60 static bool DetectPortIsValidRange(
char *, uint16_t *);
108 for (cur =
head; cur != NULL; cur = cur->
next) {
131 for (cur =
head; cur != NULL; ) {
167 for (cur = *
head; cur != NULL; cur = cur->
next) {
184 if (cur->
next == NULL) {
196 if (cur->
prev != NULL)
213 r = DetectPortCut(
de_ctx, cur,
new, &c);
265 uint16_t a_port1 = a->
port;
266 uint16_t a_port2 = a->
port2;
267 uint16_t b_port1 = b->
port;
268 uint16_t b_port2 = b->
port2;
291 a->
port2 = b_port1 - 1;
302 tmp_c->
port = a_port2 + 1;
303 tmp_c->
port2 = b_port2;
314 a->
port2 = a_port1 - 1;
325 tmp_c->
port = b_port2 + 1;
326 tmp_c->
port2 = a_port2;
347 if (a_port1 == b_port1) {
352 b->
port = a_port2 + 1;
354 }
else if (a_port2 == b_port2) {
357 a->
port2 = a_port1 - 1;
364 a->
port2 = a_port1 - 1;
375 tmp_c->
port = a_port2 + 1;
376 tmp_c->
port2 = b_port2;
397 if (a_port1 == b_port1) {
402 b->
port = b_port2 + 1;
404 }
else if (a_port2 == b_port2) {
408 a->
port2 = b_port1 - 1;
416 a->
port2 = b_port1 - 1;
427 tmp_c->
port = b_port2 + 1;
428 tmp_c->
port2 = a_port2;
454 uint16_t a_port1 = a->
port;
455 uint16_t a_port2 = a->
port2;
460 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
462 a->
port2 = a_port1 - 1;
470 tmp_b->
port = a_port2 + 1;
471 tmp_b->
port2 = 0xFFFF;
474 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
475 a->
port = a_port2 + 1;
478 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
480 a->
port2 = a_port1 - 1;
507 uint16_t a_port1 = a->
port;
508 uint16_t a_port2 = a->
port2;
509 uint16_t b_port1 = b->
port;
510 uint16_t b_port2 = b->
port2;
513 if (a_port1 == b_port1 && a_port2 == b_port2) {
517 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
521 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
524 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
527 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
530 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
533 }
else if (a_port1 > b_port2) {
576 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
578 if (port >= dp->
port &&
619 if (DetectPortMatch(p, port) == 1) {
644 while (item != NULL && it != NULL) {
654 if (!(item == NULL && it == NULL)) {
692 bool is_port_any =
false;
711 if (DetectPortCutNot(port, &port2) < 0) {
717 if (DetectPortParseInsert(
head, port2) < 0) {
725 r = DetectPortParseInsert(
head, port);
730 if (r == 1 && is_port_any) {
731 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
734 if (port_any == NULL)
737 if (DetectPortParseInsert(
head, port_any) < 0)
744 SCLogError(
"DetectPortParseInsertString error");
747 if (port_any != NULL)
776 const char *
s,
int negate,
777 ResolvedVariablesList *var_list,
int recur)
781 int o_set = 0, n_set = 0, d_set = 0;
784 size_t size = strlen(
s);
785 char port[1024] =
"";
786 const char *rule_var_port = NULL;
791 "limit reached (max 64)");
797 for (; u < size && x <
sizeof(port); u++) {
804 if (range == 1 &&
s[u] ==
'!') {
805 SCLogError(
"Can't have a negated value in a range.");
807 }
else if (!o_set &&
s[u] ==
'!') {
812 }
else if (
s[u] ==
'[') {
818 }
else if (
s[u] ==
']') {
821 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
824 r = DetectPortParseDo(
825 de_ctx,
head, nhead, port, negate ? negate : n_set, var_list, recur);
833 }
else if (depth == 0 &&
s[u] ==
',') {
836 }
else if (d_set == 1) {
837 char *temp_rule_var_port = NULL,
838 *alloc_rule_var_port = NULL;
843 if (rule_var_port == NULL)
845 if (strlen(rule_var_port) == 0) {
847 "to nothing. This is likely a misconfiguration. "
848 "Note that a negated port needs to be quoted, "
849 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
853 if (negate == 1 || n_set == 1) {
854 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
855 if (
unlikely(alloc_rule_var_port == NULL))
857 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
858 "[%s]", rule_var_port);
860 alloc_rule_var_port =
SCStrdup(rule_var_port);
861 if (
unlikely(alloc_rule_var_port == NULL))
864 temp_rule_var_port = alloc_rule_var_port;
865 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
866 (negate + n_set) % 2, var_list, recur);
868 SCFree(alloc_rule_var_port);
873 SCFree(alloc_rule_var_port);
876 SCLogDebug(
"Parsed port from DetectPortParseDo - %s", port);
878 if (negate == 0 && n_set == 0) {
879 r = DetectPortParseInsertString(
de_ctx,
head, port);
881 r = DetectPortParseInsertString(
de_ctx, nhead, port);
890 }
else if (depth == 0 &&
s[u] ==
'$') {
892 }
else if (depth == 0 && u == size-1) {
903 "groups declaration. This is likely a misconfiguration.");
909 char *temp_rule_var_port = NULL,
910 *alloc_rule_var_port = NULL;
913 if (rule_var_port == NULL)
915 if (strlen(rule_var_port) == 0) {
917 "to nothing. This is likely a misconfiguration. "
918 "Note that a negated port needs to be quoted, "
919 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
923 if ((negate + n_set) % 2) {
924 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
925 if (
unlikely(alloc_rule_var_port == NULL))
927 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
928 "[%s]", rule_var_port);
930 alloc_rule_var_port =
SCStrdup(rule_var_port);
931 if (
unlikely(alloc_rule_var_port == NULL))
934 temp_rule_var_port = alloc_rule_var_port;
935 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
936 (negate + n_set) % 2, var_list, recur);
937 SCFree(alloc_rule_var_port);
943 if (!((negate + n_set) % 2)) {
944 r = DetectPortParseInsertString(
de_ctx,
head, port);
946 r = DetectPortParseInsertString(
de_ctx, nhead, port);
952 }
else if (depth == 1 &&
s[u] ==
',') {
959 "properly closed in \"%s\", %d missing closing brackets (]). "
960 "Note: problem might be in a variable.",
963 }
else if (depth < 0) {
965 "properly opened in \"%s\", %d missing opening brackets ([). "
966 "Note: problem might be in a variable.",
981 static int DetectPortIsCompletePortSpace(
DetectPort *p)
983 uint16_t next_port = 0;
988 if (p->
port != 0x0000)
993 if (p->
port2 == 0xFFFF)
996 next_port = p->
port2 + 1;
999 for ( ; p != NULL; p = p->
next) {
1000 if (p->
port != next_port)
1003 if (p->
port2 == 0xFFFF)
1006 next_port = p->
port2 + 1;
1029 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1030 SCLogError(
"Complete port space is negated");
1039 if (*
head == NULL && *nhead != NULL) {
1041 r = DetectPortParseInsertString(
de_ctx,
head,
"0:65535");
1048 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1056 r = DetectPortParseInsert(
head, port);
1064 for (pg = *nhead; pg != NULL; pg = pg->
next) {
1068 for (pg2 = *
head; pg2 != NULL;) {
1074 if (pg2->
prev != NULL)
1076 if (pg2->
next != NULL)
1090 for (pg2 = *
head; pg2 != NULL; pg2 = pg2->
next) {
1095 if (*
head == NULL) {
1096 SCLogError(
"no ports left after merging ports with negated ports");
1109 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1114 if (port_vars_node == NULL) {
1128 if (seq_node->
val == NULL) {
1129 SCLogError(
"Port var \"%s\" probably has a sequence(something "
1130 "in brackets) value set without any quotes. Please "
1131 "quote it using \"..\".",
1137 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val,
1144 SCLogError(
"failed to parse port var \"%s\" with value \"%s\". "
1145 "Please check its syntax",
1146 seq_node->
name, seq_node->
val);
1150 if (DetectPortIsCompletePortSpace(ghn)) {
1151 SCLogError(
"Port var - \"%s\" has the complete Port range negated "
1152 "with its value \"%s\". Port space range is NIL. "
1153 "Probably have a !any or a port range that supplies "
1154 "a NULL port range",
1155 seq_node->
name, seq_node->
val);
1199 if (DetectPortParseMergeNotPorts(
de_ctx,
head, &nhead) < 0)
1225 while (isspace(*
str))
1227 if (strlen(
str) >= 16)
1236 char *port = portstr;
1239 if (port[0] ==
'!') {
1244 if ((port2 = strchr(port,
':')) != NULL) {
1249 if (strcmp(port,
"") != 0) {
1250 if (!DetectPortIsValidRange(port, &dp->
port))
1256 if (strcmp(port2,
"") != 0) {
1257 if (!DetectPortIsValidRange(port2, &dp->
port2))
1267 if (strcasecmp(port,
"any") == 0) {
1271 if (!DetectPortIsValidRange(port, &dp->
port))
1295 static bool DetectPortIsValidRange(
char *port, uint16_t *port_val)
1317 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1322 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1341 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1342 void *data2, uint16_t len2)
1347 if (data1 == NULL || data2 == NULL)
1356 static void DetectPortHashFreeFunc(
void *ptr)
1374 DetectPortCompareFunc,
1375 DetectPortHashFreeFunc);
1452 if (*
head != NULL) {
1453 for (cur = *
head; cur != NULL; cur = cur->
next) {
1470 dp->
prev = prev_cur;
1471 if (prev_cur != NULL)
1472 prev_cur->
next = dp;
1484 static int PortTestParse01 (
void)
1496 static int PortTestParse02 (
void)
1510 static int PortTestParse03 (
void)
1524 static int PortTestParse04 (
void)
1537 static int PortTestParse05 (
void)
1555 static int PortTestParse07 (
void)
1575 static int PortTestParse08 (
void)
1589 static int PortTestParse09 (
void)
1607 static int PortTestParse10 (
void)
1610 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1618 static int PortTestParse11 (
void)
1630 static int PortTestParse12 (
void)
1642 static int PortTestParse13 (
void)
1653 static int PortTestParse14 (
void)
1657 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1659 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1675 static int PortTestParse15 (
void)
1692 static int PortTestParse16 (
void)
1696 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1698 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1704 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1706 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1715 static int PortTestFunctions01(
void)
1727 if (!(
head->port == 101))
1729 if (!(
head->port2 == 999))
1735 if (r != 0 || dp1->
next != NULL)
1737 if (!(dp1->
port == 2000))
1739 if (!(dp1->
port2 == 3000))
1743 r = PortTestDetectPortAdd(&
head, dp1);
1746 if (!(
head->port == 101))
1748 if (!(
head->port2 == 999))
1756 if (!DetectPortMatch(
head, 150))
1758 if (DetectPortMatch(
head->
next, 1500))
1760 if ((DetectPortMatch(
head, 3500)))
1762 if ((DetectPortMatch(
head, 50)))
1777 static int PortTestFunctions02(
void)
1790 if (r != 0 || dp1->
next == NULL)
1794 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp1);
1799 if (r != 0 || dp2->
next == NULL)
1803 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp2);
1807 if (!(
head->port == 200))
1809 if (!(
head->port2 == 300))
1827 static int PortTestFunctions03(
void)
1843 DetectPortCut(NULL, dp1, dp2, &dp3);
1847 if (!(dp1->
port == 200))
1849 if (!(dp1->
port2 == 249))
1851 if (!(dp2->
port == 250))
1853 if (!(dp2->
port2 == 300))
1862 DetectPortCut(NULL, dp1, dp2, &dp3);
1865 if (!(dp1->
port == 0))
1867 if (!(dp1->
port2 == 249))
1869 if (!(dp2->
port == 250))
1871 if (!(dp2->
port2 == 500))
1873 if (!(dp3->
port == 501))
1875 if (!(dp3->
port2 == 750))
1893 static int PortTestFunctions04(
void)
1906 DetectPortCutNot(dp1, &dp2);
1910 if (!(dp1->
port == 0))
1912 if (!(dp1->
port2 == 199))
1914 if (!(dp2->
port == 301))
1916 if (!(dp2->
port2 == 65535))
1931 static int PortTestFunctions07(
void)
1965 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
1980 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
1986 uint8_t raw_eth_pkt[] = {
1987 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
1988 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
1989 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
1990 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
1991 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
1992 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
1993 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
1994 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
1995 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
1996 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
1997 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
1998 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
1999 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2000 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2001 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2002 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2003 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2004 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2005 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2006 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2007 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2008 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2009 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2010 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2011 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2012 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2013 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2014 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2015 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2016 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2017 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2018 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2019 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2020 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2021 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2022 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2023 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2024 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2025 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2026 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2027 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2028 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2029 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2030 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2031 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2032 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2033 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2034 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2035 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2036 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2037 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2038 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2039 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2040 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2041 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2044 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2051 static int PortTestMatchReal01(
