49 static int DetectEngineHttpUATest01(
void)
59 "GET /index.html HTTP/1.0\r\n" 60 "User-Agent: CONNECT\r\n" 61 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
62 uint32_t http_len =
sizeof(http_buf) - 1;
66 memset(&th_v, 0,
sizeof(th_v));
67 memset(&f, 0,
sizeof(f));
68 memset(&ssn, 0,
sizeof(ssn));
74 f.
proto = IPPROTO_TCP;
91 "(msg:\"http user agent test\"; " 92 "content:\"CONNECT\"; http_user_agent; " 104 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
112 if (http_state == NULL) {
113 printf(
"no http state: ");
122 printf(
"sid 1 didn't match but should have: ");
129 if (alp_tctx != NULL)
148 static int DetectEngineHttpUATest02(
void)
158 "CONNECT /index.html HTTP/1.0\r\n" 159 "User-Agent: CONNECT\r\n" 160 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
161 uint32_t http_len =
sizeof(http_buf) - 1;
165 memset(&th_v, 0,
sizeof(th_v));
166 memset(&f, 0,
sizeof(f));
167 memset(&ssn, 0,
sizeof(ssn));
173 f.
proto = IPPROTO_TCP;
190 "(msg:\"http user agent test\"; " 191 "content:\"CO\"; depth:4; http_user_agent; " 203 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
211 if (http_state == NULL) {
212 printf(
"no http state: ");
221 printf(
"sid 1 didn't match but should have: ");
228 if (alp_tctx != NULL)
247 static int DetectEngineHttpUATest03(
void)
257 "CONNECT /index.html HTTP/1.0\r\n" 258 "User-Agent: CONNECT\r\n" 259 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
260 uint32_t http_len =
sizeof(http_buf) - 1;
264 memset(&th_v, 0,
sizeof(th_v));
265 memset(&f, 0,
sizeof(f));
266 memset(&ssn, 0,
sizeof(ssn));
272 f.
proto = IPPROTO_TCP;
289 "(msg:\"http_user_agent test\"; " 290 "content:!\"ECT\"; depth:4; http_user_agent; " 302 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
310 if (http_state == NULL) {
311 printf(
"no http state: ");
320 printf(
"sid 1 didn't match but should have: ");
327 if (alp_tctx != NULL)
346 static int DetectEngineHttpUATest04(
void)
356 "CONNECT /index.html HTTP/1.0\r\n" 357 "User-Agent: CONNECT\r\n" 358 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
359 uint32_t http_len =
sizeof(http_buf) - 1;
363 memset(&th_v, 0,
sizeof(th_v));
364 memset(&f, 0,
sizeof(f));
365 memset(&ssn, 0,
sizeof(ssn));
371 f.
proto = IPPROTO_TCP;
388 "(msg:\"http user agent test\"; " 389 "content:\"ECT\"; depth:4; http_user_agent; " 401 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
409 if (http_state == NULL) {
410 printf(
"no http state: ");
419 printf(
"sid 1 matched but shouldn't have: ");
426 if (alp_tctx != NULL)
445 static int DetectEngineHttpUATest05(
void)
455 "CONNECT /index.html HTTP/1.0\r\n" 456 "User-Agent: CONNECT\r\n" 457 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
458 uint32_t http_len =
sizeof(http_buf) - 1;
462 memset(&th_v, 0,
sizeof(th_v));
463 memset(&f, 0,
sizeof(f));
464 memset(&ssn, 0,
sizeof(ssn));
470 f.
proto = IPPROTO_TCP;
487 "(msg:\"http user agent test\"; " 488 "content:!\"CON\"; depth:4; http_user_agent; " 500 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
508 if (http_state == NULL) {
509 printf(
"no http state: ");
518 printf(
"sid 1 matched but shouldn't have: ");
525 if (alp_tctx != NULL)
544 static int DetectEngineHttpUATest06(
void)
554 "CONNECT /index.html HTTP/1.0\r\n" 555 "User-Agent: CONNECT\r\n" 556 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
557 uint32_t http_len =
sizeof(http_buf) - 1;
561 memset(&th_v, 0,
sizeof(th_v));
562 memset(&f, 0,
sizeof(f));
563 memset(&ssn, 0,
sizeof(ssn));
569 f.
