Documentation #7039
opensuricata-verify: explain how to automatically add --simulate-ips argument
Description
Document how SV will run a test with --simulate-ips if the test has ips in the name.
Updated by Juliana Fajardini Reichow 2 months ago · Edited
Maybe could be done together: add option to indicate that the pcap comes from an existing test (so we won't duplicate the pcap, but add the path to the original as seen in https://github.com/OISF/suricata-verify/blob/master/tests/alert-testmyids-frames/test.yaml#L1
Maybe the script could even simply identify when the pcap path is from a test within the SV directory?
Updated by Juliana Fajardini Reichow 2 months ago
- Subject changed from createst: add --simulate-ips as option to createst: explain how to automatically add --simulate-ips argument
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
This feature actually already exists (cf https://github.com/OISF/suricata-verify/blob/master/run.py#L916) so I'll update this to be about documenting it :P
Updated by Juliana Fajardini Reichow 2 months ago
- Status changed from New to In Review
For the documentation:
https://github.com/OISF/suricata-verify/pull/1955
Updated by Shivani Bhardwaj 2 months ago
Maybe the script could even simply identify when the pcap path is from a test within the SV directory?
Agreed. That would be useful. I also wonder how many people actually use createst to create the tests. I feel that the number is quite little even within the team. So, maybe it's useful to ask the roadblocks for using the script and have tickets for everything. wdyt?
Updated by Juliana Fajardini Reichow 2 months ago · Edited
Shivani Bhardwaj wrote in #note-4:
Maybe the script could even simply identify when the pcap path is from a test within the SV directory?
Agreed. That would be useful. I also wonder how many people actually use createst to create the tests. I feel that the number is quite little even within the team. So, maybe it's useful to ask the roadblocks for using the script and have tickets for everything. wdyt?
I like that approach. I use createst a lot, even when I sometimes - like with --simulate-ips up until now - I have to adjust stuff afterwards. I'll see if I get feedback from the team on what prevents them from using it, and see what can be improved, from there :)
Created a ticket for the suggestion given here: https://redmine.openinfosecfoundation.org/issues/7139
Updated by Juliana Fajardini Reichow 2 months ago
- Tracker changed from Task to Documentation
Updated by Juliana Fajardini Reichow 2 months ago
- Subject changed from createst: explain how to automatically add --simulate-ips argument to suricata-verify: explain how to automatically add --simulate-ips argument
- Description updated (diff)
I'll create another ticket for adding this as a functionality to the createst script...
Updated by Juliana Fajardini Reichow 2 months ago
- Related to Feature #7156: createst: automatically add --simulate-ips commandline argument added