suricata
stream-tcp-list.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2016 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18#include "../suricata-common.h"
19#include "../stream-tcp-private.h"
20#include "../stream-tcp.h"
21#include "../stream-tcp-reassemble.h"
22#include "../stream-tcp-inline.h"
23#include "../stream-tcp-list.h"
24#include "../stream-tcp-util.h"
25#include "../util-streaming-buffer.h"
26#include "../util-print.h"
27#include "../util-unittest.h"
28
29static int VALIDATE(TcpStream *stream, uint8_t *data, uint32_t data_len)
30{
31 // HACK: these tests should be updated to check the SBB blocks
32 if (memcmp(stream->sb.region.buf, data, data_len) != 0) {
33 SCReturnInt(0);
34 }
35 SCLogInfo("OK");
36 PrintRawDataFp(stdout, data, data_len);
37 return 1;
38}
39
40#define OVERLAP_START(isn, policy) \
41 TcpReassemblyThreadCtx *ra_ctx = NULL; \
42 TcpSession ssn; \
43 ThreadVars tv; \
44 memset(&tv, 0, sizeof(tv)); \
45 \
46 StreamTcpUTInit(&ra_ctx); \
47 \
48 StreamTcpUTSetupSession(&ssn); \
49 StreamTcpUTSetupStream(&ssn.server, (isn)); \
50 StreamTcpUTSetupStream(&ssn.client, (isn)); \
51 \
52 TcpStream *stream = &ssn.client; \
53 stream->os_policy = (policy);
54
55#define OVERLAP_END \
56 StreamTcpUTClearSession(&ssn); \
57 StreamTcpUTDeinit(ra_ctx); \
58 PASS
59
60#define OVERLAP_STEP(rseq, seg, seglen, buf, buflen) \
61 StreamTcpUTAddPayload(&tv, ra_ctx, &ssn, stream, stream->isn + (rseq), (uint8_t *)(seg), (seglen)); \
62 FAIL_IF(!(VALIDATE(stream, (uint8_t *)(buf), (buflen))));
63
64static int OverlapBSD(uint32_t isn)
65{
66 OVERLAP_START(isn, OS_POLICY_BSD);
67
68 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
69 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
70 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
71 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
72 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
73 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
74 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
75 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
76 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
77 /* AA not overwritten, gap filled and B overwritten because 'starts before' */
78 OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
79 /* no-op, overlaps CCC which takes precedence */
80 OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
81 /* LLL fills gaps and replaces D as it starts before */
82 OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
83 /* MMM fills gap and replaces EE as it starts before */
84 OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
85 /* no op */
86 OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
87 /* no op */
88 OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
89 /* no op */
90 OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
91 /* no replace of I as it starts the same */
92 OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
93 OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHIQ", 25);
94
95 OVERLAP_END;
96}
97
98static int OverlapBSDBefore(uint32_t isn)
99{
100 OVERLAP_START(isn, OS_POLICY_BSD);
101
102 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
103 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
104 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
105 OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
106 OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
107 OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
108 OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
109
110 OVERLAP_END;
111}
112
113static int OverlapBSDSame(uint32_t isn)
114{
115 OVERLAP_START(isn, OS_POLICY_BSD);
116
117 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
118 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
119 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
120 /* ignored as 'starts the same' */
121 OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
122 /* original data not overwritten as it starts on the same seq */
123 OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
124 OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
125 OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
126
127 OVERLAP_END;
128}
129
130static int OverlapBSDAfter(uint32_t isn)
131{
132 OVERLAP_START(isn, OS_POLICY_BSD);
133
134 OVERLAP_STEP(1, "AA", 2, "AA", 2);
135 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
136 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
137 OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
138 OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
139 OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
140
141 OVERLAP_END;
142}
143
144static int OverlapVISTA(uint32_t isn)
145{
146 OVERLAP_START(isn, OS_POLICY_VISTA);
147
148 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
149 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
150 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
151 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
152 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
153 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
154 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
155 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
156 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
157 /* AA not overwritten, gap filled and B not overwritten */
158 OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
159 /* no-op, overlaps CCC which takes precedence */
160 OVERLAP_STEP(8, "KKK", 3, "\0AAAJBBCCC\0D\0\0EEFFFGGHHI", 24);
161 /* LLL fills gaps only */
162 OVERLAP_STEP(11, "LLL", 3, "\0AAAJBBCCCLDL\0EEFFFGGHHI", 24);
163 /* MMM fills gap only */
164 OVERLAP_STEP(14, "MMM", 3, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
165 /* no op */
166 OVERLAP_STEP(18, "N", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
167 /* no op */
168 OVERLAP_STEP(21, "O", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
169 /* no op */
170 OVERLAP_STEP(22, "P", 1, "\0AAAJBBCCCLDLMEEFFFGGHHI", 24);
171 /* no replace of I */
172 OVERLAP_STEP(24, "QQ", 2, "\0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
173 OVERLAP_STEP(1, "0", 1, "0AAAJBBCCCLDLMEEFFFGGHHIQ", 25);
174
175 OVERLAP_END;
176}
177
178static int OverlapVISTABefore(uint32_t isn)
179{
180 OVERLAP_START(isn, OS_POLICY_VISTA);
181
182 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
183 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
184 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
185 OVERLAP_STEP(2, "AA", 2, "\0AB\0\0\0\0\0D\0\0EE", 13);
186 OVERLAP_STEP(1, "JJJJ", 4, "JABJ\0\0\0\0D\0\0EE", 13);
187 OVERLAP_STEP(8, "LLL", 3, "JABJ\0\0\0LDL\0EE", 13);
188 OVERLAP_STEP(11,"MMM", 3, "JABJ\0\0\0LDLMEE", 13);
189
190 OVERLAP_END;
191}
192
193static int OverlapVISTASame(uint32_t isn)
194{
195 OVERLAP_START(isn, OS_POLICY_VISTA);
196
197 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
198 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
199 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
200 OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
201 OVERLAP_STEP(1, "LLLL", 4, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
202 OVERLAP_STEP(15, "P", 1, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
203 OVERLAP_STEP(15, "QQ", 2, "CCCL\0\0\0\0\0\0\0\0\0\0HHII", 18);
204
205 OVERLAP_END;
206}
207
208static int OverlapVISTAAfter(uint32_t isn)
209{
210 OVERLAP_START(isn, OS_POLICY_VISTA);
211
212 OVERLAP_STEP(1, "AA", 2, "AA", 2);
213 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
214 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
215 OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
216 OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
217 OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
218
219 OVERLAP_END;
220}
221
222static int OverlapLINUX(uint32_t isn)
223{
224 OVERLAP_START(isn, OS_POLICY_LINUX);
225
226 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
227 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
228 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
229 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
230 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
231 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
232 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
233 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
234 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
235 /* AA not overwritten, gap filled and B not overwritten */
236 OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
237 /* no-op, overlaps CCC which takes precedence */
238 OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
239 /* LLL fills gaps and replaces as begins before */
240 OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBCCCLLL\0EEFFFGGHHI", 24);
241 /* MMM fills gap and replaces EE as it begins before */
242 OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
243 /* no op */
244 OVERLAP_STEP(18, "N", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
245 /* no op */
246 OVERLAP_STEP(21, "O", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
247 /* no op */
248 OVERLAP_STEP(22, "P", 1, "\0AAAJJBCCCLLLMMMFFFGGHHI", 24);
249 /* replaces of I as begins the same, ends after*/
250 OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
251 OVERLAP_STEP(1, "0", 1, "0AAAJJBCCCLLLMMMFFFGGHHQQ", 25);
252
253 OVERLAP_END;
254}
255
256static int OverlapLINUXBefore(uint32_t isn)
257{
258 OVERLAP_START(isn, OS_POLICY_LINUX);
259
260 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
261 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
262 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
263 OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
264 OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
265 OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
266 OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
267
268 OVERLAP_END;
269}
270
271static int OverlapLINUXSame(uint32_t isn)
272{
273 OVERLAP_START(isn, OS_POLICY_LINUX);
274
275 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
276 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
277 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
278 OVERLAP_STEP(1, "KKK", 3, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
279 OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
280 OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
281 OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
282
283 OVERLAP_END;
284}
285
286static int OverlapLINUXAfter(uint32_t isn)
287{
288 OVERLAP_START(isn, OS_POLICY_LINUX);
289
290 OVERLAP_STEP(1, "AA", 2, "AA", 2);
291 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
292 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
293 OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
294 OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
295 OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
296
297 OVERLAP_END;
298}
299
300static int OverlapLINUXOLD(uint32_t isn)
301{
302 OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
303
304 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
305 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
306 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
307 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
308 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
309 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
310 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
311 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
312 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
313 /* AA not overwritten as it starts before, gap filled and B overwritten */
314 OVERLAP_STEP(3, "JJJJ", 4, "\0AAAJJBCCC\0D\0\0EEFFFGGHHI", 24);
315 /* replace CCC */
316 OVERLAP_STEP(8, "KKK", 3, "\0AAAJJBKKK\0D\0\0EEFFFGGHHI", 24);
317 /* LLL fills gaps and replaces as begins before */
318 OVERLAP_STEP(11, "LLL", 3, "\0AAAJJBKKKLLL\0EEFFFGGHHI", 24);
319 /* MMM fills gap and replaces EE as it begins before */
320 OVERLAP_STEP(14, "MMM", 3, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
321 /* no op */
322 OVERLAP_STEP(18, "N", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
323 /* no op */
324 OVERLAP_STEP(21, "O", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
325 /* no op */
326 OVERLAP_STEP(22, "P", 1, "\0AAAJJBKKKLLLMMMFFFGGHHI", 24);
327 /* replaces of I as begins the same, ends after*/
328 OVERLAP_STEP(24, "QQ", 2, "\0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
329 OVERLAP_STEP(1, "0", 1, "0AAAJJBKKKLLLMMMFFFGGHHQQ", 25);
330
331 OVERLAP_END;
332}
333
334static int OverlapLINUXOLDBefore(uint32_t isn)
335{
336 OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
337
338 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
339 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
340 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
341 OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
342 OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
343 OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
344 OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
345
346 OVERLAP_END;
347}
348
349static int OverlapLINUXOLDSame(uint32_t isn)
350{
351 OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
352
353 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
354 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
355 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
356 OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
357 OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
358 OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
359 OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
360
361 OVERLAP_END;
362}
363
364static int OverlapLINUXOLDAfter(uint32_t isn)
365{
366 OVERLAP_START(isn, OS_POLICY_OLD_LINUX);
367
368 OVERLAP_STEP(1, "AA", 2, "AA", 2);
369 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
370 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
371 OVERLAP_STEP(2, "JJ", 2, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
372 OVERLAP_STEP(20, "O", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
373 OVERLAP_STEP(17, "N", 1, "AAJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
374
375 OVERLAP_END;
376}
377
378static int OverlapSOLARIS(uint32_t isn)
379{
380 OVERLAP_START(isn, OS_POLICY_SOLARIS);
381
382 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
383 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
384 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
385 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
386 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
387 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
388 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
389 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
390 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
391 OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJBBCCC\0D\0\0EEFFFGGHHI", 24);
392 /* replace CCC */
393 OVERLAP_STEP(8, "KKK", 3, "\0AJJJBBKKK\0D\0\0EEFFFGGHHI", 24);
394 /* LLL fills gaps and replaces as begins before */
395 OVERLAP_STEP(11, "LLL", 3, "\0AJJJBBKKKLLL\0EEFFFGGHHI", 24);
396 /* MMM fills gap and replaces EE as it begins before */
397 OVERLAP_STEP(14, "MMM", 3, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
398 /* no op */
399 OVERLAP_STEP(18, "N", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
400 /* no op */
401 OVERLAP_STEP(21, "O", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
402 /* no op */
403 OVERLAP_STEP(22, "P", 1, "\0AJJJBBKKKLLLMMMFFFGGHHI", 24);
