suricata
detect-asn1.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file detect-asn1.c
20  *
21  * Implements "asn1" keyword
22  */
23 
24 #include "suricata-common.h"
25 #include "decode.h"
26 #include "rust.h"
27 
28 #include "detect.h"
29 #include "detect-parse.h"
30 
31 #include "flow.h"
32 #include "detect-asn1.h"
33 
34 #include "util-unittest.h"
35 #include "util-unittest-helper.h"
36 #include "util-byte.h"
37 #include "util-debug.h"
38 
39 static int DetectAsn1Match(DetectEngineThreadCtx *, Packet *,
40  const Signature *, const SigMatchCtx *);
41 static int DetectAsn1Setup (DetectEngineCtx *, Signature *, const char *);
42 #ifdef UNITTESTS
43 static void DetectAsn1RegisterTests(void);
44 #endif
45 static void DetectAsn1Free(DetectEngineCtx *, void *);
46 
47 /**
48  * \brief Registration function for asn1
49  */
51 {
53  sigmatch_table[DETECT_ASN1].Match = DetectAsn1Match;
54  sigmatch_table[DETECT_ASN1].Setup = DetectAsn1Setup;
55  sigmatch_table[DETECT_ASN1].Free = DetectAsn1Free;
56 #ifdef UNITTESTS
57  sigmatch_table[DETECT_ASN1].RegisterTests = DetectAsn1RegisterTests;
58 #endif
59 }
60 
61 /**
62  * \brief This function will decode the asn1 data and inspect the resulting
63  * nodes to detect if any of the specified checks match this data
64  *
65  * \param det_ctx pointer to the detect engine thread context
66  * \param p pointer to the current packet
67  * \param s pointer to the signature
68  * \param ctx pointer to the sigmatch that we will cast into `DetectAsn1Data`
69  *
70  * \retval 1 match
71  * \retval 0 no match
72  */
73 static int DetectAsn1Match(DetectEngineThreadCtx *det_ctx, Packet *p,
74  const Signature *s, const SigMatchCtx *ctx)
75 {
76  uint8_t ret = 0;
77 
78  if (p->payload_len == 0) {
79  /* No error, parser done, no data in bounds to decode */
80  return 0;
81  }
82 
83  const DetectAsn1Data *ad = (const DetectAsn1Data *)ctx;
84 
85  Asn1 *asn1 = rs_asn1_decode(p->payload, p->payload_len, det_ctx->buffer_offset, ad);
86 
87  ret = rs_asn1_checks(asn1, ad);
88 
89  rs_asn1_free(asn1);
90 
91  return ret;
92 }
93 
94 /**
95  * \brief This function is used to parse asn1 options passed via asn1: keyword
96  *
97  * \param asn1str pointer to the user provided asn1 options
98  *
99  * \retval pointer to `DetectAsn1Data` on success
100  * \retval NULL on failure
101  */
102 static DetectAsn1Data *DetectAsn1Parse(const char *asn1str)
103 {
104  DetectAsn1Data *ad = rs_detect_asn1_parse(asn1str);
105 
106  if (ad == NULL) {
107  SCLogError(SC_ERR_INVALID_VALUE, "Malformed asn1 argument: %s",
108  asn1str);
109  }
110 
111  return ad;
112 }
113 
114 /**
115  * \brief this function is used to add the parsed asn1 data into
116  * the current signature
117  *
118  * \param de_ctx pointer to the detection engine context
119  * \param s pointer to the current signature
120  * \param asn1str pointer to the user provided asn1 options
121  *
122  * \retval 0 on success
123  * \retval -1 on failure
124  */
125 static int DetectAsn1Setup(DetectEngineCtx *de_ctx, Signature *s, const char *asn1str)
126 {
127  DetectAsn1Data *ad = DetectAsn1Parse(asn1str);
128  if (ad == NULL)
129  return -1;
130 
131  /* Okay so far so good, lets get this into a SigMatch
132  * and put it in the Signature. */
133  SigMatch *sm = SigMatchAlloc();
134  if (sm == NULL) {
135  DetectAsn1Free(de_ctx, ad);
136  return -1;
137  }
138 
139  sm->type = DETECT_ASN1;
140  sm->ctx = (SigMatchCtx *)ad;
141 
143 
144  return 0;
145 }
146 
147 /**
148  * \brief this function will free memory associated with `DetectAsn1Data`
149  *
150  * \param de_ctx pointer to the detection engine context
151  * \param ptr point to `DetectAsn1Data`
152  */
153 static void DetectAsn1Free(DetectEngineCtx *de_ctx, void *ptr)
154 {
155  DetectAsn1Data *ad = (DetectAsn1Data *)ptr;
156  rs_detect_asn1_free(ad);
157 }
158 
159 #ifdef UNITTESTS
160 
161 /**
162  * \test DetectAsn1TestReal01 Ensure that all works together
163  */
164 static int DetectAsn1TestReal01(void)
165 {
166  uint8_t *buf = (uint8_t *) "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
167  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
168  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
169  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
170  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
171  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
172  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
173  "Jones""\xA0\x0A\x43\x08""19590717"
174  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
175  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
176  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
177  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
178  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
179  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
180  "\x61\x11\x1A\x05""Pablo""\x1A\x01""B""\x1A\x05""Jones"
181  "\xA0\x0A\x43\x08""19590717";
182 
183  uint16_t buflen = strlen((char *)buf) - 1;
184 
185  /* Check the start with AA (this is to test the relative_offset keyword) */
186  uint8_t *buf2 = (uint8_t *) "AA\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
187  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
188  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
189  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
190  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
191  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
192  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
193  "Jones""\xA0\x0A\x43\x08""19590717"
194  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
195  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
196  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
197  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
198  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
199  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
200  "\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05""Jones"
201  "\xA0\x0A\x43\x08""19590717";
202 
203  uint16_t buflen2 = strlen((char *)buf2) - 1;
204 
205  Packet *p[2];
206 
207  p[0] = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
208  FAIL_IF_NULL(p[0]);
209  p[1] = UTHBuildPacket((uint8_t *)buf2, buflen2, IPPROTO_TCP);
210  FAIL_IF_NULL(p[1]);
211 
212  const char *sigs[3];
213  sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
214  "content:\"Pablo\"; asn1:absolute_offset 0, "
215  "oversize_length 130; sid:1;)";
216  sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
217  "content:\"AA\"; asn1:relative_offset 0, "
218  "oversize_length 130; sid:2;)";
219  sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
220  "content:\"lalala\"; asn1: oversize_length 2000; sid:3;)";
221 
222  uint32_t sid[3] = {1, 2, 3};
223  uint32_t results[2][3] = {
224  /* packet 0 match sid 1 */
225  {1, 0, 0},
226  /* packet 1 match sid 2 */
227  {0, 1, 0}};
228  /* None of the packets should match sid 3 */
229  FAIL_IF_NOT(UTHGenericTest(p, 2, sigs, sid, (uint32_t *)results, 3) == 1);
230 
231  UTHFreePackets(p, 2);
232  PASS;
233 }
234 
235 /**
236  * \test DetectAsn1TestReal02 Ensure that all works together
237  */
238 static int DetectAsn1TestReal02(void)
239 {
240  int result = 0;
241  uint8_t *buf = (uint8_t *) "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
242  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
243  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
244  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
245  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
246  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
247  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
248  "Jones""\xA0\x0A\x43\x08""19590717"
249  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
250  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
251  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
252  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
253  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
254  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
255  "\x61\x11\x1A\x05""Pablo""\x1A\x01""B""\x1A\x05""Jones"
256  "\xA0\x0A\x43\x08""19590717";
257 
258  uint16_t buflen = strlen((char *)buf) - 1;
259 
260  /* Check the start with AA (this is to test the relative_offset keyword) */
261  uint8_t *buf2 = (uint8_t *) "AA\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
262  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
263  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
264  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
265  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
266  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
267  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
268  "Jones""\xA0\x0A\x43\x08""19590717"
269  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
270  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
271  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
272  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
273  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
274  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
275  "\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05""Jones"
276  "\xA0\x0A\x43\x08""19590717";
277 
278  uint16_t buflen2 = strlen((char *)buf2) - 1;
279 
280  Packet *p[2];
281 
282  p[0] = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
283  p[1] = UTHBuildPacket((uint8_t *)buf2, buflen2, IPPROTO_TCP);
284 
285  if (p[0] == NULL || p[1] == NULL)
286  goto end;
287 
288  const char *sigs[3];
289  sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
290  "content:\"Pablo\"; asn1:absolute_offset 0, "
291  "oversize_length 140; sid:1;)";
292  sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
293  "content:\"AA\"; asn1:relative_offset 0, "
294  "oversize_length 140; sid:2;)";
295  sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
296  "content:\"lalala\"; asn1: oversize_length 2000; sid:3;)";
297 
298  uint32_t sid[3] = {1, 2, 3};
299 
300  uint32_t results[2][3] = {
301  {0, 0, 0},
302  {0, 0, 0}};
303  /* None of the packets should match */
304 
305  result = UTHGenericTest(p, 2, sigs, sid, (uint32_t *) results, 3);
306 
307  UTHFreePackets(p, 2);
308 end:
309  return result;
310 }
311 
312 /**
313  * \test DetectAsn1TestReal03 Ensure that all works together
314  */
315 static int DetectAsn1TestReal03(void)
316 {
317  int result = 0;
318  uint8_t buf[261] = "";
319  /* universal class, primitive type, tag_num = 9 (Data type Real) */
320  buf[0] = '\x09';
321  /* length, definite form, 2 octets */
322  buf[1] = '\x82';
323  /* length is the sum of the following octets (257): */
324  buf[2] = '\x01';
325  buf[3] = '\x01';
326 
327  /* Fill the content of the number */
328  uint16_t i = 4;
329  for (; i < 257;i++)
330  buf[i] = '\x05';
331 
332  uint16_t buflen = 261;
333 
334  /* Check the start with AA (this is to test the relative_offset keyword) */
335  uint8_t *buf2 = (uint8_t *) "AA\x03\x01\xFF";
336 
337  uint16_t buflen2 = 5;
338 
339  Packet *p[2] = { NULL, NULL };
340 
341  p[0] = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
342  p[1] = UTHBuildPacket((uint8_t *)buf2, buflen2, IPPROTO_TCP);
343 
344  if (p[0] == NULL || p[1] == NULL)
345  goto end;
346 
347  const char *sigs[3];
348  /* This should match the first packet */
349  sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
350  "asn1:absolute_offset 0, double_overflow; sid:1;)";
351  /* This should match the second packet */
352  sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
353  "asn1:relative_offset 2, bitstring_overflow,"
354  "oversize_length 140; sid:2;)";
355  /* This should match no packet */
356  sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
357  "asn1: oversize_length 2000; sid:3;)";
358 
359  uint32_t sid[3] = {1, 2, 3};
360 
361  uint32_t results[2][3] = {{1, 0, 0},
362  {0, 1, 0}};
363 
364  result = UTHGenericTest(p, 2, sigs, sid, (uint32_t *) results, 3);
365 
366  UTHFreePackets(p, 2);
367 end:
368  return result;
369 }
370 
371 /**
372  * \test DetectAsn1TestReal04 like the real test 02, but modified the
373  * relative offset to check negative offset values, in this case
374  * start decoding from -7 bytes respect the content match "John"
375  */
376 static int DetectAsn1TestReal04(void)
377 {
378  int result = 0;
379  uint8_t *buf = (uint8_t *) "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
380  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
381  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
382  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
383  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
384  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
385  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
386  "Jones""\xA0\x0A\x43\x08""19590717"
387  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
388  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
389  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
390  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
391  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
392  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
393  "\x61\x11\x1A\x05""Pablo""\x1A\x01""B""\x1A\x05""Jones"
394  "\xA0\x0A\x43\x08""19590717";
395 
396  uint16_t buflen = strlen((char *)buf) - 1;
397 
398  /* Check the start with AA (this is to test the relative_offset keyword) */
