suricata
detect-ipproto.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Brian Rectanus <brectanu@gmail.com>
22  *
23  * Implements the ip_proto keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-ipproto.h"
31 
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-mpm.h"
35 #include "detect-engine-build.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 
40 #include "util-byte.h"
41 #include "util-proto-name.h"
42 #include "util-unittest.h"
43 #include "util-unittest-helper.h"
44 
45 #include "util-debug.h"
46 
47 /**
48  * \brief Regex for parsing our options
49  */
50 #define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$"
51 
52 static DetectParseRegex parse_regex;
53 
54 static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *);
55 #ifdef UNITTESTS
56 static void DetectIPProtoRegisterTests(void);
57 #endif
58 static void DetectIPProtoFree(DetectEngineCtx *, void *);
59 
60 void DetectIPProtoRegister(void)
61 {
62  sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
63  sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
64  sigmatch_table[DETECT_IPPROTO].url = "/rules/header-keywords.html#ip-proto";
65  sigmatch_table[DETECT_IPPROTO].Match = NULL;
66  sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
67  sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree;
68 #ifdef UNITTESTS
69  sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
70 #endif
71  sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL;
72 
73  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
74 }
75 
76 /**
77  * \internal
78  * \brief Parse ip_proto options string.
79  *
80  * \param optstr Options string to parse
81  *
82  * \return New ip_proto data structure
83  */
84 static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
85 {
86  DetectIPProtoData *data = NULL;
87  char *args[2] = { NULL, NULL };
88  int res = 0;
89  size_t pcre2_len;
90  int i;
91  const char *str_ptr;
92 
93  /* Execute the regex and populate args with captures. */
94  pcre2_match_data *match = NULL;
95  int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
96  if (ret != 3) {
97  SCLogError("pcre_exec parse error, ret"
98  "%" PRId32 ", string %s",
99  ret, optstr);
100  goto error;
101  }
102 
103  for (i = 0; i < (ret - 1); i++) {
104  res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
105  if (res < 0) {
106  SCLogError("pcre2_substring_get_bynumber failed");
107  goto error;
108  }
109  args[i] = (char *)str_ptr;
110  }
111 
112  /* Initialize the data */
113  data = SCMalloc(sizeof(DetectIPProtoData));
114  if (unlikely(data == NULL))
115  goto error;
116  data->op = DETECT_IPPROTO_OP_EQ;
117  data->proto = 0;
118 
119  /* Operator */
120  if (*(args[0]) != '\0') {
121  data->op = *(args[0]);
122  }
123 
124  /* Protocol name/number */
125  if (!isdigit((unsigned char)*(args[1]))) {
126  uint8_t proto;
127  if (!SCGetProtoByName(args[1], &proto)) {
128  SCLogError("Unknown protocol name: \"%s\"", str_ptr);
129  goto error;
130  }
131  data->proto = proto;
132  }
133  else {
134  if (StringParseUint8(&data->proto, 10, 0, args[1]) <= 0) {
135  SCLogError("Malformed protocol number: %s", str_ptr);
136  goto error;
137  }
138  }
139 
140  for (i = 0; i < (ret - 1); i++){
141  if (args[i] != NULL)
142  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
143  }
144 
145  pcre2_match_data_free(match);
146  return data;
147 
148 error:
149  if (match) {
150  pcre2_match_data_free(match);
151  }
152  for (i = 0; i < (ret - 1) && i < 2; i++){
153  if (args[i] != NULL)
154  pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
155  }
156  if (data != NULL)
157  SCFree(data);
158 
159  return NULL;
160 }
161 
162 static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op)
163 {
164  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
165  DetectIPProtoData *data;
166 
167  while (sm != NULL) {
168  if (sm->type == DETECT_IPPROTO) {
169  data = (DetectIPProtoData *)sm->ctx;
170  if (data->op == op)
171  return 1;
172  }
173  sm = sm->next;
174  }
175 
176  return 0;
177 }
178 
179 /**
180  * \internal
181  * \brief Setup ip_proto keyword.
182  *
183  * \param de_ctx Detection engine context
184  * \param s Signature
185  * \param optstr Options string
186  *
187  * \return Non-zero on error
188  */
189 static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
190 {
191  int i;
192 
193  DetectIPProtoData *data = DetectIPProtoParse(optstr);
194  if (data == NULL) {
195  return -1;
196  }
197 
198  /* Reset our "any" (or "ip") state: for ipv4, ipv6 and ip cases, the bitfield
199  * s->proto.proto have all bit set to 1 to be able to match any protocols. ipproto
200  * will refined the protocol list and thus it needs to reset the bitfield to zero
201  * before setting the value specified by the ip_proto keyword.
202  */
203  if (s->proto.flags & (DETECT_PROTO_ANY | DETECT_PROTO_IPV6 | DETECT_PROTO_IPV4)) {
204  s->proto.flags &= ~DETECT_PROTO_ANY;
205  memset(s->proto.proto, 0x00, sizeof(s->proto.proto));
206  s->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
207  } else {
208  /* The ipproto engine has a relationship with the protocol that is
209  * set after the action and also the app protocol(that can also be
210  * set through the app-layer-protocol.
211  * An ip_proto keyword can be used only with alert ip, which if
212  * not true we error out on the sig. And hence the init_flag to
213  * indicate this. */
214  if (!(s->init_data->init_flags & SIG_FLAG_INIT_FIRST_IPPROTO_SEEN)) {
215  SCLogError("Signature can use "
216  "ip_proto keyword only when we use alert ip, "
217  "in which case the _ANY flag is set on the sig "
218  "and the if condition should match.");
219  goto error;
220  }
221  }
222 
223  int eq_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_EQ);
224  int gt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_GT);
225  int lt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_LT);
226  int not_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_NOT);
227 
228  switch (data->op) {
229  case DETECT_IPPROTO_OP_EQ:
230  if (eq_set || gt_set || lt_set || not_set) {
231  SCLogError("can't use a eq "
232  "ipproto without any operators attached to "
233  "them in the same sig");
234  goto error;
235  }
236  s->proto.proto[data->proto / 8] |= 1 << (data->proto % 8);
237  break;
238 
239  case DETECT_IPPROTO_OP_GT:
240  if (eq_set || gt_set) {
241  SCLogError("can't use a eq or gt "
242  "ipproto along with a greater than ipproto in the "
243  "same sig ");
244  goto error;
245  }
246  if (!lt_set && !not_set) {
247  s->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8));
248  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
249  s->proto.proto[i] = 0xff;
250  }
251  } else if (lt_set && !not_set) {
252  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
253  while (temp_sm != NULL) {
254  if (temp_sm->type == DETECT_IPPROTO) {
255  break;
256  }
257  temp_sm = temp_sm->next;
258  }
259  if (temp_sm != NULL) {
260  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
261  if (data_temp->proto <= data->proto) {
262  SCLogError("can't have "
263  "both gt and lt ipprotos, with the lt being "
264  "lower than gt value");
265  goto error;
266  } else {
267  for (i = 0; i < (data->proto / 8); i++) {
