suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 #include "flow-spare-pool.h"
34 
35 #include "detect.h"
36 #include "detect-parse.h"
37 #include "detect-engine.h"
38 #include "detect-engine-alert.h"
39 #include "detect-engine-sigorder.h"
40 #include "detect-engine-build.h"
41 
42 #include "stream-tcp.h"
43 #include "stream-tcp-private.h"
44 
45 #include "util-debug.h"
46 #include "util-time.h"
47 #include "util-error.h"
48 #include "util-unittest.h"
49 #include "util-unittest-helper.h"
50 
51 #if defined(UNITTESTS) || defined(FUZZ)
52 Flow *TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
53 {
54  struct in_addr in;
55 
56  Flow *f = SCMalloc(sizeof(Flow));
57  if (unlikely(f == NULL)) {
58  printf("FlowAlloc failed\n");
59  ;
60  return NULL;
61  }
62  memset(f, 0x00, sizeof(Flow));
63 
64  FLOW_INITIALIZE(f);
65 
66  if (family == AF_INET) {
67  f->flags |= FLOW_IPV4;
68  } else if (family == AF_INET6) {
69  f->flags |= FLOW_IPV6;
70  }
71 
72  if (src != NULL) {
73  if (family == AF_INET) {
74  if (inet_pton(AF_INET, src, &in) != 1) {
75  printf("invalid address %s\n", src);
76  SCFree(f);
77  return NULL;
78  }
79  f->src.addr_data32[0] = in.s_addr;
80  } else {
81  BUG_ON(1);
82  }
83  }
84  if (dst != NULL) {
85  if (family == AF_INET) {
86  if (inet_pton(AF_INET, dst, &in) != 1) {
87  printf("invalid address %s\n", dst);
88  SCFree(f);
89  return NULL;
90  }
91  f->dst.addr_data32[0] = in.s_addr;
92  } else {
93  BUG_ON(1);
94  }
95  }
96 
97  f->sp = sp;
98  f->dp = dp;
99 
100  return f;
101 }
102 /** \brief writes the contents of a buffer into a file */
103 int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
104 {
105  if (remove(name) != 0) {
106  if (errno != ENOENT) {
107  printf("failed remove, errno=%d\n", errno);
108  return -1;
109  }
110  }
111  FILE *fd = fopen(name, "wb");
112  if (fd == NULL) {
113  printf("failed open, errno=%d\n", errno);
114  return -2;
115  }
116  if (fwrite (data, 1, size, fd) != size) {
117  fclose(fd);
118  return -3;
119  }
120  fclose(fd);
121  return 0;
122 }
123 
124 #endif
125 #ifdef UNITTESTS
126 void UTHSetIPV4Hdr(Packet *p, IPV4Hdr *ip4h)
127 {
128  PacketSetIPV4(p, (uint8_t *)ip4h);
129 }
130 
131 void UTHSetIPV6Hdr(Packet *p, IPV6Hdr *ip6h)
132 {
133  PacketSetIPV6(p, (uint8_t *)ip6h);
134 }
135 
136 void UTHSetTCPHdr(Packet *p, TCPHdr *tcph)
137 {
138  PacketSetTCP(p, (uint8_t *)tcph);
139 }
140 
141 /**
142  * \brief return the uint32_t for a ipv4 address string
143  *
144  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
145  *
146  * \retval uint the uin32_t representation
147  */
148 uint32_t UTHSetIPv4Address(const char *str)
149 {
150  struct in_addr in;
151  if (inet_pton(AF_INET, str, &in) != 1) {
152  printf("invalid IPv6 address %s\n", str);
153  exit(EXIT_FAILURE);
154  }
155  return (uint32_t)in.s_addr;
156 }
157 
158 /**
159  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
160  * specifying ip and port sources and destinations (IPV6)
161  *
162  * \param payload pointer to the payload buffer
163  * \param payload_len pointer to the length of the payload
164  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
165  * \param src pointer to a string containing the ip source
166  * \param dst pointer to a string containing the ip destination
167  * \param sport pointer to a string containing the port source
168  * \param dport pointer to a string containing the port destination
169  *
170  * \retval Packet pointer to the built in packet
171  */
172 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
173  uint8_t ipproto, const char *src, const char *dst,
174  uint16_t sport, uint16_t dport)
175 {
176  uint32_t in[4];
177  TCPHdr *tcph = NULL;
178 
179  Packet *p = PacketGetFromAlloc();
180  if (unlikely(p == NULL))
181  return NULL;
182 
183  p->ts = TimeGet();
184 
185  p->src.family = AF_INET6;
186  p->dst.family = AF_INET6;
187  p->payload = payload;
189  p->proto = ipproto;
190 
191  IPV6Hdr *ip6h = SCCalloc(1, sizeof(IPV6Hdr));
192  if (ip6h == NULL)
193  goto error;
194  ip6h->s_ip6_nxt = ipproto;
195  ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
196  UTHSetIPV6Hdr(p, ip6h);
197 
198  if (inet_pton(AF_INET6, src, &in) != 1)
199  goto error;
200  p->src.addr_data32[0] = in[0];
201  p->src.addr_data32[1] = in[1];
202  p->src.addr_data32[2] = in[2];
203  p->src.addr_data32[3] = in[3];
204  p->sp = sport;
205  ip6h->s_ip6_src[0] = in[0];
206  ip6h->s_ip6_src[1] = in[1];
207  ip6h->s_ip6_src[2] = in[2];
208  ip6h->s_ip6_src[3] = in[3];
