54 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
58 #define DETECT_BYTE_EXTRACT_BASE_NONE 0
59 #define DETECT_BYTE_EXTRACT_BASE_HEX 16
60 #define DETECT_BYTE_EXTRACT_BASE_DEC 10
61 #define DETECT_BYTE_EXTRACT_BASE_OCT 8
66 #define DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT 1
68 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT 1
69 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT 65535
73 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
74 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
75 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
77 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
79 #define PARSE_REGEX "^" \
81 ",\\s*(-?[0-9]+)\\s*" \
82 ",\\s*([^\\s,]+)\\s*" \
83 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
84 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
85 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
86 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
87 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
94 static void DetectByteExtractRegisterTests(
void);
120 const uint8_t *ptr = NULL;
133 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
150 ptr = payload + data->
offset;
155 if (ptr < payload || data->nbytes >
len) {
156 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
164 data->
nbytes, (
const char *)ptr);
171 SCLogDebug(
"error extracting %d bytes of string data: %d",
180 if (extbytes != data->
nbytes) {
181 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
200 SCLogDebug(
"extracted value is %"PRIu64, val);
220 pcre2_match_data *match = NULL;
223 if (ret < 3 || ret > 19) {
224 SCLogError(
"parse error, ret %" PRId32
", string \"%s\"", ret, arg);
225 SCLogError(
"Invalid arg to byte_extract : %s "
236 char nbytes_str[64] =
"";
237 pcre2len =
sizeof(nbytes_str);
238 res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
240 SCLogError(
"pcre2_substring_copy_bynumber failed "
241 "for arg 1 for byte_extract");
245 (
const char *)nbytes_str) < 0) {
246 SCLogError(
"Invalid value for number of bytes"
247 " to be extracted: \"%s\".",
253 char offset_str[64] =
"";
254 pcre2len =
sizeof(offset_str);
255 res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
257 SCLogError(
"pcre2_substring_copy_bynumber failed "
258 "for arg 2 for byte_extract");
263 SCLogError(
"Invalid value for offset: \"%s\".", offset_str);
269 char varname_str[256] =
"";
270 pcre2len =
sizeof(varname_str);
271 res = pcre2_substring_copy_bynumber(match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
273 SCLogError(
"pcre2_substring_copy_bynumber failed "
274 "for arg 3 for byte_extract");
278 if (bed->
name == NULL)
282 for (i = 4; i < ret; i++) {
283 char opt_str[64] =
"";
284 pcre2len =
sizeof(opt_str);
287 SCLogError(
"pcre2_substring_copy_bynumber failed "
288 "for arg %d for byte_extract with %d",
293 if (strcmp(
"relative", opt_str) == 0) {
296 "than once for byte_extract");
300 }
else if (strcmp(
"multiplier", opt_str) == 0) {
303 "than once for byte_extract");
309 char multiplier_str[16] =
"";
310 pcre2len =
sizeof(multiplier_str);
311 res = pcre2_substring_copy_bynumber(
312 match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
314 SCLogError(
"pcre2_substring_copy_bynumber failed "
315 "for arg %d for byte_extract",
324 "multiplier: \"%s\".",
329 }
else if (strcmp(
"big", opt_str) == 0) {
332 "more than once for byte_extract");
337 }
else if (strcmp(
"little", opt_str) == 0) {
340 "more than once for byte_extract");
345 }
else if (strcmp(
"dce", opt_str) == 0) {
348 "more than once for byte_extract");
353 }
else if (strcmp(
"string", opt_str) == 0) {
356 "than once for byte_extract");
361 "base is (string, base) and not (base, string) "
366 }
else if (strcmp(
"hex", opt_str) == 0) {
369 "without specifying string. The right way is "
370 "(string, base) and not (base, string)");
375 "specified for byte_extract");
379 }
else if (strcmp(
"oct", opt_str) == 0) {
