aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: byte-test convert neg_op flag to a bool

Browse Source 
Only 8 flags are permitted so convert one of them to a struct member. I
choose neg_op
pull/4717/head
Jeff Lucovsky 6 years ago
parent 313c23a26b
commit e0bd79670c
2 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File

31
src/detect-bytetest.c
Unescape Escape View File

@ -151,7 +151,7 @@ int DetectBytetestDoMatch(DetectEngineThreadCtx *det_ctx,
SCReturnInt(0);
}
neg = flags & DETECT_BYTETEST_NEGOP;
neg = data->neg_op;
/* Extract the byte data */
if (flags & DETECT_BYTETEST_STRING) {
@ -699,7 +699,7 @@ static int DetectBytetestTestParse02(void)
&& (data->nbytes == 4)
&& (data->value == 1)
&& (data->offset == 0)
&& (data->flags == DETECT_BYTETEST_NEGOP)
&& (data->neg_op)
&& (data->base == DETECT_BYTETEST_BASE_UNSET))
{
result = 1;
@ -723,8 +723,8 @@ static int DetectBytetestTestParse03(void)
&& (data->nbytes == 4)
&& (data->value == 1)
&& (data->offset == 0)
&& (data->flags == ( DETECT_BYTETEST_NEGOP
|DETECT_BYTETEST_RELATIVE))
&& (data->neg_op)
&& (data->flags == DETECT_BYTETEST_RELATIVE)
&& (data->base == DETECT_BYTETEST_BASE_UNSET))
{
result = 1;
@ -748,8 +748,8 @@ static int DetectBytetestTestParse04(void)
&& (data->nbytes == 4)
&& (data->value == 1)
&& (data->offset == 0)
&& (data->flags == ( DETECT_BYTETEST_NEGOP
|DETECT_BYTETEST_STRING))
&& (data->neg_op)
&& (data->flags == DETECT_BYTETEST_STRING)
&& (data->base == DETECT_BYTETEST_BASE_OCT))
{
result = 1;
@ -821,7 +821,7 @@ static int DetectBytetestTestParse07(void)
&& (data->nbytes == 4)
&& (data->value == 5)
&& (data->offset == 0)
&& (data->flags == 4)
&& (data->flags & DETECT_BYTETEST_BIG)
&& (data->base == DETECT_BYTETEST_BASE_UNSET))
{
result = 1;
@ -869,7 +869,7 @@ static int DetectBytetestTestParse09(void)
&& (data->nbytes == 4)
&& (data->value == 5)
&& (data->offset == 0)
&& (data->flags == DETECT_BYTETEST_NEGOP)
&& (data->neg_op)
&& (data->base == DETECT_BYTETEST_BASE_UNSET))
{
result = 1;
@ -893,7 +893,8 @@ static int DetectBytetestTestParse10(void)
&& (data->nbytes == 4)
&& (data->value == 5)
&& (data->offset == 0)
&& (data->flags == (DETECT_BYTETEST_NEGOP|DETECT_BYTETEST_LITTLE))
&& (data->neg_op)
&& (data->flags == DETECT_BYTETEST_LITTLE)
&& (data->base == DETECT_BYTETEST_BASE_UNSET))
{
result = 1;
@ -917,8 +918,8 @@ static int DetectBytetestTestParse11(void)
&& (data->nbytes == 4)
&& (data->value == 5)
&& (data->offset == 0)
&& (data->flags == ( DETECT_BYTETEST_NEGOP
|DETECT_BYTETEST_LITTLE
&& (data->neg_op)
&& (data->flags == (DETECT_BYTETEST_LITTLE
|DETECT_BYTETEST_STRING
|DETECT_BYTETEST_RELATIVE))
&& (data->base == DETECT_BYTETEST_BASE_HEX))
@ -1124,7 +1125,7 @@ static int DetectBytetestTestParse20(void)
(bd->flags & DETECT_BYTETEST_STRING) &&
(bd->flags & DETECT_BYTETEST_BIG) &&
(bd->flags & DETECT_BYTETEST_LITTLE) &&
(bd->flags & DETECT_BYTETEST_NEGOP) ) {
(bd->neg_op) ) {
result = 0;
goto end;
}
@ -1151,7 +1152,7 @@ static int DetectBytetestTestParse20(void)
(bd->flags & DETECT_BYTETEST_STRING) &&
(bd->flags & DETECT_BYTETEST_BIG) &&
(bd->flags & DETECT_BYTETEST_LITTLE) &&
(bd->flags & DETECT_BYTETEST_NEGOP) ) {
(bd->neg_op) ) {
result = 0;
goto end;
}
@ -1178,7 +1179,7 @@ static int DetectBytetestTestParse20(void)
(bd->flags & DETECT_BYTETEST_STRING) &&
(bd->flags & DETECT_BYTETEST_BIG) &&
(bd->flags & DETECT_BYTETEST_LITTLE) &&
(bd->flags & DETECT_BYTETEST_NEGOP) ) {
(bd->neg_op) ) {
result = 0;
goto end;
}
@ -1351,7 +1352,7 @@ static int DetectBytetestTestParse22(void)
(bd->flags & DETECT_BYTETEST_STRING) &&
(bd->flags & DETECT_BYTETEST_BIG) &&
(bd->flags & DETECT_BYTETEST_LITTLE) &&
(bd->flags & DETECT_BYTETEST_NEGOP) ) {
(bd->neg_op) ) {
printf("wrong flags: ");
goto end;
}