268  s->proto.proto[i] = 0;
269  }
270  s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
271  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
272  s->proto.proto[i] &= 0xff;
273  }
274  }
275  }
276  } else if (!lt_set && not_set) {
277  for (i = 0; i < (data->proto / 8); i++) {
278  s->proto.proto[i] = 0;
279  }
280  s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
281  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
282  s->proto.proto[i] &= 0xff;
283  }
284  } else {
285  DetectIPProtoData *data_temp;
286  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
287  while (temp_sm != NULL) {
288  if (temp_sm->type == DETECT_IPPROTO &&
289  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) {
290  break;
291  }
292  temp_sm = temp_sm->next;
293  }
294  if (temp_sm != NULL) {
295  data_temp = (DetectIPProtoData *)temp_sm->ctx;
296  if (data_temp->proto <= data->proto) {
297  SCLogError("can't have "
298  "both gt and lt ipprotos, with the lt being "
299  "lower than gt value");
300  goto error;
301  } else {
302  for (i = 0; i < (data->proto / 8); i++) {
303  s->proto.proto[i] = 0;
304  }
305  s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
306  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
307  s->proto.proto[i] &= 0xff;
308  }
309  }
310  }
311  }
312  break;
313 
314  case DETECT_IPPROTO_OP_LT:
315  if (eq_set || lt_set) {
316  SCLogError("can't use a eq or lt "
317  "ipproto along with a less than ipproto in the "
318  "same sig ");
319  goto error;
320  }
321  if (!gt_set && !not_set) {
322  for (i = 0; i < (data->proto / 8); i++) {
323  s->proto.proto[i] = 0xff;
324  }
325  s->proto.proto[data->proto / 8] = (uint8_t)(~(0xff << (data->proto % 8)));
326  } else if (gt_set && !not_set) {
327  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
328  while (temp_sm != NULL) {
329  if (temp_sm->type == DETECT_IPPROTO) {
330  break;
331  }
332  temp_sm = temp_sm->next;
333  }
334  if (temp_sm != NULL) {
335  DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
336  if (data_temp->proto >= data->proto) {
337  SCLogError("can't use a have "
338  "both gt and lt ipprotos, with the lt being "
339  "lower than gt value");
340  goto error;
341  } else {
342  for (i = 0; i < (data->proto / 8); i++) {
343  s->proto.proto[i] &= 0xff;
344  }
345  s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
346  for (i = (data->proto / 8) + 1; i < 256 / 8; i++) {
347  s->proto.proto[i] = 0;
348  }
349  }
350  }
351  } else if (!gt_set && not_set) {
352  for (i = 0; i < (data->proto / 8); i++) {
353  s->proto.proto[i] &= 0xFF;
354  }
355  s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
356  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
357  s->proto.proto[i] = 0;
358  }
359  } else {
360  DetectIPProtoData *data_temp;
361  SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
362  while (temp_sm != NULL) {
363  if (temp_sm->type == DETECT_IPPROTO &&
364  ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) {
365  break;
366  }
367  temp_sm = temp_sm->next;
368  }
369  if (temp_sm != NULL) {
370  data_temp = (DetectIPProtoData *)temp_sm->ctx;
371  if (data_temp->proto >= data->proto) {
372  SCLogError("can't have "
373  "both gt and lt ipprotos, with the lt being "
374  "lower than gt value");
375  goto error;
376  } else {
377  for (i = 0; i < (data->proto / 8); i++) {
378  s->proto.proto[i] &= 0xFF;
379  }
380  s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
381  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
382  s->proto.proto[i] = 0;
383  }
384  }
385  }
386  }
387  break;
388 
389  case DETECT_IPPROTO_OP_NOT:
390  if (eq_set) {
391  SCLogError("can't use a eq "
392  "ipproto along with a not ipproto in the "
393  "same sig ");
394  goto error;
395  }
396  if (!gt_set && !lt_set && !not_set) {
397  for (i = 0; i < (data->proto / 8); i++) {
398  s->proto.proto[i] = 0xff;
399  }
400  s->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8)));
401  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
402  s->proto.proto[i] = 0xff;
403  }
404  } else {
405  for (i = 0; i < (data->proto / 8); i++) {
406  s->proto.proto[i] &= 0xff;
407  }
408  s->proto.proto[data->proto / 8] &= ~(1 << (data->proto % 8));
409  for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
410  s->proto.proto[i] &= 0xff;
411  }
412  }
413  break;
414  }
415 
416  if (SigMatchAppendSMToList(
417  de_ctx, s, DETECT_IPPROTO, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) == NULL) {
418  goto error;
419  }
420  s->flags |= SIG_FLAG_REQUIRE_PACKET;
421 
422  return 0;
423 
424  error:
425 
426  DetectIPProtoFree(de_ctx, data);
427  return -1;
428 }
429 
430 void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
431 {
432  SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
433 
434  while (sm != NULL) {
435  if (sm->type != DETECT_IPPROTO) {
436  sm = sm->next;
437  continue;
438  }
439  SigMatch *tmp_sm = sm->next;
440  SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_MATCH);
441  SigMatchFree(de_ctx, sm);
442  sm = tmp_sm;
443  }
444 
445  return;
446 }
447 
448 static void DetectIPProtoFree(DetectEngineCtx *de_ctx, void *ptr)
449 {
450  DetectIPProtoData *data = (DetectIPProtoData *)ptr;
451  if (data) {
452  SCFree(data);
453  }
454 }
455 
456 /* UNITTESTS */
457 #ifdef UNITTESTS
458 #include "detect-engine-alert.h"
459 
460 /**
461  * \test DetectIPProtoTestParse01 is a test for an invalid proto number
462  */
463 static int DetectIPProtoTestParse01(void)
464 {
465  DetectIPProtoData *data = DetectIPProtoParse("999");
466  FAIL_IF_NOT(data == NULL);
467  PASS;
468 }
469 
470 /**
471  * \test DetectIPProtoTestParse02 is a test for an invalid proto name
472  */
473 static int DetectIPProtoTestParse02(void)
474 {
475  DetectIPProtoData *data = DetectIPProtoParse("foobarbooeek");
476  FAIL_IF_NOT(data == NULL);
477  PASS;
478 }
479 
480 /**
481  * \test DetectIPProtoTestSetup01 is a test for a protocol number
482  */
483 static int DetectIPProtoTestSetup01(void)
484 {
485  const char *value_str = "14";
486  int value;
487  FAIL_IF(StringParseInt32(&value, 10, 0, (const char *)value_str) < 0);
488  int i;
489 
490  Signature *sig = SigAlloc();
491  FAIL_IF_NULL(sig);
492 
493  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
494  sig->proto.flags |= DETECT_PROTO_ANY;
495  DetectIPProtoSetup(NULL, sig, value_str);
496  for (i = 0; i < (value / 8); i++) {
497  FAIL_IF(sig->proto.proto[i] != 0);
498  }
499  FAIL_IF(sig->proto.proto[value / 8] != 0x40);
500  for (i = (value / 8) + 1; i < (256 / 8); i++) {
501  FAIL_IF(sig->proto.proto[i] != 0);
502  }
503  SigFree(NULL, sig);
504  PASS;
505 }
506 
507 /**
508  * \test DetectIPProtoTestSetup02 is a test for a protocol name
509  */
510 static int DetectIPProtoTestSetup02(void)
511 {
512  int result = 0;
513  Signature *sig = NULL;
514  const char *value_str = "tcp";
515  struct protoent *pent = getprotobyname(value_str);
516  if (pent == NULL) {
517  goto end;
518  }
519  uint8_t value = (uint8_t)pent->p_proto;
520  int i;
521 
522  if ((sig = SigAlloc()) == NULL)
523  goto end;
524 
525  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
526  sig->proto.flags |= DETECT_PROTO_ANY;
527  DetectIPProtoSetup(NULL, sig, value_str);
528  for (i = 0; i < (value / 8); i++) {
529  if (sig->proto.proto[i] != 0)
530  goto end;
531  }
532  if (sig->proto.proto[value / 8] != 0x40) {
533  goto end;
534  }
535  for (i = (value / 8) + 1; i < (256 / 8); i++) {
536  if (sig->proto.proto[i] != 0)
537  goto end;
538  }
539 
540  result = 1;
541 
542  end:
543  if (sig != NULL)
544  SigFree(NULL, sig);
545  return result;
546 }
547 
548 /**
549  * \test DetectIPProtoTestSetup03 is a test for a < operator
550  */
551 static int DetectIPProtoTestSetup03(void)
552 {
553  int result = 0;
554  Signature *sig;
555  const char *value_str = "<14";
556  int value = 14;
557  int i;
558 
559  if ((sig = SigAlloc()) == NULL)
560  goto end;
561 
562  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
563  sig->proto.flags |= DETECT_PROTO_ANY;
564  DetectIPProtoSetup(NULL, sig, value_str);
565  for (i = 0; i < (value / 8); i++) {
566  if (sig->proto.proto[i] != 0xFF)
567  goto end;
568  }
569  if (sig->proto.proto[value / 8] != 0x3F) {
570  goto end;
571  }
572  for (i = (value / 8) + 1; i < (256 / 8); i++) {
573  if (sig->proto.proto[i] != 0)
574  goto end;
575  }
576 
577  result = 1;
578 
579  end:
580  SigFree(NULL, sig);
581  return result;
582 }
583 
584 /**
585  * \test DetectIPProtoTestSetup04 is a test for a > operator
586  */
587 static int DetectIPProtoTestSetup04(void)
588 {
589  int result = 0;
590  Signature *sig;
591  const char *value_str = ">14";
592  int value = 14;
593  int i;
594 
595  if ((sig = SigAlloc()) == NULL)
596  goto end;
597 
598  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
599  sig->proto.flags |= DETECT_PROTO_ANY;
600  DetectIPProtoSetup(NULL, sig, value_str);
601  for (i = 0; i < (value / 8); i++) {
602  if (sig->proto.proto[i] != 0)
603  goto end;
604  }
605  if (sig->proto.proto[value / 8] != 0x80) {
606  goto end;
607  }
608  for (i = (value / 8) + 1; i < (256 / 8); i++) {
609  if (sig->proto.proto[i] != 0xFF)
610  goto end;
611  }
612 
613  result = 1;
614 
615  end:
616  SigFree(NULL, sig);
617  return result;
618 }
619 
620 /**
621  * \test DetectIPProtoTestSetup05 is a test for a ! operator
622  */
623 static int DetectIPProtoTestSetup05(void)
624 {
625  int result = 0;
626  Signature *sig;
627  const char *value_str = "!14";
628  int value = 14;
629  int i;
630 
631  if ((sig = SigAlloc()) == NULL)
632  goto end;
633 
634  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
635  sig->proto.flags |= DETECT_PROTO_ANY;
636  DetectIPProtoSetup(NULL, sig, value_str);
637  for (i = 0; i < (value / 8); i++) {
638  if (sig->proto.proto[i] != 0xFF)
639  goto end;
640  }
641  if (sig->proto.proto[value / 8] != 0xBF) {
642  goto end;
643  }
644  for (i = (value / 8) + 1; i < (256 / 8); i++) {
645  if (sig->proto.proto[i] != 0xFF)
646  goto end;
647  }
648 
649  result = 1;
650 
651  end:
652  SigFree(NULL, sig);
653  return result;
654 }
655 
656 /**
657  * \test Negative test.
658  */
659 static int DetectIPProtoTestSetup06(void)
660 {
661  int result = 0;
662  Signature *sig;
663  const char *value1_str = "14";
664  const char *value2_str = "15";
665 
666  if ((sig = SigAlloc()) == NULL)
667  goto end;
668 
669  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
670  sig->proto.flags |= DETECT_PROTO_ANY;
671  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
672  goto end;
673  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
674  goto end;
675 
676  result = 1;
677 
678  end:
679  SigFree(NULL, sig);
680  return result;
681 }
682 
683 /**
684  * \test Negative test.
685  */
686 static int DetectIPProtoTestSetup07(void)
687 {
688  int result = 0;
689  Signature *sig;
690  const char *value1_str = "14";
691  const char *value2_str = "<15";
692 
693  if ((sig = SigAlloc()) == NULL)
694  goto end;
695 
696  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
697  sig->proto.flags |= DETECT_PROTO_ANY;
698  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
699  goto end;
700  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
701  goto end;
702 
703  result = 1;
704 
705  end:
706  SigFree(NULL, sig);
707  return result;
708 }
709 
710 /**
711  * \test Negative test.
712  */
713 static int DetectIPProtoTestSetup08(void)
714 {
715  int result = 0;
716  Signature *sig;
717  const char *value1_str = "14";
718  const char *value2_str = ">15";
719 
720  if ((sig = SigAlloc()) == NULL)
721  goto end;
722 
723  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
724  sig->proto.flags |= DETECT_PROTO_ANY;
725  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
726  goto end;
727  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
728  goto end;
729 
730  result = 1;
731 
732  end:
733  SigFree(NULL, sig);
734  return result;
735 }
736 
737 /**
738  * \test Negative test.
739  */
740 static int DetectIPProtoTestSetup09(void)
741 {
742  int result = 0;
743  Signature *sig;
744  const char *value1_str = "14";
745  const char *value2_str = "!15";
746 
747  if ((sig = SigAlloc()) == NULL)
748  goto end;
749 
750  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
751  sig->proto.flags |= DETECT_PROTO_ANY;
752  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
753  goto end;
754  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
755  goto end;
756 
757  result = 1;
758 
759  end:
760  SigFree(NULL, sig);
761  return result;
762 }
763 
764 /**
765  * \test Negative test.
766  */
767 static int DetectIPProtoTestSetup10(void)
768 {
769  int result = 0;
770  Signature *sig;
771  const char *value1_str = ">14";
772  const char *value2_str = "15";
773 
774  if ((sig = SigAlloc()) == NULL)
775  goto end;
776 
777  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
778  sig->proto.flags |= DETECT_PROTO_ANY;
779  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
780  goto end;
781  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
782  goto end;
783 
784  result = 1;
785 
786  end:
787  SigFree(NULL, sig);
788  return result;
789 }
790 
791 /**
792  * \test Negative test.
793  */
794 static int DetectIPProtoTestSetup11(void)
795 {
796  int result = 0;
797  Signature *sig;
798  const char *value1_str = "<14";
799  const char *value2_str = "15";
800 
801  if ((sig = SigAlloc()) == NULL)
802  goto end;
803 
804  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
805  sig->proto.flags |= DETECT_PROTO_ANY;
806  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
807  goto end;
808  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
809  goto end;
810 
811  result = 1;
812 
813  end:
814  SigFree(NULL, sig);
815  return result;
816 }
817 
818 /**
819  * \test Negative test.
820  */
821 static int DetectIPProtoTestSetup12(void)
822 {
823  int result = 0;
824  Signature *sig;
825  const char *value1_str = "!14";
826  const char *value2_str = "15";
827 
828  if ((sig = SigAlloc()) == NULL)
829  goto end;
830 
831  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
832  sig->proto.flags |= DETECT_PROTO_ANY;
833  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
834  goto end;
835  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
836  goto end;
837 
838  result = 1;
839 
840  end:
841  SigFree(NULL, sig);
842  return result;
843 }
844 
845 /**
846  * \test Negative test.
