22618661228

Committed 02 Mar 2026 09:33PM UTC coverage: 42.258% (-34.4%) from 76.611%

Build # 22618661228

Build Type

push

github

Committed by

victorjulien

Commit Message

github-actions: bump actions/download-artifact from 7.0.0 to 8.0.0

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/37930b1c2...70fc10c6e)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Coverage Stats

91511 of 216553 relevant lines covered (42.26%)

3416852.41 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

14.86

/src/detect-template2.c

/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author XXX
 *
 */

#include "suricata-common.h"
#include "util-byte.h"

#include "detect.h"
#include "detect-parse.h"
#include "detect-engine-prefilter-common.h"
#include "detect-engine-uint.h"

#include "detect-template2.h"


/* prototypes */
static int DetectTemplate2Match (DetectEngineThreadCtx *, Packet *,
        const Signature *, const SigMatchCtx *);
static int DetectTemplate2Setup (DetectEngineCtx *, Signature *, const char *);
void DetectTemplate2Free (DetectEngineCtx *, void *);
#ifdef UNITTESTS
void DetectTemplate2RegisterTests (void);
#endif
static int PrefilterSetupTemplate2(DetectEngineCtx *de_ctx, SigGroupHead *sgh);
static bool PrefilterTemplate2IsPrefilterable(const Signature *s);

/**
 * \brief Registration function for template2: keyword
 */

void DetectTemplate2Register(void)
{
    sigmatch_table[DETECT_TEMPLATE2].name = "template2";
    sigmatch_table[DETECT_TEMPLATE2].desc = "TODO describe the keyword";
    sigmatch_table[DETECT_TEMPLATE2].url = "/rules/header-keywords.html#template2";
    sigmatch_table[DETECT_TEMPLATE2].Match = DetectTemplate2Match;
    sigmatch_table[DETECT_TEMPLATE2].Setup = DetectTemplate2Setup;
    sigmatch_table[DETECT_TEMPLATE2].Free = DetectTemplate2Free;
    sigmatch_table[DETECT_TEMPLATE2].SupportsPrefilter = PrefilterTemplate2IsPrefilterable;
    sigmatch_table[DETECT_TEMPLATE2].SetupPrefilter = PrefilterSetupTemplate2;
    sigmatch_table[DETECT_TEMPLATE2].flags = SIGMATCH_INFO_UINT8;
}

/**
 * \brief This function is used to match TEMPLATE2 rule option on a packet with those passed via
 * template2:
 *
 * \param t pointer to thread vars
 * \param det_ctx pointer to the pattern matcher thread
 * \param p pointer to the current packet
 * \param m pointer to the sigmatch that we will cast into DetectU8Data
 *
 * \retval 0 no match
 * \retval 1 match
 */
static int DetectTemplate2Match (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
{
    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    /* TODO replace this */
    uint8_t ptemplate2;
    if (PacketIsIPv4(p)) {
        const IPV4Hdr *ip4h = PacketGetIPv4(p);
        ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h);
    } else if (PacketIsIPv6(p)) {
        const IPV6Hdr *ip6h = PacketGetIPv6(p);
        ptemplate2 = IPV6_GET_RAW_HLIM(ip6h);
    } else {
        SCLogDebug("Packet is of not IPv4 or IPv6");
        return 0;
    }

    const DetectU8Data *template2d = (const DetectU8Data *)ctx;
    return DetectU8Match(ptemplate2, template2d);
}

/**
 * \brief this function is used to add the parsed template2 data into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param template2str pointer to the user provided template2 options
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectTemplate2Setup (DetectEngineCtx *de_ctx, Signature *s, const char *template2str)
{
    DetectU8Data *template2d = DetectU8Parse(template2str);
    if (template2d == NULL)
        return -1;

    if (SCSigMatchAppendSMToList(de_ctx, s, DETECT_TEMPLATE2, (SigMatchCtx *)template2d,
                DETECT_SM_LIST_MATCH) == NULL) {
        DetectTemplate2Free(de_ctx, template2d);
        return -1;
    }
    s->flags |= SIG_FLAG_REQUIRE_PACKET;

    return 0;
}

/**
 * \brief this function will free memory associated with DetectU8Data
 *
 * \param ptr pointer to DetectU8Data
 */
void DetectTemplate2Free(DetectEngineCtx *de_ctx, void *ptr)
{
    SCDetectU8Free(ptr);
}