proto = IPPROTO_TCP;
586 "(msg:\"http user agent test\"; " 587 "content:\"ECT\"; offset:3; http_user_agent; " 599 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
607 if (http_state == NULL) {
608 printf(
"no http state: ");
617 printf(
"sid 1 didn't match but should have: ");
624 if (alp_tctx != NULL)
643 static int DetectEngineHttpUATest07(
void)
653 "CONNECT /index.html HTTP/1.0\r\n" 654 "User-Agent: CONNECT\r\n" 655 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
656 uint32_t http_len =
sizeof(http_buf) - 1;
660 memset(&th_v, 0,
sizeof(th_v));
661 memset(&f, 0,
sizeof(f));
662 memset(&ssn, 0,
sizeof(ssn));
668 f.
proto = IPPROTO_TCP;
685 "(msg:\"http user agent test\"; " 686 "content:!\"CO\"; offset:3; http_user_agent; " 698 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
706 if (http_state == NULL) {
707 printf(
"no http state: ");
716 printf(
"sid 1 didn't match but should have: ");
723 if (alp_tctx != NULL)
742 static int DetectEngineHttpUATest08(
void)
752 "CONNECT /index.html HTTP/1.0\r\n" 753 "User-Agent: CONNECT\r\n" 754 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
755 uint32_t http_len =
sizeof(http_buf) - 1;
759 memset(&th_v, 0,
sizeof(th_v));
760 memset(&f, 0,
sizeof(f));
761 memset(&ssn, 0,
sizeof(ssn));
767 f.
proto = IPPROTO_TCP;
784 "(msg:\"http user agent test\"; " 785 "content:!\"ECT\"; offset:3; http_user_agent; " 797 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
805 if (http_state == NULL) {
806 printf(
"no http state: ");
815 printf(
"sid 1 matched but shouldn't have: ");
822 if (alp_tctx != NULL)
841 static int DetectEngineHttpUATest09(
void)
851 "CONNECT /index.html HTTP/1.0\r\n" 852 "User-Agent: CONNECT\r\n" 853 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
854 uint32_t http_len =
sizeof(http_buf) - 1;
858 memset(&th_v, 0,
sizeof(th_v));
859 memset(&f, 0,
sizeof(f));
860 memset(&ssn, 0,
sizeof(ssn));
866 f.
proto = IPPROTO_TCP;
883 "(msg:\"http user agent test\"; " 884 "content:\"CON\"; offset:3; http_user_agent; " 896 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
904 if (http_state == NULL) {
905 printf(
"no http state: ");
914 printf(
"sid 1 matched but shouldn't have: ");
921 if (alp_tctx != NULL)
940 static int DetectEngineHttpUATest10(
void)
950 "CONNECT /index.html HTTP/1.0\r\n" 951 "User-Agent: CONNECT\r\n" 952 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
953 uint32_t http_len =
sizeof(http_buf) - 1;
957 memset(&th_v, 0,
sizeof(th_v));
958 memset(&f, 0,
sizeof(f));
959 memset(&ssn, 0,
sizeof(ssn));
965 f.
proto = IPPROTO_TCP;
982 "(msg:\"http_user_agent test\"; " 983 "content:\"CO\"; http_user_agent; " 984 "content:\"EC\"; within:4; http_user_agent; " 996 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1004 if (http_state == NULL) {
1005 printf(
"no http state: ");
1014 printf(
"sid 1 didn't match but should have: ");
1021 if (alp_tctx != NULL)
1040 static int DetectEngineHttpUATest11(
void)
1049 uint8_t http_buf[] =
1050 "CONNECT /index.html HTTP/1.0\r\n" 1051 "User-Agent: CONNECT\r\n" 1052 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1053 uint32_t http_len =
sizeof(http_buf) - 1;
1057 memset(&th_v, 0,
sizeof(th_v));
1058 memset(&f, 0,
sizeof(f));
1059 memset(&ssn, 0,
sizeof(ssn));
1065 f.
proto = IPPROTO_TCP;
1082 "(msg:\"http user agent test\"; " 1083 "content:\"CO\"; http_user_agent; " 1084 "content:!\"EC\"; within:3; http_user_agent; " 1096 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1104 if (http_state == NULL) {
1105 printf(
"no http state: ");
1114 printf(
"sid 1 didn't match but should have: ");
1121 if (alp_tctx != NULL)
1140 static int DetectEngineHttpUATest12(
void)
1149 uint8_t http_buf[] =
1150 "CONNECT /index.html HTTP/1.0\r\n" 1151 "User-Agent: CONNECT\r\n" 1152 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1153 uint32_t http_len =
sizeof(http_buf) - 1;
1157 memset(&th_v, 0,
sizeof(th_v));
1158 memset(&f, 0,
sizeof(f));
1159 memset(&ssn, 0,
sizeof(ssn));
1165 f.
proto = IPPROTO_TCP;
1182 "(msg:\"http_user_agent test\"; " 1183 "content:\"CO\"; http_user_agent; " 1184 "content:\"EC\"; within:3; http_user_agent; " 1196 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1204 if (http_state == NULL) {
1205 printf(
"no http state: ");
1214 printf(
"sid 1 matched but shouldn't have: ");
1221 if (alp_tctx != NULL)
1240 static int DetectEngineHttpUATest13(
void)
1249 uint8_t http_buf[] =
1250 "CONNECT /index.html HTTP/1.0\r\n" 1251 "User-Agent: CONNECT\r\n" 1252 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1253 uint32_t http_len =
sizeof(http_buf) - 1;
1257 memset(&th_v, 0,
sizeof(th_v));
1258 memset(&f, 0,
sizeof(f));
1259 memset(&ssn, 0,
sizeof(ssn));
1265 f.
proto = IPPROTO_TCP;
1282 "(msg:\"http user agent test\"; " 1283 "content:\"CO\"; http_user_agent; " 1284 "content:!\"EC\"; within:4; http_user_agent; " 1296 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1304 if (http_state == NULL) {
1305 printf(
"no http state: ");
1314 printf(
"sid 1 matched but shouldn't have: ");
1321 if (alp_tctx != NULL)
1340 static int DetectEngineHttpUATest14(
void)
1349 uint8_t http_buf[] =
1350 "CONNECT /index.html HTTP/1.0\r\n" 1351 "User-Agent: CONNECT\r\n" 1352 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1353 uint32_t http_len =
sizeof(http_buf) - 1;
1357 memset(&th_v, 0,
sizeof(th_v));
1358 memset(&f, 0,
sizeof(f));
1359 memset(&ssn, 0,
sizeof(ssn));
1365 f.
proto = IPPROTO_TCP;
1382 "(msg:\"http_user_agent test\"; " 1383 "content:\"CO\"; http_user_agent; " 1384 "content:\"EC\"; distance:2; http_user_agent; " 1396 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1404 if (http_state == NULL) {
1405 printf(
"no http state: ");
1414 printf(
"sid 1 didn't match but should have: ");
1421 if (alp_tctx != NULL)
1440 static int DetectEngineHttpUATest15(
void)
1449 uint8_t http_buf[] =
1450 "CONNECT /index.html HTTP/1.0\r\n" 1451 "User-Agent: CONNECT\r\n" 1452 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1453 uint32_t http_len =
sizeof(http_buf) - 1;
1457 memset(&th_v, 0,
sizeof(th_v));
1458 memset(&f, 0,
sizeof(f));
1459 memset(&ssn, 0,
sizeof(ssn));
1465 f.
proto = IPPROTO_TCP;
1482 "(msg:\"http user agent test\"; " 1483 "content:\"CO\"; http_user_agent; " 1484 "content:!\"EC\"; distance:3; http_user_agent; " 1496 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1504 if (http_state == NULL) {
1505 printf(
"no http state: ");
1514 printf(
"sid 1 didn't match but should have: ");
1521 if (alp_tctx != NULL)
1540 static int DetectEngineHttpUATest16(
void)
1549 uint8_t http_buf[] =
1550 "CONNECT /index.html HTTP/1.0\r\n" 1551 "User-Agent: CONNECT\r\n" 1552 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1553 uint32_t http_len =
sizeof(http_buf) - 1;
1557 memset(&th_v, 0,
sizeof(th_v));
1558 memset(&f, 0,
sizeof(f));
1559 memset(&ssn, 0,
sizeof(ssn));
1565 f.
proto = IPPROTO_TCP;
1582 "(msg:\"http user agent test\"; " 1583 "content:\"CO\"; http_user_agent; " 1584 "content:\"EC\"; distance:3; http_user_agent; " 1596 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1604 if (http_state == NULL) {
1605 printf(
"no http state: ");
1614 printf(
"sid 1 matched but shouldn't have: ");
1621 if (alp_tctx != NULL)
1640 static int DetectEngineHttpUATest17(
void)
1649 uint8_t http_buf[] =
1650 "CONNECT /index.html HTTP/1.0\r\n" 1651 "User-Agent: CONNECT\r\n" 1652 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1653 uint32_t http_len =
sizeof(http_buf) - 1;
1657 memset(&th_v, 0,
sizeof(th_v));
1658 memset(&f, 0,
sizeof(f));
1659 memset(&ssn, 0,
sizeof(ssn));
1665 f.
proto = IPPROTO_TCP;
1682 "(msg:\"http_user_agent test\"; " 1683 "content:\"CO\"; http_user_agent; " 1684 "content:!\"EC\"; distance:2; http_user_agent; " 1696 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1704 if (http_state == NULL) {
1705 printf(
"no http state: ");
1714 printf(
"sid 1 matched but shouldn't have: ");
1721 if (alp_tctx != NULL)
1740 static int DetectHttpUATest01(
void)
1751 "(msg:\"Testing http_user_agent\"; " 1752 "content:\"one\"; http_user_agent; sid:1;)");
1769 static int DetectHttpUATest02(
void)
1780 "(msg:\"Testing http_user_agent\"; " 1781 "content:\"one\"; http_user_agent:; sid:1;)");
1795 static int DetectHttpUATest03(
void)
1806 "(msg:\"Testing http_user_agent\"; " 1807 "http_user_agent; sid:1;)");
1821 static int DetectHttpUATest04(
void)
1832 "(msg:\"Testing http_user_agent\"; " 1833 "content:\"one\"; rawbytes; http_user_agent; sid:1;)");
1846 static int DetectHttpUATest05(
void)
1857 "(msg:\"Testing http_user_agent\"; " 1858 "content:\"one\"; http_user_agent; nocase; sid:1;)");
1872 static int DetectHttpUATest06(
void)
1881 uint8_t http_buf[] =
1882 "GET /index.html HTTP/1.0\r\n" 1883 "Host: www.openinfosecfoundation.org\r\n" 1884 "User-Agent: This is dummy message body\r\n" 1885 "Content-Type: text/html\r\n" 1887 uint32_t http_len =
sizeof(http_buf) - 1;
1891 memset(&th_v, 0,
sizeof(th_v));
1892 memset(&f, 0,
sizeof(f));
1893 memset(&ssn, 0,
sizeof(ssn));
1899 f.
proto = IPPROTO_TCP;
1917 "(msg:\"http user agent test\"; " 1918 "content:\"message\"; http_user_agent; " 1930 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1938 if (http_state == NULL) {
1939 printf(
"no http state: \n");
1948 printf(
"sid 1 didn't match but should have\n");
1954 if (alp_tctx != NULL)
1969 static int DetectHttpUATest07(
void)
1979 uint8_t http1_buf[] =
1980 "GET /index.html HTTP/1.0\r\n" 1981 "Host: www.openinfosecfoundation.org\r\n" 1982 "User-Agent: This is dummy message";
1983 uint8_t http2_buf[] =
1985 uint32_t http1_len =
sizeof(http1_buf) - 1;
1986 uint32_t http2_len =
sizeof(http2_buf) - 1;
1990 memset(&th_v, 0,
sizeof(th_v));
1991 memset(&f, 0,
sizeof(f));
1992 memset(&ssn, 0,
sizeof(ssn));
1999 f.
proto = IPPROTO_TCP;
2021 "(msg:\"http user agent test\"; " 2022 "content:\"message\"; http_user_agent; " 2034 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2042 if (http_state == NULL) {
2043 printf(
"no http state: ");
2051 printf(
"sid 1 matched on p1 but shouldn't have: ");
2059 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2068 printf(
"sid 1 didn't match on p2 but should have: ");
2074 if (alp_tctx != NULL)
2090 static int DetectHttpUATest08(
void)
2100 uint8_t http1_buf[] =
2101 "GET /index.html HTTP/1.0\r\n" 2102 "Host: www.openinfosecfoundation.org\r\n" 2103 "User-Agent: This is dummy mess";
2104 uint8_t http2_buf[] =
2106 uint32_t http1_len =
sizeof(http1_buf) - 1;
2107 uint32_t http2_len =
sizeof(http2_buf) - 1;
2111 memset(&th_v, 0,
sizeof(th_v));
2112 memset(&f, 0,
sizeof(f));
2113 memset(&ssn, 0,
sizeof(ssn));
2120 f.
proto = IPPROTO_TCP;
2142 "(msg:\"http user agent test\"; " 2143 "content:\"message\"; http_user_agent; " 2155 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2163 if (http_state == NULL) {
2164 printf(
"no http state: ");
2173 printf(
"sid 1 didn't match but should have");
2181 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2192 printf(
"sid 1 didn't match but should have");
2198 if (alp_tctx != NULL)
2214 static int DetectHttpUATest09(
void)
2224 uint8_t http1_buf[] =
2225 "GET /index.html HTTP/1.0\r\n" 2226 "Host: www.openinfosecfoundation.org\r\n" 2227 "User-Agent: This is dummy body1";
2228 uint8_t http2_buf[] =
2229 "This is dummy message body2\r\n" 2230 "Content-Type: text/html\r\n" 2231 "Content-Length: 46\r\n" 2233 "This is dummy body1";
2234 uint32_t http1_len =
sizeof(http1_buf) - 1;
2235 uint32_t http2_len =
sizeof(http2_buf) - 1;
2239 memset(&th_v, 0,
sizeof(th_v));
2240 memset(&f, 0,
sizeof(f));
2241 memset(&ssn, 0,
sizeof(ssn));
2248 f.
proto = IPPROTO_TCP;
2270 "(msg:\"http user agent test\"; " 2271 "content:\"body1This\"; http_user_agent; " 2283 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2291 if (http_state == NULL) {
2292 printf(
"no http state: ");
2301 printf(
"sid 1 didn't match but should have");
2309 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2320 printf(
"sid 1 didn't match but should have");
2326 if (alp_tctx != NULL)
2342 static int DetectHttpUATest10(
void)
2352 uint8_t http1_buf[] =
2353 "GET /index.html HTTP/1.0\r\n" 2354 "Host: www.openinfosecfoundation.org\r\n" 2355 "User-Agent: This is dummy bodY1";
2356 uint8_t http2_buf[] =
2357 "This is dummy message body2\r\n" 2358 "Content-Type: text/html\r\n" 2359 "Content-Length: 46\r\n" 2361 "This is dummy bodY1";
2362 uint32_t http1_len =
sizeof(http1_buf) - 1;
2363 uint32_t http2_len =
sizeof(http2_buf) - 1;
2367 memset(&th_v, 0,
sizeof(th_v));
2368 memset(&f, 0,
sizeof(f));
2369 memset(&ssn, 0,
sizeof(ssn));
2376 f.
proto = IPPROTO_TCP;
2398 "(msg:\"http user agent test\"; " 2399 "content:\"body1this\"; http_user_agent; nocase;" 2411 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2419 if (http_state == NULL) {
2420 printf(
"no http state: \n");
2429 printf(
"sid 1 didn't match but should have\n");
2437 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
2448 printf(
"sid 1 didn't match but should have");
2454 if (alp_tctx != NULL)
2470 static int DetectHttpUATest11(
void)
2479 uint8_t http_buf[] =
2480 "GET /index.html HTTP/1.0\r\n" 2481 "Host: www.openinfosecfoundation.org\r\n" 2482 "User-Agent: This is dummy message body\r\n" 2483 "Content-Type: text/html\r\n" 2485 uint32_t http_len =
sizeof(http_buf) - 1;
2489 memset(&th_v, 0,
sizeof(th_v));
2490 memset(&f, 0,
sizeof(f));
2491 memset(&ssn, 0,
sizeof(ssn));
2497 f.
proto = IPPROTO_TCP;
2515 "(msg:\"http user agent test\"; " 2516 "content:!\"message\"; http_user_agent; " 2528 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2536 if (http_state == NULL) {
2537 printf(
"no http state: ");
2546 printf(
"sid 1 matched but shouldn't have");
2552 if (alp_tctx != NULL)
2567 static int DetectHttpUATest12(
void)
2576 uint8_t http_buf[] =
2577 "GET /index.html HTTP/1.0\r\n" 2578 "Host: www.openinfosecfoundation.org\r\n" 2579 "User-Agent: This is dummy body\r\n" 2581 uint32_t http_len =
sizeof(http_buf) - 1;
2585 memset(&th_v, 0,
sizeof(th_v));
2586 memset(&f, 0,
sizeof(f));
2587 memset(&ssn, 0,
sizeof(ssn));
2593 f.
proto = IPPROTO_TCP;
2611 "(msg:\"http user agent test\"; " 2612 "content:!\"message\"; http_user_agent; " 2624 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2632 if (http_state == NULL) {
2633 printf(
"no http state: ");
2642 printf(
"sid 1 didn't match but should have");
2648 if (alp_tctx != NULL)
2663 static int DetectHttpUATest13(
void)
2672 uint8_t http_buf[] =
2673 "GET /index.html HTTP/1.0\r\n" 2674 "Host: www.openinfosecfoundation.org\r\n" 2675 "User-Agent: longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n" 2676 "Content-Type: text/html\r\n" 2678 uint32_t http_len =
sizeof(http_buf) - 1;
2682 memset(&th_v, 0,
sizeof(th_v));
2683 memset(&f, 0,
sizeof(f));
2684 memset(&ssn, 0,
sizeof(ssn));
2690 f.
proto = IPPROTO_TCP;
2708 "(msg:\"http user agent test\"; " 2709 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_user_agent; " 2721 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2729 if (http_state == NULL) {
2730 printf(
"no http state: ");
2739 printf(
"sid 1 didn't match but should have");
2745 if (alp_tctx != NULL)
2759 static int DetectHttpUATest14(
void)
2768 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
2769 uint8_t httpbuf2[] =
"Cookie: dummy1\r\n";
2770 uint8_t httpbuf3[] =
"User-Agent: Body one!!\r\n\r\n";
2771 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2772 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2773 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
2774 uint8_t httpbuf4[] =
"GET /?var=val HTTP/1.1\r\n";
2775 uint8_t httpbuf5[] =
"Cookie: dummy2\r\n";
2776 uint8_t httpbuf6[] =
"User-Agent: Body two\r\n\r\n";
2777 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
2778 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
2779 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
2782 memset(&th_v, 0,
sizeof(th_v));
2783 memset(&f, 0,
sizeof(f));
2784 memset(&ssn, 0,
sizeof(ssn));
2790 f.
proto = IPPROTO_TCP;
2802 if (de_ctx == NULL) {
2808 s =
DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"dummy1\"; http_cookie; content:\"Body one\"; http_user_agent; sid:1; rev:1;)");
2810 printf(
"sig parse failed: ");
2813 s =
DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"dummy2\"; http_cookie; content:\"Body two\"; http_user_agent; sid:2; rev:1;)");
2815 printf(
"sig2 parse failed: ");
2826 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2835 printf(
"sig 1 alerted: ");
2844 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
2853 printf(
"sig 1 alerted (2): ");
2862 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
2871 printf(
"sig 1 didn't alert: ");
2880 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
2889 printf(
"sig 1 alerted (4): ");
2898 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
2907 printf(
"sig 1 alerted (request 2, chunk 6): ");
2918 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
2927 printf(
"signature 2 didn't match or sig 1 matched, but shouldn't have: ");
2933 if (htp_state == NULL) {
2934 printf(
"no http state: ");
2940 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2946 if (alp_tctx != NULL)
2948 if (det_ctx != NULL) {
2951 if (de_ctx != NULL) {
2961 static int DetectHttpUATest22(
void)
2971 "(content:\"one\"; content:\"two\"; http_user_agent; " 2972 "content:\"three\"; distance:10; http_user_agent; content:\"four\"; sid:1;)");
2974 printf(
"de_ctx->sig_list == NULL\n");
2979 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
2983 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
2984 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
2993 cd2->flags != 0 || memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2997 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3015 static int DetectHttpUATest23(
void)
3025 "(content:\"one\"; http_user_agent; pcre:/two/; " 3026 "content:\"three\"; distance:10; http_user_agent; content:\"four\"; sid:1;)");
3028 printf(
"de_ctx->sig_list == NULL\n");
3033 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
3037 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3038 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3046 if (pd1->
flags != 0 ||
3047 cd2->flags != 0 || memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
3051 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3068 static int DetectHttpUATest24(
void)
3078 "(content:\"one\"; http_user_agent; pcre:/two/; " 3079 "content:\"three\"; distance:10; within:15; http_user_agent; content:\"four\"; sid:1;)");
3081 printf(
"de_ctx->sig_list == NULL\n");
3086 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
3090 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3091 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3099 if (pd1->
flags != 0 ||
3100 cd2->flags != 0 || memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
3104 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3121 static int DetectHttpUATest25(
void)
3131 "(content:\"one\"; http_user_agent; pcre:/two/; " 3132 "content:\"three\"; distance:10; http_user_agent; " 3133 "content:\"four\"; distance:10; sid:1;)");
3135 printf(
"de_ctx->sig_list == NULL\n");
3140 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
3144 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3145 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3155 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
3159 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3176 static int DetectHttpUATest26(
void)
3186 "(content:\"one\"; offset:10; http_user_agent; pcre:/two/; " 3187 "content:\"three\"; distance:10; http_user_agent; within:10; " 3188 "content:\"four\"; distance:10; sid:1;)");
3190 printf(
"de_ctx->sig_list == NULL\n");
3195 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
3199 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3200 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3210 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
3214 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3215 printf (
"failed: http_user_agent incorrect flags");
3232 static int DetectHttpUATest27(
void)
3242 "(content:\"one\"; offset:10; http_user_agent; pcre:/two/; " 3243 "content:\"three\"; distance:10; http_user_agent; within:10; " 3244 "content:\"four\"; distance:10; sid:1;)");
3246 printf(
"de_ctx->sig_list == NULL\n");
3257 static int DetectHttpUATest28(
void)
3267 "(content:\"one\"; http_user_agent; pcre:/two/; " 3268 "content:\"three\"; http_user_agent; depth:10; " 3269 "content:\"four\"; distance:10; sid:1;)");
3271 printf(
"de_ctx->sig_list == NULL\n");
3276 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
3280 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3281 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3291 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
3292 huad1->
flags != 0 ||
3295 memcmp(huad2->content,
"three", huad1->
content_len) != 0) {
3312 static int DetectHttpUATest29(
void)
3322 "(content:\"one\"; http_user_agent; " 3323 "content:\"two\"; distance:0; http_user_agent; sid:1;)");
3325 printf(
"de_ctx->sig_list == NULL\n");