209 
210  if (inet_pton(AF_INET6, dst, &in) != 1)
211  goto error;
212  p->dst.addr_data32[0] = in[0];
213  p->dst.addr_data32[1] = in[1];
214  p->dst.addr_data32[2] = in[2];
215  p->dst.addr_data32[3] = in[3];
216  p->dp = dport;
217  ip6h->s_ip6_dst[0] = in[0];
218  ip6h->s_ip6_dst[1] = in[1];
219  ip6h->s_ip6_dst[2] = in[2];
220  ip6h->s_ip6_dst[3] = in[3];
221 
222  tcph = SCMalloc(sizeof(TCPHdr));
223  if (tcph == NULL)
224  goto error;
225  memset(tcph, 0, sizeof(TCPHdr));
226  tcph->th_sport = htons(sport);
227  tcph->th_dport = htons(dport);
228  UTHSetTCPHdr(p, tcph);
229 
230  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
231  return p;
232 
233 error:
234  if (p != NULL) {
235  if (ip6h != NULL) {
236  SCFree(ip6h);
237  }
238  if (tcph != NULL) {
239  SCFree(tcph);
240  }
241  SCFree(p);
242  }
243  return NULL;
244 }
245 
246 /**
247  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
248  * specifying ip and port sources and destinations
249  *
250  * \param payload pointer to the payload buffer
251  * \param payload_len pointer to the length of the payload
252  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
253  * \param src pointer to a string containing the ip source
254  * \param dst pointer to a string containing the ip destination
255  * \param sport pointer to a string containing the port source
256  * \param dport pointer to a string containing the port destination
257  *
258  * \retval Packet pointer to the built in packet
259  */
260 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
261  uint8_t ipproto, const char *src, const char *dst,
262  uint16_t sport, uint16_t dport)
263 {
264  struct in_addr in;
265 
266  Packet *p = PacketGetFromAlloc();
267  if (unlikely(p == NULL))
268  return NULL;
269 
270  p->ts = TimeGet();
271 
272  p->src.family = AF_INET;
273  p->dst.family = AF_INET;
274  p->payload = payload;
275  p->payload_len = payload_len;
276  p->proto = ipproto;
277 
278  if (inet_pton(AF_INET, src, &in) != 1)
279  goto error;
280  p->src.addr_data32[0] = in.s_addr;
281  if (ipproto == IPPROTO_TCP || ipproto == IPPROTO_UDP || ipproto == IPPROTO_SCTP)
282  p->sp = sport;
283 
284  if (inet_pton(AF_INET, dst, &in) != 1)
285  goto error;
286  p->dst.addr_data32[0] = in.s_addr;
287  if (ipproto == IPPROTO_TCP || ipproto == IPPROTO_UDP || ipproto == IPPROTO_SCTP)
288  p->dp = dport;
289 
290  IPV4Hdr *ip4h = PacketSetIPV4(p, GET_PKT_DATA(p));
291  if (ip4h == NULL)
292  goto error;
293 
294  ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
295  ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
296  ip4h->ip_proto = ipproto;
297  ip4h->ip_verhl = sizeof(IPV4Hdr);
298  p->proto = ipproto;
299 
300  int hdr_offset = sizeof(IPV4Hdr);
301  switch (ipproto) {
302  case IPPROTO_UDP: {
303  UDPHdr *udph = PacketSetUDP(p, (GET_PKT_DATA(p) + sizeof(IPV4Hdr)));
304  if (udph == NULL)
305  goto error;
306 
307  udph->uh_sport = sport;
308  udph->uh_dport = dport;
309  hdr_offset += sizeof(UDPHdr);
310  break;
311  }
312  case IPPROTO_TCP: {
313  TCPHdr *tcph = PacketSetTCP(p, GET_PKT_DATA(p) + sizeof(IPV4Hdr));
314  if (tcph == NULL)
315  goto error;
316 
317  tcph->th_sport = htons(sport);
318  tcph->th_dport = htons(dport);
319  hdr_offset += sizeof(TCPHdr);
320  break;
321  }
322  case IPPROTO_ICMP: {
323  ICMPV4Hdr *icmpv4h = PacketSetICMPv4(p, (GET_PKT_DATA(p) + sizeof(IPV4Hdr)));
324  if (icmpv4h == NULL)
325  goto error;
326 
327  hdr_offset += sizeof(ICMPV4Hdr);
328  break;
329  }
330  default:
331  break;
332  /* TODO: Add more protocols */
333  }
334 
335  if (payload && payload_len) {
336  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
337  }
338  SET_PKT_LEN(p, hdr_offset + payload_len);
339  p->payload = GET_PKT_DATA(p)+hdr_offset;
340  p->app_update_direction = UPDATE_DIR_BOTH;
341 
342  return p;
343 
344 error:
345  SCFree(p);
346  return NULL;
347 }
348 
349 /**
350  * \brief UTHBuildPacket is a wrapper that build packets with default ip
351  * and port fields
352  *
353  * \param payload pointer to the payload buffer
354  * \param payload_len pointer to the length of the payload
355  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
356  *
357  * \retval Packet pointer to the built in packet
358  */
359 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
360  uint8_t ipproto)
361 {
362  return UTHBuildPacketReal(payload, payload_len, ipproto,
363  "192.168.1.5", "192.168.1.1",
364  41424, 80);
365 }
366 
367 /**
368  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
