Go to the documentation of this file.
51 static void DetectL3protoRegisterTests(
void);
76 const char *
str = optstr;
84 if (strcasecmp(
str,
"ipv4") == 0 ||
85 strcasecmp(
str,
"ip4") == 0 ) {
92 }
else if (strcasecmp(
str,
"ipv6") == 0 ||
93 strcasecmp(
str,
"ip6") == 0 ) {
118 static int DetectL3protoTestSig1(
void)
130 memset(&th_v, 0,
sizeof(th_v));
134 p->
proto = IPPROTO_TCP;
149 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ipv6\"; l3_proto:ipv6; sid:2;)");
154 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ip4\"; l3_proto:ip4; sid:3;)");
159 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ip6\"; l3_proto:ip6; sid:2;)");
169 printf(
"sid 1 did not alert, but should have: ");
172 printf(
"sid 2 alerted, but should not have: ");
175 printf(
"sid 3 did not alert, but should have: ");
178 printf(
"sid 4 alerted, but should not have: ");
202 static int DetectL3protoTestSig2(
void)
214 memset(&th_v, 0,
sizeof(th_v));
218 p->
proto = IPPROTO_TCP;
233 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ipv6\"; l3_proto:ipv6; sid:2;)");
238 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ip4\"; l3_proto:ip4; sid:3;)");
243 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ip6\"; l3_proto:ip6; sid:4;)");
253 printf(
"sid 1 alerted, but should not have: ");
256 printf(
"sid 2 did not alert, but should have: ");
259 printf(
"sid 3 alerted, but should not have: ");
262 printf(
"sid 4 did not alert, but should have: ");
285 static int DetectL3protoTestSig3(
void)
297 memset(&th_v, 0,
sizeof(th_v));
301 p->
proto = IPPROTO_TCP;
311 s =
de_ctx->
sig_list =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ipv4 and ip_proto udp\"; l3_proto:ipv4; ip_proto:17; sid:1;)");
316 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ipv6 and ip_proto udp\"; l3_proto:ipv6; ip_proto:17; sid:2;)");
321 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ip4 and ip_proto tcp\"; l3_proto:ipv4; ip_proto:6; sid:3;)");
326 s = s->
next =
SigInit(
de_ctx,
"alert ip any any -> any any (msg:\"l3proto ipv6 and ip_proto tcp\"; l3_proto:ipv6; ip_proto:6; sid:4;)");
336 printf(
"sid 1 alerted, but should not have: ");
339 printf(
"sid 2 alerted, but should not have: ");
342 printf(
"sid 3 alerted, but should not have: ");
345 printf(
"sid 4 did not alert, but should have: ");
366 static void DetectL3protoRegisterTests(
void)
void(* Free)(DetectEngineCtx *, void *)
#define DETECT_PROTO_IPV6
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void DetectL3ProtoRegister(void)
Registration function for ip_proto keyword.
Per thread variable structure.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define DETECT_PROTO_IPV4
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
DetectEngineCtx * DetectEngineCtxInit(void)
void(* RegisterTests)(void)