suricata
detect-ipproto.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Brian Rectanus <brectanu@gmail.com>
22  *
23  * Implements the ip_proto keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-ipproto.h"
31 
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-mpm.h"
35 #include "detect-engine-build.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 
40 #include "util-byte.h"
41 #include "util-proto-name.h"
42 #include "util-unittest.h"
43 #include "util-unittest-helper.h"
44 
45 #include "util-debug.h"
46 
47 /**
48  * \brief Regex for parsing our options
49  */
50 #define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$"
51 
52 static DetectParseRegex parse_regex;
53 
54 static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *);
55 #ifdef UNITTESTS
56 static void DetectIPProtoRegisterTests(void);
57 #endif
58 static void DetectIPProtoFree(DetectEngineCtx *, void *);
59 
60 void DetectIPProtoRegister(void)
61 {
62  sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
63  sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
64  sigmatch_table[DETECT_IPPROTO].url = "/rules/header-keywords.html#ip-proto";
65  sigmatch_table[DETECT_IPPROTO].Match = NULL;
66  sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
67  sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree;
68 #ifdef UNITTESTS
69  sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
70 #endif
71  sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL;
72 
73  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
74 }
75 
76 /**
77  * \internal
78  * \brief Parse ip_proto options string.
79  *
80  * \param optstr Options string to parse
81  *
82  * \return New ip_proto data structure
83  */
84 static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
85 {
86  /* Execute the regex and populate args with captures. */
87  pcre2_match_data *match = NULL;
88  int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
89  if (ret != 3) {
90  SCLogError("pcre_exec parse error, ret"
91  "%" PRId32 ", string %s",
92  ret, optstr);
93  if (match) {
94  pcre2_match_data_free(match);
95  }
96  return NULL;
97  }
98 
99  char *args[2] = { NULL, NULL };
100  DetectIPProtoData *data = NULL;
101 
102  for (int i = 0; i < 2; i++) {
103  const char *str_ptr = NULL;
104  size_t pcre2_len = 0;
105  int res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
106  if (res < 0) {
107  SCLogError("pcre2_substring_get_bynumber failed");
108  goto error;
109  }
110  args[i] = (char *)str_ptr;
111  }
112 
113  /* Initialize the data */
114  data = SCCalloc(1, sizeof(DetectIPProtoData));
115  if (unlikely(data == NULL))
116  goto error;
117  data->op = DETECT_IPPROTO_OP_EQ;
118  data->proto = 0;
119 
120  /* Operator */
121  if (*(args[0]) != '\0') {
122  data->op = *(args[0]);
123  }
124 
125  /* Protocol name/number */
126  if (!isdigit((unsigned char)*(args[1]))) {
127  uint8_t proto;
128  if (!SCGetProtoByName(args[1], &proto)) {
129  SCLogError("Unknown protocol name: \"%s\"", args[1]);
130  goto error;
131  }
132  data->proto = proto;
133  }
134  else {
135  if (StringParseUint8(&data->proto, 10, 0, args[1]) <= 0) {
136  SCLogError("Malformed protocol number: %s", args[1]);
137  goto error;
138  }
139  }
140 
141  for (int i = 0; i < 2; i++) {
142  if (args[i] != NULL)
143  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
144  }
145 
146  pcre2_match_data_free(match);
147  return data;
148 
149 error:
150  if (match) {
151  pcre2_match_data_free(match);
152  }
153  for (int i = 0; i < 2; i++) {
154  if (args[i] != NULL)
155  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
156  }
157  if (data != NULL)
158  SCFree(data);
159 
160  return NULL;
161 }
162 
163 static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op)
164 {
165  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
166  DetectIPProtoData *data;
167 
168  while (sm != NULL) {
169  if (sm->type == DETECT_IPPROTO) {
170  data = (DetectIPProtoData *)sm->ctx;
171  if (data->op == op)
172  return 1;
173  }
174  sm = sm->next;
175  }
176 
177  return 0;
178 }
179 
180 /**
181  * \internal
182  * \brief Setup ip_proto keyword.
183  *
184  * \param de_ctx Detection engine context
185  * \param s Signature
186  * \param optstr Options string
187  *
188  * \return Non-zero on error
189  */
190 static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
191 {
192  int i;
193 
194  DetectIPProtoData *data = DetectIPProtoParse(optstr);
195  if (data == NULL) {
196  return -1;
197  }
198 
199  /* Reset our "any" (or "ip") state: for ipv4, ipv6 and ip cases, the bitfield
200  * s->proto.proto have all bit set to 1 to be able to match any protocols. ipproto
201  * will refined the protocol list and thus it needs to reset the bitfield to zero
202  * before setting the value specified by the ip_proto keyword.
203  */
204  if (s->init_data->proto.flags & (DETECT_PROTO_ANY | DETECT_PROTO_IPV6 | DETECT_PROTO_IPV4)) {
205  s->init_data->proto.flags &= ~DETECT_PROTO_ANY;
206  memset(s->init_data->proto.proto, 0x00, sizeof(s->init_data->proto.proto));
207  s->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
208  } else {
209  /* The ipproto engine has a relationship with the protocol that is
210  * set after the action and also the app protocol(that can also be
211  * set through the app-layer-protocol.
212  * An ip_proto keyword can be used only with alert ip, which if
213  * not true we error out on the sig. And hence the init_flag to
214  * indicate this. */
215  if (!(s->init_data->init_flags & SIG_FLAG_INIT_FIRST_IPPROTO_SEEN)) {
216  SCLogError("Signature can use "
217  "ip_proto keyword only when we use alert ip, "
218  "in which case the _ANY flag is set on the sig "
219  "and the if condition should match.");
220  goto error;
221  }
222  }
223 
224  int eq_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_EQ);
225  int gt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_GT);
226  int lt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_LT);
227  int not_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_NOT);
228 
229  switch (data->op) {
230  case DETECT_IPPROTO_OP_EQ:
231  if (eq_set || gt_set || lt_set || not_set) {
232  SCLogError("can't use a eq "
233  "ipproto without any operators attached to "
234  "them in the same sig");
235  goto error;
236  }
237  s->init_data->proto.proto[data->proto / 8] |= 1 << (data->proto % 8);
238  break;
239 
240  case DETECT_IPPROTO_OP_GT:
241  if (eq_set || gt_set) {
242  SCLogError("can't use a eq or gt "
243  "ipproto along with a greater than ipproto in the "
244  "same sig ");
245  goto error;
246  }
247  if (!lt_set && !not_set) {
248  s->init_data->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8));
249  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
250  s->init_data->proto.proto[i] = 0xff;
251  }
252  } else if (lt_set && !not_set) {
253  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
254  while (temp_sm != NULL) {
255  if (temp_sm->type == DETECT_IPPROTO) {
256  break;
257  }
258  temp_sm = temp_sm->next;
259  }
260  if (temp_sm != NULL) {
261  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
262  if (data_temp->proto <= data->proto) {
263  SCLogError("can't have "
264  "both gt and lt ipprotos, with the lt being "
265  "lower than gt value");
266  goto error;
267  } else {
268  for (i = 0; i < (data->proto / 8); i++) {
269  s->init_data->proto.proto[i] = 0;
270  }
271  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
272  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
273  s->init_data->proto.proto[i] &= 0xff;
274  }
275  }
276  }
277  } else if (!lt_set && not_set) {
278  for (i = 0; i < (data->proto / 8); i++) {
279  s->init_data->proto.proto[i] = 0;
280  }
281  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
282  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
283  s->init_data->proto.proto[i] &= 0xff;
284  }
285  } else {
286  DetectIPProtoData *data_temp;
287  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
288  while (temp_sm != NULL) {
289  if (temp_sm->type == DETECT_IPPROTO &&
290  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) {
291  break;
292  }
293  temp_sm = temp_sm->next;
294  }
295  if (temp_sm != NULL) {
296  data_temp = (DetectIPProtoData *)temp_sm->ctx;
297  if (data_temp->proto <= data->proto) {
298  SCLogError("can't have "
299  "both gt and lt ipprotos, with the lt being "
300  "lower than gt value");
301  goto error;
302  } else {
303  for (i = 0; i < (data->proto / 8); i++) {
304  s->init_data->proto.proto[i] = 0;
305  }
306  s->init_data->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
307  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
308  s->init_data->proto.proto[i] &= 0xff;
309  }
310  }
311  }
312  }
313  break;
314 
315  case DETECT_IPPROTO_OP_LT:
316  if (eq_set || lt_set) {
317  SCLogError("can't use a eq or lt "
318  "ipproto with a less than ipproto in the "
319  "same sig ");
320  goto error;
321  }
322  if (!gt_set && !not_set) {
323  for (i = 0; i < (data->proto / 8); i++) {
324  s->init_data->proto.proto[i] = 0xff;
325  }
326  s->init_data->proto.proto[data->proto / 8] =
327  (uint8_t)(~(0xff << (data->proto % 8)));
328  } else if (gt_set && !not_set) {
329  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
330  while (temp_sm != NULL) {
331  if (temp_sm->type == DETECT_IPPROTO) {
332  break;
333  }
334  temp_sm = temp_sm->next;
335  }
336  if (temp_sm != NULL) {
337  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
338  if (data_temp->proto >= data->proto) {
339  SCLogError("can't have "
340  "both gt and lt ipprotos, with the lt being "
341  "lower than gt value");
342  goto error;
343  } else {
344  for (i = 0; i < (data->proto / 8); i++) {
345  s->init_data->proto.proto[i] &= 0xff;
346  }
347  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
348  for (i = (data->proto / 8) + 1; i < 256 / 8; i++) {
349  s->init_data->proto.proto[i] = 0;
350  }
351  }
352  }
353  } else if (!gt_set && not_set) {
354  for (i = 0; i < (data->proto / 8); i++) {
355  s->init_data->proto.proto[i] &= 0xFF;
356  }
357  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
358  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
359  s->init_data->proto.proto[i] = 0;
360  }
361  } else {
362  DetectIPProtoData *data_temp;
363  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
364  while (temp_sm != NULL) {
365  if (temp_sm->type == DETECT_IPPROTO &&
366  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) {
367  break;
368  }
369  temp_sm = temp_sm->next;
370  }
371  if (temp_sm != NULL) {
372  data_temp = (DetectIPProtoData *)temp_sm->ctx;
373  if (data_temp->proto >= data->proto) {
374  SCLogError("can't have "
375  "both gt and lt ipprotos, with the lt being "
376  "lower than gt value");
377  goto error;
378  } else {
379  for (i = 0; i < (data->proto / 8); i++) {
380  s->init_data->proto.proto[i] &= 0xFF;
381  }
382  s->init_data->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
383  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
384  s->init_data->proto.proto[i] = 0;
385  }
386  }
387  }
388  }
389  break;
390 
391  case DETECT_IPPROTO_OP_NOT:
392  if (eq_set) {
393  SCLogError("can't use a eq "
394  "ipproto along with a not ipproto in the "
395  "same sig ");
396  goto error;
397  }
398  if (!gt_set && !lt_set && !not_set) {
399  for (i = 0; i < (data->proto / 8); i++) {
400  s->init_data->proto.proto[i] = 0xff;
401  }
402  s->init_data->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8)));
403  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
404  s->init_data->proto.proto[i] = 0xff;
405  }
406  } else {
407  for (i = 0; i < (data->proto / 8); i++) {
408  s->init_data->proto.proto[i] &= 0xff;
409  }
410  s->init_data->proto.proto[data->proto / 8] &= ~(1 << (data->proto % 8));
411  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
412  s->init_data->proto.proto[i] &= 0xff;
413  }
414  }
415  break;
416  }
417 
418  if (SCSigMatchAppendSMToList(
419  de_ctx, s, DETECT_IPPROTO, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) == NULL) {
420  goto error;
421  }
422  s->flags |= SIG_FLAG_REQUIRE_PACKET;
423 
424  return 0;
425 
426  error:
427 
428  DetectIPProtoFree(de_ctx, data);
429  return -1;
430 }
431 
432 void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
433 {
434  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
435 
436  while (sm != NULL) {
437  if (sm->type != DETECT_IPPROTO) {
438  sm = sm->next;
439  continue;
440  }
441  SigMatch *tmp_sm = sm->next;
442  SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_MATCH);
443  SigMatchFree(de_ctx, sm);
444  sm = tmp_sm;
445  }
446 }
447 
448 static void DetectIPProtoFree(DetectEngineCtx *de_ctx, void *ptr)
449 {
450  DetectIPProtoData *data = (DetectIPProtoData *)ptr;
451  if (data) {
452  SCFree(data);
453  }
454 }
455 
456 /* UNITTESTS */
457 #ifdef UNITTESTS
458 #include "detect-engine-alert.h"
459 
460 /**
461  * \test DetectIPProtoTestParse01 is a test for an invalid proto number
462  */
463 static int DetectIPProtoTestParse01(void)
464 {
465  DetectIPProtoData *data = DetectIPProtoParse("999");
466  FAIL_IF_NOT(data == NULL);
467  PASS;
468 }
469 
470 /**
471  * \test DetectIPProtoTestParse02 is a test for an invalid proto name
472  */
473 static int DetectIPProtoTestParse02(void)
474 {
475  DetectIPProtoData *data = DetectIPProtoParse("foobarbooeek");
476  FAIL_IF_NOT(data == NULL);
477  PASS;
478 }
479 
480 /**
481  * \test DetectIPProtoTestSetup01 is a test for a protocol number
482  */
483 static int DetectIPProtoTestSetup01(void)
484 {
485  const char *value_str = "14";
486  int value;
487  FAIL_IF(StringParseInt32(&value, 10, 0, (const char *)value_str) < 0);
488  int i;
489 
490  Signature *sig = SigAlloc();
491  FAIL_IF_NULL(sig);
492 
493  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
494  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
495  DetectIPProtoSetup(NULL, sig, value_str);
496  for (i = 0; i < (value / 8); i++) {
497  FAIL_IF(sig->init_data->proto.proto[i] != 0);
498  }
499  FAIL_IF(sig->init_data->proto.proto[value / 8] != 0x40);
500  for (i = (value / 8) + 1; i < (256 / 8); i++) {
501  FAIL_IF(sig->init_data->proto.proto[i] != 0);
502  }
503  SigFree(NULL, sig);
504  PASS;
505 }
506 
507 /**
508  * \test DetectIPProtoTestSetup02 is a test for a protocol name
509  */
510 static int DetectIPProtoTestSetup02(void)
511 {
512  int result = 0;
513  Signature *sig = NULL;
514  const char *value_str = "tcp";
515  struct protoent *pent = getprotobyname(value_str);
516  if (pent == NULL) {
517  goto end;
518  }
519  uint8_t value = (uint8_t)pent->p_proto;
520  int i;
521 
522  if ((sig = SigAlloc()) == NULL)
523  goto end;
524 
525  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
526  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
527  DetectIPProtoSetup(NULL, sig, value_str);
528  for (i = 0; i < (value / 8); i++) {
529  if (sig->init_data->proto.proto[i] != 0)
530  goto end;
531  }
532  if (sig->init_data->proto.proto[value / 8] != 0x40) {
533  goto end;
534  }
535  for (i = (value / 8) + 1; i < (256 / 8); i++) {
536  if (sig->init_data->proto.proto[i] != 0)
537  goto end;
538  }
539 
540  result = 1;
541 
542  end:
543  if (sig != NULL)
544  SigFree(NULL, sig);
545  return result;
546 }
547 
548 /**
549  * \test DetectIPProtoTestSetup03 is a test for a < operator
550  */
551 static int DetectIPProtoTestSetup03(void)
552 {
553  int result = 0;
554  Signature *sig;
555  const char *value_str = "<14";
556  int value = 14;
557  int i;
558 
559  if ((sig = SigAlloc()) == NULL)
560  goto end;
561 
562  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
563  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
564  DetectIPProtoSetup(NULL, sig, value_str);
565  for (i = 0; i < (value / 8); i++) {
566  if (sig->init_data->proto.proto[i] != 0xFF)
567  goto end;
568  }
569  if (sig->init_data->proto.proto[value / 8] != 0x3F) {
570  goto end;
571  }
572  for (i = (value / 8) + 1; i < (256 / 8); i++) {
573  if (sig->init_data->proto.proto[i] != 0)
574  goto end;
575  }
576 
577  result = 1;
578 
579  end:
580  SigFree(NULL, sig);
581  return result;
582 }
583 
584 /**
585  * \test DetectIPProtoTestSetup04 is a test for a > operator
586  */
587 static int DetectIPProtoTestSetup04(void)
588 {
589  int result = 0;
590  Signature *sig;
591  const char *value_str = ">14";
592  int value = 14;
593  int i;
594 
595  if ((sig = SigAlloc()) == NULL)
596  goto end;
597 
598  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
599  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
600  DetectIPProtoSetup(NULL, sig, value_str);
601  for (i = 0; i < (value / 8); i++) {
602  if (sig->init_data->proto.proto[i] != 0)
603  goto end;
604  }
605  if (sig->init_data->proto.proto[value / 8] != 0x80) {
606  goto end;
607  }
608  for (i = (value / 8) + 1; i < (256 / 8); i++) {
609  if (sig->init_data->proto.proto[i] != 0xFF)
610  goto end;
611  }
612 
613  result = 1;
614 
615  end:
616  SigFree(NULL, sig);
617  return result;
618 }
619 
620 /**
621  * \test DetectIPProtoTestSetup05 is a test for a ! operator
622  */
623 static int DetectIPProtoTestSetup05(void)
624 {
625  int result = 0;
626  Signature *sig;
627  const char *value_str = "!14";
628  int value = 14;
629  int i;
630 
631  if ((sig = SigAlloc()) == NULL)
632  goto end;
633 
634  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
635  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
636  DetectIPProtoSetup(NULL, sig, value_str);
637  for (i = 0; i < (value / 8); i++) {
638  if (sig->init_data->proto.proto[i] != 0xFF)
639  goto end;
640  }
641  if (sig->init_data->proto.proto[value / 8] != 0xBF) {
642  goto end;
643  }
644  for (i = (value / 8) + 1; i < (256 / 8); i++) {
645  if (sig->init_data->proto.proto[i] != 0xFF)
646  goto end;
647  }
648 
649  result = 1;
650 
651  end:
652  SigFree(NULL, sig);
653  return result;
654 }
655 
656 /**
657  * \test Negative test.
658  */
659 static int DetectIPProtoTestSetup06(void)
660 {
661  int result = 0;
662  Signature *sig;
663  const char *value1_str = "14";
664  const char *value2_str = "15";
665 
666  if ((sig = SigAlloc()) == NULL)
667  goto end;
668 
669  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
670  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
671  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
672  goto end;
673  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
674  goto end;
675 
676  result = 1;
677 
678  end:
679  SigFree(NULL, sig);
680  return result;
681 }
682 
683 /**
684  * \test Negative test.
685  */
686 static int DetectIPProtoTestSetup07(void)
687 {
688  int result = 0;
689  Signature *sig;
690  const char *value1_str = "14";
691  const char *value2_str = "<15";
692 
693  if ((sig = SigAlloc()) == NULL)
694  goto end;
695 
696  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
697  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
698  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
699  goto end;
700  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
701  goto end;
702 
703  result = 1;
704 
705  end:
706  SigFree(NULL, sig);
707  return result;
708 }
709 
710 /**
711  * \test Negative test.
712  */
713 static int DetectIPProtoTestSetup08(void)
714 {
715  int result = 0;
716  Signature *sig;
717  const char *value1_str = "14";
718  const char *value2_str = ">15";
719 
720  if ((sig = SigAlloc()) == NULL)
721  goto end;
722 
723  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
724  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
725  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
726  goto end;
727  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
728  goto end;
729 
730  result = 1;
731 
732  end:
733  SigFree(NULL, sig);
734  return result;
735 }
736 
737 /**
738  * \test Negative test.
739  */
740 static int DetectIPProtoTestSetup09(void)
741 {
742  int result = 0;
743  Signature *sig;
744  const char *value1_str = "14";
745  const char *value2_str = "!15";
746 
747  if ((sig = SigAlloc()) == NULL)
748  goto end;
749 
750  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
751  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
752  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
753  goto end;
754  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
755  goto end;
756 
757  result = 1;
758 
759  end:
760  SigFree(NULL, sig);
761  return result;
762 }
763 
764 /**
765  * \test Negative test.
766  */
767 static int DetectIPProtoTestSetup10(void)
768 {
769  int result = 0;
770  Signature *sig;
771  const char *value1_str = ">14";
772  const char *value2_str = "15";
773 
774  if ((sig = SigAlloc()) == NULL)
775  goto end;
776 
777  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
778  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
779  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
780  goto end;
781  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
782  goto end;
783 
784  result = 1;
785 
786  end:
787  SigFree(NULL, sig);
788  return result;
789 }
790 
791 /**
792  * \test Negative test.
793  */
794 static int DetectIPProtoTestSetup11(void)
795 {
796  int result = 0;
797  Signature *sig;
798  const char *value1_str = "<14";
799  const char *value2_str = "15";
800 
801  if ((sig = SigAlloc()) == NULL)
802  goto end;
803 
804  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
805  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
806  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
807  goto end;
808  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
809  goto end;
810 
811  result = 1;
812 
813  end:
814  SigFree(NULL, sig);
815  return result;
816 }
817 
818 /**
819  * \test Negative test.
820  */
821 static int DetectIPProtoTestSetup12(void)
822 {
823  int result = 0;
824  Signature *sig;
825  const char *value1_str = "!14";
826  const char *value2_str = "15";
827 
828  if ((sig = SigAlloc()) == NULL)
829  goto end;
830 
831  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
832  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
833  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
834  goto end;
835  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
836  goto end;
837 
838  result = 1;
839 
840  end:
841  SigFree(NULL, sig);
842  return result;
843 }
844 
845 /**
846  * \test Negative test.
847  */
848 static int DetectIPProtoTestSetup13(void)
849 {
850  int result = 0;
851  Signature *sig;
852  const char *value1_str = ">14";
853  const char *value2_str = ">15";
854 
855  if ((sig = SigAlloc()) == NULL)
856  goto end;
857 
858  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
859  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
860  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
861  goto end;
862  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
863  goto end;
864 
865  result = 1;
866 
867  end:
868  SigFree(NULL, sig);
869  return result;
870 }
871 
872 static int DetectIPProtoTestSetup14(void)
873 {
874  int result = 0;
875  Signature *sig;
876  const char *value1_str = "<14";
877  const char *value2_str = "<15";
878 
879  if ((sig = SigAlloc()) == NULL)
880  goto end;
881 
882  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
883  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
884  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
885  goto end;
886  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
887  goto end;
888 
889  result = 1;
890 
891  end:
892  SigFree(NULL, sig);
893  return result;
894 }
895 
896 static int DetectIPProtoTestSetup15(void)
897 {
898  int result = 0;
899  Signature *sig;
900  const char *value1_str = "<14";
901  int value1 = 14;
902  const char *value2_str = ">34";
903  int i;
904 
905  if ((sig = SigAlloc()) == NULL)
906  goto end;
907 
908  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
909  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
910  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
911  goto end;
912  for (i = 0; i < (value1 / 8); i++) {
913  if (sig->init_data->proto.proto[i] != 0xFF)
914  goto end;
915  }
916  if (sig->init_data->proto.proto[value1 / 8] != 0x3F) {
917  goto end;
918  }
919  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
920  if (sig->init_data->proto.proto[i] != 0)
921  goto end;
922  }
923  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
924  goto end;
925 
926  result = 1;
927 
928  end:
929  SigFree(NULL, sig);
930  return result;
931 }
932 
933 static int DetectIPProtoTestSetup16(void)
934 {
935  int result = 0;
936  Signature *sig;
937  const char *value1_str = "<14";
938  const char *value2_str = ">34";
939  int value2 = 34;
940  int i;
941 
942  if ((sig = SigAlloc()) == NULL)
943  goto end;
944 
945  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
946  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
947  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
948  goto end;
949  for (i = 0; i < (value2 / 8); i++) {
950  if (sig->init_data->proto.proto[i] != 0)
951  goto end;
952  }
953  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
954  goto end;
955  }
956  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
957  if (sig->init_data->proto.proto[i] != 0xFF)
958  goto end;
959  }
960  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
961  goto end;
962 
963  result = 1;
964 
965  end:
966  SigFree(NULL, sig);
967  return result;
968 }
969 
970 static int DetectIPProtoTestSetup17(void)
971 {
972  int result = 0;
973  Signature *sig;
974  const char *value1_str = "<11";
975  int value1 = 11;
976  const char *value2_str = ">13";
977  int i;
978 
979  if ((sig = SigAlloc()) == NULL)
980  goto end;
981 
982  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
983  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
984  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
985  goto end;
986  for (i = 0; i < (value1 / 8); i++) {
987  if (sig->init_data->proto.proto[i] != 0xFF)
988  goto end;
989  }
990  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
991  goto end;
992  }
993  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
994  if (sig->init_data->proto.proto[i] != 0)
995  goto end;
996  }
997  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
998  goto end;
999 
1000  result = 1;
1001 
1002  end:
1003  SigFree(NULL, sig);
1004  return result;
1005 }
1006 
1007 static int DetectIPProtoTestSetup18(void)
1008 {
1009  int result = 0;
1010  Signature *sig;
1011  const char *value1_str = "<11";
1012  const char *value2_str = ">13";
1013  int value2 = 13;
1014  int i;
1015 
1016  if ((sig = SigAlloc()) == NULL)
1017  goto end;
1018 
1019  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1020  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1021  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1022  goto end;
1023  for (i = 0; i < (value2 / 8); i++) {
1024  if (sig->init_data->proto.proto[i] != 0)
1025  goto end;
1026  }
1027  if (sig->init_data->proto.proto[value2 / 8] != 0xC0) {
1028  goto end;
1029  }
1030  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1031  if (sig->init_data->proto.proto[i] != 0xFF)
1032  goto end;
1033  }
1034  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1035  goto end;
1036 
1037  result = 1;
1038 
1039  end:
1040  SigFree(NULL, sig);
1041  return result;
1042 }
1043 
1044 static int DetectIPProtoTestSetup19(void)
1045 {
1046  int result = 0;
1047  Signature *sig;
1048  const char *value1_str = "<11";
1049  int value1 = 11;
1050  const char *value2_str = "!13";
1051  const char *value3_str = ">36";
1052  int i;
1053 
1054  if ((sig = SigAlloc()) == NULL)
1055  goto end;
1056 
1057  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1058  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1059  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1060  goto end;
1061  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1062  goto end;
1063  for (i = 0; i < (value1 / 8); i++) {
1064  if (sig->init_data->proto.proto[i] != 0xFF)
1065  goto end;
1066  }
1067  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1068  goto end;
1069  }
1070  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1071  if (sig->init_data->proto.proto[i] != 0)
1072  goto end;
1073  }
1074  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1075  goto end;
1076 
1077  result = 1;
1078 
1079  end:
1080  SigFree(NULL, sig);
1081  return result;
1082 }
1083 
1084 static int DetectIPProtoTestSetup20(void)
1085 {
1086  int result = 0;
1087  Signature *sig;
1088  const char *value1_str = "<11";
1089  int value1 = 11;
1090  const char *value3_str = ">36";
1091  int i;
1092 
1093  if ((sig = SigAlloc()) == NULL)
1094  goto end;
1095 
1096  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1097  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1098  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1099  goto end;
1100  for (i = 0; i < (value1 / 8); i++) {
1101  if (sig->init_data->proto.proto[i] != 0xFF)
1102  goto end;
1103  }
1104  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1105  goto end;
1106  }
1107  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1108  if (sig->init_data->proto.proto[i] != 0)
1109  goto end;
1110  }
1111  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1112  goto end;
1113 
1114  result = 1;
1115 
1116  end:
1117  SigFree(NULL, sig);
1118  return result;
1119 }
1120 
1121 static int DetectIPProtoTestSetup21(void)
1122 {
1123  int result = 0;
1124  Signature *sig;
1125  const char *value1_str = "<11";
1126  int value1 = 11;
1127  const char *value2_str = "!13";
1128  const char *value3_str = ">36";
1129  int i;
1130 
1131  if ((sig = SigAlloc()) == NULL)
1132  goto end;
1133 
1134  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1135  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1136  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1137  goto end;
1138  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1139  goto end;
1140  for (i = 0; i < (value1 / 8); i++) {
1141  if (sig->init_data->proto.proto[i] != 0xFF)
1142  goto end;
1143  }
1144  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1145  goto end;
1146  }
1147  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1148  if (sig->init_data->proto.proto[i] != 0)
1149  goto end;
1150  }
1151  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1152  goto end;
1153 
1154  result = 1;
1155 
1156  end:
1157  SigFree(NULL, sig);
1158  return result;
1159 }
1160 
1161 static int DetectIPProtoTestSetup22(void)
1162 {
1163  int result = 0;
1164  Signature *sig;
1165  const char *value1_str = "<11";
1166  const char *value2_str = "!13";
1167  const char *value3_str = ">36";
1168  int value3 = 36;
1169  int i;
1170 
1171  if ((sig = SigAlloc()) == NULL)
1172  goto end;
1173 
1174  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1175  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1176  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1177  goto end;
1178  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1179  goto end;
1180  for (i = 0; i < (value3 / 8); i++) {
1181  if (sig->init_data->proto.proto[i] != 0)
1182  goto end;
1183  }
1184  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1185  goto end;
1186  }
1187  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1188  if (sig->init_data->proto.proto[i] != 0xFF)
1189  goto end;
1190  }
1191  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1192  goto end;
1193 
1194  result = 1;
1195 
1196  end:
1197  SigFree(NULL, sig);
1198  return result;
1199 }
1200 
1201 static int DetectIPProtoTestSetup23(void)
1202 {
1203  int result = 0;
1204  Signature *sig;
1205  const char *value1_str = "<11";
1206  const char *value3_str = ">36";
1207  int value3 = 36;
1208  int i;
1209 
1210  if ((sig = SigAlloc()) == NULL)
1211  goto end;
1212 
1213  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1214  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1215  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1216  goto end;
1217  for (i = 0; i < (value3 / 8); i++) {
1218  if (sig->init_data->proto.proto[i] != 0)
1219  goto end;
1220  }
1221  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1222  goto end;
1223  }
1224  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1225  if (sig->init_data->proto.proto[i] != 0xFF)
1226  goto end;
1227  }
1228  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1229  goto end;
1230 
1231  result = 1;
1232 
1233  end:
1234  SigFree(NULL, sig);
1235  return result;
1236 }
1237 
1238 static int DetectIPProtoTestSetup24(void)
1239 {
1240  int result = 0;
1241  Signature *sig;
1242  const char *value1_str = "<11";
1243  const char *value2_str = "!13";
1244  const char *value3_str = ">36";
1245  int value3 = 36;
1246  int i;
1247 
1248  if ((sig = SigAlloc()) == NULL)
1249  goto end;
1250 
1251  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1252  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1253  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1254  goto end;
1255  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1256  goto end;
1257  for (i = 0; i < (value3 / 8); i++) {
1258  if (sig->init_data->proto.proto[i] != 0)
1259  goto end;
1260  }
1261  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1262  goto end;
1263  }
1264  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1265  if (sig->init_data->proto.proto[i] != 0xFF)
1266  goto end;
1267  }
1268  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1269  goto end;
1270 
1271  result = 1;
1272 
1273  end:
1274  SigFree(NULL, sig);
1275  return result;
1276 }
1277 
1278 static int DetectIPProtoTestSetup33(void)
1279 {
1280  int result = 0;
1281  Signature *sig;
1282  const char *value1_str = "<11";
1283  int value1 = 11;
1284  const char *value2_str = "!34";
1285  const char *value3_str = ">36";
1286  int i;
1287 
1288  if ((sig = SigAlloc()) == NULL)
1289  goto end;
1290 
1291  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1292  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1293  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1294  goto end;
1295  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1296  goto end;
1297  for (i = 0; i < (value1 / 8); i++) {
1298  if (sig->init_data->proto.proto[i] != 0xFF)
1299  goto end;
1300  }
1301  if (sig->init_data->proto.proto[value1 / 8] != 0x07) {
1302  goto end;
1303  }
1304  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1305  if (sig->init_data->proto.proto[i] != 0)
1306  goto end;
1307  }
1308  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1309  goto end;
1310 
1311  result = 1;
1312 
1313  end:
1314  SigFree(NULL, sig);
1315  return result;
1316 }
1317 
1318 static int DetectIPProtoTestSetup34(void)
1319 {
1320  int result = 0;
1321  Signature *sig;
1322  const char *value1_str = "<11";
1323  int value1 = 11;
1324  const char *value2_str = "!34";
1325  const char *value3_str = ">36";
1326  int value3 = 36;
1327  int i;
1328 
1329  if ((sig = SigAlloc()) == NULL)
1330  goto end;
1331 
1332  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1333  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1334  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1335  goto end;
1336  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1337  goto end;
1338  for (i = 0; i < (value1 / 8); i++) {
1339  if (sig->init_data->proto.proto[i] != 0)
1340  goto end;
1341  }
1342  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1343  goto end;
1344  }
1345  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1346  if (sig->init_data->proto.proto[i] != 0xFF)
1347  goto end;
1348  }
1349  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1350  goto end;
1351 
1352  result = 1;
1353 
1354  end:
1355  SigFree(NULL, sig);
1356  return result;
1357 }
1358 
1359 static int DetectIPProtoTestSetup36(void)
1360 {
1361  int result = 0;
1362  Signature *sig;
1363  const char *value1_str = "<11";
1364  const char *value2_str = "!34";
1365  const char *value3_str = ">36";
1366  int value3 = 36;
1367  int i;
1368 
1369  if ((sig = SigAlloc()) == NULL)
1370  goto end;
1371 
1372  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1373  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1374  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1375  goto end;
1376  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1377  goto end;
1378  for (i = 0; i < (value3 / 8); i++) {
1379  if (sig->init_data->proto.proto[i] != 0)
1380  goto end;
1381  }
1382  if (sig->init_data->proto.proto[value3 / 8] != 0xE0) {
1383  goto end;
1384  }
1385  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1386  if (sig->init_data->proto.proto[i] != 0xFF)
1387  goto end;
1388  }
1389  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1390  goto end;
1391 
1392  result = 1;
1393 
1394  end:
1395  SigFree(NULL, sig);
1396  return result;
1397 }
1398 
1399 static int DetectIPProtoTestSetup43(void)
1400 {
1401  int result = 0;
1402  Signature *sig;
1403  const char *value1_str = "!4";
1404  int value1 = 4;
1405  const char *value2_str = "<13";
1406  int value2 = 13;
1407  const char *value3_str = ">34";
1408  int i;
1409 
1410  if ((sig = SigAlloc()) == NULL)
1411  goto end;
1412 
1413  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1414  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1415  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1416  goto end;
1417  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1418  goto end;
1419  if (sig->init_data->proto.proto[value1 / 8] != 0xEF) {
1420  goto end;
1421  }
1422  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1423  if (sig->init_data->proto.proto[i] != 0xFF)
1424  goto end;
1425  }
1426  if (sig->init_data->proto.proto[value2 / 8] != 0x1F) {
1427  goto end;
1428  }
1429  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1430  if (sig->init_data->proto.proto[i] != 0)
1431  goto end;
1432  }
1433  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1434  goto end;
1435 
1436  result = 1;
1437 
1438  end:
1439  SigFree(NULL, sig);
1440  return result;
1441 }
1442 
1443 static int DetectIPProtoTestSetup44(void)
1444 {
1445  int result = 0;
1446  Signature *sig;
1447  const char *value1_str = "!4";
1448  const char *value2_str = "<13";
1449  const char *value3_str = ">34";
1450  int value3 = 34;
1451  int i;
1452 
1453  if ((sig = SigAlloc()) == NULL)
1454  goto end;
1455 
1456  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1457  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1458  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1459  goto end;
1460  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1461  goto end;
1462  for (i = 0; i < (value3 / 8); i++) {
1463  if (sig->init_data->proto.proto[i] != 0)
1464  goto end;
1465  }
1466  if (sig->init_data->proto.proto[value3 / 8] != 0xF8) {
1467  goto end;
1468  }
1469  for (i = (value3 / 8) + 1; i < 256 / 8; i++) {
1470  if (sig->init_data->proto.proto[i] != 0xFF)
1471  goto end;
1472  }
1473  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1474  goto end;
1475 
1476  result = 1;
1477 
1478  end:
1479  SigFree(NULL, sig);
1480  return result;
1481 }
1482 
1483 static int DetectIPProtoTestSetup45(void)
1484 {
1485  int result = 0;
1486  Signature *sig;
1487  const char *value1_str = "!4";
1488  int value1 = 4;
1489  const char *value2_str = "<13";
1490  int value2 = 13;
1491  const char *value3_str = ">34";
1492  int i;
1493 
1494  if ((sig = SigAlloc()) == NULL)
1495  goto end;
1496 
1497  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1498  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1499  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1500  goto end;
1501  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1502  goto end;
1503  if (sig->init_data->proto.proto[value1 / 8] != 0xEF) {
1504  goto end;
1505  }
1506  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1507  if (sig->init_data->proto.proto[i] != 0xFF)
1508  goto end;
1509  }
1510  if (sig->init_data->proto.proto[value2 / 8] != 0x1F) {
1511  goto end;
1512  }
1513  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1514  if (sig->init_data->proto.proto[i] != 0)
1515  goto end;
1516  }
1517  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1518  goto end;
1519 
1520  result = 1;
1521 
1522  end:
1523  SigFree(NULL, sig);
1524  return result;
1525 }
1526 
1527 static int DetectIPProtoTestSetup56(void)
1528 {
1529  int result = 0;
1530  Signature *sig;
1531  const char *value1_str = "<13";
1532  int value1 = 13;
1533  const char *value2_str = ">34";
1534  const char *value3_str = "!37";
1535  int i;
1536 
1537  if ((sig = SigAlloc()) == NULL)
1538  goto end;
1539 
1540  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1541  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1542  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1543  goto end;
1544  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1545  goto end;
1546  for (i = 0; i < (value1 / 8); i++) {
1547  if (sig->init_data->proto.proto[i] != 0xFF)
1548  goto end;
1549  }
1550  if (sig->init_data->proto.proto[value1 / 8] != 0x1F) {
1551  goto end;
1552  }
1553  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1554  if (sig->init_data->proto.proto[i] != 0)
1555  goto end;
1556  }
1557  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1558  goto end;
1559 
1560  result = 1;
1561 
1562  end:
1563  SigFree(NULL, sig);
1564  return result;
1565 }
1566 
1567 static int DetectIPProtoTestSetup75(void)
1568 {
1569  int result = 0;
1570  Signature *sig;
1571  const char *value1_str = "!8";
1572  const char *value2_str = ">10";
1573  int value2 = 10;
1574  int i;
1575 
1576  if ((sig = SigAlloc()) == NULL)
1577  goto end;
1578 
1579  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1580  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1581  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1582  goto end;
1583  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1584  goto end;
1585  for (i = 0; i < (value2 / 8); i++) {
1586  if (sig->init_data->proto.proto[i] != 0)
1587  goto end;
1588  }
1589  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1590  goto end;
1591  }
1592  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1593  if (sig->init_data->proto.proto[i] != 0xFF)
1594  goto end;
1595  }
1596 
1597  result = 1;
1598 
1599  end:
1600  SigFree(NULL, sig);
1601  return result;
1602 }
1603 
1604 static int DetectIPProtoTestSetup76(void)
1605 {
1606  int result = 0;
1607  Signature *sig;
1608  const char *value1_str = "!8";
1609  const char *value2_str = ">10";
1610  int value2 = 10;
1611  int i;
1612 
1613  if ((sig = SigAlloc()) == NULL)
1614  goto end;
1615 
1616  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1617  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1618  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1619  goto end;
1620  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1621  goto end;
1622  for (i = 0; i < (value2 / 8); i++) {
1623  if (sig->init_data->proto.proto[i] != 0)
1624  goto end;
1625  }
1626  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1627  goto end;
1628  }
1629  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1630  if (sig->init_data->proto.proto[i] != 0xFF)
1631  goto end;
1632  }
1633 
1634  result = 1;
1635 
1636  end:
1637  SigFree(NULL, sig);
1638  return result;
1639 }
1640 
1641 static int DetectIPProtoTestSetup129(void)
1642 {
1643  int result = 0;
1644  Signature *sig;
1645  const char *value1_str = "<10";
1646  int value1 = 10;
1647  const char *value2_str = ">10";
1648  int i;
1649 
1650  if ((sig = SigAlloc()) == NULL)
1651  goto end;
1652 
1653  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1654  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1655  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1656  goto end;
1657  for (i = 0; i < (value1 / 8); i++) {
1658  if (sig->init_data->proto.proto[i] != 0xFF)
1659  goto end;
1660  }
1661  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1662  goto end;
1663  }
1664  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1665  if (sig->init_data->proto.proto[i] != 0)
1666  goto end;
1667  }
1668  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1669  goto end;
1670 
1671  result = 1;
1672 
1673  end:
1674  SigFree(NULL, sig);
1675  return result;
1676 }
1677 
1678 static int DetectIPProtoTestSetup130(void)
1679 {
1680  int result = 0;
1681  Signature *sig;
1682  const char *value1_str = "<10";
1683  const char *value2_str = ">10";
1684  int value2 = 10;
1685  int i;
1686 
1687  if ((sig = SigAlloc()) == NULL)
1688  goto end;
1689 
1690  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1691  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1692  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1693  goto end;
1694  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1695  goto end;
1696  for (i = 0; i < (value2 / 8); i++) {
1697  if (sig->init_data->proto.proto[i] != 0)
1698  goto end;
1699  }
1700  if (sig->init_data->proto.proto[value2 / 8] != 0xF8) {
1701  goto end;
1702  }
1703  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1704  if (sig->init_data->proto.proto[i] != 0xFF)
1705  goto end;
1706  }
1707 
1708  result = 1;
1709 
1710  end:
1711  SigFree(NULL, sig);
1712  return result;
1713 }
1714 
1715 static int DetectIPProtoTestSetup131(void)
1716 {
1717  int result = 0;
1718  Signature *sig;
1719  const char *value1_str = "<10";
1720  int value1 = 10;
1721  const char *value2_str = "!10";
1722  int i;
1723 
1724  if ((sig = SigAlloc()) == NULL)
1725  goto end;
1726 
1727  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1728  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1729  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1730  goto end;
1731  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1732  goto end;
1733  for (i = 0; i < (value1 / 8); i++) {
1734  if (sig->init_data->proto.proto[i] != 0xFF)
1735  goto end;
1736  }
1737  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1738  goto end;
1739  }
1740  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1741  if (sig->init_data->proto.proto[i] != 0x0)
1742  goto end;
1743  }
1744 
1745  result = 1;
1746 
1747  end:
1748  SigFree(NULL, sig);
1749  return result;
1750 }
1751 
1752 static int DetectIPProtoTestSetup132(void)
1753 {
1754  int result = 0;
1755  Signature *sig;
1756  const char *value1_str = "<10";
1757  int value1 = 10;
1758  const char *value2_str = "!10";
1759  int i;
1760 
1761  if ((sig = SigAlloc()) == NULL)
1762  goto end;
1763 
1764  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1765  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1766  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1767  goto end;
1768  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1769  goto end;
1770  for (i = 0; i < (value1 / 8); i++) {
1771  if (sig->init_data->proto.proto[i] != 0xFF)
1772  goto end;
1773  }
1774  if (sig->init_data->proto.proto[value1 / 8] != 0x03) {
1775  goto end;
1776  }
1777  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1778  if (sig->init_data->proto.proto[i] != 0x0)
1779  goto end;
1780  }
1781 
1782  result = 1;
1783 
1784  end:
1785  SigFree(NULL, sig);
1786  return result;
1787 }
1788 
1789 static int DetectIPProtoTestSetup145(void)
1790 {
1791  int result = 0;
1792  Signature *sig;
1793  const char *value1_str = "!4";
1794  const char *value2_str = ">8";
1795  const char *value3_str = "!10";
1796  const char *value4_str = "!14";
1797  const char *value5_str = "!27";
1798  const char *value6_str = "!29";
1799  const char *value7_str = "!30";
1800  const char *value8_str = "!34";
1801  const char *value9_str = "<36";
1802  const char *value10_str = "!38";
1803  int value10 = 38;
1804 
1805  int i;
1806 
1807  if ((sig = SigAlloc()) == NULL)
1808  goto end;
1809 
1810  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1811  sig->init_data->proto.flags |= DETECT_PROTO_ANY;
1812  if (DetectIPProtoSetup(NULL, sig, value5_str) != 0)
1813  goto end;
1814  if (DetectIPProtoSetup(NULL, sig, value8_str) != 0)
1815  goto end;
1816  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1817  goto end;
1818  if (DetectIPProtoSetup(NULL, sig, value10_str) != 0)
1819  goto end;
1820  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1821  goto end;
1822  if (DetectIPProtoSetup(NULL, sig, value6_str) != 0)
1823  goto end;
1824  if (DetectIPProtoSetup(NULL, sig, value9_str) != 0)
1825  goto end;
1826  if (DetectIPProtoSetup(NULL, sig, value4_str) != 0)
1827  goto end;
1828  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1829  goto end;
1830  if (DetectIPProtoSetup(NULL, sig, value7_str) != 0)
1831  goto end;
1832  if (sig->init_data->proto.proto[0] != 0) {
1833  goto end;
1834  }
1835  if (sig->init_data->proto.proto[1] != 0xBA) {
1836  goto end;
1837  }
1838  if (sig->init_data->proto.proto[2] != 0xFF) {
1839  goto end;
1840  }
1841  if (sig->init_data->proto.proto[3] != 0x97) {
1842  goto end;
1843  }
1844  if (sig->init_data->proto.proto[4] != 0x0B) {
1845  goto end;
1846  }
1847  for (i = (value10 / 8) + 1; i < 256 / 8; i++) {
1848  if (sig->init_data->proto.proto[i] != 0)
1849  goto end;
1850  }
1851 
1852  result = 1;
1853 
1854  end:
1855  SigFree(NULL, sig);
1856  return result;
1857 }
1858 
1859 static int DetectIPProtoTestSig1(void)
1860 {
1861  int result = 0;
1862  uint8_t *buf = (uint8_t *)
1863  "GET /one/ HTTP/1.1\r\n"
1864  "Host: one.example.org\r\n"
1865  "\r\n";
1866  uint16_t buflen = strlen((char *)buf);
1867  Packet *p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
1868  if (p == NULL)
1869  return 0;
1870 
1871  const char *sigs[4];
1872  sigs[0] = "alert ip any any -> any any "
1873  "(msg:\"Not tcp\"; ip_proto:!tcp; content:\"GET \"; sid:1;)";
1874  sigs[1] = "alert ip any any -> any any "
1875  "(msg:\"Less than 7\"; content:\"GET \"; ip_proto:<7; sid:2;)";
1876  sigs[2] = "alert ip any any -> any any "
1877  "(msg:\"Greater than 5\"; content:\"GET \"; ip_proto:>5; sid:3;)";
1878  sigs[3] = "alert ip any any -> any any "
1879  "(msg:\"Equals tcp\"; content:\"GET \"; ip_proto:tcp; sid:4;)";
1880 
1881  /* sids to match */
1882  uint32_t sid[4] = {1, 2, 3, 4};
1883  /* expected matches for each sid within this packet we are testing */
1884  uint32_t results[4] = {0, 1, 1, 1};
1885 
1886  /* remember that UTHGenericTest expect the first parameter
1887  * as an array of packet pointers. And also a bidimensional array of results
1888  * For example:
1889  * results[numpacket][position] should hold the number of times
1890  * that the sid at sid[position] matched that packet (should be always 1..)
1891  * But here we built it as unidimensional array
1892  */
1893  result = UTHGenericTest(&p, 1, sigs, sid, results, 4);
1894 
1895  UTHFreePacket(p);
1896  return result;
1897 }
1898 
1899 static int DetectIPProtoTestSig2(void)
1900 {
1901  uint8_t raw_eth[] = {
1902  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1903  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1904  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1905  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1906  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1907  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1908  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1909  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1910  0x4a, 0xea, 0x7a, 0x8e,
1911  };
1912 
1913  Packet *p = PacketGetFromAlloc();
1914  FAIL_IF_NULL(p);
1915 
1916  DecodeThreadVars dtv;
1917  ThreadVars th_v;
1918  DetectEngineThreadCtx *det_ctx = NULL;
1919 
1920  p->proto = 0;
1921  memset(&dtv, 0, sizeof(DecodeThreadVars));
1922  memset(&th_v, 0, sizeof(th_v));
1923  StatsThreadInit(&th_v.stats);
1924 
1925  FlowInitConfig(FLOW_QUIET);
1926  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1927 
1928  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1929  FAIL_IF_NULL(de_ctx);
1930  de_ctx->mpm_matcher = mpm_default_matcher;
1931  de_ctx->flags |= DE_QUIET;
1932 
1933  Signature *s = DetectEngineAppendSig(de_ctx,
1934  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1935  "ip_proto:!103; sid:1;)");
1936  FAIL_IF_NULL(s);
1937 
1938  SigGroupBuild(de_ctx);
1939  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1940 
1941  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1942  FAIL_IF(PacketAlertCheck(p, 1));
1943 
1944  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1945  DetectEngineCtxFree(de_ctx);
1946  PacketFree(p);
1947  FlowShutdown();
1948  StatsThreadCleanup(&th_v.stats);
1949  PASS;
1950 }
1951 
1952 static int DetectIPProtoTestSig3(void)
1953 {
1954  uint8_t raw_eth[] = {
1955  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1956  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1957  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1958  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1959  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1960  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1961  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1962  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1963  0x4a, 0xea, 0x7a, 0x8e,
1964  };
1965 
1966  Packet *p = PacketGetFromAlloc();
1967  FAIL_IF_NULL(p);
1968 
1969  DecodeThreadVars dtv;
1970  ThreadVars th_v;
1971  DetectEngineThreadCtx *det_ctx = NULL;
1972 
1973  p->proto = 0;
1974  memset(&dtv, 0, sizeof(DecodeThreadVars));
1975  memset(&th_v, 0, sizeof(th_v));
1976  StatsThreadInit(&th_v.stats);
1977 
1978  FlowInitConfig(FLOW_QUIET);
1979  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1980 
1981  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1982  FAIL_IF(de_ctx == NULL);
1983  de_ctx->mpm_matcher = mpm_default_matcher;
1984  de_ctx->flags |= DE_QUIET;
1985 
1986  Signature *s = DetectEngineAppendSig(de_ctx,
1987  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1988  "ip_proto:103; sid:1;)");
1989  FAIL_IF_NULL(s);
1990 
1991  SigGroupBuild(de_ctx);
1992  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1993 
1994  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1995  FAIL_IF(!PacketAlertCheck(p, 1));
1996  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1997  DetectEngineCtxFree(de_ctx);
1998  FlowShutdown();
1999 
2000  PacketFree(p);
2001  StatsThreadCleanup(&th_v.stats);
2002  PASS;
2003 }
2004 
2005 /**
2006  * \internal
2007  * \brief Register ip_proto tests.
2008  */
2009 static void DetectIPProtoRegisterTests(void)
2010 {
2011  UtRegisterTest("DetectIPProtoTestParse01", DetectIPProtoTestParse01);
2012  UtRegisterTest("DetectIPProtoTestParse02", DetectIPProtoTestParse02);
2013  UtRegisterTest("DetectIPProtoTestSetup01", DetectIPProtoTestSetup01);
2014  UtRegisterTest("DetectIPProtoTestSetup02", DetectIPProtoTestSetup02);
2015  UtRegisterTest("DetectIPProtoTestSetup03", DetectIPProtoTestSetup03);
2016  UtRegisterTest("DetectIPProtoTestSetup04", DetectIPProtoTestSetup04);
2017  UtRegisterTest("DetectIPProtoTestSetup05", DetectIPProtoTestSetup05);
2018  UtRegisterTest("DetectIPProtoTestSetup06", DetectIPProtoTestSetup06);
2019  UtRegisterTest("DetectIPProtoTestSetup07", DetectIPProtoTestSetup07);
2020  UtRegisterTest("DetectIPProtoTestSetup08", DetectIPProtoTestSetup08);
2021  UtRegisterTest("DetectIPProtoTestSetup09", DetectIPProtoTestSetup09);
2022  UtRegisterTest("DetectIPProtoTestSetup10", DetectIPProtoTestSetup10);
2023  UtRegisterTest("DetectIPProtoTestSetup11", DetectIPProtoTestSetup11);
2024  UtRegisterTest("DetectIPProtoTestSetup12", DetectIPProtoTestSetup12);
2025  UtRegisterTest("DetectIPProtoTestSetup13", DetectIPProtoTestSetup13);
2026  UtRegisterTest("DetectIPProtoTestSetup14", DetectIPProtoTestSetup14);
2027  UtRegisterTest("DetectIPProtoTestSetup15", DetectIPProtoTestSetup15);
2028  UtRegisterTest("DetectIPProtoTestSetup16", DetectIPProtoTestSetup16);
2029  UtRegisterTest("DetectIPProtoTestSetup17", DetectIPProtoTestSetup17);
2030  UtRegisterTest("DetectIPProtoTestSetup18", DetectIPProtoTestSetup18);
2031  UtRegisterTest("DetectIPProtoTestSetup19", DetectIPProtoTestSetup19);
2032  UtRegisterTest("DetectIPProtoTestSetup20", DetectIPProtoTestSetup20);
2033  UtRegisterTest("DetectIPProtoTestSetup21", DetectIPProtoTestSetup21);
2034  UtRegisterTest("DetectIPProtoTestSetup22", DetectIPProtoTestSetup22);
2035  UtRegisterTest("DetectIPProtoTestSetup23", DetectIPProtoTestSetup23);
2036  UtRegisterTest("DetectIPProtoTestSetup24", DetectIPProtoTestSetup24);
2037  UtRegisterTest("DetectIPProtoTestSetup33", DetectIPProtoTestSetup33);
2038  UtRegisterTest("DetectIPProtoTestSetup34", DetectIPProtoTestSetup34);
2039  UtRegisterTest("DetectIPProtoTestSetup36", DetectIPProtoTestSetup36);
2040  UtRegisterTest("DetectIPProtoTestSetup43", DetectIPProtoTestSetup43);
2041  UtRegisterTest("DetectIPProtoTestSetup44", DetectIPProtoTestSetup44);
2042  UtRegisterTest("DetectIPProtoTestSetup45", DetectIPProtoTestSetup45);
2043  UtRegisterTest("DetectIPProtoTestSetup56", DetectIPProtoTestSetup56);
2044  UtRegisterTest("DetectIPProtoTestSetup75", DetectIPProtoTestSetup75);
2045  UtRegisterTest("DetectIPProtoTestSetup76", DetectIPProtoTestSetup76);
2046  UtRegisterTest("DetectIPProtoTestSetup129", DetectIPProtoTestSetup129);
2047  UtRegisterTest("DetectIPProtoTestSetup130", DetectIPProtoTestSetup130);
2048  UtRegisterTest("DetectIPProtoTestSetup131", DetectIPProtoTestSetup131);
2049  UtRegisterTest("DetectIPProtoTestSetup132", DetectIPProtoTestSetup132);
2050  UtRegisterTest("DetectIPProtoTestSetup145", DetectIPProtoTestSetup145);
2051 
2052  UtRegisterTest("DetectIPProtoTestSig1", DetectIPProtoTestSig1);
2053  UtRegisterTest("DetectIPProtoTestSig2", DetectIPProtoTestSig2);
2054  UtRegisterTest("DetectIPProtoTestSig3", DetectIPProtoTestSig3);
2055 }
2056 #endif /* UNITTESTS */
DetectIPProtoRemoveAllSMs
void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-ipproto.c:432
util-byte.h
SigTableElmt_::url
const char * url
Definition: detect.h:1512
Packet_::proto
uint8_t proto
Definition: decode.h:537
detect-engine.h
SigMatchRemoveSMFromList
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
Definition: detect-parse.c:486
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition: detect.h:649
SigTableElmt_::desc
const char * desc
Definition: detect.h:1511
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:79
SigMatchFree
void SigMatchFree(DetectEngineCtx *de_ctx, SigMatch *sm)
free a SigMatch
Definition: detect-parse.c:288
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1496
DETECT_PROTO_IPV6
#define DETECT_PROTO_IPV6
Definition: detect-engine-proto.h:32
detect-engine-siggroup.h
DetectParseRegex
Definition: detect-parse.h:94
SigTableElmt_::name
const char * name
Definition: detect.h:1509
SigFree
void SigFree(DetectEngineCtx *, Signature *)
Definition: detect-parse.c:2126
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SigTableElmt_::flags
uint32_t flags
Definition: detect.h:1500
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:60
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:144
SIGMATCH_QUOTES_OPTIONAL
#define SIGMATCH_QUOTES_OPTIONAL
Definition: detect-engine-register.h:316
th_v
ThreadVars * th_v
Definition: fuzz_iprep.c:20
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:973
DETECT_PROTO_ANY
#define DETECT_PROTO_ANY
Definition: detect-engine-proto.h:28
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2759
DE_QUIET
#define DE_QUIET
Definition: detect.h:330
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:243
mpm_default_matcher
uint8_t mpm_default_matcher
Definition: util-mpm.c:48
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:2971
SignatureInitData_::init_flags
uint32_t init_flags
Definition: detect.h:612
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
Definition: detect-parse.c:3649
proto
uint8_t proto
Definition: decode-template.h:0
p
Packet * p
Definition: fuzz_iprep.c:21
StringParseInt32
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:587
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3595
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1491
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:577
StringParseUint8
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:323
decode.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:22
DetectEngineThreadCtx_
Definition: detect.h:1291
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:3775
detect-engine-mpm.h
SCSigMatchAppendSMToList
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:387
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition: detect-engine.c:3505
SigMatch_::next
struct SigMatch_ * next
Definition: detect.h:360
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:976
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:222
SignatureInitData_::proto
DetectProto proto
Definition: detect.h:638
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:117
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:359
DetectProto_::proto
uint8_t proto[256/8]
Definition: detect-engine-proto.h:39
Signature_::flags
uint32_t flags
Definition: detect.h:676
Packet_
Definition: decode.h:515
detect-engine-build.h
detect-engine-alert.h
detect-ipproto.h
Signature_::init_data
SignatureInitData * init_data
Definition: detect.h:754
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1471
DETECT_IPPROTO_OP_GT
#define DETECT_IPPROTO_OP_GT
Definition: detect-ipproto.h:31
util-proto-name.h
SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
#define SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
Definition: detect.h:293
DETECT_IPPROTO_OP_EQ
#define DETECT_IPPROTO_OP_EQ
Definition: detect-ipproto.h:28
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2295
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:34
StatsThreadInit
void StatsThreadInit(StatsThreadContext *stats)
Definition: counters.c:1333
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
DetectProto_::flags
uint8_t flags
Definition: detect-engine-proto.h:40
DETECT_PROTO_IPV4
#define DETECT_PROTO_IPV4
Definition: detect-engine-proto.h:31
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SigMatch_::type
uint16_t type
Definition: detect.h:357
DETECT_IPPROTO_OP_LT
#define DETECT_IPPROTO_OP_LT
Definition: detect-ipproto.h:30
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:721
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition: detect-engine.c:3750
DetectIPProtoData_::op
uint8_t op
Definition: detect-ipproto.h:35
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition: util-unittest-helper.c:580
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:261
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:994
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:472
detect-parse.h
Signature_
Signature container.
Definition: detect.h:675
SigMatch_
a single match condition for a signature
Definition: detect.h:356
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2720
DetectIPProtoData_
Definition: detect-ipproto.h:34
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition: util-proto-name.c:463
PARSE_REGEX
#define PARSE_REGEX
Regex for parsing our options.
Definition: detect-ipproto.c:50
DETECT_IPPROTO_OP_NOT
#define DETECT_IPPROTO_OP_NOT
Definition: detect-ipproto.h:29
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:975
SigAlloc
Signature * SigAlloc(void)
Definition: detect-parse.c:2006
DETECT_IPPROTO
@ DETECT_IPPROTO
Definition: detect-engine-register.h:112
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ThreadVars_::stats
StatsThreadContext stats
Definition: threadvars.h:121
StatsThreadCleanup
void StatsThreadCleanup(StatsThreadContext *stats)
Definition: counters.c:1429
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
detect-engine-address.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1498
DetectIPProtoData_::proto
uint8_t proto
Definition: detect-ipproto.h:36
SIG_FLAG_REQUIRE_PACKET
#define SIG_FLAG_REQUIRE_PACKET
Definition: detect.h:253