suricata
detect-engine-address-ipv4.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * IPV4 Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 
28 #include "decode.h"
29 #include "detect.h"
30 #include "flow-var.h"
31 
32 #include "util-cidr.h"
33 #include "util-unittest.h"
34 
35 #include "detect-engine-address.h"
36 #include "detect-engine-address-ipv4.h"
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-port.h"
39 
40 #include "util-error.h"
41 #include "util-debug.h"
42 
43 /**
44  * \brief Compares 2 addresses(address ranges) and returns the relationship
45  * between the 2 addresses.
46  *
47  * \param a Pointer to the first address instance to be compared.
48  * \param b Pointer to the second address instance to be compared.
49  *
50  * \retval ADDRESS_EQ If the 2 address ranges a and b, are equal.
51  * \retval ADDRESS_ES b encapsulates a. b_ip1[...a_ip1...a_ip2...]b_ip2.
52  * \retval ADDRESS_EB a encapsulates b. a_ip1[...b_ip1....b_ip2...]a_ip2.
53  * \retval ADDRESS_LE a_ip1(...b_ip1==a_ip2...)b_ip2
54  * \retval ADDRESS_LT a_ip1(...b_ip1...a_ip2...)b_ip2
55  * \retval ADDRESS_GE b_ip1(...a_ip1==b_ip2...)a_ip2
56  * \retval ADDRESS_GT a_ip1 > b_ip2, i.e. the address range for 'a' starts only
57  * after the end of the address range for 'b'
58  */
59 int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
60 {
61  uint32_t a_ip1 = SCNtohl(a->ip.addr_data32[0]);
62  uint32_t a_ip2 = SCNtohl(a->ip2.addr_data32[0]);
63  uint32_t b_ip1 = SCNtohl(b->ip.addr_data32[0]);
64  uint32_t b_ip2 = SCNtohl(b->ip2.addr_data32[0]);
65 
66  if (a_ip1 == b_ip1 && a_ip2 == b_ip2) {
67  SCLogDebug("ADDRESS_EQ");
68  return ADDRESS_EQ;
69  } else if (a_ip1 >= b_ip1 && a_ip1 <= b_ip2 && a_ip2 <= b_ip2) {
70  SCLogDebug("ADDRESS_ES");
71  return ADDRESS_ES;
72  } else if (a_ip1 <= b_ip1 && a_ip2 >= b_ip2) {
73  SCLogDebug("ADDRESS_EB");
74  return ADDRESS_EB;
75  } else if (a_ip1 < b_ip1 && a_ip2 < b_ip2 && a_ip2 >= b_ip1) {
76  SCLogDebug("ADDRESS_LE");
77  return ADDRESS_LE;
78  } else if (a_ip1 < b_ip1 && a_ip2 < b_ip2) {
79  SCLogDebug("ADDRESS_LT");
80  return ADDRESS_LT;
81  } else if (a_ip1 > b_ip1 && a_ip1 <= b_ip2 && a_ip2 > b_ip2) {
82  SCLogDebug("ADDRESS_GE");
83  return ADDRESS_GE;
84  } else if (a_ip1 > b_ip2) {
85  SCLogDebug("ADDRESS_GT");
86  return ADDRESS_GT;
87  } else {
88  /* should be unreachable */
89  SCLogDebug("Internal Error: should be unreachable");
90  }
91 
92  return ADDRESS_ER;
93 }
94 
95 /**
96  * \brief Cut groups and merge sigs
97  *
98  * a = 1.2.3.4, b = 1.2.3.4-1.2.3.5
99  * must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL
100  *
101  * a = 1.2.3.4, b = 1.2.3.3-1.2.3.5
102  * must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5
103  *
104  * a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10
105  * must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL
106  *
107  * a = 1.2.3.4, b = 1.2.3.0/24
108  * must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
109  *
110  * \retval 0 On success.
111  * \retval -1 On failure.
