/**
* \param pflags packet flags (p->flags)
* \param pflowflags packet flow flags (p->flowflags)
- * \param tflags detection flags (det_ctx->flags)
* \param dflags detect flow flags
* \param match_cnt number of matches to trigger
*/
-static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags, const uint16_t tflags,
- const uint16_t dflags, const uint16_t match_cnt)
+static inline int FlowMatch(const uint32_t pflags, const uint8_t pflowflags, const uint16_t dflags,
+ const uint16_t match_cnt)
{
uint8_t cnt = 0;
cnt++;
}
- if (tflags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH) {
- if (dflags & DETECT_FLOW_FLAG_ONLYSTREAM)
- cnt++;
- } else {
- if (dflags & DETECT_FLOW_FLAG_NOSTREAM)
- cnt++;
- }
-
return (match_cnt == cnt) ? 1 : 0;
}
const DetectFlowData *fd = (const DetectFlowData *)ctx;
- const int ret = FlowMatch(p->flags, p->flowflags, det_ctx->flags, fd->flags, fd->match_cnt);
+ const int ret = FlowMatch(p->flags, p->flowflags, fd->flags, fd->match_cnt);
SCLogDebug("returning %" PRId32 " fd->match_cnt %" PRId32 " fd->flags 0x%02X p->flowflags 0x%02X",
ret, fd->match_cnt, fd->flags, p->flowflags);
SCReturnInt(ret);
*
* \param de_ctx Pointer to the detection engine context
* \param flowstr Pointer to the user provided flow options
+ * \param[out] parse_flags keyword flags only used during parsing
*
* \retval fd pointer to DetectFlowData on success
* \retval NULL on failure
*/
-static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flowstr)
+static DetectFlowData *DetectFlowParse(
+ DetectEngineCtx *de_ctx, const char *flowstr, uint16_t *parse_flags)
{
DetectFlowData *fd = NULL;
char *args[3] = {NULL,NULL,NULL};
fd->flags = 0;
fd->match_cnt = 0;
- int i;
- for (i = 0; i < (ret - 1); i++) {
+ for (int i = 0; i < (ret - 1); i++) {
if (args[i]) {
/* inspect our options and set the flags */
if (strcasecmp(args[i], "established") == 0) {
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_ESTABLISHED;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "not_established") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
SCLogError("DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_NOT_ESTABLISHED;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "stateless") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
SCLogError("DETECT_FLOW_FLAG_STATELESS flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_STATELESS;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
SCLogError("cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_TOCLIENT;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){
if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
SCLogError("cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_TOSERVER;
- } else if (strcasecmp(args[i], "only_stream") == 0) {
- if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
- SCLogError("cannot set only_stream flag is already set");
- goto error;
- } else if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
- SCLogError(
- "cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
- goto error;
- }
- fd->flags |= DETECT_FLOW_FLAG_ONLYSTREAM;
- } else if (strcasecmp(args[i], "no_stream") == 0) {
- if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
- SCLogError("cannot set no_stream flag is already set");
- goto error;
- } else if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
- SCLogError(
- "cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
- goto error;
- }
- fd->flags |= DETECT_FLOW_FLAG_NOSTREAM;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "no_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) {
SCLogError("cannot set no_frag flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_NO_FRAG;
+ fd->match_cnt++;
} else if (strcasecmp(args[i], "only_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) {
SCLogError("cannot set only_frag flag is already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_ONLY_FRAG;
+ fd->match_cnt++;
+
+ /* special case: these only affect parsing, not matching */
+
+ } else if (strcasecmp(args[i], "only_stream") == 0) {
+ if (*parse_flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
+ SCLogError("cannot set only_stream flag is already set");
+ goto error;
+ } else if (*parse_flags & DETECT_FLOW_FLAG_NOSTREAM) {
+ SCLogError(
+ "cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
+ goto error;
+ }
+ *parse_flags |= DETECT_FLOW_FLAG_ONLYSTREAM;
+ } else if (strcasecmp(args[i], "no_stream") == 0) {
+ if (*parse_flags & DETECT_FLOW_FLAG_NOSTREAM) {
+ SCLogError("cannot set no_stream flag is already set");
+ goto error;
+ } else if (*parse_flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
+ SCLogError(
+ "cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
+ goto error;
+ }
+ *parse_flags |= DETECT_FLOW_FLAG_NOSTREAM;
} else {
SCLogError("invalid flow option \"%s\"", args[i]);
goto error;
}
-
- fd->match_cnt++;
- //printf("args[%" PRId32 "]: %s match_cnt: %" PRId32 " flags: 0x%02X\n", i, args[i], fd->match_cnt, fd->flags);
}
}
pcre2_match_data_free(match);
*/
int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
{
+ uint16_t parse_flags = 0;
+
/* ensure only one flow option */
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError("A signature may have only one flow option.");
return -1;
}
- DetectFlowData *fd = DetectFlowParse(de_ctx, flowstr);
+ DetectFlowData *fd = DetectFlowParse(de_ctx, flowstr, &parse_flags);
if (fd == NULL)
return -1;
s->flags |= SIG_FLAG_TOSERVER;
s->flags |= SIG_FLAG_TOCLIENT;
}
- if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
- s->flags |= SIG_FLAG_REQUIRE_STREAM;
- }
- if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
- s->flags |= SIG_FLAG_REQUIRE_PACKET;
- } else if (fd->flags == DETECT_FLOW_FLAG_TOSERVER ||
- fd->flags == DETECT_FLOW_FLAG_TOCLIENT)
- {
+ if (fd->flags == 0 || fd->flags == DETECT_FLOW_FLAG_TOSERVER ||
+ fd->flags == DETECT_FLOW_FLAG_TOCLIENT) {
/* no direct flow is needed for just direction,
* no sigmatch is needed either. */
SigMatchFree(de_ctx, sm);
if (sm != NULL) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
}
+
+ if (parse_flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
+ s->flags |= (SIG_FLAG_REQUIRE_STREAM | SIG_FLAG_REQUIRE_STREAM_ONLY);
