Go to the documentation of this file.
49 #if defined(UNITTESTS) || defined(FUZZ)
56 printf(
"FlowAlloc failed\n");
60 memset(f, 0x00,
sizeof(
Flow));
64 if (family == AF_INET) {
66 }
else if (family == AF_INET6) {
71 if (family == AF_INET) {
72 if (inet_pton(AF_INET,
src, &in) != 1) {
73 printf(
"invalid address %s\n",
src);
77 f->src.addr_data32[0] = in.s_addr;
83 if (family == AF_INET) {
84 if (inet_pton(AF_INET,
dst, &in) != 1) {
85 printf(
"invalid address %s\n",
dst);
89 f->dst.addr_data32[0] = in.s_addr;
103 if (remove(name) != 0) {
104 if (errno != ENOENT) {
105 printf(
"failed remove, errno=%d\n", errno);
109 FILE *fd = fopen(name,
"wb");
111 printf(
"failed open, errno=%d\n", errno);
114 if (fwrite (data, 1, size, fd) != size) {
135 if (inet_pton(AF_INET,
str, &in) != 1) {
136 printf(
"invalid IPv6 address %s\n",
str);
139 return (uint32_t)in.s_addr;
157 uint8_t ipproto,
const char *
src,
const char *
dst,
158 uint16_t sport, uint16_t dport)
178 p->
ip6h->s_ip6_nxt = ipproto;
181 if (inet_pton(AF_INET6,
src, &in) != 1)
183 p->
src.addr_data32[0] = in[0];
184 p->
src.addr_data32[1] = in[1];
185 p->
src.addr_data32[2] = in[2];
186 p->
src.addr_data32[3] = in[3];
188 p->
ip6h->s_ip6_src[0] = in[0];
189 p->
ip6h->s_ip6_src[1] = in[1];
190 p->
ip6h->s_ip6_src[2] = in[2];
191 p->
ip6h->s_ip6_src[3] = in[3];
193 if (inet_pton(AF_INET6,
dst, &in) != 1)
195 p->
dst.addr_data32[0] = in[0];
196 p->
dst.addr_data32[1] = in[1];
197 p->
dst.addr_data32[2] = in[2];
198 p->
dst.addr_data32[3] = in[3];
200 p->
ip6h->s_ip6_dst[0] = in[0];
201 p->
ip6h->s_ip6_dst[1] = in[1];
202 p->
ip6h->s_ip6_dst[2] = in[2];
203 p->
ip6h->s_ip6_dst[3] = in[3];
208 memset(p->
tcph, 0,
sizeof(TCPHdr));
209 p->
tcph->th_sport = htons(sport);
210 p->
tcph->th_dport = htons(dport);
217 if (p->
ip6h != NULL) {
220 if (p->
tcph != NULL) {
243 uint8_t ipproto,
const char *
src,
const char *
dst,
244 uint16_t sport, uint16_t dport)
256 p->src.family = AF_INET;
257 p->dst.family = AF_INET;
258 p->payload = payload;
262 if (inet_pton(AF_INET,
src, &in) != 1)
264 p->src.addr_data32[0] = in.s_addr;
267 if (inet_pton(AF_INET,
dst, &in) != 1)
269 p->dst.addr_data32[0] = in.s_addr;
276 p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
277 p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
278 p->ip4h->ip_proto = ipproto;
279 p->ip4h->ip_verhl =
sizeof(
IPV4Hdr);
282 int hdr_offset =
sizeof(
IPV4Hdr);
289 p->udph->uh_sport = sport;
290 p->udph->uh_dport = dport;
291 hdr_offset +=
sizeof(UDPHdr);
298 p->tcph->th_sport = htons(sport);
299 p->tcph->th_dport = htons(dport);
300 hdr_offset +=
sizeof(TCPHdr);
304 if (p->icmpv4h == NULL)
307 hdr_offset +=
sizeof(ICMPV4Hdr);
341 "192.168.1.5",
"192.168.1.1",
360 if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
362 " of packets should be grater thatn zero");
371 memset(&th_v, 0,
sizeof(th_v));
374 for (; i < numpkts; i++) {
402 memset(&th_v, 0,
sizeof(th_v));
419 uint8_t ipproto,
const char *
src,
const char *
dst)
437 uint8_t ipproto,
const char *
src,
const char *
dst)
455 uint8_t ipproto, uint16_t sport, uint16_t dport)
458 "192.168.1.5",
"192.168.1.1",
474 for (; i < numpkts; i++) {
489 #if 0 // VJ we now use one buffer
534 uint8_t *data, uint32_t data_len)
541 StreamingBufferSegment seg;
608 if (pkt == NULL || sigs == NULL || numpkts == 0
609 || sids == NULL ||
results == NULL || numsigs == 0) {
648 uint32_t
results[],
int numsids)
650 if (p == NULL || sids == NULL) {
652 "packet is NULL, and if the array contain sids is set");
658 for (; i < numsids; i++) {
661 SCLogInfo(
"Sid %"PRIu32
" matched %"PRIu16
" times, and not %"PRIu32
662 " as expected", sids[i], r,
results[i]);
665 SCLogInfo(
"Sid %"PRIu32
" matched %"PRIu16
" times, as expected", sids[i], r);
683 if (
de_ctx == NULL || numsigs <= 0 || sigs == NULL) {
692 for ( ; i < numsigs; i++) {
693 if (sigs[i] == NULL) {
695 " at position %d", i);
701 " position %d (%s)", i, sigs[i]);
724 if (
de_ctx == NULL || p == NULL) {
734 memset(&th_v, 0,
sizeof(th_v));
742 for (; i < num_packets; i++) {
774 if (
de_ctx == NULL || p == NULL) {
784 memset(&th_v, 0,
sizeof(th_v));
795 for (; i < num_packets; i++)
802 if (det_ctx != NULL) {
832 memset(&th_v, 0,
sizeof(th_v));
836 printf(
"de_ctx == NULL: ");
845 printf(
"signature == NULL: ");
854 printf(
"signature didn't alert: ");
892 memset(&th_v, 0,
sizeof(th_v));
934 memset(&fls, 0,
sizeof(fls));
937 uint8_t payload[] =
"Payload";
938 for (; i < end; i++) {
941 p->
src.addr_data32[0] = i;
942 p->
dst.addr_data32[0] = i + 1;
944 p->
src.addr_data32[0] = i + 1;
945 p->
dst.addr_data32[0] = i;
948 if (p->
flow != NULL) {
992 static int CheckUTHTestPacket(
Packet *p, uint8_t ipproto)
994 uint16_t sport = 41424;
996 uint8_t payload[] =
"Payload";
998 uint8_t
len =
sizeof(payload);
1006 if (strncmp((
char *)payload, (
char *)p->
payload,
len) != 0)
1013 if (p->
