suricata
detect-ipproto.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Brian Rectanus <brectanu@gmail.com>
22 *
23 * Implements the ip_proto keyword
24 */
25
26#include "suricata-common.h"
27#include "decode.h"
28#include "detect.h"
29
30#include "detect-ipproto.h"
31
32#include "detect-parse.h"
33#include "detect-engine.h"
34#include "detect-engine-mpm.h"
35#include "detect-engine-build.h"
36
37#include "detect-engine-siggroup.h"
38#include "detect-engine-address.h"
39
40#include "util-byte.h"
41#include "util-proto-name.h"
42#include "util-unittest.h"
43#include "util-unittest-helper.h"
44
45#include "util-debug.h"
46
47/**
48 * \brief Regex for parsing our options
49 */
50#define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$"
51
52static DetectParseRegex parse_regex;
53
54static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *);
55#ifdef UNITTESTS
56static void DetectIPProtoRegisterTests(void);
57#endif
58static void DetectIPProtoFree(DetectEngineCtx *, void *);
59
60void DetectIPProtoRegister(void)
61{
62 sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
63 sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
64 sigmatch_table[DETECT_IPPROTO].url = "/rules/header-keywords.html#ip-proto";
65 sigmatch_table[DETECT_IPPROTO].Match = NULL;
66 sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
67 sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree;
68#ifdef UNITTESTS
69 sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
70#endif
71 sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL;
72
73 DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
74}
75
76/**
77 * \internal
78 * \brief Parse ip_proto options string.
79 *
80 * \param optstr Options string to parse
81 *
82 * \return New ip_proto data structure
83 */
84static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
85{
86 DetectIPProtoData *data = NULL;
87 char *args[2] = { NULL, NULL };
88 int res = 0;
89 size_t pcre2_len;
90 int i;
91 const char *str_ptr;
92
93 /* Execute the regex and populate args with captures. */
94 pcre2_match_data *match = NULL;
95 int ret = DetectParsePcreExec(&parse_regex, &match, optstr, 0, 0);
96 if (ret != 3) {
97 SCLogError("pcre_exec parse error, ret"
98 "%" PRId32 ", string %s",
99 ret, optstr);
100 goto error;
101 }
102
103 for (i = 0; i < (ret - 1); i++) {
104 res = pcre2_substring_get_bynumber(match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
105 if (res < 0) {
106 SCLogError("pcre2_substring_get_bynumber failed");
107 goto error;
108 }
109 args[i] = (char *)str_ptr;
110 }
111
112 /* Initialize the data */
113 data = SCMalloc(sizeof(DetectIPProtoData));
114 if (unlikely(data == NULL))
115 goto error;
116 data->op = DETECT_IPPROTO_OP_EQ;
117 data->proto = 0;
118
119 /* Operator */
120 if (*(args[0]) != '\0') {
121 data->op = *(args[0]);
122 }
123
124 /* Protocol name/number */
125 if (!isdigit((unsigned char)*(args[1]))) {
126 uint8_t proto;
127 if (!SCGetProtoByName(args[1], &proto)) {
128 SCLogError("Unknown protocol name: \"%s\"", str_ptr);
129 goto error;
130 }
131 data->proto = proto;
132 }
133 else {
134 if (StringParseUint8(&data->proto, 10, 0, args[1]) <= 0) {
135 SCLogError("Malformed protocol number: %s", str_ptr);
136 goto error;
137 }
138 }
139
140 for (i = 0; i < (ret - 1); i++){
141 if (args[i] != NULL)
142 pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
143 }
144
145 pcre2_match_data_free(match);
146 return data;
147
148error:
149 if (match) {
150 pcre2_match_data_free(match);
151 }
152 for (i = 0; i < (ret - 1) && i < 2; i++){
153 if (args[i] != NULL)
154 pcre2_substring_free((PCRE2_UCHAR8 *)args[i]);
155 }
156 if (data != NULL)
157 SCFree(data);
158
159 return NULL;
160}
161
162static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op)
163{
164 SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
165 DetectIPProtoData *data;
166
167 while (sm != NULL) {
168 if (sm->type == DETECT_IPPROTO) {
169 data = (DetectIPProtoData *)sm->ctx;
170 if (data->op == op)
171 return 1;
172 }
173 sm = sm->next;
174 }
175
176 return 0;
177}
178
179/**
180 * \internal
181 * \brief Setup ip_proto keyword.
182 *
183 * \param de_ctx Detection engine context
184 * \param s Signature
185 * \param optstr Options string
186 *
187 * \return Non-zero on error
188 */
189static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, const char *optstr)
190{
191 int i;
192
193 DetectIPProtoData *data = DetectIPProtoParse(optstr);
194 if (data == NULL) {
195 return -1;
196 }
197
198 /* Reset our "any" (or "ip") state: for ipv4, ipv6 and ip cases, the bitfield
199 * s->proto.proto have all bit set to 1 to be able to match any protocols. ipproto
200 * will refined the protocol list and thus it needs to reset the bitfield to zero
201 * before setting the value specified by the ip_proto keyword.
202 */
203 if (s->proto.flags & (DETECT_PROTO_ANY | DETECT_PROTO_IPV6 | DETECT_PROTO_IPV4)) {
204 s->proto.flags &= ~DETECT_PROTO_ANY;
205 memset(s->proto.proto, 0x00, sizeof(s->proto.proto));
206 s->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
207 } else {
208 /* The ipproto engine has a relationship with the protocol that is
209 * set after the action and also the app protocol(that can also be
210 * set through the app-layer-protocol.
211 * An ip_proto keyword can be used only with alert ip, which if
212 * not true we error out on the sig. And hence the init_flag to
213 * indicate this. */
214 if (!(s->init_data->init_flags & SIG_FLAG_INIT_FIRST_IPPROTO_SEEN)) {
215 SCLogError("Signature can use "
216 "ip_proto keyword only when we use alert ip, "
217 "in which case the _ANY flag is set on the sig "
218 "and the if condition should match.");
219 goto error;
220 }
221 }
222
223 int eq_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_EQ);
224 int gt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_GT);
225 int lt_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_LT);
226 int not_set = DetectIPProtoTypePresentForOP(s, DETECT_IPPROTO_OP_NOT);
227
228 switch (data->op) {
229 case DETECT_IPPROTO_OP_EQ:
230 if (eq_set || gt_set || lt_set || not_set) {
231 SCLogError("can't use a eq "
232 "ipproto without any operators attached to "
233 "them in the same sig");
234 goto error;
235 }
236 s->proto.proto[data->proto / 8] |= 1 << (data->proto % 8);
237 break;
238
239 case DETECT_IPPROTO_OP_GT:
240 if (eq_set || gt_set) {
241 SCLogError("can't use a eq or gt "
242 "ipproto along with a greater than ipproto in the "
243 "same sig ");
244 goto error;
245 }
246 if (!lt_set && !not_set) {
247 s->proto.proto[data->proto / 8] = (uint8_t)(0xfe << (data->proto % 8));
248 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
249 s->proto.proto[i] = 0xff;
250 }
251 } else if (lt_set && !not_set) {
252 SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
253 while (temp_sm != NULL) {
254 if (temp_sm->type == DETECT_IPPROTO) {
255 break;
256 }
257 temp_sm = temp_sm->next;
258 }
259 if (temp_sm != NULL) {
260 DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
261 if (data_temp->proto <= data->proto) {
262 SCLogError("can't have "
263 "both gt and lt ipprotos, with the lt being "
264 "lower than gt value");
265 goto error;
266 } else {
267 for (i = 0; i < (data->proto / 8); i++) {
268 s->proto.proto[i] = 0;
269 }
270 s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
271 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
272 s->proto.proto[i] &= 0xff;
273 }
274 }
275 }
276 } else if (!lt_set && not_set) {
277 for (i = 0; i < (data->proto / 8); i++) {
278 s->proto.proto[i] = 0;
279 }
280 s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
281 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
282 s->proto.proto[i] &= 0xff;
283 }
284 } else {
285 DetectIPProtoData *data_temp;
286 SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
287 while (temp_sm != NULL) {
288 if (temp_sm->type == DETECT_IPPROTO &&
289 ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) {
290 break;
291 }
292 temp_sm = temp_sm->next;
293 }
294 if (temp_sm != NULL) {
295 data_temp = (DetectIPProtoData *)temp_sm->ctx;
296 if (data_temp->proto <= data->proto) {
297 SCLogError("can't have "
298 "both gt and lt ipprotos, with the lt being "
299 "lower than gt value");
300 goto error;
301 } else {
302 for (i = 0; i < (data->proto / 8); i++) {
303 s->proto.proto[i] = 0;
304 }
305 s->proto.proto[data->proto / 8] &= 0xfe << (data->proto % 8);
306 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
307 s->proto.proto[i] &= 0xff;
308 }
309 }
310 }
311 }
312 break;
313
314 case DETECT_IPPROTO_OP_LT:
315 if (eq_set || lt_set) {
316 SCLogError("can't use a eq or lt "
317 "ipproto with a less than ipproto in the "
318 "same sig ");
319 goto error;
320 }
321 if (!gt_set && !not_set) {
322 for (i = 0; i < (data->proto / 8); i++) {
323 s->proto.proto[i] = 0xff;
324 }
325 s->proto.proto[data->proto / 8] = (uint8_t)(~(0xff << (data->proto % 8)));
326 } else if (gt_set && !not_set) {
327 SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
328 while (temp_sm != NULL) {
329 if (temp_sm->type == DETECT_IPPROTO) {
330 break;
331 }
332 temp_sm = temp_sm->next;
333 }
334 if (temp_sm != NULL) {
335 DetectIPProtoData *data_temp = (DetectIPProtoData *)temp_sm->ctx;
336 if (data_temp->proto >= data->proto) {
337 SCLogError("can't have "
338 "both gt and lt ipprotos, with the lt being "
339 "lower than gt value");
340 goto error;
341 } else {
342 for (i = 0; i < (data->proto / 8); i++) {
343 s->proto.proto[i] &= 0xff;
344 }
345 s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
346 for (i = (data->proto / 8) + 1; i < 256 / 8; i++) {
347 s->proto.proto[i] = 0;
348 }
349 }
350 }
351 } else if (!gt_set && not_set) {
352 for (i = 0; i < (data->proto / 8); i++) {
353 s->proto.proto[i] &= 0xFF;
354 }
355 s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
356 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
357 s->proto.proto[i] = 0;
358 }
359 } else {
360 DetectIPProtoData *data_temp;
361 SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
362 while (temp_sm != NULL) {
363 if (temp_sm->type == DETECT_IPPROTO &&
364 ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) {
365 break;
366 }
367 temp_sm = temp_sm->next;
368 }
369 if (temp_sm != NULL) {
370 data_temp = (DetectIPProtoData *)temp_sm->ctx;
371 if (data_temp->proto >= data->proto) {
372 SCLogError("can't have "
373 "both gt and lt ipprotos, with the lt being "
374 "lower than gt value");
375 goto error;
376 } else {
377 for (i = 0; i < (data->proto / 8); i++) {
378 s->proto.proto[i] &= 0xFF;
379 }
380 s->proto.proto[data->proto / 8] &= ~(0xff << (data->proto % 8));
381 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
382 s->proto.proto[i] = 0;
383 }
384 }
385 }
386 }
387 break;
388
389 case DETECT_IPPROTO_OP_NOT:
390 if (eq_set) {
391 SCLogError("can't use a eq "
392 "ipproto along with a not ipproto in the "
393 "same sig ");
394 goto error;
395 }
396 if (!gt_set && !lt_set && !not_set) {
397 for (i = 0; i < (data->proto / 8); i++) {
398 s->proto.proto[i] = 0xff;
399 }
400 s->proto.proto[data->proto / 8] = (uint8_t)(~(1 << (data->proto % 8)));
401 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
402 s->proto.proto[i] = 0xff;
403 }
404 } else {
405 for (i = 0; i < (data->proto / 8); i++) {
406 s->proto.proto[i] &= 0xff;
407 }
408 s->proto.proto[data->proto / 8] &= ~(1 << (data->proto % 8));
409 for (i = (data->proto / 8) + 1; i < (256 / 8); i++) {
410 s->proto.proto[i] &= 0xff;
411 }
412 }
413 break;
414 }
415
416 if (SCSigMatchAppendSMToList(
417 de_ctx, s, DETECT_IPPROTO, (SigMatchCtx *)data, DETECT_SM_LIST_MATCH) == NULL) {
418 goto error;
419 }
420 s->flags |= SIG_FLAG_REQUIRE_PACKET;
421
422 return 0;
423
424 error:
425
426 DetectIPProtoFree(de_ctx, data);
427 return -1;
428}
429
430void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
431{
432 SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
433
434 while (sm != NULL) {
435 if (sm->type != DETECT_IPPROTO) {
436 sm = sm->next;
437 continue;
438 }
439 SigMatch *tmp_sm = sm->next;
440 SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_MATCH);
441 SigMatchFree(de_ctx, sm);
442 sm = tmp_sm;
443 }
444}
445
446static void DetectIPProtoFree(DetectEngineCtx *de_ctx, void *ptr)
447{
448 DetectIPProtoData *data = (DetectIPProtoData *)ptr;
449 if (data) {
450 SCFree(data);
451 }
452}
453
454/* UNITTESTS */
455#ifdef UNITTESTS
456#include "detect-engine-alert.h"
457
458/**
459 * \test DetectIPProtoTestParse01 is a test for an invalid proto number
460 */
461static int DetectIPProtoTestParse01(void)
462{
463 DetectIPProtoData *data = DetectIPProtoParse("999");
464 FAIL_IF_NOT(data == NULL);
465 PASS;
466}
467
468/**
469 * \test DetectIPProtoTestParse02 is a test for an invalid proto name
470 */
471static int DetectIPProtoTestParse02(void)
472{
473 DetectIPProtoData *data = DetectIPProtoParse("foobarbooeek");
474 FAIL_IF_NOT(data == NULL);
475 PASS;
476}
477
478/**
479 * \test DetectIPProtoTestSetup01 is a test for a protocol number
480 */
481static int DetectIPProtoTestSetup01(void)
482{
483 const char *value_str = "14";
484 int value;
485 FAIL_IF(StringParseInt32(&value, 10, 0, (const char *)value_str) < 0);
486 int i;
487
488 Signature *sig = SigAlloc();
489 FAIL_IF_NULL(sig);
490
491 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
492 sig->proto.flags |= DETECT_PROTO_ANY;
493 DetectIPProtoSetup(NULL, sig, value_str);
494 for (i = 0; i < (value / 8); i++) {
495 FAIL_IF(sig->proto.proto[i] != 0);
496 }
497 FAIL_IF(sig->proto.proto[value / 8] != 0x40);
498 for (i = (value / 8) + 1; i < (256 / 8); i++) {
499 FAIL_IF(sig->proto.proto[i] != 0);
500 }
501 SigFree(NULL, sig);
502 PASS;
503}
504
505/**
506 * \test DetectIPProtoTestSetup02 is a test for a protocol name
507 */
508static int DetectIPProtoTestSetup02(void)
509{
510 int result = 0;
511 Signature *sig = NULL;
512 const char *value_str = "tcp";
513 struct protoent *pent = getprotobyname(value_str);
514 if (pent == NULL) {
515 goto end;
516 }
517 uint8_t value = (uint8_t)pent->p_proto;
518 int i;
519
520 if ((sig = SigAlloc()) == NULL)
521 goto end;
522
523 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
524 sig->proto.flags |= DETECT_PROTO_ANY;
525 DetectIPProtoSetup(NULL, sig, value_str);
526 for (i = 0; i < (value / 8); i++) {
527 if (sig->proto.proto[i] != 0)
528 goto end;
529 }
530 if (sig->proto.proto[value / 8] != 0x40) {
531 goto end;
532 }
533 for (i = (value / 8) + 1; i < (256 / 8); i++) {
534 if (sig->proto.proto[i] != 0)
535 goto end;
536 }
537
538 result = 1;
539
540 end:
541 if (sig != NULL)
542 SigFree(NULL, sig);
543 return result;
544}
545
546/**
547 * \test DetectIPProtoTestSetup03 is a test for a < operator
548 */
549static int DetectIPProtoTestSetup03(void)
550{
551 int result = 0;
552 Signature *sig;
553 const char *value_str = "<14";
554 int value = 14;
555 int i;
556
557 if ((sig = SigAlloc()) == NULL)
558 goto end;
559
560 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
561 sig->proto.flags |= DETECT_PROTO_ANY;
562 DetectIPProtoSetup(NULL, sig, value_str);
563 for (i = 0; i < (value / 8); i++) {
564 if (sig->proto.proto[i] != 0xFF)
565 goto end;
566 }
567 if (sig->proto.proto[value / 8] != 0x3F) {
568 goto end;
569 }
570 for (i = (value / 8) + 1; i < (256 / 8); i++) {
571 if (sig->proto.proto[i] != 0)
572 goto end;
573 }
574
575 result = 1;
576
577 end:
578 SigFree(NULL, sig);
579 return result;
580}
581
582/**
583 * \test DetectIPProtoTestSetup04 is a test for a > operator
584 */
585static int DetectIPProtoTestSetup04(void)
586{
587 int result = 0;
588 Signature *sig;
589 const char *value_str = ">14";
590 int value = 14;
591 int i;
592
593 if ((sig = SigAlloc()) == NULL)
594 goto end;
595
596 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
597 sig->proto.flags |= DETECT_PROTO_ANY;
598 DetectIPProtoSetup(NULL, sig, value_str);
599 for (i = 0; i < (value / 8); i++) {
600 if (sig->proto.proto[i] != 0)
601 goto end;
602 }
603 if (sig->proto.proto[value / 8] != 0x80) {
604 goto end;
605 }
606 for (i = (value / 8) + 1; i < (256 / 8); i++) {
607 if (sig->proto.proto[i] != 0xFF)
608 goto end;
609 }
610
611 result = 1;
612
613 end:
614 SigFree(NULL, sig);
615 return result;
616}
617
618/**
619 * \test DetectIPProtoTestSetup05 is a test for a ! operator
620 */
621static int DetectIPProtoTestSetup05(void)
622{
623 int result = 0;
624 Signature *sig;
625 const char *value_str = "!14";
626 int value = 14;
627 int i;
628
629 if ((sig = SigAlloc()) == NULL)
630 goto end;
631
632 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
633 sig->proto.flags |= DETECT_PROTO_ANY;
634 DetectIPProtoSetup(NULL, sig, value_str);
635 for (i = 0; i < (value / 8); i++) {
636 if (sig->proto.proto[i] != 0xFF)
637 goto end;
638 }
639 if (sig->proto.proto[value / 8] != 0xBF) {
640 goto end;
641 }
642 for (i = (value / 8) + 1; i < (256 / 8); i++) {
643 if (sig->proto.proto[i] != 0xFF)
644 goto end;
645 }
646
647 result = 1;
648
649 end:
650 SigFree(NULL, sig);
651 return result;
652}
653
654/**
655 * \test Negative test.
