suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 
34 #include "detect.h"
35 #include "detect-parse.h"
36 #include "detect-engine.h"
37 #include "detect-engine-sigorder.h"
38 
39 #include "stream-tcp.h"
40 #include "stream-tcp-private.h"
41 
42 #include "util-debug.h"
43 #include "util-time.h"
44 #include "util-error.h"
45 #include "util-unittest.h"
46 #include "util-unittest-helper.h"
47 
48 #ifdef UNITTESTS
49 
50 /**
51  * \brief return the uint32_t for a ipv4 address string
52  *
53  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
54  *
55  * \retval uint the uin32_t representation
56  */
57 uint32_t UTHSetIPv4Address(const char *str)
58 {
59  struct in_addr in;
60  if (inet_pton(AF_INET, str, &in) != 1) {
61  printf("invalid IPv6 address %s\n", str);
62  exit(EXIT_FAILURE);
63  }
64  return (uint32_t)in.s_addr;
65 }
66 
67 /**
68  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
69  * specifying ip and port sources and destinations (IPV6)
70  *
71  * \param payload pointer to the payloadd buffer
72  * \param payload_len pointer to the length of the payload
73  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
74  * \param src pointer to a string containing the ip source
75  * \param dst pointer to a string containing the ip destination
76  * \param sport pointer to a string containing the port source
77  * \param dport pointer to a string containing the port destination
78  *
79  * \retval Packet pointer to the built in packet
80  */
81 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
82  uint8_t ipproto, const char *src, const char *dst,
83  uint16_t sport, uint16_t dport)
84 {
85  uint32_t in[4];
86 
88  if (unlikely(p == NULL))
89  return NULL;
90 
91  TimeGet(&p->ts);
92 
93  p->src.family = AF_INET6;
94  p->dst.family = AF_INET6;
95  p->payload = payload;
97  p->proto = ipproto;
98 
99  p->ip6h = SCMalloc(sizeof(IPV6Hdr));
100  if (p->ip6h == NULL)
101  goto error;
102  memset(p->ip6h, 0, sizeof(IPV6Hdr));
103  p->ip6h->s_ip6_nxt = ipproto;
104  p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
105 
106  if (inet_pton(AF_INET6, src, &in) != 1)
107  goto error;
108  p->src.addr_data32[0] = in[0];
109  p->src.addr_data32[1] = in[1];
110  p->src.addr_data32[2] = in[2];
111  p->src.addr_data32[3] = in[3];
112  p->sp = sport;
113  p->ip6h->s_ip6_src[0] = in[0];
114  p->ip6h->s_ip6_src[1] = in[1];
115  p->ip6h->s_ip6_src[2] = in[2];
116  p->ip6h->s_ip6_src[3] = in[3];
117 
118  if (inet_pton(AF_INET6, dst, &in) != 1)
119  goto error;
120  p->dst.addr_data32[0] = in[0];
121  p->dst.addr_data32[1] = in[1];
122  p->dst.addr_data32[2] = in[2];
123  p->dst.addr_data32[3] = in[3];
124  p->dp = dport;
125  p->ip6h->s_ip6_dst[0] = in[0];
126  p->ip6h->s_ip6_dst[1] = in[1];
127  p->ip6h->s_ip6_dst[2] = in[2];
128  p->ip6h->s_ip6_dst[3] = in[3];
129 
130  p->tcph = SCMalloc(sizeof(TCPHdr));
131  if (p->tcph == NULL)
132  goto error;
133  memset(p->tcph, 0, sizeof(TCPHdr));
134  p->tcph->th_sport = htons(sport);
135  p->tcph->th_dport = htons(dport);
136 
137  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
138  return p;
139 
140 error:
141  if (p != NULL) {
142  if (p->ip6h != NULL) {
143  SCFree(p->ip6h);
144  }
145  if (p->tcph != NULL) {
146  SCFree(p->tcph);
147  }
148  SCFree(p);
149  }
150  return NULL;
151 }
152 
153 /**
154  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
155  * specifying ip and port sources and destinations
156  *
157  * \param payload pointer to the payloadd buffer
158  * \param payload_len pointer to the length of the payload
159  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
160  * \param src pointer to a string containing the ip source
161  * \param dst pointer to a string containing the ip destination
162  * \param sport pointer to a string containing the port source
163  * \param dport pointer to a string containing the port destination
164  *
165  * \retval Packet pointer to the built in packet
166  */
167 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
168  uint8_t ipproto, const char *src, const char *dst,
169  uint16_t sport, uint16_t dport)
170 {
171  struct in_addr in;
172 
173  Packet *p = PacketGetFromAlloc();
174  if (unlikely(p == NULL))
175  return NULL;
176 
177  struct timeval tv;
178  TimeGet(&tv);
179  COPY_TIMESTAMP(&tv, &p->ts);
180 
181  p->src.family = AF_INET;
182  p->dst.family = AF_INET;
183  p->payload = payload;
184  p->payload_len = payload_len;
185  p->proto = ipproto;
186 
187  if (inet_pton(AF_INET, src, &in) != 1)
188  goto error;
189  p->src.addr_data32[0] = in.s_addr;
190  p->sp = sport;
191 
192  if (inet_pton(AF_INET, dst, &in) != 1)
193  goto error;
