}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "three", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_OFFSET_VAR |
- DETECT_CONTENT_OFFSET) ||
- cd->offset != bed->local_id) {
+ cd->flags != (DETECT_CONTENT_OFFSET_VAR | DETECT_CONTENT_OFFSET | DETECT_CONTENT_MPM) ||
+ cd->offset != bed->local_id) {
printf("three failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_OFFSET_VAR |
- DETECT_CONTENT_OFFSET) ||
- cd->offset != bed1->local_id) {
+ cd->flags != (DETECT_CONTENT_OFFSET_VAR | DETECT_CONTENT_OFFSET | DETECT_CONTENT_MPM) ||
+ cd->offset != bed1->local_id) {
printf("four failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "three", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_DEPTH_VAR |
- DETECT_CONTENT_DEPTH) ||
- cd->depth != bed->local_id ||
- cd->offset != 0) {
+ cd->flags != (DETECT_CONTENT_DEPTH_VAR | DETECT_CONTENT_DEPTH | DETECT_CONTENT_MPM) ||
+ cd->depth != bed->local_id || cd->offset != 0) {
printf("three failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_DEPTH_VAR |
- DETECT_CONTENT_DEPTH) ||
- cd->depth != bed1->local_id) {
+ cd->flags != (DETECT_CONTENT_DEPTH_VAR | DETECT_CONTENT_DEPTH | DETECT_CONTENT_MPM) ||
+ cd->depth != bed1->local_id) {
printf("four failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "three", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_DISTANCE_VAR |
- DETECT_CONTENT_DISTANCE) ||
- cd->distance != bed->local_id ||
- cd->offset != 0 ||
- cd->depth != 0) {
+ cd->flags !=
+ (DETECT_CONTENT_DISTANCE_VAR | DETECT_CONTENT_DISTANCE | DETECT_CONTENT_MPM) ||
+ cd->distance != bed->local_id || cd->offset != 0 || cd->depth != 0) {
printf("three failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_DISTANCE_VAR |
- DETECT_CONTENT_DISTANCE |
- DETECT_CONTENT_DISTANCE_NEXT) ||
- cd->distance != bed1->local_id ||
- cd->depth != 0 ||
- cd->offset != 0) {
+ cd->flags != (DETECT_CONTENT_DISTANCE_VAR | DETECT_CONTENT_DISTANCE |
+ DETECT_CONTENT_DISTANCE_NEXT | DETECT_CONTENT_MPM) ||
+ cd->distance != bed1->local_id || cd->depth != 0 || cd->offset != 0) {
printf("four failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "three", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_WITHIN_VAR |
- DETECT_CONTENT_WITHIN) ||
- cd->within != bed->local_id ||
- cd->offset != 0 ||
- cd->depth != 0 ||
- cd->distance != 0) {
+ cd->flags != (DETECT_CONTENT_WITHIN_VAR | DETECT_CONTENT_WITHIN | DETECT_CONTENT_MPM) ||
+ cd->within != bed->local_id || cd->offset != 0 || cd->depth != 0 || cd->distance != 0) {
printf("three failed\n");
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_WITHIN_VAR |
- DETECT_CONTENT_WITHIN|
- DETECT_CONTENT_WITHIN_NEXT) ||
- cd->within != bed1->local_id ||
- cd->depth != 0 ||
- cd->offset != 0 ||
- cd->distance != 0) {
+ cd->flags != (DETECT_CONTENT_WITHIN_VAR | DETECT_CONTENT_WITHIN |
+ DETECT_CONTENT_WITHIN_NEXT | DETECT_CONTENT_MPM) ||
+ cd->within != bed1->local_id || cd->depth != 0 || cd->offset != 0 ||
+ cd->distance != 0) {
printf("four failed\n");
result = 0;
goto end;
SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
FAIL_IF(sm->type != DETECT_CONTENT);
DetectContentData *cd = (DetectContentData *)sm->ctx;
- FAIL_IF(cd->flags != 0);
+ FAIL_IF(cd->flags != (DETECT_CONTENT_MPM | DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED));
sm = sm->next;
FAIL_IF_NULL(sm);
goto end;
}
bjd = (DetectBytejumpData *)sm->ctx;
- if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 1) {
- printf("four failed\n");
- result = 0;
- goto end;
- }
+ FAIL_IF(bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR);
+ FAIL_IF(bjd->offset != 1);
if (sm->next != NULL)
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
- cd->flags != (DETECT_CONTENT_DISTANCE_VAR |
- DETECT_CONTENT_WITHIN_VAR |
- DETECT_CONTENT_DISTANCE |
- DETECT_CONTENT_WITHIN) ||
- cd->within != bed1->local_id ||
- cd->distance != bed2->local_id) {
+ cd->flags !=
