suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 
34 #include "detect.h"
35 #include "detect-parse.h"
36 #include "detect-engine.h"
37 #include "detect-engine-sigorder.h"
38 
39 #include "stream-tcp.h"
40 #include "stream-tcp-private.h"
41 
42 #include "util-debug.h"
43 #include "util-time.h"
44 #include "util-error.h"
45 #include "util-unittest.h"
46 #include "util-unittest-helper.h"
47 
48 #ifdef UNITTESTS
49 
50 /**
51  * \brief return the uint32_t for a ipv4 address string
52  *
53  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
54  *
55  * \retval uint the uin32_t representation
56  */
57 uint32_t UTHSetIPv4Address(const char *str)
58 {
59  struct in_addr in;
60  if (inet_pton(AF_INET, str, &in) != 1) {
61  printf("invalid IPv6 address %s\n", str);
62  exit(EXIT_FAILURE);
63  }
64  return (uint32_t)in.s_addr;
65 }
66 
67 /**
68  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
69  * specifying ip and port sources and destinations (IPV6)
70  *
71  * \param payload pointer to the payloadd buffer
72  * \param payload_len pointer to the length of the payload
73  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
74  * \param src pointer to a string containing the ip source
75  * \param dst pointer to a string containing the ip destination
76  * \param sport pointer to a string containing the port source
77  * \param dport pointer to a string containing the port destination
78  *
79  * \retval Packet pointer to the built in packet
80  */
81 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
82  uint8_t ipproto, const char *src, const char *dst,
83  uint16_t sport, uint16_t dport)
84 {
85  uint32_t in[4];
86 
88  if (unlikely(p == NULL))
89  return NULL;
90 
91  TimeGet(&p->ts);
92 
93  p->src.family = AF_INET6;
94  p->dst.family = AF_INET6;
95  p->payload = payload;
97  p->proto = ipproto;
98 
99  p->ip6h = SCMalloc(sizeof(IPV6Hdr));
100  if (p->ip6h == NULL)
101  goto error;
102  memset(p->ip6h, 0, sizeof(IPV6Hdr));
103  p->ip6h->s_ip6_nxt = ipproto;
104  p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
105 
106  if (inet_pton(AF_INET6, src, &in) != 1)
107  goto error;
108  p->src.addr_data32[0] = in[0];
109  p->src.addr_data32[1] = in[1];
110  p->src.addr_data32[2] = in[2];
111  p->src.addr_data32[3] = in[3];
112  p->sp = sport;
113  p->ip6h->s_ip6_src[0] = in[0];
114  p->ip6h->s_ip6_src[1] = in[1];
115  p->ip6h->s_ip6_src[2] = in[2];
116  p->ip6h->s_ip6_src[3] = in[3];
117 
118  if (inet_pton(AF_INET6, dst, &in) != 1)
119  goto error;
120  p->dst.addr_data32[0] = in[0];
121  p->dst.addr_data32[1] = in[1];
122  p->dst.addr_data32[2] = in[2];
123  p->dst.addr_data32[3] = in[3];
124  p->dp = dport;
125  p->ip6h->s_ip6_dst[0] = in[0];
126  p->ip6h->s_ip6_dst[1] = in[1];
127  p->ip6h->s_ip6_dst[2] = in[2];
128  p->ip6h->s_ip6_dst[3] = in[3];
129 
130  p->tcph = SCMalloc(sizeof(TCPHdr));
131  if (p->tcph == NULL)
132  goto error;
133  memset(p->tcph, 0, sizeof(TCPHdr));
134  p->tcph->th_sport = htons(sport);
135  p->tcph->th_dport = htons(dport);
136 
137  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
138  return p;
139 
140 error:
141  if (p != NULL) {
142  if (p->ip6h != NULL) {
143  SCFree(p->ip6h);
144  }
145  if (p->tcph != NULL) {
146  SCFree(p->tcph);
147  }
148  SCFree(p);
149  }
150  return NULL;
151 }
152 
153 /**
154  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
155  * specifying ip and port sources and destinations
156  *
157  * \param payload pointer to the payloadd buffer
158  * \param payload_len pointer to the length of the payload
159  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
160  * \param src pointer to a string containing the ip source
161  * \param dst pointer to a string containing the ip destination
162  * \param sport pointer to a string containing the port source
163  * \param dport pointer to a string containing the port destination
164  *
165  * \retval Packet pointer to the built in packet
166  */
167 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
168  uint8_t ipproto, const char *src, const char *dst,
169  uint16_t sport, uint16_t dport)
170 {
171  struct in_addr in;
172 
173  Packet *p = PacketGetFromAlloc();
174  if (unlikely(p == NULL))
175  return NULL;
176 
177  struct timeval tv;
178  TimeGet(&tv);
179  COPY_TIMESTAMP(&tv, &p->ts);
180 
181  p->src.family = AF_INET;
182  p->dst.family = AF_INET;
183  p->payload = payload;
184  p->payload_len = payload_len;
185  p->proto = ipproto;
186 
187  if (inet_pton(AF_INET, src, &in) != 1)
188  goto error;
189  p->src.addr_data32[0] = in.s_addr;
190  p->sp = sport;
191 
192  if (inet_pton(AF_INET, dst, &in) != 1)
193  goto error;
194  p->dst.addr_data32[0] = in.s_addr;
195  p->dp = dport;
196 
197  p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
198  if (p->ip4h == NULL)
199  goto error;
200 
201  p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
202  p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
203  p->ip4h->ip_proto = ipproto;
204  p->ip4h->ip_verhl = sizeof(IPV4Hdr);
205  p->proto = ipproto;
206 
207  int hdr_offset = sizeof(IPV4Hdr);
208  switch (ipproto) {
209  case IPPROTO_UDP:
210  p->udph = (UDPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
211  if (p->udph == NULL)
212  goto error;
213 
214  p->udph->uh_sport = sport;
215  p->udph->uh_dport = dport;
216  hdr_offset += sizeof(UDPHdr);
217  break;
218  case IPPROTO_TCP:
219  p->tcph = (TCPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
220  if (p->tcph == NULL)
221  goto error;
222 
223  p->tcph->th_sport = htons(sport);
224  p->tcph->th_dport = htons(dport);
225  hdr_offset += sizeof(TCPHdr);
226  break;
227  case IPPROTO_ICMP:
228  p->icmpv4h = (ICMPV4Hdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
229  if (p->icmpv4h == NULL)
230  goto error;
231 
232  hdr_offset += sizeof(ICMPV4Hdr);
233  break;
234  default:
235  break;
236  /* TODO: Add more protocols */
237  }
238 
239  if (payload && payload_len) {
240  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
241  }
242  SET_PKT_LEN(p, hdr_offset + payload_len);
243  p->payload = GET_PKT_DATA(p)+hdr_offset;
244 
245  return p;
246 
247 error:
248  SCFree(p);
249  return NULL;
250 }
251 
252 /**
253  * \brief UTHBuildPacket is a wrapper that build packets with default ip
254  * and port fields
255  *
256  * \param payload pointer to the payloadd buffer
257  * \param payload_len pointer to the length of the payload
258  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
259  *
260  * \retval Packet pointer to the built in packet
261  */
262 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
263  uint8_t ipproto)
264 {
265  return UTHBuildPacketReal(payload, payload_len, ipproto,
266  "192.168.1.5", "192.168.1.1",
267  41424, 80);
268 }
269 
270 /**
271  * \brief UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of
272  * packets in ethernet rawbytes. Hint: It also share the flows.
273  *
274  * \param raw_eth pointer to the array of ethernet packets in rawbytes
275  * \param pktsize pointer to the array of sizes corresponding to each buffer pointed
276  * from pktsize.
