106 for (cur = head; cur != NULL; cur = cur->
next) {
112 SCLogDebug(
"= list end (cnt %" PRIu32
")", cnt);
127 for (cur = head; cur != NULL; ) {
163 for (cur = *head; cur != NULL; cur = cur->
next) {
181 if (cur->
next == NULL) {
193 if (cur->
prev != NULL)
210 r = DetectPortCut(de_ctx, cur,
new, &c);
258 uint32_t a_port1 = a->
port;
259 uint32_t a_port2 = a->
port2;
260 uint32_t b_port1 = b->
port;
261 uint32_t b_port2 = b->
port2;
284 a->
port2 = b_port1 - 1;
295 tmp_c->
port = a_port2 + 1;
296 tmp_c->
port2 = b_port2;
310 a->
port2 = a_port1 - 1;
321 tmp_c->
port = b_port2 + 1;
322 tmp_c->
port2 = a_port2;
356 if (a_port1 == b_port1) {
361 b->
port = a_port2 + 1;
367 }
else if (a_port2 == b_port2) {
370 a->
port2 = a_port1 - 1;
389 a->
port2 = a_port1 - 1;
400 tmp_c->
port = a_port2 + 1;
401 tmp_c->
port2 = b_port2;
435 if (a_port1 == b_port1) {
440 b->
port = b_port2 + 1;
451 }
else if (a_port2 == b_port2) {
455 a->
port2 = b_port1 - 1;
466 a->
port2 = b_port1 - 1;
477 tmp_c->
port = b_port2 + 1;
478 tmp_c->
port2 = a_port2;
507 uint16_t a_port1 = a->
port;
508 uint16_t a_port2 = a->
port2;
513 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
515 a->
port2 = a_port1 - 1;
518 tmp_b = DetectPortInit();
523 tmp_b->
port = a_port2 + 1;
524 tmp_b->
port2 = 0xFFFF;
527 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
528 a->
port = a_port2 + 1;
531 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
533 a->
port2 = a_port1 - 1;
560 uint16_t a_port1 = a->
port;
561 uint16_t a_port2 = a->
port2;
562 uint16_t b_port1 = b->
port;
563 uint16_t b_port2 = b->
port2;
566 if (a_port1 == b_port1 && a_port2 == b_port2) {
570 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
574 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
577 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
580 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
583 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
586 }
else if (a_port1 > b_port2) {
632 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
634 if (port >= dp->
port &&
675 if (DetectPortMatch(p, port) == 1) {
700 while (item != NULL && it != NULL) {
710 if (!(item == NULL && it == NULL)) {
748 char port_any =
FALSE;
750 SCLogDebug(
"head %p, *head %p, s %s", head, *head, s);
767 if (DetectPortCutNot(ad, &ad2) < 0) {
775 if (DetectPortParseInsert(head, ad2) < 0) {
776 if (ad2 != NULL)
SCFree(ad2);
782 r = DetectPortParseInsert(head, ad);
787 if (r == 1 && port_any ==
TRUE) {
788 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
794 if (DetectPortParseInsert(head, ad_any) < 0)
833 const char *s,
int negate,
834 ResolvedVariablesList *var_list)
838 int o_set = 0, n_set = 0, d_set = 0;
841 size_t size = strlen(s);
843 const char *rule_var_port = NULL;
846 SCLogDebug(
"head %p, *head %p, negate %d", head, *head, negate);
848 for (u = 0, x = 0; u < size && x <
sizeof(
address); u++) {
855 if (range == 1 && s[u] ==
'!') {
858 }
else if (!o_set && s[u] ==
'!') {
862 }
else if (s[u] ==
'[') {
868 }
else if (s[u] ==
']') {
870 address[x - 1] =
'\0';
871 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", address);
874 r = DetectPortParseDo(de_ctx, head, nhead, address, negate? negate: n_set, var_list);
882 }
else if (depth == 0 && s[u] ==
',') {
885 }
else if (d_set == 1) {
886 char *temp_rule_var_port = NULL,
887 *alloc_rule_var_port = NULL;
889 address[x - 1] =
'\0';
893 if (rule_var_port == NULL)
895 if (strlen(rule_var_port) == 0) {
897 "to nothing. This is likely a misconfiguration. " 898 "Note that a negated port needs to be quoted, " 899 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
902 if (negate == 1 || n_set == 1) {
903 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
904 if (
unlikely(alloc_rule_var_port == NULL))
906 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
907 "[%s]", rule_var_port);
909 alloc_rule_var_port =
SCStrdup(rule_var_port);
910 if (
unlikely(alloc_rule_var_port == NULL))
913 temp_rule_var_port = alloc_rule_var_port;
914 r = DetectPortParseDo(de_ctx, head, nhead, temp_rule_var_port,
915 (negate + n_set) % 2, var_list);
917 SCFree(alloc_rule_var_port);
922 SCFree(alloc_rule_var_port);
924 address[x - 1] =
'\0';
925 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", address);
927 if (negate == 0 && n_set == 0) {
928 r = DetectPortParseInsertString(de_ctx, head, address);
930 r = DetectPortParseInsertString(de_ctx, nhead, address);
939 }
else if (depth == 0 && s[u] ==
'$') {
941 }
else if (depth == 0 && u == size-1) {
944 address[x - 1] =
'\0';
952 "groups declaration. This is likely a misconfiguration.");
958 char *temp_rule_var_port = NULL,
959 *alloc_rule_var_port = NULL;
963 if (rule_var_port == NULL)
965 if (strlen(rule_var_port) == 0) {
967 "to nothing. This is likely a misconfiguration. " 968 "Note that a negated port needs to be quoted, " 969 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
972 if ((negate + n_set) % 2) {
973 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
974 if (
unlikely(alloc_rule_var_port == NULL))
976 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
977 "[%s]", rule_var_port);
979 alloc_rule_var_port =
SCStrdup(rule_var_port);
980 if (
unlikely(alloc_rule_var_port == NULL))
983 temp_rule_var_port = alloc_rule_var_port;
984 r = DetectPortParseDo(de_ctx, head, nhead, temp_rule_var_port,
985 (negate + n_set) % 2, var_list);
986 SCFree(alloc_rule_var_port);
992 if (!((negate + n_set) % 2)) {
993 r = DetectPortParseInsertString(de_ctx, head,address);
995 r = DetectPortParseInsertString(de_ctx, nhead,address);
1001 }
else if (depth == 1 && s[u] ==
',') {
1008 "properly closed in \"%s\", %d missing closing brackets (]). " 1009 "Note: problem might be in a variable.", s, depth);
1011 }
else if (depth < 0) {
1013 "properly opened in \"%s\", %d missing opening brackets ([). " 1014 "Note: problem might be in a variable.", s, depth*-1);
1028 static int DetectPortIsCompletePortSpace(
DetectPort *p)
1030 uint16_t next_port = 0;
1035 if (p->
port != 0x0000)
1040 if (p->
port2 == 0xFFFF)
1043 next_port = p->
port2 + 1;
1046 for ( ; p != NULL; p = p->
next) {
1047 if (p->
port != next_port)
1050 if (p->
port2 == 0xFFFF)
1053 next_port = p->
port2 + 1;
1068 static int DetectPortParseMergeNotPorts(
const DetectEngineCtx *de_ctx,
1076 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1086 if (*head == NULL && *nhead != NULL) {
1088 r = DetectPortParseInsertString(de_ctx, head,
"0:65535");
1095 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1103 r = DetectPortParseInsert(head, ad);
1111 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1115 for (ag2 = *head; ag2 != NULL; ) {
1121 if (ag2->
prev == NULL) {
1127 if (ag2->
next != NULL) {
1140 for (ag2 = *head; ag2 != NULL; ag2 = ag2->
next) {
1145 if (*head == NULL) {
1159 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1164 if (port_vars_node == NULL) {
1178 if (seq_node->
val == NULL) {
1180 "Port var \"%s\" probably has a sequence(something " 1181 "in brackets) value set without any quotes. Please " 1182 "quote it using \"..\".", seq_node->
name);
1187 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val, 0, &var_list);
1194 "failed to parse port var \"%s\" with value \"%s\". " 1195 "Please check it's syntax", seq_node->
name, seq_node->
val);
1199 if (DetectPortIsCompletePortSpace(ghn)) {
1201 "Port var - \"%s\" has the complete Port range negated " 1202 "with it's value \"%s\". Port space range is NIL. " 1203 "Probably have a !any or a port range that supplies " 1204 "a NULL address range", seq_node->
name, seq_node->
val);
1234 SCLogDebug(
"Port string to be parsed - str %s", str);
1239 int r = DetectPortParseDo(de_ctx, head, &nhead, str,
1244 SCLogDebug(
"head %p %p, nhead %p", head, *head, nhead);
1247 if (DetectPortParseMergeNotPorts(de_ctx, head, &nhead) < 0)
1271 strlcpy(portstr, str,
sizeof(portstr));
1280 char *port = portstr;
1283 if (port[0] ==
'!') {
1289 if ((port2 = strchr(port,
':')) != NULL) {
1295 dp->
port = atoi(port);
1299 if (strcmp(port2,
"") != 0) {
1301 dp->
port2 = atoi(port2);
1312 if (strcasecmp(port,
"any") == 0) {
1342 long r = strtol(port, &end, 10);
1344 if(*end == 0 && r >= 0 && r <= 65535)
1364 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1369 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1388 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1389 void *data2, uint16_t len2)
1394 if (data1 == NULL || data2 == NULL)
1403 static void DetectPortHashFreeFunc(
void *ptr)
1421 DetectPortCompareFunc,
1422 DetectPortHashFreeFunc);
1499 if (*head != NULL) {
1500 for (cur = *head; cur != NULL; cur = cur->
next) {
1517 dp->
prev = prev_cur;
1518 if (prev_cur != NULL)
1519 prev_cur->
next = dp;
1531 static int PortTestParse01 (
void)
1543 static int PortTestParse02 (
void)
1557 static int PortTestParse03 (
void)
1571 static int PortTestParse04 (
void)
1584 static int PortTestParse05 (
void)
1602 static int PortTestParse07 (
void)
1622 static int PortTestParse08 (
void)
1636 static int PortTestParse09 (
void)
1654 static int PortTestParse10 (
void)
1657 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1665 static int PortTestParse11 (
void)
1677 static int PortTestParse12 (
void)
1689 static int PortTestParse13 (
void)
1700 static int PortTestParse14 (
void)
1704 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1706 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1722 static int PortTestParse15 (
void)
1742 static int PortTestFunctions01(
void)
1750 if (r != 0 || head->
next != NULL)
1754 if (!(head->
port == 101))
1756 if (!(head->
port2 == 999))
1758 if (!(head->
next == NULL))
1762 if (r != 0 || dp1->
next != NULL)
1764 if (!(dp1->
port == 2000))
1766 if (!(dp1->
port2 == 3000))
1770 r = PortTestDetectPortAdd(&head, dp1);
1771 if (r != 0 || head->
next == NULL)
1773 if (!(head->
port == 101))
1775 if (!(head->
port2 == 999))
1783 if (!DetectPortMatch(head, 150))
1785 if (DetectPortMatch(head->
next, 1500))
1787 if ((DetectPortMatch(head, 3500)))
1789 if ((DetectPortMatch(head, 50)))
1804 static int PortTestFunctions02(
void)
1813 if (r != 0 || head->
next != NULL)
1817 if (r != 0 || dp1->
next == NULL)
1821 r = DetectPortParseMergeNotPorts(NULL, &head, &dp1);
1822 if (r != 0 || head->
next != NULL)
1826 if (r != 0 || dp2->
next == NULL)
1830 r = DetectPortParseMergeNotPorts(NULL, &head, &dp2);
1831 if (r != 0 || head->
next != NULL)
1834 if (!(head->
port == 200))
1836 if (!(head->
port2 == 300))
1854 static int PortTestFunctions03(
void)
1870 DetectPortCut(NULL, dp1, dp2, &dp3);
1874 if (!(dp1->
port == 200))
1876 if (!(dp1->
port2 == 249))
1878 if (!(dp2->
port == 250))
1880 if (!(dp2->
port2 == 300))
1889 DetectPortCut(NULL, dp1, dp2, &dp3);
1892 if (!(dp1->
port == 0))
1894 if (!(dp1->
port2 == 249))
1896 if (!(dp2->
port == 250))
1898 if (!(dp2->
port2 == 500))
1900 if (!(dp3->
port == 501))
1902 if (!(dp3->
port2 == 750))
1920 static int PortTestFunctions04(
void)
1930 dp2 = DetectPortInit();
1933 DetectPortCutNot(dp1, &dp2);
1937 if (!(dp1->
port == 0))
1939 if (!(dp1->
port2 == 199))
1941 if (!(dp2->
port == 301))
1943 if (!(dp2->
port2 == 65535))
1958 static int PortTestFunctions05(
void)
1968 memset(s,0x00,
sizeof(s));
1975 printf(
"r != 0 but %d: ", r);
1982 printf(
"r != 0 but %d: ", r);
2000 for ( ; x != NULL; x = x->
next) {
2010 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2015 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2020 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2036 static int PortTestFunctions06(
void)
2046 memset(s,0x00,
sizeof(s));
2053 printf(
"r != 0 but %d: ", r);
2060 printf(
"r != 0 but %d: ", r);
2078 for ( ; x != NULL; x = x->
next) {
2088 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2093 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2098 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2114 static int PortTestFunctions07(
void)
2148 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
2163 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
2169 uint8_t raw_eth_pkt[] = {
2170 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
2171 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
2172 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
2173 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
2174 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
2175 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
2176 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
2177 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
2178 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
2179 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
2180 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
2181 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
2182 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2183 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2184 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2185 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2186 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2187 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2188 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2189 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2190 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2191 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2192 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2193 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2194 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2195 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2196 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2197 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2198 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2199 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2200 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2201 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2202 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2203 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2204 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2205 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2206 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2207 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2208 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2209 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2210 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2211 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2212 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2213 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2214 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2215 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2216 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2217 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2218 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2219 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2220 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2221 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2222 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2223 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2224 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2227 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2234 static int PortTestMatchReal01(
void)
2237 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2238 return PortTestMatchRealWrp(sig, 1);
2244 static int PortTestMatchReal02(
void)
2246 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";" 2247 " content:\"GET\"; sid:1;)";
2248 return PortTestMatchRealWrp(sig, 1);
2254 static int PortTestMatchReal03(
void)
2256 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";" 2257 " content:\"GET\"; sid:1;)";
2258 return PortTestMatchRealWrp(sig, 1);
2264 static int PortTestMatchReal04(
void)
2266 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";" 2267 " content:\"GET\"; sid:1;)";
2268 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2274 static int PortTestMatchReal05(
void)
2276 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";" 2277 " content:\"GET\"; sid:1;)";
2278 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2284 static int PortTestMatchReal06(
void)
2286 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";" 2287 " content:\"GET\"; sid:1;)";
2288 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2294 static int PortTestMatchReal07(
void)
2296 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";" 2297 " content:\"GET\"; sid:1;)";
2298 return PortTestMatchRealWrp(sig, 1);
2304 static int PortTestMatchReal08(
void)
2306 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";" 2307 " content:\"GET\"; sid:1;)";
2308 return PortTestMatchRealWrp(sig, 1);
2314 static int PortTestMatchReal09(
void)
2316 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";" 2317 " content:\"GET\"; sid:1;)";
2318 return PortTestMatchRealWrp(sig, 1);
2324 static int PortTestMatchReal10(
void)
2326 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";" 2327 " content:\"GET\"; sid:1;)";
2328 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2334 static int PortTestMatchReal11(
void)
2336 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";" 2337 " content:\"GET\"; sid:1;)";
2338 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2344 static int PortTestMatchReal12(
void)
2346 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";" 2347 " content:\"GET\"; sid:1;)";
2348 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2354 static int PortTestMatchReal13(
void)
2356 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";" 2357 " content:\"GET\"; sid:1;)";
2358 return PortTestMatchRealWrp(sig, 1);
2364 static int PortTestMatchReal14(
void)
2366 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";" 2367 " content:\"GET\"; sid:1;)";
2368 return PortTestMatchRealWrp(sig, 1);
2374 static int PortTestMatchReal15(
void)
2376 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";" 2377 " content:\"GET\"; sid:1;)";
2378 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2384 static int PortTestMatchReal16(
void)
2386 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";" 2387 " content:\"GET\"; sid:1;)";
2388 return PortTestMatchRealWrp(sig, 1);
2394 static int PortTestMatchReal17(
void)
2396 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] " 2397 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2398 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2404 static int PortTestMatchReal18(
void)
2406 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing" 2407 " at all\"; content:\"GET\"; sid:1;)";
2408 return PortTestMatchRealWrp(sig, 1);
2414 static int PortTestMatchReal19(
void)
2416 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";" 2417 " content:\"GET\"; sid:1;)";
2418 return PortTestMatchRealWrp(sig, 1);
2421 static int PortTestMatchDoubleNegation(
void)
2426 if (DetectPortParseDo(NULL, &head, &nhead,
"![!80]", 0, NULL) == -1)
2429 result = (head != NULL);
2430 result = (nhead == NULL);
2477 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);
void SigGroupHeadFree(const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Free a SigGroupHead and its members.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
#define TAILQ_FOREACH(var, head, field)
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
int DetectPortIsValidRange(char *)
Helper function to check if a parsed port is in the valid range of available ports.
