suricata
detect-fast-pattern.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  *
23  * Implements the fast_pattern keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "flow.h"
29 #include "detect-content.h"
30 #include "detect-parse.h"
31 #include "detect-engine.h"
32 #include "detect-engine-mpm.h"
33 #include "detect-fast-pattern.h"
34 
35 #include "util-error.h"
36 #include "util-debug.h"
37 #include "util-unittest.h"
38 #include "util-unittest-helper.h"
39 
40 #define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$"
41 
42 static pcre *parse_regex = NULL;
43 static pcre_extra *parse_regex_study = NULL;
44 
45 static int DetectFastPatternSetup(DetectEngineCtx *, Signature *, const char *);
47 
48 /* holds the list of sm match lists that need to be searched for a keyword
49  * that has fp support */
51 
52 /**
53  * \brief Checks if a particular list(Signature->sm_lists[]) is in the list
54  * of lists that need to be searched for a keyword that has fp support.
55  *
56  * \param list_id The list id.
57  *
58  * \retval 1 If supported.
59  * \retval 0 If not.
60  */
62  const int list_id)
63 {
64  if (sm_fp_support_smlist_list == NULL)
65  return 0;
66 
67  if (list_id == DETECT_SM_LIST_PMATCH)
68  return 1;
69 
70  return DetectBufferTypeSupportsMpmGetById(de_ctx, list_id);
71 
72 #if 0
74  while (tmp_smlist_fp != NULL) {
75  if (tmp_smlist_fp->list_id == list_id)
76  return 1;
77 
78  tmp_smlist_fp = tmp_smlist_fp->next;
79  }
80 #endif
81  return 0;
82 }
83 
84 /**
85  * \brief Lets one add a sm list id to be searched for potential fp supported
86  * keywords later.
87  *
88  * \param list_id SM list id.
89  * \param priority Priority for this list.
90  */
91 void SupportFastPatternForSigMatchList(int list_id, int priority)
92 {
93  SCFPSupportSMList *ip = NULL;
94  /* insertion point - ip */
95  for (SCFPSupportSMList *tmp = sm_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) {
96  if (list_id == tmp->list_id) {
97  SCLogDebug("SM list already registered.");
98  return;
99  }
100 
101  if (priority <= tmp->priority)
102  break;
103 
104  ip = tmp;
105  }
106 
107  if (sm_fp_support_smlist_list == NULL) {
109  if (unlikely(new == NULL))
110  exit(EXIT_FAILURE);
111  memset(new, 0, sizeof(SCFPSupportSMList));
112  new->list_id = list_id;
113  new->priority = priority;
114 
115  sm_fp_support_smlist_list = new;
116 
117  return;
118  }
119 
121  if (unlikely(new == NULL))
122  exit(EXIT_FAILURE);
123  memset(new, 0, sizeof(SCFPSupportSMList));
124  new->list_id = list_id;
125  new->priority = priority;
126  if (ip == NULL) {
127  new->next = sm_fp_support_smlist_list;
128  sm_fp_support_smlist_list = new;
129  } else {
130  new->next = ip->next;
131  ip->next = new;
132  }
133 
134  return;
135 }
136 
137 /**
138  * \brief Registers the keywords(SMs) that should be given fp support.
139  */
141 {
143 
144  /* other types are handled by DetectMpmAppLayerRegister() */
145 
146 #if 0
148  while (tmp != NULL) {
149  printf("%d - %d\n", tmp->list_id, tmp->priority);
150 
151  tmp = tmp->next;
152  }
153 #endif
154 
155  return;
156 }
157 
158 /**
159  * \brief Registration function for fast_pattern keyword
160  */
162 {
163  sigmatch_table[DETECT_FAST_PATTERN].name = "fast_pattern";
164  sigmatch_table[DETECT_FAST_PATTERN].desc = "force using preceding content in the multi pattern matcher";
165  sigmatch_table[DETECT_FAST_PATTERN].url = DOC_URL DOC_VERSION "/rules/prefilter-keywords.html#fast-pattern";
167  sigmatch_table[DETECT_FAST_PATTERN].Setup = DetectFastPatternSetup;
170 
172 
173  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
174 }
175 
176 //static int DetectFastPatternParseArg(
177 
178 /**
179  * \brief Configures the previous content context for a fast_pattern modifier
180  * keyword used in the rule.
181  *
182  * \param de_ctx Pointer to the Detection Engine Context.
183  * \param s Pointer to the Signature to which the current keyword belongs.
184  * \param null_str Should hold an empty string always.
185  *
186  * \retval 0 On success.
187  * \retval -1 On failure.
188  */
189 static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
190 {
191 #define MAX_SUBSTRINGS 30
192  int ret = 0, res = 0;
193  int ov[MAX_SUBSTRINGS];
194  char arg_substr[128] = "";
195  DetectContentData *cd = NULL;
196 
197  SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
199  if (pm1 == NULL && pm2 == NULL) {
200  SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
201  "the rule, without a content context. Please use a "
202  "content based keyword before using fast_pattern");
203  return -1;
204  }
205 
206  SigMatch *pm = NULL;
207  if (pm1 && pm2) {
208  if (pm1->idx > pm2->idx)
209  pm = pm1;
210  else
211  pm = pm2;
212  } else if (pm1 && !pm2) {
213  pm = pm1;
214  } else {
215  pm = pm2;
216  }
217 
218  cd = (DetectContentData *)pm->ctx;
219  if ((cd->flags & DETECT_CONTENT_NEGATED) &&
220  ((cd->flags & DETECT_CONTENT_DISTANCE) ||
221  (cd->flags & DETECT_CONTENT_WITHIN) ||
222  (cd->flags & DETECT_CONTENT_OFFSET) ||
223  (cd->flags & DETECT_CONTENT_DEPTH))) {
224 
225  /* we can't have any of these if we are having "only" */
226  SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be "
227  "used with negated content, along with relative modifiers");
228  goto error;
229  }
230 
231  if (arg == NULL|| strcmp(arg, "") == 0) {
233  SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple fast_pattern "
234  "options for the same content");
235  goto error;
236  }
237  else { /*allow only one content to have fast_pattern modifier*/
238  uint32_t list_id = 0;
239  for (list_id = 0; list_id < s->init_data->smlists_array_size; list_id++) {
240  SigMatch *sm = NULL;
241  for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
242  if (sm->type == DETECT_CONTENT) {
243  DetectContentData *tmp_cd = (DetectContentData *)sm->ctx;
244  if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) {
245  SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern "
246  "can be used on only one content in a rule");
247  goto error;
248  }
249  }
250  } /* for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) */
251  }
252  }
254  return 0;
255  }
256 
257  /* Execute the regex and populate args with captures. */
258  ret = pcre_exec(parse_regex, parse_regex_study, arg,
259  strlen(arg), 0, 0, ov, MAX_SUBSTRINGS);
260  /* fast pattern only */
261  if (ret == 2) {
262  if ((cd->flags & DETECT_CONTENT_NEGATED) ||
263  (cd->flags & DETECT_CONTENT_DISTANCE) ||
264  (cd->flags & DETECT_CONTENT_WITHIN) ||
265  (cd->flags & DETECT_CONTENT_OFFSET) ||
266  (cd->flags & DETECT_CONTENT_DEPTH)) {
267 
268  /* we can't have any of these if we are having "only" */
269  SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be "
270  "used with negated content or with any of the relative "
271  "modifiers like distance, within, offset, depth");
272  goto error;
273  }
275 
276  /* fast pattern chop */
277  } else if (ret == 4) {
278  res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
279  2, arg_substr, sizeof(arg_substr));
280  if (res < 0) {
281  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
282  "for fast_pattern offset");
283  goto error;
284  }
285  int offset = atoi(arg_substr);
286  if (offset > 65535) {
287  SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern offset exceeds "
288  "limit");
289  goto error;
290  }
291 
292  res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS,
293  3, arg_substr, sizeof(arg_substr));
294  if (res < 0) {
295  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
296  "for fast_pattern offset");
297  goto error;
298  }
299  int length = atoi(arg_substr);
300  if (length > 65535) {
301  SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern length exceeds "
302  "limit");
303  goto error;
304  }
305 
306  if (offset + length > 65535) {
307  SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + offset) "
308  "exceeds limit pattern length limit");
309  goto error;
310  }
311 
312  if (offset + length > cd->content_len) {
313  SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + "
314  "offset (%u)) exceeds pattern length (%u)",
315  offset + length, cd->content_len);
316  goto error;
317  }
318 
319  cd->fp_chop_offset = offset;
320  cd->fp_chop_len = length;
322 
323  } else {
324  SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
325  ", string %s", ret, arg);
326  goto error;
327  }
328 
329  //int args;
330  //args = 0;
331  //printf("ret-%d\n", ret);
332  //for (args = 0; args < ret; args++) {
333  // res = pcre_get_substring((char *)arg, ov, MAX_SUBSTRINGS,
334  // args, &arg_substr);
335  // if (res < 0) {
336  // SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed "
337  // "for arg 1");
338  // goto error;
339  // }
340  // printf("%d-%s\n", args, arg_substr);
341  //}
342 
344 
345  return 0;
346 
347  error:
348  return -1;
349 }
350 
351 /*----------------------------------Unittests---------------------------------*/
352 
353 #ifdef UNITTESTS
354 static int g_file_data_buffer_id = 0;
355 static int g_http_method_buffer_id = 0;
356 static int g_http_uri_buffer_id = 0;
357 static int g_http_ua_buffer_id = 0;
358 static int g_http_cookie_buffer_id = 0;
359 static int g_http_host_buffer_id = 0;
360 static int g_http_raw_host_buffer_id = 0;
361 static int g_http_stat_code_buffer_id = 0;
362 static int g_http_stat_msg_buffer_id = 0;
363 static int g_http_raw_header_buffer_id = 0;
364 static int g_http_header_buffer_id = 0;
365 static int g_http_client_body_buffer_id = 0;
366 static int g_http_raw_uri_buffer_id = 0;
367 
368 /**
369  * \test Checks if a fast_pattern is registered in a Signature
370  */
371 static int DetectFastPatternTest01(void)
372 {
373  SigMatch *sm = NULL;
374  DetectEngineCtx *de_ctx = NULL;
375  int result = 0;
376 
377  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
378  goto end;
379 
380  de_ctx->flags |= DE_QUIET;
381  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
382  "(content:\"/one/\"; tcpv4-csum:valid; fast_pattern; "
383  "msg:\"Testing fast_pattern\"; sid:1;)");
384  if (de_ctx->sig_list == NULL)
385  goto end;
386 
387  result = 0;
388  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
389  while (sm != NULL) {
390  if (sm->type == DETECT_CONTENT) {
391  if ( ((DetectContentData *)sm->ctx)->flags &
393  result = 1;
394  break;
395  } else {
396  result = 0;
397  break;
398  }
399  }
400  sm = sm->next;
401  }
402 
403  end:
404  SigCleanSignatures(de_ctx);
405  DetectEngineCtxFree(de_ctx);
406  return result;
407 }
408 
409 /**
410  * \test Checks if a fast_pattern is registered in a Signature
411  */
412 static int DetectFastPatternTest02(void)
413 {
414  DetectEngineCtx *de_ctx = NULL;
415  int result = 0;
416 
417  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
418  goto end;
419 
420  de_ctx->flags |= DE_QUIET;
421  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
422  "(content:\"/one/\"; fast_pattern; "
423  "content:\"boo\"; fast_pattern; "
424  "msg:\"Testing fast_pattern\"; sid:1;)");
425  if (de_ctx->sig_list != NULL)
426  goto end;
427 
428  result = 1;
429 
430  end:
431  SigCleanSignatures(de_ctx);
432  DetectEngineCtxFree(de_ctx);
433  return result;
434 }
435 
436 /**
437  * \test Checks that we have no fast_pattern registerd for a Signature when the
438  * Signature doesn't contain a fast_pattern
439  */
440 static int DetectFastPatternTest03(void)
441 {
442  SigMatch *sm = NULL;
443  DetectEngineCtx *de_ctx = NULL;
444  int result = 0;
445 
446  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
447  goto end;
448 
449  de_ctx->flags |= DE_QUIET;
450  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
451  "(content:\"/one/\"; "
452  "msg:\"Testing fast_pattern\"; sid:1;)");
453  if (de_ctx->sig_list == NULL)
454  goto end;
455 
456  result = 0;
457  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
458  while (sm != NULL) {
459  if (sm->type == DETECT_CONTENT) {
460  if ( !(((DetectContentData *)sm->ctx)->flags &
462  result = 1;
463  } else {
464  result = 0;
465  break;
466  }
467  }
468  sm = sm->next;
469  }
470 
471  end:
472  SigCleanSignatures(de_ctx);
473  DetectEngineCtxFree(de_ctx);
474  return result;
475 }
476 
477 /**
478  * \test Checks that a fast_pattern is not registered in a Signature, when we
479  * supply a fast_pattern with an argument
480  */
481 static int DetectFastPatternTest04(void)
482 {
483  DetectEngineCtx *de_ctx = NULL;
484  int result = 0;
485 
486  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
487  goto end;
488 
489  de_ctx->flags |= DE_QUIET;
490  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
491  "(content:\"/one/\"; fast_pattern:boo; "
492  "msg:\"Testing fast_pattern\"; sid:1;)");
493  if (de_ctx->sig_list == NULL)
494  result = 1;
495 
496  end:
497  SigCleanSignatures(de_ctx);
498  DetectEngineCtxFree(de_ctx);
499  return result;
500 }
501 
502 /**
503  * \test Checks to make sure that other sigs work that should when fast_pattern is inspecting on the same payload
504  *
505  */
506 static int DetectFastPatternTest14(void)
507 {
508  uint8_t *buf = (uint8_t *) "Dummy is our name. Oh yes. From right here "
509  "right now, all the way to hangover. right. strings5_imp now here "
510  "comes our dark knight strings_string5. Yes here is our dark knight";
511  uint16_t buflen = strlen((char *)buf);
512  Packet *p = NULL;
513  ThreadVars th_v;
514  DetectEngineThreadCtx *det_ctx = NULL;
515  int alertcnt = 0;
516  int result = 0;
517 
518  memset(&th_v, 0, sizeof(th_v));
519  p = UTHBuildPacket(buf,buflen,IPPROTO_TCP);
520 
522  if (de_ctx == NULL)
523  goto end;
524 
526 
527  de_ctx->flags |= DE_QUIET;
528 
529  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
530  "(msg:\"fast_pattern test\"; content:\"strings_string5\"; content:\"knight\"; fast_pattern; sid:1;)");
531  if (de_ctx->sig_list == NULL)
532  goto end;
533 
534  de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any "
535  "(msg:\"test different content\"; content:\"Dummy is our name\"; sid:2;)");
536  if (de_ctx->sig_list->next == NULL)
537  goto end;
538 
539  SigGroupBuild(de_ctx);
540  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
541 
542  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
543  if (PacketAlertCheck(p, 1)){
544  alertcnt++;
545  }else{
546  SCLogInfo("could not match on sig 1 with when fast_pattern is inspecting payload");
547  goto end;
548  }
549  if (PacketAlertCheck(p, 2)){
550  result = 1;
551  }else{
552  SCLogInfo("match on sig 1 fast_pattern no match sig 2 inspecting same payload");
553  }
554 end:
555  UTHFreePackets(&p, 1);
556  SigGroupCleanup(de_ctx);
557  SigCleanSignatures(de_ctx);
558 
559  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
560 
561  DetectEngineCtxFree(de_ctx);
562  FlowShutdown();
563  return result;
564 }
565 
566 /**
567  * \test Checks if a fast_pattern is registered in a Signature
568  */
569 static int DetectFastPatternTest15(void)
570 {
571  SigMatch *sm = NULL;
572  DetectEngineCtx *de_ctx = NULL;
573  int result = 0;
574 
575  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
576  goto end;
577 
578  de_ctx->flags |= DE_QUIET;
579  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
580  "(content:\"/one/\"; fast_pattern:only; "
581  "msg:\"Testing fast_pattern\"; sid:1;)");
582  if (de_ctx->sig_list == NULL)
583  goto end;
584 
585  result = 0;
586  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
587  while (sm != NULL) {
588  if (sm->type == DETECT_CONTENT) {
589  if ( ((DetectContentData *)sm->ctx)->flags &
591  result = 1;
592  break;
593  } else {
594  result = 0;
595  break;
596  }
597  }
598  sm = sm->next;
599  }
600 
601  end:
602  SigCleanSignatures(de_ctx);
603  DetectEngineCtxFree(de_ctx);
604  return result;
605 }
606 
607 /**
608  * \test Checks if a fast_pattern is registered in a Signature
609  */
610 static int DetectFastPatternTest16(void)
611 {
612  SigMatch *sm = NULL;
613  DetectEngineCtx *de_ctx = NULL;
614  int result = 0;
615 
616  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
617  goto end;
618 
619  de_ctx->flags |= DE_QUIET;
620  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
621  "(content:\"oneoneone\"; fast_pattern:3,4; "
622  "msg:\"Testing fast_pattern\"; sid:1;)");
623  if (de_ctx->sig_list == NULL)
624  goto end;
625 
626  result = 0;
627  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
628  while (sm != NULL) {
629  if (sm->type == DETECT_CONTENT) {
630  if ( ((DetectContentData *)sm->ctx)->flags &
632  result = 1;
633  break;
634  } else {
635  result = 0;
636  break;
637  }
638  }
639  sm = sm->next;
640  }
641 
642  end:
643  SigCleanSignatures(de_ctx);
644  DetectEngineCtxFree(de_ctx);
645  return result;
646 }
647 
648 static int DetectFastPatternTest17(void)
649 {
650  SigMatch *sm = NULL;
651  DetectEngineCtx *de_ctx = NULL;
652  int result = 0;
653 
654  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
655  goto end;
656 
657  de_ctx->flags |= DE_QUIET;
658  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
659  "(content:\"one\"; fast_pattern:only; sid:1;)");
660  if (de_ctx->sig_list == NULL)
661  goto end;
662 
663  result = 0;
664  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
666  if (sm->type == DETECT_CONTENT) {
670  cd->fp_chop_offset == 0 &&
671  cd->fp_chop_len == 0) {
672  result = 1;
673  } else {
674  result = 0;
675  }
676  }
677 
678  end:
679  SigCleanSignatures(de_ctx);
680  DetectEngineCtxFree(de_ctx);
681  return result;
682 }
683 
684 static int DetectFastPatternTest18(void)
685 {
686  SigMatch *sm = NULL;
687  DetectEngineCtx *de_ctx = NULL;
688  int result = 0;
689 
690  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
691  goto end;
692 
693  de_ctx->flags |= DE_QUIET;
694  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
695  "(content:\"oneoneone\"; fast_pattern:3,4; sid:1;)");
696  if (de_ctx->sig_list == NULL)
697  goto end;
698 
699  result = 0;
700  sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH];
702  if (sm->type == DETECT_CONTENT) {
706  cd->fp_chop_offset == 3 &&
707  cd->fp_chop_len == 4) {
708  result = 1;
709  } else {
710  result = 0;
711  }
712  }
713 
714  end:
715  SigCleanSignatures(de_ctx);
716  DetectEngineCtxFree(de_ctx);
717  return result;
718 }
719 
720 static int DetectFastPatternTest19(void)
721 {
722  DetectEngineCtx *de_ctx = NULL;
723  int result = 0;
724 
725  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
726  goto end;
727 
728  de_ctx->flags |= DE_QUIET;
729  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
730  "(content:\"one\"; content:\"two\"; fast_pattern:only; distance:10; sid:1;)");
731  if (de_ctx->sig_list != NULL)
732  goto end;
733 
734  result = 1;
735 
736  end:
737  SigCleanSignatures(de_ctx);
738  DetectEngineCtxFree(de_ctx);
739  return result;
740 }
741 
742 static int DetectFastPatternTest20(void)
743 {
744  DetectEngineCtx *de_ctx = NULL;
745  int result = 0;
746 