382 "without specifying string. The right way is "
383 "(string, base) and not (base, string)");
388 "specified for byte_extract");
392 }
else if (strcmp(
"dec", opt_str) == 0) {
395 "without specifying string. The right way is "
396 "(string, base) and not (base, string)");
401 "specified for byte_extract");
405 }
else if (strcmp(
"align", opt_str) == 0) {
408 "than once for byte_extract");
414 char align_str[16] =
"";
415 pcre2len =
sizeof(align_str);
416 res = pcre2_substring_copy_bynumber(match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
418 SCLogError(
"pcre2_substring_copy_bynumber failed "
419 "for arg %d in byte_extract",
424 (
const char *)align_str) < 0) {
432 "byte_extract - \"%d\"",
436 }
else if (strcmp(
"", opt_str) == 0) {
440 "specified in byte_extract",
459 "endian \"big\" or \"little\" specified along with "
468 "more than %d bytes in \"string\" extraction",
477 "more than %d bytes in \"string\" extraction",
486 "more than %d bytes in \"string\" extraction",
496 "more than %d bytes in \"non-string\" extraction",
506 pcre2_match_data_free(match);
511 DetectByteExtractFree(
de_ctx, bed);
513 pcre2_match_data_free(match);
537 data = DetectByteExtractParse(
de_ctx, arg);
553 if (prev_pm == NULL) {
573 if (prev_pm == NULL) {
596 "A byte_jump keyword with dce holds other invalid modifiers.");
603 if (prev_bed_sm == NULL)
633 DetectByteExtractFree(
de_ctx, data);
646 if (bed->
name != NULL)
669 if (strcmp(bed->
name, arg) == 0) {
682 if (strcmp(bed->
name, arg) == 0) {
697 static int g_file_data_buffer_id = 0;
698 static int g_http_uri_buffer_id = 0;
700 static int DetectByteExtractTest01(
void)
710 strcmp(bed->
name,
"one") != 0 ||
722 DetectByteExtractFree(NULL, bed);
726 static int DetectByteExtractTest02(
void)
736 strcmp(bed->
name,
"one") != 0 ||
748 DetectByteExtractFree(NULL, bed);
752 static int DetectByteExtractTest03(
void)
762 strcmp(bed->
name,
"one") != 0 ||
774 DetectByteExtractFree(NULL, bed);
778 static int DetectByteExtractTest04(
void)
788 strcmp(bed->
name,
"one") != 0 ||
801 DetectByteExtractFree(NULL, bed);
805 static int DetectByteExtractTest05(
void)
815 strcmp(bed->
name,
"one") != 0 ||
827 DetectByteExtractFree(NULL, bed);
831 static int DetectByteExtractTest06(
void)
841 strcmp(bed->
name,
"one") != 0 ||
853 DetectByteExtractFree(NULL, bed);
857 static int DetectByteExtractTest07(
void)
867 strcmp(bed->
name,
"one") != 0 ||
879 DetectByteExtractFree(NULL, bed);
883 static int DetectByteExtractTest08(
void)
893 strcmp(bed->
name,
"one") != 0 ||
905 DetectByteExtractFree(NULL, bed);
909 static int DetectByteExtractTest09(
void)
919 strcmp(bed->
name,
"one") != 0 ||
931 DetectByteExtractFree(NULL, bed);
935 static int DetectByteExtractTest10(
void)
945 strcmp(bed->
name,
"one") != 0 ||
957 DetectByteExtractFree(NULL, bed);
961 static int DetectByteExtractTest11(
void)
971 strcmp(bed->
name,
"one") != 0 ||
983 DetectByteExtractFree(NULL, bed);
987 static int DetectByteExtractTest12(
void)
997 strcmp(bed->
name,
"one") != 0 ||
1010 DetectByteExtractFree(NULL, bed);
1014 static int DetectByteExtractTest13(
void)
1024 strcmp(bed->
name,
"one") != 0 ||
1038 DetectByteExtractFree(NULL, bed);
1042 static int DetectByteExtractTest14(
void)
1052 strcmp(bed->
name,
"one") != 0 ||
1066 DetectByteExtractFree(NULL, bed);
1070 static int DetectByteExtractTest15(
void)
1080 strcmp(bed->
name,
"one") != 0 ||
1094 DetectByteExtractFree(NULL, bed);
1098 static int DetectByteExtractTest16(
void)
1102 DetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
1108 strcmp(bed->
name,
"one") != 0 ||
1123 DetectByteExtractFree(NULL, bed);
1127 static int DetectByteExtractTest17(
void)
1132 "relative, little, "
1133 "multiplier 2, string hex");
1140 DetectByteExtractFree(NULL, bed);
1144 static int DetectByteExtractTest18(
void)
1149 "relative, little, "
1158 DetectByteExtractFree(NULL, bed);
1162 static int DetectByteExtractTest19(
void)
1167 "relative, little, "
1176 DetectByteExtractFree(NULL, bed);
1180 static int DetectByteExtractTest20(
void)
1194 DetectByteExtractFree(NULL, bed);
1198 static int DetectByteExtractTest21(
void)
1212 DetectByteExtractFree(NULL, bed);
1216 static int DetectByteExtractTest22(
void)
1230 DetectByteExtractFree(NULL, bed);
1234 static int DetectByteExtractTest23(
void)
1248 DetectByteExtractFree(NULL, bed);
1252 static int DetectByteExtractTest24(
void)
1265 DetectByteExtractFree(NULL, bed);
1269 static int DetectByteExtractTest25(
void)
1282 DetectByteExtractFree(NULL, bed);
1286 static int DetectByteExtractTest26(
void)
1293 "multiplier 65536");
1300 DetectByteExtractFree(NULL, bed);
1304 static int DetectByteExtractTest27(
void)
1318 DetectByteExtractFree(NULL, bed);
1322 static int DetectByteExtractTest28(
void)
1333 DetectByteExtractFree(NULL, bed);
1337 static int DetectByteExtractTest29(
void)
1348 DetectByteExtractFree(NULL, bed);
1352 static int DetectByteExtractTest30(
void)
1363 DetectByteExtractFree(NULL, bed);
1367 static int DetectByteExtractTest31(
void)
1378 DetectByteExtractFree(NULL, bed);
1382 static int DetectByteExtractTest32(
void)
1393 DetectByteExtractFree(NULL, bed);
1397 static int DetectByteExtractTest33(
void)
1408 DetectByteExtractFree(NULL, bed);
1412 static int DetectByteExtractTest34(
void)
1427 "(msg:\"Testing bytejump_body\"; "
1429 "byte_extract:4,2,two,relative,string,hex; "
1455 printf(
"one failed\n");
1488 static int DetectByteExtractTest35(
void)
1504 "(msg:\"Testing bytejump_body\"; "
1505 "content:\"one\"; pcre:/asf/; "
1506 "byte_extract:4,0,two,relative,string,hex; "
1532 printf(
"one failed\n");
1556 strcmp(bed->
name,
"two") != 0 ||
1576 static int DetectByteExtractTest36(
void)
1592 "(msg:\"Testing bytejump_body\"; "
1593 "content:\"one\"; byte_jump:1,13; "
1594 "byte_extract:4,0,two,relative,string,hex; "
1620 printf(
"one failed\n");
1631 if (bjd->
flags != 0) {
1644 strcmp(bed->
name,
"two") != 0 ||
1664 static int DetectByteExtractTest37(
void)
1680 "(msg:\"Testing bytejump_body\"; "
1681 "content:\"one\"; uricontent:\"two\"; "
1682 "byte_extract:4,0,two,relative,string,hex; "
1708 printf(
"one failed\n");
1713 if (sm->
next != NULL) {
1732 printf(
"two failed\n");
1745 strcmp(bed->
name,
"two") != 0 ||
1765 static int DetectByteExtractTest38(
void)
1781 "(msg:\"Testing bytejump_body\"; "
1782 "content:\"one\"; uricontent:\"two\"; "
1783 "byte_extract:4,0,two,string,hex; "
1809 printf(
"one failed\n");
1822 strcmp(bed->
name,
"two") != 0 ||
1845 printf(
"two failed\n");
1850 if (sm->
next != NULL) {
1865 static int DetectByteExtractTest39(
void)
1881 "(msg:\"Testing bytejump_body\"; "
1882 "content:\"one\"; content:\"two\"; http_uri; "
1883 "byte_extract:4,0,two,relative,string,hex; "
1909 printf(
"one failed\n");
1914 if (sm->
next != NULL) {
1933 printf(
"two failed\n");
1946 strcmp(bed->
name,
"two") != 0 ||
1966 static int DetectByteExtractTest40(
void)
1982 "(msg:\"Testing bytejump_body\"; "
1983 "content:\"one\"; content:\"two\"; http_uri; "
1984 "byte_extract:4,0,two,string,hex; "
2010 printf(
"one failed\n");
2023 strcmp(bed->
name,
"two") != 0 ||
2046 printf(
"two failed\n");
2051 if (sm->
next != NULL) {
2066 static int DetectByteExtractTest41(
void)
2081 "(msg:\"Testing bytejump_body\"; "
2083 "byte_extract:4,0,two,string,hex; "
2084 "byte_extract:4,0,three,string,hex; "
2110 printf(
"one failed\n");
2123 strcmp(bed->
name,
"two") != 0 ||
2144 strcmp(bed->
name,
"three") != 0 ||
2167 static int DetectByteExtractTest42(
void)
2183 "(msg:\"Testing bytejump_body\"; "
2185 "byte_extract:4,0,two,string,hex; "
2186 "uricontent: \"three\"; "
2187 "byte_extract:4,0,four,string,hex,relative; "
2188 "byte_extract:4,0,five,string,hex; "
2214 printf(
"one failed\n");
2227 strcmp(bed->
name,
"two") != 0 ||
2248 strcmp(bed->
name,
"five") != 0 ||
2261 if (sm->
next != NULL)
2278 printf(
"two failed\n");
2291 strcmp(bed->
name,
"four") != 0 ||
2305 if (sm->
next != NULL)
2318 static int DetectByteExtractTest43(
void)
2333 "(msg:\"Testing bytejump_body\"; "
2335 "byte_extract:4,0,two,string,hex; "
2336 "content: \"three\"; offset:two; "
2362 printf(
"one failed\n");
2375 strcmp(bed->
name,
"two") != 0 ||
2398 printf(
"three failed\n");
2403 if (sm->
next != NULL)
2416 static int DetectByteExtractTest44(
void)
2432 "(msg:\"Testing bytejump_body\"; "
2434 "byte_extract:4,0,two,string,hex; "
2435 "byte_extract:4,0,three,string,hex; "
2436 "content: \"four\"; offset:two; "
2437 "content: \"five\"; offset:three; "
2463 printf(
"one failed\n");
2476 strcmp(bed1->
name,
"two") != 0 ||
2506 printf(
"four failed\n");
2521 printf(
"five failed\n");
2526 if (sm->
next != NULL)
2539 static int DetectByteExtractTest45(
void)
2554 "(msg:\"Testing bytejump_body\"; "
2556 "byte_extract:4,0,two,string,hex; "
2557 "content: \"three\"; depth:two; "
2583 printf(
"one failed\n");
2596 strcmp(bed->
name,
"two") != 0 ||
2620 printf(
"three failed\n");
2625 if (sm->
next != NULL)
2638 static int DetectByteExtractTest46(
void)
2654 "(msg:\"Testing bytejump_body\"; "
2656 "byte_extract:4,0,two,string,hex; "
2657 "byte_extract:4,0,three,string,hex; "
2658 "content: \"four\"; depth:two; "
2659 "content: \"five\"; depth:three; "
2685 printf(
"one failed\n");
2698 strcmp(bed1->
name,
"two") != 0 ||
2728 printf(
"four failed\n");
2743 printf(
"five failed\n");
2748 if (sm->
next != NULL)
2761 static int DetectByteExtractTest47(
void)
2776 "(msg:\"Testing bytejump_body\"; "
2778 "byte_extract:4,0,two,string,hex; "
2779 "content: \"three\"; distance:two; "
2805 printf(
"one failed\n");
2818 strcmp(bed->
name,
"two") != 0 ||
2843 printf(
"three failed\n");
2848 if (sm->
next != NULL)
2861 static int DetectByteExtractTest48(
void)
2877 "(msg:\"Testing bytejump_body\"; "
2879 "byte_extract:4,0,two,string,hex; "
2880 "byte_extract:4,0,three,string,hex; "
2881 "content: \"four\"; distance:two; "
2882 "content: \"five\"; distance:three; "
2908 printf(
"one failed\n");
2921 strcmp(bed1->
name,
"two") != 0 ||
2954 printf(
"four failed\n");
2971 printf(
"five failed\n");
2976 if (sm->
next != NULL)
2989 static int DetectByteExtractTest49(
void)
3004 "(msg:\"Testing bytejump_body\"; "
3006 "byte_extract:4,0,two,string,hex; "
3007 "content: \"three\"; within:two; "
3033 printf(
"one failed\n");
3046 strcmp(bed->
name,
"two") != 0 ||
3072 printf(
"three failed\n");
3077 if (sm->
next != NULL)
3090 static int DetectByteExtractTest50(
void)
3106 "(msg:\"Testing bytejump_body\"; "
3108 "byte_extract:4,0,two,string,hex; "
3109 "byte_extract:4,0,three,string,hex; "
3110 "content: \"four\"; within:two; "
3111 "content: \"five\"; within:three; "
3137 printf(
"one failed\n");
3150 strcmp(bed1->
name,
"two") != 0 ||
3184 printf(
"four failed\n");
3202 printf(
"five failed\n");
3207 if (sm->
next != NULL)
3220 static int DetectByteExtractTest51(
void)
3236 "(msg:\"Testing bytejump_body\"; "
3238 "byte_extract:4,0,two,string,hex; "
3239 "byte_test: 2,=,10, two; "
3265 printf(
"one failed\n");
3278 strcmp(bed->
name,
"two") != 0 ||
3300 printf(
"three failed\n");
3305 if (sm->
next != NULL)
3318 static int DetectByteExtractTest52(
void)
3334 "(msg:\"Testing bytejump_body\"; "
3336 "byte_extract:4,0,two,string,hex; "
3337 "byte_extract:4,0,three,string,hex; "
3338 "byte_test: 2,=,two,three; "
3339 "byte_test: 3,=,10,three; "
3365 printf(
"one failed\n");
3378 strcmp(bed1->
name,
"two") != 0 ||
3407 printf(
"three failed\n");
3421 printf(
"four failed\n");
3426 if (sm->
next != NULL)
3439 static int DetectByteExtractTest53(
void)
3455 "(msg:\"Testing bytejump_body\"; "
3457 "byte_extract:4,0,two,string,hex; "
3458 "byte_jump: 2,two; "
3484 printf(
"one failed\n");
3497 strcmp(bed->
name,
"two") != 0 ||
3518 printf(
"three failed\n");
3523 if (sm->
next != NULL)
3536 static int DetectByteExtractTest54(
void)
3552 "(msg:\"Testing bytejump_body\"; "
3554 "byte_extract:4,0,two,string,hex; "
3555 "byte_extract:4,0,three,string,hex; "
3556 "byte_jump: 2,two; "
3557 "byte_jump: 3,three; "
3583 printf(
"one failed\n");
3596 strcmp(bed1->
name,
"two") != 0 ||
3623 printf(
"three failed\n");
3636 printf(
"four failed\n");
3641 if (sm->
next != NULL)
3654 static int DetectByteExtractTest55(
void)
3670 "(msg:\"Testing byte_extract\"; "
3672 "byte_extract:4,0,two,string,hex; "
3673 "byte_extract:4,0,three,string,hex; "
3674 "byte_extract:4,0,four,string,hex; "
3675 "byte_extract:4,0,five,string,hex; "
3676 "content: \"four\"; within:two; distance:three; "
3699 printf(
"one failed: ");
3710 strcmp(bed1->
name,
"two") != 0 ||
3750 printf(
"four failed: ");
3754 if (sm->
next != NULL) {
3768 static int DetectByteExtractTest56(
void)
3784 "(msg:\"Testing bytejump_body\"; "
3785 "uricontent:\"urione\"; "
3787 "byte_extract:4,0,two,string,hex; "
3788 "byte_extract:4,0,three,string,hex; "
3789 "byte_extract:4,0,four,string,hex; "
3790 "byte_extract:4,0,five,string,hex; "
3791 "content: \"four\"; within:two; distance:three; "
3817 printf(
"one failed\n");
3822 if (sm->
next != NULL)
3839 printf(
"one failed\n");
3852 strcmp(bed1->
name,
"two") != 0 ||
3897 printf(
"four failed\n");
3902 if (sm->
next != NULL) {
3916 static int DetectByteExtractTest57(
void)
3934 "(msg:\"Testing bytejump_body\"; "
3936 "uricontent: \"urione\"; "
3937 "byte_extract:4,0,two,string,hex,relative; "
3938 "byte_extract:4,0,three,string,hex,relative; "
3939 "byte_extract:4,0,four,string,hex,relative; "
3940 "byte_extract:4,0,five,string,hex,relative; "
3941 "uricontent: \"four\"; within:two; distance:three; "
3967 printf(
"one failed\n");
3972 if (sm->
next != NULL)
3989 printf(
"one failed\n");
4002 strcmp(bed1->
name,
"two") != 0 ||
4062 printf(
"four failed\n");
4067 if (sm->
next != NULL) {
4081 static int DetectByteExtractTest58(
void)
4098 "(msg:\"Testing bytejump_body\"; "
4100 "byte_extract:4,0,two,string,hex; "
4101 "byte_extract:4,0,three,string,hex; "
4102 "byte_jump: 2,two; "
4103 "byte_jump: 3,three; "
4130 printf(
"one failed\n");
4143 strcmp(bed1->
name,
"two") != 0 ||
4170 printf(
"three failed\n");
4183 printf(
"four failed\n");
4196 printf(
"isdataat failed\n");
4201 if (sm->
next != NULL)
4214 static int DetectByteExtractTest59(
void)
4231 "(msg:\"Testing bytejump_body\"; "
4233 "byte_extract:4,0,two,string,hex; "
4234 "byte_extract:4,0,three,string,hex; "
4235 "byte_jump: 2,two; "
4236 "byte_jump: 3,three; "
4237 "isdataat: three,relative; "
4263 printf(
"one failed\n");
4276 strcmp(bed1->
name,
"two") != 0 ||
4303 printf(
"three failed\n");
4316 printf(
"four failed\n");
4330 printf(
"isdataat failed\n");
4335 if (sm->
next != NULL)
4348 static int DetectByteExtractTest60(
void)
4364 "(msg:\"Testing bytejump_body\"; "
4366 "byte_extract:4,0,two,string,hex,relative; "
4367 "uricontent: \"three\"; "
4368 "byte_extract:4,0,four,string,hex,relative; "
4395 printf(
"one failed\n");
4408 strcmp(bed1->
name,
"two") != 0 ||
4430 printf(
"isdataat failed\n");
4435 if (sm->
next != NULL)
4450 printf(
"one failed\n");
4463 strcmp(bed1->
name,
"four") != 0 ||
4477 if (sm->
next != NULL)
4490 static int DetectByteExtractTest61(
void)
4506 "(msg:\"Testing bytejump_body\"; "
4508 "byte_extract:4,0,two,string,hex,relative; "
4509 "uricontent: \"three\"; "
4510 "byte_extract:4,0,four,string,hex,relative; "
4511 "isdataat: four, relative; "
4537 printf(
"one failed\n");
4550 strcmp(bed1->
name,
"two") != 0 ||
4564 if (sm->
next != NULL)
4579 printf(
"one failed\n");
4592 strcmp(bed1->
name,
"four") != 0 ||
4615 printf(
"isdataat failed\n");
4620 if (sm->
next != NULL)
4633 static int DetectByteExtractTest62(
void)
4647 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4663 strncmp(bed->
name,
"two", 3) != 0 ||
4682 static int DetectByteExtractTest63(
void)
4692 strcmp(bed->
name,
"one") != 0 ||
4704 DetectByteExtractFree(NULL, bed);
4708 static int DetectByteExtractTestParseNoBase(
void)
4722 if (strcmp(bed->
name,
"one") != 0) {
4744 DetectByteExtractFree(NULL, bed);
4748 static void DetectByteExtractRegisterTests(
void)
4753 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4754 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4755 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4756 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4757 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4758 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4759 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4760 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4761 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4762 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4763 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4764 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4765 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4766 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4767 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4768 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4769 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4770 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4771 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4772 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4773 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4774 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4775 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4776 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4777 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4778 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4779 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4780 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4781 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4782 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4783 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4784 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4785 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4786 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4787 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4788 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4789 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4790 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4791 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4792 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4793 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4794 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4796 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4797 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4799 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4800 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4802 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4803 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4805 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4806 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4808 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4809 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4811 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4812 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4814 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4815 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4816 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4818 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4819 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4820 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4821 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4822 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4823 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4826 DetectByteExtractTestParseNoBase);