struct SigGroupHead_ * sh
#define PASS
Pass the test.
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
void DetectPortTests(void)
#define PACKET_RECYCLE(p)
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
main detection engine ctx
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
struct DetectPort_ * prev
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
DetectPort * DetectPortHashLookup(DetectEngineCtx *de_ctx, DetectPort *dp)
Used to lookup a DetectPort hash from the detection engine context DetectPort hash table...
#define PORT_SIGGROUPHEAD_COPY
DetectPort * DetectPortLookupGroup(DetectPort *dp, uint16_t port)
Function that find the group matching address in a group head.
bool DetectPortListsAreEqual(DetectPort *list1, DetectPort *list2)
Checks if two port group lists are equal.
int UTHPacketMatchSig(Packet *p, const char *sig)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
HashListTable * sgh_hash_table
int DetectPortHashAdd(DetectEngineCtx *de_ctx, DetectPort *dp)
Adds a DetectPort to the detection engine context DetectPort hash table.
Packet * UTHBuildPacketFromEth(uint8_t *raw_eth, uint16_t pktsize)
UTHBuildPacketFromEth is a wrapper that build a packet for the rawbytes.
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
void DetectPortHashFree(DetectEngineCtx *de_ctx)
Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by DetectPortInit() function...
int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHead **dst)
Copies the bitarray holding the sids from the source SigGroupHead to the destination SigGroupHead...
void DetectPortCleanupList(const DetectEngineCtx *de_ctx, DetectPort *head)
Free a DetectPort list and each of its members.
int DetectPortHashInit(DetectEngineCtx *de_ctx)
Initializes the hash table in the detection engine context to hold the DetectPort hash...
int SigGroupHeadAppendSig(const DetectEngineCtx *de_ctx, SigGroupHead **sgh, const Signature *s)
Add a Signature to a SigGroupHead.
int DetectPortCmp(DetectPort *a, DetectPort *b)
Function that compare port groups.
int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new)
function for inserting a port group object. This also makes sure SigGroupContainer lists are handled ...
void FlowShutdown(void)
shutdown the flow engine
int DetectPortTestConfVars(void)
void DetectPortFree(const DetectEngineCtx *de_ctx, DetectPort *dp)
Free a DetectPort and its members.
struct DetectPort_ * next
#define SCReturnPtr(x, type)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void HashListTableFree(HashListTable *ht)
DetectPort * PortParse(const char *str)
Helper function for parsing port strings.
#define TAILQ_HEAD_INITIALIZER(head)
int SigGroupHeadClearSigs(SigGroupHead *)
Clears the bitarray holding the sids for this SigGroupHead.
void DetectPortPrintList(DetectPort *head)
Helper function used to print the list of ports present in this DetectPort list.
DetectPort * DetectPortCopySingle(DetectEngineCtx *de_ctx, DetectPort *src)
Function that return a copy of DetectPort src sigs.
int DetectPortParse(const DetectEngineCtx *de_ctx, DetectPort **head, const char *str)
Function for parsing port strings.
HashListTable * dport_hash_table
Port structure for detection engine.
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
void DetectPortPrint(DetectPort *dp)
Helper function that print the DetectPort info.
DetectEngineCtx * DetectEngineCtxInit(void)
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
void FlowInitConfig(char quiet)
initialize the configuration
SigGroupHeadInitData * init