0002-Fix-thresholding-signature-unittests.-Because-of-the.patch - Suricata - Open Information Security Foundation

Bug #84 » 0002-Fix-thresholding-signature-unittests.-Because-of-the.patch

Victor Julien, 03/19/2010 02:35 AM

         p.ip4h = &ip4h;
         p.ip4h->ip_src.s_addr = 0x01010101;
         p.ip4h->ip_dst.s_addr = 0x02020202;
         p.sp = 1024;
         p.dp = 80;
         DetectEngineCtx *de_ctx = DetectEngineCtxInit();
         if (de_ctx == NULL) {
-...
         de_ctx->flags |= DE_QUIET;
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold limit\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
         if (s == NULL) {
             goto end;
+        }
         SigGroupBuild(de_ctx);
         if (s->flags & SIG_FLAG_IPONLY) {
             printf("signature is ip-only: ");
             goto end;
+        }
         DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
         SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
-...
         if(alerts == 5)
             result = 1;
         else
             goto cleanup;
             printf("alerts %"PRIi32", expected 5: ", alerts);
     cleanup:
         SigGroupCleanup(de_ctx);
         SigCleanSignatures(de_ctx);
-...
         p.ip4h = &ip4h;
         p.ip4h->ip_src.s_addr = 0x01010101;
         p.ip4h->ip_dst.s_addr = 0x02020202;
         p.sp = 1024;
         p.dp = 80;
         DetectEngineCtx *de_ctx = DetectEngineCtxInit();
         if (de_ctx == NULL) {
-...
         de_ctx->flags |= DE_QUIET;
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold\"; threshold: type threshold, track by_dst, count 5, seconds 60; sid:1;)");
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold\"; threshold: type threshold, track by_dst, count 5, seconds 60; sid:1;)");
         if (s == NULL) {
             goto end;
+        }
-...
         p.ip4h = &ip4h;
         p.ip4h->ip_src.s_addr = 0x01010101;
         p.ip4h->ip_dst.s_addr = 0x02020202;
         p.sp = 1024;
         p.dp = 80;
         DetectEngineCtx *de_ctx = DetectEngineCtxInit();
         if (de_ctx == NULL) {
-...
         de_ctx->flags |= DE_QUIET;
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold limit\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:10;)");
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:10;)");
         if (s == NULL) {
             goto end;
+        }
-...
         p.ip4h = &ip4h;
         p.ip4h->ip_src.s_addr = 0x01010101;
         p.ip4h->ip_dst.s_addr = 0x02020202;
         p.sp = 1024;
         p.dp = 80;
         DetectEngineCtx *de_ctx = DetectEngineCtxInit();
         if (de_ctx == NULL) {
-...
         de_ctx->flags |= DE_QUIET;
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold both\"; threshold: type both, track by_dst, count 2, seconds 60; sid:10;)");
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold both\"; threshold: type both, track by_dst, count 2, seconds 60; sid:10;)");
         if (s == NULL) {
             goto end;
+        }
-...
         p.ip4h = &ip4h;
         p.ip4h->ip_src.s_addr = 0x01010101;
         p.ip4h->ip_dst.s_addr = 0x02020202;
         p.sp = 1024;
         p.dp = 80;
         DetectEngineCtx *de_ctx = DetectEngineCtxInit();
         if (de_ctx == NULL) {
-...
         de_ctx->flags |= DE_QUIET;
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold limit sid 1\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
         s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit sid 1\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
         if (s == NULL) {
             goto end;
+        }
         s = s->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Threshold limit sid 1000\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1000;)");
         s = s->next = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit sid 1000\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1000;)");
         if (s == NULL) {
             goto end;
+        }

                         if (dport != NULL) {
                             sgh = dport->sh;
                         } else {
                             SCLogDebug("no dst port group found for the packet");
                             SCLogDebug("no dst port group found for the packet with dp %"PRIu16"", p->dp);
+                        }
                     } else {
                         SCLogDebug("no src port group found for the packet");
                         SCLogDebug("no src port group found for the packet with sp %"PRIu16"", p->sp);
+                    }
+                }
             } else {

« Previous
1
2
Next »

(2-2/2)

Project

General

Profile

Suricata

Bug #84 » 0002-Fix-thresholding-signature-unittests.-Because-of-the.patch