suricata
util-unittest-helper.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  *
23  * This file provide a set of helper functions for reducing the complexity
24  * when constructing unittests
25  */
26 
27 #include "suricata-common.h"
28 
29 #include "decode.h"
30 
31 #include "flow-private.h"
32 #include "flow-util.h"
33 #include "flow-spare-pool.h"
34 
35 #include "detect.h"
36 #include "detect-parse.h"
37 #include "detect-engine.h"
38 #include "detect-engine-alert.h"
39 #include "detect-engine-sigorder.h"
40 #include "detect-engine-build.h"
41 
42 #include "stream-tcp.h"
43 #include "stream-tcp-private.h"
44 
45 #include "util-debug.h"
46 #include "util-time.h"
47 #include "util-error.h"
48 #include "util-unittest.h"
49 #include "util-unittest-helper.h"
50 
51 #if defined(UNITTESTS) || defined(FUZZ)
52 Flow *TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
53 {
54  struct in_addr in;
55 
56  Flow *f = SCMalloc(sizeof(Flow));
57  if (unlikely(f == NULL)) {
58  printf("FlowAlloc failed\n");
59  ;
60  return NULL;
61  }
62  memset(f, 0x00, sizeof(Flow));
63 
64  FLOW_INITIALIZE(f);
65 
66  if (family == AF_INET) {
67  f->flags |= FLOW_IPV4;
68  } else if (family == AF_INET6) {
69  f->flags |= FLOW_IPV6;
70  }
71 
72  if (src != NULL) {
73  if (family == AF_INET) {
74  if (inet_pton(AF_INET, src, &in) != 1) {
75  printf("invalid address %s\n", src);
76  SCFree(f);
77  return NULL;
78  }
79  f->src.addr_data32[0] = in.s_addr;
80  } else {
81  BUG_ON(1);
82  }
83  }
84  if (dst != NULL) {
85  if (family == AF_INET) {
86  if (inet_pton(AF_INET, dst, &in) != 1) {
87  printf("invalid address %s\n", dst);
88  SCFree(f);
89  return NULL;
90  }
91  f->dst.addr_data32[0] = in.s_addr;
92  } else {
93  BUG_ON(1);
94  }
95  }
96 
97  f->sp = sp;
98  f->dp = dp;
99 
100  return f;
101 }
102 /** \brief writes the contents of a buffer into a file */
103 int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
104 {
105  if (remove(name) != 0) {
106  if (errno != ENOENT) {
107  printf("failed remove, errno=%d\n", errno);
108  return -1;
109  }
110  }
111  FILE *fd = fopen(name, "wb");
112  if (fd == NULL) {
113  printf("failed open, errno=%d\n", errno);
114  return -2;
115  }
116  if (fwrite (data, 1, size, fd) != size) {
117  fclose(fd);
118  return -3;
119  }
120  fclose(fd);
121  return 0;
122 }
123 
124 #endif
125 #ifdef UNITTESTS
126 
127 /**
128  * \brief return the uint32_t for a ipv4 address string
129  *
130  * \param str Valid ipaddress in string form (e.g. 1.2.3.4)
131  *
132  * \retval uint the uin32_t representation
133  */
134 uint32_t UTHSetIPv4Address(const char *str)
135 {
136  struct in_addr in;
137  if (inet_pton(AF_INET, str, &in) != 1) {
138  printf("invalid IPv6 address %s\n", str);
139  exit(EXIT_FAILURE);
140  }
141  return (uint32_t)in.s_addr;
142 }
143 
144 /**
145  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
146  * specifying ip and port sources and destinations (IPV6)
147  *
148  * \param payload pointer to the payload buffer
149  * \param payload_len pointer to the length of the payload
150  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
151  * \param src pointer to a string containing the ip source
152  * \param dst pointer to a string containing the ip destination
153  * \param sport pointer to a string containing the port source
154  * \param dport pointer to a string containing the port destination
155  *
156  * \retval Packet pointer to the built in packet
157  */
158 Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
159  uint8_t ipproto, const char *src, const char *dst,
160  uint16_t sport, uint16_t dport)
161 {
162  uint32_t in[4];
163 
164  Packet *p = PacketGetFromAlloc();
165  if (unlikely(p == NULL))
166  return NULL;
167 
168  p->ts = TimeGet();
169 
170  p->src.family = AF_INET6;
171  p->dst.family = AF_INET6;
172  p->payload = payload;
174  p->proto = ipproto;
175 
176  p->ip6h = SCMalloc(sizeof(IPV6Hdr));
177  if (p->ip6h == NULL)
178  goto error;
179  memset(p->ip6h, 0, sizeof(IPV6Hdr));
180  p->ip6h->s_ip6_nxt = ipproto;
181  p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
182 
183  if (inet_pton(AF_INET6, src, &in) != 1)
184  goto error;
185  p->src.addr_data32[0] = in[0];
186  p->src.addr_data32[1] = in[1];
187  p->src.addr_data32[2] = in[2];
188  p->src.addr_data32[3] = in[3];
189  p->sp = sport;
190  p->ip6h->s_ip6_src[0] = in[0];
191  p->ip6h->s_ip6_src[1] = in[1];
192  p->ip6h->s_ip6_src[2] = in[2];
193  p->ip6h->s_ip6_src[3] = in[3];
194 
195  if (inet_pton(AF_INET6, dst, &in) != 1)
196  goto error;
197  p->dst.addr_data32[0] = in[0];
198  p->dst.addr_data32[1] = in[1];
199  p->dst.addr_data32[2] = in[2];
200  p->dst.addr_data32[3] = in[3];
201  p->dp = dport;
202  p->ip6h->s_ip6_dst[0] = in[0];
203  p->ip6h->s_ip6_dst[1] = in[1];
204  p->ip6h->s_ip6_dst[2] = in[2];
205  p->ip6h->s_ip6_dst[3] = in[3];
206 
207  p->tcph = SCMalloc(sizeof(TCPHdr));
208  if (p->tcph == NULL)
209  goto error;
210  memset(p->tcph, 0, sizeof(TCPHdr));
211  p->tcph->th_sport = htons(sport);
212  p->tcph->th_dport = htons(dport);
213 
214  SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
215  return p;
216 
217 error:
218  if (p != NULL) {
219  if (p->ip6h != NULL) {
220  SCFree(p->ip6h);
221  }
222  if (p->tcph != NULL) {
223  SCFree(p->tcph);
224  }
225  SCFree(p);
226  }
227  return NULL;
228 }
229 
230 /**
231  * \brief UTHBuildPacketReal is a function that create tcp/udp packets for unittests
232  * specifying ip and port sources and destinations
233  *
234  * \param payload pointer to the payload buffer
235  * \param payload_len pointer to the length of the payload
236  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
237  * \param src pointer to a string containing the ip source
238  * \param dst pointer to a string containing the ip destination
239  * \param sport pointer to a string containing the port source
240  * \param dport pointer to a string containing the port destination
241  *
242  * \retval Packet pointer to the built in packet
243  */
244 Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
245  uint8_t ipproto, const char *src, const char *dst,
246  uint16_t sport, uint16_t dport)
247 {
248  struct in_addr in;
249 
250  Packet *p = PacketGetFromAlloc();
251  if (unlikely(p == NULL))
252  return NULL;
253 
254  p->ts = TimeGet();
255 
256  p->src.family = AF_INET;
257  p->dst.family = AF_INET;
258  p->payload = payload;
259  p->payload_len = payload_len;
260  p->proto = ipproto;
261 
262  if (inet_pton(AF_INET, src, &in) != 1)
263  goto error;
264  p->src.addr_data32[0] = in.s_addr;
265  p->sp = sport;
266 
267  if (inet_pton(AF_INET, dst, &in) != 1)
268  goto error;
269  p->dst.addr_data32[0] = in.s_addr;
270  p->dp = dport;
271 
272  p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
273  if (p->ip4h == NULL)
274  goto error;
275 
276  p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
277  p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
278  p->ip4h->ip_proto = ipproto;
279  p->ip4h->ip_verhl = sizeof(IPV4Hdr);
280  p->proto = ipproto;
281 
282  int hdr_offset = sizeof(IPV4Hdr);
283  switch (ipproto) {
284  case IPPROTO_UDP:
285  p->udph = (UDPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
286  if (p->udph == NULL)
287  goto error;
288 
289  p->udph->uh_sport = sport;
290  p->udph->uh_dport = dport;
291  hdr_offset += sizeof(UDPHdr);
292  break;
293  case IPPROTO_TCP:
294  p->tcph = (TCPHdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
295  if (p->tcph == NULL)
296  goto error;
297 
298  p->tcph->th_sport = htons(sport);
299  p->tcph->th_dport = htons(dport);
300  hdr_offset += sizeof(TCPHdr);
301  break;
302  case IPPROTO_ICMP:
303  p->icmpv4h = (ICMPV4Hdr *)(GET_PKT_DATA(p) + sizeof(IPV4Hdr));
304  if (p->icmpv4h == NULL)
305  goto error;
306 
307  hdr_offset += sizeof(ICMPV4Hdr);
308  break;
309  default:
310  break;
311  /* TODO: Add more protocols */
312  }
313 
314  if (payload && payload_len) {
315  PacketCopyDataOffset(p, hdr_offset, payload, payload_len);
316  }
317  SET_PKT_LEN(p, hdr_offset + payload_len);
318  p->payload = GET_PKT_DATA(p)+hdr_offset;
319  p->app_update_direction = UPDATE_DIR_BOTH;
320 
321  return p;
322 
323 error:
324  SCFree(p);
325  return NULL;
326 }
327 
328 /**
329  * \brief UTHBuildPacket is a wrapper that build packets with default ip
330  * and port fields
331  *
332  * \param payload pointer to the payload buffer
333  * \param payload_len pointer to the length of the payload
334  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
335  *
336  * \retval Packet pointer to the built in packet
337  */
338 Packet *UTHBuildPacket(uint8_t *payload, uint16_t payload_len,
339  uint8_t ipproto)
340 {
341  return UTHBuildPacketReal(payload, payload_len, ipproto,
342  "192.168.1.5", "192.168.1.1",
343  41424, 80);
344 }
345 
346 /**
347  * \brief UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of
348  * packets in ethernet rawbytes. Hint: It also share the flows.
349  *
350  * \param raw_eth pointer to the array of ethernet packets in rawbytes
351  * \param pktsize pointer to the array of sizes corresponding to each buffer pointed
352  * from pktsize.
353  * \param numpkts number of packets in the array
354  *
355  * \retval Packet pointer to the array of built in packets; NULL if something fail
356  */
357 Packet **UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
358 {
360  ThreadVars th_v;
361  if (raw_eth == NULL || pktsize == NULL || numpkts <= 0) {
362  SCLogError("The arrays cant be null, and the number"
363  " of packets should be grater thatn zero");
364  return NULL;
365  }
366  Packet **p = NULL;
367  p = SCMalloc(sizeof(Packet *) * numpkts);
368  if (unlikely(p == NULL))
369  return NULL;
370 
371  memset(&dtv, 0, sizeof(DecodeThreadVars));
372  memset(&th_v, 0, sizeof(th_v));
373 
374  int i = 0;
375  for (; i < numpkts; i++) {
376  p[i] = PacketGetFromAlloc();
377  if (p[i] == NULL) {
378  SCFree(p);
379  return NULL;
380  }
381  DecodeEthernet(&th_v, &dtv, p[i], raw_eth[i], pktsize[i]);
382  }
383  return p;
384 }
385 
386 /**
387  * \brief UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes
388  *
389  * \param raw_eth pointer to the rawbytes containing an ethernet packet
390  * (and any other headers inside)
391  * \param pktsize pointer to the length of the payload
392  *
393  * \retval Packet pointer to the built in packet; NULL if something fail
394  */
395 Packet *UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
396 {
398  ThreadVars th_v;
399  Packet *p = PacketGetFromAlloc();
400  if (unlikely(p == NULL))
401  return NULL;
402  memset(&dtv, 0, sizeof(DecodeThreadVars));
403  memset(&th_v, 0, sizeof(th_v));
404 
405  DecodeEthernet(&th_v, &dtv, p, raw_eth, pktsize);
406  return p;
407 }
408 
409 /**
410  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
411  * and defaulting ports
412  *
413  * \param payload pointer to the payload buffer
414  * \param payload_len pointer to the length of the payload
415  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
416  *
417  * \retval Packet pointer to the built in packet
418  */
419 Packet *UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len,
420  uint8_t ipproto, const char *src, const char *dst)
421 {
422  return UTHBuildPacketReal(payload, payload_len, ipproto,
423  src, dst,
424  41424, 80);
425 }
426 
427 /**
428  * \brief UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs
429  * and defaulting ports (IPV6)
430  *
431  * \param payload pointer to the payload buffer
432  * \param payload_len pointer to the length of the payload
433  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
434  *
435  * \retval Packet pointer to the built in packet
436  */
437 Packet *UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len,
438  uint8_t ipproto, const char *src, const char *dst)
439 {
440  return UTHBuildPacketIPV6Real(payload, payload_len, ipproto,
441  src, dst,
442  41424, 80);
443 }
444 
445 /**
446  * \brief UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying
447  * src and dst ports and defaulting IPs
448  *
449  * \param payload pointer to the payload buffer
450  * \param payload_len pointer to the length of the payload
451  * \param ipproto Protocols allowed atm are IPPROTO_TCP and IPPROTO_UDP
452  *
453  * \retval Packet pointer to the built in packet
454  */
455 Packet *UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len,
456  uint8_t ipproto, uint16_t sport, uint16_t dport)
457 {
458  return UTHBuildPacketReal(payload, payload_len, ipproto,
459  "192.168.1.5", "192.168.1.1",
460  sport, dport);
461 }
462 
463 /**
464  * \brief UTHFreePackets: function to release the allocated data
465  * from UTHBuildPacket and the packet itself
466  *
467  * \param p pointer to the Packet
468  */
469 void UTHFreePackets(Packet **p, int numpkts)
470 {
471  if (p == NULL)
472  return;
473 
474  int i = 0;
475  for (; i < numpkts; i++) {
476  UTHFreePacket(p[i]);
477  }
478 }
479 
480 /**
481  * \brief UTHFreePacket: function to release the allocated data
482  * from UTHBuildPacket and the packet itself
483  *
484  * \param p pointer to the Packet
485  */
487 {
488  if (p == NULL)
489  return;
490  PacketFree(p);
491 }
492 
494 {
495  if (p && f) {
496  p->flow = f;
497  p->flags |= PKT_HAS_FLOW;
498  }
499 }
500 
501 Flow *UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
502 {
503  return TestHelperBuildFlow(family, src, dst, sp, dp);
504 }
505 
506 void UTHFreeFlow(Flow *flow)
507 {
508  if (flow != NULL) {
509  SCFree(flow);//FlowFree(flow);
510  }
511 }
512 
513 int UTHAddStreamToFlow(Flow *f, int direction,
514  uint8_t *data, uint32_t data_len)
515 {
516  FAIL_IF_NULL(f);
517  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
519  TcpSession *ssn = f->protoctx;
520 
521  StreamingBufferSegment seg;
522  TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
523  int r = StreamingBufferAppend(&stream->sb, &stream_config.sbcnf, &seg, data, data_len);
524  FAIL_IF_NOT(r == 0);
525  stream->last_ack += data_len;
526  return 1;
527 }
528 
530  uint32_t ts_isn,
531  uint32_t tc_isn)
532 {
533  FAIL_IF_NULL(f);
534 
535  TcpSession *ssn = SCCalloc(1, sizeof(*ssn));
536  FAIL_IF_NULL(ssn);
537 
539  ssn->client.sb = x;
540  ssn->server.sb = x;
541 
542  ssn->client.isn = ts_isn;
543  ssn->server.isn = tc_isn;
544 
545  f->protoctx = ssn;
546  return 1;
547 }
548 
550 {
551  FAIL_IF_NULL(f);
552  FAIL_IF_NOT(f->proto == IPPROTO_TCP);
553  TcpSession *ssn = f->protoctx;
554  FAIL_IF_NULL(ssn);
556  SCFree(ssn);
557  f->protoctx = NULL;
558  return 1;
559 }
560 
561 /**
562  * \brief UTHGenericTest: function that perform a generic check taking care of
563  * as maximum common unittest elements as possible.
