filesize:<value>;
+Possible units are KB, MB and GB, without any unit the default is bytes.
+
Examples::
filesize:100; # exactly 100 bytes
filesize:100<>200; # greater than 100 and smaller than 200
- filesize:>100; # greater than 100
- filesize:<100; # smaller than 100
+ filesize:>100MB; # greater than 100 megabytes
+ filesize:<100MB; # smaller than 100 megabytes
**Note**: For files that are not completely tracked because of packet
loss or stream.depth being reached on the "greater than" is
#include "app-layer-htp.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
+#include "util-misc.h"
#include "detect.h"
#include "detect-parse.h"
/**
* \brief Regex for parsing our filesize
*/
-#define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,23})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,23}))?\\s*$"
+#define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2}))?\\s*$"
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
}
/** set the first value */
- if (ByteExtractStringUint64(&fsd->size1,10,strlen(arg2),arg2) <= 0){
- SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg2);
+ if (ParseSizeStringU64(arg2, &fsd->size1) < 0) {
+ SCLogError(SC_ERR_SIZE_PARSE, "Error parsing filesize value - %s", arg2);
goto error;
}
goto error;
}
- if(ByteExtractStringUint64(&fsd->size2,10,strlen(arg4),arg4) <= 0)
- {
- SCLogError(SC_ERR_INVALID_ARGUMENT,"Invalid size :\"%s\"",arg4);
+ if (ParseSizeStringU64(arg4, &fsd->size2) < 0) {
+ SCLogError(SC_ERR_SIZE_PARSE, "Error parsing filesize value - %s", arg4);
goto error;
}
projects / thirdparty / suricata.git / commitdiff
