end:
return result;
}
+
+/**
+ * \test signature parsing with tcp-pkt and tcp-stream
+ */
+
+static int DetectProtoTestSig02(void) {
+ Signature *s = NULL;
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
+ de_ctx->flags |= DE_QUIET;
+
+ s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp-pkt any any -> any any "
+ "(msg:\"tcp-pkt\"; content:\"blah\"; sid:1;)");
+ if (s == NULL) {
+ printf("tcp-pkt sig parsing failed: ");
+ goto end;
+ }
+
+ s = s->next = SigInit(de_ctx,"alert tcp-stream any any -> any any "
+ "(msg:\"tcp-stream\"; content:\"blah\"; sid:2;)");
+ if (s == NULL) {
+ printf("tcp-pkt sig parsing failed: ");
+ goto end;
+ }
+
+ result = 1;
+
+end:
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
+ return result;
+}
#endif /* UNITTESTS */
/**
UtRegisterTest("ProtoTestParse07", ProtoTestParse07, 1);
UtRegisterTest("DetectProtoTestSetup01", DetectProtoTestSetup01, 1);
UtRegisterTest("DetectProtoTestSig01", DetectProtoTestSig01, 1);
+ UtRegisterTest("DetectProtoTestSig02", DetectProtoTestSig02, 1);
#endif /* UNITTESTS */
}
#define CONFIG_OPTS 7
// action protocol src sp dir dst dp options
-#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9]+)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+)\\s+([\\:A-z0-9_\\$\\!,]+)\\s+(-\\>|\\<\\>|\\<\\-)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,/]+)\\s+([\\:A-z0-9_\\$\\!,]+)(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?\\s*$"
+#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9\\-]+)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+)\\s+([\\:A-z0-9_\\$\\!,]+)\\s+(-\\>|\\<\\>|\\<\\-)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,/]+)\\s+([\\:A-z0-9_\\$\\!,]+)(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?\\s*$"
#define OPTION_PARTS 3
#define OPTION_PCRE "^\\s*([A-z_0-9-\\.]+)(?:\\s*\\:\\s*(.*)(?<!\\\\))?\\s*;\\s*(?:\\s*(.*))?\\s*$"
projects / thirdparty / suricata.git / commitdiff
