From: Jason Ish <ish@unx.ca>
Date: Wed, 20 Dec 2017 23:03:53 +0000 (-0600)
Subject: smtp: basic smtp test showing filter and stats check
X-Git-Tag: suricata-6.0.4~557
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1f947c7bf5a26b96276e2977450232c17712a5c;p=thirdparty%2Fsuricata-verify.git

smtp: basic smtp test showing filter and stats check
---

diff --git a/tests/smtp/input.pcap b/tests/smtp/input.pcap
new file mode 100644
index 000000000..931b43b3b
Binary files /dev/null and b/tests/smtp/input.pcap differ
diff --git a/tests/smtp/test.yaml b/tests/smtp/test.yaml
new file mode 100644
index 000000000..58589f2ff
--- /dev/null
+++ b/tests/smtp/test.yaml
@@ -0,0 +1,16 @@
+checks:
+
+  # Check that there is only one SMTP event with specific parameters.
+  - filter:
+      count: 1
+      match:
+        event_type: smtp
+        smtp.mail_from: <gurpartap@patriots.in>
+        smtp.rcpt_to[0]: <raj_deol2002in@yahoo.co.in>
+        
+  # Check the stats. A stats check is a specialization of a filter
+  # that only checks the last stats entry.
+  - stats:
+      decoder.pkts: 60
+      decoder.bytes: 26866
+      decoder.invalid: 0