60 static bool DetectPortIsValidRange(
char *, uint16_t *);
107 for (cur =
head; cur != NULL; cur = cur->
next) {
113 SCLogDebug(
"= list end (cnt %" PRIu32
")", cnt);
128 for (cur =
head; cur != NULL; ) {
164 for (cur = *
head; cur != NULL; cur = cur->
next) {
182 if (cur->
next == NULL) {
194 if (cur->
prev != NULL)
211 r = DetectPortCut(
de_ctx, cur,
new, &c);
263 uint32_t a_port1 = a->
port;
264 uint32_t a_port2 = a->
port2;
265 uint32_t b_port1 = b->
port;
266 uint32_t b_port2 = b->
port2;
289 a->
port2 = b_port1 - 1;
300 tmp_c->
port = a_port2 + 1;
301 tmp_c->
port2 = b_port2;
315 a->
port2 = a_port1 - 1;
326 tmp_c->
port = b_port2 + 1;
327 tmp_c->
port2 = a_port2;
361 if (a_port1 == b_port1) {
366 b->
port = a_port2 + 1;
372 }
else if (a_port2 == b_port2) {
375 a->
port2 = a_port1 - 1;
394 a->
port2 = a_port1 - 1;
405 tmp_c->
port = a_port2 + 1;
406 tmp_c->
port2 = b_port2;
440 if (a_port1 == b_port1) {
445 b->
port = b_port2 + 1;
456 }
else if (a_port2 == b_port2) {
460 a->
port2 = b_port1 - 1;
471 a->
port2 = b_port1 - 1;
482 tmp_c->
port = b_port2 + 1;
483 tmp_c->
port2 = a_port2;
512 uint16_t a_port1 = a->
port;
513 uint16_t a_port2 = a->
port2;
518 if (a_port1 != 0x0000 && a_port2 != 0xFFFF) {
520 a->
port2 = a_port1 - 1;
523 tmp_b = DetectPortInit();
528 tmp_b->
port = a_port2 + 1;
529 tmp_b->
port2 = 0xFFFF;
532 }
else if (a_port1 == 0x0000 && a_port2 != 0xFFFF) {
533 a->
port = a_port2 + 1;
536 }
else if (a_port1 != 0x0000 && a_port2 == 0xFFFF) {
538 a->
port2 = a_port1 - 1;
565 uint16_t a_port1 = a->
port;
566 uint16_t a_port2 = a->
port2;
567 uint16_t b_port1 = b->
port;
568 uint16_t b_port2 = b->
port2;
571 if (a_port1 == b_port1 && a_port2 == b_port2) {
575 }
else if (a_port1 >= b_port1 && a_port1 <= b_port2 && a_port2 <= b_port2) {
579 }
else if (a_port1 <= b_port1 && a_port2 >= b_port2) {
582 }
else if (a_port1 < b_port1 && a_port2 < b_port2 && a_port2 >= b_port1) {
585 }
else if (a_port1 < b_port1 && a_port2 < b_port2) {
588 }
else if (a_port1 > b_port1 && a_port1 <= b_port2 && a_port2 > b_port2) {
591 }
else if (a_port1 > b_port2) {
637 static int DetectPortMatch(
DetectPort *dp, uint16_t port)
639 if (port >= dp->
port &&
680 if (DetectPortMatch(p, port) == 1) {
705 while (item != NULL && it != NULL) {
715 if (!(item == NULL && it == NULL)) {
753 bool port_any =
false;
772 if (DetectPortCutNot(ad, &ad2) < 0) {
780 if (DetectPortParseInsert(
head, ad2) < 0) {
781 if (ad2 != NULL)
SCFree(ad2);
787 r = DetectPortParseInsert(
head, ad);
792 if (r == 1 && port_any) {
793 SCLogDebug(
"inserting 0:65535 as port is \"any\"");
799 if (DetectPortParseInsert(
head, ad_any) < 0)
838 const char *
s,
int negate,
839 ResolvedVariablesList *var_list,
int recur)
843 int o_set = 0, n_set = 0, d_set = 0;
846 size_t size = strlen(
s);
848 const char *rule_var_port = NULL;
853 "limit reached (max 64)");
859 for (u = 0, x = 0; u < size && x <
sizeof(
address); u++) {
866 if (range == 1 &&
s[u] ==
'!') {
869 }
else if (!o_set &&
s[u] ==
'!') {
873 }
else if (
s[u] ==
'[') {
879 }
else if (
s[u] ==
']') {
