Go to the documentation of this file.
50 static void DetectAckRegisterTests(
void);
54 static bool PrefilterTcpAckIsPrefilterable(
const Signature *s);
156 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
186 PrefilterPacketAckSet,
187 PrefilterPacketAckCompare,
188 PrefilterPacketAckMatch);
191 static bool PrefilterTcpAckIsPrefilterable(
const Signature *s)
209 static int DetectAckSigTest01(
void)
218 memset(&th_v, 0,
sizeof(th_v));
240 "alert tcp any any -> any any "
241 "(msg:\"Testing ack\";ack:foo;sid:1;)") != NULL)
243 printf(
"invalid ack accepted: ");
247 "alert tcp any any -> any any "
248 "(msg:\"Testing ack\";ack:9999999999;sid:1;)") != NULL)
250 printf(
"overflowing ack accepted: ");
254 "alert tcp any any -> any any "
255 "(msg:\"Testing ack\";ack:-100;sid:1;)") != NULL)
257 printf(
"negative ack accepted: ");
262 "alert tcp any any -> any any "
263 "(msg:\"Testing ack\";ack:41;sid:1;)");
269 "alert tcp any any -> any any "
270 "(msg:\"Testing ack\";ack:42;sid:2;)");
280 printf(
"sid 1 alerted, but should not have: ");
284 printf(
"sid 2 did not alert, but should have: ");
290 printf(
"sid 1 alerted, but should not have: ");
294 printf(
"sid 2 alerted, but should not have: ");
300 printf(
"sid 1 alerted, but should not have: ");
304 printf(
"sid 2 alerted, but should not have: ");
327 static void DetectAckRegisterTests(
void)
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
Per thread variable structure.
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectAckRegister(void)
Registration function for ack: keyword.
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET