github-actions: expand af-packet live test with more unix commands

.github/workflows/live/afp-ids.sh

@@ -30,6 +30,7 @@ fi
 
 RES=0
 
+export PYTHONPATH=python/
 # Get listen interface and "ping" target address
 IFACE=$(ip r|grep default|awk '{print $5}')
 echo $IFACE
@@ -67,6 +68,20 @@ if [ $SID1CHECK = false ]; then
     echo "ERROR no alerts for sid 1"
     RES=1
 fi
+CHECK=$(jq -c 'select(.alert.signature_id == 222)' ./eve.json | wc -l)
+if [ $CHECK -ne 1 ]; then
+	echo "ERROR alerts count off for sid 222 (datasets)"
+    RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
+echo $JSON
+
+sleep 5
+CHECK=$(jq -c 'select(.alert.signature_id == 222)' ./eve.json | wc -l)
+if [ $CHECK -ne 2 ]; then
+	echo "ERROR alerts count off for sid 222 (datasets)"
+    RES=1
+fi
 
 echo "SURIPID $SURIPID PINGPID $PINGPID"
 
@@ -74,11 +89,52 @@ echo "SURIPID $SURIPID PINGPID $PINGPID"
 cp .github/workflows/live/icmp2.rules suricata.rules
 
 # trigger the reload
-export PYTHONPATH=python/
+JSON=$(python3 python/bin/suricatasc -c "iface-list" /var/run/suricata/suricata-command.socket)
+PIFACE=$(echo $JSON | jq -r .message.ifaces[0])
+JSON=$(python3 python/bin/suricatasc -c "iface-stat $PIFACE")
+STATSCHECK=$(echo $JSON | jq '.message.pkts > 0')
+if [ $STATSCHECK = false ]; then
+    echo "ERROR unix socket stats check failed"
+    RES=1
+fi
 python3 python/bin/suricatasc -c "reload-rules" /var/run/suricata/suricata-command.socket
 
+
+JSON=$(python3 python/bin/suricatasc -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "capture-mode" /var/run/suricata/suricata-command.socket)
+if [ "$(echo $JSON | jq -r .message)" != "AF_PACKET_DEV" ]; then
+    echo "ERROR unix socket capture mode check failed"
+    RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "dump-counters" /var/run/suricata/suricata-command.socket)
+STATSCHECK=$(echo $JSON | jq '.message.uptime >= 15')
+if [ $STATSCHECK = false ]; then
+    echo "ERROR unix socket dump-counters uptime check failed"
+    RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "memcap-list" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "running-mode" /var/run/suricata/suricata-command.socket)
+echo $JSON
+if [ "$(echo $JSON | jq -r .message)" != "$RUNMODE" ]; then
+    echo "ERROR unix socket runmode check failed"
+    RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "version" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "uptime" /var/run/suricata/suricata-command.socket)
+echo $JSON
+STATSCHECK=$(echo $JSON | jq '.message >= 15')
+if [ $STATSCHECK = false ]; then
+    echo "ERROR unix socket uptime check failed"
+    RES=1
+fi
 sleep 15
+JSON=$(python3 python/bin/suricatasc -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
+echo $JSON
 
+sleep 15
 # check stats and alerts
 STATSCHECK=$(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.kernel_packets > 0')
 if [ $STATSCHECK = false ]; then
@@ -90,6 +146,13 @@ if [ $SID2CHECK = false ]; then
     echo "ERROR no alerts for sid 2"
     RES=1
 fi
+JSON=$(python3 python/bin/suricatasc -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
+CHECK=$(echo $JSON|jq -r .message.hostbits[0].name)
+if [ "$CHECK" != "test" ]; then
+    echo "ERROR hostbit listing failed"
+    RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
 
 kill -INT $PINGPID
 wait $PINGPID

.github/workflows/live/icmp.rules

@@ -1 +1,2 @@
 alert icmp any any -> any any (itype:8; sid:1;)
+alert icmp any any -> any any (itype:8; ip.dst; dataset:set,ipv4-list,type ipv4; sid:222;)

.github/workflows/live/icmp2.rules

@@ -1 +1 @@
-alert icmp any any -> any any (itype:8; sid:2;)
+alert icmp any any -> any any (itype:8; hostbits:isset,test,dst; sid:2;)