60 static bool DetectPortIsValidRange(
char *, uint16_t *);
108 for (cur =
head; cur != NULL; cur = cur->
next) {
131 for (cur =
head; cur != NULL; ) {
167 for (cur = *
head; cur != NULL; cur = cur->
next) {
184 if (cur->
next == NULL) {
196 if (cur->
prev != NULL)
213 r = DetectPortCut(
de_ctx, cur,
new, &c);
265 uint16_t a_port1 = a->
port;
266 uint16_t a_port2 = a->
port2;
267 uint16_t b_port1 = b->
port;
268 uint16_t b_port2 = b->
port2;
291 a->
port2 = b_port1 - 1;
302 tmp_c->
port = a_port2 + 1;
303 tmp_c->
port2 = b_port2;
314 a->
port2 = a_port1 - 1;
325 tmp_c->
port = b_port2 + 1;
326 tmp_c->
port2 = a_port2;
347 if (a_port1 == b_port1) {
352 b->
port = a_port2 + 1;
354 }
else if (a_port2 == b_port2) {
357 a->
port2 = a_port1 - 1;
364 a->
port2 = a_port1 - 1;
375 tmp_c->
port = a_port2 + 1;
376 tmp_c->
port2 = b_port2;
397 if (a_port1 == b_port1) {
402 b->
port = b_port2 + 1;
404 }
else if (a_port2 == b_port2) {
408 a->
port2 = b_port1 - 1;
416 a->
port2 = b_port1 - 1;
427 tmp_c->
port = b_port2 + 1;
428 tmp_c->
port2 = a_port2;
454 uint16_t a_port1 = a->
port;
455 uint16_t a_port2 = a->
port2;
460 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
462 a->
port2 = a_port1 - 1;
470 tmp_b->
port = a_port2 + 1;
471 tmp_b->
port2 = 0xFFFF;
474 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
475 a->
port = a_port2 + 1;
478 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
480 a->
port2 = a_port1 - 1;
507 uint16_t a_port1 = a->
port;
508 uint16_t a_port2 = a->
port2;
509 uint16_t b_port1 = b->
port;
510 uint16_t b_port2 = b->
port2;
513 if (a_port1 == b_port1 && a_port2 == b_port2) {
517 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
521 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
524 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
527 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
530 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
533 }
else if (a_port1 > b_port2) {
576 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
578 if (port >= dp->
port &&
619 if (DetectPortMatch(p, port) == 1) {
644 while (item != NULL && it != NULL) {
654 if (!(item == NULL && it == NULL)) {
692 bool is_port_any =
false;
711 if (DetectPortCutNot(port, &port2) < 0) {
717 if (DetectPortParseInsert(
head, port2) < 0) {
725 r = DetectPortParseInsert(
head, port);
730 if (r == 1 && is_port_any) {
731 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
734 if (port_any == NULL)
737 if (DetectPortParseInsert(
head, port_any) < 0)
744 SCLogError(
"DetectPortParseInsertString error");
747 if (port_any != NULL)
776 const char *
s,
int negate,
777 ResolvedVariablesList *var_list,
int recur)
781 int o_set = 0, n_set = 0, d_set = 0;
784 size_t size = strlen(
s);
785 char port[1024] =
"";
786 const char *rule_var_port = NULL;
791 "limit reached (max 64)");
797 for (u = 0, x = 0; u < size && x <
sizeof(port); u++) {
804 if (range == 1 &&
s[u] ==
'!') {
805 SCLogError(
"Can't have a negated value in a range.");
807 }
else if (!o_set &&
s[u] ==
'!') {
811 }
else if (
s[u] ==
'[') {
817 }
else if (
s[u] ==
']') {
820 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
823 r = DetectPortParseDo(
824 de_ctx,
head, nhead, port, negate ? negate : n_set, var_list, recur);
832 }
else if (depth == 0 &&
s[u] ==
',') {
835 }
else if (d_set == 1) {
836 char *temp_rule_var_port = NULL,
837 *alloc_rule_var_port = NULL;
842 if (rule_var_port == NULL)
844 if (strlen(rule_var_port) == 0) {
846 "to nothing. This is likely a misconfiguration. "
847 "Note that a negated port needs to be quoted, "
848 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
852 if (negate == 1 || n_set == 1) {
853 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
854 if (
unlikely(alloc_rule_var_port == NULL))
856 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
857 "[%s]", rule_var_port);
859 alloc_rule_var_port =
SCStrdup(rule_var_port);
860 if (
unlikely(alloc_rule_var_port == NULL))
863 temp_rule_var_port = alloc_rule_var_port;
864 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
865 (negate + n_set) % 2, var_list, recur);
867 SCFree(alloc_rule_var_port);
872 SCFree(alloc_rule_var_port);
875 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
877 if (negate == 0 && n_set == 0) {
878 r = DetectPortParseInsertString(
de_ctx,
head, port);
880 r = DetectPortParseInsertString(
de_ctx, nhead, port);
889 }
else if (depth == 0 &&
s[u] ==
'$') {
891 }
else if (depth == 0 && u == size-1) {
902 "groups declaration. This is likely a misconfiguration.");
908 char *temp_rule_var_port = NULL,
909 *alloc_rule_var_port = NULL;
912 if (rule_var_port == NULL)
914 if (strlen(rule_var_port) == 0) {
916 "to nothing. This is likely a misconfiguration. "
917 "Note that a negated port needs to be quoted, "
