48 #define DETECT_BYTE_EXTRACT_BASE_HEX BaseHex
49 #define DETECT_BYTE_EXTRACT_BASE_DEC BaseDec
50 #define DETECT_BYTE_EXTRACT_BASE_OCT BaseOct
54 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
55 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
56 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
58 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
62 static void DetectByteExtractRegisterTests(
void);
95 SCDetectByteExtractData *data = (SCDetectByteExtractData *)smd->
ctx;
96 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
97 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
98 "data->offset %"PRIu32
"", det_ctx->
buffer_offset, data->offset);
112 SCLogDebug(
"absolute, data->offset %"PRIu32
"", data->offset);
114 ptr = payload + data->offset;
119 if (ptr < payload || data->nbytes >
len) {
120 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
121 payload, ptr,
len, data->nbytes);
128 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
130 data->nbytes, (
const char *)ptr);
137 SCLogDebug(
"error extracting %d bytes of string data: %d",
138 data->nbytes, extbytes);
145 if (extbytes != data->nbytes) {
146 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
147 data->nbytes, extbytes);
153 val *= data->multiplier_value;
154 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) {
155 if ((val % data->align_value) != 0) {
156 val += data->align_value - (val % data->align_value);
165 SCLogDebug(
"extracted value is %"PRIu64, val);
179 static inline SCDetectByteExtractData *DetectByteExtractParse(
182 SCDetectByteExtractData *bed = SCByteExtractParse(arg);
188 if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_SLICE) {
189 SCLogError(
"byte_extract slice not yet supported; see issue #6831");
192 if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
198 "more than %d bytes in \"string\" extraction",
207 "more than %d bytes in \"string\" extraction",
216 "more than %d bytes in \"string\" extraction",
226 "more than %d bytes in \"non-string\" extraction",
232 if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN))
233 bed->endian = BigEndian;
239 DetectByteExtractFree(
de_ctx, bed);
259 SCDetectByteExtractData *data = NULL;
262 data = DetectByteExtractParse(
de_ctx, arg);
270 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
273 }
else if (data->endian == EndianDCE) {
274 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
278 if (prev_pm == NULL) {
292 }
else if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
297 if (prev_pm == NULL) {
309 if (data->endian == EndianDCE) {
313 if ((DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ==
314 (data->flags & (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING))) {
316 "A byte_jump keyword with dce holds other invalid modifiers.");
323 if (prev_bed_sm == NULL)
326 data->local_id = ((SCDetectByteExtractData *)prev_bed_sm->
ctx)->local_id + 1;
335 if (!(data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE))
353 DetectByteExtractFree(
de_ctx, data);
364 SCByteExtractFree(ptr);
381 const SCDetectByteExtractData *bed = (
const SCDetectByteExtractData *)sm->
ctx;
382 if (strcmp(bed->name, arg) == 0) {
395 const SCDetectByteExtractData *bed = (
const SCDetectByteExtractData *)sm->
ctx;
396 if (strcmp(bed->name, arg) == 0) {
413 static int g_file_data_buffer_id = 0;
414 static int g_http_uri_buffer_id = 0;
416 static int DetectByteExtractTest01(
void)
420 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one");
424 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 || bed->flags != 0 ||
425 bed->endian != BigEndian || bed->align_value != 0 ||
426 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
433 DetectByteExtractFree(NULL, bed);
437 static int DetectByteExtractTest02(
void)
441 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, relative");
445 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
446 bed->flags != DETECT_BYTE_EXTRACT_FLAG_RELATIVE || bed->endian != BigEndian ||
447 bed->align_value != 0 ||
448 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
455 DetectByteExtractFree(NULL, bed);
459 static int DetectByteExtractTest03(
void)
463 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, multiplier 10");
467 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
468 bed->flags != DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER || bed->endian != BigEndian ||
469 bed->align_value != 0 || bed->multiplier_value != 10) {
476 DetectByteExtractFree(NULL, bed);
480 static int DetectByteExtractTest04(
void)
484 SCDetectByteExtractData *bed =
485 DetectByteExtractParse(NULL,
"4, 2, one, relative, multiplier 10");
489 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
491 (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) ||
492 bed->endian != BigEndian || bed->align_value != 0 || bed->multiplier_value != 10) {
499 DetectByteExtractFree(NULL, bed);
503 static int DetectByteExtractTest05(
void)
507 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, big");
511 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
512 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != BigEndian ||
513 bed->align_value != 0 ||
514 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
521 DetectByteExtractFree(NULL, bed);
525 static int DetectByteExtractTest06(
void)
529 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, little");
533 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
534 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != LittleEndian ||
535 bed->align_value != 0 ||
536 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
543 DetectByteExtractFree(NULL, bed);
547 static int DetectByteExtractTest07(
void)
551 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, dce");
555 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
556 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != EndianDCE ||
557 bed->align_value != 0 ||
558 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
565 DetectByteExtractFree(NULL, bed);
569 static int DetectByteExtractTest08(
void)
573 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, hex");
577 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
578 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
580 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
587 DetectByteExtractFree(NULL, bed);
591 static int DetectByteExtractTest09(
void)
595 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, oct");
599 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
600 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
602 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
609 DetectByteExtractFree(NULL, bed);
613 static int DetectByteExtractTest10(
void)
617 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, dec");
621 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
623 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
630 DetectByteExtractFree(NULL, bed);
634 static int DetectByteExtractTest11(
void)
638 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4");
642 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
643 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ALIGN || bed->endian != BigEndian ||
644 bed->align_value != 4 ||
645 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
652 DetectByteExtractFree(NULL, bed);
656 static int DetectByteExtractTest12(
void)
660 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative");
664 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
665 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
666 bed->endian != BigEndian || bed->align_value != 4 ||
667 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
674 DetectByteExtractFree(NULL, bed);
678 static int DetectByteExtractTest13(
void)
682 SCDetectByteExtractData *bed =
683 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, big");
687 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
688 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
689 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
690 bed->endian != BigEndian || bed->align_value != 4 ||
691 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
698 DetectByteExtractFree(NULL, bed);
702 static int DetectByteExtractTest14(
void)
706 SCDetectByteExtractData *bed =
707 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, dce");
711 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
712 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
713 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
714 bed->endian != EndianDCE || bed->align_value != 4 ||
715 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
722 DetectByteExtractFree(NULL, bed);
726 static int DetectByteExtractTest15(
void)
730 SCDetectByteExtractData *bed =
731 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little");
735 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
736 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
737 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
738 bed->endian != LittleEndian || bed->align_value != 4 ||
739 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
746 DetectByteExtractFree(NULL, bed);
750 static int DetectByteExtractTest16(
void)
754 SCDetectByteExtractData *bed =
755 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
759 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
760 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_RELATIVE |
761 DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
762 DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) ||
763 bed->endian != LittleEndian || bed->align_value != 4 || bed->multiplier_value != 2) {
770 DetectByteExtractFree(NULL, bed);
774 static int DetectByteExtractTest17(
void)
778 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
780 "multiplier 2, string hex");
787 DetectByteExtractFree(NULL, bed);
791 static int DetectByteExtractTest18(
void)
795 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
805 DetectByteExtractFree(NULL, bed);
809 static int DetectByteExtractTest19(
void)
813 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
823 DetectByteExtractFree(NULL, bed);
827 static int DetectByteExtractTest20(
void)
831 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
841 DetectByteExtractFree(NULL, bed);
845 static int DetectByteExtractTest21(
void)
849 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
859 DetectByteExtractFree(NULL, bed);
863 static int DetectByteExtractTest22(
void)
867 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
877 DetectByteExtractFree(NULL, bed);
881 static int DetectByteExtractTest23(
void)
885 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
895 DetectByteExtractFree(NULL, bed);
899 static int DetectByteExtractTest24(
void)
903 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"24, 2, one, align 4, "
912 DetectByteExtractFree(NULL, bed);
916 static int DetectByteExtractTest25(
void)
920 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"9, 2, one, align 4, "
929 DetectByteExtractFree(NULL, bed);
933 static int DetectByteExtractTest26(
void)
937 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
947 DetectByteExtractFree(NULL, bed);
951 static int DetectByteExtractTest27(
void)
955 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
965 DetectByteExtractFree(NULL, bed);
969 static int DetectByteExtractTest28(
void)
973 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"23, 2, one, string, oct");
980 DetectByteExtractFree(NULL, bed);
984 static int DetectByteExtractTest29(
void)
988 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"24, 2, one, string, oct");
995 DetectByteExtractFree(NULL, bed);
999 static int DetectByteExtractTest30(
void)
1003 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"20, 2, one, string, dec");
1010 DetectByteExtractFree(NULL, bed);
1014 static int DetectByteExtractTest31(
void)
1018 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"21, 2, one, string, dec");
1025 DetectByteExtractFree(NULL, bed);
1029 static int DetectByteExtractTest32(
void)
1033 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"14, 2, one, string, hex");
1040 DetectByteExtractFree(NULL, bed);
1044 static int DetectByteExtractTest33(
void)
1048 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"15, 2, one, string, hex");
1055 DetectByteExtractFree(NULL, bed);
1059 static int DetectByteExtractTest34(
void)
1066 SCDetectByteExtractData *bed = NULL;
1074 "(msg:\"Testing bytejump_body\"; "
1076 "byte_extract:4,2,two,relative,string,hex; "
1102 printf(
"one failed\n");
1112 bed = (SCDetectByteExtractData *)sm->
ctx;
1113 if (bed->nbytes != 4 || bed->offset != 2 || strncmp(bed->name,
"two", cd->
content_len) != 0 ||
1114 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1115 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1117 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1131 static int DetectByteExtractTest35(
void)
1139 SCDetectByteExtractData *bed = NULL;
1147 "(msg:\"Testing bytejump_body\"; "
1148 "content:\"one\"; pcre:/asf/; "
1149 "byte_extract:4,0,two,relative,string,hex; "
1175 printf(
"one failed\n");
1196 bed = (SCDetectByteExtractData *)sm->
ctx;
1197 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1198 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1199 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1201 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1215 static int DetectByteExtractTest36(
void)
1222 "content:\"one\"; byte_jump:1,13; "
1223 "byte_extract:4,0,two,relative,string,hex; "
1246 SCDetectByteExtractData *bed = (SCDetectByteExtractData *)sm->
ctx;
1249 FAIL_IF(strcmp(bed->name,
"two") != 0);
1250 FAIL_IF(bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1251 DETECT_BYTE_EXTRACT_FLAG_STRING));
1253 FAIL_IF(bed->align_value != 0);
1254 FAIL_IF(bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
1260 static int DetectByteExtractTest37(
void)
1268 SCDetectByteExtractData *bed = NULL;
1276 "(msg:\"Testing bytejump_body\"; "
1277 "content:\"one\"; uricontent:\"two\"; "
1278 "byte_extract:4,0,two,relative,string,hex; "
1304 printf(
"one failed\n");
1309 if (sm->
next != NULL) {
1328 printf(
"two failed\n");
1338 bed = (SCDetectByteExtractData *)sm->
ctx;
1339 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1340 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1341 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1343 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1357 static int DetectByteExtractTest38(
void)
1365 SCDetectByteExtractData *bed = NULL;
1373 "(msg:\"Testing bytejump_body\"; "
1374 "content:\"one\"; uricontent:\"two\"; "
1375 "byte_extract:4,0,two,string,hex; "
1401 printf(
"one failed\n");
1411 bed = (SCDetectByteExtractData *)sm->
ctx;
1412 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1413 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1415 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1433 printf(
"two failed\n");
1438 if (sm->
next != NULL) {
1453 static int DetectByteExtractTest39(
void)
1461 SCDetectByteExtractData *bed = NULL;
1469 "(msg:\"Testing bytejump_body\"; "
1470 "content:\"one\"; content:\"two\"; http_uri; "
1471 "byte_extract:4,0,two,relative,string,hex; "
1497 printf(
"one failed\n");
1502 if (sm->
next != NULL) {
1521 printf(
"two failed\n");
1531 bed = (SCDetectByteExtractData *)sm->
ctx;
1532 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1533 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1534 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1536 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1550 static int DetectByteExtractTest40(
void)
1558 SCDetectByteExtractData *bed = NULL;
1566 "(msg:\"Testing bytejump_body\"; "
1567 "content:\"one\"; content:\"two\"; http_uri; "
1568 "byte_extract:4,0,two,string,hex; "
1594 printf(
"one failed\n");
1604 bed = (SCDetectByteExtractData *)sm->
ctx;
1605 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1606 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1608 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1626 printf(
"two failed\n");
1631 if (sm->
next != NULL) {
1646 static int DetectByteExtractTest41(
void)
1653 SCDetectByteExtractData *bed = NULL;
1661 "(msg:\"Testing bytejump_body\"; "
1663 "byte_extract:4,0,two,string,hex; "
1664 "byte_extract:4,0,three,string,hex; "
1690 printf(
"one failed\n");
1700 bed = (SCDetectByteExtractData *)sm->
ctx;
1701 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1702 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1704 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1707 if (bed->local_id != 0) {
1717 bed = (SCDetectByteExtractData *)sm->
ctx;
1718 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"three") != 0 ||
1719 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1721 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1724 if (bed->local_id != 1) {
1739 static int DetectByteExtractTest42(
void)
1747 SCDetectByteExtractData *bed = NULL;
1755 "(msg:\"Testing bytejump_body\"; "
1757 "byte_extract:4,0,two,string,hex; "
1758 "uricontent: \"three\"; "
1759 "byte_extract:4,0,four,string,hex,relative; "
1760 "byte_extract:4,0,five,string,hex; "
1786 printf(
"one failed\n");
1796 bed = (SCDetectByteExtractData *)sm->
ctx;
1797 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1798 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1800 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1803 if (bed->local_id != 0) {
1813 bed = (SCDetectByteExtractData *)sm->
ctx;
1814 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"five") != 0 ||
1815 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1817 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1820 if (bed->local_id != 1) {
1825 if (sm->
next != NULL)
1842 printf(
"two failed\n");
1852 bed = (SCDetectByteExtractData *)sm->
ctx;
1853 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"four") != 0 ||
1854 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1855 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1857 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1860 if (bed->local_id != 0) {
1865 if (sm->
next != NULL)
1878 static int DetectByteExtractTest43(
void)
1885 SCDetectByteExtractData *bed = NULL;
1893 "(msg:\"Testing bytejump_body\"; "
1895 "byte_extract:4,0,two,string,hex; "
1896 "content: \"three\"; offset:two; "
1922 printf(
"one failed\n");
1932 bed = (SCDetectByteExtractData *)sm->
ctx;
1933 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1934 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1936 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1939 if (bed->local_id != 0) {
1952 cd->
offset != bed->local_id) {
1953 printf(
"three failed\n");
1958 if (sm->
next != NULL)
1971 static int DetectByteExtractTest44(
void)
1978 SCDetectByteExtractData *bed1 = NULL;
1979 SCDetectByteExtractData *bed2 = NULL;
1987 "(msg:\"Testing bytejump_body\"; "
1989 "byte_extract:4,0,two,string,hex; "
1990 "byte_extract:4,0,three,string,hex; "
1991 "content: \"four\"; offset:two; "
1992 "content: \"five\"; offset:three; "
2018 printf(
"one failed\n");
2028 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2029 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2030 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2032 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2035 if (bed1->local_id != 0) {
2045 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2055 cd->
offset != bed1->local_id) {
2056 printf(
"four failed\n");
2070 cd->
offset != bed2->local_id) {
2071 printf(
"five failed\n");
2076 if (sm->
next != NULL)
2089 static int DetectByteExtractTest45(
void)
2096 SCDetectByteExtractData *bed = NULL;
2104 "(msg:\"Testing bytejump_body\"; "
2106 "byte_extract:4,0,two,string,hex; "
2107 "content: \"three\"; depth:two; "
2133 printf(
"one failed\n");
2143 bed = (SCDetectByteExtractData *)sm->
ctx;
2144 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2145 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2147 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2150 if (bed->local_id != 0) {
2164 printf(
"three failed\n");
2169 if (sm->
next != NULL)
2182 static int DetectByteExtractTest46(
void)
2189 SCDetectByteExtractData *bed1 = NULL;
2190 SCDetectByteExtractData *bed2 = NULL;
2198 "(msg:\"Testing bytejump_body\"; "
2200 "byte_extract:4,0,two,string,hex; "
2201 "byte_extract:4,0,three,string,hex; "
2202 "content: \"four\"; depth:two; "
2203 "content: \"five\"; depth:three; "
2229 printf(
"one failed\n");
2239 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2240 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2241 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2243 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2246 if (bed1->local_id != 0) {
2256 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2266 cd->
depth != bed1->local_id) {
2267 printf(
"four failed\n");
2281 cd->
depth != bed2->local_id) {
2282 printf(
"five failed\n");
2287 if (sm->
next != NULL)
2300 static int DetectByteExtractTest47(
void)
2307 SCDetectByteExtractData *bed = NULL;
2315 "(msg:\"Testing bytejump_body\"; "
2317 "byte_extract:4,0,two,string,hex; "
2318 "content: \"three\"; distance:two; "
2344 printf(
"one failed\n");
2354 bed = (SCDetectByteExtractData *)sm->
ctx;
2355 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2356 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2358 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2361 if (bed->local_id != 0) {
2376 printf(
"three failed\n");
2381 if (sm->
next != NULL)
2394 static int DetectByteExtractTest48(
void)
2401 SCDetectByteExtractData *bed1 = NULL;
2402 SCDetectByteExtractData *bed2 = NULL;
2410 "(msg:\"Testing bytejump_body\"; "
2412 "byte_extract:4,0,two,string,hex; "
2413 "byte_extract:4,0,three,string,hex; "
2414 "content: \"four\"; distance:two; "
2415 "content: \"five\"; distance:three; "
2441 printf(
"one failed\n");
2451 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2452 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2453 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2455 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2458 if (bed1->local_id != 0) {
2468 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2480 printf(
"four failed\n");
2497 printf(
"five failed\n");
2502 if (sm->
next != NULL)
2515 static int DetectByteExtractTest49(
void)
2522 SCDetectByteExtractData *bed = NULL;
2530 "(msg:\"Testing bytejump_body\"; "
2532 "byte_extract:4,0,two,string,hex; "
2533 "content: \"three\"; within:two; "
2559 printf(
"one failed\n");
2569 bed = (SCDetectByteExtractData *)sm->
ctx;
2570 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2571 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2573 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2576 if (bed->local_id != 0) {
2590 printf(
"three failed\n");
2595 if (sm->
next != NULL)
2608 static int DetectByteExtractTest50(
void)
2615 SCDetectByteExtractData *bed1 = NULL;
2616 SCDetectByteExtractData *bed2 = NULL;
2624 "(msg:\"Testing bytejump_body\"; "
2626 "byte_extract:4,0,two,string,hex; "
2627 "byte_extract:4,0,three,string,hex; "
2628 "content: \"four\"; within:two; "
2629 "content: \"five\"; within:three; "
2655 printf(
"one failed\n");
2665 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2666 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2667 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2669 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2672 if (bed1->local_id != 0) {
2682 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2695 printf(
"four failed\n");
2709 cd->
within != bed2->local_id ||
2713 printf(
"five failed\n");
2718 if (sm->
next != NULL)
2731 static int DetectByteExtractTest51(
void)
2738 SCDetectByteExtractData *bed = NULL;
2747 "(msg:\"Testing bytejump_body\"; "
2749 "byte_extract:4,0,two,string,hex; "
2750 "byte_test: 2,=,10, two; "
2776 printf(
"one failed\n");
2786 bed = (SCDetectByteExtractData *)sm->
ctx;
2787 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2788 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2790 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2793 if (bed->local_id != 0) {
2807 printf(
"three failed\n");
2812 if (sm->
next != NULL)
2825 static int DetectByteExtractTest52(
void)
2832 SCDetectByteExtractData *bed1 = NULL;
2841 "(msg:\"Testing bytejump_body\"; "
2843 "byte_extract:4,0,two,string,hex; "
2844 "byte_extract:4,0,three,string,hex; "
2845 "byte_test: 2,=,two,three; "
2846 "byte_test: 3,=,10,three; "
2872 printf(
"one failed\n");
2882 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2883 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2884 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2886 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2889 if (bed1->local_id != 0) {
2910 printf(
"three failed\n");
2924 printf(
"four failed\n");
2929 if (sm->
next != NULL)
2942 static int DetectByteExtractTest53(
void)
2950 "byte_extract:4,0,two,string,hex; "
2951 "byte_jump: 2,two; "
2964 SCDetectByteExtractData *bed = (SCDetectByteExtractData *)sm->
ctx;
2968 FAIL_IF(strcmp(bed->name,
"two") != 0);
2969 FAIL_IF(bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING));
2971 FAIL_IF(bed->align_value != 0);
2972 FAIL_IF(bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
2988 static int DetectByteExtractTest54(
void)
2995 SCDetectByteExtractData *bed1 = NULL;
3004 "(msg:\"Testing bytejump_body\"; "
3006 "byte_extract:4,0,two,string,hex; "
3007 "byte_extract:4,0,three,string,hex; "
3008 "byte_jump: 2,two; "
3009 "byte_jump: 3,three; "
3035 printf(
"one failed\n");
3045 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3046 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3047 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3049 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3052 if (bed1->local_id != 0) {
3070 printf(
"three failed\n");
3084 if (sm->
next != NULL)
3097 static int DetectByteExtractTest55(
void)
3104 SCDetectByteExtractData *bed1 = NULL;
3105 SCDetectByteExtractData *bed2 = NULL;
3113 "(msg:\"Testing byte_extract\"; "
3115 "byte_extract:4,0,two,string,hex; "
3116 "byte_extract:4,0,three,string,hex; "
3117 "byte_extract:4,0,four,string,hex; "
3118 "byte_extract:4,0,five,string,hex; "
3119 "content: \"four\"; within:two; distance:three; "
3142 printf(
"one failed: ");
3150 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3151 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3152 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3154 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3157 if (bed1->local_id != 0) {
3165 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3186 cd->
within != bed1->local_id || cd->
distance != bed2->local_id) {
3187 printf(
"four failed: ");
3191 if (sm->
next != NULL) {
3205 static int DetectByteExtractTest56(
void)
3212 SCDetectByteExtractData *bed1 = NULL;
3213 SCDetectByteExtractData *bed2 = NULL;
3221 "(msg:\"Testing bytejump_body\"; "
3222 "uricontent:\"urione\"; "
3224 "byte_extract:4,0,two,string,hex; "
3225 "byte_extract:4,0,three,string,hex; "
3226 "byte_extract:4,0,four,string,hex; "
3227 "byte_extract:4,0,five,string,hex; "
3228 "content: \"four\"; within:two; distance:three; "
3254 printf(
"one failed\n");
3259 if (sm->
next != NULL)
3276 printf(
"one failed\n");
3286 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3287 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3288 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3290 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3293 if (bed1->local_id != 0) {
3303 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3328 cd->
within != bed1->local_id ||
3330 printf(
"four failed\n");
3335 if (sm->
next != NULL) {
3349 static int DetectByteExtractTest57(
void)
3356 SCDetectByteExtractData *bed1 = NULL;
3357 SCDetectByteExtractData *bed2 = NULL;
3358 SCDetectByteExtractData *bed3 = NULL;
3359 SCDetectByteExtractData *bed4 = NULL;
3367 "(msg:\"Testing bytejump_body\"; "
3369 "uricontent: \"urione\"; "
3370 "byte_extract:4,0,two,string,hex,relative; "
3371 "byte_extract:4,0,three,string,hex,relative; "
3372 "byte_extract:4,0,four,string,hex,relative; "
3373 "byte_extract:4,0,five,string,hex,relative; "
3374 "uricontent: \"four\"; within:two; distance:three; "
3400 printf(
"one failed\n");
3405 if (sm->
next != NULL)
3422 printf(
"one failed\n");
3432 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3433 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3434 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3435 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3437 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3440 if (bed1->local_id != 0) {
3450 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3451 if (bed2->local_id != 1) {
3461 bed3 = (SCDetectByteExtractData *)sm->
ctx;
3462 if (bed3->local_id != 2) {
3472 bed4 = (SCDetectByteExtractData *)sm->
ctx;
3473 if (bed4->local_id != 3) {
3489 cd->
within != bed1->local_id ||
3491 printf(
"four failed\n");
3496 if (sm->
next != NULL) {
3510 static int DetectByteExtractTest58(
void)
3517 SCDetectByteExtractData *bed1 = NULL;
3527 "(msg:\"Testing bytejump_body\"; "
3529 "byte_extract:4,0,two,string,hex; "
3530 "byte_extract:4,0,three,string,hex; "
3531 "byte_jump: 2,two; "
3532 "byte_jump: 3,three; "
3559 printf(
"one failed\n");
3569 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3570 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3571 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3573 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3576 if (bed1->local_id != 0) {
3594 printf(
"three failed\n");
3606 printf(
"four failed\n");
3619 printf(
"isdataat failed\n");
3624 if (sm->
next != NULL)
3637 static int DetectByteExtractTest59(
void)
3645 "byte_extract:4,0,two,string,hex; "
3646 "byte_extract:4,0,three,string,hex; "
3647 "byte_jump: 2,two; "
3648 "byte_jump: 3,three; "
3649 "isdataat: three,relative; "
3671 SCDetectByteExtractData *bed1 = (SCDetectByteExtractData *)sm->
ctx;
3674 FAIL_IF(strcmp(bed1->name,
"two") != 0);
3676 FAIL_IF(bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING));
3679 FAIL_IF(bed1->align_value != 0);
3680 FAIL_IF(bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
3717 static int DetectByteExtractTest60(
void)
3724 SCDetectByteExtractData *bed1 = NULL;
3733 "(msg:\"Testing bytejump_body\"; "
3735 "byte_extract:4,0,two,string,hex,relative; "
3736 "uricontent: \"three\"; "
3737 "byte_extract:4,0,four,string,hex,relative; "
3764 printf(
"one failed\n");
3774 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3775 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3776 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3777 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3779 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3782 if (bed1->local_id != 0) {
3794 isdd->
dataat != bed1->local_id) {
3795 printf(
"isdataat failed\n");
3800 if (sm->
next != NULL)
3815 printf(
"one failed\n");
3825 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3826 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"four") != 0 ||
3827 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3828 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3830 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3833 if (bed1->local_id != 0) {
3838 if (sm->
next != NULL)
3851 static int DetectByteExtractTest61(
void)
3858 SCDetectByteExtractData *bed1 = NULL;
3867 "(msg:\"Testing bytejump_body\"; "
3869 "byte_extract:4,0,two,string,hex,relative; "
3870 "uricontent: \"three\"; "
3871 "byte_extract:4,0,four,string,hex,relative; "
3872 "isdataat: four, relative; "
3898 printf(
"one failed\n");
3908 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3909 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3910 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3911 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3913 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3916 if (bed1->local_id != 0) {
3921 if (sm->
next != NULL)
3936 printf(
"one failed\n");
3946 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3947 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"four") != 0 ||
3948 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3949 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3951 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3954 if (bed1->local_id != 0) {
3967 isdd->
dataat != bed1->local_id) {
3968 printf(
"isdataat failed\n");
3973 if (sm->
next != NULL)
3986 static int DetectByteExtractTest62(
void)
3992 SCDetectByteExtractData *bed = NULL;
4000 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4013 bed = (SCDetectByteExtractData *)sm->
ctx;
4014 if (bed->nbytes != 4 || bed->offset != 2 || strncmp(bed->name,
"two", 3) != 0 ||
4015 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
4016 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
4018 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4032 static int DetectByteExtractTest63(
void)
4036 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, -2, one");
4040 if (bed->nbytes != 4 || bed->offset != -2 || strcmp(bed->name,
"one") != 0 || bed->flags != 0 ||
4041 bed->endian != BigEndian || bed->align_value != 0 ||
4042 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4049 DetectByteExtractFree(NULL, bed);
4053 static int DetectByteExtractTestParseNoBase(
void)
4057 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string");
4061 if (bed->nbytes != 4) {
4064 if (bed->offset != 2) {
4067 if (strcmp(bed->name,
"one") != 0) {
4070 if (bed->flags != DETECT_BYTE_EXTRACT_FLAG_STRING) {
4076 if (bed->align_value != 0) {
4079 if (bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4086 DetectByteExtractFree(NULL, bed);
4090 static void DetectByteExtractRegisterTests(
void)
4095 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4096 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4097 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4098 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4099 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4100 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4101 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4102 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4103 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4104 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4105 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4106 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4107 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4108 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4109 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4110 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4111 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4112 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4113 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4114 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4115 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4116 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4117 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4118 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4119 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4120 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4121 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4122 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4123 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4124 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4125 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4126 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4127 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4128 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4129 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4130 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4131 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4132 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4133 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4134 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4135 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4136 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4138 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4139 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4141 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4142 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4144 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4145 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4147 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4148 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4150 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4151 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4153 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4154 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4156 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4157 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4158 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4160 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4161 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4162 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4163 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4164 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4165 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4168 DetectByteExtractTestParseNoBase);