/* prefilter code */

static void
PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
{
    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t ptemplate2;
/* TODO update */
    if (PacketIsIPv4(p)) {
        const IPV4Hdr *ip4h = PacketGetIPv4(p);
        ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h);
    } else if (PacketIsIPv6(p)) {
        const IPV6Hdr *ip6h = PacketGetIPv6(p);
        ptemplate2 = IPV6_GET_RAW_HLIM(ip6h);
    } else {
        SCLogDebug("Packet is of not IPv4 or IPv6");
        return;
    }

    /* during setup Suricata will automatically see if there is another
     * check that can be added: alproto, sport or dport */
    const PrefilterPacketHeaderCtx *ctx = pectx;
    if (!PrefilterPacketHeaderExtraMatch(ctx, p))
        return;

    DetectU8Data du8;
    du8.mode = ctx->v1.u8[0];
    du8.arg1 = ctx->v1.u8[1];
    du8.arg2 = ctx->v1.u8[2];
    /* if we match, add all the sigs that use this prefilter. This means
     * that these will be inspected further */
    if (DetectU8Match(ptemplate2, &du8)) {
        SCLogDebug("packet matches template2/hl %u", ptemplate2);
        PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
    }
}

static int PrefilterSetupTemplate2(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, SIG_MASK_REQUIRE_REAL_PKT,
            PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTemplate2Match);
}

static bool PrefilterTemplate2IsPrefilterable(const Signature *s)
{
    return PrefilterIsPrefilterableById(s, DETECT_TEMPLATE2);
}

