Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add test for bug-7199 - v1 #2069

Closed
wants to merge 1 commit into from
Closed

tests: add test for bug-7199 - v1 #2069

wants to merge 1 commit into from

Conversation

jufajardini
Copy link
Contributor

More of a change in behavior than a bug, but important to be documented.

Related to
Bug https://redmine.openinfosecfoundation.org/issues/7199

Not sure if should keep this with failing checks or not, but this version has the checks that fail, to better show the difference. Once that's decided, I'll submit a PR with a better commit message, too.

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/7199

@jufajardini
tests: add test for bug-7199
76fa406 
More of a change in behavior than a bug, but important to be documented

Related to
Bug https://redmine.openinfosecfoundation.org/issues/7199
@catenacyber catenacyber marked this pull request as draft October 1, 2024 09:26
@catenacyber
Copy link
Collaborator

Draft: this PR serves for discussion about https://redmine.openinfosecfoundation.org/issues/7199

catenacyber
catenacyber reviewed Nov 18, 2024
View reviewed changes
tests/bug-7199/test.rules
reject ip any any -> any any (msg: "Reject by AntreaNetworkPolicy:default/ingress-allow-http-request-to-api-v2"; flow: to_server, established; sid: 1;)
pass http any any -> any any (msg: "Allow http by AntreaNetworkPolicy:default/ingress-allow-http-request-to-api-v2"; http.uri; content:"/api/v2/"; startswith; http.method; content:"GET"; http.host; content:"foo.bar.com"; startswith; endswith; sid: 2;)
alert http any any -> any any (msg: "Alert by AntreaNetworkPolicy:default/ingress-allow-http-request-to-api-v2"; http.method; content:"GET"; sid: 3;)
reject http any any -> any any (msg: "Reject HTTP by AntreaNetworkPolicy:default/ingress-allow-http-request-to-api-v2"; flow: to_server, established; dsize: >0; sid: 4;)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, should we log the transaction if there is a alproto defined and if there is only one transaction ? (so we cannot be wrong)

@jufajardini jufajardini added the decision-required Waiting on deliberation from the team label Nov 26, 2024
@catenacyber catenacyber mentioned this pull request Nov 26, 2024
Closed
@catenacyber
Copy link
Collaborator

Continued in #2141

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

Assignees
No one assigned
Labels
decision-required Waiting on deliberation from the team
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jufajardini @catenacyber