#include "util-var-name.h"
#include "util-debug.h"
#include "util-unittest.h"
+#include "util-unittest-helper.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
+#include "detect-engine-sigorder.h"
#include "pkt-var.h"
#include "host.h"
*/
int DetectFlowintTestPacket01Real()
{
- int result = 1;
-
- uint8_t pkt1[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
- 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72,
- 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt2[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06,
- 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12,
- 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29,
- 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt3[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10,
- 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63
- };
-
- uint8_t pkt4[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06,
- 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18,
- 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20,
- 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30,
- 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20,
- 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e,
- 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78,
- 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20,
- 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61,
- 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74,
- 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65,
- 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c,
- 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30,
- 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f,
- 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a,
- 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70,
- 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70,
- 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61,
- 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a,
- 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65,
- 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78,
- 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65,
- 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77,
- 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e,
- 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d,
- 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20,
- 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32,
- 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a
- };
-
- uint8_t pkt5[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10,
- 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt6[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06,
- 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18,
- 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
- 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55,
- 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
- 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72,
- 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63,
- 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64,
- 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d,
- 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a,
- 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68,
- 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a,
- 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34,
- 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30,
- 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a,
- 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a,
- 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68,
- 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
- 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20,
- 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44,
- 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65,
- 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74,
- 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65,
- 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68,
- 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e,
- 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a,
- 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a,
- 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e,
- 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31,
- 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f,
- 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48,
- 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f,
- 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c,
- 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39,
- 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34,
- 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65,
- 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71,
- 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c,
- 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44,
- 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20,
- 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74,
- 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
- 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f,
- 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61,
- 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f,
- 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22,
- 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68,
- 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e,
- 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53,
- 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44,
- 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c,
- 0x3e, 0x0a
- };
-
- uint8_t pkt7[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt8[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11,
- 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt9[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt10[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11,
- 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt11[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06,
- 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10,
- 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72,
- 0x43, 0x8a
- };
-
- uint8_t *pkts[] = {
- pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8,
- pkt9, pkt10, pkt11
- };
-
- uint16_t pktssizes[] = {
- sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5),
- sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10),
- sizeof(pkt11)
- };
-
- Packet *p = PacketGetFromAlloc();
- if (unlikely(p == NULL))
- return 0;
- DecodeThreadVars dtv;
+ Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
-
- memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
- FlowInitConfig(FLOW_QUIET);
-
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- goto end;
- }
+ FAIL_IF(de_ctx == NULL);
de_ctx->flags |= DE_QUIET;
- /* Now that we have the array of packets for the flow, prepare the signatures */
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)");
-
- de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)");
-
- de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)");
-
- de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)");
-
- /* comparation of myvar with maxvar */
- de_ctx->sig_list->next->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, ==, maxvar; sid:105;)");
-
- /* I know it's a bit ugly, */
- de_ctx->sig_list->next->next->next->next->next = NULL;
-
+ char *sigs[5];
+ sigs[0] = "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)";
