60 static bool DetectPortIsValidRange(
char *, uint16_t *);
108 for (cur =
head; cur != NULL; cur = cur->
next) {
116 SCLogDebug(
"= list end (cnt %" PRIu32
")", cnt);
131 for (cur =
head; cur != NULL; ) {
167 for (cur = *
head; cur != NULL; cur = cur->
next) {
185 if (cur->
next == NULL) {
197 if (cur->
prev != NULL)
214 r = DetectPortCut(
de_ctx, cur,
new, &c);
266 uint16_t a_port1 = a->
port;
267 uint16_t a_port2 = a->
port2;
268 uint16_t b_port1 = b->
port;
269 uint16_t b_port2 = b->
port2;
292 a->
port2 = b_port1 - 1;
303 tmp_c->
port = a_port2 + 1;
304 tmp_c->
port2 = b_port2;
318 a->
port2 = a_port1 - 1;
329 tmp_c->
port = b_port2 + 1;
330 tmp_c->
port2 = a_port2;
364 if (a_port1 == b_port1) {
369 b->
port = a_port2 + 1;
375 }
else if (a_port2 == b_port2) {
378 a->
port2 = a_port1 - 1;
397 a->
port2 = a_port1 - 1;
408 tmp_c->
port = a_port2 + 1;
409 tmp_c->
port2 = b_port2;
443 if (a_port1 == b_port1) {
448 b->
port = b_port2 + 1;
459 }
else if (a_port2 == b_port2) {
463 a->
port2 = b_port1 - 1;
474 a->
port2 = b_port1 - 1;
485 tmp_c->
port = b_port2 + 1;
486 tmp_c->
port2 = a_port2;
515 uint16_t a_port1 = a->
port;
516 uint16_t a_port2 = a->
port2;
521 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
523 a->
port2 = a_port1 - 1;
526 tmp_b = DetectPortInit();
531 tmp_b->
port = a_port2 + 1;
532 tmp_b->
port2 = 0xFFFF;
535 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
536 a->
port = a_port2 + 1;
539 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
541 a->
port2 = a_port1 - 1;
568 uint16_t a_port1 = a->
port;
569 uint16_t a_port2 = a->
port2;
570 uint16_t b_port1 = b->
port;
571 uint16_t b_port2 = b->
port2;
574 if (a_port1 == b_port1 && a_port2 == b_port2) {
578 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
582 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
585 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
588 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
591 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
594 }
else if (a_port1 > b_port2) {
640 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
642 if (port >= dp->
port &&
683 if (DetectPortMatch(p, port) == 1) {
708 while (item != NULL && it != NULL) {
718 if (!(item == NULL && it == NULL)) {
756 bool port_any =
false;
775 if (DetectPortCutNot(ad, &ad2) < 0) {
783 if (DetectPortParseInsert(
head, ad2) < 0) {
784 if (ad2 != NULL)
SCFree(ad2);
790 r = DetectPortParseInsert(
head, ad);
795 if (r == 1 && port_any) {
796 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
802 if (DetectPortParseInsert(
head, ad_any) < 0)
809 SCLogError(
"DetectPortParseInsertString error");
841 const char *
s,
int negate,
842 ResolvedVariablesList *var_list,
int recur)
846 int o_set = 0, n_set = 0, d_set = 0;
849 size_t size = strlen(
s);
851 const char *rule_var_port = NULL;
856 "limit reached (max 64)");
862 for (u = 0, x = 0; u < size && x <
sizeof(
address); u++) {
869 if (range == 1 &&
s[u] ==
'!') {
870 SCLogError(
"Can't have a negated value in a range.");
872 }
else if (!o_set &&
s[u] ==
'!') {
876 }
else if (
s[u] ==
'[') {
882 }
else if (
s[u] ==
']') {
889 negate? negate: n_set, var_list, recur);
897 }
else if (depth == 0 &&
s[u] ==
',') {
900 }
else if (d_set == 1) {
901 char *temp_rule_var_port = NULL,
902 *alloc_rule_var_port = NULL;
908 if (rule_var_port == NULL)
910 if (strlen(rule_var_port) == 0) {
912 "to nothing. This is likely a misconfiguration. "
913 "Note that a negated port needs to be quoted, "
914 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
918 if (negate == 1 || n_set == 1) {
919 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
920 if (
unlikely(alloc_rule_var_port == NULL))
922 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
923 "[%s]", rule_var_port);
925 alloc_rule_var_port =
SCStrdup(rule_var_port);
926 if (
unlikely(alloc_rule_var_port == NULL))
929 temp_rule_var_port = alloc_rule_var_port;
930 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
931 (negate + n_set) % 2, var_list, recur);
933 SCFree(alloc_rule_var_port);
938 SCFree(alloc_rule_var_port);
943 if (negate == 0 && n_set == 0) {
955 }
else if (depth == 0 &&
s[u] ==
'$') {
957 }
else if (depth == 0 && u == size-1) {
968 "groups declaration. This is likely a misconfiguration.");
974 char *temp_rule_var_port = NULL,
975 *alloc_rule_var_port = NULL;
979 if (rule_var_port == NULL)
981 if (strlen(rule_var_port) == 0) {
983 "to nothing. This is likely a misconfiguration. "
984 "Note that a negated port needs to be quoted, "
985 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
989 if ((negate + n_set) % 2) {
990 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
991 if (
unlikely(alloc_rule_var_port == NULL))
993 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
994 "[%s]", rule_var_port);
996 alloc_rule_var_port =
SCStrdup(rule_var_port);
997 if (
unlikely(alloc_rule_var_port == NULL))
1000 temp_rule_var_port = alloc_rule_var_port;
1001 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
1002 (negate + n_set) % 2, var_list, recur);
1003 SCFree(alloc_rule_var_port);
1009 if (!((negate + n_set) % 2)) {
1018 }
else if (depth == 1 &&
s[u] ==
',') {
1025 "properly closed in \"%s\", %d missing closing brackets (]). "
1026 "Note: problem might be in a variable.",
1029 }
else if (depth < 0) {
1031 "properly opened in \"%s\", %d missing opening brackets ([). "
1032 "Note: problem might be in a variable.",
1047 static int DetectPortIsCompletePortSpace(
DetectPort *p)
1049 uint16_t next_port = 0;
1054 if (p->
port != 0x0000)
1059 if (p->
port2 == 0xFFFF)
1062 next_port = p->
port2 + 1;
1065 for ( ; p != NULL; p = p->
next) {
1066 if (p->
port != next_port)
1069 if (p->
port2 == 0xFFFF)
1072 next_port = p->
port2 + 1;
1095 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1096 SCLogError(
"Complete port space is negated");
1105 if (*
head == NULL && *nhead != NULL) {
1107 r = DetectPortParseInsertString(
de_ctx,
head,
"0:65535");
1114 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1122 r = DetectPortParseInsert(
head, ad);
1130 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1134 for (ag2 = *
head; ag2 != NULL; ) {
1140 if (ag2->
prev == NULL) {
1146 if (ag2->
next != NULL) {
1159 for (ag2 = *
head; ag2 != NULL; ag2 = ag2->
next) {
1164 if (*
head == NULL) {
1165 SCLogError(
"no ports left after merging ports with negated ports");
1178 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1183 if (port_vars_node == NULL) {
1197 if (seq_node->
val == NULL) {
1198 SCLogError(
"Port var \"%s\" probably has a sequence(something "
1199 "in brackets) value set without any quotes. Please "
1200 "quote it using \"..\".",
1206 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val,
1213 SCLogError(
"failed to parse port var \"%s\" with value \"%s\". "
1214 "Please check its syntax",
1215 seq_node->
name, seq_node->
val);
1219 if (DetectPortIsCompletePortSpace(ghn)) {
1220 SCLogError(
"Port var - \"%s\" has the complete Port range negated "
1221 "with its value \"%s\". Port space range is NIL. "
1222 "Probably have a !any or a port range that supplies "
1223 "a NULL address range",
1224 seq_node->
name, seq_node->
val);
1268 if (DetectPortParseMergeNotPorts(
de_ctx,
head, &nhead) < 0)
1294 while (isspace(*
str))
1296 if (strlen(
str) >= 16)
1305 char *port = portstr;
1308 if (port[0] ==
'!') {
1314 if ((port2 = strchr(port,
':')) != NULL) {
1319 if (strcmp(port,
"") != 0) {
1320 if (!DetectPortIsValidRange(port, &dp->
port))
1326 if (strcmp(port2,
"") != 0) {
1327 if (!DetectPortIsValidRange(port2, &dp->
port2))
1337 if (strcasecmp(port,
"any") == 0) {
1341 if (!DetectPortIsValidRange(port, &dp->
port))
1365 static bool DetectPortIsValidRange(
char *port, uint16_t *port_val)
1387 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1392 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1411 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1412 void *data2, uint16_t len2)
1417 if (data1 == NULL || data2 == NULL)
1426 static void DetectPortHashFreeFunc(
void *ptr)
1444 DetectPortCompareFunc,
1445 DetectPortHashFreeFunc);
1524 if (*
head != NULL) {
1525 for (cur = *
head; cur != NULL; cur = cur->
next) {
1542 dp->
prev = prev_cur;
1543 if (prev_cur != NULL)
1544 prev_cur->
next = dp;
1556 static int PortTestParse01 (
void)
1568 static int PortTestParse02 (
void)
1582 static int PortTestParse03 (
void)
1596 static int PortTestParse04 (
void)
1609 static int PortTestParse05 (
void)
1627 static int PortTestParse07 (
void)
1647 static int PortTestParse08 (
void)
1661 static int PortTestParse09 (
void)
1679 static int PortTestParse10 (
void)
1682 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1690 static int PortTestParse11 (
void)
1702 static int PortTestParse12 (
void)
1714 static int PortTestParse13 (
void)
1725 static int PortTestParse14 (
void)
1729 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1731 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1747 static int PortTestParse15 (
void)
1764 static int PortTestParse16 (
void)
1768 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1770 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1776 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1778 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1787 static int PortTestFunctions01(
void)
1799 if (!(
head->port == 101))
1801 if (!(
head->port2 == 999))
1807 if (r != 0 || dp1->
next != NULL)
1809 if (!(dp1->
port == 2000))
1811 if (!(dp1->
port2 == 3000))
1815 r = PortTestDetectPortAdd(&
head, dp1);
1818 if (!(
head->port == 101))
1820 if (!(
head->port2 == 999))
1828 if (!DetectPortMatch(
head, 150))
1830 if (DetectPortMatch(
head->
next, 1500))
1832 if ((DetectPortMatch(
head, 3500)))
1834 if ((DetectPortMatch(
head, 50)))
1849 static int PortTestFunctions02(
void)
1862 if (r != 0 || dp1->
next == NULL)
1866 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp1);
1871 if (r != 0 || dp2->
next == NULL)
1875 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp2);
1879 if (!(
head->port == 200))
1881 if (!(
head->port2 == 300))
1899 static int PortTestFunctions03(
void)
1915 DetectPortCut(NULL, dp1, dp2, &dp3);
1919 if (!(dp1->
port == 200))
1921 if (!(dp1->
port2 == 249))
1923 if (!(dp2->
port == 250))
1925 if (!(dp2->
port2 == 300))
1934 DetectPortCut(NULL, dp1, dp2, &dp3);
1937 if (!(dp1->
port == 0))
1939 if (!(dp1->
port2 == 249))
1941 if (!(dp2->
port == 250))
1943 if (!(dp2->
port2 == 500))
1945 if (!(dp3->
port == 501))
1947 if (!(dp3->
port2 == 750))
1965 static int PortTestFunctions04(
void)
1975 dp2 = DetectPortInit();
1978 DetectPortCutNot(dp1, &dp2);
1982 if (!(dp1->
port == 0))
1984 if (!(dp1->
port2 == 199))
1986 if (!(dp2->
port == 301))
1988 if (!(dp2->
port2 == 65535))
2003 static int PortTestFunctions05(
void)
2013 memset(
s,0x00,
sizeof(
s));
2020 printf(
"r != 0 but %d: ", r);
2027 printf(
"r != 0 but %d: ", r);
2045 for ( ; x != NULL; x = x->
next) {
2055 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2060 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2065 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2081 static int PortTestFunctions06(
void)
2091 memset(
s,0x00,
sizeof(
s));
2098 printf(
"r != 0 but %d: ", r);
2105 printf(
"r != 0 but %d: ", r);
2123 for ( ; x != NULL; x = x->
next) {
2133 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2138 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2143 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2159 static int PortTestFunctions07(
void)
2193 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
2208 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
2214 uint8_t raw_eth_pkt[] = {
2215 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
2216 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
2217 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
2218 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
2219 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
2220 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
2221 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
2222 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
2223 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
2224 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
2225 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
2226 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
2227 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2228 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2229 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2230 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2231 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2232 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2233 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2234 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2235 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2236 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2237 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2238 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2239 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2240 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2241 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2242 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2243 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2244 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2245 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2246 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2247 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2248 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2249 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2250 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2251 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2252 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2253 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2254 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2255 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2256 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2257 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2258 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2259 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2260 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2261 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2262 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2263 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2264 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2265 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2266 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2267 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2268 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2269 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2272 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2279 static int PortTestMatchReal01(