847  */
848 static int DetectIPProtoTestSetup13(void)
849 {
850  int result = 0;
851  Signature *sig;
852  const char *value1_str = ">14";
853  const char *value2_str = ">15";
854 
855  if ((sig = SigAlloc()) == NULL)
856  goto end;
857 
858  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
859  sig->proto.flags |= DETECT_PROTO_ANY;
860  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
861  goto end;
862  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
863  goto end;
864 
865  result = 1;
866 
867  end:
868  SigFree(NULL, sig);
869  return result;
870 }
871 
872 static int DetectIPProtoTestSetup14(void)
873 {
874  int result = 0;
875  Signature *sig;
876  const char *value1_str = "<14";
877  const char *value2_str = "<15";
878 
879  if ((sig = SigAlloc()) == NULL)
880  goto end;
881 
882  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
883  sig->proto.flags |= DETECT_PROTO_ANY;
884  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
885  goto end;
886  if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
887  goto end;
888 
889  result = 1;
890 
891  end:
892  SigFree(NULL, sig);
893  return result;
894 }
895 
896 static int DetectIPProtoTestSetup15(void)
897 {
898  int result = 0;
899  Signature *sig;
900  const char *value1_str = "<14";
901  int value1 = 14;
902  const char *value2_str = ">34";
903  int i;
904 
905  if ((sig = SigAlloc()) == NULL)
906  goto end;
907 
908  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
909  sig->proto.flags |= DETECT_PROTO_ANY;
910  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
911  goto end;
912  for (i = 0; i < (value1 / 8); i++) {
913  if (sig->proto.proto[i] != 0xFF)
914  goto end;
915  }
916  if (sig->proto.proto[value1 / 8] != 0x3F) {
917  goto end;
918  }
919  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
920  if (sig->proto.proto[i] != 0)
921  goto end;
922  }
923  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
924  goto end;
925 
926  result = 1;
927 
928  end:
929  SigFree(NULL, sig);
930  return result;
931 
932 }
933 
934 static int DetectIPProtoTestSetup16(void)
935 {
936  int result = 0;
937  Signature *sig;
938  const char *value1_str = "<14";
939  const char *value2_str = ">34";
940  int value2 = 34;
941  int i;
942 
943  if ((sig = SigAlloc()) == NULL)
944  goto end;
945 
946  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
947  sig->proto.flags |= DETECT_PROTO_ANY;
948  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
949  goto end;
950  for (i = 0; i < (value2 / 8); i++) {
951  if (sig->proto.proto[i] != 0)
952  goto end;
953  }
954  if (sig->proto.proto[value2 / 8] != 0xF8) {
955  goto end;
956  }
957  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
958  if (sig->proto.proto[i] != 0xFF)
959  goto end;
960  }
961  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
962  goto end;
963 
964  result = 1;
965 
966  end:
967  SigFree(NULL, sig);
968  return result;
969 
970 }
971 
972 static int DetectIPProtoTestSetup17(void)
973 {
974  int result = 0;
975  Signature *sig;
976  const char *value1_str = "<11";
977  int value1 = 11;
978  const char *value2_str = ">13";
979  int i;
980 
981  if ((sig = SigAlloc()) == NULL)
982  goto end;
983 
984  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
985  sig->proto.flags |= DETECT_PROTO_ANY;
986  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
987  goto end;
988  for (i = 0; i < (value1 / 8); i++) {
989  if (sig->proto.proto[i] != 0xFF)
990  goto end;
991  }
992  if (sig->proto.proto[value1 / 8] != 0x07) {
993  goto end;
994  }
995  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
996  if (sig->proto.proto[i] != 0)
997  goto end;
998  }
999  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1000  goto end;
1001 
1002  result = 1;
1003 
1004  end:
1005  SigFree(NULL, sig);
1006  return result;
1007 
1008 }
1009 
1010 static int DetectIPProtoTestSetup18(void)
1011 {
1012  int result = 0;
1013  Signature *sig;
1014  const char *value1_str = "<11";
1015  const char *value2_str = ">13";
1016  int value2 = 13;
1017  int i;
1018 
1019  if ((sig = SigAlloc()) == NULL)
1020  goto end;
1021 
1022  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1023  sig->proto.flags |= DETECT_PROTO_ANY;
1024  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1025  goto end;
1026  for (i = 0; i < (value2 / 8); i++) {
1027  if (sig->proto.proto[i] != 0)
1028  goto end;
1029  }
1030  if (sig->proto.proto[value2 / 8] != 0xC0) {
1031  goto end;
1032  }
1033  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1034  if (sig->proto.proto[i] != 0xFF)
1035  goto end;
1036  }
1037  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1038  goto end;
1039 
1040  result = 1;
1041 
1042  end:
1043  SigFree(NULL, sig);
1044  return result;
1045 
1046 }
1047 
1048 static int DetectIPProtoTestSetup19(void)
1049 {
1050  int result = 0;
1051  Signature *sig;
1052  const char *value1_str = "<11";
1053  int value1 = 11;
1054  const char *value2_str = "!13";
1055  const char *value3_str = ">36";
1056  int i;
1057 
1058  if ((sig = SigAlloc()) == NULL)
1059  goto end;
1060 
1061  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1062  sig->proto.flags |= DETECT_PROTO_ANY;
1063  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1064  goto end;
1065  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1066  goto end;
1067  for (i = 0; i < (value1 / 8); i++) {
1068  if (sig->proto.proto[i] != 0xFF)
1069  goto end;
1070  }
1071  if (sig->proto.proto[value1 / 8] != 0x07) {
1072  goto end;
1073  }
1074  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1075  if (sig->proto.proto[i] != 0)
1076  goto end;
1077  }
1078  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1079  goto end;
1080 
1081  result = 1;
1082 
1083  end:
1084  SigFree(NULL, sig);
1085  return result;
1086 }
1087 
1088 static int DetectIPProtoTestSetup20(void)
1089 {
1090  int result = 0;
1091  Signature *sig;
1092  const char *value1_str = "<11";
1093  int value1 = 11;
1094  const char *value3_str = ">36";
1095  int i;
1096 
1097  if ((sig = SigAlloc()) == NULL)
1098  goto end;
1099 
1100  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1101  sig->proto.flags |= DETECT_PROTO_ANY;
1102  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1103  goto end;
1104  for (i = 0; i < (value1 / 8); i++) {
1105  if (sig->proto.proto[i] != 0xFF)
1106  goto end;
1107  }
1108  if (sig->proto.proto[value1 / 8] != 0x07) {
1109  goto end;
1110  }
1111  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1112  if (sig->proto.proto[i] != 0)
1113  goto end;
1114  }
1115  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1116  goto end;
1117 
1118  result = 1;
1119 
1120  end:
1121  SigFree(NULL, sig);
1122  return result;
1123 }
1124 
1125 static int DetectIPProtoTestSetup21(void)
1126 {
1127  int result = 0;
1128  Signature *sig;
1129  const char *value1_str = "<11";
1130  int value1 = 11;
1131  const char *value2_str = "!13";
1132  const char *value3_str = ">36";
1133  int i;
1134 
1135  if ((sig = SigAlloc()) == NULL)
1136  goto end;
1137 
1138  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1139  sig->proto.flags |= DETECT_PROTO_ANY;
1140  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1141  goto end;
1142  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1143  goto end;
1144  for (i = 0; i < (value1 / 8); i++) {
1145  if (sig->proto.proto[i] != 0xFF)
1146  goto end;
1147  }
1148  if (sig->proto.proto[value1 / 8] != 0x07) {
1149  goto end;
1150  }
1151  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1152  if (sig->proto.proto[i] != 0)
1153  goto end;
1154  }
1155  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1156  goto end;
1157 
1158  result = 1;
1159 
1160  end:
1161  SigFree(NULL, sig);
1162  return result;
1163 }
1164 
1165 static int DetectIPProtoTestSetup22(void)
1166 {
1167  int result = 0;
1168  Signature *sig;
1169  const char *value1_str = "<11";
1170  const char *value2_str = "!13";
1171  const char *value3_str = ">36";
1172  int value3 = 36;
1173  int i;
1174 
1175  if ((sig = SigAlloc()) == NULL)
1176  goto end;
1177 
1178  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1179  sig->proto.flags |= DETECT_PROTO_ANY;
1180  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1181  goto end;
1182  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1183  goto end;
1184  for (i = 0; i < (value3 / 8); i++) {
1185  if (sig->proto.proto[i] != 0)
1186  goto end;
1187  }
1188  if (sig->proto.proto[value3 / 8] != 0xE0) {
1189  goto end;
1190  }
1191  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1192  if (sig->proto.proto[i] != 0xFF)
1193  goto end;
1194  }
1195  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1196  goto end;
1197 
1198  result = 1;
1199 
1200  end:
1201  SigFree(NULL, sig);
1202  return result;
1203 }
1204 
1205 static int DetectIPProtoTestSetup23(void)
1206 {
1207  int result = 0;
1208  Signature *sig;
1209  const char *value1_str = "<11";
1210  const char *value3_str = ">36";
1211  int value3 = 36;
1212  int i;
1213 
1214  if ((sig = SigAlloc()) == NULL)
1215  goto end;
1216 
1217  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1218  sig->proto.flags |= DETECT_PROTO_ANY;
1219  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1220  goto end;
1221  for (i = 0; i < (value3 / 8); i++) {
1222  if (sig->proto.proto[i] != 0)
1223  goto end;
1224  }
1225  if (sig->proto.proto[value3 / 8] != 0xE0) {
1226  goto end;
1227  }
1228  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1229  if (sig->proto.proto[i] != 0xFF)
1230  goto end;
1231  }
1232  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1233  goto end;
1234 
1235  result = 1;
1236 
1237  end:
1238  SigFree(NULL, sig);
1239  return result;
1240 }
1241 
1242 static int DetectIPProtoTestSetup24(void)
1243 {
1244  int result = 0;
1245  Signature *sig;
1246  const char *value1_str = "<11";
1247  const char *value2_str = "!13";
1248  const char *value3_str = ">36";
1249  int value3 = 36;
1250  int i;
1251 
1252  if ((sig = SigAlloc()) == NULL)
1253  goto end;
1254 
1255  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1256  sig->proto.flags |= DETECT_PROTO_ANY;
1257  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1258  goto end;
1259  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1260  goto end;
1261  for (i = 0; i < (value3 / 8); i++) {
1262  if (sig->proto.proto[i] != 0)
1263  goto end;
1264  }
1265  if (sig->proto.proto[value3 / 8] != 0xE0) {
1266  goto end;
1267  }
1268  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1269  if (sig->proto.proto[i] != 0xFF)
1270  goto end;
1271  }
1272  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1273  goto end;
1274 
1275  result = 1;
1276 
1277  end:
1278  SigFree(NULL, sig);
1279  return result;
1280 }
1281 
1282 static int DetectIPProtoTestSetup33(void)
1283 {
1284  int result = 0;
1285  Signature *sig;
1286  const char *value1_str = "<11";
1287  int value1 = 11;
1288  const char *value2_str = "!34";
1289  const char *value3_str = ">36";
1290  int i;
1291 
1292  if ((sig = SigAlloc()) == NULL)
1293  goto end;
1294 
1295  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1296  sig->proto.flags |= DETECT_PROTO_ANY;
1297  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1298  goto end;
1299  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1300  goto end;
1301  for (i = 0; i < (value1 / 8); i++) {
1302  if (sig->proto.proto[i] != 0xFF)
1303  goto end;
1304  }
1305  if (sig->proto.proto[value1 / 8] != 0x07) {
1306  goto end;
1307  }
1308  for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1309  if (sig->proto.proto[i] != 0)
1310  goto end;
1311  }
1312  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1313  goto end;
1314 
1315  result = 1;
1316 
1317  end:
1318  SigFree(NULL, sig);
1319  return result;
1320 }
1321 
1322 static int DetectIPProtoTestSetup34(void)
1323 {
1324  int result = 0;
1325  Signature *sig;
1326  const char *value1_str = "<11";
1327  int value1 = 11;
1328  const char *value2_str = "!34";
1329  const char *value3_str = ">36";
1330  int value3 = 36;
1331  int i;
1332 
1333  if ((sig = SigAlloc()) == NULL)
1334  goto end;
1335 
1336  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1337  sig->proto.flags |= DETECT_PROTO_ANY;
1338  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1339  goto end;
1340  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1341  goto end;
1342  for (i = 0; i < (value1 / 8); i++) {
1343  if (sig->proto.proto[i] != 0)
1344  goto end;
1345  }
1346  if (sig->proto.proto[value3 / 8] != 0xE0) {
1347  goto end;
1348  }
1349  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1350  if (sig->proto.proto[i] != 0xFF)
1351  goto end;
1352  }
1353  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1354  goto end;
1355 
1356  result = 1;
1357 
1358  end:
1359  SigFree(NULL, sig);
1360  return result;
1361 }
1362 
1363 static int DetectIPProtoTestSetup36(void)
1364 {
1365  int result = 0;
1366  Signature *sig;
1367  const char *value1_str = "<11";
1368  const char *value2_str = "!34";
1369  const char *value3_str = ">36";
1370  int value3 = 36;
1371  int i;
1372 
1373  if ((sig = SigAlloc()) == NULL)
1374  goto end;
1375 
1376  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1377  sig->proto.flags |= DETECT_PROTO_ANY;
1378  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1379  goto end;
1380  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1381  goto end;
1382  for (i = 0; i < (value3 / 8); i++) {
1383  if (sig->proto.proto[i] != 0)
1384  goto end;
1385  }
1386  if (sig->proto.proto[value3 / 8] != 0xE0) {
1387  goto end;
1388  }
1389  for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1390  if (sig->proto.proto[i] != 0xFF)
1391  goto end;
1392  }
1393  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1394  goto end;
1395 
1396  result = 1;
1397 
1398  end:
1399  SigFree(NULL, sig);
1400  return result;
1401 }
1402 
1403 static int DetectIPProtoTestSetup43(void)
1404 {
1405  int result = 0;
1406  Signature *sig;
1407  const char *value1_str = "!4";
1408  int value1 = 4;
1409  const char *value2_str = "<13";
1410  int value2 = 13;
1411  const char *value3_str = ">34";
1412  int i;
1413 
1414  if ((sig = SigAlloc()) == NULL)
1415  goto end;
1416 
1417  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1418  sig->proto.flags |= DETECT_PROTO_ANY;
1419  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1420  goto end;
1421  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1422  goto end;
1423  if (sig->proto.proto[value1 / 8] != 0xEF) {
1424  goto end;
1425  }
1426  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1427  if (sig->proto.proto[i] != 0xFF)
1428  goto end;
1429  }
1430  if (sig->proto.proto[value2 / 8] != 0x1F) {
1431  goto end;
1432  }
1433  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1434  if (sig->proto.proto[i] != 0)
1435  goto end;
1436  }
1437  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1438  goto end;
1439 
1440  result = 1;
1441 
1442  end:
1443  SigFree(NULL, sig);
1444  return result;
1445 }
1446 
1447 static int DetectIPProtoTestSetup44(void)
1448 {
1449  int result = 0;
1450  Signature *sig;
1451  const char *value1_str = "!4";
1452  const char *value2_str = "<13";
1453  const char *value3_str = ">34";
1454  int value3 = 34;
1455  int i;
1456 
1457  if ((sig = SigAlloc()) == NULL)
1458  goto end;
1459 
1460  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1461  sig->proto.flags |= DETECT_PROTO_ANY;
1462  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1463  goto end;
1464  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1465  goto end;
1466  for (i = 0; i < (value3 / 8); i++) {
1467  if (sig->proto.proto[i] != 0)
1468  goto end;
1469  }
1470  if (sig->proto.proto[value3 / 8] != 0xF8) {
1471  goto end;
1472  }
1473  for (i = (value3 / 8) + 1; i < 256 / 8; i++) {
1474  if (sig->proto.proto[i] != 0xFF)
1475  goto end;
1476  }
1477  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1478  goto end;
1479 
1480  result = 1;
1481 
1482  end:
1483  SigFree(NULL, sig);
1484  return result;
1485 }
1486 
1487 static int DetectIPProtoTestSetup45(void)
1488 {
1489  int result = 0;
1490  Signature *sig;
1491  const char *value1_str = "!4";
1492  int value1 = 4;
1493  const char *value2_str = "<13";
1494  int value2 = 13;
1495  const char *value3_str = ">34";
1496  int i;
1497 
1498  if ((sig = SigAlloc()) == NULL)
1499  goto end;
1500 
1501  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1502  sig->proto.flags |= DETECT_PROTO_ANY;
1503  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1504  goto end;
1505  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1506  goto end;
1507  if (sig->proto.proto[value1 / 8] != 0xEF) {
1508  goto end;
1509  }
1510  for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1511  if (sig->proto.proto[i] != 0xFF)
1512  goto end;
1513  }
1514  if (sig->proto.proto[value2 / 8] != 0x1F) {
1515  goto end;
1516  }
1517  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1518  if (sig->proto.proto[i] != 0)
1519  goto end;
1520  }
1521  if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1522  goto end;
1523 
1524  result = 1;
1525 
1526  end:
1527  SigFree(NULL, sig);
1528  return result;
1529 }
1530 
1531 static int DetectIPProtoTestSetup56(void)
1532 {
1533  int result = 0;
1534  Signature *sig;
1535  const char *value1_str = "<13";
1536  int value1 = 13;
1537  const char *value2_str = ">34";
1538  const char *value3_str = "!37";
1539  int i;
1540 
1541  if ((sig = SigAlloc()) == NULL)
1542  goto end;
1543 
1544  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1545  sig->proto.flags |= DETECT_PROTO_ANY;
1546  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1547  goto end;
1548  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1549  goto end;
1550  for (i = 0; i < (value1 / 8); i++) {
1551  if (sig->proto.proto[i] != 0xFF)
1552  goto end;
1553  }
1554  if (sig->proto.proto[value1 / 8] != 0x1F) {
1555  goto end;
1556  }
1557  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1558  if (sig->proto.proto[i] != 0)
1559  goto end;
1560  }
1561  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1562  goto end;
1563 
1564  result = 1;
1565 
1566  end:
1567  SigFree(NULL, sig);
1568  return result;
1569 }
1570 
1571 static int DetectIPProtoTestSetup75(void)
1572 {
1573  int result = 0;
1574  Signature *sig;
1575  const char *value1_str = "!8";
1576  const char *value2_str = ">10";
1577  int value2 = 10;
1578  int i;
1579 
1580  if ((sig = SigAlloc()) == NULL)
1581  goto end;
1582 
1583  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1584  sig->proto.flags |= DETECT_PROTO_ANY;
1585  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1586  goto end;
1587  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1588  goto end;
1589  for (i = 0; i < (value2 / 8); i++) {
1590  if (sig->proto.proto[i] != 0)
1591  goto end;
1592  }
1593  if (sig->proto.proto[value2 / 8] != 0xF8) {
1594  goto end;
1595  }
1596  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1597  if (sig->proto.proto[i] != 0xFF)
1598  goto end;
1599  }
1600 
1601  result = 1;
1602 
1603  end:
1604  SigFree(NULL, sig);
1605  return result;
1606 }
1607 
1608 static int DetectIPProtoTestSetup76(void)
1609 {
1610  int result = 0;
1611  Signature *sig;
1612  const char *value1_str = "!8";
1613  const char *value2_str = ">10";
1614  int value2 = 10;
1615  int i;
1616 
1617  if ((sig = SigAlloc()) == NULL)
1618  goto end;
1619 
1620  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1621  sig->proto.flags |= DETECT_PROTO_ANY;
1622  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1623  goto end;
1624  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1625  goto end;
1626  for (i = 0; i < (value2 / 8); i++) {
1627  if (sig->proto.proto[i] != 0)
1628  goto end;
1629  }
1630  if (sig->proto.proto[value2 / 8] != 0xF8) {
1631  goto end;
1632  }
1633  for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1634  if (sig->proto.proto[i] != 0xFF)
1635  goto end;
1636  }
1637 
1638  result = 1;
1639 
1640  end:
1641  SigFree(NULL, sig);
1642  return result;
1643 }
1644 
1645 static int DetectIPProtoTestSetup129(void)
1646 {
1647  int result = 0;
1648  Signature *sig;
1649  const char *value1_str = "<10";
1650  int value1 = 10;
1651  const char *value2_str = ">10";
1652  int i;
1653 
1654  if ((sig = SigAlloc()) == NULL)
1655  goto end;
1656 
1657  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1658  sig->proto.flags |= DETECT_PROTO_ANY;
1659  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1660  goto end;
1661  for (i = 0; i < (value1 / 8); i++) {
1662  if (sig->proto.proto[i] != 0xFF)
1663  goto end;
1664  }
1665  if (sig->proto.proto[value1 / 8] != 0x03) {
1666  goto end;
1667  }
1668  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1669  if (sig->proto.proto[i] != 0)
1670  goto end;
1671  }
1672  if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1673  goto end;
1674 
1675  result = 1;
1676 
1677  end:
1678  SigFree(NULL, sig);
1679  return result;
1680 }
1681 
1682 static int DetectIPProtoTestSetup130(void)
1683 {
1684  int result = 0;
1685  Signature *sig;
1686  const char *value1_str = "<10";
1687  const char *value2_str = ">10";
1688  int value2 = 10;
1689  int i;
1690 
1691  if ((sig = SigAlloc()) == NULL)
1692  goto end;
1693 
1694  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1695  sig->proto.flags |= DETECT_PROTO_ANY;
1696  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1697  goto end;
1698  if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1699  goto end;
1700  for (i = 0; i < (value2 / 8); i++) {
1701  if (sig->proto.proto[i] != 0)
1702  goto end;
1703  }
1704  if (sig->proto.proto[value2 / 8] != 0xF8) {
1705  goto end;
1706  }
1707  for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1708  if (sig->proto.proto[i] != 0xFF)
1709  goto end;
1710  }
1711 
1712  result = 1;
1713 
1714  end:
1715  SigFree(NULL, sig);
1716  return result;
1717 }
1718 
1719 static int DetectIPProtoTestSetup131(void)
1720 {
1721  int result = 0;
1722  Signature *sig;
1723  const char *value1_str = "<10";
1724  int value1 = 10;
1725  const char *value2_str = "!10";
1726  int i;
1727 
1728  if ((sig = SigAlloc()) == NULL)
1729  goto end;
1730 
1731  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1732  sig->proto.flags |= DETECT_PROTO_ANY;
1733  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1734  goto end;
1735  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1736  goto end;
1737  for (i = 0; i < (value1 / 8); i++) {
1738  if (sig->proto.proto[i] != 0xFF)
1739  goto end;
1740  }
1741  if (sig->proto.proto[value1 / 8] != 0x03) {
1742  goto end;
1743  }
1744  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1745  if (sig->proto.proto[i] != 0x0)
1746  goto end;
1747  }
1748 
1749  result = 1;
1750 
1751  end:
1752  SigFree(NULL, sig);
1753  return result;
1754 }
1755 
1756 static int DetectIPProtoTestSetup132(void)
1757 {
1758  int result = 0;
1759  Signature *sig;
1760  const char *value1_str = "<10";
1761  int value1 = 10;
1762  const char *value2_str = "!10";
1763  int i;
1764 
1765  if ((sig = SigAlloc()) == NULL)
1766  goto end;
1767 
1768  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1769  sig->proto.flags |= DETECT_PROTO_ANY;
1770  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1771  goto end;
1772  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1773  goto end;
1774  for (i = 0; i < (value1 / 8); i++) {
1775  if (sig->proto.proto[i] != 0xFF)
1776  goto end;