112  */
113 int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
114  DetectAddress *b, DetectAddress **c)
115 {
116  uint32_t a_ip1 = SCNtohl(a->ip.addr_data32[0]);
117  uint32_t a_ip2 = SCNtohl(a->ip2.addr_data32[0]);
118  uint32_t b_ip1 = SCNtohl(b->ip.addr_data32[0]);
119  uint32_t b_ip2 = SCNtohl(b->ip2.addr_data32[0]);
120  DetectAddress *tmp = NULL;
121  DetectAddress *tmp_c = NULL;
122  int r = 0;
123 
124  /* default to NULL */
125  *c = NULL;
126 
127  r = DetectAddressCmpIPv4(a, b);
128  if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
129  SCLogDebug("we shouldn't be here");
130  goto error;
131  }
132 
133  /* get a place to temporary put sigs lists */
134  tmp = DetectAddressInit();
135  if (tmp == NULL)
136  goto error;
137 
138  /* we have 3 parts: [aaa[abab)bbb]
139  * part a: a_ip1 <-> b_ip1 - 1
140  * part b: b_ip1 <-> a_ip2
141  * part c: a_ip2 + 1 <-> b_ip2
142  */
143  if (r == ADDRESS_LE) {
144  SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_LE");
145 
146  a->ip.addr_data32[0] = htonl(a_ip1);
147  a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
148 
149  b->ip.addr_data32[0] = htonl(b_ip1);
150  b->ip2.addr_data32[0] = htonl(a_ip2);
151 
152  tmp_c = DetectAddressInit();
153  if (tmp_c == NULL)
154  goto error;
155 
156  tmp_c->ip.family = AF_INET;
157  tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
158  tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
159  *c = tmp_c;
160 
161  /* we have 3 parts: [bbb[baba]aaa]
162  * part a: b_ip1 <-> a_ip1 - 1
163  * part b: a_ip1 <-> b_ip2
164  * part c: b_ip2 + 1 <-> a_ip2
165  */
166  } else if (r == ADDRESS_GE) {
167  SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_GE");
168 
169  a->ip.addr_data32[0] = htonl(b_ip1);
170  a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
171 
172  b->ip.addr_data32[0] = htonl(a_ip1);
173  b->ip2.addr_data32[0] = htonl(b_ip2);
174 
175  tmp_c = DetectAddressInit();
176  if (tmp_c == NULL)
177  goto error;
178 
179  tmp_c->ip.family = AF_INET;
180  tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
181  tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
182  *c = tmp_c;
183 
184  /* we have 2 or three parts:
185  *
186  * 2 part: [[abab]bbb] or [bbb[baba]]
187  * part a: a_ip1 <-> a_ip2
188  * part b: a_ip2 + 1 <-> b_ip2
189  *
190  * part a: b_ip1 <-> a_ip1 - 1
191  * part b: a_ip1 <-> a_ip2
192  *
193  * 3 part [bbb[aaa]bbb]
194  * becomes[aaa[bbb]ccc]
195  *
196  * part a: b_ip1 <-> a_ip1 - 1
197  * part b: a_ip1 <-> a_ip2
198  * part c: a_ip2 + 1 <-> b_ip2
199  */
200  } else if (r == ADDRESS_ES) {
201  SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_ES");
202 
203  if (a_ip1 == b_ip1) {
204  SCLogDebug("DetectAddressCutIPv4: 1");
205 
206  a->ip.addr_data32[0] = htonl(a_ip1);
207  a->ip2.addr_data32[0] = htonl(a_ip2);
208 
209  b->ip.addr_data32[0] = htonl(a_ip2 + 1);
210  b->ip2.addr_data32[0] = htonl(b_ip2);
211 
212  } else if (a_ip2 == b_ip2) {
213  SCLogDebug("DetectAddressCutIPv4: 2");
214 
215  a->ip.addr_data32[0] = htonl(b_ip1);
216  a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
217 
218  b->ip.addr_data32[0] = htonl(a_ip1);
219  b->ip2.addr_data32[0] = htonl(a_ip2);
220 
221  } else {
222  SCLogDebug("3");
223 
224  a->ip.addr_data32[0] = htonl(b_ip1);
225  a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
226 
227  b->ip.addr_data32[0] = htonl(a_ip1);
228  b->ip2.addr_data32[0] = htonl(a_ip2);
229 
230  tmp_c = DetectAddressInit();
231  if (tmp_c == NULL)
232  goto error;
233 
234  tmp_c->ip.family = AF_INET;
235  tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
236  tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
237  *c = tmp_c;
238  }
239  /* we have 2 or three parts:
240  *
241  * 2 part: [[baba]aaa] or [aaa[abab]]
242  * part a: b_ip1 <-> b_ip2
243  * part b: b_ip2 + 1 <-> a_ip2
244  *
245  * part a: a_ip1 <-> b_ip1 - 1
246  * part b: b_ip1 <-> b_ip2
247  *
248  * 3 part [aaa[bbb]aaa]
249  * becomes[aaa[bbb]ccc]
250  *
251  * part a: a_ip1 <-> b_ip2 - 1
252  * part b: b_ip1 <-> b_ip2
253  * part c: b_ip2 + 1 <-> a_ip2
254  */
255  } else if (r == ADDRESS_EB) {
256  SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_EB");
257 
258  if (a_ip1 == b_ip1) {
259  SCLogDebug("DetectAddressCutIPv4: 1");
260 
261  a->ip.addr_data32[0] = htonl(b_ip1);
262  a->ip2.addr_data32[0] = htonl(b_ip2);
263 
264  b->ip.addr_data32[0] = htonl(b_ip2 + 1);
265  b->ip2.addr_data32[0] = htonl(a_ip2);
266  } else if (a_ip2 == b_ip2) {
267  SCLogDebug("DetectAddressCutIPv4: 2");
268 
269  a->ip.addr_data32[0] = htonl(a_ip1);
270  a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
271 
272  b->ip.addr_data32[0] = htonl(b_ip1);
273  b->ip2.addr_data32[0] = htonl(b_ip2);
274  } else {
275  SCLogDebug("DetectAddressCutIPv4: 3");
276 
277  a->ip.addr_data32[0] = htonl(a_ip1);
278  a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
279 
280  b->ip.addr_data32[0] = htonl(b_ip1);
281  b->ip2.addr_data32[0] = htonl(b_ip2);
282 
283  tmp_c = DetectAddressInit();
284  if (tmp_c == NULL)
285  goto error;
286 
287  tmp_c->ip.family = AF_INET;
288  tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
289  tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
290  *c = tmp_c;
291  }
292  }
293 
294  if (tmp != NULL)
295  DetectAddressFree(tmp);
296 
297  return 0;
298 
299 error:
300  if (tmp != NULL)
301  DetectAddressFree(tmp);
302  return -1;
303 }
304 
305 /**
306  * \brief Check if the address group list covers the complete IPv4 IP space.
307  *
308  * \param ag Pointer to a DetectAddress list head, which has to be checked to
309  * see if the address ranges in it, cover the entire IPv4 IP space.
310  *
311  * \retval 1 Yes, it covers the entire IPv4 address range.
312  * \retval 0 No, it doesn't cover the entire IPv4 address range.
313  */
314 int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
315 {
316  uint32_t next_ip = 0;
317 
318  if (ag == NULL)
319  return 0;
320 
321  /* if we don't start with 0.0.0.0 we know we're good */
322  if (SCNtohl(ag->ip.addr_data32[0]) != 0x00000000)
323  return 0;
324 
325  /* if we're ending with 255.255.255.255 while we know we started with
326  * 0.0.0.0 it's the complete space */
327  if (SCNtohl(ag->ip2.addr_data32[0]) == 0xFFFFFFFF)
328  return 1;
329 
330  next_ip = htonl(SCNtohl(ag->ip2.addr_data32[0]) + 1);
331  ag = ag->next;
332 
333  for ( ; ag != NULL; ag = ag->next) {
334 
335  if (ag->ip.addr_data32[0] != next_ip)
336  return 0;
337 
338  if (SCNtohl(ag->ip2.addr_data32[0]) == 0xFFFFFFFF)
339  return 1;
340 
341  next_ip = htonl(SCNtohl(ag->ip2.addr_data32[0]) + 1);
342  }
343 
344  return 0;
345 }
346 
347 /**
348  * \brief Cuts and returns an address range, which is the complement of the
349  * address range that is supplied as the argument.
350  *
351  * For example:
352  *
353  * If a = 0.0.0.0-1.2.3.4,
354  * then a = 1.2.3.4-255.255.255.255 and b = NULL
355  * If a = 1.2.3.4-255.255.255.255,
356  * then a = 0.0.0.0-1.2.3.4 and b = NULL
357  * If a = 1.2.3.4-192.168.1.1,
358  * then a = 0.0.0.0-1.2.3.3 and b = 192.168.1.2-255.255.255.255
359  *
360  * \param a Pointer to an address range (DetectAddress) instance whose complement
361  * has to be returned in a and b.
362  * \param b Pointer to DetectAddress pointer, that will be supplied back with a
363  * new DetectAddress instance, if the complement demands so.
364  *
365  * \retval 0 On success.
366  * \retval -1 On failure.