void)
2282 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2283 return PortTestMatchRealWrp(sig, 1);
2289 static int PortTestMatchReal02(
void)
2291 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";"
2292 " content:\"GET\"; sid:1;)";
2293 return PortTestMatchRealWrp(sig, 1);
2299 static int PortTestMatchReal03(
void)
2301 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
2302 " content:\"GET\"; sid:1;)";
2303 return PortTestMatchRealWrp(sig, 1);
2309 static int PortTestMatchReal04(
void)
2311 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";"
2312 " content:\"GET\"; sid:1;)";
2313 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2319 static int PortTestMatchReal05(
void)
2321 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";"
2322 " content:\"GET\"; sid:1;)";
2323 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2329 static int PortTestMatchReal06(
void)
2331 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
2332 " content:\"GET\"; sid:1;)";
2333 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2339 static int PortTestMatchReal07(
void)
2341 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
2342 " content:\"GET\"; sid:1;)";
2343 return PortTestMatchRealWrp(sig, 1);
2349 static int PortTestMatchReal08(
void)
2351 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
2352 " content:\"GET\"; sid:1;)";
2353 return PortTestMatchRealWrp(sig, 1);
2359 static int PortTestMatchReal09(
void)
2361 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
2362 " content:\"GET\"; sid:1;)";
2363 return PortTestMatchRealWrp(sig, 1);
2369 static int PortTestMatchReal10(
void)
2371 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
2372 " content:\"GET\"; sid:1;)";
2373 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2379 static int PortTestMatchReal11(
void)
2381 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
2382 " content:\"GET\"; sid:1;)";
2383 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2389 static int PortTestMatchReal12(
void)
2391 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
2392 " content:\"GET\"; sid:1;)";
2393 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2399 static int PortTestMatchReal13(
void)
2401 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
2402 " content:\"GET\"; sid:1;)";
2403 return PortTestMatchRealWrp(sig, 1);
2409 static int PortTestMatchReal14(
void)
2411 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
2412 " content:\"GET\"; sid:1;)";
2413 return PortTestMatchRealWrp(sig, 1);
2419 static int PortTestMatchReal15(
void)
2421 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
2422 " content:\"GET\"; sid:1;)";
2423 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2429 static int PortTestMatchReal16(
void)
2431 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
2432 " content:\"GET\"; sid:1;)";
2433 return PortTestMatchRealWrp(sig, 1);
2439 static int PortTestMatchReal17(
void)
2441 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
2442 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2443 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2449 static int PortTestMatchReal18(
void)
2451 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
2452 " at all\"; content:\"GET\"; sid:1;)";
2453 return PortTestMatchRealWrp(sig, 1);
2459 static int PortTestMatchReal19(
void)
2461 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";"
2462 " content:\"GET\"; sid:1;)";
2463 return PortTestMatchRealWrp(sig, 1);
2466 static int PortTestMatchDoubleNegation(
void)
2471 if (DetectPortParseDo(NULL, &
head, &nhead,
"![!80]", 0, NULL, 0) == -1)
2474 result = (
head != NULL);
2475 result = (nhead == NULL);
2482 static int DetectPortParseDoTest(
void)
2488 const char *
str =
"[30:50, !45]";
2489 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2504 static int DetectPortParseDoTest2(
void)
2510 const char *
str =
"[30:50, !45]";
2511 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2519 static int PortParseTestLessThan14Spaces(
void)
2521 const char *
str =
" 45";
2531 static int PortParseTest14Spaces(
void)
2533 const char *
str =
" 45";
2543 static int PortParseTestMoreThan14Spaces(
void)
2545 const char *
str =
" 45";
2597 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);
2599 UtRegisterTest(
"DetectPortParseDoTest2", DetectPortParseDoTest2);
2600 UtRegisterTest(
"PortParseTestLessThan14Spaces", PortParseTestLessThan14Spaces);
2602 UtRegisterTest(
"PortParseTestMoreThan14Spaces", PortParseTestMoreThan14Spaces);