Go to the documentation of this file.
47 static void DetectSeqRegisterTests(
void);
51 static bool PrefilterTcpSeqIsPrefilterable(
const Signature *s);
151 if (!PrefilterPacketHeaderExtraMatch(ctx, p))
181 PrefilterPacketSeqSet,
182 PrefilterPacketSeqCompare,
183 PrefilterPacketSeqMatch);
186 static bool PrefilterTcpSeqIsPrefilterable(
const Signature *s)
204 static int DetectSeqSigTest01(
void)
213 "alert tcp any any -> any any "
214 "(msg:\"Testing seq\";seq:foo;sid:1;)") != NULL)
216 printf(
"invalid seq accepted: ");
220 "alert tcp any any -> any any "
221 "(msg:\"Testing seq\";seq:9999999999;sid:1;)") != NULL)
223 printf(
"overflowing seq accepted: ");
227 "alert tcp any any -> any any "
228 "(msg:\"Testing seq\";seq:-100;sid:1;)") != NULL)
230 printf(
"negative seq accepted: ");
248 static int DetectSeqSigTest02(
void)
251 uint8_t *buf = (uint8_t *)
"Hi all!";
252 uint16_t buflen = strlen((
char *)buf);
257 if (p[0] == NULL || p[1] == NULL ||p[2] == NULL)
261 p[0]->
tcph->th_seq = htonl(42);
264 p[1]->
tcph->th_seq = htonl(100);
267 sigs[0]=
"alert tcp any any -> any any (msg:\"Testing seq\"; seq:41; sid:1;)";
268 sigs[1]=
"alert tcp any any -> any any (msg:\"Testing seq\"; seq:42; sid:2;)";
270 uint32_t sid[2] = {1, 2};
290 static void DetectSeqRegisterTests(
void)
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
Container for matching data for a signature group.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
struct DetectRfbSecresult_ results[]
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
void DetectSeqRegister(void)
Registration function for ack: keyword.
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
bool(* SupportsPrefilter)(const Signature *s)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.