747  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
748  goto end;
749 
750  de_ctx->flags |= DE_QUIET;
751  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
752  "(content:\"one\"; content:\"two\"; distance:10; fast_pattern:only; sid:1;)");
753  if (de_ctx->sig_list != NULL)
754  goto end;
755 
756  result = 1;
757 
758  end:
759  SigCleanSignatures(de_ctx);
760  DetectEngineCtxFree(de_ctx);
761  return result;
762 }
763 
764 static int DetectFastPatternTest21(void)
765 {
766  DetectEngineCtx *de_ctx = NULL;
767  int result = 0;
768 
769  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
770  goto end;
771 
772  de_ctx->flags |= DE_QUIET;
773  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
774  "(content:\"one\"; content:\"two\"; fast_pattern:only; within:10; sid:1;)");
775  if (de_ctx->sig_list != NULL)
776  goto end;
777 
778  result = 1;
779 
780  end:
781  SigCleanSignatures(de_ctx);
782  DetectEngineCtxFree(de_ctx);
783  return result;
784 }
785 
786 static int DetectFastPatternTest22(void)
787 {
788  DetectEngineCtx *de_ctx = NULL;
789  int result = 0;
790 
791  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
792  goto end;
793 
794  de_ctx->flags |= DE_QUIET;
795  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
796  "(content:\"one\"; content:\"two\"; within:10; fast_pattern:only; sid:1;)");
797  if (de_ctx->sig_list != NULL)
798  goto end;
799 
800  result = 1;
801 
802  end:
803  SigCleanSignatures(de_ctx);
804  DetectEngineCtxFree(de_ctx);
805  return result;
806 }
807 
808 static int DetectFastPatternTest23(void)
809 {
810  DetectEngineCtx *de_ctx = NULL;
811  int result = 0;
812 
813  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
814  goto end;
815 
816  de_ctx->flags |= DE_QUIET;
817  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
818  "(content:\"one\"; content:\"two\"; fast_pattern:only; offset:10; sid:1;)");
819  if (de_ctx->sig_list != NULL)
820  goto end;
821 
822  result = 1;
823 
824  end:
825  SigCleanSignatures(de_ctx);
826  DetectEngineCtxFree(de_ctx);
827  return result;
828 }
829 
830 static int DetectFastPatternTest24(void)
831 {
832  DetectEngineCtx *de_ctx = NULL;
833  int result = 0;
834 
835  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
836  goto end;
837 
838  de_ctx->flags |= DE_QUIET;
839  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
840  "(content:\"one\"; content:\"two\"; offset:10; fast_pattern:only; sid:1;)");
841  if (de_ctx->sig_list != NULL)
842  goto end;
843 
844  result = 1;
845 
846  end:
847  SigCleanSignatures(de_ctx);
848  DetectEngineCtxFree(de_ctx);
849  return result;
850 }
851 
852 static int DetectFastPatternTest25(void)
853 {
854  DetectEngineCtx *de_ctx = NULL;
855  int result = 0;
856 
857  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
858  goto end;
859 
860  de_ctx->flags |= DE_QUIET;
861  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
862  "(content:\"one\"; content:\"two\"; fast_pattern:only; depth:10; sid:1;)");
863  if (de_ctx->sig_list != NULL)
864  goto end;
865 
866  result = 1;
867 
868  end:
869  SigCleanSignatures(de_ctx);
870  DetectEngineCtxFree(de_ctx);
871  return result;
872 }
873 
874 static int DetectFastPatternTest26(void)
875 {
876  DetectEngineCtx *de_ctx = NULL;
877  int result = 0;
878 
879  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
880  goto end;
881 
882  de_ctx->flags |= DE_QUIET;
883  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
884  "(content:\"one\"; content:\"two\"; depth:10; fast_pattern:only; sid:1;)");
885  if (de_ctx->sig_list != NULL)
886  goto end;
887 
888  result = 1;
889 
890  end:
891  SigCleanSignatures(de_ctx);
892  DetectEngineCtxFree(de_ctx);
893  return result;
894 }
895 
896 static int DetectFastPatternTest27(void)
897 {
898  DetectEngineCtx *de_ctx = NULL;
899  int result = 0;
900 
901  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
902  goto end;
903 
904  de_ctx->flags |= DE_QUIET;
905  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
906  "(content:\"one\"; content:!\"two\"; fast_pattern:only; sid:1;)");
907  if (de_ctx->sig_list != NULL)
908  goto end;
909 
910  result = 1;
911 
912  end:
913  SigCleanSignatures(de_ctx);
914  DetectEngineCtxFree(de_ctx);
915  return result;
916 }
917 
918 static int DetectFastPatternTest28(void)
919 {
920  DetectEngineCtx *de_ctx = NULL;
921  int result = 0;
922 
923  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
924  goto end;
925 
926  de_ctx->flags |= DE_QUIET;
927  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
928  "(content: \"one\"; content:\"two\"; distance:30; content:\"two\"; fast_pattern:only; sid:1;)");
929  if (de_ctx->sig_list == NULL)
930  goto end;
931 
932  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
936  cd->fp_chop_offset == 0 &&
937  cd->fp_chop_len == 0) {
938  result = 1;
939  } else {
940  result = 0;
941  }
942 
943  end:
944  SigCleanSignatures(de_ctx);
945  DetectEngineCtxFree(de_ctx);
946  return result;
947 }
948 
949 static int DetectFastPatternTest29(void)
950 {
951  DetectEngineCtx *de_ctx = NULL;
952  int result = 0;
953 
954  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
955  goto end;
956 
957  de_ctx->flags |= DE_QUIET;
958  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
959  "(content:\"one\"; content:\"two\"; within:30; content:\"two\"; fast_pattern:only; sid:1;)");
960  if (de_ctx->sig_list == NULL)
961  goto end;
962  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
966  cd->fp_chop_offset == 0 &&
967  cd->fp_chop_len == 0) {
968  result = 1;
969  } else {
970  result = 0;
971  }
972 
973  end:
974  SigCleanSignatures(de_ctx);
975  DetectEngineCtxFree(de_ctx);
976  return result;
977 }
978 
979 static int DetectFastPatternTest30(void)
980 {
981  DetectEngineCtx *de_ctx = NULL;
982  int result = 0;
983 
984  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
985  goto end;
986 
987  de_ctx->flags |= DE_QUIET;
988  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
989  "(content:\"one\"; content:\"two\"; offset:30; content:\"two\"; fast_pattern:only; sid:1;)");
990  if (de_ctx->sig_list == NULL)
991  goto end;
992  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
996  cd->fp_chop_offset == 0 &&
997  cd->fp_chop_len == 0) {
998  result = 1;
999  } else {
1000  result = 0;
1001  }
1002 
1003  end:
1004  SigCleanSignatures(de_ctx);
1005  DetectEngineCtxFree(de_ctx);
1006  return result;
1007 }
1008 
1009 static int DetectFastPatternTest31(void)
1010 {
1011  DetectEngineCtx *de_ctx = NULL;
1012  int result = 0;
1013 
1014  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1015  goto end;
1016 
1017  de_ctx->flags |= DE_QUIET;
1018  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1019  "(content:\"one\"; content:\"two\"; depth:30; content:\"two\"; fast_pattern:only; sid:1;)");
1020  if (de_ctx->sig_list == NULL)
1021  goto end;
1022  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
1023  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1026  cd->fp_chop_offset == 0 &&
1027  cd->fp_chop_len == 0) {
1028  result = 1;
1029  } else {
1030  result = 0;
1031  }
1032 
1033  end:
1034  SigCleanSignatures(de_ctx);
1035  DetectEngineCtxFree(de_ctx);
1036  return result;
1037 }
1038 
1039 static int DetectFastPatternTest32(void)
1040 {
1041  DetectEngineCtx *de_ctx = NULL;
1042  int result = 0;
1043 
1044  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1045  goto end;
1046 
1047  de_ctx->flags |= DE_QUIET;
1048  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1049  "(content:!\"one\"; fast_pattern; content:\"two\"; sid:1;)");
1050  if (de_ctx->sig_list == NULL)
1051  goto end;
1052  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1053  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1054  cd->flags & DETECT_CONTENT_NEGATED &&
1057  cd->fp_chop_offset == 0 &&
1058  cd->fp_chop_len == 0) {
1059  result = 1;
1060  } else {
1061  result = 0;
1062  }
1063 
1064  end:
1065  SigCleanSignatures(de_ctx);
1066  DetectEngineCtxFree(de_ctx);
1067  return result;
1068 }
1069 
1070 static int DetectFastPatternTest33(void)
1071 {
1072  DetectEngineCtx *de_ctx = NULL;
1073  int result = 0;
1074 
1075  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1076  goto end;
1077 
1078  de_ctx->flags |= DE_QUIET;
1079  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1080  "(content:\"two\"; content:!\"one\"; fast_pattern; distance:20; sid:1;)");
1081  if (de_ctx->sig_list != NULL)
1082  goto end;
1083 
1084  result = 1;
1085 
1086  end:
1087  SigCleanSignatures(de_ctx);
1088  DetectEngineCtxFree(de_ctx);
1089  return result;
1090 }
1091 
1092 static int DetectFastPatternTest34(void)
1093 {
1094  DetectEngineCtx *de_ctx = NULL;
1095  int result = 0;
1096 
1097  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1098  goto end;
1099 
1100  de_ctx->flags |= DE_QUIET;
1101  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1102  "(content:\"two\"; content:!\"one\"; fast_pattern; within:20; sid:1;)");
1103  if (de_ctx->sig_list != NULL)
1104  goto end;
1105 
1106  result = 1;
1107 
1108  end:
1109  SigCleanSignatures(de_ctx);
1110  DetectEngineCtxFree(de_ctx);
1111  return result;
1112 }
1113 
1114 static int DetectFastPatternTest35(void)
1115 {
1116  DetectEngineCtx *de_ctx = NULL;
1117  int result = 0;
1118 
1119  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1120  goto end;
1121 
1122  de_ctx->flags |= DE_QUIET;
1123  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1124  "(content:\"two\"; content:!\"one\"; fast_pattern; offset:20; sid:1;)");
1125  if (de_ctx->sig_list != NULL)
1126  goto end;
1127 
1128  result = 1;
1129 
1130  end:
1131  SigCleanSignatures(de_ctx);
1132  DetectEngineCtxFree(de_ctx);
1133  return result;
1134 }
1135 
1136 static int DetectFastPatternTest36(void)
1137 {
1138  DetectEngineCtx *de_ctx = NULL;
1139  int result = 0;
1140 
1141  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1142  goto end;
1143 
1144  de_ctx->flags |= DE_QUIET;
1145  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1146  "(content:\"two\"; content:!\"one\"; fast_pattern; depth:20; sid:1;)");
1147  if (de_ctx->sig_list != NULL)
1148  goto end;
1149 
1150  result = 1;
1151 
1152  end:
1153  SigCleanSignatures(de_ctx);
1154  DetectEngineCtxFree(de_ctx);
1155  return result;
1156 }
1157 
1158 static int DetectFastPatternTest37(void)
1159 {
1160  DetectEngineCtx *de_ctx = NULL;
1161  int result = 0;
1162 
1163  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1164  goto end;
1165 
1166  de_ctx->flags |= DE_QUIET;
1167  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1168  "(content:\"oneoneone\"; content:\"oneonetwo\"; fast_pattern:3,4; content:\"three\"; sid:1;)");
1169  if (de_ctx->sig_list == NULL)
1170  goto end;
1171  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1172  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1175  cd->fp_chop_offset == 3 &&
1176  cd->fp_chop_len == 4) {
1177  result = 1;
1178  } else {
1179  result = 0;
1180  }
1181 
1182  end:
1183  SigCleanSignatures(de_ctx);
1184  DetectEngineCtxFree(de_ctx);
1185  return result;
1186 }
1187 
1188 static int DetectFastPatternTest38(void)
1189 {
1190  DetectEngineCtx *de_ctx = NULL;
1191  int result = 0;
1192 
1193  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1194  goto end;
1195 
1196  de_ctx->flags |= DE_QUIET;
1197  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1198  "(content:\"one\"; content:\"twotwotwo\"; fast_pattern:3,4; content:\"three\"; distance:30; sid:1;)");
1199  if (de_ctx->sig_list == NULL)
1200  goto end;
1201  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1202  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1205  cd->fp_chop_offset == 3 &&
1206  cd->fp_chop_len == 4) {
1207  result = 1;
1208  } else {
1209  result = 0;
1210  }
1211 
1212  end:
1213  SigCleanSignatures(de_ctx);
1214  DetectEngineCtxFree(de_ctx);
1215  return result;
1216 }
1217 
1218 static int DetectFastPatternTest39(void)
1219 {
1220  DetectEngineCtx *de_ctx = NULL;
1221  int result = 0;
1222 
1223  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1224  goto end;
1225 
1226  de_ctx->flags |= DE_QUIET;
1227  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1228  "(content:\"one\"; content:\"twotwotwo\"; fast_pattern:3,4; content:\"three\"; within:30; sid:1;)");
1229  if (de_ctx->sig_list == NULL)
1230  goto end;
1231  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1232  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1235  cd->fp_chop_offset == 3 &&
1236  cd->fp_chop_len == 4) {
1237  result = 1;
1238  } else {
1239  result = 0;
1240  }
1241 
1242  end:
1243  SigCleanSignatures(de_ctx);
1244  DetectEngineCtxFree(de_ctx);
1245  return result;
1246 }
1247 
1248 static int DetectFastPatternTest40(void)
1249 {
1250  DetectEngineCtx *de_ctx = NULL;
1251  int result = 0;
1252 
1253  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1254  goto end;
1255 
1256  de_ctx->flags |= DE_QUIET;
1257  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1258  "(content:\"one\"; content:\"twotwotwo\"; fast_pattern:3,4; content:\"three\"; offset:30; sid:1;)");
1259  if (de_ctx->sig_list == NULL)
1260  goto end;
1261  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1262  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1265  cd->fp_chop_offset == 3 &&
1266  cd->fp_chop_len == 4) {
1267  result = 1;
1268  } else {
1269  result = 0;
1270  }
1271 
1272  end:
1273  SigCleanSignatures(de_ctx);
1274  DetectEngineCtxFree(de_ctx);
1275  return result;
1276 }
1277 
1278 static int DetectFastPatternTest41(void)
1279 {
1280  DetectEngineCtx *de_ctx = NULL;
1281  int result = 0;
1282 
1283  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1284  goto end;
1285 
1286  de_ctx->flags |= DE_QUIET;
1287  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1288  "(content:\"one\"; content:\"twotwotwo\"; fast_pattern:3,4; content:\"three\"; depth:30; sid:1;)");
1289  if (de_ctx->sig_list == NULL)
1290  goto end;
1291  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1292  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1295  cd->fp_chop_offset == 3 &&
1296  cd->fp_chop_len == 4) {
1297  result = 1;
1298  } else {
1299  result = 0;
1300  }
1301 
1302  end:
1303  SigCleanSignatures(de_ctx);
1304  DetectEngineCtxFree(de_ctx);
1305  return result;
1306 }
1307 
1308 static int DetectFastPatternTest42(void)
1309 {
1310  DetectEngineCtx *de_ctx = NULL;
1311  int result = 0;
1312 
1313  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1314  goto end;
1315 
1316  de_ctx->flags |= DE_QUIET;
1317  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1318  "(content:\"one\"; content:\"two\"; distance:10; content:\"threethree\"; fast_pattern:3,4; sid:1;)");
1319  if (de_ctx->sig_list == NULL)
1320  goto end;
1321  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
1322  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1325  cd->fp_chop_offset == 3 &&
1326  cd->fp_chop_len == 4) {
1327  result = 1;
1328  } else {
1329  result = 0;
1330  }
1331 
1332  end:
1333  SigCleanSignatures(de_ctx);
1334  DetectEngineCtxFree(de_ctx);
1335  return result;
1336 }
1337 
1338 static int DetectFastPatternTest43(void)
1339 {
1340  DetectEngineCtx *de_ctx = NULL;
1341  int result = 0;
1342 
1343  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1344  goto end;
1345 
1346  de_ctx->flags |= DE_QUIET;
1347  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1348  "(content:\"one\"; content:\"two\"; within:10; content:\"threethree\"; fast_pattern:3,4; sid:1;)");
1349  if (de_ctx->sig_list == NULL)
1350  goto end;
1351  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
1352  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1355  cd->fp_chop_offset == 3 &&
1356  cd->fp_chop_len == 4) {
1357  result = 1;
1358  } else {
1359  result = 0;
1360  }
1361 
1362  end:
1363  SigCleanSignatures(de_ctx);
1364  DetectEngineCtxFree(de_ctx);
1365  return result;
1366 }
1367 
1368 static int DetectFastPatternTest44(void)
1369 {
1370  DetectEngineCtx *de_ctx = NULL;
1371  int result = 0;
1372 
1373  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1374  goto end;
1375 
1376  de_ctx->flags |= DE_QUIET;
1377  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1378  "(content:\"one\"; content:\"two\"; offset:10; content:\"threethree\"; fast_pattern:3,4; sid:1;)");
1379  if (de_ctx->sig_list == NULL)
1380  goto end;
1381  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
1382  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1385  cd->fp_chop_offset == 3 &&
1386  cd->fp_chop_len == 4) {
1387  result = 1;
1388  } else {
1389  result = 0;
1390  }
1391 
1392  end:
1393  SigCleanSignatures(de_ctx);
1394  DetectEngineCtxFree(de_ctx);
1395  return result;
1396 }
1397 
1398 static int DetectFastPatternTest45(void)
1399 {
1400  DetectEngineCtx *de_ctx = NULL;
1401  int result = 0;
1402 
1403  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1404  goto end;
1405 
1406  de_ctx->flags |= DE_QUIET;
1407  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1408  "(content:\"one\"; content:\"two\"; depth:10; content:\"threethree\"; fast_pattern:3,4; sid:1;)");
1409  if (de_ctx->sig_list == NULL)
1410  goto end;
1411  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
1412  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1415  cd->fp_chop_offset == 3 &&
1416  cd->fp_chop_len == 4) {
1417  result = 1;
1418  } else {
1419  result = 0;
1420  }
1421 
1422  end:
1423  SigCleanSignatures(de_ctx);
1424  DetectEngineCtxFree(de_ctx);
1425  return result;
1426 }
1427 
1428 static int DetectFastPatternTest46(void)
1429 {
1430  DetectEngineCtx *de_ctx = NULL;
1431  int result = 0;
1432 
1433  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1434  goto end;
1435 
1436  de_ctx->flags |= DE_QUIET;
1437  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1438  "(content:\"one\"; content:\"two\"; fast_pattern:65977,4; content:\"three\"; distance:10; sid:1;)");
1439  if (de_ctx->sig_list != NULL)
1440  goto end;
1441 
1442  result = 1;
1443 
1444  end:
1445  SigCleanSignatures(de_ctx);
1446  DetectEngineCtxFree(de_ctx);
1447  return result;
1448 }
1449 
1450 static int DetectFastPatternTest47(void)
1451 {
1452  DetectEngineCtx *de_ctx = NULL;
1453  int result = 0;
1454 
1455  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1456  goto end;
1457 
1458  de_ctx->flags |= DE_QUIET;
1459  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1460  "(content:\"one\"; content:\"twooneone\"; fast_pattern:3,65977; content:\"three\"; distance:10; sid:1;)");
1461  if (de_ctx->sig_list != NULL)
1462  goto end;
1463 
1464  result = 1;
1465 
1466  end:
1467  SigCleanSignatures(de_ctx);
1468  DetectEngineCtxFree(de_ctx);
1469  return result;
1470 }
1471 
1472 static int DetectFastPatternTest48(void)
1473 {
1474  DetectEngineCtx *de_ctx = NULL;
1475  int result = 0;
1476 
1477  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1478  goto end;
1479 
1480  de_ctx->flags |= DE_QUIET;
1481  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1482  "(content:\"one\"; content:\"two\"; fast_pattern:65534,4; content:\"three\"; distance:10; sid:1;)");
1483  if (de_ctx->sig_list != NULL)
1484  goto end;
1485 
1486  result = 1;
1487 
1488  end:
1489  SigCleanSignatures(de_ctx);
1490  DetectEngineCtxFree(de_ctx);
1491  return result;
1492 }
1493 
1494 static int DetectFastPatternTest49(void)
1495 {
1496  DetectEngineCtx *de_ctx = NULL;
1497  int result = 0;
1498 
1499  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1500  goto end;
1501 
1502  de_ctx->flags |= DE_QUIET;
1503  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1504  "(content:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; content:\"three\"; sid:1;)");
1505  if (de_ctx->sig_list == NULL)
1506  goto end;
1507  DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
1508  if (cd->flags & DETECT_CONTENT_FAST_PATTERN &&
1509  cd->flags & DETECT_CONTENT_NEGATED &&
1512  cd->fp_chop_offset == 3 &&
1513  cd->fp_chop_len == 4) {
1514  result = 1;
1515  } else {
1516  result = 0;
1517  }
1518 
1519  end:
1520  SigCleanSignatures(de_ctx);
1521  DetectEngineCtxFree(de_ctx);
1522  return result;
1523 }
1524 
1525 static int DetectFastPatternTest50(void)
1526 {
1527  DetectEngineCtx *de_ctx = NULL;
1528  int result = 0;
1529 
1530  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1531  goto end;
1532 
1533  de_ctx->flags |= DE_QUIET;
1534  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1535  "(content:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; distance:10; content:\"three\"; sid:1;)");
1536  if (de_ctx->sig_list != NULL)
1537  goto end;
1538 
1539  result = 1;
1540 
1541  end:
1542  SigCleanSignatures(de_ctx);
1543  DetectEngineCtxFree(de_ctx);
1544  return result;
1545 }
1546 
1547 static int DetectFastPatternTest51(void)
1548 {
1549  DetectEngineCtx *de_ctx = NULL;
1550  int result = 0;
1551 
1552  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1553  goto end;
1554 
1555  de_ctx->flags |= DE_QUIET;
1556  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1557  "(content:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; within:10; content:\"three\"; sid:1;)");
1558  if (de_ctx->sig_list != NULL)
1559  goto end;
1560 
1561  result = 1;
1562 
1563  end:
1564  SigCleanSignatures(de_ctx);
1565  DetectEngineCtxFree(de_ctx);
1566  return result;
1567 }
1568 
1569 static int DetectFastPatternTest52(void)
1570 {
1571  DetectEngineCtx *de_ctx = NULL;
1572  int result = 0;
1573 
1574  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1575  goto end;
1576 
1577  de_ctx->flags |= DE_QUIET;
1578  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1579  "(content:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; offset:10; content:\"three\"; sid:1;)");
1580  if (de_ctx->sig_list != NULL)
1581  goto end;
1582 
1583  result = 1;
1584 
1585  end:
1586  SigCleanSignatures(de_ctx);
1587  DetectEngineCtxFree(de_ctx);
1588  return result;
1589 }
1590 
1591 static int DetectFastPatternTest53(void)
1592 {
1593  DetectEngineCtx *de_ctx = NULL;
1594  int result = 0;
1595 
1596  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1597  goto end;
1598 
1599  de_ctx->flags |= DE_QUIET;
1600  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1601  "(content:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; depth:10; content:\"three\"; sid:1;)");
1602  if (de_ctx->sig_list != NULL)
1603  goto end;
1604 
1605  result = 1;
1606 
1607  end:
1608  SigCleanSignatures(de_ctx);
1609  DetectEngineCtxFree(de_ctx);
1610  return result;
1611 }
1612 
1613 
1614 /* content fast_pattern tests ^ */
1615 /* uricontent fast_pattern tests v */
1616 
1617 
1618 /**
1619  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
1620  */
1621 static int DetectFastPatternTest54(void)
1622 {
1623  SigMatch *sm = NULL;
1624  DetectEngineCtx *de_ctx = NULL;
1625  int result = 0;
1626 
1627  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1628  goto end;
1629 
1630  de_ctx->flags |= DE_QUIET;
1631  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1632  "(uricontent:\"/one/\"; fast_pattern:only; "
1633  "msg:\"Testing fast_pattern\"; sid:1;)");
1634  if (de_ctx->sig_list == NULL)
1635  goto end;
1636 
1637  result = 0;
1638  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
1639  while (sm != NULL) {
1640  if (sm->type == DETECT_CONTENT) {
1641  if ( ((DetectContentData *)sm->ctx)->flags &
1643  result = 1;
1644  break;
1645  } else {
1646  result = 0;
1647  break;
1648  }
1649  }
1650  sm = sm->next;
1651  }
1652 
1653  end:
1654  SigCleanSignatures(de_ctx);
1655  DetectEngineCtxFree(de_ctx);
1656  return result;
1657 }
1658 
1659 /**
1660  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
1661  */
1662 static int DetectFastPatternTest55(void)
1663 {
1664  SigMatch *sm = NULL;
1665  DetectEngineCtx *de_ctx = NULL;
1666  int result = 0;
1667 
1668  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1669  goto end;
1670 
1671  de_ctx->flags |= DE_QUIET;
1672  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1673  "(uricontent:\"oneoneone\"; fast_pattern:3,4; "
1674  "msg:\"Testing fast_pattern\"; sid:1;)");
1675  if (de_ctx->sig_list == NULL)
1676  goto end;
1677 
1678  result = 0;
1679  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
1680  while (sm != NULL) {
1681  if (sm->type == DETECT_CONTENT) {
1682  if ( ((DetectContentData *)sm->ctx)->flags &
1684  result = 1;
1685  break;
1686  } else {
1687  result = 0;
1688  break;
1689  }
1690  }
1691  sm = sm->next;
1692  }
1693 
1694  end:
1695  SigCleanSignatures(de_ctx);
1696  DetectEngineCtxFree(de_ctx);
1697  return result;
1698 }
1699 
1700 static int DetectFastPatternTest56(void)
1701 {
1702  SigMatch *sm = NULL;
1703  DetectEngineCtx *de_ctx = NULL;
1704  int result = 0;
1705 
1706  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1707  goto end;
1708 
1709  de_ctx->flags |= DE_QUIET;
1710  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1711  "(uricontent:\"one\"; fast_pattern:only; sid:1;)");
1712  if (de_ctx->sig_list == NULL)
1713  goto end;
1714 
1715  result = 0;
1716  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
1718  if (sm->type == DETECT_CONTENT) {
1719  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
1722  ud->fp_chop_offset == 0 &&
1723  ud->fp_chop_len == 0) {
1724  result = 1;
1725  } else {
1726  result = 0;
1727  }
1728  }
1729 
1730  end:
1731  SigCleanSignatures(de_ctx);
1732  DetectEngineCtxFree(de_ctx);
1733  return result;
1734 }
1735 
1736 static int DetectFastPatternTest57(void)
1737 {
1738  SigMatch *sm = NULL;
1739  DetectEngineCtx *de_ctx = NULL;
1740  int result = 0;
1741 
1742  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1743  goto end;
1744 
1745  de_ctx->flags |= DE_QUIET;
1746  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1747  "(uricontent:\"oneoneone\"; fast_pattern:3,4; sid:1;)");
1748  if (de_ctx->sig_list == NULL)
1749  goto end;
1750 
1751  result = 0;
1752  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
1754  if (sm->type == DETECT_CONTENT) {
1755  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
1758  ud->fp_chop_offset == 3 &&
1759  ud->fp_chop_len == 4) {
1760  result = 1;
1761  } else {
1762  result = 0;
1763  }
1764  }
1765 
1766  end:
1767  SigCleanSignatures(de_ctx);
1768  DetectEngineCtxFree(de_ctx);
1769  return result;
1770 }
1771 
1772 static int DetectFastPatternTest58(void)
1773 {
1774  DetectEngineCtx *de_ctx = NULL;
1775  int result = 0;
1776 
1777  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1778  goto end;
1779 
1780  de_ctx->flags |= DE_QUIET;
1781  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1782  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:only; distance:10; sid:1;)");
1783  if (de_ctx->sig_list != NULL)
1784  goto end;
1785 
1786  result = 1;
1787 
1788  end:
1789  SigCleanSignatures(de_ctx);
1790  DetectEngineCtxFree(de_ctx);
1791  return result;
1792 }
1793 
1794 static int DetectFastPatternTest59(void)
1795 {
1796  DetectEngineCtx *de_ctx = NULL;
1797  int result = 0;
1798 
1799  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1800  goto end;
1801 
1802  de_ctx->flags |= DE_QUIET;
1803  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1804  "(uricontent:\"one\"; uricontent:\"two\"; distance:10; fast_pattern:only; sid:1;)");
1805  if (de_ctx->sig_list != NULL)
1806  goto end;
1807 
1808  result = 1;
1809 
1810  end:
1811  SigCleanSignatures(de_ctx);
1812  DetectEngineCtxFree(de_ctx);
1813  return result;
1814 }
1815 
1816 static int DetectFastPatternTest60(void)
1817 {
1818  DetectEngineCtx *de_ctx = NULL;
1819  int result = 0;
1820 
1821  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1822  goto end;
1823 
1824  de_ctx->flags |= DE_QUIET;
1825  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1826  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:only; within:10; sid:1;)");
1827  if (de_ctx->sig_list != NULL)
1828  goto end;
1829 
1830  result = 1;
1831 
1832  end:
1833  SigCleanSignatures(de_ctx);
1834  DetectEngineCtxFree(de_ctx);
1835  return result;
1836 }
1837 
1838 static int DetectFastPatternTest61(void)
1839 {
1840  DetectEngineCtx *de_ctx = NULL;
1841  int result = 0;
1842 
1843  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1844  goto end;
1845 
1846  de_ctx->flags |= DE_QUIET;
1847  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1848  "(uricontent:\"one\"; uricontent:\"two\"; within:10; fast_pattern:only; sid:1;)");
1849  if (de_ctx->sig_list != NULL)
1850  goto end;
1851 
1852  result = 1;
1853 
1854  end:
1855  SigCleanSignatures(de_ctx);
1856  DetectEngineCtxFree(de_ctx);
1857  return result;
1858 }
1859 
1860 static int DetectFastPatternTest62(void)
1861 {
1862  DetectEngineCtx *de_ctx = NULL;
1863  int result = 0;
1864 
1865  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1866  goto end;
1867 
1868  de_ctx->flags |= DE_QUIET;
1869  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1870  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:only; offset:10; sid:1;)");
1871  if (de_ctx->sig_list != NULL)
1872  goto end;
1873 
1874  result = 1;
1875 
1876  end:
1877  SigCleanSignatures(de_ctx);
1878  DetectEngineCtxFree(de_ctx);
1879  return result;
1880 }
1881 
1882 static int DetectFastPatternTest63(void)
1883 {
1884  DetectEngineCtx *de_ctx = NULL;
1885  int result = 0;
1886 
1887  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1888  goto end;
1889 
1890  de_ctx->flags |= DE_QUIET;
1891  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1892  "(uricontent:\"one\"; uricontent:\"two\"; offset:10; fast_pattern:only; sid:1;)");
1893  if (de_ctx->sig_list != NULL)
1894  goto end;
1895 
1896  result = 1;
1897 
1898  end:
1899  SigCleanSignatures(de_ctx);
1900  DetectEngineCtxFree(de_ctx);
1901  return result;
1902 }
1903 
1904 static int DetectFastPatternTest64(void)
1905 {
1906  DetectEngineCtx *de_ctx = NULL;
1907  int result = 0;
1908 
1909  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1910  goto end;
1911 
1912  de_ctx->flags |= DE_QUIET;
1913  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1914  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:only; depth:10; sid:1;)");
1915  if (de_ctx->sig_list != NULL)
1916  goto end;
1917 
1918  result = 1;
1919 
1920  end:
1921  SigCleanSignatures(de_ctx);
1922  DetectEngineCtxFree(de_ctx);
1923  return result;
1924 }
1925 
1926 static int DetectFastPatternTest65(void)
1927 {
1928  DetectEngineCtx *de_ctx = NULL;
1929  int result = 0;
1930 
1931  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1932  goto end;
1933 
1934  de_ctx->flags |= DE_QUIET;
1935  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1936  "(uricontent:\"one\"; uricontent:\"two\"; depth:10; fast_pattern:only; sid:1;)");
1937  if (de_ctx->sig_list != NULL)
1938  goto end;
1939 
1940  result = 1;
1941 
1942  end:
1943  SigCleanSignatures(de_ctx);
1944  DetectEngineCtxFree(de_ctx);
1945  return result;
1946 }
1947 
1948 static int DetectFastPatternTest66(void)
1949 {
1950  DetectEngineCtx *de_ctx = NULL;
1951  int result = 0;
1952 
1953  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1954  goto end;
1955 
1956  de_ctx->flags |= DE_QUIET;
1957  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1958  "(uricontent:\"one\"; uricontent:!\"two\"; fast_pattern:only; sid:1;)");
1959  if (de_ctx->sig_list != NULL)
1960  goto end;
1961 
1962  result = 1;
1963 
1964  end:
1965  SigCleanSignatures(de_ctx);
1966  DetectEngineCtxFree(de_ctx);
1967  return result;
1968 }
1969 
1970 static int DetectFastPatternTest67(void)
1971 {
1972  DetectEngineCtx *de_ctx = NULL;
1973  int result = 0;
1974 
1975  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
1976  goto end;
1977 
1978  de_ctx->flags |= DE_QUIET;
1979  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
1980  "(uricontent: \"one\"; uricontent:\"two\"; distance:30; uricontent:\"two\"; fast_pattern:only; sid:1;)");
1981  if (de_ctx->sig_list == NULL)
1982  goto end;
1983 
1984  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
1985  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
1988  ud->fp_chop_offset == 0 &&
1989  ud->fp_chop_len == 0) {
1990  result = 1;
1991  } else {
1992  result = 0;
1993  }
1994 
1995  end:
1996  SigCleanSignatures(de_ctx);
1997  DetectEngineCtxFree(de_ctx);
1998  return result;
1999 }
2000 
2001 static int DetectFastPatternTest68(void)
2002 {
2003  DetectEngineCtx *de_ctx = NULL;
2004  int result = 0;
2005 
2006  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2007  goto end;
2008 
2009  de_ctx->flags |= DE_QUIET;
2010  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2011  "(uricontent:\"one\"; uricontent:\"two\"; within:30; uricontent:\"two\"; fast_pattern:only; sid:1;)");
2012  if (de_ctx->sig_list == NULL)
2013  goto end;
2014  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2015  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2018  ud->fp_chop_offset == 0 &&
2019  ud->fp_chop_len == 0) {
2020  result = 1;
2021  } else {
2022  result = 0;
2023  }
2024 
2025  end:
2026  SigCleanSignatures(de_ctx);
2027  DetectEngineCtxFree(de_ctx);
2028  return result;
2029 }
2030 
2031 static int DetectFastPatternTest69(void)
2032 {
2033  DetectEngineCtx *de_ctx = NULL;
2034  int result = 0;
2035 
2036  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2037  goto end;
2038 
2039  de_ctx->flags |= DE_QUIET;
2040  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2041  "(uricontent:\"one\"; uricontent:\"two\"; offset:30; uricontent:\"two\"; fast_pattern:only; sid:1;)");
2042  if (de_ctx->sig_list == NULL)
2043  goto end;
2044  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2045  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2048  ud->fp_chop_offset == 0 &&
2049  ud->fp_chop_len == 0) {
2050  result = 1;
2051  } else {
2052  result = 0;
2053  }
2054 
2055  end:
2056  SigCleanSignatures(de_ctx);
2057  DetectEngineCtxFree(de_ctx);
2058  return result;
2059 }
2060 
2061 static int DetectFastPatternTest70(void)
2062 {
2063  DetectEngineCtx *de_ctx = NULL;
2064  int result = 0;
2065 
2066  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2067  goto end;
2068 
2069  de_ctx->flags |= DE_QUIET;
2070  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2071  "(uricontent:\"one\"; uricontent:\"two\"; depth:30; uricontent:\"two\"; fast_pattern:only; sid:1;)");
2072  if (de_ctx->sig_list == NULL)
2073  goto end;
2074  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2075  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2078  ud->fp_chop_offset == 0 &&
2079  ud->fp_chop_len == 0) {
2080  result = 1;
2081  } else {
2082  result = 0;
2083  }
2084 
2085  end:
2086  SigCleanSignatures(de_ctx);
2087  DetectEngineCtxFree(de_ctx);
2088  return result;
2089 }
2090 
2091 static int DetectFastPatternTest71(void)
2092 {
2093  DetectEngineCtx *de_ctx = NULL;
2094  int result = 0;
2095 
2096  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2097  goto end;
2098 
2099  de_ctx->flags |= DE_QUIET;
2100  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2101  "(uricontent:!\"one\"; fast_pattern; uricontent:\"two\"; sid:1;)");
2102  if (de_ctx->sig_list == NULL)
2103  goto end;
2104  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2105  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2106  ud->flags & DETECT_CONTENT_NEGATED &&
2109  ud->fp_chop_offset == 0 &&
2110  ud->fp_chop_len == 0) {
2111  result = 1;
2112  } else {
2113  result = 0;
2114  }
2115 
2116  end:
2117  SigCleanSignatures(de_ctx);
2118  DetectEngineCtxFree(de_ctx);
2119  return result;
2120 }
2121 
2122 static int DetectFastPatternTest72(void)
2123 {
2124  DetectEngineCtx *de_ctx = NULL;
2125  int result = 0;
2126 
2127  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2128  goto end;
2129 
2130  de_ctx->flags |= DE_QUIET;
2131  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2132  "(uricontent:\"two\"; uricontent:!\"one\"; fast_pattern; distance:20; sid:1;)");
2133  if (de_ctx->sig_list != NULL)
2134  goto end;
2135 
2136  result = 1;
2137 
2138  end:
2139  SigCleanSignatures(de_ctx);
2140  DetectEngineCtxFree(de_ctx);
2141  return result;
2142 }
2143 
2144 static int DetectFastPatternTest73(void)
2145 {
2146  DetectEngineCtx *de_ctx = NULL;
2147  int result = 0;
2148 
2149  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2150  goto end;
2151 
2152  de_ctx->flags |= DE_QUIET;
2153  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2154  "(uricontent:\"two\"; uricontent:!\"one\"; fast_pattern; within:20; sid:1;)");
2155  if (de_ctx->sig_list != NULL)
2156  goto end;
2157 
2158  result = 1;
2159 
2160  end:
2161  SigCleanSignatures(de_ctx);
2162  DetectEngineCtxFree(de_ctx);
2163  return result;
2164 }
2165 
2166 static int DetectFastPatternTest74(void)
2167 {
2168  DetectEngineCtx *de_ctx = NULL;
2169  int result = 0;
2170 
2171  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2172  goto end;
2173 
2174  de_ctx->flags |= DE_QUIET;
2175  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2176  "(uricontent:\"two\"; uricontent:!\"one\"; fast_pattern; offset:20; sid:1;)");
2177  if (de_ctx->sig_list != NULL)
2178  goto end;
2179 
2180  result = 1;
2181 
2182  end:
2183  SigCleanSignatures(de_ctx);
2184  DetectEngineCtxFree(de_ctx);
2185  return result;
2186 }
2187 
2188 static int DetectFastPatternTest75(void)
2189 {
2190  DetectEngineCtx *de_ctx = NULL;
2191  int result = 0;
2192 
2193  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2194  goto end;
2195 
2196  de_ctx->flags |= DE_QUIET;
2197  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2198  "(uricontent:\"two\"; uricontent:!\"one\"; fast_pattern; depth:20; sid:1;)");
2199  if (de_ctx->sig_list != NULL)
2200  goto end;
2201 
2202  result = 1;
2203 
2204  end:
2205  SigCleanSignatures(de_ctx);
2206  DetectEngineCtxFree(de_ctx);
2207  return result;
2208 }
2209 
2210 static int DetectFastPatternTest76(void)
2211 {
2212  DetectEngineCtx *de_ctx = NULL;
2213  int result = 0;
2214 
2215  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2216  goto end;
2217 
2218  de_ctx->flags |= DE_QUIET;
2219  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2220  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; sid:1;)");
2221  if (de_ctx->sig_list == NULL)
2222  goto end;
2223  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2224  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2227  ud->fp_chop_offset == 3 &&
2228  ud->fp_chop_len == 4) {
2229  result = 1;
2230  } else {
2231  result = 0;
2232  }
2233 
2234  end:
2235  SigCleanSignatures(de_ctx);
2236  DetectEngineCtxFree(de_ctx);
2237  return result;
2238 }
2239 
2240 static int DetectFastPatternTest77(void)
2241 {
2242  DetectEngineCtx *de_ctx = NULL;
2243  int result = 0;
2244 
2245  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2246  goto end;
2247 
2248  de_ctx->flags |= DE_QUIET;
2249  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2250  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; distance:30; sid:1;)");
2251  if (de_ctx->sig_list == NULL)
2252  goto end;
2253  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2254  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2257  ud->fp_chop_offset == 3 &&
2258  ud->fp_chop_len == 4) {
2259  result = 1;
2260  } else {
2261  result = 0;
2262  }
2263 
2264  end:
2265  SigCleanSignatures(de_ctx);
2266  DetectEngineCtxFree(de_ctx);
2267  return result;
2268 }
2269 
2270 static int DetectFastPatternTest78(void)
2271 {
2272  DetectEngineCtx *de_ctx = NULL;
2273  int result = 0;
2274 
2275  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2276  goto end;
2277 
2278  de_ctx->flags |= DE_QUIET;
2279  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2280  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; within:30; sid:1;)");
2281  if (de_ctx->sig_list == NULL)
2282  goto end;
2283  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2284  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2287  ud->fp_chop_offset == 3 &&
2288  ud->fp_chop_len == 4) {
2289  result = 1;
2290  } else {
2291  result = 0;
2292  }
2293 
2294  end:
2295  SigCleanSignatures(de_ctx);
2296  DetectEngineCtxFree(de_ctx);
2297  return result;
2298 }
2299 
2300 static int DetectFastPatternTest79(void)
2301 {
2302  DetectEngineCtx *de_ctx = NULL;
2303  int result = 0;
2304 
2305  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2306  goto end;
2307 
2308  de_ctx->flags |= DE_QUIET;
2309  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2310  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; offset:30; sid:1;)");
2311  if (de_ctx->sig_list == NULL)
2312  goto end;
2313  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2314  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2317  ud->fp_chop_offset == 3 &&
2318  ud->fp_chop_len == 4) {
2319  result = 1;
2320  } else {
2321  result = 0;
2322  }
2323 
2324  end:
2325  SigCleanSignatures(de_ctx);
2326  DetectEngineCtxFree(de_ctx);
2327  return result;
2328 }
2329 
2330 static int DetectFastPatternTest80(void)
2331 {
2332  DetectEngineCtx *de_ctx = NULL;
2333  int result = 0;
2334 
2335  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2336  goto end;
2337 
2338  de_ctx->flags |= DE_QUIET;
2339  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2340  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; depth:30; sid:1;)");
2341  if (de_ctx->sig_list == NULL)
2342  goto end;
2343  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2344  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2347  ud->fp_chop_offset == 3 &&
2348  ud->fp_chop_len == 4) {
2349  result = 1;
2350  } else {
2351  result = 0;
2352  }
2353 
2354  end:
2355  SigCleanSignatures(de_ctx);
2356  DetectEngineCtxFree(de_ctx);
2357  return result;
2358 }
2359 
2360 static int DetectFastPatternTest81(void)
2361 {
2362  DetectEngineCtx *de_ctx = NULL;
2363  int result = 0;
2364 
2365  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2366  goto end;
2367 
2368  de_ctx->flags |= DE_QUIET;
2369  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2370  "(uricontent:\"one\"; uricontent:\"two\"; distance:10; uricontent:\"oneonethree\"; fast_pattern:3,4; sid:1;)");
2371  if (de_ctx->sig_list == NULL)
2372  goto end;
2373  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2374  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2377  ud->fp_chop_offset == 3 &&
2378  ud->fp_chop_len == 4) {
2379  result = 1;
2380  } else {
2381  result = 0;
2382  }
2383 
2384  end:
2385  SigCleanSignatures(de_ctx);
2386  DetectEngineCtxFree(de_ctx);
2387  return result;
2388 }
2389 
2390 static int DetectFastPatternTest82(void)
2391 {
2392  DetectEngineCtx *de_ctx = NULL;
2393  int result = 0;
2394 
2395  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2396  goto end;
2397 
2398  de_ctx->flags |= DE_QUIET;
2399  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2400  "(uricontent:\"one\"; uricontent:\"two\"; within:10; uricontent:\"oneonethree\"; fast_pattern:3,4; sid:1;)");
2401  if (de_ctx->sig_list == NULL)
2402  goto end;
2403  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2404  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2407  ud->fp_chop_offset == 3 &&
2408  ud->fp_chop_len == 4) {
2409  result = 1;
2410  } else {
2411  result = 0;
2412  }
2413 
2414  end:
2415  SigCleanSignatures(de_ctx);
2416  DetectEngineCtxFree(de_ctx);
2417  return result;
2418 }
2419 
2420 static int DetectFastPatternTest83(void)
2421 {
2422  DetectEngineCtx *de_ctx = NULL;
2423  int result = 0;
2424 
2425  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2426  goto end;
2427 
2428  de_ctx->flags |= DE_QUIET;
2429  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2430  "(uricontent:\"one\"; uricontent:\"two\"; offset:10; uricontent:\"oneonethree\"; fast_pattern:3,4; sid:1;)");
2431  if (de_ctx->sig_list == NULL)
2432  goto end;
2433  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2434  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2437  ud->fp_chop_offset == 3 &&
2438  ud->fp_chop_len == 4) {
2439  result = 1;
2440  } else {
2441  result = 0;
2442  }
2443 
2444  end:
2445  SigCleanSignatures(de_ctx);
2446  DetectEngineCtxFree(de_ctx);
2447  return result;
2448 }
2449 
2450 static int DetectFastPatternTest84(void)
2451 {
2452  DetectEngineCtx *de_ctx = NULL;
2453  int result = 0;
2454 
2455  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2456  goto end;
2457 
2458  de_ctx->flags |= DE_QUIET;
2459  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2460  "(uricontent:\"one\"; uricontent:\"two\"; depth:10; uricontent:\"oneonethree\"; fast_pattern:3,4; sid:1;)");
2461  if (de_ctx->sig_list == NULL)
2462  goto end;
2463  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
2464  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2467  ud->fp_chop_offset == 3 &&
2468  ud->fp_chop_len == 4) {
2469  result = 1;
2470  } else {
2471  result = 0;
2472  }
2473 
2474 
2475  result = 1;
2476 
2477  end:
2478  SigCleanSignatures(de_ctx);
2479  DetectEngineCtxFree(de_ctx);
2480  return result;
2481 }
2482 
2483 static int DetectFastPatternTest85(void)
2484 {
2485  DetectEngineCtx *de_ctx = NULL;
2486  int result = 0;
2487 
2488  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2489  goto end;
2490 
2491  de_ctx->flags |= DE_QUIET;
2492  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2493  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:65977,4; uricontent:\"three\"; distance:10; sid:1;)");
2494  if (de_ctx->sig_list != NULL)
2495  goto end;
2496 
2497  result = 1;
2498 
2499  end:
2500  SigCleanSignatures(de_ctx);
2501  DetectEngineCtxFree(de_ctx);
2502  return result;
2503 }
2504 
2505 static int DetectFastPatternTest86(void)
2506 {
2507  DetectEngineCtx *de_ctx = NULL;
2508  int result = 0;
2509 
2510  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2511  goto end;
2512 
2513  de_ctx->flags |= DE_QUIET;
2514  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2515  "(uricontent:\"one\"; uricontent:\"oneonetwo\"; fast_pattern:3,65977; uricontent:\"three\"; distance:10; sid:1;)");
2516  if (de_ctx->sig_list != NULL)
2517  goto end;
2518 
2519  result = 1;
2520 
2521  end:
2522  SigCleanSignatures(de_ctx);
2523  DetectEngineCtxFree(de_ctx);
2524  return result;
2525 }
2526 
2527 static int DetectFastPatternTest87(void)
2528 {
2529  DetectEngineCtx *de_ctx = NULL;
2530  int result = 0;
2531 
2532  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2533  goto end;
2534 
2535  de_ctx->flags |= DE_QUIET;
2536  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2537  "(uricontent:\"one\"; uricontent:\"two\"; fast_pattern:65534,4; uricontent:\"three\"; distance:10; sid:1;)");
2538  if (de_ctx->sig_list != NULL)
2539  goto end;
2540 
2541  result = 1;
2542 
2543  end:
2544  SigCleanSignatures(de_ctx);
2545  DetectEngineCtxFree(de_ctx);
2546  return result;
2547 }
2548 
2549 static int DetectFastPatternTest88(void)
2550 {
2551  DetectEngineCtx *de_ctx = NULL;
2552  int result = 0;
2553 
2554  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2555  goto end;
2556 
2557  de_ctx->flags |= DE_QUIET;
2558  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2559  "(uricontent:\"one\"; uricontent:!\"oneonetwo\"; fast_pattern:3,4; uricontent:\"three\"; sid:1;)");
2560  if (de_ctx->sig_list == NULL)
2561  goto end;
2562  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2563  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2564  ud->flags & DETECT_CONTENT_NEGATED &&
2567  ud->fp_chop_offset == 3 &&
2568  ud->fp_chop_len == 4) {
2569  result = 1;
2570  } else {
2571  result = 0;
2572  }
2573 
2574  end:
2575  SigCleanSignatures(de_ctx);
2576  DetectEngineCtxFree(de_ctx);
2577  return result;
2578 }
2579 
2580 static int DetectFastPatternTest89(void)
2581 {
2582  DetectEngineCtx *de_ctx = NULL;
2583  int result = 0;
2584 
2585  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2586  goto end;
2587 
2588  de_ctx->flags |= DE_QUIET;
2589  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2590  "(uricontent:\"one\"; uricontent:!\"oneonetwo\"; fast_pattern:3,4; distance:10; uricontent:\"three\"; sid:1;)");
2591  if (de_ctx->sig_list != NULL)
2592  goto end;
2593 
2594  result = 1;
2595 
2596  end:
2597  SigCleanSignatures(de_ctx);
2598  DetectEngineCtxFree(de_ctx);
2599  return result;
2600 }
2601 
2602 static int DetectFastPatternTest90(void)
2603 {
2604  DetectEngineCtx *de_ctx = NULL;
2605  int result = 0;
2606 
2607  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2608  goto end;
2609 
2610  de_ctx->flags |= DE_QUIET;
2611  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2612  "(uricontent:\"one\"; uricontent:!\"oneonetwo\"; fast_pattern:3,4; within:10; uricontent:\"three\"; sid:1;)");
2613  if (de_ctx->sig_list != NULL)
2614  goto end;
2615 
2616  result = 1;
2617 
2618  end:
2619  SigCleanSignatures(de_ctx);
2620  DetectEngineCtxFree(de_ctx);
2621  return result;
2622 }
2623 
2624 static int DetectFastPatternTest91(void)
2625 {
2626  DetectEngineCtx *de_ctx = NULL;
2627  int result = 0;
2628 
2629  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2630  goto end;
2631 
2632  de_ctx->flags |= DE_QUIET;
2633  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2634  "(uricontent:\"one\"; uricontent:!\"oneonetwo\"; fast_pattern:3,4; offset:10; uricontent:\"three\"; sid:1;)");
2635  if (de_ctx->sig_list != NULL)
2636  goto end;
2637 
2638  result = 1;
2639 
2640  end:
2641  SigCleanSignatures(de_ctx);
2642  DetectEngineCtxFree(de_ctx);
2643  return result;
2644 }
2645 
2646 static int DetectFastPatternTest92(void)
2647 {
2648  DetectEngineCtx *de_ctx = NULL;
2649  int result = 0;
2650 
2651  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2652  goto end;
2653 
2654  de_ctx->flags |= DE_QUIET;
2655  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2656  "(uricontent:\"one\"; uricontent:!\"oneonetwo\"; fast_pattern:3,4; depth:10; uricontent:\"three\"; sid:1;)");
2657  if (de_ctx->sig_list != NULL)
2658  goto end;
2659 
2660  result = 1;
2661 
2662  end:
2663  SigCleanSignatures(de_ctx);
2664  DetectEngineCtxFree(de_ctx);
2665  return result;
2666 }
2667 
2668 
2669 /* uricontent fast_pattern tests ^ */
2670 /* http_uri fast_pattern tests v */
2671 
2672 
2673 static int DetectFastPatternTest93(void)
2674 {
2675  DetectEngineCtx *de_ctx = NULL;
2676  int result = 0;
2677 
2678  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2679  goto end;
2680 
2681  de_ctx->flags |= DE_QUIET;
2682  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2683  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; sid:1;)");
2684  if (de_ctx->sig_list == NULL)
2685  goto end;
2686  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
2687  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2688  ud->flags & DETECT_CONTENT_NEGATED &&
2691  ud->fp_chop_offset == 3 &&
2692  ud->fp_chop_len == 4) {
2693  result = 1;
2694  } else {
2695  result = 0;
2696  }
2697 
2698  end:
2699  SigCleanSignatures(de_ctx);
2700  DetectEngineCtxFree(de_ctx);
2701  return result;
2702 }
2703 
2704 /**
2705  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
2706  */
2707 static int DetectFastPatternTest94(void)
2708 {
2709  SigMatch *sm = NULL;
2710  DetectEngineCtx *de_ctx = NULL;
2711  int result = 0;
2712 
2713  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2714  goto end;
2715 
2716  de_ctx->flags |= DE_QUIET;
2717  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2718  "(content:\"/one/\"; fast_pattern:only; http_uri; "
2719  "msg:\"Testing fast_pattern\"; sid:1;)");
2720  if (de_ctx->sig_list == NULL)
2721  goto end;
2722 
2723  result = 0;
2724  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
2725  while (sm != NULL) {
2726  if (sm->type == DETECT_CONTENT) {
2727  if ( ((DetectContentData *)sm->ctx)->flags &
2729  result = 1;
2730  break;
2731  } else {
2732  result = 0;
2733  break;
2734  }
2735  }
2736  sm = sm->next;
2737  }
2738 
2739  end:
2740  SigCleanSignatures(de_ctx);
2741  DetectEngineCtxFree(de_ctx);
2742  return result;
2743 }
2744 
2745 /**
2746  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
2747  */
2748 static int DetectFastPatternTest95(void)
2749 {
2750  SigMatch *sm = NULL;
2751  DetectEngineCtx *de_ctx = NULL;
2752  int result = 0;
2753 
2754  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2755  goto end;
2756 
2757  de_ctx->flags |= DE_QUIET;
2758  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2759  "(content:\"oneoneone\"; fast_pattern:3,4; http_uri; "
2760  "msg:\"Testing fast_pattern\"; sid:1;)");
2761  if (de_ctx->sig_list == NULL)
2762  goto end;
2763 
2764  result = 0;
2765  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
2766  while (sm != NULL) {
2767  if (sm->type == DETECT_CONTENT) {
2768  if ( ((DetectContentData *)sm->ctx)->flags &
2770  result = 1;
2771  break;
2772  } else {
2773  result = 0;
2774  break;
2775  }
2776  }
2777  sm = sm->next;
2778  }
2779 
2780  end:
2781  SigCleanSignatures(de_ctx);
2782  DetectEngineCtxFree(de_ctx);
2783  return result;
2784 }
2785 
2786 static int DetectFastPatternTest96(void)
2787 {
2788  SigMatch *sm = NULL;
2789  DetectEngineCtx *de_ctx = NULL;
2790  int result = 0;
2791 
2792  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2793  goto end;
2794 
2795  de_ctx->flags |= DE_QUIET;
2796  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2797  "(content:\"one\"; fast_pattern:only; http_uri; sid:1;)");
2798  if (de_ctx->sig_list == NULL)
2799  goto end;
2800 
2801  result = 0;
2802  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
2804  if (sm->type == DETECT_CONTENT) {
2805  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2808  ud->fp_chop_offset == 0 &&
2809  ud->fp_chop_len == 0) {
2810  result = 1;
2811  } else {
2812  result = 0;
2813  }
2814  }
2815 
2816  end:
2817  SigCleanSignatures(de_ctx);
2818  DetectEngineCtxFree(de_ctx);
2819  return result;
2820 }
2821 
2822 static int DetectFastPatternTest97(void)
2823 {
2824  SigMatch *sm = NULL;
2825  DetectEngineCtx *de_ctx = NULL;
2826  int result = 0;
2827 
2828  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2829  goto end;
2830 
2831  de_ctx->flags |= DE_QUIET;
2832  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2833  "(content:\"oneoneone\"; fast_pattern:3,4; http_uri; sid:1;)");
2834  if (de_ctx->sig_list == NULL)
2835  goto end;
2836 
2837  result = 0;
2838  sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id];
2840  if (sm->type == DETECT_CONTENT) {
2841  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
2844  ud->fp_chop_offset == 3 &&
2845  ud->fp_chop_len == 4) {
2846  result = 1;
2847  } else {
2848  result = 0;
2849  }
2850  }
2851 
2852  end:
2853  SigCleanSignatures(de_ctx);
2854  DetectEngineCtxFree(de_ctx);
2855  return result;
2856 }
2857 
2858 static int DetectFastPatternTest98(void)
2859 {
2860  DetectEngineCtx *de_ctx = NULL;
2861  int result = 0;
2862 
2863  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2864  goto end;
2865 
2866  de_ctx->flags |= DE_QUIET;
2867  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2868  "(uricontent:\"one\"; content:\"two\"; fast_pattern:only; http_uri; distance:10; sid:1;)");
2869  if (de_ctx->sig_list != NULL)
2870  goto end;
2871 
2872  result = 1;
2873 
2874  end:
2875  SigCleanSignatures(de_ctx);
2876  DetectEngineCtxFree(de_ctx);
2877  return result;
2878 }
2879 
2880 static int DetectFastPatternTest99(void)
2881 {
2882  DetectEngineCtx *de_ctx = NULL;
2883  int result = 0;
2884 
2885  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2886  goto end;
2887 
2888  de_ctx->flags |= DE_QUIET;
2889  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2890  "(uricontent:\"one\"; content:\"two\"; distance:10; fast_pattern:only; http_uri; sid:1;)");
2891  if (de_ctx->sig_list != NULL)
2892  goto end;
2893 
2894  result = 1;
2895 
2896  end:
2897  SigCleanSignatures(de_ctx);
2898  DetectEngineCtxFree(de_ctx);
2899  return result;
2900 }
2901 
2902 static int DetectFastPatternTest100(void)
2903 {
2904  DetectEngineCtx *de_ctx = NULL;
2905  int result = 0;
2906 
2907  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2908  goto end;
2909 
2910  de_ctx->flags |= DE_QUIET;
2911  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2912  "(uricontent:\"one\"; content:\"two\"; fast_pattern:only; http_uri; within:10; sid:1;)");
2913  if (de_ctx->sig_list != NULL)
2914  goto end;
2915 
2916  result = 1;
2917 
2918  end:
2919  SigCleanSignatures(de_ctx);
2920  DetectEngineCtxFree(de_ctx);
2921  return result;
2922 }
2923 
2924 static int DetectFastPatternTest101(void)
2925 {
2926  DetectEngineCtx *de_ctx = NULL;
2927  int result = 0;
2928 
2929  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2930  goto end;
2931 
2932  de_ctx->flags |= DE_QUIET;
