00001 #include "test_tcp_offset.h"
00002 #include <stdio.h>
00003 #include <string.h>
00004 #include <stdlib.h>
00005 #include "../decoders/decode_tcp.h"
00006 #include "../packets/packet.h"
00007 #include <arpa/inet.h>
00008 #include "../engine/num_list.h"
00009
00010 extern GlobalVars Globals;
00011
00012 typedef struct tcp_offset_data{
00013 int offset;
00014 unsigned char* string;
00015 int string_len;
00016 } TCPOffsetData;
00017
00018
00019
00020
00021 int TCPDecoderID;
00022
00023
00024
00025
00026 int TestTCPOffset(int PacketSlot, TestNode* Nodes){
00027 TCPData* TData;
00028 TCPOffsetData* TOData;
00029 TestNode* Node;
00030 int i;
00031 PacketRec* p;
00032
00033 #ifdef DEBUGPATH
00034 printf("In TestTCPOffset\n");
00035 #endif
00036
00037 #ifdef DEBUG
00038 printf("Testing TCP Offset\n");
00039 #endif
00040
00041 p=&Globals.Packets[PacketSlot];
00042
00043
00044 for (i=0;i<p->NumDecoderData;i++){
00045 if (p->DecoderInfo[i].DecoderID==TCPDecoderID){
00046 TData=(TCPData*)p->DecoderInfo[i].Data;
00047 }
00048 }
00049
00050 #ifdef DEBUGMATCH
00051 printf("\n\n");
00052 printf("**************************************\n");
00053 printf("Before applying interface name tests\n");
00054 for (i=0;i<Globals.NumRules;i++)
00055 if (RuleIsActive(p,i))
00056 printf("Rule %i is active\n",i);
00057 else
00058 printf("Rule %i is inactive\n",i);
00059 printf("**************************************\n");
00060 #endif
00061
00062 Node=Nodes;
00063 while (Node){
00064 if (RuleIsActive(PacketSlot, Node->RuleID)){
00065 TOData=(TCPOffsetData*)Node->Data;
00066
00067 if (TOData->string_len <= TData->DataLen)
00068 if (memcmp(&TData->Data[TOData->offset],TOData->string, TOData->string_len)!=0){
00069 #ifdef DEBUGMATCH
00070 printf("Tcp Offset Doesn't Match\n");
00071 #endif
00072 SetRuleInactive(PacketSlot,Node->RuleID);
00073 }
00074 #ifdef DEBUGMATCH
00075 else{
00076 printf("TCP offset Matches\n");
00077 }
00078 #endif
00079 }
00080 #ifdef DEBUGMATCH
00081 else{
00082 printf("Rule %i is inactive\n", Node->RuleID);
00083 }
00084 #endif
00085 Node=Node->Next;
00086 }
00087
00088 #ifdef DEBUGMATCH
00089 printf("**************************************\n");
00090 printf("After applying interface name tests\n");
00091 for (i=0;i<Globals.NumRules;i++)
00092 if (RuleIsActive(p,i))
00093 printf("Rule %i is active\n",i);
00094 else
00095 printf("Rule %i is inactive\n",i);
00096 printf("**************************************\n");
00097 #endif
00098
00099 return TRUE;
00100 }
00101
00102
00103
00104
00105
00106 int TCPOffsetAddNode(int TestID, int RuleID, char* Args){
00107 TCPOffsetData* data;
00108 unsigned char* c;
00109 unsigned char* c1;
00110 unsigned char Buff[1600+1];
00111 int BuffLen;
00112 int i;
00113 int IsBinary;
00114
00115 char BinBuff[6];
00116 int BinChar;
00117 int SLen;
00118
00119 #ifdef DEBUGPATH
00120 printf("In TCPOffsetAddNode\n");
00121 #endif
00122
00123 #ifdef DEBUG
00124 printf("Addding a Node with args %s\n",Args);
00125 #endif
00126
00127 data=calloc(sizeof(TCPOffsetData), 1);
00128
00129 c=Args;
00130 while (*c==' ') c++;
00131
00132 c1=c+1;
00133 while ((*c1!=',') && (*c1)) c1++;
00134 if (!*c1) return FALSE;
00135 *c1=0x00;
00136
00137 data->offset=atoi(c);
00138 #ifdef DEBUG
00139 printf("Offset is %i\n",data->offset);
00140 #endif
00141
00142 c1++;
00143 SLen=strlen(c1);
00144
00145 IsBinary=FALSE;
00146 BuffLen=0;
00147 for (i=0;i<SLen;i++){
00148 if (c1[i]==0x00) break;
00149 if (c1[i]=='|'){
00150 if (c1[i+1]=='|'){
00151 #ifdef DEBUG
00152 printf("Literal Pipe\n");
00153 #endif
00154 Buff[BuffLen]='|';
00155 BuffLen++;
00156 }else{
00157 if (IsBinary){
00158 #ifdef DEBUG
00159 printf("Switching to text mode\n");
00160 #endif
00161 IsBinary=FALSE;
00162 }else{
00163 #ifdef DEBUG
00164 printf("Switching to binary mode\n");
00165 #endif
00166 IsBinary=TRUE;
00167 }
00168 }
00169 }else{
00170 if (IsBinary){
00171 while (c1[i]==' ') i++;
00172 if (c1[i]==0x00){
00173 printf("Unexpected end of string. Expected |\n");
00174 return FALSE;
00175 }
00176
00177 BinBuff[0]=c1[i];
00178 BinBuff[1]=c1[i+1];
00179 BinBuff[2]=0x00;
00180
00181 if ( (BinBuff[0]=='|') || (BinBuff[1]=='|')){
00182 printf("Parse Error \"%s\"\n",BinBuff);
00183 return FALSE;
00184 }
00185
00186
00187 BinChar=strtoul(BinBuff, NULL, 16);
00188
00189 #ifdef DEBUG
00190 printf("Adding binary character %02X\n",BinChar);
00191 #endif
00192 Buff[BuffLen]=BinChar;
00193
00194 BuffLen++;
00195 i++;
00196 }else{
00197 #ifdef DEBUG
00198 printf("Adding literal character %c\n",c1[i]);
00199 #endif
00200 Buff[BuffLen]=c1[i];
00201 BuffLen++;
00202 }
00203 }
00204 }
00205
00206 #ifdef DEBUG
00207 printf("Buff is %s\n",Buff);
00208 printf("BuffLen is %i\n", BuffLen);
00209 #endif
00210
00211 data->string_len=BuffLen;
00212 data->string=calloc(BuffLen+1,1);
00213 memcpy(data->string, Buff, BuffLen);
00214
00215 return TestAddNode(TestID, RuleID, (void*)data);
00216 }
00217
00218
00219
00220
00221 int InitTestTCPOffset(){
00222 int TestID;
00223
00224 #ifdef DEBUGPATH
00225 printf("In InitTestTCPOffset\n");
00226 #endif
00227
00228 TestID=CreateTest("TCPOffset");
00229 if (TestID==TEST_NONE) return FALSE;
00230
00231 if (!BindTestToDecoder(TestID, "TCP")){
00232 printf("Failed to Bind to TCP\n");
00233 return FALSE;
00234 }
00235
00236 snprintf(Globals.Tests[TestID].ShortName, MAX_NAME_LEN, "offset");
00237 Globals.Tests[TestID].AddNode=TCPOffsetAddNode;
00238 Globals.Tests[TestID].TestFunc=TestTCPOffset;
00239
00240 TCPDecoderID=GetDecoderByName("TCP");
00241
00242 return TRUE;
00243 }