399  uint8_t *buf2 = (uint8_t *) "AA\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01"
400  "P""\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
401  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
402  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
403  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
404  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111"
405  "\x31\x1F\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05"
406  "Jones""\xA0\x0A\x43\x08""19590717"
407  "\x60\x81\x85\x61\x10\x1A\x04""John""\x1A\x01""P"
408  "\x1A\x05""Smith""\xA0\x0A\x1A\x08""Director"
409  "\x42\x01\x33\xA1\x0A\x43\x08""19710917"
410  "\xA2\x12\x61\x10\x1A\x04""Mary""\x1A\x01""T""\x1A\x05"
411  "Smith""\xA3\x42\x31\x1F\x61\x11\x1A\x05""Ralph""\x1A\x01"
412  "T""\x1A\x05""Smith""\xA0\x0A\x43\x08""19571111""\x31\x1F"
413  "\x61\x11\x1A\x05""Susan""\x1A\x01""B""\x1A\x05""Jones"
414  "\xA0\x0A\x43\x08""19590717";
415 
416  uint16_t buflen2 = strlen((char *)buf2) - 1;
417 
418  Packet *p[2];
419 
420  p[0] = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
421  p[1] = UTHBuildPacket((uint8_t *)buf2, buflen2, IPPROTO_TCP);
422 
423  if (p[0] == NULL || p[1] == NULL)
424  goto end;
425 
426  const char *sigs[3];
427  sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
428  "content:\"Pablo\"; asn1:absolute_offset 0, "
429  "oversize_length 140; sid:1;)";
430  sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
431  "content:\"John\"; asn1:relative_offset -11, "
432  "oversize_length 140; sid:2;)";
433  sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
434  "content:\"lalala\"; asn1: oversize_length 2000; sid:3;)";
435 
436  uint32_t sid[3] = {1, 2, 3};
437 
438  uint32_t results[2][3] = {
439  {0, 0, 0},
440  {0, 0, 0}};
441  /* None of the packets should match */
442 
443  result = UTHGenericTest(p, 2, sigs, sid, (uint32_t *) results, 3);
444 
445  UTHFreePackets(p, 2);
446 end:
447  return result;
448 }
449 
450 /**
451  * \brief this function registers unit tests for DetectAsn1
452  */
453 static void DetectAsn1RegisterTests(void)
454 {
455  UtRegisterTest("DetectAsn1TestReal01", DetectAsn1TestReal01);
456  UtRegisterTest("DetectAsn1TestReal02", DetectAsn1TestReal02);
457  UtRegisterTest("DetectAsn1TestReal03", DetectAsn1TestReal03);
458  UtRegisterTest("DetectAsn1TestReal04", DetectAsn1TestReal04);
459 }
460 #endif /* UNITTESTS */
util-byte.h
DetectEngineThreadCtx_::buffer_offset
uint32_t buffer_offset
Definition: detect.h:1052
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SC_ERR_INVALID_VALUE
@ SC_ERR_INVALID_VALUE
Definition: util-error.h:160
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1225
SigTableElmt_::name
const char * name
Definition: detect.h:1235
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
Packet_::payload
uint8_t * payload
Definition: decode.h:567
results
struct DetectRfbSecresult_ results[]
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:784
rust.h
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:339
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1220
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:568
util-unittest.h
DETECT_ASN1
@ DETECT_ASN1
Definition: detect-engine-register.h:200
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
detect-asn1.h
DetectAsn1Register
void DetectAsn1Register(void)
Registration function for asn1.
Definition: detect-asn1.c:50
decode.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1024
detect.h
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:78
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:316
Packet_
Definition: decode.h:425
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1203
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:238
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:308
suricata-common.h
SigMatch_::type
uint16_t type
Definition: detect.h:314
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:76
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:255
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
Definition: util-unittest-helper.c:606
detect-parse.h
Signature_
Signature container.
Definition: detect.h:539
SigMatch_
a single match condition for a signature
Definition: detect.h:313
flow.h
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:352
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1227
UTHFreePackets
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:470