Go to the documentation of this file.
42 #define PARSE_REGEX "^\\s*(?:(<|>))?\\s*([0-9]+)"
55 static bool PrefilterFragOffsetIsPrefilterable(
const Signature *s);
77 static inline int FragOffsetMatch(
const uint16_t poffset,
const uint8_t mode,
78 const uint16_t doffset)
82 if (poffset < doffset)
86 if (poffset > doffset)
90 if (poffset == doffset)
130 return FragOffsetMatch(frag, fragoff->
mode, fragoff->
frag_off);
145 char *substr[3] = {NULL, NULL, NULL};
151 pcre2_match_data *match = NULL;
154 if (ret < 1 || ret > 4) {
159 for (i = 1; i < ret; i++) {
162 SCLogError(
"pcre2_substring_get_bynumber failed");
165 substr[i-1] = (
char *)str_ptr;
179 while(*mode !=
'\0') {
199 for (i = 0; i < 3; i++) {
200 if (substr[i] != NULL)
201 pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
204 pcre2_match_data_free(match);
209 pcre2_match_data_free(match);
211 for (i = 0; i < 3; i++) {
212 if (substr[i] != NULL)
213 pcre2_substring_free((PCRE2_UCHAR8 *)substr[i]);
235 fragoff = DetectFragOffsetParse(
de_ctx, fragoffsetstr);
236 if (fragoff == NULL)
goto error;
239 if (sm == NULL)
goto error;
251 if (sm != NULL)
SCFree(sm);
289 if (FragOffsetMatch(frag, ctx->
v1.
u8[0], ctx->
v1.
u16[1]))
307 if (v.
u8[0] == fb->
mode &&
318 PrefilterPacketFragOffsetSet,
319 PrefilterPacketFragOffsetCompare,
320 PrefilterPacketFragOffsetMatch);
323 static bool PrefilterFragOffsetIsPrefilterable(
const Signature *s)
343 static int DetectFragOffsetParseTest01 (
void)
359 static int DetectFragOffsetParseTest02 (
void)
375 static int DetectFragOffsetParseTest03 (
void)
389 static int DetectFragOffsetMatchTest01 (
void)
400 memset(&ip4h, 0,
sizeof(
IPV4Hdr));
408 p->
src.addr_data32[0] = 0x01020304;
409 p->
dst.addr_data32[0] = 0x04030201;
411 ip4h.s_ip_src.s_addr = p->
src.addr_data32[0];
412 ip4h.s_ip_dst.s_addr = p->
dst.addr_data32[0];
446 UtRegisterTest(
"DetectFragOffsetParseTest01", DetectFragOffsetParseTest01);
447 UtRegisterTest(
"DetectFragOffsetParseTest02", DetectFragOffsetParseTest02);
448 UtRegisterTest(
"DetectFragOffsetParseTest03", DetectFragOffsetParseTest03);
449 UtRegisterTest(
"DetectFragOffsetMatchTest01", DetectFragOffsetMatchTest01);
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void SigMatchAppendSMToList(Signature *s, SigMatch *new, const int list)
Append a SigMatch to the list type.
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
void DetectFragOffsetRegisterTests(void)
void(* Free)(DetectEngineCtx *, void *)
#define IPV6_EXTHDR_GET_FH_OFFSET(p)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
#define IPV4_GET_IPOFFSET(p)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define IPV6_EXTHDR_ISSET_FH(p)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
void DetectFragOffsetRegister(void)
Registration function for fragoffset.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
void FlowInitConfig(bool quiet)
initialize the configuration
void DetectFragOffsetFree(DetectEngineCtx *, void *)
this function will free memory associated with DetectFragOffsetData
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Per thread variable structure.
int SC_Pcre2SubstringGet(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, PCRE2_SIZE *bufflen)
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
void FlowShutdown(void)
shutdown the flow engine
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
#define SCLogError(...)
Macro used to log ERROR messages.
Structure to hold thread specific data for all decode modules.
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET