suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
128 {
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 /**
140  * \brief Frees a list of DetectAddress instances.
141  *
142  * \param head Pointer to a list of DetectAddress instances to be freed.
143  */
145 {
146  for (DetectAddress *cur = head; cur != NULL; ) {
147  DetectAddress *next = cur->next;
148  cur->next = NULL;
149  DetectAddressFree(cur);
150  cur = next;
151  }
152 }
153 
154 /**
155  * \internal
156  * \brief Helper function for DetectAddressInsert. Sets one of the
157  * DetectAddressHead head pointers, to the DetectAddress argument
158  * based on its address family.
159  *
160  * \param gh Pointer to the DetectAddressHead.
161  * \param newhead Pointer to the DetectAddress.
162  *
163  * \retval 0 On success.
164  * \retval -1 On failure.
165  */
166 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
167 {
168  if (newhead->ip.family == AF_INET) {
169  gh->ipv4_head = newhead;
170  } else if (newhead->ip.family == AF_INET6) {
171  gh->ipv6_head = newhead;
172  } else {
173  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
174  return -1;
175  }
176 
177  return 0;
178 }
179 
180 /**
181  * \internal
182  * \brief Returns the DetectAddress head from the DetectAddressHeads,
183  * based on the address family of the incoming DetectAddress arg.
184  *
185  * \param gh Pointer to the DetectAddressHead.
186  * \param new Pointer to the DetectAddress.
187  *
188  * \retval head Pointer to the DetectAddress(the head from
189  * DetectAddressHead).
190  */
191 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
192 {
193  DetectAddress *head = NULL;
194 
195  if (new->ip.family == AF_INET)
196  head = gh->ipv4_head;
197  else if (new->ip.family == AF_INET6)
198  head = gh->ipv6_head;
199 
200  return head;
201 }
202 
203 /**
204  * \internal
205  * \brief insert DetectAddress into a DetectAddressHead
206  *
207  * \param de_ctx Pointer to the detection engine context.
208  * \param gh Pointer to the DetectAddressHead list to which it has to
209  * be inserted.
210  * \param new Pointer to the DetectAddress, that has to be inserted.
211  *
212  * \retval 1 On successfully inserting it.
213  * \retval -1 On error.
214  * \retval 0 Not inserted, memory of new is freed.
215  */
216 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
217  DetectAddress *new)
218 {
219  DetectAddress *head = NULL;
220  DetectAddress *cur = NULL;
221  DetectAddress *c = NULL;
222  int r = 0;
223 
224  if (new == NULL)
225  return 0;
226 
227  /* get our head ptr based on the address we want to insert */
228  head = GetHeadPtr(gh, new);
229 
230  /* see if it already exists or overlaps with existing ag's */
231  if (head != NULL) {
232  cur = NULL;
233 
234  for (cur = head; cur != NULL; cur = cur->next) {
235  r = DetectAddressCmp(new, cur);
236  BUG_ON(r == ADDRESS_ER);
237 
238  /* if so, handle that */
239  if (r == ADDRESS_EQ) {
240  /* exact overlap/match */
241  if (cur != new) {
242  DetectAddressFree(new);
243  return 0;
244  }
245 
246  return 1;
247  } else if (r == ADDRESS_GT) {
248  /* only add it now if we are bigger than the last group.
