48 #define PARSE_REGEX "^\\s*(?:([\\+\\*!]))?\\s*([SAPRFU120CE\\+\\*!]+)(?:\\s*,\\s*([SAPRFU12CE]+))?\\s*$"
55 #define MODIFIER_NOT 1
56 #define MODIFIER_PLUS 2
57 #define MODIFIER_ANY 3
66 static bool PrefilterTcpFlagsIsPrefilterable(
const Signature *s);
69 static void FlagsRegisterTests(
void);
95 static inline int FlagsMatch(
const uint8_t pflags,
const uint8_t modifier,
96 const uint8_t dflags,
const uint8_t iflags)
98 if (!dflags && pflags) {
106 const uint8_t
flags = pflags & iflags;
110 if ((
flags & dflags) > 0) {
116 if (((
flags & dflags) == dflags)) {
122 if ((
flags & dflags) != dflags) {
129 if (
flags == dflags) {
156 if (!(PacketIsTCP(p))) {
161 const TCPHdr *tcph = PacketGetTCP(p);
180 int found = 0, ignore = 0;
188 pcre2_match_data *match = NULL;
190 SCLogDebug(
"input '%s', pcre said %d", rawstr, ret);
196 size_t pcre2len =
sizeof(arg1);
199 SCLogError(
"pcre2_substring_copy_bynumber failed");
203 pcre2len =
sizeof(arg2);
204 res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)arg2, &pcre2len);
206 SCLogError(
"pcre2_substring_copy_bynumber failed");
211 pcre2len =
sizeof(arg3);
214 SCLogError(
"pcre2_substring_copy_bynumber failed");
218 SCLogDebug(
"args '%s', '%s', '%s'", arg1, arg2, arg3);
220 if (strlen(arg2) == 0) {
232 while (*ptr !=
'\0') {
301 if (strlen(arg2) > 0) {
303 while (*ptr !=
'\0') {
355 " one modifier at a time");
364 " one modifier at a time");
373 " one modifier at a time");
390 if (strlen(arg3) > 0) {
393 while (*ptr !=
'\0') {
457 pcre2_match_data_free(match);
458 SCLogDebug(
"found %"PRId32
" ignore %"PRId32
"", found, ignore);
466 pcre2_match_data_free(match);
487 de = DetectFlagsParse(rawstr);
559 if (!(PacketIsTCP(p))) {
564 if (!PrefilterPacketHeaderExtraMatch(
ctx, p))
567 const TCPHdr *tcph = PacketGetTCP(p);
569 if (FlagsMatch(
flags,
ctx->v1.u8[0],
ctx->v1.u8[1],
ctx->v1.u8[2]))
572 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
600 PrefilterPacketFlagsSet, PrefilterPacketFlagsCompare, PrefilterPacketFlagsMatch);
603 static bool PrefilterTcpFlagsIsPrefilterable(
const Signature *s)
626 static int FlagsTestParse01 (
void)
631 DetectFlagsFree(NULL, de);
641 static int FlagsTestParse02 (
void)
644 de = DetectFlagsParse(
"G");
646 DetectFlagsFree(NULL, de);
659 static int FlagsTestParse03 (
void)
672 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
673 memset(&tcph, 0,
sizeof(
TCPHdr));
679 de = DetectFlagsParse(
"AP+");
691 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
713 static int FlagsTestParse04 (
void)
726 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
727 memset(&tcph, 0,
sizeof(
TCPHdr));
733 de = DetectFlagsParse(
"A");
745 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
768 static int FlagsTestParse05 (
void)
781 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
782 memset(&tcph, 0,
sizeof(
TCPHdr));
788 de = DetectFlagsParse(
"+AP,SR");
800 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
823 static int FlagsTestParse06 (
void)
836 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
837 memset(&tcph, 0,
sizeof(
TCPHdr));
843 de = DetectFlagsParse(
"+AP,UR");
855 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
877 static int FlagsTestParse07 (
void)
890 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
891 memset(&tcph, 0,
sizeof(
TCPHdr));
897 de = DetectFlagsParse(
"*AP");
909 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
932 static int FlagsTestParse08 (
void)
945 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
946 memset(&tcph, 0,
sizeof(
TCPHdr));
952 de = DetectFlagsParse(
"*SA");
964 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
986 static int FlagsTestParse09 (
void)
999 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1000 memset(&tcph, 0,
sizeof(
TCPHdr));
1006 de = DetectFlagsParse(
"!PA");
1018 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1040 static int FlagsTestParse10 (
void)
1053 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1054 memset(&tcph, 0,
sizeof(
TCPHdr));
1060 de = DetectFlagsParse(
"!AP");
1072 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1094 static int FlagsTestParse11 (
void)
1107 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1108 memset(&tcph, 0,
sizeof(
TCPHdr));
1114 de = DetectFlagsParse(
"*AP,SR");
1126 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1149 static int FlagsTestParse12 (
void)
1162 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1163 memset(&tcph, 0,
sizeof(
TCPHdr));
1169 de = DetectFlagsParse(
"0");
1171 if (de == NULL || de->
flags != 0) {
1172 printf(
"de setup: ");
1183 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1206 static int FlagsTestParse13 (
void)
1209 de = DetectFlagsParse(
"+S*");
1211 DetectFlagsFree(NULL, de);
1224 static int FlagsTestParse14(
void)
1228 DetectFlagsFree(NULL, de);
1235 static int FlagsTestParse15(
void)
1248 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1249 memset(&tcph, 0,
sizeof(
TCPHdr));
1255 de = DetectFlagsParse(
"EC+");
1267 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1287 static int FlagsTestParse16(
void)
1300 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1301 memset(&tcph, 0,
sizeof(
TCPHdr));
1307 de = DetectFlagsParse(
"EC*");
1319 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1342 static int FlagsTestParse17(
void)
1355 memset(&ipv4h, 0,
sizeof(
IPV4Hdr));
1356 memset(&tcph, 0,
sizeof(
TCPHdr));
1362 de = DetectFlagsParse(
"EC+");
1374 ret = DetectFlagsMatch(NULL, p, NULL, sm->
ctx);
1397 static void FlagsRegisterTests(
void)