42 #define DETECT_CSUM_VALID "valid"
43 #define DETECT_CSUM_INVALID "invalid"
94 static void DetectCsumRegisterTests(
void);
192 static int DetectCsumParseArg(
const char *key,
DetectCsumData *cd)
196 if (key[0] ==
'\"' && key[strlen(key) - 1] ==
'\"') {
201 str[strlen(key) - 2] =
'\0';
283 if (DetectCsumParseArg(csum_str, cd) == 0)
295 DetectIPV4CsumFree(
de_ctx, cd);
373 if (DetectCsumParseArg(csum_str, cd) == 0)
385 DetectTCPV4CsumFree(
de_ctx, cd);
463 if (DetectCsumParseArg(csum_str, cd) == 0)
475 DetectTCPV6CsumFree(
de_ctx, cd);
553 if (DetectCsumParseArg(csum_str, cd) == 0)
565 DetectUDPV4CsumFree(
de_ctx, cd);
643 if (DetectCsumParseArg(csum_str, cd) == 0)
655 DetectUDPV6CsumFree(
de_ctx, cd);
731 if (DetectCsumParseArg(csum_str, cd) == 0)
743 DetectICMPV4CsumFree(
de_ctx, cd);
822 if (DetectCsumParseArg(csum_str, cd) == 0)
834 DetectICMPV6CsumFree(
de_ctx, cd);
858 #define TEST1(kwstr) {\
859 DetectEngineCtx *de_ctx = DetectEngineCtxInit();\
860 FAIL_IF_NULL(de_ctx);\
861 de_ctx->flags = DE_QUIET;\
863 Signature *s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:valid; sid:1;)");\
865 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:invalid; sid:2;)");\
867 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:vaLid; sid:3;)");\
869 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:VALID; sid:4;)");\
871 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:iNvaLid; sid:5;)");\
873 DetectEngineCtxFree(de_ctx);\
877 static int DetectCsumValidArgsTestParse01(
void)
890 #define TEST2(kwstr) \
892 DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \
893 FAIL_IF_NULL(de_ctx); \
894 Signature *s = DetectEngineAppendSig( \
895 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxx; sid:1;)"); \
897 s = DetectEngineAppendSig( \
898 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxxxxxx; sid:2;)"); \
900 s = DetectEngineAppendSig( \
901 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxxxx; sid:3;)"); \
903 s = DetectEngineAppendSig( \
904 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:XXXXXX; sid:4;)"); \
906 s = DetectEngineAppendSig( \
907 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:XxXxXxX; sid:5;)"); \
909 DetectEngineCtxFree(de_ctx); \
912 static int DetectCsumInvalidArgsTestParse02(
void)
925 #define TEST3(kwstr, kwtype) { \
926 DetectEngineCtx *de_ctx = DetectEngineCtxInit();\
927 FAIL_IF_NULL(de_ctx);\
928 Signature *s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:valid; sid:1;)");\
930 SigMatch *sm = DetectGetLastSMFromLists(s, (kwtype), -1);\
932 FAIL_IF_NULL(sm->ctx);\
933 FAIL_IF_NOT(((DetectCsumData *)sm->ctx)->valid == 1);\
934 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:INVALID; sid:2;)");\
936 sm = DetectGetLastSMFromLists(s, (kwtype), -1);\
938 FAIL_IF_NULL(sm->ctx);\
939 FAIL_IF_NOT(((DetectCsumData *)sm->ctx)->valid == 0);\
940 DetectEngineCtxFree(de_ctx);\
943 static int DetectCsumValidArgsTestParse03(
void)
959 static int DetectCsumICMPV6Test01(
void)
971 0x00, 0x30, 0x18, 0xa8, 0x7c, 0x23, 0x2c, 0x41,
972 0x38, 0xa7, 0xea, 0xeb, 0x86, 0xdd, 0x60, 0x00,
973 0x00, 0x00, 0x00, 0x40, 0x3c, 0x40, 0xad, 0xa1,
974 0x09, 0x80, 0x00, 0x01, 0xd6, 0xf3, 0x20, 0x01,
975 0xf4, 0xbe, 0xea, 0x3c, 0x00, 0x01, 0x00, 0x00,
976 0x00, 0x00, 0x32, 0xb2, 0x00, 0x01, 0x32, 0xb2,
977 0x09, 0x80, 0x20, 0x01, 0x00, 0x00, 0x3c, 0x00,
978 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x00,
979 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
980 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
981 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x00,
982 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
983 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00,
984 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
985 0x63, 0xc2, 0x00, 0x00, 0x00, 0x00 };
989 memset(&
tv, 0,
sizeof(
tv));
990 memset(&
dtv, 0,
sizeof(
dtv));
1001 "(icmpv6-csum:valid; sid:1;)");
1023 static void DetectCsumRegisterTests(
void)
1026 DetectCsumValidArgsTestParse01);
1028 DetectCsumInvalidArgsTestParse02);
1030 DetectCsumValidArgsTestParse03);
1033 DetectCsumICMPV6Test01);