Project

General

Profile

Actions

Documentation #7039

closed

suricata-verify: explain how to automatically add --simulate-ips argument

Added by Juliana Fajardini Reichow 7 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Document how SV will run a test with --simulate-ips if the test has ips in the name.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #7156: createst: automatically add --simulate-ips commandline argumentNewOISF DevActions
Actions #1

Updated by Juliana Fajardini Reichow 6 months ago · Edited

Maybe could be done together: add option to indicate that the pcap comes from an existing test (so we won't duplicate the pcap, but add the path to the original as seen in https://github.com/OISF/suricata-verify/blob/master/tests/alert-testmyids-frames/test.yaml#L1

Maybe the script could even simply identify when the pcap path is from a test within the SV directory?

Actions #2

Updated by Juliana Fajardini Reichow 6 months ago

  • Subject changed from createst: add --simulate-ips as option to createst: explain how to automatically add --simulate-ips argument
  • Assignee changed from OISF Dev to Juliana Fajardini Reichow

This feature actually already exists (cf https://github.com/OISF/suricata-verify/blob/master/run.py#L916) so I'll update this to be about documenting it :P

Actions #3

Updated by Juliana Fajardini Reichow 6 months ago

  • Status changed from New to In Review
Actions #4

Updated by Shivani Bhardwaj 6 months ago

Maybe the script could even simply identify when the pcap path is from a test within the SV directory?

Agreed. That would be useful. I also wonder how many people actually use createst to create the tests. I feel that the number is quite little even within the team. So, maybe it's useful to ask the roadblocks for using the script and have tickets for everything. wdyt?

Actions #5

Updated by Juliana Fajardini Reichow 6 months ago · Edited

Shivani Bhardwaj wrote in #note-4:

Maybe the script could even simply identify when the pcap path is from a test within the SV directory?

Agreed. That would be useful. I also wonder how many people actually use createst to create the tests. I feel that the number is quite little even within the team. So, maybe it's useful to ask the roadblocks for using the script and have tickets for everything. wdyt?

I like that approach. I use createst a lot, even when I sometimes - like with --simulate-ips up until now - I have to adjust stuff afterwards. I'll see if I get feedback from the team on what prevents them from using it, and see what can be improved, from there :)

Created a ticket for the suggestion given here: https://redmine.openinfosecfoundation.org/issues/7139

Actions #6

Updated by Juliana Fajardini Reichow 6 months ago

  • Tracker changed from Task to Documentation
Actions #7

Updated by Juliana Fajardini Reichow 6 months ago

  • Subject changed from createst: explain how to automatically add --simulate-ips argument to suricata-verify: explain how to automatically add --simulate-ips argument
  • Description updated (diff)

I'll create another ticket for adding this as a functionality to the createst script...

Actions #8

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Feature #7156: createst: automatically add --simulate-ips commandline argument added
Actions #9

Updated by Juliana Fajardini Reichow 3 months ago

  • Status changed from In Review to Closed

Just for the documentation bit, PR merged: https://github.com/OISF/suricata-verify/pull/1968

Actions

Also available in: Atom PDF