From 9a0a70ccabbf2150a698de3ba28e417b671c7d17 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Sun, 1 May 2022 08:34:25 +0200
Subject: [PATCH] tests: fix ftp-data direction

---
 tests/bug-4877/test.yaml                    | 32 ++++++++++-----------
 tests/filestore-v2.7-stream-depth/test.yaml | 18 ++++--------
 2 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/tests/bug-4877/test.yaml b/tests/bug-4877/test.yaml
index 54ff4116e..4b61accbc 100644
--- a/tests/bug-4877/test.yaml
+++ b/tests/bug-4877/test.yaml
@@ -11,8 +11,8 @@ checks:
     count: 1
     match:
       app_proto: ftp-data
-      dest_ip: 192.168.100.16
-      dest_port: 42987
+      src_ip: 192.168.100.16
+      src_port: 42987
       event_type: fileinfo
       fileinfo.filename: test.pdf
       fileinfo.gaps: false
@@ -22,14 +22,14 @@ checks:
       fileinfo.stored: true
       fileinfo.tx_id: 0
       proto: TCP
-      src_ip: 192.168.100.230
-      src_port: 20
+      dest_ip: 192.168.100.230
+      dest_port: 20
 - filter:
     count: 1
     match:
       app_proto: ftp-data
-      dest_ip: 192.168.100.230
-      dest_port: 20
+      src_ip: 192.168.100.230
+      src_port: 20
       event_type: fileinfo
       fileinfo.filename: test.pdf
       fileinfo.gaps: false
@@ -39,14 +39,14 @@ checks:
       fileinfo.stored: true
       fileinfo.tx_id: 0
       proto: TCP
-      src_ip: 192.168.100.16
-      src_port: 52407
+      dest_ip: 192.168.100.16
+      dest_port: 52407
 - filter:
     count: 1
     match:
       app_proto: ftp-data
-      dest_ip: 192.168.100.230
-      dest_port: 20
+      src_ip: 192.168.100.230
+      src_port: 20
       event_type: fileinfo
       fileinfo.filename: notepad.exe
       fileinfo.gaps: false
@@ -56,14 +56,14 @@ checks:
       fileinfo.stored: true
       fileinfo.tx_id: 0
       proto: TCP
-      src_ip: 192.168.100.16
-      src_port: 48902
+      dest_ip: 192.168.100.16
+      dest_port: 48902
 - filter:
     count: 1
     match:
       app_proto: ftp-data
-      dest_ip: 192.168.100.16
-      dest_port: 57829
+      src_ip: 192.168.100.16
+      src_port: 57829
       event_type: fileinfo
       fileinfo.filename: notepad.exe
       fileinfo.gaps: false
@@ -73,5 +73,5 @@ checks:
       fileinfo.stored: true
       fileinfo.tx_id: 0
       proto: TCP
-      src_ip: 192.168.100.230
-      src_port: 20
+      dest_ip: 192.168.100.230
+      dest_port: 20
diff --git a/tests/filestore-v2.7-stream-depth/test.yaml b/tests/filestore-v2.7-stream-depth/test.yaml
index 2a6a5ee96..c3e6a182c 100644
--- a/tests/filestore-v2.7-stream-depth/test.yaml
+++ b/tests/filestore-v2.7-stream-depth/test.yaml
@@ -4,27 +4,19 @@ requires:
     - HAVE_NSS
 
 args:
-  - -k none --runmode=single
+- -k none
+- --runmode=single
 
 pcap: input.pcap
 
 checks:
-
-  - filter:
-      requires:
-        min-version: 6
-      count: 1
-      match:
-        event_type: fileinfo
-        fileinfo.state: "CLOSED"
-        fileinfo.stored: true
-        fileinfo.size: 99400
   - filter:
-      requires:
-        lt-version: 6
       count: 1
       match:
         event_type: fileinfo
+        # TRUNCATED: fize is ~150k, we limit to 100k with stream depth
         fileinfo.state: "TRUNCATED"
         fileinfo.stored: true
         fileinfo.size: 99400
+        src_ip: 35.209.241.59
+        src_port: 20
-- 
2.47.2