From 364ea802e4ab58ef7f8eb18e5a68a2bceb580ad1 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 6 Jun 2020 09:27:07 +0200 Subject: [PATCH] tests: fixes after TCP changes Fixes around ACK'd data. --- tests/smtp-eve/test.yaml | 46 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/tests/smtp-eve/test.yaml b/tests/smtp-eve/test.yaml index bc59f92cd..924b7b55d 100644 --- a/tests/smtp-eve/test.yaml +++ b/tests/smtp-eve/test.yaml @@ -14,7 +14,6 @@ checks: email.status: PARSE_DONE email.to[0]: event_type: smtp - pcap_cnt: 46 proto: TCP smtp.helo: GP smtp.mail_from: @@ -39,7 +38,50 @@ checks: fileinfo.state: CLOSED fileinfo.stored: false fileinfo.tx_id: 0 - pcap_cnt: 46 + proto: TCP + smtp.helo: GP + smtp.mail_from: + smtp.rcpt_to[0]: + src_ip: 10.10.1.4 + src_port: 1470 +- filter: + version: 6 + count: 1 + match: + dest_ip: 74.53.140.153 + dest_port: 25 + email.attachment[0]: NEWS.txt + email.from: '"Gurpartap Singh" ' + email.status: PARSE_DONE + email.to[0]: + event_type: smtp + pcap_cnt: 51 + proto: TCP + smtp.helo: GP + smtp.mail_from: + smtp.rcpt_to[0]: + src_ip: 10.10.1.4 + src_port: 1470 + tx_id: 0 +- filter: + version: 6 + count: 1 + match: + app_proto: smtp + dest_ip: 74.53.140.153 + dest_port: 25 + email.attachment[0]: NEWS.txt + email.from: '"Gurpartap Singh" ' + email.status: PARSE_DONE + email.to[0]: + event_type: fileinfo + fileinfo.filename: NEWS.txt + fileinfo.gaps: false + fileinfo.size: 10735 + fileinfo.state: CLOSED + fileinfo.stored: false + fileinfo.tx_id: 0 + pcap_cnt: 51 proto: TCP smtp.helo: GP smtp.mail_from: -- 2.47.2