404 /* replaces of I as begins the same, ends after*/
405 OVERLAP_STEP(24, "QQ", 2, "\0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
406 OVERLAP_STEP(1, "0", 1, "0AJJJBBKKKLLLMMMFFFGGHHQQ", 25);
407
408 OVERLAP_END;
409}
410
411static int OverlapSOLARISBefore(uint32_t isn)
412{
413 OVERLAP_START(isn, OS_POLICY_SOLARIS);
414
415 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
416 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
417 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
418 OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
419 OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
420 OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
421 OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
422
423 OVERLAP_END;
424}
425
426static int OverlapSOLARISSame(uint32_t isn)
427{
428 OVERLAP_START(isn, OS_POLICY_SOLARIS);
429
430 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
431 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
432 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
433 OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
434 OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
435 OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
436 OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
437
438 OVERLAP_END;
439}
440
441static int OverlapSOLARISAfter(uint32_t isn)
442{
443 OVERLAP_START(isn, OS_POLICY_SOLARIS);
444
445 OVERLAP_STEP(1, "AA", 2, "AA", 2);
446 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
447 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
448 OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
449 OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
450 OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
451
452 OVERLAP_END;
453}
454
455static int OverlapLAST(uint32_t isn)
456{
457 OVERLAP_START(isn, OS_POLICY_LAST);
458
459 OVERLAP_STEP(2, "AAA", 3, "\0AAA", 4);
460 OVERLAP_STEP(6, "BB", 2, "\0AAA\0BB", 7);
461 OVERLAP_STEP(8, "CCC", 3, "\0AAA\0BBCCC", 10);
462 OVERLAP_STEP(12, "D", 1, "\0AAA\0BBCCC\0D", 12);
463 OVERLAP_STEP(15, "EE", 2, "\0AAA\0BBCCC\0D\0\0EE", 16);
464 OVERLAP_STEP(17, "FFF", 3, "\0AAA\0BBCCC\0D\0\0EEFFF", 19);
465 OVERLAP_STEP(20, "GG", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGG", 21);
466 OVERLAP_STEP(22, "HH", 2, "\0AAA\0BBCCC\0D\0\0EEFFFGGHH", 23);
467 OVERLAP_STEP(24, "I", 1, "\0AAA\0BBCCC\0D\0\0EEFFFGGHHI", 24);
468 OVERLAP_STEP(3, "JJJJ", 4, "\0AJJJJBCCC\0D\0\0EEFFFGGHHI", 24);
469 OVERLAP_STEP(8, "KKK", 3, "\0AJJJJBKKK\0D\0\0EEFFFGGHHI", 24);
470 OVERLAP_STEP(11, "LLL", 3, "\0AJJJJBKKKLLL\0EEFFFGGHHI", 24);
471 OVERLAP_STEP(14, "MMM", 3, "\0AJJJJBKKKLLLMMMFFFGGHHI", 24);
472 OVERLAP_STEP(18, "N", 1, "\0AJJJJBKKKLLLMMMFNFGGHHI", 24);
473 OVERLAP_STEP(21, "O", 1, "\0AJJJJBKKKLLLMMMFNFGOHHI", 24);
474 OVERLAP_STEP(22, "P", 1, "\0AJJJJBKKKLLLMMMFNFGOPHI", 24);
475 OVERLAP_STEP(24, "QQ", 2, "\0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
476 OVERLAP_STEP(1, "0", 1, "0AJJJJBKKKLLLMMMFNFGOPHQQ", 25);
477
478 OVERLAP_END;
479}
480
481static int OverlapLASTBefore(uint32_t isn)
482{
483 OVERLAP_START(isn, OS_POLICY_LAST);
484
485 OVERLAP_STEP(3, "B", 1, "\0\0B", 3);
486 OVERLAP_STEP(9, "D", 1, "\0\0B\0\0\0\0\0D", 9);
487 OVERLAP_STEP(12, "EE", 2, "\0\0B\0\0\0\0\0D\0\0EE", 13);
488 OVERLAP_STEP(2, "AA", 2, "\0AA\0\0\0\0\0D\0\0EE", 13);
489 OVERLAP_STEP(1, "JJJJ", 4, "JJJJ\0\0\0\0D\0\0EE", 13);
490 OVERLAP_STEP(8, "LLL", 3, "JJJJ\0\0\0LLL\0EE", 13);
491 OVERLAP_STEP(11,"MMM", 3, "JJJJ\0\0\0LLLMMM", 13);
492
493 OVERLAP_END;
494}
495
496static int OverlapLASTSame(uint32_t isn)
497{
498 OVERLAP_START(isn, OS_POLICY_LAST);
499
500 OVERLAP_STEP(1, "CCC", 3, "CCC", 3);
501 OVERLAP_STEP(15, "HH", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HH", 16);
502 OVERLAP_STEP(17, "II", 2, "CCC\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
503 OVERLAP_STEP(1, "KKK", 3, "KKK\0\0\0\0\0\0\0\0\0\0\0HHII", 18);
