48 static void DetectStreamSizeRegisterTests(
void);
51 static bool PrefilterStreamSizeIsPrefilterable(
const Signature *s);
72 static int DetectStreamSizeMatchAux(
const DetectStreamSizeData *sd,
const TcpSession *ssn)
78 if (sd->flags == StreamSizeServer) {
83 }
else if (sd->flags == StreamSizeClient) {
88 }
else if (sd->flags == StreamSizeBoth) {
95 }
else if (sd->flags == StreamSizeEither) {
117 static int DetectStreamSizeMatch(
121 const DetectStreamSizeData *sd = (
const DetectStreamSizeData *)ctx;
145 DetectStreamSizeData *sd = rs_detect_stream_size_parse(streamstr);
164 rs_detect_stream_size_free(ptr);
169 static void PrefilterPacketStreamsizeMatch(
181 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
184 DetectStreamSizeData dsd;
185 dsd.du32.mode = ctx->
v1.
u8[0];
186 dsd.flags = ctx->
v1.
u8[1];
187 dsd.du32.arg1 = ctx->
v1.
u32[2];
191 if (DetectStreamSizeMatchAux(&dsd, ssn)) {
198 const DetectStreamSizeData *a = smctx;
199 v->
u8[0] = a->du32.mode;
201 v->
u32[2] = a->du32.arg1;
206 const DetectStreamSizeData *a = smctx;
207 if (v.
u8[0] == a->du32.mode && v.
u8[1] == a->flags && v.
u32[2] == a->du32.arg1)
215 PrefilterPacketStreamSizeCompare, PrefilterPacketStreamsizeMatch);
218 static bool PrefilterStreamSizeIsPrefilterable(
const Signature *s)
236 static int DetectStreamSizeParseTest01 (
void)
239 DetectStreamSizeData *sd = NULL;
240 sd = rs_detect_stream_size_parse(
"server,<,6");
242 if (sd->flags & StreamSizeServer && sd->du32.mode ==
DETECT_UINT_LT && sd->du32.arg1 == 6)
255 static int DetectStreamSizeParseTest02 (
void)
258 DetectStreamSizeData *sd = NULL;
259 sd = rs_detect_stream_size_parse(
"invalidoption,<,6");
261 printf(
"expected: NULL got 0x%02X %" PRIu32
": ", sd->flags, sd->du32.arg1);
274 static int DetectStreamSizeParseTest03 (
void)
278 DetectStreamSizeData *sd = NULL;
297 memset(&f, 0,
sizeof(
Flow));
298 memset(&tcph, 0,
sizeof(TCPHdr));
300 sd = rs_detect_stream_size_parse(
"client,>,8");
302 if (!(sd->flags & StreamSizeClient)) {
303 printf(
"sd->flags not STREAM_SIZE_CLIENT: ");
310 printf(
"sd->mode not DETECTSSIZE_GT: ");
316 if (sd->du32.arg1 != 8) {
317 printf(
"sd->ssize is %" PRIu32
", not 8: ", sd->du32.arg1);
323 printf(
"sd == NULL: ");
336 result = DetectStreamSizeMatch(&dtx, p, &s, sm.
ctx);
338 printf(
"result 0 != 1: ");
350 static int DetectStreamSizeParseTest04 (
void)
354 DetectStreamSizeData *sd = NULL;
373 memset(&f, 0,
sizeof(
Flow));
374 memset(&ip4h, 0,
sizeof(
IPV4Hdr));
376 sd = rs_detect_stream_size_parse(
" client , > , 8 ");
378 if (!(sd->flags & StreamSizeClient) && sd->du32.mode !=
DETECT_UINT_GT &&
379 sd->du32.arg1 != 8) {
397 if (!DetectStreamSizeMatch(&dtx, p, &s, sm.
ctx))
407 void DetectStreamSizeRegisterTests(
void)
409 UtRegisterTest(
"DetectStreamSizeParseTest01", DetectStreamSizeParseTest01);
410 UtRegisterTest(
"DetectStreamSizeParseTest02", DetectStreamSizeParseTest02);
411 UtRegisterTest(
"DetectStreamSizeParseTest03", DetectStreamSizeParseTest03);
412 UtRegisterTest(
"DetectStreamSizeParseTest04", DetectStreamSizeParseTest04);