Go to the documentation of this file.
40 #define PARSE_REGEX "([0x]*[0-9a-f]+)/([0x]*[0-9a-f]+)"
48 #if defined UNITTESTS && defined NFQ
49 static void MarkRegisterTests(
void);
62 #if defined UNITTESTS && defined NFQ
78 static void * DetectMarkParse (
const char *rawstr)
82 const char *str_ptr = NULL;
91 SCLogError(
"pcre_exec parse error, ret %" PRId32
", string %s", ret, rawstr);
95 res = pcre2_substring_get_bynumber(parse_regex.
match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
97 SCLogError(
"pcre2_substring_get_bynumber failed");
101 ptr = (
char *)str_ptr;
107 mark = strtoul(ptr, &endptr, 0);
108 if (errno == ERANGE) {
110 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
114 else if (endptr == ptr && mark == 0) {
116 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
118 }
else if (endptr == ptr) {
120 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
124 res = pcre2_substring_get_bynumber(parse_regex.
match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
126 SCLogError(
"pcre2_substring_get_bynumber failed");
130 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
131 ptr = (
char *)str_ptr;
144 mask = strtoul(ptr, &endptr, 0);
145 if (errno == ERANGE) {
147 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
151 else if (endptr == ptr && mask == 0) {
153 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
156 else if (endptr == ptr) {
158 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
162 SCLogDebug(
"Rule will set mark 0x%x with mask 0x%x", mark, mask);
163 pcre2_substring_free((PCRE2_UCHAR8 *)ptr);
252 #if defined UNITTESTS && defined NFQ
257 static int MarkTestParse01 (
void)
261 data = DetectMarkParse(
"1/1");
273 static int MarkTestParse02 (
void)
277 data = DetectMarkParse(
"4");
289 static int MarkTestParse03 (
void)
293 data = DetectMarkParse(
"0x10/0xff");
305 static int MarkTestParse04 (
void)
309 data = DetectMarkParse(
"0x1g/0xff");
320 static void MarkRegisterTests(
void)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
@ DETECT_SM_LIST_POSTMATCH
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void DetectMarkRegister(void)
Registration function for nfq_set_mark: keyword.
struct Packet_::@41 persistent
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectMarkDataFree(DetectEngineCtx *, void *ptr)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define PKT_REBUILT_FRAGMENT
#define SCLogError(...)
Macro used to log ERROR messages.
a single match condition for a signature
#define PKT_MARK_MODIFIED
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)