886 negate? negate: n_set, var_list, recur);
894 }
else if (depth == 0 &&
s[u] ==
',') {
897 }
else if (d_set == 1) {
898 char *temp_rule_var_port = NULL,
899 *alloc_rule_var_port = NULL;
905 if (rule_var_port == NULL)
907 if (strlen(rule_var_port) == 0) {
909 "to nothing. This is likely a misconfiguration. "
910 "Note that a negated port needs to be quoted, "
911 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
914 if (negate == 1 || n_set == 1) {
915 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
916 if (
unlikely(alloc_rule_var_port == NULL))
918 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
919 "[%s]", rule_var_port);
921 alloc_rule_var_port =
SCStrdup(rule_var_port);
922 if (
unlikely(alloc_rule_var_port == NULL))
925 temp_rule_var_port = alloc_rule_var_port;
926 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
927 (negate + n_set) % 2, var_list, recur);
929 SCFree(alloc_rule_var_port);
934 SCFree(alloc_rule_var_port);
939 if (negate == 0 && n_set == 0) {
951 }
else if (depth == 0 &&
s[u] ==
'$') {
953 }
else if (depth == 0 && u == size-1) {
964 "groups declaration. This is likely a misconfiguration.");
970 char *temp_rule_var_port = NULL,
971 *alloc_rule_var_port = NULL;
975 if (rule_var_port == NULL)
977 if (strlen(rule_var_port) == 0) {
979 "to nothing. This is likely a misconfiguration. "
980 "Note that a negated port needs to be quoted, "
981 "\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
984 if ((negate + n_set) % 2) {
985 alloc_rule_var_port =
SCMalloc(strlen(rule_var_port) + 3);
986 if (
unlikely(alloc_rule_var_port == NULL))
988 snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
989 "[%s]", rule_var_port);
991 alloc_rule_var_port =
SCStrdup(rule_var_port);
992 if (
unlikely(alloc_rule_var_port == NULL))
995 temp_rule_var_port = alloc_rule_var_port;
996 r = DetectPortParseDo(
de_ctx,
head, nhead, temp_rule_var_port,
997 (negate + n_set) % 2, var_list, recur);
998 SCFree(alloc_rule_var_port);
1004 if (!((negate + n_set) % 2)) {
1013 }
else if (depth == 1 &&
s[u] ==
',') {
1020 "properly closed in \"%s\", %d missing closing brackets (]). "
1021 "Note: problem might be in a variable.",
s, depth);
1023 }
else if (depth < 0) {
1025 "properly opened in \"%s\", %d missing opening brackets ([). "
1026 "Note: problem might be in a variable.",
s, depth*-1);
1040 static int DetectPortIsCompletePortSpace(
DetectPort *p)
1042 uint16_t next_port = 0;
1047 if (p->
port != 0x0000)
1052 if (p->
port2 == 0xFFFF)
1055 next_port = p->
port2 + 1;
1058 for ( ; p != NULL; p = p->
next) {
1059 if (p->
port != next_port)
1062 if (p->
port2 == 0xFFFF)
1065 next_port = p->
port2 + 1;
1088 if (DetectPortIsCompletePortSpace(*nhead) == 1) {
1098 if (*
head == NULL && *nhead != NULL) {
1100 r = DetectPortParseInsertString(
de_ctx,
head,
"0:65535");
1107 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1115 r = DetectPortParseInsert(
head, ad);
1123 for (ag = *nhead; ag != NULL; ag = ag->
next) {
1127 for (ag2 = *
head; ag2 != NULL; ) {
1133 if (ag2->
prev == NULL) {
1139 if (ag2->
next != NULL) {
1152 for (ag2 = *
head; ag2 != NULL; ag2 = ag2->
next) {
1157 if (*
head == NULL) {
1171 SCLogDebug(
"Testing port conf vars for any misconfigured values");
1176 if (port_vars_node == NULL) {
1190 if (seq_node->
val == NULL) {
1192 "Port var \"%s\" probably has a sequence(something "
1193 "in brackets) value set without any quotes. Please "
1194 "quote it using \"..\".", seq_node->
name);
1199 int r = DetectPortParseDo(NULL, &gh, &ghn, seq_node->
val,
1207 "failed to parse port var \"%s\" with value \"%s\". "
1208 "Please check its syntax",
1209 seq_node->
name, seq_node->
val);
1213 if (DetectPortIsCompletePortSpace(ghn)) {
1215 "Port var - \"%s\" has the complete Port range negated "
1216 "with its value \"%s\". Port space range is NIL. "
1217 "Probably have a !any or a port range that supplies "
1218 "a NULL address range",
1219 seq_node->
name, seq_node->
val);
1263 if (DetectPortParseMergeNotPorts(
de_ctx,
head, &nhead) < 0)
1296 char *port = portstr;
1299 if (port[0] ==
'!') {
1305 if ((port2 = strchr(port,
':')) != NULL) {
1310 if (strcmp(port,
"") != 0) {
1311 if (!DetectPortIsValidRange(port, &dp->
port))
1317 if (strcmp(port2,
"") != 0) {
1318 if (!DetectPortIsValidRange(port2, &dp->
port2))
1328 if (strcasecmp(port,
"any") == 0) {
1332 if (!DetectPortIsValidRange(port, &dp->
port))
1356 static bool DetectPortIsValidRange(
char *port, uint16_t *port_val)
1378 static uint32_t DetectPortHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
1383 uint32_t hash = ((uint32_t)p->
port << 16) | p->
port2;
1402 static char DetectPortCompareFunc(
void *data1, uint16_t len1,
1403 void *data2, uint16_t len2)
1408 if (data1 == NULL || data2 == NULL)
1417 static void DetectPortHashFreeFunc(
void *ptr)
1435 DetectPortCompareFunc,
1436 DetectPortHashFreeFunc);
1513 if (*
head != NULL) {
1514 for (cur = *
head; cur != NULL; cur = cur->
next) {
1531 dp->
prev = prev_cur;
1532 if (prev_cur != NULL)
1533 prev_cur->
next = dp;
1545 static int PortTestParse01 (
void)
1557 static int PortTestParse02 (
void)
1571 static int PortTestParse03 (
void)
1585 static int PortTestParse04 (
void)
1598 static int PortTestParse05 (
void)
1616 static int PortTestParse07 (
void)
1636 static int PortTestParse08 (
void)
1650 static int PortTestParse09 (
void)
1668 static int PortTestParse10 (
void)
1671 int r =
DetectPortParse(NULL,&dd,
"77777777777777777777777777777777777777777777");
1679 static int PortTestParse11 (
void)
1691 static int PortTestParse12 (
void)
1703 static int PortTestParse13 (
void)
1714 static int PortTestParse14 (
void)
1718 int r = DetectPortParseInsertString(NULL, &dd,
"0:100");
1720 r = DetectPortParseInsertString(NULL, &dd,
"1000:65535");
1736 static int PortTestParse15 (
void)
1753 static int PortTestParse16 (
void)
1757 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1759 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1765 [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\
1767 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\
1776 static int PortTestFunctions01(
void)
1788 if (!(
