Merge pull request #1380 in SNORT/snort3 from mpse_fixes to master

Squashed commit of the following:

commit 55cd4beab52abd873daa6d406d5f25eb44fe9644
Author: russ <rucombs@cisco.com>
Date:   Wed Oct 3 23:11:15 2018 -0400

    cppcheck: cleanup some warnings

commit b9cb8f0e5cde9b036aa8af8d142bb1fd2e564678
Author: russ <rucombs@cisco.com>
Date:   Wed Oct 3 22:35:31 2018 -0400

    search_tool: validate ac_full and ac_bnfa wrt search and search_all

commit 0f30628cd231271c95afb52649719c17134f456c
Author: russ <rucombs@cisco.com>
Date:   Wed Oct 3 19:31:03 2018 -0400

    search_tool: include bytes searched in pattern match stats

diff --git a/src/framework/codec.cc b/src/framework/codec.cc
index 1314cbc489226a49e0276d31430d662dc70b11e0..ba2739a84af3b675b1ddd57db3b88d21d25d2053 100644 (file)
--- a/src/framework/codec.cc
+++ b/src/framework/codec.cc
@@ -208,7 +208,7 @@ TEST_CASE("multi alloc", "[buffer]")
 
     buf2.allocate(2);
     CHECK( buf2.data() == &raw_buf2[0] );
-    CHECK( buf2.size() == 3 );
+    CHECK( (buf2.size() == 3) );
 }
 
 TEST_CASE("clear", "[buffer]")

diff --git a/src/framework/mpse.cc b/src/framework/mpse.cc
index 70408ac1fda448d6f7cf52c3fcc698eccfa70547..6e72bd24c2591e26e9e5c840b1e76d426179de3c 100644 (file)
--- a/src/framework/mpse.cc
+++ b/src/framework/mpse.cc
@@ -49,18 +49,16 @@ int Mpse::search(
     void* context, int* current_state)
 {
     Profile profile(mpsePerfStats);
-
-    int ret = _search(T, n, match, context, current_state);
-
     pmqs.matched_bytes += n;
-
-    return ret;
+    return _search(T, n, match, context, current_state);
 }
 
 int Mpse::search_all(
     const unsigned char* T, int n, MpseMatch match,
     void* context, int* current_state)
 {
+    Profile profile(mpsePerfStats);
+    pmqs.matched_bytes += n;
     return _search(T, n, match, context, current_state);
 }
 

diff --git a/src/log/log_text.cc b/src/log/log_text.cc
index 2d3c4ef9b82a466d57d1d19bb45655655e01fcd9..13a37ce2abccb85d7139bfe6e7cea21326e1b77f 100644 (file)
--- a/src/log/log_text.cc
+++ b/src/log/log_text.cc
@@ -412,15 +412,14 @@ void LogIPHeader(TextLog* log, Packet* p)
 static void LogOuterIPHeader(TextLog* log, Packet* p)
 {
     uint8_t save_frag_flag = (p->ptrs.decode_flags & DECODE_FRAG);
-    uint16_t save_sp, save_dp;
     ip::IpApi save_ip_api = p->ptrs.ip_api;
 
     p->ptrs.decode_flags &= ~DECODE_FRAG;
 
     if (p->proto_bits & PROTO_BIT__TEREDO)
     {
-        save_sp = p->ptrs.sp;
-        save_dp = p->ptrs.dp;
+        uint16_t save_sp = p->ptrs.sp;
+        uint16_t save_dp = p->ptrs.dp;
 
         const udp::UDPHdr* udph = layer::get_outer_udp_lyr(p);
         p->ptrs.sp = ntohs(udph->uh_sport);

diff --git a/src/search_engines/test/CMakeLists.txt b/src/search_engines/test/CMakeLists.txt
index 899e972e2eb975f239d7eea636804610a642b6bc..82f81ff30ef13d095153f150b0bf8023fba68804 100644 (file)
--- a/src/search_engines/test/CMakeLists.txt
+++ b/src/search_engines/test/CMakeLists.txt
@@ -2,6 +2,8 @@
 add_cpputest( search_tool_test
     SOURCES
         ../ac_bnfa.cc
+        ../ac_full.cc
+        ../acsmx2.cc
         ../bnfa_search.cc
         ../search_tool.cc
 )

diff --git a/src/search_engines/test/search_tool_test.cc b/src/search_engines/test/search_tool_test.cc
index c886ca74bbc3fbd0a47e0257a84dfeff619a3b90..cf159ba2a6eb7b6aba86dc08a62c0e1026293e40 100644 (file)
--- a/src/search_engines/test/search_tool_test.cc
+++ b/src/search_engines/test/search_tool_test.cc
@@ -113,97 +113,241 @@ int Mpse::search_all(
 }
 
 extern const BaseApi* se_ac_bnfa;
+extern const BaseApi* se_ac_full;
 Mpse* mpse = nullptr;
 
 Mpse* MpseManager::get_search_engine(const char *type)
 {
-    assert(!strcmp(type, "ac_bnfa"));
+    const MpseApi* api;
+
+    if ( !strcmp(type, "ac_bnfa") )
+        api = (MpseApi*)se_ac_bnfa;
+
+    else if ( !strcmp(type, "ac_full") )
+        api = (MpseApi*)se_ac_full;
+
+    else
+        return nullptr;
+
+    api->init();
+    mpse = api->ctor(snort_conf, nullptr, &s_agent);
 
-    const MpseApi* mpse_api = (MpseApi*)se_ac_bnfa;
-    mpse_api->init();
-    mpse = mpse_api->ctor(snort_conf, nullptr, &s_agent);
     CHECK(mpse);
 
+    mpse->set_api(api);
     return mpse;
 }
 
-void MpseManager::delete_search_engine(Mpse*)
+void MpseManager::delete_search_engine(Mpse* eng)
 {
-    const MpseApi* mpse_api = (MpseApi*)se_ac_bnfa;
-    mpse_api->dtor(mpse);
+    const MpseApi* api = eng->get_api();
+    api->dtor(eng);
 }
 
+struct ExpectedMatch
+{
+    int id;
+    int offset;
+};
+
+static const ExpectedMatch* s_expect = nullptr;
+static int s_found = 0;
 
-static int pattern_id = 0;
 static int Test_SearchStrFound(
-    void* /*id*/, void* /*tree*/, int /*index*/, void* /*context*/, void* /*neg_list*/)
+    void* pid, void* /*tree*/, int index, void* /*context*/, void* /*neg_list*/)
 {
-    //printf("found str with id=%ld, index=%d\n", (long)id, index);
-    return 0;
+    auto id = reinterpret_cast<std::uintptr_t>(pid);
+
+    if ( s_expect and s_found >= 0 and
+        s_expect[s_found].id == (int)id and
+        s_expect[s_found].offset == index )
+    {
+        ++s_found;
+    }
+    else s_found = -1;
+
+    return s_found == -1;
 }
 
-TEST_GROUP(search_tool_tests)
+//-------------------------------------------------------------------------
+// ac_bnfa tests
+//-------------------------------------------------------------------------
+
+TEST_GROUP(search_tool_bnfa)
 {
+    SearchTool* stool;
+
     void setup() override
-    { CHECK(se_ac_bnfa); }
+    {
+        CHECK(se_ac_bnfa);
+        stool = new SearchTool("ac_bnfa");
+
+        CHECK(stool->mpse);
+
+        int pattern_id = 1;
+        stool->add("the", 3, pattern_id);
+        CHECK(stool->max_len == 3);
+
+        pattern_id = 77;
+        stool->add("tuba", 4, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 78;
+        stool->add("uba", 3, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 2112;
+        stool->add("away", 4, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 1000;
+        stool->add("nothere", 7, pattern_id);
+        CHECK(stool->max_len == 7);
+
+        stool->prep();
+
+    }
+    void teardown() override
+    {
+        delete stool;
+    }
 };
 
-TEST(search_tool_tests, ac_bnfa)
+TEST(search_tool_bnfa, search)
 {
-    SearchTool *stool = new SearchTool("ac_bnfa");
-    CHECK(stool->mpse);
+    //                     0         1         2         3
+    //                     0123456789012345678901234567890
+    const char* datastr = "the tuba ran away with the tuna";
+    const ExpectedMatch xm[] =
+    {
+        { 1, 3 },
+        { 78, 8 },
+        { 2112, 17 },
+        { 1, 26 },
+        { 0, 0 }
+    };
 
-    pattern_id = 1;
-    stool->add("the", 3, pattern_id);
-    CHECK(stool->max_len == 3);
+    s_expect = xm;
+    s_found = 0;
 
-    pattern_id = 77;
-    stool->add("uba", 3, pattern_id);
-    CHECK(stool->max_len == 3);
+    int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound);
+
+    CHECK(result == 4);
+    CHECK(s_found == 4);
+}
 
-    pattern_id = 2112;
-    stool->add("away", 4, pattern_id);
-    CHECK(stool->max_len == 4);
+TEST(search_tool_bnfa, search_all)
+{
+    //                     0         1         2         3
+    //                     0123456789012345678901234567890
+    const char* datastr = "the tuba ran away with the tuna";
+    const ExpectedMatch xm[] =
+    {
+        { 1, 3 },
+        { 78, 8 },
+        { 2112, 17 },
+        { 1, 26 },
+        { 0, 0 }
+    };
 
-    pattern_id = 1000;
-    stool->add("nothere", 7, pattern_id);
-    CHECK(stool->max_len == 7);
+    s_expect = xm;
+    s_found = 0;
 
-    stool->prep();
+    int result = stool->find_all(datastr, strlen(datastr), Test_SearchStrFound);
 
-    const char *datastr = "the tuba ran away";
-    int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound);
-    CHECK(result == 3);
-    delete stool;
+    CHECK(result == 4);
+    CHECK(s_found == 4);
 }
 
-TEST(search_tool_tests, search_all_ac_bnfa)
+//-------------------------------------------------------------------------
+// ac_full tests
+//-------------------------------------------------------------------------
+
+TEST_GROUP(search_tool_full)
+{
+    SearchTool* stool;
+
+    void setup() override
+    {
+        CHECK(se_ac_full);
+        stool = new SearchTool("ac_full", true);
+
+        CHECK(stool->mpse);
+
+        int pattern_id = 1;
+        stool->add("the", 3, pattern_id);
+        CHECK(stool->max_len == 3);
+
+        pattern_id = 77;
+        stool->add("tuba", 4, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 78;
+        stool->add("uba", 3, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 2112;
+        stool->add("away", 4, pattern_id);
+        CHECK(stool->max_len == 4);
+
+        pattern_id = 1000;
+        stool->add("nothere", 7, pattern_id);
+        CHECK(stool->max_len == 7);
+
+        stool->prep();
+
+    }
+    void teardown() override
+    {
+        delete stool;
+    }
+};
+
+TEST(search_tool_full, search)
 {
-    SearchTool *stool = new SearchTool("ac_bnfa");
-    CHECK(stool->mpse);
+    //                     0         1         2         3
+    //                     0123456789012345678901234567890
+    const char* datastr = "the tuba ran away with the tuna";
+    const ExpectedMatch xm[] =
+    {
+        { 1, 3 },
+        { 78, 8 },
+        { 2112, 17 },
+        { 1, 26 },
+        { 0, 0 }
+    };
 
-    pattern_id = 1;
-    stool->add("the", 3, pattern_id);
-    CHECK(stool->max_len == 3);
+    s_expect = xm;
+    s_found = 0;
 
-    pattern_id = 77;
-    stool->add("uba", 3, pattern_id);
-    CHECK(stool->max_len == 3);
+    int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound);
 
-    pattern_id = 2112;
-    stool->add("away", 4, pattern_id);
-    CHECK(stool->max_len == 4);
+    CHECK(result == 4);
+    CHECK(s_found == 4);
+}
 
-    pattern_id = 1000;
-    stool->add("nothere", 7, pattern_id);
-    CHECK(stool->max_len == 7);
+TEST(search_tool_full, search_all)
+{
+    //                     0         1         2         3
+    //                     0123456789012345678901234567890
+    const char* datastr = "the tuba ran away with the tuna";
+    const ExpectedMatch xm[] =
+    {
+        { 1, 3 },
+        { 78, 8 },
+        { 77, 8 },
+        { 2112, 17 },
+        { 1, 26 },
+        { 0, 0 }
+    };
 
-    stool->prep();
+    s_expect = xm;
+    s_found = 0;
 
-    const char *datastr = "the tuba ran away";
     int result = stool->find_all(datastr, strlen(datastr), Test_SearchStrFound);
-    CHECK(result == 3);
-    delete stool;
+
+    CHECK(result == 5);
+    CHECK(s_found == 5);
 }
 
 //-------------------------------------------------------------------------