3330 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
3334 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3335 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3344 memcmp(huad2->content,
"two", huad1->
content_len) != 0) {
3355 static int DetectHttpUATest30(
void)
3365 "(content:\"one\"; http_user_agent; " 3366 "content:\"two\"; within:5; http_user_agent; sid:1;)");
3368 printf(
"de_ctx->sig_list == NULL\n");
3373 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
3377 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3378 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3387 memcmp(huad2->content,
"two", huad1->
content_len) != 0) {
3398 static int DetectHttpUATest31(
void)
3408 "(content:\"one\"; within:5; http_user_agent; sid:1;)");
3410 printf(
"de_ctx->sig_list == NULL\n");
3421 static int DetectHttpUATest32(
void)
3431 "(content:\"one\"; http_user_agent; within:5; sid:1;)");
3433 printf(
"de_ctx->sig_list != NULL\n");
3444 static int DetectHttpUATest33(
void)
3454 "(content:\"one\"; within:5; sid:1;)");
3456 printf(
"de_ctx->sig_list == NULL\n");
3467 static int DetectHttpUATest34(
void)
3478 "content:\"two\"; within:5; http_user_agent; sid:1;)");
3480 printf(
"de_ctx->sig_list == NULL\n");
3485 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
3489 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3490 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3494 if (de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id] == NULL ||
3496 de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id]->prev == NULL ||
3506 memcmp(huad2->content,
"two", huad2->content_len) != 0) {
3517 static int DetectHttpUATest35(
void)
3527 "(content:\"two\"; http_user_agent; " 3528 "pcre:/one/VR; sid:1;)");
3530 printf(
"de_ctx->sig_list == NULL\n");
3535 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
3539 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3540 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3544 if (de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id] == NULL ||
3546 de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id]->prev == NULL ||
3567 static int DetectHttpUATest36(
void)
3578 "content:\"two\"; distance:5; http_user_agent; sid:1;)");
3580 printf(
"de_ctx->sig_list == NULL\n");
3585 printf(
"de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
3589 if (de_ctx->
sig_list->sm_lists[g_http_ua_buffer_id] == NULL) {
3590 printf(
"de_ctx->sig_list->sm_lists[g_http_ua_buffer_id] == NULL\n");
3594 if (de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id] == NULL ||
3596 de_ctx->
sig_list->sm_lists_tail[g_http_ua_buffer_id]->prev == NULL ||
3606 memcmp(huad2->content,
"two", huad2->content_len) != 0) {
3617 static void DetectHttpUARegisterTests(
void)
3619 UtRegisterTest(
"DetectEngineHttpUATest01", DetectEngineHttpUATest01);
3620 UtRegisterTest(
"DetectEngineHttpUATest02", DetectEngineHttpUATest02);
3621 UtRegisterTest(
"DetectEngineHttpUATest03", DetectEngineHttpUATest03);
3622 UtRegisterTest(
"DetectEngineHttpUATest04", DetectEngineHttpUATest04);
3623 UtRegisterTest(
"DetectEngineHttpUATest05", DetectEngineHttpUATest05);
3624 UtRegisterTest(
"DetectEngineHttpUATest06", DetectEngineHttpUATest06);
3625 UtRegisterTest(
"DetectEngineHttpUATest07", DetectEngineHttpUATest07);
3626 UtRegisterTest(
"DetectEngineHttpUATest08", DetectEngineHttpUATest08);
3627 UtRegisterTest(
"DetectEngineHttpUATest09", DetectEngineHttpUATest09);
3628 UtRegisterTest(
"DetectEngineHttpUATest10", DetectEngineHttpUATest10);
3629 UtRegisterTest(
"DetectEngineHttpUATest11", DetectEngineHttpUATest11);
3630 UtRegisterTest(
"DetectEngineHttpUATest12", DetectEngineHttpUATest12);
3631 UtRegisterTest(
"DetectEngineHttpUATest13", DetectEngineHttpUATest13);
3632 UtRegisterTest(
"DetectEngineHttpUATest14", DetectEngineHttpUATest14);
3633 UtRegisterTest(
"DetectEngineHttpUATest15", DetectEngineHttpUATest15);
3634 UtRegisterTest(
"DetectEngineHttpUATest16", DetectEngineHttpUATest16);
3635 UtRegisterTest(
"DetectEngineHttpUATest17", DetectEngineHttpUATest17);
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
#define DETECT_PCRE_RELATIVE
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
#define FLOWLOCK_UNLOCK(fb)
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_ESTABLISHED
void SigCleanSignatures(DetectEngineCtx *de_ctx)
void StreamTcpFreeConfig(char quiet)
#define DETECT_CONTENT_DISTANCE
#define FLOWLOCK_WRLOCK(fb)
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
#define DETECT_CONTENT_DEPTH
#define DETECT_CONTENT_IS_SINGLE(c)
main detection engine ctx
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
#define FLOW_PKT_TOSERVER
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define FLOW_INITIALIZE(f)
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define DETECT_CONTENT_WITHIN
#define DETECT_PCRE_RELATIVE_NEXT
#define DETECT_CONTENT_RELATIVE_NEXT
Per thread variable structure.
AppProto alproto
application level protocol
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself...
#define DETECT_CONTENT_OFFSET
DetectEngineCtx * DetectEngineCtxInit(void)