48 #define DETECT_BYTE_EXTRACT_BASE_HEX BaseHex
49 #define DETECT_BYTE_EXTRACT_BASE_DEC BaseDec
50 #define DETECT_BYTE_EXTRACT_BASE_OCT BaseOct
54 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
55 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
56 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
58 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
62 static void DetectByteExtractRegisterTests(
void);
95 SCDetectByteExtractData *data = (SCDetectByteExtractData *)smd->
ctx;
96 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
97 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
98 "data->offset %"PRIu32
"", det_ctx->
buffer_offset, data->offset);
112 SCLogDebug(
"absolute, data->offset %"PRIu32
"", data->offset);
114 ptr = payload + data->offset;
119 if (ptr < payload || data->nbytes >
len) {
120 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
121 payload, ptr,
len, data->nbytes);
128 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
130 data->nbytes, (
const char *)ptr);
137 SCLogDebug(
"error extracting %d bytes of string data: %d",
138 data->nbytes, extbytes);
145 if (extbytes != data->nbytes) {
146 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
147 data->nbytes, extbytes);
153 val *= data->multiplier_value;
154 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) {
155 if ((val % data->align_value) != 0) {
156 val += data->align_value - (val % data->align_value);
165 SCLogDebug(
"extracted value is %"PRIu64, val);
179 static inline SCDetectByteExtractData *DetectByteExtractParse(
182 SCDetectByteExtractData *bed = SCByteExtractParse(arg);
188 if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_SLICE) {
189 SCLogError(
"byte_extract slice not yet supported; see issue #6831");
192 if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
198 "more than %d bytes in \"string\" extraction",
207 "more than %d bytes in \"string\" extraction",
216 "more than %d bytes in \"string\" extraction",
226 "more than %d bytes in \"non-string\" extraction",
232 if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN))
233 bed->endian = BigEndian;
239 DetectByteExtractFree(
de_ctx, bed);
259 SCDetectByteExtractData *data = NULL;
262 data = DetectByteExtractParse(
de_ctx, arg);
270 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
273 }
else if (data->endian == EndianDCE) {
274 if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
278 if (prev_pm == NULL) {
292 }
else if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
297 if (prev_pm == NULL) {
309 if (data->endian == EndianDCE) {
313 if ((DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ==
314 (data->flags & (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING))) {
316 "A byte_jump keyword with dce holds other invalid modifiers.");
323 if (prev_bed_sm == NULL)
326 data->local_id = ((SCDetectByteExtractData *)prev_bed_sm->
ctx)->local_id + 1;
335 if (!(data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE))
353 DetectByteExtractFree(
de_ctx, data);
364 SCByteExtractFree(ptr);
381 const SCDetectByteExtractData *bed = (
const SCDetectByteExtractData *)sm->
ctx;
382 if (strcmp(bed->name, arg) == 0) {
394 const SCDetectByteExtractData *bed = (
const SCDetectByteExtractData *)sm->
ctx;
395 if (strcmp(bed->name, arg) == 0) {
412 static int g_file_data_buffer_id = 0;
413 static int g_http_uri_buffer_id = 0;
415 static int DetectByteExtractTest01(
void)
419 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one");
423 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 || bed->flags != 0 ||
424 bed->endian != BigEndian || bed->align_value != 0 ||
425 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
432 DetectByteExtractFree(NULL, bed);
436 static int DetectByteExtractTest02(
void)
440 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, relative");
444 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
445 bed->flags != DETECT_BYTE_EXTRACT_FLAG_RELATIVE || bed->endian != BigEndian ||
446 bed->align_value != 0 ||
447 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
454 DetectByteExtractFree(NULL, bed);
458 static int DetectByteExtractTest03(
void)
462 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, multiplier 10");
466 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
467 bed->flags != DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER || bed->endian != BigEndian ||
468 bed->align_value != 0 || bed->multiplier_value != 10) {
475 DetectByteExtractFree(NULL, bed);
479 static int DetectByteExtractTest04(
void)
483 SCDetectByteExtractData *bed =
484 DetectByteExtractParse(NULL,
"4, 2, one, relative, multiplier 10");
488 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
490 (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) ||
491 bed->endian != BigEndian || bed->align_value != 0 || bed->multiplier_value != 10) {
498 DetectByteExtractFree(NULL, bed);
502 static int DetectByteExtractTest05(
void)
506 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, big");
510 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
511 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != BigEndian ||
512 bed->align_value != 0 ||
513 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
520 DetectByteExtractFree(NULL, bed);
524 static int DetectByteExtractTest06(
void)
528 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, little");
532 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
533 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != LittleEndian ||
534 bed->align_value != 0 ||
535 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
542 DetectByteExtractFree(NULL, bed);
546 static int DetectByteExtractTest07(
void)
550 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, dce");
554 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
555 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ENDIAN || bed->endian != EndianDCE ||
556 bed->align_value != 0 ||
557 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
564 DetectByteExtractFree(NULL, bed);
568 static int DetectByteExtractTest08(
void)
572 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, hex");
576 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
577 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
579 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
586 DetectByteExtractFree(NULL, bed);
590 static int DetectByteExtractTest09(
void)
594 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, oct");
598 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
599 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
601 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
608 DetectByteExtractFree(NULL, bed);
612 static int DetectByteExtractTest10(
void)
616 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string, dec");
620 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
622 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
629 DetectByteExtractFree(NULL, bed);
633 static int DetectByteExtractTest11(
void)
637 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4");
641 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
642 bed->flags != DETECT_BYTE_EXTRACT_FLAG_ALIGN || bed->endian != BigEndian ||
643 bed->align_value != 4 ||
644 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
651 DetectByteExtractFree(NULL, bed);
655 static int DetectByteExtractTest12(
void)
659 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative");
663 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
664 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
665 bed->endian != BigEndian || bed->align_value != 4 ||
666 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
673 DetectByteExtractFree(NULL, bed);
677 static int DetectByteExtractTest13(
void)
681 SCDetectByteExtractData *bed =
682 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, big");
686 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
687 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
688 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
689 bed->endian != BigEndian || bed->align_value != 4 ||
690 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
697 DetectByteExtractFree(NULL, bed);
701 static int DetectByteExtractTest14(
void)
705 SCDetectByteExtractData *bed =
706 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, dce");
710 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
711 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
712 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
713 bed->endian != EndianDCE || bed->align_value != 4 ||
714 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
721 DetectByteExtractFree(NULL, bed);
725 static int DetectByteExtractTest15(
void)
729 SCDetectByteExtractData *bed =
730 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little");
734 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
735 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
736 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
737 bed->endian != LittleEndian || bed->align_value != 4 ||
738 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
745 DetectByteExtractFree(NULL, bed);
749 static int DetectByteExtractTest16(
void)
753 SCDetectByteExtractData *bed =
754 DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
758 if (bed->nbytes != 4 || bed->offset != 2 || strcmp(bed->name,
"one") != 0 ||
759 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_ALIGN | DETECT_BYTE_EXTRACT_FLAG_RELATIVE |
760 DETECT_BYTE_EXTRACT_FLAG_ENDIAN |
761 DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) ||
762 bed->endian != LittleEndian || bed->align_value != 4 || bed->multiplier_value != 2) {
769 DetectByteExtractFree(NULL, bed);
773 static int DetectByteExtractTest17(
void)
777 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
779 "multiplier 2, string hex");
786 DetectByteExtractFree(NULL, bed);
790 static int DetectByteExtractTest18(
void)
794 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
804 DetectByteExtractFree(NULL, bed);
808 static int DetectByteExtractTest19(
void)
812 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
822 DetectByteExtractFree(NULL, bed);
826 static int DetectByteExtractTest20(
void)
830 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
840 DetectByteExtractFree(NULL, bed);
844 static int DetectByteExtractTest21(
void)
848 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
858 DetectByteExtractFree(NULL, bed);
862 static int DetectByteExtractTest22(
void)
866 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
876 DetectByteExtractFree(NULL, bed);
880 static int DetectByteExtractTest23(
void)
884 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
894 DetectByteExtractFree(NULL, bed);
898 static int DetectByteExtractTest24(
void)
902 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"24, 2, one, align 4, "
911 DetectByteExtractFree(NULL, bed);
915 static int DetectByteExtractTest25(
void)
919 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"9, 2, one, align 4, "
928 DetectByteExtractFree(NULL, bed);
932 static int DetectByteExtractTest26(
void)
936 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
946 DetectByteExtractFree(NULL, bed);
950 static int DetectByteExtractTest27(
void)
954 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, "
964 DetectByteExtractFree(NULL, bed);
968 static int DetectByteExtractTest28(
void)
972 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"23, 2, one, string, oct");
979 DetectByteExtractFree(NULL, bed);
983 static int DetectByteExtractTest29(
void)
987 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"24, 2, one, string, oct");
994 DetectByteExtractFree(NULL, bed);
998 static int DetectByteExtractTest30(
void)
1002 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"20, 2, one, string, dec");
1009 DetectByteExtractFree(NULL, bed);
1013 static int DetectByteExtractTest31(
void)
1017 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"21, 2, one, string, dec");
1024 DetectByteExtractFree(NULL, bed);
1028 static int DetectByteExtractTest32(
void)
1032 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"14, 2, one, string, hex");
1039 DetectByteExtractFree(NULL, bed);
1043 static int DetectByteExtractTest33(
void)
1047 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"15, 2, one, string, hex");
1054 DetectByteExtractFree(NULL, bed);
1058 static int DetectByteExtractTest34(
void)
1065 SCDetectByteExtractData *bed = NULL;
1073 "(msg:\"Testing bytejump_body\"; "
1075 "byte_extract:4,2,two,relative,string,hex; "
1101 printf(
"one failed\n");
1111 bed = (SCDetectByteExtractData *)sm->
ctx;
1112 if (bed->nbytes != 4 || bed->offset != 2 || strncmp(bed->name,
"two", cd->
content_len) != 0 ||
1113 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1114 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1116 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1130 static int DetectByteExtractTest35(
void)
1138 SCDetectByteExtractData *bed = NULL;
1146 "(msg:\"Testing bytejump_body\"; "
1147 "content:\"one\"; pcre:/asf/; "
1148 "byte_extract:4,0,two,relative,string,hex; "
1174 printf(
"one failed\n");
1195 bed = (SCDetectByteExtractData *)sm->
ctx;
1196 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1197 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1198 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1200 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1214 static int DetectByteExtractTest36(
void)
1221 "content:\"one\"; byte_jump:1,13; "
1222 "byte_extract:4,0,two,relative,string,hex; "
1245 SCDetectByteExtractData *bed = (SCDetectByteExtractData *)sm->
ctx;
1248 FAIL_IF(strcmp(bed->name,
"two") != 0);
1249 FAIL_IF(bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1250 DETECT_BYTE_EXTRACT_FLAG_STRING));
1252 FAIL_IF(bed->align_value != 0);
1253 FAIL_IF(bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
1259 static int DetectByteExtractTest37(
void)
1267 SCDetectByteExtractData *bed = NULL;
1275 "(msg:\"Testing bytejump_body\"; "
1276 "content:\"one\"; uricontent:\"two\"; "
1277 "byte_extract:4,0,two,relative,string,hex; "
1303 printf(
"one failed\n");
1308 if (sm->
next != NULL) {
