HLBR: tests/test_tcp_flags.c Source File

00001 #include "test_tcp_flags.h"
00002 #include <stdio.h>
00003 #include <string.h>
00004 #include <stdlib.h>
00005 #include "../decoders/decode_tcp.h"
00006 #include "../packets/packet.h"
00007 #include <arpa/inet.h>
00008 #include "../engine/num_list.h"
00009 #include "../engine/bits.h"
00010 
00011 extern GlobalVars       Globals;
00012 
00013 typedef struct tcp_flags_data{
00014         char    Fin;
00015         char    Syn;
00016         char    Rst;
00017         char    Psh;
00018         char    Ack;
00019         char    Urg;
00020         char    Ece;
00021         char    Cwr;
00022         
00023         unsigned char                   RuleBits[MAX_RULES/8];
00024         struct tcp_flags_data*  Next;
00025 } TCPFlagsData;
00026 
00027 //#define DEBUG
00028 //#define DEBUGMATCH
00029 
00030 int TCPDecoderID;
00031 TCPFlagsData*   TCPFlagsHead;
00032 
00033 /******************************************
00034 * Apply the Test with collapsed rules
00035 ******************************************/
00036 int TestTCPFlags(int PacketSlot, TestNode* Nodes){
00037         unsigned short          TCPFlags;
00038         TCPFlagsData*                   t;
00039         TCPData*                        TData;
00040         int                                     i;
00041         PacketRec*                      p;
00042 
00043 #ifdef DEBUGPATH
00044         printf("In TestTCPFlags\n");
00045 #endif
00046 
00047 #ifdef DEBUG
00048         printf("Testing TCP Flag\n");
00049 #endif  
00050         
00051         if (!Nodes) return FALSE;
00052         
00053         p=&Globals.Packets[PacketSlot];
00054         
00055         /*get the flags out of the tcp header*/
00056         if (!GetDataByID(PacketSlot, TCPDecoderID, (void**)&TData)){
00057                 printf("Failed to get TCP header data\n");
00058                 return FALSE;
00059         }
00060 
00061         TCPFlags=ntohs(TData->Header->dest);
00062         
00063         if (i==-1){
00064 #ifdef DEBUG    
00065                 printf("Couldn't find the tcp header\n");
00066 #endif          
00067                 return FALSE;
00068         }
00069 
00070 #ifdef DEBUGMATCH
00071         printf("**************************************\n");
00072         printf("Before applying tcp flags tests\n");
00073         for (i=0;i<Globals.NumRules;i++)
00074         if (RuleIsActive(PacketSlot,i))
00075                 printf("Rule %i is active\n",i);
00076         else
00077                 printf("Rule %i is inactive\n",i);
00078         printf("**************************************\n");
00079 #endif  
00080         
00081         t=TCPFlagsHead;
00082         while (t){
00083                 if ( (t->Fin==0) || (t->Fin==1 && TData->Header->fin) || (t->Fin==-1 && !TData->Header->fin))
00084                 if ( (t->Syn==0) || (t->Syn==1 && TData->Header->syn) || (t->Syn==-1 && !TData->Header->syn))
00085                 if ( (t->Rst==0) || (t->Rst==1 && TData->Header->rst) || (t->Rst==-1 && !TData->Header->rst))
00086                 if ( (t->Psh==0) || (t->Psh==1 && TData->Header->psh) || (t->Psh==-1 && !TData->Header->psh))
00087                 if ( (t->Ack==0) || (t->Ack==1 && TData->Header->ack) || (t->Ack==-1 && !TData->Header->ack))
00088                 if ( (t->Urg==0) || (t->Urg==1 && TData->Header->urg) || (t->Urg==-1 && !TData->Header->urg))
00089                 if ( (t->Ece==0) || (t->Ece==1 && TData->Header->ece) || (t->Ece==-1 && !TData->Header->ece))
00090                 if ( (t->Cwr==0) || (t->Cwr==1 && TData->Header->cwr) || (t->Cwr==-1 && !TData->Header->cwr)){
00091                         /*mark these rules as inactive*/
00092                         NotAndBitFields(p->RuleBits, t->RuleBits, p->RuleBits, Globals.NumRules);
00093                 }
00094                 t=t->Next;
00095         }
00096                 
00097 #ifdef DEBUGMATCH
00098         printf("**************************************\n");
00099         for (i=0;i<Globals.NumRules;i++)
00100         if (RuleIsActive(PacketSlot,i))
00101                 printf("Rule %i is active\n",i);
00102         else
00103                 printf("Rule %i is inactive\n",i);
00104         printf("**************************************\n");
00105 #endif  
00106                 
00107         return TRUE;
00108 }
00109 
00110 /******************************************
00111 * Add a rule node to this test
00112 ******************************************/
00113 int TCPFlagsAddNode(int TestID, int RuleID, char* Args){
00114         TCPFlagsData*                   data;
00115         TCPFlagsData*                   t;
00116         TCPFlagsData*                   last;
00117 #ifdef DEBUG    
00118         int                                             i;
00119 #endif  
00120 
00121 #ifdef DEBUGPATH
00122         printf("In TCPFlagsAddNode\n");
00123 #endif
00124 
00125 #ifdef DEBUG
00126         printf("Addding a Node with args %s\n",Args);
00127 #endif
00128 
00129         data=calloc(sizeof(TCPFlagsData),1);
00130         
00131         while (*Args){
00132                 switch (*Args){
00133                 case 'f':
00134                         data->Fin=-1;
00135                         break;
00136                 case 'F':
00137                         data->Fin=1;
00138                         break;
00139                 case 's':
00140                         data->Syn=-1;
00141                         break;
00142                 case 'S':
00143                         data->Syn=1;
00144                         break;
00145                 case 'r':
00146                         data->Rst=-1;
00147                         break;
00148                 case 'R':
00149                         data->Rst=1;
00150                         break;
00151                 case 'p':
00152                         data->Psh=-1;
00153                         break;
00154                 case 'P':
00155                         data->Psh=1;
00156                         break;
00157                 case 'a':
00158                         data->Ack=-1;
00159                         break;
00160                 case 'A':
00161                         data->Ack=1;
00162                         break;
00163                 case 'u':
00164                         data->Urg=-1;
00165                         break;
00166                 case 'U':
00167                         data->Urg=1;
00168                         break;
00169                 case 'e':
00170                         data->Ece=-1;
00171                         break;
00172                 case 'E':
00173                         data->Ece=1;
00174                         break;
00175                 case 'c':
00176                         data->Cwr=-1;
00177                         break;
00178                 case 'C':
00179                         data->Cwr=1;
00180                         break;
00181                 case ' ':
00182                 case '*':
00183                         break;
00184                 default:
00185                         printf("Unknown TCP flag \"%c\"\n",*Args);
00186                         return FALSE;
00187                 }
00188                 Args++;
00189         }
00190 
00191         /*check to see if this is a duplicate*/
00192         if (!TCPFlagsHead){
00193 #ifdef DEBUG
00194                 printf("First TCP Flag\n");
00195 #endif  
00196                 TCPFlagsHead=data;
00197                 SetBit(data->RuleBits, Globals.NumRules, RuleID, 1);
00198                 return TestAddNode(TestID, RuleID, (void*)data);
00199         }else{
00200                 t=TCPFlagsHead;
00201                 last=t;
00202                 while (t){
00203                         if (
00204                                 (t->Fin == data->Fin) && 
00205                                 (t->Syn == data->Syn) && 
00206                                 (t->Rst == data->Rst) && 
00207                                 (t->Psh == data->Psh) && 
00208                                 (t->Ack == data->Ack) && 
00209                                 (t->Urg == data->Urg) && 
00210                                 (t->Ece == data->Ece) && 
00211                                 (t->Cwr == data->Cwr)
00212                         ){
00213 #ifdef DEBUG
00214                                 printf("This is a duplicate\n");
00215 #endif                  
00216                                 free(data);
00217                                 data=NULL;
00218                                 SetBit(t->RuleBits, Globals.NumRules, RuleID, 1);
00219 #ifdef DEBUG
00220                                 for (i=0;i<Globals.NumRules+1;i++)
00221                                 if (GetBit(t->RuleBits, Globals.NumRules, i))
00222                                 printf("Bit %i is set\n",i);
00223 #endif                          
00224                                 return TestAddNode(TestID, RuleID, (void*)t);           
00225                         }
00226                         
00227                         last=t;
00228                         t=t->Next;
00229                 }
00230                 
00231 #ifdef DEBUG
00232                 printf("This is a new one\n");
00233 #endif          
00234                 last->Next=data;
00235                 SetBit(data->RuleBits, Globals.NumRules, RuleID, 1);
00236                 return TestAddNode(TestID, RuleID, (void*)data);                
00237         }
00238 }
00239 
00240 /****************************************
00241 * Set up the test of the TCP Flags Field
00242 *****************************************/
00243 int InitTestTCPFlags(){
00244         int     TestID;
00245 
00246 #ifdef DEBUGPATH
00247         printf("In InitTestTCPFlags\n");
00248 #endif
00249 
00250         TCPFlagsHead=NULL;
00251 
00252         TestID=CreateTest("TCPFlags");
00253         if (TestID==TEST_NONE) return FALSE;
00254         
00255         if (!BindTestToDecoder(TestID, "TCP")){
00256                 printf("Failed to Bind to TCP\n");
00257                 return FALSE;
00258         } 
00259         
00260         snprintf(Globals.Tests[TestID].ShortName, MAX_NAME_LEN, "flags");
00261         Globals.Tests[TestID].AddNode=TCPFlagsAddNode;
00262         Globals.Tests[TestID].TestFunc=TestTCPFlags;
00263         
00264         TCPDecoderID=GetDecoderByName("TCP");
00265 
00266         return TRUE;
00267 }