From: Eric Leblond <eric@regit.org>
Date: Mon, 8 Apr 2013 17:16:31 +0000 (+0200)
Subject: coccinelle: add tcp flag check
X-Git-Tag: suricata-2.0beta1~186
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c9d90e6596eabe1b914b35821024779962b270d4;p=thirdparty%2Fsuricata.git

coccinelle: add tcp flag check

The different TCP related structures have all a flags field and its
value must match the type of structure. This patch adds a check
alerting on invalid value usage.
---

diff --git a/qa/coccinelle/tcp-struct-flags.cocci b/qa/coccinelle/tcp-struct-flags.cocci
new file mode 100644
index 0000000000..5c8b34df29
--- /dev/null
+++ b/qa/coccinelle/tcp-struct-flags.cocci
@@ -0,0 +1,38 @@
+@flags@
+TcpSession *ssn;
+identifier ssn_flags =~ "^(?!STREAMTCP_FLAG).+";
+TcpStream *stream;
+identifier stream_flags =~ "^(?!STREAMTCP_STREAM_FLAG).+";
+TcpSegment *segment;
+identifier segment_flags =~ "^(?!SEGMENTTCP_FLAG)_.+";
+position p1;
+@@
+
+(
+ssn->flags@p1 |= ssn_flags
+|
+ssn->flags@p1 & ssn_flags
+|
+ssn->flags@p1 &= ~ssn_flags
+|
+stream->flags@p1 |= stream_flags
+|
+stream->flags@p1 & stream_flags
+|
+stream->flags@p1 &= ~stream_flags
+|
+segment->flags@p1 |= segment_flags
+|
+segment->flags@p1 &= ~segment_flags
+|
+segment->flags@p1 & segment_flags
+)
+
+
+@script:python@
+p1 << flags.p1;
+@@
+
+print "Invalid usage of flags field at %s:%s, flags value is incorrect (wrong family)." % (p1[0].file, p1[0].line)
+import sys
+sys.exit(1)