277  * \param numpkts number of packets in the array
278  *
279  * \retval Packet pointer to the array of built in packets; NULL if something fail
280  */
281 Packet **UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
282 {
283  DecodeThreadVars dtv;
284  ThreadVars th_v;
285  if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
286  SCLogError(SC_ERR_INVALID_ARGUMENT, "The arrays cant be null, and the number"
287  " of packets should be grater thatn zero");
288  return NULL;
289  }
290  Packet **p = NULL;
291  p = SCMalloc(sizeof(Packet *) * numpkts);
292  if (unlikely(p == NULL))
293  return NULL;
294 
295  memset(&dtv, 0, sizeof(DecodeThreadVars));
296  memset(&th_v, 0, sizeof(th_v));
297 
298  int i = 0;
299  for (; i < numpkts; i++) {
300  p[i] = PacketGetFromAlloc();
301  if (p[i] == NULL) {
302  SCFree(p);
303  return NULL;
304  }
305  DecodeEthernet(&th_v, &dtv, p[i], raw_eth[i], pktsize[i], NULL);
306  }
307  return p;
308 }
309 
310 /**
311  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
312  *
313  * \param raw_eth pointer to the rawbytes containing an ethernet packet
314  * (and any other headers inside)
315  * \param pktsize pointer to the length of the payload
316  *
317  * \retval Packet pointer to the built in packet; NULL if something fail
318  */
319 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
320 {
321  DecodeThreadVars dtv;
322  ThreadVars th_v;
323  Packet *p = PacketGetFromAlloc();
324  if (unlikely(p == NULL))
325  return NULL;
326  memset(&dtv, 0, sizeof(DecodeThreadVars));
327  memset(&th_v, 0, sizeof(th_v));
328 
329  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize, NULL);
330  return p;
331 }
332 
333 /**
334  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
335  * and defaulting ports
336  *
337  * \param payload pointer to the payloadd buffer
338  * \param payload_len pointer to the length of the payload
339  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
340  *
341  * \retval Packet pointer to the built in packet
342  */
343 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
344  uint8_t ipproto, const char *src, const char *dst)
345 {
346  return UTHBuildPacketReal(payload, payload_len, ipproto,
347  src, dst,
348  41424, 80);
349 }
350 
351 /**
352  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
353  * and defaulting ports (IPV6)
354  *
355  * \param payload pointer to the payload buffer
356  * \param payload_len pointer to the length of the payload
357  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
358  *
359  * \retval Packet pointer to the built in packet
360  */
361 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
362  uint8_t ipproto, const char *src, const char *dst)
363 {
364  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
365  src, dst,
366  41424, 80);
367 }
368 
369 /**
370  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
371  * src and dst ports and defaulting IPs
372  *
373  * \param payload pointer to the payloadd buffer
374  * \param payload_len pointer to the length of the payload
375  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
376  *
377  * \retval Packet pointer to the built in packet
378  */
379 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
380  uint8_t ipproto, uint16_t sport, uint16_t dport)
381 {
382  return UTHBuildPacketReal(payload, payload_len, ipproto,
383  "192.168.1.5", "192.168.1.1",
384  sport, dport);
385 }
386 
387 /**
388  * \brief UTHFreePackets: function to release the allocated data
389  * from UTHBuildPacket and the packet itself
390  *
391  * \param p pointer to the Packet
392  */
393 void UTHFreePackets(Packet **p, int numpkts)
394 {
395  if (p == NULL)
396  return;
397 
398  int i = 0;
399  for (; i < numpkts; i++) {
400  UTHFreePacket(p[i]);
401  }
402 }
403 
404 /**
405  * \brief UTHFreePacket: function to release the allocated data
406  * from UTHBuildPacket and the packet itself
407  *
408  * \param p pointer to the Packet
409  */
411 {
412  if (p == NULL)
413  return;
414 #if 0 // VJ we now use one buffer
415  switch (p->proto) {
416  case IPPROTO_UDP:
417  if (p->udph != NULL)
418  SCFree(p->udph);
419  if (p->ip4h != NULL)
420  SCFree(p->ip4h);
421  break;
422  case IPPROTO_TCP:
423  if (p->tcph != NULL)
424  SCFree(p->tcph);
425  if (p->ip4h != NULL)
426  SCFree(p->ip4h);
427  break;
428  case IPPROTO_ICMP:
429  if (p->ip4h != NULL)
430  SCFree(p->ip4h);
431  break;
432  /* TODO: Add more protocols */
433  }
434 #endif
