[Snort-users] Help: Piglet Test Harness

Joel Cornett (jocornet) jocornet at ...589...
Wed Sep 9 11:36:26 EDT 2015


Hi,
I'm going to test performance of my own plugin (pattern_matching.cc and pattern_matching.h) into Snort detection engine.
But I need to perform individual testing first before implement them (obviously) and to be honest I am totally new in this.
I read some info about piglet test harness that provide this kind of thing and tried to find some more development examples in /piglet_script source tree in https://github.com/snortadmin/snort3/tree/master/piglet_scripts as stated in blog.snort.org/2015/07/snort-introducing-piglet.html, however the page gave me 404 error.
I found other piglet folders such as:
1)      https://github.com/snortadmin/snort3/tree/master/src/piglet2<https://github.com/snortadmin/snort3/tree/master/src/piglet%202><https://github.com/snortadmin/snort3/tree/master/src/piglet%202%3E>)

Contains the source code for the piglet test runner.

2)      https://github.com/snortadmin/snort3/tree/master/src/piglet_plugins3<https://github.com/snortadmin/snort3/tree/master/src/piglet_plugins%203><https://github.com/snortadmin/snort3/tree/master/src/piglet_plugins%203%3E>)

Contains additional source code for the test runner (specializations for each plugin type).

3)      https://github.com/snortadmin/snort3/tree/master/piglet/tests

Contains “Unit” tests (in Lua) for the Piglet/Lua interface.

I'm not really sure if these 3 folders are the one mentioned in the blog.snort.org. If it is not the right one, can you help pointing me in the right direction?

>From /piglet/tests/instance/ folder in github, I noticed that it contains some of plugin files in Lua format. Do I have to create Lua file and write test script for my plugin exactly like that?
Where do I need to place that test script? Do I have to modify my .cc or .h plugin files? To run the piglet test, I need to add -enable-piglet in configure file in main folder right?

You should not need to modify your plugin source files in order to test them using Piglet. You *will* have to compile the source with the piglet enabled. The instructions for how to do this can be found in the snort manual. You can also see the build script help (./configure --help for automake, ./configure_cmake --help for cmake) to determine the correct flag to use. To run the test, you can specify the location of the script (can be a directory or a single file) using the --script-path command-line option. Specify piglet mode with the --piglet flag.

The Piglet test harness is still very much a work in progress. Unfortunately, there is not yet full support for the Search Engine plugin type in the Piglet test harness. Most likely, this support will be added in the next few updates.

I would greatly appreciate it if you could give me some feedback on this matter.
Many thanks!

Let me know if there is anything else I can clear up for you!

Best,

Joel Cornett | Software Engineer - Cisco
jocornet at ...589...<mailto:jocornet at ...589...>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150909/d891ef5f/attachment.html>


More information about the Snort-users mailing list