194  p->dst.addr_data32[0] = in.s_addr;
195  p->dp = dport;
196 
197  p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
198  if (p->ip4h == NULL)
199  goto error;
200 
201  p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
202  p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
203  p->ip4h->ip_proto = ipproto;
204  p->ip4h->ip_verhl = sizeof(IPV4Hdr);
205  p->proto = ipproto;
206 
207  int hdr_offset = sizeof(IPV4Hdr);
208  switch (ipproto) {
209  case IPPROTO_UDP:
210  p->udph = (UDPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
211  if (p->udph == NULL)
212  goto error;
213 
214  p->udph->uh_sport = sport;
215  p->udph->uh_dport = dport;
216  hdr_offset += sizeof(UDPHdr);
217  break;
218  case IPPROTO_TCP:
219  p->tcph = (TCPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
220  if (p->tcph == NULL)
221  goto error;
222 
223  p->tcph->th_sport = htons(sport);
224  p->tcph->th_dport = htons(dport);
225  hdr_offset += sizeof(TCPHdr);
226  break;
227  case IPPROTO_ICMP:
228  p->icmpv4h = (ICMPV4Hdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
229  if (p->icmpv4h == NULL)
230  goto error;
231 
232  hdr_offset += sizeof(ICMPV4Hdr);
233  break;
234  default:
235  break;
236  /* TODO: Add more protocols */
237  }
238 
239  if (payload && payload_len) {
240  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
241  }
242  SET_PKT_LEN(p, hdr_offset + payload_len);
243  p->payload = GET_PKT_DATA(p)+hdr_offset;
244 
245  return p;
246 
247 error:
248  SCFree(p);
249  return NULL;
250 }
251 
252 /**
253  * \brief UTHBuildPacket is a wrapper that build packets with default ip
254  * and port fields
255  *
256  * \param payload pointer to the payloadd buffer
257  * \param payload_len pointer to the length of the payload
258  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
259  *
260  * \retval Packet pointer to the built in packet
261  */
262 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
263  uint8_t ipproto)
264 {
265  return UTHBuildPacketReal(payload, payload_len, ipproto,
266  "192.168.1.5", "192.168.1.1",
267  41424, 80);
268 }
269 
270 /**
271  * \brief UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of
272  * packets in ethernet rawbytes. Hint: It also share the flows.
273  *
274  * \param raw_eth pointer to the array of ethernet packets in rawbytes
275  * \param pktsize pointer to the array of sizes corresponding to each buffer pointed
276  * from pktsize.
277  * \param numpkts number of packets in the array
278  *
279  * \retval Packet pointer to the array of built in packets; NULL if something fail
280  */
281 Packet **UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
282 {
284  ThreadVars th_v;
285  if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
286  SCLogError(SC_ERR_INVALID_ARGUMENT, "The arrays cant be null, and the number"
287  " of packets should be grater thatn zero");
288  return NULL;
289  }
290  Packet **p = NULL;
291  p = SCMalloc(sizeof(Packet *) * numpkts);
292  if (unlikely(p == NULL))
293  return NULL;
294 
295  memset(&dtv, 0, sizeof(DecodeThreadVars));
296  memset(&th_v, 0, sizeof(th_v));
297 
298  int i = 0;
299  for (; i < numpkts; i++) {
300  p[i] = PacketGetFromAlloc();
301  if (p[i] == NULL) {
302  SCFree(p);
303  return NULL;
304  }
305  DecodeEthernet(&th_v, &dtv, p[i], raw_eth[i], pktsize[i]);
306  }
307  return p;
308 }
309 
310 /**
311  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
312  *
313  * \param raw_eth pointer to the rawbytes containing an ethernet packet
314  * (and any other headers inside)
315  * \param pktsize pointer to the length of the payload
316  *
317  * \retval Packet pointer to the built in packet; NULL if something fail
318  */
319 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
320 {
322  ThreadVars th_v;
323  Packet *p = PacketGetFromAlloc();
324  if (unlikely(p == NULL))
325  return NULL;
326  memset(&dtv, 0, sizeof(DecodeThreadVars));
327  memset(&th_v, 0, sizeof(th_v));
328 
329  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize);
330  return p;
331 }
332 
333 /**
334  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
335  * and defaulting ports
336  *
337  * \param payload pointer to the payloadd buffer
338  * \param payload_len pointer to the length of the payload
339  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
340  *
341  * \retval Packet pointer to the built in packet
342  */
343 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
344  uint8_t ipproto, const char *src, const char *dst)
345 {
346  return UTHBuildPacketReal(payload, payload_len, ipproto,
347  src, dst,
348  41424, 80);
349 }
350 
351 /**
