Go to the documentation of this file.
47 #define PARSE_REGEX "^\\s*([0-9]{1,5}|\"[0-9]{1,5}\")\\s*$"
55 static void DetectIdRegisterTests(
void);
60 static bool PrefilterIdIsPrefilterable(
const Signature *s);
106 SCLogDebug(
"IPV4 Proto and matched with ip_id: %u.\n",
126 int ret = 0, res = 0;
131 if (ret < 1 || ret > 3) {
132 SCLogError(
"invalid id option '%s'. The id option "
133 "value must be in the range %u - %u",
138 char copy_str[128] =
"";
140 pcre2len =
sizeof(copy_str);
141 res = pcre2_substring_copy_bynumber(parse_regex.
match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
143 SCLogError(
"pcre2_substring_copy_bynumber failed");
149 if (tmp_str[0] ==
'"')
151 tmp_str[strlen(tmp_str) - 1] =
'\0';
157 SCLogError(
"invalid id option '%s'", tmp_str);
168 SCLogDebug(
"detect-id: will look for ip_id: %u\n", id_d->
id);
188 id_d = DetectIdParse(idstr);
230 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
251 if (v.
u16[0] == a->
id)
259 PrefilterPacketIdSet,
260 PrefilterPacketIdCompare,
261 PrefilterPacketIdMatch);
264 static bool PrefilterIdIsPrefilterable(
const Signature *s)
282 static int DetectIdTestParse01 (
void)
299 static int DetectIdTestParse02 (
void)
313 static int DetectIdTestParse03 (
void)
326 static int DetectIdTestParse04 (
void)
343 static int DetectIdTestMatch01(
void)
345 uint8_t *buf = (uint8_t *)
"Hi all!";
346 uint16_t buflen = strlen((
char *)buf);
366 sigs[0]=
"alert ip any any -> any any (msg:\"Testing id 1\"; id:1234; sid:1;)";
367 sigs[1]=
"alert ip any any -> any any (msg:\"Testing id 2\"; id:5678; sid:2;)";
368 sigs[2]=
"alert ip any any -> any any (msg:\"Testing id 3\"; id:5101; sid:3;)";
370 uint32_t sid[3] = {1, 2, 3};
390 void DetectIdRegisterTests(
void)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
struct DetectRfbSecresult_ results[]
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
#define PARSE_REGEX
Regex for parsing "id" option, matching number or "number".
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void DetectIdRegister(void)
Registration function for keyword: id.
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
struct SigMatch_ ** smlists
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perfom a generic check taking care of as maximum common unittest elemen...
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
#define SCLogError(...)
Macro used to log ERROR messages.
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
void DetectIdFree(DetectEngineCtx *, void *)
this function will free memory associated with DetectIdData
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.