proto != ipproto)
1018 if (p->
udph == NULL)
1020 if (p->
udph->uh_sport != sport)
1022 if (p->
udph->uh_dport != dport)
1026 if (p->
tcph == NULL)
1039 void *
UTHmemsearch(
const void *big,
size_t big_len,
const void *little,
size_t little_len) {
1040 return memmem(big, big_len, little, little_len);
1044 void *
UTHmemsearch(
const void *big,
size_t big_len,
const void *little,
size_t little_len) {
1045 return BasicSearch(big, big_len, little, little_len);
1047 #endif //HAVE_MEMMEM
1052 static int UTHBuildPacketRealTest01(
void)
1054 uint8_t payload[] =
"Payload";
1057 "192.168.1.5",
"192.168.1.1", 41424, 80);
1059 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1068 static int UTHBuildPacketRealTest02(
void)
1070 uint8_t payload[] =
"Payload";
1073 "192.168.1.5",
"192.168.1.1", 41424, 80);
1075 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1083 static int UTHBuildPacketTest01(
void)
1085 uint8_t payload[] =
"Payload";
1089 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1098 static int UTHBuildPacketTest02(
void)
1100 uint8_t payload[] =
"Payload";
1104 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1113 static int UTHBuildPacketOfFlowsTest01(
void)
1135 static int UTHBuildPacketSrcDstTest01(
void)
1137 uint8_t payload[] =
"Payload";
1140 "192.168.1.5",
"192.168.1.1");
1142 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1151 static int UTHBuildPacketSrcDstTest02(
void)
1153 uint8_t payload[] =
"Payload";
1156 "192.168.1.5",
"192.168.1.1");
1158 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1167 static int UTHBuildPacketSrcDstPortsTest01(
void)
1169 uint8_t payload[] =
"Payload";
1174 int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1183 static int UTHBuildPacketSrcDstPortsTest02(
void)
1185 uint8_t payload[] =
"Payload";
1190 int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1201 UtRegisterTest(
"UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1202 UtRegisterTest(
"UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1205 UtRegisterTest(
"UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1206 UtRegisterTest(
"UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1208 UTHBuildPacketSrcDstPortsTest01);
1210 UTHBuildPacketSrcDstPortsTest02);
1211 UtRegisterTest(
"UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
FlowQueuePrivate work_queue
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
uint32_t FlowSpareGetPoolSize(void)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
struct DetectRfbSecresult_ results[]
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
main detection engine ctx
void FlowInitConfig(char quiet)
initialize the configuration
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
StreamingBufferConfig sbcnf
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
int UTHPacketMatchSig(Packet *p, const char *sig)
void FlowHandlePacket(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
Entry point for packet flow handling.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
void SigCleanSignatures(DetectEngineCtx *de_ctx)
TcpStreamCnf stream_config
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
#define FLOWLOCK_UNLOCK(fb)
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
void UTHAssignFlow(Packet *p, Flow *f)
#define SET_PKT_LEN(p, len)
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
#define FLOW_INITIALIZE(f)
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
void UTHRegisterTests(void)
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Per thread variable structure.
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsids)
UTHCheckPacketMatches: function to check if a packet match some sids.
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Flow * FlowQueuePrivateGetFromTop(FlowQueuePrivate *fqc)
@ SC_ERR_INVALID_ARGUMENT
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
int SigGroupCleanup(DetectEngineCtx *de_ctx)
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
void UTHFreeFlow(Flow *flow)
FlowQueuePrivate spare_queue
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
void FlowFree(Flow *f)
cleanup & free the memory of a flow
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
void FlowShutdown(void)
shutdown the flow engine
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Structure to hold thread specific data for all decode modules.
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
#define STREAMING_BUFFER_INITIALIZER(cfg)
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
void TimeGet(struct timeval *tv)
DetectEngineCtx * DetectEngineCtxInit(void)
#define COPY_TIMESTAMP(src, dst)
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
int StreamingBufferAppend(StreamingBuffer *sb, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
int UTHRemoveSessionFromFlow(Flow *f)
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.