656 */
657static int DetectIPProtoTestSetup06(void)
658{
659 int result = 0;
660 Signature *sig;
661 const char *value1_str = "14";
662 const char *value2_str = "15";
663
664 if ((sig = SigAlloc()) == NULL)
665 goto end;
666
667 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
668 sig->proto.flags |= DETECT_PROTO_ANY;
669 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
670 goto end;
671 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
672 goto end;
673
674 result = 1;
675
676 end:
677 SigFree(NULL, sig);
678 return result;
679}
680
681/**
682 * \test Negative test.
683 */
684static int DetectIPProtoTestSetup07(void)
685{
686 int result = 0;
687 Signature *sig;
688 const char *value1_str = "14";
689 const char *value2_str = "<15";
690
691 if ((sig = SigAlloc()) == NULL)
692 goto end;
693
694 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
695 sig->proto.flags |= DETECT_PROTO_ANY;
696 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
697 goto end;
698 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
699 goto end;
700
701 result = 1;
702
703 end:
704 SigFree(NULL, sig);
705 return result;
706}
707
708/**
709 * \test Negative test.
710 */
711static int DetectIPProtoTestSetup08(void)
712{
713 int result = 0;
714 Signature *sig;
715 const char *value1_str = "14";
716 const char *value2_str = ">15";
717
718 if ((sig = SigAlloc()) == NULL)
719 goto end;
720
721 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
722 sig->proto.flags |= DETECT_PROTO_ANY;
723 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
724 goto end;
725 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
726 goto end;
727
728 result = 1;
729
730 end:
731 SigFree(NULL, sig);
732 return result;
733}
734
735/**
736 * \test Negative test.
737 */
738static int DetectIPProtoTestSetup09(void)
739{
740 int result = 0;
741 Signature *sig;
742 const char *value1_str = "14";
743 const char *value2_str = "!15";
744
745 if ((sig = SigAlloc()) == NULL)
746 goto end;
747
748 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
749 sig->proto.flags |= DETECT_PROTO_ANY;
750 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
751 goto end;
752 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
753 goto end;
754
755 result = 1;
756
757 end:
758 SigFree(NULL, sig);
759 return result;
760}
761
762/**
763 * \test Negative test.
764 */
765static int DetectIPProtoTestSetup10(void)
766{
767 int result = 0;
768 Signature *sig;
769 const char *value1_str = ">14";
770 const char *value2_str = "15";
771
772 if ((sig = SigAlloc()) == NULL)
773 goto end;
774
775 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
776 sig->proto.flags |= DETECT_PROTO_ANY;
777 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
778 goto end;
779 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
780 goto end;
781
782 result = 1;
783
784 end:
785 SigFree(NULL, sig);
786 return result;
787}
788
789/**
790 * \test Negative test.
791 */
792static int DetectIPProtoTestSetup11(void)
793{
794 int result = 0;
795 Signature *sig;
796 const char *value1_str = "<14";
797 const char *value2_str = "15";
798
799 if ((sig = SigAlloc()) == NULL)
800 goto end;
801
802 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
803 sig->proto.flags |= DETECT_PROTO_ANY;
804 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
805 goto end;
806 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
807 goto end;
808
809 result = 1;
810
811 end:
812 SigFree(NULL, sig);
813 return result;
814}
815
816/**
817 * \test Negative test.
818 */
819static int DetectIPProtoTestSetup12(void)
820{
821 int result = 0;
822 Signature *sig;
823 const char *value1_str = "!14";
824 const char *value2_str = "15";
825
826 if ((sig = SigAlloc()) == NULL)
827 goto end;
828
829 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
830 sig->proto.flags |= DETECT_PROTO_ANY;
831 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
832 goto end;
833 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
834 goto end;
835
836 result = 1;
837
838 end:
839 SigFree(NULL, sig);
840 return result;
841}
842
843/**
844 * \test Negative test.
