Go to the documentation of this file.
51 Flow *, uint8_t,
void *,
void *,
56 static void DetectFtpbounceRegisterTests(
void);
58 static int g_ftp_request_list_id = 0;
92 static int DetectFtpbounceMatchArgs(
100 int octet_ascii_len = 0;
124 while (i <
payload_len && !isdigit((
unsigned char)c[i])) i++;
126 for (;i <
payload_len && octet_ascii_len < 4 ;i++) {
127 if (isdigit((
unsigned char)c[i])) {
128 octet =(c[i] -
'0') + octet * 10;
136 if (isspace((
unsigned char)c[i]))
137 while (i <
payload_len && isspace((
unsigned char)c[i]) ) i++;
142 ip =(ip << 8) + octet;
145 SCLogDebug(
"Unrecognized character '%c'", c[i]);
153 SCLogDebug(
"Different ip, so Matched ip:%d <-> ip_orig:%d",
179 void *state,
void *txv,
185 if (ftp_state == NULL) {
192 ret = DetectFtpbounceMatchArgs(ftp_state->
port_line,
249 static int DetectFtpbounceTestSetup01(
void)
257 FAIL_IF(s->sm_lists[g_ftp_request_list_id] == NULL);
267 static void DetectFtpbounceRegisterTests(
void)
269 UtRegisterTest(
"DetectFtpbounceTestSetup01", DetectFtpbounceTestSetup01);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
union FlowAddress_::@115 address
void SigFree(DetectEngineCtx *, Signature *)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
uint32_t address_un_data32[4]
FtpRequestCommand command
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
FtpRequestCommandArgOfs arg_offset
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Data structures and function prototypes for keeping state for the detection engine.
void DetectFtpbounceRegister(void)
Registration function for ftpbounce: keyword.
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
a single match condition for a signature
Signature * SigAlloc(void)
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)