/**
* \test DetectFlowTestParse13 is a test for an invalid option
*/
int DetectFlowTestParse13 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("invalidoptiontest");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse12 is a test for setting an invalid seperator :
*/
int DetectFlowTestParse12 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server:stateless");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse15 is a test for an invalid combo of options established,stateless
*/
int DetectFlowTestParse15 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established,stateless");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse14 is a test for a empty option
*/
int DetectFlowTestParse14 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse16 is a test for an invalid combo of options to_client,from_server
* flowbit flags are the same
*/
int DetectFlowTestParse17 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("to_client,from_server");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse19 is a test for one to many options passed to DetectFlowParse
*/
int DetectFlowTestParse19 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server,established,only_stream,a");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParse21 is a test for an invalid opt between to valid opts
*/
int DetectFlowTestParse21 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server,a,no_stream");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test Test that parsing of only_frag and no_frag together fails.
*/
static int DetectFlowTestParseNoFragOnlyFrag(void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("no_frag,only_frag");
FAIL_IF_NOT_NULL(fd);
PASS;
}
/**
* \test DetectFlowTestParseNocase01 is a test to make sure that we return "something"
* when given valid flow opt
*/
int DetectFlowTestParseNocase01 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("ESTABLISHED");
FAIL_IF_NULL(fd);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse01 is a test to make sure that we return "something"
* when given valid flow opt
*/
int DetectFlowTestParse01 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established");
FAIL_IF_NULL(fd);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParseNocase03 is a test for setting the stateless flow opt
*/
int DetectFlowTestParseNocase03 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("STATELESS");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1); DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse08 is a test for setting the established,to_client flow opts
*/
int DetectFlowTestParse08 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established,to_client");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse06 is a test for setting the from_server flow opt
*/
int DetectFlowTestParse06 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse02 is a test for setting the established flow opt
*/
int DetectFlowTestParse02 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_ESTABLISHED &&
fd->match_cnt == 1);
PASS;
}
/**
* \test DetectFlowTestParseNocase07 is a test for setting the from_client flow opt
*/
int DetectFlowTestParseNocase07 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("FROM_CLIENT");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1);
DetectFlowFree(fd);
PASS;
}
/**
* \test Test parsing of the "only_frag" flow argument.
*/
static int DetectFlowTestParseOnlyFrag(void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("only_frag");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG);
DetectFlowFree(fd);
PASS;
}
/**
* \test Test parsing of the not_established keyword.
*/
static int DetectFlowTestParseNotEstablished(void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("not_established");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse01 is a test to make sure that we return "something"
* when given valid flow opt
*/
int DetectFlowTestParse01 (void) {
int result = 0;
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established");
if (fd != NULL) {
DetectFlowFree(fd);
result = 1;
}
return result;
}
/**
* \brief this function is used to add the parsed flowdata into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param flowstr pointer to the user provided flow options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
{
DetectFlowData *fd = NULL;
SigMatch *sm = NULL;
fd = DetectFlowParse(flowstr);
if (fd == NULL)
goto error;
/*ensure only one flow option*/
if (s->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
goto error;
}
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FLOW;
sm->ctx = (SigMatchCtx *)fd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
