diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 9bed359927..6ba9dc979c 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -1204,9 +1204,9 @@ static int DeStateSigTest02(void) de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (content:\"POST\"; http_method; content:\"/\"; http_uri; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"body\"; nocase; http_client_body; sid:1; rev:1;)"); + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (flow:to_server; content:\"POST\"; http_method; content:\"/\"; http_uri; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"body\"; nocase; http_client_body; sid:1; rev:1;)"); FAIL_IF_NULL(s); - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; sid:2; rev:1;)"); + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (flow:to_server; content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; sid:2; rev:1;)"); FAIL_IF_NULL(s); SigGroupBuild(de_ctx); @@ -1251,7 +1251,9 @@ static int DeStateSigTest02(void) DetectEngineState *tx_de_state = AppLayerParserGetTxDetectState(IPPROTO_TCP, ALPROTO_HTTP, tx); FAIL_IF_NULL(tx_de_state); FAIL_IF(tx_de_state->dir_state[0].cnt != 1); - FAIL_IF(tx_de_state->dir_state[0].head->store[0].flags != BIT_U32(DE_STATE_FLAG_BASE)); + /* http_header(mpm): 6, uri: 4, method: 7, cookie: 8 */ + uint32_t expected_flags = (BIT_U32(6) | BIT_U32(4) | BIT_U32(7) |BIT_U32(8)); + FAIL_IF(tx_de_state->dir_state[0].head->store[0].flags != expected_flags); FLOWLOCK_WRLOCK(&f); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, @@ -1337,7 +1339,7 @@ static int DeStateSigTest03(void) de_ctx->flags |= DE_QUIET; - Signature *s = DetectEngineAppendSig(de_ctx, "alert http any any -> any any (content:\"POST\"; http_method; content:\"upload.cgi\"; http_uri; filestore; sid:1; rev:1;)"); + Signature *s = DetectEngineAppendSig(de_ctx, "alert http any any -> any any (flow:to_server; content:\"POST\"; http_method; content:\"upload.cgi\"; http_uri; filestore; sid:1; rev:1;)"); FAIL_IF_NULL(s); SigGroupBuild(de_ctx); diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c index 6f97c31f66..b09333c284 100644 --- a/src/detect-engine-uri.c +++ b/src/detect-engine-uri.c @@ -1983,7 +1983,6 @@ end: /** \test Test pcre /U with anchored regex (bug 155) */ static int UriTestSig16(void) { - Flow f; HtpState *http_state = NULL; uint8_t http_buf1[] = "POST /search?q=123&aq=7123abcee HTTP/1.0\r\n" "User-Agent: Mozilla/1.0/\r\n" @@ -1994,45 +1993,48 @@ static int UriTestSig16(void) "Cookie: hellocatch\r\n\r\n"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; TcpSession ssn; - Packet *p = NULL; Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); memset(&ssn, 0, sizeof(TcpSession)); + StreamTcpInitConfig(TRUE); - p = UTHBuildPacket(http_buf1, http_buf1_len, IPPROTO_TCP); + Packet *p = UTHBuildPacket(http_buf1, http_buf1_len, IPPROTO_TCP); + FAIL_IF_NULL(p); + p->tcph->th_seq = htonl(1000); + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", 41424, 80); + FAIL_IF_NULL(f); + f->proto = IPPROTO_TCP; - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.flags |= FLOW_IPV4; - p->flow = &f; + UTHAddSessionToFlow(f, 1000, 1000); + UTHAddStreamToFlow(f, 0, http_buf1, http_buf1_len); + + p->flow = f; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_HTTP; - - StreamTcpInitConfig(TRUE); + f->alproto = ALPROTO_HTTP; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any (msg:\"ET TROJAN Downadup/Conficker A or B Worm reporting\"; flow:to_server,established; uricontent:\"/search?q=\"; pcre:\"/^\\/search\\?q=[0-9]{1,3}(&aq=7(\\?[0-9a-f]{8})?)?/U\"; pcre:\"/\\x0d\\x0aHost\\: \\d+\\.\\d+\\.\\d+\\.\\d+\\x0d\\x0a/\"; sid:2009024; rev:9;)"); + s = de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any (flow:to_server,established; uricontent:\"/search?q=\"; pcre:\"/^\\/search\\?q=[0-9]{1,3}(&aq=7(\\?