Go to the documentation of this file.
47 #define PARSE_REGEX "^\\s*([0-9]{1,5}|\"[0-9]{1,5}\")\\s*$"
55 static void DetectIdRegisterTests(
void);
60 static bool PrefilterIdIsPrefilterable(
const Signature *s);
105 const IPV4Hdr *ip4h = PacketGetIPv4(p);
107 SCLogDebug(
"IPV4 Proto and matched with ip_id: %u.\n",
129 pcre2_match_data *match = NULL;
133 if (ret < 1 || ret > 3) {
134 SCLogError(
"invalid id option '%s'. The id option "
135 "value must be in the range %u - %u",
140 char copy_str[128] =
"";
142 pcre2len =
sizeof(copy_str);
143 res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
145 SCLogError(
"pcre2_substring_copy_bynumber failed");
151 if (tmp_str[0] ==
'"')
153 tmp_str[strlen(tmp_str) - 1] =
'\0';
159 SCLogError(
"invalid id option '%s'", tmp_str);
170 SCLogDebug(
"detect-id: will look for ip_id: %u\n", id_d->
id);
171 pcre2_match_data_free(match);
176 pcre2_match_data_free(match);
196 id_d = DetectIdParse(idstr);
233 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
236 const IPV4Hdr *ip4h = PacketGetIPv4(p);
254 if (v.
u16[0] == a->
id)
262 PrefilterPacketIdSet,
263 PrefilterPacketIdCompare,
264 PrefilterPacketIdMatch);
267 static bool PrefilterIdIsPrefilterable(
const Signature *s)
285 static int DetectIdTestParse01 (
void)
302 static int DetectIdTestParse02 (
void)
316 static int DetectIdTestParse03 (
void)
329 static int DetectIdTestParse04 (
void)
346 static int DetectIdTestMatch01(
void)
348 uint8_t *buf = (uint8_t *)
"Hi all!";
349 uint16_t buflen = strlen((
char *)buf);
369 sigs[0]=
"alert ip any any -> any any (msg:\"Testing id 1\"; id:1234; sid:1;)";
370 sigs[1]=
"alert ip any any -> any any (msg:\"Testing id 2\"; id:5678; sid:2;)";
371 sigs[2]=
"alert ip any any -> any any (msg:\"Testing id 3\"; id:5101; sid:3;)";
373 uint32_t sid[3] = {1, 2, 3};
393 void DetectIdRegisterTests(
void)
#define IPV4_GET_RAW_IPID(ip4h)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
struct DetectRfbSecresult_ results[]
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
#define PARSE_REGEX
Regex for parsing "id" option, matching number or "number".
union PacketL3::Hdrs hdrs
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void DetectIdRegister(void)
Registration function for keyword: id.
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
#define SCLogError(...)
Macro used to log ERROR messages.
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
void DetectIdFree(DetectEngineCtx *, void *)
this function will free memory associated with DetectIdData
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.