Go to the documentation of this file.
47 static void DetectSeqRegisterTests(
void);
51 static bool PrefilterTcpSeqIsPrefilterable(
const Signature *s);
88 if (!(PacketIsTCP(p))) {
153 if (!PrefilterPacketHeaderExtraMatch(
ctx, p))
156 if (p->
proto == IPPROTO_TCP && PacketIsTCP(p) &&
159 PrefilterAddSids(&det_ctx->
pmq,
ctx->sigs_array,
ctx->sigs_cnt);
182 PrefilterPacketSeqSet, PrefilterPacketSeqCompare, PrefilterPacketSeqMatch);
185 static bool PrefilterTcpSeqIsPrefilterable(
const Signature *s)
203 static int DetectSeqSigTest01(
void)
212 "alert tcp any any -> any any "
213 "(msg:\"Testing seq\";seq:foo;sid:1;)") != NULL)
215 printf(
"invalid seq accepted: ");
219 "alert tcp any any -> any any "
220 "(msg:\"Testing seq\";seq:9999999999;sid:1;)") != NULL)
222 printf(
"overflowing seq accepted: ");
226 "alert tcp any any -> any any "
227 "(msg:\"Testing seq\";seq:-100;sid:1;)") != NULL)
229 printf(
"negative seq accepted: ");
247 static int DetectSeqSigTest02(
void)
250 uint8_t *buf = (uint8_t *)
"Hi all!";
251 uint16_t buflen = strlen((
char *)buf);
256 if (p[0] == NULL || p[1] == NULL ||p[2] == NULL)
266 sigs[0]=
"alert tcp any any -> any any (msg:\"Testing seq\"; seq:41; sid:1;)";
267 sigs[1]=
"alert tcp any any -> any any (msg:\"Testing seq\"; seq:42; sid:2;)";
269 uint32_t sid[2] = {1, 2};
271 uint32_t results[3][2] = {
279 result =
UTHGenericTest(p, 3, sigs, sid, (uint32_t *) results, 2);
289 static void DetectSeqRegisterTests(
void)
#define TCP_GET_RAW_SEQ(tcph)
#define SIG_MASK_REQUIRE_REAL_PKT
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
void DetectSeqRegister(void)
Registration function for ack: keyword.
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SignatureInitData * init_data
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, SignatureMask mask, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
union PacketL4::L4Hdrs hdrs
DetectEngineCtx * DetectEngineCtxInit(void)
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
#define DEBUG_VALIDATE_BUG_ON(exp)
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.