Go to the documentation of this file.
53 static void DetectDistanceRegisterTests(
void);
70 const char *distancestr)
72 const char *
str = distancestr;
80 "preceding content, uricontent option, http_client_body, "
81 "http_server_body, http_header option, http_raw_header option, "
82 "http_method option, http_cookie, http_raw_uri, "
83 "http_stat_msg, http_stat_code, http_user_agent or "
84 "file_data/dce_stub_data sticky buffer option");
96 "keyword like within/distance with a absolute "
97 "relative keyword like depth/offset for the same "
103 "negated keyword set along with a fast_pattern");
108 "keyword set along with a fast_pattern:only;");
111 if (
str[0] !=
'-' && isalpha((
unsigned char)
str[0])) {
115 "seen in distance - %s\n",
str);
123 "invalid value for distance: %s",
str);
131 if (prev_pm == NULL) {
139 "has a fast_pattern:only; set. Can't "
140 "have relative keywords around a fast_pattern "
161 static int DetectDistanceTest01(
void)
167 printf(
"no de_ctx: ");
173 de_ctx->
sig_list =
SigInit(
de_ctx,
"alert tcp any any -> any any (content:\"|AA BB|\"; content:\"|CC DD EE FF 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE|\"; distance: 4; within: 19; sid:1; rev:1;)");
175 printf(
"sig parse failed: ");
187 printf(
"sm2 NULL: ");
193 printf(
"co == NULL: ");
198 printf(
"distance %"PRIi32
", expected 4: ", co->
distance);
204 printf(
"within %"PRIi32
", expected 23: ", co->
within);
219 static int DetectDistanceTestPacket01 (
void)
222 uint8_t buf[] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 };
223 uint16_t buflen =
sizeof(buf);
230 char sig[] =
"alert tcp any any -> any any (msg:\"suricata test\"; "
231 "byte_jump:1,2; content:\"|00|\"; "
232 "within:1; distance:2; sid:98711212; rev:1;)";
242 static void DetectDistanceRegisterTests(
void)
245 DetectDistanceTest01);
246 UtRegisterTest(
"DetectDistanceTestPacket01", DetectDistanceTestPacket01);
#define DETECT_CONTENT_RELATIVE_NEXT
void(* Free)(DetectEngineCtx *, void *)
#define DETECT_CONTENT_DISTANCE_VAR
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
@ SC_ERR_OFFSET_MISSING_CONTENT
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int UTHPacketMatchSig(Packet *p, const char *sig)
SigMatch * DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list,...)
Returns the sm with the largest index (added last) from the list passed to us as a pointer.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
uint8_t DetectByteIndexType
#define DETECT_CONTENT_DISTANCE
#define DETECT_CONTENT_DEPTH
#define DETECT_CONTENT_NEGATED
#define DETECT_CONTENT_DISTANCE_NEXT
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
#define FLOW_PKT_TOCLIENT
bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, DetectByteIndexType *index)
Used to retrieve args from BM.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
#define DETECT_CONTENT_OFFSET
#define DETECT_CONTENT_FAST_PATTERN_ONLY
a single match condition for a signature
void DetectDistanceRegister(void)
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
#define DETECT_PCRE_RELATIVE_NEXT
SigMatch * DetectGetLastSMFromLists(const Signature *s,...)
Returns the sm with the largest index (added latest) from the lists passed to us.
#define DETECT_CONTENT_FAST_PATTERN
void(* RegisterTests)(void)