/* set the signature direction flags */
if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
s->flags |= SIG_FLAG_TOSERVER;
} else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
s->flags |= SIG_FLAG_TOCLIENT;
} else {
s->flags |= SIG_FLAG_TOSERVER;
s->flags |= SIG_FLAG_TOCLIENT;
}
if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
s->flags |= SIG_FLAG_REQUIRE_STREAM;
}
if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
s->flags |= SIG_FLAG_REQUIRE_PACKET;
} else {
s->init_flags |= SIG_FLAG_INIT_FLOW;
}
return 0;
error:
if (fd != NULL)
DetectFlowFree(fd);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \test DetectFlowTestParse11 is a test for setting the from_server,stateless flow opts with spaces all around
*/
int DetectFlowTestParse11 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse(" from_server , stateless ");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
fd->match_cnt == 2);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParseNocase11 is a test for setting the from_server,stateless flow opts with spaces all around
*/
int DetectFlowTestParseNocase11 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse(" FROM_SERVER , STATELESS ");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
fd->match_cnt == 2);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParseNocase08 is a test for setting the established,to_client flow opts
*/
int DetectFlowTestParseNocase08 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("ESTABLISHED,TO_CLIENT");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
fd->match_cnt == 2);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParseNocase01 is a test to make sure that we return "something"
* when given valid flow opt
*/
int DetectFlowTestParseNocase01 (void) {
int result = 0;
DetectFlowData *fd = NULL;
fd = DetectFlowParse("ESTABLISHED");
if (fd != NULL) {
DetectFlowFree(fd);
result = 1;
}
return result;
}
/**
* \test DetectFlowTestParse20 is a test for setting from_server, established, no_stream
*/
int DetectFlowTestParseNocase20 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("FROM_SERVER,ESTABLISHED,NO_STREAM");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
fd->flags & DETECT_FLOW_FLAG_NOSTREAM &&
fd->match_cnt == 3);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse20 is a test for setting from_server, established, no_stream
*/
int DetectFlowTestParse20 (void)
{
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server,established,no_stream");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
fd->flags & DETECT_FLOW_FLAG_NOSTREAM &&
fd->match_cnt == 3);
DetectFlowFree(fd);
PASS;
}
/**
* \test DetectFlowTestParse13 is a test for an invalid option
*/
int DetectFlowTestParse13 (void) {
int result = 1;
DetectFlowData *fd = NULL;
fd = DetectFlowParse("invalidoptiontest");
if (fd != NULL) {
printf("expected: NULL got 0x%02X %" PRId32 ": ",fd->flags, fd->match_cnt);
result = 0;
DetectFlowFree(fd);
}
return result;
}
/**
* \test DetectFlowTestParse15 is a test for an invalid combo of options established,stateless
*/
int DetectFlowTestParse15 (void) {
int result = 1;
DetectFlowData *fd = NULL;
fd = DetectFlowParse("established,stateless");
if (fd != NULL) {
printf("expected: NULL got 0x%02X %" PRId32 ": ",fd->flags, fd->match_cnt);
result = 0;
DetectFlowFree(fd);
}
return result;
}
/**
* \test DetectFlowTestParse21 is a test for an invalid opt between to valid opts
*/
int DetectFlowTestParse21 (void) {
int result = 1;
DetectFlowData *fd = NULL;
fd = DetectFlowParse("from_server,a,no_stream");
if (fd != NULL) {
printf("expected: NULL got 0x%02X %" PRId32 ": ",fd->flags, fd->match_cnt);
result = 0;
DetectFlowFree(fd);
}
return result;
}
/**
* \test Test only_frag matching.
*/
static int DetectFlowTestOnlyFragMatch(void)
{
uint32_t pflags = 0;
DetectFlowData *fd = DetectFlowParse("only_frag");
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG);
FAIL_IF_NOT(fd->match_cnt == 1);
FAIL_IF(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
pflags |= PKT_REBUILT_FRAGMENT;
FAIL_IF_NOT(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
PASS;
}
/**
* \test DetectFlowTestParseNocase11 is a test for setting the from_server,stateless flow opts with spaces all around
*/
int DetectFlowTestParseNocase11 (void) {
int result = 0;
DetectFlowData *fd = NULL;
fd = DetectFlowParse(" FROM_SERVER , STATELESS ");
if (fd != NULL) {
if (fd->flags & FLOW_PKT_STATELESS && fd->flags & FLOW_PKT_TOCLIENT && fd->match_cnt == 2){
result = 1;
} else {
printf("expected: 0x%02X cnt %" PRId32 " got 0x%02X cnt %" PRId32 ": ", FLOW_PKT_STATELESS + FLOW_PKT_TOCLIENT, 2, fd->flags, fd->match_cnt);
}
DetectFlowFree(fd);
}
return result;
}
