Go to the documentation of this file.
50 static void DetectAckRegisterTests(
void);
54 static bool PrefilterTcpAckIsPrefilterable(
const Signature *s);
163 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
193 PrefilterPacketAckSet,
194 PrefilterPacketAckCompare,
195 PrefilterPacketAckMatch);
198 static bool PrefilterTcpAckIsPrefilterable(
const Signature *s)
216 static int DetectAckSigTest01(
void)
225 memset(&th_v, 0,
sizeof(th_v));
229 p1->
tcph->th_ack = htonl(42);
233 p2->
tcph->th_ack = htonl(100);
247 "alert tcp any any -> any any "
248 "(msg:\"Testing ack\";ack:foo;sid:1;)") != NULL)
250 printf(
"invalid ack accepted: ");
254 "alert tcp any any -> any any "
255 "(msg:\"Testing ack\";ack:9999999999;sid:1;)") != NULL)
257 printf(
"overflowing ack accepted: ");
261 "alert tcp any any -> any any "
262 "(msg:\"Testing ack\";ack:-100;sid:1;)") != NULL)
264 printf(
"negative ack accepted: ");
269 "alert tcp any any -> any any "
270 "(msg:\"Testing ack\";ack:41;sid:1;)");
276 "alert tcp any any -> any any "
277 "(msg:\"Testing ack\";ack:42;sid:2;)");
287 printf(
"sid 1 alerted, but should not have: ");
291 printf(
"sid 2 did not alert, but should have: ");
297 printf(
"sid 1 alerted, but should not have: ");
301 printf(
"sid 2 alerted, but should not have: ");
307 printf(
"sid 1 alerted, but should not have: ");
311 printf(
"sid 2 alerted, but should not have: ");
334 static void DetectAckRegisterTests(
void)
void SigMatchAppendSMToList(Signature *s, SigMatch *new, const int list)
Append a SigMatch to the list type.
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
void SigMatchFree(DetectEngineCtx *de_ctx, SigMatch *sm)
free a SigMatch
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
Per thread variable structure.
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectAckRegister(void)
Registration function for ack: keyword.
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET