suricata
detect-ipproto.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Brian Rectanus <brectanu@gmail.com>
22  *
23  * Implements the ip_proto keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-ipproto.h"
31 
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-mpm.h"
35 #include "detect-engine-build.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 
40 #include "util-byte.h"
41 #include "util-proto-name.h"
42 #include "util-unittest.h"
43 #include "util-unittest-helper.h"
44 
45 #include "util-debug.h"
46 
47 /**
48  * \brief Regex for parsing our options
49  */
50 #define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$"
51 
52 static DetectParseRegex parse_regex;
53 
54 static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *);
55 #ifdef UNITTESTS
56 static void DetectIPProtoRegisterTests(void);
57 #endif
58 static void DetectIPProtoFree(DetectEngineCtx *, void *);
59 
60 void DetectIPProtoRegister(void)
61 {
62  sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
63  sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
64  sigmatch_table[DETECT_IPPROTO].url = "/rules/header-keywords.html#ip-proto";
65  sigmatch_table[DETECT_IPPROTO].Match = NULL;
66  sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
67  sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree;
68 #ifdef UNITTESTS
69  sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
70 #endif
71  sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL;
72 
73  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
74 }
75 
76 /**
77  * \internal
78  * \brief Parse ip_proto options string.
79  *
80  * \param optstr Options string to parse
81  *
82  * \return New ip_proto data structure
83  */
84 static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
85 {
86  DetectIPProtoData *data = NULL;
87  char *args[2] = { NULL, NULL };
88  int res = 0;
89  size_t pcre2_len;
90  int i;
91  const char *str_ptr;
92 
93  /* Execute the regex and populate args with captures. */
94  pcre2_match_data *match = NULL;
95  int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
96  if (ret != 3) {
97  SCLogError("pcre_exec parse error, ret"
98  "%" PRId32 ", string %s",
99  ret, optstr);
100  goto error;
101  }
102 
103  for (i = 0; i < (ret - 1); i++) {
104  res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
105  if (res < 0) {
106  SCLogError("pcre2_substring_get_bynumber failed");
107  goto error;
108  }
109  args[i] = (char *)str_ptr;
110  }
111 
112  /* Initialize the data */
113  data = SCMalloc(sizeof(DetectIPProtoData));
114  if (unlikely(data == NULL))
115  goto error;
116  data->op = DETECT_IPPROTO_OP_EQ;
117  data->proto = 0;
118 
119  /* Operator */
120  if (*(args[0]) != '\0') {
121  data->op = *(args[0]);
122  }
123 
124  /* Protocol name/number */
125  if (!isdigit((unsigned char)*(args[1]))) {
126  uint8_t proto;
127  if (!SCGetProtoByName(args[1], &proto)) {
128  SCLogError("Unknown protocol name: \"%s\"", str_ptr);
129  goto error;
130  }
131  data->proto = proto;
132  }
133  else {
134  if (StringParseUint8(&data->proto, 10, 0, args[1]) <= 0) {
135  SCLogError("Malformed protocol number: %s", str_ptr);
136  goto error;
137  }
138  }
139 
140  for (i = 0; i < (ret - 1); i++){
141  if (args[i] != NULL)
142  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
143  }
144 
145  pcre2_match_data_free(match);
146  return data;
147 
148 error:
149  if (match) {
150  pcre2_match_data_free(match);
151  }
152  for (i = 0; i < (ret - 1) && i < 2; i++){
153  if (args[i] != NULL)
154  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
155  }
156  if (data != NULL)
157  SCFree(data);
158 
159  return NULL;
160 }
161 
162 static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op)
163 {
164  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
165  DetectIPProtoData *data;
166 
167  while (sm != NULL) {
168  if (sm->type == DETECT_IPPROTO) {
169  data = (DetectIPProtoData *)sm->ctx;
170  if (data->op == op)
171  return 1;
172  }
173  sm = sm->next;
174  }
175 
176  return 0;
177 }
178 
179 /**
180  * \internal
181  * \brief Setup ip_proto keyword.
182  *
183  * \param de_ctx Detection engine context
184  * \param s Signature
185  * \param optstr Options string
186  *
187  * \return Non-zero on error
188  */
189 static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
190 {
191  int i;
192 
193  DetectIPProtoData *data = DetectIPProtoParse(optstr);
194  if (data == NULL) {
195  return -1;
196  }
197 
198  /* Reset our "any" (or "ip") state: for ipv4, ipv6 and ip cases, the bitfield
199  * s->proto.proto have all bit set to 1 to be able to match any protocols. ipproto
200  * will refined the protocol list and thus it needs to reset the bitfield to zero
201  * before setting the value specified by the ip_proto keyword.
202  */
203  if (s->init_data->proto.flags & (DETECT_PROTO_ANY | DETECT_PROTO_IPV6 | DETECT_PROTO_IPV4)) {
204  s->init_data->proto.flags &= ~DETECT_PROTO_ANY;
205  memset(s->init_data->proto.proto, 0x00, sizeof(s->init_data->proto.proto));
206  s->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
207  } else {
208  /* The ipproto engine has a relationship with the protocol that is
209  * set after the action and also the app protocol(that can also be
210  * set through the app-layer-protocol.
211  * An ip_proto keyword can be used only with alert ip, which if
212  * not true we error out on the sig. And hence the init_flag to
213  * indicate this. */
214  if (!(s->init_data->init_flags & SIG_FLAG_INIT_FIRST_IPPROTO_SEEN)) {
215  SCLogError("Signature can use "
216  "ip_proto keyword only when we use alert ip, "
217  "in which case the _ANY flag is set on the sig "
218  "and the if condition should match.");
219  goto error;
220  }
221  }
222 
223  int eq_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_EQ);
224  int gt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_GT);
225  int lt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_LT);
226  int not_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_NOT);
227 
228  switch (data->op) {
229  case DETECT_IPPROTO_OP_EQ:
230  if (eq_set || gt_set || lt_set || not_set) {
231  SCLogError("can't use a eq "
232  "ipproto without any operators attached to "
233  "them in the same sig");
234  goto error;
235  }
236  s->init_data->proto.proto[data->proto / 8] |= 1 << (data->proto % 8);
237  break;
238 
239  case DETECT_IPPROTO_OP_GT:
240  if (eq_set || gt_set) {
241  SCLogError("can't use a eq or gt "
242  "ipproto along with a greater than ipproto in the "
243  "same sig ");
244  goto error;
245  }
246  if (!lt_set && !not_set) {
247  s->init_data->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8));
248  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
249  s->init_data->proto.proto[i] = 0xff;
250  }
251  } else if (lt_set && !not_set) {
252  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
253  while (temp_sm != NULL) {
254  if (temp_sm->type == DETECT_IPPROTO) {
255  break;
256  }
257  temp_sm = temp_sm->next;
258  }
259  if (temp_sm != NULL) {
260  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
261  if (data_temp->proto <= data->proto) {
262  SCLogError("can't have "
263  "both gt and lt ipprotos, with the lt being "
264  "lower than gt value");
265  goto error;
266  } else {
267  for (i = 0; i < (data->proto / 8); i++) {
268  s->init_data->proto.proto[i] = 0;
269  }
270  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
271  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
272  s->init_data->proto.proto[i] &= 0xff;
273  }
274  }
275  }
276  } else if (!lt_set && not_set) {
277  for (i = 0; i < (data->proto / 8); i++) {
278  s->init_data->proto.proto[i] = 0;
279  }
280  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
281  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
282  s->init_data->proto.proto[i] &= 0xff;
283  }
284  } else {
285  DetectIPProtoData *data_temp;
286  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
287  while (temp_sm != NULL) {
288  if (temp_sm->type == DETECT_IPPROTO &&
289  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) {
290  break;
291  }
292  temp_sm = temp_sm->next;
293  }
294  if (temp_sm != NULL) {
295  data_temp = (DetectIPProtoData *)temp_sm->ctx;
296  if (data_temp->proto <= data->proto) {
297  SCLogError("can't have "
298  "both gt and lt ipprotos, with the lt being "
299  "lower than gt value");
300  goto error;
301  } else {
302  for (i = 0; i < (data->proto / 8); i++) {
303  s->init_data->proto.proto[i] = 0;
304  }
305  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
306  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
307  s->init_data->proto.proto[i] &= 0xff;
308  }
309  }
310  }
311  }
312  break;
313 
314  case DETECT_IPPROTO_OP_LT:
315  if (eq_set || lt_set) {
316  SCLogError("can't use a eq or lt "
317  "ipproto with a less than ipproto in the "
318  "same sig ");
319  goto error;
320  }
321  if (!gt_set && !not_set) {
322  for (i = 0; i < (data->proto / 8); i++) {
323  s->init_data->proto.proto[i] = 0xff;
324  }
325  s->init_data->proto.proto[data->proto / 8] =
326  (uint8_t)(~(0xff << (data->proto % 8)));
327  } else if (gt_set && !not_set) {
328  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
329  while (temp_sm != NULL) {
330  if (temp_sm->type == DETECT_IPPROTO) {
331  break;
332  }
333  temp_sm = temp_sm->next;
334  }
335  if (temp_sm != NULL) {
336  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
337  if (data_temp->proto >= data->proto) {
338  SCLogError("can't have "
339  "both gt and lt ipprotos, with the lt being "
340  "lower than gt value");
341  goto error;
342  } else {
343  for (i = 0; i < (data->proto / 8); i++) {
344  s->init_data->proto.proto[i] &= 0xff;
345  }
346  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
347  for (i = (data->proto / 8) + 1; i < 256 / 8; i++) {
348  s->init_data->proto.proto[i] = 0;
349  }
350  }
351  }
352  } else if (!gt_set && not_set) {
353  for (i = 0; i < (data->proto / 8); i++) {
354  s->init_data->proto.proto[i] &= 0xFF;
355  }
356  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
357  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
358  s->init_data->proto.proto[i] = 0;
359  }
360  } else {
361  DetectIPProtoData *data_temp;
362  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
363  while (temp_sm != NULL) {
364  if (temp_sm->type == DETECT_IPPROTO &&
365  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) {
366  break;
367  }
368  temp_sm = temp_sm->next;
369  }
370  if (temp_sm != NULL) {
371  data_temp = (DetectIPProtoData *)temp_sm->ctx;
372  if (data_temp->proto >= data->proto) {
373  SCLogError("can't have "
374  "both gt and lt ipprotos, with the lt being "
375  "lower than gt value");
376  goto error;
377  } else {
378  for (i = 0; i < (data->proto / 8); i++) {
379  s->init_data->proto.proto[i] &= 0xFF;
380  }
381  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
382  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
383  s->init_data->proto.proto[i] = 0;
384  }
385  }
386  }
387  }
388  break;
389 
390  case DETECT_IPPROTO_OP_NOT:
391  if (eq_set) {
392  SCLogError("can't use a eq "
393  "ipproto along with a not ipproto in the "
394  "same sig ");
395  goto error;
396  }
397  if (!gt_set && !lt_set && !not_set) {
398  for (i = 0; i < (data->proto / 8); i++) {
399  s->init_data->proto.proto[i] = 0xff;
400  }
401  s->init_data->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8)));
402  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
403  s->init_data->proto.proto[i] = 0xff;
404  }
405  } else {
406  for (i = 0; i < (data->proto / 8); i++) {
407  s->init_data->proto.proto[i] &= 0xff;
408  }
409  s->init_data->proto.proto[data->proto / 8] &= ~(1 << (data->proto % 8));
410  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
411  s->init_data->proto.proto[i] &= 0xff;
412  }
413  }
414  break;
415  }
416 
417  if (SCSigMatchAppendSMToList(
418  de_ctx, s, DETECT_IPPROTO, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) == NULL) {
419  goto error;
420  }
421  s->flags |= SIG_FLAG_REQUIRE_PACKET;
422 
423  return 0;
424 
425  error:
426 
427  DetectIPProtoFree(de_ctx, data);
428  return -1;
429 }
430 
431 void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
432 {
433  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
434 
435  while (sm != NULL) {
436  if (sm->type != DETECT_IPPROTO) {
437  sm = sm->next;
438  continue;
439  }
440  SigMatch *tmp_sm = sm->next;
441  SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_MATCH);
442  SigMatchFree(de_ctx, sm);
443  sm = tmp_sm;
444  }
445 }
446 
447 static void DetectIPProtoFree(DetectEngineCtx *de_ctx, void *ptr)
448 {
449  DetectIPProtoData *data = (DetectIPProtoData *)ptr;
450  if (data) {
451  SCFree(data);
452  }
453 }
454 
455 /* UNITTESTS */
456 #ifdef UNITTESTS
457 #include "detect-engine-alert.h"
458 
459 /**
460  * \test DetectIPProtoTestParse01 is a test for an invalid proto number
461  */
462 static int DetectIPProtoTestParse01(void)
463 {
464  DetectIPProtoData *data = DetectIPProtoParse("999");
465  FAIL_IF_NOT(data == NULL);
466  PASS;
467 }
468 
469 /**
470  * \test DetectIPProtoTestParse02 is a test for an invalid proto name
471  */
472 static int DetectIPProtoTestParse02(void)
473 {
474  DetectIPProtoData *data = DetectIPProtoParse("foobarbooeek");
475  FAIL_IF_NOT(data == NULL);
476  PASS;
477 }
478 
479 /**
480  * \test DetectIPProtoTestSetup01 is a test for a protocol number
481  */
482 static int DetectIPProtoTestSetup01(void)
483 {
484  const char *value_str = "14";
485  int value;
486  FAIL_IF(StringParseInt32(&value, 10, 0, (const char *)value_str) < 0);
487  int i;
488 
489  Signature *sig = SigAlloc();
490  FAIL_IF_NULL(sig);
491 
492  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
493  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
494  DetectIPProtoSetup(NULL, sig, value_str);
495  for (i = 0; i < (value / 8); i++) {
496  FAIL_IF(sig->init_data->proto.proto[i] != 0);
497  }
498  FAIL_IF(sig->init_data->proto.proto[value / 8] != 0x40);
499  for (i = (value / 8) + 1; i < (256 / 8); i++) {
500  FAIL_IF(sig->init_data->proto.proto[i] != 0);
501  }
502  SigFree(NULL, sig);
503  PASS;
504 }
505 
506 /**
507  * \test DetectIPProtoTestSetup02 is a test for a protocol name
508  */
509 static int DetectIPProtoTestSetup02(void)
510 {
511  int result = 0;
512  Signature *sig = NULL;
513  const char *value_str = "tcp";
514  struct protoent *pent = getprotobyname(value_str);
515  if (pent == NULL) {
516  goto end;
517  }
518  uint8_t value = (uint8_t)pent->p_proto;
519  int i;
520 
521  if ((sig = SigAlloc()) == NULL)
522  goto end;
523 
524  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
525  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
526  DetectIPProtoSetup(NULL, sig, value_str);
527  for (i = 0; i < (value / 8); i++) {
528  if (sig->init_data->proto.proto[i] != 0)
529  goto end;
530  }
531  if (sig->init_data->proto.proto[value / 8] != 0x40) {
532  goto end;
533  }
534  for (i = (value / 8) + 1; i < (256 / 8); i++) {
535  if (sig->init_data->proto.proto[i] != 0)
536  goto end;
537  }
538 
539  result = 1;
540 
541  end:
542  if (sig != NULL)
543  SigFree(NULL, sig);
544  return result;
545 }
546 
547 /**
548  * \test DetectIPProtoTestSetup03 is a test for a < operator
549  */
550 static int DetectIPProtoTestSetup03(void)
551 {
552  int result = 0;
553  Signature *sig;
554  const char *value_str = "<14";
555  int value = 14;
556  int i;
557 
558  if ((sig = SigAlloc()) == NULL)
559  goto end;
560 
561  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
562  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
563  DetectIPProtoSetup(NULL, sig, value_str);
564  for (i = 0; i < (value / 8); i++) {
565  if (sig->init_data->proto.proto[i] != 0xFF)
566  goto end;
567  }
568  if (sig->init_data->proto.proto[value / 8] != 0x3F) {
569  goto end;
570  }
571  for (i = (value / 8) + 1; i < (256 / 8); i++) {
572  if (sig->init_data->proto.proto[i] != 0)
573  goto end;
574  }
575 
576  result = 1;
577 
578  end:
579  SigFree(NULL, sig);
580  return result;
581 }
582 
583 /**
584  * \test DetectIPProtoTestSetup04 is a test for a > operator
585  */
586 static int DetectIPProtoTestSetup04(void)
587 {
588  int result = 0;
589  Signature *sig;
590  const char *value_str = ">14";
591  int value = 14;
592  int i;
593 
594  if ((sig = SigAlloc()) == NULL)
595  goto end;
596 
597  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
598  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
599  DetectIPProtoSetup(NULL, sig, value_str);
600  for (i = 0; i < (value / 8); i++) {
601  if (sig->init_data->proto.proto[i] != 0)
602  goto end;
603  }
604  if (sig->init_data->proto.proto[value / 8] != 0x80) {
605  goto end;
606  }
607  for (i = (value / 8) + 1; i < (256 / 8); i++) {
608  if (sig->init_data->proto.proto[i] != 0xFF)
609  goto end;
610  }
611 
612  result = 1;
613 
614  end:
615  SigFree(NULL, sig);
616  return result;
617 }
618 
619 /**
620  * \test DetectIPProtoTestSetup05 is a test for a ! operator
621  */
622 static int DetectIPProtoTestSetup05(void)
623 {
624  int result = 0;
625  Signature *sig;
626  const char *value_str = "!14";
627  int value = 14;
628  int i;
629 
630  if ((sig = SigAlloc()) == NULL)
631  goto end;
632 
633  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
634  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
635  DetectIPProtoSetup(NULL, sig, value_str);
636  for (i = 0; i < (value / 8); i++) {
637  if (sig->init_data->proto.proto[i] != 0xFF)
638  goto end;
639  }
640  if (sig->init_data->proto.proto[value / 8] != 0xBF) {
641  goto end;
642  }
643  for (i = (value / 8) + 1; i < (256 / 8); i++) {
644  if (sig->init_data->proto.proto[i] != 0xFF)
645  goto end;
646  }
647 
648  result = 1;
649 
650  end:
651  SigFree(NULL, sig);
652  return result;
653 }
654 
655 /**
656  * \test Negative test.
657  */
658 static int DetectIPProtoTestSetup06(void)
659 {
660  int result = 0;
661  Signature *sig;
662  const char *value1_str = "14";
663  const char *value2_str = "15";
664 
665  if ((sig = SigAlloc()) == NULL)
666  goto end;
667 
668  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
669  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
670  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
671  goto end;
672  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
673  goto end;
674 
675  result = 1;
676 
677  end:
678  SigFree(NULL, sig);
679  return result;
680 }
681 
682 /**
683  * \test Negative test.
684  */
685 static int DetectIPProtoTestSetup07(void)
686 {
687  int result = 0;
688  Signature *sig;
689  const char *value1_str = "14";
690  const char *value2_str = "<15";
691 
692  if ((sig = SigAlloc()) == NULL)
693  goto end;
694 
695  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
696  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
697  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
698  goto end;
699  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
700  goto end;
701 
702  result = 1;
703 
704  end:
705  SigFree(NULL, sig);
706  return result;
707 }
708 
709 /**
710  * \test Negative test.
711  */
712 static int DetectIPProtoTestSetup08(void)
713 {
714  int result = 0;
715  Signature *sig;
716  const char *value1_str = "14";
717  const char *value2_str = ">15";
718 
719  if ((sig = SigAlloc()) == NULL)
720  goto end;
721 
722  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
723  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
724  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
725  goto end;
726  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
727  goto end;
728 
729  result = 1;
730 
731  end:
732  SigFree(NULL, sig);
733  return result;
734 }
735 
736 /**
737  * \test Negative test.
738  */
739 static int DetectIPProtoTestSetup09(void)
740 {
741  int result = 0;
742  Signature *sig;
743  const char *value1_str = "14";
744  const char *value2_str = "!15";
745 
746  if ((sig = SigAlloc()) == NULL)
747  goto end;
748 
749  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
750  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
751  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
752  goto end;
753  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
754  goto end;
755 
756  result = 1;
757 
758  end:
759  SigFree(NULL, sig);
760  return result;
761 }
762 
763 /**
764  * \test Negative test.
765  */
766 static int DetectIPProtoTestSetup10(void)
767 {
768  int result = 0;
769  Signature *sig;
770  const char *value1_str = ">14";
771  const char *value2_str = "15";
772 
773  if ((sig = SigAlloc()) == NULL)
774  goto end;
775 
776  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
777  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
778  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
779  goto end;
780  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
781  goto end;
782 
783  result = 1;
784 
785  end:
786  SigFree(NULL, sig);
787  return result;
788 }
789 
790 /**
791  * \test Negative test.
792  */
793 static int DetectIPProtoTestSetup11(void)
794 {
795  int result = 0;
796  Signature *sig;
797  const char *value1_str = "<14";
798  const char *value2_str = "15";
799 
800  if ((sig = SigAlloc()) == NULL)
801  goto end;
802 
803  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
804  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
805  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
806  goto end;
807  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
808  goto end;
809 
810  result = 1;
811 
812  end:
813  SigFree(NULL, sig);
814  return result;
815 }
816 
817 /**
818  * \test Negative test.
819  */
820 static int DetectIPProtoTestSetup12(void)
821 {
822  int result = 0;
823  Signature *sig;
824  const char *value1_str = "!14";
825  const char *value2_str = "15";
826 
827  if ((sig = SigAlloc()) == NULL)
828  goto end;
829 
830  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
831  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
832  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
833  goto end;
834  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
835  goto end;
836 
837  result = 1;
838 
839  end:
840  SigFree(NULL, sig);
841  return result;
842 }
843 
844 /**
845  * \test Negative test.