[0-9a-f]{8})?)?/U\"; pcre:\"/\\x0d\\x0aHost\\: \\d+\\.\\d+\\.\\d+\\.\\d+\\x0d\\x0a/\"; sid:2009024; rev:9;)"); FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + UTHAddStreamToFlow(f, 0, http_buf2, http_buf2_len); + + int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); FAIL_IF(r != 0); - http_state = f.alstate; + http_state = f->alstate; FAIL_IF_NULL(http_state); /* do detect */ @@ -2043,11 +2045,11 @@ static int UriTestSig16(void) p->payload = http_buf2; p->payload_len = http_buf2_len; - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); FAIL_IF(r != 0); - http_state = f.alstate; + http_state = f->alstate; FAIL_IF_NULL(http_state); /* do detect */ @@ -2058,8 +2060,10 @@ static int UriTestSig16(void) DetectEngineThreadCtxDeinit(&tv, det_ctx); DetectEngineCtxFree(de_ctx); + UTHRemoveSessionFromFlow(f); + UTHFreeFlow(f); + StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); UTHFreePacket(p); PASS; } diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 661a254a3e..3d9f4b76f2 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -1563,30 +1563,29 @@ static int DetectPcreTestSig01(void) "Host: two.example.org\r\n" "\r\n\r\n"; uint16_t buflen = strlen((char *)buf); - TcpSession ssn; Packet *p = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - Flow f; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - memset(&f, 0, sizeof(f)); memset(&th_v, 0, sizeof(th_v)); - memset(&ssn, 0, sizeof(TcpSession)); - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.flags |= FLOW_IPV4; - f.alproto = ALPROTO_HTTP; + StreamTcpInitConfig(TRUE); p = UTHBuildPacket(buf, buflen, IPPROTO_TCP); - p->flow = &f; + FAIL_IF_NULL(p); + p->tcph->th_seq = htonl(1000); + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", 41424, 80); + FAIL_IF_NULL(f); + f->proto = IPPROTO_TCP; + UTHAddSessionToFlow(f, 1000, 1000); + UTHAddStreamToFlow(f, 0, buf, buflen); + + p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - - StreamTcpInitConfig(TRUE); + f->alproto = ALPROTO_HTTP; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF(de_ctx == NULL); @@ -1599,26 +1598,21 @@ static int DetectPcreTestSig01(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER | STREAM_START, buf, buflen); FAIL_IF(r != 0); - FLOWLOCK_UNLOCK(&f); + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); FAIL_IF_NOT(PacketAlertCheck(p, 1) == 1); - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - + AppLayerParserThreadCtxFree(alp_tctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(TRUE); - - FLOW_DESTROY(&f); + UTHRemoveSessionFromFlow(f); + UTHFreeFlow(f); + StreamTcpFreeConfig(TRUE); UTHFreePackets(&p, 1); PASS; } diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index 61227b2a04..c4518a6515 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -964,14 +964,10 @@ end: */ static int DetectUriSigTest05(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - Flow f; HtpState *http_state = NULL; uint8_t httpbuf1[] = "POST /one/two/three HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\nCookie:" " hellocatch\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ - TcpSession ssn; Packet *p = NULL; Signature *s = NULL; ThreadVars th_v; @@ -979,98 +975,67 @@ static int DetectUriSigTest05(void) AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - + StreamTcpInitConfig(TRUE); p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP); + FAIL_IF_NULL(p); p->tcph->th_seq = htonl(1000); + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", 41424, 80); + FAIL_IF_NULL(f); + f->proto = IPPROTO_TCP; - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; + UTHAddSessionToFlow(f, 1000, 1000); + UTHAddStreamToFlow(f, 0, httpbuf1, httplen1); - p->flow = &f; + p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - f.alproto = ALPROTO_HTTP; - f.proto = p->proto; + f->alproto = ALPROTO_HTTP; - StreamTcpInitConfig(TRUE); - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; uricontent:\"foo\"; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; uricontent:\"one\"; content:\"two\"; sid:2;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; uricontent:\"one\"; offset:1; depth:10; " "uricontent:\"two\"; distance:1; within: 4; uricontent:\"three\"; " "distance:1; within: 6; sid:3;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } - FLOWLOCK_UNLOCK(&f); + FAIL_IF(r != 0); + http_state = f->alstate; + FAIL_IF_NULL(http_state); /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - http_state = f.alstate; - if (http_state == NULL) { - printf("no http state: "); - goto end; - } - - if ((PacketAlertCheck(p, 1))) { - printf("sig: 1 alerted, but it should not: "); - goto end; - } else if (! PacketAlertCheck(p, 2)) { - printf("sig: 2 did not alert, but it should: "); - goto end; - } else if (! (PacketAlertCheck(p, 3))) { - printf("sig: 3 did not alert, but it should: "); - goto end; - } + FAIL_IF((PacketAlertCheck(p, 1))); + FAIL_IF(!PacketAlertCheck(p, 2)); + FAIL_IF(!(PacketAlertCheck(p, 3))); - result = 1; -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - if (de_ctx != NULL) SigGroupCleanup(de_ctx); - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineThreadCtxDeinit(&th_v, det_ctx); + DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); + UTHRemoveSessionFromFlow(f); + UTHFreeFlow(f); UTHFreePackets(&p, 1); - return result; + StreamTcpFreeConfig(TRUE); + PASS; } /** \test Check the modifiers for uricontent and content @@ -1078,56 +1043,45 @@ end: */ static int DetectUriSigTest06(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - Flow f; HtpState *http_state = NULL; uint8_t httpbuf1[] = "POST /one/two/three HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\nCookie:" " hellocatch\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ - TcpSession ssn; Packet *p = NULL; Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - TCPHdr tcp_hdr; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - memset(&tcp_hdr, 0, sizeof(tcp_hdr)); - + StreamTcpInitConfig(TRUE); p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP); + FAIL_IF_NULL(p); p->tcph->th_seq = htonl(1000); + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", 41424, 80); + FAIL_IF_NULL(f); + f->proto = IPPROTO_TCP; - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; + UTHAddSessionToFlow(f, 1000, 1000); + UTHAddStreamToFlow(f, 0, httpbuf1, httplen1); - p->flow = &f; + p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - f.alproto = ALPROTO_HTTP; - f.proto = p->proto; + f->alproto = ALPROTO_HTTP; - StreamTcpInitConfig(TRUE); - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"foo\"; content:\"bar\"; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"one\"; offset:1; depth:10; " "content:\"one\"; offset:1; depth:10; " @@ -1136,68 +1090,41 @@ static int DetectUriSigTest06(void) "uricontent:\"three\"; distance:1; within: 6; " "content:\"/three\"; distance:0; within: 7; " "sid:2;)"); + FAIL_IF_NULL(s); - if (s == NULL) { - goto end; - } - - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"one\"; offset:1; depth:10; " "uricontent:\"two\"; distance:1; within: 4; " "uricontent:\"three\"; distance:1; within: 6; " "sid:3;)"); - - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } - FLOWLOCK_UNLOCK(&f); + FAIL_IF(r != 0); + http_state = f->alstate; + FAIL_IF_NULL(http_state); - /* do detect */ + /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - http_state = f.alstate; - if (http_state == NULL) { - printf("no http state: "); - goto end; - } - - if ((PacketAlertCheck(p, 1))) { - printf("sig: 1 alerted, but it should not:"); - goto end; - } else if (! PacketAlertCheck(p, 2)) { - printf("sig: 2 did not alert, but it should:"); - goto end; - } else if (! (PacketAlertCheck(p, 3))) { - printf("sig: 3 did not alert, but it should:"); - goto end; - } + FAIL_IF((PacketAlertCheck(p, 1))); + FAIL_IF(!PacketAlertCheck(p, 2)); + FAIL_IF(!(PacketAlertCheck(p, 3))); - result = 1; -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - if (de_ctx != NULL) SigGroupCleanup(de_ctx); - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); - if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineThreadCtxDeinit(&th_v, det_ctx); + DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); + UTHRemoveSessionFromFlow(f); + UTHFreeFlow(f); UTHFreePackets(&p, 1); - return result; + StreamTcpFreeConfig(TRUE); + PASS; } /** \test Check the modifiers for uricontent and content @@ -1205,13 +1132,10 @@ end: */ static int DetectUriSigTest07(void) { - int result = 0; - Flow f; HtpState *http_state = NULL; uint8_t httpbuf1[] = "POST /one/two/three HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\nCookie:" " hellocatch\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ - TcpSession ssn; Packet *p = NULL; Signature *s = NULL; ThreadVars th_v; @@ -1219,38 +1143,34 @@ static int DetectUriSigTest07(void) AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); + StreamTcpInitConfig(TRUE); p = UTHBuildPacket(httpbuf1, httplen1, IPPROTO_TCP); + FAIL_IF_NULL(p); + p->tcph->th_seq = htonl(1000); + Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1", 41424, 80); + FAIL_IF_NULL(f); + f->proto = IPPROTO_TCP; - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.flags |= FLOW_IPV4; + UTHAddSessionToFlow(f, 1000, 1000); + UTHAddStreamToFlow(f, 0, httpbuf1, httplen1); - p->flow = &f; + p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - f.alproto = ALPROTO_HTTP; - - StreamTcpInitConfig(TRUE); + f->alproto = ALPROTO_HTTP; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"foo\"; content:\"bar\"; sid:1;)"); - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"one\"; offset:1; depth:10; " "content:\"one\"; offset:1; depth:10; " @@ -1259,68 +1179,41 @@ static int DetectUriSigTest07(void) "uricontent:\"three\"; distance:1; within: 6; " "content:\"/three\"; distance:0; within: 7; " "sid:2;)"); + FAIL_IF_NULL(s); - if (s == NULL) { - goto end; - } - - s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:" + s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"one\"; offset:1; depth:10; " "uricontent:\"two\"; distance:1; within: 4; " "uricontent:\"six\"; distance:1; within: 6; " "sid:3;)"); - - if (s == NULL) { - goto end; - } + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_HTTP, + int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } - FLOWLOCK_UNLOCK(&f); + FAIL_IF(r != 0); + http_state = f->alstate; + FAIL_IF_NULL(http_state); /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - http_state = f.alstate; - if (http_state == NULL) { - printf("no http state: "); - goto end; - } + FAIL_IF((PacketAlertCheck(p, 1))); + FAIL_IF((PacketAlertCheck(p, 2))); + FAIL_IF((PacketAlertCheck(p, 3))); - if (PacketAlertCheck(p, 1)) { - printf("sig: 1 alerted, but it should not:"); - goto end; - } else if (PacketAlertCheck(p, 2)) { - printf("sig: 2 alerted, but it should not:"); - goto end; - } else if (PacketAlertCheck(p, 3)) { - printf("sig: 3 alerted, but it should not:"); - goto end; - } - - result = 1; -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - if (de_ctx != NULL) SigGroupCleanup(de_ctx); - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); - if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineThreadCtxDeinit(&th_v, det_ctx); + DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); + UTHRemoveSessionFromFlow(f); + UTHFreeFlow(f); UTHFreePackets(&p, 1); - return result; + StreamTcpFreeConfig(TRUE); + PASS; } /**