Go to the documentation of this file.
44 #define PARSE_REGEX "^\\s*([!])?\\s*([0-9]{1,9}+)\\s*$"
52 static void DetectWindowRegisterTests(
void);
116 pcre2_match_data *match = NULL;
118 if (ret < 1 || ret > 3) {
119 SCLogError(
"pcre_exec parse error, ret %" PRId32
", string %s", ret, windowstr);
128 char copy_str[128] =
"";
129 pcre2len =
sizeof(copy_str);
132 SCLogError(
"pcre2_substring_copy_bynumber failed");
137 if (copy_str[0] ==
'!')
143 pcre2len =
sizeof(copy_str);
144 res = pcre2_substring_copy_bynumber(match, 2, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
146 SCLogError(
"pcre2_substring_copy_bynumber failed");
158 pcre2_match_data_free(match);
163 pcre2_match_data_free(match);
185 wd = DetectWindowParse(
de_ctx, windowstr);
186 if (wd == NULL)
goto error;
223 static int DetectWindowTestParse01 (
void)
226 wd = DetectWindowParse(NULL,
"35402");
237 static int DetectWindowTestParse02 (
void)
240 wd = DetectWindowParse(NULL,
"!35402");
252 static int DetectWindowTestParse03 (
void)
255 wd = DetectWindowParse(NULL,
"");
265 static int DetectWindowTestParse04 (
void)
268 wd = DetectWindowParse(NULL,
"1235402");
278 static int DetectWindowTestPacket01 (
void)
280 uint8_t *buf = (uint8_t *)
"Hi all!";
281 uint16_t buflen = strlen((
char *)buf);
287 FAIL_IF(p[0] == NULL || p[1] == NULL || p[2] == NULL);
290 p[0]->
tcph->th_win = htons(40);
293 p[1]->
tcph->th_win = htons(41);
296 sigs[0]=
"alert tcp any any -> any any (msg:\"Testing window 1\"; window:40; sid:1;)";
297 sigs[1]=
"alert tcp any any -> any any (msg:\"Testing window 2\"; window:41; sid:2;)";
299 uint32_t sid[2] = {1, 2};
317 void DetectWindowRegisterTests(
void)
319 UtRegisterTest(
"DetectWindowTestParse01", DetectWindowTestParse01);
320 UtRegisterTest(
"DetectWindowTestParse02", DetectWindowTestParse02);
321 UtRegisterTest(
"DetectWindowTestParse03", DetectWindowTestParse03);
322 UtRegisterTest(
"DetectWindowTestParse04", DetectWindowTestParse04);
323 UtRegisterTest(
"DetectWindowTestPacket01", DetectWindowTestPacket01);
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
struct DetectRfbSecresult_ results[]
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectWindowFree(DetectEngineCtx *, void *)
this function will free memory associated with DetectWindowData
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
#define TCP_GET_WINDOW(p)
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
void DetectWindowRegister(void)
Registration function for window: keyword.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
#define PARSE_REGEX
Regex for parsing our window option.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
#define SCLogError(...)
Macro used to log ERROR messages.
int SC_Pcre2SubstringCopy(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen)
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.