+ (DETECT_CONTENT_DISTANCE_VAR | DETECT_CONTENT_WITHIN_VAR |
+ DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN | DETECT_CONTENT_MPM) ||
+ cd->within != bed1->local_id || cd->distance != bed2->local_id) {
printf("four failed: ");
goto end;
}
goto end;
}
cd = (DetectContentData *)sm->ctx;
- if (cd->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- strncmp((char *)cd->content, "three", cd->content_len) != 0) {
+ if (cd->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_MPM) ||
+ strncmp((char *)cd->content, "three", cd->content_len) != 0) {
printf("one failed\n");
result = 0;
goto end;
goto end;
}
cd = (DetectContentData *)sm->ctx;
- if (cd->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- strncmp((char *)cd->content, "three", cd->content_len) != 0) {
+ if (cd->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_MPM) ||
+ strncmp((char *)cd->content, "three", cd->content_len) != 0) {
printf("one failed\n");
result = 0;
goto end;
}
s->init_data->negated = false;
+ const enum DetectKeywordId idx = SigTableGetIndex(st);
+ s->init_data->has_possible_prefilter |= de_ctx->sm_types_prefilter[idx];
+
if (st->flags & SIGMATCH_INFO_DEPRECATED) {
#define URL "https://suricata.io/our-story/deprecation-policy/"
if (st->alternative == 0)
/* handle 'silent' error case */
if (setup_ret == -2) {
- enum DetectKeywordId idx = SigTableGetIndex(st);
if (de_ctx->sm_types_silent_error[idx] == false) {
de_ctx->sm_types_silent_error[idx] = true;
return -1;
return out;
}
+extern int g_skip_prefilter;
+
+static void SigSetupPrefilter(DetectEngineCtx *de_ctx, Signature *s)
+{
+ SCEnter();
+ if (s->init_data->prefilter_sm != NULL || s->init_data->mpm_sm != NULL) {
+ SCReturn;
+ }
+
+ SCLogDebug("s %u: set up prefilter/mpm", s->id);
+ RetrieveFPForSig(de_ctx, s);
+ if (s->init_data->mpm_sm != NULL) {
+ s->flags |= SIG_FLAG_PREFILTER;
+ SCReturn;
+ }
+
+ SCLogDebug("s %u: no mpm; prefilter? de_ctx->prefilter_setting %u "
+ "s->init_data->has_possible_prefilter %s",
+ s->id, de_ctx->prefilter_setting, BOOL2STR(s->init_data->has_possible_prefilter));
+
+ if (!s->init_data->has_possible_prefilter)
+ SCReturn;
+
+ if (!g_skip_prefilter && de_ctx->prefilter_setting == DETECT_PREFILTER_AUTO &&
+ !(s->flags & SIG_FLAG_PREFILTER)) {
+ int prefilter_list = DETECT_TBLSIZE;
+ /* get the keyword supporting prefilter with the lowest type */
+ for (int i = 0; i < DETECT_SM_LIST_MAX; i++) {
+ for (SigMatch *sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) {
+ if (sigmatch_table[sm->type].SupportsPrefilter != NULL) {
+ if (sigmatch_table[sm->type].SupportsPrefilter(s)) {
+ prefilter_list = MIN(prefilter_list, sm->type);
+ }
+ }
+ }
+ }
+
+ /* apply that keyword as prefilter */
+ if (prefilter_list != DETECT_TBLSIZE) {
+ for (int i = 0; i < DETECT_SM_LIST_MAX; i++) {
+ for (SigMatch *sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) {
+ if (sm->type == prefilter_list) {
+ s->init_data->prefilter_sm = sm;
+ s->flags |= SIG_FLAG_PREFILTER;
+ SCLogConfig("sid %u: prefilter is on \"%s\"", s->id,
+ sigmatch_table[sm->type].name);
+ break;
+ }
+ }
+ }
+ }
+ }
+ SCReturn;
+}
+
/**
* \internal
* \brief validate a just parsed signature for internal inconsistencies
DetectEngineBufferRunSetupCallback(de_ctx, sig->init_data->buffers[x].id, sig);
}
+ SigSetupPrefilter(de_ctx, sig);
+
/* validate signature, SigValidate will report the error reason */
if (SigValidate(de_ctx, sig) == 0) {
goto error;
FAIL_IF(memcmp(cd2->content, "four", cd2->content_len) != 0);
FAIL_IF(hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF(memcmp(hcbd1->content, "two", hcbd1->content_len) != 0);
- FAIL_IF(hcbd2->flags != DETECT_CONTENT_DISTANCE);
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_MPM));
FAIL_IF(memcmp(hcbd2->content, "three", hcbd1->content_len) != 0);
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd1));
FAIL_IF(memcmp(cd2->content, "four", cd2->content_len) != 0);
FAIL_IF(hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF(memcmp(hcbd1->content, "one", hcbd1->content_len) != 0);
- FAIL_IF(hcbd2->flags != DETECT_CONTENT_DISTANCE);
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_MPM));
FAIL_IF(memcmp(hcbd2->content, "three", hcbd1->content_len) != 0);
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(hcbd1));
static int DetectHttpClientBodyTest24(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- if ( (de_ctx = DetectEngineCtxInit()) == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; http_client_body; pcre:/two/; "
"content:\"three\"; distance:10; within:15; "
"http_client_body; content:\"four\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("de_ctx->sig_list == NULL\n");
- goto end;
- }
-
- if (de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) {
- printf("de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
- goto end;
- }
+ FAIL_IF_NULL(s);
- if (DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL) {
- printf("DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
- goto end;
- }
+ FAIL_IF_NULL(de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH]);
+ FAIL_IF_NULL(DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id));
DetectPcreData *pd1 =
(DetectPcreData *)de_ctx->sig_list->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != 0 ||
- cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
- hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
- memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
- goto end;
- }
-
- if (!DETECT_CONTENT_IS_SINGLE(cd2) ||
- DETECT_CONTENT_IS_SINGLE(hcbd1) ||
- DETECT_CONTENT_IS_SINGLE(hcbd2)) {
- goto end;
- }
+ FAIL_IF(pd1->flags != 0);
+ FAIL_IF(cd2->flags != 0);
+ FAIL_IF(memcmp(cd2->content, "four", cd2->content_len) != 0);
+ FAIL_IF(hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT);
+ FAIL_IF(memcmp(hcbd1->content, "one", hcbd1->content_len) != 0);
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd2->content, "three", hcbd1->content_len) != 0);
- result = 1;
+ FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd2));
+ FAIL_IF(DETECT_CONTENT_IS_SINGLE(hcbd1));
+ FAIL_IF(DETECT_CONTENT_IS_SINGLE(hcbd2));
- end:
DetectEngineCtxFree(de_ctx);
- return result;
+ PASS;
}
static int DetectHttpClientBodyTest25(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- if ( (de_ctx = DetectEngineCtxInit()) == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; http_client_body; pcre:/two/; "
"content:\"three\"; distance:10; http_client_body; "
"content:\"four\"; distance:10; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("de_ctx->sig_list == NULL\n");
- goto end;
- }
-
- if (de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) {
- printf("de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
- goto end;
- }
-
- if (DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL) {
- printf("DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
- goto end;
- }
+ FAIL_IF_NULL(s);
+ FAIL_IF_NULL(s->init_data->smlists[DETECT_SM_LIST_PMATCH]);
+ FAIL_IF_NULL(DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id));
DetectPcreData *pd1 =
(DetectPcreData *)de_ctx->sig_list->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != DETECT_PCRE_RELATIVE_NEXT ||
- cd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(cd2->content, "four", cd2->content_len) != 0 ||
- hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
- goto end;
- }
-
- if (DETECT_CONTENT_IS_SINGLE(cd2) ||
- DETECT_CONTENT_IS_SINGLE(hcbd1) ||
- DETECT_CONTENT_IS_SINGLE(hcbd2)) {
- goto end;
- }
+ FAIL_IF(pd1->flags != DETECT_PCRE_RELATIVE_NEXT);
+ FAIL_IF(cd2->flags != DETECT_CONTENT_DISTANCE);
+ FAIL_IF(memcmp(cd2->content, "four", cd2->content_len) != 0);
+ FAIL_IF(hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT);
+ FAIL_IF(memcmp(hcbd1->content, "one", hcbd1->content_len) != 0);
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd2->content, "three", hcbd1->content_len) != 0);