2933  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2934  "(uricontent:\"one\"; content:\"two\"; within:10; fast_pattern:only; http_uri; sid:1;)");
2935  if (de_ctx->sig_list != NULL)
2936  goto end;
2937 
2938  result = 1;
2939 
2940  end:
2941  SigCleanSignatures(de_ctx);
2942  DetectEngineCtxFree(de_ctx);
2943  return result;
2944 }
2945 
2946 static int DetectFastPatternTest102(void)
2947 {
2948  DetectEngineCtx *de_ctx = NULL;
2949  int result = 0;
2950 
2951  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2952  goto end;
2953 
2954  de_ctx->flags |= DE_QUIET;
2955  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2956  "(uricontent:\"one\"; content:\"two\"; fast_pattern:only; http_uri; offset:10; sid:1;)");
2957  if (de_ctx->sig_list != NULL)
2958  goto end;
2959 
2960  result = 1;
2961 
2962  end:
2963  SigCleanSignatures(de_ctx);
2964  DetectEngineCtxFree(de_ctx);
2965  return result;
2966 }
2967 
2968 static int DetectFastPatternTest103(void)
2969 {
2970  DetectEngineCtx *de_ctx = NULL;
2971  int result = 0;
2972 
2973  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2974  goto end;
2975 
2976  de_ctx->flags |= DE_QUIET;
2977  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
2978  "(uricontent:\"one\"; content:\"two\"; offset:10; fast_pattern:only; http_uri; sid:1;)");
2979  if (de_ctx->sig_list != NULL)
2980  goto end;
2981 
2982  result = 1;
2983 
2984  end:
2985  SigCleanSignatures(de_ctx);
2986  DetectEngineCtxFree(de_ctx);
2987  return result;
2988 }
2989 
2990 static int DetectFastPatternTest104(void)
2991 {
2992  DetectEngineCtx *de_ctx = NULL;
2993  int result = 0;
2994 
2995  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
2996  goto end;
2997 
2998  de_ctx->flags |= DE_QUIET;
2999  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3000  "(uricontent:\"one\"; content:\"two\"; fast_pattern:only; http_uri; depth:10; sid:1;)");
3001  if (de_ctx->sig_list != NULL)
3002  goto end;
3003 
3004  result = 1;
3005 
3006  end:
3007  SigCleanSignatures(de_ctx);
3008  DetectEngineCtxFree(de_ctx);
3009  return result;
3010 }
3011 
3012 static int DetectFastPatternTest105(void)
3013 {
3014  DetectEngineCtx *de_ctx = NULL;
3015  int result = 0;
3016 
3017  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3018  goto end;
3019 
3020  de_ctx->flags |= DE_QUIET;
3021  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3022  "(uricontent:\"one\"; content:\"two\"; depth:10; fast_pattern:only; http_uri; sid:1;)");
3023  if (de_ctx->sig_list != NULL)
3024  goto end;
3025 
3026  result = 1;
3027 
3028  end:
3029  SigCleanSignatures(de_ctx);
3030  DetectEngineCtxFree(de_ctx);
3031  return result;
3032 }
3033 
3034 static int DetectFastPatternTest106(void)
3035 {
3036  DetectEngineCtx *de_ctx = NULL;
3037  int result = 0;
3038 
3039  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3040  goto end;
3041 
3042  de_ctx->flags |= DE_QUIET;
3043  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3044  "(uricontent:\"one\"; content:!\"two\"; fast_pattern:only; http_uri; sid:1;)");
3045  if (de_ctx->sig_list != NULL)
3046  goto end;
3047 
3048  result = 1;
3049 
3050  end:
3051  SigCleanSignatures(de_ctx);
3052  DetectEngineCtxFree(de_ctx);
3053  return result;
3054 }
3055 
3056 static int DetectFastPatternTest107(void)
3057 {
3058  DetectEngineCtx *de_ctx = NULL;
3059  int result = 0;
3060 
3061  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3062  goto end;
3063 
3064  de_ctx->flags |= DE_QUIET;
3065  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3066  "(uricontent: \"one\"; uricontent:\"two\"; distance:30; content:\"two\"; fast_pattern:only; http_uri; sid:1;)");
3067  if (de_ctx->sig_list == NULL)
3068  goto end;
3069 
3070  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3071  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3074  ud->fp_chop_offset == 0 &&
3075  ud->fp_chop_len == 0) {
3076  result = 1;
3077  } else {
3078  result = 0;
3079  }
3080 
3081  end:
3082  SigCleanSignatures(de_ctx);
3083  DetectEngineCtxFree(de_ctx);
3084  return result;
3085 }
3086 
3087 static int DetectFastPatternTest108(void)
3088 {
3089  DetectEngineCtx *de_ctx = NULL;
3090  int result = 0;
3091 
3092  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3093  goto end;
3094 
3095  de_ctx->flags |= DE_QUIET;
3096  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3097  "(uricontent:\"one\"; uricontent:\"two\"; within:30; content:\"two\"; fast_pattern:only; http_uri; sid:1;)");
3098  if (de_ctx->sig_list == NULL)
3099  goto end;
3100  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3101  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3104  ud->fp_chop_offset == 0 &&
3105  ud->fp_chop_len == 0) {
3106  result = 1;
3107  } else {
3108  result = 0;
3109  }
3110 
3111  end:
3112  SigCleanSignatures(de_ctx);
3113  DetectEngineCtxFree(de_ctx);
3114  return result;
3115 }
3116 
3117 static int DetectFastPatternTest109(void)
3118 {
3119  DetectEngineCtx *de_ctx = NULL;
3120  int result = 0;
3121 
3122  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3123  goto end;
3124 
3125  de_ctx->flags |= DE_QUIET;
3126  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3127  "(uricontent:\"one\"; uricontent:\"two\"; offset:30; content:\"two\"; fast_pattern:only; http_uri; sid:1;)");
3128  if (de_ctx->sig_list == NULL)
3129  goto end;
3130  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3131  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3134  ud->fp_chop_offset == 0 &&
3135  ud->fp_chop_len == 0) {
3136  result = 1;
3137  } else {
3138  result = 0;
3139  }
3140 
3141  end:
3142  SigCleanSignatures(de_ctx);
3143  DetectEngineCtxFree(de_ctx);
3144  return result;
3145 }
3146 
3147 static int DetectFastPatternTest110(void)
3148 {
3149  DetectEngineCtx *de_ctx = NULL;
3150  int result = 0;
3151 
3152  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3153  goto end;
3154 
3155  de_ctx->flags |= DE_QUIET;
3156  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3157  "(uricontent:\"one\"; uricontent:\"two\"; depth:30; content:\"two\"; fast_pattern:only; http_uri; sid:1;)");
3158  if (de_ctx->sig_list == NULL)
3159  goto end;
3160  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3161  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3164  ud->fp_chop_offset == 0 &&
3165  ud->fp_chop_len == 0) {
3166  result = 1;
3167  } else {
3168  result = 0;
3169  }
3170 
3171  end:
3172  SigCleanSignatures(de_ctx);
3173  DetectEngineCtxFree(de_ctx);
3174  return result;
3175 }
3176 
3177 static int DetectFastPatternTest111(void)
3178 {
3179  DetectEngineCtx *de_ctx = NULL;
3180  int result = 0;
3181 
3182  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3183  goto end;
3184 
3185  de_ctx->flags |= DE_QUIET;
3186  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3187  "(content:!\"one\"; fast_pattern; http_uri; uricontent:\"two\"; sid:1;)");
3188  if (de_ctx->sig_list == NULL)
3189  goto end;
3190  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3191  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3192  ud->flags & DETECT_CONTENT_NEGATED &&
3195  ud->fp_chop_offset == 0 &&
3196  ud->fp_chop_len == 0) {
3197  result = 1;
3198  } else {
3199  result = 0;
3200  }
3201 
3202  end:
3203  SigCleanSignatures(de_ctx);
3204  DetectEngineCtxFree(de_ctx);
3205  return result;
3206 }
3207 
3208 static int DetectFastPatternTest112(void)
3209 {
3210  DetectEngineCtx *de_ctx = NULL;
3211  int result = 0;
3212 
3213  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3214  goto end;
3215 
3216  de_ctx->flags |= DE_QUIET;
3217  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3218  "(uricontent:\"two\"; content:!\"one\"; fast_pattern; http_uri; distance:20; sid:1;)");
3219  if (de_ctx->sig_list != NULL)
3220  goto end;
3221 
3222  result = 1;
3223 
3224  end:
3225  SigCleanSignatures(de_ctx);
3226  DetectEngineCtxFree(de_ctx);
3227  return result;
3228 }
3229 
3230 static int DetectFastPatternTest113(void)
3231 {
3232  DetectEngineCtx *de_ctx = NULL;
3233  int result = 0;
3234 
3235  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3236  goto end;
3237 
3238  de_ctx->flags |= DE_QUIET;
3239  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3240  "(uricontent:\"two\"; content:!\"one\"; fast_pattern; http_uri; within:20; sid:1;)");
3241  if (de_ctx->sig_list != NULL)
3242  goto end;
3243 
3244  result = 1;
3245 
3246  end:
3247  SigCleanSignatures(de_ctx);
3248  DetectEngineCtxFree(de_ctx);
3249  return result;
3250 }
3251 
3252 static int DetectFastPatternTest114(void)
3253 {
3254  DetectEngineCtx *de_ctx = NULL;
3255  int result = 0;
3256 
3257  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3258  goto end;
3259 
3260  de_ctx->flags |= DE_QUIET;
3261  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3262  "(uricontent:\"two\"; content:!\"one\"; fast_pattern; http_uri; offset:20; sid:1;)");
3263  if (de_ctx->sig_list != NULL)
3264  goto end;
3265 
3266  result = 1;
3267 
3268  end:
3269  SigCleanSignatures(de_ctx);
3270  DetectEngineCtxFree(de_ctx);
3271  return result;
3272 }
3273 
3274 static int DetectFastPatternTest115(void)
3275 {
3276  DetectEngineCtx *de_ctx = NULL;
3277  int result = 0;
3278 
3279  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3280  goto end;
3281 
3282  de_ctx->flags |= DE_QUIET;
3283  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3284  "(uricontent:\"two\"; content:!\"one\"; fast_pattern; http_uri; depth:20; sid:1;)");
3285  if (de_ctx->sig_list != NULL)
3286  goto end;
3287 
3288  result = 1;
3289 
3290  end:
3291  SigCleanSignatures(de_ctx);
3292  DetectEngineCtxFree(de_ctx);
3293  return result;
3294 }
3295 
3296 static int DetectFastPatternTest116(void)
3297 {
3298  DetectEngineCtx *de_ctx = NULL;
3299  int result = 0;
3300 
3301  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3302  goto end;
3303 
3304  de_ctx->flags |= DE_QUIET;
3305  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3306  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; sid:1;)");
3307  if (de_ctx->sig_list == NULL)
3308  goto end;
3309  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3310  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3313  ud->fp_chop_offset == 3 &&
3314  ud->fp_chop_len == 4) {
3315  result = 1;
3316  } else {
3317  result = 0;
3318  }
3319 
3320  end:
3321  SigCleanSignatures(de_ctx);
3322  DetectEngineCtxFree(de_ctx);
3323  return result;
3324 }
3325 
3326 static int DetectFastPatternTest117(void)
3327 {
3328  DetectEngineCtx *de_ctx = NULL;
3329  int result = 0;
3330 
3331  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3332  goto end;
3333 
3334  de_ctx->flags |= DE_QUIET;
3335  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3336  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; distance:30; sid:1;)");
3337  if (de_ctx->sig_list == NULL)
3338  goto end;
3339  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3340  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3343  ud->fp_chop_offset == 3 &&
3344  ud->fp_chop_len == 4) {
3345  result = 1;
3346  } else {
3347  result = 0;
3348  }
3349 
3350  end:
3351  SigCleanSignatures(de_ctx);
3352  DetectEngineCtxFree(de_ctx);
3353  return result;
3354 }
3355 
3356 static int DetectFastPatternTest118(void)
3357 {
3358  DetectEngineCtx *de_ctx = NULL;
3359  int result = 0;
3360 
3361  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3362  goto end;
3363 
3364  de_ctx->flags |= DE_QUIET;
3365  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3366  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; within:30; sid:1;)");
3367  if (de_ctx->sig_list == NULL)
3368  goto end;
3369  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3370  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3373  ud->fp_chop_offset == 3 &&
3374  ud->fp_chop_len == 4) {
3375  result = 1;
3376  } else {
3377  result = 0;
3378  }
3379 
3380  end:
3381  SigCleanSignatures(de_ctx);
3382  DetectEngineCtxFree(de_ctx);
3383  return result;
3384 }
3385 
3386 static int DetectFastPatternTest119(void)
3387 {
3388  DetectEngineCtx *de_ctx = NULL;
3389  int result = 0;
3390 
3391  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3392  goto end;
3393 
3394  de_ctx->flags |= DE_QUIET;
3395  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3396  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; offset:30; sid:1;)");
3397  if (de_ctx->sig_list == NULL)
3398  goto end;
3399  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3400  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3403  ud->fp_chop_offset == 3 &&
3404  ud->fp_chop_len == 4) {
3405  result = 1;
3406  } else {
3407  result = 0;
3408  }
3409 
3410  end:
3411  SigCleanSignatures(de_ctx);
3412  DetectEngineCtxFree(de_ctx);
3413  return result;
3414 }
3415 
3416 static int DetectFastPatternTest120(void)
3417 {
3418  DetectEngineCtx *de_ctx = NULL;
3419  int result = 0;
3420 
3421  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3422  goto end;
3423 
3424  de_ctx->flags |= DE_QUIET;
3425  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3426  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; depth:30; sid:1;)");
3427  if (de_ctx->sig_list == NULL)
3428  goto end;
3429  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3430  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3433  ud->fp_chop_offset == 3 &&
3434  ud->fp_chop_len == 4) {
3435  result = 1;
3436  } else {
3437  result = 0;
3438  }
3439 
3440  end:
3441  SigCleanSignatures(de_ctx);
3442  DetectEngineCtxFree(de_ctx);
3443  return result;
3444 }
3445 
3446 static int DetectFastPatternTest121(void)
3447 {
3448  DetectEngineCtx *de_ctx = NULL;
3449  int result = 0;
3450 
3451  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3452  goto end;
3453 
3454  de_ctx->flags |= DE_QUIET;
3455  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3456  "(uricontent:\"one\"; uricontent:\"two\"; distance:10; content:\"oneonethree\"; fast_pattern:3,4; http_uri; sid:1;)");
3457  if (de_ctx->sig_list == NULL)
3458  goto end;
3459  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3460  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3463  ud->fp_chop_offset == 3 &&
3464  ud->fp_chop_len == 4) {
3465  result = 1;
3466  } else {
3467  result = 0;
3468  }
3469 
3470  end:
3471  SigCleanSignatures(de_ctx);
3472  DetectEngineCtxFree(de_ctx);
3473  return result;
3474 }
3475 
3476 static int DetectFastPatternTest122(void)
3477 {
3478  DetectEngineCtx *de_ctx = NULL;
3479  int result = 0;
3480 
3481  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3482  goto end;
3483 
3484  de_ctx->flags |= DE_QUIET;
3485  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3486  "(uricontent:\"one\"; uricontent:\"two\"; within:10; content:\"oneonethree\"; fast_pattern:3,4; http_uri; sid:1;)");
3487  if (de_ctx->sig_list == NULL)
3488  goto end;
3489  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3490  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3493  ud->fp_chop_offset == 3 &&
3494  ud->fp_chop_len == 4) {
3495  result = 1;
3496  } else {
3497  result = 0;
3498  }
3499 
3500  end:
3501  SigCleanSignatures(de_ctx);
3502  DetectEngineCtxFree(de_ctx);
3503  return result;
3504 }
3505 
3506 static int DetectFastPatternTest123(void)
3507 {
3508  DetectEngineCtx *de_ctx = NULL;
3509  int result = 0;
3510 
3511  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3512  goto end;
3513 
3514  de_ctx->flags |= DE_QUIET;
3515  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3516  "(uricontent:\"one\"; uricontent:\"two\"; offset:10; content:\"oneonethree\"; fast_pattern:3,4; http_uri; sid:1;)");
3517  if (de_ctx->sig_list == NULL)
3518  goto end;
3519  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3520  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3523  ud->fp_chop_offset == 3 &&
3524  ud->fp_chop_len == 4) {
3525  result = 1;
3526  } else {
3527  result = 0;
3528  }
3529 
3530  end:
3531  SigCleanSignatures(de_ctx);
3532  DetectEngineCtxFree(de_ctx);
3533  return result;
3534 }
3535 
3536 static int DetectFastPatternTest124(void)
3537 {
3538  DetectEngineCtx *de_ctx = NULL;
3539  int result = 0;
3540 
3541  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3542  goto end;
3543 
3544  de_ctx->flags |= DE_QUIET;
3545  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3546  "(uricontent:\"one\"; uricontent:\"two\"; depth:10; content:\"oneonethree\"; fast_pattern:3,4; http_uri; sid:1;)");
3547  if (de_ctx->sig_list == NULL)
3548  goto end;
3549  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx;
3550  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3553  ud->fp_chop_offset == 3 &&
3554  ud->fp_chop_len == 4) {
3555  result = 1;
3556  } else {
3557  result = 0;
3558  }
3559 
3560 
3561  result = 1;
3562 
3563  end:
3564  SigCleanSignatures(de_ctx);
3565  DetectEngineCtxFree(de_ctx);
3566  return result;
3567 }
3568 
3569 static int DetectFastPatternTest125(void)
3570 {
3571  DetectEngineCtx *de_ctx = NULL;
3572  int result = 0;
3573 
3574  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3575  goto end;
3576 
3577  de_ctx->flags |= DE_QUIET;
3578  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3579  "(uricontent:\"one\"; content:\"two\"; fast_pattern:65977,4; http_uri; uricontent:\"three\"; distance:10; sid:1;)");
3580  if (de_ctx->sig_list != NULL)
3581  goto end;
3582 
3583  result = 1;
3584 
3585  end:
3586  SigCleanSignatures(de_ctx);
3587  DetectEngineCtxFree(de_ctx);
3588  return result;
3589 }
3590 
3591 static int DetectFastPatternTest126(void)
3592 {
3593  DetectEngineCtx *de_ctx = NULL;
3594  int result = 0;
3595 
3596  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3597  goto end;
3598 
3599  de_ctx->flags |= DE_QUIET;
3600  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3601  "(uricontent:\"one\"; content:\"oneonetwo\"; fast_pattern:3,65977; http_uri; uricontent:\"three\"; distance:10; sid:1;)");
3602  if (de_ctx->sig_list != NULL)
3603  goto end;
3604 
3605  result = 1;
3606 
3607  end:
3608  SigCleanSignatures(de_ctx);
3609  DetectEngineCtxFree(de_ctx);
3610  return result;
3611 }
3612 
3613 static int DetectFastPatternTest127(void)
3614 {
3615  DetectEngineCtx *de_ctx = NULL;
3616  int result = 0;
3617 
3618  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3619  goto end;
3620 
3621  de_ctx->flags |= DE_QUIET;
3622  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3623  "(uricontent:\"one\"; content:\"two\"; fast_pattern:65534,4; http_uri; uricontent:\"three\"; distance:10; sid:1;)");
3624  if (de_ctx->sig_list != NULL)
3625  goto end;
3626 
3627  result = 1;
3628 
3629  end:
3630  SigCleanSignatures(de_ctx);
3631  DetectEngineCtxFree(de_ctx);
3632  return result;
3633 }
3634 
3635 static int DetectFastPatternTest128(void)
3636 {
3637  DetectEngineCtx *de_ctx = NULL;
3638  int result = 0;
3639 
3640  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3641  goto end;