352  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
353  * and defaulting ports (IPV6)
354  *
355  * \param payload pointer to the payload buffer
356  * \param payload_len pointer to the length of the payload
357  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
358  *
359  * \retval Packet pointer to the built in packet
360  */
361 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
362  uint8_t ipproto, const char *src, const char *dst)
363 {
364  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
365  src, dst,
366  41424, 80);
367 }
368 
369 /**
370  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
371  * src and dst ports and defaulting IPs
372  *
373  * \param payload pointer to the payloadd buffer
374  * \param payload_len pointer to the length of the payload
375  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
376  *
377  * \retval Packet pointer to the built in packet
378  */
379 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
380  uint8_t ipproto, uint16_t sport, uint16_t dport)
381 {
382  return UTHBuildPacketReal(payload, payload_len, ipproto,
383  "192.168.1.5", "192.168.1.1",
384  sport, dport);
385 }
386 
387 /**
388  * \brief UTHFreePackets: function to release the allocated data
389  * from UTHBuildPacket and the packet itself
390  *
391  * \param p pointer to the Packet
392  */
393 void UTHFreePackets(Packet **p, int numpkts)
394 {
395  if (p == NULL)
396  return;
397 
398  int i = 0;
399  for (; i < numpkts; i++) {
400  UTHFreePacket(p[i]);
401  }
402 }
403 
404 /**
405  * \brief UTHFreePacket: function to release the allocated data
406  * from UTHBuildPacket and the packet itself
407  *
408  * \param p pointer to the Packet
409  */
411 {
412  if (p == NULL)
413  return;
414 #if 0 // VJ we now use one buffer
415  switch (p->proto) {
416  case IPPROTO_UDP:
417  if (p->udph != NULL)
418  SCFree(p->udph);
419  if (p->ip4h != NULL)
420  SCFree(p->ip4h);
421  break;
422  case IPPROTO_TCP:
423  if (p->tcph != NULL)
424  SCFree(p->tcph);
425  if (p->ip4h != NULL)
426  SCFree(p->ip4h);
427  break;
428  case IPPROTO_ICMP:
429  if (p->ip4h != NULL)
430  SCFree(p->ip4h);
431  break;
432  /* TODO: Add more protocols */
433  }
434 #endif
435  SCFree(p);
436 }
437 
439 {
440  if (p && f) {
441  p->flow = f;
442  p->flags |= PKT_HAS_FLOW;
443  }
444 }
445 
446 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
447 {
448  struct in_addr in;
449 
450  Flow *f = SCMalloc(sizeof(Flow));
451  if (unlikely(f == NULL)) {
452  printf("FlowAlloc failed\n");
453  ;
454  return NULL;
455  }
456  memset(f, 0x00, sizeof(Flow));
457 
458  FLOW_INITIALIZE(f);
459 
460  if (family == AF_INET) {
461  f->flags |= FLOW_IPV4;
462  } else if (family == AF_INET6) {
463  f->flags |= FLOW_IPV6;
464  }
465 
466  if (src != NULL) {
467  if (family == AF_INET) {
468  if (inet_pton(AF_INET, src, &in) != 1) {
469  printf("invalid address %s\n", src);
470  SCFree(f);
471  return NULL;
472  }
473  f->src.addr_data32[0] = in.s_addr;
474  } else {
475  BUG_ON(1);
476  }
477  }
478  if (dst != NULL) {
479  if (family == AF_INET) {
480  if (inet_pton(AF_INET, dst, &in) != 1) {
481  printf("invalid address %s\n", dst);
482  SCFree(f);
483  return NULL;
484  }
485  f->dst.addr_data32[0] = in.s_addr;
486  } else {
487  BUG_ON(1);
488  }
489  }
490 
491  f->sp = sp;
492  f->dp = dp;
493 
494  return f;
495 }
496 
497 void UTHFreeFlow(Flow *flow)
498 {
499  if (flow != NULL) {
500  FlowFree(flow);
501  }
502 }
503 
504 int UTHAddStreamToFlow(Flow *f, int direction,
505  uint8_t *data, uint32_t data_len)
506 {
507  FAIL_IF_NULL(f);
508  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
510  TcpSession *ssn = f->protoctx;
511 
512  StreamingBufferSegment seg;
513  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
514  int r = StreamingBufferAppend(&stream->sb, &seg, data, data_len);
515  FAIL_IF_NOT(r == 0);
516  stream->last_ack += data_len;
517  return 1;
518 }
519 
521  uint32_t ts_isn,
522  uint32_t tc_isn)
523 {
524  FAIL_IF_NULL(f);
525 
526  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
527  FAIL_IF_NULL(ssn);
528 
530  ssn->client.sb = x;
531  ssn->server.sb = x;
532 
533  ssn->client.isn = ts_isn;
534  ssn->server.isn = tc_isn;
535 
536  f->protoctx = ssn;
537  return 1;
538 }
539 
541 {
542  FAIL_IF_NULL(f);
543  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
544  TcpSession *ssn = f->protoctx;
545  FAIL_IF_NULL(ssn);
547  SCFree(ssn);
548  f->protoctx = NULL;
549  return 1;
550 }
551 
552 /**
553  * \brief UTHGenericTest: function that perfom a generic check taking care of
554  * as maximum common unittest elements as possible.
555  * It will create a detection engine, append an array
556  * of signatures an check the spected results for each
557  * of them, it check matches for an array of packets
558  *
559  * \param pkt pointer to the array of packets
560  * \param numpkts number of packets to match
561  * \param sigs array of char* pointing to signatures to load
562  * \param numsigs number of signatures to load and check
563  * \param results pointer to arrays of numbers, each of them foreach packet
564  * to check if sids matches that packet as expected with
565  * that number of times or not. The size of results should be
566  * numpkts * numsigs * sizeof(uint16_t *)
567  *
568  * Example:
569  * result[1][3] would mean the number of times the pkt[1]
570  * match the sid[3]
571  *
572  * \retval int 1 if the match of all the sids is the specified has the
573  * specified results; 0 if not
574  */
575 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
576 {
577 
578  int result = 0;
579  if (pkt == NULL || sigs == NULL || numpkts == 0
580  || sids == NULL || results == NULL || numsigs == 0) {
581  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, that the pointer/arrays are not NULL, and the number of signatures and packets is > 0");
582  goto end;
583  }
585  if (de_ctx == NULL) {
586  goto end;
587  }
588  de_ctx->flags |= DE_QUIET;
589 
590  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
591  goto cleanup;
592 
593  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
594 
595 cleanup:
596  if (de_ctx != NULL) {
600  }
601 end:
602  return result;
603 }
604 
605 /**
606  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
607  *
608  *
609  * \param p pointer to the Packet
610  * \param sigs array of char* pointing to signatures to load
611  * \param numsigs number of signatures to load from the array
612  * \param results pointer to an array of numbers to check if sids matches
613  * that number of times or not.
614  *
615  * \retval int 1 if the match of all the sids is the specified has the
616  * specified results; 0 if not
617  */
618 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[],
619  uint32_t results[], int numsids)
620 {
621  if (p == NULL || sids == NULL) {
622  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if the "
623  "packet is NULL, and if the array contain sids is set");
624  return 0;
625  }
626 
627  int i = 0;
628  int res = 1;
629  for (; i < numsids; i++) {
630  uint16_t r = PacketAlertCheck(p, sids[i]);
631  if (r != results[i]) {
632  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, and not %"PRIu32
633  " as expected", sids[i], r, results[i]);
634  res = 0;
635  } else {
636  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, as expected", sids[i], r);
637  }
638  }
639  return res;
640 }
641 
642 /**
643  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
644  *
645  * \param de_ctx pointer to the DetectEngineCtx used
646  * \param sigs array of char* pointing to signatures to load
647  * \param numsigs number of signatures to load from the array
648  * (size of the array)
649  *
650  * \retval int 0 if we have errors; 1 if all the signatures loaded succesfuly
651  */
652 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
653 {
654  if (de_ctx == NULL || numsigs <= 0 || sigs == NULL) {
655  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if sigs or de_ctx are NULL, and if the array contain sigs");
656  return 0;
657  }
658  //SCLogDebug("Adding %d signatures for the current unittest", numsigs);
659 
660  Signature *s;
661  int i = 0;
662 
663  for ( ; i < numsigs; i++) {
664  if (sigs[i] == NULL) {
665  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature"
666  " at position %d", i);
667  return 0;
668  }
669  s = DetectEngineAppendSig(de_ctx, sigs[i]);
670  if (s == NULL) {
671  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature at"
672  " position %d (%s)", i, sigs[i]);
673  return 0;
674  }
675  }
676  //SCLogDebug("Added %d signatures to the de_ctx of the unittest", i);
677  return 1;
678 }
679 
680 /**
681  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
682  * of a de_ctx, checking that each signature match match X times for certain packets
683  *
684  * \param de_ctx pointer with the signatures loaded
685  * \param p pointer to the array of packets
686  * \param num_packets number of packets in the array
687  *
688  * \retval return 1 if all goes well
689  * \retval return 0 if something fail
690  */
691 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
692 {
693  int result = 0;
694 
695  if (de_ctx == NULL || p == NULL) {
696  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
697  result = 0;
698  goto end;
699  }
700 
702  ThreadVars th_v;
703  DetectEngineThreadCtx *det_ctx = NULL;
704  memset(&dtv, 0, sizeof(DecodeThreadVars));
705  memset(&th_v, 0, sizeof(th_v));
706 
707  //de_ctx->flags |= DE_QUIET;
708 
710  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
711 
712  int i = 0;
713  for (; i < num_packets; i++) {
714  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