+ sigs[1] = "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)";
+ sigs[2] = "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)";
+ sigs[3] = "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)";
+ sigs[4] = "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, ==, maxvar; sid:105;)";
+ FAIL_IF(UTHAppendSigs(de_ctx, sigs, 5) == 0);
+
+ SCSigRegisterSignatureOrderingFuncs(de_ctx);
+ SCSigOrderSignatures(de_ctx);
+ SCSigSignatureOrderingModuleCleanup(de_ctx);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx);
- /* Decode the packets, and test the matches*/
- int i;
- for (i = 0;i < 11;i++) {
- memset(p, 0, SIZE_OF_PACKET);
- PACKET_INITIALIZE(p);
- DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- switch(i) {
- case 3:
- if (PacketAlertCheck(p, 101) == 0) {
- SCLogDebug("Not declared/initialized!");
- result = 0;
- }
- break;
- case 5:
- if (PacketAlertCheck(p, 102) == 0) {
- SCLogDebug("Not incremented!");
- result = 0;
- }
-
- if (PacketAlertCheck(p, 103) == 0) {
- SCLogDebug("myvar is not 3 or bad cmp!!");
- result = 0;
- }
- break;
- case 10:
- if (PacketAlertCheck(p, 105) == 0) {
- SCLogDebug("Not declared/initialized/or well incremented the"
- " second var!");
- result = 0;
- }
- break;
- }
- SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt);
- PACKET_RECYCLE(p);
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
+ Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1",
+ 41424, 80);
+ FAIL_IF(f == NULL);
+ f->proto = IPPROTO_TCP;
+
+ p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 101));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 102));
+ FAIL_IF(!PacketAlertCheck(p, 103));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"X", 1, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 105));
+ UTHFreePacket(p);
+
+ UTHFreeFlow(f);
DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
DetectEngineCtxFree(de_ctx);
- FlowShutdown();
-
- SCFree(p);
- return result;
-end:
- if (de_ctx) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
- if (det_ctx)
- DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
- if (de_ctx)
- DetectEngineCtxFree(de_ctx);
-
- PACKET_RECYCLE(p);
- FlowShutdown();
- SCFree(p);
- return result;
+ PASS;
}
/**
* \test DetectFlowintTestPacket02Real
* \brief like DetectFlowintTestPacket01Real but using isset/notset keywords
*/
-int DetectFlowintTestPacket02Real()
+static int DetectFlowintTestPacket02Real()
{
- int result = 1;
-
- uint8_t pkt1[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
- 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72,
- 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt2[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06,
- 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12,
- 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29,
- 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt3[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10,
- 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63
- };
-
- uint8_t pkt4[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06,
- 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18,
- 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20,
- 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30,
- 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20,
- 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e,
- 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78,
- 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20,
- 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61,
- 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74,
- 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65,
- 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c,
- 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30,
- 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f,
- 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a,
- 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70,
- 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70,
- 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61,
- 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a,
- 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65,
- 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78,
- 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65,
- 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77,
- 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e,
- 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d,
- 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20,
- 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32,
- 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a
- };
-
- uint8_t pkt5[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10,
- 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt6[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06,
- 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18,
- 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
- 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55,
- 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
- 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72,
- 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63,
- 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64,
- 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d,
- 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a,
- 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68,
- 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a,
- 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34,
- 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30,
- 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a,
- 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a,
- 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68,
- 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
- 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20,
- 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44,
- 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65,
- 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74,
- 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65,
- 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68,
- 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e,
- 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a,
- 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a,
- 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e,
- 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31,
- 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f,
- 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48,
- 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f,
- 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c,
- 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39,
- 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34,
- 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65,
- 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71,
- 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c,
- 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44,
- 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20,
- 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74,
- 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
- 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f,
- 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61,
- 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f,
- 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22,
- 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68,
- 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e,
- 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53,
- 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44,
- 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c,
- 0x3e, 0x0a
- };
-
- uint8_t pkt7[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt8[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11,
- 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt9[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt10[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11,
- 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt11[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06,
- 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10,
- 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72,
- 0x43, 0x8a
- };
-
- uint8_t *pkts[] = {
- pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8,
- pkt9, pkt10, pkt11
- };
-
- uint16_t pktssizes[] = {
- sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5),
- sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10),
- sizeof(pkt11)
- };
-
- Packet *p = PacketGetFromAlloc();
- if (unlikely(p == NULL))
- return 0;
- DecodeThreadVars dtv;
-
+ Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
-
- memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
- FlowInitConfig(FLOW_QUIET);
-
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- goto end;
- }
+ FAIL_IF(de_ctx == NULL);
de_ctx->flags |= DE_QUIET;
- /* Now that we have the array of packets for the flow, prepare the signatures */
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint: myvar, notset; flowint:maxvar,notset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)");
-
- de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)");
-
- de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)");
-
- de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)");
-
- /* comparation of myvar with maxvar */
- de_ctx->sig_list->next->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, isset; flowint: maxvar,isset; flowint: cntpackets, ==, maxvar; sid:105;)");
-
- /* I know it's a bit ugly, */
- de_ctx->sig_list->next->next->next->next->next = NULL;
-
+ char *sigs[5];
+ sigs[0] = "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint: myvar, notset; flowint:maxvar,notset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)";
+ sigs[1] = "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)";
+ sigs[2] = "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)";
+ sigs[3] = "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)";
+ sigs[4] = "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, isset; flowint: maxvar,isset; flowint: cntpackets, ==, maxvar; sid:105;)";
+ FAIL_IF(UTHAppendSigs(de_ctx, sigs, 5) == 0);
+
+ SCSigRegisterSignatureOrderingFuncs(de_ctx);
+ SCSigOrderSignatures(de_ctx);
+ SCSigSignatureOrderingModuleCleanup(de_ctx);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx);
- int i;
-
- /* Decode the packets, and test the matches*/
- for (i = 0;i < 11;i++) {
- memset(p, 0, SIZE_OF_PACKET);
- PACKET_INITIALIZE(p);
- DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- switch(i) {
- case 3:
- if (PacketAlertCheck(p, 101) == 0) {
- SCLogDebug("Not declared/initialized!");
- result = 0;
- }
- break;
- case 5:
- if (PacketAlertCheck(p, 102) == 0) {
- SCLogDebug("Not incremented!");
- result = 0;
- }
-
- if (PacketAlertCheck(p, 103) == 0) {
- SCLogDebug("myvar is not 3 or bad cmp!!");
- result = 0;
- }
- break;
- case 10:
- if (PacketAlertCheck(p, 105) == 0) {
- SCLogDebug("Not declared/initialized/or well incremented the"
- " second var!");
- result = 0;
- }
- break;
- }
- SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt);
- PACKET_RECYCLE(p);
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
+ Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1",
+ 41424, 80);
+ FAIL_IF(f == NULL);
+ f->proto = IPPROTO_TCP;
+
+ p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 101));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 102));
+ FAIL_IF(!PacketAlertCheck(p, 103));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"X", 1, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 105));
+ UTHFreePacket(p);
+
+ UTHFreeFlow(f);
DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
- //PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
- FlowShutdown();
-
- SCFree(p);
- return result;
-end:
- if (de_ctx) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
- if (det_ctx)
- DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
- //PatternMatchDestroy(mpm_ctx);
- if (de_ctx)
- DetectEngineCtxFree(de_ctx);
-
- FlowShutdown();
- SCFree(p);
- return result;
+ PASS;
}
/**
*/
int DetectFlowintTestPacket03Real()
{
- int result = 1;
-
- uint8_t pkt1[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
- 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72,
- 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt2[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06,
- 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12,
- 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04,
- 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29,
- 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03,
- 0x03, 0x07
- };
-
- uint8_t pkt3[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10,
- 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63
- };
-
- uint8_t pkt4[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06,
- 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18,
- 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29,
- 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20,
- 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30,
- 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20,
- 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e,
- 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78,
- 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20,
- 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61,
- 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74,
- 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65,
- 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c,
- 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30,
- 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63,
- 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f,
- 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a,
- 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70,
- 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70,
- 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61,
- 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a,
- 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65,
- 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78,
- 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65,
- 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77,
- 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e,
- 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d,
- 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20,
- 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32,
- 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a
- };
-
- uint8_t pkt5[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10,
- 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt6[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06,
- 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18,
- 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
- 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55,
- 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
- 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72,
- 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63,
- 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64,
- 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d,
- 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a,
- 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68,
- 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a,
- 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34,
- 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30,
- 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a,
- 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a,
- 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68,
- 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
- 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20,
- 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44,
- 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65,
- 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74,
- 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65,
- 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68,
- 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e,
- 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a,
- 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a,
- 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e,
- 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31,
- 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f,
- 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54,
- 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48,
- 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f,
- 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c,
- 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39,
- 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34,
- 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65,
- 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71,
- 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c,
- 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44,
- 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20,
- 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74,
- 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
- 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f,
- 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61,
- 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f,
- 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22,
- 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68,
- 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e,
- 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53,
- 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44,
- 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c,
- 0x3e, 0x0a
- };
-
- uint8_t pkt7[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt8[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06,
- 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11,
- 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72,
- 0x40, 0x93
- };
-
- uint8_t pkt9[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10,
- 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt10[] = {
- 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13,
- 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06,
- 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8,
- 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51,
- 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11,
- 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29,
- 0x23, 0x6a
- };
-
- uint8_t pkt11[] = {
- 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a,
- 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00,
- 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06,
- 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8,
- 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04,
- 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10,
- 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01,
- 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72,
- 0x43, 0x8a
- };
-
- uint8_t *pkts[] = {
- pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8,
- pkt9, pkt10, pkt11
- };
-
- uint16_t pktssizes[] = {
- sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5),
- sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10),
- sizeof(pkt11)
- };
-
- Packet *p = PacketGetFromAlloc();
- if (unlikely(p == NULL))
- return 0;
- DecodeThreadVars dtv;
-
+ Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
-
- memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
- FlowInitConfig(FLOW_QUIET);
-
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- goto end;
- }
+ FAIL_IF(de_ctx == NULL);
de_ctx->flags |= DE_QUIET;
- /* Now that we have the array of packets for the flow, prepare the signatures */
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)");
-
- de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)");
-
- de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)");
-
- de_ctx->sig_list->next->next->next = NULL;
+ char *sigs[3];
+ sigs[0] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)";
+ sigs[1] = "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)";
+ sigs[2] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)";
+ FAIL_IF(UTHAppendSigs(de_ctx, sigs, 3) == 0);
+ SCSigRegisterSignatureOrderingFuncs(de_ctx);
+ SCSigOrderSignatures(de_ctx);
+ SCSigSignatureOrderingModuleCleanup(de_ctx);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx);
- int i;
-
- /* Decode the packets, and test the matches*/
- for (i = 0;i < 11;i++) {
- memset(p, 0, SIZE_OF_PACKET);
- PACKET_INITIALIZE(p);
- DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- switch(i) {
- case 3:
- if (PacketAlertCheck(p, 101) == 0) {
- SCLogDebug("Not declared/initialized but match!");
- result = 0;
- }
- if (PacketAlertCheck(p, 103) != 0) {
- SCLogDebug(" var lala is never set, it should NOT match!!");
- result = 0;
- }
- break;
- case 5:
- if (PacketAlertCheck(p, 102) == 0) {
- SCLogDebug("Not incremented!");
- result = 0;
- }
-
- if (PacketAlertCheck(p, 103) != 0) {
- SCLogDebug(" var lala is never set, it should NOT match!!");
- result = 0;
- }
- break;
- }
- SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt);
- PACKET_RECYCLE(p);
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
+ Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1",
+ 41424, 80);
+ FAIL_IF(f == NULL);
+ f->proto = IPPROTO_TCP;
+
+ p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 101));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 102));
+ FAIL_IF(PacketAlertCheck(p, 103));
+ UTHFreePacket(p);
+
+ p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP);
+ FAIL_IF(p == NULL);
+ p->flow = f;
+ SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(PacketAlertCheck(p, 102));
+ FAIL_IF(PacketAlertCheck(p, 103));
+ UTHFreePacket(p);
+
+ UTHFreeFlow(f);
DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
- //PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
- FlowShutdown();
-
- SCFree(p);
- return result;
-
-end:
- if (de_ctx) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
- if (det_ctx)
- DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
- //PatternMatchDestroy(mpm_ctx);
- if (de_ctx)
- DetectEngineCtxFree(de_ctx);
- FlowShutdown();
- SCFree(p);
- return result;
+ PASS;
}
#endif /* UNITTESTS */
projects / thirdparty / suricata.git / commitdiff