369  *
370  * \param raw_eth pointer to the rawbytes containing an ethernet packet
371  * (and any other headers inside)
372  * \param pktsize pointer to the length of the payload
373  *
374  * \retval Packet pointer to the built in packet; NULL if something fail
375  */
376 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
377 {
379  ThreadVars th_v;
380  Packet *p = PacketGetFromAlloc();
381  if (unlikely(p == NULL))
382  return NULL;
383  memset(&dtv, 0, sizeof(DecodeThreadVars));
384  memset(&th_v, 0, sizeof(th_v));
385 
386  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize);
387  return p;
388 }
389 
390 /**
391  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
392  * and defaulting ports
393  *
394  * \param payload pointer to the payload buffer
395  * \param payload_len pointer to the length of the payload
396  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
397  *
398  * \retval Packet pointer to the built in packet
399  */
400 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
401  uint8_t ipproto, const char *src, const char *dst)
402 {
403  return UTHBuildPacketReal(payload, payload_len, ipproto,
404  src, dst,
405  41424, 80);
406 }
407 
408 /**
409  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
410  * and defaulting ports (IPV6)
411  *
412  * \param payload pointer to the payload buffer
413  * \param payload_len pointer to the length of the payload
414  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
415  *
416  * \retval Packet pointer to the built in packet
417  */
418 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
419  uint8_t ipproto, const char *src, const char *dst)
420 {
421  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
422  src, dst,
423  41424, 80);
424 }
425 
426 /**
427  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
428  * src and dst ports and defaulting IPs
429  *
430  * \param payload pointer to the payload buffer
431  * \param payload_len pointer to the length of the payload
432  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
433  *
434  * \retval Packet pointer to the built in packet
435  */
436 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
437  uint8_t ipproto, uint16_t sport, uint16_t dport)
438 {
439  return UTHBuildPacketReal(payload, payload_len, ipproto,
440  "192.168.1.5", "192.168.1.1",
441  sport, dport);
442 }
443 
444 /**
445  * \brief UTHFreePackets: function to release the allocated data
446  * from UTHBuildPacket and the packet itself
447  *
448  * \param p pointer to the Packet
449  */
450 void UTHFreePackets(Packet **p, int numpkts)
451 {
452  if (p == NULL)
453  return;
454 
455  int i = 0;
456  for (; i < numpkts; i++) {
457  UTHFreePacket(p[i]);
458  }
459 }
460 
461 /**
462  * \brief UTHFreePacket: function to release the allocated data
463  * from UTHBuildPacket and the packet itself
464  *
465  * \param p pointer to the Packet
466  */
468 {
469  if (p == NULL)
470  return;
471  PacketFree(p);
472 }
473 
475 {
476  if (p && f) {
477  p->flow = f;
478  p->flags |= PKT_HAS_FLOW;
479  }
480 }
481 
482 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
483 {
484  return TestHelperBuildFlow(family, src, dst, sp, dp);
485 }
486 
487 void UTHFreeFlow(Flow *flow)
488 {
489  if (flow != NULL) {
490  SCFree(flow);//FlowFree(flow);
491  }
492 }
493 
494 int UTHAddStreamToFlow(Flow *f, int direction,
495  uint8_t *data, uint32_t data_len)
496 {
497  FAIL_IF_NULL(f);
498  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
500  TcpSession *ssn = f->protoctx;
501 
502  StreamingBufferSegment seg;
503  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
504  int r = StreamingBufferAppend(&stream->sb, &stream_config.sbcnf, &seg, data, data_len);
505  FAIL_IF_NOT(r == 0);
506  stream->last_ack += data_len;
507  return 1;
508 }
509 
511  uint32_t ts_isn,
512  uint32_t tc_isn)
513 {
514  FAIL_IF_NULL(f);
515 
516  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
517  FAIL_IF_NULL(ssn);
518 
520  ssn->client.sb = x;
521  ssn->server.sb = x;
522 
523  ssn->client.isn = ts_isn;
524  ssn->server.isn = tc_isn;
525 
526  f->protoctx = ssn;
527  return 1;
528 }
529 
531 {
532  FAIL_IF_NULL(f);
533  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
534  TcpSession *ssn = f->protoctx;
535  FAIL_IF_NULL(ssn);
537  SCFree(ssn);
538  f->protoctx = NULL;
539  return 1;
540 }
541 
542 /**
543  * \brief UTHGenericTest: function that perform a generic check taking care of
544  * as maximum common unittest elements as possible.
