From 7b913915d338213a3968e9e3da3f7915cea3a63a Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Thu, 6 Jul 2023 18:48:37 +0530
Subject: [PATCH] smtp: use simulate-ips and update test

This gives a better estimate of file size and hash for the given pcap.
---
 tests/smtp-long-DATA-line/test.yaml | 49 ++---------------------------
 1 file changed, 3 insertions(+), 46 deletions(-)

diff --git a/tests/smtp-long-DATA-line/test.yaml b/tests/smtp-long-DATA-line/test.yaml
index 05cd8241e..483b8c0de 100644
--- a/tests/smtp-long-DATA-line/test.yaml
+++ b/tests/smtp-long-DATA-line/test.yaml
@@ -4,101 +4,58 @@ requires:
 
 args:
 - -k none
+- --simulate-ips
 
 checks:
 - filter:
     count: 1
     match:
-      anomaly.app_proto: smtp
       anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
       event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
 - filter:
     count: 1
     match:
       anomaly.app_proto: smtp
       anomaly.event: MIME_LONG_LINE
-      anomaly.layer: proto_parser
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
       event_type: anomaly
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
-      tx_id: 0
 - filter:
     count: 1
     match:
       anomaly.app_proto: smtp
       anomaly.event: MIME_LONG_ENC_LINE
-      anomaly.layer: proto_parser
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
       event_type: anomaly
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
-      tx_id: 0
 - filter:
     count: 1
     match:
-      dest_ip: 217.12.11.66
-      dest_port: 587
       email.attachment[0]: winmail.dat
       email.from: '"Xxxxxx xxxx" <xxxxxx@xxxxx.co.uk>'
       email.status: PARSE_DONE
       email.to[0]: <xxxxxx@xxxxx.co.uk>
       event_type: smtp
-      pcap_cnt: 40
-      proto: TCP
       smtp.helo: Percival
       smtp.mail_from: <xxxxxx@xxxxx.co.uk>
       smtp.rcpt_to[0]: <xxxxxx@xxxxx.co.uk>
-      src_ip: 192.168.1.4
-      src_port: 3326
-      tx_id: 0
 - filter:
     count: 1
     match:
       app_proto: smtp
-      dest_ip: 217.12.11.66
-      dest_port: 587
       email.attachment[0]: winmail.dat
       email.from: '"Xxxxxx xxxx" <xxxxxx@xxxxx.co.uk>'
-      email.status: PARSE_DONE
       email.to[0]: <xxxxxx@xxxxx.co.uk>
       event_type: fileinfo
       fileinfo.filename: winmail.dat
       fileinfo.gaps: false
-      fileinfo.size: 10383
+      fileinfo.size: 10451
       fileinfo.state: CLOSED
       fileinfo.stored: true
-      fileinfo.sha256: "81d7ff46d57b5e79df686a72c160225d644e43c47c219f6bbdc5a6699df702d5"
+      fileinfo.sha256: "c14d632ab473fb815381a33bc29103fe34a2bea0e3451a9eae8c6dc0bee2f3eb"
       fileinfo.tx_id: 0
-      pcap_cnt: 42
-      proto: TCP
       smtp.helo: Percival
       smtp.mail_from: <xxxxxx@xxxxx.co.uk>
       smtp.rcpt_to[0]: <xxxxxx@xxxxx.co.uk>
-      src_ip: 192.168.1.4
-      src_port: 3326
 - filter:
     count: 1
     match:
-      dest_ip: 217.12.11.66
-      dest_port: 587
       event_type: smtp
-      proto: TCP
       smtp.helo: Percival
-      src_ip: 192.168.1.4
-      src_port: 3326
       tx_id: 1
-- 
2.47.2