tests: add tests for stream-async #2701
Conversation
|
I think this is a great start. In general the async logic is under cooked, and it's unclear how the various protocols and features work with async. I wonder if we should just have a It would probably also be a good goal to then document the per protocol behavior/support in https://docs.suricata.io/en/latest/protocols/protocols.html |
Agreeing to both things
Added: https://redmine.openinfosecfoundation.org/issues/8011 |
jufajardini
force-pushed
the
sv-6063-tests/v1
branch
from
72b2121 to
d0ecb40
Compare
|
Added tests that show the difference with
|
jufajardini
force-pushed
the
sv-6063-tests/v1
branch
2 times, most recently
from
2c101f9 to
35a76f5
Compare
Related to Task #6063 Task #8011
jufajardini
force-pushed
the
sv-6063-tests/v1
branch
from
35a76f5 to
197c862
Compare
As part of the investigation for Suricata's behavior for stream-async. Related to Task #6063 Task #8011
jufajardini
force-pushed
the
sv-6063-tests/v1
branch
from
197c862 to
6f78ee6
Compare
|
Great stuff. |
|
Is this still a draft ? Should it be labelled |
|
Would be great to get this part already going in. |
3 participants
In investigating whether would backport an exception policy for stream-async to main 7.0.x.
Wondering if we should have tests with different pcaps. While I settled here for picking a single pcap and splitting the traffic to create an async scenario, resulting in the tests seen here, with no alerts or app proto seen in
stream-async-6063-cli-02, some other cases (using async pcaps present in our tests, already) showed scenarios where Suri was able to generate alerts and other events against async traffic, even withstream.async-oneside=falseI added the
flowevents to the tests in case those would show any difference withasynctrue or false, but didn't notice anything.Related to
Task #6063
Ticket
Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6063