38 static void DetectAppLayerProtocolRegisterTests(
void);
56 static int DetectAppLayerProtocolPacketMatch(
110 #define MAX_ALPROTO_NAME 50
117 char *sep = strchr(arg,
',');
120 strlcpy(alproto_copy, arg, sep - arg + 1);
121 alproto_name = alproto_copy;
123 alproto_name = (
char *)arg;
125 if (strcmp(alproto_name,
"failed") == 0) {
131 "keyword supplied with unknown protocol \"%s\"",
138 if (strcmp(sep + 1,
"final") == 0) {
140 }
else if (strcmp(sep + 1,
"original") == 0) {
142 }
else if (strcmp(sep + 1,
"either") == 0) {
144 }
else if (strcmp(sep + 1,
"to_server") == 0) {
146 }
else if (strcmp(sep + 1,
"to_client") == 0) {
148 }
else if (strcmp(sep + 1,
"direction") == 0) {
152 "keyword supplied with unknown mode \"%s\"",
192 "have the rule match on an app layer protocol set through "
193 "other keywords that match on this protocol, or have "
194 "already seen a non-negated app-layer-protocol.");
203 for ( ; tsm != NULL; tsm = tsm->
next) {
207 if (HasConflicts(data, them)) {
209 "positive app-layer-protocol match with negated "
210 "match or match for 'failed'.");
241 if (!PrefilterPacketHeaderExtraMatch(
ctx, p)) {
246 if (p->
flow == NULL) {
258 bool negated = (bool)
ctx->v1.u8[2];
259 switch (
ctx->v1.u8[3]) {
282 if (AppProtoEquals(
ctx->v1.u16[0], f->
alproto_tc) ^ negated) {
283 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
284 }
else if (AppProtoEquals(
ctx->v1.u16[0], f->
alproto_ts) ^ negated) {
285 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
292 if (AppProtoEquals(
ctx->v1.u16[0], alproto) ^ negated) {
293 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
320 PrefilterPacketAppProtoMatch);
323 static bool PrefilterAppProtoIsPrefilterable(
const Signature *s)
338 DetectAppLayerProtocolPacketMatch;
340 DetectAppLayerProtocolSetup;
342 DetectAppLayerProtocolFree;
345 DetectAppLayerProtocolRegisterTests;
351 PrefilterSetupAppProto;
353 PrefilterAppProtoIsPrefilterable;
360 static int DetectAppLayerProtocolTest01(
void)
366 DetectAppLayerProtocolFree(NULL, data);
370 static int DetectAppLayerProtocolTest02(
void)
376 DetectAppLayerProtocolFree(NULL, data);
380 static int DetectAppLayerProtocolTest03(
void)
389 "(app-layer-protocol:http; sid:1;)");
404 static int DetectAppLayerProtocolTest04(
void)
413 "(app-layer-protocol:!http; sid:1;)");
430 static int DetectAppLayerProtocolTest05(
void)
439 "(app-layer-protocol:!http; app-layer-protocol:!smtp; sid:1;)");
461 static int DetectAppLayerProtocolTest06(
void)
469 "(app-layer-protocol:smtp; sid:1;)");
475 static int DetectAppLayerProtocolTest07(
void)
483 "(app-layer-protocol:!smtp; sid:1;)");
489 static int DetectAppLayerProtocolTest08(
void)
497 "(app-layer-protocol:!smtp; app-layer-protocol:http; sid:1;)");
503 static int DetectAppLayerProtocolTest09(
void)
511 "(app-layer-protocol:http; app-layer-protocol:!smtp; sid:1;)");
517 static int DetectAppLayerProtocolTest10(
void)
525 "(app-layer-protocol:smtp; app-layer-protocol:!http; sid:1;)");
531 static int DetectAppLayerProtocolTest11(
void)
537 DetectAppLayerProtocolFree(NULL, data);
541 static int DetectAppLayerProtocolTest12(
void)
547 DetectAppLayerProtocolFree(NULL, data);
551 static int DetectAppLayerProtocolTest13(
void)
560 "(app-layer-protocol:failed; sid:1;)");
575 static int DetectAppLayerProtocolTest14(
void)
583 "(app-layer-protocol:http; flowbits:set,blah; sid:1;)");
593 "(app-layer-protocol:http; flow:to_client; sid:2;)");
604 "(app-layer-protocol:http; flow:to_client,established; sid:3;)");
623 static void DetectAppLayerProtocolRegisterTests(
void)
626 DetectAppLayerProtocolTest01);
628 DetectAppLayerProtocolTest02);
630 DetectAppLayerProtocolTest03);
632 DetectAppLayerProtocolTest04);
634 DetectAppLayerProtocolTest05);
636 DetectAppLayerProtocolTest06);
638 DetectAppLayerProtocolTest07);
640 DetectAppLayerProtocolTest08);
642 DetectAppLayerProtocolTest09);
644 DetectAppLayerProtocolTest10);
646 DetectAppLayerProtocolTest11);
648 DetectAppLayerProtocolTest12);
650 DetectAppLayerProtocolTest13);
652 DetectAppLayerProtocolTest14);