918 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
922 if ((negate + n_set) % 2) {
923 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
924 if (
unlikely(alloc_rule_var_port == NULL))
926 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
927 "[%s]", rule_var_port);
929 alloc_rule_var_port =
SCStrdup(rule_var_port);
930 if (
unlikely(alloc_rule_var_port == NULL))
933 temp_rule_var_port = alloc_rule_var_port;
934 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
935 (negate + n_set) % 2, var_list, recur);
936 SCFree(alloc_rule_var_port);
942 if (!((negate + n_set) % 2)) {
943 r = DetectPortParseInsertString(
de_ctx,
head, port);
945 r = DetectPortParseInsertString(
de_ctx, nhead, port);
951 }
else if (depth == 1 &&
s[u] ==
',') {
958 "properly closed in \"%s\", %d missing closing brackets (]). "
959 "Note: problem might be in a variable.",
962 }
else if (depth < 0) {
964 "properly opened in \"%s\", %d missing opening brackets ([). "
965 "Note: problem might be in a variable.",
980 static int DetectPortIsCompletePortSpace(
DetectPort *p)
982 uint16_t next_port = 0;
987 if (p->
port != 0x0000)
992 if (p->
port2 == 0xFFFF)
995 next_port = p->
port2 + 1;
998 for ( ; p != NULL; p = p->
next) {
999 if (p->
port != next_port)
1002 if (p->
port2 == 0xFFFF)
1005 next_port = p->
port2 + 1;
1028 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1029 SCLogError(
"Complete port space is negated");
1038 if (*
head == NULL && *nhead != NULL) {
1040 r = DetectPortParseInsertString(
de_ctx,
head,
"0:65535");
1047 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1055 r = DetectPortParseInsert(
head, port);
1063 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1067 for (pg2 = *
head; pg2 != NULL;) {
1073 if (pg2->
prev != NULL)
1075 if (pg2->
next != NULL)
1089 for (pg2 = *
head; pg2 != NULL; pg2 = pg2->
next) {
1094 if (*
head == NULL) {
1095 SCLogError(
"no ports left after merging ports with negated ports");
1108 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1113 if (port_vars_node == NULL) {
1127 if (seq_node->
val == NULL) {
1128 SCLogError(
"Port var \"%s\" probably has a sequence(something "
1129 "in brackets) value set without any quotes. Please "
1130 "quote it using \"..\".",
1136 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val,
1143 SCLogError(
"failed to parse port var \"%s\" with value \"%s\". "
1144 "Please check its syntax",
1145 seq_node->
name, seq_node->
val);
1149 if (DetectPortIsCompletePortSpace(ghn)) {
1150 SCLogError(
"Port var - \"%s\" has the complete Port range negated "
1151 "with its value \"%s\". Port space range is NIL. "
1152 "Probably have a !any or a port range that supplies "
1153 "a NULL port range",
1154 seq_node->
name, seq_node->
val);
1198 if (DetectPortParseMergeNotPorts(
de_ctx,
head, &nhead) < 0)
1224 while (isspace(*
str))
1226 if (strlen(
str) >= 16)
1235 char *port = portstr;
1238 if (port[0] ==
'!') {
1243 if ((port2 = strchr(port,
':')) != NULL) {
1248 if (strcmp(port,
"") != 0) {
1249 if (!DetectPortIsValidRange(port, &dp->
port))
1255 if (strcmp(port2,
"") != 0) {
1256 if (!DetectPortIsValidRange(port2, &dp->
port2))
1266 if (strcasecmp(port,
"any") == 0) {
1270 if (!DetectPortIsValidRange(port, &dp->
port))
1294 static bool DetectPortIsValidRange(
char *port, uint16_t *port_val)
1316 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1321 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1340 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1341 void *data2, uint16_t len2)
1346 if (data1 == NULL || data2 == NULL)
1355 static void DetectPortHashFreeFunc(
void *ptr)
1373 DetectPortCompareFunc,
1374 DetectPortHashFreeFunc);
1453 if (*
head != NULL) {
1454 for (cur = *
head; cur != NULL; cur = cur->
next) {
1471 dp->
prev = prev_cur;
1472 if (prev_cur != NULL)
1473 prev_cur->
next = dp;
1485 static int PortTestParse01 (
void)
1497 static int PortTestParse02 (
void)
1511 static int PortTestParse03 (
void)
1525 static int PortTestParse04 (
void)
1538 static int PortTestParse05 (
void)
1556 static int PortTestParse07 (
void)
1576 static int PortTestParse08 (
void)
1590 static int PortTestParse09 (
void)
1608 static int PortTestParse10 (
void)
1611 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1619 static int PortTestParse11 (
void)
1631 static int PortTestParse12 (
void)
1643 static int PortTestParse13 (
void)
1654 static int PortTestParse14 (
void)
1658 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1660 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1676 static int PortTestParse15 (
void)
1693 static int PortTestParse16 (
void)
1697 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1699 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1705 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1707 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1716 static int PortTestFunctions01(
