static int DetectTtlInitTest(DetectEngineCtx **de_ctx, Signature **sig, DetectTtlData **ttld, char *str)
{
char fullstr[1024];
int result = 0;
*de_ctx = NULL;
*sig = NULL;
if (snprintf(fullstr, 1024, "alert ip any any -> any any (msg:\"Ttl test\"; ttl:%s; sid:1;)", str) >= 1024) {
goto end;
}
*de_ctx = DetectEngineCtxInit();
if (*de_ctx == NULL) {
goto end;
}
(*de_ctx)->flags |= DE_QUIET;
(*de_ctx)->sig_list = SigInit(*de_ctx, fullstr);
if ((*de_ctx)->sig_list == NULL) {
goto end;
}
*sig = (*de_ctx)->sig_list;
*ttld = DetectTtlParse(str);
result = 1;
end:
return result;
}
/**
* \brief this function is used to attld the parsed ttl data into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param ttlstr pointer to the user provided ttl options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectTtlSetup (DetectEngineCtx *de_ctx, Signature *s, char *ttlstr)
{
DetectTtlData *ttld = NULL;
SigMatch *sm = NULL;
ttld = DetectTtlParse(ttlstr);
if (ttld == NULL)
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_TTL;
sm->ctx = (SigMatchCtx *)ttld;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
s->flags |= SIG_FLAG_REQUIRE_PACKET;
return 0;
error:
if (ttld != NULL) DetectTtlFree(ttld);
if (sm != NULL) SCFree(sm);
return -1;
}
static int DetectTtlParseTest06 (void) {
DetectTtlData *ttld = NULL;
uint8_t res = 0;
ttld = DetectTtlParse(" 1 = 2 ");
if (ttld == NULL)
res = 1;
if (ttld) SCFree(ttld);
return res;
}
static int DetectTtlParseTest03 (void) {
DetectTtlData *ttld = NULL;
uint8_t res = 0;
ttld = DetectTtlParse("1-2");
if (ttld != NULL) {
if (ttld->ttl1 == 1 && ttld->ttl2 == 2 && ttld->mode == DETECT_TTL_RA)
res = 1;
DetectTtlFree(ttld);
}
return res;
}
static int DetectTtlParseTest02 (void) {
DetectTtlData *ttld = NULL;
uint8_t res = 0;
ttld = DetectTtlParse("<10");
if (ttld != NULL) {
if (ttld->ttl1 == 10 && ttld->mode == DETECT_TTL_LT)
res = 1;
DetectTtlFree(ttld);
}
return res;
}