435  SCFree(p);
436 }
437 
439 {
440  if (p && f) {
441  p->flow = f;
442  p->flags |= PKT_HAS_FLOW;
443  }
444 }
445 
446 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
447 {
448  struct in_addr in;
449 
450  Flow *f = SCMalloc(sizeof(Flow));
451  if (unlikely(f == NULL)) {
452  printf("FlowAlloc failed\n");
453  ;
454  return NULL;
455  }
456  memset(f, 0x00, sizeof(Flow));
457 
458  FLOW_INITIALIZE(f);
459 
460  if (family == AF_INET) {
461  f->flags |= FLOW_IPV4;
462  } else if (family == AF_INET6) {
463  f->flags |= FLOW_IPV6;
464  }
465 
466  if (src != NULL) {
467  if (family == AF_INET) {
468  if (inet_pton(AF_INET, src, &in) != 1) {
469  printf("invalid address %s\n", src);
470  SCFree(f);
471  return NULL;
472  }
473  f->src.addr_data32[0] = in.s_addr;
474  } else {
475  BUG_ON(1);
476  }
477  }
478  if (dst != NULL) {
479  if (family == AF_INET) {
480  if (inet_pton(AF_INET, dst, &in) != 1) {
481  printf("invalid address %s\n", dst);
482  SCFree(f);
483  return NULL;
484  }
485  f->dst.addr_data32[0] = in.s_addr;
486  } else {
487  BUG_ON(1);
488  }
489  }
490 
491  f->sp = sp;
492  f->dp = dp;
493 
494  return f;
495 }
496 
497 void UTHFreeFlow(Flow *flow)
498 {
499  if (flow != NULL) {
500  FlowFree(flow);
501  }
502 }
503 
504 int UTHAddStreamToFlow(Flow *f, int direction,
505  uint8_t *data, uint32_t data_len)
506 {
507  FAIL_IF_NULL(f);
508  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
510  TcpSession *ssn = f->protoctx;
511 
512  StreamingBufferSegment seg;
513  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
514  int r = StreamingBufferAppend(&stream->sb, &seg, data, data_len);
515  FAIL_IF_NOT(r == 0);
516  stream->last_ack += data_len;
517  return 1;
518 }
519 
521  uint32_t ts_isn,
522  uint32_t tc_isn)
523 {
524  FAIL_IF_NULL(f);
525 
526  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
527  FAIL_IF_NULL(ssn);
528 
530  ssn->client.sb = x;
531  ssn->server.sb = x;
532 
533  ssn->client.isn = ts_isn;
534  ssn->server.isn = tc_isn;
535 
536  f->protoctx = ssn;
537  return 1;
538 }
539 
541 {
542  FAIL_IF_NULL(f);
543  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
544  TcpSession *ssn = f->protoctx;
545  FAIL_IF_NULL(ssn);
547  SCFree(ssn);
548  f->protoctx = NULL;
549  return 1;
550 }
551 
552 /**
553  * \brief UTHGenericTest: function that perfom a generic check taking care of
554  * as maximum common unittest elements as possible.
555  * It will create a detection engine, append an array
556  * of signatures an check the spected results for each
557  * of them, it check matches for an array of packets
558  *
559  * \param pkt pointer to the array of packets
560  * \param numpkts number of packets to match
561  * \param sigs array of char* pointing to signatures to load
562  * \param numsigs number of signatures to load and check
563  * \param results pointer to arrays of numbers, each of them foreach packet
564  * to check if sids matches that packet as expected with
565  * that number of times or not. The size of results should be
566  * numpkts * numsigs * sizeof(uint16_t *)
567  *
568  * Example:
569  * result[1][3] would mean the number of times the pkt[1]
570  * match the sid[3]
571  *
572  * \retval int 1 if the match of all the sids is the specified has the
573  * specified results; 0 if not
574  */
575 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
576 {
577 
578  int result = 0;
579  if (pkt == NULL || sigs == NULL || numpkts == 0
580  || sids == NULL || results == NULL || numsigs == 0) {
581  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, that the pointer/arrays are not NULL, and the number of signatures and packets is > 0");
582  goto end;
583  }
585  if (de_ctx == NULL) {
586  goto end;
587  }
588  de_ctx->flags |= DE_QUIET;
589 
590  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
591  goto cleanup;
592 
593  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
594 
595 cleanup:
596  if (de_ctx != NULL) {
597  SigGroupCleanup(de_ctx);
598  SigCleanSignatures(de_ctx);
599  DetectEngineCtxFree(de_ctx);
600  }
601 end:
602  return result;
603 }
604 
605 /**
606  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
607  *
608  *
609  * \param p pointer to the Packet
610  * \param sigs array of char* pointing to signatures to load
611  * \param numsigs number of signatures to load from the array
612  * \param results pointer to an array of numbers to check if sids matches
613  * that number of times or not.
