HLBR: tests/test_tcp_content.c Source File

00001 #include "test_tcp_content.h"
00002 #include <stdio.h>
00003 #include <string.h>
00004 #include <stdlib.h>
00005 #include "../engine/hlbr.h"
00006 #include "../decoders/decode_tcp.h"
00007 #include "../packets/packet.h"
00008 #include "../engine/jtree.h"
00009 #include <arpa/inet.h>
00010 
00011 extern GlobalVars       Globals;
00012 
00013 typedef struct tcp_content_data{
00014         unsigned char   tcp_content[MAX_CONTENT_LEN];
00015 } TCPContentData;
00016 
00017 //#define DEBUG
00018 //#define DEBUGMATCH
00019 
00020 int     TCPDecoderID;
00021 JTree   TCPContentTree;
00022 
00023 #ifdef OLD_MATCH
00024 /********************************************
00025 * Returns TRUE is Candidate is in Packet
00026 ********************************************/
00027 int MatchString(char* Candidate, int CLen, char* Packet, int PLen){
00028         int     i;
00029         int             j;
00030 
00031         DEBUGPATH;
00032 
00033         if (CLen<PLen) return FALSE;
00034         
00035         for (i=0;i<PLen-CLen+1;i++){
00036                 if (Packet[i]==Candidate[0]){
00037                         for (j=1;j<CLen-1;j++){
00038                                 if (Packet[j+i]!=Candidate[j]) break;
00039                         }
00040                         if (j==(CLen-1)) return TRUE;
00041                 }
00042         }
00043 
00044         return FALSE;
00045 }
00046 #endif
00047 
00051 int TestTCPContent(int PacketSlot, TestNode* Nodes)
00052 {
00053         PacketRec*              p;
00054 #ifdef DEBUGMATCH       
00055         int                     i;
00056 #endif  
00057 
00058         DEBUGPATH;
00059 
00060         p=&Globals.Packets[PacketSlot];
00061         
00062         if (!Nodes) return FALSE;
00063         
00064 #ifdef DEBUGMATCH
00065         printf("**************************************\n");
00066         printf("Before applying tcp content tests\n");
00067         for (i=0;i<Globals.NumRules;i++)
00068         if (RuleIsActive(PacketSlot,i))
00069                 printf("Rule %i is active\n",i);
00070         else
00071                 printf("Rule %i is inactive\n",i);
00072         printf("**************************************\n");
00073 #endif  
00074 
00075         MatchStrings(&TCPContentTree, p->RuleBits, p->RawPacket+p->BeginData, p->PacketLen - p->BeginData);
00076         
00077 #ifdef DEBUGMATCH
00078         printf("**************************************\n");
00079         for (i=0;i<Globals.NumRules;i++)
00080         if (RuleIsActive(PacketSlot,i))
00081                 printf("Rule %i is active\n",i);
00082         else
00083                 printf("Rule %i is inactive\n",i);
00084         printf("**************************************\n");
00085 #endif  
00086                 
00087         return TRUE;
00088 }
00089 
00090 
00094 int TestTCPContent_Stream(int PacketSlot, TestNode* Nodes)
00095 {
00096 /*
00097         PacketRec*      p;
00098 
00099         if (!Nodes) return FALSE;
00100 
00101         p=&Globals.Packets[PacketSlot];
00102         
00103         MatchStrings(&TCPContentTree, p->RuleBits, p->Stream->Seqs.buffer, p->Stream->Seqs.LastSeq - p->Stream->Seqs.TopSeq + 1);
00104         
00105         return TRUE;
00106 */
00107 }
00108 
00109 
00110 /******************************************
00111 * Add a rule node to this test
00112 ******************************************/
00113 int TCPContentAddNode(int TestID, int RuleID, char* Args){
00114         TCPContentData*         data;
00115 
00116         DEBUGPATH;
00117 
00118         data=calloc(sizeof(TCPContentData),1);
00119         snprintf(data->tcp_content, MAX_CONTENT_LEN, Args);
00120 
00121         if (!AddStringJTree(&TCPContentTree, Args, strlen(Args), RuleID)){
00122                 printf("Failed to add to tree\n");
00123                 free(data);
00124                 data=NULL;
00125                 return FALSE;
00126         }
00127         
00128         return TestAddNode(TestID, RuleID, (void*)data);
00129 }
00130 
00134 int TestTCPContentFinishedSetup()
00135 {
00136         DEBUGPATH;
00137 
00138         return FinalizeJTree(&TCPContentTree);
00139 }
00140 
00144 int InitTestTCPContent()
00145 {
00146         int     TestID;
00147 
00148         DEBUGPATH;
00149 
00150         InitJTree(&TCPContentTree, FALSE);
00151 
00152         TestID=CreateTest("TCPContent");
00153         if (TestID==TEST_NONE) return FALSE;
00154         
00155         if (!BindTestToDecoder(TestID, "TCP")){
00156                 printf("Failed to Bind to TCP\n");
00157                 return FALSE;
00158         } 
00159         
00160         snprintf(Globals.Tests[TestID].ShortName, MAX_NAME_LEN, "content");
00161         Globals.Tests[TestID].AddNode=TCPContentAddNode;
00162         Globals.Tests[TestID].TestFunc=TestTCPContent;
00163         Globals.Tests[TestID].TestStreamFunc=TestTCPContent_Stream;
00164         Globals.Tests[TestID].FinishedSetup=TestTCPContentFinishedSetup;
00165         
00166         TCPDecoderID=GetDecoderByName("TCP");
00167 
00168         return TRUE;
00169 }