suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 
34 #include "detect.h"
35 #include "detect-parse.h"
36 #include "detect-engine.h"
37 #include "detect-engine-sigorder.h"
38 
39 #include "stream-tcp.h"
40 #include "stream-tcp-private.h"
41 
42 #include "util-debug.h"
43 #include "util-time.h"
44 #include "util-error.h"
45 #include "util-unittest.h"
46 #include "util-unittest-helper.h"
47 
48 #if defined(UNITTESTS) || defined(FUZZ)
49 Flow *TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
50 {
51  struct in_addr in;
52 
53  Flow *f = SCMalloc(sizeof(Flow));
54  if (unlikely(f == NULL)) {
55  printf("FlowAlloc failed\n");
56  ;
57  return NULL;
58  }
59  memset(f, 0x00, sizeof(Flow));
60 
61  FLOW_INITIALIZE(f);
62 
63  if (family == AF_INET) {
64  f->flags |= FLOW_IPV4;
65  } else if (family == AF_INET6) {
66  f->flags |= FLOW_IPV6;
67  }
68 
69  if (src != NULL) {
70  if (family == AF_INET) {
71  if (inet_pton(AF_INET, src, &in) != 1) {
72  printf("invalid address %s\n", src);
73  SCFree(f);
74  return NULL;
75  }
76  f->src.addr_data32[0] = in.s_addr;
77  } else {
78  BUG_ON(1);
79  }
80  }
81  if (dst != NULL) {
82  if (family == AF_INET) {
83  if (inet_pton(AF_INET, dst, &in) != 1) {
84  printf("invalid address %s\n", dst);
85  SCFree(f);
86  return NULL;
87  }
88  f->dst.addr_data32[0] = in.s_addr;
89  } else {
90  BUG_ON(1);
91  }
92  }
93 
94  f->sp = sp;
95  f->dp = dp;
96 
97  return f;
98 }
99 /** \brief writes the contents of a buffer into a file */
100 int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
101 {
102  if (remove(name) != 0) {
103  if (errno != ENOENT) {
104  printf("failed remove, errno=%d\n", errno);
105  return -1;
106  }
107  }
108  FILE *fd = fopen(name, "wb");
109  if (fd == NULL) {
110  printf("failed open, errno=%d\n", errno);
111  return -2;
112  }
113  if (fwrite (data, 1, size, fd) != size) {
114  fclose(fd);
115  return -3;
116  }
117  fclose(fd);
118  return 0;
119 }
120 
121 #endif
122 #ifdef UNITTESTS
123 
124 /**
125  * \brief return the uint32_t for a ipv4 address string
126  *
127  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
128  *
129  * \retval uint the uin32_t representation
130  */
131 uint32_t UTHSetIPv4Address(const char *str)
132 {
133  struct in_addr in;
134  if (inet_pton(AF_INET, str, &in) != 1) {
135  printf("invalid IPv6 address %s\n", str);
136  exit(EXIT_FAILURE);
137  }
138  return (uint32_t)in.s_addr;
139 }
140 
141 /**
142  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
143  * specifying ip and port sources and destinations (IPV6)
144  *
145  * \param payload pointer to the payloadd buffer
146  * \param payload_len pointer to the length of the payload
147  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
148  * \param src pointer to a string containing the ip source
149  * \param dst pointer to a string containing the ip destination
150  * \param sport pointer to a string containing the port source
151  * \param dport pointer to a string containing the port destination
152  *
153  * \retval Packet pointer to the built in packet
154  */
155 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
156  uint8_t ipproto, const char *src, const char *dst,
157  uint16_t sport, uint16_t dport)
158 {
159  uint32_t in[4];
160 
161  Packet *p = PacketGetFromAlloc();
162  if (unlikely(p == NULL))
163  return NULL;
164 
165  TimeGet(&p->ts);
166 
167  p->src.family = AF_INET6;
168  p->dst.family = AF_INET6;
169  p->payload = payload;
171  p->proto = ipproto;
172 
173  p->ip6h = SCMalloc(sizeof(IPV6Hdr));
174  if (p->ip6h == NULL)
175  goto error;
176  memset(p->ip6h, 0, sizeof(IPV6Hdr));
177  p->ip6h->s_ip6_nxt = ipproto;
178  p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
179 
180  if (inet_pton(AF_INET6, src, &in) != 1)
181  goto error;
182  p->src.addr_data32[0] = in[0];
183  p->src.addr_data32[1] = in[1];
184  p->src.addr_data32[2] = in[2];
185  p->src.addr_data32[3] = in[3];
186  p->sp = sport;
187  p->ip6h->s_ip6_src[0] = in[0];
188  p->ip6h->s_ip6_src[1] = in[1];
189  p->ip6h->s_ip6_src[2] = in[2];
190  p->ip6h->s_ip6_src[3] = in[3];
191 
192  if (inet_pton(AF_INET6, dst, &in) != 1)
193  goto error;
194  p->dst.addr_data32[0] = in[0];
195  p->dst.addr_data32[1] = in[1];
196  p->dst.addr_data32[2] = in[2];
197  p->dst.addr_data32[3] = in[3];
198  p->dp = dport;
199  p->ip6h->s_ip6_dst[0] = in[0];
200  p->ip6h->s_ip6_dst[1] = in[1];
201  p->ip6h->s_ip6_dst[2] = in[2];
202  p->ip6h->s_ip6_dst[3] = in[3];
203 
204  p->tcph = SCMalloc(sizeof(TCPHdr));
205  if (p->tcph == NULL)
206  goto error;
207  memset(p->tcph, 0, sizeof(TCPHdr));
208  p->tcph->th_sport = htons(sport);
209  p->tcph->th_dport = htons(dport);
210 
211  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
212  return p;
213 
214 error:
215  if (p != NULL) {
216  if (p->ip6h != NULL) {
217  SCFree(p->ip6h);
218  }
219  if (p->tcph != NULL) {
220  SCFree(p->tcph);
221  }
222  SCFree(p);
223  }
224  return NULL;
225 }
226 
227 /**
228  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
229  * specifying ip and port sources and destinations
230  *
231  * \param payload pointer to the payloadd buffer
232  * \param payload_len pointer to the length of the payload
233  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
234  * \param src pointer to a string containing the ip source
235  * \param dst pointer to a string containing the ip destination
236  * \param sport pointer to a string containing the port source
237  * \param dport pointer to a string containing the port destination
238  *
239  * \retval Packet pointer to the built in packet
240  */
241 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
242  uint8_t ipproto, const char *src, const char *dst,
243  uint16_t sport, uint16_t dport)
244 {
245  struct in_addr in;
246 
247  Packet *p = PacketGetFromAlloc();
248  if (unlikely(p == NULL))
249  return NULL;
250 
251  struct timeval tv;
252  TimeGet(&tv);
253  COPY_TIMESTAMP(&tv, &p->ts);
254 
255  p->src.family = AF_INET;
256  p->dst.family = AF_INET;
257  p->payload = payload;
258  p->payload_len = payload_len;
259  p->proto = ipproto;
260 
261  if (inet_pton(AF_INET, src, &in) != 1)
262  goto error;
263  p->src.addr_data32[0] = in.s_addr;
264  p->sp = sport;
265 
266  if (inet_pton(AF_INET, dst, &in) != 1)
267  goto error;
268  p->dst.addr_data32[0] = in.s_addr;
269  p->dp = dport;
270 
271  p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
272  if (p->ip4h == NULL)
273  goto error;
274 
275  p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
276  p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
277  p->ip4h->ip_proto = ipproto;
278  p->ip4h->ip_verhl = sizeof(IPV4Hdr);
279  p->proto = ipproto;
280 
281  int hdr_offset = sizeof(IPV4Hdr);
282  switch (ipproto) {
283  case IPPROTO_UDP:
284  p->udph = (UDPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
285  if (p->udph == NULL)
286  goto error;
287 
288  p->udph->uh_sport = sport;
289  p->udph->uh_dport = dport;
290  hdr_offset += sizeof(UDPHdr);
291  break;
292  case IPPROTO_TCP:
293  p->tcph = (TCPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
294  if (p->tcph == NULL)
295  goto error;
296 
297  p->tcph->th_sport = htons(sport);
298  p->tcph->th_dport = htons(dport);
299  hdr_offset += sizeof(TCPHdr);
300  break;
301  case IPPROTO_ICMP:
302  p->icmpv4h = (ICMPV4Hdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
303  if (p->icmpv4h == NULL)
304  goto error;
305 
306  hdr_offset += sizeof(ICMPV4Hdr);
307  break;
308  default:
309  break;
310  /* TODO: Add more protocols */
311  }
312 
313  if (payload && payload_len) {
314  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
315  }
316  SET_PKT_LEN(p, hdr_offset + payload_len);
317  p->payload = GET_PKT_DATA(p)+hdr_offset;
318 
319  return p;
320 
321 error:
322  SCFree(p);
323  return NULL;
324 }
325 
326 /**
327  * \brief UTHBuildPacket is a wrapper that build packets with default ip
328  * and port fields
329  *
330  * \param payload pointer to the payloadd buffer
331  * \param payload_len pointer to the length of the payload
332  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
333  *
334  * \retval Packet pointer to the built in packet
335  */
336 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
337  uint8_t ipproto)
338 {
339  return UTHBuildPacketReal(payload, payload_len, ipproto,
340  "192.168.1.5", "192.168.1.1",
341  41424, 80);
342 }
343 
344 /**
345  * \brief UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of
346  * packets in ethernet rawbytes. Hint: It also share the flows.
347  *
348  * \param raw_eth pointer to the array of ethernet packets in rawbytes
349  * \param pktsize pointer to the array of sizes corresponding to each buffer pointed
350  * from pktsize.
351  * \param numpkts number of packets in the array
352  *
353  * \retval Packet pointer to the array of built in packets; NULL if something fail
354  */
355 Packet **UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
356 {
358  ThreadVars th_v;
359  if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
360  SCLogError(SC_ERR_INVALID_ARGUMENT, "The arrays cant be null, and the number"
361  " of packets should be grater thatn zero");
362  return NULL;
363  }
364  Packet **p = NULL;
365  p = SCMalloc(sizeof(Packet *) * numpkts);
366  if (unlikely(p == NULL))
367  return NULL;
368 
369  memset(&dtv, 0, sizeof(DecodeThreadVars));
370  memset(&th_v, 0, sizeof(th_v));
371 
372  int i = 0;
373  for (; i < numpkts; i++) {
374  p[i] = PacketGetFromAlloc();
375  if (p[i] == NULL) {
376  SCFree(p);
377  return NULL;
378  }
379  DecodeEthernet(&th_v, &dtv, p[i], raw_eth[i], pktsize[i]);
380  }
381  return p;
382 }
383 
384 /**
385  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
386  *
387  * \param raw_eth pointer to the rawbytes containing an ethernet packet
388  * (and any other headers inside)
389  * \param pktsize pointer to the length of the payload
390  *
391  * \retval Packet pointer to the built in packet; NULL if something fail
392  */
393 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
394 {
396  ThreadVars th_v;
397  Packet *p = PacketGetFromAlloc();
398  if (unlikely(p == NULL))
399  return NULL;
400  memset(&dtv, 0, sizeof(DecodeThreadVars));
401  memset(&th_v, 0, sizeof(th_v));
402 
403  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize);
404  return p;
405 }
406 
407 /**
408  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
409  * and defaulting ports
410  *
411  * \param payload pointer to the payloadd buffer
412  * \param payload_len pointer to the length of the payload
413  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
414  *
415  * \retval Packet pointer to the built in packet
416  */
417 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
418  uint8_t ipproto, const char *src, const char *dst)
419 {
420  return UTHBuildPacketReal(payload, payload_len, ipproto,
421  src, dst,
422  41424, 80);
423 }
424 
425 /**
426  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
427  * and defaulting ports (IPV6)
428  *
429  * \param payload pointer to the payload buffer
430  * \param payload_len pointer to the length of the payload
431  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
432  *
433  * \retval Packet pointer to the built in packet
434  */
435 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
436  uint8_t ipproto, const char *src, const char *dst)
437 {
438  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
439  src, dst,
440  41424, 80);
441 }
442 
443 /**
444  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
445  * src and dst ports and defaulting IPs
446  *
447  * \param payload pointer to the payloadd buffer
448  * \param payload_len pointer to the length of the payload
449  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
450  *
451  * \retval Packet pointer to the built in packet
452  */
453 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
454  uint8_t ipproto, uint16_t sport, uint16_t dport)
455 {
456  return UTHBuildPacketReal(payload, payload_len, ipproto,
457  "192.168.1.5", "192.168.1.1",
458  sport, dport);
459 }
460 
461 /**
462  * \brief UTHFreePackets: function to release the allocated data
463  * from UTHBuildPacket and the packet itself
464  *
465  * \param p pointer to the Packet
466  */
467 void UTHFreePackets(Packet **p, int numpkts)
468 {
469  if (p == NULL)
470  return;
471 
472  int i = 0;
473  for (; i < numpkts; i++) {
474  UTHFreePacket(p[i]);
475  }
476 }
477 
478 /**
479  * \brief UTHFreePacket: function to release the allocated data
480  * from UTHBuildPacket and the packet itself
481  *
482  * \param p pointer to the Packet
483  */
485 {
486  if (p == NULL)
487  return;
488 #if 0 // VJ we now use one buffer
489  switch (p->proto) {
490  case IPPROTO_UDP:
491  if (p->udph != NULL)
492  SCFree(p->udph);
493  if (p->ip4h != NULL)
494  SCFree(p->ip4h);
495  break;
496  case IPPROTO_TCP:
497  if (p->tcph != NULL)
498  SCFree(p->tcph);
499  if (p->ip4h != NULL)
500  SCFree(p->ip4h);
501  break;
502  case IPPROTO_ICMP:
503  if (p->ip4h != NULL)
504  SCFree(p->ip4h);
505  break;
506  /* TODO: Add more protocols */
507  }
508 #endif
509  SCFree(p);
510 }
511 
513 {
514  if (p && f) {
515  p->flow = f;
516  p->flags |= PKT_HAS_FLOW;
517  }
518 }
519 
520 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
521 {
522  return TestHelperBuildFlow(family, src, dst, sp, dp);
523 }
524 
525 void UTHFreeFlow(Flow *flow)
526 {
527  if (flow != NULL) {
528  FlowFree(flow);
529  }
530 }
531 
532 int UTHAddStreamToFlow(Flow *f, int direction,
533  uint8_t *data, uint32_t data_len)
534 {
535  FAIL_IF_NULL(f);
536  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
538  TcpSession *ssn = f->protoctx;
539 
540  StreamingBufferSegment seg;
541  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
542  int r = StreamingBufferAppend(&stream->sb, &seg, data, data_len);
543  FAIL_IF_NOT(r == 0);
544  stream->last_ack += data_len;
545  return 1;
546 }
547 
549  uint32_t ts_isn,
550  uint32_t tc_isn)
551 {
552  FAIL_IF_NULL(f);
553 
554  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
555  FAIL_IF_NULL(ssn);
556 
558  ssn->client.sb = x;
559  ssn->server.sb = x;
560 
561  ssn->client.isn = ts_isn;
562  ssn->server.isn = tc_isn;
563 
564  f->protoctx = ssn;
565  return 1;
566 }
567 
569 {
570  FAIL_IF_NULL(f);
571  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
572  TcpSession *ssn = f->protoctx;
573  FAIL_IF_NULL(ssn);
575  SCFree(ssn);
576  f->protoctx = NULL;
577  return 1;
578 }
579 
580 /**
581  * \brief UTHGenericTest: function that perfom a generic check taking care of
582  * as maximum common unittest elements as possible.
583  * It will create a detection engine, append an array
584  * of signatures an check the spected results for each
585  * of them, it check matches for an array of packets
586  *
587  * \param pkt pointer to the array of packets
588  * \param numpkts number of packets to match
589  * \param sigs array of char* pointing to signatures to load
590  * \param numsigs number of signatures to load and check
591  * \param results pointer to arrays of numbers, each of them foreach packet
592  * to check if sids matches that packet as expected with
593  * that number of times or not. The size of results should be
594  * numpkts * numsigs * sizeof(uint16_t *)
595  *
596  * Example:
597  * result[1][3] would mean the number of times the pkt[1]
598  * match the sid[3]
599  *
600  * \retval int 1 if the match of all the sids is the specified has the
601  * specified results; 0 if not
602  */
603 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
604 {
605 
606  int result = 0;
607  if (pkt == NULL || sigs == NULL || numpkts == 0
608  || sids == NULL || results == NULL || numsigs == 0) {
609  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, that the pointer/arrays are not NULL, and the number of signatures and packets is > 0");
610  goto end;
611  }
613  if (de_ctx == NULL) {
614  goto end;
615  }
616  de_ctx->flags |= DE_QUIET;
617 
618  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
619  goto cleanup;
620 
621  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
622 
623 cleanup:
624  if (de_ctx != NULL) {
628  }
629 end:
630  return result;
631 }
632 
633 /**
634  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
635  *
636  *
637  * \param p pointer to the Packet
638  * \param sigs array of char* pointing to signatures to load
639  * \param numsigs number of signatures to load from the array
640  * \param results pointer to an array of numbers to check if sids matches
641  * that number of times or not.
642  *
643  * \retval int 1 if the match of all the sids is the specified has the
644  * specified results; 0 if not
645  */
646 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[],
647  uint32_t results[], int numsids)
648 {
649  if (p == NULL || sids == NULL) {
650  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if the "
651  "packet is NULL, and if the array contain sids is set");
652  return 0;
653  }
654 
655  int i = 0;
656  int res = 1;
657  for (; i < numsids; i++) {
658  uint16_t r = PacketAlertCheck(p, sids[i]);
659  if (r != results[i]) {
660  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, and not %"PRIu32
661  " as expected", sids[i], r, results[i]);
662  res = 0;
663  } else {
664  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, as expected", sids[i], r);
665  }
666  }
667  return res;
668 }
669 
670 /**
671  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
672  *
673  * \param de_ctx pointer to the DetectEngineCtx used
674  * \param sigs array of char* pointing to signatures to load
675  * \param numsigs number of signatures to load from the array
676  * (size of the array)
677  *
678  * \retval int 0 if we have errors; 1 if all the signatures loaded succesfuly
679  */
680 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
681 {
682  if (de_ctx == NULL || numsigs <= 0 || sigs == NULL) {
683  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if sigs or de_ctx are NULL, and if the array contain sigs");
684  return 0;
685  }
686  //SCLogDebug("Adding %d signatures for the current unittest", numsigs);
687 
688  Signature *s;
689  int i = 0;
690 
691  for ( ; i < numsigs; i++) {
692  if (sigs[i] == NULL) {
693  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature"
694  " at position %d", i);
695  return 0;
696  }
697  s = DetectEngineAppendSig(de_ctx, sigs[i]);
698  if (s == NULL) {
699  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature at"
700  " position %d (%s)", i, sigs[i]);
701  return 0;
702  }
703  }
704  //SCLogDebug("Added %d signatures to the de_ctx of the unittest", i);
705  return 1;
706 }
707 
708 /**
709  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
710  * of a de_ctx, checking that each signature match match X times for certain packets
711  *
712  * \param de_ctx pointer with the signatures loaded
713  * \param p pointer to the array of packets
714  * \param num_packets number of packets in the array
715  *
716  * \retval return 1 if all goes well
717  * \retval return 0 if something fail
718  */
719 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
720 {
721  int result = 0;
722 
723  if (de_ctx == NULL || p == NULL) {
724  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
725  result = 0;
726  goto end;
727  }
728 
730  ThreadVars th_v;
731  DetectEngineThreadCtx *det_ctx = NULL;
732  memset(&dtv, 0, sizeof(DecodeThreadVars));
733  memset(&th_v, 0, sizeof(th_v));
734 
735  //de_ctx->flags |= DE_QUIET;
736 
738  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
739 
740  int i = 0;
741  for (; i < num_packets; i++) {
742  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
743  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
744  goto cleanup;
745  }
746 
747  /* so far, so good ;) */
748  result = 1;
749 
750 cleanup:
751  if (det_ctx != NULL)
752  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
753 end:
754  return result;
755 }
756 
757 /**
758  * \test UTHMatchPackets Match a packet or a array of packets against sigs
759  * of a de_ctx, but note that the return value doesn't mean that we have a
760  * match, we have to check it later with PacketAlertCheck()
761  *
762  * \param de_ctx pointer with the signatures loaded
763  * \param p pointer to the array of packets
764  * \param num_packets number of packets in the array
765  *
766  * \retval return 1 if all goes well
767  * \retval return 0 if something fail
768  */
769 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
770 {
771  int result = 1;
772 
773  if (de_ctx == NULL || p == NULL) {
774  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
775  result = 0;
776  goto end;
777  }
778 
780  ThreadVars th_v;
781  DetectEngineThreadCtx *det_ctx = NULL;
782  memset(&dtv, 0, sizeof(DecodeThreadVars));
783  memset(&th_v, 0, sizeof(th_v));
784 
785  //de_ctx->flags |= DE_QUIET;
786 
791  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
792 
793  int i = 0;
794  for (; i < num_packets; i++)
795  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
796 
797  /* Here we don't check if the packet matched or not, because
798  * the de_ctx can have multiple signatures, and some of them may match
799  * and others may not. That check will be outside
800  */
801  if (det_ctx != NULL) {
802  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
803  }
804 end:
805  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
806 
807  return result;
808 }
809 
810 /**
811  * \test Test if a packet match a signature given as string and a mpm_type
812  * Hint: Useful for unittests with only one packet and one signature
813  *
814  * \param sig pointer to the string signature to test
815  * \param sid sid number of the signature
816  *
817  * \retval return 1 if match
818  * \retval return 0 if not
819  */
820 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
821 {
822  SCEnter();
823 
824  int result = 0;
825 
827  ThreadVars th_v;
828  DetectEngineThreadCtx *det_ctx = NULL;
829 
830  memset(&dtv, 0, sizeof(DecodeThreadVars));
831  memset(&th_v, 0, sizeof(th_v));
832 
834  if (de_ctx == NULL) {
835  printf("de_ctx == NULL: ");
836  goto end;
837  }
838 
839  de_ctx->flags |= DE_QUIET;
840  de_ctx->mpm_matcher = mpm_type;
