Fix failing thresholding unittests

16 years ago · ce90e87304
parent e18e2ec998
commit ce90e87304
3 changed files with 57 additions and 13 deletions
--- a/src/detect-detection-filter.c
+++ b/src/detect-detection-filter.c
@ -420,15 +420,21 @@ static int DetectDetectionFilterTestSig1(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1);

    if(alerts == 5)
        result = 1;
@ -495,17 +501,22 @@ static int DetectDetectionFilterTestSig2(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);

    TimeSetIncrementTime(200);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 10);
+    alerts += PacketAlertCheck(&p, 10);

    if (alerts == 1)
        result = 1;
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@ -413,15 +413,21 @@ static int DetectThresholdTestSig1(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1);

    if(alerts == 5)
        result = 1;
@ -486,17 +492,25 @@ static int DetectThresholdTestSig2(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1);

    if (alerts == 2)
        result = 1;
@ -682,16 +696,20 @@ static int DetectThresholdTestSig4(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);

    TimeSetIncrementTime(200);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 10);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 10);
+    alerts += PacketAlertCheck(&p, 10);

    if (alerts == 2)
        result = 1;
@ -761,16 +779,28 @@ static int DetectThresholdTestSig5(void) {
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts = PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
+    alerts += PacketAlertCheck(&p, 1);
+    alerts += PacketAlertCheck(&p, 1000);
    SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-
-    alerts = PacketAlertCheck(&p, 1);
-
+    alerts += PacketAlertCheck(&p, 1);
    alerts += PacketAlertCheck(&p, 1000);

    if(alerts == 10)
--- a/src/detect.c
+++ b/src/detect.c
@ -479,6 +479,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh

    SCEnter();

+    /* when we start there are no alerts yet. Only this function may set them */
+    p->alerts.cnt = 0;
+
    det_ctx->pkts++;

    /* grab the protocol state we will detect on */