From: Victor Julien Date: Tue, 19 Apr 2016 09:38:25 +0000 (+0200) Subject: flowint: redo tests X-Git-Tag: suricata-3.1RC1~174 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c7cd1c22a6618dbc5207e927f3f99636c7fa204;p=thirdparty%2Fsuricata.git flowint: redo tests --- diff --git a/src/detect-flowint.c b/src/detect-flowint.c index dff26125cb..f63ddf4ed5 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -35,10 +35,12 @@ #include "util-var-name.h" #include "util-debug.h" #include "util-unittest.h" +#include "util-unittest-helper.h" #include "detect-parse.h" #include "detect-engine.h" #include "detect-engine-mpm.h" +#include "detect-engine-sigorder.h" #include "pkt-var.h" #include "host.h" @@ -1101,673 +1103,144 @@ error: */ int DetectFlowintTestPacket01Real() { - int result = 1; - - uint8_t pkt1[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, - 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72, - 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt2[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, - 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12, - 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29, - 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt3[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10, - 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63 - }; - - uint8_t pkt4[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06, - 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18, - 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, - 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, - 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20, - 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, - 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78, - 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20, - 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61, - 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74, - 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65, - 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c, - 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30, - 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a, - 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70, - 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, - 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, - 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a, - 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, - 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78, - 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65, - 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77, - 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e, - 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d, - 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20, - 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32, - 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a - }; - - uint8_t pkt5[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10, - 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt6[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06, - 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18, - 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, - 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55, - 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, - 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d, - 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a, - 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68, - 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, - 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34, - 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30, - 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a, - 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, - 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20, - 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44, - 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, - 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, - 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, - 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a, - 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e, - 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31, - 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48, - 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f, - 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c, - 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39, - 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34, - 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c, - 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44, - 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20, - 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, - 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f, - 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22, - 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68, - 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e, - 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53, - 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44, - 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c, - 0x3e, 0x0a - }; - - uint8_t pkt7[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt8[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11, - 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt9[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt10[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11, - 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt11[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06, - 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10, - 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72, - 0x43, 0x8a - }; - - uint8_t *pkts[] = { - pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8, - pkt9, pkt10, pkt11 - }; - - uint16_t pktssizes[] = { - sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5), - sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10), - sizeof(pkt11) - }; - - Packet *p = PacketGetFromAlloc(); - if (unlikely(p == NULL)) - return 0; - DecodeThreadVars dtv; + Packet *p = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - - memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&th_v, 0, sizeof(th_v)); - FlowInitConfig(FLOW_QUIET); - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF(de_ctx == NULL); de_ctx->flags |= DE_QUIET; - /* Now that we have the array of packets for the flow, prepare the signatures */ - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)"); - - de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)"); - - de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)"); - - de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)"); - - /* comparation of myvar with maxvar */ - de_ctx->sig_list->next->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, ==, maxvar; sid:105;)"); - - /* I know it's a bit ugly, */ - de_ctx->sig_list->next->next->next->next->next = NULL; - + char *sigs[5]; + sigs[0] = "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)"; + sigs[1] = "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)"; + sigs[2] = "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)"; + sigs[3] = "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)"; + sigs[4] = "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, ==, maxvar; sid:105;)"; + FAIL_IF(UTHAppendSigs(de_ctx, sigs, 5) == 0); + + SCSigRegisterSignatureOrderingFuncs(de_ctx); + SCSigOrderSignatures(de_ctx); + SCSigSignatureOrderingModuleCleanup(de_ctx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx); - /* Decode the packets, and test the matches*/ - int i; - for (i = 0;i < 11;i++) { - memset(p, 0, SIZE_OF_PACKET); - PACKET_INITIALIZE(p); - DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL); - - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - switch(i) { - case 3: - if (PacketAlertCheck(p, 101) == 0) { - SCLogDebug("Not declared/initialized!"); - result = 0; - } - break; - case 5: - if (PacketAlertCheck(p, 102) == 0) { - SCLogDebug("Not incremented!"); - result = 0; - } - - if (PacketAlertCheck(p, 103) == 0) { - SCLogDebug("myvar is not 3 or bad cmp!!"); - result = 0; - } - break; - case 10: - if (PacketAlertCheck(p, 105) == 0) { - SCLogDebug("Not declared/initialized/or well incremented the" - " second var!"); - result = 0; - } - break; - } - SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt); - PACKET_RECYCLE(p); - } - - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", + 41424, 80); + FAIL_IF(f == NULL); + f->proto = IPPROTO_TCP; + + p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 101)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 102)); + FAIL_IF(!PacketAlertCheck(p, 103)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"X", 1, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 105)); + UTHFreePacket(p); + + UTHFreeFlow(f); DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); DetectEngineCtxFree(de_ctx); - FlowShutdown(); - - SCFree(p); - return result; -end: - if (de_ctx) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - } - if (det_ctx) - DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); - if (de_ctx) - DetectEngineCtxFree(de_ctx); - - PACKET_RECYCLE(p); - FlowShutdown(); - SCFree(p); - return result; + PASS; } /** * \test DetectFlowintTestPacket02Real * \brief like DetectFlowintTestPacket01Real but using isset/notset keywords */ -int DetectFlowintTestPacket02Real() +static int DetectFlowintTestPacket02Real() { - int result = 1; - - uint8_t pkt1[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, - 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72, - 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt2[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, - 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12, - 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29, - 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt3[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10, - 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63 - }; - - uint8_t pkt4[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06, - 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18, - 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, - 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, - 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20, - 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, - 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78, - 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20, - 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61, - 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74, - 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65, - 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c, - 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30, - 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a, - 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70, - 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, - 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, - 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a, - 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, - 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78, - 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65, - 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77, - 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e, - 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d, - 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20, - 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32, - 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a - }; - - uint8_t pkt5[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10, - 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt6[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06, - 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18, - 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, - 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55, - 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, - 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d, - 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a, - 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68, - 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, - 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34, - 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30, - 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a, - 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, - 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20, - 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44, - 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, - 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, - 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, - 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a, - 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e, - 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31, - 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48, - 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f, - 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c, - 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39, - 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34, - 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c, - 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44, - 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20, - 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, - 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f, - 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22, - 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68, - 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e, - 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53, - 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44, - 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c, - 0x3e, 0x0a - }; - - uint8_t pkt7[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt8[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11, - 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt9[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt10[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11, - 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt11[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06, - 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10, - 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72, - 0x43, 0x8a - }; - - uint8_t *pkts[] = { - pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8, - pkt9, pkt10, pkt11 - }; - - uint16_t pktssizes[] = { - sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5), - sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10), - sizeof(pkt11) - }; - - Packet *p = PacketGetFromAlloc(); - if (unlikely(p == NULL)) - return 0; - DecodeThreadVars dtv; - + Packet *p = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - - memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&th_v, 0, sizeof(th_v)); - FlowInitConfig(FLOW_QUIET); - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF(de_ctx == NULL); de_ctx->flags |= DE_QUIET; - /* Now that we have the array of packets for the flow, prepare the signatures */ - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint: myvar, notset; flowint:maxvar,notset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)"); - - de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)"); - - de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)"); - - de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)"); - - /* comparation of myvar with maxvar */ - de_ctx->sig_list->next->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, isset; flowint: maxvar,isset; flowint: cntpackets, ==, maxvar; sid:105;)"); - - /* I know it's a bit ugly, */ - de_ctx->sig_list->next->next->next->next->next = NULL; - + char *sigs[5]; + sigs[0] = "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint: myvar, notset; flowint:maxvar,notset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)"; + sigs[1] = "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)"; + sigs[2] = "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)"; + sigs[3] = "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)"; + sigs[4] = "alert tcp any any -> any any (msg:\" and fire this when it reach 6\"; flowint: cntpackets, isset; flowint: maxvar,isset; flowint: cntpackets, ==, maxvar; sid:105;)"; + FAIL_IF(UTHAppendSigs(de_ctx, sigs, 5) == 0); + + SCSigRegisterSignatureOrderingFuncs(de_ctx); + SCSigOrderSignatures(de_ctx); + SCSigSignatureOrderingModuleCleanup(de_ctx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx); - int i; - - /* Decode the packets, and test the matches*/ - for (i = 0;i < 11;i++) { - memset(p, 0, SIZE_OF_PACKET); - PACKET_INITIALIZE(p); - DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL); - - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - switch(i) { - case 3: - if (PacketAlertCheck(p, 101) == 0) { - SCLogDebug("Not declared/initialized!"); - result = 0; - } - break; - case 5: - if (PacketAlertCheck(p, 102) == 0) { - SCLogDebug("Not incremented!"); - result = 0; - } - - if (PacketAlertCheck(p, 103) == 0) { - SCLogDebug("myvar is not 3 or bad cmp!!"); - result = 0; - } - break; - case 10: - if (PacketAlertCheck(p, 105) == 0) { - SCLogDebug("Not declared/initialized/or well incremented the" - " second var!"); - result = 0; - } - break; - } - SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt); - PACKET_RECYCLE(p); - } - - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", + 41424, 80); + FAIL_IF(f == NULL); + f->proto = IPPROTO_TCP; + + p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 101)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 102)); + FAIL_IF(!PacketAlertCheck(p, 103)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"X", 1, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 105)); + UTHFreePacket(p); + + UTHFreeFlow(f); DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); - //PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); - FlowShutdown(); - - SCFree(p); - return result; -end: - if (de_ctx) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - } - if (det_ctx) - DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); - //PatternMatchDestroy(mpm_ctx); - if (de_ctx) - DetectEngineCtxFree(de_ctx); - - FlowShutdown(); - SCFree(p); - return result; + PASS; } /** @@ -1776,328 +1249,61 @@ end: */ int DetectFlowintTestPacket03Real() { - int result = 1; - - uint8_t pkt1[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0xc2, 0x26, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x67, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb5, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, - 0x16, 0xd0, 0xe8, 0xb0, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x72, - 0x40, 0x93, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt2[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x3c, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, - 0xb6, 0x8e, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xdd, 0x17, 0x51, 0x82, 0xb6, 0xa0, 0x12, - 0x16, 0x80, 0x17, 0x8a, 0x00, 0x00, 0x02, 0x04, - 0x05, 0xac, 0x04, 0x02, 0x08, 0x0a, 0x01, 0x29, - 0x23, 0x63, 0x01, 0x72, 0x40, 0x93, 0x01, 0x03, - 0x03, 0x07 - }; - - uint8_t pkt3[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x27, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6e, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x10, - 0x00, 0x2e, 0x5c, 0xa0, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63 - }; - - uint8_t pkt4[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x01, 0x12, 0xc2, 0x28, 0x40, 0x00, 0x40, 0x06, - 0xf3, 0x8f, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x82, 0xb6, 0x21, 0x04, 0x8b, 0xde, 0x80, 0x18, - 0x00, 0x2e, 0x24, 0x39, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x93, 0x01, 0x29, - 0x23, 0x63, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, - 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, - 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20, - 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, - 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78, - 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x20, - 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, 0x61, - 0x69, 0x6e, 0x2c, 0x20, 0x74, 0x65, 0x78, 0x74, - 0x2f, 0x63, 0x73, 0x73, 0x2c, 0x20, 0x74, 0x65, - 0x78, 0x74, 0x2f, 0x73, 0x67, 0x6d, 0x6c, 0x2c, - 0x20, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30, - 0x2e, 0x30, 0x31, 0x0d, 0x0a, 0x41, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a, - 0x69, 0x70, 0x2c, 0x20, 0x62, 0x7a, 0x69, 0x70, - 0x32, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, - 0x74, 0x2d, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, - 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x0d, 0x0a, - 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, - 0x6e, 0x74, 0x3a, 0x20, 0x4c, 0x79, 0x6e, 0x78, - 0x2f, 0x32, 0x2e, 0x38, 0x2e, 0x36, 0x72, 0x65, - 0x6c, 0x2e, 0x34, 0x20, 0x6c, 0x69, 0x62, 0x77, - 0x77, 0x77, 0x2d, 0x46, 0x4d, 0x2f, 0x32, 0x2e, - 0x31, 0x34, 0x20, 0x53, 0x53, 0x4c, 0x2d, 0x4d, - 0x4d, 0x2f, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x20, - 0x47, 0x4e, 0x55, 0x54, 0x4c, 0x53, 0x2f, 0x32, - 0x2e, 0x30, 0x2e, 0x34, 0x0d, 0x0a, 0x0d, 0x0a - }; - - uint8_t pkt5[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbd, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd9, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x10, - 0x00, 0x2d, 0x5b, 0xc3, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x63, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt6[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x01, 0xe4, 0xa8, 0xbe, 0x40, 0x00, 0x40, 0x06, - 0x0c, 0x28, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8b, 0xde, 0x17, 0x51, 0x83, 0x94, 0x80, 0x18, - 0x00, 0x2d, 0x1b, 0x84, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, - 0x2e, 0x31, 0x20, 0x34, 0x30, 0x31, 0x20, 0x55, - 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x0d, 0x0a, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x3a, 0x20, 0x6d, 0x69, 0x63, - 0x72, 0x6f, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, - 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d, - 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x3a, - 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68, - 0x65, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, - 0x20, 0x57, 0x65, 0x64, 0x2c, 0x20, 0x31, 0x34, - 0x20, 0x4f, 0x63, 0x74, 0x20, 0x32, 0x30, 0x30, - 0x39, 0x20, 0x31, 0x33, 0x3a, 0x34, 0x39, 0x3a, - 0x35, 0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, - 0x57, 0x57, 0x57, 0x2d, 0x41, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x3a, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20, - 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x3d, 0x22, 0x44, - 0x53, 0x4c, 0x20, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x72, 0x22, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, - 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, - 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, - 0x20, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a, - 0x0d, 0x0a, 0x3c, 0x48, 0x54, 0x4d, 0x4c, 0x3e, - 0x3c, 0x48, 0x45, 0x41, 0x44, 0x3e, 0x3c, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x34, 0x30, 0x31, - 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x3c, 0x2f, 0x54, - 0x49, 0x54, 0x4c, 0x45, 0x3e, 0x3c, 0x2f, 0x48, - 0x45, 0x41, 0x44, 0x3e, 0x0a, 0x3c, 0x42, 0x4f, - 0x44, 0x59, 0x20, 0x42, 0x47, 0x43, 0x4f, 0x4c, - 0x4f, 0x52, 0x3d, 0x22, 0x23, 0x63, 0x63, 0x39, - 0x39, 0x39, 0x39, 0x22, 0x3e, 0x3c, 0x48, 0x34, - 0x3e, 0x34, 0x30, 0x31, 0x20, 0x55, 0x6e, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x3c, 0x2f, 0x48, 0x34, 0x3e, 0x0a, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x72, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x64, 0x2e, 0x0a, 0x3c, - 0x48, 0x52, 0x3e, 0x0a, 0x3c, 0x41, 0x44, 0x44, - 0x52, 0x45, 0x53, 0x53, 0x3e, 0x3c, 0x41, 0x20, - 0x48, 0x52, 0x45, 0x46, 0x3d, 0x22, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, - 0x72, 0x65, 0x2f, 0x6d, 0x69, 0x63, 0x72, 0x6f, - 0x5f, 0x68, 0x74, 0x74, 0x70, 0x64, 0x2f, 0x22, - 0x3e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x5f, 0x68, - 0x74, 0x74, 0x70, 0x64, 0x3c, 0x2f, 0x41, 0x3e, - 0x3c, 0x2f, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53, - 0x53, 0x3e, 0x0a, 0x3c, 0x2f, 0x42, 0x4f, 0x44, - 0x59, 0x3e, 0x3c, 0x2f, 0x48, 0x54, 0x4d, 0x4c, - 0x3e, 0x0a - }; - - uint8_t pkt7[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x29, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6c, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8e, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xfa, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0x9c, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt8[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xa8, 0xbf, 0x40, 0x00, 0x40, 0x06, - 0x0d, 0xd7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8e, 0x17, 0x51, 0x83, 0x94, 0x80, 0x11, - 0x00, 0x2d, 0x5a, 0x0b, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x23, 0x6a, 0x01, 0x72, - 0x40, 0x93 - }; - - uint8_t pkt9[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2a, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6b, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x10, - 0x00, 0x36, 0x59, 0xef, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x40, 0xa6, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt10[] = { - 0x00, 0x1a, 0x2b, 0x19, 0x52, 0xa8, 0x00, 0x13, - 0x20, 0x65, 0x1a, 0x9e, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0xc2, 0x2b, 0x40, 0x00, 0x40, 0x06, - 0xf4, 0x6a, 0xc0, 0xa8, 0x01, 0xdc, 0xc0, 0xa8, - 0x01, 0x01, 0xe7, 0xf5, 0x00, 0x50, 0x17, 0x51, - 0x83, 0x94, 0x21, 0x04, 0x8d, 0x8f, 0x80, 0x11, - 0x00, 0x36, 0x57, 0x0a, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x72, 0x43, 0x8a, 0x01, 0x29, - 0x23, 0x6a - }; - - uint8_t pkt11[] = { - 0x00, 0x13, 0x20, 0x65, 0x1a, 0x9e, 0x00, 0x1a, - 0x2b, 0x19, 0x52, 0xa8, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x34, 0x10, 0xaf, 0x40, 0x00, 0x40, 0x06, - 0xa5, 0xe7, 0xc0, 0xa8, 0x01, 0x01, 0xc0, 0xa8, - 0x01, 0xdc, 0x00, 0x50, 0xe7, 0xf5, 0x21, 0x04, - 0x8d, 0x8f, 0x17, 0x51, 0x83, 0x95, 0x80, 0x10, - 0x00, 0x2d, 0x54, 0xbb, 0x00, 0x00, 0x01, 0x01, - 0x08, 0x0a, 0x01, 0x29, 0x25, 0xc2, 0x01, 0x72, - 0x43, 0x8a - }; - - uint8_t *pkts[] = { - pkt1, pkt2, pkt3, pkt4, pkt5, pkt6, pkt7, pkt8, - pkt9, pkt10, pkt11 - }; - - uint16_t pktssizes[] = { - sizeof(pkt1), sizeof(pkt2), sizeof(pkt3), sizeof(pkt4), sizeof(pkt5), - sizeof(pkt6), sizeof(pkt7), sizeof(pkt8), sizeof(pkt9), sizeof(pkt10), - sizeof(pkt11) - }; - - Packet *p = PacketGetFromAlloc(); - if (unlikely(p == NULL)) - return 0; - DecodeThreadVars dtv; - + Packet *p = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - - memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&th_v, 0, sizeof(th_v)); - FlowInitConfig(FLOW_QUIET); - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF(de_ctx == NULL); de_ctx->flags |= DE_QUIET; - /* Now that we have the array of packets for the flow, prepare the signatures */ - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)"); - - de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)"); - - de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)"); - - de_ctx->sig_list->next->next->next = NULL; + char *sigs[3]; + sigs[0] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)"; + sigs[1] = "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)"; + sigs[2] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)"; + FAIL_IF(UTHAppendSigs(de_ctx, sigs, 3) == 0); + SCSigRegisterSignatureOrderingFuncs(de_ctx); + SCSigOrderSignatures(de_ctx); + SCSigSignatureOrderingModuleCleanup(de_ctx); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx); - int i; - - /* Decode the packets, and test the matches*/ - for (i = 0;i < 11;i++) { - memset(p, 0, SIZE_OF_PACKET); - PACKET_INITIALIZE(p); - DecodeEthernet(&th_v, &dtv, p, pkts[i], pktssizes[i], NULL); - - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - switch(i) { - case 3: - if (PacketAlertCheck(p, 101) == 0) { - SCLogDebug("Not declared/initialized but match!"); - result = 0; - } - if (PacketAlertCheck(p, 103) != 0) { - SCLogDebug(" var lala is never set, it should NOT match!!"); - result = 0; - } - break; - case 5: - if (PacketAlertCheck(p, 102) == 0) { - SCLogDebug("Not incremented!"); - result = 0; - } - - if (PacketAlertCheck(p, 103) != 0) { - SCLogDebug(" var lala is never set, it should NOT match!!"); - result = 0; - } - break; - } - SCLogDebug("Raw Packet %d has %u alerts ", i, p->alerts.cnt); - PACKET_RECYCLE(p); - } - - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", + 41424, 80); + FAIL_IF(f == NULL); + f->proto = IPPROTO_TCP; + + p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 101)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(!PacketAlertCheck(p, 102)); + FAIL_IF(PacketAlertCheck(p, 103)); + UTHFreePacket(p); + + p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP); + FAIL_IF(p == NULL); + p->flow = f; + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(PacketAlertCheck(p, 102)); + FAIL_IF(PacketAlertCheck(p, 103)); + UTHFreePacket(p); + + UTHFreeFlow(f); DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); - //PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); - FlowShutdown(); - - SCFree(p); - return result; - -end: - if (de_ctx) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - } - if (det_ctx) - DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx); - //PatternMatchDestroy(mpm_ctx); - if (de_ctx) - DetectEngineCtxFree(de_ctx); - FlowShutdown(); - SCFree(p); - return result; + PASS; } #endif /* UNITTESTS */