void)
1728 if (!(
head->port == 101))
1730 if (!(
head->port2 == 999))
1736 if (r != 0 || dp1->
next != NULL)
1738 if (!(dp1->
port == 2000))
1740 if (!(dp1->
port2 == 3000))
1744 r = PortTestDetectPortAdd(&
head, dp1);
1747 if (!(
head->port == 101))
1749 if (!(
head->port2 == 999))
1757 if (!DetectPortMatch(
head, 150))
1759 if (DetectPortMatch(
head->
next, 1500))
1761 if ((DetectPortMatch(
head, 3500)))
1763 if ((DetectPortMatch(
head, 50)))
1778 static int PortTestFunctions02(
void)
1791 if (r != 0 || dp1->
next == NULL)
1795 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp1);
1800 if (r != 0 || dp2->
next == NULL)
1804 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp2);
1808 if (!(
head->port == 200))
1810 if (!(
head->port2 == 300))
1828 static int PortTestFunctions03(
void)
1844 DetectPortCut(NULL, dp1, dp2, &dp3);
1848 if (!(dp1->
port == 200))
1850 if (!(dp1->
port2 == 249))
1852 if (!(dp2->
port == 250))
1854 if (!(dp2->
port2 == 300))
1863 DetectPortCut(NULL, dp1, dp2, &dp3);
1866 if (!(dp1->
port == 0))
1868 if (!(dp1->
port2 == 249))
1870 if (!(dp2->
port == 250))
1872 if (!(dp2->
port2 == 500))
1874 if (!(dp3->
port == 501))
1876 if (!(dp3->
port2 == 750))
1894 static int PortTestFunctions04(
void)
1907 DetectPortCutNot(dp1, &dp2);
1911 if (!(dp1->
port == 0))
1913 if (!(dp1->
port2 == 199))
1915 if (!(dp2->
port == 301))
1917 if (!(dp2->
port2 == 65535))
1932 static int PortTestFunctions07(
void)
1966 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
1981 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
1987 uint8_t raw_eth_pkt[] = {
1988 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
1989 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
1990 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
1991 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
1992 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
1993 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
1994 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
1995 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
1996 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
1997 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
1998 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
1999 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
2000 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2001 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2002 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2003 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2004 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2005 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2006 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2007 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2008 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2009 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2010 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2011 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2012 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2013 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2014 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2015 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2016 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2017 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2018 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2019 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2020 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2021 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2022 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2023 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2024 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2025 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2026 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2027 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2028 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2029 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2030 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2031 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2032 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2033 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2034 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2035 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2036 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2037 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2038 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2039 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2040 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2041 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2042 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2045 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2052 static int PortTestMatchReal01(