1	/* Copyright (C) 2007-2020 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \file
20	*
21	* \author XXX
22	*
23	*/
24
25	#include "suricata-common.h"
26	#include "util-byte.h"
27
28	#include "detect.h"
29	#include "detect-parse.h"
30	#include "detect-engine-prefilter-common.h"
31	#include "detect-engine-uint.h"
32
33	#include "detect-template2.h"
34
35
36	/* prototypes */
37	static int DetectTemplate2Match (DetectEngineThreadCtx , Packet ,
38	const Signature , const SigMatchCtx );
39	static int DetectTemplate2Setup (DetectEngineCtx , Signature , const char *);
40	void DetectTemplate2Free (DetectEngineCtx , void );
41	#ifdef UNITTESTS
42	void DetectTemplate2RegisterTests (void);
43	#endif
44	static int PrefilterSetupTemplate2(DetectEngineCtx de_ctx, SigGroupHead sgh);
45	static bool PrefilterTemplate2IsPrefilterable(const Signature *s);
46
47	/**
48	* \brief Registration function for template2: keyword
49	*/
50
51	void DetectTemplate2Register(void)
52	{	7✔
53	sigmatch_table[DETECT_TEMPLATE2].name = "template2";	7✔
54	sigmatch_table[DETECT_TEMPLATE2].desc = "TODO describe the keyword";	7✔
55	sigmatch_table[DETECT_TEMPLATE2].url = "/rules/header-keywords.html#template2";	7✔
56	sigmatch_table[DETECT_TEMPLATE2].Match = DetectTemplate2Match;	7✔
57	sigmatch_table[DETECT_TEMPLATE2].Setup = DetectTemplate2Setup;	7✔
58	sigmatch_table[DETECT_TEMPLATE2].Free = DetectTemplate2Free;	7✔
59	sigmatch_table[DETECT_TEMPLATE2].SupportsPrefilter = PrefilterTemplate2IsPrefilterable;	7✔
60	sigmatch_table[DETECT_TEMPLATE2].SetupPrefilter = PrefilterSetupTemplate2;	7✔
61	sigmatch_table[DETECT_TEMPLATE2].flags = SIGMATCH_INFO_UINT8;	7✔
62	}	7✔
63
64	/**
65	* \brief This function is used to match TEMPLATE2 rule option on a packet with those passed via
66	* template2:
67	*
68	* \param t pointer to thread vars
69	* \param det_ctx pointer to the pattern matcher thread
70	* \param p pointer to the current packet
71	* \param m pointer to the sigmatch that we will cast into DetectU8Data
72	*
73	* \retval 0 no match
74	* \retval 1 match
75	*/
76	static int DetectTemplate2Match (DetectEngineThreadCtx det_ctx, Packet p,
77	const Signature s, const SigMatchCtx ctx)
78	{	×
79	DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));	×
80
81	/* TODO replace this */
82	uint8_t ptemplate2;	×
83	if (PacketIsIPv4(p)) {	×
84	const IPV4Hdr *ip4h = PacketGetIPv4(p);	×
85	ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h);	×
86	} else if (PacketIsIPv6(p)) {	×
87	const IPV6Hdr *ip6h = PacketGetIPv6(p);	×
88	ptemplate2 = IPV6_GET_RAW_HLIM(ip6h);	×
89	} else {	×
90	SCLogDebug("Packet is of not IPv4 or IPv6");	×
91	return 0;	×
92	}	×
93
94	const DetectU8Data template2d = (const DetectU8Data )ctx;	×
95	return DetectU8Match(ptemplate2, template2d);	×
96	}	×
97
98	/**
99	* \brief this function is used to add the parsed template2 data into the current signature
100	*
101	* \param de_ctx pointer to the Detection Engine Context
102	* \param s pointer to the Current Signature
103	* \param template2str pointer to the user provided template2 options
104	*
105	* \retval 0 on Success
106	* \retval -1 on Failure
107	*/
108	static int DetectTemplate2Setup (DetectEngineCtx de_ctx, Signature s, const char *template2str)
109	{	×
110	DetectU8Data *template2d = DetectU8Parse(template2str);	×
111	if (template2d == NULL)	×
112	return -1;	×
113
114	if (SCSigMatchAppendSMToList(de_ctx, s, DETECT_TEMPLATE2, (SigMatchCtx *)template2d,	×
115	DETECT_SM_LIST_MATCH) == NULL) {	×
116	DetectTemplate2Free(de_ctx, template2d);	×
117	return -1;	×
118	}	×
119	s->flags \|= SIG_FLAG_REQUIRE_PACKET;	×
120
121	return 0;	×
122	}	×
123
124	/**
125	* \brief this function will free memory associated with DetectU8Data
126	*
127	* \param ptr pointer to DetectU8Data
128	*/
129	void DetectTemplate2Free(DetectEngineCtx de_ctx, void ptr)
130	{	×
131	SCDetectU8Free(ptr);	×
132	}	×
133
134	/* prefilter code */
135
136	static void
137	PrefilterPacketTemplate2Match(DetectEngineThreadCtx det_ctx, Packet p, const void *pectx)
138	{	×
139	DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));	×
140
141	uint8_t ptemplate2;	×
142	/* TODO update */
143	if (PacketIsIPv4(p)) {	×
144	const IPV4Hdr *ip4h = PacketGetIPv4(p);	×
145	ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h);	×
146	} else if (PacketIsIPv6(p)) {	×
147	const IPV6Hdr *ip6h = PacketGetIPv6(p);	×
148	ptemplate2 = IPV6_GET_RAW_HLIM(ip6h);	×
149	} else {	×
150	SCLogDebug("Packet is of not IPv4 or IPv6");	×
151	return;	×
152	}	×
153
154	/* during setup Suricata will automatically see if there is another
155	* check that can be added: alproto, sport or dport */
156	const PrefilterPacketHeaderCtx *ctx = pectx;	×
157	if (!PrefilterPacketHeaderExtraMatch(ctx, p))	×
158	return;	×
159
160	DetectU8Data du8;	×
161	du8.mode = ctx->v1.u8[0];	×
162	du8.arg1 = ctx->v1.u8[1];	×
163	du8.arg2 = ctx->v1.u8[2];	×
164	/* if we match, add all the sigs that use this prefilter. This means
165	* that these will be inspected further */
166	if (DetectU8Match(ptemplate2, &du8)) {	×
167	SCLogDebug("packet matches template2/hl %u", ptemplate2);	×
168	PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);	×
169	}	×
170	}	×
171
172	static int PrefilterSetupTemplate2(DetectEngineCtx de_ctx, SigGroupHead sgh)
173	{	×
174	return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, SIG_MASK_REQUIRE_REAL_PKT,	×
175	PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTemplate2Match);	×
176	}	×
177
178	static bool PrefilterTemplate2IsPrefilterable(const Signature *s)
179	{	×
180	return PrefilterIsPrefilterableById(s, DETECT_TEMPLATE2);	×
181	}	×

OISF / suricata / 22618661228

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous