/** \brief Alloc and setup DecodeThreadVars */
DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
{
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->app_tctx = AppLayerGetCtxThread(tv);
if (OutputFlowLogThreadInit(tv, NULL, &dtv->output_flow_thread_data) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_INIT, "initializing flow log API for thread failed");
DecodeThreadVarsFree(tv, dtv);
return NULL;
}
/** set config defaults */
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
dtv->vlan_disabled = 1;
}
SCLogDebug("vlan tracking is %s", dtv->vlan_disabled == 0 ? "enabled" : "disabled");
return dtv;
}
/** \brief Alloc and setup DecodeThreadVars */
DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
{
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->app_tctx = AppLayerGetCtxThread(tv);
/** set config defaults */
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
dtv->vlan_disabled = 1;
}
SCLogDebug("vlan tracking is %s", dtv->vlan_disabled == 0 ? "enabled" : "disabled");
return dtv;
}
/**
* \test FragBitsTestParse04 test if DONT FRAG is not set. Must fails.
*
* \retval 1 on success
* \retval 0 on failure
*/
static int FragBitsTestParse04 (void) {
uint8_t raw_eth[] = {
0x00 ,0x40 ,0x33 ,0xd9 ,0x7c ,0xfd ,0x00 ,0x00,
0x39 ,0xcf ,0xd9 ,0xcd ,0x08 ,0x00 ,0x45 ,0x00,
0x01 ,0x13 ,0x9c ,0x5d ,0x40 ,0x00 ,0xf6 ,0x11,
0x44 ,0xca ,0x97 ,0xa4 ,0x01 ,0x08 ,0x0a ,0x00,
0x00 ,0x06 ,0x00 ,0x35 ,0x04 ,0x0b ,0x00 ,0xff,
0x3c ,0x87 ,0x7d ,0x9e ,0x85 ,0x80 ,0x00 ,0x01,
0x00 ,0x01 ,0x00 ,0x05 ,0x00 ,0x05 ,0x06 ,0x70,
0x69 ,0x63 ,0x61 ,0x72 ,0x64 ,0x07 ,0x75 ,0x74,
0x68 ,0x73 ,0x63 ,0x73 ,0x61 ,0x03 ,0x65 ,0x64,
0x75 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0xc0 ,0x0c,
0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10,
0x00 ,0x04 ,0x81 ,0x6f ,0x1e ,0x1b ,0x07 ,0x75,
0x74 ,0x68 ,0x73 ,0x63 ,0x73 ,0x61 ,0x03 ,0x65,
0x64 ,0x75 ,0x00 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x09 ,0x06 ,0x6b ,0x65,
0x6e ,0x6f ,0x62 ,0x69 ,0xc0 ,0x34 ,0xc0 ,0x34,
0x00 ,0x02 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10,
0x00 ,0x07 ,0x04 ,0x6a ,0x69 ,0x6e ,0x6e ,0xc0,
0x34 ,0xc0 ,0x34 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x0c ,0x04 ,0x64 ,0x6e,
0x73 ,0x31 ,0x04 ,0x6e ,0x6a ,0x69 ,0x74 ,0xc0,
0x3c ,0xc0 ,0x34 ,0x00 ,0x02 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x08 ,0x05 ,0x65 ,0x6c,
0x7a ,0x69 ,0x70 ,0xc0 ,0x34 ,0xc0 ,0x34 ,0x00,
0x02 ,0x00 ,0x01 ,0x00 ,0x00 ,0x0e ,0x10 ,0x00,
0x08 ,0x05 ,0x61 ,0x72 ,0x77 ,0x65 ,0x6e ,0xc0,
0x34 ,0xc0 ,0x4b ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x1a,
0x06 ,0xc0 ,0x60 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x1a,
0x07 ,0xc0 ,0x73 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x01 ,0x03 ,0x82 ,0x00 ,0x04 ,0x80 ,0xeb ,0xfb,
0x0a ,0xc0 ,0x8b ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x01,
0x0b ,0xc0 ,0x9f ,0x00 ,0x01 ,0x00 ,0x01 ,0x00,
0x00 ,0x0e ,0x10 ,0x00 ,0x04 ,0x81 ,0x6f ,0x0b,
0x51
};
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
IPV4Hdr ipv4h;
int ret = 0;
DetectFragBitsData *de = NULL;
SigMatch *sm = NULL;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
dtv.app_tctx = AppLayerGetCtxThread(&tv);
p->ip4h = &ipv4h;
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);
de = DetectFragBitsParse("!D");
if (de == NULL || (de->fragbits != FRAGBITS_HAVE_DF) || (de->modifier != MODIFIER_NOT))
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FRAGBITS;
sm->ctx = (void *)de;
ret = DetectFragBitsMatch(&tv,NULL,p,NULL,sm);
if(ret) {
if (de) SCFree(de);
if (sm) SCFree(sm);
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 1;
}
error:
if (de) SCFree(de);
if (sm) SCFree(sm);
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return 0;
}
/**
* \test Test packet Matches
* \param raw_eth_pkt pointer to the ethernet packet
* \param pktsize size of the packet
* \param sig pointer to the signature to test
* \param sid sid number of the signature
* \retval return 1 if match
* \retval return 0 if not
*/
static
int DetectReplaceLongPatternMatchTest(uint8_t *raw_eth_pkt, uint16_t pktsize,
char *sig, uint32_t sid, uint8_t *pp,
uint16_t *len)
{
int result = 0;
Packet *p = NULL;
p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
if (pp == NULL) {
SCLogDebug("replace: looks like a second run");
}
PacketCopyData(p, raw_eth_pkt, pktsize);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
dtv.app_tctx = AppLayerGetCtxThread(&th_v);
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&th_v, &dtv, p, GET_PKT_DATA(p), pktsize, NULL);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, sig);
if (de_ctx->sig_list == NULL) {
goto end;
}
de_ctx->sig_list->next = NULL;
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_CONTENT) {
DetectContentData *co = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
if (co->flags & DETECT_CONTENT_RELATIVE_NEXT) {
printf("relative next flag set on final match which is content: ");
goto end;
}
}
SigGroupBuild(de_ctx);
DetectEngineAddToMaster(de_ctx);
DetectEngineThreadCtxInit(&th_v, NULL, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
DetectEngineMoveToFreeList(de_ctx);
if (PacketAlertCheck(p, sid) != 1) {
SCLogDebug("replace: no alert on sig %d", sid);
goto end;
}
if (pp) {
memcpy(pp, GET_PKT_DATA(p), GET_PKT_LEN(p));
*len = pktsize;
SCLogDebug("replace: copying %d on %p", *len, pp);
}
result = 1;
end:
if (dtv.app_tctx != NULL)
AppLayerDestroyCtxThread(dtv.app_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEnginePruneFreeList();
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return result;
}
