suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 #include "flow-spare-pool.h"
34 
35 #include "detect.h"
36 #include "detect-parse.h"
37 #include "detect-engine.h"
38 #include "detect-engine-sigorder.h"
39 #include "detect-engine-build.h"
40 
41 #include "stream-tcp.h"
42 #include "stream-tcp-private.h"
43 
44 #include "util-debug.h"
45 #include "util-time.h"
46 #include "util-error.h"
47 #include "util-unittest.h"
48 #include "util-unittest-helper.h"
49 
50 #if defined(UNITTESTS) || defined(FUZZ)
51 Flow *TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
52 {
53  struct in_addr in;
54 
55  Flow *f = SCMalloc(sizeof(Flow));
56  if (unlikely(f == NULL)) {
57  printf("FlowAlloc failed\n");
58  ;
59  return NULL;
60  }
61  memset(f, 0x00, sizeof(Flow));
62 
63  FLOW_INITIALIZE(f);
64 
65  if (family == AF_INET) {
66  f->flags |= FLOW_IPV4;
67  } else if (family == AF_INET6) {
68  f->flags |= FLOW_IPV6;
69  }
70 
71  if (src != NULL) {
72  if (family == AF_INET) {
73  if (inet_pton(AF_INET, src, &in) != 1) {
74  printf("invalid address %s\n", src);
75  SCFree(f);
76  return NULL;
77  }
78  f->src.addr_data32[0] = in.s_addr;
79  } else {
80  BUG_ON(1);
81  }
82  }
83  if (dst != NULL) {
84  if (family == AF_INET) {
85  if (inet_pton(AF_INET, dst, &in) != 1) {
86  printf("invalid address %s\n", dst);
87  SCFree(f);
88  return NULL;
89  }
90  f->dst.addr_data32[0] = in.s_addr;
91  } else {
92  BUG_ON(1);
93  }
94  }
95 
96  f->sp = sp;
97  f->dp = dp;
98 
99  return f;
100 }
101 /** \brief writes the contents of a buffer into a file */
102 int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
103 {
104  if (remove(name) != 0) {
105  if (errno != ENOENT) {
106  printf("failed remove, errno=%d\n", errno);
107  return -1;
108  }
109  }
110  FILE *fd = fopen(name, "wb");
111  if (fd == NULL) {
112  printf("failed open, errno=%d\n", errno);
113  return -2;
114  }
115  if (fwrite (data, 1, size, fd) != size) {
116  fclose(fd);
117  return -3;
118  }
119  fclose(fd);
120  return 0;
121 }
122 
123 #endif
124 #ifdef UNITTESTS
125 
126 /**
127  * \brief return the uint32_t for a ipv4 address string
128  *
129  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
130  *
131  * \retval uint the uin32_t representation
132  */
133 uint32_t UTHSetIPv4Address(const char *str)
134 {
135  struct in_addr in;
136  if (inet_pton(AF_INET, str, &in) != 1) {
137  printf("invalid IPv6 address %s\n", str);
138  exit(EXIT_FAILURE);
139  }
140  return (uint32_t)in.s_addr;
141 }
142 
143 /**
144  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
145  * specifying ip and port sources and destinations (IPV6)
146  *
147  * \param payload pointer to the payloadd buffer
148  * \param payload_len pointer to the length of the payload
149  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
150  * \param src pointer to a string containing the ip source
151  * \param dst pointer to a string containing the ip destination
152  * \param sport pointer to a string containing the port source
153  * \param dport pointer to a string containing the port destination
154  *
155  * \retval Packet pointer to the built in packet
156  */
157 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
158  uint8_t ipproto, const char *src, const char *dst,
159  uint16_t sport, uint16_t dport)
160 {
161  uint32_t in[4];
162 
163  Packet *p = PacketGetFromAlloc();
164  if (unlikely(p == NULL))
165  return NULL;
166 
167  TimeGet(&p->ts);
168 
169  p->src.family = AF_INET6;
170  p->dst.family = AF_INET6;
171  p->payload = payload;
173  p->proto = ipproto;
174 
175  p->ip6h = SCMalloc(sizeof(IPV6Hdr));
176  if (p->ip6h == NULL)
177  goto error;
178  memset(p->ip6h, 0, sizeof(IPV6Hdr));
179  p->ip6h->s_ip6_nxt = ipproto;
180  p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
181 
182  if (inet_pton(AF_INET6, src, &in) != 1)
183  goto error;
184  p->src.addr_data32[0] = in[0];
185  p->src.addr_data32[1] = in[1];
186  p->src.addr_data32[2] = in[2];
187  p->src.addr_data32[3] = in[3];
188  p->sp = sport;
189  p->ip6h->s_ip6_src[0] = in[0];
190  p->ip6h->s_ip6_src[1] = in[1];
191  p->ip6h->s_ip6_src[2] = in[2];
192  p->ip6h->s_ip6_src[3] = in[3];
193 
194  if (inet_pton(AF_INET6, dst, &in) != 1)
195  goto error;
196  p->dst.addr_data32[0] = in[0];
197  p->dst.addr_data32[1] = in[1];
198  p->dst.addr_data32[2] = in[2];
199  p->dst.addr_data32[3] = in[3];
200  p->dp = dport;
201  p->ip6h->s_ip6_dst[0] = in[0];
202  p->ip6h->s_ip6_dst[1] = in[1];
203  p->ip6h->s_ip6_dst[2] = in[2];
204  p->ip6h->s_ip6_dst[3] = in[3];
205 
206  p->tcph = SCMalloc(sizeof(TCPHdr));
207  if (p->tcph == NULL)
208  goto error;
209  memset(p->tcph, 0, sizeof(TCPHdr));
210  p->tcph->th_sport = htons(sport);
211  p->tcph->th_dport = htons(dport);
212 
213  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
214  return p;
215 
216 error:
217  if (p != NULL) {
218  if (p->ip6h != NULL) {
219  SCFree(p->ip6h);
220  }
221  if (p->tcph != NULL) {
222  SCFree(p->tcph);
223  }
224  SCFree(p);
225  }
226  return NULL;
227 }
228 
229 /**
230  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
231  * specifying ip and port sources and destinations
232  *
233  * \param payload pointer to the payloadd buffer
234  * \param payload_len pointer to the length of the payload
235  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
236  * \param src pointer to a string containing the ip source
237  * \param dst pointer to a string containing the ip destination
238  * \param sport pointer to a string containing the port source
239  * \param dport pointer to a string containing the port destination
240  *
241  * \retval Packet pointer to the built in packet
242  */
243 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
244  uint8_t ipproto, const char *src, const char *dst,
245  uint16_t sport, uint16_t dport)
246 {
247  struct in_addr in;
248 
249  Packet *p = PacketGetFromAlloc();
250  if (unlikely(p == NULL))
251  return NULL;
252 
253  struct timeval tv;
254  TimeGet(&tv);
255  COPY_TIMESTAMP(&tv, &p->ts);
256 
257  p->src.family = AF_INET;
258  p->dst.family = AF_INET;
259  p->payload = payload;
260  p->payload_len = payload_len;
261  p->proto = ipproto;
262 
263  if (inet_pton(AF_INET, src, &in) != 1)
264  goto error;
265  p->src.addr_data32[0] = in.s_addr;
266  p->sp = sport;
267 
268  if (inet_pton(AF_INET, dst, &in) != 1)
269  goto error;
270  p->dst.addr_data32[0] = in.s_addr;
271  p->dp = dport;
272 
273  p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
274  if (p->ip4h == NULL)
275  goto error;
276 
277  p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
278  p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
279  p->ip4h->ip_proto = ipproto;
280  p->ip4h->ip_verhl = sizeof(IPV4Hdr);
281  p->proto = ipproto;
282 
283  int hdr_offset = sizeof(IPV4Hdr);
284  switch (ipproto) {
285  case IPPROTO_UDP:
286  p->udph = (UDPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
287  if (p->udph == NULL)
288  goto error;
289 
290  p->udph->uh_sport = sport;
291  p->udph->uh_dport = dport;
292  hdr_offset += sizeof(UDPHdr);
293  break;
294  case IPPROTO_TCP:
295  p->tcph = (TCPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
296  if (p->tcph == NULL)
297  goto error;
298 
299  p->tcph->th_sport = htons(sport);
300  p->tcph->th_dport = htons(dport);
301  hdr_offset += sizeof(TCPHdr);
302  break;
303  case IPPROTO_ICMP:
304  p->icmpv4h = (ICMPV4Hdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
305  if (p->icmpv4h == NULL)
306  goto error;
307 
308  hdr_offset += sizeof(ICMPV4Hdr);
309  break;
310  default:
311  break;
312  /* TODO: Add more protocols */
313  }
314 
315  if (payload && payload_len) {
316  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
317  }
318  SET_PKT_LEN(p, hdr_offset + payload_len);
319  p->payload = GET_PKT_DATA(p)+hdr_offset;
320 
321  return p;
322 
323 error:
324  SCFree(p);
325  return NULL;
326 }
327 
328 /**
329  * \brief UTHBuildPacket is a wrapper that build packets with default ip
330  * and port fields
331  *
332  * \param payload pointer to the payloadd buffer
333  * \param payload_len pointer to the length of the payload
334  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
335  *
336  * \retval Packet pointer to the built in packet
337  */
338 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
339  uint8_t ipproto)
340 {
341  return UTHBuildPacketReal(payload, payload_len, ipproto,
342  "192.168.1.5", "192.168.1.1",
343  41424, 80);
344 }
345 
346 /**
347  * \brief UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of
348  * packets in ethernet rawbytes. Hint: It also share the flows.
349  *
350  * \param raw_eth pointer to the array of ethernet packets in rawbytes
351  * \param pktsize pointer to the array of sizes corresponding to each buffer pointed
352  * from pktsize.
353  * \param numpkts number of packets in the array
354  *
355  * \retval Packet pointer to the array of built in packets; NULL if something fail
356  */
357 Packet **UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
358 {
360  ThreadVars th_v;
361  if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
362  SCLogError(SC_ERR_INVALID_ARGUMENT, "The arrays cant be null, and the number"
363  " of packets should be grater thatn zero");
364  return NULL;
365  }
366  Packet **p = NULL;
367  p = SCMalloc(sizeof(Packet *) * numpkts);
368  if (unlikely(p == NULL))
369  return NULL;
370 
371  memset(&dtv, 0, sizeof(DecodeThreadVars));
372  memset(&th_v, 0, sizeof(th_v));
373 
374  int i = 0;
375  for (; i < numpkts; i++) {
376  p[i] = PacketGetFromAlloc();
377  if (p[i] == NULL) {
378  SCFree(p);
379  return NULL;
380  }
381  DecodeEthernet(&th_v, &dtv, p[i], raw_eth[i], pktsize[i]);
382  }
383  return p;
384 }
385 
386 /**
387  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
388  *
389  * \param raw_eth pointer to the rawbytes containing an ethernet packet
390  * (and any other headers inside)
391  * \param pktsize pointer to the length of the payload
392  *
393  * \retval Packet pointer to the built in packet; NULL if something fail
394  */
395 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
396 {
398  ThreadVars th_v;
399  Packet *p = PacketGetFromAlloc();
400  if (unlikely(p == NULL))
401  return NULL;
402  memset(&dtv, 0, sizeof(DecodeThreadVars));
403  memset(&th_v, 0, sizeof(th_v));
404 
405  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize);
406  return p;
407 }
408 
409 /**
410  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
411  * and defaulting ports
412  *
413  * \param payload pointer to the payloadd buffer
414  * \param payload_len pointer to the length of the payload
415  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
416  *
417  * \retval Packet pointer to the built in packet
418  */
419 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
420  uint8_t ipproto, const char *src, const char *dst)
421 {
422  return UTHBuildPacketReal(payload, payload_len, ipproto,
423  src, dst,
424  41424, 80);
425 }
426 
427 /**
428  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
429  * and defaulting ports (IPV6)
430  *
431  * \param payload pointer to the payload buffer
432  * \param payload_len pointer to the length of the payload
433  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
434  *
435  * \retval Packet pointer to the built in packet
436  */
437 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
438  uint8_t ipproto, const char *src, const char *dst)
439 {
440  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
441  src, dst,
442  41424, 80);
443 }
444 
445 /**
446  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
447  * src and dst ports and defaulting IPs
448  *
449  * \param payload pointer to the payloadd buffer
450  * \param payload_len pointer to the length of the payload
451  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
452  *
453  * \retval Packet pointer to the built in packet
454  */
455 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
456  uint8_t ipproto, uint16_t sport, uint16_t dport)
457 {
458  return UTHBuildPacketReal(payload, payload_len, ipproto,
459  "192.168.1.5", "192.168.1.1",
460  sport, dport);
461 }
462 
463 /**
464  * \brief UTHFreePackets: function to release the allocated data
465  * from UTHBuildPacket and the packet itself
466  *
467  * \param p pointer to the Packet
468  */
469 void UTHFreePackets(Packet **p, int numpkts)
470 {
471  if (p == NULL)
472  return;
473 
474  int i = 0;
475  for (; i < numpkts; i++) {
476  UTHFreePacket(p[i]);
477  }
478 }
479 
480 /**
481  * \brief UTHFreePacket: function to release the allocated data
482  * from UTHBuildPacket and the packet itself
483  *
484  * \param p pointer to the Packet
485  */
487 {
488  if (p == NULL)
489  return;
490 #if 0 // VJ we now use one buffer
491  switch (p->proto) {
492  case IPPROTO_UDP:
493  if (p->udph != NULL)
494  SCFree(p->udph);
495  if (p->ip4h != NULL)
496  SCFree(p->ip4h);
497  break;
498  case IPPROTO_TCP:
499  if (p->tcph != NULL)
500  SCFree(p->tcph);
501  if (p->ip4h != NULL)
502  SCFree(p->ip4h);
503  break;
504  case IPPROTO_ICMP:
505  if (p->ip4h != NULL)
506  SCFree(p->ip4h);
507  break;
508  /* TODO: Add more protocols */
509  }
510 #endif
511  SCFree(p);
512 }
513 
515 {
516  if (p && f) {
517  p->flow = f;
518  p->flags |= PKT_HAS_FLOW;
519  }
520 }
521 
522 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
523 {
524  return TestHelperBuildFlow(family, src, dst, sp, dp);
525 }
526 
527 void UTHFreeFlow(Flow *flow)
528 {
529  if (flow != NULL) {
530  SCFree(flow);//FlowFree(flow);
531  }
532 }
533 
534 int UTHAddStreamToFlow(Flow *f, int direction,
535  uint8_t *data, uint32_t data_len)
536 {
537  FAIL_IF_NULL(f);
538  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
540  TcpSession *ssn = f->protoctx;
541 
542  StreamingBufferSegment seg;
543  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
544  int r = StreamingBufferAppend(&stream->sb, &seg, data, data_len);
545  FAIL_IF_NOT(r == 0);
546  stream->last_ack += data_len;
547  return 1;
548 }
549 
551  uint32_t ts_isn,
552  uint32_t tc_isn)
553 {
554  FAIL_IF_NULL(f);
555 
556  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
557  FAIL_IF_NULL(ssn);
558 
560  ssn->client.sb = x;
561  ssn->server.sb = x;
562 
563  ssn->client.isn = ts_isn;
564  ssn->server.isn = tc_isn;
565 
566  f->protoctx = ssn;
567  return 1;
568 }
569 
571 {
572  FAIL_IF_NULL(f);
573  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
574  TcpSession *ssn = f->protoctx;
575  FAIL_IF_NULL(ssn);
577  SCFree(ssn);
578  f->protoctx = NULL;
579  return 1;
580 }
581 
582 /**
583  * \brief UTHGenericTest: function that perfom a generic check taking care of
584  * as maximum common unittest elements as possible.
585  * It will create a detection engine, append an array
586  * of signatures an check the spected results for each
587  * of them, it check matches for an array of packets
588  *
589  * \param pkt pointer to the array of packets
590  * \param numpkts number of packets to match
591  * \param sigs array of char* pointing to signatures to load
592  * \param numsigs number of signatures to load and check
593  * \param results pointer to arrays of numbers, each of them foreach packet
594  * to check if sids matches that packet as expected with
595  * that number of times or not. The size of results should be
596  * numpkts * numsigs * sizeof(uint16_t *)
597  *
598  * Example:
599  * result[1][3] would mean the number of times the pkt[1]
600  * match the sid[3]
601  *
602  * \retval int 1 if the match of all the sids is the specified has the
603  * specified results; 0 if not
604  */
605 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
606 {
607 
608  int result = 0;
609  if (pkt == NULL || sigs == NULL || numpkts == 0
610  || sids == NULL || results == NULL || numsigs == 0) {
611  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, that the pointer/arrays are not NULL, and the number of signatures and packets is > 0");
612  goto end;
613  }
615  if (de_ctx == NULL) {
616  goto end;
617  }
618  de_ctx->flags |= DE_QUIET;
619 
620  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
621  goto cleanup;
622 
623  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
624 
625 cleanup:
627 end:
628  return result;
629 }
630 
631 /**
632  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
633  *
634  *
635  * \param p pointer to the Packet
636  * \param sigs array of char* pointing to signatures to load
637  * \param numsigs number of signatures to load from the array
638  * \param results pointer to an array of numbers to check if sids matches
639  * that number of times or not.
640  *
641  * \retval int 1 if the match of all the sids is the specified has the
642  * specified results; 0 if not
643  */
644 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[],
645  uint32_t results[], int numsids)
646 {
647  if (p == NULL || sids == NULL) {
648  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if the "
649  "packet is NULL, and if the array contain sids is set");
650  return 0;
651  }
652 
653  int i = 0;
654  int res = 1;
655  for (; i < numsids; i++) {
656  uint32_t r = PacketAlertCheck(p, sids[i]);
657  if (r != results[i]) {
658  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, and not %" PRIu32 " as expected",
659  sids[i], r, results[i]);
660  res = 0;
661  } else {
662  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, as expected", sids[i], r);
663  }
664  }
665  return res;
666 }
667 
668 /**
669  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
670  *
671  * \param de_ctx pointer to the DetectEngineCtx used
672  * \param sigs array of char* pointing to signatures to load
673  * \param numsigs number of signatures to load from the array
674  * (size of the array)
675  *
676  * \retval int 0 if we have errors; 1 if all the signatures loaded succesfuly
677  */
678 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
679 {
680  BUG_ON(de_ctx == NULL);
681  BUG_ON(numsigs <= 0);
682  BUG_ON(sigs == NULL);
683 
684  for (int i = 0; i < numsigs; i++) {
685  if (sigs[i] == NULL) {
686  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature"
687  " at position %d", i);
688  return 0;
689  }
690  Signature *s = DetectEngineAppendSig(de_ctx, sigs[i]);
691  if (s == NULL) {
692  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature at"
693  " position %d (%s)", i, sigs[i]);
694  return 0;
695  }
696  }
697  return 1;
698 }
699 
700 /**
701  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
702  * of a de_ctx, checking that each signature match match X times for certain packets
703  *
704  * \param de_ctx pointer with the signatures loaded
705  * \param p pointer to the array of packets
706  * \param num_packets number of packets in the array
707  *
708  * \retval return 1 if all goes well
709  * \retval return 0 if something fail
710  */
711 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
712 {
713  BUG_ON(de_ctx == NULL);
714  BUG_ON(p == NULL);
715 
716  int result = 0;
718  ThreadVars th_v;
719  DetectEngineThreadCtx *det_ctx = NULL;
720  memset(&dtv, 0, sizeof(DecodeThreadVars));
721  memset(&th_v, 0, sizeof(th_v));
722 
724  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
725 
726  for (int i = 0; i < num_packets; i++) {
727  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
728  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
729  goto cleanup;
730  }
731 
732  result = 1;
733 cleanup:
734  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
735  return result;
736 }
737 
738 /**
739  * \test UTHMatchPackets Match a packet or a array of packets against sigs
740  * of a de_ctx, but note that the return value doesn't mean that we have a
741  * match, we have to check it later with PacketAlertCheck()
742  *
743  * \param de_ctx pointer with the signatures loaded
744  * \param p pointer to the array of packets
745  * \param num_packets number of packets in the array
746  *
747  * \retval return 1 if all goes well
748  * \retval return 0 if something fail
749  */
750 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
751 {
752  BUG_ON(de_ctx == NULL);
753  BUG_ON(p == NULL);
754  int result = 1;
756  ThreadVars th_v;
757  DetectEngineThreadCtx *det_ctx = NULL;
758  memset(&dtv, 0, sizeof(DecodeThreadVars));
759  memset(&th_v, 0, sizeof(th_v));
764  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
765 
766  for (int i = 0; i < num_packets; i++)
767  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
768 
769  /* Here we don't check if the packet matched or not, because
770  * the de_ctx can have multiple signatures, and some of them may match
771  * and others may not. That check will be outside
772  */
773  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
774  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
775  return result;
776 }
777 
778 /**
779  * \test Test if a packet match a signature given as string and a mpm_type
780  * Hint: Useful for unittests with only one packet and one signature
781  *
782  * \param sig pointer to the string signature to test
783  * \param sid sid number of the signature
784  *
785  * \retval return 1 if match
786  * \retval return 0 if not
787  */
788 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
789 {
790  SCEnter();
791 
792  int result = 0;
793 
795  ThreadVars th_v;
796  DetectEngineThreadCtx *det_ctx = NULL;
797 
798  memset(&dtv, 0, sizeof(DecodeThreadVars));
799  memset(&th_v, 0, sizeof(th_v));
800 
802  if (de_ctx == NULL) {
803  printf("de_ctx == NULL: ");
804  goto end;
805  }
806 
807  de_ctx->flags |= DE_QUIET;
808  de_ctx->mpm_matcher = mpm_type;
809 
810  de_ctx->sig_list = SigInit(de_ctx, sig);
811  if (de_ctx->sig_list == NULL) {
812  printf("signature == NULL: ");
813  goto end;
814  }
815 
817  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
818 
819  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
820  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
821  printf("signature didn't alert: ");
822  goto end;
823  }
824 
825  result = 1;
826 end:
827  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
829  SCReturnInt(result);
830 }
831 
832 /**
833  * \test Test if a packet match a signature given as string
834  * Hint: Useful for unittests with only one packet and one signature
835  *
836  * \param sig pointer to the string signature to test
837  * \param sid sid number of the signature
838  *
839  * \retval return 1 if match
840  * \retval return 0 if not
841  */
842 int UTHPacketMatchSig(Packet *p, const char *sig)
843 {
844  int result = 1;
845 
847 
848  ThreadVars th_v;
849  DetectEngineThreadCtx *det_ctx = NULL;
850 
851  memset(&dtv, 0, sizeof(DecodeThreadVars));
852  memset(&th_v, 0, sizeof(th_v));
853 
855  if (de_ctx == NULL) {
856  result=0;
857  goto end;
858  }
859 
860  de_ctx->flags |= DE_QUIET;
861 
862  de_ctx->sig_list = SigInit(de_ctx, sig);
863  if (de_ctx->sig_list == NULL) {
864  result = 0;
865  goto end;
866  }
867 
869  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
870 
871  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
872  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
873  result = 0;
874  goto end;
875  }
876 
877 end:
878  if (de_ctx) {
881  }
882 
883  if (det_ctx != NULL)
884  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
885  if (de_ctx != NULL)
887 
888  return result;
889 }
890 
891 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
892 {
893  FlowLookupStruct fls;
894  memset(&fls, 0, sizeof(fls));
895 
896  uint32_t i = start;
897  uint8_t payload[] = "Payload";
898  for (; i < end; i++) {
899  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
900  if (dir == 0) {
901  p->src.addr_data32[0] = i;
902  p->dst.addr_data32[0] = i + 1;
903  } else {
904  p->src.addr_data32[0] = i + 1;
905  p->dst.addr_data32[0] = i;
906  }
907  FlowHandlePacket(NULL, &fls, p);
908  if (p->flow != NULL) {
909  p->flow->use_cnt = 0;
910  FLOWLOCK_UNLOCK(p->flow);
911  }
912 
913  /* Now the queues shoul be updated */
914  UTHFreePacket(p);
915  }
916 
917  Flow *f;
918  while ((f = FlowQueuePrivateGetFromTop(&fls.spare_queue))) {
919  FlowFree(f);
920  }
921  while ((f = FlowQueuePrivateGetFromTop(&fls.work_queue))) {
922  FlowFree(f);
923  }
924 
925  return i;
926 }
927 
928 /** \brief parser a sig and see if the expected result is correct */
929 int UTHParseSignature(const char *str, bool expect)
930 {
933  de_ctx->flags |= DE_QUIET;
934 
936  if (expect)
937  FAIL_IF_NULL(s);
938  else
939  FAIL_IF_NOT_NULL(s);
940 
942  PASS;
943 }
944 
945 /*
946  * unittests for the unittest helpers
947  */
948 
949 /**
950  * \brief CheckUTHTestPacket wrapper to check packets for unittests
951  */
952 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
953 {
954  uint16_t sport = 41424;
955  uint16_t dport = 80;
956  uint8_t payload[] = "Payload";
957 
958  uint8_t len = sizeof(payload);
959 
960  if (p == NULL)
961  return 0;
962 
963  if (p->payload_len != len)
964  return 0;
965 
966  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
967  return 0;
968 
969  if (p->src.family != AF_INET)
970  return 0;
971  if (p->dst.family != AF_INET)
972  return 0;
973  if (p->proto != ipproto)
974  return 0;
975 
976  switch(ipproto) {
977  case IPPROTO_UDP:
978  if (p->udph == NULL)
979  return 0;
980  if (p->udph->uh_sport != sport)
981  return 0;
982  if (p->udph->uh_dport != dport)
983  return 0;
984  break;
985  case IPPROTO_TCP:
986  if (p->tcph == NULL)
987  return 0;
988  if (SCNtohs(p->tcph->th_sport) != sport)
989  return 0;
990  if (SCNtohs(p->tcph->th_dport) != dport)
991  return 0;
992  break;
993  }
994  return 1;
995 }
996 
997 #ifdef HAVE_MEMMEM
998 #include <string.h>
999 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1000  return memmem(big, big_len, little, little_len);
1001 }
1002 #else
1003 #include "util-spm-bs.h"
1004 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1005  return BasicSearch(big, big_len, little, little_len);
1006 }
1007 #endif //HAVE_MEMMEM
1008 
1009 /**
1010  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
1011  */
1012 static int UTHBuildPacketRealTest01(void)
1013 {
1014  uint8_t payload[] = "Payload";
1015 
1016  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
1017  "192.168.1.5", "192.168.1.1", 41424, 80);
1018 
1019  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1020  UTHFreePacket(p);
1021 
1022  return ret;
1023 }
1024 
1025 /**
1026  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
1027  */
1028 static int UTHBuildPacketRealTest02(void)
1029 {
1030  uint8_t payload[] = "Payload";
1031 
1032  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
1033  "192.168.1.5", "192.168.1.1", 41424, 80);
1034 
1035  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1036  UTHFreePacket(p);
1037  return ret;
1038 }
1039 
1040 /**
1041  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1042  */
1043 static int UTHBuildPacketTest01(void)
1044 {
1045  uint8_t payload[] = "Payload";
1046 
1047  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1048 
1049  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1050  UTHFreePacket(p);
1051 
1052  return ret;
1053 }
1054 
1055 /**
1056  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1057  */
1058 static int UTHBuildPacketTest02(void)
1059 {
1060  uint8_t payload[] = "Payload";
1061 
1062  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1063 
1064  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1065  UTHFreePacket(p);
1066 
1067  return ret;
1068 }
1069 
1070 /**
1071  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1072  */
1073 static int UTHBuildPacketOfFlowsTest01(void)
1074 {
1075  int result = 0;
1076 
1078  uint32_t flow_spare_q_len = FlowSpareGetPoolSize();
1079 
1080  UTHBuildPacketOfFlows(0, 100, 0);
1081 
1082  if (FlowSpareGetPoolSize() != flow_spare_q_len - 100)
1083  result = 0;
1084  else
1085  result = 1;
1086  FlowShutdown();
1087 
1088  return result;
1089 }
1090 
1091 
1092 /**
1093  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1094  */
1095 static int UTHBuildPacketSrcDstTest01(void)
1096 {
1097  uint8_t payload[] = "Payload";
1098 
1099  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1100  "192.168.1.5", "192.168.1.1");
1101 
1102  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1103  UTHFreePacket(p);
1104 
1105  return ret;
1106 }
1107 
1108 /**
1109  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1110  */
1111 static int UTHBuildPacketSrcDstTest02(void)
1112 {
1113  uint8_t payload[] = "Payload";
1114 
1115  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1116  "192.168.1.5", "192.168.1.1");
1117 
1118  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1119  UTHFreePacket(p);
1120 
1121  return ret;
1122 }
1123 
1124 /**
1125  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1126  */
1127 static int UTHBuildPacketSrcDstPortsTest01(void)
1128 {
1129  uint8_t payload[] = "Payload";
1130 
1131  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1132  41424, 80);
1133 
1134  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1135  UTHFreePacket(p);
1136 
1137  return ret;
1138 }
1139 
1140 /**
1141  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1142  */
1143 static int UTHBuildPacketSrcDstPortsTest02(void)
1144 {
1145  uint8_t payload[] = "Payload";
1146 
1147  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1148  41424, 80);
1149 
1150  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1151  UTHFreePacket(p);
1152 
1153  return ret;
1154 }
1155 
1156 #endif /* UNITTESTS */
1157 
1159 {
1160 #ifdef UNITTESTS
1161  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1162  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1163  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1164  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1165  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1166  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1167  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1168  UTHBuildPacketSrcDstPortsTest01);
1169  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1170  UTHBuildPacketSrcDstPortsTest02);
1171  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1172 
1173 #endif /* UNITTESTS */
1174 }
1175 
FlowLookupStruct_::work_queue
FlowQueuePrivate work_queue
Definition: flow.h:551
Packet_::proto
uint8_t proto
Definition: decode.h:456
UTHParseSignature
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Definition: util-unittest-helper.c:929
TcpStream_
Definition: stream-tcp-private.h:106
len
uint8_t len
Definition: app-layer-dnp3.h:2
UTHmemsearch
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
Definition: util-unittest-helper.c:1004
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:113
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1169
UTHAddStreamToFlow
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Definition: util-unittest-helper.c:534
FlowSpareGetPoolSize
uint32_t FlowSpareGetPoolSize(void)
Definition: flow-spare-pool.c:47
flow-util.h
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Flow_::proto
uint8_t proto
Definition: flow.h:375
Packet_::payload
uint8_t * payload
Definition: decode.h:574
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:142
Packet_::flags
uint32_t flags
Definition: decode.h:469
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:353
SigInit
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2116
results
struct DetectRfbSecresult_ results[]
UTHBuildPacketSrcDst
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
Definition: util-unittest-helper.c:419
UTHSetIPv4Address
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
Definition: util-unittest-helper.c:133
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
UTHPacketMatchSigMpm
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
Definition: util-unittest-helper.c:788
TcpStreamCnf_::sbcnf
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:72
FlowLookupStruct_
Definition: flow.h:547
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2445
PacketCopyDataOffset
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:256
Flow_::use_cnt
FlowRefCount use_cnt
Definition: flow.h:383
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:809
DE_QUIET
#define DE_QUIET
Definition: detect.h:288
UTHPacketMatchSig
int UTHPacketMatchSig(Packet *p, const char *sig)
Definition: util-unittest-helper.c:842
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:508
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:338
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1785
UTHBuildPacketSrcDstPorts
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
Definition: util-unittest-helper.c:455
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:45
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:113
util-spm-bs.h
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:243
Flow_::protoctx
void * protoctx
Definition: flow.h:451
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:96
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:575
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
UTHBuildPacketArrayFromEth
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
Definition: util-unittest-helper.c:357
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:268
UTHBuildPacketOfFlows
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
Definition: util-unittest-helper.c:891
IPV4Hdr
struct IPV4Hdr_ IPV4Hdr
UTHAssignFlow
void UTHAssignFlow(Packet *p, Flow *f)
Definition: util-unittest-helper.c:514
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:115
flow-spare-pool.h
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:524
SET_PKT_LEN
#define SET_PKT_LEN(p, len)
Definition: decode.h:231
UTHMatchPackets
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Definition: util-unittest-helper.c:750
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:522
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:38
UTHBuildPacketIPV6Real
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:157
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
UTHMatchPacketsWithResults
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
Definition: util-unittest-helper.c:711
DetectEngineThreadCtx_
Definition: detect.h:1034
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:729
UTHRegisterTests
void UTHRegisterTests(void)
Definition: util-unittest-helper.c:1158
UTHAddSessionToFlow
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Definition: util-unittest-helper.c:550
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
SCEnter
#define SCEnter(...)
