static int DetectAppLayerProtocolTest12(void) { DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("failed", true); FAIL_IF_NULL(data); FAIL_IF(data->alproto != ALPROTO_FAILED); FAIL_IF(data->negated == 0); DetectAppLayerProtocolFree(data); PASS; }
static int DetectAppLayerProtocolTest02(void) { DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("http", true); FAIL_IF_NULL(data); FAIL_IF(data->alproto != ALPROTO_HTTP); FAIL_IF(data->negated == 0); DetectAppLayerProtocolFree(data); PASS; }
static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { DetectAppLayerProtocolData *data = NULL; SigMatch *sm = NULL; if (s->alproto != ALPROTO_UNKNOWN) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already " "have the rule match on an app layer protocol set through " "other keywords that match on this protocol, or have " "already seen a non-negated app-layer-protocol."); goto error; } data = DetectAppLayerProtocolParse(arg, s->init_data->negated); if (data == NULL) goto error; SigMatch *tsm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; for ( ; tsm != NULL; tsm = tsm->next) { if (tsm->type == DETECT_AL_APP_LAYER_PROTOCOL) { const DetectAppLayerProtocolData *them = (const DetectAppLayerProtocolData *)tsm->ctx; if (HasConflicts(data, them)) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "can't mix " "positive app-layer-protocol match with negated " "match or match for 'failed'."); goto error; } } } sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_AL_APP_LAYER_PROTOCOL; sm->ctx = (void *)data; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); return 0; error: if (data != NULL) SCFree(data); return -1; }
int DetectAppLayerProtocolTest02(void) { int result = 0; DetectAppLayerProtocolData *data = DetectAppLayerProtocolParse("!http"); if (data == NULL) goto end; if (data->alproto != ALPROTO_HTTP || !data->negated) { printf("test failure. Holding wrong state\n"); goto end; } result = 1; end: if (data != NULL) DetectAppLayerProtocolFree(data); return result; }
int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { DetectAppLayerProtocolData *data = NULL; SigMatch *sm = NULL; if (s->alproto != ALPROTO_UNKNOWN) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already " "have the rule match on an app layer protocol set through " "other keywords that match on this protocol, or have " "already seen a non-negated app-layer-protocol."); goto error; } data = DetectAppLayerProtocolParse(arg); if (data == NULL) goto error; if (!data->negated) s->alproto = data->alproto; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_AL_APP_LAYER_PROTOCOL; sm->ctx = (void *)data; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); s->flags |= SIG_FLAG_APPLAYER; return 0; error: if (data != NULL) SCFree(data); return -1; }