1777  }
1778  if (sig->proto.proto[value1 / 8] != 0x03) {
1779  goto end;
1780  }
1781  for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1782  if (sig->proto.proto[i] != 0x0)
1783  goto end;
1784  }
1785 
1786  result = 1;
1787 
1788  end:
1789  SigFree(NULL, sig);
1790  return result;
1791 }
1792 
1793 static int DetectIPProtoTestSetup145(void)
1794 {
1795  int result = 0;
1796  Signature *sig;
1797  const char *value1_str = "!4";
1798  const char *value2_str = ">8";
1799  const char *value3_str = "!10";
1800  const char *value4_str = "!14";
1801  const char *value5_str = "!27";
1802  const char *value6_str = "!29";
1803  const char *value7_str = "!30";
1804  const char *value8_str = "!34";
1805  const char *value9_str = "<36";
1806  const char *value10_str = "!38";
1807  int value10 = 38;
1808 
1809  int i;
1810 
1811  if ((sig = SigAlloc()) == NULL)
1812  goto end;
1813 
1814  sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1815  sig->proto.flags |= DETECT_PROTO_ANY;
1816  if (DetectIPProtoSetup(NULL, sig, value5_str) != 0)
1817  goto end;
1818  if (DetectIPProtoSetup(NULL, sig, value8_str) != 0)
1819  goto end;
1820  if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1821  goto end;
1822  if (DetectIPProtoSetup(NULL, sig, value10_str) != 0)
1823  goto end;
1824  if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1825  goto end;
1826  if (DetectIPProtoSetup(NULL, sig, value6_str) != 0)
1827  goto end;
1828  if (DetectIPProtoSetup(NULL, sig, value9_str) != 0)
1829  goto end;
1830  if (DetectIPProtoSetup(NULL, sig, value4_str) != 0)
1831  goto end;
1832  if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1833  goto end;
1834  if (DetectIPProtoSetup(NULL, sig, value7_str) != 0)
1835  goto end;
1836  if (sig->proto.proto[0] != 0) {
1837  goto end;
1838  }
1839  if (sig->proto.proto[1] != 0xBA) {
1840  goto end;
1841  }
1842  if (sig->proto.proto[2] != 0xFF) {
1843  goto end;
1844  }
1845  if (sig->proto.proto[3] != 0x97) {
1846  goto end;
1847  }
1848  if (sig->proto.proto[4] != 0x0B) {
1849  goto end;
1850  }
1851  for (i = (value10 / 8) + 1; i < 256 / 8; i++) {
1852  if (sig->proto.proto[i] != 0)
1853  goto end;
1854  }
1855 
1856  result = 1;
1857 
1858  end:
1859  SigFree(NULL, sig);
1860  return result;
1861 }
1862 
1863 static int DetectIPProtoTestSig1(void)
1864 {
1865  int result = 0;
1866  uint8_t *buf = (uint8_t *)
1867  "GET /one/ HTTP/1.1\r\n"
1868  "Host: one.example.org\r\n"
1869  "\r\n";
1870  uint16_t buflen = strlen((char *)buf);
1871  Packet *p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
1872  if (p == NULL)
1873  return 0;
1874 
1875  const char *sigs[4];
1876  sigs[0] = "alert ip any any -> any any "
1877  "(msg:\"Not tcp\"; ip_proto:!tcp; content:\"GET \"; sid:1;)";
1878  sigs[1] = "alert ip any any -> any any "
1879  "(msg:\"Less than 7\"; content:\"GET \"; ip_proto:<7; sid:2;)";
1880  sigs[2] = "alert ip any any -> any any "
1881  "(msg:\"Greater than 5\"; content:\"GET \"; ip_proto:>5; sid:3;)";
1882  sigs[3] = "alert ip any any -> any any "
1883  "(msg:\"Equals tcp\"; content:\"GET \"; ip_proto:tcp; sid:4;)";
1884 
1885  /* sids to match */
1886  uint32_t sid[4] = {1, 2, 3, 4};
1887  /* expected matches for each sid within this packet we are testing */
1888  uint32_t results[4] = {0, 1, 1, 1};
1889 
1890  /* remember that UTHGenericTest expect the first parameter
1891  * as an array of packet pointers. And also a bidimensional array of results
1892  * For example:
1893  * results[numpacket][position] should hold the number of times
1894  * that the sid at sid[position] matched that packet (should be always 1..)
1895  * But here we built it as unidimensional array
1896  */
1897  result = UTHGenericTest(&p, 1, sigs, sid, results, 4);
1898 
1899  UTHFreePacket(p);
1900  return result;
1901 }
1902 
1903 static int DetectIPProtoTestSig2(void)
1904 {
1905  int result = 0;
1906 
1907  uint8_t raw_eth[] = {
1908  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1909  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1910  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1911  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1912  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1913  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1914  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1915  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1916  0x4a, 0xea, 0x7a, 0x8e,
1917  };
1918 
1919  Packet *p = PacketGetFromAlloc();
1920  if (unlikely(p == NULL))
1921  return 0;
1922 
1923  DecodeThreadVars dtv;
1924  ThreadVars th_v;
1925  DetectEngineThreadCtx *det_ctx = NULL;
1926 
1927  p->proto = 0;
1928  memset(&dtv, 0, sizeof(DecodeThreadVars));
1929  memset(&th_v, 0, sizeof(th_v));
1930 
1931  FlowInitConfig(FLOW_QUIET);
1932  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1933 
1934  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1935  if (de_ctx == NULL) {
1936  goto end;
1937  }
1938 
1939  de_ctx->mpm_matcher = mpm_default_matcher;
1940  de_ctx->flags |= DE_QUIET;
1941 
1942  de_ctx->sig_list = SigInit(de_ctx,
1943  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1944  "ip_proto:!103; sid:1;)");
1945  if (de_ctx->sig_list == NULL) {
1946  result = 0;
1947  goto end;
1948  }
1949 
1950  SigGroupBuild(de_ctx);
1951  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1952 
1953  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1954  if (PacketAlertCheck(p, 1) == 0) {
1955  result = 1;
1956  goto end;
1957  } else {
1958  result = 0;
1959  }
1960 
1961  SigGroupCleanup(de_ctx);
1962  SigCleanSignatures(de_ctx);
1963 
1964  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1965  DetectEngineCtxFree(de_ctx);
1966  FlowShutdown();
1967 
1968  SCFree(p);
1969  return result;
1970 
1971 end:
1972  if (de_ctx) {
1973  SigGroupCleanup(de_ctx);
1974  SigCleanSignatures(de_ctx);
1975  }
1976 
1977  if (det_ctx)
1978  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1979  if (de_ctx)
1980  DetectEngineCtxFree(de_ctx);
1981 
1982  FlowShutdown();
1983  SCFree(p);
1984 
1985  return result;
1986 }
1987 
1988 static int DetectIPProtoTestSig3(void)
1989 {
1990  uint8_t raw_eth[] = {
1991  0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1992  0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1993  0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1994  0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1995  0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1996  0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1997  0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1998  0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1999  0x4a, 0xea, 0x7a, 0x8e,
2000  };
2001 
2002  Packet *p = PacketGetFromAlloc();
2003  FAIL_IF_NULL(p);
2004 
2005  DecodeThreadVars dtv;
2006  ThreadVars th_v;
2007  DetectEngineThreadCtx *det_ctx = NULL;
2008 
2009  p->proto = 0;
2010  memset(&dtv, 0, sizeof(DecodeThreadVars));
2011  memset(&th_v, 0, sizeof(th_v));
2012 
2013  FlowInitConfig(FLOW_QUIET);
2014  DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
2015 
2016  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
2017  FAIL_IF(de_ctx == NULL);
2018  de_ctx->mpm_matcher = mpm_default_matcher;
2019  de_ctx->flags |= DE_QUIET;
2020 
2021  Signature *s = DetectEngineAppendSig(de_ctx,
2022  "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
2023  "ip_proto:103; sid:1;)");
2024  FAIL_IF_NULL(s);
2025 
2026  SigGroupBuild(de_ctx);
2027  DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
2028 
2029  SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
2030  FAIL_IF(!PacketAlertCheck(p, 1));
2031  DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
2032  DetectEngineCtxFree(de_ctx);
2033  FlowShutdown();
2034 
2035  PacketFree(p);
2036  PASS;
2037 }
2038 
2039 /**
2040  * \internal
2041  * \brief Register ip_proto tests.
