suricata
stream-tcp-list.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "../suricata-common.h"
19 #include "../stream-tcp-private.h"
20 #include "../stream-tcp.h"
21 #include "../stream-tcp-reassemble.h"
22 #include "../stream-tcp-inline.h"
23 #include "../stream-tcp-list.h"
24 #include "../stream-tcp-util.h"
25 #include "../util-streaming-buffer.h"
26 #include "../util-print.h"
27 #include "../util-unittest.h"
28 
29 static int VALIDATE(TcpStream *stream, uint8_t *data, uint32_t data_len)
30 {
31  if (StreamingBufferCompareRawData(&stream->sb,
32  data, data_len) == 0)
33  {
34  SCReturnInt(0);
35  }
36  SCLogInfo("OK");
37  PrintRawDataFp(stdout, data, data_len);
38  return 1;
39 }
40 
41 #define OVERLAP_START(isn, policy) \
42  TcpReassemblyThreadCtx *ra_ctx = NULL; \
43  TcpSession ssn; \
44  ThreadVars tv; \
45  memset(&tv, 0, sizeof(tv)); \
46  \
47  StreamTcpUTInit(&ra_ctx); \
48  \
49  StreamTcpUTSetupSession(&ssn); \
50  StreamTcpUTSetupStream(&ssn.server, (isn)); \
51  StreamTcpUTSetupStream(&ssn.client, (isn)); \
52  \
53  TcpStream *stream = &ssn.client; \
54  stream->os_policy = (policy);
55 
56 #define OVERLAP_END \
57  StreamTcpUTClearSession(&ssn); \
58  StreamTcpUTDeinit(ra_ctx); \
59  PASS
60 
61 #define OVERLAP_STEP(rseq, seg, seglen, buf, buflen) \
62  StreamTcpUTAddPayload(&tv, ra_ctx, &ssn, stream, stream->isn + (rseq), (uint8_t *)(seg), (seglen)); \
63  FAIL_IF(!(VALIDATE(stream, (uint8_t *)(buf), (buflen))));
64 
65 static int OverlapBSD(uint32_t isn)
66 {
67  OVERLAP_START(isn, OS_POLICY_BSD);
68 
69  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
70  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
71  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
72  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
73  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
74  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
75  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
76  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
77  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
78  /* AA not overwritten, gap filled and B overwritten because 'starts before' */
79  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
80  /* no-op, overlaps CCC which takes precedence */
81  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
82  /* LLL fills gaps and replaces D as it starts before */
83  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
84  /* MMM fills gap and replaces EE as it starts before */
85  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
86  /* no op */
87  OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
88  /* no op */
89  OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
90  /* no op */
91  OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
92  /* no replace of I as it starts the same */
93  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
94  OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
95 
96  OVERLAP_END;
97 }
98 
99 static int OverlapBSDBefore(uint32_t isn)
100 {
101  OVERLAP_START(isn, OS_POLICY_BSD);
102 
103  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
104  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
105  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
106  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
107  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
108  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
109  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
110 
111  OVERLAP_END;
112 }
113 
114 static int OverlapBSDSame(uint32_t isn)
115 {
116  OVERLAP_START(isn, OS_POLICY_BSD);
117 
118  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
119  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
120  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
121  /* ignored as 'starts the same' */
122  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
123  /* original data not overwritten as it starts on the same seq */
124  OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
125  OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
126  OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
127 
128  OVERLAP_END;
129 }
130 
131 static int OverlapBSDAfter(uint32_t isn)
132 {
133  OVERLAP_START(isn, OS_POLICY_BSD);
134 
135  OVERLAP_STEP(1, "AA", 2, "AA", 2);
136  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
137  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
138  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
139  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
140  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
141 
142  OVERLAP_END;
143 }
144 
145 static int OverlapVISTA(uint32_t isn)
146 {
147  OVERLAP_START(isn, OS_POLICY_VISTA);
148 
149  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
150  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
151  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
152  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
153  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
154  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
155  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
156  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
157  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
158  /* AA not overwritten, gap filled and B not overwritten */
159  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
160  /* no-op, overlaps CCC which takes precedence */
161  OVERLAP_STEP(8, "KKK", 3, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
162  /* LLL fills gaps only */
163  OVERLAP_STEP(11, "LLL", 3, "\0AAAJBBCCCLDL\0EEFFFGGHHI", 24);
164  /* MMM fills gap only */
165  OVERLAP_STEP(14, "MMM", 3, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
166  /* no op */
167  OVERLAP_STEP(18, "N", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
168  /* no op */
169  OVERLAP_STEP(21, "O", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
170  /* no op */
171  OVERLAP_STEP(22, "P", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
172  /* no replace of I */
173  OVERLAP_STEP(24, "QQ", 2, "\0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
174  OVERLAP_STEP(1, "0", 1, "0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
175 
176  OVERLAP_END;
177 }
178 
179 static int OverlapVISTABefore(uint32_t isn)
180 {
181  OVERLAP_START(isn, OS_POLICY_VISTA);
182 
183  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
184  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
185  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
186  OVERLAP_STEP(2, "AA", 2, "\0AB\0\0\0\0\0D\0\0EE", 13);
187  OVERLAP_STEP(1, "JJJJ", 4, "JABJ\0\0\0\0D\0\0EE", 13);
188  OVERLAP_STEP(8, "LLL", 3, "JABJ\0\0\0LDL\0EE", 13);
189  OVERLAP_STEP(11,"MMM", 3, "JABJ\0\0\0LDLMEE", 13);
190 
191  OVERLAP_END;
192 }
193 
194 static int OverlapVISTASame(uint32_t isn)
195 {
196  OVERLAP_START(isn, OS_POLICY_VISTA);
197 
198  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
199  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
200  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
201  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
202  OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
203  OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
204  OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
205 
206  OVERLAP_END;
207 }
208 
209 static int OverlapVISTAAfter(uint32_t isn)
210 {
211  OVERLAP_START(isn, OS_POLICY_VISTA);
212 
213  OVERLAP_STEP(1, "AA", 2, "AA", 2);
214  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
215  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
216  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
217  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
218  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
219 
220  OVERLAP_END;
221 }
222 
223 static int OverlapLINUX(uint32_t isn)
224 {
225  OVERLAP_START(isn, OS_POLICY_LINUX);
226 
227  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
228  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
229  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
230  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
231  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
232  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
233  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
234  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
235  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
236  /* AA not overwritten, gap filled and B not overwritten */
237  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
238  /* no-op, overlaps CCC which takes precedence */
239  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
240  /* LLL fills gaps and replaces as begins before */
241  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
242  /* MMM fills gap and replaces EE as it begins before */
243  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
244  /* no op */
245  OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
246  /* no op */
247  OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
248  /* no op */
249  OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
250  /* replaces of I as begins the same, ends after*/
251  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
252  OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
253 
254  OVERLAP_END;
255 }
256 
257 static int OverlapLINUXBefore(uint32_t isn)
258 {
259  OVERLAP_START(isn, OS_POLICY_LINUX);
260 
261  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
262  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
263  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
264  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
265  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
266  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
267  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
268 
269  OVERLAP_END;
270 }
271 
272 static int OverlapLINUXSame(uint32_t isn)
273 {
274  OVERLAP_START(isn, OS_POLICY_LINUX);
275 
276  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
277  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
278  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
279  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
280  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
281  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
282  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
283 
284  OVERLAP_END;
285 }
286 
287 static int OverlapLINUXAfter(uint32_t isn)
288 {
289  OVERLAP_START(isn, OS_POLICY_LINUX);
290 
291  OVERLAP_STEP(1, "AA", 2, "AA", 2);
292  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
293  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
294  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
295  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
296  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
297 
298  OVERLAP_END;
299 }
300 
301 static int OverlapLINUXOLD(uint32_t isn)
302 {
303  OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
304 
305  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
306  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
307  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
308  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
309  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
310  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
311  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
312  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
313  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
314  /* AA not overwritten as it starts before, gap filled and B overwritten */
315  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
316  /* replace CCC */
317  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBKKK\0D\0\0EEFFFGGHHI", 24);
318  /* LLL fills gaps and replaces as begins before */
319  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBKKKLLL\0EEFFFGGHHI", 24);
320  /* MMM fills gap and replaces EE as it begins before */
321  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
322  /* no op */
323  OVERLAP_STEP(18, "N", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
324  /* no op */
325  OVERLAP_STEP(21, "O", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
326  /* no op */
327  OVERLAP_STEP(22, "P", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
328  /* replaces of I as begins the same, ends after*/
329  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
330  OVERLAP_STEP(1, "0", 1, "0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
331 
332  OVERLAP_END;
333 }
334 
335 static int OverlapLINUXOLDBefore(uint32_t isn)
336 {
337  OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
338 
339  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
340  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
341  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
342  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
343  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
344  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
345  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
346 
347  OVERLAP_END;
348 }
349 
350 static int OverlapLINUXOLDSame(uint32_t isn)
351 {
352  OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
353 
354  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
355  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
356  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
357  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
358  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
359  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
360  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
361 
362  OVERLAP_END;
363 }
364 
365 static int OverlapLINUXOLDAfter(uint32_t isn)
366 {
367  OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
368 
369  OVERLAP_STEP(1, "AA", 2, "AA", 2);
370  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
371  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
372  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
373  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
374  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
375 
376  OVERLAP_END;
377 }
378 
379 static int OverlapSOLARIS(uint32_t isn)
380 {
381  OVERLAP_START(isn, OS_POLICY_SOLARIS);
382 
383  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
384  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
385  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
386  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
387  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
388  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
389  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
390  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
391  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
392  OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJBBCCC\0D\0\0EEFFFGGHHI", 24);
393  /* replace CCC */
394  OVERLAP_STEP(8, "KKK", 3, "\0AJJJBBKKK\0D\0\0EEFFFGGHHI", 24);
395  /* LLL fills gaps and replaces as begins before */
396  OVERLAP_STEP(11, "LLL", 3, "\0AJJJBBKKKLLL\0EEFFFGGHHI", 24);
397  /* MMM fills gap and replaces EE as it begins before */
398  OVERLAP_STEP(14, "MMM", 3, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
399  /* no op */
400  OVERLAP_STEP(18, "N", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
401  /* no op */
402  OVERLAP_STEP(21, "O", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
403  /* no op */
404  OVERLAP_STEP(22, "P", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
405  /* replaces of I as begins the same, ends after*/
406  OVERLAP_STEP(24, "QQ", 2, "\0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
407  OVERLAP_STEP(1, "0", 1, "0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
408 
409  OVERLAP_END;
410 }
411 
412 static int OverlapSOLARISBefore(uint32_t isn)
413 {
414  OVERLAP_START(isn, OS_POLICY_SOLARIS);
415 
416  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
417  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
418  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
419  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
420  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
421  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
422  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
423 
424  OVERLAP_END;
425 }
426 
427 static int OverlapSOLARISSame(uint32_t isn)
428 {
429  OVERLAP_START(isn, OS_POLICY_SOLARIS);
430 
431  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
432  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
433  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
434  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
435  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
436  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
437  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
438 
439  OVERLAP_END;
440 }
441 
442 static int OverlapSOLARISAfter(uint32_t isn)
443 {
444  OVERLAP_START(isn, OS_POLICY_SOLARIS);
445 
446  OVERLAP_STEP(1, "AA", 2, "AA", 2);
447  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
448  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
449  OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
450  OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
451  OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
452 
453  OVERLAP_END;
454 }
455 
456 static int OverlapLAST(uint32_t isn)
457 {
458  OVERLAP_START(isn, OS_POLICY_LAST);
459 
460  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
461  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
462  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
463  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
464  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
465  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
466  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
467  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
468  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
469  OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJJBCCC\0D\0\0EEFFFGGHHI", 24);
470  OVERLAP_STEP(8, "KKK", 3, "\0AJJJJBKKK\0D\0\0EEFFFGGHHI", 24);
471  OVERLAP_STEP(11, "LLL", 3, "\0AJJJJBKKKLLL\0EEFFFGGHHI", 24);
472  OVERLAP_STEP(14, "MMM", 3, "\0AJJJJBKKKLLLMMMFFFGGHHI", 24);
473  OVERLAP_STEP(18, "N", 1, "\0AJJJJBKKKLLLMMMFNFGGHHI", 24);
474  OVERLAP_STEP(21, "O", 1, "\0AJJJJBKKKLLLMMMFNFGOHHI", 24);
475  OVERLAP_STEP(22, "P", 1, "\0AJJJJBKKKLLLMMMFNFGOPHI", 24);
476  OVERLAP_STEP(24, "QQ", 2, "\0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
477  OVERLAP_STEP(1, "0", 1, "0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
478 
479  OVERLAP_END;
480 }
481 
482 static int OverlapLASTBefore(uint32_t isn)
483 {
484  OVERLAP_START(isn, OS_POLICY_LAST);
485 
486  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
487  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
488  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
489  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
490  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
491  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
492  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
493 
494  OVERLAP_END;
495 }
496 
497 static int OverlapLASTSame(uint32_t isn)
498 {
499  OVERLAP_START(isn, OS_POLICY_LAST);
500 
501  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
502  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
503  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
504  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
505  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
506  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0PHII", 18);
507  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
508 
509  OVERLAP_END;
510 }
511 
512 static int OverlapLASTAfter(uint32_t isn)
513 {
514  OVERLAP_START(isn, OS_POLICY_LAST);
515 
516  OVERLAP_STEP(1, "AA", 2, "AA", 2);
517  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
518  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
519  OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
520  OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGO", 20);
521  OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FNFGO", 20);
522 
523  OVERLAP_END;
524 }
525 
526 /** \test BSD policy
527  */
528 static int StreamTcpReassembleTest01(void)
529 {
530  FAIL_IF(OverlapBSD(0) == 0);
531  OverlapBSDBefore(0);
532  OverlapBSDSame(0);
533  OverlapBSDAfter(0);
534 
535  OverlapBSD(1);
536  OverlapBSDBefore(1);
537  OverlapBSDSame(1);
538  OverlapBSDAfter(1);
539 
540  OverlapBSD(UINT_MAX);
541  OverlapBSDBefore(UINT_MAX);
542  OverlapBSDSame(UINT_MAX);
543  OverlapBSDAfter(UINT_MAX);
544 
545  OverlapBSD(UINT_MAX - 10);
546  OverlapBSDBefore(UINT_MAX - 10);
547  OverlapBSDSame(UINT_MAX - 10);
548  OverlapBSDAfter(UINT_MAX - 10);
549  return 1;
550 }
551 
552 
553 /** \test Vista Policy
554  */
555 static int StreamTcpReassembleTest02(void)
556 {
557  OverlapVISTA(0);
558  OverlapVISTABefore(0);
559  OverlapVISTASame(0);
560  OverlapVISTAAfter(0);
561 
562  OverlapVISTA(1);
563  OverlapVISTABefore(1);
564  OverlapVISTASame(1);
565  OverlapVISTAAfter(1);
566 
567  OverlapVISTA(UINT_MAX);
568  OverlapVISTABefore(UINT_MAX);
569  OverlapVISTASame(UINT_MAX);
570  OverlapVISTAAfter(UINT_MAX);
571 
572  OverlapVISTA(UINT_MAX - 10);
573  OverlapVISTABefore(UINT_MAX - 10);
574  OverlapVISTASame(UINT_MAX - 10);
575  OverlapVISTAAfter(UINT_MAX - 10);
576  return 1;
577 }
578 
579 
580 /** \test Linux policy
581  */
582 static int StreamTcpReassembleTest03(void)
583 {
584  OverlapLINUX(0);
585  OverlapLINUXBefore(0);
586  OverlapLINUXSame(0);
587  OverlapLINUXAfter(0);
588 
589  OverlapLINUX(1);
590  OverlapLINUXBefore(1);
591  OverlapLINUXSame(1);
592  OverlapLINUXAfter(1);
593 
594  OverlapLINUX(UINT_MAX);
595  OverlapLINUXBefore(UINT_MAX);
596  OverlapLINUXSame(UINT_MAX);
597  OverlapLINUXAfter(UINT_MAX);
598 
599  OverlapLINUX(UINT_MAX - 10);
600  OverlapLINUXBefore(UINT_MAX - 10);
601  OverlapLINUXSame(UINT_MAX - 10);
602  OverlapLINUXAfter(UINT_MAX - 10);
603  return 1;
604 }
605 
606 /** \test policy Linux old
607  */
608 static int StreamTcpReassembleTest04(void)
609 {
610  OverlapLINUXOLD(0);
611  OverlapLINUXOLDBefore(0);
612  OverlapLINUXOLDSame(0);
613  OverlapLINUXOLDAfter(0);
614 
615  OverlapLINUXOLD(1);
616  OverlapLINUXOLDBefore(1);
617  OverlapLINUXOLDSame(1);
618  OverlapLINUXOLDAfter(1);
619 
620  OverlapLINUXOLD(UINT_MAX);
621  OverlapLINUXOLDBefore(UINT_MAX);
622  OverlapLINUXOLDSame(UINT_MAX);
623  OverlapLINUXOLDAfter(UINT_MAX);
624 
625  OverlapLINUXOLD(UINT_MAX - 10);
626  OverlapLINUXOLDBefore(UINT_MAX - 10);
627  OverlapLINUXOLDSame(UINT_MAX - 10);
628  OverlapLINUXOLDAfter(UINT_MAX - 10);
629  return 1;
630 }
631 
632 /** \test Solaris policy
633  */
634 static int StreamTcpReassembleTest05(void)
635 {
636  OverlapSOLARIS(0);
637  OverlapSOLARISBefore(0);
638  OverlapSOLARISSame(0);
639  OverlapSOLARISAfter(0);
640 
641  OverlapSOLARIS(1);
642  OverlapSOLARISBefore(1);
643  OverlapSOLARISSame(1);
644  OverlapSOLARISAfter(1);
645 
646  OverlapSOLARIS(UINT_MAX);
647  OverlapSOLARISBefore(UINT_MAX);
648  OverlapSOLARISSame(UINT_MAX);
649  OverlapSOLARISAfter(UINT_MAX);
650 
651  OverlapSOLARIS(UINT_MAX - 10);
652  OverlapSOLARISBefore(UINT_MAX - 10);
653  OverlapSOLARISSame(UINT_MAX - 10);
654  OverlapSOLARISAfter(UINT_MAX - 10);
655  return 1;
656 }
657 
658 /** \test policy 'last'
659  */
660 static int StreamTcpReassembleTest06(void)
661 {
662  OverlapLAST(0);
663  OverlapLASTBefore(0);
664  OverlapLASTSame(0);
665  OverlapLASTAfter(0);
666 
667  OverlapLAST(1);
668  OverlapLASTBefore(1);
669  OverlapLASTSame(1);
670  OverlapLASTAfter(1);
671 
672  OverlapLAST(UINT_MAX);
673  OverlapLASTBefore(UINT_MAX);
674  OverlapLASTSame(UINT_MAX);
675  OverlapLASTAfter(UINT_MAX);
676 
677  OverlapLAST(UINT_MAX - 10);
678  OverlapLASTBefore(UINT_MAX - 10);
679  OverlapLASTSame(UINT_MAX - 10);
680  OverlapLASTAfter(UINT_MAX - 10);
681  return 1;
682 }
683 
684 static int StreamTcpReassembleTest30 (void)
685 {
686  OVERLAP_START(9, OS_POLICY_BSD);
687  OVERLAP_STEP(3, "BBB", 3, "\0\0BBB", 5);
688  OVERLAP_STEP(1, "AA", 2, "AABBB", 5);
689  OVERLAP_END;
690 }
691 
692 static int StreamTcpReassembleTest31 (void)
693 {
694  OVERLAP_START(9, OS_POLICY_BSD);
695  OVERLAP_STEP(1, "AA", 2, "AA", 2);
696  OVERLAP_STEP(3, "BBB", 3, "AABBB", 5);
697  OVERLAP_END;
698 }
699 
700 static int StreamTcpReassembleTest32(void)
701 {
702  OVERLAP_START(0, OS_POLICY_BSD);
703  OVERLAP_STEP(11, "AAAAAAAAAA", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAA", 20);
704  OVERLAP_STEP(21, "BBBBBBBBBB", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB", 30);
705  OVERLAP_STEP(41, "CCCCCCCCCC", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
706  OVERLAP_STEP(6, "aaaaaaaaaaaaaaaaaaaa", 20, "\0\0\0\0\0aaaaaaaaaaaaaaaaaaaaBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
707  OVERLAP_STEP(1, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50);
708  OVERLAP_END;
709 }
710 
711 void StreamTcpListRegisterTests(void)
712 {
713  UtRegisterTest("StreamTcpReassembleTest01 -- BSD policy",
714  StreamTcpReassembleTest01);
715  UtRegisterTest("StreamTcpReassembleTest02 -- VISTA policy",
716  StreamTcpReassembleTest02);
717  UtRegisterTest("StreamTcpReassembleTest03 -- LINUX policy",
718  StreamTcpReassembleTest03);
719  UtRegisterTest("StreamTcpReassembleTest04 -- LINUX-OLD policy",
720  StreamTcpReassembleTest04);
721  UtRegisterTest("StreamTcpReassembleTest05 -- SOLARIS policy",
722  StreamTcpReassembleTest05);
723  UtRegisterTest("StreamTcpReassembleTest06 -- LAST policy",
724  StreamTcpReassembleTest06);
725 
726  UtRegisterTest("StreamTcpReassembleTest30",
727  StreamTcpReassembleTest30);
728  UtRegisterTest("StreamTcpReassembleTest31",
729  StreamTcpReassembleTest31);
730  UtRegisterTest("StreamTcpReassembleTest32",
731  StreamTcpReassembleTest32);
732 
733 }
TcpStream_
Definition: stream-tcp-private.h:106
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
OVERLAP_END
#define OVERLAP_END
Definition: stream-tcp-list.c:56
OVERLAP_STEP
#define OVERLAP_STEP(rseq, seg, seglen, buf, buflen)
Definition: stream-tcp-list.c:61
OS_POLICY_BSD
@ OS_POLICY_BSD
Definition: stream-tcp-reassemble.h:39
OS_POLICY_VISTA
@ OS_POLICY_VISTA
Definition: stream-tcp-reassemble.h:50
PrintRawDataFp
void PrintRawDataFp(FILE *fp, const uint8_t *buf, uint32_t buflen)
Definition: util-print.c:143
StreamingBufferCompareRawData
int StreamingBufferCompareRawData(const StreamingBuffer *sb, const uint8_t *rawdata, uint32_t rawdata_len)
Definition: util-streaming-buffer.c:870
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:215
OS_POLICY_SOLARIS
@ OS_POLICY_SOLARIS
Definition: stream-tcp-reassemble.h:44
VALIDATE
#define VALIDATE(e)
StreamTcpListRegisterTests
void StreamTcpListRegisterTests(void)
Definition: stream-tcp-list.c:711
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
OS_POLICY_LAST
@ OS_POLICY_LAST
Definition: stream-tcp-reassemble.h:53
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:134
OS_POLICY_OLD_LINUX
@ OS_POLICY_OLD_LINUX
Definition: stream-tcp-reassemble.h:41
OVERLAP_START
#define OVERLAP_START(isn, policy)
Definition: stream-tcp-list.c:41
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:302
OS_POLICY_LINUX
@ OS_POLICY_LINUX
Definition: stream-tcp-reassemble.h:42