504 OVERLAP_STEP(1, "LLLL", 4, "LLLL\0\0\0\0\0\0\0\0\0\0HHII", 18);
505 OVERLAP_STEP(15, "P", 1, "LLLL\0\0\0\0\0\0\0\0\0\0PHII", 18);
506 OVERLAP_STEP(15, "QQ", 2, "LLLL\0\0\0\0\0\0\0\0\0\0QQII", 18);
507
508 OVERLAP_END;
509}
510
511static int OverlapLASTAfter(uint32_t isn)
512{
513 OVERLAP_START(isn, OS_POLICY_LAST);
514
515 OVERLAP_STEP(1, "AA", 2, "AA", 2);
516 OVERLAP_STEP(16, "FFF", 3, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFF", 18);
517 OVERLAP_STEP(19, "GG", 2, "AA\0\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
518 OVERLAP_STEP(2, "JJ", 2, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGG", 20);
519 OVERLAP_STEP(20, "O", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FFFGO", 20);
520 OVERLAP_STEP(17, "N", 1, "AJJ\0\0\0\0\0\0\0\0\0\0\0\0FNFGO", 20);
521
522 OVERLAP_END;
523}
524
525/** \test BSD policy
526 */
527static int StreamTcpReassembleTest01(void)
528{
529 FAIL_IF(OverlapBSD(0) == 0);
530 OverlapBSDBefore(0);
531 OverlapBSDSame(0);
532 OverlapBSDAfter(0);
533
534 OverlapBSD(1);
535 OverlapBSDBefore(1);
536 OverlapBSDSame(1);
537 OverlapBSDAfter(1);
538
539 OverlapBSD(UINT_MAX);
540 OverlapBSDBefore(UINT_MAX);
541 OverlapBSDSame(UINT_MAX);
542 OverlapBSDAfter(UINT_MAX);
543
544 OverlapBSD(UINT_MAX - 10);
545 OverlapBSDBefore(UINT_MAX - 10);
546 OverlapBSDSame(UINT_MAX - 10);
547 OverlapBSDAfter(UINT_MAX - 10);
548 return 1;
549}
550
551
552/** \test Vista Policy
553 */
554static int StreamTcpReassembleTest02(void)
555{
556 OverlapVISTA(0);
557 OverlapVISTABefore(0);
558 OverlapVISTASame(0);
559 OverlapVISTAAfter(0);
560
561 OverlapVISTA(1);
562 OverlapVISTABefore(1);
563 OverlapVISTASame(1);
564 OverlapVISTAAfter(1);
565
566 OverlapVISTA(UINT_MAX);
567 OverlapVISTABefore(UINT_MAX);
568 OverlapVISTASame(UINT_MAX);
569 OverlapVISTAAfter(UINT_MAX);
570
571 OverlapVISTA(UINT_MAX - 10);
572 OverlapVISTABefore(UINT_MAX - 10);
573 OverlapVISTASame(UINT_MAX - 10);
574 OverlapVISTAAfter(UINT_MAX - 10);
575 return 1;
576}
577
578
579/** \test Linux policy
580 */
581static int StreamTcpReassembleTest03(void)
582{
583 OverlapLINUX(0);
584 OverlapLINUXBefore(0);
585 OverlapLINUXSame(0);
586 OverlapLINUXAfter(0);
587
588 OverlapLINUX(1);
589 OverlapLINUXBefore(1);
590 OverlapLINUXSame(1);
591 OverlapLINUXAfter(1);
592
593 OverlapLINUX(UINT_MAX);
594 OverlapLINUXBefore(UINT_MAX);
595 OverlapLINUXSame(UINT_MAX);
596 OverlapLINUXAfter(UINT_MAX);
597
598 OverlapLINUX(UINT_MAX - 10);
599 OverlapLINUXBefore(UINT_MAX - 10);
600 OverlapLINUXSame(UINT_MAX - 10);
601 OverlapLINUXAfter(UINT_MAX - 10);
602 return 1;
603}
604
605/** \test policy Linux old
606 */
607static int StreamTcpReassembleTest04(void)
608{
609 OverlapLINUXOLD(0);
610 OverlapLINUXOLDBefore(0);
611 OverlapLINUXOLDSame(0);
612 OverlapLINUXOLDAfter(0);
613
614 OverlapLINUXOLD(1);
615 OverlapLINUXOLDBefore(1);
616 OverlapLINUXOLDSame(1);
617 OverlapLINUXOLDAfter(1);
618
619 OverlapLINUXOLD(UINT_MAX);
620 OverlapLINUXOLDBefore(UINT_MAX);
621 OverlapLINUXOLDSame(UINT_MAX);
622 OverlapLINUXOLDAfter(UINT_MAX);
623
624 OverlapLINUXOLD(UINT_MAX - 10);
625 OverlapLINUXOLDBefore(UINT_MAX - 10);
626 OverlapLINUXOLDSame(UINT_MAX - 10);
627 OverlapLINUXOLDAfter(UINT_MAX - 10);
628 return 1;
629}
630
631/** \test Solaris policy
632 */
633static int StreamTcpReassembleTest05(void)
634{
635 OverlapSOLARIS(0);
636 OverlapSOLARISBefore(0);
637 OverlapSOLARISSame(0);
638 OverlapSOLARISAfter(0);
639
640 OverlapSOLARIS(1);
641 OverlapSOLARISBefore(1);
642 OverlapSOLARISSame(1);
643 OverlapSOLARISAfter(1);
644
645 OverlapSOLARIS(UINT_MAX);
646 OverlapSOLARISBefore(UINT_MAX);
647 OverlapSOLARISSame(UINT_MAX);
648 OverlapSOLARISAfter(UINT_MAX);
649
650 OverlapSOLARIS(UINT_MAX - 10);
651 OverlapSOLARISBefore(UINT_MAX - 10);
652 OverlapSOLARISSame(UINT_MAX - 10);
653 OverlapSOLARISAfter(UINT_MAX - 10);
654 return 1;
655}
656