367  */
368 int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
369 {
370  uint32_t a_ip1 = SCNtohl(a->ip.addr_data32[0]);
371  uint32_t a_ip2 = SCNtohl(a->ip2.addr_data32[0]);
372  DetectAddress *tmp_b = NULL;
373 
374  /* default to NULL */
375  *b = NULL;
376 
377  if (a_ip1 != 0x00000000 && a_ip2 != 0xFFFFFFFF) {
378  a->ip.addr_data32[0] = htonl(0x00000000);
379  a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
380 
381  tmp_b = DetectAddressInit();
382  if (tmp_b == NULL)
383  goto error;
384 
385  tmp_b->ip.family = AF_INET;
386  tmp_b->ip.addr_data32[0] = htonl(a_ip2 + 1);
387  tmp_b->ip2.addr_data32[0] = htonl(0xFFFFFFFF);
388  *b = tmp_b;
389  } else if (a_ip1 == 0x00000000 && a_ip2 != 0xFFFFFFFF) {
390  a->ip.addr_data32[0] = htonl(a_ip2 + 1);
391  a->ip2.addr_data32[0] = htonl(0xFFFFFFFF);
392  } else if (a_ip1 != 0x00000000 && a_ip2 == 0xFFFFFFFF) {
393  a->ip.addr_data32[0] = htonl(0x00000000);
394  a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
395  } else {
396  goto error;
397  }
398 
399  return 0;
400 
401 error:
402  return -1;
403 }
404 
405 /********************************Unittests*************************************/
406 
407 #ifdef UNITTESTS
408 
409 static int DetectAddressIPv4TestAddressCmp01(void)
410 {
411  struct in_addr in;
412 
413  DetectAddress *a = DetectAddressInit();
414  FAIL_IF_NULL(a);
415 
416  DetectAddress *b = DetectAddressInit();
417  FAIL_IF_NULL(b);
418 
419  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
420  a->ip.addr_data32[0] = in.s_addr;
421  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
422  a->ip2.addr_data32[0] = in.s_addr;
423  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
424  b->ip.addr_data32[0] = in.s_addr;
425  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
426  b->ip2.addr_data32[0] = in.s_addr;
427  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_EQ);
428 
429  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
430  a->ip.addr_data32[0] = in.s_addr;
431  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
432  a->ip2.addr_data32[0] = in.s_addr;
433  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
434  b->ip.addr_data32[0] = in.s_addr;
435  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
436  b->ip2.addr_data32[0] = in.s_addr;
437  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
438 
439  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
440  a->ip.addr_data32[0] = in.s_addr;
441  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
442  a->ip2.addr_data32[0] = in.s_addr;
443  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
444  b->ip.addr_data32[0] = in.s_addr;
445  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
446  b->ip2.addr_data32[0] = in.s_addr;
447  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
448 
449  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
450  a->ip.addr_data32[0] = in.s_addr;
451  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
452  a->ip2.addr_data32[0] = in.s_addr;
453  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
454  b->ip.addr_data32[0] = in.s_addr;
455  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
456  b->ip2.addr_data32[0] = in.s_addr;
457  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
458 
459  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
460  a->ip.addr_data32[0] = in.s_addr;
461  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
462  a->ip2.addr_data32[0] = in.s_addr;
463  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
464  b->ip.addr_data32[0] = in.s_addr;
465  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
466  b->ip2.addr_data32[0] = in.s_addr;
467  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
468 
469  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
470  a->ip.addr_data32[0] = in.s_addr;
471  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
472  a->ip2.addr_data32[0] = in.s_addr;
473  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
474  b->ip.addr_data32[0] = in.s_addr;
475  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
476  b->ip2.addr_data32[0] = in.s_addr;
477  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_ES);
478 
479  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
480  a->ip.addr_data32[0] = in.s_addr;
481  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
482  a->ip2.addr_data32[0] = in.s_addr;
483  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
484  b->ip.addr_data32[0] = in.s_addr;
485  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
486  b->ip2.addr_data32[0] = in.s_addr;
487  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
488 
489  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
490  a->ip.addr_data32[0] = in.s_addr;
491  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
492  a->ip2.addr_data32[0] = in.s_addr;
493  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
494  b->ip.addr_data32[0] = in.s_addr;
495  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
496  b->ip2.addr_data32[0] = in.s_addr;
497  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
498 
499  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
500  a->ip.addr_data32[0] = in.s_addr;
501  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
502  a->ip2.addr_data32[0] = in.s_addr;
503  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
504  b->ip.addr_data32[0] = in.s_addr;
505  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
506  b->ip2.addr_data32[0] = in.s_addr;
507  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
508 
509  FAIL_IF(inet_pton(AF_INET, "1.2.3.5", &in) < 0);
510  a->ip.addr_data32[0] = in.s_addr;
511  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
512  a->ip2.addr_data32[0] = in.s_addr;
513  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
514  b->ip.addr_data32[0] = in.s_addr;
515  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
516  b->ip2.addr_data32[0] = in.s_addr;
517  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_EB);
518 
519  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
520  a->ip.addr_data32[0] = in.s_addr;
521  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
522  a->ip2.addr_data32[0] = in.s_addr;
523  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
524  b->ip.addr_data32[0] = in.s_addr;
525  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
526  b->ip2.addr_data32[0] = in.s_addr;
527  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
528 
529  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
530  a->ip.addr_data32[0] = in.s_addr;
531  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
532  a->ip2.addr_data32[0] = in.s_addr;
533  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
534  b->ip.addr_data32[0] = in.s_addr;
535  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
536  b->ip2.addr_data32[0] = in.s_addr;
537  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
538 
539  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
540  a->ip.addr_data32[0] = in.s_addr;
541  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
542  a->ip2.addr_data32[0] = in.s_addr;
543  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
544  b->ip.addr_data32[0] = in.s_addr;
545  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
546  b->ip2.addr_data32[0] = in.s_addr;
547  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LE);
548 
549  FAIL_IF(inet_pton(AF_INET, "170.170.170.169", &in) < 0);
550  a->ip.addr_data32[0] = in.s_addr;
551  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
552  a->ip2.addr_data32[0] = in.s_addr;
553  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
554  b->ip.addr_data32[0] = in.s_addr;
555  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
556  b->ip2.addr_data32[0] = in.s_addr;
557  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
558 
559  FAIL_IF(inet_pton(AF_INET, "170.170.170.169", &in) < 0);
560  a->ip.addr_data32[0] = in.s_addr;
561  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
562  a->ip2.addr_data32[0] = in.s_addr;
563  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
564  b->ip.addr_data32[0] = in.s_addr;
565  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
566  b->ip2.addr_data32[0] = in.s_addr;
567  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LE);
568 
569  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
570  a->ip.addr_data32[0] = in.s_addr;
571  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
572  a->ip2.addr_data32[0] = in.s_addr;
573  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
574  b->ip.addr_data32[0] = in.s_addr;
575  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
576  b->ip2.addr_data32[0] = in.s_addr;
577  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_LT);
578 
579  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
580  a->ip.addr_data32[0] = in.s_addr;
581  FAIL_IF(inet_pton(AF_INET, "185.185.185.185", &in) < 0);
582  a->ip2.addr_data32[0] = in.s_addr;
583  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
584  b->ip.addr_data32[0] = in.s_addr;
585  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
586  b->ip2.addr_data32[0] = in.s_addr;
587  /* we could get a LE */
588  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
589 
590  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
591  a->ip.addr_data32[0] = in.s_addr;
592  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
593  a->ip2.addr_data32[0] = in.s_addr;
594  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
595  b->ip.addr_data32[0] = in.s_addr;
596  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
597  b->ip2.addr_data32[0] = in.s_addr;
598  /* we could get a LE */
599  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
600 
601  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
602  a->ip.addr_data32[0] = in.s_addr;
603  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
604  a->ip2.addr_data32[0] = in.s_addr;
605  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
606  b->ip.addr_data32[0] = in.s_addr;
607  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
608  b->ip2.addr_data32[0] = in.s_addr;
609  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
610 
611  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
612  a->ip.addr_data32[0] = in.s_addr;
613  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
614  a->ip2.addr_data32[0] = in.s_addr;
615  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
616  b->ip.addr_data32[0] = in.s_addr;
617  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
618  b->ip2.addr_data32[0] = in.s_addr;
