Add test case for binpac flowbuffer frame length parsing bug

2025-10-11 02:58:20 +00:00 · 2020-03-19 22:09:23 -07:00 · 2020-03-19 22:09:23 -07:00 · 7e57f0788c
commit 7e57f0788c
parent e2aeb70efc
13 changed files with 265 additions and 1 deletions
--- a/testing/btest/plugins/binpac-flowbuffer-frame-length-plugin/src/foo.pac
+++ b/testing/btest/plugins/binpac-flowbuffer-frame-length-plugin/src/foo.pac
@ -0,0 +1,60 @@
+%include binpac.pac
+%include bro.pac
+
+%extern{
+	#include "foo.bif.h"
+%}
+
+analyzer FOO withcontext {
+	connection: FOO_Conn;
+	flow:       FOO_Flow;
+};
+
+# Our connection consists of two flows, one in each direction.
+connection FOO_Conn(bro_analyzer: BroAnalyzer) {
+	upflow   = FOO_Flow(true);
+	downflow = FOO_Flow(false);
+};
+
+type HDR = record {
+    version:    uint8;
+    reserved:   uint8;
+    len:        uint16;
+} &byteorder=bigendian;
+
+type FOO_PDU(is_orig: bool) = record {
+    hdr:        HDR;
+    plen:       uint8;
+    ptype:      uint8;
+    something:  bytestring &restofdata;
+} &byteorder=bigendian, &length=hdr.len;
+
+# Now we define the flow:
+flow FOO_Flow(is_orig: bool) {
+
+	flowunit = FOO_PDU(is_orig) withcontext(connection, this);
+	# datagram = FOO_PDU(is_orig) withcontext(connection, this);
+
+};
+
+refine flow FOO_Flow += {
+    function proc_foo_message(msg: FOO_PDU): bool
+        %{
+        // printf("FOO %d %d\n", msg->hdr()->len(), msg->hdr_len());
+        connection()->bro_analyzer()->ProtocolConfirmation();
+        BifEvent::Foo::generate_foo_message(
+                        connection()->bro_analyzer(),
+                        connection()->bro_analyzer()->Conn(),
+                        is_orig(),
+                        msg->hdr()->len(),
+                        msg->plen(),
+                        msg->ptype());
+        return true;
+        %}
+
+};
+
+refine typeattr FOO_PDU += &let {
+    proc: bool = $context.flow.proc_foo_message(this);
+};
+