本文整理匯總了C++中DetectEngineThreadCtxDeinit函數的典型用法代碼示例。如果您正苦於以下問題:C++ DetectEngineThreadCtxDeinit函數的具體用法?C++ DetectEngineThreadCtxDeinit怎麽用?C++ DetectEngineThreadCtxDeinit使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了DetectEngineThreadCtxDeinit函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C++代碼示例。
示例1: DetectBase64DecodeTestDecodeRelative
static int DetectBase64DecodeTestDecodeRelative(void)
{
ThreadVars tv;
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
Packet *p = NULL;
int retval = 0;
uint8_t payload[] = {
'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a',
'S', 'G', 'V', 's', 'b', 'G', '8', 'g',
'V', '2', '9', 'y', 'b', 'G', 'Q', '=',
};
char decoded[] = "Hello World";
memset(&tv, 0, sizeof(tv));
if ((de_ctx = DetectEngineCtxInit()) == NULL) {
goto end;
}
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"base64 test\"; "
"content:\"aaaaaaaa\"; "
"base64_decode: relative; "
"sid:1; rev:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
if (p == NULL) {
goto end;
}
SigMatchSignatures(&tv, de_ctx, det_ctx, p);
if (det_ctx->base64_decoded_len != (int)strlen(decoded)) {
goto end;
}
if (memcmp(det_ctx->base64_decoded, decoded, strlen(decoded))) {
goto end;
}
retval = 1;
end:
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&tv, det_ctx);
}
if (de_ctx != NULL) {
SigCleanSignatures(de_ctx);
SigGroupCleanup(de_ctx);
DetectEngineCtxFree(de_ctx);
}
if (p != NULL) {
UTHFreePacket(p);
}
return retval;
}示例2: DetectDetectionFilterTestSig1
/**
* \test DetectDetectionFilterTestSig1 is a test for checking the working of detection_filter keyword
* by setting up the signature and later testing its working by matching
* the received packet against the sig.
*
* \retval 1 on succces
* \retval 0 on failure
*/
static int DetectDetectionFilterTestSig1(void) {
Packet *p = NULL;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
int result = 0;
int alerts = 0;
HostInitConfig(HOST_QUIET);
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "1.1.1.1", "2.2.2.2", 1024, 80);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"detection_filter Test\"; detection_filter: track by_dst, count 4, seconds 60; sid:1;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 1);
if(alerts == 4)
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
UTHFreePackets(&p, 1);
HostShutdown();
return result;
}示例3: FlowWorkerThreadDeinit
static TmEcode FlowWorkerThreadDeinit(ThreadVars *tv, void *data)
{
FlowWorkerThreadData *fw = data;
DecodeThreadVarsFree(tv, fw->dtv);
/* free TCP */
StreamTcpThreadDeinit(tv, (void *)fw->stream_thread);
/* free DETECT */
void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
if (detect_thread != NULL) {
DetectEngineThreadCtxDeinit(tv, detect_thread);
SC_ATOMIC_SET(fw->detect_thread, NULL);
}
/* Free output. */
OutputLoggerThreadDeinit(tv, fw->output_thread);
/* free pq */
BUG_ON(fw->pq.len);
SCMutexDestroy(&fw->pq.mutex_q);
SC_ATOMIC_DESTROY(fw->detect_thread);
SCFree(fw);
return TM_ECODE_OK;
}示例4: DetectFlowintTestPacket03Real