614  *
615  * \retval int 1 if the match of all the sids is the specified has the
616  * specified results; 0 if not
617  */
618 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[],
619  uint32_t results[], int numsids)
620 {
621  if (p == NULL || sids == NULL) {
622  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if the "
623  "packet is NULL, and if the array contain sids is set");
624  return 0;
625  }
626 
627  int i = 0;
628  int res = 1;
629  for (; i < numsids; i++) {
630  uint16_t r = PacketAlertCheck(p, sids[i]);
631  if (r != results[i]) {
632  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, and not %"PRIu32
633  " as expected", sids[i], r, results[i]);
634  res = 0;
635  } else {
636  SCLogInfo("Sid %"PRIu32" matched %"PRIu16" times, as expected", sids[i], r);
637  }
638  }
639  return res;
640 }
641 
642 /**
643  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
644  *
645  * \param de_ctx pointer to the DetectEngineCtx used
646  * \param sigs array of char* pointing to signatures to load
647  * \param numsigs number of signatures to load from the array
648  * (size of the array)
649  *
650  * \retval int 0 if we have errors; 1 if all the signatures loaded succesfuly
651  */
652 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
653 {
654  if (de_ctx == NULL || numsigs <= 0 || sigs == NULL) {
655  SCLogError(SC_ERR_INVALID_ARGUMENT, "Arguments invalid, check if sigs or de_ctx are NULL, and if the array contain sigs");
656  return 0;
657  }
658  //SCLogDebug("Adding %d signatures for the current unittest", numsigs);
659 
660  Signature *s;
661  int i = 0;
662 
663  for ( ; i < numsigs; i++) {
664  if (sigs[i] == NULL) {
665  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature"
666  " at position %d", i);
667  return 0;
668  }
669  s = DetectEngineAppendSig(de_ctx, sigs[i]);
670  if (s == NULL) {
671  SCLogError(SC_ERR_INVALID_ARGUMENT, "Check the signature at"
672  " position %d (%s)", i, sigs[i]);
673  return 0;
674  }
675  }
676  //SCLogDebug("Added %d signatures to the de_ctx of the unittest", i);
677  return 1;
678 }
679 
680 /**
681  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
682  * of a de_ctx, checking that each signature match match X times for certain packets
683  *
684  * \param de_ctx pointer with the signatures loaded
685  * \param p pointer to the array of packets
686  * \param num_packets number of packets in the array
687  *
688  * \retval return 1 if all goes well
689  * \retval return 0 if something fail
690  */
691 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
692 {
693  int result = 0;
694 
695  if (de_ctx == NULL || p == NULL) {
696  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
697  result = 0;
698  goto end;
699  }
700 
701  DecodeThreadVars dtv;
702  ThreadVars th_v;
703  DetectEngineThreadCtx *det_ctx = NULL;
704  memset(&dtv, 0, sizeof(DecodeThreadVars));
705  memset(&th_v, 0, sizeof(th_v));
706 
707  //de_ctx->flags |= DE_QUIET;
708 
709  SigGroupBuild(de_ctx);
710  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
711 
712  int i = 0;
713  for (; i < num_packets; i++) {
714  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
715  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
716  goto cleanup;
717  }
718 
719  /* so far, so good ;) */
720  result = 1;
721 
722 cleanup:
723  if (det_ctx != NULL)
724  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
725 end:
726  return result;
727 }
728 
729 /**
730  * \test UTHMatchPackets Match a packet or a array of packets against sigs
731  * of a de_ctx, but note that the return value doesn't mean that we have a
732  * match, we have to check it later with PacketAlertCheck()
733  *
734  * \param de_ctx pointer with the signatures loaded
735  * \param p pointer to the array of packets
736  * \param num_packets number of packets in the array
737  *
738  * \retval return 1 if all goes well
739  * \retval return 0 if something fail
740  */
741 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
742 {
743  int result = 1;
744 
745  if (de_ctx == NULL || p == NULL) {
746  SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
747  result = 0;
748  goto end;
749  }
750 
751  DecodeThreadVars dtv;
752  ThreadVars th_v;
753  DetectEngineThreadCtx *det_ctx = NULL;
754  memset(&dtv, 0, sizeof(DecodeThreadVars));
755  memset(&th_v, 0, sizeof(th_v));
756 
757  //de_ctx->flags |= DE_QUIET;
758 
760  SCSigOrderSignatures(de_ctx);
762  SigGroupBuild(de_ctx);
763  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
764 
765  int i = 0;
766  for (; i < num_packets; i++)
767  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
768 
769  /* Here we don't check if the packet matched or not, because
770  * the de_ctx can have multiple signatures, and some of them may match
