suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
99  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
114  DetectAddressHeadCleanup(gh);
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
128 DetectAddress *DetectAddressCopy(DetectAddress *orig)
129 {
130  DetectAddress *ag = DetectAddressInit();
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
367 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Parses an ipv4/ipv6 address string and updates the result into the
393  * DetectAddress instance sent as the argument.
394  *
395  * \param dd Pointer to the DetectAddress instance which should be updated with
396  * the address range details from the parsed ip string.
397  * \param str Pointer to address string that has to be parsed.
398  *
399  * \retval 0 On successfully parsing the address string.
400  * \retval -1 On failure.
401  */
402 static int DetectAddressParseString(DetectAddress *dd, const char *str)
403 {
404  char *ip = NULL;
405  char *ip2 = NULL;
406  char *mask = NULL;
407  int r = 0;
408  char ipstr[256];
409 
410  /* shouldn't see 'any' here */
411  BUG_ON(strcasecmp(str, "any") == 0);
412 
413  strlcpy(ipstr, str, sizeof(ipstr));
414  SCLogDebug("str %s", str);
415 
416  /* we work with a copy so that we can put a
417  * nul-termination in it later */
418  ip = ipstr;
419 
420  /* handle the negation case */
421  if (ip[0] == '!') {
422  dd->flags |= ADDRESS_FLAG_NOT;
423  ip++;
424  }
425 
426  /* see if the address is an ipv4 or ipv6 address */
427  if ((strchr(str, ':')) == NULL) {
428  /* IPv4 Address */
429  struct in_addr in;
430 
431  dd->ip.family = AF_INET;
432 
433  if ((mask = strchr(ip, '/')) != NULL) {
434  /* 1.2.3.4/xxx format (either dotted or cidr notation */
435  ip[mask - ip] = '\0';
436  mask++;
437  uint32_t ip4addr = 0;
438  uint32_t netmask = 0;
439 
440  if ((strchr (mask, '.')) == NULL) {
441  /* 1.2.3.4/24 format */
442 
443  for (size_t u = 0; u < strlen(mask); u++) {
444  if(!isdigit((unsigned char)mask[u]))
445  goto error;
446  }
447 
448  int cidr;
449  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
450  goto error;
451  netmask = CIDRGet(cidr);
452  } else {
453  /* 1.2.3.4/255.255.255.0 format */
454  r = inet_pton(AF_INET, mask, &in);
455  if (r <= 0)
456  goto error;
457 
458  netmask = in.s_addr;
459 
460  /* validate netmask */
461  int cidr = CIDRFromMask(netmask);
462  if (cidr < 0) {
463  SCLogError(SC_ERR_INVALID_SIGNATURE,
464  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
465  "CIDR notation are supported. See #5168.",
466  mask);
467  goto error;
468  }
469  }
470 
471  r = inet_pton(AF_INET, ip, &in);
472  if (r <= 0)
473  goto error;
474 
475  ip4addr = in.s_addr;
476 
477  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
478  dd->ip2.addr_data32[0] |=~ netmask;
479  } else if ((ip2 = strchr(ip, '-')) != NULL) {
480  /* 1.2.3.4-1.2.3.6 range format */
481  ip[ip2 - ip] = '\0';
482  ip2++;
483 
484  r = inet_pton(AF_INET, ip, &in);
485  if (r <= 0)
486  goto error;
487  dd->ip.addr_data32[0] = in.s_addr;
488 
489  r = inet_pton(AF_INET, ip2, &in);
490  if (r <= 0)
491  goto error;
492  dd->ip2.addr_data32[0] = in.s_addr;
493 
494  /* a > b is illegal, a = b is ok */
495  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
496  goto error;
497  } else {
498  /* 1.2.3.4 format */
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502  /* single host */
503  dd->ip.addr_data32[0] = in.s_addr;
504  dd->ip2.addr_data32[0] = in.s_addr;
505  }
506  } else {
507  /* IPv6 Address */
508  struct in6_addr in6, mask6;
509  uint32_t ip6addr[4], netmask[4];
510 
511  dd->ip.family = AF_INET6;
512 
513  if ((mask = strchr(ip, '/')) != NULL) {
514  ip[mask - ip] = '\0';
515  mask++;
516 
517  int cidr;
518  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
519  goto error;
520 
521  r = inet_pton(AF_INET6, ip, &in6);
522  if (r <= 0)
523  goto error;
524  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
525 
526  CIDRGetIPv6(cidr, &mask6);
527  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
528 
529  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
530  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
531  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
532  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
533 
534  dd->ip2.addr_data32[0] |=~ netmask[0];
535  dd->ip2.addr_data32[1] |=~ netmask[1];
536  dd->ip2.addr_data32[2] |=~ netmask[2];
537  dd->ip2.addr_data32[3] |=~ netmask[3];
538  } else if ((ip2 = strchr(ip, '-')) != NULL) {
539  /* 2001::1-2001::4 range format */
540  ip[ip2 - ip] = '\0';
541  ip2++;
542 
543  r = inet_pton(AF_INET6, ip, &in6);
544  if (r <= 0)
545  goto error;
546  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
547 
548  r = inet_pton(AF_INET6, ip2, &in6);
549  if (r <= 0)
550  goto error;
551  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
552 
553  /* a > b is illegal, a=b is ok */
554  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
555  goto error;
556  } else {
557  r = inet_pton(AF_INET6, ip, &in6);
558  if (r <= 0)
559  goto error;
560 
561  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
562  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
563  }
564 
565  }
566 
567  BUG_ON(dd->ip.family == 0);
568 
569  return 0;
570 
571 error:
572  return -1;
573 }
574 
575 /**
576  * \internal
577  * \brief Simply parse an address and return a DetectAddress instance containing
578  * the address ranges of the parsed ip addressstring
579  *
580  * \param str Pointer to a character string containing the ip address
581  *
582  * \retval dd Pointer to the DetectAddress instance containing the address
583  * range details from the parsed ip string
584  */
585 static DetectAddress *DetectAddressParseSingle(const char *str)
586 {
587  SCLogDebug("str %s", str);
588 
589  DetectAddress *dd = DetectAddressInit();
590  if (dd == NULL)
591  return NULL;
592 
593  if (DetectAddressParseString(dd, str) < 0) {
594  SCLogDebug("AddressParse failed");
595  DetectAddressFree(dd);
596  return NULL;
597  }
598 
599  return dd;
600 }
601 
602 /**
603  * \brief Setup a single address string, parse it and add the resulting
604  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
605  *
606  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
607  * resulting Address-Range(s) from the parsed ip string has to
608  * be added.
609  * \param s Pointer to the ip address string to be parsed.
610  *
611  * \retval 0 On success.
612  * \retval -1 On failure.
613  */
614 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
615 {
616  SCLogDebug("gh %p, s %s", gh, s);
617 
618  while (*s != '\0' && isspace(*s))
619  s++;
620 
621  if (strcasecmp(s, "any") == 0) {
622  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
623 
624  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
625  if (ad == NULL)
626  return -1;
627 
628  BUG_ON(ad->ip.family == 0);
629 
630  if (DetectAddressInsert(NULL, gh, ad) < 0) {
631  SCLogDebug("DetectAddressInsert failed");
632  DetectAddressFree(ad);
633  return -1;
634  }
635 
636  ad = DetectAddressParseSingle("::/0");
637  if (ad == NULL)
638  return -1;
639 
640  BUG_ON(ad->ip.family == 0);
641 
642  if (DetectAddressInsert(NULL, gh, ad) < 0) {
643  SCLogDebug("DetectAddressInsert failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647  return 0;
648  }
649 
650  /* parse the address */
651  DetectAddress *ad = DetectAddressParseSingle(s);
652  if (ad == NULL) {
653  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
654  "failed to parse address \"%s\"", s);
655  return -1;
656  }
657 
658  /* handle the not case, we apply the negation then insert the part(s) */
659  if (ad->flags & ADDRESS_FLAG_NOT) {
660  DetectAddress *ad2 = NULL;
661 
662  if (DetectAddressCutNot(ad, &ad2) < 0) {
663  SCLogDebug("DetectAddressCutNot failed");
664  DetectAddressFree(ad);
665  return -1;
666  }
667 
668  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
669  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
670  if (ad2 != NULL) {
671  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
672  SCLogDebug("DetectAddressInsert failed");
673  DetectAddressFree(ad);
674  DetectAddressFree(ad2);
675  return -1;
676  }
677  }
678  }
679 
680  int r = DetectAddressInsert(NULL, gh, ad);
681  if (r < 0) {
682  SCLogDebug("DetectAddressInsert failed");
683  DetectAddressFree(ad);
684  return -1;
685  }
686  SCLogDebug("r %d",r);
687  return 0;
688 }
689 
690 /**
691  * \brief Parses an address string and updates the 2 address heads with the
692  * address data.
693  *
694  * Note that this function should only be called by the wrapping function
695  * DetectAddressParse2. The wrapping function provides long address handling
696  * when the address size exceeds a threshold value.
697  *
698  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
699  * since we pass around negate without keeping a count of ! with depth.
700  * Can solve this by keeping a count of the negations with depth, so that
701  * an even no of negations would count as no negation and an odd no of
702  * negations would count as a negation.
703  *
704  * \param gh Pointer to the address head that should hold address ranges
705  * that are not negated.
706  * \param ghn Pointer to the address head that should hold address ranges
707  * that are negated.
708  * \param s Pointer to the character string holding the address to be
709  * parsed.
710  * \param negate Flag that indicates if the received address string is negated
711  * or not. 0 if it is not, 1 it it is.
712  *
713  * \retval 0 On successfully parsing.
714  * \retval -1 On failure.
715  */
716 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
717  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
718  int recur, char *address, size_t address_length)
719 {
720  size_t x = 0;
721  size_t u = 0;
722  int o_set = 0, n_set = 0, d_set = 0;
723  int depth = 0;
724  const char *rule_var_address = NULL;
725  char *temp_rule_var_address = NULL;
726 
727  if (++recur > 64) {
728  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
729  "limit reached (max 64)");
730  goto error;
731  }
732 
733  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
734 
735  size_t size = strlen(s);
736  for (u = 0, x = 0; u < size && x < address_length; u++) {
737  if (x == (address_length - 1)) {
738  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
739  "Hit the address buffer"
740  " limit for the supplied address. Invalidating sig. "
741  "Please file a bug report on this.");
742  goto error;
743  }
744  address[x] = s[u];
745  x++;
746 
747  if (!o_set && s[u] == '!') {
748  n_set = 1;
749  x--;
750  } else if (s[u] == '[') {
751  if (!o_set) {
752  o_set = 1;
753  x = 0;
754  }
755  depth++;
756  } else if (s[u] == ']') {
757  if (depth == 1) {
758  address[x - 1] = '\0';
759  x = 0;
760  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
761  if (((negate + n_set) % 2) == 0) {
762  /* normal block */
763  SCLogDebug("normal block");
764 
765  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
766  goto error;
767  } else {
768  /* negated block
769  *
770  * Extra steps are necessary. First consider it as a normal
771  * (non-negated) range. Merge the + and - ranges if
772  * applicable. Then insert the result into the ghn list. */
773  SCLogDebug("negated block");
774 
775  DetectAddressHead tmp_gh = { NULL, NULL };
776  DetectAddressHead tmp_ghn = { NULL, NULL };
777 
778  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
779  DetectAddressHeadCleanup(&tmp_gh);
780  DetectAddressHeadCleanup(&tmp_ghn);
781  goto error;
782  }
783 
784  DetectAddress *tmp_ad;
785  DetectAddress *tmp_ad2;
786 #ifdef DEBUG
787  SCLogDebug("tmp_gh: IPv4");
788  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
789  DetectAddressPrint(tmp_ad);
790  }
791  SCLogDebug("tmp_ghn: IPv4");
792  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
793  DetectAddressPrint(tmp_ad);
794  }
795  SCLogDebug("tmp_gh: IPv6");
796  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
797  DetectAddressPrint(tmp_ad);
798  }
799  SCLogDebug("tmp_ghn: IPv6");
800  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
801  DetectAddressPrint(tmp_ad);
802  }
803 #endif
804  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
805  DetectAddressHeadCleanup(&tmp_ghn);
806  DetectAddressHeadCleanup(&tmp_gh);
807  goto error;
808  }
809  DetectAddressHeadCleanup(&tmp_ghn);
810 
811  SCLogDebug("merged successfully");
812 
813  /* insert the IPv4 addresses into the negated list */
814  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
815  /* work with a copy of the address group */
816  tmp_ad2 = DetectAddressCopy(tmp_ad);
817  if (tmp_ad2 == NULL) {
818  SCLogDebug("DetectAddressCopy failed");
819  DetectAddressHeadCleanup(&tmp_gh);
820  goto error;
821  }
822  DetectAddressPrint(tmp_ad2);
823  DetectAddressInsert(NULL, ghn, tmp_ad2);
824  }
825 
826  /* insert the IPv6 addresses into the negated list */
827  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
828  /* work with a copy of the address group */
829  tmp_ad2 = DetectAddressCopy(tmp_ad);
830  if (tmp_ad2 == NULL) {
831  SCLogDebug("DetectAddressCopy failed");
832  DetectAddressHeadCleanup(&tmp_gh);
833  goto error;
834  }
835  DetectAddressPrint(tmp_ad2);
836  DetectAddressInsert(NULL, ghn, tmp_ad2);
837  }
838 
839  DetectAddressHeadCleanup(&tmp_gh);
840  }
841  n_set = 0;
842  }
843  depth--;
844  } else if (depth == 0 && s[u] == ',') {
845  if (o_set == 1) {
846  o_set = 0;
847  } else if (d_set == 1) {
848  address[x - 1] = '\0';
849 
850  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
851  SC_RULE_VARS_ADDRESS_GROUPS);
852  if (rule_var_address == NULL)
853  goto error;
854 
855  if (strlen(rule_var_address) == 0) {
856  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
857  "to nothing. This is likely a misconfiguration. "
858  "Note that a negated address needs to be quoted, "
859  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
860  goto error;
861  }
862 
863  SCLogDebug("rule_var_address %s", rule_var_address);
864  if ((negate + n_set) % 2) {
865  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
866  if (unlikely(temp_rule_var_address == NULL))
867  goto error;
868  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
869  "[%s]", rule_var_address);
870  } else {
871  temp_rule_var_address = SCStrdup(rule_var_address);
872  if (unlikely(temp_rule_var_address == NULL))
873  goto error;
874  }
875 
876  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
877  (negate + n_set) % 2, var_list, recur) < 0) {
878  if (temp_rule_var_address != rule_var_address)
879  SCFree(temp_rule_var_address);
880  goto error;
881  }
882  d_set = 0;
883  n_set = 0;
884  SCFree(temp_rule_var_address);
885  } else {
886  address[x - 1] = '\0';
887 
888  if (!((negate + n_set) % 2)) {
889  SCLogDebug("DetectAddressSetup into gh, %s", address);
890  if (DetectAddressSetup(gh, address) < 0)
891  goto error;
892  } else {
893  SCLogDebug("DetectAddressSetup into ghn, %s", address);
894  if (DetectAddressSetup(ghn, address) < 0)
895  goto error;
896  }
897  n_set = 0;
898  }
899  x = 0;
900  } else if (depth == 0 && s[u] == '$') {
901  d_set = 1;
902  } else if (depth == 0 && u == size - 1) {
903  if (x == address_length) {
904  address[x - 1] = '\0';
905  } else {
906  address[x] = '\0';
907  }
908  x = 0;
909 
910  if (AddVariableToResolveList(var_list, address) == -1) {
911  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
912  "groups declaration. This is likely a misconfiguration.");
913  goto error;
914  }
915 
916  if (d_set == 1) {
917  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
918  SC_RULE_VARS_ADDRESS_GROUPS);
919  if (rule_var_address == NULL)
920  goto error;
921 
922  if (strlen(rule_var_address) == 0) {
923  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
924  "to nothing. This is likely a misconfiguration. "
925  "Note that a negated address needs to be quoted, "
926  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
927  goto error;
928  }
929 
930  SCLogDebug("rule_var_address %s", rule_var_address);
931  if ((negate + n_set) % 2) {
932  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
933  if (unlikely(temp_rule_var_address == NULL))
934  goto error;
935  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
936  "[%s]", rule_var_address);
937  } else {
938  temp_rule_var_address = SCStrdup(rule_var_address);
939  if (unlikely(temp_rule_var_address == NULL))
940  goto error;
941  }
942 
943  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
944  (negate + n_set) % 2, var_list, recur) < 0) {
945  SCLogDebug("DetectAddressParse2 hates us");
946  if (temp_rule_var_address != rule_var_address)
947  SCFree(temp_rule_var_address);
948  goto error;
949  }
950  d_set = 0;
951  SCFree(temp_rule_var_address);
952  } else {
953  if (!((negate + n_set) % 2)) {
954  SCLogDebug("DetectAddressSetup into gh, %s", address);
955  if (DetectAddressSetup(gh, address) < 0) {
956  SCLogDebug("DetectAddressSetup gh fail");
957  goto error;
958  }
959  } else {
960  SCLogDebug("DetectAddressSetup into ghn, %s", address);
961  if (DetectAddressSetup(ghn, address) < 0) {
962  SCLogDebug("DetectAddressSetup ghn fail");
963  goto error;
964  }
965  }
966  }
967  n_set = 0;
968  }
969  }
970  if (depth > 0) {
971  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
972  "properly closed in \"%s\", %d missing closing brackets (]). "
973  "Note: problem might be in a variable.", s, depth);
974  goto error;
975  } else if (depth < 0) {
976  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
977  "properly opened in \"%s\", %d missing opening brackets ([). "
978  "Note: problem might be in a variable.", s, depth*-1);
979  goto error;
980  }
981 
982  return 0;
983 
984 error:
985 
986  return -1;
987 }
988 
989 /**
990  * \internal
991  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
992  *
993  * \retval Return value from DetectAddressParseInternal
994  */
995 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
996  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
997  int recur)
998 {
999  int rc;
1000 #define MAX_ADDRESS_LENGTH 8192
1001 
1002  size_t address_length = strlen(s);
1003  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1004  char *address = SCCalloc(1, address_length);
1005  if (address == NULL) {
1006  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Unable to allocate"
1007  " memory for address parsing.");
1008  return -1;
1009  }
1010  rc = DetectAddressParseInternal(
1011  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1012  SCFree(address);
1013  } else {
1014  char address[MAX_ADDRESS_LENGTH] = "";
1015  rc = DetectAddressParseInternal(
1016  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1017  }
1018  return rc;
1019 }
1020 
1021 /**
1022  * \internal
1023  * \brief See if the addresses and ranges in an address head cover the
1024  * entire ip space.
1025  *
1026  * \param gh Pointer to the DetectAddressHead to check.
1027  *
1028  * \retval 0 No.
1029  * \retval 1 Yes.
1030  *
1031  * \todo do the same for IPv6
1032  */
1033 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1034 {
1035  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1036  if (r == 1)
1037  return 1;
1038 
1039  return 0;
1040 }
1041 
1042 /**
1043  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1044  *
1045  * \param gh Pointer to the address head containing the non-NOT groups.
1046  * \param ghn Pointer to the address head containing the NOT groups.
1047  *
1048  * \retval 0 On success.
1049  * \retval -1 On failure.
1050  */
1051 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1052 {
1053  DetectAddress *ad;
1054  DetectAddress *ag, *ag2;
1055  int r = 0;
1056 
1057  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1058  ghn->ipv4_head);
1059 
1060  /* check if the negated list covers the entire ip space. If so
1061  * the user screwed up the rules/vars. */
1062  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1063  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1064  "Rule address range is NIL. Probably have a !any or "
1065  "an address range that supplies a NULL address range");
1066  goto error;
1067  }
1068 
1069  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1070  * not thingy. In that case we add a 0.0.0.0/0 first. */
1071  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1072  r = DetectAddressSetup(gh, "0.0.0.0/0");
1073  if (r < 0) {
1074  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1075  goto error;
1076  }
1077  }
1078  /* ... or ::/0 for ipv6 */
1079  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1080  r = DetectAddressSetup(gh, "::/0");
1081  if (r < 0) {
1082  SCLogDebug("DetectAddressSetup for ::/0 failed");
1083  goto error;
1084  }
1085  }
1086 
1087  /* step 1: insert our ghn members into the gh list */
1088  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1089  /* work with a copy of the ad so we can easily clean up the ghn group
1090  * later. */
1091  ad = DetectAddressCopy(ag);
1092  if (ad == NULL) {
1093  SCLogDebug("DetectAddressCopy failed");
1094  goto error;
1095  }
1096 
1097  r = DetectAddressInsert(NULL, gh, ad);
1098  if (r < 0) {
1099  SCLogDebug("DetectAddressInsert failed");
1100  goto error;
1101  }
1102  }
1103  /* ... and the same for ipv6 */
1104  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1105  /* work with a copy of the ad so we can easily clean up the ghn group
1106  * later. */
1107  ad = DetectAddressCopy(ag);
1108  if (ad == NULL) {
1109  SCLogDebug("DetectAddressCopy failed");
1110  goto error;
1111  }
1112 
1113  r = DetectAddressInsert(NULL, gh, ad);
1114  if (r < 0) {
1115  SCLogDebug("DetectAddressInsert failed");
1116  goto error;
1117  }
1118  }
1119 #ifdef DEBUG
1120  DetectAddress *tmp_ad;
1121  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1122  DetectAddressPrint(tmp_ad);
1123  }
1124 #endif
1125  int ipv4_applied = 0;
1126  int ipv6_applied = 0;
1127 
1128  /* step 2: pull the address blocks that match our 'not' blocks */
1129  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1130  SCLogDebug("ag %p", ag);
1131  DetectAddressPrint(ag);
1132 
1133  int applied = 0;
1134  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1135  SCLogDebug("ag2 %p", ag2);
1136  DetectAddressPrint(ag2);
1137 
1138  r = DetectAddressCmp(ag, ag2);
1139  /* XXX more ??? */
1140  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1141  if (ag2->prev == NULL)
1142  gh->ipv4_head = ag2->next;
1143  else
1144  ag2->prev->next = ag2->next;
1145 
1146  if (ag2->next != NULL)
1147  ag2->next->prev = ag2->prev;
1148 
1149  /* store the next ptr and remove the group */
1150  DetectAddress *next_ag2 = ag2->next;
1151  DetectAddressFree(ag2);
1152  ag2 = next_ag2;
1153  applied = 1;
1154  } else {
1155  ag2 = ag2->next;
1156  }
1157  }
1158 
1159  if (applied) {
1160  ipv4_applied++;
1161  }
1162  }
1163  /* ... and the same for ipv6 */
1164  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1165  int applied = 0;
1166  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1167  r = DetectAddressCmp(ag, ag2);
1168  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1169  if (ag2->prev == NULL)
1170  gh->ipv6_head = ag2->next;
1171  else
1172  ag2->prev->next = ag2->next;
1173 
1174  if (ag2->next != NULL)
1175  ag2->next->prev = ag2->prev;
1176 
1177  /* store the next ptr and remove the group */
1178  DetectAddress *next_ag2 = ag2->next;
1179  DetectAddressFree(ag2);
1180  ag2 = next_ag2;
1181 
1182  SCLogDebug("applied");
1183  applied = 1;
1184  } else {
1185  ag2 = ag2->next;
1186  }
1187  }
1188  if (applied) {
1189  ipv6_applied++;
1190  }
1191  }
1192 #ifdef DEBUG
1193  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1194  DetectAddressPrint(tmp_ad);
1195  }
1196  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1197  DetectAddressPrint(tmp_ad);
1198  }
1199 #endif
1200  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1201  int cnt = 0;
1202  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1203  cnt++;
1204 
1205  if (ipv4_applied != cnt) {
1206  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1207  "could be applied: %d != %d", cnt, ipv4_applied);
1208  goto error;
1209  }
1210 
1211  cnt = 0;
1212  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1213  cnt++;
1214 
1215  if (ipv6_applied != cnt) {
1216  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1217  "could be applied: %d != %d", cnt, ipv6_applied);
1218  goto error;
1219  }
1220  }
1221 
1222  /* if the result is that we have no addresses we return error */
1223  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1224  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1225  "merging addresses and negated addresses");
1226  goto error;
1227  }
1228 
1229  return 0;
1230 
1231 error:
1232  return -1;
1233 }
1234 
1235 int DetectAddressTestConfVars(void)
1236 {
1237  SCLogDebug("Testing address conf vars for any misconfigured values");
1238 
1239  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1240 
1241  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1242  if (address_vars_node == NULL) {
1243  return 0;
1244  }
1245 
1246  DetectAddressHead *gh = NULL;
1247  DetectAddressHead *ghn = NULL;
1248 
1249  ConfNode *seq_node;
1250  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1251  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1252 
1253  gh = DetectAddressHeadInit();
1254  if (gh == NULL) {
1255  goto error;
1256  }
1257  ghn = DetectAddressHeadInit();
1258  if (ghn == NULL) {
1259  goto error;
1260  }
1261 
1262  if (seq_node->val == NULL) {
1263  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1264  "Address var \"%s\" probably has a sequence(something "
1265  "in brackets) value set without any quotes. Please "
1266  "quote it using \"..\".", seq_node->name);
1267  goto error;
1268  }
1269 
1270  int r = DetectAddressParse2(
1271  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1272 
1273  CleanVariableResolveList(&var_list);
1274 
1275  if (r < 0) {
1276  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1277  "failed to parse address var \"%s\" with value \"%s\". "
1278  "Please check its syntax",
1279  seq_node->name, seq_node->val);
1280  goto error;
1281  }
1282 
1283  if (DetectAddressIsCompleteIPSpace(ghn)) {
1284  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1285  "address var - \"%s\" has the complete IP space negated "
1286  "with its value \"%s\". Rule address range is NIL. "
1287  "Probably have a !any or an address range that supplies "
1288  "a NULL address range",
1289  seq_node->name, seq_node->val);
1290  goto error;
1291  }
1292 
1293  DetectAddressHeadFree(gh);
1294  gh = NULL;
1295  DetectAddressHeadFree(ghn);
1296  ghn = NULL;
1297  }
1298 
1299  return 0;
1300  error:
1301  if (gh != NULL)
1302  DetectAddressHeadFree(gh);
1303  if (ghn != NULL)
1304  DetectAddressHeadFree(ghn);
1305  return -1;
1306 }
1307 
1308 #include "util-hash-lookup3.h"
1309 
1310 typedef struct DetectAddressMap_ {
1311  char *string;
1312  DetectAddressHead *address;
1313  bool contains_negation;
1314 } DetectAddressMap;
1315 
1316 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1317 {
1318  const DetectAddressMap *map = (DetectAddressMap *)data;
1319  uint32_t hash = 0;
1320 
1321  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1322  hash %= ht->array_size;
1323 
1324  return hash;
1325 }
1326 
1327 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1328  uint16_t len2)
1329 {
1330  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1331  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1332 
1333 
1334  int r = (strcmp(map1->string, map2->string) == 0);
1335  return r;
1336 }
1337 
1338 static void DetectAddressMapFreeFunc(void *data)
1339 {
1340  DetectAddressMap *map = (DetectAddressMap *)data;
1341  if (map != NULL) {
1342  DetectAddressHeadFree(map->address);
1343  SCFree(map->string);
1344  }
1345  SCFree(map);
1346 }
1347 
1348 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1349 {
1350  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1351  DetectAddressMapCompareFunc,
1352  DetectAddressMapFreeFunc);
1353  if (de_ctx->address_table == NULL)
1354  return -1;
1355 
1356  return 0;
1357 }
1358 
1359 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1360 {
1361  if (de_ctx->address_table == NULL)
1362  return;
1363 
1364  HashListTableFree(de_ctx->address_table);
1365  de_ctx->address_table = NULL;
1366  return;
1367 }
1368 
1369 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1370  DetectAddressHead *address, bool contains_negation)
1371 {
1372  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1373  if (map == NULL)
1374  return -1;
1375 
1376  map->string = SCStrdup(string);
1377  if (map->string == NULL) {
1378  SCFree(map);
1379  return -1;
1380  }
1381  map->address = address;
1382  map->contains_negation = contains_negation;
1383 
1384  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1385  return 0;
1386 }
1387 
1388 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1389  const char *string)
1390 {
1391  DetectAddressMap map = { (char *)string, NULL, false };
1392 
1393  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1394  &map, 0);
1395  return res;
1396 }
1397 
1398 /**
1399  * \brief Parses an address group sent as a character string and updates the
1400  * DetectAddressHead sent as the argument with the relevant address
1401  * ranges from the parsed string.
1402  *
1403  * \param de_ctx Pointer to the detection engine context
1404  * \param gh Pointer to the DetectAddressHead.
1405  * \param str Pointer to the character string containing the address group
1406  * that has to be parsed.
1407  *
1408  * \retval 1 On success. Contained negation.
1409  * \retval 0 On success. Did not contain negation.
1410  * \retval -1 On failure.
1411  */
1412 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1413  DetectAddressHead *gh, const char *str)
1414 {
1415  SCLogDebug("gh %p, str %s", gh, str);
1416 
1417  if (str == NULL) {
1418  SCLogDebug("DetectAddressParse can not be run with NULL address");
1419  return -1;
1420  }
1421 
1422  DetectAddressHead *ghn = DetectAddressHeadInit();
1423  if (ghn == NULL) {
1424  SCLogDebug("DetectAddressHeadInit for ghn failed");
1425  return -1;
1426  }
1427 
1428  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1429  if (r < 0) {
1430  SCLogDebug("DetectAddressParse2 returned %d", r);
1431  DetectAddressHeadFree(ghn);
1432  return -1;
1433  }
1434 
1435  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1436  ghn->ipv4_head);
1437 
1438  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1439 
1440  /* merge the 'not' address groups */
1441  if (DetectAddressMergeNot(gh, ghn) < 0) {
1442  SCLogDebug("DetectAddressMergeNot failed");
1443  DetectAddressHeadFree(ghn);
1444  return -1;
1445  }
1446 
1447  /* free the temp negate head */
1448  DetectAddressHeadFree(ghn);
1449  return contains_negation ? 1 : 0;
1450 }
1451 
1452 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1453  const char *string, bool *contains_negation)
1454 {
1455  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1456  if (res != NULL) {
1457  SCLogDebug("found: %s :: %p", string, res);
1458  *contains_negation = res->contains_negation;
1459  return res->address;
1460  }
1461 
1462  SCLogDebug("%s not found", string);
1463 
1464  DetectAddressHead *head = DetectAddressHeadInit();
1465  if (head == NULL)
1466  return NULL;
1467 
1468  const int r = DetectAddressParse(de_ctx, head, string);
1469  if (r < 0) {
1470  DetectAddressHeadFree(head);
1471  return NULL;
1472  } else if (r == 1) {
1473  *contains_negation = true;
1474  } else {
1475  *contains_negation = false;
1476  }
1477 
1478  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1479  *contains_negation);
1480  return head;
1481 }
1482 
1483 /**
1484  * \brief Cleans a DetectAddressHead. The functions frees the address
1485  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1486  * instance.
1487  *
1488  * \param gh Pointer to the DetectAddressHead instance that has to be
1489  * cleaned.
1490  */
1491 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1492 {
1493  if (gh != NULL) {
1494  if (gh->ipv4_head != NULL) {
1495  DetectAddressCleanupList(gh->ipv4_head);
1496  gh->ipv4_head = NULL;
1497  }
1498  if (gh->ipv6_head != NULL) {
1499  DetectAddressCleanupList(gh->ipv6_head);
1500  gh->ipv6_head = NULL;
1501  }
1502  }
1503 
1504  return;
1505 }
1506 
1507 /**
1508  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1509  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1510  * explanations on what these functions do.
1511  *
1512  * \param de_ctx Pointer to the DetectEngineCtx.
1513  * \param a Pointer to the first address to be cut.
1514  * \param b Pointer to the second address to be cut.
1515  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1516  * ranges from a and b, demand a third address range.
1517  *
1518  * \retval 0 On success.
1519  * \retval -1 On failure.
1520  */
1521 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1522  DetectAddress *b, DetectAddress **c)
1523 {
1524  if (a->ip.family == AF_INET)
1525  return DetectAddressCutIPv4(de_ctx, a, b, c);
1526  else if (a->ip.family == AF_INET6)
1527  return DetectAddressCutIPv6(de_ctx, a, b, c);
1528 
1529  return -1;
1530 }
1531 
1532 /**
1533  * \brief Cuts a negated address range with respect to the entire ip range, and
1534  * supplies with the address range that doesn't belong to the negated
1535  * address range.
1536  *
1537  * There are 2 cases here -
1538  *
1539  * The first case includes the address being located at the extreme ends
1540  * of the ip space, in which we get a single range.
1541  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1542  *
1543  * The second case includes the address not present at either of the
1544  * ip space extremes, in which case we get 2 ranges. The second range
1545  * would be supplied back with the argument "b" supplied to this function.
1546  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1547  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1548  *
1549  * The above negation cases can similarly be extended to ranges, i.e.
1550  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1551  * ![10.20.30.40 - 10.20.30.50].
1552  *
1553  *
1554  * \param a Pointer to the DetectAddressData instance, that contains the negated
1555  * address range that has to be cut.
1556  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1557  * filled with the address range, if the argument "a", doesn't fall at
1558  * the extreme ends of the ip address space.
1559  *
1560  * \retval 0 On success.
1561  * \retval -1 On failure.
1562  */
1563 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1564 {
1565  if (a->ip.family == AF_INET)
1566  return DetectAddressCutNotIPv4(a, b);
1567  else if (a->ip.family == AF_INET6)
1568  return DetectAddressCutNotIPv6(a, b);
1569 
1570  return -1;
1571 }
1572 
1573 /**
1574  * \brief Used to compare 2 address ranges.
1575  *
1576  * \param a Pointer to the first DetectAddressData to be compared.
1577  * \param b Pointer to the second DetectAddressData to be compared.
1578  */
1579 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1580 {
1581  if (a->ip.family != b->ip.family)
1582  return ADDRESS_ER;
1583 
1584  if (a->ip.family == AF_INET)
1585  return DetectAddressCmpIPv4(a, b);
1586  else if (a->ip.family == AF_INET6)
1587  return DetectAddressCmpIPv6(a, b);
1588 
1589  return ADDRESS_ER;
1590 }
1591 
1592 /**
1593  * \brief Match a packets address against a signatures addrs array
1594  *
1595  * \param addrs array of DetectMatchAddressIPv4's
1596  * \param addrs_cnt array size in members
1597  * \param a packets address
1598  *
1599  * \retval 0 no match
1600  * \retval 1 match
1601  *
1602  * \note addresses in addrs are in host order
1603  *
1604  * \todo array should be ordered, so we can break out of the loop
1605  */
1606 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1607  uint16_t addrs_cnt, const Address *a)
1608 {
1609  SCEnter();
1610 
1611  if (addrs == NULL || addrs_cnt == 0) {
1612  SCReturnInt(0);
1613  }
1614 
1615  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1616  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1617  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1618  SCReturnInt(1);
1619  }
1620  }
1621 
1622  SCReturnInt(0);
1623 }
1624 
1625 /**
1626  * \brief Match a packets address against a signatures addrs array
1627  *
1628  * \param addrs array of DetectMatchAddressIPv6's
1629  * \param addrs_cnt array size in members
1630  * \param a packets address
1631  *
1632  * \retval 0 no match
1633  * \retval 1 match
1634  *
1635  * \note addresses in addrs are in host order
1636  *
1637  * \todo array should be ordered, so we can break out of the loop
1638  */
1639 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1640  uint16_t addrs_cnt, const Address *a)
1641 {
1642  SCEnter();
1643 
1644  if (addrs == NULL || addrs_cnt == 0) {
1645  SCReturnInt(0);
1646  }
1647 
1648  uint32_t match_addr[4];
1649  match_addr[0] = SCNtohl(a->addr_data32[0]);
1650  match_addr[1] = SCNtohl(a->addr_data32[1]);
1651  match_addr[2] = SCNtohl(a->addr_data32[2]);
1652  match_addr[3] = SCNtohl(a->addr_data32[3]);
1653 
1654  /* See if the packet address is within the range of any entry in the
1655  * signature's address match array.
1656  */
1657  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1658  uint16_t result1 = 0, result2 = 0;
1659 
1660  /* See if packet address equals either limit. Return 1 if true. */
1661  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1662  SCReturnInt(1);
1663  }
1664  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1665  SCReturnInt(1);
1666  }
1667 
1668  /* See if packet address is greater than lower limit
1669  * of the current signature address match pair.
1670  */
1671  for (int i = 0; i < 4; i++) {
1672  if (match_addr[i] > addrs[idx].ip[i]) {
1673  result1 = 1;
1674  break;
1675  }
1676  if (match_addr[i] < addrs[idx].ip[i]) {
1677  result1 = 0;
1678  break;
1679  }
1680  }
1681 
1682  /* If not greater than lower limit, try next address match entry */
1683  if (result1 == 0)
1684  continue;
1685 
1686  /* See if packet address is less than upper limit
1687  * of the current signature address match pair.
1688  */
1689  for (int i = 0; i < 4; i++) {
1690  if (match_addr[i] < addrs[idx].ip2[i]) {
1691  result2 = 1;
1692  break;
1693  }
1694  if (match_addr[i] > addrs[idx].ip2[i]) {
1695  result2 = 0;
1696  break;
1697  }
1698  }
1699 
1700  /* Return a match if packet address is between the two
1701  * signature address match limits.
1702  */
1703  if (result1 == 1 && result2 == 1)
1704  SCReturnInt(1);
1705  }
1706 
1707  SCReturnInt(0);
1708 }
1709 
1710 /**
1711  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1712  * range in the DetectAddress instance.
1713  *
1714  * We basically check that the address falls in between the address
1715  * range in DetectAddress.
1716  *
1717  * \param dd Pointer to the DetectAddress instance.
1718  * \param a Pointer to an Address instance.
1719  *
1720  * \param 1 On a match.
1721  * \param 0 On no match.
1722  */
1723 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1724 {
1725  SCEnter();
1726 
1727  if (dd->ip.family != a->family) {
1728  SCReturnInt(0);
1729  }
1730 
1731  //DetectAddressPrint(dd);
1732  //AddressDebugPrint(a);
1733 
1734  switch (a->family) {
1735  case AF_INET:
1736 
1737  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1738  * Address inside DetectAddressData we can do uint8_t checks */
1739  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1740  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1741  {
1742  SCReturnInt(1);
1743  } else {
1744  SCReturnInt(0);
1745  }
1746 
1747  break;
1748  case AF_INET6:
1749  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1750  AddressIPv6Le(a, &dd->ip2) == 1)
1751  {
1752  SCReturnInt(1);
1753  } else {
1754  SCReturnInt(0);
1755  }
1756 
1757  break;
1758  default:
1759  SCLogDebug("What other address type can we have :-/");
1760  break;
1761  }
1762 
1763  SCReturnInt(0);
1764 }
1765 
1766 #ifdef DEBUG
1767 /**
1768  * \brief Prints the address data held by the DetectAddress. If the address
1769  * data family is IPv4, we print the the ipv4 address and mask, and
1770  * if the address data family is IPv6, we print the ipv6 address and
1771  * mask.
1772  *
1773  * \param ad Pointer to the DetectAddress instance to be printed.
1774  */
1775 static void DetectAddressPrint(DetectAddress *gr)
1776 {
1777  if (gr == NULL)
1778  return;
1779 
1780  if (gr->ip.family == AF_INET) {
1781  struct in_addr in;
1782  char ip[16], mask[16];
1783 
1784  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1785  PrintInet(AF_INET, &in, ip, sizeof(ip));
1786  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1787  PrintInet(AF_INET, &in, mask, sizeof(mask));
1788 
1789  SCLogDebug("%s/%s", ip, mask);
1790 // printf("%s/%s", ip, mask);
1791  } else if (gr->ip.family == AF_INET6) {
1792  struct in6_addr in6;
1793  char ip[66], mask[66];
1794 
1795  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1796  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1797  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1798  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1799 
1800  SCLogDebug("%s/%s", ip, mask);
1801 // printf("%s/%s", ip, mask);
1802  }
1803 
1804  return;
1805 }
1806 #endif
1807 
1808 /**
1809  * \brief Find the group matching address in a group head.
1810  *
1811  * \param gh Pointer to the address group head(DetectAddressHead instance).
1812  * \param a Pointer to an Address instance.
1813  *
1814  * \retval g On success pointer to an DetectAddress if we find a match
1815  * for the Address "a", in the DetectAddressHead "gh".
1816  */
1817 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1818 {
1819  SCEnter();
1820 
1821  DetectAddress *g = NULL;
1822 
1823  if (gh == NULL) {
1824  SCReturnPtr(NULL, "DetectAddress");
1825  }
1826 
1827  /* XXX should we really do this check every time we run this function? */
1828  if (a->family == AF_INET) {
1829  SCLogDebug("IPv4");
1830  g = gh->ipv4_head;
1831  } else if (a->family == AF_INET6) {
1832  SCLogDebug("IPv6");
1833  g = gh->ipv6_head;
1834  }
1835 
1836  for ( ; g != NULL; g = g->next) {
1837  if (DetectAddressMatch(g,a) == 1) {
1838  SCReturnPtr(g, "DetectAddress");
1839  }
1840  }
1841 
1842  SCReturnPtr(NULL, "DetectAddress");
1843 }
1844 
1845 /********************************Unittests*************************************/
1846 
1847 #ifdef UNITTESTS
1848 
1849 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1850 {
1851  char str1[46] = "", str2[46] = "";
1852 
1853  if (ad == NULL)
1854  return FALSE;
1855 
1856  switch(ad->ip.family) {
1857  case AF_INET:
1858  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1859  SCLogDebug("%s", str1);
1860  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1861  SCLogDebug("%s", str2);
1862 
1863  if (strcmp(str1, one) != 0) {
1864  SCLogInfo("%s != %s", str1, one);
1865  return FALSE;
1866  }
1867 
1868  if (strcmp(str2, two) != 0) {
1869  SCLogInfo("%s != %s", str2, two);
1870  return FALSE;
1871  }
1872 
1873  return TRUE;
1874  break;
1875 
1876  case AF_INET6:
1877  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1878  SCLogDebug("%s", str1);
1879  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1880  SCLogDebug("%s", str2);
1881 
1882  if (strcmp(str1, one) != 0) {
1883  SCLogInfo("%s != %s", str1, one);
1884  return FALSE;
1885  }
1886 
1887  if (strcmp(str2, two) != 0) {
1888  SCLogInfo("%s != %s", str2, two);
1889  return FALSE;
1890  }
1891 
1892  return TRUE;
1893  break;
1894  }
1895 
1896  return FALSE;
1897 }
1898 
1899 typedef struct UTHValidateDetectAddressHeadRange_ {
1900  const char *one;
1901  const char *two;
1902 } UTHValidateDetectAddressHeadRange;
1903 
1904 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1905 {
1906  int expect = nranges;
1907  int have = 0;
1908 
1909  if (gh == NULL)
1910  return FALSE;
1911 
1912  DetectAddress *ad = NULL;
1913  ad = gh->ipv4_head;
1914  if (ad == NULL)
1915  ad = gh->ipv6_head;
1916  while (have < expect) {
1917  if (ad == NULL) {
1918  printf("bad head: have %d ranges, expected %d: ", have, expect);
1919  return FALSE;
1920  }
1921 
1922  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1923  return FALSE;
1924 
1925  ad = ad->next;
1926  have++;
1927  }
1928 
1929  return TRUE;
1930 }
1931 
1932 static int AddressTestParse01(void)
1933 {
1934  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1935 
1936  if (dd) {
1937  DetectAddressFree(dd);
1938  return 1;
1939  }
1940 
1941  return 0;
1942 }
1943 
1944 static int AddressTestParse02(void)
1945 {
1946  int result = 1;
1947  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1948 
1949  if (dd) {
1950  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1951  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1952  result = 0;
1953  }
1954 
1955  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1956  DetectAddressFree(dd);
1957  return result;
1958  }
1959 
1960  return 0;
1961 }
1962 
1963 static int AddressTestParse03(void)
1964 {
1965  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1966 
1967  if (dd) {
1968  DetectAddressFree(dd);
1969  return 1;
1970  }
1971 
1972  return 0;
1973 }
1974 
1975 static int AddressTestParse04(void)
1976 {
1977  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1978  FAIL_IF_NULL(dd);
1979 
1980  char left[16], right[16];
1981  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1982  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1983  SCLogDebug("left %s right %s", left, right);
1984  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1985  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1986  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1987  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1988 
1989  DetectAddressFree(dd);
1990  PASS;
1991 }
1992 
1993 /** \test that address range sets proper start address */
1994 static int AddressTestParse04bug5081(void)
1995 {
1996  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1997  FAIL_IF_NULL(dd);
1998 
1999  char left[16], right[16];
2000  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
2001  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
2002  SCLogDebug("left %s right %s", left, right);
2003  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
2004  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
2005 
2006  DetectAddressFree(dd);
2007  PASS;
2008 }
2009 
2010 static int AddressTestParse05(void)
2011 {
2012  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2013 
2014  if (dd) {
2015  DetectAddressFree(dd);
2016  return 1;
2017  }
2018 
2019  return 0;
2020 }
2021 
2022 static int AddressTestParse06(void)
2023 {
2024  int result = 1;
2025  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2026 
2027  if (dd) {
2028  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2029  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2030  result = 0;
2031  }
2032 
2033  DetectAddressFree(dd);
2034  return result;
2035  }
2036 
2037  return 0;
2038 }
2039 
2040 static int AddressTestParse07(void)
2041 {
2042  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2043 
2044  if (dd) {
2045  DetectAddressFree(dd);
2046  return 1;
2047  }
2048 
2049  return 0;
2050 }
2051 
2052 static int AddressTestParse08(void)
2053 {
2054  int result = 1;
2055  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2056 
2057  if (dd) {
2058  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2059  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2060 
2061  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2062  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2063  DetectAddressPrint(dd);
2064  result = 0;
2065  }
2066 
2067  DetectAddressFree(dd);
2068  return result;
2069  }
2070 
2071  return 0;
2072 }
2073 
2074 static int AddressTestParse09(void)
2075 {
2076  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2077 
2078  if (dd) {
2079  DetectAddressFree(dd);
2080  return 1;
2081  }
2082 
2083  return 0;
2084 }
2085 
2086 static int AddressTestParse10(void)
2087 {
2088  int result = 1;
2089  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2090 
2091  if (dd) {
2092  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2093  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2094 
2095  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2096  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2097  DetectAddressPrint(dd);
2098  result = 0;
2099  }
2100 
2101  DetectAddressFree(dd);
2102  return result;
2103  }
2104 
2105  return 0;
2106 }
2107 
2108 static int AddressTestParse11(void)
2109 {
2110  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2111 
2112  if (dd) {
2113  DetectAddressFree(dd);
2114  return 1;
2115  }
2116 
2117  return 0;
2118 }
2119 
2120 static int AddressTestParse12(void)
2121 {
2122  int result = 1;
2123  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2124 
2125  if (dd) {
2126  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2127  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2128 
2129  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2130  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2131  DetectAddressPrint(dd);
2132  result = 0;
2133  }
2134 
2135  DetectAddressFree(dd);
2136  return result;
2137  }
2138 
2139  return 0;
2140 }
2141 static int AddressTestParse13(void)
2142 {
2143  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2144 
2145  if (dd) {
2146  DetectAddressFree(dd);
2147  return 1;
2148  }
2149 
2150  return 0;
2151 }
2152 
2153 static int AddressTestParse14(void)
2154 {
2155  int result = 1;