3642 
3643  de_ctx->flags |= DE_QUIET;
3644  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3645  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; sid:1;)");
3646  if (de_ctx->sig_list == NULL)
3647  goto end;
3648  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3649  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3650  ud->flags & DETECT_CONTENT_NEGATED &&
3653  ud->fp_chop_offset == 3 &&
3654  ud->fp_chop_len == 4) {
3655  result = 1;
3656  } else {
3657  result = 0;
3658  }
3659 
3660  end:
3661  SigCleanSignatures(de_ctx);
3662  DetectEngineCtxFree(de_ctx);
3663  return result;
3664 }
3665 
3666 static int DetectFastPatternTest129(void)
3667 {
3668  DetectEngineCtx *de_ctx = NULL;
3669  int result = 0;
3670 
3671  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3672  goto end;
3673 
3674  de_ctx->flags |= DE_QUIET;
3675  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3676  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; distance:10; uricontent:\"three\"; sid:1;)");
3677  if (de_ctx->sig_list != NULL)
3678  goto end;
3679 
3680  result = 1;
3681 
3682  end:
3683  SigCleanSignatures(de_ctx);
3684  DetectEngineCtxFree(de_ctx);
3685  return result;
3686 }
3687 
3688 static int DetectFastPatternTest130(void)
3689 {
3690  DetectEngineCtx *de_ctx = NULL;
3691  int result = 0;
3692 
3693  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3694  goto end;
3695 
3696  de_ctx->flags |= DE_QUIET;
3697  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3698  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; within:10; uricontent:\"three\"; sid:1;)");
3699  if (de_ctx->sig_list != NULL)
3700  goto end;
3701 
3702  result = 1;
3703 
3704  end:
3705  SigCleanSignatures(de_ctx);
3706  DetectEngineCtxFree(de_ctx);
3707  return result;
3708 }
3709 
3710 static int DetectFastPatternTest131(void)
3711 {
3712  DetectEngineCtx *de_ctx = NULL;
3713  int result = 0;
3714 
3715  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3716  goto end;
3717 
3718  de_ctx->flags |= DE_QUIET;
3719  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3720  "(uricontent:\"one\"; content:!\"twooneone\"; fast_pattern:3,4; http_uri; offset:10; uricontent:\"three\"; sid:1;)");
3721  if (de_ctx->sig_list != NULL)
3722  goto end;
3723 
3724  result = 1;
3725 
3726  end:
3727  SigCleanSignatures(de_ctx);
3728  DetectEngineCtxFree(de_ctx);
3729  return result;
3730 }
3731 
3732 static int DetectFastPatternTest132(void)
3733 {
3734  DetectEngineCtx *de_ctx = NULL;
3735  int result = 0;
3736 
3737  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3738  goto end;
3739 
3740  de_ctx->flags |= DE_QUIET;
3741  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3742  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; depth:10; uricontent:\"three\"; sid:1;)");
3743  if (de_ctx->sig_list != NULL)
3744  goto end;
3745 
3746  result = 1;
3747 
3748  end:
3749  SigCleanSignatures(de_ctx);
3750  DetectEngineCtxFree(de_ctx);
3751  return result;
3752 }
3753 
3754 static int DetectFastPatternTest133(void)
3755 {
3756  DetectEngineCtx *de_ctx = NULL;
3757  int result = 0;
3758 
3759  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3760  goto end;
3761 
3762  de_ctx->flags |= DE_QUIET;
3763  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3764  "(uricontent:\"one\"; content:!\"oneonetwo\"; fast_pattern:3,4; http_uri; uricontent:\"three\"; sid:1;)");
3765  if (de_ctx->sig_list == NULL)
3766  goto end;
3767  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx;
3768  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3769  ud->flags & DETECT_CONTENT_NEGATED &&
3772  ud->fp_chop_offset == 3 &&
3773  ud->fp_chop_len == 4) {
3774  result = 1;
3775  } else {
3776  result = 0;
3777  }
3778 
3779  end:
3780  SigCleanSignatures(de_ctx);
3781  DetectEngineCtxFree(de_ctx);
3782  return result;
3783 }
3784 
3785 
3786 /* http_uri fast_pattern tests ^ */
3787 /* http_client_body fast_pattern tests v */
3788 
3789 
3790 static int DetectFastPatternTest134(void)
3791 {
3792  DetectEngineCtx *de_ctx = NULL;
3793  int result = 0;
3794 
3795  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3796  goto end;
3797 
3798  de_ctx->flags |= DE_QUIET;
3799  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3800  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
3801  if (de_ctx->sig_list == NULL)
3802  goto end;
3803  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
3804  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3805  ud->flags & DETECT_CONTENT_NEGATED &&
3808  ud->fp_chop_offset == 3 &&
3809  ud->fp_chop_len == 4) {
3810  result = 1;
3811  } else {
3812  result = 0;
3813  }
3814 
3815  end:
3816  SigCleanSignatures(de_ctx);
3817  DetectEngineCtxFree(de_ctx);
3818  return result;
3819 }
3820 
3821 /**
3822  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
3823  */
3824 static int DetectFastPatternTest135(void)
3825 {
3826  SigMatch *sm = NULL;
3827  DetectEngineCtx *de_ctx = NULL;
3828  int result = 0;
3829 
3830  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3831  goto end;
3832 
3833  de_ctx->flags |= DE_QUIET;
3834  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3835  "(content:\"/one/\"; fast_pattern:only; http_client_body; "
3836  "msg:\"Testing fast_pattern\"; sid:1;)");
3837  if (de_ctx->sig_list == NULL)
3838  goto end;
3839 
3840  result = 0;
3841  sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
3842  if (sm != NULL) {
3843  if ( ((DetectContentData *)sm->ctx)->flags &
3845  result = 1;
3846  } else {
3847  result = 0;
3848  }
3849  }
3850 
3851 
3852  end:
3853  SigCleanSignatures(de_ctx);
3854  DetectEngineCtxFree(de_ctx);
3855  return result;
3856 }
3857 
3858 /**
3859  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
3860  */
3861 static int DetectFastPatternTest136(void)
3862 {
3863  SigMatch *sm = NULL;
3864  DetectEngineCtx *de_ctx = NULL;
3865  int result = 0;
3866 
3867  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3868  goto end;
3869 
3870  de_ctx->flags |= DE_QUIET;
3871  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3872  "(content:\"oneoneone\"; fast_pattern:3,4; http_client_body; "
3873  "msg:\"Testing fast_pattern\"; sid:1;)");
3874  if (de_ctx->sig_list == NULL)
3875  goto end;
3876 
3877  result = 0;
3878  sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
3879  if (sm != NULL) {
3880  if ( ((DetectContentData *)sm->ctx)->flags &
3882  result = 1;
3883  } else {
3884  result = 0;
3885  }
3886  }
3887 
3888  end:
3889  SigCleanSignatures(de_ctx);
3890  DetectEngineCtxFree(de_ctx);
3891  return result;
3892 }
3893 
3894 static int DetectFastPatternTest137(void)
3895 {
3896  SigMatch *sm = NULL;
3897  DetectEngineCtx *de_ctx = NULL;
3898  int result = 0;
3899 
3900  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3901  goto end;
3902 
3903  de_ctx->flags |= DE_QUIET;
3904  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3905  "(content:\"one\"; fast_pattern:only; http_client_body; sid:1;)");
3906  if (de_ctx->sig_list == NULL)
3907  goto end;
3908 
3909  result = 0;
3910  sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
3912  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3915  ud->fp_chop_offset == 0 &&
3916  ud->fp_chop_len == 0) {
3917  result = 1;
3918  } else {
3919  result = 0;
3920  }
3921 
3922  end:
3923  SigCleanSignatures(de_ctx);
3924  DetectEngineCtxFree(de_ctx);
3925  return result;
3926 }
3927 
3928 static int DetectFastPatternTest138(void)
3929 {
3930  SigMatch *sm = NULL;
3931  DetectEngineCtx *de_ctx = NULL;
3932  int result = 0;
3933 
3934  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3935  goto end;
3936 
3937  de_ctx->flags |= DE_QUIET;
3938  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3939  "(content:\"oneoneone\"; fast_pattern:3,4; http_client_body; sid:1;)");
3940  if (de_ctx->sig_list == NULL)
3941  goto end;
3942 
3943  result = 0;
3944  sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
3946  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
3949  ud->fp_chop_offset == 3 &&
3950  ud->fp_chop_len == 4) {
3951  result = 1;
3952  } else {
3953  result = 0;
3954  }
3955 
3956  end:
3957  SigCleanSignatures(de_ctx);
3958  DetectEngineCtxFree(de_ctx);
3959  return result;
3960 }
3961 
3962 static int DetectFastPatternTest139(void)
3963 {
3964  DetectEngineCtx *de_ctx = NULL;
3965  int result = 0;
3966 
3967  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3968  goto end;
3969 
3970  de_ctx->flags |= DE_QUIET;
3971  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3972  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:only; http_client_body; distance:10; sid:1;)");
3973  if (de_ctx->sig_list != NULL)
3974  goto end;
3975 
3976  result = 1;
3977 
3978  end:
3979  SigCleanSignatures(de_ctx);
3980  DetectEngineCtxFree(de_ctx);
3981  return result;
3982 }
3983 
3984 static int DetectFastPatternTest140(void)
3985 {
3986  DetectEngineCtx *de_ctx = NULL;
3987  int result = 0;
3988 
3989  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
3990  goto end;
3991 
3992  de_ctx->flags |= DE_QUIET;
3993  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
3994  "(content:\"one\"; http_client_body; content:\"two\"; distance:10; fast_pattern:only; http_client_body; sid:1;)");
3995  if (de_ctx->sig_list != NULL)
3996  goto end;
3997 
3998  result = 1;
3999 
4000  end:
4001  SigCleanSignatures(de_ctx);
4002  DetectEngineCtxFree(de_ctx);
4003  return result;
4004 }
4005 
4006 static int DetectFastPatternTest141(void)
4007 {
4008  DetectEngineCtx *de_ctx = NULL;
4009  int result = 0;
4010 
4011  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4012  goto end;
4013 
4014  de_ctx->flags |= DE_QUIET;
4015  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4016  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:only; http_client_body; within:10; sid:1;)");
4017  if (de_ctx->sig_list != NULL)
4018  goto end;
4019 
4020  result = 1;
4021 
4022  end:
4023  SigCleanSignatures(de_ctx);
4024  DetectEngineCtxFree(de_ctx);
4025  return result;
4026 }
4027 
4028 static int DetectFastPatternTest142(void)
4029 {
4030  DetectEngineCtx *de_ctx = NULL;
4031  int result = 0;
4032 
4033  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4034  goto end;
4035 
4036  de_ctx->flags |= DE_QUIET;
4037  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4038  "(content:\"one\"; http_client_body; content:\"two\"; within:10; fast_pattern:only; http_client_body; sid:1;)");
4039  if (de_ctx->sig_list != NULL)
4040  goto end;
4041 
4042  result = 1;
4043 
4044  end:
4045  SigCleanSignatures(de_ctx);
4046  DetectEngineCtxFree(de_ctx);
4047  return result;
4048 }
4049 
4050 static int DetectFastPatternTest143(void)
4051 {
4052  DetectEngineCtx *de_ctx = NULL;
4053  int result = 0;
4054 
4055  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4056  goto end;
4057 
4058  de_ctx->flags |= DE_QUIET;
4059  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4060  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:only; http_client_body; offset:10; sid:1;)");
4061  if (de_ctx->sig_list != NULL)
4062  goto end;
4063 
4064  result = 1;
4065 
4066  end:
4067  SigCleanSignatures(de_ctx);
4068  DetectEngineCtxFree(de_ctx);
4069  return result;
4070 }
4071 
4072 static int DetectFastPatternTest144(void)
4073 {
4074  DetectEngineCtx *de_ctx = NULL;
4075  int result = 0;
4076 
4077  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4078  goto end;
4079 
4080  de_ctx->flags |= DE_QUIET;
4081  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4082  "(content:\"one\"; http_client_body; content:\"two\"; offset:10; fast_pattern:only; http_client_body; sid:1;)");
4083  if (de_ctx->sig_list != NULL)
4084  goto end;
4085 
4086  result = 1;
4087 
4088  end:
4089  SigCleanSignatures(de_ctx);
4090  DetectEngineCtxFree(de_ctx);
4091  return result;
4092 }
4093 
4094 static int DetectFastPatternTest145(void)
4095 {
4096  DetectEngineCtx *de_ctx = NULL;
4097  int result = 0;
4098 
4099  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4100  goto end;
4101 
4102  de_ctx->flags |= DE_QUIET;
4103  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4104  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:only; http_client_body; depth:10; sid:1;)");
4105  if (de_ctx->sig_list != NULL)
4106  goto end;
4107 
4108  result = 1;
4109 
4110  end:
4111  SigCleanSignatures(de_ctx);
4112  DetectEngineCtxFree(de_ctx);
4113  return result;
4114 }
4115 
4116 static int DetectFastPatternTest146(void)
4117 {
4118  DetectEngineCtx *de_ctx = NULL;
4119  int result = 0;
4120 
4121  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4122  goto end;
4123 
4124  de_ctx->flags |= DE_QUIET;
4125  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4126  "(content:\"one\"; http_client_body; content:\"two\"; depth:10; fast_pattern:only; http_client_body; sid:1;)");
4127  if (de_ctx->sig_list != NULL)
4128  goto end;
4129 
4130  result = 1;
4131 
4132  end:
4133  SigCleanSignatures(de_ctx);
4134  DetectEngineCtxFree(de_ctx);
4135  return result;
4136 }
4137 
4138 static int DetectFastPatternTest147(void)
4139 {
4140  DetectEngineCtx *de_ctx = NULL;
4141  int result = 0;
4142 
4143  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4144  goto end;
4145 
4146  de_ctx->flags |= DE_QUIET;
4147  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4148  "(content:\"one\"; http_client_body; content:!\"two\"; fast_pattern:only; http_client_body; sid:1;)");
4149  if (de_ctx->sig_list != NULL)
4150  goto end;
4151 
4152  result = 1;
4153 
4154  end:
4155  SigCleanSignatures(de_ctx);
4156  DetectEngineCtxFree(de_ctx);
4157  return result;
4158 }
4159 
4160 static int DetectFastPatternTest148(void)
4161 {
4162  DetectEngineCtx *de_ctx = NULL;
4163  int result = 0;
4164 
4165  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4166  goto end;
4167 
4168  de_ctx->flags |= DE_QUIET;
4169  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4170  "(content: \"one\"; http_client_body; content:\"two\"; http_client_body; distance:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
4171  if (de_ctx->sig_list == NULL)
4172  goto end;
4173 
4174  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4175  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4178  ud->fp_chop_offset == 0 &&
4179  ud->fp_chop_len == 0) {
4180  result = 1;
4181  } else {
4182  result = 0;
4183  }
4184 
4185  end:
4186  SigCleanSignatures(de_ctx);
4187  DetectEngineCtxFree(de_ctx);
4188  return result;
4189 }
4190 
4191 static int DetectFastPatternTest149(void)
4192 {
4193  DetectEngineCtx *de_ctx = NULL;
4194  int result = 0;
4195 
4196  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4197  goto end;
4198 
4199  de_ctx->flags |= DE_QUIET;
4200  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4201  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; within:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
4202  if (de_ctx->sig_list == NULL)
4203  goto end;
4204  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4205  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4208  ud->fp_chop_offset == 0 &&
4209  ud->fp_chop_len == 0) {
4210  result = 1;
4211  } else {
4212  result = 0;
4213  }
4214 
4215  end:
4216  SigCleanSignatures(de_ctx);
4217  DetectEngineCtxFree(de_ctx);
4218  return result;
4219 }
4220 
4221 static int DetectFastPatternTest150(void)
4222 {
4223  DetectEngineCtx *de_ctx = NULL;
4224  int result = 0;
4225 
4226  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4227  goto end;
4228 
4229  de_ctx->flags |= DE_QUIET;
4230  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4231  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; offset:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
4232  if (de_ctx->sig_list == NULL)
4233  goto end;
4234  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4235  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4238  ud->fp_chop_offset == 0 &&
4239  ud->fp_chop_len == 0) {
4240  result = 1;
4241  } else {
4242  result = 0;
4243  }
4244 
4245  end:
4246  SigCleanSignatures(de_ctx);
4247  DetectEngineCtxFree(de_ctx);
4248  return result;
4249 }
4250 
4251 static int DetectFastPatternTest151(void)
4252 {
4253  DetectEngineCtx *de_ctx = NULL;
4254  int result = 0;
4255 
4256  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4257  goto end;
4258 
4259  de_ctx->flags |= DE_QUIET;
4260  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4261  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; depth:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
4262  if (de_ctx->sig_list == NULL)
4263  goto end;
4264  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4265  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4268  ud->fp_chop_offset == 0 &&
4269  ud->fp_chop_len == 0) {
4270  result = 1;
4271  } else {
4272  result = 0;
4273  }
4274 
4275  end:
4276  SigCleanSignatures(de_ctx);
4277  DetectEngineCtxFree(de_ctx);
4278  return result;
4279 }
4280 
4281 static int DetectFastPatternTest152(void)
4282 {
4283  DetectEngineCtx *de_ctx = NULL;
4284  int result = 0;
4285 
4286  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4287  goto end;
4288 
4289  de_ctx->flags |= DE_QUIET;
4290  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4291  "(content:!\"one\"; fast_pattern; http_client_body; content:\"two\"; http_client_body; sid:1;)");
4292  if (de_ctx->sig_list == NULL)
4293  goto end;
4294  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4295  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4296  ud->flags & DETECT_CONTENT_NEGATED &&
4299  ud->fp_chop_offset == 0 &&
4300  ud->fp_chop_len == 0) {
4301  result = 1;
4302  } else {
4303  result = 0;
4304  }
4305 
4306  end:
4307  SigCleanSignatures(de_ctx);
4308  DetectEngineCtxFree(de_ctx);
4309  return result;
4310 }
4311 
4312 static int DetectFastPatternTest153(void)
4313 {
4314  DetectEngineCtx *de_ctx = NULL;
4315  int result = 0;
4316 
4317  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4318  goto end;
4319 
4320  de_ctx->flags |= DE_QUIET;
4321  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4322  "(content:\"two\"; http_client_body; content:!\"one\"; fast_pattern; http_client_body; distance:20; sid:1;)");
4323  if (de_ctx->sig_list != NULL)
4324  goto end;
4325 
4326  result = 1;
4327 
4328  end:
4329  SigCleanSignatures(de_ctx);
4330  DetectEngineCtxFree(de_ctx);
4331  return result;
4332 }
4333 
4334 static int DetectFastPatternTest154(void)
4335 {
4336  DetectEngineCtx *de_ctx = NULL;
4337  int result = 0;
4338 
4339  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4340  goto end;
4341 
4342  de_ctx->flags |= DE_QUIET;
4343  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4344  "(content:\"two\"; http_client_body; content:!\"one\"; fast_pattern; http_client_body; within:20; sid:1;)");
4345  if (de_ctx->sig_list != NULL)
4346  goto end;
4347 
4348  result = 1;
