smtp/ftp: test protocol detection in both directions

Ticket: 1125

diff --git a/tests/ftp-epsv/test.yaml b/tests/ftp-epsv/test.yaml
index 69848da4542b8529e32ad1ad44bfaf4c3550ea41..75fadc34d8ebb9b0ca74fdae777ed678195595b3 100644 (file)
--- a/tests/ftp-epsv/test.yaml
+++ b/tests/ftp-epsv/test.yaml
@@ -11,3 +11,9 @@ checks:
         event_type: ftp
         ftp.command: "EPSV"
         ftp.dynamic_port: 58612
+  - filter:
+      min-version: 8
+      count: 0
+      match:
+        event_type: anomaly
+        anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION

diff --git a/tests/mime/mime-dec-parse-full-msg-test01/test.yaml b/tests/mime/mime-dec-parse-full-msg-test01/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-full-msg-test01/test.yaml
+++ b/tests/mime/mime-dec-parse-full-msg-test01/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-full-msg-test02/test.yaml b/tests/mime/mime-dec-parse-full-msg-test02/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-full-msg-test02/test.yaml
+++ b/tests/mime/mime-dec-parse-full-msg-test02/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-line-test01/test.yaml b/tests/mime/mime-dec-parse-line-test01/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-line-test01/test.yaml
+++ b/tests/mime/mime-dec-parse-line-test01/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-line-test02/test.yaml b/tests/mime/mime-dec-parse-line-test02/test.yaml
index 3b802ce14b3b248bd29c2b93ec78c470dd4818a3..b4c562d5295fab3a617165c9325bd4c3a5b2cdd6 100644 (file)
--- a/tests/mime/mime-dec-parse-line-test02/test.yaml
+++ b/tests/mime/mime-dec-parse-line-test02/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-long-filename01/test.yaml b/tests/mime/mime-dec-parse-long-filename01/test.yaml
index 701e46805b798ad0ea3b32df2640aef754b297aa..16168ae1933de8144c863f815f89ac3f77e5cb1a 100644 (file)
--- a/tests/mime/mime-dec-parse-long-filename01/test.yaml
+++ b/tests/mime/mime-dec-parse-long-filename01/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-long-filename02/test.yaml b/tests/mime/mime-dec-parse-long-filename02/test.yaml
index aa1581fe8235233b9bb30154634eb7fce60ff70a..36ef8854126d3e0bad47c843170fb3c7aba00159 100644 (file)
--- a/tests/mime/mime-dec-parse-long-filename02/test.yaml
+++ b/tests/mime/mime-dec-parse-long-filename02/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-odd-len/test.yaml b/tests/mime/mime-dec-parse-odd-len/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-odd-len/test.yaml
+++ b/tests/mime/mime-dec-parse-odd-len/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-rem-sp/test.yaml b/tests/mime/mime-dec-parse-rem-sp/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-rem-sp/test.yaml
+++ b/tests/mime/mime-dec-parse-rem-sp/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-parse-small-rem-inp/test.yaml b/tests/mime/mime-dec-parse-small-rem-inp/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-parse-small-rem-inp/test.yaml
+++ b/tests/mime/mime-dec-parse-small-rem-inp/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/mime/mime-dec-very-small-inp/test.yaml b/tests/mime/mime-dec-very-small-inp/test.yaml
index f9049447d3696236e428887718394fa23681ad70..ea552ac941f6d736aec192c648c549e3d123e424 100644 (file)
--- a/tests/mime/mime-dec-very-small-inp/test.yaml
+++ b/tests/mime/mime-dec-very-small-inp/test.yaml
@@ -2,20 +2,6 @@ args:
 - -k none
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.app_proto: smtp
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 127.0.0.1
-      dest_port: 39202
-      event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 127.0.0.1
-      src_port: 25
 - filter:
     count: 1
     match:

diff --git a/tests/smtp-eve/test.yaml b/tests/smtp-eve/test.yaml
index 03876091b3dab2d4d01e1d26cba45651b43df07a..bf95e177a63e960bb3d13cbb72ff3278a29124a4 100644 (file)
--- a/tests/smtp-eve/test.yaml
+++ b/tests/smtp-eve/test.yaml
@@ -136,6 +136,12 @@ checks:
       tcp.tcp_flags: 1b
       tcp.tcp_flags_tc: 1b
       tcp.tcp_flags_ts: 1b
+- filter:
+    min-version: 8
+    count: 0
+    match:
+      event_type: anomaly
+      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
 
 # Check the stats. A stats check is a specialization of a filter
 # that only checks the last stats entry.

diff --git a/tests/smtp-long-DATA-line/test.yaml b/tests/smtp-long-DATA-line/test.yaml
index 483b8c0de158903285b7ee15ad370a3779f0b85d..91c799247b506085d7aa729db2d7c289c74fd0ac 100644 (file)
--- a/tests/smtp-long-DATA-line/test.yaml
+++ b/tests/smtp-long-DATA-line/test.yaml
@@ -7,11 +7,6 @@ args:
 - --simulate-ips
 
 checks:
-- filter:
-    count: 1
-    match:
-      anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      event_type: anomaly
 - filter:
     count: 1
     match: