suricata
stream-tcp-list.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "../suricata-common.h"
19 #include "../stream-tcp-private.h"
20 #include "../stream-tcp.h"
21 #include "../stream-tcp-reassemble.h"
22 #include "../stream-tcp-inline.h"
23 #include "../stream-tcp-list.h"
24 #include "../stream-tcp-util.h"
25 #include "../util-streaming-buffer.h"
26 #include "../util-print.h"
27 #include "../util-unittest.h"
28 
29 static int VALIDATE(TcpStream *stream, uint8_t *data, uint32_t data_len)
30 {
31  // HACK: these tests should be updated to check the SBB blocks
32  if (memcmp(stream->sb.region.buf, data, data_len) != 0) {
33  SCReturnInt(0);
34  }
35  SCLogInfo("OK");
36  PrintRawDataFp(stdout, data, data_len);
37  return 1;
38 }
39 
40 #define OVERLAP_START(isn, policy) \
41  TcpReassemblyThreadCtx *ra_ctx = NULL; \
42  TcpSession ssn; \
43  ThreadVars tv; \
44  memset(&tv, 0, sizeof(tv)); \
45  \
46  StreamTcpUTInit(&ra_ctx); \
47  \
48  StreamTcpUTSetupSession(&ssn); \
49  StreamTcpUTSetupStream(&ssn.server, (isn)); \
50  StreamTcpUTSetupStream(&ssn.client, (isn)); \
51  \
52  TcpStream *stream = &ssn.client; \
53  stream->os_policy = (policy);
54 
55 #define OVERLAP_END \
56  StreamTcpUTClearSession(&ssn); \
57  StreamTcpUTDeinit(ra_ctx); \
58  PASS
59 
60 #define OVERLAP_STEP(rseq, seg, seglen, buf, buflen) \
61  StreamTcpUTAddPayload(&tv, ra_ctx, &ssn, stream, stream->isn + (rseq), (uint8_t *)(seg), (seglen)); \
62  FAIL_IF(!(VALIDATE(stream, (uint8_t *)(buf), (buflen))));
63 
64 static int OverlapBSD(uint32_t isn)
65 {
67 
68  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
69  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
70  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
71  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
72  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
73  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
74  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
75  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
76  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
77  /* AA not overwritten, gap filled and B overwritten because 'starts before' */
78  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
79  /* no-op, overlaps CCC which takes precedence */
80  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
81  /* LLL fills gaps and replaces D as it starts before */
82  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
83  /* MMM fills gap and replaces EE as it starts before */
84  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
85  /* no op */
86  OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
87  /* no op */
88  OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
89  /* no op */
90  OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
91  /* no replace of I as it starts the same */
92  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
93  OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
94 
96 }
97 
98 static int OverlapBSDBefore(uint32_t isn)
99 {
101 
102  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
103  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
104  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
105  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
106  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
107  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
108  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
109 
110  OVERLAP_END;
111 }
112 
113 static int OverlapBSDSame(uint32_t isn)
114 {
116 
117  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
118  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
119  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
120  /* ignored as 'starts the same' */
121  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
122  /* original data not overwritten as it starts on the same seq */
123  OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
124  OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
125  OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
126 
127  OVERLAP_END;
128 }
129 
130 static int OverlapBSDAfter(uint32_t isn)
131 {
133 
134  OVERLAP_STEP(1, "AA", 2, "AA", 2);
135  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
136  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
137  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
138  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
139  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
140 
141  OVERLAP_END;
142 }
143 
144 static int OverlapVISTA(uint32_t isn)
145 {
147 
148  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
149  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
150  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
151  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
152  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
153  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
154  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
155  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
156  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
157  /* AA not overwritten, gap filled and B not overwritten */
158  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
159  /* no-op, overlaps CCC which takes precedence */
160  OVERLAP_STEP(8, "KKK", 3, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
161  /* LLL fills gaps only */
162  OVERLAP_STEP(11, "LLL", 3, "\0AAAJBBCCCLDL\0EEFFFGGHHI", 24);
163  /* MMM fills gap only */
164  OVERLAP_STEP(14, "MMM", 3, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
165  /* no op */
166  OVERLAP_STEP(18, "N", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
167  /* no op */
168  OVERLAP_STEP(21, "O", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
169  /* no op */
170  OVERLAP_STEP(22, "P", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
171  /* no replace of I */
172  OVERLAP_STEP(24, "QQ", 2, "\0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
173  OVERLAP_STEP(1, "0", 1, "0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
174 
175  OVERLAP_END;
176 }
177 
178 static int OverlapVISTABefore(uint32_t isn)
179 {
181 
182  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
183  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
184  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
185  OVERLAP_STEP(2, "AA", 2, "\0AB\0\0\0\0\0D\0\0EE", 13);
186  OVERLAP_STEP(1, "JJJJ", 4, "JABJ\0\0\0\0D\0\0EE", 13);
187  OVERLAP_STEP(8, "LLL", 3, "JABJ\0\0\0LDL\0EE", 13);
188  OVERLAP_STEP(11,"MMM", 3, "JABJ\0\0\0LDLMEE", 13);
189 
190  OVERLAP_END;
191 }
192 
193 static int OverlapVISTASame(uint32_t isn)
194 {
196 
197  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
198  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
199  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
200  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
201  OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
202  OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
203  OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
204 
205  OVERLAP_END;
206 }
207 
208 static int OverlapVISTAAfter(uint32_t isn)
209 {
211 
212  OVERLAP_STEP(1, "AA", 2, "AA", 2);
213  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
214  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
215  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
216  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
217  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
218 
219  OVERLAP_END;
220 }
221 
222 static int OverlapLINUX(uint32_t isn)
223 {
225 
226  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
227  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
228  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
229  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
230  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
231  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
232  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
233  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
234  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
235  /* AA not overwritten, gap filled and B not overwritten */
236  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
237  /* no-op, overlaps CCC which takes precedence */
238  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
239  /* LLL fills gaps and replaces as begins before */
240  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
241  /* MMM fills gap and replaces EE as it begins before */
242  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
243  /* no op */
244  OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
245  /* no op */
246  OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
247  /* no op */
248  OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
249  /* replaces of I as begins the same, ends after*/
250  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
251  OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
252 
253  OVERLAP_END;
254 }
255 
256 static int OverlapLINUXBefore(uint32_t isn)
257 {
259 
260  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
261  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
262  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
263  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
264  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
265  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
266  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
267 
268  OVERLAP_END;
269 }
270 
271 static int OverlapLINUXSame(uint32_t isn)
272 {
274 
275  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
276  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
277  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
278  OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
279  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
280  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
281  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
282 
283  OVERLAP_END;
284 }
285 
286 static int OverlapLINUXAfter(uint32_t isn)
287 {
289 
290  OVERLAP_STEP(1, "AA", 2, "AA", 2);
291  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
292  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
293  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
294  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
295  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
296 
297  OVERLAP_END;
298 }
299 
300 static int OverlapLINUXOLD(uint32_t isn)
301 {
303 
304  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
305  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
306  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
307  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
308  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
309  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
310  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
311  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
312  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
313  /* AA not overwritten as it starts before, gap filled and B overwritten */
314  OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
315  /* replace CCC */
316  OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBKKK\0D\0\0EEFFFGGHHI", 24);
317  /* LLL fills gaps and replaces as begins before */
318  OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBKKKLLL\0EEFFFGGHHI", 24);
319  /* MMM fills gap and replaces EE as it begins before */
320  OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
321  /* no op */
322  OVERLAP_STEP(18, "N", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
323  /* no op */
324  OVERLAP_STEP(21, "O", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
325  /* no op */
326  OVERLAP_STEP(22, "P", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
327  /* replaces of I as begins the same, ends after*/
328  OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
329  OVERLAP_STEP(1, "0", 1, "0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
330 
331  OVERLAP_END;
332 }
333 
334 static int OverlapLINUXOLDBefore(uint32_t isn)
335 {
337 
338  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
339  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
340  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
341  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
342  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
343  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
344  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
345 
346  OVERLAP_END;
347 }
348 
349 static int OverlapLINUXOLDSame(uint32_t isn)
350 {
352 
353  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
354  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
355  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
356  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
357  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
358  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
359  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
360 
361  OVERLAP_END;
362 }
363 
364 static int OverlapLINUXOLDAfter(uint32_t isn)
365 {
367 
368  OVERLAP_STEP(1, "AA", 2, "AA", 2);
369  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
370  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
371  OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
372  OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
373  OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
374 
375  OVERLAP_END;
376 }
377 
378 static int OverlapSOLARIS(uint32_t isn)
379 {
381 
382  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
383  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
384  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
385  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
386  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
387  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
388  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
389  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
390  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
391  OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJBBCCC\0D\0\0EEFFFGGHHI", 24);
392  /* replace CCC */
393  OVERLAP_STEP(8, "KKK", 3, "\0AJJJBBKKK\0D\0\0EEFFFGGHHI", 24);
394  /* LLL fills gaps and replaces as begins before */
395  OVERLAP_STEP(11, "LLL", 3, "\0AJJJBBKKKLLL\0EEFFFGGHHI", 24);
396  /* MMM fills gap and replaces EE as it begins before */
397  OVERLAP_STEP(14, "MMM", 3, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
398  /* no op */
399  OVERLAP_STEP(18, "N", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
400  /* no op */
401  OVERLAP_STEP(21, "O", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
402  /* no op */
403  OVERLAP_STEP(22, "P", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
404  /* replaces of I as begins the same, ends after*/
405  OVERLAP_STEP(24, "QQ", 2, "\0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
406  OVERLAP_STEP(1, "0", 1, "0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
407 
408  OVERLAP_END;
409 }
410 
411 static int OverlapSOLARISBefore(uint32_t isn)
412 {
414 
415  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
416  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
417  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
418  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
419  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
420  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
421  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
422 
423  OVERLAP_END;
424 }
425 
426 static int OverlapSOLARISSame(uint32_t isn)
427 {
429 
430  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
431  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
432  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
433  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
434  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
435  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
436  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
437 
438  OVERLAP_END;
439 }
440 
441 static int OverlapSOLARISAfter(uint32_t isn)
442 {
444 
445  OVERLAP_STEP(1, "AA", 2, "AA", 2);
446  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
447  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
448  OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
449  OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
450  OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
451 
452  OVERLAP_END;
453 }
454 
455 static int OverlapLAST(uint32_t isn)
456 {
458 
459  OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
460  OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
461  OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
462  OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
463  OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
464  OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
465  OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
466  OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
467  OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
468  OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJJBCCC\0D\0\0EEFFFGGHHI", 24);
469  OVERLAP_STEP(8, "KKK", 3, "\0AJJJJBKKK\0D\0\0EEFFFGGHHI", 24);
470  OVERLAP_STEP(11, "LLL", 3, "\0AJJJJBKKKLLL\0EEFFFGGHHI", 24);
471  OVERLAP_STEP(14, "MMM", 3, "\0AJJJJBKKKLLLMMMFFFGGHHI", 24);
472  OVERLAP_STEP(18, "N", 1, "\0AJJJJBKKKLLLMMMFNFGGHHI", 24);
473  OVERLAP_STEP(21, "O", 1, "\0AJJJJBKKKLLLMMMFNFGOHHI", 24);
474  OVERLAP_STEP(22, "P", 1, "\0AJJJJBKKKLLLMMMFNFGOPHI", 24);
475  OVERLAP_STEP(24, "QQ", 2, "\0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
476  OVERLAP_STEP(1, "0", 1, "0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
477 
478  OVERLAP_END;
479 }
480 
481 static int OverlapLASTBefore(uint32_t isn)
482 {
484 
485  OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
486  OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
487  OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
488  OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
489  OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
490  OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
491  OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
492 
493  OVERLAP_END;
494 }
495 
496 static int OverlapLASTSame(uint32_t isn)
497 {
499 
500  OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
501  OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
502  OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
503  OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
504  OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
505  OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0PHII", 18);
506  OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
507 
508  OVERLAP_END;
509 }
510 
511 static int OverlapLASTAfter(uint32_t isn)
512 {
514 
515  OVERLAP_STEP(1, "AA", 2, "AA", 2);
516  OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
517  OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
518  OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
519  OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGO", 20);
520  OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FNFGO", 20);
521 
522  OVERLAP_END;
523 }
524 
525 /** \test BSD policy
526  */
527 static int StreamTcpReassembleTest01(void)
528 {
529  FAIL_IF(OverlapBSD(0) == 0);
530  OverlapBSDBefore(0);
531  OverlapBSDSame(0);
532  OverlapBSDAfter(0);
533 
534  OverlapBSD(1);
535  OverlapBSDBefore(1);
536  OverlapBSDSame(1);
537  OverlapBSDAfter(1);
538 
539  OverlapBSD(UINT_MAX);
540  OverlapBSDBefore(UINT_MAX);
541  OverlapBSDSame(UINT_MAX);
542  OverlapBSDAfter(UINT_MAX);
543 
544  OverlapBSD(UINT_MAX - 10);
545  OverlapBSDBefore(UINT_MAX - 10);
546  OverlapBSDSame(UINT_MAX - 10);
547  OverlapBSDAfter(UINT_MAX - 10);
548  return 1;
549 }
550 
551 
552 /** \test Vista Policy
553  */
554 static int StreamTcpReassembleTest02(void)
555 {
556  OverlapVISTA(0);
557  OverlapVISTABefore(0);
558  OverlapVISTASame(0);
559  OverlapVISTAAfter(0);
560 
561  OverlapVISTA(1);
562  OverlapVISTABefore(1);
563  OverlapVISTASame(1);
564  OverlapVISTAAfter(1);
565 
566  OverlapVISTA(UINT_MAX);
567  OverlapVISTABefore(UINT_MAX);
568  OverlapVISTASame(UINT_MAX);
569  OverlapVISTAAfter(UINT_MAX);
570 
571  OverlapVISTA(UINT_MAX - 10);
572  OverlapVISTABefore(UINT_MAX - 10);
573  OverlapVISTASame(UINT_MAX - 10);
574  OverlapVISTAAfter(UINT_MAX - 10);
575  return 1;
576 }
577 
578 
579 /** \test Linux policy
580  */
581 static int StreamTcpReassembleTest03(void)
582 {
583  OverlapLINUX(0);
584  OverlapLINUXBefore(0);
585  OverlapLINUXSame(0);
586  OverlapLINUXAfter(0);
587 
588  OverlapLINUX(1);
589  OverlapLINUXBefore(1);
590  OverlapLINUXSame(1);
591  OverlapLINUXAfter(1);
592 
593  OverlapLINUX(UINT_MAX);
594  OverlapLINUXBefore(UINT_MAX);
595  OverlapLINUXSame(UINT_MAX);
596  OverlapLINUXAfter(UINT_MAX);
597 
598  OverlapLINUX(UINT_MAX - 10);
599  OverlapLINUXBefore(UINT_MAX - 10);
600  OverlapLINUXSame(UINT_MAX - 10);
601  OverlapLINUXAfter(UINT_MAX - 10);
602  return 1;
603 }
604 
605 /** \test policy Linux old
606  */
607 static int StreamTcpReassembleTest04(void)
608 {
609  OverlapLINUXOLD(0);
610  OverlapLINUXOLDBefore(0);
611  OverlapLINUXOLDSame(0);
612  OverlapLINUXOLDAfter(0);
613 
614  OverlapLINUXOLD(1);
615  OverlapLINUXOLDBefore(1);
616  OverlapLINUXOLDSame(1);
617  OverlapLINUXOLDAfter(1);
618 
619  OverlapLINUXOLD(UINT_MAX);
620  OverlapLINUXOLDBefore(UINT_MAX);
621  OverlapLINUXOLDSame(UINT_MAX);
622  OverlapLINUXOLDAfter(UINT_MAX);
623 
624  OverlapLINUXOLD(UINT_MAX - 10);
625  OverlapLINUXOLDBefore(UINT_MAX - 10);
626  OverlapLINUXOLDSame(UINT_MAX - 10);
627  OverlapLINUXOLDAfter(UINT_MAX - 10);
628  return 1;
629 }
630 
631 /** \test Solaris policy
632  */
633 static int StreamTcpReassembleTest05(void)
634 {
635  OverlapSOLARIS(0);
636  OverlapSOLARISBefore(0);
637  OverlapSOLARISSame(0);
638  OverlapSOLARISAfter(0);
639 
640  OverlapSOLARIS(1);
641  OverlapSOLARISBefore(1);
642  OverlapSOLARISSame(1);
643  OverlapSOLARISAfter(1);
644 
645  OverlapSOLARIS(UINT_MAX);
646  OverlapSOLARISBefore(UINT_MAX);
647  OverlapSOLARISSame(UINT_MAX);
648  OverlapSOLARISAfter(UINT_MAX);
649 
650  OverlapSOLARIS(UINT_MAX - 10);
651  OverlapSOLARISBefore(UINT_MAX - 10);
652  OverlapSOLARISSame(UINT_MAX - 10);
653  OverlapSOLARISAfter(UINT_MAX - 10);
654  return 1;
655 }
656 
657 /** \test policy 'last'
658  */
659 static int StreamTcpReassembleTest06(void)
660 {
661  OverlapLAST(0);
662  OverlapLASTBefore(0);
663  OverlapLASTSame(0);
664  OverlapLASTAfter(0);
665 
666  OverlapLAST(1);
667  OverlapLASTBefore(1);
668  OverlapLASTSame(1);
669  OverlapLASTAfter(1);
670 
671  OverlapLAST(UINT_MAX);
672  OverlapLASTBefore(UINT_MAX);
673  OverlapLASTSame(UINT_MAX);
674  OverlapLASTAfter(UINT_MAX);
675 
676  OverlapLAST(UINT_MAX - 10);
677  OverlapLASTBefore(UINT_MAX - 10);
678  OverlapLASTSame(UINT_MAX - 10);
679  OverlapLASTAfter(UINT_MAX - 10);
680  return 1;
681 }
682 
683 static int StreamTcpReassembleTest30 (void)
684 {
686  OVERLAP_STEP(3, "BBB", 3, "\0\0BBB", 5);
687  OVERLAP_STEP(1, "AA", 2, "AABBB", 5);
688  OVERLAP_END;
689 }
690 
691 static int StreamTcpReassembleTest31 (void)
692 {
694  OVERLAP_STEP(1, "AA", 2, "AA", 2);
695  OVERLAP_STEP(3, "BBB", 3, "AABBB", 5);
696  OVERLAP_END;
697 }
698 
699 static int StreamTcpReassembleTest32(void)
700 {
702  OVERLAP_STEP(11, "AAAAAAAAAA", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAA", 20);
703  OVERLAP_STEP(21, "BBBBBBBBBB", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB", 30);
704  OVERLAP_STEP(41, "CCCCCCCCCC", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
705  OVERLAP_STEP(6, "aaaaaaaaaaaaaaaaaaaa", 20, "\0\0\0\0\0aaaaaaaaaaaaaaaaaaaaBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
706  OVERLAP_STEP(1, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50);
707  OVERLAP_END;
708 }
709 
711 {
712  UtRegisterTest("StreamTcpReassembleTest01 -- BSD policy",
713  StreamTcpReassembleTest01);
714  UtRegisterTest("StreamTcpReassembleTest02 -- VISTA policy",
715  StreamTcpReassembleTest02);
716  UtRegisterTest("StreamTcpReassembleTest03 -- LINUX policy",
717  StreamTcpReassembleTest03);
718  UtRegisterTest("StreamTcpReassembleTest04 -- LINUX-OLD policy",
719  StreamTcpReassembleTest04);
720  UtRegisterTest("StreamTcpReassembleTest05 -- SOLARIS policy",
721  StreamTcpReassembleTest05);
722  UtRegisterTest("StreamTcpReassembleTest06 -- LAST policy",
723  StreamTcpReassembleTest06);
724 
725  UtRegisterTest("StreamTcpReassembleTest30",
726  StreamTcpReassembleTest30);
727  UtRegisterTest("StreamTcpReassembleTest31",
728  StreamTcpReassembleTest31);
729  UtRegisterTest("StreamTcpReassembleTest32",
730  StreamTcpReassembleTest32);
731 
732 }
TcpStream_
Definition: stream-tcp-private.h:106
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
OVERLAP_END
#define OVERLAP_END
Definition: stream-tcp-list.c:55
OVERLAP_STEP
#define OVERLAP_STEP(rseq, seg, seglen, buf, buflen)
Definition: stream-tcp-list.c:60
OS_POLICY_BSD
@ OS_POLICY_BSD
Definition: stream-tcp-reassemble.h:36
OS_POLICY_VISTA
@ OS_POLICY_VISTA
Definition: stream-tcp-reassemble.h:47
PrintRawDataFp
void PrintRawDataFp(FILE *fp, const uint8_t *buf, uint32_t buflen)
Definition: util-print.c:143
StreamingBufferRegion_::buf
uint8_t * buf
Definition: util-streaming-buffer.h:86
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
OS_POLICY_SOLARIS
@ OS_POLICY_SOLARIS
Definition: stream-tcp-reassemble.h:41
VALIDATE
#define VALIDATE(e)
StreamTcpListRegisterTests
void StreamTcpListRegisterTests(void)
Definition: stream-tcp-list.c:710
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
OS_POLICY_LAST
@ OS_POLICY_LAST
Definition: stream-tcp-reassemble.h:50
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:134
OS_POLICY_OLD_LINUX
@ OS_POLICY_OLD_LINUX
Definition: stream-tcp-reassemble.h:38
OVERLAP_START
#define OVERLAP_START(isn, policy)
Definition: stream-tcp-list.c:40
StreamingBuffer_::region
StreamingBufferRegion region
Definition: util-streaming-buffer.h:110
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
OS_POLICY_LINUX
@ OS_POLICY_LINUX
Definition: stream-tcp-reassemble.h:39