545  * It will create a detection engine, append an array
546  * of signatures an check the expected results for each
547  * of them, it check matches for an array of packets
548  *
549  * \param pkt pointer to the array of packets
550  * \param numpkts number of packets to match
551  * \param sigs array of char* pointing to signatures to load
552  * \param numsigs number of signatures to load and check
553  * \param results pointer to arrays of numbers, each of them foreach packet
554  * to check if sids matches that packet as expected with
555  * that number of times or not. The size of results should be
556  * numpkts * numsigs * sizeof(uint16_t *)
557  *
558  * Example:
559  * result[1][3] would mean the number of times the pkt[1]
560  * match the sid[3]
561  *
562  * \retval int 1 if the match of all the sids is the specified has the
563  * specified results; 0 if not
564  */
565 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
566 {
567 
568  int result = 0;
569  if (pkt == NULL || sigs == NULL || numpkts == 0
570  || sids == NULL || results == NULL || numsigs == 0) {
571  SCLogError("Arguments invalid, that the pointer/arrays are not NULL, and the number of "
572  "signatures and packets is > 0");
573  goto end;
574  }
576  if (de_ctx == NULL) {
577  goto end;
578  }
579  de_ctx->flags |= DE_QUIET;
580 
581  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
582  goto cleanup;
583 
584  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
585 
586 cleanup:
588 end:
589  return result;
590 }
591 
592 /**
593  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
594  *
595  *
596  * \param p pointer to the Packet
597  * \param sigs array of char* pointing to signatures to load
598  * \param numsigs number of signatures to load from the array
599  * \param results pointer to an array of numbers to check if sids matches
600  * that number of times or not.
601  *
602  * \retval int 1 if the match of all the sids is the specified has the
603  * specified results; 0 if not
604  */
605 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsigs)
606 {
607  if (p == NULL || sids == NULL) {
608  SCLogError("Arguments invalid, check if the "
609  "packet is NULL, and if the array contain sids is set");
610  return 0;
611  }
612 
613  int i = 0;
614  int res = 1;
615  for (; i < numsigs; i++) {
616  uint32_t r = PacketAlertCheck(p, sids[i]);
617  if (r != results[i]) {
618  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, and not %" PRIu32 " as expected",
619  sids[i], r, results[i]);
620  res = 0;
621  } else {
622  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, as expected", sids[i], r);
623  }
624  }
625  return res;
626 }
627 
628 /**
629  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
630  *
631  * \param de_ctx pointer to the DetectEngineCtx used
632  * \param sigs array of char* pointing to signatures to load
633  * \param numsigs number of signatures to load from the array
634  * (size of the array)
635  *
636  * \retval int 0 if we have errors; 1 if all the signatures loaded successfully
637  */
638 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
639 {
640  BUG_ON(de_ctx == NULL);
641  BUG_ON(numsigs <= 0);
642  BUG_ON(sigs == NULL);
643 
644  for (int i = 0; i < numsigs; i++) {
645  if (sigs[i] == NULL) {
646  SCLogError("Check the signature"
647  " at position %d",
648  i);
649  return 0;
650  }
651  Signature *s = DetectEngineAppendSig(de_ctx, sigs[i]);
652  if (s == NULL) {
653  SCLogError("Check the signature at"
654  " position %d (%s)",
655  i, sigs[i]);
656  return 0;
657  }
658  }
659  return 1;
660 }
661 
662 /**
663  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
664  * of a de_ctx, checking that each signature matches X times for certain packets
665  *
666  * \param de_ctx pointer with the signatures loaded
667  * \param p pointer to the array of packets
668  * \param num_packets number of packets in the array
669  *
670  * \retval return 1 if all goes well
671  * \retval return 0 if something fail
672  */
673 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
674 {
675  BUG_ON(de_ctx == NULL);
676  BUG_ON(p == NULL);
677 
678  int result = 0;
680  ThreadVars th_v;
681  DetectEngineThreadCtx *det_ctx = NULL;
682  memset(&dtv, 0, sizeof(DecodeThreadVars));
683  memset(&th_v, 0, sizeof(th_v));
684 
686  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
687 
688  for (int i = 0; i < num_packets; i++) {