1327 printf(
"two failed\n");
1337 bed = (SCDetectByteExtractData *)sm->
ctx;
1338 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1339 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1340 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1342 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1356 static int DetectByteExtractTest38(
void)
1364 SCDetectByteExtractData *bed = NULL;
1372 "(msg:\"Testing bytejump_body\"; "
1373 "content:\"one\"; uricontent:\"two\"; "
1374 "byte_extract:4,0,two,string,hex; "
1400 printf(
"one failed\n");
1410 bed = (SCDetectByteExtractData *)sm->
ctx;
1411 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1412 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1414 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1432 printf(
"two failed\n");
1437 if (sm->
next != NULL) {
1452 static int DetectByteExtractTest39(
void)
1460 SCDetectByteExtractData *bed = NULL;
1468 "(msg:\"Testing bytejump_body\"; "
1469 "content:\"one\"; content:\"two\"; http_uri; "
1470 "byte_extract:4,0,two,relative,string,hex; "
1496 printf(
"one failed\n");
1501 if (sm->
next != NULL) {
1520 printf(
"two failed\n");
1530 bed = (SCDetectByteExtractData *)sm->
ctx;
1531 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1532 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1533 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1535 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1549 static int DetectByteExtractTest40(
void)
1557 SCDetectByteExtractData *bed = NULL;
1565 "(msg:\"Testing bytejump_body\"; "
1566 "content:\"one\"; content:\"two\"; http_uri; "
1567 "byte_extract:4,0,two,string,hex; "
1593 printf(
"one failed\n");
1603 bed = (SCDetectByteExtractData *)sm->
ctx;
1604 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1605 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1607 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1625 printf(
"two failed\n");
1630 if (sm->
next != NULL) {
1645 static int DetectByteExtractTest41(
void)
1652 SCDetectByteExtractData *bed = NULL;
1660 "(msg:\"Testing bytejump_body\"; "
1662 "byte_extract:4,0,two,string,hex; "
1663 "byte_extract:4,0,three,string,hex; "
1689 printf(
"one failed\n");
1699 bed = (SCDetectByteExtractData *)sm->
ctx;
1700 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1701 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1703 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1706 if (bed->local_id != 0) {
1716 bed = (SCDetectByteExtractData *)sm->
ctx;
1717 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"three") != 0 ||
1718 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1720 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1723 if (bed->local_id != 1) {
1738 static int DetectByteExtractTest42(
void)
1746 SCDetectByteExtractData *bed = NULL;
1754 "(msg:\"Testing bytejump_body\"; "
1756 "byte_extract:4,0,two,string,hex; "
1757 "uricontent: \"three\"; "
1758 "byte_extract:4,0,four,string,hex,relative; "
1759 "byte_extract:4,0,five,string,hex; "
1785 printf(
"one failed\n");
1795 bed = (SCDetectByteExtractData *)sm->
ctx;
1796 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1797 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1799 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1802 if (bed->local_id != 0) {
1812 bed = (SCDetectByteExtractData *)sm->
ctx;
1813 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"five") != 0 ||
1814 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
1816 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1819 if (bed->local_id != 1) {
1824 if (sm->
next != NULL)
1841 printf(
"two failed\n");
1851 bed = (SCDetectByteExtractData *)sm->
ctx;
1852 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"four") != 0 ||
1853 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_RELATIVE | DETECT_BYTE_EXTRACT_FLAG_BASE |
1854 DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1856 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1859 if (bed->local_id != 0) {
1864 if (sm->
next != NULL)
1877 static int DetectByteExtractTest43(
void)
1884 SCDetectByteExtractData *bed = NULL;
1892 "(msg:\"Testing bytejump_body\"; "
1894 "byte_extract:4,0,two,string,hex; "
1895 "content: \"three\"; offset:two; "
1921 printf(
"one failed\n");
1931 bed = (SCDetectByteExtractData *)sm->
ctx;
1932 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
1933 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING) ||
1935 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
1938 if (bed->local_id != 0) {
1951 cd->
offset != bed->local_id) {
1952 printf(
"three failed\n");
1957 if (sm->
next != NULL)
1970 static int DetectByteExtractTest44(
void)
1977 SCDetectByteExtractData *bed1 = NULL;
1978 SCDetectByteExtractData *bed2 = NULL;
1986 "(msg:\"Testing bytejump_body\"; "
1988 "byte_extract:4,0,two,string,hex; "
1989 "byte_extract:4,0,three,string,hex; "
1990 "content: \"four\"; offset:two; "
1991 "content: \"five\"; offset:three; "
2017 printf(
"one failed\n");
2027 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2028 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2029 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2031 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2034 if (bed1->local_id != 0) {
2044 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2054 cd->
offset != bed1->local_id) {
2055 printf(
"four failed\n");
2069 cd->
offset != bed2->local_id) {
2070 printf(
"five failed\n");
2075 if (sm->
next != NULL)
2088 static int DetectByteExtractTest45(
void)
2095 SCDetectByteExtractData *bed = NULL;
2103 "(msg:\"Testing bytejump_body\"; "
2105 "byte_extract:4,0,two,string,hex; "
2106 "content: \"three\"; depth:two; "
2132 printf(
"one failed\n");
2142 bed = (SCDetectByteExtractData *)sm->
ctx;
2143 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2144 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2146 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2149 if (bed->local_id != 0) {
2163 printf(
"three failed\n");
2168 if (sm->
next != NULL)
2181 static int DetectByteExtractTest46(
void)
2188 SCDetectByteExtractData *bed1 = NULL;
2189 SCDetectByteExtractData *bed2 = NULL;
2197 "(msg:\"Testing bytejump_body\"; "
2199 "byte_extract:4,0,two,string,hex; "
2200 "byte_extract:4,0,three,string,hex; "
2201 "content: \"four\"; depth:two; "
2202 "content: \"five\"; depth:three; "
2228 printf(
"one failed\n");
2238 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2239 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2240 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2242 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2245 if (bed1->local_id != 0) {
2255 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2265 cd->
depth != bed1->local_id) {
2266 printf(
"four failed\n");
2280 cd->
depth != bed2->local_id) {
2281 printf(
"five failed\n");
2286 if (sm->
next != NULL)
2299 static int DetectByteExtractTest47(
void)
2306 SCDetectByteExtractData *bed = NULL;
2314 "(msg:\"Testing bytejump_body\"; "
2316 "byte_extract:4,0,two,string,hex; "
2317 "content: \"three\"; distance:two; "
2343 printf(
"one failed\n");
2353 bed = (SCDetectByteExtractData *)sm->
ctx;
2354 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2355 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2357 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2360 if (bed->local_id != 0) {
2375 printf(
"three failed\n");
2380 if (sm->
next != NULL)
2393 static int DetectByteExtractTest48(
void)
2400 SCDetectByteExtractData *bed1 = NULL;
2401 SCDetectByteExtractData *bed2 = NULL;
2409 "(msg:\"Testing bytejump_body\"; "
2411 "byte_extract:4,0,two,string,hex; "
2412 "byte_extract:4,0,three,string,hex; "
2413 "content: \"four\"; distance:two; "
2414 "content: \"five\"; distance:three; "
2440 printf(
"one failed\n");
2450 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2451 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2452 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2454 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2457 if (bed1->local_id != 0) {
2467 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2479 printf(
"four failed\n");
2496 printf(
"five failed\n");
2501 if (sm->
next != NULL)
2514 static int DetectByteExtractTest49(
void)
2521 SCDetectByteExtractData *bed = NULL;
2529 "(msg:\"Testing bytejump_body\"; "
2531 "byte_extract:4,0,two,string,hex; "
2532 "content: \"three\"; within:two; "
2558 printf(
"one failed\n");
2568 bed = (SCDetectByteExtractData *)sm->
ctx;
2569 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2570 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2572 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2575 if (bed->local_id != 0) {
2589 printf(
"three failed\n");
2594 if (sm->
next != NULL)
2607 static int DetectByteExtractTest50(
void)
2614 SCDetectByteExtractData *bed1 = NULL;
2615 SCDetectByteExtractData *bed2 = NULL;
2623 "(msg:\"Testing bytejump_body\"; "
2625 "byte_extract:4,0,two,string,hex; "
2626 "byte_extract:4,0,three,string,hex; "
2627 "content: \"four\"; within:two; "
2628 "content: \"five\"; within:three; "
2654 printf(
"one failed\n");
2664 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2665 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2666 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2668 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2671 if (bed1->local_id != 0) {
2681 bed2 = (SCDetectByteExtractData *)sm->
ctx;
2694 printf(
"four failed\n");
2708 cd->
within != bed2->local_id ||
2712 printf(
"five failed\n");
2717 if (sm->
next != NULL)
2730 static int DetectByteExtractTest51(
void)
2737 SCDetectByteExtractData *bed = NULL;
2746 "(msg:\"Testing bytejump_body\"; "
2748 "byte_extract:4,0,two,string,hex; "
2749 "byte_test: 2,=,10, two; "
2775 printf(
"one failed\n");
2785 bed = (SCDetectByteExtractData *)sm->
ctx;
2786 if (bed->nbytes != 4 || bed->offset != 0 || strcmp(bed->name,
"two") != 0 ||
2787 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2789 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2792 if (bed->local_id != 0) {
2806 printf(
"three failed\n");
2811 if (sm->
next != NULL)
2824 static int DetectByteExtractTest52(
void)
2831 SCDetectByteExtractData *bed1 = NULL;
2840 "(msg:\"Testing bytejump_body\"; "
2842 "byte_extract:4,0,two,string,hex; "
2843 "byte_extract:4,0,three,string,hex; "
2844 "byte_test: 2,=,two,three; "
2845 "byte_test: 3,=,10,three; "
2871 printf(
"one failed\n");
2881 bed1 = (SCDetectByteExtractData *)sm->
ctx;
2882 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
2883 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
2885 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
2888 if (bed1->local_id != 0) {
2909 printf(
"three failed\n");
2923 printf(
"four failed\n");
2928 if (sm->
next != NULL)
2941 static int DetectByteExtractTest53(
void)
2949 "byte_extract:4,0,two,string,hex; "
2950 "byte_jump: 2,two; "
2963 SCDetectByteExtractData *bed = (SCDetectByteExtractData *)sm->
ctx;
2967 FAIL_IF(strcmp(bed->name,
"two") != 0);
2968 FAIL_IF(bed->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING));
2970 FAIL_IF(bed->align_value != 0);
2971 FAIL_IF(bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
2987 static int DetectByteExtractTest54(
void)
2994 SCDetectByteExtractData *bed1 = NULL;
3003 "(msg:\"Testing bytejump_body\"; "
3005 "byte_extract:4,0,two,string,hex; "
3006 "byte_extract:4,0,three,string,hex; "
3007 "byte_jump: 2,two; "
3008 "byte_jump: 3,three; "
3034 printf(
"one failed\n");
3044 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3045 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3046 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3048 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3051 if (bed1->local_id != 0) {
3069 printf(
"three failed\n");
3083 if (sm->
next != NULL)
3096 static int DetectByteExtractTest55(
void)
3103 SCDetectByteExtractData *bed1 = NULL;
3104 SCDetectByteExtractData *bed2 = NULL;
3112 "(msg:\"Testing byte_extract\"; "
3114 "byte_extract:4,0,two,string,hex; "
3115 "byte_extract:4,0,three,string,hex; "
3116 "byte_extract:4,0,four,string,hex; "
3117 "byte_extract:4,0,five,string,hex; "
3118 "content: \"four\"; within:two; distance:three; "
3141 printf(
"one failed: ");
3149 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3150 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3151 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3153 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3156 if (bed1->local_id != 0) {
3164 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3185 cd->
within != bed1->local_id || cd->
distance != bed2->local_id) {
3186 printf(
"four failed: ");
3190 if (sm->
next != NULL) {
3204 static int DetectByteExtractTest56(
void)
3211 SCDetectByteExtractData *bed1 = NULL;
3212 SCDetectByteExtractData *bed2 = NULL;
3220 "(msg:\"Testing bytejump_body\"; "
3221 "uricontent:\"urione\"; "
3223 "byte_extract:4,0,two,string,hex; "
3224 "byte_extract:4,0,three,string,hex; "
3225 "byte_extract:4,0,four,string,hex; "
3226 "byte_extract:4,0,five,string,hex; "
3227 "content: \"four\"; within:two; distance:three; "
3253 printf(
"one failed\n");
3258 if (sm->
next != NULL)
3275 printf(
"one failed\n");
3285 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3286 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3287 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3289 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3292 if (bed1->local_id != 0) {
3302 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3327 cd->
within != bed1->local_id ||
3329 printf(
"four failed\n");
3334 if (sm->
next != NULL) {
3348 static int DetectByteExtractTest57(
void)
3355 SCDetectByteExtractData *bed1 = NULL;
3356 SCDetectByteExtractData *bed2 = NULL;
3357 SCDetectByteExtractData *bed3 = NULL;
3358 SCDetectByteExtractData *bed4 = NULL;
3366 "(msg:\"Testing bytejump_body\"; "
3368 "uricontent: \"urione\"; "
3369 "byte_extract:4,0,two,string,hex,relative; "
3370 "byte_extract:4,0,three,string,hex,relative; "
3371 "byte_extract:4,0,four,string,hex,relative; "
3372 "byte_extract:4,0,five,string,hex,relative; "
3373 "uricontent: \"four\"; within:two; distance:three; "
3399 printf(
"one failed\n");
3404 if (sm->
next != NULL)
3421 printf(
"one failed\n");
3431 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3432 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3433 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3434 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3436 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3439 if (bed1->local_id != 0) {
3449 bed2 = (SCDetectByteExtractData *)sm->
ctx;
3450 if (bed2->local_id != 1) {
3460 bed3 = (SCDetectByteExtractData *)sm->
ctx;
3461 if (bed3->local_id != 2) {
3471 bed4 = (SCDetectByteExtractData *)sm->
ctx;
3472 if (bed4->local_id != 3) {
3488 cd->
within != bed1->local_id ||
3490 printf(
"four failed\n");
3495 if (sm->
next != NULL) {
3509 static int DetectByteExtractTest58(
void)
3516 SCDetectByteExtractData *bed1 = NULL;
3526 "(msg:\"Testing bytejump_body\"; "
3528 "byte_extract:4,0,two,string,hex; "
3529 "byte_extract:4,0,three,string,hex; "
3530 "byte_jump: 2,two; "
3531 "byte_jump: 3,three; "
3558 printf(
"one failed\n");
3568 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3569 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3570 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE) ||
3572 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3575 if (bed1->local_id != 0) {
3593 printf(
"three failed\n");
3605 printf(
"four failed\n");
3618 printf(
"isdataat failed\n");
3623 if (sm->
next != NULL)
3636 static int DetectByteExtractTest59(
void)
3644 "byte_extract:4,0,two,string,hex; "
3645 "byte_extract:4,0,three,string,hex; "
3646 "byte_jump: 2,two; "
3647 "byte_jump: 3,three; "
3648 "isdataat: three,relative; "
3670 SCDetectByteExtractData *bed1 = (SCDetectByteExtractData *)sm->
ctx;
3673 FAIL_IF(strcmp(bed1->name,
"two") != 0);
3675 FAIL_IF(bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_BASE | DETECT_BYTE_EXTRACT_FLAG_STRING));
3678 FAIL_IF(bed1->align_value != 0);
3679 FAIL_IF(bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
3716 static int DetectByteExtractTest60(
void)
3723 SCDetectByteExtractData *bed1 = NULL;
3732 "(msg:\"Testing bytejump_body\"; "
3734 "byte_extract:4,0,two,string,hex,relative; "
3735 "uricontent: \"three\"; "
3736 "byte_extract:4,0,four,string,hex,relative; "
3763 printf(
"one failed\n");
3773 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3774 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3775 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3776 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3778 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3781 if (bed1->local_id != 0) {
3793 isdd->
dataat != bed1->local_id) {
3794 printf(
"isdataat failed\n");
3799 if (sm->
next != NULL)
3814 printf(
"one failed\n");
3824 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3825 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"four") != 0 ||
3826 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3827 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3829 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3832 if (bed1->local_id != 0) {
3837 if (sm->
next != NULL)
3850 static int DetectByteExtractTest61(
void)
3857 SCDetectByteExtractData *bed1 = NULL;
3866 "(msg:\"Testing bytejump_body\"; "
3868 "byte_extract:4,0,two,string,hex,relative; "
3869 "uricontent: \"three\"; "
3870 "byte_extract:4,0,four,string,hex,relative; "
3871 "isdataat: four, relative; "
3897 printf(
"one failed\n");
3907 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3908 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"two") != 0 ||
3909 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3910 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3912 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3915 if (bed1->local_id != 0) {
3920 if (sm->
next != NULL)
3935 printf(
"one failed\n");
3945 bed1 = (SCDetectByteExtractData *)sm->
ctx;
3946 if (bed1->nbytes != 4 || bed1->offset != 0 || strcmp(bed1->name,
"four") != 0 ||
3947 bed1->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
3948 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
3950 bed1->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
3953 if (bed1->local_id != 0) {
3966 isdd->
dataat != bed1->local_id) {
3967 printf(
"isdataat failed\n");
3972 if (sm->
next != NULL)
3985 static int DetectByteExtractTest62(
void)
3991 SCDetectByteExtractData *bed = NULL;
3999 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4012 bed = (SCDetectByteExtractData *)sm->
ctx;
4013 if (bed->nbytes != 4 || bed->offset != 2 || strncmp(bed->name,
"two", 3) != 0 ||