4349 
4350  end:
4351  SigCleanSignatures(de_ctx);
4352  DetectEngineCtxFree(de_ctx);
4353  return result;
4354 }
4355 
4356 static int DetectFastPatternTest155(void)
4357 {
4358  DetectEngineCtx *de_ctx = NULL;
4359  int result = 0;
4360 
4361  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4362  goto end;
4363 
4364  de_ctx->flags |= DE_QUIET;
4365  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4366  "(content:\"two\"; http_client_body; content:!\"one\"; fast_pattern; http_client_body; offset:20; sid:1;)");
4367  if (de_ctx->sig_list != NULL)
4368  goto end;
4369 
4370  result = 1;
4371 
4372  end:
4373  SigCleanSignatures(de_ctx);
4374  DetectEngineCtxFree(de_ctx);
4375  return result;
4376 }
4377 
4378 static int DetectFastPatternTest156(void)
4379 {
4380  DetectEngineCtx *de_ctx = NULL;
4381  int result = 0;
4382 
4383  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4384  goto end;
4385 
4386  de_ctx->flags |= DE_QUIET;
4387  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4388  "(content:\"two\"; http_client_body; content:!\"one\"; fast_pattern; http_client_body; depth:20; sid:1;)");
4389  if (de_ctx->sig_list != NULL)
4390  goto end;
4391 
4392  result = 1;
4393 
4394  end:
4395  SigCleanSignatures(de_ctx);
4396  DetectEngineCtxFree(de_ctx);
4397  return result;
4398 }
4399 
4400 static int DetectFastPatternTest157(void)
4401 {
4402  DetectEngineCtx *de_ctx = NULL;
4403  int result = 0;
4404 
4405  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4406  goto end;
4407 
4408  de_ctx->flags |= DE_QUIET;
4409  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4410  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
4411  if (de_ctx->sig_list == NULL)
4412  goto end;
4413  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4414  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4417  ud->fp_chop_offset == 3 &&
4418  ud->fp_chop_len == 4) {
4419  result = 1;
4420  } else {
4421  result = 0;
4422  }
4423 
4424  end:
4425  SigCleanSignatures(de_ctx);
4426  DetectEngineCtxFree(de_ctx);
4427  return result;
4428 }
4429 
4430 static int DetectFastPatternTest158(void)
4431 {
4432  DetectEngineCtx *de_ctx = NULL;
4433  int result = 0;
4434 
4435  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4436  goto end;
4437 
4438  de_ctx->flags |= DE_QUIET;
4439  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4440  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; distance:30; sid:1;)");
4441  if (de_ctx->sig_list == NULL)
4442  goto end;
4443  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4444  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4447  ud->fp_chop_offset == 3 &&
4448  ud->fp_chop_len == 4) {
4449  result = 1;
4450  } else {
4451  result = 0;
4452  }
4453 
4454  end:
4455  SigCleanSignatures(de_ctx);
4456  DetectEngineCtxFree(de_ctx);
4457  return result;
4458 }
4459 
4460 static int DetectFastPatternTest159(void)
4461 {
4462  DetectEngineCtx *de_ctx = NULL;
4463  int result = 0;
4464 
4465  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4466  goto end;
4467 
4468  de_ctx->flags |= DE_QUIET;
4469  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4470  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; within:30; sid:1;)");
4471  if (de_ctx->sig_list == NULL)
4472  goto end;
4473  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4474  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4477  ud->fp_chop_offset == 3 &&
4478  ud->fp_chop_len == 4) {
4479  result = 1;
4480  } else {
4481  result = 0;
4482  }
4483 
4484  end:
4485  SigCleanSignatures(de_ctx);
4486  DetectEngineCtxFree(de_ctx);
4487  return result;
4488 }
4489 
4490 static int DetectFastPatternTest160(void)
4491 {
4492  DetectEngineCtx *de_ctx = NULL;
4493  int result = 0;
4494 
4495  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4496  goto end;
4497 
4498  de_ctx->flags |= DE_QUIET;
4499  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4500  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; offset:30; sid:1;)");
4501  if (de_ctx->sig_list == NULL)
4502  goto end;
4503  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4504  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4507  ud->fp_chop_offset == 3 &&
4508  ud->fp_chop_len == 4) {
4509  result = 1;
4510  } else {
4511  result = 0;
4512  }
4513 
4514  end:
4515  SigCleanSignatures(de_ctx);
4516  DetectEngineCtxFree(de_ctx);
4517  return result;
4518 }
4519 
4520 static int DetectFastPatternTest161(void)
4521 {
4522  DetectEngineCtx *de_ctx = NULL;
4523  int result = 0;
4524 
4525  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4526  goto end;
4527 
4528  de_ctx->flags |= DE_QUIET;
4529  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4530  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; depth:30; sid:1;)");
4531  if (de_ctx->sig_list == NULL)
4532  goto end;
4533  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4534  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4537  ud->fp_chop_offset == 3 &&
4538  ud->fp_chop_len == 4) {
4539  result = 1;
4540  } else {
4541  result = 0;
4542  }
4543 
4544  end:
4545  SigCleanSignatures(de_ctx);
4546  DetectEngineCtxFree(de_ctx);
4547  return result;
4548 }
4549 
4550 static int DetectFastPatternTest162(void)
4551 {
4552  DetectEngineCtx *de_ctx = NULL;
4553  int result = 0;
4554 
4555  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4556  goto end;
4557 
4558  de_ctx->flags |= DE_QUIET;
4559  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4560  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; distance:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
4561  if (de_ctx->sig_list == NULL)
4562  goto end;
4563  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4564  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4567  ud->fp_chop_offset == 3 &&
4568  ud->fp_chop_len == 4) {
4569  result = 1;
4570  } else {
4571  result = 0;
4572  }
4573 
4574  end:
4575  SigCleanSignatures(de_ctx);
4576  DetectEngineCtxFree(de_ctx);
4577  return result;
4578 }
4579 
4580 static int DetectFastPatternTest163(void)
4581 {
4582  DetectEngineCtx *de_ctx = NULL;
4583  int result = 0;
4584 
4585  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4586  goto end;
4587 
4588  de_ctx->flags |= DE_QUIET;
4589  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4590  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; within:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
4591  if (de_ctx->sig_list == NULL)
4592  goto end;
4593  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4594  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4597  ud->fp_chop_offset == 3 &&
4598  ud->fp_chop_len == 4) {
4599  result = 1;
4600  } else {
4601  result = 0;
4602  }
4603 
4604  end:
4605  SigCleanSignatures(de_ctx);
4606  DetectEngineCtxFree(de_ctx);
4607  return result;
4608 }
4609 
4610 static int DetectFastPatternTest164(void)
4611 {
4612  DetectEngineCtx *de_ctx = NULL;
4613  int result = 0;
4614 
4615  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4616  goto end;
4617 
4618  de_ctx->flags |= DE_QUIET;
4619  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4620  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; offset:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
4621  if (de_ctx->sig_list == NULL)
4622  goto end;
4623  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4624  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4627  ud->fp_chop_offset == 3 &&
4628  ud->fp_chop_len == 4) {
4629  result = 1;
4630  } else {
4631  result = 0;
4632  }
4633 
4634  end:
4635  SigCleanSignatures(de_ctx);
4636  DetectEngineCtxFree(de_ctx);
4637  return result;
4638 }
4639 
4640 static int DetectFastPatternTest165(void)
4641 {
4642  DetectEngineCtx *de_ctx = NULL;
4643  int result = 0;
4644 
4645  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4646  goto end;
4647 
4648  de_ctx->flags |= DE_QUIET;
4649  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4650  "(content:\"one\"; http_client_body; content:\"two\"; http_client_body; depth:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
4651  if (de_ctx->sig_list == NULL)
4652  goto end;
4653  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
4654  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4657  ud->fp_chop_offset == 3 &&
4658  ud->fp_chop_len == 4) {
4659  result = 1;
4660  } else {
4661  result = 0;
4662  }
4663 
4664 
4665  result = 1;
4666 
4667  end:
4668  SigCleanSignatures(de_ctx);
4669  DetectEngineCtxFree(de_ctx);
4670  return result;
4671 }
4672 
4673 static int DetectFastPatternTest166(void)
4674 {
4675  DetectEngineCtx *de_ctx = NULL;
4676  int result = 0;
4677 
4678  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4679  goto end;
4680 
4681  de_ctx->flags |= DE_QUIET;
4682  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4683  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:65977,4; http_client_body; content:\"three\"; http_client_body; distance:10; sid:1;)");
4684  if (de_ctx->sig_list != NULL)
4685  goto end;
4686 
4687  result = 1;
4688 
4689  end:
4690  SigCleanSignatures(de_ctx);
4691  DetectEngineCtxFree(de_ctx);
4692  return result;
4693 }
4694 
4695 static int DetectFastPatternTest167(void)
4696 {
4697  DetectEngineCtx *de_ctx = NULL;
4698  int result = 0;
4699 
4700  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4701  goto end;
4702 
4703  de_ctx->flags |= DE_QUIET;
4704  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4705  "(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,65977; http_client_body; content:\"three\"; distance:10; http_client_body; sid:1;)");
4706  if (de_ctx->sig_list != NULL)
4707  goto end;
4708 
4709  result = 1;
4710 
4711  end:
4712  SigCleanSignatures(de_ctx);
4713  DetectEngineCtxFree(de_ctx);
4714  return result;
4715 }
4716 
4717 static int DetectFastPatternTest168(void)
4718 {
4719  DetectEngineCtx *de_ctx = NULL;
4720  int result = 0;
4721 
4722  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4723  goto end;
4724 
4725  de_ctx->flags |= DE_QUIET;
4726  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4727  "(content:\"one\"; http_client_body; content:\"two\"; fast_pattern:65534,4; http_client_body; content:\"three\"; http_client_body; distance:10; sid:1;)");
4728  if (de_ctx->sig_list != NULL)
4729  goto end;
4730 
4731  result = 1;
4732 
4733  end:
4734  SigCleanSignatures(de_ctx);
4735  DetectEngineCtxFree(de_ctx);
4736  return result;
4737 }
4738 
4739 static int DetectFastPatternTest169(void)
4740 {
4741  DetectEngineCtx *de_ctx = NULL;
4742  int result = 0;
4743 
4744  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4745  goto end;
4746 
4747  de_ctx->flags |= DE_QUIET;
4748  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4749  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
4750  if (de_ctx->sig_list == NULL)
4751  goto end;
4752  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4753  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4754  ud->flags & DETECT_CONTENT_NEGATED &&
4757  ud->fp_chop_offset == 3 &&
4758  ud->fp_chop_len == 4) {
4759  result = 1;
4760  } else {
4761  result = 0;
4762  }
4763 
4764  end:
4765  SigCleanSignatures(de_ctx);
4766  DetectEngineCtxFree(de_ctx);
4767  return result;
4768 }
4769 
4770 static int DetectFastPatternTest170(void)
4771 {
4772  DetectEngineCtx *de_ctx = NULL;
4773  int result = 0;
4774 
4775  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4776  goto end;
4777 
4778  de_ctx->flags |= DE_QUIET;
4779  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4780  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; distance:10; content:\"three\"; http_client_body; sid:1;)");
4781  if (de_ctx->sig_list != NULL)
4782  goto end;
4783 
4784  result = 1;
4785 
4786  end:
4787  SigCleanSignatures(de_ctx);
4788  DetectEngineCtxFree(de_ctx);
4789  return result;
4790 }
4791 
4792 static int DetectFastPatternTest171(void)
4793 {
4794  DetectEngineCtx *de_ctx = NULL;
4795  int result = 0;
4796 
4797  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4798  goto end;
4799 
4800  de_ctx->flags |= DE_QUIET;
4801  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4802  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; within:10; content:\"three\"; http_client_body; sid:1;)");
4803  if (de_ctx->sig_list != NULL)
4804  goto end;
4805 
4806  result = 1;
4807 
4808  end:
4809  SigCleanSignatures(de_ctx);
4810  DetectEngineCtxFree(de_ctx);
4811  return result;
4812 }
4813 
4814 static int DetectFastPatternTest172(void)
4815 {
4816  DetectEngineCtx *de_ctx = NULL;
4817  int result = 0;
4818 
4819  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4820  goto end;
4821 
4822  de_ctx->flags |= DE_QUIET;
4823  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4824  "(content:\"one\"; http_client_body; content:!\"twooneone\"; fast_pattern:3,4; http_client_body; offset:10; content:\"three\"; http_client_body; sid:1;)");
4825  if (de_ctx->sig_list != NULL)
4826  goto end;
4827 
4828  result = 1;
4829 
4830  end:
4831  SigCleanSignatures(de_ctx);
4832  DetectEngineCtxFree(de_ctx);
4833  return result;
4834 }
4835 
4836 static int DetectFastPatternTest173(void)
4837 {
4838  DetectEngineCtx *de_ctx = NULL;
4839  int result = 0;
4840 
4841  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4842  goto end;
4843 
4844  de_ctx->flags |= DE_QUIET;
4845  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4846  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; depth:10; content:\"three\"; http_client_body; sid:1;)");
4847  if (de_ctx->sig_list != NULL)
4848  goto end;
4849 
4850  result = 1;
4851 
4852  end:
4853  SigCleanSignatures(de_ctx);
4854  DetectEngineCtxFree(de_ctx);
4855  return result;
4856 }
4857 
4858 static int DetectFastPatternTest174(void)
4859 {
4860  DetectEngineCtx *de_ctx = NULL;
4861  int result = 0;
4862 
4863  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4864  goto end;
4865 
4866  de_ctx->flags |= DE_QUIET;
4867  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4868  "(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
4869  if (de_ctx->sig_list == NULL)
4870  goto end;
4871  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
4872  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
4873  ud->flags & DETECT_CONTENT_NEGATED &&
4876  ud->fp_chop_offset == 3 &&
4877  ud->fp_chop_len == 4) {
4878  result = 1;
4879  } else {
4880  result = 0;
4881  }
4882 
4883  end:
4884  SigCleanSignatures(de_ctx);
4885  DetectEngineCtxFree(de_ctx);
4886  return result;
4887 }
4888 
4889 
4890 /* http_client_body fast_pattern tests ^ */
4891 /* content fast_pattern tests v */
4892 
4893 
4894 static int DetectFastPatternTest175(void)
4895 {
4896  DetectEngineCtx *de_ctx = NULL;
4897  int result = 0;
4898 
4899  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4900  goto end;
4901 
4902  de_ctx->flags |= DE_QUIET;
4903  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4904  "(content:\"two\"; content:!\"one\"; distance:20; fast_pattern; sid:1;)");
4905  if (de_ctx->sig_list != NULL)
4906  goto end;
4907 
4908  result = 1;
4909 
4910  end:
4911  SigCleanSignatures(de_ctx);
4912  DetectEngineCtxFree(de_ctx);
4913  return result;
4914 }
4915 
4916 static int DetectFastPatternTest176(void)
4917 {
4918  DetectEngineCtx *de_ctx = NULL;
4919  int result = 0;
4920 
4921  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4922  goto end;
4923 
4924  de_ctx->flags |= DE_QUIET;
4925  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4926  "(content:\"two\"; content:!\"one\"; within:20; fast_pattern; sid:1;)");
4927  if (de_ctx->sig_list != NULL)
4928  goto end;
4929 
4930  result = 1;
4931 
4932  end:
4933  SigCleanSignatures(de_ctx);
4934  DetectEngineCtxFree(de_ctx);
4935  return result;
4936 }
4937 
4938 static int DetectFastPatternTest177(void)
4939 {
4940  DetectEngineCtx *de_ctx = NULL;
4941  int result = 0;
4942 
4943  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4944  goto end;
4945 
4946  de_ctx->flags |= DE_QUIET;
4947  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4948  "(content:\"two\"; content:!\"one\"; offset:20; fast_pattern; sid:1;)");
4949  if (de_ctx->sig_list != NULL)
4950  goto end;
4951 
4952  result = 1;
4953 
4954  end:
4955  SigCleanSignatures(de_ctx);
4956  DetectEngineCtxFree(de_ctx);
4957  return result;
4958 }
4959 
4960 static int DetectFastPatternTest178(void)
4961 {
4962  DetectEngineCtx *de_ctx = NULL;
4963  int result = 0;
4964 
4965  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4966  goto end;
4967 
4968  de_ctx->flags |= DE_QUIET;
4969  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4970  "(content:\"two\"; content:!\"one\"; depth:20; fast_pattern; sid:1;)");
4971  if (de_ctx->sig_list != NULL)
4972  goto end;
4973 
4974  result = 1;
4975 
4976  end:
4977  SigCleanSignatures(de_ctx);
4978  DetectEngineCtxFree(de_ctx);
4979  return result;
4980 }
4981 
4982 /* content fast_pattern tests ^ */
4983 /* http_header fast_pattern tests v */
4984 
4985 
4986 static int DetectFastPatternTest179(void)
4987 {
4988  DetectEngineCtx *de_ctx = NULL;
4989  int result = 0;
4990 
4991  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
4992  goto end;
4993 
4994  de_ctx->flags |= DE_QUIET;
4995  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
4996  "(content:\"one\"; http_header; "
4997  "content:!\"oneonetwo\"; fast_pattern:3,4; http_header; "
4998  "content:\"three\"; http_header; sid:1;)");
4999  if (de_ctx->sig_list == NULL)
5000  goto end;
5001  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5002  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5003  ud->flags & DETECT_CONTENT_NEGATED &&
5006  ud->fp_chop_offset == 3 &&
5007  ud->fp_chop_len == 4) {
5008  result = 1;
5009  } else {
5010  result = 0;
5011  }
5012 
5013  end:
5014  SigCleanSignatures(de_ctx);
5015  DetectEngineCtxFree(de_ctx);
5016  return result;
5017 }
5018 
5019 /**
5020  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
5021  */
5022 static int DetectFastPatternTest180(void)
5023 {
5024  SigMatch *sm = NULL;
5025  DetectEngineCtx *de_ctx = NULL;
5026  int result = 0;
5027 
5028  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5029  goto end;
5030 
5031  de_ctx->flags |= DE_QUIET;
5032  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5033  "(content:\"/one/\"; fast_pattern:only; http_header; "
5034  "msg:\"Testing fast_pattern\"; sid:1;)");
5035  if (de_ctx->sig_list == NULL)
5036  goto end;
5037 
5038  result = 0;
5039  sm = de_ctx->sig_list->sm_lists[g_http_header_buffer_id];
5040  if (sm != NULL) {
5041  if ( ((DetectContentData *)sm->ctx)->flags &
5043  result = 1;
5044  } else {
5045  result = 0;
5046  }
5047  }
5048 
5049 
5050  end:
5051  SigCleanSignatures(de_ctx);
5052  DetectEngineCtxFree(de_ctx);
5053  return result;
5054 }
5055 
5056 /**
5057  * \test Checks if a fast_pattern is registered in a Signature for uricontent.