2156  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2157 
2158  if (dd) {
2159  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2160  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2161 
2162  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2163  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2164  result = 0;
2165  }
2166 
2167  DetectAddressFree(dd);
2168  return result;
2169  }
2170 
2171  return 0;
2172 }
2173 
2174 static int AddressTestParse15(void)
2175 {
2176  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2177 
2178  if (dd) {
2179  DetectAddressFree(dd);
2180  return 1;
2181  }
2182 
2183  return 0;
2184 }
2185 
2186 static int AddressTestParse16(void)
2187 {
2188  int result = 1;
2189  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2190 
2191  if (dd) {
2192  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2193  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2194 
2195  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2196  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2197  result = 0;
2198  }
2199 
2200  DetectAddressFree(dd);
2201  return result;
2202  }
2203 
2204  return 0;
2205 }
2206 
2207 static int AddressTestParse17(void)
2208 {
2209  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2210 
2211  if (dd) {
2212  DetectAddressFree(dd);
2213  return 1;
2214  }
2215 
2216  return 0;
2217 }
2218 
2219 static int AddressTestParse18(void)
2220 {
2221  int result = 1;
2222  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2223 
2224  if (dd) {
2225  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2226  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2227  result = 0;
2228  }
2229 
2230  DetectAddressFree(dd);
2231  return result;
2232  }
2233 
2234  return 0;
2235 }
2236 
2237 static int AddressTestParse19(void)
2238 {
2239  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2240 
2241  if (dd) {
2242  DetectAddressFree(dd);
2243  return 0;
2244  }
2245 
2246  return 1;
2247 }
2248 
2249 static int AddressTestParse20(void)
2250 {
2251  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2252 
2253  if (dd) {
2254  DetectAddressFree(dd);
2255  return 1;
2256  }
2257 
2258  return 0;
2259 }
2260 
2261 static int AddressTestParse21(void)
2262 {
2263  int result = 1;
2264  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2265 
2266  if (dd) {
2267  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2268  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2269 
2270  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2271  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2272  result = 0;
2273  }
2274 
2275  DetectAddressFree(dd);
2276  return result;
2277  }
2278 
2279  return 0;
2280 }
2281 
2282 static int AddressTestParse22(void)
2283 {
2284  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2285 
2286  if (dd) {
2287  DetectAddressFree(dd);
2288  return 0;
2289  }
2290 
2291  return 1;
2292 }
2293 
2294 static int AddressTestParse23(void)
2295 {
2296  DetectAddressHead *gh = DetectAddressHeadInit();
2297  FAIL_IF_NULL(gh);
2298  int r = DetectAddressParse(NULL, gh, "any");
2299  FAIL_IF_NOT(r == 0);
2300  DetectAddressHeadFree(gh);
2301  PASS;
2302 }
2303 
2304 static int AddressTestParse24(void)
2305 {
2306  DetectAddressHead *gh = DetectAddressHeadInit();
2307  FAIL_IF_NULL(gh);
2308  int r = DetectAddressParse(NULL, gh, "Any");
2309  FAIL_IF_NOT(r == 0);
2310  DetectAddressHeadFree(gh);
2311  PASS;
2312 }
2313 
2314 static int AddressTestParse25(void)
2315 {
2316  DetectAddressHead *gh = DetectAddressHeadInit();
2317  FAIL_IF_NULL(gh);
2318  int r = DetectAddressParse(NULL, gh, "ANY");
2319  FAIL_IF_NOT(r == 0);
2320  DetectAddressHeadFree(gh);
2321  PASS;
2322 }
2323 
2324 /** \test recursion limit */
2325 static int AddressTestParse26(void)
2326 {
2327  DetectAddressHead *gh = DetectAddressHeadInit();
2328  FAIL_IF_NULL(gh);
2329  /* exactly 64: should pass */
2330  int r = DetectAddressParse(NULL, gh,
2331  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2332  "1.2.3.4"
2333  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2334  );
2335  FAIL_IF_NOT(r == 0);
2336  DetectAddressHeadFree(gh);
2337  gh = DetectAddressHeadInit();
2338  FAIL_IF_NULL(gh);
2339  /* exactly 65: should fail */
2340  r = DetectAddressParse(NULL, gh,
2341  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2342  "1.2.3.4"
2343  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2344  );
2345  FAIL_IF(r == 0);
2346  DetectAddressHeadFree(gh);
2347  PASS;
2348 }
2349 
2350 static int AddressTestParse27(void)
2351 {
2352  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2353 
2354  if (dd) {
2355  DetectAddressFree(dd);
2356  return 1;
2357  }
2358 
2359  return 0;
2360 }
2361 
2362 static int AddressTestParse28(void)
2363 {
2364  int result = 0;
2365  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2366 
2367  if (dd) {
2368  if (dd->flags & ADDRESS_FLAG_NOT &&
2369  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2370  result = 1;
2371  }
2372 
2373  DetectAddressFree(dd);
2374  return result;
2375  }
2376 
2377  return 0;
2378 }
2379 
2380 static int AddressTestParse29(void)
2381 {
2382  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2383 
2384  if (dd) {
2385  DetectAddressFree(dd);
2386  return 1;
2387  }
2388 
2389  return 0;
2390 }
2391 
2392 static int AddressTestParse30(void)
2393 {
2394  int result = 0;
2395  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2396 
2397  if (dd) {
2398  if (dd->flags & ADDRESS_FLAG_NOT &&
2399  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2400  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2401  result = 1;
2402  }
2403 
2404  DetectAddressFree(dd);
2405  return result;
2406  }
2407 
2408  return 0;
2409 }
2410 
2411 /**
2412  * \test make sure !any is rejected
2413  */
2414 static int AddressTestParse31(void)
2415 {
2416  DetectAddress *dd = DetectAddressParseSingle("!any");
2417 
2418  if (dd) {
2419  DetectAddressFree(dd);
2420  return 0;
2421  }
2422 
2423  return 1;
2424 }
2425 
2426 static int AddressTestParse32(void)
2427 {
2428  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2429 
2430  if (dd) {
2431  DetectAddressFree(dd);
2432  return 1;
2433  }
2434 
2435  return 0;
2436 }
2437 
2438 static int AddressTestParse33(void)
2439 {
2440  int result = 0;
2441  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2442 
2443  if (dd) {
2444  if (dd->flags & ADDRESS_FLAG_NOT &&
2445  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2446  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2447  result = 1;
2448  }
2449 
2450  DetectAddressFree(dd);
2451  return result;
2452  }
2453 
2454  return 0;
2455 }
2456 
2457 static int AddressTestParse34(void)
2458 {
2459  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2460 
2461  if (dd) {
2462  DetectAddressFree(dd);
2463  return 1;
2464  }
2465 
2466  return 0;
2467 }
2468 
2469 static int AddressTestParse35(void)
2470 {
2471  int result = 0;
2472  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2473 
2474  if (dd) {
2475  if (dd->flags & ADDRESS_FLAG_NOT &&
2476  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2477  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2478 
2479  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2480  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2481  result = 1;
2482  }
2483 
2484  DetectAddressFree(dd);
2485  return result;
2486  }
2487 
2488  return 0;
2489 }
2490 
2491 static int AddressTestParse36(void)
2492 {
2493  int result = 1;
2494  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2495 
2496  if (dd) {
2497  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2498  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2499 
2500  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2501  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2502 
2503  DetectAddressPrint(dd);
2504  result = 0;
2505  }
2506  DetectAddressPrint(dd);
2507 
2508  DetectAddressFree(dd);
2509  return result;
2510  }
2511 
2512  return 0;
2513 }
2514 
2515 static int AddressTestParse37(void)
2516 {
2517  int result = 1;
2518  DetectAddress *dd = DetectAddressParseSingle("::/0");
2519 
2520  if (dd) {
2521  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2522  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2523 
2524  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2525  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2526  DetectAddressPrint(dd);
2527  result = 0;
2528  }
2529  DetectAddressPrint(dd);
2530 
2531  DetectAddressFree(dd);
2532  return result;
2533  }
2534 
2535  return 0;
2536 }
2537 
2538 static int AddressTestMatch01(void)
2539 {
2540  DetectAddress *dd = NULL;
2541  int result = 1;
2542  struct in_addr in;
2543  Address a;
2544 
2545  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2546  return 0;
2547  memset(&a, 0, sizeof(Address));
2548  a.family = AF_INET;
2549  a.addr_data32[0] = in.s_addr;
2550 
2551  dd = DetectAddressParseSingle("1.2.3.4/24");
2552  if (dd) {
2553  if (DetectAddressMatch(dd, &a) == 0)
2554  result = 0;
2555 
2556  DetectAddressFree(dd);
2557  return result;
2558  }
2559 
2560  return 0;
2561 }
2562 
2563 static int AddressTestMatch02(void)
2564 {
2565  DetectAddress *dd = NULL;
2566  int result = 1;
2567  struct in_addr in;
2568  Address a;
2569 
2570  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2571  return 0;
2572  memset(&a, 0, sizeof(Address));
2573  a.family = AF_INET;
2574  a.addr_data32[0] = in.s_addr;
2575 
2576  dd = DetectAddressParseSingle("1.2.3.4/25");
2577  if (dd) {
2578  if (DetectAddressMatch(dd, &a) == 0)
2579  result = 0;
2580 
2581  DetectAddressFree(dd);
2582  return result;
2583  }
2584 
2585  return 0;
2586 }
2587 
2588 static int AddressTestMatch03(void)
2589 {
2590  DetectAddress *dd = NULL;
2591  int result = 1;
2592  struct in_addr in;
2593  Address a;
2594 
2595  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2596  return 0;
2597  memset(&a, 0, sizeof(Address));
2598  a.family = AF_INET;
2599  a.addr_data32[0] = in.s_addr;
2600 
2601  dd = DetectAddressParseSingle("1.2.3.4/25");
2602  if (dd) {
2603  if (DetectAddressMatch(dd, &a) == 1)
2604  result = 0;
2605 
2606  DetectAddressFree(dd);
2607  return result;
2608  }
2609 
2610  return 0;
2611 }
2612 
2613 static int AddressTestMatch04(void)
2614 {
2615  DetectAddress *dd = NULL;
2616  int result = 1;
2617  struct in_addr in;
2618  Address a;
2619 
2620  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2621  return 0;
2622  memset(&a, 0, sizeof(Address));
2623  a.family = AF_INET;
2624  a.addr_data32[0] = in.s_addr;
2625 
2626  dd = DetectAddressParseSingle("1.2.3.4/25");
2627  if (dd) {
2628  if (DetectAddressMatch(dd, &a) == 1)
2629  result = 0;
2630 
2631  DetectAddressFree(dd);
2632  return result;
2633  }
2634 
2635  return 0;
2636 }
2637 
2638 static int AddressTestMatch05(void)
2639 {
2640  DetectAddress *dd = NULL;
2641  int result = 1;
2642  struct in_addr in;
2643  Address a;
2644 
2645  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2646  return 0;
2647  memset(&a, 0, sizeof(Address));
2648  a.family = AF_INET;
2649  a.addr_data32[0] = in.s_addr;
2650 
2651  dd = DetectAddressParseSingle("1.2.3.4/32");
2652  if (dd) {
2653  if (DetectAddressMatch(dd, &a) == 0)
2654  result = 0;
2655 
2656  DetectAddressFree(dd);
2657  return result;
2658  }
2659 
2660  return 0;
2661 }
2662 
2663 static int AddressTestMatch06(void)
2664 {
2665  DetectAddress *dd = NULL;
2666  int result = 1;
2667  struct in_addr in;
2668  Address a;
2669 
2670  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2671  return 0;
2672  memset(&a, 0, sizeof(Address));
2673  a.family = AF_INET;
2674  a.addr_data32[0] = in.s_addr;
2675 
2676  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2677  if (dd) {
2678  if (DetectAddressMatch(dd, &a) == 0)
2679  result = 0;
2680 
2681  DetectAddressFree(dd);
2682  return result;
2683  }
2684 
2685  return 0;
2686 }
2687 
2688 static int AddressTestMatch07(void)
2689 {
2690  DetectAddress *dd = NULL;
2691  int result = 1;
2692  struct in6_addr in6;
2693  Address a;
2694 
2695  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2696  return 0;
2697  memset(&a, 0, sizeof(Address));
2698  a.family = AF_INET6;
2699  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2700 
2701  dd = DetectAddressParseSingle("2001::/3");
2702  if (dd) {
2703  if (DetectAddressMatch(dd, &a) == 0)
2704  result = 0;
2705 
2706  DetectAddressFree(dd);
2707  return result;
2708  }
2709 
2710  return 0;
2711 }
2712 
2713 static int AddressTestMatch08(void)
2714 {
2715  DetectAddress *dd = NULL;
2716  int result = 1;
2717  struct in6_addr in6;
2718  Address a;
2719 
2720  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2721  return 0;
2722  memset(&a, 0, sizeof(Address));
2723  a.family = AF_INET6;
2724  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2725 
2726  dd = DetectAddressParseSingle("2001::/3");
2727  if (dd) {
2728  if (DetectAddressMatch(dd, &a) == 1)
2729  result = 0;
2730 
2731  DetectAddressFree(dd);
2732  return result;
2733  }
2734 
2735  return 0;
2736 }
2737 
2738 static int AddressTestMatch09(void)
2739 {
2740  DetectAddress *dd = NULL;
2741  int result = 1;
2742  struct in6_addr in6;
2743  Address a;
2744 
2745  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2746  return 0;
2747  memset(&a, 0, sizeof(Address));
2748  a.family = AF_INET6;
2749  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2750 
2751  dd = DetectAddressParseSingle("2001::1/128");
2752  if (dd) {
2753  if (DetectAddressMatch(dd, &a) == 1)
2754  result = 0;
2755 
2756  DetectAddressFree(dd);
2757  return result;
2758  }
2759 
2760  return 0;
2761 }
2762 
2763 static int AddressTestMatch10(void)
2764 {
2765  DetectAddress *dd = NULL;
2766  int result = 1;
2767  struct in6_addr in6;
2768  Address a;
2769 
2770  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2771  return 0;
2772  memset(&a, 0, sizeof(Address));
2773  a.family = AF_INET6;
2774  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2775 
2776  dd = DetectAddressParseSingle("2001::1/126");
2777  if (dd) {
2778  if (DetectAddressMatch(dd, &a) == 0)
2779  result = 0;
2780 
2781  DetectAddressFree(dd);
2782  return result;
2783  }
2784 
2785  return 0;
2786 }
2787 
2788 static int AddressTestMatch11(void)
2789 {
2790  DetectAddress *dd = NULL;
2791  int result = 1;
2792  struct in6_addr in6;
2793  Address a;
2794 
2795  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2796  return 0;
2797  memset(&a, 0, sizeof(Address));
2798  a.family = AF_INET6;
2799  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2800 
2801  dd = DetectAddressParseSingle("2001::1/127");
2802  if (dd) {
2803  if (DetectAddressMatch(dd, &a) == 1)
2804  result = 0;
2805 
2806  DetectAddressFree(dd);
2807  return result;
2808  }
2809 
2810  return 0;
2811 }
2812 
2813 static int AddressTestCmp01(void)
2814 {
2815  DetectAddress *da = NULL, *db = NULL;
2816  int result = 1;
2817 
2818  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2819  if (da == NULL) goto error;
2820  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2821  if (db == NULL) goto error;
2822 
2823  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2824  result = 0;
2825 
2826  DetectAddressFree(da);
2827  DetectAddressFree(db);
2828  return result;
2829 
2830 error:
2831  if (da) DetectAddressFree(da);
2832  if (db) DetectAddressFree(db);
2833  return 0;
2834 }
2835 
2836 static int AddressTestCmp02(void)
2837 {
2838  DetectAddress *da = NULL, *db = NULL;
2839  int result = 1;
2840 
2841  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2842  if (da == NULL) goto error;
2843  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2844  if (db == NULL) goto error;
2845 
2846  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2847  result = 0;
2848 
2849  DetectAddressFree(da);
2850  DetectAddressFree(db);
2851  return result;
2852 
2853 error:
2854  if (da) DetectAddressFree(da);
2855  if (db) DetectAddressFree(db);
2856  return 0;
2857 }
2858 
2859 static int AddressTestCmp03(void)
2860 {
2861  DetectAddress *da = NULL, *db = NULL;
2862  int result = 1;
2863 
2864  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2865  if (da == NULL) goto error;
2866  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2867  if (db == NULL) goto error;
2868 
2869  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2870  result = 0;
2871 
2872  DetectAddressFree(da);
2873  DetectAddressFree(db);
2874  return result;
2875 
2876 error:
2877  if (da) DetectAddressFree(da);
2878  if (db) DetectAddressFree(db);
2879  return 0;
2880 }
2881 
2882 static int AddressTestCmp04(void)
2883 {
2884  DetectAddress *da = NULL, *db = NULL;
2885  int result = 1;
2886 
2887  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2888  if (da == NULL) goto error;
2889  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2890  if (db == NULL) goto error;
2891 
2892  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2893  result = 0;
2894 
2895  DetectAddressFree(da);
2896  DetectAddressFree(db);
2897  return result;
2898 
2899 error:
2900  if (da) DetectAddressFree(da);
2901  if (db) DetectAddressFree(db);
2902  return 0;
2903 }
2904 
2905 static int AddressTestCmp05(void)
2906 {
2907  DetectAddress *da = NULL, *db = NULL;
2908  int result = 1;
2909 
2910  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2911  if (da == NULL) goto error;
2912  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2913  if (db == NULL) goto error;
2914 
2915  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2916  result = 0;
2917 
2918  DetectAddressFree(da);
2919  DetectAddressFree(db);
2920  return result;
2921 
2922 error:
2923  if (da) DetectAddressFree(da);
2924  if (db) DetectAddressFree(db);
2925  return 0;
2926 }
2927 
2928 static int AddressTestCmp06(void)
2929 {
2930  DetectAddress *da = NULL, *db = NULL;
2931  int result = 1;
2932 
2933  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2934  if (da == NULL) goto error;
2935  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2936  if (db == NULL) goto error;
2937 
2938  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2939  result = 0;
2940 
2941  DetectAddressFree(da);
2942  DetectAddressFree(db);
2943  return result;
2944 
2945 error:
2946  if (da) DetectAddressFree(da);
2947  if (db) DetectAddressFree(db);
2948  return 0;
2949 }
2950 
2951 static int AddressTestCmpIPv407(void)
2952 {
2953  DetectAddress *da = NULL, *db = NULL;
2954  int result = 1;
2955 
2956  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2957  if (da == NULL) goto error;
2958  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2959  if (db == NULL) goto error;
2960 
2961  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2962  result = 0;
2963 
2964  DetectAddressFree(da);
2965  DetectAddressFree(db);
2966  return result;
2967 
2968 error:
2969  if (da) DetectAddressFree(da);
2970  if (db) DetectAddressFree(db);
2971  return 0;
2972 }
2973 
2974 static int AddressTestCmpIPv408(void)
2975 {
2976  DetectAddress *da = NULL, *db = NULL;
2977  int result = 1;
2978 
2979  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2980  if (da == NULL) goto error;
2981  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2982  if (db == NULL) goto error;
2983 
2984  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2985  result = 0;
2986 
2987  DetectAddressFree(da);
2988  DetectAddressFree(db);
2989  return result;
2990 
2991 error:
2992  if (da) DetectAddressFree(da);
2993  if (db) DetectAddressFree(db);
2994  return 0;
2995 }
2996 
2997 static int AddressTestCmp07(void)
2998 {
2999  DetectAddress *da = NULL, *db = NULL;
3000  int result = 1;
3001 
3002  da = DetectAddressParseSingle("2001::/3");
3003  if (da == NULL) goto error;
3004  db = DetectAddressParseSingle("2001::1/3");
3005  if (db == NULL) goto error;
3006 
3007  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3008  result = 0;
3009 
3010  DetectAddressFree(da);
3011  DetectAddressFree(db);
3012  return result;
3013 
3014 error:
3015  if (da) DetectAddressFree(da);
3016  if (db) DetectAddressFree(db);
3017  return 0;
3018 }
3019 
3020 static int AddressTestCmp08(void)
3021 {
3022  DetectAddress *da = NULL, *db = NULL;
3023  int result = 1;
3024 
3025  da = DetectAddressParseSingle("2001::/3");
3026  if (da == NULL) goto error;
3027  db = DetectAddressParseSingle("2001::/8");
3028  if (db == NULL) goto error;
3029 
3030  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3031  result = 0;
3032 
3033  DetectAddressFree(da);
3034  DetectAddressFree(db);
3035  return result;
3036 
3037 error:
3038  if (da) DetectAddressFree(da);
3039  if (db) DetectAddressFree(db);
3040  return 0;
3041 }
3042 
3043 static int AddressTestCmp09(void)
3044 {
3045  DetectAddress *da = NULL, *db = NULL;
3046  int result = 1;
3047 
3048  da = DetectAddressParseSingle("2001::/8");
3049  if (da == NULL) goto error;
3050  db = DetectAddressParseSingle("2001::/3");
3051  if (db == NULL) goto error;
3052 
3053  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3054  result = 0;
3055 
3056  DetectAddressFree(da);
3057  DetectAddressFree(db);
3058  return result;
3059 
3060 error:
3061  if (da) DetectAddressFree(da);
3062  if (db) DetectAddressFree(db);
3063  return 0;
3064 }
3065 
3066 static int AddressTestCmp10(void)
3067 {
3068  DetectAddress *da = NULL, *db = NULL;
3069  int result = 1;
3070 
3071  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3072  if (da == NULL) goto error;
3073  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3074  if (db == NULL) goto error;
3075 
3076  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3077  result = 0;
3078 
3079  DetectAddressFree(da);
3080  DetectAddressFree(db);
3081  return result;
3082 
3083 error:
3084  if (da) DetectAddressFree(da);
3085  if (db) DetectAddressFree(db);
3086  return 0;
3087 }
3088 
3089 static int AddressTestCmp11(void)
3090 {
3091  DetectAddress *da = NULL, *db = NULL;
3092  int result = 1;
3093 
3094  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3095  if (da == NULL) goto error;
3096  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3097  if (db == NULL) goto error;
3098 
3099  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3100  result = 0;
3101 
3102  DetectAddressFree(da);
3103  DetectAddressFree(db);
3104  return result;
3105 
3106 error:
3107  if (da) DetectAddressFree(da);
3108  if (db) DetectAddressFree(db);
3109  return 0;
3110 }
3111 
3112 static int AddressTestCmp12(void)
3113 {
3114  DetectAddress *da = NULL, *db = NULL;
3115  int result = 1;
3116 
3117  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3118  if (da == NULL) goto error;
3119  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3120  if (db == NULL) goto error;
3121 
3122  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3123  result = 0;
3124 
3125  DetectAddressFree(da);
3126  DetectAddressFree(db);
3127  return result;
3128 
3129 error:
3130  if (da) DetectAddressFree(da);
3131  if (db) DetectAddressFree(db);
3132  return 0;
3133 }
3134 
3135 static int AddressTestAddressGroupSetup01(void)
3136 {
3137  int result = 0;
3138  DetectAddressHead *gh = DetectAddressHeadInit();
3139 
3140  if (gh != NULL) {
3141  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3142  if (r == 0)
3143  result = 1;
3144 
3145  DetectAddressHeadFree(gh);
3146  }
3147  return result;
3148 }
3149 
3150 static int AddressTestAddressGroupSetup02(void)
3151 {
3152  int result = 0;
3153  DetectAddressHead *gh = DetectAddressHeadInit();
3154 
3155  if (gh != NULL) {
3156  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3157  if (r == 0 && gh->ipv4_head != NULL)
3158  result = 1;
3159 
3160  DetectAddressHeadFree(gh);
3161  }
3162  return result;
3163 }
3164 
3165 static int AddressTestAddressGroupSetup03(void)
3166 {
3167  int result = 0;
3168  DetectAddressHead *gh = DetectAddressHeadInit();
3169 
3170  if (gh != NULL) {
3171  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3172  if (r == 0 && gh->ipv4_head != NULL) {
3173  DetectAddress *prev_head = gh->ipv4_head;
3174 
3175  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3176  if (r == 0 && gh->ipv4_head != prev_head &&
3177  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3178  result = 1;
3179  }
3180  }
3181 
3182  DetectAddressHeadFree(gh);
3183  }
3184  return result;
3185 }
3186 
3187 static int AddressTestAddressGroupSetup04(void)
3188 {
3189  int result = 0;
3190  DetectAddressHead *gh = DetectAddressHeadInit();
3191 
3192  if (gh != NULL) {
3193  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3194  if (r == 0 && gh->ipv4_head != NULL) {
3195  DetectAddress *prev_head = gh->ipv4_head;
3196 
3197  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3198  if (r == 0 && gh->ipv4_head != prev_head &&
3199  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3200  DetectAddress *ph = gh->ipv4_head;
3201 
3202  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3203  if (r == 0 && gh->ipv4_head != ph &&
3204  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3205  result = 1;
3206  }
3207  }
3208  }
3209 
3210  DetectAddressHeadFree(gh);
3211  }
3212  return result;
3213 }
3214 
3215 static int AddressTestAddressGroupSetup05(void)
3216 {
3217  int result = 0;
3218  DetectAddressHead *gh = DetectAddressHeadInit();
3219 
3220  if (gh != NULL) {
3221  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3222  if (r == 0 && gh->ipv4_head != NULL) {
3223  DetectAddress *prev_head = gh->ipv4_head;
3224 
3225  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3226  if (r == 0 && gh->ipv4_head == prev_head &&
3227  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3228  DetectAddress *ph = gh->ipv4_head;
3229 
3230  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3231  if (r == 0 && gh->ipv4_head == ph &&
3232  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3233  result = 1;
3234  }
3235  }
3236  }
3237 
3238  DetectAddressHeadFree(gh);
3239  }
3240  return result;
3241 }
3242 
3243 static int AddressTestAddressGroupSetup06(void)
3244 {
3245  int result = 0;
3246  DetectAddressHead *gh = DetectAddressHeadInit();
3247 
3248  if (gh != NULL) {
3249  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3250  if (r == 0 && gh->ipv4_head != NULL) {
3251  DetectAddress *prev_head = gh->ipv4_head;
3252 
3253  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3254  if (r == 0 && gh->ipv4_head == prev_head &&
3255  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3256  result = 1;
3257  }
3258  }
3259 
3260  DetectAddressHeadFree(gh);
3261  }
3262  return result;
3263 }
3264 
3265 static int AddressTestAddressGroupSetup07(void)
3266 {
3267  int result = 0;
3268  DetectAddressHead *gh = DetectAddressHeadInit();
3269 
3270  if (gh != NULL) {
3271  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3272  if (r == 0 && gh->ipv4_head != NULL) {
3273  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3274  if (r == 0 && gh->ipv4_head != NULL &&
3275  gh->ipv4_head->next != NULL &&
3276  gh->ipv4_head->next->next != NULL) {
3277  result = 1;
3278  }
3279  }
3280 
3281  DetectAddressHeadFree(gh);
3282  }
3283  return result;
3284 }
3285 
3286 static int AddressTestAddressGroupSetup08(void)
3287 {
3288  int result = 0;
3289  DetectAddressHead *gh = DetectAddressHeadInit();
3290 
3291  if (gh != NULL) {
3292  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3293  if (r == 0 && gh->ipv4_head != NULL) {
3294  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3295  if (r == 0 && gh->ipv4_head != NULL &&
3296  gh->ipv4_head->next != NULL &&
3297  gh->ipv4_head->next->next != NULL) {
3298  result = 1;
3299  }
3300  }
3301 
3302  DetectAddressHeadFree(gh);
3303  }
3304  return result;
3305 }
3306 
3307 static int AddressTestAddressGroupSetup09(void)
3308 {
3309  int result = 0;
3310  DetectAddressHead *gh = DetectAddressHeadInit();
3311 
3312  if (gh != NULL) {
3313  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3314  if (r == 0 && gh->ipv4_head != NULL) {
3315  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3316  if (r == 0 && gh->ipv4_head != NULL &&
3317  gh->ipv4_head->next != NULL &&
3318  gh->ipv4_head->next->next != NULL) {
3319  result = 1;
3320  }
3321  }
3322 
3323  DetectAddressHeadFree(gh);
3324  }
3325  return result;
3326 }
3327 
3328 static int AddressTestAddressGroupSetup10(void)
3329 {
3330  int result = 0;
3331  DetectAddressHead *gh = DetectAddressHeadInit();
3332 
3333  if (gh != NULL) {
3334  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3335  if (r == 0 && gh->ipv4_head != NULL) {
3336  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3337  if (r == 0 && gh->ipv4_head != NULL &&
3338  gh->ipv4_head->next != NULL &&
3339  gh->ipv4_head->next->next != NULL) {
3340  result = 1;
3341  }
3342  }
3343 
3344  DetectAddressHeadFree(gh);
3345  }
3346  return result;
3347 }
3348 
3349 static int AddressTestAddressGroupSetup11(void)
3350 {
3351  int result = 0;
3352  DetectAddressHead *gh = DetectAddressHeadInit();
3353 
3354  if (gh != NULL) {
3355  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3356  if (r == 0) {
3357  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3358  if (r == 0) {
3359  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3360  if (r == 0) {
3361  DetectAddress *one = gh->ipv4_head, *two = one->next,
3362  *three = two->next, *four = three->next,
3363  *five = four->next;
3364 
3365  /* result should be:
3366  * 0.0.0.0/10.10.9.255
3367  * 10.10.10.0/10.10.10.9
3368  * 10.10.10.10/10.10.10.255
3369  * 10.10.11.0/10.10.11.1
3370  * 10.10.11.2/255.255.255.255
3371  */
3372  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3373  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3374  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3375  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3376  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3377  result = 1;
3378  }
3379  }
3380  }
3381  }
3382 
3383  DetectAddressHeadFree(gh);
3384  }
3385  return result;
3386 }
3387 
3388 static int AddressTestAddressGroupSetup12 (void)
3389 {
3390  int result = 0;
3391  DetectAddressHead *gh = DetectAddressHeadInit();
3392 
3393  if (gh != NULL) {
3394  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3395  if (r == 0) {
3396  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3397  if (r == 0) {
3398  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3399  if (r == 0) {
3400  DetectAddress *one = gh->ipv4_head, *two = one->next,
3401  *three = two->next, *four = three->next,
3402  *five = four->next;
3403 
3404  /* result should be:
3405  * 0.0.0.0/10.10.9.255
3406  * 10.10.10.0/10.10.10.9
3407  * 10.10.10.10/10.10.10.255
3408  * 10.10.11.0/10.10.11.1
3409  * 10.10.11.2/255.255.255.255
3410  */
3411  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3412  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3413  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3414  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3415  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3416  result = 1;
3417  }
3418  }
3419  }
3420  }
3421 
3422  DetectAddressHeadFree(gh);
3423  }
3424  return result;
3425 }
3426 
3427 static int AddressTestAddressGroupSetup13(void)
3428 {
3429  int result = 0;
3430  DetectAddressHead *gh = DetectAddressHeadInit();
3431 
3432  if (gh != NULL) {
3433  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3434  if (r == 0) {
3435  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3436  if (r == 0) {
3437  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3438  if (r == 0) {
3439  DetectAddress *one = gh->ipv4_head, *two = one->next,
3440  *three = two->next, *four = three->next,
3441  *five = four->next;
3442 
3443  /* result should be:
3444  * 0.0.0.0/10.10.9.255
3445  * 10.10.10.0/10.10.10.9
3446  * 10.10.10.10/10.10.10.255
3447  * 10.10.11.0/10.10.11.1
3448  * 10.10.11.2/255.255.255.255
3449  */
3450  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3451  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3452  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3453  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3454  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3455  result = 1;
3456  }
3457  }
3458  }
3459  }
3460 
3461  DetectAddressHeadFree(gh);
3462  }
3463  return result;
3464 }
3465 
3466 static int AddressTestAddressGroupSetupIPv414(void)
3467 {
3468  DetectAddressHead *gh = DetectAddressHeadInit();
3469  FAIL_IF_NULL(gh);
3470 
3471  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3472  FAIL_IF_NOT(r == 1);
3473 
3474  DetectAddress *one = gh->ipv4_head;
3475  FAIL_IF_NULL(one);
3476  DetectAddress *two = one->next;
3477  FAIL_IF_NULL(two);
3478 
3479  /* result should be:
3480  * 0.0.0.0/1.2.3.3
3481  * 1.2.3.5/255.255.255.255
3482  */
3483  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3484  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3485  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3486  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3487  DetectAddressHeadFree(gh);
3488 
3489  PASS;
3490 }
3491 
3492 static int AddressTestAddressGroupSetupIPv415(void)
3493 {
3494  DetectAddressHead *gh = DetectAddressHeadInit();
3495  FAIL_IF_NULL(gh);
3496 
3497  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3498  FAIL_IF_NOT(r == 1);
3499 
3500  DetectAddress *one = gh->ipv4_head;
3501  FAIL_IF_NULL(one);
3502  FAIL_IF_NOT_NULL(one->next);
3503 
3504  /* result should be:
3505  * 0.0.0.1/255.255.255.255
3506  */
3507  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3508  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3509 
3510  DetectAddressHeadFree(gh);
3511  PASS;
3512 }
3513 
