54 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
58 #define DETECT_BYTE_EXTRACT_BASE_NONE 0
59 #define DETECT_BYTE_EXTRACT_BASE_HEX 16
60 #define DETECT_BYTE_EXTRACT_BASE_DEC 10
61 #define DETECT_BYTE_EXTRACT_BASE_OCT 8
66 #define DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT 1
68 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT 1
69 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT 65535
73 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
74 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
75 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
77 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
79 #define PARSE_REGEX "^" \
81 ",\\s*(-?[0-9]+)\\s*" \
82 ",\\s*([^\\s,]+)\\s*" \
83 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
84 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
85 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
86 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
87 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
94 static void DetectByteExtractRegisterTests(
void);
120 const uint8_t *ptr = NULL;
133 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
150 ptr = payload + data->
offset;
155 if (ptr < payload || data->nbytes >
len) {
156 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
164 data->
nbytes, (
const char *)ptr);
171 SCLogDebug(
"error extracting %d bytes of string data: %d",
180 if (extbytes != data->
nbytes) {
181 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
200 SCLogDebug(
"extracted value is %"PRIu64, val);
220 pcre2_match_data *match = NULL;
223 if (ret < 3 || ret > 19) {
224 SCLogError(
"parse error, ret %" PRId32
", string \"%s\"", ret, arg);
225 SCLogError(
"Invalid arg to byte_extract : %s "
236 char nbytes_str[64] =
"";
237 pcre2len =
sizeof(nbytes_str);
238 res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
240 SCLogError(
"pcre2_substring_copy_bynumber failed "
241 "for arg 1 for byte_extract");
245 (
const char *)nbytes_str) < 0) {
246 SCLogError(
"Invalid value for number of bytes"
247 " to be extracted: \"%s\".",
253 char offset_str[64] =
"";
254 pcre2len =
sizeof(offset_str);
255 res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
257 SCLogError(
"pcre2_substring_copy_bynumber failed "
258 "for arg 2 for byte_extract");
263 SCLogError(
"Invalid value for offset: \"%s\".", offset_str);
269 char varname_str[256] =
"";
270 pcre2len =
sizeof(varname_str);
271 res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
273 SCLogError(
"pcre2_substring_copy_bynumber failed "
274 "for arg 3 for byte_extract");
278 if (bed->
name == NULL)
282 for (i = 4; i < ret; i++) {
283 char opt_str[64] =
"";
284 pcre2len =
sizeof(opt_str);
287 SCLogError(
"pcre2_substring_copy_bynumber failed "
288 "for arg %d for byte_extract with %d",
293 if (strcmp(
"relative", opt_str) == 0) {
296 "than once for byte_extract");
300 }
else if (strcmp(
"multiplier", opt_str) == 0) {
303 "than once for byte_extract");
309 char multiplier_str[16] =
"";
310 pcre2len =
sizeof(multiplier_str);
311 res = pcre2_substring_copy_bynumber(
312 match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
314 SCLogError(
"pcre2_substring_copy_bynumber failed "
315 "for arg %d for byte_extract",
324 "multiplier: \"%s\".",
329 }
else if (strcmp(
"big", opt_str) == 0) {
332 "more than once for byte_extract");
337 }
else if (strcmp(
"little", opt_str) == 0) {
340 "more than once for byte_extract");
345 }
else if (strcmp(
"dce", opt_str) == 0) {
348 "more than once for byte_extract");
353 }
else if (strcmp(
"string", opt_str) == 0) {
356 "than once for byte_extract");
361 "base is (string, base) and not (base, string) "
366 }
else if (strcmp(
"hex", opt_str) == 0) {
369 "without specifying string. The right way is "
370 "(string, base) and not (base, string)");