657/** \test policy 'last'
658 */
659static int StreamTcpReassembleTest06(void)
660{
661 OverlapLAST(0);
662 OverlapLASTBefore(0);
663 OverlapLASTSame(0);
664 OverlapLASTAfter(0);
665
666 OverlapLAST(1);
667 OverlapLASTBefore(1);
668 OverlapLASTSame(1);
669 OverlapLASTAfter(1);
670
671 OverlapLAST(UINT_MAX);
672 OverlapLASTBefore(UINT_MAX);
673 OverlapLASTSame(UINT_MAX);
674 OverlapLASTAfter(UINT_MAX);
675
676 OverlapLAST(UINT_MAX - 10);
677 OverlapLASTBefore(UINT_MAX - 10);
678 OverlapLASTSame(UINT_MAX - 10);
679 OverlapLASTAfter(UINT_MAX - 10);
680 return 1;
681}
682
683static int StreamTcpReassembleTest30 (void)
684{
685 OVERLAP_START(9, OS_POLICY_BSD);
686 OVERLAP_STEP(3, "BBB", 3, "\0\0BBB", 5);
687 OVERLAP_STEP(1, "AA", 2, "AABBB", 5);
688 OVERLAP_END;
689}
690
691static int StreamTcpReassembleTest31 (void)
692{
693 OVERLAP_START(9, OS_POLICY_BSD);
694 OVERLAP_STEP(1, "AA", 2, "AA", 2);
695 OVERLAP_STEP(3, "BBB", 3, "AABBB", 5);
696 OVERLAP_END;
697}
698
699static int StreamTcpReassembleTest32(void)
700{
701 OVERLAP_START(0, OS_POLICY_BSD);
702 OVERLAP_STEP(11, "AAAAAAAAAA", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAA", 20);
703 OVERLAP_STEP(21, "BBBBBBBBBB", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB", 30);
704 OVERLAP_STEP(41, "CCCCCCCCCC", 10, "\0\0\0\0\0\0\0\0\0\0AAAAAAAAAABBBBBBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
705 OVERLAP_STEP(6, "aaaaaaaaaaaaaaaaaaaa", 20, "\0\0\0\0\0aaaaaaaaaaaaaaaaaaaaBBBBB\0\0\0\0\0\0\0\0\0\0CCCCCCCCCC", 50);
706 OVERLAP_STEP(1, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 50);
707 OVERLAP_END;
708}
709
710void StreamTcpListRegisterTests(void)
711{
712 UtRegisterTest("StreamTcpReassembleTest01 -- BSD policy",
713 StreamTcpReassembleTest01);
714 UtRegisterTest("StreamTcpReassembleTest02 -- VISTA policy",
715 StreamTcpReassembleTest02);
716 UtRegisterTest("StreamTcpReassembleTest03 -- LINUX policy",
717 StreamTcpReassembleTest03);
718 UtRegisterTest("StreamTcpReassembleTest04 -- LINUX-OLD policy",
719 StreamTcpReassembleTest04);
720 UtRegisterTest("StreamTcpReassembleTest05 -- SOLARIS policy",
721 StreamTcpReassembleTest05);
722 UtRegisterTest("StreamTcpReassembleTest06 -- LAST policy",
723 StreamTcpReassembleTest06);
724
725 UtRegisterTest("StreamTcpReassembleTest30",
726 StreamTcpReassembleTest30);
727 UtRegisterTest("StreamTcpReassembleTest31",
728 StreamTcpReassembleTest31);
729 UtRegisterTest("StreamTcpReassembleTest32",
730 StreamTcpReassembleTest32);
731
732}
VALIDATE
#define VALIDATE(e)
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
OS_POLICY_LAST
@ OS_POLICY_LAST
Definition stream-tcp-reassemble.h:51
OS_POLICY_VISTA
@ OS_POLICY_VISTA
Definition stream-tcp-reassemble.h:48
OS_POLICY_LINUX
@ OS_POLICY_LINUX
Definition stream-tcp-reassemble.h:40
OS_POLICY_OLD_LINUX
@ OS_POLICY_OLD_LINUX
Definition stream-tcp-reassemble.h:39
OS_POLICY_BSD
@ OS_POLICY_BSD
Definition stream-tcp-reassemble.h:37
OS_POLICY_SOLARIS
@ OS_POLICY_SOLARIS
Definition stream-tcp-reassemble.h:42
StreamingBufferRegion_::buf
uint8_t * buf
Definition util-streaming-buffer.h:85
StreamingBuffer_::region
StreamingBufferRegion region
Definition util-streaming-buffer.h:109
TcpStream_
Definition stream-tcp-private.h:106
TcpStream_::sb
StreamingBuffer sb
Definition stream-tcp-private.h:135
OVERLAP_END
#define OVERLAP_END
Definition stream-tcp-list.c:55
OVERLAP_START
#define OVERLAP_START(isn, policy)
Definition stream-tcp-list.c:40
OVERLAP_STEP
#define OVERLAP_STEP(rseq, seg, seglen, buf, buflen)
Definition stream-tcp-list.c:60
StreamTcpListRegisterTests
void StreamTcpListRegisterTests(void)
Definition stream-tcp-list.c:710
SCReturnInt
#define SCReturnInt(x)
Definition util-debug.h:281
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition util-debug.h:225
PrintRawDataFp
void PrintRawDataFp(FILE *fp, const uint8_t *buf, uint32_t buflen)
Definition util-print.c:112