846  */
847 static int DetectIPProtoTestSetup13(void)
848 {
849  int result = 0;
850  Signature *sig;
851  const char *value1_str = ">14";
852  const char *value2_str = ">15";
853 
854  if ((sig = SigAlloc()) == NULL)
855  goto end;
856 
857  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
858  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
859  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
860  goto end;
861  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
862  goto end;
863 
864  result = 1;
865 
866  end:
867  SigFree(NULL, sig);
868  return result;
869 }
870 
871 static int DetectIPProtoTestSetup14(void)
872 {
873  int result = 0;
874  Signature *sig;
875  const char *value1_str = "<14";
876  const char *value2_str = "<15";
877 
878  if ((sig = SigAlloc()) == NULL)
879  goto end;
880 
881  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
882  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
883  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
884  goto end;
885  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
886  goto end;
887 
888  result = 1;
889 
890  end:
891  SigFree(NULL, sig);
892  return result;
893 }
894 
895 static int DetectIPProtoTestSetup15(void)
896 {
897  int result = 0;
898  Signature *sig;
899  const char *value1_str = "<14";
900  int value1 = 14;
901  const char *value2_str = ">34";
902  int i;
903 
904  if ((sig = SigAlloc()) == NULL)
905  goto end;
906 
907  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
908  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
909  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
910  goto end;
911  for (i = 0; i < (value1 / 8); i++) {
912  if (sig->init_data->proto.proto[i] != 0xFF)
913  goto end;
914  }
915  if (sig->init_data->proto.proto[value1 / 8] != 0x3F) {
916  goto end;
917  }
918  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
919  if (sig->init_data->proto.proto[i] != 0)
920  goto end;
921  }
922  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
923  goto end;
924 
925  result = 1;
926 
927  end:
928  SigFree(NULL, sig);
929  return result;
930 }
931 
932 static int DetectIPProtoTestSetup16(void)
933 {
934  int result = 0;
935  Signature *sig;
936  const char *value1_str = "<14";
937  const char *value2_str = ">34";
938  int value2 = 34;
939  int i;
940 
941  if ((sig = SigAlloc()) == NULL)
942  goto end;
943 
944  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
945  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
946  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
947  goto end;
948  for (i = 0; i < (value2 / 8); i++) {
949  if (sig->init_data->proto.proto[i] != 0)
950  goto end;
951  }
952  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
953  goto end;
954  }
955  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
956  if (sig->init_data->proto.proto[i] != 0xFF)
957  goto end;
958  }
959  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
960  goto end;
961 
962  result = 1;
963 
964  end:
965  SigFree(NULL, sig);
966  return result;
967 }
968 
969 static int DetectIPProtoTestSetup17(void)
970 {
971  int result = 0;
972  Signature *sig;
973  const char *value1_str = "<11";
974  int value1 = 11;
975  const char *value2_str = ">13";
976  int i;
977 
978  if ((sig = SigAlloc()) == NULL)
979  goto end;
980 
981  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
982  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
983  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
984  goto end;
985  for (i = 0; i < (value1 / 8); i++) {
986  if (sig->init_data->proto.proto[i] != 0xFF)
987  goto end;
988  }
989  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
990  goto end;
991  }
992  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
993  if (sig->init_data->proto.proto[i] != 0)
994  goto end;
995  }
996  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
997  goto end;
998 
999  result = 1;
1000 
1001  end:
1002  SigFree(NULL, sig);
1003  return result;
1004 }
1005 
1006 static int DetectIPProtoTestSetup18(void)
1007 {
1008  int result = 0;
1009  Signature *sig;
1010  const char *value1_str = "<11";
1011  const char *value2_str = ">13";
1012  int value2 = 13;
1013  int i;
1014 
1015  if ((sig = SigAlloc()) == NULL)
1016  goto end;
1017 
1018  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1019  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1020  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1021  goto end;
1022  for (i = 0; i < (value2 / 8); i++) {
1023  if (sig->init_data->proto.proto[i] != 0)
1024  goto end;
1025  }
1026  if (sig->init_data->proto.proto[value2 / 8] != 0xC0) {
1027  goto end;
1028  }
1029  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1030  if (sig->init_data->proto.proto[i] != 0xFF)
1031  goto end;
1032  }
1033  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1034  goto end;
1035 
1036  result = 1;
1037 
1038  end:
1039  SigFree(NULL, sig);
1040  return result;
1041 }
1042 
1043 static int DetectIPProtoTestSetup19(void)
1044 {
1045  int result = 0;
1046  Signature *sig;
1047  const char *value1_str = "<11";
1048  int value1 = 11;
1049  const char *value2_str = "!13";
1050  const char *value3_str = ">36";
1051  int i;
1052 
1053  if ((sig = SigAlloc()) == NULL)
1054  goto end;
1055 
1056  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1057  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1058  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1059  goto end;
1060  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1061  goto end;
1062  for (i = 0; i < (value1 / 8); i++) {
1063  if (sig->init_data->proto.proto[i] != 0xFF)
1064  goto end;
1065  }
1066  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1067  goto end;
1068  }
1069  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1070  if (sig->init_data->proto.proto[i] != 0)
1071  goto end;
1072  }
1073  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1074  goto end;
1075 
1076  result = 1;
1077 
1078  end:
1079  SigFree(NULL, sig);
1080  return result;
1081 }
1082 
1083 static int DetectIPProtoTestSetup20(void)
1084 {
1085  int result = 0;
1086  Signature *sig;
1087  const char *value1_str = "<11";
1088  int value1 = 11;
1089  const char *value3_str = ">36";
1090  int i;
1091 
1092  if ((sig = SigAlloc()) == NULL)
1093  goto end;
1094 
1095  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1096  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1097  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1098  goto end;
1099  for (i = 0; i < (value1 / 8); i++) {
1100  if (sig->init_data->proto.proto[i] != 0xFF)
1101  goto end;
1102  }
1103  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1104  goto end;
1105  }
1106  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1107  if (sig->init_data->proto.proto[i] != 0)
1108  goto end;
1109  }
1110  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1111  goto end;
1112 
1113  result = 1;
1114 
1115  end:
1116  SigFree(NULL, sig);
1117  return result;
1118 }
1119 
1120 static int DetectIPProtoTestSetup21(void)
1121 {
1122  int result = 0;
1123  Signature *sig;
1124  const char *value1_str = "<11";
1125  int value1 = 11;
1126  const char *value2_str = "!13";
1127  const char *value3_str = ">36";
1128  int i;
1129 
1130  if ((sig = SigAlloc()) == NULL)
1131  goto end;
1132 
1133  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1134  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1135  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1136  goto end;
1137  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1138  goto end;
1139  for (i = 0; i < (value1 / 8); i++) {
1140  if (sig->init_data->proto.proto[i] != 0xFF)
1141  goto end;
1142  }
1143  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1144  goto end;
1145  }
1146  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1147  if (sig->init_data->proto.proto[i] != 0)
1148  goto end;
1149  }
1150  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1151  goto end;
1152 
1153  result = 1;
1154 
1155  end:
1156  SigFree(NULL, sig);
1157  return result;
1158 }
1159 
1160 static int DetectIPProtoTestSetup22(void)
1161 {
1162  int result = 0;
1163  Signature *sig;
1164  const char *value1_str = "<11";
1165  const char *value2_str = "!13";
1166  const char *value3_str = ">36";
1167  int value3 = 36;
1168  int i;
1169 
1170  if ((sig = SigAlloc()) == NULL)
1171  goto end;
1172 
1173  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1174  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1175  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1176  goto end;
1177  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1178  goto end;
1179  for (i = 0; i < (value3 / 8); i++) {
1180  if (sig->init_data->proto.proto[i] != 0)
1181  goto end;
1182  }
1183  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1184  goto end;
1185  }
1186  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1187  if (sig->init_data->proto.proto[i] != 0xFF)
1188  goto end;
1189  }
1190  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1191  goto end;
1192 
1193  result = 1;
1194 
1195  end:
1196  SigFree(NULL, sig);
1197  return result;
1198 }
1199 
1200 static int DetectIPProtoTestSetup23(void)
1201 {
1202  int result = 0;
1203  Signature *sig;
1204  const char *value1_str = "<11";
1205  const char *value3_str = ">36";
1206  int value3 = 36;
1207  int i;
1208 
1209  if ((sig = SigAlloc()) == NULL)