/**
* \test DetectFlowintTestPacket03Real
* \brief Check the behaviour of isset/notset
*/
int DetectFlowintTestPacket03Real()
{
Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&th_v, 0, sizeof(th_v));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF(de_ctx == NULL);
de_ctx->flags |= DE_QUIET;
char *sigs[3];
sigs[0] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)";
sigs[1] = "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)";
sigs[2] = "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)";
FAIL_IF(UTHAppendSigs(de_ctx, sigs, 3) == 0);
SCSigRegisterSignatureOrderingFuncs(de_ctx);
SCSigOrderSignatures(de_ctx);
SCSigSignatureOrderingModuleCleanup(de_ctx);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v,(void *) de_ctx,(void *) &det_ctx);
Flow *f = UTHBuildFlow(AF_INET, "192.168.1.5", "192.168.1.1",
41424, 80);
FAIL_IF(f == NULL);
f->proto = IPPROTO_TCP;
p = UTHBuildPacket((uint8_t *)"GET", 3, IPPROTO_TCP);
FAIL_IF(p == NULL);
p->flow = f;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(!PacketAlertCheck(p, 101));
UTHFreePacket(p);
p = UTHBuildPacket((uint8_t *)"Unauthorized", 12, IPPROTO_TCP);
FAIL_IF(p == NULL);
p->flow = f;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(!PacketAlertCheck(p, 102));
FAIL_IF(PacketAlertCheck(p, 103));
UTHFreePacket(p);
p = UTHBuildPacket((uint8_t *)"1", 1, IPPROTO_TCP);
FAIL_IF(p == NULL);
p->flow = f;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF(PacketAlertCheck(p, 102));
FAIL_IF(PacketAlertCheck(p, 103));
UTHFreePacket(p);
UTHFreeFlow(f);
DetectEngineThreadCtxDeinit(&th_v,(void *) det_ctx);
DetectEngineCtxFree(de_ctx);
PASS;
}示例5: AlertFastLogTest02
int AlertFastLogTest02()
{
int result = 0;
uint8_t *buf = (uint8_t *) "GET /one/ HTTP/1.1\r\n"
"Host: one.example.org\r\n";
uint16_t buflen = strlen((char *)buf);
Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
return result;
}
de_ctx->flags |= DE_QUIET;
SCClassConfGenerateValidDummyClassConfigFD01();
SCClassConfLoadClassficationConfigFile(de_ctx);
SCClassConfDeleteDummyClassificationConfigFD();
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"FastLog test\"; content:\"GET\"; "
"Classtype:unknown; sid:1;)");
result = (de_ctx->sig_list != NULL);
if (result == 0)
printf("sig parse failed: ");
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt == 1) {
result = (strcmp(p->alerts.alerts[0].s->class_msg, "Unknown Traffic") != 0);
if (result == 0)
printf("p->alerts.alerts[0].class_msg %s: ", p->alerts.alerts[0].s->class_msg);
result = (strcmp(p->alerts.alerts[0].s->class_msg,
"Unknown are we") == 0);
if (result == 0)
printf("p->alerts.alerts[0].class_msg %s: ", p->alerts.alerts[0].s->class_msg);
} else {
result = 0;
}
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
return result;
}示例6: DetectIcmpIdMatchTest01
/**
* \test DetectIcmpIdMatchTest01 is a test for checking the working of
* icmp_id keyword by creating 2 rules and matching a crafted packet
* against them. Only the first one shall trigger.
*/
int DetectIcmpIdMatchTest01 (void)
{
int result = 0;
Packet *p = NULL;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&th_v, 0, sizeof(ThreadVars));
p = UTHBuildPacket(NULL, 0, IPPROTO_ICMP);
p->icmpv4vars.id = htons(21781);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any (icmp_id:21781; sid:1;)");
if (s == NULL) {
goto end;
}
s = s->next = SigInit(de_ctx, "alert icmp any any -> any any (icmp_id:21782; sid:2;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1) == 0) {
printf("sid 1 did not alert, but should have: ");
goto cleanup;
} else if (PacketAlertCheck(p, 2)) {
printf("sid 2 alerted, but should not have: ");
goto cleanup;
}
result = 1;
cleanup:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
end:
return result;
}示例7: AlertFastLogTest01
int AlertFastLogTest01()
{
int result = 0;
uint8_t *buf = (uint8_t *) "GET /one/ HTTP/1.1\r\n"
"Host: one.example.org\r\n";
uint16_t buflen = strlen((char *)buf);
Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
return result;
}
de_ctx->flags |= DE_QUIET;
SCClassConfGenerateValidDummyClassConfigFD01();
SCClassConfLoadClassficationConfigFile(de_ctx);
SCClassConfDeleteDummyClassificationConfigFD();
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"FastLog test\"; content:\"GET\"; "
"Classtype:unknown; sid:1;)");
result = (de_ctx->sig_list != NULL);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt == 1)
result = (strcmp(p->alerts.alerts[0].s->class_msg, "Unknown are we") == 0);
else
result = 0;
#ifdef __SC_CUDA_SUPPORT__
B2gCudaKillDispatcherThreadRC();
if (SCCudaHlPushCudaContextFromModule("SC_RULES_CONTENT_B2G_CUDA") == -1) {
printf("Call to SCCudaHlPushCudaContextForModule() failed\n");
return 0;
}
#endif
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
return result;
}示例8: DetectBase64DecodeTestDecodeLargeOffset
static int DetectBase64DecodeTestDecodeLargeOffset(void)
{
ThreadVars tv;
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
Packet *p = NULL;
int retval = 0;
uint8_t payload[] = {
'S', 'G', 'V', 's', 'b', 'G', '8', 'g',
'V', '2', '9', 'y', 'b', 'G', 'Q', '=',
};
memset(&tv, 0, sizeof(tv));
if ((de_ctx = DetectEngineCtxInit()) == NULL) {
goto end;
}
/* Offset is out of range. */
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"base64 test\"; "
"base64_decode: bytes 16, offset 32; "
"sid:1; rev:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
p = UTHBuildPacket(payload, sizeof(payload), IPPROTO_TCP);
if (p == NULL) {
goto end;
}
SigMatchSignatures(&tv, de_ctx, det_ctx, p);
if (det_ctx->base64_decoded_len != 0) {
goto end;
}
retval = 1;
end:
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&tv, det_ctx);
}
if (de_ctx != NULL) {
SigCleanSignatures(de_ctx);
SigGroupCleanup(de_ctx);
DetectEngineCtxFree(de_ctx);
}
if (p != NULL) {
UTHFreePacket(p);
}
return retval;
}示例9: UTHPacketMatchSigMpm
/**
* \test Test if a packet match a signature given as string and a mpm_type
* Hint: Useful for unittests with only one packet and one signature
*
* \param sig pointer to the string signature to test
* \param sid sid number of the signature
*
* \retval return 1 if match
* \retval return 0 if not
*/
int UTHPacketMatchSigMpm(Packet *p, char *sig, uint16_t mpm_type)
{
SCEnter();
int result = 0;
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
printf("de_ctx == NULL: ");
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->mpm_matcher = mpm_type;
de_ctx->sig_list = SigInit(de_ctx, sig);
if (de_ctx->sig_list == NULL) {
printf("signature == NULL: ");
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
printf("signature didn't alert: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
SCReturnInt(result);
}示例10: GeoipMatchTest
/**
* \internal
* \brief This test tests geoip success and failure.
*/
static int GeoipMatchTest(char *rule, char *srcip, char *dstip)
{
uint8_t *buf = (uint8_t *) "GET / HTTP/1.0\r\n\r\n";
uint16_t buflen = strlen((char *)buf);
Packet *p1 = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
p1 = UTHBuildPacketSrcDst(buf, buflen, IPPROTO_TCP, srcip, dstip);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, rule);
if (de_ctx->sig_list == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
result = 2;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p1);
if (PacketAlertCheck(p1, 1) == 0) {
goto cleanup;
}
result = 1;
cleanup:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
return result;
}示例11: UTHPacketMatchSig
/**
* \test Test if a packet match a signature given as string
* Hint: Useful for unittests with only one packet and one signature
*
* \param sig pointer to the string signature to test
* \param sid sid number of the signature
*
* \retval return 1 if match
* \retval return 0 if not
*/
int UTHPacketMatchSig(Packet *p, char *sig)
{
int result = 1;
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
result=0;
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, sig);
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, de_ctx->sig_list->id) != 1) {
result = 0;
goto end;
}
end:
if (de_ctx) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
}
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
}示例12: DetectTransformCompressWhitespaceTest03
static int DetectTransformCompressWhitespaceTest03(void)
{
const char rule[] = "alert http any any -> any any (http_request_line; strip_whitespace; content:\"GET/HTTP\"; sid:1;)";
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&th_v, 0, sizeof(th_v));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, rule);
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
PASS;
}示例13: UTHMatchPackets
/**
* \test UTHMatchPackets Match a packet or a array of packets against sigs
* of a de_ctx, but note that the return value doesn't mean that we have a
* match, we have to check it later with PacketAlertCheck()
*
* \param de_ctx pointer with the signatures loaded
* \param p pointer to the array of packets
* \param num_packets number of packets in the array
*
* \retval return 1 if all goes well
* \retval return 0 if something fail
*/
int UTHMatchPackets(DetectEngineCtx *de_ctx, Packet **p, int num_packets)
{
int result = 1;
if (de_ctx == NULL || p == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
result = 0;
goto end;
}
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
//de_ctx->flags |= DE_QUIET;
SCSigRegisterSignatureOrderingFuncs(de_ctx);
SCSigOrderSignatures(de_ctx);
SCSigSignatureOrderingModuleCleanup(de_ctx);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
int i = 0;
for (; i < num_packets; i++)
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
/* Here we don't check if the packet matched or not, because
* the de_ctx can have multiple signatures, and some of them may match
* and others may not. That check will be outside
*/
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
end:
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
return result;
}示例14: UTHMatchPacketsWithResults
/**
* \test UTHMatchPacketsWithResults Match a packet or a array of packets against sigs
* of a de_ctx, checking that each signature match match X times for certain packets
*
* \param de_ctx pointer with the signatures loaded
* \param p pointer to the array of packets
* \param num_packets number of packets in the array
*
* \retval return 1 if all goes well
* \retval return 0 if something fail
*/
int UTHMatchPacketsWithResults(DetectEngineCtx *de_ctx, Packet **p, int num_packets, uint32_t sids[], uint32_t *results, int numsigs)
{
int result = 0;
if (de_ctx == NULL || p == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "packet or de_ctx was null");
result = 0;
goto end;
}
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
//de_ctx->flags |= DE_QUIET;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
int i = 0;
for (; i < num_packets; i++) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p[i]);
if (UTHCheckPacketMatchResults(p[i], sids, &results[(i * numsigs)], numsigs) == 0)
goto cleanup;
}
/* so far, so good ;) */
result = 1;
cleanup:
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
end:
return result;
}示例15: DetectHttpMethodSigTest04
/** \test Check a signature with an request method and negation of the same */
static int DetectHttpMethodSigTest04(void)
{
int result = 0;
Flow f;
uint8_t httpbuf1[] = "GET / HTTP/1.0\r\n"
"Host: foo.bar.tld\r\n"
"\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
Packet *p = NULL;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"Testing http_method\"; "
"content:\"GET\"; http_method; sid:1;)");
if (s == NULL) {
goto end;
}
s = s->next = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"Testing http_method\"; "
"content:!\"GET\"; http_method; sid:2;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
goto end;
}
http_state = f.alstate;
if (http_state == NULL) {
SCLogDebug("no http state: ");
goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!(PacketAlertCheck(p, 1))) {
printf("sid 1 didn't match but should have: ");
goto end;
}
if (PacketAlertCheck(p, 2)) {
printf("sid 2 matched but shouldn't have: ");
goto end;
}
result = 1;
end:
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *) det_ctx);
}
if (de_ctx != NULL) {
DetectEngineCtxFree(de_ctx);
}
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
//.........這裏部分代碼省略.........