689  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
690  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
691  goto cleanup;
692  }
693 
694  result = 1;
695 cleanup:
696  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
697  return result;
698 }
699 
700 /**
701  * \test UTHMatchPackets Match a packet or a array of packets against sigs
702  * of a de_ctx, but note that the return value doesn't mean that we have a
703  * match, we have to check it later with PacketAlertCheck()
704  *
705  * \param de_ctx pointer with the signatures loaded
706  * \param p pointer to the array of packets
707  * \param num_packets number of packets in the array
708  *
709  * \retval return 1 if all goes well
710  * \retval return 0 if something fail
711  */
712 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
713 {
714  BUG_ON(de_ctx == NULL);
715  BUG_ON(p == NULL);
716  int result = 1;
718  ThreadVars th_v;
719  DetectEngineThreadCtx *det_ctx = NULL;
720  memset(&dtv, 0, sizeof(DecodeThreadVars));
721  memset(&th_v, 0, sizeof(th_v));
726  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
727 
728  for (int i = 0; i < num_packets; i++)
729  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
730 
731  /* Here we don't check if the packet matched or not, because
732  * the de_ctx can have multiple signatures, and some of them may match
733  * and others may not. That check will be outside
734  */
735  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
736  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
737  return result;
738 }
739 
740 /**
741  * \test Test if a packet match a signature given as string and a mpm_type
742  * Hint: Useful for unittests with only one packet and one signature
743  *
744  * \param sig pointer to the string signature to test
745  * \param sid sid number of the signature
746  *
747  * \retval return 1 if match
748  * \retval return 0 if not
749  */
750 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
751 {
752  SCEnter();
753 
754  int result = 0;
755 
757  ThreadVars th_v;
758  DetectEngineThreadCtx *det_ctx = NULL;
759 
760  memset(&dtv, 0, sizeof(DecodeThreadVars));
761  memset(&th_v, 0, sizeof(th_v));
762 
764  if (de_ctx == NULL) {
765  printf("de_ctx == NULL: ");
766  goto end;
767  }
768 
769  de_ctx->flags |= DE_QUIET;
770  de_ctx->mpm_matcher = mpm_type;
771 
772  de_ctx->sig_list = SigInit(de_ctx, sig);
773  if (de_ctx->sig_list == NULL) {
774  printf("signature == NULL: ");
775  goto end;
776  }
777 
779  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
780 
781  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
782  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
783  printf("signature didn't alert: ");
784  goto end;
785  }
786 
787  result = 1;
788 end:
789  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
791  SCReturnInt(result);
792 }
793 
794 /**
795  * \test Test if a packet match a signature given as string
796  * Hint: Useful for unittests with only one packet and one signature
797  *
798  * \param sig pointer to the string signature to test
799  * \param sid sid number of the signature
800  *
801  * \retval return 1 if match
802  * \retval return 0 if not
803  */
804 int UTHPacketMatchSig(Packet *p, const char *sig)
805 {
806  int result = 1;
807 
809 
810  ThreadVars th_v;
811  DetectEngineThreadCtx *det_ctx = NULL;
812 
813  memset(&dtv, 0, sizeof(DecodeThreadVars));
814  memset(&th_v, 0, sizeof(th_v));
815 
817  if (de_ctx == NULL) {
818  result=0;
819  goto end;
820  }
821 
822  de_ctx->flags |= DE_QUIET;
823 
824  de_ctx->sig_list = SigInit(de_ctx, sig);
825  if (de_ctx->sig_list == NULL) {
826  result = 0;
827  goto end;
828  }
829 
831  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
832 
833  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
834  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
835  result = 0;
836  goto end;
837  }
838 
839 end:
840  if (de_ctx) {
843  }
844 
845  if (det_ctx != NULL)
846  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
847  if (de_ctx != NULL)
849 
850  return result;
851 }
852 
853 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
854 {
855  FlowLookupStruct fls;
856  memset(&fls, 0, sizeof(fls));
857 
858  uint32_t i = start;
859  uint8_t payload[] = "Payload";
860  for (; i < end; i++) {
861  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
862  if (dir == 0) {
863  p->src.addr_data32[0] = i;
864  p->dst.addr_data32[0] = i + 1;
865  } else {
866  p->src.addr_data32[0] = i + 1;
867  p->dst.addr_data32[0] = i;
868  }
869  FlowHandlePacket(NULL, &fls, p);
870  if (p->flow != NULL) {
871  FLOWLOCK_UNLOCK(p->flow);
872  }
873 
874  /* Now the queues should be updated */
875  UTHFreePacket(p);
876  }
877 
878  Flow *f;
879  while ((f = FlowQueuePrivateGetFromTop(&fls.spare_queue))) {
880  FlowFree(f);
881  }
882  while ((f = FlowQueuePrivateGetFromTop(&fls.work_queue))) {
883  FlowFree(f);
884  }
885 
886  return i;
887 }
888 
889 /** \brief parser a sig and see if the expected result is correct */
890 int UTHParseSignature(const char *str, bool expect)
891 {
894  de_ctx->flags |= DE_QUIET;
895 
897  if (expect)
898  FAIL_IF_NULL(s);
899  else
900  FAIL_IF_NOT_NULL(s);
901 
903  PASS;
904 }
905 
906 /*
907  * unittests for the unittest helpers
908  */
909 
910 /**
911  * \brief CheckUTHTestPacket wrapper to check packets for unittests
912  */
913 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
914 {
915  uint16_t sport = 41424;
916  uint16_t dport = 80;
917  uint8_t payload[] = "Payload";
918 
919  uint8_t len = sizeof(payload);
920 
921  if (p == NULL)
922  return 0;
923 
924  if (p->payload_len != len)
925  return 0;
926 
927  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
928  return 0;
929 
930  if (p->src.family != AF_INET)
931  return 0;
932  if (p->dst.family != AF_INET)
933  return 0;
934  if (p->proto != ipproto)
935  return 0;
936 
937  switch(ipproto) {
938  case IPPROTO_UDP: {
939  const UDPHdr *udph = PacketGetUDP(p);
940  if (udph == NULL)
941  return 0;
942  if (udph->uh_sport != sport)
943  return 0;
944  if (udph->uh_dport != dport)
945  return 0;
946  break;
947  }
948  case IPPROTO_TCP: {
949  const TCPHdr *tcph = PacketGetTCP(p);
950  if (tcph == NULL)
951  return 0;
952  if (SCNtohs(tcph->th_sport) != sport)
953  return 0;
954  if (SCNtohs(tcph->th_dport) != dport)
955  return 0;
956  break;
957  }
958  }
959  return 1;
960 }
961 
962 #ifdef HAVE_MEMMEM
963 #include <string.h>
964 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
965  return memmem(big, big_len, little, little_len);
966 }
967 #else
968 #include "util-spm-bs.h"
969 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
970  return BasicSearch(big, big_len, little, little_len);
971 }
972 #endif //HAVE_MEMMEM
973 
974 /**
975  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
976  */
977 static int UTHBuildPacketRealTest01(void)
978 {
979  uint8_t payload[] = "Payload";
980 
981  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
982  "192.168.1.5", "192.168.1.1", 41424, 80);
983 
984  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
985  UTHFreePacket(p);
986 
987  return ret;
988 }
989 
990 /**
991  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
992  */
993 static int UTHBuildPacketRealTest02(void)
994 {
995  uint8_t payload[] = "Payload";
996 
997  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
998  "192.168.1.5", "192.168.1.1", 41424, 80);
999 
1000  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1001  UTHFreePacket(p);
1002  return ret;
1003 }
1004 
1005 /**
1006  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1007  */
1008 static int UTHBuildPacketTest01(void)
1009 {
1010  uint8_t payload[] = "Payload";
1011 
1012  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1013 
1014  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1015  UTHFreePacket(p);
1016 
1017  return ret;
1018 }
1019 
1020 /**
1021  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1022  */
1023 static int UTHBuildPacketTest02(void)
1024 {
1025  uint8_t payload[] = "Payload";
1026 
1027  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1028 
1029  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1030  UTHFreePacket(p);
1031 
1032  return ret;
1033 }
1034 
1035 /**
1036  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1037  */
1038 static int UTHBuildPacketOfFlowsTest01(void)
1039 {
1040  int result = 0;
1041 
1043  uint32_t flow_spare_q_len = FlowSpareGetPoolSize();
1044 
1045  UTHBuildPacketOfFlows(0, 100, 0);
1046 
1047  if (FlowSpareGetPoolSize() != flow_spare_q_len - 100)
1048  result = 0;
1049  else
1050  result = 1;
1051  FlowShutdown();
1052 
1053  return result;
1054 }
1055 
1056 
1057 /**
1058  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1059  */
1060 static int UTHBuildPacketSrcDstTest01(void)
1061 {
1062  uint8_t payload[] = "Payload";
1063 
1064  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1065  "192.168.1.5", "192.168.1.1");
1066 
1067  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1068  UTHFreePacket(p);
1069 
1070  return ret;
1071 }
1072 
1073 /**
1074  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1075  */
1076 static int UTHBuildPacketSrcDstTest02(void)
1077 {
1078  uint8_t payload[] = "Payload";
1079 
1080  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1081  "192.168.1.5", "192.168.1.1");
1082 
1083  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1084  UTHFreePacket(p);
1085 
1086  return ret;
1087 }
1088 
1089 /**
1090  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1091  */
1092 static int UTHBuildPacketSrcDstPortsTest01(void)
1093 {
1094  uint8_t payload[] = "Payload";
1095 
1096  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1097  41424, 80);
1098 
1099  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1100  UTHFreePacket(p);
1101 
1102  return ret;
1103 }
1104 
1105 /**
1106  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1107  */
1108 static int UTHBuildPacketSrcDstPortsTest02(void)
1109 {
1110  uint8_t payload[] = "Payload";
1111 
1112  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1113  41424, 80);
1114 
1115  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1116  UTHFreePacket(p);
1117 
1118  return ret;
1119 }
1120 
1121 #endif /* UNITTESTS */
1122 
1124 {
1125 #ifdef UNITTESTS
1126  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1127  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1128  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1129  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1130  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1131  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1132  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1133  UTHBuildPacketSrcDstPortsTest01);
1134  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1135  UTHBuildPacketSrcDstPortsTest02);
1136  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1137 
1138 #endif /* UNITTESTS */
1139 }
1140 
UPDATE_DIR_BOTH
@ UPDATE_DIR_BOTH
Definition: stream-tcp-reassemble.h:58
FlowLookupStruct_::work_queue
FlowQueuePrivate work_queue
Definition: flow.h:548
Packet_::proto
uint8_t proto
Definition: decode.h:498
UTHParseSignature
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Definition: util-unittest-helper.c:890
TcpStream_
Definition: stream-tcp-private.h:106
len
uint8_t len
Definition: app-layer-dnp3.h:2
UTHmemsearch
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
Definition: util-unittest-helper.c:969
TCPHdr_::th_dport
uint16_t th_dport
Definition: decode-tcp.h:151
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
UDPHdr_::uh_dport
uint16_t uh_dport
Definition: decode-udp.h:44
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:113
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1268
UTHAddStreamToFlow
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Definition: util-unittest-helper.c:494
FlowSpareGetPoolSize
uint32_t FlowSpareGetPoolSize(void)
Definition: flow-spare-pool.c:46
flow-util.h
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Flow_::proto
uint8_t proto
Definition: flow.h:378
Packet_::payload
uint8_t * payload
Definition: decode.h:574
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
Packet_::flags
uint32_t flags
Definition: decode.h:513
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:356
UTHBuildPacketSrcDst
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
Definition: util-unittest-helper.c:400
UTHSetIPV4Hdr
void UTHSetIPV4Hdr(Packet *p, IPV4Hdr *ip4h)
Definition: util-unittest-helper.c:126
UTHSetIPv4Address
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
Definition: util-unittest-helper.c:148
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
UTHPacketMatchSigMpm
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
Definition: util-unittest-helper.c:750
TcpStreamCnf_::sbcnf
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:89
FlowLookupStruct_
Definition: flow.h:544
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2623
PacketCopyDataOffset
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:309
ICMPV4Hdr
struct ICMPV4Hdr_ ICMPV4Hdr
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:852
UTHCheckPacketMatchResults
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsigs)
UTHCheckPacketMatches: function to check if a packet match some sids.