1210  goto end;
1211 
1212  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1213  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1214  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1215  goto end;
1216  for (i = 0; i < (value3 / 8); i++) {
1217  if (sig->init_data->proto.proto[i] != 0)
1218  goto end;
1219  }
1220  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1221  goto end;
1222  }
1223  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1224  if (sig->init_data->proto.proto[i] != 0xFF)
1225  goto end;
1226  }
1227  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1228  goto end;
1229 
1230  result = 1;
1231 
1232  end:
1233  SigFree(NULL, sig);
1234  return result;
1235 }
1236 
1237 static int DetectIPProtoTestSetup24(void)
1238 {
1239  int result = 0;
1240  Signature *sig;
1241  const char *value1_str = "<11";
1242  const char *value2_str = "!13";
1243  const char *value3_str = ">36";
1244  int value3 = 36;
1245  int i;
1246 
1247  if ((sig = SigAlloc()) == NULL)
1248  goto end;
1249 
1250  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1251  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1252  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1253  goto end;
1254  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1255  goto end;
1256  for (i = 0; i < (value3 / 8); i++) {
1257  if (sig->init_data->proto.proto[i] != 0)
1258  goto end;
1259  }
1260  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1261  goto end;
1262  }
1263  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1264  if (sig->init_data->proto.proto[i] != 0xFF)
1265  goto end;
1266  }
1267  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1268  goto end;
1269 
1270  result = 1;
1271 
1272  end:
1273  SigFree(NULL, sig);
1274  return result;
1275 }
1276 
1277 static int DetectIPProtoTestSetup33(void)
1278 {
1279  int result = 0;
1280  Signature *sig;
1281  const char *value1_str = "<11";
1282  int value1 = 11;
1283  const char *value2_str = "!34";
1284  const char *value3_str = ">36";
1285  int i;
1286 
1287  if ((sig = SigAlloc()) == NULL)
1288  goto end;
1289 
1290  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1291  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1292  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1293  goto end;
1294  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1295  goto end;
1296  for (i = 0; i < (value1 / 8); i++) {
1297  if (sig->init_data->proto.proto[i] != 0xFF)
1298  goto end;
1299  }
1300  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1301  goto end;
1302  }
1303  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1304  if (sig->init_data->proto.proto[i] != 0)
1305  goto end;
1306  }
1307  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1308  goto end;
1309 
1310  result = 1;
1311 
1312  end:
1313  SigFree(NULL, sig);
1314  return result;
1315 }
1316 
1317 static int DetectIPProtoTestSetup34(void)
1318 {
1319  int result = 0;
1320  Signature *sig;
1321  const char *value1_str = "<11";
1322  int value1 = 11;
1323  const char *value2_str = "!34";
1324  const char *value3_str = ">36";
1325  int value3 = 36;
1326  int i;
1327 
1328  if ((sig = SigAlloc()) == NULL)
1329  goto end;
1330 
1331  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1332  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1333  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1334  goto end;
1335  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1336  goto end;
1337  for (i = 0; i < (value1 / 8); i++) {
1338  if (sig->init_data->proto.proto[i] != 0)
1339  goto end;
1340  }
1341  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1342  goto end;
1343  }
1344  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1345  if (sig->init_data->proto.proto[i] != 0xFF)
1346  goto end;
1347  }
1348  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1349  goto end;
1350 
1351  result = 1;
1352 
1353  end:
1354  SigFree(NULL, sig);
1355  return result;
1356 }
1357 
1358 static int DetectIPProtoTestSetup36(void)
1359 {
1360  int result = 0;
1361  Signature *sig;
1362  const char *value1_str = "<11";
1363  const char *value2_str = "!34";
1364  const char *value3_str = ">36";
1365  int value3 = 36;
1366  int i;
1367 
1368  if ((sig = SigAlloc()) == NULL)
1369  goto end;
1370 
1371  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1372  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1373  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1374  goto end;
1375  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1376  goto end;
1377  for (i = 0; i < (value3 / 8); i++) {
1378  if (sig->init_data->proto.proto[i] != 0)
1379  goto end;
1380  }
1381  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1382  goto end;
1383  }
1384  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1385  if (sig->init_data->proto.proto[i] != 0xFF)
1386  goto end;
1387  }
1388  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1389  goto end;
1390 
1391  result = 1;
1392 
1393  end:
1394  SigFree(NULL, sig);
1395  return result;
1396 }
1397 
1398 static int DetectIPProtoTestSetup43(void)
1399 {
1400  int result = 0;
1401  Signature *sig;
1402  const char *value1_str = "!4";
1403  int value1 = 4;
1404  const char *value2_str = "<13";
1405  int value2 = 13;
1406  const char *value3_str = ">34";
1407  int i;
1408 
1409  if ((sig = SigAlloc()) == NULL)
1410  goto end;
1411 
1412  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1413  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1414  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1415  goto end;
1416  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1417  goto end;
1418  if (sig->init_data->proto.proto[value1 / 8] != 0xEF) {
1419  goto end;
1420  }
1421  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1422  if (sig->init_data->proto.proto[i] != 0xFF)
1423  goto end;
1424  }
1425  if (sig->init_data->proto.proto[value2 / 8] != 0x1F) {
1426  goto end;
1427  }
1428  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1429  if (sig->init_data->proto.proto[i] != 0)
1430  goto end;
1431  }
1432  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1433  goto end;
1434 
1435  result = 1;
1436 
1437  end:
1438  SigFree(NULL, sig);
1439  return result;
1440 }
1441 
1442 static int DetectIPProtoTestSetup44(void)
1443 {
1444  int result = 0;
1445  Signature *sig;
1446  const char *value1_str = "!4";
1447  const char *value2_str = "<13";
1448  const char *value3_str = ">34";
1449  int value3 = 34;
1450  int i;
1451 
1452  if ((sig = SigAlloc()) == NULL)
1453  goto end;
1454 
1455  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1456  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1457  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1458  goto end;
1459  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1460  goto end;
1461  for (i = 0; i < (value3 / 8); i++) {
1462  if (sig->init_data->proto.proto[i] != 0)
1463  goto end;
1464  }
1465  if (sig->init_data->proto.proto[value3 / 8] != 0xF8) {
1466  goto end;
1467  }
1468  for (i = (value3 / 8) + 1; i < 256 / 8; i++) {
1469  if (sig->init_data->proto.proto[i] != 0xFF)
1470  goto end;
1471  }
1472  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1473  goto end;
1474 
1475  result = 1;
1476 
1477  end:
1478  SigFree(NULL, sig);
1479  return result;
1480 }
1481 
1482 static int DetectIPProtoTestSetup45(void)
1483 {
1484  int result = 0;
1485  Signature *sig;
1486  const char *value1_str = "!4";
1487  int value1 = 4;
1488  const char *value2_str = "<13";
1489  int value2 = 13;
1490  const char *value3_str = ">34";
1491  int i;
1492 
1493  if ((sig = SigAlloc()) == NULL)
1494  goto end;
1495 
1496  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1497  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1498  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1499  goto end;
1500  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1501  goto end;
1502  if (sig->init_data->proto.proto[value1 / 8] != 0xEF) {
1503  goto end;
1504  }
1505  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1506  if (sig->init_data->proto.proto[i] != 0xFF)
1507  goto end;
1508  }
1509  if (sig->init_data->proto.proto[value2 / 8] != 0x1F) {
1510  goto end;
1511  }
1512  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1513  if (sig->init_data->proto.proto[i] != 0)
1514  goto end;
1515  }
1516  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1517  goto end;
1518 
1519  result = 1;
1520 
1521  end:
1522  SigFree(NULL, sig);
1523  return result;
1524 }
1525 
1526 static int DetectIPProtoTestSetup56(void)
1527 {
1528  int result = 0;
1529  Signature *sig;
1530  const char *value1_str = "<13";
1531  int value1 = 13;
1532  const char *value2_str = ">34";
1533  const char *value3_str = "!37";
1534  int i;
1535 
1536  if ((sig = SigAlloc()) == NULL)
1537  goto end;
1538 
1539  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1540  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1541  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1542  goto end;
1543  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1544  goto end;
1545  for (i = 0; i < (value1 / 8); i++) {
1546  if (sig->init_data->proto.proto[i] != 0xFF)
1547  goto end;
1548  }
1549  if (sig->init_data->proto.proto[value1 / 8] != 0x1F) {
1550  goto end;
1551  }
1552  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1553  if (sig->init_data->proto.proto[i] != 0)
1554  goto end;
1555  }
1556  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1557  goto end;
1558 
1559  result = 1;
1560 
1561  end:
1562  SigFree(NULL, sig);
1563  return result;
1564 }
1565 
1566 static int DetectIPProtoTestSetup75(void)
1567 {
1568  int result = 0;
1569  Signature *sig;
1570  const char *value1_str = "!8";
1571  const char *value2_str = ">10";
1572  int value2 = 10;
1573  int i;
1574 
1575  if ((sig = SigAlloc()) == NULL)
1576  goto end;
1577 
1578  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1579  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1580  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1581  goto end;
1582  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1583  goto end;
1584  for (i = 0; i < (value2 / 8); i++) {
1585  if (sig->init_data->proto.proto[i] != 0)
1586  goto end;
1587  }
1588  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1589  goto end;
1590  }
1591  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1592  if (sig->init_data->proto.proto[i] != 0xFF)
1593  goto end;
1594  }
1595 
1596  result = 1;
1597 
1598  end:
1599  SigFree(NULL, sig);
1600  return result;
1601 }
1602 
1603 static int DetectIPProtoTestSetup76(void)
1604 {
1605  int result = 0;
1606  Signature *sig;
1607  const char *value1_str = "!8";
1608  const char *value2_str = ">10";
1609  int value2 = 10;
1610  int i;
1611 
1612  if ((sig = SigAlloc()) == NULL)
1613  goto end;
1614 
1615  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1616  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1617  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1618  goto end;
1619  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1620  goto end;
1621  for (i = 0; i < (value2 / 8); i++) {
1622  if (sig->init_data->proto.proto[i] != 0)
1623  goto end;
1624  }
1625  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1626  goto end;
1627  }
1628  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1629  if (sig->init_data->proto.proto[i] != 0xFF)
1630  goto end;
1631  }
1632 
1633  result = 1;
1634 
1635  end:
1636  SigFree(NULL, sig);
1637  return result;
1638 }
1639 
1640 static int DetectIPProtoTestSetup129(void)
1641 {
1642  int result = 0;
1643  Signature *sig;
1644  const char *value1_str = "<10";
1645  int value1 = 10;
1646  const char *value2_str = ">10";
1647  int i;
1648 
1649  if ((sig = SigAlloc()) == NULL)
1650  goto end;
1651 
1652  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1653  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1654  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1655  goto end;
1656  for (i = 0; i < (value1 / 8); i++) {
1657  if (sig->init_data->proto.proto[i] != 0xFF)
1658  goto end;
1659  }
1660  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1661  goto end;
1662  }
1663  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1664  if (sig->init_data->proto.proto[i] != 0)
1665  goto end;
1666  }
1667  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1668  goto end;
1669 
1670  result = 1;
1671 
1672  end:
1673  SigFree(NULL, sig);
1674  return result;
1675 }
1676 
1677 static int DetectIPProtoTestSetup130(void)
1678 {
1679  int result = 0;
1680  Signature *sig;
1681  const char *value1_str = "<10";
1682  const char *value2_str = ">10";
1683  int value2 = 10;
1684  int i;
1685 
1686  if ((sig = SigAlloc()) == NULL)
1687  goto end;
1688 
1689  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1690  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1691  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1692  goto end;
1693  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1694  goto end;
1695  for (i = 0; i < (value2 / 8); i++) {
1696  if (sig->init_data->proto.proto[i] != 0)
1697  goto end;
1698  }
1699  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1700  goto end;
1701  }
1702  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1703  if (sig->init_data->proto.proto[i] != 0xFF)
1704  goto end;
1705  }
1706 
1707  result = 1;
1708 
1709  end:
1710  SigFree(NULL, sig);
1711  return result;
1712 }
1713 
1714 static int DetectIPProtoTestSetup131(void)
1715 {
1716  int result = 0;
1717  Signature *sig;
1718  const char *value1_str = "<10";
1719  int value1 = 10;
1720  const char *value2_str = "!10";
1721  int i;
1722 
1723  if ((sig = SigAlloc()) == NULL)
1724  goto end;
1725 
1726  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1727  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1728  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1729  goto end;
1730  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1731  goto end;
1732  for (i = 0; i < (value1 / 8); i++) {
1733  if (sig->init_data->proto.proto[i] != 0xFF)
1734  goto end;
1735  }
1736  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1737  goto end;
1738  }
1739  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1740  if (sig->init_data->proto.proto[i] != 0x0)
1741  goto end;
1742  }
1743 
1744  result = 1;
1745 
1746  end:
1747  SigFree(NULL, sig);
1748  return result;
1749 }
1750 
1751 static int DetectIPProtoTestSetup132(void)
1752 {
1753  int result = 0;
1754  Signature *sig;
1755  const char *value1_str = "<10";
1756  int value1 = 10;
1757  const char *value2_str = "!10";
1758  int i;
1759 
1760  if ((sig = SigAlloc()) == NULL)
1761  goto end;
1762 
1763  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1764  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1765  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1766  goto end;
1767  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1768  goto end;
1769  for (i = 0; i < (value1 / 8); i++) {
1770  if (sig->init_data->proto.proto[i] != 0xFF)
1771  goto end;
1772  }
1773  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1774  goto end;
1775  }
1776  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1777  if (sig->init_data->proto.proto[i] != 0x0)
1778  goto end;
1779  }
1780 
1781  result = 1;
1782 
1783  end:
1784  SigFree(NULL, sig);
1785  return result;
1786 }
1787 
1788 static int DetectIPProtoTestSetup145(void)
1789 {
1790  int result = 0;
1791  Signature *sig;
1792  const char *value1_str = "!4";
1793  const char *value2_str = ">8";
1794  const char *value3_str = "!10";
1795  const char *value4_str = "!14";
1796  const char *value5_str = "!27";
1797  const char *value6_str = "!29";
1798  const char *value7_str = "!30";
1799  const char *value8_str = "!34";
1800  const char *value9_str = "<36";
1801  const char *value10_str = "!38";
1802  int value10 = 38;
1803 
1804  int i;
1805 
1806  if ((sig = SigAlloc()) == NULL)
1807  goto end;
1808 
1809  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1810  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1811  if (DetectIPProtoSetup(NULL, sig, value5_str) != 0)
1812  goto end;
1813  if (DetectIPProtoSetup(NULL, sig, value8_str) != 0)
1814  goto end;
1815  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1816  goto end;
1817  if (DetectIPProtoSetup(NULL, sig, value10_str) != 0)
1818  goto end;
1819  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1820  goto end;
1821  if (DetectIPProtoSetup(NULL, sig, value6_str) != 0)
1822  goto end;
1823  if (DetectIPProtoSetup(NULL, sig, value9_str) != 0)
1824  goto end;
1825  if (DetectIPProtoSetup(NULL, sig, value4_str) != 0)
1826  goto end;
1827  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1828  goto end;
1829  if (DetectIPProtoSetup(NULL, sig, value7_str) != 0)
1830  goto end;
1831  if (sig->init_data->proto.proto[0] != 0) {
1832  goto end;
1833  }
1834  if (sig->init_data->proto.proto[1] != 0xBA) {
1835  goto end;
1836  }
1837  if (sig->init_data->proto.proto[2] != 0xFF) {
1838  goto end;
1839  }
1840  if (sig->init_data->proto.proto[3] != 0x97) {
1841  goto end;
1842  }
1843  if (sig->init_data->proto.proto[4] != 0x0B) {
1844  goto end;
1845  }
1846  for (i = (value10 / 8) + 1; i < 256 / 8; i++) {
1847  if (sig->init_data->proto.proto[i] != 0)
1848  goto end;
1849  }
1850 
1851  result = 1;
1852 
1853  end:
1854  SigFree(NULL, sig);
1855  return result;
1856 }
1857 
1858 static int DetectIPProtoTestSig1(void)
1859 {
1860  int result = 0;
1861  uint8_t *buf = (uint8_t *)
1862  "GET /one/ HTTP/1.1\r\n"
1863  "Host: one.example.org\r\n"
1864  "\r\n";
1865  uint16_t buflen = strlen((char *)buf);
1866  Packet *p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
1867  if (p == NULL)
1868  return 0;
1869 
1870  const char *sigs[4];
1871  sigs[0] = "alert ip any any -> any any "
1872  "(msg:\"Not tcp\"; ip_proto:!tcp; content:\"GET \"; sid:1;)";
1873  sigs[1] = "alert ip any any -> any any "
1874  "(msg:\"Less than 7\"; content:\"GET \"; ip_proto:<7; sid:2;)";
1875  sigs[2] = "alert ip any any -> any any "
1876  "(msg:\"Greater than 5\"; content:\"GET \"; ip_proto:>5; sid:3;)";
1877  sigs[3] = "alert ip any any -> any any "
1878  "(msg:\"Equals tcp\"; content:\"GET \"; ip_proto:tcp; sid:4;)";
1879 
1880  /* sids to match */
1881  uint32_t sid[4] = {1, 2, 3, 4};
1882  /* expected matches for each sid within this packet we are testing */
1883  uint32_t results[4] = {0, 1, 1, 1};
1884 
1885  /* remember that UTHGenericTest expect the first parameter
1886  * as an array of packet pointers. And also a bidimensional array of results
1887  * For example:
1888  * results[numpacket][position] should hold the number of times
1889  * that the sid at sid[position] matched that packet (should be always 1..)
