/**
* \brief this function is used to add the parsed decode-event into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param rawstr pointer to the user provided decode-event options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int _DetectEngineEventSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr, int smtype)
{
DetectEngineEventData *de = NULL;
SigMatch *sm = NULL;
de = DetectEngineEventParse(rawstr);
if (de == NULL)
goto error;
SCLogDebug("rawstr %s %u", rawstr, de->event);
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = smtype;
sm->ctx = (SigMatchCtx *)de;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
return 0;
error:
if (de) SCFree(de);
if (sm) SCFree(sm);
return -1;
}
/**
* \test EngineEventTestParse05 is a test for an invalid char into the decode-event value
*/
int EngineEventTestParse05 (void) {
DetectEngineEventData *de = NULL;
de = DetectEngineEventParse("IPV-6,INVALID_CHAR");
if (de) {
DetectEngineEventFree(de);
return 1;
}
return 0;
}
/**
* \test EngineEventTestParse04 is a test for an invalid upper case decode-event value
*/
int EngineEventTestParse04 (void) {
DetectEngineEventData *de = NULL;
de = DetectEngineEventParse("IPV6.INVALID_EVENT");
if (de) {
DetectEngineEventFree(de);
return 1;
}
return 0;
}
/**
* \test EngineEventTestParse03 is a test for a valid upper case decode-event value
*/
int EngineEventTestParse03 (void) {
DetectEngineEventData *de = NULL;
de = DetectEngineEventParse("IPV6.PKT_TOO_SMALL");
if (de) {
DetectEngineEventFree(de);
return 1;
}
return 0;
}
/**
* \test EngineEventTestParse02 is a test for a valid upper + lower case decode-event value
*/
int EngineEventTestParse02 (void) {
DetectEngineEventData *de = NULL;
de = DetectEngineEventParse("PPP.pkt_too_small");
if (de) {
DetectEngineEventFree(de);
return 1;
}
return 0;
}
/**
* \test EngineEventTestParse06 is a test for match function with valid decode-event value
*/
int EngineEventTestParse06 (void)
{
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
int ret = 0;
DetectEngineEventData *de = NULL;
SigMatch *sm = NULL;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL);
de = DetectEngineEventParse("ppp.pkt_too_small");
if (de == NULL)
goto error;
de->event = PPP_PKT_TOO_SMALL;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_DECODE_EVENT;
sm->ctx = (SigMatchCtx *)de;
ret = DetectEngineEventMatch(&tv,NULL,p,NULL,sm->ctx);
if(ret) {
SCFree(p);
return 1;
}
error:
if (de) SCFree(de);
if (sm) SCFree(sm);
SCFree(p);
return 0;
}