3514 static int AddressTestAddressGroupSetupIPv416(void)
3515 {
3516  DetectAddressHead *gh = DetectAddressHeadInit();
3517  FAIL_IF_NULL(gh);
3518 
3519  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3520  FAIL_IF_NOT(r == 1);
3521 
3522  DetectAddress *one = gh->ipv4_head;
3523  FAIL_IF_NULL(one);
3524  FAIL_IF_NOT_NULL(one->next);
3525 
3526  /* result should be:
3527  * 0.0.0.0/255.255.255.254
3528  */
3529  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3530  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3531 
3532  DetectAddressHeadFree(gh);
3533  PASS;
3534 }
3535 
3536 static int AddressTestAddressGroupSetup14(void)
3537 {
3538  int result = 0;
3539  DetectAddressHead *gh = DetectAddressHeadInit();
3540 
3541  if (gh != NULL) {
3542  int r = DetectAddressParse(NULL, gh, "2001::1");
3543  if (r == 0)
3544  result = 1;
3545 
3546  DetectAddressHeadFree(gh);
3547  }
3548  return result;
3549 }
3550 
3551 static int AddressTestAddressGroupSetup15(void)
3552 {
3553  int result = 0;
3554  DetectAddressHead *gh = DetectAddressHeadInit();
3555 
3556  if (gh != NULL) {
3557  int r = DetectAddressParse(NULL, gh, "2001::1");
3558  if (r == 0 && gh->ipv6_head != NULL)
3559  result = 1;
3560 
3561  DetectAddressHeadFree(gh);
3562  }
3563  return result;
3564 }
3565 
3566 static int AddressTestAddressGroupSetup16(void)
3567 {
3568  int result = 0;
3569  DetectAddressHead *gh = DetectAddressHeadInit();
3570 
3571  if (gh != NULL) {
3572  int r = DetectAddressParse(NULL, gh, "2001::4");
3573  if (r == 0 && gh->ipv6_head != NULL) {
3574  DetectAddress *prev_head = gh->ipv6_head;
3575 
3576  r = DetectAddressParse(NULL, gh, "2001::3");
3577  if (r == 0 && gh->ipv6_head != prev_head &&
3578  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3579  result = 1;
3580  }
3581  }
3582 
3583  DetectAddressHeadFree(gh);
3584  }
3585  return result;
3586 }
3587 
3588 static int AddressTestAddressGroupSetup17(void)
3589 {
3590  int result = 0;
3591  DetectAddressHead *gh = DetectAddressHeadInit();
3592 
3593  if (gh != NULL) {
3594  int r = DetectAddressParse(NULL, gh, "2001::4");
3595  if (r == 0 && gh->ipv6_head != NULL) {
3596  DetectAddress *prev_head = gh->ipv6_head;
3597 
3598  r = DetectAddressParse(NULL, gh, "2001::3");
3599  if (r == 0 && gh->ipv6_head != prev_head &&
3600  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3601  DetectAddress *ph = gh->ipv6_head;
3602 
3603  r = DetectAddressParse(NULL, gh, "2001::2");
3604  if (r == 0 && gh->ipv6_head != ph &&
3605  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3606  result = 1;
3607  }
3608  }
3609  }
3610 
3611  DetectAddressHeadFree(gh);
3612  }
3613  return result;
3614 }
3615 
3616 static int AddressTestAddressGroupSetup18(void)
3617 {
3618  int result = 0;
3619  DetectAddressHead *gh = DetectAddressHeadInit();
3620 
3621  if (gh != NULL) {
3622  int r = DetectAddressParse(NULL, gh, "2001::2");
3623  if (r == 0 && gh->ipv6_head != NULL) {
3624  DetectAddress *prev_head = gh->ipv6_head;
3625 
3626  r = DetectAddressParse(NULL, gh, "2001::3");
3627  if (r == 0 && gh->ipv6_head == prev_head &&
3628  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3629  DetectAddress *ph = gh->ipv6_head;
3630 
3631  r = DetectAddressParse(NULL, gh, "2001::4");
3632  if (r == 0 && gh->ipv6_head == ph &&
3633  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3634  result = 1;
3635  }
3636  }
3637  }
3638 
3639  DetectAddressHeadFree(gh);
3640  }
3641  return result;
3642 }
3643 
3644 static int AddressTestAddressGroupSetup19(void)
3645 {
3646  int result = 0;
3647  DetectAddressHead *gh = DetectAddressHeadInit();
3648 
3649  if (gh != NULL) {
3650  int r = DetectAddressParse(NULL, gh, "2001::2");
3651  if (r == 0 && gh->ipv6_head != NULL) {
3652  DetectAddress *prev_head = gh->ipv6_head;
3653 
3654  r = DetectAddressParse(NULL, gh, "2001::2");
3655  if (r == 0 && gh->ipv6_head == prev_head &&
3656  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3657  result = 1;
3658  }
3659  }
3660 
3661  DetectAddressHeadFree(gh);
3662  }
3663  return result;
3664 }
3665 
3666 static int AddressTestAddressGroupSetup20(void)
3667 {
3668  int result = 0;
3669  DetectAddressHead *gh = DetectAddressHeadInit();
3670 
3671  if (gh != NULL) {
3672  int r = DetectAddressParse(NULL, gh, "2000::/3");
3673  if (r == 0 && gh->ipv6_head != NULL) {
3674  r = DetectAddressParse(NULL, gh, "2001::4");
3675  if (r == 0 && gh->ipv6_head != NULL &&
3676  gh->ipv6_head->next != NULL &&
3677  gh->ipv6_head->next->next != NULL) {
3678  result = 1;
3679  }
3680  }
3681 
3682  DetectAddressHeadFree(gh);
3683  }
3684  return result;
3685 }
3686 
3687 static int AddressTestAddressGroupSetup21(void)
3688 {
3689  int result = 0;
3690  DetectAddressHead *gh = DetectAddressHeadInit();
3691 
3692  if (gh != NULL) {
3693  int r = DetectAddressParse(NULL, gh, "2001::4");
3694  if (r == 0 && gh->ipv6_head != NULL) {
3695  r = DetectAddressParse(NULL, gh, "2000::/3");
3696  if (r == 0 && gh->ipv6_head != NULL &&
3697  gh->ipv6_head->next != NULL &&
3698  gh->ipv6_head->next->next != NULL) {
3699  result = 1;
3700  }
3701  }
3702 
3703  DetectAddressHeadFree(gh);
3704  }
3705  return result;
3706 }
3707 
3708 static int AddressTestAddressGroupSetup22(void)
3709 {
3710  int result = 0;
3711  DetectAddressHead *gh = DetectAddressHeadInit();
3712 
3713  if (gh != NULL) {
3714  int r = DetectAddressParse(NULL, gh, "2000::/3");
3715  if (r == 0 && gh->ipv6_head != NULL) {
3716  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3717  if (r == 0 && gh->ipv6_head != NULL &&
3718  gh->ipv6_head->next != NULL &&
3719  gh->ipv6_head->next->next != NULL) {
3720  result = 1;
3721  }
3722  }
3723 
3724  DetectAddressHeadFree(gh);
3725  }
3726  return result;
3727 }
3728 
3729 static int AddressTestAddressGroupSetup23(void)
3730 {
3731  int result = 0;
3732  DetectAddressHead *gh = DetectAddressHeadInit();
3733 
3734  if (gh != NULL) {
3735  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3736  if (r == 0 && gh->ipv6_head != NULL) {
3737  r = DetectAddressParse(NULL, gh, "2000::/3");
3738  if (r == 0 && gh->ipv6_head != NULL &&
3739  gh->ipv6_head->next != NULL &&
3740  gh->ipv6_head->next->next != NULL) {
3741  result = 1;
3742  }
3743  }
3744 
3745  DetectAddressHeadFree(gh);
3746  }
3747  return result;
3748 }
3749 
3750 static int AddressTestAddressGroupSetup24(void)
3751 {
3752  int result = 0;
3753  DetectAddressHead *gh = DetectAddressHeadInit();
3754 
3755  if (gh != NULL) {
3756  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3757  if (r == 0) {
3758  r = DetectAddressParse(NULL, gh, "2001::/3");
3759  if (r == 0) {
3760  r = DetectAddressParse(NULL, gh, "::/0");
3761  if (r == 0) {
3762  DetectAddress *one = gh->ipv6_head, *two = one->next,
3763  *three = two->next, *four = three->next,
3764  *five = four->next;
3765  if (one->ip.addr_data32[0] == 0x00000000 &&
3766  one->ip.addr_data32[1] == 0x00000000 &&
3767  one->ip.addr_data32[2] == 0x00000000 &&
3768  one->ip.addr_data32[3] == 0x00000000 &&
3769  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3770  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3771  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3772  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3773 
3774  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3775  two->ip.addr_data32[1] == 0x00000000 &&
3776  two->ip.addr_data32[2] == 0x00000000 &&
3777  two->ip.addr_data32[3] == 0x00000000 &&
3778  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3779  two->ip2.addr_data32[1] == 0x00000000 &&
3780  two->ip2.addr_data32[2] == 0x00000000 &&
3781  two->ip2.addr_data32[3] == SCNtohl(3) &&
3782 
3783  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3784  three->ip.addr_data32[1] == 0x00000000 &&
3785  three->ip.addr_data32[2] == 0x00000000 &&
3786  three->ip.addr_data32[3] == SCNtohl(4) &&
3787  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3788  three->ip2.addr_data32[1] == 0x00000000 &&
3789  three->ip2.addr_data32[2] == 0x00000000 &&
3790  three->ip2.addr_data32[3] == SCNtohl(6) &&
3791 
3792  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3793  four->ip.addr_data32[1] == 0x00000000 &&
3794  four->ip.addr_data32[2] == 0x00000000 &&
3795  four->ip.addr_data32[3] == SCNtohl(7) &&
3796  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3797  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3798  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3799  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3800 
3801  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3802  five->ip.addr_data32[1] == 0x00000000 &&
3803  five->ip.addr_data32[2] == 0x00000000 &&
3804  five->ip.addr_data32[3] == 0x00000000 &&
3805  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3806  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3807  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3808  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3809  result = 1;
3810  }
3811  }
3812  }
3813  }
3814 
3815  DetectAddressHeadFree(gh);
3816  }
3817  return result;
3818 }
3819 
3820 static int AddressTestAddressGroupSetup25(void)
3821 {
3822  int result = 0;
3823  DetectAddressHead *gh = DetectAddressHeadInit();
3824 
3825  if (gh != NULL) {
3826  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3827  if (r == 0) {
3828  r = DetectAddressParse(NULL, gh, "::/0");
3829  if (r == 0) {
3830  r = DetectAddressParse(NULL, gh, "2001::/3");
3831  if (r == 0) {
3832  DetectAddress *one = gh->ipv6_head, *two = one->next,
3833  *three = two->next, *four = three->next,
3834  *five = four->next;
3835  if (one->ip.addr_data32[0] == 0x00000000 &&
3836  one->ip.addr_data32[1] == 0x00000000 &&
3837  one->ip.addr_data32[2] == 0x00000000 &&
3838  one->ip.addr_data32[3] == 0x00000000 &&
3839  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3840  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3841  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3842  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3843 
3844  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3845  two->ip.addr_data32[1] == 0x00000000 &&
3846  two->ip.addr_data32[2] == 0x00000000 &&
3847  two->ip.addr_data32[3] == 0x00000000 &&
3848  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3849  two->ip2.addr_data32[1] == 0x00000000 &&
3850  two->ip2.addr_data32[2] == 0x00000000 &&
3851  two->ip2.addr_data32[3] == SCNtohl(3) &&
3852 
3853  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3854  three->ip.addr_data32[1] == 0x00000000 &&
3855  three->ip.addr_data32[2] == 0x00000000 &&
3856  three->ip.addr_data32[3] == SCNtohl(4) &&
3857  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3858  three->ip2.addr_data32[1] == 0x00000000 &&
3859  three->ip2.addr_data32[2] == 0x00000000 &&
3860  three->ip2.addr_data32[3] == SCNtohl(6) &&
3861 
3862  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3863  four->ip.addr_data32[1] == 0x00000000 &&
3864  four->ip.addr_data32[2] == 0x00000000 &&
3865  four->ip.addr_data32[3] == SCNtohl(7) &&
3866  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3867  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3868  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3869  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3870 
3871  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3872  five->ip.addr_data32[1] == 0x00000000 &&
3873  five->ip.addr_data32[2] == 0x00000000 &&
3874  five->ip.addr_data32[3] == 0x00000000 &&
3875  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3876  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3877  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3878  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3879  result = 1;
3880  }
3881  }
3882  }
3883  }
3884 
3885  DetectAddressHeadFree(gh);
3886  }
3887  return result;
3888 }
3889 
3890 static int AddressTestAddressGroupSetup26(void)
3891 {
3892  int result = 0;
3893  DetectAddressHead *gh = DetectAddressHeadInit();
3894 
3895  if (gh != NULL) {
3896  int r = DetectAddressParse(NULL, gh, "::/0");
3897  if (r == 0) {
3898  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3899  if (r == 0) {
3900  r = DetectAddressParse(NULL, gh, "2001::/3");
3901  if (r == 0) {
3902  DetectAddress *one = gh->ipv6_head, *two = one->next,
3903  *three = two->next, *four = three->next,
3904  *five = four->next;
3905  if (one->ip.addr_data32[0] == 0x00000000 &&
3906  one->ip.addr_data32[1] == 0x00000000 &&
3907  one->ip.addr_data32[2] == 0x00000000 &&
3908  one->ip.addr_data32[3] == 0x00000000 &&
3909  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3910  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3911  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3912  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3913 
3914  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3915  two->ip.addr_data32[1] == 0x00000000 &&
3916  two->ip.addr_data32[2] == 0x00000000 &&
3917  two->ip.addr_data32[3] == 0x00000000 &&
3918  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3919  two->ip2.addr_data32[1] == 0x00000000 &&
3920  two->ip2.addr_data32[2] == 0x00000000 &&
3921  two->ip2.addr_data32[3] == SCNtohl(3) &&
3922 
3923  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3924  three->ip.addr_data32[1] == 0x00000000 &&
3925  three->ip.addr_data32[2] == 0x00000000 &&
3926  three->ip.addr_data32[3] == SCNtohl(4) &&
3927  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3928  three->ip2.addr_data32[1] == 0x00000000 &&
3929  three->ip2.addr_data32[2] == 0x00000000 &&
3930  three->ip2.addr_data32[3] == SCNtohl(6) &&
3931 
3932  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3933  four->ip.addr_data32[1] == 0x00000000 &&
3934  four->ip.addr_data32[2] == 0x00000000 &&
3935  four->ip.addr_data32[3] == SCNtohl(7) &&
3936  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3937  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3938  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3939  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3940 
3941  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3942  five->ip.addr_data32[1] == 0x00000000 &&
3943  five->ip.addr_data32[2] == 0x00000000 &&
3944  five->ip.addr_data32[3] == 0x00000000 &&
3945  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3946  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3947  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3948  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3949  result = 1;
3950  }
3951  }
3952  }
3953  }
3954 
3955  DetectAddressHeadFree(gh);
3956  }
3957  return result;
3958 }
3959 
3960 static int AddressTestAddressGroupSetup27(void)
3961 {
3962  int result = 0;
3963  DetectAddressHead *gh = DetectAddressHeadInit();
3964 
3965  if (gh != NULL) {
3966  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3967  if (r == 0)
3968  result = 1;
3969 
3970  DetectAddressHeadFree(gh);
3971  }
3972  return result;
3973 }
3974 
3975 static int AddressTestAddressGroupSetup28(void)
3976 {
3977  int result = 0;
3978  DetectAddressHead *gh = DetectAddressHeadInit();
3979 
3980  if (gh != NULL) {
3981  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3982  if (r == 0)
3983  result = 1;
3984 
3985  DetectAddressHeadFree(gh);
3986  }
3987  return result;
3988 }
3989 
3990 static int AddressTestAddressGroupSetup29(void)
3991 {
3992  int result = 0;
3993  DetectAddressHead *gh = DetectAddressHeadInit();
3994 
3995  if (gh != NULL) {
3996  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3997  if (r == 0)
3998  result = 1;
3999 
4000  DetectAddressHeadFree(gh);
4001  }
4002  return result;
4003 }
4004 
4005 static int AddressTestAddressGroupSetup30(void)
4006 {
4007  int result = 0;
4008  DetectAddressHead *gh = DetectAddressHeadInit();
4009 
4010  if (gh != NULL) {
4011  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4012  if (r == 0)
4013  result = 1;
4014 
4015  DetectAddressHeadFree(gh);
4016  }
4017  return result;
4018 }
4019 
4020 static int AddressTestAddressGroupSetup31(void)
4021 {
4022  int result = 0;
4023  DetectAddressHead *gh = DetectAddressHeadInit();
4024 
4025  if (gh != NULL) {
4026  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4027  if (r == 0)
4028  result = 1;
4029 
4030  DetectAddressHeadFree(gh);
4031  }
4032  return result;
4033 }
4034 
4035 static int AddressTestAddressGroupSetup32(void)
4036 {
4037  int result = 0;
4038  DetectAddressHead *gh = DetectAddressHeadInit();
4039 
4040  if (gh != NULL) {
4041  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4042  if (r == 0)
4043  result = 1;
4044 
4045  DetectAddressHeadFree(gh);
4046  }
4047  return result;
4048 }
4049 
4050 static int AddressTestAddressGroupSetup33(void)
4051 {
4052  int result = 0;
4053  DetectAddressHead *gh = DetectAddressHeadInit();
4054 
4055  if (gh != NULL) {
4056  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4057  if (r == 1)