Definition: util-unittest-helper.c:605
DE_QUIET
#define DE_QUIET
Definition: detect.h:323
UTHPacketMatchSig
int UTHPacketMatchSig(Packet *p, const char *sig)
Definition: util-unittest-helper.c:804
StreamingBufferAppend
int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
Definition: util-streaming-buffer.c:1086
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:519
UTHSetTCPHdr
void UTHSetTCPHdr(Packet *p, TCPHdr *tcph)
Definition: util-unittest-helper.c:136
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:359
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1950
UTHBuildPacketSrcDstPorts
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
Definition: util-unittest-helper.c:436
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:55
UTHSetIPV6Hdr
void UTHSetIPV6Hdr(Packet *p, IPV6Hdr *ip6h)
Definition: util-unittest-helper.c:131
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2591
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:219
util-spm-bs.h
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:260
Flow_::protoctx
void * protoctx
Definition: flow.h:446
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:99
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:575
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:273
UTHBuildPacketOfFlows
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
Definition: util-unittest-helper.c:853
IPV4Hdr
struct IPV4Hdr_ IPV4Hdr
UTHAssignFlow
void UTHAssignFlow(Packet *p, Flow *f)
Definition: util-unittest-helper.c:474
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:115
flow-spare-pool.h
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:533
SET_PKT_LEN
#define SET_PKT_LEN(p, len)
Definition: decode.h:209
UTHMatchPackets
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Definition: util-unittest-helper.c:712
TCPHdr_::th_sport
uint16_t th_sport
Definition: decode-tcp.h:150
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:482
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:38
UTHBuildPacketIPV6Real
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:172
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
UTHMatchPacketsWithResults
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
Definition: util-unittest-helper.c:673
DetectEngineThreadCtx_
Definition: detect.h:1098
Packet_::ts
SCTime_t ts
Definition: decode.h:524
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:760
UTHRegisterTests
void UTHRegisterTests(void)
Definition: util-unittest-helper.c:1123
UTHAddSessionToFlow
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Definition: util-unittest-helper.c:510
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:205
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition: detect-engine.c:3365
Packet_::sp
Port sp
Definition: decode.h:483
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:832
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:846
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:193
TestHelperBufferToFile
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Definition: util-unittest-helper.c:103
util-time.h
FlowQueuePrivateGetFromTop
Flow * FlowQueuePrivateGetFromTop(FlowQueuePrivate *fqc)
Definition: flow-queue.c:151
SigInit
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2289
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2212
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:47
IPV6Hdr_
Definition: decode-ipv6.h:32
Packet_
Definition: decode.h:476
detect-engine-build.h
TimeGet
SCTime_t TimeGet(void)
Definition: util-time.c:152
stream-tcp-private.h
ICMPV4Hdr_
Definition: decode-icmpv4.h:165
detect-engine-alert.h
Port
uint16_t Port
Definition: decode.h:214
STREAMING_BUFFER_INITIALIZER
#define STREAMING_BUFFER_INITIALIZER
Definition: util-streaming-buffer.h:137
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2145
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:487
StreamingBuffer_
Definition: util-streaming-buffer.h:108
IPV4Hdr_
Definition: decode-ipv4.h:72
FlowLookupStruct_::spare_queue
FlowQueuePrivate spare_queue
Definition: flow.h:546
Packet_::flow
struct Flow_ * flow
Definition: decode.h:515
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:414
suricata-common.h
FlowFree
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:83
FLOW_IPV6
#define FLOW_IPV6
Definition: flow.h:101
UTHBuildPacketIPV6SrcDst
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
Definition: util-unittest-helper.c:418
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:680
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:135
UDPHdr
struct UDPHdr_ UDPHdr
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition: detect-engine.c:3592
UDPHdr_::uh_sport
uint16_t uh_sport
Definition: decode-udp.h:43
UDPHdr_
Definition: decode-udp.h:42
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:851
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:297
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition: util-unittest-helper.c:565
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:232
detect-engine-sigorder.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:296
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:932
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:467
Signature_::id
uint32_t id
Definition: detect.h:638
StreamTcpSessionCleanup
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:327
detect-parse.h
src
uint16_t src
Definition: app-layer-dnp3.h:5
Signature_
Signature container.
Definition: detect.h:603
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
UTHBuildPacketFromEth
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
Definition: util-unittest-helper.c:376
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2584
Address_::family
char family
Definition: decode.h:109
Packet_::dst
Address dst
Definition: decode.h:481
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
TestHelperBuildFlow
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:52
IPPROTO_SCTP
#define IPPROTO_SCTP
Definition: decode.h:1194
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:845
UTHAppendSigs
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
Definition: util-unittest-helper.c:638
TCPHdr
struct TCPHdr_ TCPHdr
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
UTHRemoveSessionFromFlow
int UTHRemoveSessionFromFlow(Flow *f)
Definition: util-unittest-helper.c:530
TcpSession_
Definition: stream-tcp-private.h:283
Packet_::dp
Port dp
Definition: decode.h:491
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
IPV4Hdr_::ip_proto
uint8_t ip_proto
Definition: decode-ipv4.h:79
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
IPV4Hdr_::ip_verhl
uint8_t ip_verhl
Definition: decode-ipv4.h:73
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
TCPHdr_
Definition: decode-tcp.h:149
Packet_::src
Address src
Definition: decode.h:480
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:450