aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unit tests for no packet & payload inspection

Browse Source
remotes/origin/master-1.0.x
Gurvinder Singh 16 years ago committed by Victor Julien
parent bbb385422d
commit 94674c58f3
2 changed files with 189 additions and 0 deletions
Show Stats Download Patch File Download Diff File

125
src/detect.c
Unescape Escape View File

@ -6367,6 +6367,128 @@ end:
return result;
}
/**
* \test SigTest41NoPacketInspection is a test to check that when PKT_NOPACKET_INSPECTION
* flag is set, we don't need to inspect the packet protocol header or its contents.
*/
int SigTest41NoPacketInspection(void) {
uint8_t *buf = (uint8_t *)
"220 (vsFTPd 2.0.5)\r\n";
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
PacketQueue pq;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&pq, 0, sizeof(pq));
p.src.family = AF_INET;
p.src.addr_data32[0] = 0x0102080a;
p.dst.addr_data32[0] = 0x04030201;
p.dst.family = AF_INET;
p.payload = buf;
p.payload_len = buflen;
p.proto = IPPROTO_TCP;
p.dp = 34260;
p.sp = 21;
p.flowflags |= FLOW_PKT_TOSERVER;
p.flags |= PKT_NOPACKET_INSPECTION;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 any (msg:\"No Packet Inspection Test\"; sid:2; rev:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, MPM_B2G);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
//DetectEngineIPOnlyThreadInit(de_ctx,&det_ctx->io_ctx);
det_ctx->de_ctx = de_ctx;
Detect(&th_v, &p, det_ctx, &pq);
if (PacketAlertCheck(&p, 2))
result = 0;
else
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
/**
* \test SigTest42NoPayloadInspection is a test to check that when PKT_NOPAYLOAD_INSPECTION
* flasg is set, we don't need to inspect the packet contents.
*/
int SigTest42NoPayloadInspection(void) {
uint8_t *buf = (uint8_t *)
"220 (vsFTPd 2.0.5)\r\n";
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
p.src.family = AF_INET;
p.dst.family = AF_INET;
p.payload = buf;
p.payload_len = buflen;
p.proto = IPPROTO_TCP;
p.flags |= PKT_NOPAYLOAD_INSPECTION;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"No Payload TEST\"; content:\"220 (vsFTPd 2.0.5)\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx,MPM_B2G);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 0;
else
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
#endif /* UNITTESTS */
void SigRegisterTests(void) {
@ -6517,6 +6639,9 @@ void SigRegisterTests(void) {
UtRegisterTest("SigTest40SignatureIsIPOnly01", SigTest40IPOnly01, 1);
UtRegisterTest("SigTest40SignatureIsIPOnly02", SigTest40IPOnly02, 1);
UtRegisterTest("SigTest40SignatureIsIPOnly03", SigTest40IPOnly03, 1);
UtRegisterTest("SigTest41NoPacketInspection", SigTest41NoPacketInspection, 1);
UtRegisterTest("SigTest42NoPayloadInspection", SigTest42NoPayloadInspection, 1);
#endif /* UNITTESTS */
}

64
src/stream-tcp.c
Unescape Escape View File

@ -2362,6 +2362,69 @@ end:
return ret;
}
/*static int StreamTcpTest09 (void) {
Packet p;
Flow f;
ThreadVars tv;
StreamTcpThread stt;
TCPHdr tcph;
u_int8_t payload[1] = {0x42};
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof(StreamTcpThread));
memset(&tcph, 0, sizeof(TCPHdr));
p.flow = &f;
int ret = 0;
StreamTcpInitConfig(TRUE);
//prevent L7 from kicking in
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOCLIENT, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 4096);
tcph.th_win = htons(5480);
tcph.th_seq = htonl(10);
tcph.th_ack = htonl(20);
tcph.th_flags = TH_ACK|TH_PUSH;
p.tcph = &tcph;
p.payload = payload;
p.payload_len = 1;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
goto end;
p.tcph->th_seq = htonl(12);
p.tcph->th_ack = htonl(23);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
goto end;
p.tcph->th_seq = htonl(11);
p.tcph->th_ack = htonl(23);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
goto end;
if (((TcpSession *) (p.flow->protoctx))->client.seg_list == NULL)
ret = 1;
StreamTcpSessionPktFree(&p);
end:
StreamTcpFreeConfig(TRUE);
return ret;
}*/
#endif /* UNITTESTS */
void StreamTcpRegisterTests (void) {
@ -2374,6 +2437,7 @@ void StreamTcpRegisterTests (void) {
UtRegisterTest("StreamTcpTest06 -- FIN, RST message MidStream session", StreamTcpTest06, 1);
UtRegisterTest("StreamTcpTest07 -- PAWS invalid timestamp", StreamTcpTest07, 1);
UtRegisterTest("StreamTcpTest08 -- PAWS valid timestamp", StreamTcpTest08, 1);
//UtRegisterTest("StreamTcpTest09 -- No Client Reassembly", StreamTcpTest09, 1);
/* set up the reassembly tests as well */
StreamTcpReassembleRegisterTests();
#endif /* UNITTESTS */

Write Preview
Loading…
Cancel
Save