* triggered a drop action on IPS mode */
static int SigTestDropFlow01(void)
{
- int result = 0;
Flow f;
HtpState *http_state = NULL;
uint8_t http_buf1[] = "POST /one HTTP/1.0\r\n"
StreamTcpInitConfig(true);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- goto end;
- }
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "drop http any any -> any any "
"(msg:\"Test proto match\"; "
"sid:1;)");
- if (s == NULL) {
- goto end;
- }
+ FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(
NULL, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, http_buf1, http_buf1_len);
- if (r != 0) {
- printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
- FLOWLOCK_UNLOCK(&f);
- goto end;
- }
- FLOWLOCK_UNLOCK(&f);
+ FAIL_IF_NOT(r == 0);
http_state = f.alstate;
- if (http_state == NULL) {
- printf("no http state: ");
- goto end;
- }
+ FAIL_IF_NULL(http_state);
/* do detect */
SigMatchSignatures(&tv, de_ctx, det_ctx, p);
- if (!PacketAlertCheck(p, 1)) {
- printf("sig 1 didn't alert, but it should: ");
- goto end;
- }
-
- if ( !(p->flow->flags & FLOW_ACTION_DROP)) {
- printf("sig 1 alerted but flow was not flagged correctly: ");
- goto end;
- }
-
- /* Ok, now we know that the flag is set for proto http */
+ FAIL_IF_NOT(PacketAlertCheck(p, 1));
- result = 1;
+ FAIL_IF_NOT(p->flow->flags & FLOW_ACTION_DROP);
-end:
- if (alp_tctx != NULL)
- AppLayerParserThreadCtxFree(alp_tctx);
- if (det_ctx != NULL)
- DetectEngineThreadCtxDeinit(&tv, det_ctx);
- if (de_ctx != NULL)
- SigGroupCleanup(de_ctx);
- if (de_ctx != NULL)
- DetectEngineCtxFree(de_ctx);
+ AppLayerParserThreadCtxFree(alp_tctx);
+ DetectEngineThreadCtxDeinit(&tv, det_ctx);
+ DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(true);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
- return result;
+ PASS;
}
/** \test test if the engine set flag to drop pkts of a flow that
projects / thirdparty / suricata.git / commitdiff
