/** * \test this is a test for a invalid dsize value 2<>1 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse16 (void) { DetectDsizeData *dd = NULL; dd = DetectDsizeParse("2<>1"); if (dd) { DetectDsizeFree(dd); return 0; } return 1; }
/** * \test this is a test for a valid dsize value 1<>2 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse04 (void) { DetectDsizeData *dd = NULL; dd = DetectDsizeParse("1<>2"); if (dd) { DetectDsizeFree(dd); return 1; } return 0; }
/** * \test test for a valid dsize value 12 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse20 (void) { int result = 0; DetectDsizeData *dd = NULL; dd = DetectDsizeParse(" 12 "); if (dd) { if (dd->dsize == 12 && dd->mode == DETECTDSIZE_EQ) result = 1; DetectDsizeFree(dd); } return result; }
/** * \test this is a test for a valid dsize value 1 <> 2 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse17 (void) { int result = 0; DetectDsizeData *dd = NULL; dd = DetectDsizeParse(" 1 <> 2 "); if (dd) { if (dd->dsize == 1 && dd->dsize2 == 2 && dd->mode == DETECTDSIZE_RA) result = 1; DetectDsizeFree(dd); } return result; }
/** * \test this is a test for a valid dsize value 1 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse13 (void) { int result = 0; DetectDsizeData *dd = NULL; dd = DetectDsizeParse("1"); if (dd) { if (dd->dsize2 == 0) result = 1; DetectDsizeFree(dd); } return result; }
/** * \test this is a test for a valid dsize value <100 * * \retval 1 on succces * \retval 0 on failure */ int DsizeTestParse07 (void) { int result = 0; DetectDsizeData *dd = NULL; dd = DetectDsizeParse("<100"); if (dd) { if (dd->dsize == 100 && dd->mode == DETECTDSIZE_LT) result = 1; DetectDsizeFree(dd); } return result; }
/** * \internal * \brief this function is used to add the parsed dsize into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param rawstr pointer to the user provided flags options * * \retval 0 on Success * \retval -1 on Failure */ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr) { DetectDsizeData *dd = NULL; SigMatch *sm = NULL; if (SigMatchGetLastSMFromLists(s, 2, DETECT_DSIZE, s->sm_lists_tail[DETECT_SM_LIST_MATCH]) != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use 2 or more dsizes in " "the same sig. Invalidating signature."); goto error; } SCLogDebug("\'%s\'", rawstr); dd = DetectDsizeParse(rawstr); if (dd == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr); goto error; } /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL){ SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate memory for SigMatch"); SCFree(dd); goto error; } sm->type = DETECT_DSIZE; sm->ctx = (void *)dd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); SCLogDebug("dd->dsize %"PRIu16", dd->dsize2 %"PRIu16", dd->mode %"PRIu8"", dd->dsize, dd->dsize2, dd->mode); /* tell the sig it has a dsize to speed up engine init */ s->flags |= SIG_FLAG_REQUIRE_PACKET; s->flags |= SIG_FLAG_DSIZE; if (s->dsize_sm == NULL) { s->dsize_sm = sm; } return 0; error: return -1; }