- result = 1;
+ FAIL_IF(DETECT_CONTENT_IS_SINGLE(cd2));
+ FAIL_IF(DETECT_CONTENT_IS_SINGLE(hcbd1));
+ FAIL_IF(DETECT_CONTENT_IS_SINGLE(hcbd2));
- end:
DetectEngineCtxFree(de_ctx);
- return result;
+ PASS;
}
static int DetectHttpClientBodyTest26(void)
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
- cd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(cd2->content, "four", cd2->content_len) != 0 ||
- hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
- memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
+ if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) || cd2->flags != DETECT_CONTENT_DISTANCE ||
+ memcmp(cd2->content, "four", cd2->content_len) != 0 ||
+ hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) ||
+ memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
+ hcbd2->flags !=
+ (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN | DETECT_CONTENT_MPM) ||
+ memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
printf ("failed: http_client_body incorrect flags");
goto end;
}
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
- cd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(cd2->content, "four", cd2->content_len) != 0 ||
- hcbd1->flags != 0 ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != DETECT_CONTENT_DEPTH ||
- memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
+ if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) || cd2->flags != DETECT_CONTENT_DISTANCE ||
+ memcmp(cd2->content, "four", cd2->content_len) != 0 || hcbd1->flags != 0 ||
+ memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
+ hcbd2->flags != (DETECT_CONTENT_DEPTH | DETECT_CONTENT_MPM) ||
+ memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
goto end;
}
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(hcbd2->content, "two", hcbd1->content_len) != 0) {
- goto end;
- }
+ FAIL_IF(hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd1->content, "one", hcbd1->content_len) != 0);
+ FAIL_IF(hcbd2->flags != DETECT_CONTENT_DISTANCE);
+ FAIL_IF(memcmp(hcbd2->content, "two", hcbd1->content_len) != 0);
result = 1;
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
- hcbd2->flags != DETECT_CONTENT_WITHIN ||
- memcmp(hcbd2->content, "two", hcbd1->content_len) != 0) {
- goto end;
- }
+ FAIL_IF(hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd1->content, "one", hcbd1->content_len) != 0);
+ FAIL_IF(hcbd2->flags != DETECT_CONTENT_WITHIN);
+ FAIL_IF(memcmp(hcbd2->content, "two", hcbd1->content_len) != 0);
result = 1;
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
- hcbd2->flags != DETECT_CONTENT_WITHIN ||
- memcmp(hcbd2->content, "two", hcbd2->content_len) != 0) {
- goto end;
- }
+ FAIL_IF(pd1->flags != (DETECT_PCRE_RELATIVE_NEXT));
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_WITHIN | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd2->content, "two", hcbd2->content_len) != 0);
result = 1;
->prev->ctx;
DetectPcreData *pd2 =
(DetectPcreData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd2->flags != (DETECT_PCRE_RELATIVE) ||
- hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
- memcmp(hcbd1->content, "two", hcbd1->content_len) != 0) {
- goto end;
- }
+ FAIL_IF(pd2->flags != (DETECT_PCRE_RELATIVE));
+ FAIL_IF(hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd1->content, "two", hcbd1->content_len) != 0);
result = 1;
->prev->ctx;
DetectContentData *hcbd2 =
(DetectContentData *)DetectBufferGetLastSigMatch(s, g_http_client_body_buffer_id)->ctx;
- if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
- hcbd2->flags != DETECT_CONTENT_DISTANCE ||
- memcmp(hcbd2->content, "two", hcbd2->content_len) != 0) {
- goto end;
- }
+ FAIL_IF(pd1->flags != (DETECT_PCRE_RELATIVE_NEXT));
+ FAIL_IF(hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_MPM));
+ FAIL_IF(memcmp(hcbd2->content, "two", hcbd2->content_len) != 0);
result = 1;
projects / thirdparty / suricata.git / commitdiff
