53 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
57 #define DETECT_BYTE_EXTRACT_BASE_NONE 0
58 #define DETECT_BYTE_EXTRACT_BASE_HEX 16
59 #define DETECT_BYTE_EXTRACT_BASE_DEC 10
60 #define DETECT_BYTE_EXTRACT_BASE_OCT 8
65 #define DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT 1
67 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT 1
68 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT 65535
72 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
73 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
74 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
76 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
78 #define PARSE_REGEX "^" \
80 ",\\s*(-?[0-9]+)\\s*" \
81 ",\\s*([^\\s,]+)\\s*" \
82 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
83 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
84 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
85 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
86 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
93 static void DetectByteExtractRegisterTests(
void);
115 const Signature *s,
const uint8_t *payload,
120 const uint8_t *ptr = NULL;
133 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
150 ptr = payload + data->
offset;
155 if (ptr < payload || data->nbytes >
len) {
156 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
164 data->
nbytes, (
const char *)ptr);
171 SCLogDebug(
"error extracting %d bytes of string data: %d",
180 if (extbytes != data->
nbytes) {
181 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
200 SCLogDebug(
"extracted value is %"PRIu64, val);
217 #undef MAX_SUBSTRINGS
218 #define MAX_SUBSTRINGS 100
219 int ret = 0,
res = 0;
224 if (ret < 3 || ret > 19) {
226 ", string \"%s\"", ret, arg);
228 "for byte_extract", arg);
238 char nbytes_str[64] =
"";
239 res = pcre_copy_substring((
char *)arg, ov,
243 "for arg 1 for byte_extract");
247 (
const char *)nbytes_str) < 0) {
249 " to be extracted: \"%s\".", nbytes_str);
254 char offset_str[64] =
"";
255 res = pcre_copy_substring((
char *)arg, ov,
259 "for arg 2 for byte_extract");
270 char varname_str[256] =
"";
271 res = pcre_copy_substring((
char *)arg, ov,
275 "for arg 3 for byte_extract");
279 if (bed->
name == NULL)
283 for (i = 4; i < ret; i++) {
284 char opt_str[64] =
"";
285 res = pcre_copy_substring((
char *)arg, ov,
289 "for arg %d for byte_extract", i);
293 if (strcmp(
"relative", opt_str) == 0) {
296 "than once for byte_extract");
300 }
else if (strcmp(
"multiplier", opt_str) == 0) {
303 "than once for byte_extract");
309 char multiplier_str[16] =
"";
310 res = pcre_copy_substring((
char *)arg, ov,
314 "for arg %d for byte_extract", i);
319 (
const char *)multiplier_str,
323 "multiplier: \"%s\".", multiplier_str);
327 }
else if (strcmp(
"big", opt_str) == 0) {
330 "more than once for byte_extract");
335 }
else if (strcmp(
"little", opt_str) == 0) {
338 "more than once for byte_extract");
343 }
else if (strcmp(
"dce", opt_str) == 0) {
346 "more than once for byte_extract");
351 }
else if (strcmp(
"string", opt_str) == 0) {
354 "than once for byte_extract");
359 "base is (string, base) and not (base, string) "
364 }
else if (strcmp(
"hex", opt_str) == 0) {
367 "without specifying string. The right way is "
368 "(string, base) and not (base, string)");
373 "specified for byte_extract");
377 }
else if (strcmp(
"oct", opt_str) == 0) {
380 "without specifying string. The right way is "
381 "(string, base) and not (base, string)");
386 "specified for byte_extract");
390 }
else if (strcmp(
"dec", opt_str) == 0) {
393 "without specifying string. The right way is "
394 "(string, base) and not (base, string)");
399 "specified for byte_extract");
403 }
else if (strcmp(
"align", opt_str) == 0) {
406 "than once for byte_extract");
412 char align_str[16] =
"";
413 res = pcre_copy_substring((
char *)arg, ov,
417 "for arg %d in byte_extract", i);
421 (
const char *)align_str) < 0) {
423 "\"%s\".", align_str);
431 }
else if (strcmp(
"", opt_str) == 0) {
435 "specified in byte_extract", opt_str);
453 "endian \"big\" or \"little\" specified along with "
462 "more than %d bytes in \"string\" extraction",
471 "more than %d bytes in \"string\" extraction",
480 "more than %d bytes in \"string\" extraction",
490 "more than %d bytes in \"non-string\" extraction",
503 DetectByteExtractFree(
de_ctx, bed);
527 data = DetectByteExtractParse(
de_ctx, arg);
543 if (prev_pm == NULL) {
563 if (prev_pm == NULL) {
586 "A byte_jump keyword with dce holds other invalid modifiers.");
593 if (prev_bed_sm == NULL)
605 sm->
ctx = (
void *)data;
627 DetectByteExtractFree(
de_ctx, data);
640 if (bed->
name != NULL)
659 for (
int list = 0; list < nlists; list++) {
664 if (strcmp(bed->
name, arg) == 0) {
679 static int g_file_data_buffer_id = 0;
680 static int g_http_uri_buffer_id = 0;
682 static int DetectByteExtractTest01(
void)
692 strcmp(bed->
name,
"one") != 0 ||
704 DetectByteExtractFree(NULL, bed);
708 static int DetectByteExtractTest02(
void)
718 strcmp(bed->
name,
"one") != 0 ||
730 DetectByteExtractFree(NULL, bed);
734 static int DetectByteExtractTest03(
void)
744 strcmp(bed->
name,
"one") != 0 ||
756 DetectByteExtractFree(NULL, bed);
760 static int DetectByteExtractTest04(
void)
770 strcmp(bed->
name,
"one") != 0 ||
783 DetectByteExtractFree(NULL, bed);
787 static int DetectByteExtractTest05(
void)
797 strcmp(bed->
name,
"one") != 0 ||
809 DetectByteExtractFree(NULL, bed);
813 static int DetectByteExtractTest06(
void)
823 strcmp(bed->
name,
"one") != 0 ||
835 DetectByteExtractFree(NULL, bed);
839 static int DetectByteExtractTest07(
void)
849 strcmp(bed->
name,
"one") != 0 ||
861 DetectByteExtractFree(NULL, bed);
865 static int DetectByteExtractTest08(
void)
875 strcmp(bed->
name,
"one") != 0 ||
887 DetectByteExtractFree(NULL, bed);
891 static int DetectByteExtractTest09(
void)
901 strcmp(bed->
name,
"one") != 0 ||
913 DetectByteExtractFree(NULL, bed);
917 static int DetectByteExtractTest10(
void)
927 strcmp(bed->
name,
"one") != 0 ||
939 DetectByteExtractFree(NULL, bed);
943 static int DetectByteExtractTest11(
void)
953 strcmp(bed->
name,
"one") != 0 ||
965 DetectByteExtractFree(NULL, bed);
969 static int DetectByteExtractTest12(
void)
979 strcmp(bed->
name,
"one") != 0 ||
992 DetectByteExtractFree(NULL, bed);
996 static int DetectByteExtractTest13(
void)
1006 strcmp(bed->
name,
"one") != 0 ||
1020 DetectByteExtractFree(NULL, bed);
1024 static int DetectByteExtractTest14(
void)
1034 strcmp(bed->
name,
"one") != 0 ||
1048 DetectByteExtractFree(NULL, bed);
1052 static int DetectByteExtractTest15(
void)
1062 strcmp(bed->
name,
"one") != 0 ||
1076 DetectByteExtractFree(NULL, bed);
1080 static int DetectByteExtractTest16(
void)
1084 DetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
1090 strcmp(bed->
name,
"one") != 0 ||
1105 DetectByteExtractFree(NULL, bed);
1109 static int DetectByteExtractTest17(
void)
1114 "relative, little, "
1115 "multiplier 2, string hex");
1122 DetectByteExtractFree(NULL, bed);
1126 static int DetectByteExtractTest18(
void)
1131 "relative, little, "
1140 DetectByteExtractFree(NULL, bed);
1144 static int DetectByteExtractTest19(
void)
1149 "relative, little, "
1158 DetectByteExtractFree(NULL, bed);
1162 static int DetectByteExtractTest20(
void)
1176 DetectByteExtractFree(NULL, bed);
1180 static int DetectByteExtractTest21(
void)
1194 DetectByteExtractFree(NULL, bed);
1198 static int DetectByteExtractTest22(
void)
1212 DetectByteExtractFree(NULL, bed);
1216 static int DetectByteExtractTest23(
void)
1230 DetectByteExtractFree(NULL, bed);
1234 static int DetectByteExtractTest24(
void)
1247 DetectByteExtractFree(NULL, bed);
1251 static int DetectByteExtractTest25(
void)
1264 DetectByteExtractFree(NULL, bed);
1268 static int DetectByteExtractTest26(
void)
1275 "multiplier 65536");
1282 DetectByteExtractFree(NULL, bed);
1286 static int DetectByteExtractTest27(
void)
1300 DetectByteExtractFree(NULL, bed);
1304 static int DetectByteExtractTest28(
void)
1315 DetectByteExtractFree(NULL, bed);
1319 static int DetectByteExtractTest29(
void)
1330 DetectByteExtractFree(NULL, bed);
1334 static int DetectByteExtractTest30(
void)
1345 DetectByteExtractFree(NULL, bed);
1349 static int DetectByteExtractTest31(
void)
1360 DetectByteExtractFree(NULL, bed);
1364 static int DetectByteExtractTest32(
void)
1375 DetectByteExtractFree(NULL, bed);
1379 static int DetectByteExtractTest33(
void)
1390 DetectByteExtractFree(NULL, bed);
1394 static int DetectByteExtractTest34(
void)
1409 "(msg:\"Testing bytejump_body\"; "
1411 "byte_extract:4,2,two,relative,string,hex; "
1437 printf(
"one failed\n");
1470 static int DetectByteExtractTest35(
void)
1486 "(msg:\"Testing bytejump_body\"; "
1487 "content:\"one\"; pcre:/asf/; "
1488 "byte_extract:4,0,two,relative,string,hex; "
1514 printf(
"one failed\n");
1538 strcmp(bed->
name,
"two") != 0 ||
1558 static int DetectByteExtractTest36(
void)
1574 "(msg:\"Testing bytejump_body\"; "
1575 "content:\"one\"; byte_jump:1,13; "
1576 "byte_extract:4,0,two,relative,string,hex; "
1602 printf(
"one failed\n");
1613 if (bjd->
flags != 0) {
1626 strcmp(bed->
name,
"two") != 0 ||
1646 static int DetectByteExtractTest37(
void)
1662 "(msg:\"Testing bytejump_body\"; "
1663 "content:\"one\"; uricontent:\"two\"; "
1664 "byte_extract:4,0,two,relative,string,hex; "
1690 printf(
"one failed\n");
1695 if (sm->
next != NULL) {
1700 sm = s->sm_lists[g_http_uri_buffer_id];
1714 printf(
"two failed\n");
1727 strcmp(bed->
name,
"two") != 0 ||
1747 static int DetectByteExtractTest38(
void)
1763 "(msg:\"Testing bytejump_body\"; "
1764 "content:\"one\"; uricontent:\"two\"; "
1765 "byte_extract:4,0,two,string,hex; "
1791 printf(
"one failed\n");
1804 strcmp(bed->
name,
"two") != 0 ||
1813 sm = s->sm_lists[g_http_uri_buffer_id];
1827 printf(
"two failed\n");
1832 if (sm->
next != NULL) {
1847 static int DetectByteExtractTest39(
void)
1863 "(msg:\"Testing bytejump_body\"; "
1864 "content:\"one\"; content:\"two\"; http_uri; "
1865 "byte_extract:4,0,two,relative,string,hex; "
1891 printf(
"one failed\n");
1896 if (sm->
next != NULL) {
1901 sm = s->sm_lists[g_http_uri_buffer_id];
1915 printf(
"two failed\n");
1928 strcmp(bed->
name,
"two") != 0 ||
1948 static int DetectByteExtractTest40(
void)
1964 "(msg:\"Testing bytejump_body\"; "
1965 "content:\"one\"; content:\"two\"; http_uri; "
1966 "byte_extract:4,0,two,string,hex; "
1992 printf(
"one failed\n");
2005 strcmp(bed->
name,
"two") != 0 ||
2014 sm = s->sm_lists[g_http_uri_buffer_id];
2028 printf(
"two failed\n");
2033 if (sm->
next != NULL) {
2048 static int DetectByteExtractTest41(
void)
2063 "(msg:\"Testing bytejump_body\"; "
2065 "byte_extract:4,0,two,string,hex; "
2066 "byte_extract:4,0,three,string,hex; "
2092 printf(
"one failed\n");
2105 strcmp(bed->
name,
"two") != 0 ||
2126 strcmp(bed->
name,
"three") != 0 ||
2149 static int DetectByteExtractTest42(
void)
2165 "(msg:\"Testing bytejump_body\"; "
2167 "byte_extract:4,0,two,string,hex; "
2168 "uricontent: \"three\"; "
2169 "byte_extract:4,0,four,string,hex,relative; "
2170 "byte_extract:4,0,five,string,hex; "
2196 printf(
"one failed\n");
2209 strcmp(bed->
name,
"two") != 0 ||
2230 strcmp(bed->
name,
"five") != 0 ||
2243 if (sm->
next != NULL)
2246 sm = s->sm_lists[g_http_uri_buffer_id];
2260 printf(
"two failed\n");
2273 strcmp(bed->
name,
"four") != 0 ||
2287 if (sm->
next != NULL)
2300 static int DetectByteExtractTest43(
void)
2315 "(msg:\"Testing bytejump_body\"; "
2317 "byte_extract:4,0,two,string,hex; "
2318 "content: \"three\"; offset:two; "
2344 printf(
"one failed\n");
2357 strcmp(bed->
name,
"two") != 0 ||
2380 printf(
"three failed\n");
2385 if (sm->
next != NULL)
2398 static int DetectByteExtractTest44(
void)
2414 "(msg:\"Testing bytejump_body\"; "
2416 "byte_extract:4,0,two,string,hex; "
2417 "byte_extract:4,0,three,string,hex; "
2418 "content: \"four\"; offset:two; "
2419 "content: \"five\"; offset:three; "
2445 printf(
"one failed\n");
2458 strcmp(bed1->
name,
"two") != 0 ||
2488 printf(
"four failed\n");
2503 printf(
"five failed\n");
2508 if (sm->
next != NULL)
2521 static int DetectByteExtractTest45(
void)
2536 "(msg:\"Testing bytejump_body\"; "
2538 "byte_extract:4,0,two,string,hex; "
2539 "content: \"three\"; depth:two; "
2565 printf(
"one failed\n");
2578 strcmp(bed->
name,
"two") != 0 ||
2602 printf(
"three failed\n");
2607 if (sm->
next != NULL)
2620 static int DetectByteExtractTest46(
void)
2636 "(msg:\"Testing bytejump_body\"; "
2638 "byte_extract:4,0,two,string,hex; "
2639 "byte_extract:4,0,three,string,hex; "
2640 "content: \"four\"; depth:two; "
2641 "content: \"five\"; depth:three; "
2667 printf(
"one failed\n");
2680 strcmp(bed1->
name,
"two") != 0 ||
2710 printf(
"four failed\n");
2725 printf(
"five failed\n");
2730 if (sm->
next != NULL)
2743 static int DetectByteExtractTest47(
void)
2758 "(msg:\"Testing bytejump_body\"; "
2760 "byte_extract:4,0,two,string,hex; "
2761 "content: \"three\"; distance:two; "
2787 printf(
"one failed\n");
2800 strcmp(bed->
name,
"two") != 0 ||
2825 printf(
"three failed\n");
2830 if (sm->
next != NULL)
2843 static int DetectByteExtractTest48(
void)
2859 "(msg:\"Testing bytejump_body\"; "
2861 "byte_extract:4,0,two,string,hex; "
2862 "byte_extract:4,0,three,string,hex; "
2863 "content: \"four\"; distance:two; "
2864 "content: \"five\"; distance:three; "
2890 printf(
"one failed\n");
2903 strcmp(bed1->
name,
"two") != 0 ||
2936 printf(
"four failed\n");
2953 printf(
"five failed\n");
2958 if (sm->
next != NULL)
2971 static int DetectByteExtractTest49(
void)
2986 "(msg:\"Testing bytejump_body\"; "
2988 "byte_extract:4,0,two,string,hex; "
2989 "content: \"three\"; within:two; "
3015 printf(
"one failed\n");
3028 strcmp(bed->
name,
"two") != 0 ||
3054 printf(
"three failed\n");
3059 if (sm->
next != NULL)
3072 static int DetectByteExtractTest50(
void)
3088 "(msg:\"Testing bytejump_body\"; "
3090 "byte_extract:4,0,two,string,hex; "
3091 "byte_extract:4,0,three,string,hex; "
3092 "content: \"four\"; within:two; "
3093 "content: \"five\"; within:three; "
3119 printf(
"one failed\n");
3132 strcmp(bed1->
name,
"two") != 0 ||
3166 printf(
"four failed\n");
3184 printf(
"five failed\n");
3189 if (sm->
next != NULL)
3202 static int DetectByteExtractTest51(
void)
3218 "(msg:\"Testing bytejump_body\"; "
3220 "byte_extract:4,0,two,string,hex; "
3221 "byte_test: 2,=,10, two; "
3247 printf(
"one failed\n");
3260 strcmp(bed->
name,
"two") != 0 ||
3282 printf(
"three failed\n");
3287 if (sm->
next != NULL)
3300 static int DetectByteExtractTest52(
void)
3316 "(msg:\"Testing bytejump_body\"; "
3318 "byte_extract:4,0,two,string,hex; "
3319 "byte_extract:4,0,three,string,hex; "
3320 "byte_test: 2,=,two,three; "
3321 "byte_test: 3,=,10,three; "
3347 printf(
"one failed\n");
3360 strcmp(bed1->
name,
"two") != 0 ||
3389 printf(
"three failed\n");
3403 printf(
"four failed\n");
3408 if (sm->
next != NULL)
3421 static int DetectByteExtractTest53(
void)
3437 "(msg:\"Testing bytejump_body\"; "
3439 "byte_extract:4,0,two,string,hex; "
3440 "byte_jump: 2,two; "
3466 printf(
"one failed\n");
3479 strcmp(bed->
name,
"two") != 0 ||
3500 printf(
"three failed\n");
3505 if (sm->
next != NULL)
3518 static int DetectByteExtractTest54(
void)
3534 "(msg:\"Testing bytejump_body\"; "
3536 "byte_extract:4,0,two,string,hex; "
3537 "byte_extract:4,0,three,string,hex; "
3538 "byte_jump: 2,two; "
3539 "byte_jump: 3,three; "
3565 printf(
"one failed\n");
3578 strcmp(bed1->
name,
"two") != 0 ||
3605 printf(
"three failed\n");
3618 printf(
"four failed\n");
3623 if (sm->
next != NULL)
3636 static int DetectByteExtractTest55(
void)
3652 "(msg:\"Testing byte_extract\"; "
