mirror of
https://github.com/OISF/suricata.git
synced 2026-02-19 02:28:46 -05:00
49783fa9f7
Implementing a bridge test with af-packet IPS and a routing test with iptables + nfqueue. Very helpful explanation and guidance on network namespaces can be found here: https://www.redhat.com/en/blog/net-namespaces Sets up 3 network namespaces: 1. client - for running client tools like ping, curl, wget 2. server - for running a server, currently only Caddy 3. dut - for running Suricata, this namespace connects the client and server namespaces Validate IPS operations in 3 ways: 1. check return codes of the client tools 2. check Suricata's IPS stats 3. use tshark to validate expected drops Run Suricata in AF_PACKET IPS mode for both autofp and workers mode. Do the same for NFQUEUE. Tshark's JSON output is used with JQ to validate that pings are dropped. All tests are codecov enabled.
32 lines
473 B
YAML
32 lines
473 B
YAML
codecov:
|
|
require_ci_to_pass: false
|
|
notify:
|
|
after_n_builds: 6
|
|
|
|
coverage:
|
|
precision: 2
|
|
round: down
|
|
range: "70...100"
|
|
status:
|
|
project:
|
|
default:
|
|
informational: true
|
|
patch:
|
|
default:
|
|
informational: true
|
|
|
|
parsers:
|
|
gcov:
|
|
branch_detection:
|
|
conditional: yes
|
|
loop: yes
|
|
method: no
|
|
macro: no
|
|
|
|
comment:
|
|
layout: "diff,flags"
|
|
behavior: default
|
|
require_changes: no
|
|
|
|
github_checks:
|
|
annotations: false
|