From ce90e87304e04ca7e9ce8678700a50973d54ab81 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 6 May 2010 15:53:55 +0200 Subject: [PATCH] Fix failing thresholding unittests --- src/detect-detection-filter.c | 19 +++++++++++--- src/detect-threshold.c | 48 ++++++++++++++++++++++++++++------- src/detect.c | 3 +++ 3 files changed, 57 insertions(+), 13 deletions(-) diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index 30fb1f472b..6bdf532d70 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -420,15 +420,21 @@ static int DetectDetectionFilterTestSig1(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1); if(alerts == 5) result = 1; @@ -495,17 +501,22 @@ static int DetectDetectionFilterTestSig2(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); TimeSetIncrementTime(200); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 10); + alerts += PacketAlertCheck(&p, 10); if (alerts == 1) result = 1; diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 461bc7acc8..7f9813f413 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -413,15 +413,21 @@ static int DetectThresholdTestSig1(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1); if(alerts == 5) result = 1; @@ -486,17 +492,25 @@ static int DetectThresholdTestSig2(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1); if (alerts == 2) result = 1; @@ -682,16 +696,20 @@ static int DetectThresholdTestSig4(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); TimeSetIncrementTime(200); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 10); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 10); + alerts += PacketAlertCheck(&p, 10); if (alerts == 2) result = 1; @@ -761,16 +779,28 @@ static int DetectThresholdTestSig5(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts = PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + alerts += PacketAlertCheck(&p, 1); + alerts += PacketAlertCheck(&p, 1000); SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - - alerts = PacketAlertCheck(&p, 1); - + alerts += PacketAlertCheck(&p, 1); alerts += PacketAlertCheck(&p, 1000); if(alerts == 10) diff --git a/src/detect.c b/src/detect.c index 25bc78e02f..ed5823dd65 100644 --- a/src/detect.c +++ b/src/detect.c @@ -479,6 +479,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh SCEnter(); + /* when we start there are no alerts yet. Only this function may set them */ + p->alerts.cnt = 0; + det_ctx->pkts++; /* grab the protocol state we will detect on */