845 */
846static int DetectIPProtoTestSetup13(void)
847{
848 int result = 0;
849 Signature *sig;
850 const char *value1_str = ">14";
851 const char *value2_str = ">15";
852
853 if ((sig = SigAlloc()) == NULL)
854 goto end;
855
856 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
857 sig->proto.flags |= DETECT_PROTO_ANY;
858 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
859 goto end;
860 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
861 goto end;
862
863 result = 1;
864
865 end:
866 SigFree(NULL, sig);
867 return result;
868}
869
870static int DetectIPProtoTestSetup14(void)
871{
872 int result = 0;
873 Signature *sig;
874 const char *value1_str = "<14";
875 const char *value2_str = "<15";
876
877 if ((sig = SigAlloc()) == NULL)
878 goto end;
879
880 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
881 sig->proto.flags |= DETECT_PROTO_ANY;
882 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
883 goto end;
884 if (DetectIPProtoSetup(NULL, sig, value2_str) != -1)
885 goto end;
886
887 result = 1;
888
889 end:
890 SigFree(NULL, sig);
891 return result;
892}
893
894static int DetectIPProtoTestSetup15(void)
895{
896 int result = 0;
897 Signature *sig;
898 const char *value1_str = "<14";
899 int value1 = 14;
900 const char *value2_str = ">34";
901 int i;
902
903 if ((sig = SigAlloc()) == NULL)
904 goto end;
905
906 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
907 sig->proto.flags |= DETECT_PROTO_ANY;
908 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
909 goto end;
910 for (i = 0; i < (value1 / 8); i++) {
911 if (sig->proto.proto[i] != 0xFF)
912 goto end;
913 }
914 if (sig->proto.proto[value1 / 8] != 0x3F) {
915 goto end;
916 }
917 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
918 if (sig->proto.proto[i] != 0)
919 goto end;
920 }
921 if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
922 goto end;
923
924 result = 1;
925
926 end:
927 SigFree(NULL, sig);
928 return result;
929}
930
931static int DetectIPProtoTestSetup16(void)
932{
933 int result = 0;
934 Signature *sig;
935 const char *value1_str = "<14";
936 const char *value2_str = ">34";
937 int value2 = 34;
938 int i;
939
940 if ((sig = SigAlloc()) == NULL)
941 goto end;
942
943 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
944 sig->proto.flags |= DETECT_PROTO_ANY;
945 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
946 goto end;
947 for (i = 0; i < (value2 / 8); i++) {
948 if (sig->proto.proto[i] != 0)
949 goto end;
950 }
951 if (sig->proto.proto[value2 / 8] != 0xF8) {
952 goto end;
953 }
954 for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
955 if (sig->proto.proto[i] != 0xFF)
956 goto end;
957 }
958 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
959 goto end;
960
961 result = 1;
962
963 end:
964 SigFree(NULL, sig);
965 return result;
966}
967
968static int DetectIPProtoTestSetup17(void)
969{
970 int result = 0;
971 Signature *sig;
972 const char *value1_str = "<11";
973 int value1 = 11;
974 const char *value2_str = ">13";
975 int i;
976
977 if ((sig = SigAlloc()) == NULL)
978 goto end;
979
980 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
981 sig->proto.flags |= DETECT_PROTO_ANY;
982 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
983 goto end;
984 for (i = 0; i < (value1 / 8); i++) {
985 if (sig->proto.proto[i] != 0xFF)
986 goto end;
987 }
988 if (sig->proto.proto[value1 / 8] != 0x07) {
989 goto end;
990 }
991 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
992 if (sig->proto.proto[i] != 0)
993 goto end;
994 }
995 if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
996 goto end;
997
998 result = 1;
999
1000 end:
1001 SigFree(NULL, sig);
1002 return result;
1003}
1004
1005static int DetectIPProtoTestSetup18(void)
1006{
1007 int result = 0;
1008 Signature *sig;
1009 const char *value1_str = "<11";
1010 const char *value2_str = ">13";
1011 int value2 = 13;
1012 int i;
1013
1014 if ((sig = SigAlloc()) == NULL)
1015 goto end;
1016
1017 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1018 sig->proto.flags |= DETECT_PROTO_ANY;
1019 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1020 goto end;
1021 for (i = 0; i < (value2 / 8); i++) {
1022 if (sig->proto.proto[i] != 0)
1023 goto end;
1024 }
1025 if (sig->proto.proto[value2 / 8] != 0xC0) {
1026 goto end;
1027 }
1028 for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1029 if (sig->proto.proto[i] != 0xFF)
1030 goto end;
1031 }
1032 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1033 goto end;
1034
1035 result = 1;
1036
1037 end:
1038 SigFree(NULL, sig);
1039 return result;
1040}
1041
1042static int DetectIPProtoTestSetup19(void)
1043{
1044 int result = 0;
1045 Signature *sig;
1046 const char *value1_str = "<11";
1047 int value1 = 11;
1048 const char *value2_str = "!13";
1049 const char *value3_str = ">36";
1050 int i;
1051
1052 if ((sig = SigAlloc()) == NULL)
1053 goto end;
1054
1055 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1056 sig->proto.flags |= DETECT_PROTO_ANY;
1057 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1058 goto end;
1059 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1060 goto end;
1061 for (i = 0; i < (value1 / 8); i++) {
1062 if (sig->proto.proto[i] != 0xFF)
1063 goto end;
1064 }
1065 if (sig->proto.proto[value1 / 8] != 0x07) {
1066 goto end;
1067 }
1068 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1069 if (sig->proto.proto[i] != 0)
1070 goto end;
1071 }
1072 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1073 goto end;
1074
1075 result = 1;
1076
1077 end:
1078 SigFree(NULL, sig);
1079 return result;
1080}
1081
1082static int DetectIPProtoTestSetup20(void)
1083{
1084 int result = 0;
1085 Signature *sig;
1086 const char *value1_str = "<11";
1087 int value1 = 11;
1088 const char *value3_str = ">36";
1089 int i;
1090
1091 if ((sig = SigAlloc()) == NULL)
1092 goto end;
1093
1094 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1095 sig->proto.flags |= DETECT_PROTO_ANY;
1096 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1097 goto end;
1098 for (i = 0; i < (value1 / 8); i++) {
1099 if (sig->proto.proto[i] != 0xFF)
1100 goto end;
1101 }
1102 if (sig->proto.proto[value1 / 8] != 0x07) {
1103 goto end;
1104 }
1105 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1106 if (sig->proto.proto[i] != 0)
1107 goto end;
1108 }
1109 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1110 goto end;
1111
1112 result = 1;
1113
1114 end:
1115 SigFree(NULL, sig);
1116 return result;
1117}
1118
1119static int DetectIPProtoTestSetup21(void)
1120{
1121 int result = 0;
1122 Signature *sig;
1123 const char *value1_str = "<11";
1124 int value1 = 11;
1125 const char *value2_str = "!13";
1126 const char *value3_str = ">36";
1127 int i;
1128
1129 if ((sig = SigAlloc()) == NULL)
1130 goto end;
1131
1132 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1133 sig->proto.flags |= DETECT_PROTO_ANY;
1134 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1135 goto end;
1136 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1137 goto end;
1138 for (i = 0; i < (value1 / 8); i++) {
1139 if (sig->proto.proto[i] != 0xFF)
1140 goto end;
1141 }
1142 if (sig->proto.proto[value1 / 8] != 0x07) {
1143 goto end;
1144 }
1145 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1146 if (sig->proto.proto[i] != 0)
1147 goto end;
1148 }
1149 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1150 goto end;
1151
1152 result = 1;
1153
1154 end:
1155 SigFree(NULL, sig);
1156 return result;
1157}
1158
1159static int DetectIPProtoTestSetup22(void)
1160{
1161 int result = 0;
1162 Signature *sig;
1163 const char *value1_str = "<11";
1164 const char *value2_str = "!13";
1165 const char *value3_str = ">36";
1166 int value3 = 36;
1167 int i;
1168
1169 if ((sig = SigAlloc()) == NULL)
1170 goto end;
1171
1172 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1173 sig->proto.flags |= DETECT_PROTO_ANY;
1174 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1175 goto end;
1176 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1177 goto end;
1178 for (i = 0; i < (value3 / 8); i++) {
1179 if (sig->proto.proto[i] != 0)
1180 goto end;
1181 }
1182 if (sig->proto.proto[value3 / 8] != 0xE0) {
1183 goto end;
1184 }
1185 for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1186 if (sig->proto.proto[i] != 0xFF)
1187 goto end;
1188 }
1189 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1190 goto end;
1191
1192 result = 1;
1193
1194 end:
1195 SigFree(NULL, sig);
1196 return result;
1197}
1198
1199static int DetectIPProtoTestSetup23(void)
1200{
1201 int result = 0;
1202 Signature *sig;
1203 const char *value1_str = "<11";
1204 const char *value3_str = ">36";
1205 int value3 = 36;
1206 int i;
1207
1208 if ((sig = SigAlloc()) == NULL)
