Go to the documentation of this file.
46 #define PARSE_REGEX "^\\s*(!?\\s*[0-9]{1,3}|!?\\s*[xX][0-9a-fA-F]{1,2})\\s*$"
54 static void DetectTosRegisterTests(
void);
58 #define DETECT_IPTOS_MIN 0
59 #define DETECT_IPTOS_MAX 255
77 "/rules/header-keywords.html#tos";
108 return (tosd->
negated ^ result);
111 static DetectTosData *DetectTosParse(
const char *arg,
bool negate)
116 pcre2_match_data *match = NULL;
120 "The tos option value must be in the range "
127 char tosbytes_str[64] =
"";
128 pcre2len =
sizeof(tosbytes_str);
129 int res = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)tosbytes_str, &pcre2len);
131 SCLogError(
"pcre2_substring_copy_bynumber failed");
137 if (tosbytes_str[0] ==
'x' || tosbytes_str[0] ==
'X') {
149 "%s. The tos option value must be in the range "
158 tosd->
tos = (uint8_t)tos;
161 pcre2_match_data_free(match);
166 pcre2_match_data_free(match);
190 DetectTosFree(
de_ctx, tosd);
211 static int DetectTosTest01(
void)
214 tosd = DetectTosParse(
"12",
false);
215 if (tosd != NULL && tosd->
tos == 12 && !tosd->
negated) {
216 DetectTosFree(NULL, tosd);
223 static int DetectTosTest02(
void)
226 tosd = DetectTosParse(
"123",
false);
227 if (tosd != NULL && tosd->
tos == 123 && !tosd->
negated) {
228 DetectTosFree(NULL, tosd);
235 static int DetectTosTest04(
void)
238 tosd = DetectTosParse(
"256",
false);
240 DetectTosFree(NULL, tosd);
247 static int DetectTosTest05(
void)
250 tosd = DetectTosParse(
"boom",
false);
252 DetectTosFree(NULL, tosd);
259 static int DetectTosTest06(
void)
262 tosd = DetectTosParse(
"x12",
false);
263 if (tosd != NULL && tosd->
tos == 0x12 && !tosd->
negated) {
264 DetectTosFree(NULL, tosd);
271 static int DetectTosTest07(
void)
274 tosd = DetectTosParse(
"X12",
false);
275 if (tosd != NULL && tosd->
tos == 0x12 && !tosd->
negated) {
276 DetectTosFree(NULL, tosd);
283 static int DetectTosTest08(
void)
286 tosd = DetectTosParse(
"x121",
false);
288 DetectTosFree(NULL, tosd);
295 static int DetectTosTest09(
void)
298 tosd = DetectTosParse(
"12",
true);
299 if (tosd != NULL && tosd->
tos == 12 && tosd->
negated) {
300 DetectTosFree(NULL, tosd);
307 static int DetectTosTest10(
void)
310 tosd = DetectTosParse(
"x12",
true);
311 if (tosd != NULL && tosd->
tos == 0x12 && tosd->
negated) {
312 DetectTosFree(NULL, tosd);
319 static int DetectTosTest12(
void)
322 uint8_t *buf = (uint8_t *)
"Hi all!";
323 uint16_t buflen = strlen((
char *)buf);
334 sigs[0]=
"alert ip any any -> any any (msg:\"Testing id 1\"; tos: 10 ; sid:1;)";
335 sigs[1]=
"alert ip any any -> any any (msg:\"Testing id 2\"; tos: ! 10; sid:2;)";
336 sigs[2]=
"alert ip any any -> any any (msg:\"Testing id 3\"; tos:20 ; sid:3;)";
337 sigs[3]=
"alert ip any any -> any any (msg:\"Testing id 3\"; tos:! 20; sid:4;)";
339 uint32_t sid[4] = {1, 2, 3, 4};
354 void DetectTosRegisterTests(
void)
void(* Free)(DetectEngineCtx *, void *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SIGMATCH_QUOTES_OPTIONAL
struct DetectRfbSecresult_ results[]
main detection engine ctx
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
#define SIGMATCH_HANDLE_NEGATION
SignatureInitData * init_data
Data structures and function prototypes for keeping state for the detection engine.
int StringParseInt64(int64_t *res, int base, size_t len, const char *str)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
#define IPV4_SET_RAW_IPTOS(ip4h, value)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
void DetectTosRegister(void)
Register Tos keyword.
#define IPV4_GET_IPTOS(p)
#define SCLogError(...)
Macro used to log ERROR messages.
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
#define SIG_FLAG_REQUIRE_PACKET
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.