375 "specified for byte_extract");
379 }
else if (strcmp(
"oct", opt_str) == 0) {
382 "without specifying string. The right way is "
383 "(string, base) and not (base, string)");
388 "specified for byte_extract");
392 }
else if (strcmp(
"dec", opt_str) == 0) {
395 "without specifying string. The right way is "
396 "(string, base) and not (base, string)");
401 "specified for byte_extract");
405 }
else if (strcmp(
"align", opt_str) == 0) {
408 "than once for byte_extract");
414 char align_str[16] =
"";
415 pcre2len =
sizeof(align_str);
416 res = pcre2_substring_copy_bynumber(match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
418 SCLogError(
"pcre2_substring_copy_bynumber failed "
419 "for arg %d in byte_extract",
424 (
const char *)align_str) < 0) {
432 "byte_extract - \"%d\"",
436 }
else if (strcmp(
"", opt_str) == 0) {
440 "specified in byte_extract",
459 "endian \"big\" or \"little\" specified along with "
468 "more than %d bytes in \"string\" extraction",
477 "more than %d bytes in \"string\" extraction",
486 "more than %d bytes in \"string\" extraction",
496 "more than %d bytes in \"non-string\" extraction",
506 pcre2_match_data_free(match);
511 DetectByteExtractFree(
de_ctx, bed);
513 pcre2_match_data_free(match);
537 data = DetectByteExtractParse(
de_ctx, arg);
553 if (prev_pm == NULL) {
572 if (prev_pm == NULL) {
593 "A byte_jump keyword with dce holds other invalid modifiers.");
600 if (prev_bed_sm == NULL)
630 DetectByteExtractFree(
de_ctx, data);
643 if (bed->
name != NULL)
666 if (strcmp(bed->
name, arg) == 0) {
679 if (strcmp(bed->
name, arg) == 0) {
694 static int g_file_data_buffer_id = 0;
695 static int g_http_uri_buffer_id = 0;
697 static int DetectByteExtractTest01(
void)
707 strcmp(bed->
name,
"one") != 0 ||
719 DetectByteExtractFree(NULL, bed);
723 static int DetectByteExtractTest02(
void)
733 strcmp(bed->
name,
"one") != 0 ||
745 DetectByteExtractFree(NULL, bed);
749 static int DetectByteExtractTest03(
void)
759 strcmp(bed->
name,
"one") != 0 ||
771 DetectByteExtractFree(NULL, bed);
775 static int DetectByteExtractTest04(
void)
785 strcmp(bed->
name,
"one") != 0 ||
798 DetectByteExtractFree(NULL, bed);
802 static int DetectByteExtractTest05(
void)
812 strcmp(bed->
name,
"one") != 0 ||
824 DetectByteExtractFree(NULL, bed);
828 static int DetectByteExtractTest06(
void)
838 strcmp(bed->
name,
"one") != 0 ||
850 DetectByteExtractFree(NULL, bed);
854 static int DetectByteExtractTest07(
void)
864 strcmp(bed->
name,
"one") != 0 ||
876 DetectByteExtractFree(NULL, bed);
880 static int DetectByteExtractTest08(
void)
890 strcmp(bed->
name,
"one") != 0 ||
902 DetectByteExtractFree(NULL, bed);
906 static int DetectByteExtractTest09(
void)
916 strcmp(bed->
name,
"one") != 0 ||
928 DetectByteExtractFree(NULL, bed);
932 static int DetectByteExtractTest10(
void)
942 strcmp(bed->
name,
"one") != 0 ||
954 DetectByteExtractFree(NULL, bed);
958 static int DetectByteExtractTest11(
void)
968 strcmp(bed->
name,
"one") != 0 ||
980 DetectByteExtractFree(NULL, bed);
984 static int DetectByteExtractTest12(
void)
994 strcmp(bed->
name,
"one") != 0 ||
1007 DetectByteExtractFree(NULL, bed);
1011 static int DetectByteExtractTest13(
void)
1021 strcmp(bed->
name,
"one") != 0 ||
1035 DetectByteExtractFree(NULL, bed);
1039 static int DetectByteExtractTest14(
void)
1049 strcmp(bed->
name,
"one") != 0 ||
1063 DetectByteExtractFree(NULL, bed);
1067 static int DetectByteExtractTest15(
void)
1077 strcmp(bed->
name,
"one") != 0 ||
1091 DetectByteExtractFree(NULL, bed);
1095 static int DetectByteExtractTest16(
void)
1099 DetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
1105 strcmp(bed->
name,
"one") != 0 ||
1120 DetectByteExtractFree(NULL, bed);
1124 static int DetectByteExtractTest17(
void)
1129 "relative, little, "
1130 "multiplier 2, string hex");
1137 DetectByteExtractFree(NULL, bed);
