static int FlowStorageTest02(void) {
Flow *f = NULL;
StorageInit();
int id1 = FlowStorageRegister("test", sizeof(void *), NULL, StorageTestFree);
if (id1 < 0)
goto error;
if (StorageFinalize() < 0)
goto error;
FlowInitConfig(FLOW_QUIET);
f = FlowAlloc();
if (f == NULL) {
goto error;
}
void *ptr = FlowGetStorageById(f, id1);
if (ptr != NULL) {
goto error;
}
void *ptr1a = SCMalloc(128);
if (ptr1a == NULL) {
goto error;
}
FlowSetStorageById(f, id1, ptr1a);
void *ptr1b = FlowGetStorageById(f, id1);
if (ptr1a != ptr1b) {
goto error;
}
FlowClearMemory(f, 0);
FlowFree(f);
FlowShutdown();
StorageCleanup();
return 1;
error:
if (f != NULL) {
FlowClearMemory(f, 0);
FlowFree(f);
}
FlowShutdown();
StorageCleanup();
return 0;
}
/**
* \test HOP header decode
*/
static int DecodeIPV6HopTest01 (void)
{
uint8_t raw_pkt1[] = {
0x60,0x00,0x00,0x00,0x00,0x20,0x00,0x01,0xfe,0x80,0x00,0x00,0x00,0x00,0x00,0x00,
0x02,0x0f,0xfe,0xff,0xfe,0x98,0x3d,0x01,0xff,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x3a,0x00,0xff, /* 0xff is a nonsene opt */
0x02,0x00,0x00,0x00,0x00,
0x82,0x00,0x1c,0x6f,0x27,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
Packet *p1 = PacketGetFromAlloc();
FAIL_IF(unlikely(p1 == NULL));
ThreadVars tv;
DecodeThreadVars dtv;
PacketQueue pq;
FlowInitConfig(FLOW_QUIET);
memset(&pq, 0, sizeof(PacketQueue));
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));
DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
FAIL_IF (!(ENGINE_ISSET_EVENT(p1, IPV6_HOPOPTS_UNKNOWN_OPT)));
PACKET_RECYCLE(p1);
SCFree(p1);
FlowShutdown();
PASS;
}
/**
* \test DecodeVLANTest02 test a good vlan header.
*
* \retval 1 on success
* \retval 0 on failure
*/
static int DecodeVLANtest03 (void) {
uint8_t raw_vlan[] = {
0x00, 0x20, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34,
0x3b, 0x36, 0x40, 0x00, 0x40, 0x06, 0xb7, 0xc9,
0x83, 0x97, 0x20, 0x81, 0x83, 0x97, 0x20, 0x15,
0x04, 0x8a, 0x17, 0x70, 0x4e, 0x14, 0xdf, 0x55,
0x4d, 0x3d, 0x5a, 0x61, 0x80, 0x10, 0x6b, 0x50,
0x3c, 0x4c, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a,
0x00, 0x04, 0xf0, 0xc8, 0x01, 0x99, 0xa3, 0xf3
};
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
DecodeVLAN(&tv, &dtv, p, raw_vlan, sizeof(raw_vlan), NULL);
if(p->vlanh == NULL) {
goto error;
}
if(ENGINE_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
goto error;
}
if(ENGINE_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
goto error;
}
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 1;
error:
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 0;
}
/** \test icmpv6 message type: parameter problem, invalid packet
* \brief set the event ICMPV6_IPV6_UNKNOWN_VER properly when the embedded packet has an unknown version
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6ParamProbTest02(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x38, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x04, 0x00, 0xcc, 0x2a, 0x6d, 0x93, 0x0b, 0xdf,
0x38, 0x70, 0x12, 0xb7, 0x00, 0x08, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x80, 0x00, 0x08, 0xb5, 0x99, 0xc3, 0xde, 0x40
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (p->icmpv6h == NULL) {
SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6");
retval = 0;
goto end;
}
if (ICMPV6_GET_TYPE(p) != 4 || ICMPV6_GET_CODE(p) != 0) {
SCLogDebug("ICMPv6 Not processed at all");
retval = 0;
goto end;
}
if (!DECODER_ISSET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER)) {
SCLogDebug("ICMPv6 Error: Unknown embedded ipv6 version event not set");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/** DecodeRawtest01
* \brief Valid Raw packet
* \retval 0 Expected test value
*/
static int DecodeRawTest01 (void) {
/* IPV6/TCP/no eth header */
uint8_t raw_ip[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x28, 0x06, 0x40,
0x20, 0x01, 0x06, 0x18, 0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x51, 0x99, 0xcc, 0x70,
0x20, 0x01, 0x06, 0x18, 0x00, 0x01, 0x80, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
0x8c, 0x9b, 0x00, 0x50, 0x6a, 0xe7, 0x07, 0x36,
0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0x30,
0x29, 0x9c, 0x00, 0x00, 0x02, 0x04, 0x05, 0x8c,
0x04, 0x02, 0x08, 0x0a, 0x00, 0xdd, 0x1a, 0x39,
0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x02 };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
if (PacketCopyData(p, raw_ip, sizeof(raw_ip)) == -1) {
SCFree(p);
return 1;
}
FlowInitConfig(FLOW_QUIET);
DecodeRaw(&tv, &dtv, p, raw_ip, GET_PKT_LEN(p), NULL);
if (p->ip6h == NULL) {
printf("expected a valid ipv6 header but it was NULL: ");
FlowShutdown();
SCFree(p);
return 1;
}
FlowShutdown();
SCFree(p);
return 0;
}
/** DecodeRawtest03
* \brief Valid Raw packet
* \retval 0 Expected test value
*/
static int DecodeRawTest03 (void) {
/* IPV13 */
uint8_t raw_ip[] = {
0xdf, 0x00, 0x00, 0x3d, 0x49, 0x42, 0x40, 0x00,
0x40, 0x06, 0xcf, 0x8a, 0x0a, 0x1f, 0x03, 0xaf,
0x0a, 0x1f, 0x0a, 0x02, 0xa5, 0xe7, 0xde, 0xad,
0x00, 0x0c, 0xe2, 0x0e, 0x8b, 0xfe, 0x0c, 0xe7,
0x80, 0x18, 0x00, 0xb7, 0xaf, 0xeb, 0x00, 0x00,
0x01, 0x01, 0x08, 0x0a, 0x00, 0x08, 0xab, 0x4f,
0x34, 0x40, 0x67, 0x31, 0x3b, 0x63, 0x61, 0x74,
0x20, 0x6b, 0x65, 0x79, 0x3b };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
if (PacketCopyData(p, raw_ip, sizeof(raw_ip)) == -1) {
SCFree(p);
return 1;
}
FlowInitConfig(FLOW_QUIET);
DecodeRaw(&tv, &dtv, p, raw_ip, GET_PKT_LEN(p), NULL);
if (ENGINE_ISSET_EVENT(p,IPRAW_INVALID_IPV)) {
FlowShutdown();
SCFree(p);
return 0;
} else {
printf("expected IPRAW_INVALID_IPV to be set but it wasn't: ");
}
FlowShutdown();
SCFree(p);
return 1;
}
/** DecodeRawtest02
* \brief Valid Raw packet
* \retval 0 Expected test value
*/
static int DecodeRawTest02 (void)
{
/* IPV4/TCP/no eth header */
uint8_t raw_ip[] = {
0x45, 0x00, 0x00, 0x30, 0x00, 0xad, 0x40, 0x00,
0x7f, 0x06, 0xac, 0xc5, 0xc0, 0xa8, 0x67, 0x02,
0xc0, 0xa8, 0x66, 0x02, 0x0b, 0xc7, 0x00, 0x50,
0x1d, 0xb3, 0x12, 0x37, 0x00, 0x00, 0x00, 0x00,
0x70, 0x02, 0x40, 0x00, 0xb8, 0xc8, 0x00, 0x00,
0x02, 0x04, 0x05, 0xb4, 0x01, 0x01, 0x04, 0x02 };
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
if (PacketCopyData(p, raw_ip, sizeof(raw_ip)) == -1) {
SCFree(p);
return 0;
}
FlowInitConfig(FLOW_QUIET);
DecodeRaw(&tv, &dtv, p, raw_ip, GET_PKT_LEN(p), NULL);
if (p->ip4h == NULL) {
printf("expected a valid ipv4 header but it was NULL: ");
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 0;
}
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 1;
}
/**
* \test routing header decode
*/
static int DecodeIPV6RouteTest01 (void) {
uint8_t raw_pkt1[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x2b, 0x40,
0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb2, 0xed, 0x00, 0x50, 0x1b, 0xc7, 0x6a, 0xdf,
0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00,
0xfa, 0x87, 0x00, 0x00,
};
Packet *p1 = SCMalloc(SIZE_OF_PACKET);
if (p1 == NULL)
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int result = 0;
PacketQueue pq;
FlowInitConfig(FLOW_QUIET);
memset(&pq, 0, sizeof(PacketQueue));
memset(&tv, 0, sizeof(ThreadVars));
memset(p1, 0, SIZE_OF_PACKET);
p1->pkt = (uint8_t *)(p1 + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
PACKET_INITIALIZE(p1);
PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));
DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
if (!(IPV6_EXTHDR_ISSET_RH(p1))) {
printf("ipv6 routing header not detected: ");
goto end;
}
if (p1->ip6eh.ip6_exthdrs[0].len != 8) {
printf("ipv6 routing length incorrect: ");
goto end;
}
result = 1;
end:
PACKET_CLEANUP(p1);
SCFree(p1);
FlowShutdown();
return result;
}
/** \test icmpv6 message type: packet too big, invalid packet
* \brief Set the event ICMPV6_UNKNOWN_CODE if code is invalid for this type
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6PktTooBigTest02(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x30, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x02, 0x10, 0x5c, 0x7a, 0x00, 0x00, 0x05, 0x00,
0x64, 0x14, 0xfd, 0xff, 0x00, 0x00, 0x3b, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (p->icmpv6h == NULL) {
SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6");
retval = 0;
goto end;
}
if (!DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
SCLogDebug("ICMPv6 Error: Unknown code event not set");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/**\test icmpv6 message type: echo reply, valid packet
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6EchoRepTest01(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x08, 0x3a,
0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xff, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x81, 0x00,
0xe5, 0xa5, 0x25, 0xf0, 0x75, 0x23
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (p->icmpv6h == NULL) {
SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6");
retval = 0;
goto end;
}
SCLogDebug("type: %u code %u ID: %u seq: %u", ICMPV6_GET_TYPE(p),
ICMPV6_GET_CODE(p),ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p));
if (ICMPV6_GET_TYPE(p) != 129 || ICMPV6_GET_CODE(p) != 0 ||
ICMPV6_GET_ID(p) != 61477 || ICMPV6_GET_SEQ(p) != 29987) {
SCLogDebug("ICMPv6 Echo reply decode failed");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/** DecodePPPtest03
* \brief Decode good PPP packet, additionally the IPv4 packet inside is
* 4 bytes short.