1209 goto end;
1210
1211 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1212 sig->proto.flags |= DETECT_PROTO_ANY;
1213 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1214 goto end;
1215 for (i = 0; i < (value3 / 8); i++) {
1216 if (sig->proto.proto[i] != 0)
1217 goto end;
1218 }
1219 if (sig->proto.proto[value3 / 8] != 0xE0) {
1220 goto end;
1221 }
1222 for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1223 if (sig->proto.proto[i] != 0xFF)
1224 goto end;
1225 }
1226 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1227 goto end;
1228
1229 result = 1;
1230
1231 end:
1232 SigFree(NULL, sig);
1233 return result;
1234}
1235
1236static int DetectIPProtoTestSetup24(void)
1237{
1238 int result = 0;
1239 Signature *sig;
1240 const char *value1_str = "<11";
1241 const char *value2_str = "!13";
1242 const char *value3_str = ">36";
1243 int value3 = 36;
1244 int i;
1245
1246 if ((sig = SigAlloc()) == NULL)
1247 goto end;
1248
1249 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1250 sig->proto.flags |= DETECT_PROTO_ANY;
1251 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1252 goto end;
1253 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1254 goto end;
1255 for (i = 0; i < (value3 / 8); i++) {
1256 if (sig->proto.proto[i] != 0)
1257 goto end;
1258 }
1259 if (sig->proto.proto[value3 / 8] != 0xE0) {
1260 goto end;
1261 }
1262 for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1263 if (sig->proto.proto[i] != 0xFF)
1264 goto end;
1265 }
1266 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1267 goto end;
1268
1269 result = 1;
1270
1271 end:
1272 SigFree(NULL, sig);
1273 return result;
1274}
1275
1276static int DetectIPProtoTestSetup33(void)
1277{
1278 int result = 0;
1279 Signature *sig;
1280 const char *value1_str = "<11";
1281 int value1 = 11;
1282 const char *value2_str = "!34";
1283 const char *value3_str = ">36";
1284 int i;
1285
1286 if ((sig = SigAlloc()) == NULL)
1287 goto end;
1288
1289 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1290 sig->proto.flags |= DETECT_PROTO_ANY;
1291 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1292 goto end;
1293 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1294 goto end;
1295 for (i = 0; i < (value1 / 8); i++) {
1296 if (sig->proto.proto[i] != 0xFF)
1297 goto end;
1298 }
1299 if (sig->proto.proto[value1 / 8] != 0x07) {
1300 goto end;
1301 }
1302 for (i = (value1 / 8) + 1; i < (256 / 8); i++) {
1303 if (sig->proto.proto[i] != 0)
1304 goto end;
1305 }
1306 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1307 goto end;
1308
1309 result = 1;
1310
1311 end:
1312 SigFree(NULL, sig);
1313 return result;
1314}
1315
1316static int DetectIPProtoTestSetup34(void)
1317{
1318 int result = 0;
1319 Signature *sig;
1320 const char *value1_str = "<11";
1321 int value1 = 11;
1322 const char *value2_str = "!34";
1323 const char *value3_str = ">36";
1324 int value3 = 36;
1325 int i;
1326
1327 if ((sig = SigAlloc()) == NULL)
1328 goto end;
1329
1330 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1331 sig->proto.flags |= DETECT_PROTO_ANY;
1332 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1333 goto end;
1334 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1335 goto end;
1336 for (i = 0; i < (value1 / 8); i++) {
1337 if (sig->proto.proto[i] != 0)
1338 goto end;
1339 }
1340 if (sig->proto.proto[value3 / 8] != 0xE0) {
1341 goto end;
1342 }
1343 for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1344 if (sig->proto.proto[i] != 0xFF)
1345 goto end;
1346 }
1347 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1348 goto end;
1349
1350 result = 1;
1351
1352 end:
1353 SigFree(NULL, sig);
1354 return result;
1355}
1356
1357static int DetectIPProtoTestSetup36(void)
1358{
1359 int result = 0;
1360 Signature *sig;
1361 const char *value1_str = "<11";
1362 const char *value2_str = "!34";
1363 const char *value3_str = ">36";
1364 int value3 = 36;
1365 int i;
1366
1367 if ((sig = SigAlloc()) == NULL)
1368 goto end;
1369
1370 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1371 sig->proto.flags |= DETECT_PROTO_ANY;
1372 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1373 goto end;
1374 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1375 goto end;
1376 for (i = 0; i < (value3 / 8); i++) {
1377 if (sig->proto.proto[i] != 0)
1378 goto end;
1379 }
1380 if (sig->proto.proto[value3 / 8] != 0xE0) {
1381 goto end;
1382 }
1383 for (i = (value3 / 8) + 1; i < (256 / 8); i++) {
1384 if (sig->proto.proto[i] != 0xFF)
1385 goto end;
1386 }
1387 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1388 goto end;
1389
1390 result = 1;
1391
1392 end:
1393 SigFree(NULL, sig);
1394 return result;
1395}
1396
1397static int DetectIPProtoTestSetup43(void)
1398{
1399 int result = 0;
1400 Signature *sig;
1401 const char *value1_str = "!4";
1402 int value1 = 4;
1403 const char *value2_str = "<13";
1404 int value2 = 13;
1405 const char *value3_str = ">34";
1406 int i;
1407
1408 if ((sig = SigAlloc()) == NULL)
1409 goto end;
1410
1411 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1412 sig->proto.flags |= DETECT_PROTO_ANY;
1413 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1414 goto end;
1415 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1416 goto end;
1417 if (sig->proto.proto[value1 / 8] != 0xEF) {
1418 goto end;
1419 }
1420 for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1421 if (sig->proto.proto[i] != 0xFF)
1422 goto end;
1423 }
1424 if (sig->proto.proto[value2 / 8] != 0x1F) {
1425 goto end;
1426 }
1427 for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1428 if (sig->proto.proto[i] != 0)
1429 goto end;
1430 }
1431 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1432 goto end;
1433
1434 result = 1;
1435
1436 end:
1437 SigFree(NULL, sig);
1438 return result;
1439}
1440
1441static int DetectIPProtoTestSetup44(void)
1442{
1443 int result = 0;
1444 Signature *sig;
1445 const char *value1_str = "!4";
1446 const char *value2_str = "<13";
1447 const char *value3_str = ">34";
1448 int value3 = 34;
1449 int i;
1450
1451 if ((sig = SigAlloc()) == NULL)
1452 goto end;
1453
1454 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1455 sig->proto.flags |= DETECT_PROTO_ANY;
1456 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1457 goto end;
1458 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1459 goto end;
1460 for (i = 0; i < (value3 / 8); i++) {
1461 if (sig->proto.proto[i] != 0)
1462 goto end;
1463 }
1464 if (sig->proto.proto[value3 / 8] != 0xF8) {
1465 goto end;
1466 }
1467 for (i = (value3 / 8) + 1; i < 256 / 8; i++) {
1468 if (sig->proto.proto[i] != 0xFF)
1469 goto end;
1470 }
1471 if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1472 goto end;
1473
1474 result = 1;
1475
1476 end:
1477 SigFree(NULL, sig);
1478 return result;
1479}
1480
1481static int DetectIPProtoTestSetup45(void)
1482{
1483 int result = 0;
1484 Signature *sig;
1485 const char *value1_str = "!4";
1486 int value1 = 4;
1487 const char *value2_str = "<13";
1488 int value2 = 13;
1489 const char *value3_str = ">34";
1490 int i;
1491
1492 if ((sig = SigAlloc()) == NULL)
1493 goto end;
1494
1495 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1496 sig->proto.flags |= DETECT_PROTO_ANY;
1497 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1498 goto end;
1499 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1500 goto end;
1501 if (sig->proto.proto[value1 / 8] != 0xEF) {
1502 goto end;
1503 }
1504 for (i = (value1 / 8) + 1; i < (value2 / 8); i++) {
1505 if (sig->proto.proto[i] != 0xFF)
1506 goto end;
1507 }
1508 if (sig->proto.proto[value2 / 8] != 0x1F) {
1509 goto end;
1510 }
1511 for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1512 if (sig->proto.proto[i] != 0)
1513 goto end;
1514 }
1515 if (DetectIPProtoSetup(NULL, sig, value3_str) == 0)
1516 goto end;
1517
1518 result = 1;
1519
1520 end:
1521 SigFree(NULL, sig);
1522 return result;
1523}
1524
1525static int DetectIPProtoTestSetup56(void)
1526{
1527 int result = 0;
1528 Signature *sig;
1529 const char *value1_str = "<13";
1530 int value1 = 13;
1531 const char *value2_str = ">34";
1532 const char *value3_str = "!37";
1533 int i;
1534
1535 if ((sig = SigAlloc()) == NULL)
1536 goto end;
1537
1538 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1539 sig->proto.flags |= DETECT_PROTO_ANY;
1540 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1541 goto end;
1542 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1543 goto end;
1544 for (i = 0; i < (value1 / 8); i++) {
1545 if (sig->proto.proto[i] != 0xFF)
1546 goto end;
1547 }
1548 if (sig->proto.proto[value1 / 8] != 0x1F) {
1549 goto end;
1550 }
1551 for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1552 if (sig->proto.proto[i] != 0)
1553 goto end;
1554 }
