diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index edd899fe4d..1b0af84345 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -133,7 +133,6 @@ static int DetectDnsQueryTest01(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p = NULL; @@ -160,18 +159,14 @@ static int DetectDnsQueryTest01(void) f.alproto = ALPROTO_DNS; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google\"; nocase; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -182,27 +177,21 @@ static int DetectDnsQueryTest01(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p); if (!(PacketAlertCheck(p, 1))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -214,7 +203,7 @@ end: FLOW_DESTROY(&f); UTHFreePacket(p); - return result; + PASS; } /** \test multi tx google.(com|net) query matching */ @@ -249,7 +238,6 @@ static int DetectDnsQueryTest02(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x6E, 0x65, 0x74, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; @@ -293,24 +281,18 @@ static int DetectDnsQueryTest02(void) p3->pcap_cnt = 3; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.com\"; nocase; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.net\"; nocase; sid:2;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -321,26 +303,23 @@ static int DetectDnsQueryTest02(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p1); if (!(PacketAlertCheck(p1, 1))) { printf("(p1) sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } if (PacketAlertCheck(p1, 2)) { printf("(p1) sig 2 did alert, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -349,7 +328,7 @@ static int DetectDnsQueryTest02(void) if (r != 0) { printf("toserver client 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -358,11 +337,11 @@ static int DetectDnsQueryTest02(void) if (PacketAlertCheck(p2, 1)) { printf("(p2) sig 1 alerted, but it should not have: "); - goto end; + FAIL; } if (PacketAlertCheck(p2, 2)) { printf("(p2) sig 2 alerted, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -371,7 +350,7 @@ static int DetectDnsQueryTest02(void) if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -380,16 +359,13 @@ static int DetectDnsQueryTest02(void) if (PacketAlertCheck(p3, 1)) { printf("(p3) sig 1 alerted, but it should not have: "); - goto end; + FAIL; } if (!(PacketAlertCheck(p3, 2))) { printf("(p3) sig 2 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -403,7 +379,7 @@ end: UTHFreePacket(p1); UTHFreePacket(p2); UTHFreePacket(p3); - return result; + PASS; } /** \test simple google.com query matching (TCP) */ @@ -416,7 +392,6 @@ static int DetectDnsQueryTest03(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p = NULL; @@ -448,18 +423,14 @@ static int DetectDnsQueryTest03(void) StreamTcpInitConfig(TRUE); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "content:\"google\"; nocase; dns_query; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -470,27 +441,21 @@ static int DetectDnsQueryTest03(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p); if (!(PacketAlertCheck(p, 1))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -503,7 +468,7 @@ end: StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); UTHFreePacket(p); - return result; + PASS; } /** \test simple google.com query matching (TCP splicing) */ @@ -516,7 +481,6 @@ static int DetectDnsQueryTest04(void) uint8_t buf2[] = { 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p1 = NULL, *p2 = NULL; @@ -555,18 +519,14 @@ static int DetectDnsQueryTest04(void) StreamTcpInitConfig(TRUE); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google\"; nocase; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -577,31 +537,28 @@ static int DetectDnsQueryTest04(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p1); if (PacketAlertCheck(p1, 1)) { printf("sig 1 alerted, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf2, sizeof(buf2)); if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); + printf("toserver chunk 1 returned %" PRId32 ", expected 0\n", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -610,12 +567,9 @@ static int DetectDnsQueryTest04(void) if (!(PacketAlertCheck(p2, 1))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -629,7 +583,7 @@ end: FLOW_DESTROY(&f); UTHFreePacket(p1); UTHFreePacket(p2); - return result; + PASS; } /** \test simple google.com query matching (TCP splicing) */ @@ -668,7 +622,6 @@ static int DetectDnsQueryTest05(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x6E, 0x65, 0x74, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p1 = NULL, *p2 = NULL, *p3 = NULL, *p4 = NULL; @@ -721,24 +674,18 @@ static int DetectDnsQueryTest05(void) StreamTcpInitConfig(TRUE); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.com\"; nocase; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.net\"; nocase; sid:2;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -749,26 +696,23 @@ static int DetectDnsQueryTest05(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p1); if (PacketAlertCheck(p1, 1)) { printf("(p1) sig 1 alerted, but it should not have: "); - goto end; + FAIL; } if (PacketAlertCheck(p1, 2)) { printf("(p1) sig 2 did alert, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -777,7 +721,7 @@ static int DetectDnsQueryTest05(void) if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -786,11 +730,11 @@ static int DetectDnsQueryTest05(void) if (!(PacketAlertCheck(p2, 1))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } if (PacketAlertCheck(p2, 2)) { printf("(p2) sig 2 did alert, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -799,7 +743,7 @@ static int DetectDnsQueryTest05(void) if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -808,11 +752,11 @@ static int DetectDnsQueryTest05(void) if (PacketAlertCheck(p3, 1)) { printf("sig 1 did alert, but it should not have: "); - goto end; + FAIL; } if (PacketAlertCheck(p3, 2)) { printf("(p3) sig 2 did alert, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -821,7 +765,7 @@ static int DetectDnsQueryTest05(void) if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -830,16 +774,13 @@ static int DetectDnsQueryTest05(void) if (PacketAlertCheck(p4, 1)) { printf("(p4) sig 1 did alert, but it should not have: "); - goto end; + FAIL; } if (!(PacketAlertCheck(p4, 2))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -855,7 +796,7 @@ end: UTHFreePacket(p2); UTHFreePacket(p3); UTHFreePacket(p4); - return result; + PASS; } /** \test simple google.com query matching, pcre */ @@ -867,7 +808,6 @@ static int DetectDnsQueryTest06(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p = NULL; @@ -894,9 +834,7 @@ static int DetectDnsQueryTest06(void) f.alproto = ALPROTO_DNS; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; @@ -904,17 +842,12 @@ static int DetectDnsQueryTest06(void) "(msg:\"Test dns_query option\"; " "dns_query; content:\"google\"; nocase; " "pcre:\"/google\\.com$/i\"; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google\"; nocase; " "pcre:\"/^\\.[a-z]{2,3}$/iR\"; sid:2;)"); - if (s == NULL) { - goto end; - } - + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -925,31 +858,25 @@ static int DetectDnsQueryTest06(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p); if (!(PacketAlertCheck(p, 1))) { printf("sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } if (!(PacketAlertCheck(p, 2))) { printf("sig 2 didn't alert, but it should have: "); - goto end; + FAIL; } - result = 1; - -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -961,7 +888,7 @@ end: FLOW_DESTROY(&f); UTHFreePacket(p); - return result; + PASS; } /** \test multi tx google.(com|net) query matching + @@ -997,7 +924,6 @@ static int DetectDnsQueryTest07(void) 0x06, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x03, 0x6E, 0x65, 0x74, 0x00, 0x00, 0x10, 0x00, 0x01, }; - int result = 0; Flow f; DNSState *dns_state = NULL; Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; @@ -1041,30 +967,22 @@ static int DetectDnsQueryTest07(void) p3->pcap_cnt = 3; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->mpm_matcher = mpm_default_matcher; de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.com\"; nocase; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test dns_query option\"; " "dns_query; content:\"google.net\"; nocase; sid:2;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " "(msg:\"Test Z flag event\"; " "app-layer-event:dns.z_flag_set; sid:3;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); @@ -1075,35 +993,32 @@ static int DetectDnsQueryTest07(void) if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); dns_state = f.alstate; - if (dns_state == NULL) { - printf("no dns state: "); - goto end; - } + FAIL_IF_NULL(dns_state); /* do detect */ SigMatchSignatures(&tv, de_ctx, det_ctx, p1); if (!(PacketAlertCheck(p1, 1))) { printf("(p1) sig 1 didn't alert, but it should have: "); - goto end; + FAIL; } if (PacketAlertCheck(p1, 2)) { printf("(p1) sig 2 did alert, but it should not have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2)); if (r != -1) { - printf("toserver client 1 returned %" PRId32 ", expected 0: ", r); + printf("toserver client 1 returned %" PRId32 ", expected -1\n", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -1112,15 +1027,15 @@ static int DetectDnsQueryTest07(void) if (PacketAlertCheck(p2, 1)) { printf("(p2) sig 1 alerted, but it should not have: "); - goto end; + FAIL; } if (PacketAlertCheck(p2, 2)) { printf("(p2) sig 2 alerted, but it should not have: "); - goto end; + FAIL; } if (!(PacketAlertCheck(p2, 3))) { printf("(p2) sig 3 didn't alert, but it should have: "); - goto end; + FAIL; } FLOWLOCK_WRLOCK(&f); @@ -1129,7 +1044,7 @@ static int DetectDnsQueryTest07(void) if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); FLOWLOCK_UNLOCK(&f); - goto end; + FAIL; } FLOWLOCK_UNLOCK(&f); @@ -1138,11 +1053,11 @@ static int DetectDnsQueryTest07(void) if (PacketAlertCheck(p3, 1)) { printf("(p3) sig 1 alerted, but it should not have: "); - goto end; + FAIL; } if (!(PacketAlertCheck(p3, 2))) { printf("(p3) sig 2 didn't alert, but it should have: "); - goto end; + FAIL; } /** \todo should not alert, bug #839 if (PacketAlertCheck(p3, 3)) { @@ -1150,9 +1065,7 @@ static int DetectDnsQueryTest07(void) goto end; } */ - result = 1; -end: if (alp_tctx != NULL) AppLayerParserThreadCtxFree(alp_tctx); if (det_ctx != NULL) @@ -1166,7 +1079,7 @@ end: UTHFreePacket(p1); UTHFreePacket(p2); UTHFreePacket(p3); - return result; + PASS; } static int DetectDnsQueryIsdataatParseTest(void)