/** * \test ProtoTestParse03 is a test to make sure that we parse the * protocol correctly, when given "ip" as proto option. */ static int ProtoTestParse03 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); int r = DetectProtoParse(&dp, "ip"); if (r >= 0 && dp.flags & DETECT_PROTO_ANY) { return 1; } SCLogDebug("ProtoTestParse03: Error in parsing the \"ip\" string"); return 0; }
/** * \test ProtoTestParse02 is a test to make sure that we parse the * protocol correctly, when given "tcp" as proto option. */ static int ProtoTestParse02 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); int r = DetectProtoParse(&dp, "tcp"); if (r >= 0 && dp.proto[(IPPROTO_TCP/8)] & (1<<(IPPROTO_TCP%8))) { return 1; } SCLogDebug("ProtoTestParse02: Error in parsing the \"tcp\" string"); return 0; }
/** * \test ProtoTestParse01 is a test to make sure that we parse the * protocol correctly, when given valid proto option. */ static int ProtoTestParse01 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); int r = DetectProtoParse(&dp, "6"); if (r < 0) { return 1; } SCLogDebug("DetectProtoParse should have rejected the \"6\" string"); return 0; }
/** * \test ProtoTestParse05 is a test to make sure that we do not parse the * protocol, when given an invalid proto option. */ static int ProtoTestParse05 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); /* Check for a bad string */ int r = DetectProtoParse(&dp, "tcp/udp"); if (r < 0) { return 1; } SCLogDebug("ProtoTestParse05: it should not parsing the \"tcp/udp\" string"); return 0; }
/** * \test ProtoTestParse04 is a test to make sure that we do not parse the * protocol, when given an invalid proto option. */ static int ProtoTestParse04 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); /* Check for a bad number */ int r = DetectProtoParse(&dp, "4242"); if (r < 0) { return 1; } SCLogDebug("ProtoTestParse04: it should not parsing the \"4242\" string"); return 0; }
/** * \test make sure that we properly parse tcp-stream */ static int ProtoTestParse07 (void) { DetectProto dp; memset(&dp,0,sizeof(DetectProto)); /* Check for a bad string */ int r = DetectProtoParse(&dp, "tcp-stream"); if (r < 0) { printf("parsing tcp-stream failed: "); return 0; } if (!(dp.flags & DETECT_PROTO_ONLY_STREAM)) { printf("DETECT_PROTO_ONLY_STREAM flag not set: "); return 0; } return 1; }
/** * \brief this function is used to initialize the detection engine context and * setup the signature with passed values. */ static int DetectProtoInitTest(DetectEngineCtx **de_ctx, Signature **sig, DetectProto *dp, char *str) { char fullstr[1024]; int result = 0; *de_ctx = NULL; *sig = NULL; if (snprintf(fullstr, 1024, "alert %s any any -> any any (msg:\"DetectProto" " test\"; sid:1;)", str) >= 1024) { goto end; } *de_ctx = DetectEngineCtxInit(); if (*de_ctx == NULL) { goto end; } (*de_ctx)->flags |= DE_QUIET; (*de_ctx)->sig_list = SigInit(*de_ctx, fullstr); if ((*de_ctx)->sig_list == NULL) { goto end; } *sig = (*de_ctx)->sig_list; if (DetectProtoParse(dp, str) < 0) goto end; result = 1; end: return result; }