* \retval 0 Test failed
* \retval 1 Test succeeded
*/
static int DecodePPPtest03 (void)
{
uint8_t raw_ppp[] = { 0xff, 0x03, 0x00, 0x21, 0x45, 0xc0, 0x00, 0x2c, 0x4d,
0xed, 0x00, 0x00, 0xff, 0x06, 0xd5, 0x17, 0xbf, 0x01,
0x0d, 0x01, 0xbf, 0x01, 0x0d, 0x03, 0xea, 0x37, 0x00,
0x17, 0x6d, 0x0b, 0xba, 0xc3, 0x00, 0x00, 0x00, 0x00,
0x60, 0x02, 0x10, 0x20, 0xdd, 0xe1, 0x00, 0x00 };
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
DecodePPP(&tv, &dtv, p, raw_ppp, sizeof(raw_ppp), NULL);
FlowShutdown();
if(p->ppph == NULL) {
SCFree(p);
return 0;
}
if(ENGINE_ISSET_EVENT(p,PPP_PKT_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(ENGINE_ISSET_EVENT(p,PPPIPV4_PKT_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(ENGINE_ISSET_EVENT(p,PPP_WRONG_TYPE)) {
SCFree(p);
return 0;
}
if (!(ENGINE_ISSET_EVENT(p,IPV4_TRUNC_PKT))) {
SCFree(p);
return 0;
}
/* Function must return here */
SCFree(p);
return 1;
}
/**
* \test HOP header decode
*/
static int DecodeIPV6HopTest01 (void)
{
uint8_t raw_pkt1[] = {
0x60,0x00,0x00,0x00,0x00,0x20,0x00,0x01,0xfe,0x80,0x00,0x00,0x00,0x00,0x00,0x00,
0x02,0x0f,0xfe,0xff,0xfe,0x98,0x3d,0x01,0xff,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x3a,0x00,0x05,0x02,0x00,0x00,0x00,0x00,
0x82,0x00,0x1c,0x6f,0x27,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
Packet *p1 = PacketGetFromAlloc();
if (unlikely(p1 == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int result = 0;
PacketQueue pq;
FlowInitConfig(FLOW_QUIET);
memset(&pq, 0, sizeof(PacketQueue));
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));
DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
if (!(IPV6_EXTHDR_ISSET_HH(p1))) {
printf("ipv6 routing header not detected: ");
goto end;
}
if (p1->ip6eh.ip6_exthdrs[0].len != 8) {
printf("ipv6 routing length incorrect: ");
goto end;
}
if (ENGINE_ISSET_EVENT(p1, IPV6_HOPOPTS_UNKNOWN_OPT)) {
printf("engine event IPV6_HOPOPTS_UNKNOWN_OPT set: ");
goto end;
}
result = 1;
end:
PACKET_RECYCLE(p1);
SCFree(p1);
FlowShutdown();
return result;
}
/**\test icmpv6 packet decoding and setting up of payload_len and payload buufer
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6PayloadTest01(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x01, 0x00, 0x7b, 0x85, 0x00, 0x00, 0x00, 0x00,
0x60, 0x4b, 0xe8, 0xbd, 0x00, 0x00, 0x3b, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (p->payload == NULL) {
printf("payload == NULL, expected non-NULL: ");
goto end;
}
if (p->payload_len != 37) {
printf("payload_len %"PRIu16", expected 37: ", p->payload_len);
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/** DecodeICMPV4test01
* \brief
* \retval 1 Expected test value
*/
static int DecodeICMPV4test01(void)
{
uint8_t raw_icmpv4[] = {
0x08, 0x00, 0x78, 0x47, 0xfc, 0x55, 0x00, 0x04,
0x52, 0xab, 0x86, 0x4a, 0x84, 0x50, 0x0e, 0x00,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
0xab };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int ret = 0;
IPV4Hdr ip4h;
memset(&ip4h, 0, sizeof(IPV4Hdr));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
memset(&ip4h, 0, sizeof(IPV4Hdr));
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
if (NULL!=p->icmpv4h) {
if (p->icmpv4h->type==8 && p->icmpv4h->code==0) {
ret = 1;
}
}
FlowShutdown();
SCFree(p);
return ret;
}
static int ICMPV4InvalidType07(void)
{
uint8_t raw_icmpv4[] = {
0xff, 0x00, 0xab, 0x9b, 0x7f, 0x2b, 0x05, 0x2c,
0x3f, 0x72, 0x93, 0x4a, 0x00, 0x4d, 0x0a, 0x00,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x38};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int ret = 0;
IPV4Hdr ip4h;
memset(&ip4h, 0, sizeof(IPV4Hdr));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
if(ENGINE_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
ret = 1;
}
FlowShutdown();
SCFree(p);
return ret;
}
/** DecodeICMPV4test02
* \brief
* \retval 1 Expected test value
*/
static int DecodeICMPV4test02(void)
{
uint8_t raw_icmpv4[] = {
0x00, 0x00, 0x57, 0x64, 0xfb, 0x55, 0x00, 0x03,
0x43, 0xab, 0x86, 0x4a, 0xf6, 0x49, 0x02, 0x00,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int ret = 0;
IPV4Hdr ip4h;
memset(&ip4h, 0, sizeof(IPV4Hdr));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
if (NULL!=p->icmpv4h) {
if (p->icmpv4h->type==0 && p->icmpv4h->code==0) {
ret = 1;
}
}
FlowShutdown();
SCFree(p);
return ret;
}
/**
* \brief UTHBuildPacketOfFlowsTest01 wrapper to check packets for unittests
*/
int UTHBuildPacketOfFlowsTest01(void)
{
int result = 0;
FlowInitConfig(FLOW_QUIET);
uint32_t flow_spare_q_len = flow_spare_q.len;
UTHBuildPacketOfFlows(0, 100, 0);
if (flow_spare_q.len != flow_spare_q_len - 100)
result = 0;
else
result = 1;
FlowShutdown();
return result;
}
/** \test Get the wscale of 2 */
static int TCPGetWscaleTest01(void)
{
int retval = 0;
static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x58,
0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0xd0,
0x8a, 0xaf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
0x04, 0x02, 0x08, 0x0a, 0x00, 0x62, 0x88, 0x28,
0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x02};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV4Hdr ip4h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip4h, 0, sizeof(IPV4Hdr));
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->ip4h = &ip4h;
FlowInitConfig(FLOW_QUIET);
DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
FlowShutdown();
if (p->tcph == NULL) {
printf("tcp packet decode failed: ");
goto end;
}
uint8_t wscale = TCP_GET_WSCALE(p);
if (wscale != 2) {
printf("wscale %"PRIu8", expected 2: ", wscale);
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/**\test icmpv6 message type: destination unreach, invalid packet
* \brief The embedded packet header (ipv6) is truncated
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6DestUnreachTest02(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x01, 0x00, 0x7b, 0x85, 0x00, 0x00, 0x00, 0x00,
0x60, 0x4b, 0xe8, 0xbd, 0x00, 0x00, 0x3b, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT)) {
SCLogDebug("ICMPv6 Error: embedded ipv6 truncated packet event not set");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/** DecodePPPOEtest02
* \brief Valid PPPOE packet - check the invalid ICMP type encapsulated is flagged
* \retval 0 Expected test value
*/
static int DecodePPPOEtest02 (void) {
uint8_t raw_pppoe[] = {
0x11, 0x00, 0x00, 0x01, 0x00, 0x40, 0x00, 0x21,
0x45, 0x00, 0x00, 0x3c, 0x05, 0x5c, 0x00, 0x00,
0x20, 0x01, 0xff, 0x30, 0xc0, 0xa8, 0x0a, 0x7f,
0xc0, 0xa8, 0x0a, 0x65, 0xab, 0xcd, 0x16, 0x5e,
0x02, 0x00, 0x37, 0x00, 0x41, 0x42, 0x43, 0x44,
0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c,
0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54,
0x55, 0x56, 0x57, 0x41, 0x42, 0x43, 0x44, 0x45,
0x46, 0x47, 0x48, 0x49 };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
int ret = 0;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
goto end;
}
// and we insist that the invalid ICMP encapsulated (type 0xab, code 0xcd) is flagged
if(! DECODER_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
goto end;
}
ret = 1;
end:
FlowShutdown();
SCFree(p);
return ret;
}
/**
* \test DecodeVLANTest02 test a good vlan header.
