[Snort-devel] Snort >= 2.1.3 TCP/IP options bug

Chris Green cmg at ...81...
Fri Oct 22 07:57:26 EDT 2004


Martin Roesch <roesch at ...402...> writes:

> On Oct 14, 2004, at 1:44 PM, Jeff Nathan wrote:
>
>> Your question re: unit tests is fantastic.  Snort needs unit tests
>> throughout the entire tree.
>
> ...and we're willing to take donations...

Unit tests are a pretty big endeavor and I'm not sure that the an
outside force could maintain them.

When I was there, I wrote a snort-unit test framework that was pretty
half cooked when I had 6 or 7 branches to maintain (*shuder*) but it
did help me sync my changes..  If my CVS dir is still there, it's in
the snort-unit hierarchy..  It was inspired by the unit test scripts
from ghostscript.

I used the unittest framework from python and wrote a wrapper around
command line snort.  Then I'd just make sure that the output stuff was
consistent from run to run.  A very hard part about maintaining it was
knowing when the output was supposed to change.  Random flush points
in Stream4: that changes the binary output so knowing where it should
fail and how to design for that case is probably too big for someone
outside todo since it requires parts of snort be instrumented for
testing. 

If I had to do it over again, I'd make it dependant on the unified
output rather than the -A fast.   

I think dan & marc cooked up a very simple comparison perl script back
when they were working on the 2.0 detection engine.  The biggest
weakness I had was that it was output dependant and a bit of pain to
add new tests to.

The biggest win is it's actually in your favor to do that cause it
saves everyone invovled a lot of time.  Especially when replacing big
pieces of infrastructure like frag3.
-- 
Chris Green <cmg at ...2257...>
Warning: time of day goes back, taking countermeasures.





More information about the Snort-devel mailing list