diff options
Diffstat (limited to 'src/tests/detect-ttl.c')
| -rw-r--r-- | src/tests/detect-ttl.c | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/src/tests/detect-ttl.c b/src/tests/detect-ttl.c new file mode 100644 index 0000000..7494931 --- /dev/null +++ b/src/tests/detect-ttl.c @@ -0,0 +1,223 @@ + +/* Copyright (C) 2007-2018 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#include "../util-unittest.h" +#include "../util-unittest-helper.h" +#include "detect-engine.h" +#include "detect-engine-alert.h" +#include "detect-engine-build.h" + +/** + * \test DetectTtlParseTest01 is a test for setting up an valid ttl value. + */ + +static int DetectTtlParseTest01 (void) +{ + DetectU8Data *ttld = DetectU8Parse("10"); + FAIL_IF_NULL(ttld); + FAIL_IF_NOT(ttld->arg1 == 10); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_EQ); + DetectTtlFree(NULL, ttld); + PASS; +} + +/** + * \test DetectTtlParseTest02 is a test for setting up an valid ttl value with + * "<" operator. + */ + +static int DetectTtlParseTest02 (void) +{ + DetectU8Data *ttld = DetectU8Parse("<10"); + FAIL_IF_NULL(ttld); + FAIL_IF_NOT(ttld->arg1 == 10); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_LT); + DetectTtlFree(NULL, ttld); + PASS; +} + +/** + * \test DetectTtlParseTest03 is a test for setting up an valid ttl values with + * "-" operator. + */ + +static int DetectTtlParseTest03 (void) +{ + DetectU8Data *ttld = DetectU8Parse("1-3"); + FAIL_IF_NULL(ttld); + FAIL_IF_NOT(ttld->arg1 == 1); + FAIL_IF_NOT(ttld->arg2 == 3); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_RA); + DetectTtlFree(NULL, ttld); + PASS; +} + +/** + * \test DetectTtlParseTest04 is a test for setting up an valid ttl value with + * ">" operator and include spaces arround the given values. + */ + +static int DetectTtlParseTest04 (void) +{ + DetectU8Data *ttld = DetectU8Parse(" > 10 "); + FAIL_IF_NULL(ttld); + FAIL_IF_NOT(ttld->arg1 == 10); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_GT); + DetectTtlFree(NULL, ttld); + PASS; +} + +/** + * \test DetectTtlParseTest05 is a test for setting up an valid ttl values with + * "-" operator and include spaces arround the given values. + */ + +static int DetectTtlParseTest05 (void) +{ + DetectU8Data *ttld = DetectU8Parse(" 1 - 3 "); + FAIL_IF_NULL(ttld); + FAIL_IF_NOT(ttld->arg1 == 1); + FAIL_IF_NOT(ttld->arg2 == 3); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_RA); + DetectTtlFree(NULL, ttld); + PASS; +} + +/** + * \test DetectTtlParseTest06 is a test for setting up an valid ttl values with + * invalid "=" operator and include spaces arround the given values. + */ + +static int DetectTtlParseTest06 (void) +{ + DetectU8Data *ttld = DetectU8Parse(" 1 = 2 "); + FAIL_IF_NOT_NULL(ttld); + PASS; +} + +/** + * \test DetectTtlParseTest07 is a test for setting up an valid ttl values with + * invalid "<>" operator and include spaces arround the given values. + */ + +static int DetectTtlParseTest07 (void) +{ + DetectU8Data *ttld = DetectU8Parse(" 1<>2 "); + FAIL_IF_NOT_NULL(ttld); + PASS; +} + +/** + * \test DetectTtlSetupTest01 is a test for setting up an valid ttl values with + * valid "-" operator and include spaces arround the given values. In the + * test the values are setup with initializing the detection engine context + * setting up the signature itself. + */ + +static int DetectTtlSetupTest01(void) +{ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + de_ctx->flags |= DE_QUIET; + + Signature *s = DetectEngineAppendSig( + de_ctx, "alert ip any any -> any any (msg:\"with in ttl limit\"; ttl:1 - 3; sid:1;)"); + FAIL_IF_NULL(s); + SigGroupBuild(de_ctx); + FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_MATCH]); + FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_MATCH]->ctx); + DetectU8Data *ttld = (DetectU8Data *)s->sm_arrays[DETECT_SM_LIST_MATCH]->ctx; + + FAIL_IF_NOT(ttld->arg1 == 1); + FAIL_IF_NOT(ttld->arg2 == 3); + FAIL_IF_NOT(ttld->mode == DETECT_UINT_RA); + DetectEngineCtxFree(de_ctx); + PASS; +} + +/** + * \test DetectTtlTestSig01 is a test for checking the working of ttl keyword + * by setting up the signature and later testing its working by matching + * the received packet against the sig. + */ + +static int DetectTtlTestSig1(void) +{ + Packet *p = PacketGetFromAlloc(); + FAIL_IF_NULL(p); + Signature *s = NULL; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx; + IPV4Hdr ip4h; + + memset(&th_v, 0, sizeof(th_v)); + memset(&ip4h, 0, sizeof(ip4h)); + + p->src.family = AF_INET; + p->dst.family = AF_INET; + p->proto = IPPROTO_TCP; + ip4h.ip_ttl = 15; + p->ip4h = &ip4h; + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + de_ctx->flags |= DE_QUIET; + + s = DetectEngineAppendSig(de_ctx,"alert ip any any -> any any (msg:\"with in ttl limit\"; ttl: >16; sid:1;)"); + FAIL_IF_NULL(s); + + s = DetectEngineAppendSig(de_ctx,"alert ip any any -> any any (msg:\"Less than 17\"; ttl: <17; sid:2;)"); + FAIL_IF_NULL(s); + + s = DetectEngineAppendSig(de_ctx,"alert ip any any -> any any (msg:\"Greater than 5\"; ttl:15; sid:3;)"); + FAIL_IF_NULL(s); + + s = DetectEngineAppendSig(de_ctx,"alert ip any any -> any any (msg:\"Equals tcp\"; ttl: 1-30; sid:4;)"); + FAIL_IF_NULL(s); + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF(PacketAlertCheck(p, 1)); + FAIL_IF_NOT(PacketAlertCheck(p, 2)); + FAIL_IF_NOT(PacketAlertCheck(p, 3)); + FAIL_IF_NOT(PacketAlertCheck(p, 4)); + + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); + + SCFree(p); + PASS; +} + +/** + * \brief this function registers unit tests for DetectTtl + */ +void DetectTtlRegisterTests(void) +{ + UtRegisterTest("DetectTtlParseTest01", DetectTtlParseTest01); + UtRegisterTest("DetectTtlParseTest02", DetectTtlParseTest02); + UtRegisterTest("DetectTtlParseTest03", DetectTtlParseTest03); + UtRegisterTest("DetectTtlParseTest04", DetectTtlParseTest04); + UtRegisterTest("DetectTtlParseTest05", DetectTtlParseTest05); + UtRegisterTest("DetectTtlParseTest06", DetectTtlParseTest06); + UtRegisterTest("DetectTtlParseTest07", DetectTtlParseTest07); + UtRegisterTest("DetectTtlSetupTest01", DetectTtlSetupTest01); + UtRegisterTest("DetectTtlTestSig1", DetectTtlTestSig1); +} |