Fix unittests after ip_proto keyword change.

src/alert-fastlog.c

@@ -40,7 +40,9 @@
 #include "threadvars.h"
 #include "tm-modules.h"
 #include "util-debug.h"
+
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 #include "detect.h"
 #include "detect-parse.h"
@@ -375,17 +377,12 @@ int AlertFastLogTest01()
         "Host: one.example.org\r\n";
 
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -404,12 +401,11 @@ int AlertFastLogTest01()
     result = (de_ctx->sig_list != NULL);
 
     SigGroupBuild(de_ctx);
-    //PatternMatchPrepare(mpm_ctx, MPM_B2G);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (p.alerts.cnt == 1)
-        result = (strcmp(p.alerts.alerts[0].class_msg, "Unknown are we") == 0);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (p->alerts.cnt == 1)
+        result = (strcmp(p->alerts.alerts[0].class_msg, "Unknown are we") == 0);
     else
         result = 0;
 
@@ -424,9 +420,9 @@ int AlertFastLogTest01()
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
-    //PatternMatchDestroy(mpm_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -436,17 +432,13 @@ int AlertFastLogTest02()
     uint8_t *buf = (uint8_t *) "GET /one/ HTTP/1.1\r\n"
         "Host: one.example.org\r\n";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -463,19 +455,22 @@ int AlertFastLogTest02()
             "(msg:\"FastLog test\"; content:GET; "
             "Classtype:unknown; sid:1;)");
     result = (de_ctx->sig_list != NULL);
-    if (result == 0) printf("sig parse failed: ");
+    if (result == 0)
+        printf("sig parse failed: ");
 
     SigGroupBuild(de_ctx);
-    //PatternMatchPrepare(mpm_ctx, MPM_B2G);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (p.alerts.cnt == 1) {
-        result = (strcmp(p.alerts.alerts[0].class_msg, "Unknown Traffic") != 0);
-        if (result == 0) printf("p.alerts.alerts[0].class_msg %s: ", p.alerts.alerts[0].class_msg);
-        result = (strcmp(p.alerts.alerts[0].class_msg,
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (p->alerts.cnt == 1) {
+        result = (strcmp(p->alerts.alerts[0].class_msg, "Unknown Traffic") != 0);
+        if (result == 0)
+            printf("p->alerts.alerts[0].class_msg %s: ", p->alerts.alerts[0].class_msg);
+
+        result = (strcmp(p->alerts.alerts[0].class_msg,
                     "Unknown are we") == 0);
-        if (result == 0) printf("p.alerts.alerts[0].class_msg %s: ", p.alerts.alerts[0].class_msg);
+        if (result == 0)
+            printf("p->alerts.alerts[0].class_msg %s: ", p->alerts.alerts[0].class_msg);
     } else {
         result = 0;
     }
@@ -491,9 +486,9 @@ int AlertFastLogTest02()
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
-    //PatternMatchDestroy(mpm_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/app-layer-detect-proto.c

@@ -1446,30 +1446,25 @@ static int AlpDetectTestSig1(void)
         "Cookie: hellocatch\r\n\r\n";
     uint32_t http_buf1_len = sizeof(http_buf1) - 1;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars tv;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&tv, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(Flow));
     memset(&ssn, 0, sizeof(TcpSession));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = http_buf1;
-    p.payload_len = http_buf1_len;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1505,9 +1500,9 @@ static int AlpDetectTestSig1(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&tv, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&tv, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't alert, but it should: ");
         goto end;
     }
@@ -1524,6 +1519,8 @@ end:
 
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1539,32 +1536,25 @@ static int AlpDetectTestSig2(void)
         "Cookie: hellocatch\r\n\r\n";
     uint32_t http_buf1_len = sizeof(http_buf1) - 1;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars tv;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&tv, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(Flow));
     memset(&ssn, 0, sizeof(TcpSession));
 
-    p.sp = 12345;
-    p.dp = 88;
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = http_buf1;
-    p.payload_len = http_buf1_len;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacketSrcDstPorts(http_buf1, http_buf1_len, IPPROTO_TCP, 12345, 88);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1600,9 +1590,9 @@ static int AlpDetectTestSig2(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&tv, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&tv, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't alert, but it should: ");
         goto end;
     }
@@ -1619,6 +1609,8 @@ end:
 
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1634,30 +1626,25 @@ static int AlpDetectTestSig3(void)
         "Cookie: hellocatch\r\n\r\n";
     uint32_t http_buf1_len = sizeof(http_buf1) - 1;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars tv;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&tv, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(Flow));
     memset(&ssn, 0, sizeof(TcpSession));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = http_buf1;
-    p.payload_len = http_buf1_len;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(http_buf1, http_buf1_len, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1693,15 +1680,14 @@ static int AlpDetectTestSig3(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&tv, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&tv, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted, but it should not (it's not ftp): ");
         goto end;
     }
 
     result = 1;
-
 end:
     if (det_ctx != NULL)
         DetectEngineThreadCtxDeinit(&tv, det_ctx);
@@ -1712,6 +1698,8 @@ end:
 
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1725,32 +1713,25 @@ static int AlpDetectTestSig4(void)
     uint8_t http_buf1[] = "MPUT one\r\n";
     uint32_t http_buf1_len = sizeof(http_buf1) - 1;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars tv;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&tv, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(Flow));
     memset(&ssn, 0, sizeof(TcpSession));
 
-    p.sp = 12345;
-    p.dp = 88;
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = http_buf1;
-    p.payload_len = http_buf1_len;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacketSrcDstPorts(http_buf1, http_buf1_len, IPPROTO_TCP, 12345, 88);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_FTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1786,9 +1767,9 @@ static int AlpDetectTestSig4(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&tv, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&tv, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted, but it should not (it's ftp): ");
         goto end;
     }
@@ -1805,6 +1786,7 @@ end:
 
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1819,34 +1801,29 @@ static int AlpDetectTestSig5(void)
         "Cookie: hellocatch\r\n\r\n";
     uint32_t http_buf1_len = sizeof(http_buf1) - 1;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars tv;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&tv, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(Flow));
     memset(&ssn, 0, sizeof(TcpSession));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = http_buf1;
-    p.payload_len = http_buf1_len;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(http_buf1, http_buf1_len, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
     f.proto = IPPROTO_TCP;
-    p.flags |= PKT_STREAM_ADD;
-    p.flags |= PKT_STREAM_EOF;
+    p->flags |= PKT_STREAM_ADD;
+    p->flags |= PKT_STREAM_EOF;
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -1888,9 +1865,9 @@ static int AlpDetectTestSig5(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&tv, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&tv, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't alert, but it should: ");
         goto end;
     }
@@ -1907,6 +1884,7 @@ end:
 
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-ack.c

@@ -36,6 +36,7 @@
 
 #include "util-byte.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-debug.h"
 
 /* prototypes */
@@ -141,56 +142,25 @@ static void DetectAckFree(void *ptr)
  */
 static int DetectAckSigTest01Real(int mpm_type)
 {
-    uint8_t *buf = (uint8_t *)"";
-    uint16_t buflen = strlen((char *)buf);
-    Packet p[3];
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
+    Packet *p3 = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
-    uint8_t tcp_hdr0[] = {
-        0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
-        0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
-        0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
-        0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
-        0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 0x02
-    };
-    uint8_t tcp_hdr1[] = {
-        0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
-        0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
-        0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
-        0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
-        0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 0x02
-    };
 
     memset(&th_v, 0, sizeof(th_v));
 
     /* TCP w/ack=42 */
-    memset(&p[0], 0, sizeof(p[0]));
-    p[0].src.family = AF_INET;
-    p[0].dst.family = AF_INET;
-    p[0].payload = buf;
-    p[0].payload_len = buflen;
-    p[0].proto = IPPROTO_TCP;
-    p[0].tcph = (TCPHdr *)tcp_hdr0;
-    p[0].tcph->th_ack = htonl(42);
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p1->tcph->th_ack = htonl(42);
 
     /* TCP w/ack=100 */
-    memset(&p[1], 0, sizeof(p[1]));
-    p[1].src.family = AF_INET;
-    p[1].dst.family = AF_INET;
-    p[1].payload = buf;
-    p[1].payload_len = buflen;
-    p[1].proto = IPPROTO_TCP;
-    p[1].tcph = (TCPHdr *)tcp_hdr1;
-    p[1].tcph->th_ack = htonl(100);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2->tcph->th_ack = htonl(100);
 
     /* ICMP */
-    memset(&p[2], 0, sizeof(p[2]));
-    p[2].src.family = AF_INET;
-    p[2].dst.family = AF_INET;
-    p[2].payload = buf;
-    p[2].payload_len = buflen;
-    p[2].proto = IPPROTO_ICMP;
+    p3 = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -240,32 +210,32 @@ static int DetectAckSigTest01Real(int mpm_type)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p[0]);
-    if (PacketAlertCheck(&p[0], 1) != 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
+    if (PacketAlertCheck(p1, 1) != 0) {
         printf("sid 1 alerted, but should not have: ");
         goto cleanup;
     }
-    if (PacketAlertCheck(&p[0], 2) == 0) {
+    if (PacketAlertCheck(p1, 2) == 0) {
         printf("sid 2 did not alert, but should have: ");
         goto cleanup;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p[1]);
-    if (PacketAlertCheck(&p[1], 1) != 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
+    if (PacketAlertCheck(p2, 1) != 0) {
         printf("sid 1 alerted, but should not have: ");
         goto cleanup;
     }
-    if (PacketAlertCheck(&p[1], 2) != 0) {
+    if (PacketAlertCheck(p2, 2) != 0) {
         printf("sid 2 alerted, but should not have: ");
         goto cleanup;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p[1]);
-    if (PacketAlertCheck(&p[2], 1) != 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p3);
+    if (PacketAlertCheck(p3, 1) != 0) {
         printf("sid 1 alerted, but should not have: ");
         goto cleanup;
     }
-    if (PacketAlertCheck(&p[2], 2) != 0) {
+    if (PacketAlertCheck(p3, 2) != 0) {
         printf("sid 2 alerted, but should not have: ");
         goto cleanup;
     }

src/detect-content.c

@@ -1383,18 +1383,13 @@ int DetectContentParseTest19(void)
 static int SigTestPositiveTestContent(char *rule, uint8_t *buf)
 {
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -1410,37 +1405,35 @@ static int SigTestPositiveTestContent(char *rule, uint8_t *buf)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) != 1) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) != 1) {
         goto end;
     }
 
     result = 1;
 end:
-    SigGroupCleanup(de_ctx);
-    SigCleanSignatures(de_ctx);
+    if (de_ctx != NULL) {
+        SigGroupCleanup(de_ctx);
+        SigCleanSignatures(de_ctx);
 
-    DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
-    DetectEngineCtxFree(de_ctx);
+        DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
+        DetectEngineCtxFree(de_ctx);
+    }
 
+    UTHFreePackets(&p, 1);
     return result;
 }
 
 static int SigTestNegativeTestContent(char *rule, uint8_t *buf)
 {
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -1456,8 +1449,8 @@ static int SigTestNegativeTestContent(char *rule, uint8_t *buf)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) != 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) != 0) {
         goto end;
     }
 
@@ -1471,6 +1464,7 @@ end:
         SigCleanSignatures(de_ctx);
         DetectEngineCtxFree(de_ctx);
     }
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-dce-iface.c

@@ -44,6 +44,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "stream-tcp.h"
 
 #define DETECT_DCE_IFACE_PCRE_PARSE_ARGS "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,(<|>|=|!)([0-9]{1,5}))?(?:\\s*,(any_frag))?\\s*$"
@@ -804,7 +805,7 @@ static int DetectDceIfaceTestParse12(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -840,21 +841,16 @@ static int DetectDceIfaceTestParse12(void)
     uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -892,9 +888,9 @@ static int DetectDceIfaceTestParse12(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match (1): ");
         goto end;
     }
@@ -909,9 +905,9 @@ static int DetectDceIfaceTestParse12(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sid 1 matched, but shouldn't have: ");
         goto end;
     }
@@ -928,6 +924,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -939,7 +936,7 @@ static int DetectDceIfaceTestParse13(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1062,18 +1059,14 @@ static int DetectDceIfaceTestParse13(void)
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1108,12 +1101,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't match after bind request: ");
         goto end;
     }
@@ -1127,12 +1120,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched again after bind ack: ");
         goto end;
     }
@@ -1147,12 +1140,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't match after request1: ");
         goto end;
     }
@@ -1167,12 +1160,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched after response1, but shouldn't: ");
         goto end;
     }
@@ -1187,12 +1180,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't match after request2: ");
         goto end;
     }
@@ -1205,12 +1198,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched after response2, but shouldn't have: ");
         goto end;
     }
@@ -1223,12 +1216,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't match after request3: ");
         goto end;
     }
@@ -1241,12 +1234,12 @@ static int DetectDceIfaceTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched after response3, but shouldn't have: ");
         goto end;
     }
@@ -1262,6 +1255,7 @@ static int DetectDceIfaceTestParse13(void)
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1273,7 +1267,7 @@ static int DetectDceIfaceTestParse14(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1313,17 +1307,13 @@ static int DetectDceIfaceTestParse14(void)
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1359,9 +1349,9 @@ static int DetectDceIfaceTestParse14(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
@@ -1372,9 +1362,9 @@ static int DetectDceIfaceTestParse14(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched but shouldn't have: ");
         goto end;
     }
@@ -1391,6 +1381,7 @@ static int DetectDceIfaceTestParse14(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-dce-opnum.c

@@ -44,6 +44,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "stream-tcp.h"
 
 #define DETECT_DCE_OPNUM_PCRE_PARSE_ARGS "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$"
@@ -668,7 +669,7 @@ static int DetectDceOpnumTestParse08(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1124,21 +1125,16 @@ static int DetectDceOpnumTestParse08(void)
     uint32_t dcerpc_request_len = sizeof(dcerpc_request);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1195,9 +1191,9 @@ static int DetectDceOpnumTestParse08(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -1212,6 +1208,8 @@ static int DetectDceOpnumTestParse08(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1223,7 +1221,7 @@ static int DetectDceOpnumTestParse09(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1653,21 +1651,16 @@ static int DetectDceOpnumTestParse09(void)
     uint32_t dcerpc_request_len = sizeof(dcerpc_request);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1704,9 +1697,9 @@ static int DetectDceOpnumTestParse09(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -1721,6 +1714,8 @@ static int DetectDceOpnumTestParse09(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1733,7 +1728,7 @@ static int DetectDceOpnumTestParse10(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1852,22 +1847,17 @@ static int DetectDceOpnumTestParse10(void)
     uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1903,9 +1893,9 @@ static int DetectDceOpnumTestParse10(void)
         SCLogDebug("no dcerpc state: ");
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     SCLogDebug("sending bind_ack");
 
@@ -1915,9 +1905,9 @@ static int DetectDceOpnumTestParse10(void)
         SCLogDebug("AppLayerParse for dcerpc failed.  Returned %" PRId32, r);
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     SCLogDebug("sending request1");
 
@@ -1929,12 +1919,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't match, but should have: ");
         goto end;
     }
@@ -1949,12 +1939,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 did match, shouldn't have on response1: ");
         goto end;
     }
@@ -1967,12 +1957,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't match, but should have on request2: ");
         goto end;
     }
@@ -1985,12 +1975,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 did match, shouldn't have on response2: ");
         goto end;
     }
@@ -2003,12 +1993,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't match, but should have on request3: ");
         goto end;
     }
@@ -2021,12 +2011,12 @@ static int DetectDceOpnumTestParse10(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 did match, shouldn't have on response2: ");
         goto end;
     }
@@ -2043,6 +2033,8 @@ static int DetectDceOpnumTestParse10(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -2055,7 +2047,7 @@ static int DetectDceOpnumTestParse11(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -2147,22 +2139,17 @@ static int DetectDceOpnumTestParse11(void)
     uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -2201,12 +2188,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response1 */
@@ -2218,12 +2205,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request2 */
@@ -2235,12 +2222,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response2 */
@@ -2252,12 +2239,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request3 */
@@ -2269,12 +2256,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response3 */
@@ -2286,12 +2273,12 @@ static int DetectDceOpnumTestParse11(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -2306,6 +2293,8 @@ static int DetectDceOpnumTestParse11(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -2318,7 +2307,7 @@ static int DetectDceOpnumTestParse12(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -2425,22 +2414,17 @@ static int DetectDceOpnumTestParse12(void)
     uint32_t dcerpc_response2_len = sizeof(dcerpc_response2);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -2466,9 +2450,9 @@ static int DetectDceOpnumTestParse12(void)
         printf("AppLayerParse for dcerpc failed.  Returned %" PRId32, r);
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
     if (dcerpc_state == NULL) {
@@ -2482,9 +2466,9 @@ static int DetectDceOpnumTestParse12(void)
         printf("AppLayerParse for dcerpc failed.  Returned %" PRId32, r);
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     /* request1 */
     SCLogDebug("Sending request1");
@@ -2508,12 +2492,12 @@ static int DetectDceOpnumTestParse12(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("signature 1 didn't match, should have: ");
         goto end;
     }
@@ -2538,12 +2522,12 @@ static int DetectDceOpnumTestParse12(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched on response 1, but shouldn't: ");
         goto end;
     }
@@ -2568,12 +2552,12 @@ static int DetectDceOpnumTestParse12(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 didn't match on request 2: ");
         goto end;
     }
@@ -2598,12 +2582,12 @@ static int DetectDceOpnumTestParse12(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 matched on response2, but shouldn't: ");
         goto end;
     }
@@ -2620,6 +2604,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -2632,7 +2618,7 @@ static int DetectDceOpnumTestParse13(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -2712,22 +2698,17 @@ static int DetectDceOpnumTestParse13(void)
     uint32_t dcerpc_response2_len = sizeof(dcerpc_response2);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -2770,12 +2751,12 @@ static int DetectDceOpnumTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response1 */
@@ -2798,12 +2779,12 @@ static int DetectDceOpnumTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request2 */
@@ -2827,12 +2808,12 @@ static int DetectDceOpnumTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response2 */
@@ -2855,12 +2836,12 @@ static int DetectDceOpnumTestParse13(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -2875,6 +2856,8 @@ static int DetectDceOpnumTestParse13(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 #endif

src/detect-dce-stub-data.c

@@ -43,7 +43,9 @@
 #include "detect-dce-stub-data.h"
 
 #include "util-debug.h"
+
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 #include "stream-tcp.h"
 
@@ -169,7 +171,7 @@ static int DetectDceStubDataTestParse02(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -625,21 +627,16 @@ static int DetectDceStubDataTestParse02(void)
     uint32_t dcerpc_request_len = sizeof(dcerpc_request);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -675,13 +672,13 @@ static int DetectDceStubDataTestParse02(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     /* we shouldn't have any stub data */
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* do detect */
@@ -692,13 +689,13 @@ static int DetectDceStubDataTestParse02(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     /* we shouldn't have any stub data */
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF,
@@ -708,13 +705,13 @@ static int DetectDceStubDataTestParse02(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     /* we should have the stub data since we previously parsed a request frag */
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -729,6 +726,8 @@ static int DetectDceStubDataTestParse02(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -740,7 +739,7 @@ static int DetectDceStubDataTestParse03(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1170,21 +1169,16 @@ static int DetectDceStubDataTestParse03(void)
     uint32_t dcerpc_request_len = sizeof(dcerpc_request);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1220,12 +1214,12 @@ static int DetectDceStubDataTestParse03(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -1240,6 +1234,8 @@ static int DetectDceStubDataTestParse03(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1248,7 +1244,7 @@ static int DetectDceStubDataTestParse04(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1367,22 +1363,17 @@ static int DetectDceStubDataTestParse04(void)
     uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1408,9 +1399,9 @@ static int DetectDceStubDataTestParse04(void)
         SCLogDebug("AppLayerParse for dcerpc failed.  Returned %" PRId32, r);
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
     if (dcerpc_state == NULL) {
@@ -1424,9 +1415,9 @@ static int DetectDceStubDataTestParse04(void)
         SCLogDebug("AppLayerParse for dcerpc failed.  Returned %" PRId32, r);
         goto end;
     }
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     /* request1 */
     r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
@@ -1436,12 +1427,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response1 */
@@ -1452,12 +1443,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request2 */
@@ -1468,12 +1459,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response2 */
@@ -1484,12 +1475,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request3 */
@@ -1500,12 +1491,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response3 */
@@ -1516,12 +1507,12 @@ static int DetectDceStubDataTestParse04(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -1536,6 +1527,8 @@ static int DetectDceStubDataTestParse04(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1544,7 +1537,7 @@ static int DetectDceStubDataTestParse05(void)
     int result = 0;
     Signature *s = NULL;
     ThreadVars th_v;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     TcpSession ssn;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1636,22 +1629,17 @@ static int DetectDceStubDataTestParse05(void)
     uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
@@ -1688,12 +1676,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response1 */
@@ -1704,12 +1692,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request2 */
@@ -1720,12 +1708,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response2 */
@@ -1736,12 +1724,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     /* request3 */
@@ -1752,12 +1740,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOCLIENT;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags &=~ FLOW_PKT_TOCLIENT;
+    p->flowflags |= FLOW_PKT_TOSERVER;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1))
+    if (!PacketAlertCheck(p, 1))
         goto end;
 
     /* response3 */
@@ -1768,12 +1756,12 @@ static int DetectDceStubDataTestParse05(void)
         goto end;
     }
 
-    p.flowflags &=~ FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_TOCLIENT;
+    p->flowflags &=~ FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_TOCLIENT;
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1))
+    if (PacketAlertCheck(p, 1))
         goto end;
 
     result = 1;
@@ -1788,6 +1776,8 @@ static int DetectDceStubDataTestParse05(void)
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1796,7 +1786,6 @@ static int DetectDceStubDataTestParse05(void)
 
 void DetectDceStubDataRegisterTests(void)
 {
-
 #ifdef UNITTESTS
     UtRegisterTest("DetectDceStubDataTestParse01", DetectDceStubDataTestParse01, 1);
     UtRegisterTest("DetectDceStubDataTestParse02", DetectDceStubDataTestParse02, 1);

src/detect-detection-filter.c

@@ -384,27 +384,16 @@ int DetectDetectionFilterTestParse06 (void) {
  *  \retval 0 on failure
  */
 static int DetectDetectionFilterTestSig1(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -421,22 +410,22 @@ static int DetectDetectionFilterTestSig1(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
 
     if(alerts == 5)
         result = 1;
@@ -448,6 +437,7 @@ static int DetectDetectionFilterTestSig1(void) {
     DetectEngineCtxFree(de_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -461,31 +451,20 @@ end:
  */
 
 static int DetectDetectionFilterTestSig2(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
     struct timeval ts;
 
     memset (&ts, 0, sizeof(struct timeval));
     TimeGet(&ts);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -502,26 +481,26 @@ static int DetectDetectionFilterTestSig2(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    TimeGet(&p.ts);
+    TimeGet(&p->ts);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
 
     TimeSetIncrementTime(200);
-    TimeGet(&p.ts);
+    TimeGet(&p->ts);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
 
     if (alerts == 1)
         result = 1;
@@ -532,6 +511,7 @@ static int DetectDetectionFilterTestSig2(void) {
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-engine-iponly.c

@@ -977,7 +977,6 @@ void IPOnlyMatchPacket(DetectEngineCtx *de_ctx,
 
                     /* Need to check the protocol first */
                     if (!(s->proto.proto[(IP_GET_IPPROTO(p)/8)] & (1 << (IP_GET_IPPROTO(p) % 8))))
-
                         continue;
 
                     SCLogDebug("Signum %"PRIu16" match (sid: %"PRIu16", msg: %s)",

src/detect-engine-payload.c

@@ -582,7 +582,6 @@ static int PayloadTestSig08(void)
         "content:fix; content:this; within:6; content:!\"and\"; distance:0; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
-        result = 0;
         goto end;
     }
 

src/detect-engine-proto.c

@@ -349,7 +349,7 @@ end:
  */
 
 static int DetectProtoTestSig01(void) {
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
@@ -358,15 +358,13 @@ static int DetectProtoTestSig01(void) {
 
     memset(&f, 0, sizeof(Flow));
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
 
     FLOW_INITIALIZE(&f);
 
-    p.flow = &f;
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.flowflags |= FLOW_PKT_TOSERVER;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -396,14 +394,14 @@ static int DetectProtoTestSig01(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sid 1 alerted, but should not have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2) == 0) {
+    } else if (PacketAlertCheck(p, 2) == 0) {
         printf("sid 2 did not alert, but should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 3) == 0) {
+    } else if (PacketAlertCheck(p, 3) == 0) {
         printf("sid 3 did not alert, but should have: ");
         goto cleanup;
     }
@@ -419,6 +417,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
 end:
     return result;
 }

src/detect-engine-siggroup.c

@@ -47,6 +47,7 @@
 #include "util-debug.h"
 #include "util-cidr.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 
 /* prototypes */
@@ -2137,19 +2138,20 @@ static int SigGroupHeadTest10(void)
     int result = 0;
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     Signature *s = NULL;
-    Packet p;
+    Packet *p = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
     ThreadVars th_v;
 
     memset(&th_v, 0, sizeof(ThreadVars));
-    memset(&p, 0, sizeof(Packet));
-    p.proto = IPPROTO_ICMP;
-    p.type = 5;
-    p.code = 1;
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
+
+    p = UTHBuildPacketSrcDst(NULL, 0, IPPROTO_ICMP, "192.168.1.1", "1.2.3.4");
+    p->icmpv4h->type = 5;
+    p->icmpv4h->code = 1;
+
+    /* originally ip's were
     p.src.addr_data32[0] = 0xe08102d3;
     p.dst.addr_data32[0] = 0x3001a8c0;
+    */
 
     if (de_ctx == NULL)
         return 0;
@@ -2166,9 +2168,9 @@ static int SigGroupHeadTest10(void)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    AddressDebugPrint(&p.dst);
+    AddressDebugPrint(&p->dst);
 
-    SigGroupHead *sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
+    SigGroupHead *sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
     if (sgh == NULL) {
         goto end;
     }
@@ -2177,6 +2179,7 @@ static int SigGroupHeadTest10(void)
 end:
     SigCleanSignatures(de_ctx);
     DetectEngineCtxFree(de_ctx);
+    UTHFreePackets(&p, 1);
     return result;
 }
 #endif

src/detect-engine-state.c

@@ -45,6 +45,7 @@
 #include "app-layer-dcerpc.h"
 
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-profiling.h"
 
 /** convert enum to string */
@@ -786,7 +787,7 @@ static int DeStateSigTest01(void) {
     ThreadVars th_v;
     Flow f;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     uint8_t httpbuf1[] = "POST / HTTP/1.0\r\n";
     uint8_t httpbuf2[] = "User-Agent: Mozilla/1.0\r\n";
     uint8_t httpbuf3[] = "Cookie: dummy\r\nContent-Length: 10\r\n\r\n";
@@ -798,24 +799,19 @@ static int DeStateSigTest01(void) {
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -843,12 +839,12 @@ static int DeStateSigTest01(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
     if (r != 0) {
@@ -856,12 +852,12 @@ static int DeStateSigTest01(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted (2): ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
     if (r != 0) {
@@ -869,12 +865,12 @@ static int DeStateSigTest01(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (!(PacketAlertCheck(&p, 1))) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't alert: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
     if (r != 0) {
@@ -883,12 +879,12 @@ static int DeStateSigTest01(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("signature matched, but shouldn't have: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     result = 1;
 end:
@@ -906,6 +902,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePacket(p);
     return result;
 }
 
@@ -917,7 +914,7 @@ static int DeStateSigTest02(void) {
     ThreadVars th_v;
     Flow f;
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     uint8_t httpbuf1[] = "POST / HTTP/1.1\r\n";
     uint8_t httpbuf2[] = "User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
     uint8_t httpbuf3[] = "Cookie: dummy\r\n\r\n";
@@ -934,15 +931,10 @@ static int DeStateSigTest02(void) {
     uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
@@ -950,9 +942,9 @@ static int DeStateSigTest02(void) {
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -985,12 +977,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
     if (r != 0) {
@@ -998,12 +990,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted (2): ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
     if (r != 0) {
@@ -1011,12 +1003,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (!(PacketAlertCheck(&p, 1))) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sig 1 didn't alert: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
     if (r != 0) {
@@ -1025,12 +1017,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("signature matched, but shouldn't have: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
     if (r != 0) {
@@ -1038,12 +1030,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)) {
         printf("sig 1 alerted (5): ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
     if (r != 0) {
@@ -1051,12 +1043,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if ((PacketAlertCheck(&p, 1)) || (PacketAlertCheck(&p, 2))) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if ((PacketAlertCheck(p, 1)) || (PacketAlertCheck(p, 2))) {
         printf("sig 1 alerted (request 2, chunk 6): ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     SCLogDebug("sending data chunk 7");
 
@@ -1066,12 +1058,12 @@ static int DeStateSigTest02(void) {
         goto end;
     }
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (!(PacketAlertCheck(&p, 2))) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (!(PacketAlertCheck(p, 2))) {
         printf("signature 2 didn't match, but should have: ");
         goto end;
     }
-    p.alerts.cnt = 0;
+    p->alerts.cnt = 0;
 
     result = 1;
 end:
@@ -1086,6 +1078,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePacket(p);
     return result;
 }
 #endif

src/detect-fast-pattern.c

@@ -35,6 +35,7 @@
 #include "util-error.h"
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 static int DetectFastPatternSetup(DetectEngineCtx *, Signature *, char *);
 void DetectFastPatternRegisterTests(void);
@@ -257,18 +258,14 @@ int DetectFastPatternTest05(void)
         "strin2.  This is strings3.  We strins_str4. we "
         "have strins_string5";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -290,8 +287,8 @@ int DetectFastPatternTest05(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) != 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) != 0)
         result = 1;
 
     SigGroupCleanup(de_ctx);
@@ -300,6 +297,7 @@ int DetectFastPatternTest05(void)
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     DetectEngineCtxFree(de_ctx);
     return result;
 }
@@ -313,18 +311,13 @@ int DetectFastPatternTest06(void)
         "string2.  This is strings3.  We have strings_str4.  We also have "
         "strings_string5";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -344,8 +337,8 @@ int DetectFastPatternTest06(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) != 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) != 0)
         result = 1;
 
     SigGroupCleanup(de_ctx);
@@ -354,6 +347,7 @@ int DetectFastPatternTest06(void)
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     DetectEngineCtxFree(de_ctx);
     return result;
 }
@@ -368,18 +362,13 @@ int DetectFastPatternTest07(void)
         "right now, all the way to hangover.  right.  now here comes our "
         "dark knight strings_string5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -399,8 +388,8 @@ int DetectFastPatternTest07(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) == 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) == 0)
         result = 1;
 
     SigGroupCleanup(de_ctx);
@@ -409,6 +398,7 @@ int DetectFastPatternTest07(void)
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     DetectEngineCtxFree(de_ctx);
     return result;
 }
@@ -423,18 +413,13 @@ int DetectFastPatternTest08(void)
         "right now, all the way to hangover.  right.  now here comes our "
         "dark knight strings3.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -458,8 +443,8 @@ int DetectFastPatternTest08(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    uint32_t r = PacketPatternSearch(&th_v, det_ctx, &p);
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    uint32_t r = PacketPatternSearch(&th_v, det_ctx, p);
     if (r != 1) {
         printf("expected 1, got %"PRIu32": ", r);
         goto end;
@@ -467,6 +452,7 @@ int DetectFastPatternTest08(void)
 
     result = 1;
 end:
+    UTHFreePackets(&p, 1);
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
@@ -483,18 +469,13 @@ int DetectFastPatternTest09(void)
         "right now, all the way to hangover.  right.  no_strings4 _imp now here "
         "comes our dark knight strings3.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -514,8 +495,8 @@ int DetectFastPatternTest09(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) == 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) == 0)
         result = 1;
 
     SigGroupCleanup(de_ctx);
@@ -524,6 +505,7 @@ int DetectFastPatternTest09(void)
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     DetectEngineCtxFree(de_ctx);
     return result;
 }
@@ -539,18 +521,13 @@ int DetectFastPatternTest10(void)
         "right now, all the way to hangover.  right.  strings4_imp now here "
         "comes our dark knight strings5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -574,8 +551,8 @@ int DetectFastPatternTest10(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    uint32_t r = PacketPatternSearch(&th_v, det_ctx, &p);
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    uint32_t r = PacketPatternSearch(&th_v, det_ctx, p);
     if (r != 1) {
         printf("expected 1, got %"PRIu32": ", r);
         goto end;
@@ -583,6 +560,7 @@ int DetectFastPatternTest10(void)
 
     result = 1;
 end:
+    UTHFreePackets(&p, 1);
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
@@ -601,18 +579,13 @@ int DetectFastPatternTest11(void)
         "right now, all the way to hangover.  right.  strings5_imp now here "
         "comes our dark knight strings5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -632,12 +605,13 @@ int DetectFastPatternTest11(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) == 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) == 0)
         result = 1;
 
 
 end:
+    UTHFreePackets(&p, 1);
     if (de_ctx != NULL) {
         SigGroupCleanup(de_ctx);
         SigCleanSignatures(de_ctx);
@@ -657,18 +631,13 @@ int DetectFastPatternTest12(void)
         "right now, all the way to hangover.  right.  strings5_imp now here "
         "comes our dark knight strings5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -688,8 +657,8 @@ int DetectFastPatternTest12(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    if (PacketPatternSearch(&th_v, det_ctx, &p) == 0)
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    if (PacketPatternSearch(&th_v, det_ctx, p) == 0)
         result = 1;
 
     SigGroupCleanup(de_ctx);
@@ -698,6 +667,7 @@ int DetectFastPatternTest12(void)
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     DetectEngineCtxFree(de_ctx);
     return result;
 }
@@ -714,18 +684,13 @@ int DetectFastPatternTest13(void)
         "right now, all the way to hangover.  right.  strings5_imp now here "
         "comes our dark knight strings_string5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -749,8 +714,8 @@ int DetectFastPatternTest13(void)
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     /* start the search phase */
-    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, &p);
-    uint32_t r = PacketPatternSearch(&th_v, det_ctx, &p);
+    det_ctx->sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
+    uint32_t r = PacketPatternSearch(&th_v, det_ctx, p);
     if (r != 1) {
         printf("expected 1 result, got %"PRIu32": ", r);
         goto end;
@@ -758,6 +723,7 @@ int DetectFastPatternTest13(void)
 
     result = 1;
 end:
+    UTHFreePackets(&p, 1);
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
@@ -775,19 +741,14 @@ int DetectFastPatternTest14(void)
         "right now, all the way to hangover.  right.  strings5_imp now here "
         "comes our dark knight strings_string5.  Yes here is our dark knight";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     int alertcnt = 0;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL)
@@ -811,19 +772,20 @@ int DetectFastPatternTest14(void)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)){
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)){
         alertcnt++;
     }else{
         SCLogInfo("could not match on sig 1 with when fast_pattern is inspecting payload");
         goto end;
     }
-    if (PacketAlertCheck(&p, 2)){
+    if (PacketAlertCheck(p, 2)){
         result = 1;
     }else{
         SCLogInfo("match on sig 1 fast_pattern no match sig 2 inspecting same payload");
     }
 end:
+    UTHFreePackets(&p, 1);
     SigGroupCleanup(de_ctx);
     SigCleanSignatures(de_ctx);
 

src/detect-ftpbounce.c

@@ -324,30 +324,24 @@ static int DetectFtpbounceTestALMatch02(void) {
 
     TcpSession ssn;
     Flow f;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.src.addr_data32[0] = 0x01020304;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacketSrcDst(NULL, 0, IPPROTO_TCP, "1.2.3.4", "5.6.7.8");
 
     FLOW_INITIALIZE(&f);
     f.src.address.address_un_data32[0]=0x01020304;
     f.protoctx =(void *)&ssn;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_FTP;
 
     StreamTcpInitConfig(TRUE);
@@ -412,9 +406,9 @@ static int DetectFtpbounceTestALMatch02(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         goto end;
     }
 
@@ -429,6 +423,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-http-client-body.c

@@ -40,6 +40,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-spm.h"
 
 #include "app-layer.h"
@@ -452,7 +453,7 @@ static int DetectHttpClientBodyTest05(void)
 static int DetectHttpClientBodyTest06(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -469,26 +470,20 @@ static int DetectHttpClientBodyTest06(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -525,9 +520,9 @@ static int DetectHttpClientBodyTest06(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have\n");
         goto end;
     }
@@ -544,6 +539,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -554,8 +550,8 @@ end:
 static int DetectHttpClientBodyTest07(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -575,36 +571,24 @@ static int DetectHttpClientBodyTest07(void)
     uint32_t http2_len = sizeof(http2_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -640,9 +624,9 @@ static int DetectHttpClientBodyTest07(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if (!(PacketAlertCheck(&p1, 1))) {
+    if (!(PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match on p1 but should have: ");
         goto end;
     }
@@ -654,10 +638,10 @@ static int DetectHttpClientBodyTest07(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 /* VJ right now we won't inspect the body another time if it
    already matched once. Later we will take care of that.
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match on p2 but should have: ");
         goto end;
     }
@@ -674,6 +658,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -684,8 +670,8 @@ end:
 static int DetectHttpClientBodyTest08(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -707,34 +693,23 @@ static int DetectHttpClientBodyTest08(void)
 
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -771,9 +746,9 @@ static int DetectHttpClientBodyTest08(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -786,9 +761,9 @@ static int DetectHttpClientBodyTest08(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -805,6 +780,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -815,8 +792,8 @@ end:
 static int DetectHttpClientBodyTest09(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -838,34 +815,23 @@ static int DetectHttpClientBodyTest09(void)
 
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -902,9 +868,9 @@ static int DetectHttpClientBodyTest09(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -917,9 +883,9 @@ static int DetectHttpClientBodyTest09(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -936,6 +902,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -946,8 +914,8 @@ end:
 static int DetectHttpClientBodyTest10(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -967,36 +935,24 @@ static int DetectHttpClientBodyTest10(void)
     uint32_t http2_len = sizeof(http2_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1033,9 +989,9 @@ static int DetectHttpClientBodyTest10(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have\n");
         goto end;
     }
@@ -1048,9 +1004,9 @@ static int DetectHttpClientBodyTest10(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -1067,6 +1023,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -1077,7 +1035,7 @@ end:
 static int DetectHttpClientBodyTest11(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1094,26 +1052,20 @@ static int DetectHttpClientBodyTest11(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1150,9 +1102,9 @@ static int DetectHttpClientBodyTest11(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -1169,6 +1121,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1179,7 +1132,7 @@ end:
 static int DetectHttpClientBodyTest12(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1196,26 +1149,20 @@ static int DetectHttpClientBodyTest12(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1252,9 +1199,9 @@ static int DetectHttpClientBodyTest12(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -1271,6 +1218,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1281,7 +1229,7 @@ end:
 static int DetectHttpClientBodyTest13(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1300,24 +1248,19 @@ static int DetectHttpClientBodyTest13(void)
 
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1354,9 +1297,9 @@ static int DetectHttpClientBodyTest13(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have");
         goto end;
     }
@@ -1373,6 +1316,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-http-cookie.c

@@ -41,6 +41,7 @@
 #include "util-debug.h"
 #include "util-error.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-spm.h"
 #include "util-print.h"
 
@@ -484,31 +485,26 @@ static int DetectHttpCookieSigTest01(void) {
                          " hellocatchme\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -553,13 +549,13 @@ static int DetectHttpCookieSigTest01(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
-    if (PacketAlertCheck(&p, 2)) {
+    if (PacketAlertCheck(p, 2)) {
         printf("sid 2 matched but shouldn't: ");
         goto end;
     }
@@ -576,6 +572,8 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -586,7 +584,7 @@ static int DetectHttpCookieSigTest02(void) {
     uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -597,20 +595,16 @@ static int DetectHttpCookieSigTest02(void) {
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -648,9 +642,9 @@ static int DetectHttpCookieSigTest02(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         goto end;
     }
 
@@ -666,6 +660,7 @@ end:
     }
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -677,31 +672,26 @@ static int DetectHttpCookieSigTest03(void) {
         "Cookie: dummy\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -739,9 +729,9 @@ static int DetectHttpCookieSigTest03(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         goto end;
     }
 
@@ -757,6 +747,7 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -768,7 +759,7 @@ static int DetectHttpCookieSigTest04(void) {
         "Cookie: dummy\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -779,20 +770,16 @@ static int DetectHttpCookieSigTest04(void) {
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -830,9 +817,9 @@ static int DetectHttpCookieSigTest04(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         goto end;
     }
 
@@ -848,6 +835,7 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -859,7 +847,7 @@ static int DetectHttpCookieSigTest05(void) {
         "Cookie: DuMmY\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -870,20 +858,16 @@ static int DetectHttpCookieSigTest05(void) {
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -921,9 +905,9 @@ static int DetectHttpCookieSigTest05(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         goto end;
     }
 
@@ -939,6 +923,7 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -950,7 +935,7 @@ static int DetectHttpCookieSigTest06(void) {
         "Cookie: DuMmY\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -961,20 +946,16 @@ static int DetectHttpCookieSigTest06(void) {
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1011,9 +992,9 @@ static int DetectHttpCookieSigTest06(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!PacketAlertCheck(&p, 1)) {
+    if (!PacketAlertCheck(p, 1)) {
         printf("sig 1 failed to match: ");
         goto end;
     }
@@ -1030,6 +1011,7 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1041,31 +1023,26 @@ static int DetectHttpCookieSigTest07(void) {
         "Cookie: dummy\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1103,9 +1080,9 @@ static int DetectHttpCookieSigTest07(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         goto end;
     }
 
@@ -1121,6 +1098,7 @@ end:
 
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-http-header.c

@@ -40,6 +40,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-spm.h"
 #include "util-print.h"
 
@@ -448,7 +449,7 @@ static int DetectHttpHeaderTest05(void)
 static int DetectHttpHeaderTest06(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -465,25 +466,19 @@ static int DetectHttpHeaderTest06(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -520,9 +515,9 @@ static int DetectHttpHeaderTest06(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -539,6 +534,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -549,8 +545,8 @@ end:
 static int DetectHttpHeaderTest07(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -571,33 +567,22 @@ static int DetectHttpHeaderTest07(void)
 
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -634,10 +619,10 @@ static int DetectHttpHeaderTest07(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ( (PacketAlertCheck(&p1, 1))) {
-        printf("sid 1 didn't match but should have: ");
+    if ( (PacketAlertCheck(p1, 1))) {
+        printf("sid 1 matched but shouldn't have: ");
         goto end;
     }
 
@@ -649,9 +634,9 @@ static int DetectHttpHeaderTest07(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -668,6 +653,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -678,8 +665,8 @@ end:
 static int DetectHttpHeaderTest08(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -697,35 +684,23 @@ static int DetectHttpHeaderTest08(void)
     uint32_t http2_len = sizeof(http2_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -762,9 +737,9 @@ static int DetectHttpHeaderTest08(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -777,9 +752,9 @@ static int DetectHttpHeaderTest08(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -796,6 +771,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -806,8 +783,8 @@ end:
 static int DetectHttpHeaderTest09(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -826,35 +803,23 @@ static int DetectHttpHeaderTest09(void)
     uint32_t http2_len = sizeof(http2_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -891,9 +856,9 @@ static int DetectHttpHeaderTest09(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -906,9 +871,9 @@ static int DetectHttpHeaderTest09(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -925,6 +890,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -935,8 +902,8 @@ end:
 static int DetectHttpHeaderTest10(void)
 {
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -955,35 +922,23 @@ static int DetectHttpHeaderTest10(void)
     uint32_t http2_len = sizeof(http2_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1020,9 +975,9 @@ static int DetectHttpHeaderTest10(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
-    if ((PacketAlertCheck(&p1, 1))) {
+    if ((PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -1035,9 +990,9 @@ static int DetectHttpHeaderTest10(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p2, 1))) {
+    if (!(PacketAlertCheck(p2, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -1054,6 +1009,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 
@@ -1064,7 +1021,7 @@ end:
 static int DetectHttpHeaderTest11(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1081,25 +1038,19 @@ static int DetectHttpHeaderTest11(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1136,9 +1087,9 @@ static int DetectHttpHeaderTest11(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -1155,6 +1106,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1165,7 +1117,7 @@ end:
 static int DetectHttpHeaderTest12(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1182,25 +1134,19 @@ static int DetectHttpHeaderTest12(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1237,9 +1183,9 @@ static int DetectHttpHeaderTest12(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -1256,6 +1202,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1266,7 +1213,7 @@ end:
 static int DetectHttpHeaderTest13(void)
 {
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineCtx *de_ctx = NULL;
     DetectEngineThreadCtx *det_ctx = NULL;
@@ -1283,26 +1230,20 @@ static int DetectHttpHeaderTest13(void)
     uint32_t http_len = sizeof(http_buf) - 1;
     int result = 0;
 
-
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1339,9 +1280,9 @@ static int DetectHttpHeaderTest13(void)
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
@@ -1358,6 +1299,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-http-method.c

@@ -41,6 +41,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-spm.h"
 
 #include "app-layer.h"
@@ -400,31 +401,26 @@ static int DetectHttpMethodSigTest01(void)
                          "\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -470,12 +466,12 @@ static int DetectHttpMethodSigTest01(void)
         goto end;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         goto end;
     }
-    if (PacketAlertCheck(&p, 2)) {
+    if (PacketAlertCheck(p, 2)) {
         goto end;
     }
 
@@ -490,6 +486,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -503,31 +500,26 @@ static int DetectHttpMethodSigTest02(void)
                          "\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -573,12 +565,12 @@ static int DetectHttpMethodSigTest02(void)
         goto end;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         goto end;
     }
-    if (PacketAlertCheck(&p, 2)) {
+    if (PacketAlertCheck(p, 2)) {
         goto end;
     }
 
@@ -594,6 +586,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -605,31 +598,26 @@ static int DetectHttpMethodSigTest03(void)
     uint8_t httpbuf1[] = " ";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -667,9 +655,9 @@ static int DetectHttpMethodSigTest03(void)
         goto end;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         goto end;
     }
 
@@ -684,6 +672,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-icmp-id.c

@@ -327,40 +327,16 @@ int DetectIcmpIdParseTest05 (void) {
  */
 int DetectIcmpIdMatchTest01 (void) {
     int result = 0;
-
-    uint8_t raw_icmpv4[] = {
-        0x08, 0x00, 0x64, 0x03, 0x55, 0x15, 0x00, 0x00,
-        0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
-        0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
-        0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
-        0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
-        0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
-        0x58 };
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     DecodeThreadVars dtv;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
-    IPV4Hdr ip4h;
 
-    memset(&p, 0, sizeof(Packet));
-    memset(&ip4h, 0, sizeof(IPV4Hdr));
-    memset(&dtv, 0, sizeof(DecodeThreadVars));
     memset(&th_v, 0, sizeof(ThreadVars));
 
-    FlowInitConfig(FLOW_QUIET);
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.src.addr_data32[0] = 0x01020304;
-    p.dst.addr_data32[0] = 0x04030201;
-
-    ip4h.ip_src.s_addr = p.src.addr_data32[0];
-    ip4h.ip_dst.s_addr = p.dst.addr_data32[0];
-    p.ip4h = &ip4h;
-
-    DecodeICMPV4(&th_v, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
+    p = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
+    p->icmpv4vars.id = htons(21781);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -382,11 +358,11 @@ int DetectIcmpIdMatchTest01 (void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 0) {
         printf("sid 1 did not alert, but should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2)) {
+    } else if (PacketAlertCheck(p, 2)) {
         printf("sid 2 alerted, but should not have: ");
         goto cleanup;
     }
@@ -400,7 +376,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
-    FlowShutdown();
+    UTHFreePackets(&p, 1);
 end:
     return result;
 

src/detect-icmp-seq.c

@@ -299,37 +299,15 @@ int DetectIcmpSeqParseTest03 (void) {
  */
 int DetectIcmpSeqMatchTest01 (void) {
     int result = 0;
-
-    uint8_t raw_icmpv4[] = {
-        0x08, 0x00, 0x42, 0xb4, 0x02, 0x00, 0x08, 0xa8,
-        0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
-        0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
-        0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x61,
-        0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69};
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
-    DecodeThreadVars dtv;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
-    IPV4Hdr ip4h;
-
-    memset(&p, 0, sizeof(Packet));
-    memset(&ip4h, 0, sizeof(IPV4Hdr));
-    memset(&dtv, 0, sizeof(DecodeThreadVars));
-    memset(&th_v, 0, sizeof(ThreadVars));
-
-    FlowInitConfig(FLOW_QUIET);
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.src.addr_data32[0] = 0x01020304;
-    p.dst.addr_data32[0] = 0x04030201;
 
-    ip4h.ip_src.s_addr = p.src.addr_data32[0];
-    ip4h.ip_dst.s_addr = p.dst.addr_data32[0];
-    p.ip4h = &ip4h;
+    memset(&th_v, 0, sizeof(th_v));
 
-    DecodeICMPV4(&th_v, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
+    p = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
+    p->icmpv4vars.seq = htons(2216);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -351,11 +329,11 @@ int DetectIcmpSeqMatchTest01 (void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 0) {
         printf("sid 1 did not alert, but should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2)) {
+    } else if (PacketAlertCheck(p, 2)) {
         printf("sid 2 alerted, but should not have: ");
         goto cleanup;
     }
@@ -369,7 +347,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
-    FlowShutdown();
+    UTHFreePackets(&p, 1);
 end:
     return result;
 

src/detect-icode.c

@@ -388,25 +388,17 @@ int DetectICodeParseTest08(void) {
  */
 int DetectICodeMatchTest01(void) {
 
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
-    IPV4Hdr ip4h;
-    ICMPV4Hdr icmpv4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-    memset(&icmpv4h, 0, sizeof(icmpv4h));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_ICMP;
-    p.ip4h = &ip4h;
-    icmpv4h.code = 10;
-    p.icmpv4h = &icmpv4h;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
+
+    p->icmpv4h->code = 10;
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -443,20 +435,20 @@ int DetectICodeMatchTest01(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 0) {
         SCLogDebug("sid 1 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2) == 0) {
+    } else if (PacketAlertCheck(p, 2) == 0) {
         SCLogDebug("sid 2 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 3)) {
+    } else if (PacketAlertCheck(p, 3)) {
         SCLogDebug("sid 3 alerted, but should not have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 4) == 0) {
+    } else if (PacketAlertCheck(p, 4) == 0) {
         SCLogDebug("sid 4 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 5) == 0) {
+    } else if (PacketAlertCheck(p, 5) == 0) {
         SCLogDebug("sid 5 did not alert, but should have");
         goto cleanup;
     }
@@ -470,6 +462,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
 end:
     return result;
 }

src/detect-itype.c

@@ -388,25 +388,16 @@ int DetectITypeParseTest08(void) {
  */
 int DetectITypeMatchTest01(void) {
 
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
-    IPV4Hdr ip4h;
-    ICMPV4Hdr icmpv4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-    memset(&icmpv4h, 0, sizeof(icmpv4h));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_ICMP;
-    p.ip4h = &ip4h;
-    icmpv4h.type = 10;
-    p.icmpv4h = &icmpv4h;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
+    p->icmpv4h->type = 10;
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -444,20 +435,20 @@ int DetectITypeMatchTest01(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 0) {
         SCLogDebug("sid 1 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2) == 0) {
+    } else if (PacketAlertCheck(p, 2) == 0) {
         SCLogDebug("sid 2 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 3)) {
+    } else if (PacketAlertCheck(p, 3)) {
         SCLogDebug("sid 3 alerted, but should not have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 4) == 0) {
+    } else if (PacketAlertCheck(p, 4) == 0) {
         SCLogDebug("sid 4 did not alert, but should have");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 5) == 0) {
+    } else if (PacketAlertCheck(p, 5) == 0) {
         SCLogDebug("sid 5 did not alert, but should have");
         goto cleanup;
     }
@@ -471,6 +462,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
 end:
     return result;
 }

src/detect-pcre.c

@@ -1290,7 +1290,7 @@ static int DetectPcreTestSig01Real(int mpm_type) {
         "\r\n\r\n";
     uint16_t buflen = strlen((char *)buf);
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
@@ -1298,8 +1298,6 @@ static int DetectPcreTestSig01Real(int mpm_type) {
 
     memset(&f, 0, sizeof(f));
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-
     memset(&ssn, 0, sizeof(TcpSession));
 
     FLOW_INITIALIZE(&f);
@@ -1308,14 +1306,10 @@ static int DetectPcreTestSig01Real(int mpm_type) {
     f.dst.family = AF_INET;
     f.alproto = ALPROTO_HTTP;
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
 
     StreamTcpInitConfig(TRUE);
     FlowL7DataPtrInit(&f);
@@ -1343,8 +1337,8 @@ static int DetectPcreTestSig01Real(int mpm_type) {
         result = 0;
         goto end;
     }
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 1) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 1) {
         result = 1;
     }
 
@@ -1359,8 +1353,19 @@ end:
     StreamTcpFreeConfig(TRUE);
 
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
+static int DetectPcreTestSig01B2g (void) {
+    return DetectPcreTestSig01Real(MPM_B2G);
+}
+static int DetectPcreTestSig01B3g (void) {
+    return DetectPcreTestSig01Real(MPM_B3G);
+}
+static int DetectPcreTestSig01Wm (void) {
+    return DetectPcreTestSig01Real(MPM_WUMANBER);
+}
 
 static int DetectPcreTestSig02Real(int mpm_type) {
     uint8_t *buf = (uint8_t *)
@@ -1371,23 +1376,19 @@ static int DetectPcreTestSig02Real(int mpm_type) {
         "Host: two.example.org\r\n"
         "\r\n\r\n";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
 
     FLOW_INITIALIZE(&f);
-    p.flow = &f;
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
+    p->flow = &f;
 
     pcre_match_limit = 100;
     pcre_match_limit_recursion = 100;
@@ -1409,8 +1410,8 @@ static int DetectPcreTestSig02Real(int mpm_type) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 2) == 1) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 2) == 1) {
         result = 1;
     }
 
@@ -1421,19 +1422,9 @@ static int DetectPcreTestSig02Real(int mpm_type) {
     DetectEngineCtxFree(de_ctx);
     FLOW_DESTROY(&f);
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
-
-static int DetectPcreTestSig01B2g (void) {
-    return DetectPcreTestSig01Real(MPM_B2G);
-}
-static int DetectPcreTestSig01B3g (void) {
-    return DetectPcreTestSig01Real(MPM_B3G);
-}
-static int DetectPcreTestSig01Wm (void) {
-    return DetectPcreTestSig01Real(MPM_WUMANBER);
-}
-
 static int DetectPcreTestSig02B2g (void) {
     return DetectPcreTestSig02Real(MPM_B2G);
 }
@@ -1456,18 +1447,14 @@ static int DetectPcreTestSig03Real(int mpm_type) {
         "Host: two.example.org\r\n"
         "\r\n\r\n";
     uint16_t buflen = strlen((char *)buf);
-    Packet p;
+    Packet *p = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 1;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_TCP;
+
+    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -1487,8 +1474,8 @@ static int DetectPcreTestSig03Real(int mpm_type) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1)){
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1)){
         printf("sid 1 matched even though it shouldn't have:");
         result = 0;
     }
@@ -1498,6 +1485,7 @@ static int DetectPcreTestSig03Real(int mpm_type) {
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1545,31 +1533,26 @@ static int DetectPcreModifPTest04(void) {
 
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Flow f;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1613,13 +1596,13 @@ static int DetectPcreModifPTest04(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("sid 1 didn't match but should have: ");
         goto end;
     }
-    if (PacketAlertCheck(&p, 2)) {
+    if (PacketAlertCheck(p, 2)) {
         printf("sid 2 matched but shouldn't: ");
         goto end;
     }
@@ -1633,6 +1616,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1674,42 +1658,31 @@ static int DetectPcreModifPTest05(void) {
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p1;
-    Packet p2;
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     Flow f;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p1, 0, sizeof(Packet));
-    memset(&p2, 0, sizeof(Packet));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p1.src.family = AF_INET;
-    p1.dst.family = AF_INET;
-    p1.payload = NULL;
-    p1.payload_len = 0;
-    p1.proto = IPPROTO_TCP;
-
-    p2.src.family = AF_INET;
-    p2.dst.family = AF_INET;
-    p2.payload = NULL;
-    p2.payload_len = 0;
-    p2.proto = IPPROTO_TCP;
+    p1 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p2 = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p1.flow = &f;
-    p1.flowflags |= FLOW_PKT_TOSERVER;
-    p1.flowflags |= FLOW_PKT_ESTABLISHED;
-    p2.flow = &f;
-    p2.flowflags |= FLOW_PKT_TOSERVER;
-    p2.flowflags |= FLOW_PKT_ESTABLISHED;
+    p1->flow = &f;
+    p1->flowflags |= FLOW_PKT_TOSERVER;
+    p1->flowflags |= FLOW_PKT_ESTABLISHED;
+    p2->flow = &f;
+    p2->flowflags |= FLOW_PKT_TOSERVER;
+    p2->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1746,7 +1719,7 @@ static int DetectPcreModifPTest05(void) {
     }
 
     /* do detect for p1 */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
 
     r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
     if (r != 0) {
@@ -1763,25 +1736,25 @@ static int DetectPcreModifPTest05(void) {
     }
 
     /* do detect for p2 */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
 
-    if (!(PacketAlertCheck(&p1, 1))) {
+    if (!(PacketAlertCheck(p1, 1))) {
         printf("sid 1 didn't match on p1 but should have: ");
         goto end;
     }
 
-    if (PacketAlertCheck(&p1, 2)) {
+    if (PacketAlertCheck(p1, 2)) {
         printf("sid 2 did match on p1 but shouldn't have: ");
         /* It's a partial match over 2 chunks*/
         goto end;
     }
 
-    if ((PacketAlertCheck(&p2, 1))) {
+    if ((PacketAlertCheck(p2, 1))) {
         printf("sid 1 did match on p2 but should have: ");
         goto end;
     }
 
-    if (!(PacketAlertCheck(&p2, 2))) {
+    if (!(PacketAlertCheck(p2, 2))) {
         printf("sid 2 didn't match on p2 but should have: ");
         /* It's a partial match over 2 chunks*/
         goto end;
@@ -1796,6 +1769,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p1, 1);
+    UTHFreePackets(&p2, 1);
     return result;
 }
 

src/detect-rpc.c

@@ -497,21 +497,15 @@ static int DetectRpcTestSig01(void) {
         /* Port 0 */
         0x00,0x00,0x00,0x00 };
     uint16_t buflen = sizeof(buf);
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = buf;
-    p.payload_len = buflen;
-    p.proto = IPPROTO_UDP;
-    /** Be careful, this is just to match the macro PKT_IS_UDP! */
-    p.udph = (void *)1;
+
+    p = UTHBuildPacket(buf, buflen, IPPROTO_UDP);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -548,20 +542,20 @@ static int DetectRpcTestSig01(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    if (PacketAlertCheck(&p, 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    if (PacketAlertCheck(p, 1) == 0) {
         printf("sid 1 didnt alert, but it should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 2) == 0) {
+    } else if (PacketAlertCheck(p, 2) == 0) {
         printf("sid 2 didnt alert, but it should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 3) == 0) {
+    } else if (PacketAlertCheck(p, 3) == 0) {
         printf("sid 3 didnt alert, but it should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 4) == 0) {
+    } else if (PacketAlertCheck(p, 4) == 0) {
         printf("sid 4 didnt alert, but it should have: ");
         goto cleanup;
-    } else if (PacketAlertCheck(&p, 5) > 0) {
+    } else if (PacketAlertCheck(p, 5) > 0) {
         printf("sid 5 did alert, but should not: ");
         goto cleanup;
     }
@@ -577,7 +571,7 @@ cleanup:
 
     DetectSigGroupPrintMemory();
     DetectAddressPrintMemory();
-
+    UTHFreePackets(&p, 1);
 end:
     return result;
 }

src/detect-sameip.c

@@ -35,6 +35,7 @@
 #include "detect-sameip.h"
 
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 static int DetectSameipMatch(ThreadVars *, DetectEngineThreadCtx *, Packet *,
                              Signature *, SigMatch *);
@@ -120,7 +121,8 @@ static int DetectSameipSigTest01Real(int mpm_type)
                     "GET / HTTP/1.0\r\n"
                     "\r\n";
     uint16_t buflen = strlen((char *)buf);
-    Packet p[2];
+    Packet *p1 = NULL;
+    Packet *p2 = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
@@ -128,24 +130,10 @@ static int DetectSameipSigTest01Real(int mpm_type)
     memset(&th_v, 0, sizeof(th_v));
 
     /* First packet has same IPs */
-    memset(&p[0], 0, sizeof(p[0]));
-    p[0].src.family = AF_INET;
-    p[0].dst.family = AF_INET;
-    p[0].src.addr_data32[0] = 0x01020304;
-    p[0].dst.addr_data32[0] = 0x01020304;
-    p[0].payload = buf;
-    p[0].payload_len = buflen;
-    p[0].proto = IPPROTO_TCP;
+    p1 = UTHBuildPacketSrcDst(buf, buflen, IPPROTO_TCP, "1.2.3.4", "1.2.3.4");
 
     /* Second packet does not have same IPs */
-    memset(&p[1], 0, sizeof(p[1]));
-    p[1].src.family = AF_INET;
-    p[1].dst.family = AF_INET;
-    p[1].src.addr_data32[0] = 0x01020304;
-    p[1].dst.addr_data32[0] = 0x04030201;
-    p[1].payload = buf;
-    p[1].payload_len = buflen;
-    p[1].proto = IPPROTO_TCP;
+    p2 = UTHBuildPacketSrcDst(buf, buflen, IPPROTO_TCP, "1.2.3.4", "4.3.2.1");
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -165,14 +153,14 @@ static int DetectSameipSigTest01Real(int mpm_type)
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p[0]);
-    if (PacketAlertCheck(&p[0], 1) == 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
+    if (PacketAlertCheck(p1, 1) == 0) {
         printf("sid 2 did not alert, but should have: ");
         goto cleanup;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p[1]);
-    if (PacketAlertCheck(&p[1], 1) != 0) {
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
+    if (PacketAlertCheck(p2, 1) != 0) {
         printf("sid 2 alerted, but should not have: ");
         goto cleanup;
     }

src/detect-threshold.c

@@ -38,6 +38,7 @@
 #include "detect-parse.h"
 
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-byte.h"
 #include "util-debug.h"
 
@@ -372,26 +373,16 @@ static int ThresholdTestParse05 (void) {
 
 static int DetectThresholdTestSig1(void) {
 
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -414,22 +405,22 @@ static int DetectThresholdTestSig1(void) {
 
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
 
     if(alerts == 5)
         result = 1;
@@ -442,6 +433,7 @@ static int DetectThresholdTestSig1(void) {
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 
+    UTHFreePackets(&p, 1);
 end:
     return result;
 }
@@ -456,27 +448,16 @@ end:
  */
 
 static int DetectThresholdTestSig2(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -493,26 +474,26 @@ static int DetectThresholdTestSig2(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
 
     if (alerts == 2)
         result = 1;
@@ -527,6 +508,7 @@ cleanup:
     DetectEngineCtxFree(de_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -540,14 +522,12 @@ end:
  */
 
 static int DetectThresholdTestSig3(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
     struct timeval ts;
     DetectThresholdData *td = NULL;
     DetectThresholdEntry *lookup_tsh = NULL;
@@ -557,17 +537,8 @@ static int DetectThresholdTestSig3(void) {
     TimeGet(&ts);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -584,7 +555,7 @@ static int DetectThresholdTestSig3(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    td = SigGetThresholdType(s,&p);
+    td = SigGetThresholdType(s,p);
 
     /* setup the Entry we use to search our hash with */
     ste = SCMalloc(sizeof(DetectThresholdEntry));
@@ -592,27 +563,27 @@ static int DetectThresholdTestSig3(void) {
         goto end;
     memset(ste, 0x00, sizeof(ste));
 
-    if (PKT_IS_IPV4(&p))
+    if (PKT_IS_IPV4(p))
         ste->ipv = 4;
-    else if (PKT_IS_IPV6(&p))
+    else if (PKT_IS_IPV6(p))
         ste->ipv = 6;
 
     ste->sid = s->id;
     ste->gid = s->gid;
 
     if (td->track == TRACK_DST) {
-        COPY_ADDRESS(&p.dst, &ste->addr);
+        COPY_ADDRESS(&p->dst, &ste->addr);
     } else if (td->track == TRACK_SRC) {
-        COPY_ADDRESS(&p.src, &ste->addr);
+        COPY_ADDRESS(&p->src, &ste->addr);
     }
 
     ste->track = td->track;
 
-    TimeGet(&p.ts);
+    TimeGet(&p->ts);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     lookup_tsh = (DetectThresholdEntry *)HashListTableLookup(de_ctx->ths_ctx.threshold_hash_table_dst, ste, sizeof(DetectThresholdEntry));
     if (lookup_tsh == NULL) {
@@ -621,11 +592,11 @@ static int DetectThresholdTestSig3(void) {
     }
 
     TimeSetIncrementTime(200);
-    TimeGet(&p.ts);
+    TimeGet(&p->ts);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     if (lookup_tsh)
         alerts = lookup_tsh->current_count;
@@ -644,6 +615,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -657,31 +629,20 @@ end:
  */
 
 static int DetectThresholdTestSig4(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
     struct timeval ts;
 
     memset (&ts, 0, sizeof(struct timeval));
     TimeGet(&ts);
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -698,23 +659,23 @@ static int DetectThresholdTestSig4(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    TimeGet(&p.ts);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
+    TimeGet(&p->ts);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
 
     TimeSetIncrementTime(200);
-    TimeGet(&p.ts);
+    TimeGet(&p->ts);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 10);
 
     if (alerts == 2)
         result = 1;
@@ -728,6 +689,7 @@ cleanup:
     DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     DetectEngineCtxFree(de_ctx);
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -741,27 +703,15 @@ end:
  */
 
 static int DetectThresholdTestSig5(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -783,30 +733,30 @@ static int DetectThresholdTestSig5(void) {
     SigGroupBuild(de_ctx);
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
 
     if(alerts == 10)
         result = 1;
@@ -821,31 +771,20 @@ cleanup:
     DetectEngineCtxFree(de_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 
 static int DetectThresholdTestSig6Ticks(void) {
-
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
     int result = 0;
     int alerts = 0;
-    IPV4Hdr ip4h;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
-    memset(&ip4h, 0, sizeof(ip4h));
-
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.proto = IPPROTO_TCP;
-    p.ip4h = &ip4h;
-    p.ip4h->ip_src.s_addr = 0x01010101;
-    p.ip4h->ip_dst.s_addr = 0x02020202;
-    p.sp = 1024;
-    p.dp = 80;
+    p = UTHBuildPacketReal((uint8_t *)"A",1,IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
 
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     if (de_ctx == NULL) {
@@ -871,30 +810,30 @@ static int DetectThresholdTestSig6Ticks(void) {
     uint64_t ticks_end = 0;
 
     ticks_start = UtilCpuGetTicks();
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts = PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-    alerts += PacketAlertCheck(&p, 1);
-    alerts += PacketAlertCheck(&p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts = PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+    alerts += PacketAlertCheck(p, 1);
+    alerts += PacketAlertCheck(p, 1000);
     ticks_end = UtilCpuGetTicks();
     printf("test run %"PRIu64"\n", (ticks_end - ticks_start));
 
@@ -911,6 +850,7 @@ cleanup:
     DetectEngineCtxFree(de_ctx);
 
 end:
+    UTHFreePackets(&p, 1);
     return result;
 }
 #endif /* UNITTESTS */

src/detect-tls-version.c

@@ -41,6 +41,7 @@
 
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 #include "app-layer.h"
 
@@ -320,27 +321,22 @@ static int DetectTlsVersionTestDetect01(void) {
     uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 };
     uint32_t tlslen4 = sizeof(tlsbuf4);
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_TLS;
 
     StreamTcpInitConfig(TRUE);
@@ -405,9 +401,9 @@ static int DetectTlsVersionTestDetect01(void) {
         tls_state, tls_state->server_version, tls_state->client_version);
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         goto end;
     }
 
@@ -422,6 +418,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -437,27 +435,22 @@ static int DetectTlsVersionTestDetect02(void) {
     uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 };
     uint32_t tlslen4 = sizeof(tlsbuf4);
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_TLS;
 
     StreamTcpInitConfig(TRUE);
@@ -519,9 +512,9 @@ static int DetectTlsVersionTestDetect02(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("signature 1 didn't match while it should have: ");
         goto end;
     }
@@ -537,6 +530,8 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -553,34 +548,25 @@ static int DetectTlsVersionTestDetect03(void) {
     uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 };
     uint32_t tlslen4 = sizeof(tlsbuf4);
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
-    TCPHdr tcp_hdr;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
-    memset(&tcp_hdr, 0, sizeof(tcp_hdr));
-
-    tcp_hdr.th_seq = htonl(1000);
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = tlsbuf4;
-    p.payload_len = tlslen4;
-    p.proto = IPPROTO_TCP;
-    p.tcph = &tcp_hdr;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
+    p->tcph->th_seq = htonl(1000);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_TLS;
-    f.proto = p.proto;
+    f.proto = p->proto;
 
     StreamTcpInitConfig(TRUE);
     FlowL7DataPtrInit(&f);
@@ -657,9 +643,9 @@ static int DetectTlsVersionTestDetect03(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if (!(PacketAlertCheck(&p, 1))) {
+    if (!(PacketAlertCheck(p, 1))) {
         printf("signature 1 didn't match while it should have: ");
         goto end;
     }
@@ -676,6 +662,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/detect-uricontent.c

@@ -50,6 +50,7 @@
 #include "util-print.h"
 #include "util-debug.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 #include "util-binsearch.h"
 #include "util-spm.h"
 #include "util-spm-bm.h"
@@ -813,31 +814,26 @@ static int DetectUriSigTest02(void) {
                          " hellocatch\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = httpbuf1;
-    p.payload_len = httplen1;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -888,15 +884,15 @@ static int DetectUriSigTest02(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sig: 1 alerted, but it should not\n");
         goto end;
-    } else if (!PacketAlertCheck(&p, 2)) {
+    } else if (!PacketAlertCheck(p, 2)) {
         printf("sig: 2 did not alerted, but it should\n");
         goto end;
-    }  else if ((PacketAlertCheck(&p, 3))) {
+    }  else if ((PacketAlertCheck(p, 3))) {
         printf("sig: 3 alerted, but it should not\n");
         goto end;
     }
@@ -912,6 +908,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -928,30 +925,25 @@ static int DetectUriSigTest03(void) {
                          " hellocatch\r\n\r\n";
     uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = httpbuf1;
-    p.payload_len = httplen1;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -996,15 +988,15 @@ static int DetectUriSigTest03(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sig 1 alerted, but it should not: ");
         goto end;
-    } else if (!PacketAlertCheck(&p, 2)) {
+    } else if (!PacketAlertCheck(p, 2)) {
         printf("sig 2 did not alert, but it should: ");
         goto end;
-    } else if ((PacketAlertCheck(&p, 3))) {
+    } else if ((PacketAlertCheck(p, 3))) {
         printf("sig 3 alerted, but it should not: ");
         goto end;
     }
@@ -1023,15 +1015,15 @@ static int DetectUriSigTest03(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sig 1 alerted, but it should not (chunk 2): ");
         goto end;
-    } else if (PacketAlertCheck(&p, 2)) {
+    } else if (PacketAlertCheck(p, 2)) {
         printf("sig 2 alerted, but it should not (chunk 2): ");
         goto end;
-    } else if (!(PacketAlertCheck(&p, 3))) {
+    } else if (!(PacketAlertCheck(p, 3))) {
         printf("sig 3 did not alert, but it should (chunk 2): ");
         goto end;
     }
@@ -1047,6 +1039,7 @@ end:
     //FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1259,37 +1252,29 @@ static int DetectUriSigTest05(void) {
                          " hellocatch\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
-    TCPHdr tcp_hdr;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
-    memset(&tcp_hdr, 0, sizeof(tcp_hdr));
 
-    tcp_hdr.th_seq = htonl(1000);
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = httpbuf1;
-    p.payload_len = httplen1;
-    p.proto = IPPROTO_TCP;
-    p.tcph = &tcp_hdr;
+    p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP);
+    p->tcph->th_seq = htonl(1000);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
-    f.proto = p.proto;
+    f.proto = p->proto;
 
     StreamTcpInitConfig(TRUE);
     FlowL7DataPtrInit(&f);
@@ -1343,7 +1328,7 @@ static int DetectUriSigTest05(void) {
     }
 
     /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
     if (http_state == NULL) {
@@ -1351,13 +1336,13 @@ static int DetectUriSigTest05(void) {
         goto end;
     }
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sig: 1 alerted, but it should not: ");
         goto end;
-    } else if (! PacketAlertCheck(&p, 2)) {
+    } else if (! PacketAlertCheck(p, 2)) {
         printf("sig: 2 did not alert, but it should: ");
         goto end;
-    } else if (! (PacketAlertCheck(&p, 3))) {
+    } else if (! (PacketAlertCheck(p, 3))) {
         printf("sig: 3 did not alert, but it should: ");
         goto end;
     }
@@ -1372,6 +1357,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1387,37 +1373,31 @@ static int DetectUriSigTest06(void) {
                          " hellocatch\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
     TCPHdr tcp_hdr;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
     memset(&tcp_hdr, 0, sizeof(tcp_hdr));
 
-    tcp_hdr.th_seq = htonl(1000);
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = httpbuf1;
-    p.payload_len = httplen1;
-    p.proto = IPPROTO_TCP;
-    p.tcph = &tcp_hdr;
+    p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP);
+    p->tcph->th_seq = htonl(1000);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
-    f.proto = p.proto;
+    f.proto = p->proto;
 
     StreamTcpInitConfig(TRUE);
     FlowL7DataPtrInit(&f);
@@ -1483,7 +1463,7 @@ static int DetectUriSigTest06(void) {
     }
 
    /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
     if (http_state == NULL) {
@@ -1491,13 +1471,13 @@ static int DetectUriSigTest06(void) {
         goto end;
     }
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sig: 1 alerted, but it should not:");
         goto end;
-    } else if (! PacketAlertCheck(&p, 2)) {
+    } else if (! PacketAlertCheck(p, 2)) {
         printf("sig: 2 did not alert, but it should:");
         goto end;
-    } else if (! (PacketAlertCheck(&p, 3))) {
+    } else if (! (PacketAlertCheck(p, 3))) {
         printf("sig: 3 did not alert, but it should:");
         goto end;
     }
@@ -1513,6 +1493,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 
@@ -1527,30 +1508,25 @@ static int DetectUriSigTest07(void) {
                          " hellocatch\r\n\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = httpbuf1;
-    p.payload_len = httplen1;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -1604,8 +1580,8 @@ static int DetectUriSigTest07(void) {
         goto end;
     }
 
-   /* do detect */
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    /* do detect */
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
     http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
     if (http_state == NULL) {
@@ -1613,13 +1589,13 @@ static int DetectUriSigTest07(void) {
         goto end;
     }
 
-    if (PacketAlertCheck(&p, 1)) {
+    if (PacketAlertCheck(p, 1)) {
         printf("sig: 1 alerted, but it should not:");
         goto end;
-    } else if (PacketAlertCheck(&p, 2)) {
+    } else if (PacketAlertCheck(p, 2)) {
         printf("sig: 2 alerted, but it should not:");
         goto end;
-    } else if (PacketAlertCheck(&p, 3)) {
+    } else if (PacketAlertCheck(p, 3)) {
         printf("sig: 3 alerted, but it should not:");
         goto end;
     }
@@ -1635,6 +1611,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 #endif /* UNITTESTS */

src/detect-urilen.c

@@ -27,6 +27,7 @@
 #include "app-layer-protos.h"
 #include "app-layer-htp.h"
 #include "util-unittest.h"
+#include "util-unittest-helper.h"
 
 #include "detect.h"
 #include "detect-parse.h"
@@ -489,30 +490,25 @@ static int DetectUrilenSigTest01(void)
                          "\r\n";
     uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
     TcpSession ssn;
-    Packet p;
+    Packet *p = NULL;
     Signature *s = NULL;
     ThreadVars th_v;
     DetectEngineThreadCtx *det_ctx;
 
     memset(&th_v, 0, sizeof(th_v));
-    memset(&p, 0, sizeof(p));
     memset(&f, 0, sizeof(f));
     memset(&ssn, 0, sizeof(ssn));
 
-    p.src.family = AF_INET;
-    p.dst.family = AF_INET;
-    p.payload = NULL;
-    p.payload_len = 0;
-    p.proto = IPPROTO_TCP;
+    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
 
     FLOW_INITIALIZE(&f);
     f.protoctx = (void *)&ssn;
     f.src.family = AF_INET;
     f.dst.family = AF_INET;
 
-    p.flow = &f;
-    p.flowflags |= FLOW_PKT_TOSERVER;
-    p.flowflags |= FLOW_PKT_ESTABLISHED;
+    p->flow = &f;
+    p->flowflags |= FLOW_PKT_TOSERVER;
+    p->flowflags |= FLOW_PKT_ESTABLISHED;
     f.alproto = ALPROTO_HTTP;
 
     StreamTcpInitConfig(TRUE);
@@ -556,13 +552,13 @@ static int DetectUrilenSigTest01(void)
         goto end;
     }
 
-    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
 
-    if ((PacketAlertCheck(&p, 1))) {
+    if ((PacketAlertCheck(p, 1))) {
         printf("sid 1 alerted, but should not have: \n");
         goto end;
     }
-    if (!PacketAlertCheck(&p, 2)) {
+    if (!PacketAlertCheck(p, 2)) {
         printf("sid 2 did not alerted, but should have: \n");
         goto end;
     }
@@ -577,6 +573,7 @@ end:
     FlowL7DataPtrFree(&f);
     StreamTcpFreeConfig(TRUE);
     FLOW_DESTROY(&f);
+    UTHFreePackets(&p, 1);
     return result;
 }
 

src/util-unittest-helper.c

@@ -91,6 +91,8 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
     if (p->ip6h == NULL)
         return NULL;
     memset(p->ip6h, 0, sizeof(IPV6Hdr));
+    p->ip6h->s_ip6_nxt = ipproto;
+
     p->tcph = SCMalloc(sizeof(TCPHdr));
     if (p->tcph == NULL)
         return NULL;
@@ -151,6 +153,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
 
     p->ip4h->ip_src.s_addr = p->src.addr_data32[0];
     p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0];
+    p->ip4h->ip_proto = ipproto;
     p->proto = ipproto;
 
     switch (ipproto) {
@@ -162,7 +165,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
             p->udph->uh_sport = sport;
             p->udph->uh_dport = dport;
             p->pktlen = sizeof(IPV4Hdr) + sizeof(UDPHdr) + payload_len;
-        break;
+            break;
         case IPPROTO_TCP:
             p->tcph = SCMalloc(sizeof(TCPHdr));
             if (p->tcph == NULL)
@@ -171,10 +174,16 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
             p->tcph->th_sport = sport;
             p->tcph->th_dport = dport;
             p->pktlen = sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len;
-        break;
+            break;
         case IPPROTO_ICMP:
+            p->icmpv4h = SCMalloc(sizeof(ICMPV4Hdr));
+            if (p->icmpv4h == NULL)
+                return NULL;
+            memset(p->icmpv4h, 0, sizeof(ICMPV4Hdr));
+            p->pktlen = sizeof(IPV4Hdr) + sizeof(ICMPV4Hdr) + payload_len;
+            break;
         default:
-        break;
+            break;
         /* TODO: Add more protocols */
     }
     return p;