1555 if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1556 goto end;
1557
1558 result = 1;
1559
1560 end:
1561 SigFree(NULL, sig);
1562 return result;
1563}
1564
1565static int DetectIPProtoTestSetup75(void)
1566{
1567 int result = 0;
1568 Signature *sig;
1569 const char *value1_str = "!8";
1570 const char *value2_str = ">10";
1571 int value2 = 10;
1572 int i;
1573
1574 if ((sig = SigAlloc()) == NULL)
1575 goto end;
1576
1577 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1578 sig->proto.flags |= DETECT_PROTO_ANY;
1579 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1580 goto end;
1581 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1582 goto end;
1583 for (i = 0; i < (value2 / 8); i++) {
1584 if (sig->proto.proto[i] != 0)
1585 goto end;
1586 }
1587 if (sig->proto.proto[value2 / 8] != 0xF8) {
1588 goto end;
1589 }
1590 for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1591 if (sig->proto.proto[i] != 0xFF)
1592 goto end;
1593 }
1594
1595 result = 1;
1596
1597 end:
1598 SigFree(NULL, sig);
1599 return result;
1600}
1601
1602static int DetectIPProtoTestSetup76(void)
1603{
1604 int result = 0;
1605 Signature *sig;
1606 const char *value1_str = "!8";
1607 const char *value2_str = ">10";
1608 int value2 = 10;
1609 int i;
1610
1611 if ((sig = SigAlloc()) == NULL)
1612 goto end;
1613
1614 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1615 sig->proto.flags |= DETECT_PROTO_ANY;
1616 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1617 goto end;
1618 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1619 goto end;
1620 for (i = 0; i < (value2 / 8); i++) {
1621 if (sig->proto.proto[i] != 0)
1622 goto end;
1623 }
1624 if (sig->proto.proto[value2 / 8] != 0xF8) {
1625 goto end;
1626 }
1627 for (i = (value2 / 8) + 1; i < (256 / 8); i++) {
1628 if (sig->proto.proto[i] != 0xFF)
1629 goto end;
1630 }
1631
1632 result = 1;
1633
1634 end:
1635 SigFree(NULL, sig);
1636 return result;
1637}
1638
1639static int DetectIPProtoTestSetup129(void)
1640{
1641 int result = 0;
1642 Signature *sig;
1643 const char *value1_str = "<10";
1644 int value1 = 10;
1645 const char *value2_str = ">10";
1646 int i;
1647
1648 if ((sig = SigAlloc()) == NULL)
1649 goto end;
1650
1651 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1652 sig->proto.flags |= DETECT_PROTO_ANY;
1653 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1654 goto end;
1655 for (i = 0; i < (value1 / 8); i++) {
1656 if (sig->proto.proto[i] != 0xFF)
1657 goto end;
1658 }
1659 if (sig->proto.proto[value1 / 8] != 0x03) {
1660 goto end;
1661 }
1662 for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1663 if (sig->proto.proto[i] != 0)
1664 goto end;
1665 }
1666 if (DetectIPProtoSetup(NULL, sig, value2_str) == 0)
1667 goto end;
1668
1669 result = 1;
1670
1671 end:
1672 SigFree(NULL, sig);
1673 return result;
1674}
1675
1676static int DetectIPProtoTestSetup130(void)
1677{
1678 int result = 0;
1679 Signature *sig;
1680 const char *value1_str = "<10";
1681 const char *value2_str = ">10";
1682 int value2 = 10;
1683 int i;
1684
1685 if ((sig = SigAlloc()) == NULL)
1686 goto end;
1687
1688 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1689 sig->proto.flags |= DETECT_PROTO_ANY;
1690 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1691 goto end;
1692 if (DetectIPProtoSetup(NULL, sig, value1_str) == 0)
1693 goto end;
1694 for (i = 0; i < (value2 / 8); i++) {
1695 if (sig->proto.proto[i] != 0)
1696 goto end;
1697 }
1698 if (sig->proto.proto[value2 / 8] != 0xF8) {
1699 goto end;
1700 }
1701 for (i = (value2 / 8) + 1; i < 256 / 8; i++) {
1702 if (sig->proto.proto[i] != 0xFF)
1703 goto end;
1704 }
1705
1706 result = 1;
1707
1708 end:
1709 SigFree(NULL, sig);
1710 return result;
1711}
1712
1713static int DetectIPProtoTestSetup131(void)
1714{
1715 int result = 0;
1716 Signature *sig;
1717 const char *value1_str = "<10";
1718 int value1 = 10;
1719 const char *value2_str = "!10";
1720 int i;
1721
1722 if ((sig = SigAlloc()) == NULL)
1723 goto end;
1724
1725 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1726 sig->proto.flags |= DETECT_PROTO_ANY;
1727 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1728 goto end;
1729 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1730 goto end;
1731 for (i = 0; i < (value1 / 8); i++) {
1732 if (sig->proto.proto[i] != 0xFF)
1733 goto end;
1734 }
1735 if (sig->proto.proto[value1 / 8] != 0x03) {
1736 goto end;
1737 }
1738 for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1739 if (sig->proto.proto[i] != 0x0)
1740 goto end;
1741 }
1742
1743 result = 1;
1744
1745 end:
1746 SigFree(NULL, sig);
1747 return result;
1748}
1749
1750static int DetectIPProtoTestSetup132(void)
1751{
1752 int result = 0;
1753 Signature *sig;
1754 const char *value1_str = "<10";
1755 int value1 = 10;
1756 const char *value2_str = "!10";
1757 int i;
1758
1759 if ((sig = SigAlloc()) == NULL)
1760 goto end;
1761
1762 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1763 sig->proto.flags |= DETECT_PROTO_ANY;
1764 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1765 goto end;
1766 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1767 goto end;
1768 for (i = 0; i < (value1 / 8); i++) {
1769 if (sig->proto.proto[i] != 0xFF)
1770 goto end;
1771 }
1772 if (sig->proto.proto[value1 / 8] != 0x03) {
1773 goto end;
1774 }
1775 for (i = (value1 / 8) + 1; i < 256 / 8; i++) {
1776 if (sig->proto.proto[i] != 0x0)
1777 goto end;
1778 }
1779
1780 result = 1;
1781
1782 end:
1783 SigFree(NULL, sig);
1784 return result;
1785}
1786
1787static int DetectIPProtoTestSetup145(void)
1788{
1789 int result = 0;
1790 Signature *sig;
1791 const char *value1_str = "!4";
1792 const char *value2_str = ">8";
1793 const char *value3_str = "!10";
1794 const char *value4_str = "!14";
1795 const char *value5_str = "!27";
1796 const char *value6_str = "!29";
1797 const char *value7_str = "!30";
1798 const char *value8_str = "!34";
1799 const char *value9_str = "<36";
1800 const char *value10_str = "!38";
1801 int value10 = 38;
1802
1803 int i;
1804
1805 if ((sig = SigAlloc()) == NULL)
1806 goto end;
1807
1808 sig->init_data->init_flags |= SIG_FLAG_INIT_FIRST_IPPROTO_SEEN;
1809 sig->proto.flags |= DETECT_PROTO_ANY;
1810 if (DetectIPProtoSetup(NULL, sig, value5_str) != 0)
1811 goto end;
1812 if (DetectIPProtoSetup(NULL, sig, value8_str) != 0)
1813 goto end;
1814 if (DetectIPProtoSetup(NULL, sig, value2_str) != 0)
1815 goto end;
1816 if (DetectIPProtoSetup(NULL, sig, value10_str) != 0)
1817 goto end;
1818 if (DetectIPProtoSetup(NULL, sig, value1_str) != 0)
1819 goto end;
1820 if (DetectIPProtoSetup(NULL, sig, value6_str) != 0)
1821 goto end;
1822 if (DetectIPProtoSetup(NULL, sig, value9_str) != 0)
1823 goto end;
1824 if (DetectIPProtoSetup(NULL, sig, value4_str) != 0)
1825 goto end;
1826 if (DetectIPProtoSetup(NULL, sig, value3_str) != 0)
1827 goto end;
1828 if (DetectIPProtoSetup(NULL, sig, value7_str) != 0)
1829 goto end;
1830 if (sig->proto.proto[0] != 0) {
1831 goto end;
1832 }
1833 if (sig->proto.proto[1] != 0xBA) {
1834 goto end;
1835 }
1836 if (sig->proto.proto[2] != 0xFF) {
1837 goto end;
1838 }
1839 if (sig->proto.proto[3] != 0x97) {
1840 goto end;
1841 }
1842 if (sig->proto.proto[4] != 0x0B) {
1843 goto end;
1844 }
1845 for (i = (value10 / 8) + 1; i < 256 / 8; i++) {
1846 if (sig->proto.proto[i] != 0)
1847 goto end;
1848 }
1849
1850 result = 1;
1851
1852 end:
1853 SigFree(NULL, sig);
1854 return result;
1855}
1856
1857static int DetectIPProtoTestSig1(void)
1858{
1859 int result = 0;
1860 uint8_t *buf = (uint8_t *)
1861 "GET /one/ HTTP/1.1\r\n"
1862 "Host: one.example.org\r\n"
1863 "\r\n";
1864 uint16_t buflen = strlen((char *)buf);
1865 Packet *p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
1866 if (p == NULL)
1867 return 0;
1868
1869 const char *sigs[4];
1870 sigs[0] = "alert ip any any -> any any "
1871 "(msg:\"Not tcp\"; ip_proto:!tcp; content:\"GET \"; sid:1;)";
1872 sigs[1] = "alert ip any any -> any any "
1873 "(msg:\"Less than 7\"; content:\"GET \"; ip_proto:<7; sid:2;)";
1874 sigs[2] = "alert ip any any -> any any "
1875 "(msg:\"Greater than 5\"; content:\"GET \"; ip_proto:>5; sid:3;)";
1876 sigs[3] = "alert ip any any -> any any "
1877 "(msg:\"Equals tcp\"; content:\"GET \"; ip_proto:tcp; sid:4;)";
1878
1879 /* sids to match */
1880 uint32_t sid[4] = {1, 2, 3, 4};
1881 /* expected matches for each sid within this packet we are testing */
1882 uint32_t results[4] = {0, 1, 1, 1};
1883
1884 /* remember that UTHGenericTest expect the first parameter
1885 * as an array of packet pointers. And also a bidimensional array of results
1886 * For example:
1887 * results[numpacket][position] should hold the number of times
1888 * that the sid at sid[position] matched that packet (should be always 1..)
1889 * But here we built it as unidimensional array
1890 */
1891 result = UTHGenericTest(&p, 1, sigs, sid, results, 4);
1892
1893 UTHFreePacket(p);
1894 return result;
1895}
1896
1897static int DetectIPProtoTestSig2(void)
1898{
1899 int result = 0;
1900
1901 uint8_t raw_eth[] = {
1902 0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1903 0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1904 0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1905 0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1906 0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1907 0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1908 0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1909 0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1910 0x4a, 0xea, 0x7a, 0x8e,
1911 };
1912
1913 Packet *p = PacketGetFromAlloc();
1914 if (unlikely(p == NULL))
1915 return 0;
1916
1917 DecodeThreadVars dtv;
1918 ThreadVars th_v;
1919 DetectEngineThreadCtx *det_ctx = NULL;
1920
1921 p->proto = 0;
1922 memset(&dtv, 0, sizeof(DecodeThreadVars));
1923 memset(&th_v, 0, sizeof(th_v));
1924
1925 FlowInitConfig(FLOW_QUIET);
1926 DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
1927
1928 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
1929 if (de_ctx == NULL) {
1930 goto end;
1931 }
1932
1933 de_ctx->mpm_matcher = mpm_default_matcher;
1934 de_ctx->flags |= DE_QUIET;
1935
1936 de_ctx->sig_list = SigInit(de_ctx,
1937 "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
1938 "ip_proto:!103; sid:1;)");
1939 if (de_ctx->sig_list == NULL) {
1940 result = 0;
1941 goto end;
1942 }
1943
1944 SigGroupBuild(de_ctx);
1945 DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
1946
1947 SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
1948 if (PacketAlertCheck(p, 1) == 0) {
1949 result = 1;
1950 goto end;
1951 } else {
1952 result = 0;
1953 }
1954
1955 SigGroupCleanup(de_ctx);
1956 SigCleanSignatures(de_ctx);
1957
1958 DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1959 DetectEngineCtxFree(de_ctx);
1960 FlowShutdown();
1961
1962 SCFree(p);
1963 return result;
1964
1965end:
1966 if (de_ctx) {
1967 SigGroupCleanup(de_ctx);
1968 SigCleanSignatures(de_ctx);
1969 }
1970
1971 if (det_ctx)
1972 DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
1973 if (de_ctx)
1974 DetectEngineCtxFree(de_ctx);
1975
1976 FlowShutdown();
1977 SCFree(p);
1978
1979 return result;
1980}
1981
1982static int DetectIPProtoTestSig3(void)
1983{
1984 uint8_t raw_eth[] = {
1985 0x01, 0x00, 0x5e, 0x00, 0x00, 0x0d, 0x00, 0x26,
1986 0x88, 0x61, 0x3a, 0x80, 0x08, 0x00, 0x45, 0xc0,
1987 0x00, 0x36, 0xe4, 0xcd, 0x00, 0x00, 0x01, 0x67,
1988 0xc7, 0xab, 0xac, 0x1c, 0x7f, 0xfe, 0xe0, 0x00,
1989 0x00, 0x0d, 0x20, 0x00, 0x90, 0x20, 0x00, 0x01,
1990 0x00, 0x02, 0x00, 0x69, 0x00, 0x02, 0x00, 0x04,
1991 0x81, 0xf4, 0x07, 0xd0, 0x00, 0x13, 0x00, 0x04,
1992 0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,
1993 0x4a, 0xea, 0x7a, 0x8e,
1994 };
1995
1996 Packet *p = PacketGetFromAlloc();
1997 FAIL_IF_NULL(p);
1998
1999 DecodeThreadVars dtv;
2000 ThreadVars th_v;
2001 DetectEngineThreadCtx *det_ctx = NULL;
2002
2003 p->proto = 0;
2004 memset(&dtv, 0, sizeof(DecodeThreadVars));
2005 memset(&th_v, 0, sizeof(th_v));
2006
2007 FlowInitConfig(FLOW_QUIET);
2008 DecodeEthernet(&th_v, &dtv, p, raw_eth, sizeof(raw_eth));
2009
2010 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
2011 FAIL_IF(de_ctx == NULL);
2012 de_ctx->mpm_matcher = mpm_default_matcher;
2013 de_ctx->flags |= DE_QUIET;
2014
2015 Signature *s = DetectEngineAppendSig(de_ctx,
2016 "alert ip any any -> any any (msg:\"Check ipproto usage\"; "
2017 "ip_proto:103; sid:1;)");
2018 FAIL_IF_NULL(s);
2019
2020 SigGroupBuild(de_ctx);
2021 DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
2022
2023 SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
2024 FAIL_IF(!PacketAlertCheck(p, 1));
2025 DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
2026 DetectEngineCtxFree(de_ctx);
2027 FlowShutdown();
2028
2029 PacketFree(p);
2030 PASS;
2031}
2032
2033/**
2034 * \internal
2035 * \brief Register ip_proto tests.