3654 "byte_extract:4,0,two,string,hex; "
3655 "byte_extract:4,0,three,string,hex; "
3656 "byte_extract:4,0,four,string,hex; "
3657 "byte_extract:4,0,five,string,hex; "
3658 "content: \"four\"; within:two; distance:three; "
3681 printf(
"one failed: ");
3692 strcmp(bed1->
name,
"two") != 0 ||
3732 printf(
"four failed: ");
3736 if (sm->
next != NULL) {
3750 static int DetectByteExtractTest56(
void)
3766 "(msg:\"Testing bytejump_body\"; "
3767 "uricontent:\"urione\"; "
3769 "byte_extract:4,0,two,string,hex; "
3770 "byte_extract:4,0,three,string,hex; "
3771 "byte_extract:4,0,four,string,hex; "
3772 "byte_extract:4,0,five,string,hex; "
3773 "content: \"four\"; within:two; distance:three; "
3785 sm = s->sm_lists[g_http_uri_buffer_id];
3799 printf(
"one failed\n");
3804 if (sm->
next != NULL)
3821 printf(
"one failed\n");
3834 strcmp(bed1->
name,
"two") != 0 ||
3879 printf(
"four failed\n");
3884 if (sm->
next != NULL) {
3898 static int DetectByteExtractTest57(
void)
3916 "(msg:\"Testing bytejump_body\"; "
3918 "uricontent: \"urione\"; "
3919 "byte_extract:4,0,two,string,hex,relative; "
3920 "byte_extract:4,0,three,string,hex,relative; "
3921 "byte_extract:4,0,four,string,hex,relative; "
3922 "byte_extract:4,0,five,string,hex,relative; "
3923 "uricontent: \"four\"; within:two; distance:three; "
3949 printf(
"one failed\n");
3954 if (sm->
next != NULL)
3957 sm = s->sm_lists[g_http_uri_buffer_id];
3971 printf(
"one failed\n");
3984 strcmp(bed1->
name,
"two") != 0 ||
4044 printf(
"four failed\n");
4049 if (sm->
next != NULL) {
4063 static int DetectByteExtractTest58(
void)
4080 "(msg:\"Testing bytejump_body\"; "
4082 "byte_extract:4,0,two,string,hex; "
4083 "byte_extract:4,0,three,string,hex; "
4084 "byte_jump: 2,two; "
4085 "byte_jump: 3,three; "
4112 printf(
"one failed\n");
4125 strcmp(bed1->
name,
"two") != 0 ||
4152 printf(
"three failed\n");
4165 printf(
"four failed\n");
4178 printf(
"isdataat failed\n");
4183 if (sm->
next != NULL)
4196 static int DetectByteExtractTest59(
void)
4213 "(msg:\"Testing bytejump_body\"; "
4215 "byte_extract:4,0,two,string,hex; "
4216 "byte_extract:4,0,three,string,hex; "
4217 "byte_jump: 2,two; "
4218 "byte_jump: 3,three; "
4219 "isdataat: three,relative; "
4245 printf(
"one failed\n");
4258 strcmp(bed1->
name,
"two") != 0 ||
4285 printf(
"three failed\n");
4298 printf(
"four failed\n");
4312 printf(
"isdataat failed\n");
4317 if (sm->
next != NULL)
4330 static int DetectByteExtractTest60(
void)
4346 "(msg:\"Testing bytejump_body\"; "
4348 "byte_extract:4,0,two,string,hex,relative; "
4349 "uricontent: \"three\"; "
4350 "byte_extract:4,0,four,string,hex,relative; "
4377 printf(
"one failed\n");
4390 strcmp(bed1->
name,
"two") != 0 ||
4412 printf(
"isdataat failed\n");
4417 if (sm->
next != NULL)
4420 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4425 sm = s->sm_lists[g_http_uri_buffer_id];
4433 printf(
"one failed\n");
4446 strcmp(bed1->
name,
"four") != 0 ||
4460 if (sm->
next != NULL)
4473 static int DetectByteExtractTest61(
void)
4489 "(msg:\"Testing bytejump_body\"; "
4491 "byte_extract:4,0,two,string,hex,relative; "
4492 "uricontent: \"three\"; "
4493 "byte_extract:4,0,four,string,hex,relative; "
4494 "isdataat: four, relative; "
4520 printf(
"one failed\n");
4533 strcmp(bed1->
name,
"two") != 0 ||
4547 if (sm->
next != NULL)
4550 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4555 sm = s->sm_lists[g_http_uri_buffer_id];
4563 printf(
"one failed\n");
4576 strcmp(bed1->
name,
"four") != 0 ||
4599 printf(
"isdataat failed\n");
4604 if (sm->
next != NULL)
4617 static int DetectByteExtractTest62(
void)
4631 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4637 if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
4641 sm = s->sm_lists[g_file_data_buffer_id];
4649 strncmp(bed->
name,
"two", 3) != 0 ||
4668 static int DetectByteExtractTest63(
void)
4678 strcmp(bed->
name,
"one") != 0 ||
4690 DetectByteExtractFree(NULL, bed);
4694 static int DetectByteExtractTestParseNoBase(
void)
4708 if (strcmp(bed->
name,
"one") != 0) {
4730 DetectByteExtractFree(NULL, bed);
4734 static void DetectByteExtractRegisterTests(
void)
4739 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4740 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4741 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4742 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4743 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4744 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4745 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4746 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4747 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4748 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4749 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4750 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4751 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4752 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4753 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4754 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4755 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4756 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4757 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4758 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4759 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4760 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4761 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4762 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4763 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4764 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4765 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4766 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4767 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4768 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4769 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4770 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4771 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4772 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4773 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4774 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4775 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4776 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4777 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4778 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4779 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4780 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4782 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4783 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4785 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4786 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4788 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4789 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4791 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4792 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4794 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4795 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4797 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4798 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4800 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4801 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4802 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4804 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4805 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4806 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4807 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4808 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4809 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4812 DetectByteExtractTestParseNoBase);