841 
842  de_ctx->sig_list = SigInit(de_ctx, sig);
843  if (de_ctx->sig_list == NULL) {
844  printf("signature == NULL: ");
845  goto end;
846  }
847 
849  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
850 
851  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
852  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
853  printf("signature didn't alert: ");
854  goto end;
855  }
856 
857  result = 1;
858 end:
861 
862  if (det_ctx != NULL)
863  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
864 
865  if (de_ctx != NULL)
867 
868  SCReturnInt(result);
869 }
870 
871 /**
872  * \test Test if a packet match a signature given as string
873  * Hint: Useful for unittests with only one packet and one signature
874  *
875  * \param sig pointer to the string signature to test
876  * \param sid sid number of the signature
877  *
878  * \retval return 1 if match
879  * \retval return 0 if not
880  */
881 int UTHPacketMatchSig(Packet *p, const char *sig)
882 {
883  int result = 1;
884 
886 
887  ThreadVars th_v;
888  DetectEngineThreadCtx *det_ctx = NULL;
889 
890  memset(&dtv, 0, sizeof(DecodeThreadVars));
891  memset(&th_v, 0, sizeof(th_v));
892 
894  if (de_ctx == NULL) {
895  result=0;
896  goto end;
897  }
898 
899  de_ctx->flags |= DE_QUIET;
900 
901  de_ctx->sig_list = SigInit(de_ctx, sig);
902  if (de_ctx->sig_list == NULL) {
903  result = 0;
904  goto end;
905  }
906 
908  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
909 
910  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
911  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
912  result = 0;
913  goto end;
914  }
915 
916 end:
917  if (de_ctx) {
920  }
921 
922  if (det_ctx != NULL)
923  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
924  if (de_ctx != NULL)
926 
927  return result;
928 }
929 
930 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
931 {
932  uint32_t i = start;
933  uint8_t payload[] = "Payload";
934  for (; i < end; i++) {
935  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
936  if (dir == 0) {
937  p->src.addr_data32[0] = i;
938  p->dst.addr_data32[0] = i + 1;
939  } else {
940  p->src.addr_data32[0] = i + 1;
941  p->dst.addr_data32[0] = i;
942  }
943  FlowHandlePacket(NULL, NULL, p);
944  if (p->flow != NULL) {
945  SC_ATOMIC_RESET(p->flow->use_cnt);
946  FLOWLOCK_UNLOCK(p->flow);
947  }
948 
949  /* Now the queues shoul be updated */
950  UTHFreePacket(p);
951  }
952 
953  return i;
954 }
955 
956 /** \brief parser a sig and see if the expected result is correct */
957 int UTHParseSignature(const char *str, bool expect)
958 {
961  de_ctx->flags |= DE_QUIET;
962 
964  if (expect)
965  FAIL_IF_NULL(s);
966  else
967  FAIL_IF_NOT_NULL(s);
968 
970  PASS;
971 }
972 
973 /*
974  * unittests for the unittest helpers
975  */
976 
977 /**
978  * \brief CheckUTHTestPacket wrapper to check packets for unittests
979  */
980 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
981 {
982  uint16_t sport = 41424;
983  uint16_t dport = 80;
984  uint8_t payload[] = "Payload";
985 
986  uint8_t len = sizeof(payload);
987 
988  if (p == NULL)
989  return 0;
990 
991  if (p->payload_len != len)
992  return 0;
993 
994  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
995  return 0;
996 
997  if (p->src.family != AF_INET)
998  return 0;
999  if (p->dst.family != AF_INET)
1000  return 0;
1001  if (p->proto != ipproto)
1002  return 0;
1003 
1004  switch(ipproto) {
1005  case IPPROTO_UDP:
1006  if (p->udph == NULL)
1007  return 0;
1008  if (p->udph->uh_sport != sport)
1009  return 0;
1010  if (p->udph->uh_dport != dport)
1011  return 0;
1012  break;
1013  case IPPROTO_TCP:
1014  if (p->tcph == NULL)
1015  return 0;
1016  if (SCNtohs(p->tcph->th_sport) != sport)
1017  return 0;
1018  if (SCNtohs(p->tcph->th_dport) != dport)
1019  return 0;
1020  break;
1021  }
1022  return 1;
1023 }
1024 
1025 #ifdef HAVE_MEMMEM
1026 #include <string.h>
1027 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1028  return memmem(big, big_len, little, little_len);
1029 }
1030 #else
1031 #include "util-spm-bs.h"
1032 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
1033  return BasicSearch(big, big_len, little, little_len);
1034 }
1035 #endif //HAVE_MEMMEM
1036 
1037 /**
1038  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
1039  */
1040 static int UTHBuildPacketRealTest01(void)
1041 {
1042  uint8_t payload[] = "Payload";
1043 
1044  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
1045  "192.168.1.5", "192.168.1.1", 41424, 80);
1046 
1047  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1048  UTHFreePacket(p);
1049 
1050  return ret;
1051 }
1052 
1053 /**
1054  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
1055  */
1056 static int UTHBuildPacketRealTest02(void)
1057 {
1058  uint8_t payload[] = "Payload";
1059 
1060  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
1061  "192.168.1.5", "192.168.1.1", 41424, 80);
1062 
1063  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1064  UTHFreePacket(p);
1065  return ret;
1066 }
1067 
1068 /**
1069  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1070  */
1071 static int UTHBuildPacketTest01(void)
1072 {
1073  uint8_t payload[] = "Payload";
1074 
1075  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1076 
1077  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1078  UTHFreePacket(p);
1079 
1080  return ret;
1081 }
1082 
1083 /**
1084  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1085  */
1086 static int UTHBuildPacketTest02(void)
1087 {
1088  uint8_t payload[] = "Payload";
1089 
1090  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1091 
