Conversation
jufajardini
left a comment
jufajardini
left a comment
There was a problem hiding this comment.
I have added a few comments. :)
Especially for the truncated test checks, I would like us to check on the frame length, too, so we can ensure things are being calculated as expected.
I am again wondering if we should have a special type for truncated frames, as, for instance, the length for the pdu frame in such case isn't the actual pdu length, just the max that suricata will process, as per MQTT standards.
So, having a truncated frame might let people know what to expect in such cases. Maybe in such circumstances, we could have a trunc_data frame instead of a data frame?
|
|
||
| requires: | ||
| features: | ||
| - HAVE_LIBJANSSON | ||
| files: | ||
| - rust/src/mqtt/parser.rs |
There was a problem hiding this comment.
These are not needed :)
| - rust/src/mqtt/parser.rs | ||
|
|
||
| args: | ||
| - -k none |
There was a problem hiding this comment.
nit: we usually add a new line between each test.yaml session.
| @@ -0,0 +1,55 @@ | |||
| pcap: ../mqtt-limit-1/input.pcap | |||
|
|
|||
| requires: | |||
There was a problem hiding this comment.
Let's add the min-version: 7 requirement here, since frame support, so far, is from 7 on, only.
Sure I can do that . Will update this PR after the new frames PR |
Do you also think that we should Have |
🤔 What about asking the others about this? |
|
followed by #1123 |
2 participants
Ticket: https://redmine.openinfosecfoundation.org/issues/5731
Previous PR: #1065
Describe changes:
Requires: OISF/suricata#8513