Go to the documentation of this file.
51 #if defined(UNITTESTS) || defined(FUZZ)
58 printf(
"FlowAlloc failed\n");
62 memset(f, 0x00,
sizeof(
Flow));
66 if (family == AF_INET) {
68 }
else if (family == AF_INET6) {
73 if (family == AF_INET) {
74 if (inet_pton(AF_INET,
src, &in) != 1) {
75 printf(
"invalid address %s\n",
src);
79 f->src.addr_data32[0] = in.s_addr;
85 if (family == AF_INET) {
86 if (inet_pton(AF_INET,
dst, &in) != 1) {
87 printf(
"invalid address %s\n",
dst);
91 f->dst.addr_data32[0] = in.s_addr;
105 if (remove(name) != 0) {
106 if (errno != ENOENT) {
107 printf(
"failed remove, errno=%d\n", errno);
111 FILE *fd = fopen(name,
"wb");
113 printf(
"failed open, errno=%d\n", errno);
116 if (fwrite (data, 1, size, fd) != size) {
137 if (inet_pton(AF_INET,
str, &in) != 1) {
138 printf(
"invalid IPv6 address %s\n",
str);
141 return (uint32_t)in.s_addr;
159 uint8_t ipproto,
const char *
src,
const char *
dst,
160 uint16_t sport, uint16_t dport)
180 p->
ip6h->s_ip6_nxt = ipproto;
183 if (inet_pton(AF_INET6,
src, &in) != 1)
185 p->
src.addr_data32[0] = in[0];
186 p->
src.addr_data32[1] = in[1];
187 p->
src.addr_data32[2] = in[2];
188 p->
src.addr_data32[3] = in[3];
190 p->
ip6h->s_ip6_src[0] = in[0];
191 p->
ip6h->s_ip6_src[1] = in[1];
192 p->
ip6h->s_ip6_src[2] = in[2];
193 p->
ip6h->s_ip6_src[3] = in[3];
195 if (inet_pton(AF_INET6,
dst, &in) != 1)
197 p->
dst.addr_data32[0] = in[0];
198 p->
dst.addr_data32[1] = in[1];
199 p->
dst.addr_data32[2] = in[2];
200 p->
dst.addr_data32[3] = in[3];
202 p->
ip6h->s_ip6_dst[0] = in[0];
203 p->
ip6h->s_ip6_dst[1] = in[1];
204 p->
ip6h->s_ip6_dst[2] = in[2];
205 p->
ip6h->s_ip6_dst[3] = in[3];
210 memset(p->
tcph, 0,
sizeof(TCPHdr));
211 p->
tcph->th_sport = htons(sport);
212 p->
tcph->th_dport = htons(dport);
219 if (p->
ip6h != NULL) {
222 if (p->
tcph != NULL) {
245 uint8_t ipproto,
const char *
src,
const char *
dst,
246 uint16_t sport, uint16_t dport)
256 p->src.family = AF_INET;
257 p->dst.family = AF_INET;
258 p->payload = payload;
262 if (inet_pton(AF_INET,
src, &in) != 1)
264 p->src.addr_data32[0] = in.s_addr;
267 if (inet_pton(AF_INET,
dst, &in) != 1)
269 p->dst.addr_data32[0] = in.s_addr;
276 p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
277 p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
278 p->ip4h->ip_proto = ipproto;
279 p->ip4h->ip_verhl =
sizeof(
IPV4Hdr);
282 int hdr_offset =
sizeof(
IPV4Hdr);
289 p->udph->uh_sport = sport;
290 p->udph->uh_dport = dport;
291 hdr_offset +=
sizeof(UDPHdr);
298 p->tcph->th_sport = htons(sport);
299 p->tcph->th_dport = htons(dport);
300 hdr_offset +=
sizeof(TCPHdr);
304 if (p->icmpv4h == NULL)
307 hdr_offset +=
sizeof(ICMPV4Hdr);
341 "192.168.1.5",
"192.168.1.1",
360 if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
361 SCLogError(
"The arrays cant be null, and the number"
362 " of packets should be grater thatn zero");
371 memset(&th_v, 0,
sizeof(th_v));
374 for (; i < numpkts; i++) {
402 memset(&th_v, 0,
sizeof(th_v));
419 uint8_t ipproto,
const char *
src,
const char *
dst)
437 uint8_t ipproto,
const char *
src,
const char *
dst)
455 uint8_t ipproto, uint16_t sport, uint16_t dport)
458 "192.168.1.5",
"192.168.1.1",
474 for (; i < numpkts; i++) {
489 #if 0 // VJ we now use one buffer
534 uint8_t *data, uint32_t data_len)
541 StreamingBufferSegment seg;
608 if (pkt == NULL || sigs == NULL || numpkts == 0
609 || sids == NULL ||
results == NULL || numsigs == 0) {
610 SCLogError(
"Arguments invalid, that the pointer/arrays are not NULL, and the number of "
611 "signatures and packets is > 0");
646 if (p == NULL || sids == NULL) {
648 "packet is NULL, and if the array contain sids is set");
654 for (; i < numsigs; i++) {
657 SCLogInfo(
"Sid %" PRIu32
" matched %" PRIu32
" times, and not %" PRIu32
" as expected",
661 SCLogInfo(
"Sid %" PRIu32
" matched %" PRIu32
" times, as expected", sids[i], r);
683 for (
int i = 0; i < numsigs; i++) {
684 if (sigs[i] == NULL) {
722 memset(&th_v, 0,
sizeof(th_v));
727 for (
int i = 0; i < num_packets; i++) {
760 memset(&th_v, 0,
sizeof(th_v));
767 for (
int i = 0; i < num_packets; i++)
800 memset(&th_v, 0,
sizeof(th_v));
804 printf(
"de_ctx == NULL: ");
813 printf(
"signature == NULL: ");
822 printf(
"signature didn't alert: ");
853 memset(&th_v, 0,
sizeof(th_v));
895 memset(&fls, 0,
sizeof(fls));
898 uint8_t payload[] =
"Payload";
899 for (; i < end; i++) {
902 p->
src.addr_data32[0] = i;
903 p->
dst.addr_data32[0] = i + 1;
905 p->
src.addr_data32[0] = i + 1;
906 p->
dst.addr_data32[0] = i;
909 if (p->
flow != NULL) {
952 static int CheckUTHTestPacket(
Packet *p, uint8_t ipproto)
954 uint16_t sport = 41424;
956 uint8_t payload[] =
"Payload";
958 uint8_t
len =
sizeof(payload);
966 if (strncmp((
char *)payload, (
char *)p->
payload,
len) != 0)
973 if (p->
proto != ipproto)
980 if (p->
udph->uh_sport != sport)
982 if (p->
udph->uh_dport != dport)
999 void *
UTHmemsearch(
const void *big,
size_t big_len,
const void *little,
size_t little_len) {
1000 return memmem(big, big_len, little, little_len);
1004 void *
UTHmemsearch(
const void *big,
size_t big_len,
const void *little,
size_t little_len) {
1005 return BasicSearch(big, big_len, little, little_len);
1007 #endif //HAVE_MEMMEM
1012 static int UTHBuildPacketRealTest01(
void)
1014 uint8_t payload[] =
"Payload";
1017 "192.168.1.5",
"192.168.1.1", 41424, 80);
1019 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1028 static int UTHBuildPacketRealTest02(
void)
1030 uint8_t payload[] =
"Payload";
1033 "192.168.1.5",
"192.168.1.1", 41424, 80);
1035 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1043 static int UTHBuildPacketTest01(
void)
1045 uint8_t payload[] =
"Payload";
1049 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1058 static int UTHBuildPacketTest02(
void)
1060 uint8_t payload[] =
"Payload";
1064 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1073 static int UTHBuildPacketOfFlowsTest01(
void)
1095 static int UTHBuildPacketSrcDstTest01(
void)
1097 uint8_t payload[] =
"Payload";
1100 "192.168.1.5",
"192.168.1.1");
1102 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1111 static int UTHBuildPacketSrcDstTest02(
void)
1113 uint8_t payload[] =
"Payload";
1116 "192.168.1.5",
"192.168.1.1");
1118 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1127 static int UTHBuildPacketSrcDstPortsTest01(
void)
1129 uint8_t payload[] =
"Payload";
1134 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1143 static int UTHBuildPacketSrcDstPortsTest02(
void)
1145 uint8_t payload[] =
"Payload";
1150 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1161 UtRegisterTest(
"UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1162 UtRegisterTest(
"UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1165 UtRegisterTest(
"UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1166 UtRegisterTest(
"UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1168 UTHBuildPacketSrcDstPortsTest01);
1170 UTHBuildPacketSrcDstPortsTest02);
1171 UtRegisterTest(
"UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
FlowQueuePrivate work_queue
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
uint32_t FlowSpareGetPoolSize(void)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
struct DetectRfbSecresult_ results[]
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
main detection engine ctx
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
StreamingBufferConfig sbcnf
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsigs)
UTHCheckPacketMatches: function to check if a packet match some sids.
int UTHPacketMatchSig(Packet *p, const char *sig)
int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
void FlowHandlePacket(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
Entry point for packet flow handling.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
TcpStreamCnf stream_config
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
#define FLOWLOCK_UNLOCK(fb)
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
void UTHAssignFlow(Packet *p, Flow *f)
void FlowInitConfig(bool quiet)
initialize the configuration
#define SET_PKT_LEN(p, len)
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
#define FLOW_INITIALIZE(f)
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
void UTHRegisterTests(void)
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Per thread variable structure.
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Flow * FlowQueuePrivateGetFromTop(FlowQueuePrivate *fqc)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
#define STREAMING_BUFFER_INITIALIZER
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
void UTHFreeFlow(Flow *flow)
FlowQueuePrivate spare_queue
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
void FlowFree(Flow *f)
cleanup & free the memory of a flow
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
void FlowShutdown(void)
shutdown the flow engine
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
#define SCLogError(...)
Macro used to log ERROR messages.
Structure to hold thread specific data for all decode modules.
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
DetectEngineCtx * DetectEngineCtxInit(void)
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
int UTHRemoveSessionFromFlow(Flow *f)
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.