4058  result = 1;
4059 
4060  DetectAddressHeadFree(gh);
4061  }
4062  return result;
4063 }
4064 
4065 static int AddressTestAddressGroupSetup34(void)
4066 {
4067  int result = 0;
4068  DetectAddressHead *gh = DetectAddressHeadInit();
4069 
4070  if (gh != NULL) {
4071  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4072  if (r == 1)
4073  result = 1;
4074 
4075  DetectAddressHeadFree(gh);
4076  }
4077  return result;
4078 }
4079 
4080 static int AddressTestAddressGroupSetup35(void)
4081 {
4082  int result = 0;
4083  DetectAddressHead *gh = DetectAddressHeadInit();
4084 
4085  if (gh != NULL) {
4086  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4087  if (r == 1)
4088  result = 1;
4089 
4090  DetectAddressHeadFree(gh);
4091  }
4092  return result;
4093 }
4094 
4095 static int AddressTestAddressGroupSetup36 (void)
4096 {
4097  int result = 0;
4098 
4099  DetectAddressHead *gh = DetectAddressHeadInit();
4100  if (gh != NULL) {
4101  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4102  if (r == 1)
4103  result = 1;
4104 
4105  DetectAddressHeadFree(gh);
4106  }
4107  return result;
4108 }
4109 
4110 static int AddressTestAddressGroupSetup37(void)
4111 {
4112  int result = 0;
4113  DetectAddressHead *gh = DetectAddressHeadInit();
4114 
4115  if (gh != NULL) {
4116  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4117  if (r == 0)
4118  result = 1;
4119 
4120  DetectAddressHeadFree(gh);
4121  }
4122  return result;
4123 }
4124 
4125 static int AddressTestAddressGroupSetup38(void)
4126 {
4127  UTHValidateDetectAddressHeadRange expectations[3] = {
4128  { "0.0.0.0", "192.167.255.255" },
4129  { "192.168.14.0", "192.168.14.255" },
4130  { "192.169.0.0", "255.255.255.255" } };
4131  int result = 0;
4132  DetectAddressHead *gh = DetectAddressHeadInit();
4133 
4134  if (gh != NULL) {
4135  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4136  if (r == 1) {
4137  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4138  result = 1;
4139  }
4140 
4141  DetectAddressHeadFree(gh);
4142  }
4143  return result;
4144 }
4145 
4146 static int AddressTestAddressGroupSetup39(void)
4147 {
4148  UTHValidateDetectAddressHeadRange expectations[3] = {
4149  { "0.0.0.0", "192.167.255.255" },
4150  { "192.168.14.0", "192.168.14.255" },
4151  { "192.169.0.0", "255.255.255.255" } };
4152  int result = 0;
4153  DetectAddressHead *gh = DetectAddressHeadInit();
4154 
4155  if (gh != NULL) {
4156  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4157  if (r == 1) {
4158  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4159  result = 1;
4160  }
4161 
4162  DetectAddressHeadFree(gh);
4163  }
4164  return result;
4165 }
4166 
4167 static int AddressTestAddressGroupSetup40(void)
4168 {
4169  UTHValidateDetectAddressHeadRange expectations[3] = {
4170  { "0.0.0.0", "192.167.255.255" },
4171  { "192.168.14.0", "192.168.14.255" },
4172  { "192.169.0.0", "255.255.255.255" } };
4173  int result = 0;
4174  DetectAddressHead *gh = DetectAddressHeadInit();
4175  if (gh != NULL) {
4176  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4177  if (r == 1) {
4178  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4179  result = 1;
4180  }
4181 
4182  DetectAddressHeadFree(gh);
4183  }
4184  return result;
4185 }
4186 
4187 static int AddressTestAddressGroupSetup41(void)
4188 {
4189  UTHValidateDetectAddressHeadRange expectations[3] = {
4190  { "0.0.0.0", "192.167.255.255" },
4191  { "192.168.14.0", "192.168.14.255" },
4192  { "192.169.0.0", "255.255.255.255" } };
4193  int result = 0;
4194  DetectAddressHead *gh = DetectAddressHeadInit();
4195  if (gh != NULL) {
4196  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4197  if (r == 1) {
4198  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4199  result = 1;
4200  }
4201 
4202  DetectAddressHeadFree(gh);
4203  }
4204  return result;
4205 }
4206 
4207 static int AddressTestAddressGroupSetup42(void)
4208 {
4209  UTHValidateDetectAddressHeadRange expectations[1] = {
4210  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4211  int result = 0;
4212  DetectAddressHead *gh = DetectAddressHeadInit();
4213  if (gh != NULL) {
4214  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4215  if (r == 0) {
4216  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4217  result = 1;
4218  }
4219 
4220  DetectAddressHeadFree(gh);
4221  }
4222  return result;
4223 }
4224 
4225 static int AddressTestAddressGroupSetup43(void)
4226 {
4227  UTHValidateDetectAddressHeadRange expectations[2] = {
4228  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4229  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4230  int result = 0;
4231  DetectAddressHead *gh = DetectAddressHeadInit();
4232  if (gh != NULL) {
4233  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4234  if (r == 1) {
4235  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4236  result = 1;
4237  }
4238 
4239  DetectAddressHeadFree(gh);
4240  }
4241  return result;
4242 }
4243 
4244 static int AddressTestAddressGroupSetup44(void)
4245 {
4246  UTHValidateDetectAddressHeadRange expectations[2] = {
4247  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4248  int result = 0;
4249  DetectAddressHead *gh = DetectAddressHeadInit();
4250  if (gh != NULL) {
4251  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4252  if (r == 0) {
4253  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4254  result = 1;
4255  }
4256 
4257  DetectAddressHeadFree(gh);
4258  }
4259  return result;
4260 }
4261 
4262 static int AddressTestAddressGroupSetup45(void)
4263 {
4264  int result = 0;
4265  DetectAddressHead *gh = DetectAddressHeadInit();
4266  if (gh != NULL) {
4267  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4268  if (r != 0) {
4269  result = 1;
4270  }
4271 
4272  DetectAddressHeadFree(gh);
4273  }
4274  return result;
4275 }
4276 
4277 static int AddressTestAddressGroupSetup46(void)
4278 {
4279  UTHValidateDetectAddressHeadRange expectations[4] = {
4280  { "0.0.0.0", "192.167.255.255" },
4281  { "192.168.1.0", "192.168.1.255" },
4282  { "192.168.3.0", "192.168.3.255" },
4283  { "192.169.0.0", "255.255.255.255" } };
4284  int result = 0;
4285  DetectAddressHead *gh = DetectAddressHeadInit();
4286  if (gh != NULL) {
4287  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4288  if (r == 1) {
4289  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4290  result = 1;
4291  }
4292 
4293  DetectAddressHeadFree(gh);
4294  }
4295  return result;
4296 }
4297 
4298 /** \test net with some negations, then all negated */
4299 static int AddressTestAddressGroupSetup47(void)
4300 {
4301  UTHValidateDetectAddressHeadRange expectations[5] = {
4302  { "0.0.0.0", "192.167.255.255" },
4303  { "192.168.1.0", "192.168.1.255" },
4304  { "192.168.3.0", "192.168.3.255" },
4305  { "192.168.5.0", "192.168.5.255" },
4306  { "192.169.0.0", "255.255.255.255" } };
4307  int result = 0;
4308  DetectAddressHead *gh = DetectAddressHeadInit();
4309  if (gh != NULL) {
4310  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4311  if (r == 1) {
4312  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4313  result = 1;
4314  }
4315 
4316  DetectAddressHeadFree(gh);
4317  }
4318  return result;
4319 }
4320 
4321 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4322 static int AddressTestAddressGroupSetup48(void)
4323 {
4324  UTHValidateDetectAddressHeadRange expectations[4] = {
4325  { "192.168.0.0", "192.168.0.255" },
4326  { "192.168.2.0", "192.168.2.255" },
4327  { "192.168.4.0", "192.168.4.255" },
4328  { "192.168.6.0", "192.168.255.255" } };
4329  int result = 0;
4330  DetectAddressHead *gh = DetectAddressHeadInit();
4331  if (gh != NULL) {
4332  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4333  if (r == 1) {
4334  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4335  result = 1;
4336  }
4337 
4338  DetectAddressHeadFree(gh);
4339  }
4340  return result;
4341 }
4342 
4343 static int AddressTestCutIPv401(void)
4344 {
4345  DetectAddress *c;
4346  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4347  FAIL_IF_NULL(a);
4348  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4349  FAIL_IF_NULL(b);
4350 
4351  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4352 
4353  DetectAddressFree(a);
4354  DetectAddressFree(b);
4355  DetectAddressFree(c);
4356  PASS;
4357 }
4358 
4359 static int AddressTestCutIPv402(void)
4360 {
4361  DetectAddress *a, *b, *c;
4362  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4363  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4364 
4365  if (DetectAddressCut(NULL, a, b, &c) == -1)
4366  goto error;
4367 
4368  if (c == NULL)
4369  goto error;
4370 
4371  DetectAddressFree(a);
4372  DetectAddressFree(b);
4373  DetectAddressFree(c);
4374  return 1;
4375 
4376 error:
4377  DetectAddressFree(a);
4378  DetectAddressFree(b);
4379  DetectAddressFree(c);
4380  return 0;
4381 }
4382 
4383 static int AddressTestCutIPv403(void)
4384 {
4385  DetectAddress *a, *b, *c;
4386  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4387  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4388 
4389  if (DetectAddressCut(NULL, a, b, &c) == -1)
4390  goto error;
4391 
4392  if (c == NULL)
4393  goto error;
4394 
4395  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4396  goto error;
4397  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4398  goto error;
4399  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4400  goto error;
4401 
4402  DetectAddressFree(a);
4403  DetectAddressFree(b);
4404  DetectAddressFree(c);
4405  return 1;
4406 
4407 error:
4408  DetectAddressFree(a);
4409  DetectAddressFree(b);
4410  DetectAddressFree(c);
4411  return 0;
4412 }
4413 
4414 static int AddressTestCutIPv404(void)
4415 {
4416  DetectAddress *a, *b, *c;
4417  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4418  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4419 
4420  if (DetectAddressCut(NULL, a, b, &c) == -1)
4421  goto error;
4422 
4423  if (c == NULL)
4424  goto error;
4425 
4426  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4427  goto error;
4428  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4429  goto error;
4430  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4431  goto error;
4432 
4433 
4434  DetectAddressFree(a);
4435  DetectAddressFree(b);
4436  DetectAddressFree(c);
4437  return 1;
4438 
4439 error:
4440  DetectAddressFree(a);
4441  DetectAddressFree(b);
4442  DetectAddressFree(c);
4443  return 0;
4444 }
4445 
4446 static int AddressTestCutIPv405(void)
4447 {
4448  DetectAddress *a, *b, *c;
4449  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4450  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4451 
4452  if (DetectAddressCut(NULL, a, b, &c) == -1)
4453  goto error;
4454 
4455  if (c == NULL)
4456  goto error;
4457 
4458  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4459  goto error;
4460  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4461  goto error;
4462  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4463  goto error;
4464 
4465  DetectAddressFree(a);
4466  DetectAddressFree(b);
4467  DetectAddressFree(c);
4468  return 1;
4469 
4470 error:
4471  DetectAddressFree(a);
4472  DetectAddressFree(b);
4473  DetectAddressFree(c);
4474  return 0;
4475 }
4476 
4477 static int AddressTestCutIPv406(void)
4478 {
4479  DetectAddress *a, *b, *c;
4480  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4481  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4482 
4483  if (DetectAddressCut(NULL, a, b, &c) == -1)
4484  goto error;
4485 
4486  if (c == NULL)
4487  goto error;
4488 
4489  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4490  goto error;
4491  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4492  goto error;
4493  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4494  goto error;
4495 
4496  DetectAddressFree(a);
4497  DetectAddressFree(b);
4498  DetectAddressFree(c);
4499  return 1;
4500 
4501 error:
4502  DetectAddressFree(a);
4503  DetectAddressFree(b);
4504  DetectAddressFree(c);
4505  return 0;
4506 }
4507 
4508 static int AddressTestCutIPv407(void)
4509 {
4510  DetectAddress *a, *b, *c;
4511  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4512  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4513 
4514  if (DetectAddressCut(NULL, a, b, &c) == -1)
4515  goto error;
4516 
4517  if (c != NULL)
4518  goto error;
4519 
4520  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4521  goto error;
4522  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4523  goto error;
4524 
4525  DetectAddressFree(a);
4526  DetectAddressFree(b);
4527  DetectAddressFree(c);
4528  return 1;
4529 
4530 error:
4531  DetectAddressFree(a);
4532  DetectAddressFree(b);
4533  DetectAddressFree(c);
4534  return 0;
4535 }
4536 
4537 static int AddressTestCutIPv408(void)
4538 {
4539  DetectAddress *a, *b, *c;
4540  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4541  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4542 
4543  if (DetectAddressCut(NULL, a, b, &c) == -1)
4544  goto error;
4545 
4546  if (c != NULL)
4547  goto error;
4548 
4549  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4550  goto error;
4551  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4552  goto error;
4553 
4554  DetectAddressFree(a);
4555  DetectAddressFree(b);
4556  DetectAddressFree(c);
4557  return 1;
4558 
4559 error:
4560  DetectAddressFree(a);
4561  DetectAddressFree(b);
4562  DetectAddressFree(c);
4563  return 0;
4564 }
4565 
4566 static int AddressTestCutIPv409(void)
4567 {
4568  DetectAddress *a, *b, *c;
4569  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4570  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4571 
4572  if (DetectAddressCut(NULL, a, b, &c) == -1)
4573  goto error;
4574 
4575  if (c != NULL)
4576  goto error;
4577 
4578  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4579  goto error;
4580  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4581  goto error;
4582 
4583  DetectAddressFree(a);
4584  DetectAddressFree(b);
4585  DetectAddressFree(c);
4586  return 1;
4587 
4588 error:
4589  DetectAddressFree(a);
4590  DetectAddressFree(b);
4591  DetectAddressFree(c);
4592  return 0;
4593 }
4594 
4595 static int AddressTestCutIPv410(void)
4596 {
4597  DetectAddress *a, *b, *c;
4598  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4599  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4600 
4601  if (DetectAddressCut(NULL, a, b, &c) == -1)
4602  goto error;
4603 
4604  if (c != NULL)
4605  goto error;
4606 
4607  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4608  goto error;
4609  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4610  goto error;
4611 
4612  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4613 
4614  DetectAddressFree(a);
4615  DetectAddressFree(b);
4616  DetectAddressFree(c);
4617  return 1;
4618 
4619 error:
4620  DetectAddressFree(a);
4621  DetectAddressFree(b);
4622  DetectAddressFree(c);
4623  return 0;
4624 }
4625 
4626 static int AddressTestParseInvalidMask01(void)
4627 {
4628  int result = 1;
4629  DetectAddress *dd = NULL;
4630 
4631  dd = DetectAddressParseSingle("192.168.2.0/33");
4632  if (dd != NULL) {
4633  DetectAddressFree(dd);
4634  result = 0;
4635  }
4636  return result;
4637 }
4638 
4639 static int AddressTestParseInvalidMask02(void)
4640 {
4641  int result = 1;
4642  DetectAddress *dd = NULL;
4643 
4644  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4645  if (dd != NULL) {
4646  DetectAddressFree(dd);
4647  result = 0;
4648  }
4649  return result;
4650 }
4651 
4652 static int AddressTestParseInvalidMask03(void)
4653 {
4654  int result = 1;
4655  DetectAddress *dd = NULL;
4656 
4657  dd = DetectAddressParseSingle("192.168.2.0/blue");
4658  if (dd != NULL) {
4659  DetectAddressFree(dd);
4660  result = 0;
4661  }
4662  return result;
4663 }
4664 
4665 static int AddressConfVarsTest01(void)
4666 {
4667  static const char *dummy_conf_string =
4668  "%YAML 1.1\n"
4669  "---\n"
4670  "\n"
4671  "vars:\n"
4672  "\n"
4673  " address-groups:\n"
4674  "\n"
4675  " HOME_NET: \"any\"\n"
4676  "\n"
4677  " EXTERNAL_NET: \"!any\"\n"
4678  "\n"
4679  " port-groups:\n"
4680  "\n"
4681  " HTTP_PORTS: \"any\"\n"
4682  "\n"
4683  " SHELLCODE_PORTS: \"!any\"\n"
4684  "\n";
4685 
4686  int result = 0;
4687 
4688  ConfCreateContextBackup();
4689  ConfInit();
4690  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4691 
4692  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4693  result = 1;
4694 
4695  ConfDeInit();
4696  ConfRestoreContextBackup();
4697 
4698  return result;
4699 }
4700 
4701 static int AddressConfVarsTest02(void)
4702 {
4703  static const char *dummy_conf_string =
4704  "%YAML 1.1\n"
4705  "---\n"
4706  "\n"
4707  "vars:\n"
4708  "\n"
4709  " address-groups:\n"
4710  "\n"
4711  " HOME_NET: \"any\"\n"
4712  "\n"
4713  " EXTERNAL_NET: \"any\"\n"
4714  "\n"
4715  " port-groups:\n"
4716  "\n"
4717  " HTTP_PORTS: \"any\"\n"
4718  "\n"
4719  " SHELLCODE_PORTS: \"!any\"\n"
4720  "\n";
4721 
4722  int result = 0;
4723 
4724  ConfCreateContextBackup();
4725  ConfInit();
4726  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4727 
4728  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4729  result = 1;
4730 
4731  ConfDeInit();
4732  ConfRestoreContextBackup();
4733 
4734  return result;
4735 }
4736 
4737 static int AddressConfVarsTest03(void)
4738 {
4739  static const char *dummy_conf_string =
4740  "%YAML 1.1\n"
4741  "---\n"
4742  "\n"
4743  "vars:\n"
4744  "\n"
4745  " address-groups:\n"
4746  "\n"
4747  " HOME_NET: \"any\"\n"
4748  "\n"
4749  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4750  "\n"
4751  " port-groups:\n"
4752  "\n"
4753  " HTTP_PORTS: \"any\"\n"
4754  "\n"
4755  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4756  "\n";
4757 
4758  int result = 0;
4759 
4760  ConfCreateContextBackup();
4761  ConfInit();
4762  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4763 
4764  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4765  result = 1;
4766 
4767  ConfDeInit();
4768  ConfRestoreContextBackup();
4769 
4770  return result;
4771 }
4772 
4773 static int AddressConfVarsTest04(void)
4774 {
4775  static const char *dummy_conf_string =
4776  "%YAML 1.1\n"
4777  "---\n"
4778  "\n"
4779  "vars:\n"
4780  "\n"
4781  " address-groups:\n"
4782  "\n"
4783  " HOME_NET: \"any\"\n"
4784  "\n"
4785  " EXTERNAL_NET: \"$HOME_NET\"\n"
4786  "\n"
4787  " port-groups:\n"
4788  "\n"
4789  " HTTP_PORTS: \"any\"\n"
4790  "\n"
4791  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4792  "\n";
4793 
4794  int result = 0;
4795 
4796  ConfCreateContextBackup();
4797  ConfInit();
4798  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4799 
4800  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4801  result = 1;
4802 
4803  ConfDeInit();
4804  ConfRestoreContextBackup();
4805 
4806  return result;
4807 }
4808 
4809 static int AddressConfVarsTest05(void)
4810 {
4811  static const char *dummy_conf_string =
4812  "%YAML 1.1\n"
4813  "---\n"
4814  "\n"
4815  "vars:\n"
4816  "\n"
4817  " address-groups:\n"
4818  "\n"
4819  " HOME_NET: \"any\"\n"
4820  "\n"
4821  " EXTERNAL_NET: [192.168.0.1]\n"
4822  "\n"
4823  " port-groups:\n"
4824  "\n"
4825  " HTTP_PORTS: \"any\"\n"
4826  "\n"
4827  " SHELLCODE_PORTS: [80]\n"
4828  "\n";
4829 
4830  int result = 0;
4831 
4832  ConfCreateContextBackup();
4833  ConfInit();
4834  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4835 
4836  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4837  goto end;
4838 
4839  result = 1;
4840 
4841  end:
4842  ConfDeInit();
4843  ConfRestoreContextBackup();
4844 
4845  return result;
4846 }
4847 
4848 static int AddressConfVarsTest06(void)
4849 {
4850  // HOME_NET value size = 10261 bytes
4851  static const char *dummy_conf_string =
4852  "%YAML 1.1\n"
4853  "---\n"
4854  "\n"
4855  "vars:\n"
4856  "\n"
4857  " address-groups:\n"
4858  "\n"
4859  " HOME_NET: "
4860  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4992  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4993  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4994  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4995  "\n"
4996  " EXTERNAL_NET: \"any\"\n"
4997  "\n";
4998 
4999  ConfCreateContextBackup();
5000  ConfInit();
5001  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
5002 
5003  FAIL_IF(0 != DetectAddressTestConfVars());
5004 
5005  ConfDeInit();
5006  ConfRestoreContextBackup();
5007 
5008  PASS;
5009 }
5010 
5011 #endif /* UNITTESTS */
5012 
5013 void DetectAddressTests(void)
5014 {
5015 #ifdef UNITTESTS
5016  DetectAddressIPv4Tests();
5017  DetectAddressIPv6Tests();
5018 
5019  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5020  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5021  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5022  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5023  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5024  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5025  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5026  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5027  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5028  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5029  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5030  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5031  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5032  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5033  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5034  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5035  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5036  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5037  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5038  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5039  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5040  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5041  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5042  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5043  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5044  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5045  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5046  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5047  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5048  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5049  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5050  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5051  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5052  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5053  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5054  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5055  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5056  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5057 
5058  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5059  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5060  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5061  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5062  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5063  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5064  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5065  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5066  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5067  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5068  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5069 
5070  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5071  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5072  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5073  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5074  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5075  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5076  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5077  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5078 
5079  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5080  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5081  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5082  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5083  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5084  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5085 
5086  UtRegisterTest("AddressTestAddressGroupSetup01",
5087  AddressTestAddressGroupSetup01);
5088  UtRegisterTest("AddressTestAddressGroupSetup02",
5089  AddressTestAddressGroupSetup02);
5090  UtRegisterTest("AddressTestAddressGroupSetup03",
5091  AddressTestAddressGroupSetup03);
5092  UtRegisterTest("AddressTestAddressGroupSetup04",
5093  AddressTestAddressGroupSetup04);
5094  UtRegisterTest("AddressTestAddressGroupSetup05",
5095  AddressTestAddressGroupSetup05);
5096  UtRegisterTest("AddressTestAddressGroupSetup06",
5097  AddressTestAddressGroupSetup06);
5098  UtRegisterTest("AddressTestAddressGroupSetup07",
5099  AddressTestAddressGroupSetup07);
5100  UtRegisterTest("AddressTestAddressGroupSetup08",
5101  AddressTestAddressGroupSetup08);
5102  UtRegisterTest("AddressTestAddressGroupSetup09",
5103  AddressTestAddressGroupSetup09);
5104  UtRegisterTest("AddressTestAddressGroupSetup10",
5105  AddressTestAddressGroupSetup10);
5106  UtRegisterTest("AddressTestAddressGroupSetup11",
5107  AddressTestAddressGroupSetup11);
5108  UtRegisterTest("AddressTestAddressGroupSetup12",
5109  AddressTestAddressGroupSetup12);
5110  UtRegisterTest("AddressTestAddressGroupSetup13",
5111  AddressTestAddressGroupSetup13);
5112  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5113  AddressTestAddressGroupSetupIPv414);
5114  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5115  AddressTestAddressGroupSetupIPv415);
5116  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5117  AddressTestAddressGroupSetupIPv416);
5118 
5119  UtRegisterTest("AddressTestAddressGroupSetup14",
5120  AddressTestAddressGroupSetup14);
5121  UtRegisterTest("AddressTestAddressGroupSetup15",
5122  AddressTestAddressGroupSetup15);
5123  UtRegisterTest("AddressTestAddressGroupSetup16",
5124  AddressTestAddressGroupSetup16);
5125  UtRegisterTest("AddressTestAddressGroupSetup17",
5126  AddressTestAddressGroupSetup17);
5127  UtRegisterTest("AddressTestAddressGroupSetup18",
5128  AddressTestAddressGroupSetup18);
5129  UtRegisterTest("AddressTestAddressGroupSetup19",
5130  AddressTestAddressGroupSetup19);
5131  UtRegisterTest("AddressTestAddressGroupSetup20",
5132  AddressTestAddressGroupSetup20);
5133  UtRegisterTest("AddressTestAddressGroupSetup21",
5134  AddressTestAddressGroupSetup21);
5135  UtRegisterTest("AddressTestAddressGroupSetup22",
5136  AddressTestAddressGroupSetup22);
5137  UtRegisterTest("AddressTestAddressGroupSetup23",
5138  AddressTestAddressGroupSetup23);
5139  UtRegisterTest("AddressTestAddressGroupSetup24",
5140  AddressTestAddressGroupSetup24);
5141  UtRegisterTest("AddressTestAddressGroupSetup25",
5142  AddressTestAddressGroupSetup25);
5143  UtRegisterTest("AddressTestAddressGroupSetup26",
5144  AddressTestAddressGroupSetup26);
5145 
5146  UtRegisterTest("AddressTestAddressGroupSetup27",
5147  AddressTestAddressGroupSetup27);
5148  UtRegisterTest("AddressTestAddressGroupSetup28",
5149  AddressTestAddressGroupSetup28);
5150  UtRegisterTest("AddressTestAddressGroupSetup29",
5151  AddressTestAddressGroupSetup29);
5152  UtRegisterTest("AddressTestAddressGroupSetup30",
5153  AddressTestAddressGroupSetup30);
5154  UtRegisterTest("AddressTestAddressGroupSetup31",
5155  AddressTestAddressGroupSetup31);
5156  UtRegisterTest("AddressTestAddressGroupSetup32",
5157  AddressTestAddressGroupSetup32);
5158  UtRegisterTest("AddressTestAddressGroupSetup33",
5159  AddressTestAddressGroupSetup33);
5160  UtRegisterTest("AddressTestAddressGroupSetup34",
5161  AddressTestAddressGroupSetup34);
5162  UtRegisterTest("AddressTestAddressGroupSetup35",
5163  AddressTestAddressGroupSetup35);
5164  UtRegisterTest("AddressTestAddressGroupSetup36",
5165  AddressTestAddressGroupSetup36);
5166  UtRegisterTest("AddressTestAddressGroupSetup37",
5167  AddressTestAddressGroupSetup37);
5168  UtRegisterTest("AddressTestAddressGroupSetup38",
5169  AddressTestAddressGroupSetup38);
5170  UtRegisterTest("AddressTestAddressGroupSetup39",
5171  AddressTestAddressGroupSetup39);
5172  UtRegisterTest("AddressTestAddressGroupSetup40",
5173  AddressTestAddressGroupSetup40);
5174  UtRegisterTest("AddressTestAddressGroupSetup41",
5175  AddressTestAddressGroupSetup41);
5176  UtRegisterTest("AddressTestAddressGroupSetup42",
5177  AddressTestAddressGroupSetup42);
5178  UtRegisterTest("AddressTestAddressGroupSetup43",
5179  AddressTestAddressGroupSetup43);
5180  UtRegisterTest("AddressTestAddressGroupSetup44",
5181  AddressTestAddressGroupSetup44);
5182  UtRegisterTest("AddressTestAddressGroupSetup45",
5183  AddressTestAddressGroupSetup45);
5184  UtRegisterTest("AddressTestAddressGroupSetup46",
5185  AddressTestAddressGroupSetup46);
5186  UtRegisterTest("AddressTestAddressGroupSetup47",
5187  AddressTestAddressGroupSetup47);
5188  UtRegisterTest("AddressTestAddressGroupSetup48",
5189  AddressTestAddressGroupSetup48);
5190 
5191  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5192  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5193  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5194  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5195  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5196  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5197  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5198  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5199  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5200  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5201 
5202  UtRegisterTest("AddressTestParseInvalidMask01",
5203  AddressTestParseInvalidMask01);
5204  UtRegisterTest("AddressTestParseInvalidMask02",
5205  AddressTestParseInvalidMask02);
5206  UtRegisterTest("AddressTestParseInvalidMask03",
5207  AddressTestParseInvalidMask03);
5208 
5209  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5210  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5211  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5212  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5213  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5214  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5215 #endif /* UNITTESTS */
5216 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:141
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1412
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1313
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:124
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1606
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:139
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
DetectAddressHead_
Definition: detect.h:154
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:128
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1491
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:55
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:130
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1359
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:811
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:253
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:126
Address_
Definition: decode.h:122
Address_::address
union Address_::@32 address
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1169
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1817
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:148
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:237
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1900
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:272
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:487
DetectAddress_::ip2
Address ip2
Definition: detect.h:142
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1051
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
turn 32 bit mask into CIDR
Definition: util-cidr.c:33
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:127
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:123
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:698
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:129
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
Flow_::next
struct Flow_ * next
Definition: flow.h:404
DetectAddressMap_
Definition: detect-engine-address.c:1310
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:156
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:80
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:125
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1639
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:964
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:710
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1348
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:184
str
#define str(s)
Definition: suricata-common.h:272
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1899
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1312
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:394
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:150
DetectMatchAddressIPv6_
Definition: detect.h:165
DetectMatchAddressIPv4_
Definition: detect.h:160
Address_::family
char family
Definition: decode.h:123
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1452
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1901
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:137
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:145
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1579
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:155
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1311
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162