From e685579231245b80d207c9e129f9c6351d67937a Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 28 Jun 2010 15:10:34 +0200
Subject: [PATCH] Add optional structure validation code.

---
 configure.in    | 8 ++++++++
 src/Makefile.am | 4 +++-
 src/detect.c    | 4 +++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index f5b47786a3..f8b4c23be9 100644
--- a/configure.in
+++ b/configure.in
@@ -634,6 +634,13 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
         CFLAGS="${CFLAGS} -DDEBUG"
     ])
 
+# enable debug validation functions & macro's output
+    AC_ARG_ENABLE(debug,
+           AS_HELP_STRING([--enable-debug-validation], [Enable (debug) validation code output]),,[enable_debug_validation=no])
+    AS_IF([test "x$enable_debug_validation" = "xyes"], [
+        CFLAGS="${CFLAGS} -DDEBUG_VALIDATION"
+    ])
+
 #libhtp
     AC_ARG_ENABLE(non-bundled-htp,
            AS_HELP_STRING([--enable-non-bundled-htp], [Enable the use of an already installed version of htp]),,[enable_non_bundled_htp=no])
@@ -810,6 +817,7 @@ Suricata Configuration:
   Prelude support:          ${enable_prelude}
   Unit tests enabled:       ${enable_unittests}
   Debug output enabled:     ${enable_debug}
+  Debug validation enabled: ${enable_debug_validation}
   CUDA enabled:             ${enable_cuda}
   DAG enabled:              ${enable_dag}
   Profiling enabled:        ${enable_profiling}
diff --git a/src/Makefile.am b/src/Makefile.am
index 846bedc2a9..9dece0c953 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -2,7 +2,8 @@ noinst_HEADERS = action-globals.h \
     app-layer-nbss.h app-layer-dcerpc-common.h \
     debug.h decode-events.h \
 	flow-private.h queue.h source-nfq-prototypes.h \
-	suricata-common.h threadvars.h util-binsearch.h
+	suricata-common.h threadvars.h util-binsearch.h \
+    util-atomic.h util-validate.h
 bin_PROGRAMS = suricata
 suricata_SOURCES = suricata.c suricata.h \
 runmodes.c runmodes.h \
@@ -167,6 +168,7 @@ util-cuda-handlers.c util-cuda-handlers.h \
 util-privs.c util-privs.h \
 util-decode-asn1.c util-decode-asn1.h \
 util-ringbuffer.c util-ringbuffer.h \
+util-validate.h \
 tm-modules.c tm-modules.h \
 tm-queues.c tm-queues.h \
 tm-queuehandlers.c tm-queuehandlers.h \
diff --git a/src/detect.c b/src/detect.c
index b06f050eb1..cca6d79a8e 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -138,12 +138,12 @@
 #include "util-unittest-helper.h"
 #include "util-debug.h"
 #include "util-hashlist.h"
-
 #include "util-cuda-handlers.h"
 #include "util-mpm-b2g-cuda.h"
 #include "util-cuda.h"
 #include "util-privs.h"
 #include "util-profiling.h"
+#include "util-validate.h"
 
 SigMatch *SigMatchAlloc(void);
 void DetectExitPrintStats(ThreadVars *tv, void *data);
@@ -1084,6 +1084,8 @@ end:
  */
 TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
 {
+    DEBUG_VALIDATE_PACKET(p);
+
     /* No need to perform any detection on this packet, if the the given flag is set.*/
     if (p->flags & PKT_NOPACKET_INSPECTION)
         return 0;