2036 */
2037static void DetectIPProtoRegisterTests(void)
2038{
2039 UtRegisterTest("DetectIPProtoTestParse01", DetectIPProtoTestParse01);
2040 UtRegisterTest("DetectIPProtoTestParse02", DetectIPProtoTestParse02);
2041 UtRegisterTest("DetectIPProtoTestSetup01", DetectIPProtoTestSetup01);
2042 UtRegisterTest("DetectIPProtoTestSetup02", DetectIPProtoTestSetup02);
2043 UtRegisterTest("DetectIPProtoTestSetup03", DetectIPProtoTestSetup03);
2044 UtRegisterTest("DetectIPProtoTestSetup04", DetectIPProtoTestSetup04);
2045 UtRegisterTest("DetectIPProtoTestSetup05", DetectIPProtoTestSetup05);
2046 UtRegisterTest("DetectIPProtoTestSetup06", DetectIPProtoTestSetup06);
2047 UtRegisterTest("DetectIPProtoTestSetup07", DetectIPProtoTestSetup07);
2048 UtRegisterTest("DetectIPProtoTestSetup08", DetectIPProtoTestSetup08);
2049 UtRegisterTest("DetectIPProtoTestSetup09", DetectIPProtoTestSetup09);
2050 UtRegisterTest("DetectIPProtoTestSetup10", DetectIPProtoTestSetup10);
2051 UtRegisterTest("DetectIPProtoTestSetup11", DetectIPProtoTestSetup11);
2052 UtRegisterTest("DetectIPProtoTestSetup12", DetectIPProtoTestSetup12);
2053 UtRegisterTest("DetectIPProtoTestSetup13", DetectIPProtoTestSetup13);
2054 UtRegisterTest("DetectIPProtoTestSetup14", DetectIPProtoTestSetup14);
2055 UtRegisterTest("DetectIPProtoTestSetup15", DetectIPProtoTestSetup15);
2056 UtRegisterTest("DetectIPProtoTestSetup16", DetectIPProtoTestSetup16);
2057 UtRegisterTest("DetectIPProtoTestSetup17", DetectIPProtoTestSetup17);
2058 UtRegisterTest("DetectIPProtoTestSetup18", DetectIPProtoTestSetup18);
2059 UtRegisterTest("DetectIPProtoTestSetup19", DetectIPProtoTestSetup19);
2060 UtRegisterTest("DetectIPProtoTestSetup20", DetectIPProtoTestSetup20);
2061 UtRegisterTest("DetectIPProtoTestSetup21", DetectIPProtoTestSetup21);
2062 UtRegisterTest("DetectIPProtoTestSetup22", DetectIPProtoTestSetup22);
2063 UtRegisterTest("DetectIPProtoTestSetup23", DetectIPProtoTestSetup23);
2064 UtRegisterTest("DetectIPProtoTestSetup24", DetectIPProtoTestSetup24);
2065 UtRegisterTest("DetectIPProtoTestSetup33", DetectIPProtoTestSetup33);
2066 UtRegisterTest("DetectIPProtoTestSetup34", DetectIPProtoTestSetup34);
2067 UtRegisterTest("DetectIPProtoTestSetup36", DetectIPProtoTestSetup36);
2068 UtRegisterTest("DetectIPProtoTestSetup43", DetectIPProtoTestSetup43);
2069 UtRegisterTest("DetectIPProtoTestSetup44", DetectIPProtoTestSetup44);
2070 UtRegisterTest("DetectIPProtoTestSetup45", DetectIPProtoTestSetup45);
2071 UtRegisterTest("DetectIPProtoTestSetup56", DetectIPProtoTestSetup56);
2072 UtRegisterTest("DetectIPProtoTestSetup75", DetectIPProtoTestSetup75);
2073 UtRegisterTest("DetectIPProtoTestSetup76", DetectIPProtoTestSetup76);
2074 UtRegisterTest("DetectIPProtoTestSetup129", DetectIPProtoTestSetup129);
2075 UtRegisterTest("DetectIPProtoTestSetup130", DetectIPProtoTestSetup130);
2076 UtRegisterTest("DetectIPProtoTestSetup131", DetectIPProtoTestSetup131);
2077 UtRegisterTest("DetectIPProtoTestSetup132", DetectIPProtoTestSetup132);
2078 UtRegisterTest("DetectIPProtoTestSetup145", DetectIPProtoTestSetup145);
2079
2080 UtRegisterTest("DetectIPProtoTestSig1", DetectIPProtoTestSig1);
2081 UtRegisterTest("DetectIPProtoTestSig2", DetectIPProtoTestSig2);
2082 UtRegisterTest("DetectIPProtoTestSig3", DetectIPProtoTestSig3);
2083}
2084#endif /* UNITTESTS */
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition decode-ethernet.c:42
proto
uint8_t proto
Definition decode-template.h:0
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition detect-engine-alert.c:142
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition detect-engine-build.c:2204
SigCleanSignatures
void SigCleanSignatures(DetectEngineCtx *de_ctx)
Definition detect-engine-build.c:56
SigGroupCleanup
int SigGroupCleanup(DetectEngineCtx *de_ctx)
Definition detect-engine-build.c:2275
DETECT_PROTO_IPV6
#define DETECT_PROTO_IPV6
Definition detect-engine-proto.h:32
DETECT_PROTO_IPV4
#define DETECT_PROTO_IPV4
Definition detect-engine-proto.h:31
DETECT_PROTO_ANY
#define DETECT_PROTO_ANY
Definition detect-engine-proto.h:28
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
SigFree
void SigFree(DetectEngineCtx *, Signature *)
Definition detect-parse.c:2057
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
Definition detect-engine.c:3372
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
Definition detect-engine.c:3608
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition detect-ipproto.c:60
DetectIPProtoRemoveAllSMs
void DetectIPProtoRemoveAllSMs(DetectEngineCtx *de_ctx, Signature *s)
Definition detect-ipproto.c:430
PARSE_REGEX
#define PARSE_REGEX
Regex for parsing our options.
Definition detect-ipproto.c:50
DETECT_IPPROTO_OP_LT
#define DETECT_IPPROTO_OP_LT
Definition detect-ipproto.h:30
DETECT_IPPROTO_OP_GT
#define DETECT_IPPROTO_OP_GT
Definition detect-ipproto.h:31
DETECT_IPPROTO_OP_EQ
#define DETECT_IPPROTO_OP_EQ
Definition detect-ipproto.h:28
DETECT_IPPROTO_OP_NOT
#define DETECT_IPPROTO_OP_NOT
Definition detect-ipproto.h:29
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition detect-parse.c:3617
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
Definition detect-parse.c:3491
SigInit
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Definition detect-parse.c:3095
SCSigMatchAppendSMToList
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition detect-parse.c:388
SigAlloc
Signature * SigAlloc(void)
Definition detect-parse.c:1937
SigMatchRemoveSMFromList
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
Definition detect-parse.c:487
sigmatch_table
SigTableElmt * sigmatch_table
Definition detect-parse.c:79
SigMatchFree
void SigMatchFree(DetectEngineCtx *de_ctx, SigMatch *sm)
free a SigMatch
Definition detect-parse.c:288
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition detect.c:2420
SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
#define SIG_FLAG_INIT_FIRST_IPPROTO_SEEN
Definition detect.h:294
DE_QUIET
#define DE_QUIET
Definition detect.h:330
SIG_FLAG_REQUIRE_PACKET
#define SIG_FLAG_REQUIRE_PACKET
Definition detect.h:254
SIGMATCH_QUOTES_OPTIONAL
#define SIGMATCH_QUOTES_OPTIONAL
Definition detect.h:1664
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition detect.h:117
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition flow.c:547
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition flow.c:691
FLOW_QUIET
#define FLOW_QUIET
Definition flow.h:43
dtv
DecodeThreadVars * dtv
Definition fuzz_decodepcapfile.c:33
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition decode.c:258
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition decode.c:219
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition decode.h:963
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition detect.h:935
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
DetectEngineCtx_::sig_list
Signature * sig_list
Definition detect.h:941
DetectEngineThreadCtx_
Definition detect.h:1244
DetectIPProtoData_
Definition detect-ipproto.h:34
DetectIPProtoData_::op
uint8_t op
Definition detect-ipproto.h:35
DetectIPProtoData_::proto
uint8_t proto
Definition detect-ipproto.h:36
DetectProto_::proto
uint8_t proto[256/8]
Definition detect-engine-proto.h:36
DetectProto_::flags
uint8_t flags
Definition detect-engine-proto.h:37
Packet_
Definition decode.h:501
Packet_::proto
uint8_t proto
Definition decode.h:523
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition detect.h:351
SigMatch_
a single match condition for a signature
Definition detect.h:356
SigMatch_::type
uint16_t type
Definition detect.h:357
SigMatch_::next
struct SigMatch_ * next
Definition detect.h:360
SigMatch_::ctx
SigMatchCtx * ctx
Definition detect.h:359
SigTableElmt_::url
const char * url
Definition detect.h:1462
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition detect.h:1441
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition detect.h:1446
SigTableElmt_::flags
uint16_t flags
Definition detect.h:1450
SigTableElmt_::desc
const char * desc
Definition detect.h:1461
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition detect.h:1448
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition detect.h:1421
SigTableElmt_::name
const char * name
Definition detect.h:1459
SignatureInitData_::init_flags
uint32_t init_flags
Definition detect.h:608
SignatureInitData_::smlists
struct SigMatch_ * smlists[DETECT_SM_LIST_MAX]
Definition detect.h:642
Signature_
Signature container.
Definition detect.h:668
Signature_::flags
uint32_t flags
Definition detect.h:669
Signature_::init_data
SignatureInitData * init_data
Definition detect.h:747
Signature_::proto
DetectProto proto
Definition detect.h:687
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
StringParseUint8
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
Definition util-byte.c:361
StringParseInt32
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
Definition util-byte.c:622
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition util-debug.h:267
SCMalloc
#define SCMalloc(sz)
Definition util-mem.h:47
SCFree
#define SCFree(p)
Definition util-mem.h:61
mpm_default_matcher
uint8_t mpm_default_matcher
Definition util-mpm.c:48
unlikely
#define unlikely(expr)
Definition util-optimize.h:35
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition util-proto-name.c:466
UTHBuildPacket
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
Definition util-unittest-helper.c:365
UTHGenericTest
int UTHGenericTest(Packet **pkt, int numpkts, const char *sigs[], uint32_t sids[], uint32_t *results, int numsigs)
UTHGenericTest: function that perform a generic check taking care of as maximum common unittest eleme...
Definition util-unittest-helper.c:571
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition util-unittest-helper.c:473