1092  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1093  UTHFreePacket(p);
1094 
1095  return ret;
1096 }
1097 
1098 /**
1099  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1100  */
1101 static int UTHBuildPacketOfFlowsTest01(void)
1102 {
1103  int result = 0;
1104 
1106  uint32_t flow_spare_q_len = flow_spare_q.len;
1107 
1108  UTHBuildPacketOfFlows(0, 100, 0);
1109 
1110  if (flow_spare_q.len != flow_spare_q_len - 100)
1111  result = 0;
1112  else
1113  result = 1;
1114  FlowShutdown();
1115 
1116  return result;
1117 }
1118 
1119 
1120 /**
1121  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1122  */
1123 static int UTHBuildPacketSrcDstTest01(void)
1124 {
1125  uint8_t payload[] = "Payload";
1126 
1127  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1128  "192.168.1.5", "192.168.1.1");
1129 
1130  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1131  UTHFreePacket(p);
1132 
1133  return ret;
1134 }
1135 
1136 /**
1137  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1138  */
1139 static int UTHBuildPacketSrcDstTest02(void)
1140 {
1141  uint8_t payload[] = "Payload";
1142 
1143  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1144  "192.168.1.5", "192.168.1.1");
1145 
1146  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1147  UTHFreePacket(p);
1148 
1149  return ret;
1150 }
1151 
1152 /**
1153  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1154  */
1155 static int UTHBuildPacketSrcDstPortsTest01(void)
1156 {
1157  uint8_t payload[] = "Payload";
1158 
1159  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1160  41424, 80);
1161 
1162  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1163  UTHFreePacket(p);
1164 
1165  return ret;
1166 }
1167 
1168 /**
1169  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1170  */
1171 static int UTHBuildPacketSrcDstPortsTest02(void)
1172 {
1173  uint8_t payload[] = "Payload";
1174 
1175  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1176  41424, 80);
1177 
1178  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1179  UTHFreePacket(p);
1180 
1181  return ret;
1182 }
1183 
1184 #endif /* UNITTESTS */
1185 
1187 {
1188 #ifdef UNITTESTS
1189  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1190  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1191  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1192  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1193  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1194  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1195  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1196  UTHBuildPacketSrcDstPortsTest01);
1197  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1198  UTHBuildPacketSrcDstPortsTest02);
1199  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1200 
1201 #endif /* UNITTESTS */
1202 }
1203 
Packet_::proto
uint8_t proto
Definition: decode.h:433
UTHParseSignature
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Definition: util-unittest-helper.c:957
TcpStream_
Definition: stream-tcp-private.h:94
len
uint8_t len
Definition: app-layer-dnp3.h:2
UTHmemsearch
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
Definition: util-unittest-helper.c:1032
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:101
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1087
UTHAddStreamToFlow
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Definition: util-unittest-helper.c:532
flow-util.h
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Flow_::proto
uint8_t proto
Definition: flow.h:361
Packet_::payload
uint8_t * payload
Definition: decode.h:543
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:138
Packet_::flags
uint32_t flags
Definition: decode.h:446
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:343
SigInit
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2033
results
struct DetectRfbSecresult_ results[]
UTHBuildPacketSrcDst
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
Definition: util-unittest-helper.c:417
UTHSetIPv4Address
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
Definition: util-unittest-helper.c:131
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
FlowInitConfig
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:531
UTHPacketMatchSigMpm
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
Definition: util-unittest-helper.c:820
TcpStreamCnf_::sbcnf
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:67
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2089
PacketCopyDataOffset
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:221
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:803
DE_QUIET
#define DE_QUIET
Definition: detect.h:293
UTHPacketMatchSig
int UTHPacketMatchSig(Packet *p, const char *sig)
Definition: util-unittest-helper.c:881
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:336
UTHBuildPacketSrcDstPorts
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
Definition: util-unittest-helper.c:453
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:39
util-spm-bs.h
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:241
Flow_::protoctx
void * protoctx
Definition: flow.h:416
DetectEngineCtx_::mpm_matcher
uint16_t mpm_matcher
Definition: detect.h:815
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:94
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:544
FlowQueue_::len
uint32_t len
Definition: flow-queue.h:45
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
UTHBuildPacketArrayFromEth
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
Definition: util-unittest-helper.c:355
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:260
UTHBuildPacketOfFlows
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
