Bug #10 » 0001-Flags-Issue.patch
| src/detect-flags.c | ||
|---|---|---|
|
/**
|
||
|
* Regex (by Brian Rectanus)
|
||
|
* flags: [!+*](SAPRFU120)[,SAPRFU120]
|
||
|
* flags: [!+*](SAPRFU120)[,SAPRFU12]
|
||
|
*/
|
||
|
#define PARSE_REGEX "^\\s*(?:([\\+\\*!]))?\\s*([SAPRFU120]+)(?:\\s*,\\s*([SAPRFU120]+))?\\s*$"
|
||
|
#define PARSE_REGEX "^\\s*(?:([\\+\\*!]))?\\s*([SAPRFU120]+)(?:\\s*,\\s*([SAPRFU12]+))?\\s*$"
|
||
|
/**
|
||
|
* Flags args[0] *(3) +(2) !(1)
|
||
| ... | ... | |
|
flags = p->tcph->th_flags;
|
||
|
if(!de->flags && flags) {
|
||
|
if(de->modifier == 1)
|
||
|
return 1;
|
||
|
return ret;
|
||
|
}
|
||
|
flags &= (de->flags & de->ignored_flags);
|
||
|
switch(de->modifier) {
|
||
| ... | ... | |
|
case '0':
|
||
|
de->flags = 0;
|
||
|
found++;
|
||
|
return de;
|
||
|
default:
|
||
|
found = 0;
|
||
|
break;
|
||
|
}
|
||
|
ptr++;
|
||
| ... | ... | |
|
case '0':
|
||
|
break;
|
||
|
default:
|
||
|
ignore = 0;
|
||
|
break;
|
||
|
}
|
||
|
ptr++;
|
||
| ... | ... | |
|
for (i = 0; i < (ret - 1); i++){
|
||
|
if (args[i] != NULL) free(args[i]);
|
||
|
}
|
||
|
return de;
|
||
|
error:
|
||
| ... | ... | |
|
if (sm) free(sm);
|
||
|
return 0;
|
||
|
}
|
||
|
/**
|
||
|
* \test FlagsTestParse12 check if no flags are set. Must fails.
|
||
|
*
|
||
|
* \retval 1 on succces
|
||
|
* \retval 0 on failure
|
||
|
*/
|
||
|
static int FlagsTestParse12 (void) {
|
||
|
Packet p;
|
||
|
ThreadVars tv;
|
||
|
int ret = 0;
|
||
|
DetectFlagsData *de = NULL;
|
||
|
SigMatch *sm = NULL;
|
||
|
IPV4Hdr ipv4h;
|
||
|
TCPHdr tcph;
|
||
|
memset(&tv, 0, sizeof(ThreadVars));
|
||
|
memset(&p, 0, sizeof(Packet));
|
||
|
memset(&ipv4h, 0, sizeof(IPV4Hdr));
|
||
|
memset(&tcph, 0, sizeof(TCPHdr));
|
||
|
p.ip4h = &ipv4h;
|
||
|
p.tcph = &tcph;
|
||
|
p.tcph->th_flags = TH_SYN;
|
||
|
de = DetectFlagsParse("0");
|
||
|
if (de == NULL || de->flags != 0)
|
||
|
goto error;
|
||
|
sm = SigMatchAlloc();
|
||
|
if (sm == NULL)
|
||
|
goto error;
|
||
|
sm->type = DETECT_FLAGS;
|
||
|
sm->ctx = (void *)de;
|
||
|
ret = DetectFlagsMatch(&tv,NULL,&p,NULL,sm);
|
||
|
if(ret) {
|
||
|
if (de) free(de);
|
||
|
if (sm) free(sm);
|
||
|
return 1;
|
||
|
}
|
||
|
error:
|
||
|
if (de) free(de);
|
||
|
if (sm) free(sm);
|
||
|
return 0;
|
||
|
}
|
||
|
#endif /* UNITTESTS */
|
||
|
/**
|
||
| ... | ... | |
|
UtRegisterTest("FlagsTestParse09", FlagsTestParse09, 1);
|
||
|
UtRegisterTest("FlagsTestParse10", FlagsTestParse10, 1);
|
||
|
UtRegisterTest("FlagsTestParse11", FlagsTestParse11, 0);
|
||
|
UtRegisterTest("FlagsTestParse12", FlagsTestParse12, 0);
|
||
|
#endif /* UNITTESTS */
|
||
|
}
|
||
- « Previous
- 1
- 2
- Next »