suricata
detect-engine-content-inspection.c File Reference
#include "../suricata-common.h"
#include "../decode.h"
#include "../flow.h"
#include "../detect.h"
Include dependency graph for detect-engine-content-inspection.c:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define TEST_HEADER
 
#define TEST_RUN(buf, buflen, sig, match, steps)
 
#define TEST_FOOTER   PASS
 

Functions

void DetectEngineContentInspectionRegisterTests (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Tests for the content inspection engine.

Definition in file detect-engine-content-inspection.c.

Macro Definition Documentation

#define TEST_FOOTER   PASS

Definition at line 58 of file detect-engine-content-inspection.c.

#define TEST_HEADER
Value:
memset(&tv, 0, sizeof(tv)); \
Flow f; \
memset(&f, 0, sizeof(f));
struct Flow_ Flow
Flow data structure.
Per thread variable structure.
Definition: threadvars.h:57

Definition at line 31 of file detect-engine-content-inspection.c.

#define TEST_RUN (   buf,
  buflen,
  sig,
  match,
  steps 
)
Value:
{ \
FAIL_IF_NULL(de_ctx); \
DetectEngineThreadCtx *det_ctx = NULL; \
char rule[2048]; \
snprintf(rule, sizeof(rule), "alert tcp any any -> any any (%s sid:1; rev:1;)", (sig)); \
Signature *s = DetectEngineAppendSig(de_ctx, rule); \
SigGroupBuild(de_ctx); \
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); \
FAIL_IF_NULL(det_ctx); \
int r = DetectEngineContentInspection(de_ctx, det_ctx, \
s, s->sm_arrays[DETECT_SM_LIST_PMATCH], NULL, &f, \
(uint8_t *)(buf), (buflen), 0, DETECT_CI_FLAGS_SINGLE, \
FAIL_IF_NOT(r == (match)); \
FAIL_IF_NOT(det_ctx->inspection_recursion_counter == (steps)); \
}
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
Run the actual payload match functions.
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
struct Signature_ Signature
Signature container.
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
struct DetectEngineCtx_ DetectEngineCtx
main detection engine ctx
struct DetectEngineThreadCtx_ DetectEngineThreadCtx
#define DETECT_CI_FLAGS_SINGLE
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
DetectEngineCtx * DetectEngineCtxInit(void)

Definition at line 37 of file detect-engine-content-inspection.c.

Function Documentation

void DetectEngineContentInspectionRegisterTests ( void  )

Definition at line 266 of file detect-engine-content-inspection.c.

References UtRegisterTest().

Referenced by SigRegisterTests().

Here is the call graph for this function:

Here is the caller graph for this function: