From c7ff55c9c3ffc4d82ff2fd4f8f003121a6c8fec7 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 3 Jul 2024 16:36:14 -0300
Subject: [PATCH] README/help: add info on IPS mode tests creation

It is possible to create a test that runs in IPS mode by just adding ips
to its name. But that is not documented.

Task #7039
---
 README.md   | 15 +++++++++++++++
 createst.py |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9760eb9e9..59beba702 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,10 @@ Or to run a single test:
 
 - Create a directory that is the name of the new test.
 
+  If you want a test to run in IPS mode, add `ips` to the test name
+  this will make `--simulate-ips` command-line argument be passed when
+  the test is run.
+
 - Copy a single pcap file into the test directory. It must end in
   ".pcap".
 
@@ -200,6 +204,8 @@ directory.
 
 positional arguments:
   <test-name>           Name of the test folder
+                        Add `ips` to the test name if you want it to run in IPS mode
+                        the test is run.
   <pcap-file>           Path to the PCAP file
 
 optional arguments:
@@ -252,6 +258,15 @@ newer:
 --rules ../suricata-verify/tests/no-payload-output/test.rules test-02 input.pcap
 ```
 
+#### Example 3
+
+Create a Suricata-verify test named ``ips-drop-rule`` that will run over a pcap file
+called ``input.pcap``, match its traffic against the rules in the ``ips-test.rules``
+file and will have Suricata run the test in IPS mode:
+```
+../suricata-verify/createst.py --rules ../Documents/ips-test.rules ips-drop-rule input.pcap
+```
+
 #### Add Required Features
 
 ```
diff --git a/createst.py b/createst.py
index aac1a9c4a..8d2038647 100755
--- a/createst.py
+++ b/createst.py
@@ -370,7 +370,7 @@ def parse_args():
         description="Create tests with a given PCAP. Execute the script"
                 " from a valid Suricata source directory.")
     parser.add_argument("test-name", metavar="<test-name>",
-                        help="Name of the test folder")
+                        help="Name of the test folder. Add `ips` to the test name if you want it to run in IPS mode.")
     parser.add_argument("pcap", metavar="<pcap-file>",
                         help="Path to the PCAP file")
     parser.add_argument("--rules", metavar="<rules>",