564  * It will create a detection engine, append an array
565  * of signatures an check the expected results for each
566  * of them, it check matches for an array of packets
567  *
568  * \param pkt pointer to the array of packets
569  * \param numpkts number of packets to match
570  * \param sigs array of char* pointing to signatures to load
571  * \param numsigs number of signatures to load and check
572  * \param results pointer to arrays of numbers, each of them foreach packet
573  * to check if sids matches that packet as expected with
574  * that number of times or not. The size of results should be
575  * numpkts * numsigs * sizeof(uint16_t *)
576  *
577  * Example:
578  * result[1][3] would mean the number of times the pkt[1]
579  * match the sid[3]
580  *
581  * \retval int 1 if the match of all the sids is the specified has the
582  * specified results; 0 if not
583  */
584 int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
585 {
586 
587  int result = 0;
588  if (pkt == NULL || sigs == NULL || numpkts == 0
589  || sids == NULL || results == NULL || numsigs == 0) {
590  SCLogError("Arguments invalid, that the pointer/arrays are not NULL, and the number of "
591  "signatures and packets is > 0");
592  goto end;
593  }
595  if (de_ctx == NULL) {
596  goto end;
597  }
598  de_ctx->flags |= DE_QUIET;
599 
600  if (UTHAppendSigs(de_ctx, sigs, numsigs) == 0)
601  goto cleanup;
602 
603  result = UTHMatchPacketsWithResults(de_ctx, pkt, numpkts, sids, results, numsigs);
604 
605 cleanup:
607 end:
608  return result;
609 }
610 
611 /**
612  * \brief UTHCheckPacketMatches: function to check if a packet match some sids
613  *
614  *
615  * \param p pointer to the Packet
616  * \param sigs array of char* pointing to signatures to load
617  * \param numsigs number of signatures to load from the array
618  * \param results pointer to an array of numbers to check if sids matches
619  * that number of times or not.
620  *
621  * \retval int 1 if the match of all the sids is the specified has the
622  * specified results; 0 if not
623  */
624 int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsigs)
625 {
626  if (p == NULL || sids == NULL) {
627  SCLogError("Arguments invalid, check if the "
628  "packet is NULL, and if the array contain sids is set");
629  return 0;
630  }
631 
632  int i = 0;
633  int res = 1;
634  for (; i < numsigs; i++) {
635  uint32_t r = PacketAlertCheck(p, sids[i]);
636  if (r != results[i]) {
637  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, and not %" PRIu32 " as expected",
638  sids[i], r, results[i]);
639  res = 0;
640  } else {
641  SCLogInfo("Sid %" PRIu32 " matched %" PRIu32 " times, as expected", sids[i], r);
642  }
643  }
644  return res;
645 }
646 
647 /**
648  * \brief UTHAppendSigs: Add sigs to the detection_engine checking for errors
649  *
650  * \param de_ctx pointer to the DetectEngineCtx used
651  * \param sigs array of char* pointing to signatures to load
652  * \param numsigs number of signatures to load from the array
653  * (size of the array)
654  *
655  * \retval int 0 if we have errors; 1 if all the signatures loaded successfully
656  */
657 int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
658 {
659  BUG_ON(de_ctx == NULL);
660  BUG_ON(numsigs <= 0);
661  BUG_ON(sigs == NULL);
662 
663  for (int i = 0; i < numsigs; i++) {
664  if (sigs[i] == NULL) {
665  SCLogError("Check the signature"
666  " at position %d",
667  i);
668  return 0;
669  }
670  Signature *s = DetectEngineAppendSig(de_ctx, sigs[i]);
671  if (s == NULL) {
672  SCLogError("Check the signature at"
673  " position %d (%s)",
674  i, sigs[i]);
675  return 0;
676  }
677  }
678  return 1;
679 }
680 
681 /**
682  * \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
683  * of a de_ctx, checking that each signature matches X times for certain packets
684  *
685  * \param de_ctx pointer with the signatures loaded
686  * \param p pointer to the array of packets
687  * \param num_packets number of packets in the array
688  *
689  * \retval return 1 if all goes well
690  * \retval return 0 if something fail
691  */
692 int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
693 {
694  BUG_ON(de_ctx == NULL);
695  BUG_ON(p == NULL);
696 
697  int result = 0;
699  ThreadVars th_v;
700  DetectEngineThreadCtx *det_ctx = NULL;
701  memset(&dtv, 0, sizeof(DecodeThreadVars));
702  memset(&th_v, 0, sizeof(th_v));
703 
705  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
706 
707  for (int i = 0; i < num_packets; i++) {
708  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
709  if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
710  goto cleanup;
711  }
712 