2042  */
2043 static void DetectIPProtoRegisterTests(void)
2044 {
2045  UtRegisterTest("DetectIPProtoTestParse01", DetectIPProtoTestParse01);
2046  UtRegisterTest("DetectIPProtoTestParse02", DetectIPProtoTestParse02);
2047  UtRegisterTest("DetectIPProtoTestSetup01", DetectIPProtoTestSetup01);
2048  UtRegisterTest("DetectIPProtoTestSetup02", DetectIPProtoTestSetup02);
2049  UtRegisterTest("DetectIPProtoTestSetup03", DetectIPProtoTestSetup03);
2050  UtRegisterTest("DetectIPProtoTestSetup04", DetectIPProtoTestSetup04);
2051  UtRegisterTest("DetectIPProtoTestSetup05", DetectIPProtoTestSetup05);
2052  UtRegisterTest("DetectIPProtoTestSetup06", DetectIPProtoTestSetup06);
2053  UtRegisterTest("DetectIPProtoTestSetup07", DetectIPProtoTestSetup07);
2054  UtRegisterTest("DetectIPProtoTestSetup08", DetectIPProtoTestSetup08);
2055  UtRegisterTest("DetectIPProtoTestSetup09", DetectIPProtoTestSetup09);
2056  UtRegisterTest("DetectIPProtoTestSetup10", DetectIPProtoTestSetup10);
2057  UtRegisterTest("DetectIPProtoTestSetup11", DetectIPProtoTestSetup11);
2058  UtRegisterTest("DetectIPProtoTestSetup12", DetectIPProtoTestSetup12);
2059  UtRegisterTest("DetectIPProtoTestSetup13", DetectIPProtoTestSetup13);
2060  UtRegisterTest("DetectIPProtoTestSetup14", DetectIPProtoTestSetup14);
2061  UtRegisterTest("DetectIPProtoTestSetup15", DetectIPProtoTestSetup15);
2062  UtRegisterTest("DetectIPProtoTestSetup16", DetectIPProtoTestSetup16);
2063  UtRegisterTest("DetectIPProtoTestSetup17", DetectIPProtoTestSetup17);
2064  UtRegisterTest("DetectIPProtoTestSetup18", DetectIPProtoTestSetup18);
2065  UtRegisterTest("DetectIPProtoTestSetup19", DetectIPProtoTestSetup19);
2066  UtRegisterTest("DetectIPProtoTestSetup20", DetectIPProtoTestSetup20);
2067  UtRegisterTest("DetectIPProtoTestSetup21", DetectIPProtoTestSetup21);
2068  UtRegisterTest("DetectIPProtoTestSetup22", DetectIPProtoTestSetup22);
2069  UtRegisterTest("DetectIPProtoTestSetup23", DetectIPProtoTestSetup23);
2070  UtRegisterTest("DetectIPProtoTestSetup24", DetectIPProtoTestSetup24);
2071  UtRegisterTest("DetectIPProtoTestSetup33", DetectIPProtoTestSetup33);
2072  UtRegisterTest("DetectIPProtoTestSetup34", DetectIPProtoTestSetup34);
2073  UtRegisterTest("DetectIPProtoTestSetup36", DetectIPProtoTestSetup36);
2074  UtRegisterTest("DetectIPProtoTestSetup43", DetectIPProtoTestSetup43);
2075  UtRegisterTest("DetectIPProtoTestSetup44", DetectIPProtoTestSetup44);
2076  UtRegisterTest("DetectIPProtoTestSetup45", DetectIPProtoTestSetup45);
2077  UtRegisterTest("DetectIPProtoTestSetup56", DetectIPProtoTestSetup56);
2078  UtRegisterTest("DetectIPProtoTestSetup75", DetectIPProtoTestSetup75);
2079  UtRegisterTest("DetectIPProtoTestSetup76", DetectIPProtoTestSetup76);
2080  UtRegisterTest("DetectIPProtoTestSetup129", DetectIPProtoTestSetup129);
2081  UtRegisterTest("DetectIPProtoTestSetup130", DetectIPProtoTestSetup130);
2082  UtRegisterTest("DetectIPProtoTestSetup131", DetectIPProtoTestSetup131);
2083  UtRegisterTest("DetectIPProtoTestSetup132", DetectIPProtoTestSetup132);
2084  UtRegisterTest("DetectIPProtoTestSetup145", DetectIPProtoTestSetup145);
2085 
2086  UtRegisterTest("DetectIPProtoTestSig1", DetectIPProtoTestSig1);
2087  UtRegisterTest("DetectIPProtoTestSig2", DetectIPProtoTestSig2);
2088  UtRegisterTest("DetectIPProtoTestSig3", DetectIPProtoTestSig3);
2089 }
2090 #endif /* UNITTESTS */
DetectIPProtoRemoveAllSMs
void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-ipproto.c:430
util-byte.h
SigTableElmt_::url
const char * url
Definition: detect.h:1299
Packet_::proto
uint8_t proto
Definition: decode.h:459
detect-engine.h
SigMatchRemoveSMFromList
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
Definition: detect-parse.c:540
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition: detect.h:581
SigTableElmt_::desc
const char * desc
Definition: detect.h:1298
SigMatchFree
void SigMatchFree(DetectEngineCtx *de_ctx, SigMatch *sm)
free a SigMatch
Definition: detect-parse.c:347
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1286
DETECT_PROTO_IPV6
#define DETECT_PROTO_IPV6
Definition: detect-engine-proto.h:34
detect-engine-siggroup.h
DetectParseRegex
Definition: detect-parse.h:62
SigTableElmt_::name
const char * name
Definition: detect.h:1296
SigFree
void SigFree(DetectEngineCtx *, Signature *)
Definition: detect-parse.c:1644
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SIGMATCH_QUOTES_OPTIONAL
#define SIGMATCH_QUOTES_OPTIONAL
Definition: detect.h:1488
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:60
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
results
struct DetectRfbSecresult_ results[]
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1290
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:839
DETECT_PROTO_ANY
#define DETECT_PROTO_ANY
Definition: detect-engine-proto.h:27
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2533
DE_QUIET
#define DE_QUIET
Definition: detect.h:324
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition: util-unittest-helper.c:340
mpm_default_matcher
uint8_t mpm_default_matcher
Definition: util-mpm.c:48
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1895
SignatureInitData_::init_flags
uint32_t init_flags
Definition: detect.h:548
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
Definition: detect-parse.c:2674
proto
uint8_t proto
Definition: decode-template.h:0
StringParseInt32
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:622
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:54
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2620
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1281
util-unittest.h
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:537
StringParseUint8
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:361
decode.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1095
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:2791
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
SigMatch_::next
struct SigMatch_ * next
Definition: detect.h:354
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:842
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:190
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:114
SigInit
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Definition: detect-parse.c:2314
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:353
DetectProto_::proto
uint8_t proto[256/8]
Definition: detect-engine-proto.h:37
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition: detect-engine-build.c:2218
Signature_::flags
uint32_t flags
Definition: detect.h:597
Packet_
Definition: decode.h:437
detect-engine-build.h
detect-engine-alert.h
detect-ipproto.h
Signature_::init_data
SignatureInitData * init_data
Definition: detect.h:665
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1264
DETECT_IPPROTO_OP_GT
#define DETECT_IPPROTO_OP_GT
Definition: detect-ipproto.h:31
util-proto-name.h
SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
#define SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
Definition: detect.h:289
DETECT_IPPROTO_OP_EQ
#define DETECT_IPPROTO_OP_EQ
Definition: detect-ipproto.h:28
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2149
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:345
DetectProto_::flags
uint8_t flags
Definition: detect-engine-proto.h:38
DETECT_PROTO_IPV4
#define DETECT_PROTO_IPV4
Definition: detect-engine-proto.h:33
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3244
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
Signature_::proto
DetectProto proto
Definition: detect.h:615
suricata-common.h
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3454
SigMatch_::type
uint16_t type
Definition: detect.h:351
DETECT_IPPROTO_OP_LT
#define DETECT_IPPROTO_OP_LT
Definition: detect-ipproto.h:30
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:685
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:127
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:847
DetectIPProtoData_::op
uint8_t op
Definition: detect-ipproto.h:35
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition: util-unittest-helper.c:546
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:229
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:685
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:448
detect-parse.h
Signature_
Signature container.
Definition: detect.h:596
SigMatch_
a single match condition for a signature
Definition: detect.h:350
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2494
DetectIPProtoData_
Definition: detect-ipproto.h:34
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:42
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition: util-proto-name.c:467
PARSE_REGEX
#define PARSE_REGEX
Regex for parsing our options.
Definition: detect-ipproto.c:50
DETECT_IPPROTO_OP_NOT
#define DETECT_IPPROTO_OP_NOT
Definition: detect-ipproto.h:29
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:447
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:841
SigAlloc
Signature * SigAlloc(void)
Definition: detect-parse.c:1529
DETECT_IPPROTO
@ DETECT_IPPROTO
Definition: detect-engine-register.h:80
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
detect-engine-address.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1288
DetectIPProtoData_::proto
uint8_t proto
Definition: detect-ipproto.h:36
SIG_FLAG_REQUIRE_PACKET
#define SIG_FLAG_REQUIRE_PACKET
Definition: detect.h:249