715  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
716  goto cleanup;
717  }
718 
719  /* so far, so good ;) */
720  result = 1;
721 
722 cleanup:
723  if (det_ctx != NULL)
724  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
725 end:
726  return result;
727 }
728 
729 /**
730  * \test UTHMatchPackets Match a packet or a array of packets against sigs
731  * of a de_ctx, but note that the return value doesn't mean that we have a
732  * match, we have to check it later with PacketAlertCheck()
733  *
734  * \param de_ctx pointer with the signatures loaded
735  * \param p pointer to the array of packets
736  * \param num_packets number of packets in the array
737  *
738  * \retval return 1 if all goes well
739  * \retval return 0 if something fail
740  */
741 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
742 {
743  int result = 1;
744 
745  if (de_ctx == NULL || p == NULL) {
746  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
747  result = 0;
748  goto end;
749  }
750 
752  ThreadVars th_v;
753  DetectEngineThreadCtx *det_ctx = NULL;
754  memset(&dtv, 0, sizeof(DecodeThreadVars));
755  memset(&th_v, 0, sizeof(th_v));
756 
757  //de_ctx->flags |= DE_QUIET;
758 
763  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
764 
765  int i = 0;
766  for (; i < num_packets; i++)
767  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
768 
769  /* Here we don't check if the packet matched or not, because
770  * the de_ctx can have multiple signatures, and some of them may match
771  * and others may not. That check will be outside
772  */
773  if (det_ctx != NULL) {
774  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
775  }
776 end:
777  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
778 
779  return result;
780 }
781 
782 /**
783  * \test Test if a packet match a signature given as string and a mpm_type
784  * Hint: Useful for unittests with only one packet and one signature
785  *
786  * \param sig pointer to the string signature to test
787  * \param sid sid number of the signature
788  *
789  * \retval return 1 if match
790  * \retval return 0 if not
791  */
792 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
793 {
794  SCEnter();
795 
796  int result = 0;
797 
799  ThreadVars th_v;
800  DetectEngineThreadCtx *det_ctx = NULL;
801 
802  memset(&dtv, 0, sizeof(DecodeThreadVars));
803  memset(&th_v, 0, sizeof(th_v));
804 
806  if (de_ctx == NULL) {
807  printf("de_ctx == NULL: ");
808  goto end;
809  }
810 
811  de_ctx->flags |= DE_QUIET;
812  de_ctx->mpm_matcher = mpm_type;
813 
814  de_ctx->sig_list = SigInit(de_ctx, sig);
815  if (de_ctx->sig_list == NULL) {
816  printf("signature == NULL: ");
817  goto end;
818  }
819 
821  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
822 
823  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
824  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
825  printf("signature didn't alert: ");
826  goto end;
827  }
828 
829  result = 1;
830 end:
833 
834  if (det_ctx != NULL)
835  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
836 
837  if (de_ctx != NULL)
839 
840  SCReturnInt(result);
841 }
842 
843 /**
844  * \test Test if a packet match a signature given as string
845  * Hint: Useful for unittests with only one packet and one signature
846  *
847  * \param sig pointer to the string signature to test
848  * \param sid sid number of the signature
849  *
850  * \retval return 1 if match
851  * \retval return 0 if not
852  */
853 int UTHPacketMatchSig(Packet *p, const char *sig)
854 {
855  int result = 1;
856 
858 
859  ThreadVars th_v;
860  DetectEngineThreadCtx *det_ctx = NULL;
861 
862  memset(&dtv, 0, sizeof(DecodeThreadVars));
863  memset(&th_v, 0, sizeof(th_v));
864 
866  if (de_ctx == NULL) {
867  result=0;
868  goto end;
869  }
870 
871  de_ctx->flags |= DE_QUIET;
872 
873  de_ctx->sig_list = SigInit(de_ctx, sig);
874  if (de_ctx->sig_list == NULL) {
875  result = 0;
876  goto end;
877  }
878 
880  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
881 
882  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
883  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
884  result = 0;
885  goto end;
886  }
887 
888 end:
889  if (de_ctx) {
892  }
893 
894  if (det_ctx != NULL)
895  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
896  if (de_ctx != NULL)
898 
899  return result;
900 }
901 
902 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
903 {
904  uint32_t i = start;
905  uint8_t payload[] = "Payload";
906  for (; i < end; i++) {
907  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
908  if (dir == 0) {
909  p->src.addr_data32[0] = i;
910  p->dst.addr_data32[0] = i + 1;
911  } else {
912  p->src.addr_data32[0] = i + 1;
913  p->dst.addr_data32[0] = i;
914  }
915  FlowHandlePacket(NULL, NULL, p);
916  if (p->flow != NULL) {
917  SC_ATOMIC_RESET(p->flow->use_cnt);
918  FLOWLOCK_UNLOCK(p->flow);
919  }
920 
921  /* Now the queues shoul be updated */
922  UTHFreePacket(p);
923  }
924 
925  return i;
926 }
927 
928 /** \brief parser a sig and see if the expected result is correct */
929 int UTHParseSignature(const char *str, bool expect)
930 {
933  de_ctx->flags |= DE_QUIET;
934 
936  if (expect)
937  FAIL_IF_NULL(s);
938  else
939  FAIL_IF_NOT_NULL(s);
940 
942  PASS;
943 }
944 
945 /** \brief writes the contents of a buffer into a file */
946 int UTHbufferToFile(const char * name, const uint8_t *data, size_t size) {
947  FILE * fd;
948  if (remove(name) != 0) {
949  if (errno != ENOENT) {
950  printf("failed remove, errno=%d\n", errno);
951  return -1;
952  }
953  }
954  fd = fopen(name, "wb");
955  if (fd == NULL) {
956  printf("failed open, errno=%d\n", errno);
957  return -2;
958  }
959  if (fwrite (data, 1, size, fd) != size) {
960  fclose(fd);
961  return -3;
962  }
963  fclose(fd);
964  return 0;
965 }
966 
967 /*
968  * unittests for the unittest helpers
969  */
970 
971 /**
972  * \brief CheckUTHTestPacket wrapper to check packets for unittests
973  */
974 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
975 {
976  uint16_t sport = 41424;
977  uint16_t dport = 80;
978  uint8_t payload[] = "Payload";
979 
980  uint8_t len = sizeof(payload);
981 
982  if (p == NULL)
983  return 0;
984 
985  if (p->payload_len != len)
986  return 0;
987 
988  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
989  return 0;
990 
991  if (p->src.family != AF_INET)
992  return 0;
993  if (p->dst.family != AF_INET)
994  return 0;
995  if (p->proto != ipproto)
996  return 0;
997 
998  switch(ipproto) {
999  case IPPROTO_UDP:
1000  if (p->udph == NULL)
1001  return 0;
1002  if (p->udph->uh_sport != sport)
1003  return 0;
1004  if (p->udph->uh_dport != dport)
1005  return 0;
1006  break;
1007  case IPPROTO_TCP:
1008  if (p->tcph == NULL)
1009  return 0;
1010  if (SCNtohs(p->tcph->th_sport) != sport)
1011  return 0;
1012  if (SCNtohs(p->tcph->th_dport) != dport)
1013  return 0;
1014  break;
1015  }
1016  return 1;
1017 }
1018 
1019 #ifdef HAVE_MEMMEM
1020 #include <string.h>
1021 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1022  return memmem(big, big_len, little, little_len);
1023 }
1024 #else
1025 #include "util-spm-bs.h"
1026 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1027  return BasicSearch(big, big_len, little, little_len);
1028 }
1029 #endif //HAVE_MEMMEM
1030 
1031 /**
1032  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
1033  */
1034 static int UTHBuildPacketRealTest01(void)
1035 {
1036  uint8_t payload[] = "Payload";
1037 
1038  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
1039  "192.168.1.5", "192.168.1.1", 41424, 80);
1040 
1041  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1042  UTHFreePacket(p);
1043 
1044  return ret;
1045 }
1046 
1047 /**
1048  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
1049  */
1050 static int UTHBuildPacketRealTest02(void)
1051 {
1052  uint8_t payload[] = "Payload";
1053 
1054  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
1055  "192.168.1.5", "192.168.1.1", 41424, 80);
1056 
1057  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1058  UTHFreePacket(p);
1059  return ret;
1060 }
1061 
1062 /**
1063  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1064  */
1065 static int UTHBuildPacketTest01(void)
1066 {
1067  uint8_t payload[] = "Payload";
1068 
1069  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1070 
1071  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1072  UTHFreePacket(p);
1073 
1074  return ret;
1075 }
1076 
1077 /**
1078  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1079  */
1080 static int UTHBuildPacketTest02(void)
1081 {
1082  uint8_t payload[] = "Payload";
1083 
1084  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1085 
1086  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1087  UTHFreePacket(p);
1088 
1089  return ret;
1090 }
1091 
1092 /**
1093  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1094  */
1095 static int UTHBuildPacketOfFlowsTest01(void)
1096 {
1097  int result = 0;
1098 
1100  uint32_t flow_spare_q_len = flow_spare_q.len;
1101 
1102  UTHBuildPacketOfFlows(0, 100, 0);
1103 
1104  if (flow_spare_q.len != flow_spare_q_len - 100)
1105  result = 0;
1106  else
1107  result = 1;
1108  FlowShutdown();
1109 
1110  return result;
1111 }
1112 
1113 
1114 /**
1115  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1116  */
1117 static int UTHBuildPacketSrcDstTest01(void)
1118 {
1119  uint8_t payload[] = "Payload";
1120 
1121  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1122  "192.168.1.5", "192.168.1.1");
1123 
1124  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1125  UTHFreePacket(p);
1126 
1127  return ret;
1128 }
1129 
1130 /**
1131  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1132  */
1133 static int UTHBuildPacketSrcDstTest02(void)
1134 {
1135  uint8_t payload[] = "Payload";
1136 
1137  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1138  "192.168.1.5", "192.168.1.1");
1139 
1140  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1141  UTHFreePacket(p);
1142 
1143  return ret;
1144 }
1145 
1146 /**
1147  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1148  */
1149 static int UTHBuildPacketSrcDstPortsTest01(void)
1150 {
1151  uint8_t payload[] = "Payload";
1152 
1153  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1154  41424, 80);
1155 
1156  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1157  UTHFreePacket(p);
1158 
1159  return ret;
1160 }
1161 
1162 /**
1163  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1164  */
1165 static int UTHBuildPacketSrcDstPortsTest02(void)
1166 {
1167  uint8_t payload[] = "Payload";
1168 
1169  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1170  41424, 80);
1171 
1172  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1173  UTHFreePacket(p);
1174 
1175  return ret;
1176 }
1177 
1178 #endif /* UNITTESTS */
1179 
1181 {
1182 #ifdef UNITTESTS
1183  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1184  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1185  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1186  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1187  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1188  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1189  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1190  UTHBuildPacketSrcDstPortsTest01);
1191  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1192  UTHBuildPacketSrcDstPortsTest02);
1193  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1194 
1195 #endif /* UNITTESTS */
1196 }
1197 
Packet_::proto
uint8_t proto
Definition: decode.h:431
UTHParseSignature
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Definition: util-unittest-helper.c:929
TcpStream_
Definition: stream-tcp-private.h:94
len
uint8_t len
Definition: app-layer-dnp3.h:4
UTHmemsearch
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
Definition: util-unittest-helper.c:1026
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:101
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1077
UTHAddStreamToFlow
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Definition: util-unittest-helper.c:504
flow-util.h
stream-tcp.h
SCFree
#define SCFree(a)
Definition: util-mem.h:322
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Flow_::proto
uint8_t proto
Definition: flow.h:361
Packet_::payload
uint8_t * payload
Definition: decode.h:541
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:138
Packet_::flags
uint32_t flags
Definition: decode.h:444
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:342
SigInit
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2023
results
struct DetectRfbSecresult_ results[]
UTHBuildPacketSrcDst
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
Definition: util-unittest-helper.c:343
UTHSetIPv4Address
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
Definition: util-unittest-helper.c:57
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
FlowInitConfig
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:530
UTHPacketMatchSigMpm
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
Definition: util-unittest-helper.c:792
TcpStreamCnf_::sbcnf
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:67
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2030
PacketCopyDataOffset
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:221
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:803
DE_QUIET
#define DE_QUIET
Definition: detect.h:292
UTHPacketMatchSig
int UTHPacketMatchSig(Packet *p, const char *sig)
Definition: util-unittest-helper.c:853
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:262
UTHBuildPacketSrcDstPorts
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
Definition: util-unittest-helper.c:379
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:39
util-spm-bs.h
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:167
Flow_::protoctx
void * protoctx
Definition: flow.h:416
DetectEngineCtx_::mpm_matcher
uint16_t mpm_matcher
Definition: detect.h:810
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:94
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:542
FlowQueue_::len
uint32_t len
Definition: flow-queue.h:45
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
UTHBuildPacketArrayFromEth
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
Definition: util-unittest-helper.c:281
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:260
UTHBuildPacketOfFlows
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
Definition: util-unittest-helper.c:902
flow_spare_q
FlowQueue flow_spare_q
Definition: flow.c:94
IPV4Hdr
struct IPV4Hdr_ IPV4Hdr
UTHAssignFlow
void UTHAssignFlow(Packet *p, Flow *f)
Definition: util-unittest-helper.c:438
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:103
SET_PKT_LEN
#define SET_PKT_LEN(p, len)
Definition: decode.h:230
UTHMatchPackets
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Definition: util-unittest-helper.c:741
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:446
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
UTHBuildPacketIPV6Real
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:81
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:16
UTHMatchPacketsWithResults
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