771  * and others may not. That check will be outside
772  */
773  if (det_ctx != NULL) {
774  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
775  }
776 end:
777  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
778 
779  return result;
780 }
781 
782 /**
783  * \test Test if a packet match a signature given as string and a mpm_type
784  * Hint: Useful for unittests with only one packet and one signature
785  *
786  * \param sig pointer to the string signature to test
787  * \param sid sid number of the signature
788  *
789  * \retval return 1 if match
790  * \retval return 0 if not
791  */
792 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
793 {
794  SCEnter();
795 
796  int result = 0;
797 
798  DecodeThreadVars dtv;
799  ThreadVars th_v;
800  DetectEngineThreadCtx *det_ctx = NULL;
801 
802  memset(&dtv, 0, sizeof(DecodeThreadVars));
803  memset(&th_v, 0, sizeof(th_v));
804 
806  if (de_ctx == NULL) {
807  printf("de_ctx == NULL: ");
808  goto end;
809  }
810 
811  de_ctx->flags |= DE_QUIET;
812  de_ctx->mpm_matcher = mpm_type;
813 
814  de_ctx->sig_list = SigInit(de_ctx, sig);
815  if (de_ctx->sig_list == NULL) {
816  printf("signature == NULL: ");
817  goto end;
818  }
819 
820  SigGroupBuild(de_ctx);
821  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
822 
823  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
824  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
825  printf("signature didn't alert: ");
826  goto end;
827  }
828 
829  result = 1;
830 end:
831  SigGroupCleanup(de_ctx);
832  SigCleanSignatures(de_ctx);
833 
834  if (det_ctx != NULL)
835  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
836 
837  if (de_ctx != NULL)
838  DetectEngineCtxFree(de_ctx);
839 
840  SCReturnInt(result);
841 }
842 
843 /**
844  * \test Test if a packet match a signature given as string
845  * Hint: Useful for unittests with only one packet and one signature
846  *
847  * \param sig pointer to the string signature to test
848  * \param sid sid number of the signature
849  *
850  * \retval return 1 if match
851  * \retval return 0 if not
852  */
853 int UTHPacketMatchSig(Packet *p, const char *sig)
854 {
855  int result = 1;
856 
857  DecodeThreadVars dtv;
858 
859  ThreadVars th_v;
860  DetectEngineThreadCtx *det_ctx = NULL;
861 
862  memset(&dtv, 0, sizeof(DecodeThreadVars));
863  memset(&th_v, 0, sizeof(th_v));
864 
866  if (de_ctx == NULL) {
867  result=0;
868  goto end;
869  }
870 
871  de_ctx->flags |= DE_QUIET;
872 
873  de_ctx->sig_list = SigInit(de_ctx, sig);
874  if (de_ctx->sig_list == NULL) {
875  result = 0;
876  goto end;
877  }
878 
879  SigGroupBuild(de_ctx);
880  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
881 
882  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
883  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
884  result = 0;
885  goto end;
886  }
887 
888 end:
889  if (de_ctx) {
890  SigGroupCleanup(de_ctx);
891  SigCleanSignatures(de_ctx);
892  }
893 
894  if (det_ctx != NULL)
895  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
896  if (de_ctx != NULL)
897  DetectEngineCtxFree(de_ctx);
898 
899  return result;
900 }
901 
902 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
903 {
904  uint32_t i = start;
905  uint8_t payload[] = "Payload";
906  for (; i < end; i++) {
907  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
908  if (dir == 0) {
909  p->src.addr_data32[0] = i;
910  p->dst.addr_data32[0] = i + 1;
911  } else {
912  p->src.addr_data32[0] = i + 1;
913  p->dst.addr_data32[0] = i;
914  }
915  FlowHandlePacket(NULL, NULL, p);
916  if (p->flow != NULL) {
917  SC_ATOMIC_RESET(p->flow->use_cnt);
918  FLOWLOCK_UNLOCK(p->flow);
919  }
920 
921  /* Now the queues shoul be updated */
922  UTHFreePacket(p);
923  }
924 
925  return i;
926 }
927 
928 /** \brief parser a sig and see if the expected result is correct */
929 int UTHParseSignature(const char *str, bool expect)
930 {
932  FAIL_IF_NULL(de_ctx);
933  de_ctx->flags |= DE_QUIET;
934 
935  Signature *s = DetectEngineAppendSig(de_ctx, str);
936  if (expect)
937  FAIL_IF_NULL(s);
938  else
939  FAIL_IF_NOT_NULL(s);
940 
941  DetectEngineCtxFree(de_ctx);
942  PASS;
943 }
944 
945 
946 /*
947  * unittests for the unittest helpers
948  */
949 
950 /**
951  * \brief CheckUTHTestPacket wrapper to check packets for unittests
952  */
953 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
954 {
955  uint16_t sport = 41424;
956  uint16_t dport = 80;
957  uint8_t payload[] = "Payload";
958 
959  uint8_t len = sizeof(payload);
960 
961  if (p == NULL)
962  return 0;
963 
964  if (p->payload_len != len)
965  return 0;
966 
967  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
968  return 0;
969 
970  if (p->src.family != AF_INET)