head->port == 101))
1790 if (!(
head->port2 == 999))
1796 if (r != 0 || dp1->
next != NULL)
1798 if (!(dp1->
port == 2000))
1800 if (!(dp1->
port2 == 3000))
1804 r = PortTestDetectPortAdd(&
head, dp1);
1807 if (!(
head->port == 101))
1809 if (!(
head->port2 == 999))
1817 if (!DetectPortMatch(
head, 150))
1819 if (DetectPortMatch(
head->
next, 1500))
1821 if ((DetectPortMatch(
head, 3500)))
1823 if ((DetectPortMatch(
head, 50)))
1838 static int PortTestFunctions02(
void)
1851 if (r != 0 || dp1->
next == NULL)
1855 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp1);
1860 if (r != 0 || dp2->
next == NULL)
1864 r = DetectPortParseMergeNotPorts(NULL, &
head, &dp2);
1868 if (!(
head->port == 200))
1870 if (!(
head->port2 == 300))
1888 static int PortTestFunctions03(
void)
1904 DetectPortCut(NULL, dp1, dp2, &dp3);
1908 if (!(dp1->
port == 200))
1910 if (!(dp1->
port2 == 249))
1912 if (!(dp2->
port == 250))
1914 if (!(dp2->
port2 == 300))
1923 DetectPortCut(NULL, dp1, dp2, &dp3);
1926 if (!(dp1->
port == 0))
1928 if (!(dp1->
port2 == 249))
1930 if (!(dp2->
port == 250))
1932 if (!(dp2->
port2 == 500))
1934 if (!(dp3->
port == 501))
1936 if (!(dp3->
port2 == 750))
1954 static int PortTestFunctions04(
void)
1964 dp2 = DetectPortInit();
1967 DetectPortCutNot(dp1, &dp2);
1971 if (!(dp1->
port == 0))
1973 if (!(dp1->
port2 == 199))
1975 if (!(dp2->
port == 301))
1977 if (!(dp2->
port2 == 65535))
1992 static int PortTestFunctions05(
void)
2002 memset(
s,0x00,
sizeof(
s));
2009 printf(
"r != 0 but %d: ", r);
2016 printf(
"r != 0 but %d: ", r);
2034 for ( ; x != NULL; x = x->
next) {
2044 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2049 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2054 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2070 static int PortTestFunctions06(
void)
2080 memset(
s,0x00,
sizeof(
s));
2087 printf(
"r != 0 but %d: ", r);
2094 printf(
"r != 0 but %d: ", r);
2112 for ( ; x != NULL; x = x->
next) {
2122 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2127 printf(
"sig %d part of 'one', but it shouldn't: ", sig);
2132 printf(
"sig %d part of 'two', but it shouldn't: ", sig);
2148 static int PortTestFunctions07(
void)
2182 static int PortTestMatchReal(uint8_t *raw_eth_pkt, uint16_t pktsize,
const char *sig,
2197 static int PortTestMatchRealWrp(
const char *sig, uint32_t sid)
2203 uint8_t raw_eth_pkt[] = {
2204 0x00,0x50,0x56,0xea,0x00,0xbd,0x00,0x0c,
2205 0x29,0x40,0xc8,0xb5,0x08,0x00,0x45,0x00,
2206 0x01,0xa8,0xb9,0xbb,0x40,0x00,0x40,0x06,
2207 0xe0,0xbf,0xc0,0xa8,0x1c,0x83,0xc0,0xa8,
2208 0x01,0x01,0xb9,0x0a,0x00,0x50,0x6f,0xa2,
2209 0x92,0xed,0x7b,0xc1,0xd3,0x4d,0x50,0x18,
2210 0x16,0xd0,0xa0,0x6f,0x00,0x00,0x47,0x45,
2211 0x54,0x20,0x2f,0x20,0x48,0x54,0x54,0x50,
2212 0x2f,0x31,0x2e,0x31,0x0d,0x0a,0x48,0x6f,
2213 0x73,0x74,0x3a,0x20,0x31,0x39,0x32,0x2e,
2214 0x31,0x36,0x38,0x2e,0x31,0x2e,0x31,0x0d,
2215 0x0a,0x55,0x73,0x65,0x72,0x2d,0x41,0x67,
2216 0x65,0x6e,0x74,0x3a,0x20,0x4d,0x6f,0x7a,
2217 0x69,0x6c,0x6c,0x61,0x2f,0x35,0x2e,0x30,
2218 0x20,0x28,0x58,0x31,0x31,0x3b,0x20,0x55,
2219 0x3b,0x20,0x4c,0x69,0x6e,0x75,0x78,0x20,
2220 0x78,0x38,0x36,0x5f,0x36,0x34,0x3b,0x20,
2221 0x65,0x6e,0x2d,0x55,0x53,0x3b,0x20,0x72,
2222 0x76,0x3a,0x31,0x2e,0x39,0x2e,0x30,0x2e,
2223 0x31,0x34,0x29,0x20,0x47,0x65,0x63,0x6b,
2224 0x6f,0x2f,0x32,0x30,0x30,0x39,0x30,0x39,
2225 0x30,0x32,0x31,0x37,0x20,0x55,0x62,0x75,
2226 0x6e,0x74,0x75,0x2f,0x39,0x2e,0x30,0x34,
2227 0x20,0x28,0x6a,0x61,0x75,0x6e,0x74,0x79,
2228 0x29,0x20,0x46,0x69,0x72,0x65,0x66,0x6f,
2229 0x78,0x2f,0x33,0x2e,0x30,0x2e,0x31,0x34,
2230 0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,0x74,
2231 0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,
2232 0x74,0x6d,0x6c,0x2c,0x61,0x70,0x70,0x6c,
2233 0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x2f,
2234 0x78,0x68,0x74,0x6d,0x6c,0x2b,0x78,0x6d,
2235 0x6c,0x2c,0x61,0x70,0x70,0x6c,0x69,0x63,
2236 0x61,0x74,0x69,0x6f,0x6e,0x2f,0x78,0x6d,
2237 0x6c,0x3b,0x71,0x3d,0x30,0x2e,0x39,0x2c,
2238 0x2a,0x2f,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2239 0x38,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2240 0x74,0x2d,0x4c,0x61,0x6e,0x67,0x75,0x61,
2241 0x67,0x65,0x3a,0x20,0x65,0x6e,0x2d,0x75,
2242 0x73,0x2c,0x65,0x6e,0x3b,0x71,0x3d,0x30,
2243 0x2e,0x35,0x0d,0x0a,0x41,0x63,0x63,0x65,
2244 0x70,0x74,0x2d,0x45,0x6e,0x63,0x6f,0x64,
2245 0x69,0x6e,0x67,0x3a,0x20,0x67,0x7a,0x69,
2246 0x70,0x2c,0x64,0x65,0x66,0x6c,0x61,0x74,
2247 0x65,0x0d,0x0a,0x41,0x63,0x63,0x65,0x70,
2248 0x74,0x2d,0x43,0x68,0x61,0x72,0x73,0x65,
2249 0x74,0x3a,0x20,0x49,0x53,0x4f,0x2d,0x38,
2250 0x38,0x35,0x39,0x2d,0x31,0x2c,0x75,0x74,
2251 0x66,0x2d,0x38,0x3b,0x71,0x3d,0x30,0x2e,
2252 0x37,0x2c,0x2a,0x3b,0x71,0x3d,0x30,0x2e,
2253 0x37,0x0d,0x0a,0x4b,0x65,0x65,0x70,0x2d,
2254 0x41,0x6c,0x69,0x76,0x65,0x3a,0x20,0x33,
2255 0x30,0x30,0x0d,0x0a,0x43,0x6f,0x6e,0x6e,
2256 0x65,0x63,0x74,0x69,0x6f,0x6e,0x3a,0x20,
2257 0x6b,0x65,0x65,0x70,0x2d,0x61,0x6c,0x69,
2258 0x76,0x65,0x0d,0x0a,0x0d,0x0a };
2261 return PortTestMatchReal(raw_eth_pkt, (uint16_t)
sizeof(raw_eth_pkt),
2268 static int PortTestMatchReal01(
void)
2271 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2272 return PortTestMatchRealWrp(sig, 1);
2278 static int PortTestMatchReal02(
void)
2280 const char *sig =
"alert tcp any 47370 -> any any (msg:\"Nothing..\";"
2281 " content:\"GET\"; sid:1;)";
2282 return PortTestMatchRealWrp(sig, 1);
2288 static int PortTestMatchReal03(
void)
2290 const char *sig =
"alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
2291 " content:\"GET\"; sid:1;)";
2292 return PortTestMatchRealWrp(sig, 1);
2298 static int PortTestMatchReal04(
void)
2300 const char *sig =
"alert tcp any any -> any !80 (msg:\"Nothing..\";"
2301 " content:\"GET\"; sid:1;)";
2302 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2308 static int PortTestMatchReal05(
void)
2310 const char *sig =
"alert tcp any !47370 -> any any (msg:\"Nothing..\";"
2311 " content:\"GET\"; sid:1;)";
2312 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2318 static int PortTestMatchReal06(
void)
2320 const char *sig =
"alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