+ }
+ if (parse_flags & DETECT_FLOW_FLAG_NOSTREAM) {
+ s->flags |= SIG_FLAG_REQUIRE_PACKET;
+ }
return 0;
error:
if (!PrefilterPacketHeaderExtraMatch(ctx, p))
return;
- if (FlowMatch(p->flags, p->flowflags, det_ctx->flags, ctx->v1.u16[0], ctx->v1.u16[1])) {
+ if (FlowMatch(p->flags, p->flowflags, ctx->v1.u16[0], ctx->v1.u16[1])) {
PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
}
}
*/
static int DetectFlowTestParse01 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "established");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "established", &parsed_flags);
FAIL_IF_NULL(fd);
+ FAIL_IF_NOT(parsed_flags == 0);
DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParse02 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "established");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "established", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_ESTABLISHED &&
fd->match_cnt == 1);
*/
static int DetectFlowTestParse03 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "stateless");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "stateless", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse04 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "to_client");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "to_client", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse05 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "to_server");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "to_server", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse06 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_server", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse07 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_client");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_client", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse08 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "established,to_client");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "established,to_client", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 2);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParse09 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "to_client,stateless");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "to_client,stateless", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParse10 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server,stateless");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_server,stateless", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParse11 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, " from_server , stateless ");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, " from_server , stateless ", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParseNocase01 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "ESTABLISHED");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "ESTABLISHED", &parsed_flags);
FAIL_IF_NULL(fd);
DetectFlowFree(NULL, fd);
PASS;
*/
static int DetectFlowTestParseNocase02 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "ESTABLISHED");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "ESTABLISHED", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_ESTABLISHED &&
fd->match_cnt == 1);
*/
static int DetectFlowTestParseNocase03 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "STATELESS");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "STATELESS", &parsed_flags);
FAIL_IF_NULL(fd);
- FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1); DetectFlowFree(NULL, fd);
+ FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1);
+ DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParseNocase04 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "TO_CLIENT");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "TO_CLIENT", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNocase05 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "TO_SERVER");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "TO_SERVER", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNocase06 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "FROM_SERVER");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "FROM_SERVER", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOCLIENT && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNocase07 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "FROM_CLIENT");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "FROM_CLIENT", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_TOSERVER && fd->match_cnt == 1);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNocase08 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "ESTABLISHED,TO_CLIENT");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "ESTABLISHED,TO_CLIENT", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParseNocase09 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "TO_CLIENT,STATELESS");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "TO_CLIENT,STATELESS", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParseNocase10 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "FROM_SERVER,STATELESS");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "FROM_SERVER,STATELESS", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParseNocase11 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, " FROM_SERVER , STATELESS ");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, " FROM_SERVER , STATELESS ", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_STATELESS &&
fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
*/
static int DetectFlowTestParse12 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server:stateless");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_server:stateless", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse13 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "invalidoptiontest");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "invalidoptiontest", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse14 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse15 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "established,stateless");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "established,stateless", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse16 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "to_client,to_server");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "to_client,to_server", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse17 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "to_client,from_server");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "to_client,from_server", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse18 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server,established,only_stream");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd =
+ DetectFlowParse(NULL, "from_server,established,only_stream", &parsed_flags);
FAIL_IF_NULL(fd);
- FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
- fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
- fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM &&
- fd->match_cnt == 3);
+ FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT);
+ FAIL_IF_NOT(parsed_flags == DETECT_FLOW_FLAG_ONLYSTREAM);
+ FAIL_IF_NOT(fd->match_cnt == 2);
DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParseNocase18 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "FROM_SERVER,ESTABLISHED,ONLY_STREAM");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd =
+ DetectFlowParse(NULL, "FROM_SERVER,ESTABLISHED,ONLY_STREAM", &parsed_flags);
FAIL_IF_NULL(fd);
- FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
- fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
- fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM &&
- fd->match_cnt == 3);
+ FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT);
+ FAIL_IF_NOT(parsed_flags == DETECT_FLOW_FLAG_ONLYSTREAM);
+ FAIL_IF_NOT(fd->match_cnt == 2);
DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParse19 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server,established,only_stream,a");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd =
+ DetectFlowParse(NULL, "from_server,established,only_stream,a", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse20 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server,established,no_stream");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_server,established,no_stream", &parsed_flags);
FAIL_IF_NULL(fd);
- FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
- fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
- fd->flags & DETECT_FLOW_FLAG_NOSTREAM &&
- fd->match_cnt == 3);
+ FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT);
+ FAIL_IF_NOT(parsed_flags == DETECT_FLOW_FLAG_NOSTREAM);
+ FAIL_IF_NOT(fd->match_cnt == 2);
DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParseNocase20 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "FROM_SERVER,ESTABLISHED,NO_STREAM");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "FROM_SERVER,ESTABLISHED,NO_STREAM", &parsed_flags);
FAIL_IF_NULL(fd);
- FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED &&
- fd->flags & DETECT_FLOW_FLAG_TOCLIENT &&
- fd->flags & DETECT_FLOW_FLAG_NOSTREAM &&
- fd->match_cnt == 3);
+ FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ESTABLISHED && fd->flags & DETECT_FLOW_FLAG_TOCLIENT);
+ FAIL_IF_NOT(parsed_flags == DETECT_FLOW_FLAG_NOSTREAM);
+ FAIL_IF_NOT(fd->match_cnt == 2);
DetectFlowFree(NULL, fd);
PASS;
}
*/
static int DetectFlowTestParse21 (void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "from_server,a,no_stream");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "from_server,a,no_stream", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParse22(void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "established,not_established");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "established,not_established", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
- fd = DetectFlowParse(NULL, "not_established,established");
+ fd = DetectFlowParse(NULL, "not_established,established", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestParseNotEstablished(void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "not_established");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "not_established", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNoFrag(void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "no_frag");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "no_frag", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_NO_FRAG);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseOnlyFrag(void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "only_frag");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "only_frag", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG);
DetectFlowFree(NULL, fd);
*/
static int DetectFlowTestParseNoFragOnlyFrag(void)
{
- DetectFlowData *fd = NULL;
- fd = DetectFlowParse(NULL, "no_frag,only_frag");
+ uint16_t parsed_flags = 0;
+ DetectFlowData *fd = DetectFlowParse(NULL, "no_frag,only_frag", &parsed_flags);
FAIL_IF_NOT_NULL(fd);
PASS;
}
*/
static int DetectFlowTestNoFragMatch(void)
{
+ uint16_t parsed_flags = 0;
uint32_t pflags = 0;
- DetectFlowData *fd = DetectFlowParse(NULL, "no_frag");
+ DetectFlowData *fd = DetectFlowParse(NULL, "no_frag", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_NO_FRAG);
FAIL_IF_NOT(fd->match_cnt == 1);
- FAIL_IF_NOT(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
+ FAIL_IF_NOT(FlowMatch(pflags, 0, fd->flags, fd->match_cnt));
pflags |= PKT_REBUILT_FRAGMENT;
- FAIL_IF(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
+ FAIL_IF(FlowMatch(pflags, 0, fd->flags, fd->match_cnt));
PASS;
}
*/
static int DetectFlowTestOnlyFragMatch(void)
{
+ uint16_t parsed_flags = 0;
uint32_t pflags = 0;
- DetectFlowData *fd = DetectFlowParse(NULL, "only_frag");
+ DetectFlowData *fd = DetectFlowParse(NULL, "only_frag", &parsed_flags);
FAIL_IF_NULL(fd);
FAIL_IF_NOT(fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG);
FAIL_IF_NOT(fd->match_cnt == 1);
- FAIL_IF(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
+ FAIL_IF(FlowMatch(pflags, 0, fd->flags, fd->match_cnt));
pflags |= PKT_REBUILT_FRAGMENT;
- FAIL_IF_NOT(FlowMatch(pflags, 0, 0, fd->flags, fd->match_cnt));
+ FAIL_IF_NOT(FlowMatch(pflags, 0, fd->flags, fd->match_cnt));
PASS;
}
projects / thirdparty / suricata.git / commitdiff