Definition: util-debug.h:298
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:227
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:56
UTHCheckPacketMatchResults
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsids)
UTHCheckPacketMatches: function to check if a packet match some sids.
Definition: util-unittest-helper.c:644
Packet_::sp
Port sp
Definition: decode.h:441
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:789
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:835
TestHelperBufferToFile
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Definition: util-unittest-helper.c:102
util-time.h
FlowQueuePrivateGetFromTop
Flow * FlowQueuePrivateGetFromTop(FlowQueuePrivate *fqc)
Definition: flow-queue.c:151
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2021
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:48
IPV6Hdr_
Definition: decode-ipv6.h:32
Packet_
Definition: decode.h:434
detect-engine-build.h
stream-tcp-private.h
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:532
Port
uint16_t Port
Definition: decode.h:237
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:215
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1953
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:32
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:527
StreamingBuffer_
Definition: util-streaming-buffer.h:93
IPV4Hdr_
Definition: decode-ipv4.h:72
FlowLookupStruct_::spare_queue
FlowQueuePrivate spare_queue
Definition: flow.h:549
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2421
Packet_::flow
struct Flow_ * flow
Definition: decode.h:471
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3154
Packet_::ts
struct timeval ts
Definition: decode.h:477
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:395
suricata-common.h
FlowFree
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:81
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3368
FLOW_IPV6
#define FLOW_IPV6
Definition: flow.h:98
UTHBuildPacketIPV6SrcDst
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
Definition: util-unittest-helper.c:437
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:554
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:671
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:134
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:255
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:791
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:284
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:31
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
Definition: util-unittest-helper.c:605
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:176
detect-engine-sigorder.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:283
str
#define str(s)
Definition: suricata-common.h:272
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:664
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:486
Signature_::id
uint32_t id
Definition: detect.h:574
STREAMING_BUFFER_INITIALIZER
#define STREAMING_BUFFER_INITIALIZER(cfg)
Definition: util-streaming-buffer.h:110
StreamTcpSessionCleanup
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:209
detect-parse.h
src
uint16_t src
Definition: app-layer-dnp3.h:5
Signature_
Signature container.
Definition: detect.h:540
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
UTHBuildPacketFromEth
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
Definition: util-unittest-helper.c:395
TimeGet
void TimeGet(struct timeval *tv)
Definition: util-time.c:155
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2406
Packet_::udph
UDPHdr * udph
Definition: decode.h:556
Address_::family
char family
Definition: decode.h:114
Packet_::dst
Address dst
Definition: decode.h:439
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:40
COPY_TIMESTAMP
#define COPY_TIMESTAMP(src, dst)
Definition: flow-util.h:29
TestHelperBuildFlow
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:51
StreamingBufferAppend
int StreamingBufferAppend(StreamingBuffer *sb, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
Definition: util-streaming-buffer.c:569
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:786
UTHAppendSigs
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
Definition: util-unittest-helper.c:678
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:534
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
UTHRemoveSessionFromFlow
int UTHRemoveSessionFromFlow(Flow *f)
Definition: util-unittest-helper.c:570
TcpSession_
Definition: stream-tcp-private.h:271
Packet_::dp
Port dp
Definition: decode.h:449
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:302
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
Packet_::src
Address src
Definition: decode.h:438
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:469