5058  */
5059 static int DetectFastPatternTest181(void)
5060 {
5061  SigMatch *sm = NULL;
5062  DetectEngineCtx *de_ctx = NULL;
5063  int result = 0;
5064 
5065  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5066  goto end;
5067 
5068  de_ctx->flags |= DE_QUIET;
5069  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5070  "(content:\"oneoneone\"; fast_pattern:3,4; http_header; "
5071  "msg:\"Testing fast_pattern\"; sid:1;)");
5072  if (de_ctx->sig_list == NULL)
5073  goto end;
5074 
5075  result = 0;
5076  sm = de_ctx->sig_list->sm_lists[g_http_header_buffer_id];
5077  if (sm != NULL) {
5078  if ( ((DetectContentData *)sm->ctx)->flags &
5080  result = 1;
5081  } else {
5082  result = 0;
5083  }
5084  }
5085 
5086  end:
5087  SigCleanSignatures(de_ctx);
5088  DetectEngineCtxFree(de_ctx);
5089  return result;
5090 }
5091 
5092 static int DetectFastPatternTest182(void)
5093 {
5094  SigMatch *sm = NULL;
5095  DetectEngineCtx *de_ctx = NULL;
5096  int result = 0;
5097 
5098  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5099  goto end;
5100 
5101  de_ctx->flags |= DE_QUIET;
5102  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5103  "(content:\"one\"; fast_pattern:only; http_header; sid:1;)");
5104  if (de_ctx->sig_list == NULL)
5105  goto end;
5106 
5107  result = 0;
5108  sm = de_ctx->sig_list->sm_lists[g_http_header_buffer_id];
5110  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5113  ud->fp_chop_offset == 0 &&
5114  ud->fp_chop_len == 0) {
5115  result = 1;
5116  } else {
5117  result = 0;
5118  }
5119 
5120  end:
5121  SigCleanSignatures(de_ctx);
5122  DetectEngineCtxFree(de_ctx);
5123  return result;
5124 }
5125 
5126 static int DetectFastPatternTest183(void)
5127 {
5128  SigMatch *sm = NULL;
5129  DetectEngineCtx *de_ctx = NULL;
5130  int result = 0;
5131 
5132  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5133  goto end;
5134 
5135  de_ctx->flags |= DE_QUIET;
5136  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5137  "(content:\"oneoneone\"; fast_pattern:3,4; http_header; sid:1;)");
5138  if (de_ctx->sig_list == NULL)
5139  goto end;
5140 
5141  result = 0;
5142  sm = de_ctx->sig_list->sm_lists[g_http_header_buffer_id];
5144  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5147  ud->fp_chop_offset == 3 &&
5148  ud->fp_chop_len == 4) {
5149  result = 1;
5150  } else {
5151  result = 0;
5152  }
5153 
5154  end:
5155  SigCleanSignatures(de_ctx);
5156  DetectEngineCtxFree(de_ctx);
5157  return result;
5158 }
5159 
5160 static int DetectFastPatternTest184(void)
5161 {
5162  DetectEngineCtx *de_ctx = NULL;
5163  int result = 0;
5164 
5165  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5166  goto end;
5167 
5168  de_ctx->flags |= DE_QUIET;
5169  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5170  "(content:\"one\"; http_header; content:\"two\"; fast_pattern:only; http_header; distance:10; sid:1;)");
5171  if (de_ctx->sig_list != NULL)
5172  goto end;
5173 
5174  result = 1;
5175 
5176  end:
5177  SigCleanSignatures(de_ctx);
5178  DetectEngineCtxFree(de_ctx);
5179  return result;
5180 }
5181 
5182 static int DetectFastPatternTest185(void)
5183 {
5184  DetectEngineCtx *de_ctx = NULL;
5185  int result = 0;
5186 
5187  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5188  goto end;
5189 
5190  de_ctx->flags |= DE_QUIET;
5191  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5192  "(content:\"one\"; http_header; content:\"two\"; distance:10; fast_pattern:only; http_header; sid:1;)");
5193  if (de_ctx->sig_list != NULL)
5194  goto end;
5195 
5196  result = 1;
5197 
5198  end:
5199  SigCleanSignatures(de_ctx);
5200  DetectEngineCtxFree(de_ctx);
5201  return result;
5202 }
5203 
5204 static int DetectFastPatternTest186(void)
5205 {
5206  DetectEngineCtx *de_ctx = NULL;
5207  int result = 0;
5208 
5209  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5210  goto end;
5211 
5212  de_ctx->flags |= DE_QUIET;
5213  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5214  "(content:\"one\"; http_header; content:\"two\"; fast_pattern:only; http_header; within:10; sid:1;)");
5215  if (de_ctx->sig_list != NULL)
5216  goto end;
5217 
5218  result = 1;
5219 
5220  end:
5221  SigCleanSignatures(de_ctx);
5222  DetectEngineCtxFree(de_ctx);
5223  return result;
5224 }
5225 
5226 static int DetectFastPatternTest187(void)
5227 {
5228  DetectEngineCtx *de_ctx = NULL;
5229  int result = 0;
5230 
5231  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5232  goto end;
5233 
5234  de_ctx->flags |= DE_QUIET;
5235  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5236  "(content:\"one\"; http_header; content:\"two\"; within:10; fast_pattern:only; http_header; sid:1;)");
5237  if (de_ctx->sig_list != NULL)
5238  goto end;
5239 
5240  result = 1;
5241 
5242  end:
5243  SigCleanSignatures(de_ctx);
5244  DetectEngineCtxFree(de_ctx);
5245  return result;
5246 }
5247 
5248 static int DetectFastPatternTest188(void)
5249 {
5250  DetectEngineCtx *de_ctx = NULL;
5251  int result = 0;
5252 
5253  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5254  goto end;
5255 
5256  de_ctx->flags |= DE_QUIET;
5257  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5258  "(content:\"one\"; http_header; content:\"two\"; fast_pattern:only; http_header; offset:10; sid:1;)");
5259  if (de_ctx->sig_list != NULL)
5260  goto end;
5261 
5262  result = 1;
5263 
5264  end:
5265  SigCleanSignatures(de_ctx);
5266  DetectEngineCtxFree(de_ctx);
5267  return result;
5268 }
5269 
5270 static int DetectFastPatternTest189(void)
5271 {
5272  DetectEngineCtx *de_ctx = NULL;
5273  int result = 0;
5274 
5275  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5276  goto end;
5277 
5278  de_ctx->flags |= DE_QUIET;
5279  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5280  "(content:\"one\"; http_header; content:\"two\"; offset:10; fast_pattern:only; http_header; sid:1;)");
5281  if (de_ctx->sig_list != NULL)
5282  goto end;
5283 
5284  result = 1;
5285 
5286  end:
5287  SigCleanSignatures(de_ctx);
5288  DetectEngineCtxFree(de_ctx);
5289  return result;
5290 }
5291 
5292 static int DetectFastPatternTest190(void)
5293 {
5294  DetectEngineCtx *de_ctx = NULL;
5295  int result = 0;
5296 
5297  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5298  goto end;
5299 
5300  de_ctx->flags |= DE_QUIET;
5301  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5302  "(content:\"one\"; http_header; content:\"two\"; fast_pattern:only; http_header; depth:10; sid:1;)");
5303  if (de_ctx->sig_list != NULL)
5304  goto end;
5305 
5306  result = 1;
5307 
5308  end:
5309  SigCleanSignatures(de_ctx);
5310  DetectEngineCtxFree(de_ctx);
5311  return result;
5312 }
5313 
5314 static int DetectFastPatternTest191(void)
5315 {
5316  DetectEngineCtx *de_ctx = NULL;
5317  int result = 0;
5318 
5319  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5320  goto end;
5321 
5322  de_ctx->flags |= DE_QUIET;
5323  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5324  "(content:\"one\"; http_header; content:\"two\"; depth:10; fast_pattern:only; http_header; sid:1;)");
5325  if (de_ctx->sig_list != NULL)
5326  goto end;
5327 
5328  result = 1;
5329 
5330  end:
5331  SigCleanSignatures(de_ctx);
5332  DetectEngineCtxFree(de_ctx);
5333  return result;
5334 }
5335 
5336 static int DetectFastPatternTest192(void)
5337 {
5338  DetectEngineCtx *de_ctx = NULL;
5339  int result = 0;
5340 
5341  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5342  goto end;
5343 
5344  de_ctx->flags |= DE_QUIET;
5345  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5346  "(content:\"one\"; http_header; content:!\"two\"; fast_pattern:only; http_header; sid:1;)");
5347  if (de_ctx->sig_list != NULL)
5348  goto end;
5349 
5350  result = 1;
5351 
5352  end:
5353  SigCleanSignatures(de_ctx);
5354  DetectEngineCtxFree(de_ctx);
5355  return result;
5356 }
5357 
5358 static int DetectFastPatternTest193(void)
5359 {
5360  DetectEngineCtx *de_ctx = NULL;
5361  int result = 0;
5362 
5363  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5364  goto end;
5365 
5366  de_ctx->flags |= DE_QUIET;
5367  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5368  "(content: \"one\"; http_header; content:\"two\"; http_header; distance:30; content:\"two\"; fast_pattern:only; http_header; sid:1;)");
5369  if (de_ctx->sig_list == NULL)
5370  goto end;
5371 
5372  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5373  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5376  ud->fp_chop_offset == 0 &&
5377  ud->fp_chop_len == 0) {
5378  result = 1;
5379  } else {
5380  result = 0;
5381  }
5382 
5383  end:
5384  SigCleanSignatures(de_ctx);
5385  DetectEngineCtxFree(de_ctx);
5386  return result;
5387 }
5388 
5389 static int DetectFastPatternTest194(void)
5390 {
5391  DetectEngineCtx *de_ctx = NULL;
5392  int result = 0;
5393 
5394  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5395  goto end;
5396 
5397  de_ctx->flags |= DE_QUIET;
5398  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5399  "(content:\"one\"; http_header; content:\"two\"; http_header; within:30; content:\"two\"; fast_pattern:only; http_header; sid:1;)");
5400  if (de_ctx->sig_list == NULL)
5401  goto end;
5402  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5403  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5406  ud->fp_chop_offset == 0 &&
5407  ud->fp_chop_len == 0) {
5408  result = 1;
5409  } else {
5410  result = 0;
5411  }
5412 
5413  end:
5414  SigCleanSignatures(de_ctx);
5415  DetectEngineCtxFree(de_ctx);
5416  return result;
5417 }
5418 
5419 static int DetectFastPatternTest195(void)
5420 {
5421  DetectEngineCtx *de_ctx = NULL;
5422  int result = 0;
5423 
5424  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5425  goto end;
5426 
5427  de_ctx->flags |= DE_QUIET;
5428  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5429  "(content:\"one\"; http_header; content:\"two\"; http_header; offset:30; content:\"two\"; fast_pattern:only; http_header; sid:1;)");
5430  if (de_ctx->sig_list == NULL)
5431  goto end;
5432  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5433  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5436  ud->fp_chop_offset == 0 &&
5437  ud->fp_chop_len == 0) {
5438  result = 1;
5439  } else {
5440  result = 0;
5441  }
5442 
5443  end:
5444  SigCleanSignatures(de_ctx);
5445  DetectEngineCtxFree(de_ctx);
5446  return result;
5447 }
5448 
5449 static int DetectFastPatternTest196(void)
5450 {
5451  DetectEngineCtx *de_ctx = NULL;
5452  int result = 0;
5453 
5454  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5455  goto end;
5456 
5457  de_ctx->flags |= DE_QUIET;
5458  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5459  "(content:\"one\"; http_header; content:\"two\"; http_header; depth:30; content:\"two\"; fast_pattern:only; http_header; sid:1;)");
5460  if (de_ctx->sig_list == NULL)
5461  goto end;
5462  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5463  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5466  ud->fp_chop_offset == 0 &&
5467  ud->fp_chop_len == 0) {
5468  result = 1;
5469  } else {
5470  result = 0;
5471  }
5472 
5473  end:
5474  SigCleanSignatures(de_ctx);
5475  DetectEngineCtxFree(de_ctx);
5476  return result;
5477 }
5478 
5479 static int DetectFastPatternTest197(void)
5480 {
5481  DetectEngineCtx *de_ctx = NULL;
5482  int result = 0;
5483 
5484  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5485  goto end;
5486 
5487  de_ctx->flags |= DE_QUIET;
5488  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5489  "(content:!\"one\"; fast_pattern; http_header; content:\"two\"; http_header; sid:1;)");
5490  if (de_ctx->sig_list == NULL)
5491  goto end;
5492  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5493  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5494  ud->flags & DETECT_CONTENT_NEGATED &&
5497  ud->fp_chop_offset == 0 &&
5498  ud->fp_chop_len == 0) {
5499  result = 1;
5500  } else {
5501  result = 0;
5502  }
5503 
5504  end:
5505  SigCleanSignatures(de_ctx);
5506  DetectEngineCtxFree(de_ctx);
5507  return result;
5508 }
5509 
5510 static int DetectFastPatternTest198(void)
5511 {
5512  DetectEngineCtx *de_ctx = NULL;
5513  int result = 0;
5514 
5515  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5516  goto end;
5517 
5518  de_ctx->flags |= DE_QUIET;
5519  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5520  "(content:\"two\"; http_header; content:!\"one\"; fast_pattern; http_header; distance:20; sid:1;)");
5521  if (de_ctx->sig_list != NULL)
5522  goto end;
5523 
5524  result = 1;
5525 
5526  end:
5527  SigCleanSignatures(de_ctx);
5528  DetectEngineCtxFree(de_ctx);
5529  return result;
5530 }
5531 
5532 static int DetectFastPatternTest199(void)
5533 {
5534  DetectEngineCtx *de_ctx = NULL;
5535  int result = 0;
5536 
5537  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5538  goto end;
5539 
5540  de_ctx->flags |= DE_QUIET;
5541  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5542  "(content:\"two\"; http_header; content:!\"one\"; fast_pattern; http_header; within:20; sid:1;)");
5543  if (de_ctx->sig_list != NULL)
5544  goto end;
5545 
5546  result = 1;
5547 
5548  end:
5549  SigCleanSignatures(de_ctx);
5550  DetectEngineCtxFree(de_ctx);
5551  return result;
5552 }
5553 
5554 static int DetectFastPatternTest200(void)
5555 {
5556  DetectEngineCtx *de_ctx = NULL;
5557  int result = 0;
5558 
5559  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5560  goto end;
5561 
5562  de_ctx->flags |= DE_QUIET;
5563  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5564  "(content:\"two\"; http_header; content:!\"one\"; fast_pattern; http_header; offset:20; sid:1;)");
5565  if (de_ctx->sig_list != NULL)
5566  goto end;
5567 
5568  result = 1;
5569 
5570  end:
5571  SigCleanSignatures(de_ctx);
5572  DetectEngineCtxFree(de_ctx);
5573  return result;
5574 }
5575 
5576 static int DetectFastPatternTest201(void)
5577 {
5578  DetectEngineCtx *de_ctx = NULL;
5579  int result = 0;
5580 
5581  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5582  goto end;
5583 
5584  de_ctx->flags |= DE_QUIET;
5585  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5586  "(content:\"two\"; http_header; content:!\"one\"; fast_pattern; http_header; depth:20; sid:1;)");
5587  if (de_ctx->sig_list != NULL)
5588  goto end;
5589 
5590  result = 1;
5591 
5592  end:
5593  SigCleanSignatures(de_ctx);
5594  DetectEngineCtxFree(de_ctx);
5595  return result;
5596 }
5597 
5598 static int DetectFastPatternTest202(void)
5599 {
5600  DetectEngineCtx *de_ctx = NULL;
5601  int result = 0;
5602 
5603  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5604  goto end;
5605 
5606  de_ctx->flags |= DE_QUIET;
5607  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5608  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,4; http_header; content:\"three\"; http_header; sid:1;)");
5609  if (de_ctx->sig_list == NULL)
5610  goto end;
5611  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5612  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5615  ud->fp_chop_offset == 3 &&
5616  ud->fp_chop_len == 4) {
5617  result = 1;
5618  } else {
5619  result = 0;
5620  }
5621 
5622  end:
5623  SigCleanSignatures(de_ctx);
5624  DetectEngineCtxFree(de_ctx);
5625  return result;
5626 }
5627 
5628 static int DetectFastPatternTest203(void)
5629 {
5630  DetectEngineCtx *de_ctx = NULL;
5631  int result = 0;
5632 
5633  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5634  goto end;
5635 
5636  de_ctx->flags |= DE_QUIET;
5637  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5638  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,4; http_header; content:\"three\"; http_header; distance:30; sid:1;)");
5639  if (de_ctx->sig_list == NULL)
5640  goto end;
5641  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5642  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5645  ud->fp_chop_offset == 3 &&
5646  ud->fp_chop_len == 4) {
5647  result = 1;
5648  } else {
5649  result = 0;
5650  }
5651 
5652  end:
5653  SigCleanSignatures(de_ctx);
5654  DetectEngineCtxFree(de_ctx);
5655  return result;
5656 }
5657 
5658 static int DetectFastPatternTest204(void)
5659 {
5660  DetectEngineCtx *de_ctx = NULL;
5661  int result = 0;
5662 
5663  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5664  goto end;
5665 
5666  de_ctx->flags |= DE_QUIET;
5667  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5668  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,4; http_header; content:\"three\"; http_header; within:30; sid:1;)");
5669  if (de_ctx->sig_list == NULL)
5670  goto end;
5671  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5672  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5675  ud->fp_chop_offset == 3 &&
5676  ud->fp_chop_len == 4) {
5677  result = 1;
5678  } else {
5679  result = 0;
5680  }
5681 
5682  end:
5683  SigCleanSignatures(de_ctx);
5684  DetectEngineCtxFree(de_ctx);
5685  return result;
5686 }
5687 
5688 static int DetectFastPatternTest205(void)
5689 {
5690  DetectEngineCtx *de_ctx = NULL;
5691  int result = 0;
5692 
5693  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5694  goto end;
5695 
5696  de_ctx->flags |= DE_QUIET;
5697  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5698  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,4; http_header; content:\"three\"; http_header; offset:30; sid:1;)");
5699  if (de_ctx->sig_list == NULL)
5700  goto end;
5701  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5702  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5705  ud->fp_chop_offset == 3 &&
5706  ud->fp_chop_len == 4) {
5707  result = 1;
5708  } else {
5709  result = 0;
5710  }
5711 
5712  end:
5713  SigCleanSignatures(de_ctx);
5714  DetectEngineCtxFree(de_ctx);
5715  return result;
5716 }
5717 
5718 static int DetectFastPatternTest206(void)
5719 {
5720  DetectEngineCtx *de_ctx = NULL;
5721  int result = 0;
5722 
5723  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5724  goto end;
5725 
5726  de_ctx->flags |= DE_QUIET;
5727  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5728  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,4; http_header; content:\"three\"; http_header; depth:30; sid:1;)");
5729  if (de_ctx->sig_list == NULL)
5730  goto end;
5731  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->prev->ctx;
5732  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5735  ud->fp_chop_offset == 3 &&
5736  ud->fp_chop_len == 4) {
5737  result = 1;
5738  } else {
5739  result = 0;
5740  }
5741 
5742  end:
5743  SigCleanSignatures(de_ctx);
5744  DetectEngineCtxFree(de_ctx);
5745  return result;
5746 }
5747 
5748 static int DetectFastPatternTest207(void)
5749 {
5750  DetectEngineCtx *de_ctx = NULL;
5751  int result = 0;
5752 
5753  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5754  goto end;
5755 
5756  de_ctx->flags |= DE_QUIET;
5757  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5758  "(content:\"one\"; http_header; content:\"two\"; http_header; distance:10; content:\"oneonethree\"; fast_pattern:3,4; http_header; sid:1;)");
5759  if (de_ctx->sig_list == NULL)
5760  goto end;
5761  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5762  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5765  ud->fp_chop_offset == 3 &&
5766  ud->fp_chop_len == 4) {
5767  result = 1;
5768  } else {
5769  result = 0;
5770  }
5771 
5772  end:
5773  SigCleanSignatures(de_ctx);
5774  DetectEngineCtxFree(de_ctx);
5775  return result;
5776 }
5777 
5778 static int DetectFastPatternTest208(void)
5779 {
5780  DetectEngineCtx *de_ctx = NULL;
5781  int result = 0;
5782 
5783  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5784  goto end;
5785 
5786  de_ctx->flags |= DE_QUIET;
5787  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5788  "(content:\"one\"; http_header; content:\"two\"; http_header; within:10; content:\"oneonethree\"; fast_pattern:3,4; http_header; sid:1;)");
5789  if (de_ctx->sig_list == NULL)
5790  goto end;
5791  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5792  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5795  ud->fp_chop_offset == 3 &&
5796  ud->fp_chop_len == 4) {
5797  result = 1;
5798  } else {
5799  result = 0;
5800  }
5801 
5802  end:
5803  SigCleanSignatures(de_ctx);
5804  DetectEngineCtxFree(de_ctx);
5805  return result;
5806 }
5807 
5808 static int DetectFastPatternTest209(void)
5809 {
5810  DetectEngineCtx *de_ctx = NULL;
5811  int result = 0;
5812 
5813  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5814  goto end;
5815 
5816  de_ctx->flags |= DE_QUIET;
5817  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5818  "(content:\"one\"; http_header; content:\"two\"; http_header; offset:10; content:\"oneonethree\"; fast_pattern:3,4; http_header; sid:1;)");
5819  if (de_ctx->sig_list == NULL)
5820  goto end;
5821  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5822  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5825  ud->fp_chop_offset == 3 &&
5826  ud->fp_chop_len == 4) {
5827  result = 1;
5828  } else {
5829  result = 0;
5830  }
5831 
5832  end:
5833  SigCleanSignatures(de_ctx);
5834  DetectEngineCtxFree(de_ctx);
5835  return result;
5836 }
5837 
5838 static int DetectFastPatternTest210(void)
5839 {
5840  DetectEngineCtx *de_ctx = NULL;
5841  int result = 0;
5842 
5843  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5844  goto end;
5845 
5846  de_ctx->flags |= DE_QUIET;
5847  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5848  "(content:\"one\"; http_header; content:\"two\"; http_header; depth:10; content:\"oneonethree\"; fast_pattern:3,4; http_header; sid:1;)");
5849  if (de_ctx->sig_list == NULL)
5850  goto end;
5851  DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_header_buffer_id]->ctx;
5852  if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
5855  ud->fp_chop_offset == 3 &&
5856  ud->fp_chop_len == 4) {
5857  result = 1;
5858  } else {
5859  result = 0;
5860  }
5861 
5862 
5863  result = 1;
5864 
5865  end:
5866  SigCleanSignatures(de_ctx);
5867  DetectEngineCtxFree(de_ctx);
5868  return result;
5869 }
5870 
5871 static int DetectFastPatternTest211(void)
5872 {
5873  DetectEngineCtx *de_ctx = NULL;
5874  int result = 0;
5875 
5876  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5877  goto end;
5878 
5879  de_ctx->flags |= DE_QUIET;
5880  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5881  "(content:\"one\"; http_header; content:\"two\"; fast_pattern:65977,4; http_header; content:\"three\"; http_header; distance:10; sid:1;)");
5882  if (de_ctx->sig_list != NULL)
5883  goto end;
5884 
5885  result = 1;
5886 
5887  end:
5888  SigCleanSignatures(de_ctx);
5889  DetectEngineCtxFree(de_ctx);
5890  return result;
5891 }
5892 
5893 static int DetectFastPatternTest212(void)
5894 {
5895  DetectEngineCtx *de_ctx = NULL;
5896  int result = 0;
5897 
5898  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5899  goto end;
5900 
5901  de_ctx->flags |= DE_QUIET;
5902  de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
5903  "(content:\"one\"; http_header; content:\"oneonetwo\"; fast_pattern:3,65977; http_header; content:\"three\"; distance:10; http_header; sid:1;)");
5904  if (de_ctx->sig_list != NULL)
5905  goto end;
5906 
5907  result = 1;
5908 
5909  end:
5910  SigCleanSignatures(de_ctx);
5911  DetectEngineCtxFree(de_ctx);
5912  return result;
5913 }
5914 
5915 static int DetectFastPatternTest213(void)
5916 {
5917  DetectEngineCtx *de_ctx = NULL;
5918  int result = 0;
5919 
5920  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
5921  goto end;
5922 
5923  de_ctx->flags |= DE_QUIET;
5924  de_ctx-