tests: add DPDK segmented mbufs test V2

tests/dpdk-segmented-mbufs-6012/README.md

@@ -0,0 +1,14 @@
+# DPDK Segmented Mbufs Test (Ticket #6012)
+
+Verifies that Suricata correctly handles segmented (chained) mbufs in DPDK mode.
+
+## How it works
+
+- Runs in DPDK mode using `net_pcap` vdev
+- Packets larger than mbuf size are segmented across multiple mbufs
+- If segmented mbuf handling is broken, packet data is corrupted and alerts fail
+
+## Reference
+
+- Redmine Ticket: https://redmine.openinfosecfoundation.org/issues/6012
+- Based on: tests/tls/tls-certs-alert (chosen for its large packets that force mbuf segmentation)

tests/dpdk-segmented-mbufs-6012/suricata.yaml

@@ -0,0 +1,45 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - alert
+
+dpdk:
+  eal-params:
+    proc-type: primary
+    vdev: net_pcap0,rx_pcap=input.pcap
+    no-huge:
+    m: 256
+
+  interfaces:
+    - interface: net_pcap0
+      threads: 1
+      promisc: true
+      checksum-checks: false
+      checksum-checks-offload: false
+      mtu: 256  # small MTU to force segmented mbufs
+      mempool-size: 1024
+      mempool-cache-size: auto
+      rx-descriptors: 256
+      tx-descriptors: 256
+      copy-mode: none
+      copy-iface: none
+
+threading:
+  set-cpu-affinity: yes
+  cpu-affinity:
+    - management-cpu-set:
+        cpu: [ 0 ]
+    - worker-cpu-set:
+        cpu: [ "all" ]
+        mode: "exclusive"
+
+app-layer:
+  protocols:
+    tls:
+      enabled: yes

tests/dpdk-segmented-mbufs-6012/test.rules

@@ -0,0 +1,3 @@
+alert tls any any -> any any (msg:"Match first certificate"; flow:established,to_client; tls.certs; content:"|30160603550403130f|"; sid:1;)
+alert tls any any -> any any (msg:"Match second certificate"; flow:established,to_client; tls.certs; content:"|30250603550403131e|"; sid:2;)
+alert tls any any -> any any (msg:"Match third certificate"; flow:established,to_client; tls.certs; content:"|301e06035504031317|"; sid:3;)

tests/dpdk-segmented-mbufs-6012/test.yaml

@@ -0,0 +1,26 @@
+requires:
+  min-version: 8
+  features:
+    - DPDK
+
+# DPDK mode runs continuously, use timeout to stop after processing
+command: |
+  timeout --signal=TERM 5 ${SRCDIR}/src/suricata -c ${TEST_DIR}/suricata.yaml --dpdk -l ${TEST_DIR}/output -S ${TEST_DIR}/test.rules -k none -vvv; true
+
+# If segmented mbuf handling is broken, TLS parsing fails and alerts won't fire
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3