imap: add test for protocol detection

ticket #2886

Signed-off-by: mmmaatuq <mahmoudmatook.mm@gmail.com>

diff --git a/tests/imap-detection/README.md b/tests/imap-detection/README.md
new file mode 100644 (file)
index 0000000..294fe60
--- /dev/null
+++ b/tests/imap-detection/README.md
@@ -0,0 +1,10 @@
+# Simple test for imap protocol detection.
+
+## PCAP
+
+URL: "Pcap imap.cap provided with redmine issue https://redmine.openinfosecfoundation.org/issues/2886"
+
+## Related issues
+
+Ticket #2886
+

diff --git a/tests/imap-detection/input.pcap b/tests/imap-detection/input.pcap
new file mode 100644 (file)
index 0000000..517936d
Binary files /dev/null and b/tests/imap-detection/input.pcap differ

diff --git a/tests/imap-detection/test.yaml b/tests/imap-detection/test.yaml
new file mode 100644 (file)
index 0000000..c20df3c
--- /dev/null
+++ b/tests/imap-detection/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      app_proto: imap
+      dest_ip: 131.151.37.122
+      dest_port: 143
+      event_type: flow
+      flow.age: 26
+      flow.alerted: false
+      flow.bytes_toclient: 23493
+      flow.bytes_toserver: 3790
+      flow.pkts_toclient: 50
+      flow.pkts_toserver: 56
+      flow.reason: shutdown
+      flow.state: closed
+      proto: TCP
+      src_ip: 131.151.32.21
+      src_port: 4167