Definition: util-unittest-helper.c:691
DetectEngineThreadCtx_
Definition: detect.h:1004
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:723
UTHRegisterTests
void UTHRegisterTests(void)
Definition: util-unittest-helper.c:1180
UTHAddSessionToFlow
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Definition: util-unittest-helper.c:520
res
PoolThreadReserved res
Definition: stream-tcp-private.h:60
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:226
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
UTHCheckPacketMatchResults
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsids)
UTHCheckPacketMatches: function to check if a packet match some sids.
Definition: util-unittest-helper.c:618
Packet_::sp
Port sp
Definition: decode.h:416
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
Definition: detect-engine-sigorder.c:783
util-time.h
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
SCMalloc
#define SCMalloc(a)
Definition: util-mem.h:222
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:119
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:265
SigMatchSignatures
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1665
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:1947
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:48
IPV6Hdr_
Definition: decode-ipv6.h:31
Packet_
Definition: decode.h:408
SCCalloc
#define SCCalloc(nm, a)
Definition: util-mem.h:253
stream-tcp-private.h
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:501
Port
uint16_t Port
Definition: decode.h:236
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1876
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:497
StreamingBuffer_
Definition: util-streaming-buffer.h:95
IPV4Hdr_
Definition: decode-ipv4.h:70
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2316
Packet_::flow
struct Flow_ * flow
Definition: decode.h:446
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:2726
Packet_::ts
struct timeval ts
Definition: decode.h:452
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:375
suricata-common.h
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:2934
FlowFree
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:80
FLOW_IPV6
#define FLOW_IPV6
Definition: flow.h:96
UTHBuildPacketIPV6SrcDst
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
Definition: util-unittest-helper.c:361
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:523
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:685
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:122
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:767
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
Definition: util-unittest-helper.c:575
SC_ATOMIC_RESET
#define SC_ATOMIC_RESET(name)
Initialize the previously declared atomic variable and it's lock.
Definition: util-atomic.h:90
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:144
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:514
detect-engine-sigorder.h
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
str
#define str(s)
Definition: suricata-common.h:256
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:622
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:410
Signature_::id
uint32_t id
Definition: detect.h:555
STREAMING_BUFFER_INITIALIZER
#define STREAMING_BUFFER_INITIALIZER(cfg)
Definition: util-streaming-buffer.h:111
StreamTcpSessionCleanup
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:215
detect-parse.h
src
uint16_t src
Definition: app-layer-dnp3.h:7
Signature_
Signature container.
Definition: detect.h:522
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:61
UTHBuildPacketFromEth
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
Definition: util-unittest-helper.c:319
TimeGet
void TimeGet(struct timeval *tv)
Definition: util-time.c:153
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:1985
Packet_::udph
UDPHdr * udph
Definition: decode.h:525
Address_::family
char family
Definition: decode.h:112
Packet_::dst
Address dst
Definition: decode.h:414
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:38
UTHbufferToFile
int UTHbufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Definition: util-unittest-helper.c:946
COPY_TIMESTAMP
#define COPY_TIMESTAMP(src, dst)
Definition: flow-util.h:30
StreamingBufferAppend
int StreamingBufferAppend(StreamingBuffer *sb, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
Definition: util-streaming-buffer.c:576
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:762
UTHAppendSigs
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
Definition: util-unittest-helper.c:652
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:503
dst
uint16_t dst
Definition: app-layer-dnp3.h:6
UTHRemoveSessionFromFlow
int UTHRemoveSessionFromFlow(Flow *f)
Definition: util-unittest-helper.c:540
TcpSession_
Definition: stream-tcp-private.h:260
Packet_::dp
Port dp
Definition: decode.h:424
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:341
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:41
Packet_::src
Address src
Definition: decode.h:413
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:393