1141 static int DetectByteExtractTest18(
void)
1146 "relative, little, "
1155 DetectByteExtractFree(NULL, bed);
1159 static int DetectByteExtractTest19(
void)
1164 "relative, little, "
1173 DetectByteExtractFree(NULL, bed);
1177 static int DetectByteExtractTest20(
void)
1191 DetectByteExtractFree(NULL, bed);
1195 static int DetectByteExtractTest21(
void)
1209 DetectByteExtractFree(NULL, bed);
1213 static int DetectByteExtractTest22(
void)
1227 DetectByteExtractFree(NULL, bed);
1231 static int DetectByteExtractTest23(
void)
1245 DetectByteExtractFree(NULL, bed);
1249 static int DetectByteExtractTest24(
void)
1262 DetectByteExtractFree(NULL, bed);
1266 static int DetectByteExtractTest25(
void)
1279 DetectByteExtractFree(NULL, bed);
1283 static int DetectByteExtractTest26(
void)
1290 "multiplier 65536");
1297 DetectByteExtractFree(NULL, bed);
1301 static int DetectByteExtractTest27(
void)
1315 DetectByteExtractFree(NULL, bed);
1319 static int DetectByteExtractTest28(
void)
1330 DetectByteExtractFree(NULL, bed);
1334 static int DetectByteExtractTest29(
void)
1345 DetectByteExtractFree(NULL, bed);
1349 static int DetectByteExtractTest30(
void)
1360 DetectByteExtractFree(NULL, bed);
1364 static int DetectByteExtractTest31(
void)
1375 DetectByteExtractFree(NULL, bed);
1379 static int DetectByteExtractTest32(
void)
1390 DetectByteExtractFree(NULL, bed);
1394 static int DetectByteExtractTest33(
void)
1405 DetectByteExtractFree(NULL, bed);
1409 static int DetectByteExtractTest34(
void)
1424 "(msg:\"Testing bytejump_body\"; "
1426 "byte_extract:4,2,two,relative,string,hex; "
1452 printf(
"one failed\n");
1485 static int DetectByteExtractTest35(
void)
1501 "(msg:\"Testing bytejump_body\"; "
1502 "content:\"one\"; pcre:/asf/; "
1503 "byte_extract:4,0,two,relative,string,hex; "
1529 printf(
"one failed\n");
1553 strcmp(bed->
name,
"two") != 0 ||
1573 static int DetectByteExtractTest36(
void)
1580 "content:\"one\"; byte_jump:1,13; "
1581 "byte_extract:4,0,two,relative,string,hex; "
1618 static int DetectByteExtractTest37(
void)
1634 "(msg:\"Testing bytejump_body\"; "
1635 "content:\"one\"; uricontent:\"two\"; "
1636 "byte_extract:4,0,two,relative,string,hex; "
1662 printf(
"one failed\n");
1667 if (sm->
next != NULL) {
1686 printf(
"two failed\n");
1699 strcmp(bed->
name,
"two") != 0 ||
1719 static int DetectByteExtractTest38(
void)
1735 "(msg:\"Testing bytejump_body\"; "
1736 "content:\"one\"; uricontent:\"two\"; "
1737 "byte_extract:4,0,two,string,hex; "
1763 printf(
"one failed\n");
1776 strcmp(bed->
name,
"two") != 0 ||
1799 printf(
"two failed\n");
1804 if (sm->
next != NULL) {
1819 static int DetectByteExtractTest39(
void)
1835 "(msg:\"Testing bytejump_body\"; "
1836 "content:\"one\"; content:\"two\"; http_uri; "
1837 "byte_extract:4,0,two,relative,string,hex; "
1863 printf(
"one failed\n");
1868 if (sm->
next != NULL) {
1887 printf(
"two failed\n");
1900 strcmp(bed->
name,
"two") != 0 ||
1920 static int DetectByteExtractTest40(
void)
1936 "(msg:\"Testing bytejump_body\"; "
1937 "content:\"one\"; content:\"two\"; http_uri; "
1938 "byte_extract:4,0,two,string,hex; "
1964 printf(
"one failed\n");
1977 strcmp(bed->
name,
"two") != 0 ||
2000 printf(
"two failed\n");
2005 if (sm->
next != NULL) {
2020 static int DetectByteExtractTest41(
void)
2035 "(msg:\"Testing bytejump_body\"; "
2037 "byte_extract:4,0,two,string,hex; "
2038 "byte_extract:4,0,three,string,hex; "
2064 printf(
"one failed\n");
2077 strcmp(bed->
name,
"two") != 0 ||
2098 strcmp(bed->
name,
"three") != 0 ||
2121 static int DetectByteExtractTest42(
void)
2137 "(msg:\"Testing bytejump_body\"; "
2139 "byte_extract:4,0,two,string,hex; "
2140 "uricontent: \"three\"; "
2141 "byte_extract:4,0,four,string,hex,relative; "
2142 "byte_extract:4,0,five,string,hex; "
2168 printf(
"one failed\n");
2181 strcmp(bed->
name,
"two") != 0 ||
2202 strcmp(bed->
name,
"five") != 0 ||
2215 if (sm->
next != NULL)
2232 printf(
"two failed\n");
2245 strcmp(bed->
name,
"four") != 0 ||
2259 if (sm->
next != NULL)
2272 static int DetectByteExtractTest43(
void)
2287 "(msg:\"Testing bytejump_body\"; "
2289 "byte_extract:4,0,two,string,hex; "
2290 "content: \"three\"; offset:two; "
2316 printf(
"one failed\n");
2329 strcmp(bed->
name,
"two") != 0 ||
2352 printf(
"three failed\n");
2357 if (sm->
next != NULL)
2370 static int DetectByteExtractTest44(
void)
2386 "(msg:\"Testing bytejump_body\"; "
2388 "byte_extract:4,0,two,string,hex; "
2389 "byte_extract:4,0,three,string,hex; "
2390 "content: \"four\"; offset:two; "
2391 "content: \"five\"; offset:three; "
2417 printf(
"one failed\n");
2430 strcmp(bed1->
name,
"two") != 0 ||
2460 printf(
"four failed\n");
2475 printf(
"five failed\n");
2480 if (sm->
next != NULL)
2493 static int DetectByteExtractTest45(
void)
2508 "(msg:\"Testing bytejump_body\"; "
2510 "byte_extract:4,0,two,string,hex; "
2511 "content: \"three\"; depth:two; "
2537 printf(
"one failed\n");
2550 strcmp(bed->
name,
"two") != 0 ||
2574 printf(
"three failed\n");
2579 if (sm->
next != NULL)
2592 static int DetectByteExtractTest46(
void)
2608 "(msg:\"Testing bytejump_body\"; "
2610 "byte_extract:4,0,two,string,hex; "
2611 "byte_extract:4,0,three,string,hex; "
2612 "content: \"four\"; depth:two; "
2613 "content: \"five\"; depth:three; "
2639 printf(
"one failed\n");
2652 strcmp(bed1->
name,
"two") != 0 ||
2682 printf(
"four failed\n");
2697 printf(
"five failed\n");
2702 if (sm->
next != NULL)
2715 static int DetectByteExtractTest47(
void)
2730 "(msg:\"Testing bytejump_body\"; "
2732 "byte_extract:4,0,two,string,hex; "
2733 "content: \"three\"; distance:two; "
2759 printf(
"one failed\n");
2772 strcmp(bed->
name,
"two") != 0 ||
2797 printf(
"three failed\n");
2802 if (sm->
next != NULL)
2815 static int DetectByteExtractTest48(
void)
2831 "(msg:\"Testing bytejump_body\"; "
2833 "byte_extract:4,0,two,string,hex; "
2834 "byte_extract:4,0,three,string,hex; "
2835 "content: \"four\"; distance:two; "
2836 "content: \"five\"; distance:three; "
2862 printf(
"one failed\n");
2875 strcmp(bed1->
name,
"two") != 0 ||
2908 printf(
"four failed\n");
2925 printf(
"five failed\n");
2930 if (sm->
next != NULL)
2943 static int DetectByteExtractTest49(
void)
2958 "(msg:\"Testing bytejump_body\"; "
2960 "byte_extract:4,0,two,string,hex; "
2961 "content: \"three\"; within:two; "
2987 printf(
"one failed\n");
3000 strcmp(bed->
name,
"two") != 0 ||
3026 printf(
"three failed\n");
3031 if (sm->
next != NULL)
3044 static int DetectByteExtractTest50(
void)
3060 "(msg:\"Testing bytejump_body\"; "
3062 "byte_extract:4,0,two,string,hex; "
3063 "byte_extract:4,0,three,string,hex; "
3064 "content: \"four\"; within:two; "
3065 "content: \"five\"; within:three; "
3091 printf(
"one failed\n");
3104 strcmp(bed1->
name,
"two") != 0 ||
3138 printf(
"four failed\n");
3156 printf(
"five failed\n");
3161 if (sm->
next != NULL)
3174 static int DetectByteExtractTest51(
void)
3190 "(msg:\"Testing bytejump_body\"; "
3192 "byte_extract:4,0,two,string,hex; "
3193 "byte_test: 2,=,10, two; "
3219 printf(
"one failed\n");
3232 strcmp(bed->
name,
"two") != 0 ||
3254 printf(
"three failed\n");
3259 if (sm->
next != NULL)
3272 static int DetectByteExtractTest52(
void)
3288 "(msg:\"Testing bytejump_body\"; "
3290 "byte_extract:4,0,two,string,hex; "
3291 "byte_extract:4,0,three,string,hex; "
3292 "byte_test: 2,=,two,three; "
3293 "byte_test: 3,=,10,three; "
3319 printf(
"one failed\n");
3332 strcmp(bed1->
name,
"two") != 0 ||
3361 printf(
"three failed\n");
3375 printf(
"four failed\n");
3380 if (sm->
next != NULL)
3393 static int DetectByteExtractTest53(
void)
3401 "byte_extract:4,0,two,string,hex; "
3402 "byte_jump: 2,two; "
3440 static int DetectByteExtractTest54(
void)
3456 "(msg:\"Testing bytejump_body\"; "
3458 "byte_extract:4,0,two,string,hex; "
3459 "byte_extract:4,0,three,string,hex; "
3460 "byte_jump: 2,two; "
3461 "byte_jump: 3,three; "
3487 printf(
"one failed\n");
3500 strcmp(bed1->
name,
"two") != 0 ||
3526 printf(
"three failed\n");
3538 printf(
"four failed\n");
3543 if (sm->
next != NULL)
3556 static int DetectByteExtractTest55(
void)
3572 "(msg:\"Testing byte_extract\"; "
3574 "byte_extract:4,0,two,string,hex; "
3575 "byte_extract:4,0,three,string,hex; "
3576 "byte_extract:4,0,four,string,hex; "
3577 "byte_extract:4,0,five,string,hex; "
3578 "content: \"four\"; within:two; distance:three; "
3601 printf(
"one failed: ");
3612 strcmp(bed1->
name,
"two") != 0 ||
3652 printf(
"four failed: ");
3656 if (sm->
next != NULL) {
3670 static int DetectByteExtractTest56(
void)
3686 "(msg:\"Testing bytejump_body\"; "
3687 "uricontent:\"urione\"; "
3689 "byte_extract:4,0,two,string,hex; "
3690 "byte_extract:4,0,three,string,hex; "
3691 "byte_extract:4,0,four,string,hex; "
3692 "byte_extract:4,0,five,string,hex; "
3693 "content: \"four\"; within:two; distance:three; "
3719 printf(
"one failed\n");
3724 if (sm->
next != NULL)
3741 printf(
"one failed\n");
3754 strcmp(bed1->
name,
"two") != 0 ||
3799 printf(
"four failed\n");
3804 if (sm->
next != NULL) {
3818 static int DetectByteExtractTest57(
void)
3836 "(msg:\"Testing bytejump_body\"; "
3838 "uricontent: \"urione\"; "
3839 "byte_extract:4,0,two,string,hex,relative; "
3840 "byte_extract:4,0,three,string,hex,relative; "
3841 "byte_extract:4,0,four,string,hex,relative; "
3842 "byte_extract:4,0,five,string,hex,relative; "
3843 "uricontent: \"four\"; within:two; distance:three; "
3869 printf(
"one failed\n");
3874 if (sm->
next != NULL)
3891 printf(
"one failed\n");
3904 strcmp(bed1->
name,
"two") != 0 ||
3964 printf(
"four failed\n");
3969 if (sm->
next != NULL) {
3983 static int DetectByteExtractTest58(
void)
4000 "(msg:\"Testing bytejump_body\"; "
4002 "byte_extract:4,0,two,string,hex; "
4003 "byte_extract:4,0,three,string,hex; "
4004 "byte_jump: 2,two; "
4005 "byte_jump: 3,three; "
4032 printf(
"one failed\n");
4045 strcmp(bed1->
name,
"two") != 0 ||
4071 printf(
"three failed\n");
4083 printf(
"four failed\n");
4096 printf(
"isdataat failed\n");
4101 if (sm->
next != NULL)
4114 static int DetectByteExtractTest59(
void)
4122 "byte_extract:4,0,two,string,hex; "
4123 "byte_extract:4,0,three,string,hex; "
4124 "byte_jump: 2,two; "
4125 "byte_jump: 3,three; "
4126 "isdataat: three,relative; "
4193 static int DetectByteExtractTest60(
void)
4209 "(msg:\"Testing bytejump_body\"; "
4211 "byte_extract:4,0,two,string,hex,relative; "
4212 "uricontent: \"three\"; "
4213 "byte_extract:4,0,four,string,hex,relative; "
4240 printf(
"one failed\n");
4253 strcmp(bed1->
name,
"two") != 0 ||
4275 printf(
"isdataat failed\n");
4280 if (sm->
next != NULL)
4295 printf(
"one failed\n");
4308 strcmp(bed1->
name,
"four") != 0 ||
4322 if (sm->
next != NULL)
4335 static int DetectByteExtractTest61(
void)
4351 "(msg:\"Testing bytejump_body\"; "
4353 "byte_extract:4,0,two,string,hex,relative; "
4354 "uricontent: \"three\"; "
4355 "byte_extract:4,0,four,string,hex,relative; "
4356 "isdataat: four, relative; "
4382 printf(
"one failed\n");
4395 strcmp(bed1->
name,
"two") != 0 ||
4409 if (sm->
next != NULL)
4424 printf(
"one failed\n");
4437 strcmp(bed1->
name,
"four") != 0 ||
4460 printf(
"isdataat failed\n");
4465 if (sm->
next != NULL)
4478 static int DetectByteExtractTest62(
void)
4492 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4508 strncmp(bed->
name,
"two", 3) != 0 ||
4527 static int DetectByteExtractTest63(
void)
4537 strcmp(bed->
name,
"one") != 0 ||
4549 DetectByteExtractFree(NULL, bed);
4553 static int DetectByteExtractTestParseNoBase(
void)
4567 if (strcmp(bed->
name,
"one") != 0) {
4589 DetectByteExtractFree(NULL, bed);
4593 static void DetectByteExtractRegisterTests(
void)
4598 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4599 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4600 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4601 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4602 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4603 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4604 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4605 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4606 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4607 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4608 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4609 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4610 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4611 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4612 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4613 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4614 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4615 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4616 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4617 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4618 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4619 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4620 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4621 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4622 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4623 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4624 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4625 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4626 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4627 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4628 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4629 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4630 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4631 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4632 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4633 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4634 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4635 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4636 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4637 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4638 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4639 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4641 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4642 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4644 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4645 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4647 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4648 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4650 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4651 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4653 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4654 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4656 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4657 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4659 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4660 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4661 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4663 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4664 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4665 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4666 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4667 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4668 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4671 DetectByteExtractTestParseNoBase);