20
src/detect-bytetest.h
Unescape Escape View File

@ -40,22 +40,22 @@
#define DETECT_BYTETEST_BASE_HEX 16 /**< "hex" type value string */
/** Bytetest Flags */
#define DETECT_BYTETEST_NEGOP BIT_U16(0) /**< "!" negated operator */
#define DETECT_BYTETEST_LITTLE BIT_U16(1) /**< "little" endian value */
#define DETECT_BYTETEST_BIG BIT_U16(2) /**< "bi" endian value */
#define DETECT_BYTETEST_STRING BIT_U16(3) /**< "string" value */
#define DETECT_BYTETEST_RELATIVE BIT_U16(4) /**< "relative" offset */
#define DETECT_BYTETEST_DCE BIT_U16(5) /**< dce enabled */
#define DETECT_BYTETEST_BITMASK BIT_U16(6) /**< bitmask supplied*/
#define DETECT_BYTETEST_VALUE_BE BIT_U16(7) /**< byte extract value enabled */
#define DETECT_BYTETEST_OFFSET_BE BIT_U16(8) /**< byte extract value enabled */
#define DETECT_BYTETEST_LITTLE BIT_U8(0) /**< "little" endian value */
#define DETECT_BYTETEST_BIG BIT_U8(1) /**< "bi" endian value */
#define DETECT_BYTETEST_STRING BIT_U8(2) /**< "string" value */
#define DETECT_BYTETEST_RELATIVE BIT_U8(3) /**< "relative" offset */
#define DETECT_BYTETEST_DCE BIT_U8(4) /**< dce enabled */
#define DETECT_BYTETEST_BITMASK BIT_U8(5) /**< bitmask supplied*/
#define DETECT_BYTETEST_VALUE_BE BIT_U8(6) /**< byte extract value enabled */
#define DETECT_BYTETEST_OFFSET_BE BIT_U8(7) /**< byte extract value enabled */
typedef struct DetectBytetestData_ {
uint8_t nbytes; /**< Number of bytes to compare */
uint8_t op; /**< Operator used to compare */
uint8_t base; /**< String value base (oct|dec|hex) */
uint8_t bitmask_shift_count; /**< bitmask trailing 0 count */
uint16_t flags; /**< Flags (big|little|relative|string|bitmask) */
uint8_t flags; /**< Flags (big|little|relative|string|bitmask) */
bool neg_op;
int32_t offset; /**< Offset in payload */
uint32_t bitmask; /**< bitmask value */
uint64_t value; /**< Value to compare against */

Write Preview
Loading…
Cancel
Save