619  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
620 
621  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
622  a->ip.addr_data32[0] = in.s_addr;
623  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
624  a->ip2.addr_data32[0] = in.s_addr;
625  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
626  b->ip.addr_data32[0] = in.s_addr;
627  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
628  b->ip2.addr_data32[0] = in.s_addr;
629  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
630 
631  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
632  a->ip.addr_data32[0] = in.s_addr;
633  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
634  a->ip2.addr_data32[0] = in.s_addr;
635  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
636  b->ip.addr_data32[0] = in.s_addr;
637  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
638  b->ip2.addr_data32[0] = in.s_addr;
639  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
640 
641  FAIL_IF(inet_pton(AF_INET, "128.128.128.128", &in) < 0);
642  a->ip.addr_data32[0] = in.s_addr;
643  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
644  a->ip2.addr_data32[0] = in.s_addr;
645  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
646  b->ip.addr_data32[0] = in.s_addr;
647  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
648  b->ip2.addr_data32[0] = in.s_addr;
649  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
650 
651  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
652  a->ip.addr_data32[0] = in.s_addr;
653  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
654  a->ip2.addr_data32[0] = in.s_addr;
655  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
656  b->ip.addr_data32[0] = in.s_addr;
657  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
658  b->ip2.addr_data32[0] = in.s_addr;
659  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
660 
661  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
662  a->ip.addr_data32[0] = in.s_addr;
663  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
664  a->ip2.addr_data32[0] = in.s_addr;
665  FAIL_IF(inet_pton(AF_INET, "170.170.170.169", &in) < 0);
666  b->ip.addr_data32[0] = in.s_addr;
667  FAIL_IF(inet_pton(AF_INET, "180.180.180.180", &in) < 0);
668  b->ip2.addr_data32[0] = in.s_addr;
669  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
670 
671  FAIL_IF(inet_pton(AF_INET, "170.170.170.169", &in) < 0);
672  a->ip.addr_data32[0] = in.s_addr;
673  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
674  a->ip2.addr_data32[0] = in.s_addr;
675  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
676  b->ip.addr_data32[0] = in.s_addr;
677  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
678  b->ip2.addr_data32[0] = in.s_addr;
679  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
680 
681  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
682  a->ip.addr_data32[0] = in.s_addr;
683  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
684  a->ip2.addr_data32[0] = in.s_addr;
685  FAIL_IF(inet_pton(AF_INET, "170.170.169.170", &in) < 0);
686  b->ip.addr_data32[0] = in.s_addr;
687  FAIL_IF(inet_pton(AF_INET, "192.168.1.1", &in) < 0);
688  b->ip2.addr_data32[0] = in.s_addr;
689  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
690 
691  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
692  a->ip.addr_data32[0] = in.s_addr;
693  FAIL_IF(inet_pton(AF_INET, "200.200.200.200", &in) < 0);
694  a->ip2.addr_data32[0] = in.s_addr;
695  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
696  b->ip.addr_data32[0] = in.s_addr;
697  FAIL_IF(inet_pton(AF_INET, "185.185.185.185", &in) < 0);
698  b->ip2.addr_data32[0] = in.s_addr;
699  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) == ADDRESS_GT);
700 
701  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
702  a->ip.addr_data32[0] = in.s_addr;
703  FAIL_IF(inet_pton(AF_INET, "200.200.200.200", &in) < 0);
704  a->ip2.addr_data32[0] = in.s_addr;
705  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
706  b->ip.addr_data32[0] = in.s_addr;
707  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
708  b->ip2.addr_data32[0] = in.s_addr;
709  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_GT);
710 
711  FAIL_IF(inet_pton(AF_INET, "182.168.1.2", &in) < 0);
712  a->ip.addr_data32[0] = in.s_addr;
713  FAIL_IF(inet_pton(AF_INET, "200.200.200.200", &in) < 0);
714  a->ip2.addr_data32[0] = in.s_addr;
715  FAIL_IF(inet_pton(AF_INET, "170.170.170.170", &in) < 0);
716  b->ip.addr_data32[0] = in.s_addr;
717  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
718  b->ip2.addr_data32[0] = in.s_addr;
719  FAIL_IF_NOT(DetectAddressCmpIPv4(a, b) != ADDRESS_GT);
720 
721  DetectAddressFree(a);
722  DetectAddressFree(b);
723  PASS;
724 }
725 
726 static int DetectAddressIPv4IsCompleteIPSpace02(void)
727 {
728  struct in_addr in;
729 
730  DetectAddress *a = DetectAddressInit();
731  FAIL_IF_NULL(a);
732 
733  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
734  a->ip.addr_data32[0] = in.s_addr;
735  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
736  a->ip2.addr_data32[0] = in.s_addr;
737  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 1);
738 
739  FAIL_IF(inet_pton(AF_INET, "0.0.0.1", &in) < 0);
740  a->ip.addr_data32[0] = in.s_addr;
741  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
742  a->ip2.addr_data32[0] = in.s_addr;
743  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
744 
745  DetectAddressFree(a);
746 
747  a = DetectAddressInit();
748  FAIL_IF_NULL(a);
749 
750  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
751  a->ip.addr_data32[0] = in.s_addr;
752  FAIL_IF(inet_pton(AF_INET, "255.255.255.254", &in) < 0);
753  a->ip2.addr_data32[0] = in.s_addr;
754  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
755 
756  DetectAddressFree(a);
757 
758  PASS;
759 }
760 
761 static int DetectAddressIPv4IsCompleteIPSpace03(void)
762 {
763  struct in_addr in;
764 
765  DetectAddress *a = DetectAddressInit();
766  FAIL_IF_NULL(a);
767  DetectAddress *temp = a;
768 
769  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
770  a->ip.addr_data32[0] = in.s_addr;
771  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
772  a->ip2.addr_data32[0] = in.s_addr;
773  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
774 
775  temp->next = DetectAddressInit();
776  FAIL_IF_NULL(temp->next);
777  temp = temp->next;
778 
779  FAIL_IF(inet_pton(AF_INET, "1.2.3.5", &in) < 0);
780  temp->ip.addr_data32[0] = in.s_addr;
781  FAIL_IF(inet_pton(AF_INET, "126.36.62.61", &in) < 0);
782  temp->ip2.addr_data32[0] = in.s_addr;
783  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
784 
785  temp->next = DetectAddressInit();
786  FAIL_IF_NULL(temp->next);
787  temp = temp->next;
788 
789  FAIL_IF(inet_pton(AF_INET, "126.36.62.62", &in) < 0);
790  temp->ip.addr_data32[0] = in.s_addr;
791  FAIL_IF(inet_pton(AF_INET, "222.52.21.62", &in) < 0);
792  temp->ip2.addr_data32[0] = in.s_addr;
793  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
794 
795  temp->next = DetectAddressInit();
796  FAIL_IF_NULL(temp->next);
797  temp = temp->next;
798 
799  FAIL_IF(inet_pton(AF_INET, "222.52.21.63", &in) < 0);
800  temp->ip.addr_data32[0] = in.s_addr;
801  FAIL_IF(inet_pton(AF_INET, "255.255.255.254", &in) < 0);
802  temp->ip2.addr_data32[0] = in.s_addr;
803  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
804 
805  temp->next = DetectAddressInit();
806  FAIL_IF_NULL(temp->next);
807  temp = temp->next;
808 
809  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
810  temp->ip.addr_data32[0] = in.s_addr;
811  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
812  temp->ip2.addr_data32[0] = in.s_addr;
813  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 1);
814 
815  DetectAddressFree(a);
816 
817  PASS;
818 }
819 
820 static int DetectAddressIPv4IsCompleteIPSpace04(void)
821 {
822  struct in_addr in;
823 
824  DetectAddress *a = DetectAddressInit();
825  FAIL_IF_NULL(a);
826  DetectAddress *temp = a;
827 
828  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
829  a->ip.addr_data32[0] = in.s_addr;
830  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
831  a->ip2.addr_data32[0] = in.s_addr;
832  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
833 
834  temp->next = DetectAddressInit();
835  FAIL_IF_NULL(temp->next);
836  temp = temp->next;
837 
838  FAIL_IF(inet_pton(AF_INET, "1.2.3.5", &in) < 0);
839  temp->ip.addr_data32[0] = in.s_addr;
840  FAIL_IF(inet_pton(AF_INET, "126.36.62.61", &in) < 0);
841  temp->ip2.addr_data32[0] = in.s_addr;
842  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
843 
844  temp->next = DetectAddressInit();
845  FAIL_IF_NULL(temp->next);
846  temp = temp->next;
847 
848  FAIL_IF(inet_pton(AF_INET, "126.36.62.62", &in) < 0);
849  temp->ip.addr_data32[0] = in.s_addr;
850  FAIL_IF(inet_pton(AF_INET, "222.52.21.62", &in) < 0);
851  temp->ip2.addr_data32[0] = in.s_addr;
852  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
853 
854  temp->next = DetectAddressInit();
855  FAIL_IF_NULL(temp->next);
856  temp = temp->next;
857 
858  FAIL_IF(inet_pton(AF_INET, "222.52.21.64", &in) < 0);
859  temp->ip.addr_data32[0] = in.s_addr;
860  FAIL_IF(inet_pton(AF_INET, "255.255.255.254", &in) < 0);
861  temp->ip2.addr_data32[0] = in.s_addr;
862  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
863 
864  temp->next = DetectAddressInit();
865  FAIL_IF_NULL(temp->next);
866  temp = temp->next;
867 
868  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
869  temp->ip.addr_data32[0] = in.s_addr;
870  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
871  temp->ip2.addr_data32[0] = in.s_addr;
872  FAIL_IF_NOT(DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
873 
874  DetectAddressFree(a);
875 
876  PASS;
877 }
878 
879 static int DetectAddressIPv4CutNot05(void)
880 {
881  DetectAddress *b = NULL;
882  struct in_addr in;
883 
884  DetectAddress *a = DetectAddressInit();
885  FAIL_IF_NULL(a);
886 
887  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
888  a->ip.addr_data32[0] = in.s_addr;
889  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
890  a->ip2.addr_data32[0] = in.s_addr;
891  FAIL_IF_NOT(DetectAddressCutNotIPv4(a, &b) == -1);
892 
893  DetectAddressFree(a);
894  DetectAddressFree(b);
895  PASS;
896 }
897 
898 static int DetectAddressIPv4CutNot06(void)
899 {
900  DetectAddress *b = NULL;
901  struct in_addr in;
902 
903  DetectAddress *a = DetectAddressInit();
904  FAIL_IF_NULL(a);
905 
906  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
907  a->ip.addr_data32[0] = in.s_addr;
908  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
909  a->ip2.addr_data32[0] = in.s_addr;
910  FAIL_IF_NOT(DetectAddressCutNotIPv4(a, &b) == 0);
911 
912  FAIL_IF(inet_pton(AF_INET, "1.2.3.5", &in) < 0);
913  FAIL_IF_NOT(a->ip.addr_data32[0] == in.s_addr);
914  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
915  FAIL_IF_NOT(a->ip2.addr_data32[0] = in.s_addr);
916 
917  DetectAddressFree(a);
918  DetectAddressFree(b);
919  PASS;
920 }
921 
922 static int DetectAddressIPv4CutNot07(void)
923 {
924  DetectAddress *b = NULL;
925  struct in_addr in;
926 
927  DetectAddress *a = DetectAddressInit();
928  FAIL_IF_NULL(a);
929 
930  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
931  a->ip.addr_data32[0] = in.s_addr;
932  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
933  a->ip2.addr_data32[0] = in.s_addr;
934  FAIL_IF_NOT(DetectAddressCutNotIPv4(a, &b) == 0);
935 
936  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
937  FAIL_IF_NOT(a->ip.addr_data32[0] == in.s_addr);
938  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
939  FAIL_IF_NOT(a->ip2.addr_data32[0] = in.s_addr);
940 
941  DetectAddressFree(a);
942  DetectAddressFree(b);
943  PASS;
944 }
945 
946 static int DetectAddressIPv4CutNot08(void)
947 {
948  DetectAddress *b = NULL;
949  struct in_addr in;
950 
951  DetectAddress *a = DetectAddressInit();
952  FAIL_IF_NULL(a);
953 
954  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
955  a->ip.addr_data32[0] = in.s_addr;
956  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
957  a->ip2.addr_data32[0] = in.s_addr;
958  FAIL_IF_NOT(DetectAddressCutNotIPv4(a, &b) == 0);
959 
960  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
961  FAIL_IF_NOT(a->ip.addr_data32[0] == in.s_addr);
962  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
963  FAIL_IF_NOT(a->ip2.addr_data32[0] = in.s_addr);
964 
965  FAIL_IF_NULL(b);
966  FAIL_IF(inet_pton(AF_INET, "1.2.3.5", &in) < 0);
967  FAIL_IF_NOT(b->ip.addr_data32[0] == in.s_addr);
968  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
969  FAIL_IF_NOT(b->ip2.addr_data32[0] = in.s_addr);
970 
971  DetectAddressFree(a);
972  DetectAddressFree(b);
973  PASS;
974 }
975 
976 static int DetectAddressIPv4CutNot09(void)
977 {
978  DetectAddress *b = NULL;
979  struct in_addr in;
980 
981  DetectAddress *a = DetectAddressInit();
982  FAIL_IF_NULL(a);
983 
984  FAIL_IF(inet_pton(AF_INET, "1.2.3.4", &in) < 0);
985  a->ip.addr_data32[0] = in.s_addr;
986  FAIL_IF(inet_pton(AF_INET, "192.168.1.2", &in) < 0);
987  a->ip2.addr_data32[0] = in.s_addr;
988  FAIL_IF_NOT(DetectAddressCutNotIPv4(a, &b) == 0);
989 
990  FAIL_IF(inet_pton(AF_INET, "0.0.0.0", &in) < 0);
991  FAIL_IF_NOT(a->ip.addr_data32[0] == in.s_addr);
992  FAIL_IF(inet_pton(AF_INET, "1.2.3.3", &in) < 0);
993  FAIL_IF_NOT(a->ip2.addr_data32[0] = in.s_addr);
994 
995  FAIL_IF_NULL(b);
996  FAIL_IF(inet_pton(AF_INET, "192.168.1.3", &in) < 0);
997  FAIL_IF_NOT(b->ip.addr_data32[0] == in.s_addr);
998  FAIL_IF(inet_pton(AF_INET, "255.255.255.255", &in) < 0);
999  FAIL_IF_NOT(b->ip2.addr_data32[0] = in.s_addr);
1000 
1001  DetectAddressFree(a);
1002  DetectAddressFree(b);
1003  PASS;
1004 }
1005 
1006 #endif
1007 
1008 void DetectAddressIPv4Tests(void)
1009 {
1010 #ifdef UNITTESTS
1011  UtRegisterTest("DetectAddressIPv4TestAddressCmp01",
1012  DetectAddressIPv4TestAddressCmp01);
1013  UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace02",
1014  DetectAddressIPv4IsCompleteIPSpace02);
1015  UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace03",
1016  DetectAddressIPv4IsCompleteIPSpace03);
1017  UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace04",
1018  DetectAddressIPv4IsCompleteIPSpace04);
1019  UtRegisterTest("DetectAddressIPv4CutNot05", DetectAddressIPv4CutNot05);
1020  UtRegisterTest("DetectAddressIPv4CutNot06", DetectAddressIPv4CutNot06);
1021  UtRegisterTest("DetectAddressIPv4CutNot07", DetectAddressIPv4CutNot07);
1022  UtRegisterTest("DetectAddressIPv4CutNot08", DetectAddressIPv4CutNot08);
1023  UtRegisterTest("DetectAddressIPv4CutNot09", DetectAddressIPv4CutNot09);
1024 #endif
1025 }
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
DetectAddress_::ip
Address ip
Definition: detect.h:170
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
detect-engine-siggroup.h
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:154
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:168
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:275
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
util-unittest.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:156
decode.h
util-debug.h
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:158
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:159
detect.h
detect-engine-port.h
DetectAddress_::ip2
Address ip2
Definition: detect.h:171
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:157
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:153
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:430
detect-engine-address-ipv4.h
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:155
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:179
Address_::family
char family
Definition: decode.h:113
flow-var.h
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:152
detect-engine-address.h
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69