713  result = 1;
714 cleanup:
715  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
716  return result;
717 }
718 
719 /**
720  * \test UTHMatchPackets Match a packet or a array of packets against sigs
721  * of a de_ctx, but note that the return value doesn't mean that we have a
722  * match, we have to check it later with PacketAlertCheck()
723  *
724  * \param de_ctx pointer with the signatures loaded
725  * \param p pointer to the array of packets
726  * \param num_packets number of packets in the array
727  *
728  * \retval return 1 if all goes well
729  * \retval return 0 if something fail
730  */
731 int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
732 {
733  BUG_ON(de_ctx == NULL);
734  BUG_ON(p == NULL);
735  int result = 1;
737  ThreadVars th_v;
738  DetectEngineThreadCtx *det_ctx = NULL;
739  memset(&dtv, 0, sizeof(DecodeThreadVars));
740  memset(&th_v, 0, sizeof(th_v));
745  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
746 
747  for (int i = 0; i < num_packets; i++)
748  SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
749 
750  /* Here we don't check if the packet matched or not, because
751  * the de_ctx can have multiple signatures, and some of them may match
752  * and others may not. That check will be outside
753  */
754  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
755  if (de_ctx != NULL) SigGroupCleanup(de_ctx);
756  return result;
757 }
758 
759 /**
760  * \test Test if a packet match a signature given as string and a mpm_type
761  * Hint: Useful for unittests with only one packet and one signature
762  *
763  * \param sig pointer to the string signature to test
764  * \param sid sid number of the signature
765  *
766  * \retval return 1 if match
767  * \retval return 0 if not
768  */
769 int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
770 {
771  SCEnter();
772 
773  int result = 0;
774 
776  ThreadVars th_v;
777  DetectEngineThreadCtx *det_ctx = NULL;
778 
779  memset(&dtv, 0, sizeof(DecodeThreadVars));
780  memset(&th_v, 0, sizeof(th_v));
781 
783  if (de_ctx == NULL) {
784  printf("de_ctx == NULL: ");
785  goto end;
786  }
787 
788  de_ctx->flags |= DE_QUIET;
789  de_ctx->mpm_matcher = mpm_type;
790 
791  de_ctx->sig_list = SigInit(de_ctx, sig);
792  if (de_ctx->sig_list == NULL) {
793  printf("signature == NULL: ");
794  goto end;
795  }
796 
798  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
799 
800  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
801  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
802  printf("signature didn't alert: ");
803  goto end;
804  }
805 
806  result = 1;
807 end:
808  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
810  SCReturnInt(result);
811 }
812 
813 /**
814  * \test Test if a packet match a signature given as string
815  * Hint: Useful for unittests with only one packet and one signature
816  *
817  * \param sig pointer to the string signature to test
818  * \param sid sid number of the signature
819  *
820  * \retval return 1 if match
821  * \retval return 0 if not
822  */
823 int UTHPacketMatchSig(Packet *p, const char *sig)
824 {
825  int result = 1;
826 
828 
829  ThreadVars th_v;
830  DetectEngineThreadCtx *det_ctx = NULL;
831 
832  memset(&dtv, 0, sizeof(DecodeThreadVars));
833  memset(&th_v, 0, sizeof(th_v));
834 
836  if (de_ctx == NULL) {
837  result=0;
838  goto end;
839  }
840 
841  de_ctx->flags |= DE_QUIET;
842 
843  de_ctx->sig_list = SigInit(de_ctx, sig);
844  if (de_ctx->sig_list == NULL) {
845  result = 0;
846  goto end;
847  }
848 
850  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
851 
852  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
853  if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
854  result = 0;
855  goto end;
856  }
857 
858 end:
859  if (de_ctx) {
862  }
863 
864  if (det_ctx != NULL)
865  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
866  if (de_ctx != NULL)
868 
869  return result;
870 }
871 
872 uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
873 {
874  FlowLookupStruct fls;
875  memset(&fls, 0, sizeof(fls));
876 
877  uint32_t i = start;
878  uint8_t payload[] = "Payload";
879  for (; i < end; i++) {
880  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
881  if (dir == 0) {
882  p->src.addr_data32[0] = i;
883  p->dst.addr_data32[0] = i + 1;
884  } else {
885  p->src.addr_data32[0] = i + 1;
886  p->dst.addr_data32[0] = i;
887  }
888  FlowHandlePacket(NULL, &fls, p);
889  if (p->flow != NULL) {
890  FLOWLOCK_UNLOCK(p->flow);
891  }
892 
893  /* Now the queues should be updated */
894  UTHFreePacket(p);
895  }
896 
897  Flow *f;
898  while ((f = FlowQueuePrivateGetFromTop(&fls.spare_queue))) {