1890  * But here we built it as unidimensional array
1891  */
1892  result = UTHGenericTest(&p, 1, sigs, sid, results, 4);
1893 
1894  UTHFreePacket(p);
1895  return result;
1896 }
1897 
1898 static int DetectIPProtoTestSig2(void)
1899 {
1900  uint8_t raw_eth[] = {
1901  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1902  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1903  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1904  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1905  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1906  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1907  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1908  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1909  0x4a, 0xea, 0x7a, 0x8e,
1910  };
1911 
1912  Packet *p = PacketGetFromAlloc();
1913  FAIL_IF_NULL(p);
1914 
1915  DecodeThreadVars dtv;
1916  ThreadVars th_v;
1917  DetectEngineThreadCtx *det_ctx = NULL;
1918 
1919  p->proto = 0;
1920  memset(&dtv, 0, sizeof(DecodeThreadVars));
1921  memset(&th_v, 0, sizeof(th_v));
1922  StatsThreadInit(&th_v.stats);
1923 
1924  FlowInitConfig(FLOW_QUIET);
1925  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1926 
1927  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1928  FAIL_IF_NULL(de_ctx);
1929  de_ctx->mpm_matcher = mpm_default_matcher;
1930  de_ctx->flags |= DE_QUIET;
1931 
1932  Signature *s = DetectEngineAppendSig(de_ctx,
1933  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1934  "ip_proto:!103; sid:1;)");
1935  FAIL_IF_NULL(s);
1936 
1937  SigGroupBuild(de_ctx);
1938  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1939 
1940  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1941  FAIL_IF(PacketAlertCheck(p, 1));
1942 
1943  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1944  DetectEngineCtxFree(de_ctx);
1945  PacketFree(p);
1946  FlowShutdown();
1947  StatsThreadCleanup(&th_v.stats);
1948  PASS;
1949 }
1950 
1951 static int DetectIPProtoTestSig3(void)
1952 {
1953  uint8_t raw_eth[] = {
1954  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1955  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1956  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1957  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1958  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1959  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1960  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1961  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1962  0x4a, 0xea, 0x7a, 0x8e,
1963  };
1964 
1965  Packet *p = PacketGetFromAlloc();
1966  FAIL_IF_NULL(p);
1967 
1968  DecodeThreadVars dtv;
1969  ThreadVars th_v;
1970  DetectEngineThreadCtx *det_ctx = NULL;
1971 
1972  p->proto = 0;
1973  memset(&dtv, 0, sizeof(DecodeThreadVars));
1974  memset(&th_v, 0, sizeof(th_v));
1975  StatsThreadInit(&th_v.stats);
1976 
1977  FlowInitConfig(FLOW_QUIET);
1978  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1979 
1980  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1981  FAIL_IF(de_ctx == NULL);
1982  de_ctx->mpm_matcher = mpm_default_matcher;
1983  de_ctx->flags |= DE_QUIET;
1984 
1985  Signature *s = DetectEngineAppendSig(de_ctx,
1986  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1987  "ip_proto:103; sid:1;)");
1988  FAIL_IF_NULL(s);
1989 
1990  SigGroupBuild(de_ctx);
1991  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1992 
1993  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1994  FAIL_IF(!PacketAlertCheck(p, 1));
1995  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1996  DetectEngineCtxFree(de_ctx);
1997  FlowShutdown();
1998 
1999  PacketFree(p);
2000  StatsThreadCleanup(&th_v.stats);
2001  PASS;
2002 }
2003 
2004 /**
2005  * \internal
2006  * \brief Register ip_proto tests.
2007  */
2008 static void DetectIPProtoRegisterTests(void)
2009 {
2010  UtRegisterTest("DetectIPProtoTestParse01", DetectIPProtoTestParse01);
2011  UtRegisterTest("DetectIPProtoTestParse02", DetectIPProtoTestParse02);
2012  UtRegisterTest("DetectIPProtoTestSetup01", DetectIPProtoTestSetup01);
2013  UtRegisterTest("DetectIPProtoTestSetup02", DetectIPProtoTestSetup02);
2014  UtRegisterTest("DetectIPProtoTestSetup03", DetectIPProtoTestSetup03);
2015  UtRegisterTest("DetectIPProtoTestSetup04", DetectIPProtoTestSetup04);
2016  UtRegisterTest("DetectIPProtoTestSetup05", DetectIPProtoTestSetup05);
2017  UtRegisterTest("DetectIPProtoTestSetup06", DetectIPProtoTestSetup06);
2018  UtRegisterTest("DetectIPProtoTestSetup07", DetectIPProtoTestSetup07);
2019  UtRegisterTest("DetectIPProtoTestSetup08", DetectIPProtoTestSetup08);
2020  UtRegisterTest("DetectIPProtoTestSetup09", DetectIPProtoTestSetup09);
2021  UtRegisterTest("DetectIPProtoTestSetup10", DetectIPProtoTestSetup10);
2022  UtRegisterTest("DetectIPProtoTestSetup11", DetectIPProtoTestSetup11);
2023  UtRegisterTest("DetectIPProtoTestSetup12", DetectIPProtoTestSetup12);
2024  UtRegisterTest("DetectIPProtoTestSetup13", DetectIPProtoTestSetup13);
2025  UtRegisterTest("DetectIPProtoTestSetup14", DetectIPProtoTestSetup14);
2026  UtRegisterTest("DetectIPProtoTestSetup15", DetectIPProtoTestSetup15);
2027  UtRegisterTest("DetectIPProtoTestSetup16", DetectIPProtoTestSetup16);
2028  UtRegisterTest("DetectIPProtoTestSetup17", DetectIPProtoTestSetup17);
2029  UtRegisterTest("DetectIPProtoTestSetup18", DetectIPProtoTestSetup18);
2030  UtRegisterTest("DetectIPProtoTestSetup19", DetectIPProtoTestSetup19);
2031  UtRegisterTest("DetectIPProtoTestSetup20", DetectIPProtoTestSetup20);
2032  UtRegisterTest("DetectIPProtoTestSetup21", DetectIPProtoTestSetup21);
2033  UtRegisterTest("DetectIPProtoTestSetup22", DetectIPProtoTestSetup22);
2034  UtRegisterTest("DetectIPProtoTestSetup23", DetectIPProtoTestSetup23);
2035  UtRegisterTest("DetectIPProtoTestSetup24", DetectIPProtoTestSetup24);
2036  UtRegisterTest("DetectIPProtoTestSetup33", DetectIPProtoTestSetup33);
2037  UtRegisterTest("DetectIPProtoTestSetup34", DetectIPProtoTestSetup34);
2038  UtRegisterTest("DetectIPProtoTestSetup36", DetectIPProtoTestSetup36);
2039  UtRegisterTest("DetectIPProtoTestSetup43", DetectIPProtoTestSetup43);
2040  UtRegisterTest("DetectIPProtoTestSetup44", DetectIPProtoTestSetup44);
2041  UtRegisterTest("DetectIPProtoTestSetup45", DetectIPProtoTestSetup45);
2042  UtRegisterTest("DetectIPProtoTestSetup56", DetectIPProtoTestSetup56);
2043  UtRegisterTest("DetectIPProtoTestSetup75", DetectIPProtoTestSetup75);
2044  UtRegisterTest("DetectIPProtoTestSetup76", DetectIPProtoTestSetup76);
2045  UtRegisterTest("DetectIPProtoTestSetup129", DetectIPProtoTestSetup129);
2046  UtRegisterTest("DetectIPProtoTestSetup130", DetectIPProtoTestSetup130);
2047  UtRegisterTest("DetectIPProtoTestSetup131", DetectIPProtoTestSetup131);
2048  UtRegisterTest("DetectIPProtoTestSetup132", DetectIPProtoTestSetup132);
2049  UtRegisterTest("DetectIPProtoTestSetup145", DetectIPProtoTestSetup145);
2050 
2051  UtRegisterTest("DetectIPProtoTestSig1", DetectIPProtoTestSig1);
2052  UtRegisterTest("DetectIPProtoTestSig2", DetectIPProtoTestSig2);
2053  UtRegisterTest("DetectIPProtoTestSig3", DetectIPProtoTestSig3);
2054 }
2055 #endif /* UNITTESTS */
DetectIPProtoRemoveAllSMs
void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-ipproto.c:431
util-byte.h
SigTableElmt_::url
const char * url
Definition: detect.h:1471
Packet_::proto
uint8_t proto
Definition: decode.h:527
detect-engine.h
SigMatchRemoveSMFromList
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
Definition: detect-parse.c:486
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition: detect.h:646
SigTableElmt_::desc
const char * desc
Definition: detect.h:1470
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:79
SigMatchFree
void SigMatchFree(DetectEngineCtx *de_ctx, SigMatch *sm)
free a SigMatch
Definition: detect-parse.c:288
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1455
DETECT_PROTO_IPV6
#define DETECT_PROTO_IPV6
Definition: detect-engine-proto.h:32
detect-engine-siggroup.h
DetectParseRegex
Definition: detect-parse.h:92
SigTableElmt_::name
const char * name
Definition: detect.h:1468
SigFree
void SigFree(DetectEngineCtx *, Signature *)
Definition: detect-parse.c:2059
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SigTableElmt_::flags
uint32_t flags
Definition: detect.h:1459
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:60
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:143
SIGMATCH_QUOTES_OPTIONAL
#define SIGMATCH_QUOTES_OPTIONAL
Definition: detect-engine-register.h:321
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:937
DETECT_PROTO_ANY
#define DETECT_PROTO_ANY
Definition: detect-engine-proto.h:28
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2652
DE_QUIET
#define DE_QUIET
Definition: detect.h:330
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:365
mpm_default_matcher
uint8_t mpm_default_matcher
Definition: util-mpm.c:48
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:2434
SignatureInitData_::init_flags
uint32_t init_flags
Definition: detect.h:609
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
Definition: detect-parse.c:3532
proto
uint8_t proto
Definition: decode-template.h:0
StringParseInt32
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:587
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3478
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1450
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:571
StringParseUint8
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:323
decode.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:19
DetectEngineThreadCtx_
Definition: detect.h:1252
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:3658
detect-engine-mpm.h
SCSigMatchAppendSMToList
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:387
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition: detect-engine.c:3386
SigMatch_::next
struct SigMatch_ * next
Definition: detect.h:360
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:940
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:225
SignatureInitData_::proto
DetectProto proto
Definition: detect.h:635
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:117
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:359
DetectProto_::proto
uint8_t proto[256/8]
Definition: detect-engine-proto.h:39
Signature_::flags
uint32_t flags
Definition: detect.h:673
Packet_
Definition: decode.h:505
detect-engine-build.h
detect-engine-alert.h
detect-ipproto.h
Signature_::init_data
SignatureInitData * init_data
Definition: detect.h:751
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1430
DETECT_IPPROTO_OP_GT
#define DETECT_IPPROTO_OP_GT
Definition: detect-ipproto.h:31
util-proto-name.h
SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
#define SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
Definition: detect.h:293
DETECT_IPPROTO_OP_EQ
#define DETECT_IPPROTO_OP_EQ
Definition: detect-ipproto.h:28
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2274
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:34
StatsThreadInit
void StatsThreadInit(StatsThreadContext *stats)
Definition: counters.c:1331
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
DetectProto_::flags
uint8_t flags
Definition: detect-engine-proto.h:40
DETECT_PROTO_IPV4
#define DETECT_PROTO_IPV4
Definition: detect-engine-proto.h:31
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SigMatch_::type
uint16_t type
Definition: detect.h:357
DETECT_IPPROTO_OP_LT
#define DETECT_IPPROTO_OP_LT
Definition: detect-ipproto.h:30
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:715
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition: detect-engine.c:3625
DetectIPProtoData_::op
uint8_t op
Definition: detect-ipproto.h:35
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition: util-unittest-helper.c:581
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:264
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:982
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:473
detect-parse.h
Signature_
Signature container.
Definition: detect.h:672
SigMatch_
a single match condition for a signature
Definition: detect.h:356
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2613
DetectIPProtoData_
Definition: detect-ipproto.h:34
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition: util-proto-name.c:463
PARSE_REGEX
#define PARSE_REGEX
Regex for parsing our options.
Definition: detect-ipproto.c:50
DETECT_IPPROTO_OP_NOT
#define DETECT_IPPROTO_OP_NOT
Definition: detect-ipproto.h:29
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:939
SigAlloc
Signature * SigAlloc(void)
Definition: detect-parse.c:1939
DETECT_IPPROTO
@ DETECT_IPPROTO
Definition: detect-engine-register.h:107
ThreadVars_::stats
StatsThreadContext stats
Definition: threadvars.h:121
StatsThreadCleanup
void StatsThreadCleanup(StatsThreadContext *stats)
Definition: counters.c:1427
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
detect-engine-address.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1457
DetectIPProtoData_::proto
uint8_t proto
Definition: detect-ipproto.h:36
SIG_FLAG_REQUIRE_PACKET
#define SIG_FLAG_REQUIRE_PACKET
Definition: detect.h:253