Go to the documentation of this file.
1 /* Copyright (C) 2007-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <>
22  *
23  */
25 /**
26  * \test Test that a signature containing a tls_cert_issuer is correctly parsed
27  * and that the keyword is registered.
28  */
29 static int DetectTlsIssuerTest01(void)
30 {
32  FAIL_IF_NULL(de_ctx);
34  de_ctx->flags |= DE_QUIET;
35  de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
36  "(msg:\"Testing tls.cert_issuer\"; "
37  "tls.cert_issuer; content:\"test\"; sid:1;)");
38  FAIL_IF_NULL(de_ctx->sig_list);
40  /* sm should not be in the MATCH list */
41  SigMatch *sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
44  sm = de_ctx->sig_list->sm_lists[g_tls_cert_issuer_buffer_id];
45  FAIL_IF_NULL(sm);
47  FAIL_IF(sm->type != DETECT_CONTENT);
50  SigGroupCleanup(de_ctx);
51  DetectEngineCtxFree(de_ctx);
53  PASS;
54 }
56 /**
57  * \test Test matching for google in the issuer of a certificate
58  *
59  */
60 static int DetectTlsIssuerTest02(void)
61 {
62  /* client hello */
63  uint8_t client_hello[] = {
64  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
65  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
66  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
67  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
68  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
69  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
70  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
71  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
72  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
73  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
74  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
75  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
76  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
77  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
78  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
79  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
80  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
81  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
82  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
83  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
84  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
85  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
86  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
87  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
88  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
89  0x03, 0x04, 0x02, 0x02, 0x02
90  };
92  /* server hello */
93  uint8_t server_hello[] = {
94  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
95  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
96  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
97  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
98  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
99  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
100  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
101  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
102  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
103  0x0b, 0x00, 0x02, 0x01, 0x00
104  };
106  /* certificate */
107  uint8_t certificate[] = {
108  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
109  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
110  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
111  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
112  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
113  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
114  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
115  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
116  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
117  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
118  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
119  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
120  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
121  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
122  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
123  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
124  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
125  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
126  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
127  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
128  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
129  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
130  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
131  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
132  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
133  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
134  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
135  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
136  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
137  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
138  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
139  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
140  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
141  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
142  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
143  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
144  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
145  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
146  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
147  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
148  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
149  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
150  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
151  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
152  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
153  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
154  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
155  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
156  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
157  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
158  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
159  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
160  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
161  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
162  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
163  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
164  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
165  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
166  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
167  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
168  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
169  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
170  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
171  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
172  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
173  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
174  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
175  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
176  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
177  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
178  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
179  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
180  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
181  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
182  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
183  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
184  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
185  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
186  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
187  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
188  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
189  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
190  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
191  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
192  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
193  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
194  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
195  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
196  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
197  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
198  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
199  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
200  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
201  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
202  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
203  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
204  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
205  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
206  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
207  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
208  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
209  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
210  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
211  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
212  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
213  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
214  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
215  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
216  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
217  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
218  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
219  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
220  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
221  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
222  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
223  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
224  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
225  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
226  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
227  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
228  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
229  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
230  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
231  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
232  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
233  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
234  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
235  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
236  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
237  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
238  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
239  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
240  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
241  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
242  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
243  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
244  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
245  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
246  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
247  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
248  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
249  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
250  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
251  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
252  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
253  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
254  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
255  };
257  Flow f;
258  SSLState *ssl_state = NULL;
259  TcpSession ssn;
260  Packet *p1 = NULL;
261  Packet *p2 = NULL;
262  Packet *p3 = NULL;
263  ThreadVars tv;
264  DetectEngineThreadCtx *det_ctx = NULL;
267  memset(&tv, 0, sizeof(ThreadVars));
268  memset(&f, 0, sizeof(Flow));
269  memset(&ssn, 0, sizeof(TcpSession));
271  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
272  "", "", 51251, 443);
273  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
274  "", "", 443, 51251);
275  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
276  "", "", 443, 51251);
279  f.flags |= FLOW_IPV4;
280  f.proto = IPPROTO_TCP;
282  f.alproto = ALPROTO_TLS;
284  p1->flow = &f;
288  p1->pcap_cnt = 1;
290  p2->flow = &f;
294  p2->pcap_cnt = 2;
296  p3->flow = &f;
300  p3->pcap_cnt = 3;
305  FAIL_IF_NULL(de_ctx);
308  de_ctx->flags |= DE_QUIET;
310  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
311  "(msg:\"Test tls.cert_issuer\"; "
312  "tls.cert_issuer; content:\"google\"; nocase; "
313  "sid:1;)");
314  FAIL_IF_NULL(s);
316  SigGroupBuild(de_ctx);
317  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
319  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
320  STREAM_TOSERVER, client_hello,
321  sizeof(client_hello));
323  FAIL_IF(r != 0);
325  ssl_state = f.alstate;
326  FAIL_IF_NULL(ssl_state);
328  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
330  FAIL_IF(PacketAlertCheck(p1, 1));
332  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
333  server_hello, sizeof(server_hello));
335  FAIL_IF(r != 0);
337  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
339  FAIL_IF(PacketAlertCheck(p2, 1));
341  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
342  certificate, sizeof(certificate));
344  FAIL_IF(r != 0);
346  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
350  if (alp_tctx != NULL)
351  AppLayerParserThreadCtxFree(alp_tctx);
352  if (det_ctx != NULL)
353  DetectEngineThreadCtxDeinit(&tv, det_ctx);
354  if (de_ctx != NULL)
355  SigGroupCleanup(de_ctx);
356  if (de_ctx != NULL)
357  DetectEngineCtxFree(de_ctx);
360  FLOW_DESTROY(&f);
361  UTHFreePacket(p1);
362  UTHFreePacket(p2);
363  UTHFreePacket(p3);
365  PASS;
366 }
368 static void DetectTlsIssuerRegisterTests(void)
369 {
370  UtRegisterTest("DetectTlsIssuerTest01", DetectTlsIssuerTest01);
371  UtRegisterTest("DetectTlsIssuerTest02", DetectTlsIssuerTest02);
372 }
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
struct Flow_ * flow
Definition: decode.h:443
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
uint8_t proto
Definition: flow.h:344
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Signature * sig_list
Definition: detect.h:730
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
Definition: flow.h:203
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
uint64_t pcap_cnt
Definition: decode.h:561
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Signature container.
Definition: detect.h:496
#define TRUE
struct SigMatch_ * next
Definition: detect.h:326
main detection engine ctx
Definition: detect.h:724
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SSLv[2.0|3.[0|1|2|3]] state structure.
void * alstate
Definition: flow.h:438
#define DE_QUIET
Definition: detect.h:296
uint8_t flags
Definition: detect.h:725
#define FLOW_DESTROY(f)
Definition: flow-util.h:119
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
uint16_t mpm_matcher
Definition: detect.h:773
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1742
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
uint8_t flowflags
Definition: decode.h:437
Definition: stream.h:32
Definition: flow.h:201
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t type
Definition: detect.h:323
int mpm_default_matcher
Definition: util-mpm.h:170
Definition: flow-util.h:39
Definition: stream.h:31
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define PKT_HAS_FLOW
Definition: decode.h:1092
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
Per thread variable structure.
Definition: threadvars.h:57
Definition: flow.h:202
AppProto alproto
application level protocol
Definition: flow.h:409
uint32_t flags
Definition: decode.h:441
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
uint8_t protomap
Definition: flow.h:404
Flow data structure.
Definition: flow.h:325
#define FLOW_IPV4
Definition: flow.h:94
uint32_t flags
Definition: flow.h:379
Definition: decode.h:1090
a single match condition for a signature
Definition: detect.h:322
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len)
DetectEngineCtx * DetectEngineCtxInit(void)