*
* \retval 1 on success
* \retval 0 on failure
*/
static int DecodeVLANtest03 (void) {
uint8_t raw_vlan[] = {
0x00, 0x20, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34,
0x3b, 0x36, 0x40, 0x00, 0x40, 0x06, 0xb7, 0xc9,
0x83, 0x97, 0x20, 0x81, 0x83, 0x97, 0x20, 0x15,
0x04, 0x8a, 0x17, 0x70, 0x4e, 0x14, 0xdf, 0x55,
0x4d, 0x3d, 0x5a, 0x61, 0x80, 0x10, 0x6b, 0x50,
0x3c, 0x4c, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a,
0x00, 0x04, 0xf0, 0xc8, 0x01, 0x99, 0xa3, 0xf3};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
FlowInitConfig(FLOW_QUIET);
DecodeVLAN(&tv, &dtv, p, raw_vlan, sizeof(raw_vlan), NULL);
FlowShutdown();
if(p->vlanh == NULL) {
SCFree(p);
return 0;
}
if(DECODER_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(DECODER_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
SCFree(p);
return 0;
}
SCFree(p);
return 1;
}
/** \test Get the wscale, but it's missing, so see if return 0 properly */
static int TCPGetWscaleTest03(void)
{
int retval = 0;
static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x59,
0xdd, 0xa3, 0x6f, 0xf8, 0x80, 0x10, 0x05, 0xb4,
0x7c, 0x70, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a,
0x00, 0x62, 0x88, 0x9e, 0x00, 0x00, 0x00, 0x00};
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
IPV4Hdr ip4h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip4h, 0, sizeof(IPV4Hdr));
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->ip4h = &ip4h;
FlowInitConfig(FLOW_QUIET);
DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
if (p->tcph == NULL) {
printf("tcp packet decode failed: ");
goto end;
}
uint8_t wscale = TCP_GET_WSCALE(p);
if (wscale != 0) {
printf("wscale %"PRIu8", expected 0: ", wscale);
goto end;
}
retval = 1;
end:
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return retval;
}
/** \test icmpv6 message type: time exceed, invalid packet
* \brief set the event ICMPV6_PKT_TOO_SMALL properly
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6TimeExceedTest02(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x03, 0x3a, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x02, 0x10, 0x5c
};
/* The icmpv6 header is broken in the checksum (so we dont have a complete header) */
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_PKT_TOO_SMALL)) {
SCLogDebug("ICMPv6 Error: event packet too small not set");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/**\test icmpv6 message type: echo request, invalid packet
* \brief unknown code
* \retval retval 0 = Error ; 1 = ok
*/
static int ICMPV6EchoReqTest02(void)
{
int retval = 0;
static uint8_t raw_ipv6[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x08, 0x3a,
0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xff, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x80, 0x01,
0xe5, 0xa5, 0x25, 0xf0, 0x75, 0x23
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
IPV6Hdr ip6h;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ip6h, 0, sizeof(IPV6Hdr));
FlowInitConfig(FLOW_QUIET);
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
SCLogDebug("ICMPv6 Error: Unknown code event not set");
retval = 0;
goto end;
}
retval = 1;
end:
SCFree(p);
return retval;
}
/**
* \test routing header decode
*/
static int DecodeIPV6RouteTest01 (void)
{
uint8_t raw_pkt1[] = {
0x60, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x2b, 0x40,
0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb2, 0xed, 0x00, 0x50, 0x1b, 0xc7, 0x6a, 0xdf,
0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00,
0xfa, 0x87, 0x00, 0x00,
};
Packet *p1 = PacketGetFromAlloc();
FAIL_IF(unlikely(p1 == NULL));
ThreadVars tv;
DecodeThreadVars dtv;
PacketQueue pq;
FlowInitConfig(FLOW_QUIET);
memset(&pq, 0, sizeof(PacketQueue));
memset(&tv, 0, sizeof(ThreadVars));
memset(&dtv, 0, sizeof(DecodeThreadVars));
PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));
DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
FAIL_IF (!(IPV6_EXTHDR_ISSET_RH(p1)));
FAIL_IF (p1->ip6eh.rh_type != 0);
PACKET_RECYCLE(p1);
SCFree(p1);
FlowShutdown();
PASS;
}
/**
* \test fragment decoding
*/
static int DecodeIPV6FragTest01 (void) {
uint8_t raw_frag1[] = {
0x60, 0x0f, 0x1a, 0xcf, 0x05, 0xa8, 0x2c, 0x36, 0x20, 0x01, 0x04, 0x70, 0x00, 0x01, 0x00, 0x18,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, 0x09, 0x80, 0x32, 0xb2, 0x00, 0x01,
0x2e, 0x41, 0x38, 0xff, 0xfe, 0xa7, 0xea, 0xeb, 0x06, 0x00, 0x00, 0x01, 0xdf, 0xf8, 0x11, 0xd7,
0x00, 0x50, 0xa6, 0x5c, 0xcc, 0xd7, 0x28, 0x9f, 0xc3, 0x34, 0xc6, 0x58, 0x80, 0x10, 0x20, 0x13,
0x18, 0x1f, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0xcd, 0xf9, 0x3a, 0x41, 0x00, 0x1a, 0x91, 0x8a,
0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x31, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, 0x20, 0x46, 0x72, 0x69, 0x2c, 0x20, 0x30, 0x32, 0x20, 0x44,
0x65, 0x63, 0x20, 0x32, 0x30, 0x31, 0x31, 0x20, 0x30, 0x38, 0x3a, 0x33, 0x32, 0x3a, 0x35, 0x37,
0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x3a, 0x20, 0x41, 0x70,
0x61, 0x63, 0x68, 0x65, 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d, 0x43, 0x6f, 0x6e, 0x74,
0x72, 0x6f, 0x6c, 0x3a, 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68, 0x65, 0x0d, 0x0a, 0x50,
0x72, 0x61, 0x67, 0x6d, 0x61, 0x3a, 0x20, 0x6e, 0x6f, 0x2d, 0x63, 0x61, 0x63, 0x68, 0x65, 0x0d,
0x0a, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x3a, 0x20, 0x54, 0x68, 0x75, 0x2c, 0x20, 0x30,
0x31, 0x20, 0x4a, 0x61, 0x6e, 0x20, 0x31, 0x39, 0x37, 0x31, 0x20, 0x30, 0x30, 0x3a, 0x30, 0x30,
0x3a, 0x30, 0x30, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x3a, 0x20, 0x31, 0x35, 0x39, 0x39, 0x0d, 0x0a, 0x4b,
0x65, 0x65, 0x70, 0x2d, 0x41, 0x6c, 0x69, 0x76, 0x65, 0x3a, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x6f,
0x75, 0x74, 0x3d, 0x35, 0x2c, 0x20, 0x6d, 0x61, 0x78, 0x3d, 0x39, 0x39, 0x0d, 0x0a, 0x43, 0x6f,
0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x4b, 0x65, 0x65, 0x70, 0x2d, 0x41,
0x6c, 0x69, 0x76, 0x65, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79,
0x70, 0x65, 0x3a, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f,
0x6a, 0x61, 0x76, 0x61, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x3b, 0x63, 0x68, 0x61, 0x72, 0x73,
0x65, 0x74, 0x3d, 0x61, 0x73, 0x63, 0x69, 0x69, 0x0d, 0x0a, 0x0d, 0x0a, 0x5f, 0x6a, 0x71, 0x6a,
0x73, 0x70, 0x28, 0x7b, 0x22, 0x69, 0x70, 0x22, 0x3a, 0x22, 0x32, 0x30, 0x30, 0x31, 0x3a, 0x39,
0x38, 0x30, 0x3a, 0x33, 0x32, 0x62, 0x32, 0x3a, 0x31, 0x3a, 0x32, 0x65, 0x34, 0x31, 0x3a, 0x33,
0x38, 0x66, 0x66, 0x3a, 0x66, 0x65, 0x61, 0x37, 0x3a, 0x65, 0x61, 0x65, 0x62, 0x22, 0x2c, 0x22,
0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x69, 0x70, 0x76, 0x36, 0x22, 0x2c, 0x22, 0x73, 0x75,
0x62, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x22, 0x2c, 0x22, 0x76, 0x69, 0x61, 0x22, 0x3a,
0x22, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x22, 0x3a, 0x22, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
uint8_t raw_frag2[] = {
0x60, 0x0f, 0x1a, 0xcf, 0x00, 0x1c, 0x2c, 0x36, 0x20, 0x01, 0x04, 0x70, 0x00, 0x01, 0x00, 0x18,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, 0x09, 0x80, 0x32, 0xb2, 0x00, 0x01,
0x2e, 0x41, 0x38, 0xff, 0xfe, 0xa7, 0xea, 0xeb, 0x06, 0x00, 0x05, 0xa0, 0xdf, 0xf8, 0x11, 0xd7,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20,
};
Packet *p1 = SCMalloc(SIZE_OF_PACKET);
if (p1 == NULL)
return 0;
Packet *p2 = SCMalloc(SIZE_OF_PACKET);
if (p2 == NULL) {
SCFree(p1);
return 0;
}
ThreadVars tv;
DecodeThreadVars dtv;
int result = 0;
PacketQueue pq;
FlowInitConfig(FLOW_QUIET);
memset(&pq, 0, sizeof(PacketQueue));
memset(&tv, 0, sizeof(ThreadVars));
memset(p1, 0, SIZE_OF_PACKET);
p1->pkt = (uint8_t *)(p1 + 1);
memset(p2, 0, SIZE_OF_PACKET);
p2->pkt = (uint8_t *)(p2 + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
PACKET_INITIALIZE(p1);
PACKET_INITIALIZE(p2);
PacketCopyData(p1, raw_frag1, sizeof(raw_frag1));
PacketCopyData(p2, raw_frag2, sizeof(raw_frag2));
DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
if (!(IPV6_EXTHDR_ISSET_FH(p1))) {
printf("ipv6 frag header not detected: ");
goto end;
}
DecodeIPV6(&tv, &dtv, p2, GET_PKT_DATA(p2), GET_PKT_LEN(p2), &pq);
if (!(IPV6_EXTHDR_ISSET_FH(p2))) {
printf("ipv6 frag header not detected: ");
goto end;
}
if (pq.len != 1) {
printf("no reassembled packet: ");
goto end;
}
result = 1;
end:
PACKET_CLEANUP(p1);
PACKET_CLEANUP(p2);
SCFree(p1);
SCFree(p2);
FlowShutdown();
return result;
}
/**
* \test FragBitsTestParse04 test if DONT FRAG is not set. Must fails.
*
* \retval 1 on success
* \retval 0 on failure
*/
static int FragBitsTestParse04 (void) {
uint8_t raw_eth[] = {
0x00 ,0x40 ,0x33 ,0xd9 ,0x7c ,0xfd ,0x00 ,0x00,
0x39 ,0xcf ,0xd9 ,0xcd ,0x08 ,0x00 ,0x45 ,0x00,
0x01 ,0x13 ,0x9c ,0x5d ,0x40 ,0x00 ,0xf6 ,0x11,
0x44 ,0xca ,0x97 ,0xa4 ,0x01 ,0x08 ,0x0a ,0x00,
0x00 ,0x06 ,0x00 ,0x35 ,0x04 ,0x0b ,0x00 ,0xff,
0x3c ,0x87 ,0x7d ,0x9e ,0x85 ,0x80 ,0x00 ,0x01,
0x00 ,0x01 ,0x00 ,0x05 ,0x00 ,0x05 ,0x06 ,0x70,
0x69 ,0x63 ,0x61 ,0x72 ,0x64 ,0x07 ,0x75 ,0x74,
0x68 ,0x73 ,0x63 ,0x73 ,0x61 ,0x03 ,0x65 ,0x64,
0x75 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0xc0 ,0x0c,
0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10,
0x00 ,0x04 ,0x81 ,0x6f ,0x1e ,0x1b ,0x07 ,0x75,
0x74 ,0x68 ,0x73 ,0x63 ,0x73 ,0x61 ,0x03 ,0x65,
0x64 ,0x75 ,0x00 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x09 ,0x06 ,0x6b ,0x65,
0x6e ,0x6f ,0x62 ,0x69 ,0xc0 ,0x34 ,0xc0 ,0x34,
0x00 ,0x02 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10,
0x00 ,0x07 ,0x04 ,0x6a ,0x69 ,0x6e ,0x6e ,0xc0,
0x34 ,0xc0 ,0x34 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x0c ,0x04 ,0x64 ,0x6e,
0x73 ,0x31 ,0x04 ,0x6e ,0x6a ,0x69 ,0x74 ,0xc0,
0x3c ,0xc0 ,0x34 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x08 ,0x05 ,0x65 ,0x6c,
0x7a ,0x69 ,0x70 ,0xc0 ,0x34 ,0xc0 ,0x34 ,0x00,
0x02 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10 ,0x00,
0x08 ,0x05 ,0x61 ,0x72 ,0x77 ,0x65 ,0x6e ,0xc0,
0x34 ,0xc0 ,0x4b ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x1a,
0x06 ,0xc0 ,0x60 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x1a,
0x07 ,0xc0 ,0x73 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x01 ,0x03 ,0x82 ,0x00 ,0x04 ,0x80 ,0xeb ,0xfb,
0x0a ,0xc0 ,0x8b ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x01,
0x0b ,0xc0 ,0x9f ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x0b,
0x51
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
IPV4Hdr ipv4h;
int ret = 0;
DetectFragBitsData *de = NULL;
SigMatch *sm = NULL;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
dtv.app_tctx = AppLayerGetCtxThread(&tv);
p->ip4h = &ipv4h;
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);
de = DetectFragBitsParse("!D");
if (de == NULL || (de->fragbits != FRAGBITS_HAVE_DF) || (de->modifier != MODIFIER_NOT))
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FRAGBITS;
sm->ctx = (void *)de;
ret = DetectFragBitsMatch(&tv,NULL,p,NULL,sm);
if(ret) {
if (de) SCFree(de);
if (sm) SCFree(sm);
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 1;
}
error:
if (de) SCFree(de);
if (sm) SCFree(sm);
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 0;
}
/**
* \test Test packet Matches
* \param raw_eth_pkt pointer to the ethernet packet
* \param pktsize size of the packet
* \param sig pointer to the signature to test
* \param sid sid number of the signature
* \retval return 1 if match
* \retval return 0 if not
*/
int DetectReplaceLongPatternMatchTest(uint8_t *raw_eth_pkt, uint16_t pktsize, char *sig,
uint32_t sid, uint8_t *pp, uint16_t *len)
{
int result = 0;
Packet *p = NULL;
p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
if (pp == NULL) {
SCLogDebug("replace: looks like a second run");
}
PacketCopyData(p, raw_eth_pkt, pktsize);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&th_v, &dtv, p, GET_PKT_DATA(p), pktsize, NULL);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, sig);
if (de_ctx->sig_list == NULL) {
goto end;
}
de_ctx->sig_list->next = NULL;
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_CONTENT) {
DetectContentData *co = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
if (co->flags & DETECT_CONTENT_RELATIVE_NEXT) {
printf("relative next flag set on final match which is content: ");
goto end;
}
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, sid) != 1) {
SCLogDebug("replace: no alert on sig %d", sid);
goto end;
}
if (pp) {
memcpy(pp, GET_PKT_DATA(p), GET_PKT_LEN(p));
*len = pktsize;
SCLogDebug("replace: copying %d on %p", *len, pp);
}
result = 1;
end:
if (de_ctx != NULL)
{
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
}
FlowShutdown();
SCFree(p);
return result;
}
static int Unified2Test05 (void) {
ThreadVars tv;
DecodeThreadVars dtv;
PacketQueue pq;
void *data = NULL;
OutputCtx *oc;
LogFileCtx *lf;
Signature s;
uint8_t raw_ipv4_tcp[] = {
0x00, 0x14, 0xbf, 0xe8, 0xcb, 0x26, 0xaa, 0x00,
0x04, 0x00, 0x0a, 0x04, 0x08, 0x00, 0x45, 0x00,
0x00, 0x3c, 0x8c, 0x55, 0x40, 0x00, 0x40, 0x06,
0x69, 0x86, 0xc0, 0xa8, 0x0a, 0x68, 0x4a, 0x7d,
0x2f, 0x53, 0xc2, 0x40, 0x00, 0x50, 0x1f, 0x00,
0xa4, 0xd4, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
0x16, 0xd0, 0x3d, 0x4e, 0x00, 0x00, 0x02, 0x04,
0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x00, 0x1c,
0x28, 0x81, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03,
0x03, 0x06};
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
int ret;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
memset(&pq, 0, sizeof(PacketQueue));
p->pkt = (uint8_t *)(p + 1);
memset(&s, 0, sizeof(Signature));
p->alerts.cnt++;
p->alerts.alerts[p->alerts.cnt-1].s = &s;
p->alerts.alerts[p->alerts.cnt-1].s->id = 1;
p->alerts.alerts[p->alerts.cnt-1].s->gid = 1;
p->alerts.alerts[p->alerts.cnt-1].s->rev = 1;
SET_PKT_LEN(p, sizeof(raw_ipv4_tcp));
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&tv, &dtv, p, raw_ipv4_tcp, sizeof(raw_ipv4_tcp), &pq);
FlowShutdown();
p->action = ACTION_DROP;
oc = Unified2AlertInitCtx(NULL);
if (oc == NULL) {
SCFree(p);
return 0;
}
lf = (LogFileCtx *)oc->data;
if(lf == NULL) {
SCFree(p);
return 0;
}
ret = Unified2AlertThreadInit(&tv, oc, &data);
if(ret == -1) {
SCFree(p);
return 0;
}
ret = Unified2Alert(&tv, p, data, &pq, NULL);
if(ret == TM_ECODE_FAILED) {
SCFree(p);
return 0;
}
ret = Unified2AlertThreadDeinit(&tv, data);
if(ret == TM_ECODE_FAILED) {
SCFree(p);
return 0;
}
Unified2AlertDeInitCtx(oc);
PACKET_CLEANUP(p);
SCFree(p);
return 1;
}
static int Unified2Test04 (void) {
ThreadVars tv;
DecodeThreadVars dtv;
PacketQueue pq;
void *data = NULL;
OutputCtx *oc;
LogFileCtx *lf;
Signature s;
uint8_t raw_ppp[] = {
0xff, 0x03, 0x00, 0x21, 0x45, 0xc0, 0x00, 0x2c,
0x4d, 0xed, 0x00, 0x00, 0xff, 0x06, 0xd5, 0x17,
0xbf, 0x01, 0x0d, 0x01, 0xbf, 0x01, 0x0d, 0x03,
0xea, 0x37, 0x00, 0x17, 0x6d, 0x0b, 0xba, 0xc3,
0x00, 0x00, 0x00, 0x00, 0x60, 0x02, 0x10, 0x20,
0xdd, 0xe1, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4};
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
int ret;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
memset(&pq, 0, sizeof(PacketQueue));
p->pkt = (uint8_t *)(p + 1);
memset(&s, 0, sizeof(Signature));
p->alerts.cnt++;
p->alerts.alerts[p->alerts.cnt-1].s = &s;
p->alerts.alerts[p->alerts.cnt-1].s->id = 1;
p->alerts.alerts[p->alerts.cnt-1].s->gid = 1;
p->alerts.alerts[p->alerts.cnt-1].s->rev = 1;
SET_PKT_LEN(p, sizeof(raw_ppp));
FlowInitConfig(FLOW_QUIET);
DecodePPP(&tv, &dtv, p, raw_ppp, sizeof(raw_ppp), &pq);
FlowShutdown();
oc = Unified2AlertInitCtx(NULL);
if (oc == NULL) {
SCFree(p);
return 0;
}
lf = (LogFileCtx *)oc->data;
if(lf == NULL) {
SCFree(p);
return 0;
}
ret = Unified2AlertThreadInit(&tv, oc, &data);
if(ret == -1) {
SCFree(p);
return 0;
}
ret = Unified2Alert(&tv, p, data, &pq, NULL);
if(ret == TM_ECODE_FAILED) {
SCFree(p);
return 0;
}
ret = Unified2AlertThreadDeinit(&tv, data);
if(ret == -1) {
SCFree(p);
return 0;
}
Unified2AlertDeInitCtx(oc);
PACKET_CLEANUP(p);
SCFree(p);
return 1;
}