899  FlowFree(f);
900  }
901  while ((f = FlowQueuePrivateGetFromTop(&fls.work_queue))) {
902  FlowFree(f);
903  }
904 
905  return i;
906 }
907 
908 /** \brief parser a sig and see if the expected result is correct */
909 int UTHParseSignature(const char *str, bool expect)
910 {
913  de_ctx->flags |= DE_QUIET;
914 
916  if (expect)
917  FAIL_IF_NULL(s);
918  else
919  FAIL_IF_NOT_NULL(s);
920 
922  PASS;
923 }
924 
925 /*
926  * unittests for the unittest helpers
927  */
928 
929 /**
930  * \brief CheckUTHTestPacket wrapper to check packets for unittests
931  */
932 static int CheckUTHTestPacket(Packet *p, uint8_t ipproto)
933 {
934  uint16_t sport = 41424;
935  uint16_t dport = 80;
936  uint8_t payload[] = "Payload";
937 
938  uint8_t len = sizeof(payload);
939 
940  if (p == NULL)
941  return 0;
942 
943  if (p->payload_len != len)
944  return 0;
945 
946  if (strncmp((char *)payload, (char *)p->payload, len) != 0)
947  return 0;
948 
949  if (p->src.family != AF_INET)
950  return 0;
951  if (p->dst.family != AF_INET)
952  return 0;
953  if (p->proto != ipproto)
954  return 0;
955 
956  switch(ipproto) {
957  case IPPROTO_UDP:
958  if (p->udph == NULL)
959  return 0;
960  if (p->udph->uh_sport != sport)
961  return 0;
962  if (p->udph->uh_dport != dport)
963  return 0;
964  break;
965  case IPPROTO_TCP:
966  if (p->tcph == NULL)
967  return 0;
968  if (SCNtohs(p->tcph->th_sport) != sport)
969  return 0;
970  if (SCNtohs(p->tcph->th_dport) != dport)
971  return 0;
972  break;
973  }
974  return 1;
975 }
976 
977 #ifdef HAVE_MEMMEM
978 #include <string.h>
979 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
980  return memmem(big, big_len, little, little_len);
981 }
982 #else
983 #include "util-spm-bs.h"
984 void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len) {
985  return BasicSearch(big, big_len, little, little_len);
986 }
987 #endif //HAVE_MEMMEM
988 
989 /**
990  * \brief UTHBuildPacketRealTest01 wrapper to check packets for unittests
991  */
992 static int UTHBuildPacketRealTest01(void)
993 {
994  uint8_t payload[] = "Payload";
995 
996  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_TCP,
997  "192.168.1.5", "192.168.1.1", 41424, 80);
998 
999  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1000  UTHFreePacket(p);
1001 
1002  return ret;
1003 }
1004 
1005 /**
1006  * \brief UTHBuildPacketRealTest02 wrapper to check packets for unittests
1007  */
1008 static int UTHBuildPacketRealTest02(void)
1009 {
1010  uint8_t payload[] = "Payload";
1011 
1012  Packet *p = UTHBuildPacketReal(payload, sizeof(payload), IPPROTO_UDP,
1013  "192.168.1.5", "192.168.1.1", 41424, 80);
1014 
1015  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1016  UTHFreePacket(p);
1017  return ret;
1018 }
1019 
1020 /**
1021  * \brief UTHBuildPacketTest01 wrapper to check packets for unittests
1022  */
1023 static int UTHBuildPacketTest01(void)
1024 {
1025  uint8_t payload[] = "Payload";
1026 
1027  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
1028 
1029  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1030  UTHFreePacket(p);
1031 
1032  return ret;
1033 }
1034 
1035 /**
1036  * \brief UTHBuildPacketTest02 wrapper to check packets for unittests
1037  */
1038 static int UTHBuildPacketTest02(void)
1039 {
1040  uint8_t payload[] = "Payload";
1041 
1042  Packet *p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_UDP);
1043 
1044  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1045  UTHFreePacket(p);
1046 
1047  return ret;
1048 }
1049 
1050 /**
1051  * \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
1052  */
1053 static int UTHBuildPacketOfFlowsTest01(void)
1054 {
1055  int result = 0;
1056 
1058  uint32_t flow_spare_q_len = FlowSpareGetPoolSize();
1059 
1060  UTHBuildPacketOfFlows(0, 100, 0);
1061 
1062  if (FlowSpareGetPoolSize() != flow_spare_q_len - 100)
1063  result = 0;
1064  else
1065  result = 1;
1066  FlowShutdown();
1067 
1068  return result;
1069 }
1070 
1071 
1072 /**
1073  * \brief UTHBuildPacketSrcDstTest01 wrapper to check packets for unittests
1074  */
1075 static int UTHBuildPacketSrcDstTest01(void)
1076 {
1077  uint8_t payload[] = "Payload";
1078 
1079  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_TCP,
1080  "192.168.1.5", "192.168.1.1");
1081 
1082  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1083  UTHFreePacket(p);
1084 
1085  return ret;
1086 }
1087 
1088 /**
1089  * \brief UTHBuildPacketSrcDstTest02 wrapper to check packets for unittests
1090  */
1091 static int UTHBuildPacketSrcDstTest02(void)
1092 {
1093  uint8_t payload[] = "Payload";
1094 
1095  Packet *p = UTHBuildPacketSrcDst(payload, sizeof(payload), IPPROTO_UDP,
1096  "192.168.1.5", "192.168.1.1");
1097 
1098  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1099  UTHFreePacket(p);
1100 
1101  return ret;
1102 }
1103 
1104 /**
1105  * \brief UTHBuildPacketSrcDstPortsTest01 wrapper to check packets for unittests
1106  */
1107 static int UTHBuildPacketSrcDstPortsTest01(void)
1108 {
1109  uint8_t payload[] = "Payload";
1110 
1111  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_TCP,
1112  41424, 80);
1113 
1114  int ret = CheckUTHTestPacket(p, IPPROTO_TCP);
1115  UTHFreePacket(p);
1116 
1117  return ret;
1118 }
1119 
1120 /**
1121  * \brief UTHBuildPacketSrcDstPortsTest02 wrapper to check packets for unittests
1122  */
1123 static int UTHBuildPacketSrcDstPortsTest02(void)
1124 {
1125  uint8_t payload[] = "Payload";
1126 
1127  Packet *p = UTHBuildPacketSrcDstPorts(payload, sizeof(payload), IPPROTO_UDP,
1128  41424, 80);
1129 
1130  int ret = CheckUTHTestPacket(p, IPPROTO_UDP);
1131  UTHFreePacket(p);
1132 
1133  return ret;
1134 }
1135 
1136 #endif /* UNITTESTS */
1137 
1139 {
1140 #ifdef UNITTESTS
1141  UtRegisterTest("UTHBuildPacketRealTest01", UTHBuildPacketRealTest01);
1142  UtRegisterTest("UTHBuildPacketRealTest02", UTHBuildPacketRealTest02);
1143  UtRegisterTest("UTHBuildPacketTest01", UTHBuildPacketTest01);
1144  UtRegisterTest("UTHBuildPacketTest02", UTHBuildPacketTest02);
1145  UtRegisterTest("UTHBuildPacketSrcDstTest01", UTHBuildPacketSrcDstTest01);
1146  UtRegisterTest("UTHBuildPacketSrcDstTest02", UTHBuildPacketSrcDstTest02);
1147  UtRegisterTest("UTHBuildPacketSrcDstPortsTest01",
1148  UTHBuildPacketSrcDstPortsTest01);
1149  UtRegisterTest("UTHBuildPacketSrcDstPortsTest02",
1150  UTHBuildPacketSrcDstPortsTest02);
1151  UtRegisterTest("UTHBuildPacketOfFlowsTest01", UTHBuildPacketOfFlowsTest01);
1152 
1153 #endif /* UNITTESTS */
1154 }
1155 
UPDATE_DIR_BOTH
@ UPDATE_DIR_BOTH
Definition: stream-tcp-reassemble.h:57
FlowLookupStruct_::work_queue
FlowQueuePrivate work_queue
Definition: flow.h:542
Packet_::proto
uint8_t proto
Definition: decode.h:452
UTHParseSignature
int UTHParseSignature(const char *str, bool expect)
parser a sig and see if the expected result is correct
Definition: util-unittest-helper.c:909
TcpStream_
Definition: stream-tcp-private.h:106
len
uint8_t len
Definition: app-layer-dnp3.h:2
UTHmemsearch
void * UTHmemsearch(const void *big, size_t big_len, const void *little, size_t little_len)
Definition: util-unittest-helper.c:984
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:113
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1005
UTHAddStreamToFlow
int UTHAddStreamToFlow(Flow *f, int direction, uint8_t *data, uint32_t data_len)
Definition: util-unittest-helper.c:513
FlowSpareGetPoolSize
uint32_t FlowSpareGetPoolSize(void)
Definition: flow-spare-pool.c:47
flow-util.h
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Flow_::proto
uint8_t proto
Definition: flow.h:372
Packet_::payload
uint8_t * payload
Definition: decode.h:577
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
Packet_::flags
uint32_t flags
Definition: decode.h:467
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:350
results
struct DetectRfbSecresult_ results[]
UTHBuildPacketSrcDst
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
Definition: util-unittest-helper.c:419
UTHSetIPv4Address
uint32_t UTHSetIPv4Address(const char *str)
return the uint32_t for a ipv4 address string
Definition: util-unittest-helper.c:134
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:835
UTHPacketMatchSigMpm
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
Definition: util-unittest-helper.c:769
TcpStreamCnf_::sbcnf
StreamingBufferConfig sbcnf
Definition: stream-tcp.h:76
FlowLookupStruct_
Definition: flow.h:538
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2580
PacketCopyDataOffset
int PacketCopyDataOffset(Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
Copy data to Packet payload at given offset.
Definition: decode.c:250
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:825
UTHCheckPacketMatchResults
int UTHCheckPacketMatchResults(Packet *p, uint32_t sids[], uint32_t results[], int numsigs)
UTHCheckPacketMatches: function to check if a packet match some sids.
Definition: util-unittest-helper.c:624
DE_QUIET
#define DE_QUIET
Definition: detect.h:320
UTHPacketMatchSig
int UTHPacketMatchSig(Packet *p, const char *sig)
Definition: util-unittest-helper.c:823
StreamingBufferAppend
int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg, StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
Definition: util-streaming-buffer.c:1069
FlowHandlePacket
void FlowHandlePacket(ThreadVars *tv, FlowLookupStruct *fls, Packet *p)
Entry point for packet flow handling.
Definition: flow.c:533
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:338
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1882
UTHBuildPacketSrcDstPorts
Packet * UTHBuildPacketSrcDstPorts(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, uint16_t sport, uint16_t dport)
UTHBuildPacketSrcDstPorts is a wrapper that build packets specifying src and dst ports and defaulting...
Definition: util-unittest-helper.c:455
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:53
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2620
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:115
util-spm-bs.h
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:244
Flow_::protoctx
void * protoctx
Definition: flow.h:440
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:96
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:578
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
UTHBuildPacketArrayFromEth
Packet ** UTHBuildPacketArrayFromEth(uint8_t *raw_eth[], int *pktsize, int numpkts)
UTHBuildPacketArrayFromEth is a wrapper that build a packets from an array of packets in ethernet raw...
Definition: util-unittest-helper.c:357
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:267
UTHBuildPacketOfFlows
uint32_t UTHBuildPacketOfFlows(uint32_t start, uint32_t end, uint8_t dir)
Definition: util-unittest-helper.c:872
IPV4Hdr
struct IPV4Hdr_ IPV4Hdr
UTHAssignFlow
void UTHAssignFlow(Packet *p, Flow *f)
Definition: util-unittest-helper.c:493
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:115
flow-spare-pool.h
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
SET_PKT_LEN
#define SET_PKT_LEN(p, len)
Definition: decode.h:224
UTHMatchPackets
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
Definition: util-unittest-helper.c:731
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:501
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:38
UTHBuildPacketIPV6Real
Packet * UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:158
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
UTHMatchPacketsWithResults
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
Definition: util-unittest-helper.c:692
DetectEngineThreadCtx_
Definition: detect.h:1091
Packet_::ts
SCTime_t ts
Definition: decode.h:475
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:733
UTHRegisterTests
void UTHRegisterTests(void)
Definition: util-unittest-helper.c:1138
UTHAddSessionToFlow
int UTHAddSessionToFlow(Flow *f, uint32_t ts_isn, uint32_t tc_isn)
Definition: util-unittest-helper.c:529
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:220
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
Packet_::sp
Port sp
Definition: decode.h:437
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:805
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:838
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:134
TestHelperBufferToFile
int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size)
writes the contents of a buffer into a file
Definition: util-unittest-helper.c:103
util-time.h
FlowQueuePrivateGetFromTop
Flow * FlowQueuePrivateGetFromTop(FlowQueuePrivate *fqc)
Definition: flow-queue.c:151
SigInit
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2314
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2017
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:47
IPV6Hdr_
Definition: decode-ipv6.h:32
Packet_
Definition: decode.h:430
detect-engine-build.h
TimeGet
SCTime_t TimeGet(void)
Definition: util-time.c:152
stream-tcp-private.h
detect-engine-alert.h
Port
uint16_t Port
Definition: decode.h:229
STREAMING_BUFFER_INITIALIZER
#define STREAMING_BUFFER_INITIALIZER
Definition: util-streaming-buffer.h:138
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1948
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:506
StreamingBuffer_
Definition: util-streaming-buffer.h:109
IPV4Hdr_
Definition: decode-ipv4.h:72
FlowLookupStruct_::spare_queue
FlowQueuePrivate spare_queue
Definition: flow.h:540
Packet_::flow
struct Flow_ * flow
Definition: decode.h:469
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3291
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:414
suricata-common.h
FlowFree
void FlowFree(Flow *f)
cleanup & free the memory of a flow
Definition: flow-util.c:82
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3501
FLOW_IPV6
#define FLOW_IPV6
Definition: flow.h:98
UTHBuildPacketIPV6SrcDst
Packet * UTHBuildPacketIPV6SrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports (IPV6)
Definition: util-unittest-helper.c:437
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:557
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:695
TcpStream_::sb
StreamingBuffer sb
Definition: stream-tcp-private.h:135
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:843
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:295
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition: util-unittest-helper.c:584
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:173
detect-engine-sigorder.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:294
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:673
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:486
Signature_::id
uint32_t id
Definition: detect.h:627
StreamTcpSessionCleanup
void StreamTcpSessionCleanup(TcpSession *ssn)
Session cleanup function. Does not free the ssn.
Definition: stream-tcp.c:225
detect-parse.h
src
uint16_t src
Definition: app-layer-dnp3.h:5
Signature_
Signature container.
Definition: detect.h:592
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
UTHBuildPacketFromEth
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
Definition: util-unittest-helper.c:395
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2541
Packet_::udph
UDPHdr * udph
Definition: decode.h:559
Address_::family
char family
Definition: decode.h:116
Packet_::dst
Address dst
Definition: decode.h:435
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:41
TestHelperBuildFlow
Flow * TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:52
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:837
UTHAppendSigs
int UTHAppendSigs(DetectEngineCtx *de_ctx, const char *sigs[], int numsigs)
UTHAppendSigs: Add sigs to the detection_engine checking for errors.
Definition: util-unittest-helper.c:657
Packet_::ip6h
IPV6Hdr * ip6h
Definition: decode.h:537
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
UTHRemoveSessionFromFlow
int UTHRemoveSessionFromFlow(Flow *f)
Definition: util-unittest-helper.c:549
TcpSession_
Definition: stream-tcp-private.h:283
Packet_::dp
Port dp
Definition: decode.h:445
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
Packet_::src
Address src
Definition: decode.h:434
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:469