60 static bool DetectPortIsValidRange(
char *, uint16_t *);
108 for (cur =
head; cur != NULL; cur = cur->
next) {
131 for (cur =
head; cur != NULL; ) {
167 for (cur = *
head; cur != NULL; cur = cur->
next) {
184 if (cur->
next == NULL) {
196 if (cur->
prev != NULL)
213 r = DetectPortCut(
de_ctx, cur,
new, &c);
265 uint16_t a_port1 = a->
port;
266 uint16_t a_port2 = a->
port2;
267 uint16_t b_port1 = b->
port;
268 uint16_t b_port2 = b->
port2;
291 a->
port2 = b_port1 - 1;
302 tmp_c->
port = a_port2 + 1;
303 tmp_c->
port2 = b_port2;
314 a->
port2 = a_port1 - 1;
325 tmp_c->
port = b_port2 + 1;
326 tmp_c->
port2 = a_port2;
347 if (a_port1 == b_port1) {
352 b->
port = a_port2 + 1;
354 }
else if (a_port2 == b_port2) {
357 a->
port2 = a_port1 - 1;
364 a->
port2 = a_port1 - 1;
375 tmp_c->
port = a_port2 + 1;
376 tmp_c->
port2 = b_port2;
397 if (a_port1 == b_port1) {
402 b->
port = b_port2 + 1;
404 }
else if (a_port2 == b_port2) {
408 a->
port2 = b_port1 - 1;
416 a->
port2 = b_port1 - 1;
427 tmp_c->
port = b_port2 + 1;
428 tmp_c->
port2 = a_port2;
454 uint16_t a_port1 = a->
port;
455 uint16_t a_port2 = a->
port2;
460 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
462 a->
port2 = a_port1 - 1;
470 tmp_b->
port = a_port2 + 1;
471 tmp_b->
port2 = 0xFFFF;
474 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
475 a->
port = a_port2 + 1;
478 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
480 a->
port2 = a_port1 - 1;
507 uint16_t a_port1 = a->
port;
508 uint16_t a_port2 = a->
port2;
509 uint16_t b_port1 = b->
port;
510 uint16_t b_port2 = b->
port2;
513 if (a_port1 == b_port1 && a_port2 == b_port2) {
517 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
521 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
524 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
527 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
530 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
533 }
else if (a_port1 > b_port2) {
576 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
578 if (port >= dp->
port &&
619 if (DetectPortMatch(p, port) == 1) {
644 while (item != NULL && it != NULL) {
654 if (!(item == NULL && it == NULL)) {
692 bool is_port_any =
false;
711 if (DetectPortCutNot(port, &port2) < 0) {
717 if (DetectPortParseInsert(
head, port2) < 0) {
725 r = DetectPortParseInsert(
head, port);
730 if (r == 1 && is_port_any) {
731 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
734 if (port_any == NULL)
737 if (DetectPortParseInsert(
head, port_any) < 0)
744 SCLogError(
"DetectPortParseInsertString error");
747 if (port_any != NULL)
776 const char *
s,
int negate,
777 ResolvedVariablesList *var_list,
int recur)
781 int o_set = 0, n_set = 0, d_set = 0;
784 size_t size = strlen(
s);
785 char port[1024] =
"";
786 const char *rule_var_port = NULL;
791 "limit reached (max 64)");
797 for (; u < size && x <
sizeof(port); u++) {
804 if (range == 1 &&
s[u] ==
'!') {
805 SCLogError(
"Can't have a negated value in a range.");
807 }
else if (!o_set &&
s[u] ==
'!') {
812 }
else if (
s[u] ==
'[') {
818 }
else if (
s[u] ==
']') {
821 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
824 r = DetectPortParseDo(
825 de_ctx,
head, nhead, port, negate ? negate : n_set, var_list, recur);
833 }
else if (depth == 0 &&
s[u] ==
',') {
836 }
else if (d_set == 1) {
837 char *temp_rule_var_port = NULL,
838 *alloc_rule_var_port = NULL;
843 if (rule_var_port == NULL)
845 if (strlen(rule_var_port) == 0) {
847 "to nothing. This is likely a misconfiguration. "
848 "Note that a negated port needs to be quoted, "
849 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
853 if (negate == 1 || n_set == 1) {
855 const size_t str_size = strlen(rule_var_port) + 3 + 1;
856 alloc_rule_var_port =
SCMalloc(str_size);
857 if (
unlikely(alloc_rule_var_port == NULL))
859 snprintf(alloc_rule_var_port, str_size,
"[%s]", rule_var_port);
861 alloc_rule_var_port =
SCStrdup(rule_var_port);
862 if (
unlikely(alloc_rule_var_port == NULL))
865 temp_rule_var_port = alloc_rule_var_port;
866 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
867 (negate + n_set) % 2, var_list, recur);
869 SCFree(alloc_rule_var_port);
874 SCFree(alloc_rule_var_port);
877 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
879 if (negate == 0 && n_set == 0) {
880 r = DetectPortParseInsertString(
de_ctx,
head, port);
882 r = DetectPortParseInsertString(
de_ctx, nhead, port);
891 }
else if (depth == 0 &&
s[u] ==
'$') {
893 }
else if (depth == 0 && u == size-1) {
904 "groups declaration. This is likely a misconfiguration.");
910 char *temp_rule_var_port = NULL,
911 *alloc_rule_var_port = NULL;
914 if (rule_var_port == NULL)
916 if (strlen(rule_var_port) == 0) {
918 "to nothing. This is likely a misconfiguration. "
919 "Note that a negated port needs to be quoted, "
920 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
924 if ((negate + n_set) % 2) {
926 const size_t str_size = strlen(rule_var_port) + 3 + 1;
927 alloc_rule_var_port =
SCMalloc(str_size);
928 if (
unlikely(alloc_rule_var_port == NULL))
930 snprintf(alloc_rule_var_port, str_size,
"[%s]", rule_var_port);
932 alloc_rule_var_port =
SCStrdup(rule_var_port);
933 if (
unlikely(alloc_rule_var_port == NULL))
936 temp_rule_var_port = alloc_rule_var_port;
937 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
938 (negate + n_set) % 2, var_list, recur);
939 SCFree(alloc_rule_var_port);
945 if (!((negate + n_set) % 2)) {
946 r = DetectPortParseInsertString(
de_ctx,
head, port);
948 r = DetectPortParseInsertString(
de_ctx, nhead, port);
954 }
else if (depth == 1 &&
s[u] ==
',') {
961 "properly closed in \"%s\", %d missing closing brackets (]). "
962 "Note: problem might be in a variable.",
965 }
else if (depth < 0) {
967 "properly opened in \"%s\", %d missing opening brackets ([). "
968 "Note: problem might be in a variable.",
983 static int DetectPortIsCompletePortSpace(
DetectPort *p)
985 uint16_t next_port = 0;
990 if (p->
port != 0x0000)
995 if (p->
port2 == 0xFFFF)
998 next_port = p->
port2 + 1;
1001 for ( ; p != NULL; p = p->
next) {
1002 if (p->
port != next_port)
1005 if (p->
port2 == 0xFFFF)
1008 next_port = p->
port2 + 1;
1031 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1032 SCLogError(
"Complete port space is negated");
1041 if (*
head == NULL && *nhead != NULL) {
1043 r = DetectPortParseInsertString(
de_ctx,
head,
"0:65535");
1050 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1058 r = DetectPortParseInsert(
head, port);
1066 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1070 for (pg2 = *
head; pg2 != NULL;) {
1076 if (pg2->
prev != NULL)
1078 if (pg2->
next != NULL)
1092 for (pg2 = *
head; pg2 != NULL; pg2 = pg2->
next) {
1097 if (*
head == NULL) {
1098 SCLogError(
"no ports left after merging ports with negated ports");
1111 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1116 if (port_vars_node == NULL) {
1130 if (seq_node->
val == NULL) {
1131 SCLogError(
"Port var \"%s\" probably has a sequence(something "
1132 "in brackets) value set without any quotes. Please "
1133 "quote it using \"..\".",
1139 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val,
1146 SCLogError(
"failed to parse port var \"%s\" with value \"%s\". "
1147 "Please check its syntax",
1148 seq_node->
name, seq_node->
val);
1152 if (DetectPortIsCompletePortSpace(ghn)) {
1153 SCLogError(
"Port var - \"%s\" has the complete Port range negated "
1154 "with its value \"%s\". Port space range is NIL. "
1155 "Probably have a !any or a port range that supplies "
1156 "a NULL port range",
1157 seq_node->
name, seq_node->
val);
1201 if (DetectPortParseMergeNotPorts(
de_ctx,
head, &nhead) < 0)
1227 while (isspace(*
str))
1229 if (strlen(
str) >= 16)
1238 char *port = portstr;
1241 if (port[0] ==
'!') {
1246 if ((port2 = strchr(port,
':')) != NULL) {
1251 if (strcmp(port,
"") != 0) {
1252 if (!DetectPortIsValidRange(port, &dp->
port))
1258 if (strcmp(port2,
"") != 0) {
1259 if (!DetectPortIsValidRange(port2, &dp->
port2))
1269 if (strcasecmp(port,
"any") == 0) {
1273 if (!DetectPortIsValidRange(port, &dp->
port))
1297 static bool DetectPortIsValidRange(
char *port, uint16_t *port_val)
1319 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1324 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1343 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1344 void *data2, uint16_t len2)
1349 if (data1 == NULL || data2 == NULL)
1358 static void DetectPortHashFreeFunc(
void *ptr)
1376 DetectPortCompareFunc,
1377 DetectPortHashFreeFunc);
1454 if (*
head != NULL) {
1455 for (cur = *
head; cur != NULL; cur = cur->
next) {
1472 dp->
prev = prev_cur;
1473 if (prev_cur != NULL)
1474 prev_cur->
next = dp;
1486 static int PortTestParse01 (
void)
1498 static int PortTestParse02 (
void)
1512 static int PortTestParse03 (
void)
1526 static int PortTestParse04 (
void)
1539 static int PortTestParse05 (
void)
1557 static int PortTestParse07 (
void)
1577 static int PortTestParse08 (
void)
1591 static int PortTestParse09 (
void)
1609 static int PortTestParse10 (
void)
1612 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1620 static int PortTestParse11 (
void)
1632 static int PortTestParse12 (
void)
1644 static int PortTestParse13 (
void)
1655 static int PortTestParse14 (
void)
1659 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1661 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1677 static int PortTestParse15 (
void)
1694 static int PortTestParse16 (
void)
1698 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1700 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1706 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1708 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1717 static int PortTestFunctions01(
void)
1729 if (!(
head->port == 101))
1731 if (!(
head->port2 == 999))
1737 if (r != 0 || dp1->
next != NULL)
1739 if (!(dp1->
port == 2000))
1741 if (!(dp1->
port2 == 3000))
1745 r = PortTestDetectPortAdd(&
head, dp1);
1748 if (!(
head->port == 101))
1750 if (!(
head->port2 == 999))
1758 if (!DetectPortMatch(
head, 150))
1760 if (DetectPortMatch(
head->
next, 1500))
1762 if ((DetectPortMatch(
head, 3500)))
1764 if ((DetectPortMatch(
head, 50)))
1779 static int PortTestFunctions02(
void)
1792 if (r != 0 || dp1->
next == NULL)
1796 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp1);
1801 if (r != 0 || dp2->
next == NULL)
1805 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp2);
1809 if (!(
head->port == 200))
1811 if (!(
head->port2 == 300))
1829 static int PortTestFunctions03(
void)
1845 DetectPortCut(NULL, dp1, dp2, &dp3);
1849 if (!(dp1->
port == 200))
1851 if (!(dp1->
port2 == 249))
1853 if (!(dp2->
port == 250))
1855 if (!(dp2->
port2 == 300))
1864 DetectPortCut(NULL, dp1, dp2, &dp3);
1867 if (!(dp1->
port == 0))
1869 if (!(dp1->
port2 == 249))
1871 if (!(dp2->
port == 250))
1873 if (!(dp2->
port2 == 500))
1875 if (!(dp3->
port == 501))
1877 if (!(dp3->
port2 == 750))
1895 static int PortTestFunctions04(
void)
1908 DetectPortCutNot(dp1, &dp2);
1912 if (!(dp1->
port == 0))
1914 if (!(dp1->
port2 == 199))
1916 if (!(dp2->
port == 301))
1918 if (!(dp2->
port2 == 65535))
1933 static int PortTestFunctions07(
void)
1967 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
1982 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
1988 uint8_t raw_eth_pkt[] = {
1989 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
1990 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
1991 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
1992 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
1993 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
1994 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
1995 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
1996 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
1997 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
1998 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
1999 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
2000 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
2001 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2002 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2003 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2004 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2005 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2006 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2007 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2008 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2009 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2010 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2011 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2012 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2013 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2014 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2015 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2016 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2017 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2018 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2019 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2020 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2021 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2022 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2023 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2024 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2025 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2026 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2027 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2028 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2029 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2030 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2031 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2032 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2033 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2034 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2035 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2036 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2037 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2038 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2039 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2040 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2041 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2042 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2043 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2046 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2053 static int PortTestMatchReal01(
void)
2056 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2057 return PortTestMatchRealWrp(sig, 1);
2063 static int PortTestMatchReal02(
void)
2065 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";"
2066 " content:\"GET\"; sid:1;)";
2067 return PortTestMatchRealWrp(sig, 1);
2073 static int PortTestMatchReal03(
void)
2075 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
2076 " content:\"GET\"; sid:1;)";
2077 return PortTestMatchRealWrp(sig, 1);
2083 static int PortTestMatchReal04(
void)
2085 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";"
2086 " content:\"GET\"; sid:1;)";
2087 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2093 static int PortTestMatchReal05(
void)
2095 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";"
2096 " content:\"GET\"; sid:1;)";
2097 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2103 static int PortTestMatchReal06(
void)
2105 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
2106 " content:\"GET\"; sid:1;)";
2107 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2113 static int PortTestMatchReal07(
void)
2115 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
2116 " content:\"GET\"; sid:1;)";
2117 return PortTestMatchRealWrp(sig, 1);
2123 static int PortTestMatchReal08(
void)
2125 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
2126 " content:\"GET\"; sid:1;)";
2127 return PortTestMatchRealWrp(sig, 1);
2133 static int PortTestMatchReal09(
void)
2135 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
2136 " content:\"GET\"; sid:1;)";
2137 return PortTestMatchRealWrp(sig, 1);
2143 static int PortTestMatchReal10(
void)
2145 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
2146 " content:\"GET\"; sid:1;)";
2147 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2153 static int PortTestMatchReal11(
void)
2155 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
2156 " content:\"GET\"; sid:1;)";
2157 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2163 static int PortTestMatchReal12(
void)
2165 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
2166 " content:\"GET\"; sid:1;)";
2167 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2173 static int PortTestMatchReal13(
void)
2175 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
2176 " content:\"GET\"; sid:1;)";
2177 return PortTestMatchRealWrp(sig, 1);
2183 static int PortTestMatchReal14(
void)
2185 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
2186 " content:\"GET\"; sid:1;)";
2187 return PortTestMatchRealWrp(sig, 1);
2193 static int PortTestMatchReal15(
void)
2195 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
2196 " content:\"GET\"; sid:1;)";
2197 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2203 static int PortTestMatchReal16(
void)
2205 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
2206 " content:\"GET\"; sid:1;)";
2207 return PortTestMatchRealWrp(sig, 1);
2213 static int PortTestMatchReal17(
void)
2215 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
2216 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2217 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2223 static int PortTestMatchReal18(
void)
2225 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
2226 " at all\"; content:\"GET\"; sid:1;)";
2227 return PortTestMatchRealWrp(sig, 1);
2233 static int PortTestMatchReal19(
void)
2235 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";"
2236 " content:\"GET\"; sid:1;)";
2237 return PortTestMatchRealWrp(sig, 1);
2240 static int PortTestMatchDoubleNegation(
void)
2245 if (DetectPortParseDo(NULL, &
head, &nhead,
"![!80]", 0, NULL, 0) == -1)
2248 result = (
head != NULL);
2249 result = (nhead == NULL);
2256 static int DetectPortParseDoTest(
void)
2262 const char *
str =
"[30:50, !45]";
2263 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2278 static int DetectPortParseDoTest2(
void)
2284 const char *
str =
"[30:50, !45]";
2285 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2293 static int PortParseTestLessThan14Spaces(
void)
2295 const char *
str =
" 45";
2305 static int PortParseTest14Spaces(
void)
2307 const char *
str =
" 45";
2317 static int PortParseTestMoreThan14Spaces(
void)
2319 const char *
str =
" 45";
2369 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);
2371 UtRegisterTest(
"DetectPortParseDoTest2", DetectPortParseDoTest2);
2372 UtRegisterTest(
"PortParseTestLessThan14Spaces", PortParseTestLessThan14Spaces);
2374 UtRegisterTest(
"PortParseTestMoreThan14Spaces", PortParseTestMoreThan14Spaces);