48 static void DetectStreamSizeRegisterTests(
void);
51 static bool PrefilterStreamSizeIsPrefilterable(
const Signature *s);
72 static int DetectStreamSizeMatchAux(
const DetectStreamSizeData *sd,
const TcpSession *ssn)
78 if (sd->flags == StreamSizeServer) {
83 }
else if (sd->flags == StreamSizeClient) {
88 }
else if (sd->flags == StreamSizeBoth) {
95 }
else if (sd->flags == StreamSizeEither) {
117 static int DetectStreamSizeMatch(
121 const DetectStreamSizeData *sd = (
const DetectStreamSizeData *)ctx;
145 DetectStreamSizeData *sd = rs_detect_stream_size_parse(streamstr);
169 rs_detect_stream_size_free(ptr);
174 static void PrefilterPacketStreamsizeMatch(
186 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
189 DetectStreamSizeData dsd;
190 dsd.du32.mode = ctx->
v1.
u8[0];
191 dsd.flags = ctx->
v1.
u8[1];
192 dsd.du32.arg1 = ctx->
v1.
u32[2];
196 if (DetectStreamSizeMatchAux(&dsd, ssn)) {
203 const DetectStreamSizeData *a = smctx;
204 v->
u8[0] = a->du32.mode;
206 v->
u32[2] = a->du32.arg1;
211 const DetectStreamSizeData *a = smctx;
212 if (v.
u8[0] == a->du32.mode && v.
u8[1] == a->flags && v.
u32[2] == a->du32.arg1)
220 PrefilterPacketStreamSizeCompare, PrefilterPacketStreamsizeMatch);
223 static bool PrefilterStreamSizeIsPrefilterable(
const Signature *s)
241 static int DetectStreamSizeParseTest01 (
void)
244 DetectStreamSizeData *sd = NULL;
245 sd = rs_detect_stream_size_parse(
"server,<,6");
247 if (sd->flags & StreamSizeServer && sd->du32.mode ==
DETECT_UINT_LT && sd->du32.arg1 == 6)
260 static int DetectStreamSizeParseTest02 (
void)
263 DetectStreamSizeData *sd = NULL;
264 sd = rs_detect_stream_size_parse(
"invalidoption,<,6");
266 printf(
"expected: NULL got 0x%02X %" PRIu32
": ", sd->flags, sd->du32.arg1);
279 static int DetectStreamSizeParseTest03 (
void)
283 DetectStreamSizeData *sd = NULL;
302 memset(&f, 0,
sizeof(
Flow));
303 memset(&tcph, 0,
sizeof(TCPHdr));
305 sd = rs_detect_stream_size_parse(
"client,>,8");
307 if (!(sd->flags & StreamSizeClient)) {
308 printf(
"sd->flags not STREAM_SIZE_CLIENT: ");
315 printf(
"sd->mode not DETECTSSIZE_GT: ");
321 if (sd->du32.arg1 != 8) {
322 printf(
"sd->ssize is %" PRIu32
", not 8: ", sd->du32.arg1);
328 printf(
"sd == NULL: ");
341 result = DetectStreamSizeMatch(&dtx, p, &s, sm.
ctx);
343 printf(
"result 0 != 1: ");
355 static int DetectStreamSizeParseTest04 (
void)
359 DetectStreamSizeData *sd = NULL;
378 memset(&f, 0,
sizeof(
Flow));
379 memset(&ip4h, 0,
sizeof(
IPV4Hdr));
381 sd = rs_detect_stream_size_parse(
" client , > , 8 ");
383 if (!(sd->flags & StreamSizeClient) && sd->du32.mode !=
DETECT_UINT_GT &&
384 sd->du32.arg1 != 8) {
402 if (!DetectStreamSizeMatch(&dtx, p, &s, sm.
ctx))
412 void DetectStreamSizeRegisterTests(
void)
414 UtRegisterTest(
"DetectStreamSizeParseTest01", DetectStreamSizeParseTest01);
415 UtRegisterTest(
"DetectStreamSizeParseTest02", DetectStreamSizeParseTest02);
416 UtRegisterTest(
"DetectStreamSizeParseTest03", DetectStreamSizeParseTest03);
417 UtRegisterTest(
"DetectStreamSizeParseTest04", DetectStreamSizeParseTest04);