971  return 0;
972  if (p->dst.family != AF_INET)
973  return 0;
974  if (p->proto != ipproto)
975  return 0;
976 
977  switch(ipproto) {
978  case IPPROTO_UDP:
979  if (p->udph == NULL)
980  return 0;
981  if (p->udph->uh_sport != sport)
982  return 0;
983  if (p->udph->uh_dport != dport)
984  return 0;
985  break;
986  case IPPROTO_TCP:
987  if (p->tcph == NULL)
988  return 0;
989  if (SCNtohs(p->tcph->th_sport) != sport)
990  return 0;
991  if (SCNtohs(p->tcph->th_dport) != dport)
992  return 0;
993  break;
994  }
995  return 1;
996 }
997 
998 /**
999  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
1000  */
1001 static int UTHBuildPacketRealTest01(void)
1002 {
1003  uint8_t payload[] = "Payload";
1004 
1005  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
1006  "192.168.1.5", "192.168.1.1", 41424, 80);
1007 
1008  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1009  UTHFreePacket(p);
1010 
1011  return ret;
1012 }
1013 
1014 /**
1015  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
1016  */
1017 static int UTHBuildPacketRealTest02(void)
1018 {
1019  uint8_t payload[] = "Payload";
1020 
1021  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
1022  "192.168.1.5", "192.168.1.1", 41424, 80);
1023 
1024  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1025  UTHFreePacket(p);
1026  return ret;
1027 }
1028 
1029 /**
1030  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1031  */
1032 static int UTHBuildPacketTest01(void)
1033 {
1034  uint8_t payload[] = "Payload";
1035 
1036  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1037 
1038  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1039  UTHFreePacket(p);
1040 
1041  return ret;
1042 }
1043 
1044 /**
1045  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1046  */
1047 static int UTHBuildPacketTest02(void)
1048 {
1049  uint8_t payload[] = "Payload";
1050 
1051  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1052 
1053  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1054  UTHFreePacket(p);
1055 
1056  return ret;
1057 }
1058 
1059 /**
1060  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1061  */
1062 static int UTHBuildPacketOfFlowsTest01(void)
1063 {
1064  int result = 0;
1065 
1067  uint32_t flow_spare_q_len = flow_spare_q.len;
1068 
1069  UTHBuildPacketOfFlows(0, 100, 0);
1070 
1071  if (flow_spare_q.len != flow_spare_q_len - 100)
1072  result = 0;
1073  else
1074  result = 1;
1075  FlowShutdown();
1076 
1077  return result;
1078 }
1079 
1080 
1081 /**
1082  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1083  */
1084 static int UTHBuildPacketSrcDstTest01(void)
1085 {
1086  uint8_t payload[] = "Payload";
1087 
1088  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1089  "192.168.1.5", "192.168.1.1");
1090 
1091  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1092  UTHFreePacket(p);
1093 
1094  return ret;
1095 }
1096 
1097 /**
1098  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1099  */
1100 static int UTHBuildPacketSrcDstTest02(void)
1101 {
1102  uint8_t payload[] = "Payload";
1103 
1104  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1105  "192.168.1.5", "192.168.1.1");
1106 
1107  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1108  UTHFreePacket(p);
1109 
1110  return ret;
1111 }
1112 
1113 /**
1114  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1115  */
1116 static int UTHBuildPacketSrcDstPortsTest01(void)
1117 {
1118  uint8_t payload[] = "Payload";
1119 
1120  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1121  41424, 80);
1122 
1123  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1124  UTHFreePacket(p);
1125 
1126  return ret;
1127 }
1128 
1129 /**
1130  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1131  */
1132 static int UTHBuildPacketSrcDstPortsTest02(void)
1133 {
1134  uint8_t payload[] = "Payload";
1135 
1136  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1137  41424, 80);
1138 
1139  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1140  UTHFreePacket(p);
1141 
1142  return ret;
1143 }
1144 
1145 #endif /* UNITTESTS */
1146 
1148 {
1149 #ifdef UNITTESTS
1150  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1151  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1152  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1153  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1154  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1155  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1156  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1157  UTHBuildPacketSrcDstPortsTest01);
1158  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1159  UTHBuildPacketSrcDstPortsTest02);
1160  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1161 
1162 #endif /* UNITTESTS */