void)
2055 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2056 return PortTestMatchRealWrp(sig, 1);
2062 static int PortTestMatchReal02(
void)
2064 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";"
2065 " content:\"GET\"; sid:1;)";
2066 return PortTestMatchRealWrp(sig, 1);
2072 static int PortTestMatchReal03(
void)
2074 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
2075 " content:\"GET\"; sid:1;)";
2076 return PortTestMatchRealWrp(sig, 1);
2082 static int PortTestMatchReal04(
void)
2084 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";"
2085 " content:\"GET\"; sid:1;)";
2086 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2092 static int PortTestMatchReal05(
void)
2094 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";"
2095 " content:\"GET\"; sid:1;)";
2096 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2102 static int PortTestMatchReal06(
void)
2104 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
2105 " content:\"GET\"; sid:1;)";
2106 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2112 static int PortTestMatchReal07(
void)
2114 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
2115 " content:\"GET\"; sid:1;)";
2116 return PortTestMatchRealWrp(sig, 1);
2122 static int PortTestMatchReal08(
void)
2124 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
2125 " content:\"GET\"; sid:1;)";
2126 return PortTestMatchRealWrp(sig, 1);
2132 static int PortTestMatchReal09(
void)
2134 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
2135 " content:\"GET\"; sid:1;)";
2136 return PortTestMatchRealWrp(sig, 1);
2142 static int PortTestMatchReal10(
void)
2144 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
2145 " content:\"GET\"; sid:1;)";
2146 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2152 static int PortTestMatchReal11(
void)
2154 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
2155 " content:\"GET\"; sid:1;)";
2156 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2162 static int PortTestMatchReal12(
void)
2164 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
2165 " content:\"GET\"; sid:1;)";
2166 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2172 static int PortTestMatchReal13(
void)
2174 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
2175 " content:\"GET\"; sid:1;)";
2176 return PortTestMatchRealWrp(sig, 1);
2182 static int PortTestMatchReal14(
void)
2184 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
2185 " content:\"GET\"; sid:1;)";
2186 return PortTestMatchRealWrp(sig, 1);
2192 static int PortTestMatchReal15(
void)
2194 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
2195 " content:\"GET\"; sid:1;)";
2196 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2202 static int PortTestMatchReal16(
void)
2204 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
2205 " content:\"GET\"; sid:1;)";
2206 return PortTestMatchRealWrp(sig, 1);
2212 static int PortTestMatchReal17(
void)
2214 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
2215 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2216 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2222 static int PortTestMatchReal18(
void)
2224 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
2225 " at all\"; content:\"GET\"; sid:1;)";
2226 return PortTestMatchRealWrp(sig, 1);
2232 static int PortTestMatchReal19(
void)
2234 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";"
2235 " content:\"GET\"; sid:1;)";
2236 return PortTestMatchRealWrp(sig, 1);
2239 static int PortTestMatchDoubleNegation(
void)
2244 if (DetectPortParseDo(NULL, &
head, &nhead,
"![!80]", 0, NULL, 0) == -1)
2247 result = (
head != NULL);
2248 result = (nhead == NULL);
2255 static int DetectPortParseDoTest(
void)
2261 const char *
str =
"[30:50, !45]";
2262 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2277 static int DetectPortParseDoTest2(
void)
2283 const char *
str =
"[30:50, !45]";
2284 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2292 static int PortParseTestLessThan14Spaces(
void)
2294 const char *
str =
" 45";
2304 static int PortParseTest14Spaces(
void)
2306 const char *
str =
" 45";
2316 static int PortParseTestMoreThan14Spaces(
void)
2318 const char *
str =
" 45";
2368 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);
2370 UtRegisterTest(
"DetectPortParseDoTest2", DetectPortParseDoTest2);
2371 UtRegisterTest(
"PortParseTestLessThan14Spaces", PortParseTestLessThan14Spaces);
2373 UtRegisterTest(
"PortParseTestMoreThan14Spaces", PortParseTestMoreThan14Spaces);