static int DetectAppLayerProtocolTest12(void)
{
DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("failed", true);
FAIL_IF_NULL(data);
FAIL_IF(data->alproto != ALPROTO_FAILED);
FAIL_IF(data->negated == 0);
DetectAppLayerProtocolFree(data);
PASS;
}
static int DetectAppLayerProtocolTest02(void)
{
DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("http", true);
FAIL_IF_NULL(data);
FAIL_IF(data->alproto != ALPROTO_HTTP);
FAIL_IF(data->negated == 0);
DetectAppLayerProtocolFree(data);
PASS;
}
static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx,
Signature *s, const char *arg)
{
DetectAppLayerProtocolData *data = NULL;
SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already "
"have the rule match on an app layer protocol set through "
"other keywords that match on this protocol, or have "
"already seen a non-negated app-layer-protocol.");
goto error;
}
data = DetectAppLayerProtocolParse(arg, s->init_data->negated);
if (data == NULL)
goto error;
SigMatch *tsm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ; tsm != NULL; tsm = tsm->next) {
if (tsm->type == DETECT_AL_APP_LAYER_PROTOCOL) {
const DetectAppLayerProtocolData *them = (const DetectAppLayerProtocolData *)tsm->ctx;
if (HasConflicts(data, them)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "can't mix "
"positive app-layer-protocol match with negated "
"match or match for 'failed'.");
goto error;
}
}
}
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_APP_LAYER_PROTOCOL;
sm->ctx = (void *)data;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
return 0;
error:
if (data != NULL)
SCFree(data);
return -1;
}
int DetectAppLayerProtocolTest02(void)
{
int result = 0;
DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("!http");
if (data == NULL)
goto end;
if (data->alproto != ALPROTO_HTTP || !data->negated) {
printf("test failure. Holding wrong state\n");
goto end;
}
result = 1;
end:
if (data != NULL)
DetectAppLayerProtocolFree(data);
return result;
}
int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx, Signature *s,
char *arg)
{
DetectAppLayerProtocolData *data = NULL;
SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already "
"have the rule match on an app layer protocol set through "
"other keywords that match on this protocol, or have "
"already seen a non-negated app-layer-protocol.");
goto error;
}
data = DetectAppLayerProtocolParse(arg);
if (data == NULL)
goto error;
if (!data->negated)
s->alproto = data->alproto;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_APP_LAYER_PROTOCOL;
sm->ctx = (void *)data;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
s->flags |= SIG_FLAG_APPLAYER;
return 0;
error:
if (data != NULL)
SCFree(data);
return -1;
}