4014 bed->flags != (DETECT_BYTE_EXTRACT_FLAG_STRING | DETECT_BYTE_EXTRACT_FLAG_BASE |
4015 DETECT_BYTE_EXTRACT_FLAG_RELATIVE) ||
4017 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4031 static int DetectByteExtractTest63(
void)
4035 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, -2, one");
4039 if (bed->nbytes != 4 || bed->offset != -2 || strcmp(bed->name,
"one") != 0 || bed->flags != 0 ||
4040 bed->endian != BigEndian || bed->align_value != 0 ||
4041 bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4048 DetectByteExtractFree(NULL, bed);
4052 static int DetectByteExtractTestParseNoBase(
void)
4056 SCDetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, string");
4060 if (bed->nbytes != 4) {
4063 if (bed->offset != 2) {
4066 if (strcmp(bed->name,
"one") != 0) {
4069 if (bed->flags != DETECT_BYTE_EXTRACT_FLAG_STRING) {
4075 if (bed->align_value != 0) {
4078 if (bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
4085 DetectByteExtractFree(NULL, bed);
4089 static void DetectByteExtractRegisterTests(
void)
4094 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4095 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4096 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4097 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4098 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4099 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4100 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4101 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4102 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4103 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4104 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4105 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4106 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4107 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4108 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4109 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4110 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4111 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4112 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4113 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4114 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4115 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4116 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4117 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4118 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4119 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4120 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4121 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4122 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4123 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4124 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4125 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4126 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4127 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4128 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4129 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4130 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4131 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4132 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4133 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4134 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4135 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4137 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4138 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4140 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4141 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4143 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4144 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4146 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4147 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4149 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4150 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4152 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4153 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4155 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4156 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4157 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4159 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4160 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4161 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4162 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4163 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4164 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4167 DetectByteExtractTestParseNoBase);