changes

Assignees
No one assigned
Labels
outreachy Contributions made by Outreachy applicants
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Nancyenos @jufajardini @inashivb