2321 " content:\"GET\"; sid:1;)";
2322 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2328 static int PortTestMatchReal07(
void)
2330 const char *sig =
"alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
2331 " content:\"GET\"; sid:1;)";
2332 return PortTestMatchRealWrp(sig, 1);
2338 static int PortTestMatchReal08(
void)
2340 const char *sig =
"alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
2341 " content:\"GET\"; sid:1;)";
2342 return PortTestMatchRealWrp(sig, 1);
2348 static int PortTestMatchReal09(
void)
2350 const char *sig =
"alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
2351 " content:\"GET\"; sid:1;)";
2352 return PortTestMatchRealWrp(sig, 1);
2358 static int PortTestMatchReal10(
void)
2360 const char *sig =
"alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
2361 " content:\"GET\"; sid:1;)";
2362 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2368 static int PortTestMatchReal11(
void)
2370 const char *sig =
"alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
2371 " content:\"GET\"; sid:1;)";
2372 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2378 static int PortTestMatchReal12(
void)
2380 const char *sig =
"alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
2381 " content:\"GET\"; sid:1;)";
2382 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2388 static int PortTestMatchReal13(
void)
2390 const char *sig =
"alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
2391 " content:\"GET\"; sid:1;)";
2392 return PortTestMatchRealWrp(sig, 1);
2398 static int PortTestMatchReal14(
void)
2400 const char *sig =
"alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
2401 " content:\"GET\"; sid:1;)";
2402 return PortTestMatchRealWrp(sig, 1);
2408 static int PortTestMatchReal15(
void)
2410 const char *sig =
"alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
2411 " content:\"GET\"; sid:1;)";
2412 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2418 static int PortTestMatchReal16(
void)
2420 const char *sig =
"alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
2421 " content:\"GET\"; sid:1;)";
2422 return PortTestMatchRealWrp(sig, 1);
2428 static int PortTestMatchReal17(
void)
2430 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
2431 "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
2432 return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
2438 static int PortTestMatchReal18(
void)
2440 const char *sig =
"alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
2441 " at all\"; content:\"GET\"; sid:1;)";
2442 return PortTestMatchRealWrp(sig, 1);
2448 static int PortTestMatchReal19(
void)
2450 const char *sig =
"alert tcp any any -> any 80 (msg:\"Nothing..\";"
2451 " content:\"GET\"; sid:1;)";
2452 return PortTestMatchRealWrp(sig, 1);
2455 static int PortTestMatchDoubleNegation(
void)
2460 if (DetectPortParseDo(NULL, &
head, &nhead,
"![!80]", 0, NULL, 0) == -1)
2463 result = (
head != NULL);
2464 result = (nhead == NULL);
2512 UtRegisterTest(
"PortTestMatchDoubleNegation", PortTestMatchDoubleNegation);