From: Russ Combs (rucombs) Date: Thu, 4 Oct 2018 22:45:50 +0000 (-0400) Subject: Merge pull request #1380 in SNORT/snort3 from mpse_fixes to master X-Git-Tag: 3.0.0-249~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7608f0b24a0615c78d94f550a2ad45ca066ef383;p=thirdparty%2Fsnort3.git Merge pull request #1380 in SNORT/snort3 from mpse_fixes to master Squashed commit of the following: commit 55cd4beab52abd873daa6d406d5f25eb44fe9644 Author: russ Date: Wed Oct 3 23:11:15 2018 -0400 cppcheck: cleanup some warnings commit b9cb8f0e5cde9b036aa8af8d142bb1fd2e564678 Author: russ Date: Wed Oct 3 22:35:31 2018 -0400 search_tool: validate ac_full and ac_bnfa wrt search and search_all commit 0f30628cd231271c95afb52649719c17134f456c Author: russ Date: Wed Oct 3 19:31:03 2018 -0400 search_tool: include bytes searched in pattern match stats --- diff --git a/src/framework/codec.cc b/src/framework/codec.cc index 1314cbc48..ba2739a84 100644 --- a/src/framework/codec.cc +++ b/src/framework/codec.cc @@ -208,7 +208,7 @@ TEST_CASE("multi alloc", "[buffer]") buf2.allocate(2); CHECK( buf2.data() == &raw_buf2[0] ); - CHECK( buf2.size() == 3 ); + CHECK( (buf2.size() == 3) ); } TEST_CASE("clear", "[buffer]") diff --git a/src/framework/mpse.cc b/src/framework/mpse.cc index 70408ac1f..6e72bd24c 100644 --- a/src/framework/mpse.cc +++ b/src/framework/mpse.cc @@ -49,18 +49,16 @@ int Mpse::search( void* context, int* current_state) { Profile profile(mpsePerfStats); - - int ret = _search(T, n, match, context, current_state); - pmqs.matched_bytes += n; - - return ret; + return _search(T, n, match, context, current_state); } int Mpse::search_all( const unsigned char* T, int n, MpseMatch match, void* context, int* current_state) { + Profile profile(mpsePerfStats); + pmqs.matched_bytes += n; return _search(T, n, match, context, current_state); } diff --git a/src/log/log_text.cc b/src/log/log_text.cc index 2d3c4ef9b..13a37ce2a 100644 --- a/src/log/log_text.cc +++ b/src/log/log_text.cc @@ -412,15 +412,14 @@ void LogIPHeader(TextLog* log, Packet* p) static void LogOuterIPHeader(TextLog* log, Packet* p) { uint8_t save_frag_flag = (p->ptrs.decode_flags & DECODE_FRAG); - uint16_t save_sp, save_dp; ip::IpApi save_ip_api = p->ptrs.ip_api; p->ptrs.decode_flags &= ~DECODE_FRAG; if (p->proto_bits & PROTO_BIT__TEREDO) { - save_sp = p->ptrs.sp; - save_dp = p->ptrs.dp; + uint16_t save_sp = p->ptrs.sp; + uint16_t save_dp = p->ptrs.dp; const udp::UDPHdr* udph = layer::get_outer_udp_lyr(p); p->ptrs.sp = ntohs(udph->uh_sport); diff --git a/src/search_engines/test/CMakeLists.txt b/src/search_engines/test/CMakeLists.txt index 899e972e2..82f81ff30 100644 --- a/src/search_engines/test/CMakeLists.txt +++ b/src/search_engines/test/CMakeLists.txt @@ -2,6 +2,8 @@ add_cpputest( search_tool_test SOURCES ../ac_bnfa.cc + ../ac_full.cc + ../acsmx2.cc ../bnfa_search.cc ../search_tool.cc ) diff --git a/src/search_engines/test/search_tool_test.cc b/src/search_engines/test/search_tool_test.cc index c886ca74b..cf159ba2a 100644 --- a/src/search_engines/test/search_tool_test.cc +++ b/src/search_engines/test/search_tool_test.cc @@ -113,97 +113,241 @@ int Mpse::search_all( } extern const BaseApi* se_ac_bnfa; +extern const BaseApi* se_ac_full; Mpse* mpse = nullptr; Mpse* MpseManager::get_search_engine(const char *type) { - assert(!strcmp(type, "ac_bnfa")); + const MpseApi* api; + + if ( !strcmp(type, "ac_bnfa") ) + api = (MpseApi*)se_ac_bnfa; + + else if ( !strcmp(type, "ac_full") ) + api = (MpseApi*)se_ac_full; + + else + return nullptr; + + api->init(); + mpse = api->ctor(snort_conf, nullptr, &s_agent); - const MpseApi* mpse_api = (MpseApi*)se_ac_bnfa; - mpse_api->init(); - mpse = mpse_api->ctor(snort_conf, nullptr, &s_agent); CHECK(mpse); + mpse->set_api(api); return mpse; } -void MpseManager::delete_search_engine(Mpse*) +void MpseManager::delete_search_engine(Mpse* eng) { - const MpseApi* mpse_api = (MpseApi*)se_ac_bnfa; - mpse_api->dtor(mpse); + const MpseApi* api = eng->get_api(); + api->dtor(eng); } +struct ExpectedMatch +{ + int id; + int offset; +}; + +static const ExpectedMatch* s_expect = nullptr; +static int s_found = 0; -static int pattern_id = 0; static int Test_SearchStrFound( - void* /*id*/, void* /*tree*/, int /*index*/, void* /*context*/, void* /*neg_list*/) + void* pid, void* /*tree*/, int index, void* /*context*/, void* /*neg_list*/) { - //printf("found str with id=%ld, index=%d\n", (long)id, index); - return 0; + auto id = reinterpret_cast(pid); + + if ( s_expect and s_found >= 0 and + s_expect[s_found].id == (int)id and + s_expect[s_found].offset == index ) + { + ++s_found; + } + else s_found = -1; + + return s_found == -1; } -TEST_GROUP(search_tool_tests) +//------------------------------------------------------------------------- +// ac_bnfa tests +//------------------------------------------------------------------------- + +TEST_GROUP(search_tool_bnfa) { + SearchTool* stool; + void setup() override - { CHECK(se_ac_bnfa); } + { + CHECK(se_ac_bnfa); + stool = new SearchTool("ac_bnfa"); + + CHECK(stool->mpse); + + int pattern_id = 1; + stool->add("the", 3, pattern_id); + CHECK(stool->max_len == 3); + + pattern_id = 77; + stool->add("tuba", 4, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 78; + stool->add("uba", 3, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 2112; + stool->add("away", 4, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 1000; + stool->add("nothere", 7, pattern_id); + CHECK(stool->max_len == 7); + + stool->prep(); + + } + void teardown() override + { + delete stool; + } }; -TEST(search_tool_tests, ac_bnfa) +TEST(search_tool_bnfa, search) { - SearchTool *stool = new SearchTool("ac_bnfa"); - CHECK(stool->mpse); + // 0 1 2 3 + // 0123456789012345678901234567890 + const char* datastr = "the tuba ran away with the tuna"; + const ExpectedMatch xm[] = + { + { 1, 3 }, + { 78, 8 }, + { 2112, 17 }, + { 1, 26 }, + { 0, 0 } + }; - pattern_id = 1; - stool->add("the", 3, pattern_id); - CHECK(stool->max_len == 3); + s_expect = xm; + s_found = 0; - pattern_id = 77; - stool->add("uba", 3, pattern_id); - CHECK(stool->max_len == 3); + int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound); + + CHECK(result == 4); + CHECK(s_found == 4); +} - pattern_id = 2112; - stool->add("away", 4, pattern_id); - CHECK(stool->max_len == 4); +TEST(search_tool_bnfa, search_all) +{ + // 0 1 2 3 + // 0123456789012345678901234567890 + const char* datastr = "the tuba ran away with the tuna"; + const ExpectedMatch xm[] = + { + { 1, 3 }, + { 78, 8 }, + { 2112, 17 }, + { 1, 26 }, + { 0, 0 } + }; - pattern_id = 1000; - stool->add("nothere", 7, pattern_id); - CHECK(stool->max_len == 7); + s_expect = xm; + s_found = 0; - stool->prep(); + int result = stool->find_all(datastr, strlen(datastr), Test_SearchStrFound); - const char *datastr = "the tuba ran away"; - int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound); - CHECK(result == 3); - delete stool; + CHECK(result == 4); + CHECK(s_found == 4); } -TEST(search_tool_tests, search_all_ac_bnfa) +//------------------------------------------------------------------------- +// ac_full tests +//------------------------------------------------------------------------- + +TEST_GROUP(search_tool_full) +{ + SearchTool* stool; + + void setup() override + { + CHECK(se_ac_full); + stool = new SearchTool("ac_full", true); + + CHECK(stool->mpse); + + int pattern_id = 1; + stool->add("the", 3, pattern_id); + CHECK(stool->max_len == 3); + + pattern_id = 77; + stool->add("tuba", 4, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 78; + stool->add("uba", 3, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 2112; + stool->add("away", 4, pattern_id); + CHECK(stool->max_len == 4); + + pattern_id = 1000; + stool->add("nothere", 7, pattern_id); + CHECK(stool->max_len == 7); + + stool->prep(); + + } + void teardown() override + { + delete stool; + } +}; + +TEST(search_tool_full, search) { - SearchTool *stool = new SearchTool("ac_bnfa"); - CHECK(stool->mpse); + // 0 1 2 3 + // 0123456789012345678901234567890 + const char* datastr = "the tuba ran away with the tuna"; + const ExpectedMatch xm[] = + { + { 1, 3 }, + { 78, 8 }, + { 2112, 17 }, + { 1, 26 }, + { 0, 0 } + }; - pattern_id = 1; - stool->add("the", 3, pattern_id); - CHECK(stool->max_len == 3); + s_expect = xm; + s_found = 0; - pattern_id = 77; - stool->add("uba", 3, pattern_id); - CHECK(stool->max_len == 3); + int result = stool->find(datastr, strlen(datastr), Test_SearchStrFound); - pattern_id = 2112; - stool->add("away", 4, pattern_id); - CHECK(stool->max_len == 4); + CHECK(result == 4); + CHECK(s_found == 4); +} - pattern_id = 1000; - stool->add("nothere", 7, pattern_id); - CHECK(stool->max_len == 7); +TEST(search_tool_full, search_all) +{ + // 0 1 2 3 + // 0123456789012345678901234567890 + const char* datastr = "the tuba ran away with the tuna"; + const ExpectedMatch xm[] = + { + { 1, 3 }, + { 78, 8 }, + { 77, 8 }, + { 2112, 17 }, + { 1, 26 }, + { 0, 0 } + }; - stool->prep(); + s_expect = xm; + s_found = 0; - const char *datastr = "the tuba ran away"; int result = stool->find_all(datastr, strlen(datastr), Test_SearchStrFound); - CHECK(result == 3); - delete stool; + + CHECK(result == 5); + CHECK(s_found == 5); } //-------------------------------------------------------------------------