void)
2054 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2055 return PortTestMatchRealWrp(sig, 1);
2061 static int PortTestMatchReal02(
void)
2063 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";"
2064 " content:\"GET\"; sid:1;)";
2065 return PortTestMatchRealWrp(sig, 1);
2071 static int PortTestMatchReal03(
void)
2073 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
2074 " content:\"GET\"; sid:1;)";
2075 return PortTestMatchRealWrp(sig, 1);
2081 static int PortTestMatchReal04(
void)
2083 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";"
2084 " content:\"GET\"; sid:1;)";
2085 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2091 static int PortTestMatchReal05(
void)
2093 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";"
2094 " content:\"GET\"; sid:1;)";
2095 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2101 static int PortTestMatchReal06(
void)
2103 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
2104 " content:\"GET\"; sid:1;)";
2105 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2111 static int PortTestMatchReal07(
void)
2113 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
2114 " content:\"GET\"; sid:1;)";
2115 return PortTestMatchRealWrp(sig, 1);
2121 static int PortTestMatchReal08(
void)
2123 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
2124 " content:\"GET\"; sid:1;)";
2125 return PortTestMatchRealWrp(sig, 1);
2131 static int PortTestMatchReal09(
void)
2133 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
2134 " content:\"GET\"; sid:1;)";
2135 return PortTestMatchRealWrp(sig, 1);
2141 static int PortTestMatchReal10(
void)
2143 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
2144 " content:\"GET\"; sid:1;)";
2145 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2151 static int PortTestMatchReal11(
void)
2153 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
2154 " content:\"GET\"; sid:1;)";
2155 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2161 static int PortTestMatchReal12(
void)
2163 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
2164 " content:\"GET\"; sid:1;)";
2165 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2171 static int PortTestMatchReal13(
void)
2173 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
2174 " content:\"GET\"; sid:1;)";
2175 return PortTestMatchRealWrp(sig, 1);
2181 static int PortTestMatchReal14(
void)
2183 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
2184 " content:\"GET\"; sid:1;)";
2185 return PortTestMatchRealWrp(sig, 1);
2191 static int PortTestMatchReal15(
void)
2193 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
2194 " content:\"GET\"; sid:1;)";
2195 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2201 static int PortTestMatchReal16(
void)
2203 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
2204 " content:\"GET\"; sid:1;)";
2205 return PortTestMatchRealWrp(sig, 1);
2211 static int PortTestMatchReal17(
void)
2213 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
2214 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2215 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2221 static int PortTestMatchReal18(
void)
2223 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
2224 " at all\"; content:\"GET\"; sid:1;)";
2225 return PortTestMatchRealWrp(sig, 1);
2231 static int PortTestMatchReal19(
void)
2233 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";"
2234 " content:\"GET\"; sid:1;)";
2235 return PortTestMatchRealWrp(sig, 1);
2238 static int PortTestMatchDoubleNegation(
void)
2243 if (DetectPortParseDo(NULL, &
head, &nhead,
"![!80]", 0, NULL, 0) == -1)
2246 result = (
head != NULL);
2247 result = (nhead == NULL);
2254 static int DetectPortParseDoTest(
void)
2260 const char *
str =
"[30:50, !45]";
2261 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2276 static int DetectPortParseDoTest2(
void)
2282 const char *
str =
"[30:50, !45]";
2283 int r = DetectPortParseDo(
de_ctx, &
head, &nhead,
str, 0, NULL, 0);
2291 static int PortParseTestLessThan14Spaces(
void)
2293 const char *
str =
" 45";
2303 static int PortParseTest14Spaces(
void)
2305 const char *
str =
" 45";
2315 static int PortParseTestMoreThan14Spaces(
void)
2317 const char *
str =
" 45";
2367 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);
2369 UtRegisterTest(
"DetectPortParseDoTest2", DetectPortParseDoTest2);
2370 UtRegisterTest(
"PortParseTestLessThan14Spaces", PortParseTestLessThan14Spaces);
2372 UtRegisterTest(
"PortParseTestMoreThan14Spaces", PortParseTestMoreThan14Spaces);