38 static void DetectAppLayerProtocolRegisterTests(
void);
56 static int DetectAppLayerProtocolPacketMatch(
124 #define MAX_ALPROTO_NAME 50
131 char *sep = strchr(arg,
',');
134 strlcpy(alproto_copy, arg, sep - arg + 1);
135 alproto_name = alproto_copy;
137 alproto_name = (
char *)arg;
139 if (strcmp(alproto_name,
"failed") == 0) {
145 "keyword supplied with unknown protocol \"%s\"",
152 if (strcmp(sep + 1,
"final") == 0) {
154 }
else if (strcmp(sep + 1,
"original") == 0) {
156 }
else if (strcmp(sep + 1,
"either") == 0) {
158 }
else if (strcmp(sep + 1,
"to_server") == 0) {
160 }
else if (strcmp(sep + 1,
"to_client") == 0) {
162 }
else if (strcmp(sep + 1,
"direction") == 0) {
166 "keyword supplied with unknown mode \"%s\"",
206 "have the rule match on an app layer protocol set through "
207 "other keywords that match on this protocol, or have "
208 "already seen a non-negated app-layer-protocol.");
217 for ( ; tsm != NULL; tsm = tsm->
next) {
221 if (HasConflicts(data, them)) {
223 "positive app-layer-protocol match with negated "
224 "match or match for 'failed'.");
255 if (!PrefilterPacketHeaderExtraMatch(
ctx, p)) {
260 if (p->
flow == NULL) {
272 bool negated = (bool)
ctx->v1.u8[2];
273 switch (
ctx->v1.u8[3]) {
298 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
301 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
308 if (AppProtoEquals(
ctx->v1.u16[0], alproto) ^ negated) {
309 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
335 PrefilterPacketAppProtoSet, PrefilterPacketAppProtoCompare,
336 PrefilterPacketAppProtoMatch);
339 static bool PrefilterAppProtoIsPrefilterable(
const Signature *s)
370 static int DetectAppLayerProtocolTest01(
void)
376 DetectAppLayerProtocolFree(NULL, data);
380 static int DetectAppLayerProtocolTest02(
void)
386 DetectAppLayerProtocolFree(NULL, data);
390 static int DetectAppLayerProtocolTest03(
void)
399 "(app-layer-protocol:http; sid:1;)");
414 static int DetectAppLayerProtocolTest04(
void)
423 "(app-layer-protocol:!http; sid:1;)");
440 static int DetectAppLayerProtocolTest05(
void)
449 "(app-layer-protocol:!http; app-layer-protocol:!smtp; sid:1;)");
471 static int DetectAppLayerProtocolTest06(
void)
479 "(app-layer-protocol:smtp; sid:1;)");
485 static int DetectAppLayerProtocolTest07(
void)
493 "(app-layer-protocol:!smtp; sid:1;)");
499 static int DetectAppLayerProtocolTest08(
void)
507 "(app-layer-protocol:!smtp; app-layer-protocol:http; sid:1;)");
513 static int DetectAppLayerProtocolTest09(
void)
521 "(app-layer-protocol:http; app-layer-protocol:!smtp; sid:1;)");
527 static int DetectAppLayerProtocolTest10(
void)
535 "(app-layer-protocol:smtp; app-layer-protocol:!http; sid:1;)");
541 static int DetectAppLayerProtocolTest11(
void)
547 DetectAppLayerProtocolFree(NULL, data);
551 static int DetectAppLayerProtocolTest12(
void)
557 DetectAppLayerProtocolFree(NULL, data);
561 static int DetectAppLayerProtocolTest13(
void)
570 "(app-layer-protocol:failed; sid:1;)");
585 static int DetectAppLayerProtocolTest14(
void)
593 "(app-layer-protocol:http; flowbits:set,blah; sid:1;)");
603 "(app-layer-protocol:http; flow:to_client; sid:2;)");
614 "(app-layer-protocol:http; flow:to_client,established; sid:3;)");
633 static void DetectAppLayerProtocolRegisterTests(
void)
636 DetectAppLayerProtocolTest01);
638 DetectAppLayerProtocolTest02);
640 DetectAppLayerProtocolTest03);
642 DetectAppLayerProtocolTest04);
644 DetectAppLayerProtocolTest05);
646 DetectAppLayerProtocolTest06);
648 DetectAppLayerProtocolTest07);
650 DetectAppLayerProtocolTest08);
652 DetectAppLayerProtocolTest09);
654 DetectAppLayerProtocolTest10);
656 DetectAppLayerProtocolTest11);
658 DetectAppLayerProtocolTest12);
660 DetectAppLayerProtocolTest13);
662 DetectAppLayerProtocolTest14);