Definition: util-unittest-helper.c:930
flow_spare_q
FlowQueue flow_spare_q
Definition: flow.c:95
IPV4Hdr
struct IPV4Hdr_ IPV4Hdr
UTHAssignFlow
void UTHAssignFlow(Packet *p, Flow *f)
Definition: util-unittest-helper.c:512
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:103
SET_PKT_LEN
#define SET_PKT_LEN(p, len)
Definition: decode.h:232
UTHMatchPackets
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Definition: util-unittest-helper.c:769
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:520
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
UTHBuildPacketIPV6Real
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:155
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
UTHMatchPacketsWithResults
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
Definition: util-unittest-helper.c:719
DetectEngineThreadCtx_
Definition: detect.h:1009
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:723
UTHRegisterTests
void UTHRegisterTests(void)
Definition: util-unittest-helper.c:1186
UTHAddSessionToFlow
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Definition: util-unittest-helper.c:548
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:228
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
UTHCheckPacketMatchResults
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsids)
UTHCheckPacketMatches: function to check if a packet match some sids.
Definition: util-unittest-helper.c:646
Packet_::sp
Port sp
Definition: decode.h:418
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
Definition: detect-engine-sigorder.c:783
TestHelperBufferToFile
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Definition: util-unittest-helper.c:100
util-time.h
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:119
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
SigMatchSignatures
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1668
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:1949
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:48
IPV6Hdr_
Definition: decode-ipv6.h:32
Packet_
Definition: decode.h:411
stream-tcp-private.h
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:503
Port
uint16_t Port
Definition: decode.h:238
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1878
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:30
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:525
StreamingBuffer_
Definition: util-streaming-buffer.h:95
IPV4Hdr_
Definition: decode-ipv4.h:71
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2338
Packet_::flow
struct Flow_ * flow
Definition: decode.h:448
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:2793
Packet_::ts
struct timeval ts
Definition: decode.h:454
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:398
suricata-common.h
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3001
FlowFree
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:80
FLOW_IPV6
#define FLOW_IPV6
Definition: flow.h:96
UTHBuildPacketIPV6SrcDst
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
Definition: util-unittest-helper.c:435
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:525
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:686
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:122
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:772
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
Definition: util-unittest-helper.c:603
SC_ATOMIC_RESET
#define SC_ATOMIC_RESET(name)
wrapper for reinitializing an atomic variable.
Definition: util-atomic.h:295
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:144
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:515
detect-engine-sigorder.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
str
#define str(s)
Definition: suricata-common.h:273
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:625
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:484
Signature_::id
uint32_t id
Definition: detect.h:560
STREAMING_BUFFER_INITIALIZER
#define STREAMING_BUFFER_INITIALIZER(cfg)
Definition: util-streaming-buffer.h:111
StreamTcpSessionCleanup
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:215
detect-parse.h
src
uint16_t src
Definition: app-layer-dnp3.h:5
Signature_
Signature container.
Definition: detect.h:527
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
UTHBuildPacketFromEth
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
Definition: util-unittest-helper.c:393
TimeGet
void TimeGet(struct timeval *tv)
Definition: util-time.c:153
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2044
Packet_::udph
UDPHdr * udph
Definition: decode.h:527
Address_::family
char family
Definition: decode.h:114
Packet_::dst
Address dst
Definition: decode.h:416
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:38
COPY_TIMESTAMP
#define COPY_TIMESTAMP(src, dst)
Definition: flow-util.h:30
TestHelperBuildFlow
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:49
StreamingBufferAppend
int StreamingBufferAppend(StreamingBuffer *sb, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
Definition: util-streaming-buffer.c:576
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:767
UTHAppendSigs
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
Definition: util-unittest-helper.c:680
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:505
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
UTHRemoveSessionFromFlow
int UTHRemoveSessionFromFlow(Flow *f)
Definition: util-unittest-helper.c:568
TcpSession_
Definition: stream-tcp-private.h:260
Packet_::dp
Port dp
Definition: decode.h:426
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:41
Packet_::src
Address src
Definition: decode.h:415
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:467