SMTP: Add BDAT support

Closes #3264

testing/btest/scripts/base/protocols/smtp/bdat-0-last.test

@@ -0,0 +1,16 @@
+# @TEST-DOC: PCAP just containing a BDAT 0 LAST command, postfix accepted it as a valid mail :-)
+#
+# @TEST-EXEC: zeek -b -r $TRACES/smtp/rfc3030-bdat-0-last.pcap %INPUT >out
+# @TEST-EXEC: zeek-cut -m uid id.orig_h id.orig_p id.resp_h id.resp_p service duration < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: test ! -f weird.log
+
+@load base/protocols/conn
+@load base/protocols/smtp
+
+event smtp_request(c: connection, is_orig: bool, command: string, arg: string)
+	{
+	print c$uid, is_orig, command, arg;
+	}

testing/btest/scripts/base/protocols/smtp/bdat-multipart-chunked.test

@@ -0,0 +1,19 @@
+# @TEST-DOC: Multipart message transferred via BDAT and many chunks of size 129.
+#
+# @TEST-EXEC: zeek -b -r $TRACES/smtp/rfc3030-bdat-multipart-chunked.pcap %INPUT >out
+# @TEST-EXEC: zeek-cut -m uid id.orig_h id.orig_p id.resp_h id.resp_p service duration < conn.log > conn.log.cut
+# @TEST-EXEC: zeek-cut -m uid fuid source depth mime_type filename sha1 < files.log > files.log.cut
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: btest-diff files.log.cut
+# @TEST-EXEC: test ! -f weird.log
+
+@load base/protocols/conn
+@load base/protocols/smtp
+@load frameworks/files/hash-all-files
+
+event smtp_request(c: connection, is_orig: bool, command: string, arg: string)
+	{
+	print c$uid, is_orig, command, arg;
+	}

testing/btest/scripts/base/protocols/smtp/bdat-multipart.test

@@ -0,0 +1,19 @@
+# @TEST-DOC: Multipart message transferred via BDAT as a single chunk.
+#
+# @TEST-EXEC: zeek -b -r $TRACES/smtp/rfc3030-bdat-multipart.pcap %INPUT >out
+# @TEST-EXEC: zeek-cut -m uid id.orig_h id.orig_p id.resp_h id.resp_p service duration < conn.log > conn.log.cut
+# @TEST-EXEC: zeek-cut -m uid source depth mime_type filename sha1 < files.log > files.log.cut
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: btest-diff files.log.cut
+# @TEST-EXEC: test ! -f weird.log
+
+@load base/protocols/conn
+@load base/protocols/smtp
+@load frameworks/files/hash-all-files
+
+event smtp_request(c: connection, is_orig: bool, command: string, arg: string)
+	{
+	print c$uid, is_orig, command, arg;
+	}

testing/btest/scripts/base/protocols/smtp/bdat.test

@@ -0,0 +1,15 @@
+# @TEST-DOC: Reproduce the first BDAT example from RFC3030.
+#
+# @TEST-EXEC: zeek -b -r $TRACES/smtp/rfc3030-bdat-example1.pcap %INPUT >out
+# @TEST-EXEC: zeek-cut -m uid id.orig_h id.orig_p id.resp_h id.resp_p service duration < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: test ! -f weird.log
+
+@load base/protocols/conn
+@load base/protocols/smtp
+
+event smtp_request(c: connection, is_orig: bool, command: string, arg: string) {
+	print c$uid, is_orig, command, arg;
+}