suricata
detect-pkt-data.c
Go to the documentation of this file.
1 /* Copyright (C) 2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Xavier Lange <xrlange@gmail.com>
22  *
23  */
24 
25 #include "suricata-common.h"
26 #include "threads.h"
27 #include "debug.h"
28 #include "decode.h"
29 
30 #include "detect.h"
31 #include "detect-parse.h"
32 #include "detect-pkt-data.h"
33 #include "detect-engine.h"
34 #include "detect-engine-mpm.h"
35 #include "detect-engine-state.h"
36 
37 #include "flow.h"
38 #include "flow-var.h"
39 #include "flow-util.h"
40 
41 #include "util-debug.h"
42 #include "util-spm-bm.h"
43 #include "util-unittest.h"
44 #include "util-unittest-helper.h"
45 
46 static int DetectPktDataSetup (DetectEngineCtx *, Signature *, const char *);
47 static void DetectPktDataTestRegister(void);
48 
49 /**
50  * \brief Registration function for keyword: file_data
51  */
53 {
54  sigmatch_table[DETECT_PKT_DATA].name = "pkt_data";
56  sigmatch_table[DETECT_PKT_DATA].Setup = DetectPktDataSetup;
58  sigmatch_table[DETECT_PKT_DATA].RegisterTests = DetectPktDataTestRegister;
60 }
61 
62 /**
63  * \brief this function is used to parse pkt_data options
64  * \brief into the current signature
65  *
66  * \param de_ctx pointer to the Detection Engine Context
67  * \param s pointer to the Current Signature
68  * \param str pointer to the user provided "filestore" option
69  *
70  * \retval 0 on Success
71  * \retval -1 on Failure
72  */
73 static int DetectPktDataSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
74 {
75  SCEnter();
77 
78  return 0;
79 }
80 
81 #ifdef UNITTESTS
82 
83 /************************************Unittests*********************************/
84 static int g_file_data_buffer_id = 0;
85 
86 static int DetectPktDataTest01(void)
87 {
88  DetectEngineCtx *de_ctx = NULL;
89  int result = 0;
90  SigMatch *sm = NULL;
91 
92  de_ctx = DetectEngineCtxInit();
93  if (de_ctx == NULL)
94  goto end;
95 
96  de_ctx->flags |= DE_QUIET;
97 
98  Signature *sig = SigInit(de_ctx, "alert tcp any any -> any any "
99  "(file_data; content:\"in file data\";"
100  " pkt_data; content:\"in pkt data\";)");
101  de_ctx->sig_list = sig;
102  if (de_ctx->sig_list == NULL) {
103  SCLogError(SC_ERR_INVALID_SIGNATURE,"could not load test signature");
104  goto end;
105  }
106 
107  /* sm should be in the MATCH list */
108  sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
109  if (sm == NULL) {
110  printf("sm not in g_file_data_buffer_id: ");
111  goto end;
112  }
113 
114  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
115  if (sm == NULL) {
116  printf("sm not in DETECT_SM_LIST_PMATCH: ");
117  goto end;
118  }
119 
120  if (sm->type != DETECT_CONTENT) {
121  printf("sm type not DETECT_AL_HTTP_SERVER_BODY: ");
122  goto end;
123  }
124 
125  if (sm->next != NULL) {
126  goto end;
127  }
128 
129 
130  if (sig->init_data->list != DETECT_SM_LIST_NOTSET) {
131  printf("sticky buffer set: ");
132  goto end;
133  }
134 
135  result = 1;
136 end:
137  SigGroupCleanup(de_ctx);
138  SigCleanSignatures(de_ctx);
139  DetectEngineCtxFree(de_ctx);
140 
141  return result;
142 }
143 #endif
144 
145 static void DetectPktDataTestRegister(void)
146 {
147 #ifdef UNITTESTS
148  g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
149 
150  UtRegisterTest("DetectPktDataTest01", DetectPktDataTest01);
151 #endif
152 }
153 
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1406
SignatureInitData * init_data
Definition: detect.h:563
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1149
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Signature * sig_list
Definition: detect.h:729
void SigCleanSignatures(DetectEngineCtx *de_ctx)
const char * name
Definition: detect.h:1163
Signature container.
Definition: detect.h:495
struct SigMatch_ * next
Definition: detect.h:326
main detection engine ctx
Definition: detect.h:723
#define DE_QUIET
Definition: detect.h:296
int DetectBufferTypeGetByName(const char *name)
#define str(s)
uint8_t flags
Definition: detect.h:724
Data structures and function prototypes for keeping state for the detection engine.
void(* Free)(void *)
Definition: detect.h:1154
void DetectPktDataRegister(void)
Registration function for keyword: file_data.
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
#define DETECT_SM_LIST_NOTSET
Definition: detect.h:118
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t type
Definition: detect.h:323
#define SIGMATCH_NOOPT
Definition: detect.h:1331
int(* Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1132
uint16_t flags
Definition: detect.h:1157
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void(* RegisterTests)(void)
Definition: detect.h:1155
a single match condition for a signature
Definition: detect.h:322
DetectEngineCtx * DetectEngineCtxInit(void)