failed unittest for within distance

remotes/origin/master-1.0.x
William Metcalf 17 years ago committed by Victor Julien
parent 171edda02a
commit 884b1034b4

@ -7583,6 +7583,224 @@ static int SigTestContent04Wm (void) {
return SigTestContent04Real(MPM_WUMANBER);
}
static int SigTestWithinReal01 (int mpm_type) {
DecodeThreadVars dtv;
ThreadVars th_v;
int result = 0;
int alertcnt = 0;
uint8_t rawpkt1[] = {
0x00,0x04,0x76,0xd3,0xd8,0x6a,0x00,0x24,
0xe8,0x29,0xfa,0x4f,0x08,0x00,0x45,0x00,
0x00,0x8c,0x95,0x50,0x00,0x00,0x40,0x06,
0x2d,0x45,0xc0,0xa8,0x02,0x03,0xd0,0x45,
0x24,0xe6,0x06,0xcc,0x03,0x09,0x18,0x72,
0xd0,0xe3,0x1a,0xab,0x7c,0x98,0x50,0x00,
0x02,0x00,0x46,0xa0,0x00,0x00,0x48,0x69,
0x2c,0x20,0x74,0x68,0x69,0x73,0x20,0x69,
0x73,0x20,0x61,0x20,0x62,0x69,0x67,0x20,
0x74,0x65,0x73,0x74,0x20,0x74,0x6f,0x20,
0x63,0x68,0x65,0x63,0x6b,0x20,0x63,0x6f,
0x6e,0x74,0x65,0x6e,0x74,0x20,0x6d,0x61,
0x74,0x63,0x68,0x65,0x73,0x0a,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00 }; /* end rawpkt1 */
uint8_t rawpkt2[] = {
0x00,0x04,0x76,0xd3,0xd8,0x6a,0x00,0x24,
0xe8,0x29,0xfa,0x4f,0x08,0x00,0x45,0x00,
0x00,0x8c,0x30,0x87,0x00,0x00,0x40,0x06,
0x92,0x0e,0xc0,0xa8,0x02,0x03,0xd0,0x45,
0x24,0xe6,0x06,0xcd,0x03,0x09,0x73,0xec,
0xd5,0x35,0x14,0x7d,0x7c,0x12,0x50,0x00,
0x02,0x00,0xed,0x86,0x00,0x00,0x48,0x69,
0x2c,0x20,0x74,0x68,0x69,0x73,0x20,0x69,
0x73,0x20,0x61,0x20,0x62,0x69,0x67,0x20,
0x74,0x65,0x73,0x74,0x20,0x74,0x6f,0x20,
0x63,0x68,0x65,0x63,0x6b,0x20,0x63,0x6f,
0x6e,0x74,0x65,0x6e,0x74,0x20,0x6d,0x61,
0x74,0x63,0x68,0x65,0x73,0x0a,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00 }; /* end rawpkt2 */
uint8_t rawpkt3[] = {
0x00,0x04,0x76,0xd3,0xd8,0x6a,0x00,0x24,
0xe8,0x29,0xfa,0x4f,0x08,0x00,0x45,0x00,
0x00,0x8c,0x57,0xd8,0x00,0x00,0x40,0x06,
0x6a,0xbd,0xc0,0xa8,0x02,0x03,0xd0,0x45,
0x24,0xe6,0x06,0xce,0x03,0x09,0x06,0x3d,
0x02,0x22,0x2f,0x9b,0x6f,0x8f,0x50,0x00,
0x02,0x00,0x1f,0xae,0x00,0x00,0x48,0x69,
0x2c,0x20,0x74,0x68,0x69,0x73,0x20,0x69,
0x73,0x20,0x61,0x20,0x62,0x69,0x67,0x20,
0x74,0x65,0x73,0x74,0x20,0x74,0x6f,0x20,
0x63,0x68,0x65,0x63,0x6b,0x20,0x63,0x6f,
0x6e,0x74,0x65,0x6e,0x74,0x20,0x6d,0x61,
0x74,0x63,0x68,0x65,0x73,0x0a,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00 }; /* end rawpkt3 */
uint8_t rawpkt4[] = {
0x00,0x04,0x76,0xd3,0xd8,0x6a,0x00,0x24,
0xe8,0x29,0xfa,0x4f,0x08,0x00,0x45,0x00,
0x00,0x8c,0xa7,0x2e,0x00,0x00,0x40,0x06,
0x1b,0x67,0xc0,0xa8,0x02,0x03,0xd0,0x45,
0x24,0xe6,0x06,0xcf,0x03,0x09,0x00,0x0e,
0xdf,0x72,0x3d,0xc2,0x21,0xce,0x50,0x00,
0x02,0x00,0x88,0x25,0x00,0x00,0x48,0x69,
0x2c,0x20,0x74,0x68,0x69,0x73,0x20,0x69,
0x73,0x20,0x61,0x20,0x62,0x69,0x67,0x20,
0x74,0x65,0x73,0x74,0x20,0x74,0x6f,0x20,
0x63,0x68,0x65,0x63,0x6b,0x20,0x63,0x6f,
0x6e,0x74,0x65,0x6e,0x74,0x20,0x6d,0x61,
0x74,0x63,0x68,0x65,0x73,0x0a,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00 }; /* end rawpkt4 */
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
DetectEngineThreadCtx *det_ctx = NULL;
FlowInitConfig(FLOW_QUIET);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"within test\"; content:\"Hi, this is a big test to check \"; content:\"content matches\"; distance:0; within:15; sid:556;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
/* packet 1 */
Packet p1;
memset(&p1, 0, sizeof(Packet));
DecodeEthernet(&th_v, &dtv, &p1, rawpkt1, sizeof(rawpkt1), NULL);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
if (PacketAlertCheck(&p1, 556)) {
//printf("match of sid on packet 1\n");
alertcnt++;
}else{
SCLogInfo("failed to match on packet 1");
}
/* packet 2 */
Packet p2;
memset(&p2, 0, sizeof(Packet));
DecodeEthernet(&th_v, &dtv, &p2, rawpkt2, sizeof(rawpkt2), NULL);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
if (PacketAlertCheck(&p2, 556)) {
//printf("match of sid on packet 2\n");
alertcnt++;
}else{
SCLogInfo("failed to match on packet 2");
}
/* packet 3 */
Packet p3;
memset(&p3, 0, sizeof(Packet));
DecodeEthernet(&th_v, &dtv, &p3, rawpkt3, sizeof(rawpkt3), NULL);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p3);
if (PacketAlertCheck(&p3, 556)){
//printf("match of sid on packet 3\n");
alertcnt++;
}else{
SCLogInfo("failed to match on packet 3");
}
/* packet 4 */
Packet p4;
memset(&p4, 0, sizeof(Packet));
DecodeEthernet(&th_v, &dtv, &p4, rawpkt4, sizeof(rawpkt4), NULL);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p4);
if (PacketAlertCheck(&p4, 556)){
//printf("match of sid on packet 4\n");
alertcnt++;
}else{
SCLogInfo("failed to match on packet 4");
}
/* packet 5 */
uint8_t *p5buf = (uint8_t *)"Hi, this is a big test to check content matches";
uint16_t p5buflen = strlen((char *)p5buf);
Packet p5;
memset(&p5, 0, sizeof(p5));
p5.src.family = AF_INET;
p5.dst.family = AF_INET;
p5.payload = p5buf;
p5.payload_len = p5buflen;
p5.proto = IPPROTO_TCP;
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p5);
if (PacketAlertCheck(&p5, 556)){
//printf("match of sid on packet 5\n");
alertcnt++;
}else{
SCLogInfo("failed to match on packet 5");
}
/* do all five packets alert ? */
if(alertcnt == 5){
result = 1;
}else{
SCLogInfo("expected 5 alerts got %i",alertcnt);
}
end:
if(de_ctx)
{
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
}
if(det_ctx)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
if(de_ctx)
DetectEngineCtxFree(de_ctx);
FlowShutdown();
return result;
}
static int SigTestWithinReal01B2g (void) {
return SigTestWithinReal01(MPM_B2G);
}
static int SigTestWithinReal01B3g (void) {
return SigTestWithinReal01(MPM_B3G);
}
static int SigTestWithinReal01Wm (void) {
return SigTestWithinReal01(MPM_WUMANBER);
}
#endif /* UNITTESTS */
void SigRegisterTests(void) {
@ -7766,6 +7984,10 @@ void SigRegisterTests(void) {
UtRegisterTest("SigTestContent04B2g -- 32 byte pattern, x2 + distance/within", SigTestContent04B2g, 1);
UtRegisterTest("SigTestContent04B3g -- 32 byte pattern, x2 + distance/within", SigTestContent04B3g, 1);
UtRegisterTest("SigTestContent04Wm -- 32 byte pattern, x2 + distance/within", SigTestContent04Wm, 1);
UtRegisterTest("SigTestWithinReal01B2g", SigTestWithinReal01B2g, 1);
UtRegisterTest("SigTestWithinReal01B3g", SigTestWithinReal01B3g, 1);
UtRegisterTest("SigTestWithinReal01Wm", SigTestWithinReal01Wm, 1);
#endif /* UNITTESTS */
}

Loading…
Cancel
Save