1163 }
1164 
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
#define STREAMING_BUFFER_INITIALIZER(cfg)
void UTHAssignFlow(Packet *p, Flow *f)
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:215
UDPHdr * udph
Definition: decode.h:524
#define FLOW_IPV6
Definition: flow.h:96
struct Flow_ * flow
Definition: decode.h:445
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
void FlowHandlePacket(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:499
TcpStreamCnf stream_config
Definition: stream-tcp.h:106
#define BUG_ON(x)
uint8_t proto
Definition: flow.h:344
uint32_t id
Definition: detect.h:555
#define SET_PKT_LEN(p, len)
Definition: decode.h:229
void UTHRegisterTests(void)
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:243
StreamingBuffer sb
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
Port sp
Definition: decode.h:415
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:80
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Port dp
Definition: decode.h:423
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Signature * sig_list
Definition: detect.h:767
#define FLOW_QUIET
Definition: flow.h:38
Address dst
Definition: decode.h:413
#define SC_ATOMIC_RESET(name)
Initialize the previously declared atomic variable and it&#39;s lock.
Definition: util-atomic.h:90
void SigCleanSignatures(DetectEngineCtx *de_ctx)
uint16_t src
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
TCPHdr * tcph
Definition: decode.h:522
Signature container.
Definition: detect.h:522
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsids)
UTHCheckPacketMatches: function to check if a packet match some sids.
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
void * protoctx
Definition: flow.h:400
main detection engine ctx
Definition: detect.h:761
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered...
#define DE_QUIET
Definition: detect.h:292
#define COPY_TIMESTAMP(src, dst)
Definition: flow-util.h:30
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
int StreamingBufferAppend(StreamingBuffer *sb, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
#define str(s)
uint16_t dst
#define SCCalloc(nm, a)
Definition: util-mem.h:253
IPV6Hdr * ip6h
Definition: decode.h:502
char family
Definition: decode.h:111
uint8_t proto
Definition: decode.h:430
uint8_t flags
Definition: detect.h:762
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
void TimeGet(struct timeval *tv)
Definition: util-time.c:146
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
int UTHPacketMatchSig(Packet *p, const char *sig)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
uint16_t mpm_matcher
Definition: detect.h:810
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Structure to hold thread specific data for all decode modules.
Definition: decode.h:632
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1669
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
#define SCEnter(...)
Definition: util-debug.h:337
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
int SigGroupCleanup(DetectEngineCtx *de_ctx)
#define SCReturnInt(x)
Definition: util-debug.h:341
uint16_t Port
Definition: decode.h:235
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
int UTHRemoveSessionFromFlow(Flow *f)
IPV4Hdr * ip4h
Definition: decode.h:500
struct IPV4Hdr_ IPV4Hdr
#define SCMalloc(a)
Definition: util-mem.h:222
uint16_t payload_len
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
#define SCFree(a)
Definition: util-mem.h:322
PoolThreadReserved res
#define SCNtohs(x)
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:670
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:39
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
#define GET_PKT_DATA(p)
Definition: decode.h:225
#define PKT_HAS_FLOW
Definition: decode.h:1093
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:67
uint32_t len
Definition: flow-queue.h:45
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
uint8_t len
Per thread variable structure.
Definition: threadvars.h:57
struct timeval ts
Definition: decode.h:451
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6) ...
uint32_t flags
Definition: decode.h:443
uint16_t payload_len
Definition: decode.h:541
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports...
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:218
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself...
Flow data structure.
Definition: flow.h:325
#define FLOW_IPV4
Definition: flow.h:94
uint8_t * payload
Definition: decode.h:540
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:141
Address src
Definition: decode.h:412
FlowQueue flow_spare_q
Definition: flow-private.h:91
void UTHFreeFlow(Flow *flow)
DetectEngineCtx * DetectEngineCtxInit(void)
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:515