249  * Otherwise we'll handle it later. */
250  if (cur->next == NULL) {
251  /* put in the list */
252  new->prev = cur;
253  cur->next = new;
254 
255  return 1;
256  }
257  } else if (r == ADDRESS_LT) {
258  /* see if we need to insert the ag anywhere put in the list */
259  if (cur->prev != NULL)
260  cur->prev->next = new;
261  new->prev = cur->prev;
262  new->next = cur;
263  cur->prev = new;
264 
265  /* update head if required */
266  if (head == cur) {
267  head = new;
268 
269  if (SetHeadPtr(gh, head) < 0)
270  goto error;
271  }
272 
273  return 1;
274  /* alright, those were the simple cases, lets handle the more
275  * complex ones now */
276  } else if (r == ADDRESS_ES) {
277  c = NULL;
278  r = DetectAddressCut(de_ctx, cur, new, &c);
279  if (r == -1)
280  goto error;
281 
282  DetectAddressInsert(de_ctx, gh, new);
283  if (c != NULL)
284  DetectAddressInsert(de_ctx, gh, c);
285 
286  return 1;
287  } else if (r == ADDRESS_EB) {
288  c = NULL;
289  r = DetectAddressCut(de_ctx, cur, new, &c);
290  if (r == -1)
291  goto error;
292 
293  DetectAddressInsert(de_ctx, gh, new);
294  if (c != NULL)
295  DetectAddressInsert(de_ctx, gh, c);
296 
297  return 1;
298  } else if (r == ADDRESS_LE) {
299  c = NULL;
300  r = DetectAddressCut(de_ctx, cur, new, &c);
301  if (r == -1)
302  goto error;
303 
304  DetectAddressInsert(de_ctx, gh, new);
305  if (c != NULL)
306  DetectAddressInsert(de_ctx, gh, c);
307 
308  return 1;
309  } else if (r == ADDRESS_GE) {
310  c = NULL;
311  r = DetectAddressCut(de_ctx, cur,new,&c);
312  if (r == -1)
313  goto error;
314 
315  DetectAddressInsert(de_ctx, gh, new);
316  if (c != NULL)
317  DetectAddressInsert(de_ctx, gh, c);
318 
319  return 1;
320  }
321  }
322 
323  /* head is NULL, so get a group and set head to it */
324  } else {
325  head = new;
326  if (SetHeadPtr(gh, head) < 0) {
327  SCLogDebug("SetHeadPtr failed");
328  goto error;
329  }
330  }
331 
332  return 1;
333 
334 error:
335  /* XXX */
336  return -1;
337 }
338 
339 /**
340  * \brief Checks if two address group lists are equal.
341  *
342  * \param list1 Pointer to the first address group list.
343  * \param list2 Pointer to the second address group list.
344  *
345  * \retval true On success.
346  * \retval false On failure.
347  */
349 {
350  DetectAddress *item = list1;
351  DetectAddress *it = list2;
352 
353  // First, compare items one by one.
354  while (item != NULL && it != NULL) {
355  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
356  return false;
357  }
358 
359  item = item->next;
360  it = it->next;
361  }
362 
363  // Are the lists of the same size?
364  if (!(item == NULL && it == NULL)) {
365  return false;
366  }
367 
368  return true;
369 }
370 
371 /**
372  * \internal
373  * \brief Parses an ipv4/ipv6 address string and updates the result into the
374  * DetectAddress instance sent as the argument.
375  *
376  * \param dd Pointer to the DetectAddress instance which should be updated with
377  * the address range details from the parsed ip string.
378  * \param str Pointer to address string that has to be parsed.
379  *
380  * \retval 0 On successfully parsing the address string.
381  * \retval -1 On failure.
382  */
383 static int DetectAddressParseString(DetectAddress *dd, const char *str)
384 {
385  char *ip = NULL;
386  char *ip2 = NULL;
387  char *mask = NULL;
388  int r = 0;
389  char ipstr[256];
390 
391  /* shouldn't see 'any' here */
392  BUG_ON(strcasecmp(str, "any") == 0);
393 
394  strlcpy(ipstr, str, sizeof(ipstr));
395  SCLogDebug("str %s", str);
396 
397  /* we work with a copy so that we can put a
398  * nul-termination in it later */
399  ip = ipstr;
400 
401  /* handle the negation case */
402  if (ip[0] == '!') {
403  dd->flags |= ADDRESS_FLAG_NOT;
404  ip++;
405  }
406 
407  /* see if the address is an ipv4 or ipv6 address */
408  if ((strchr(str, ':')) == NULL) {
409  /* IPv4 Address */
410  struct in_addr in;
411 
412  dd->ip.family = AF_INET;
413 
414  if ((mask = strchr(ip, '/')) != NULL) {
415  /* 1.2.3.4/xxx format (either dotted or cidr notation */
416  ip[mask - ip] = '\0';
417  mask++;
418  uint32_t ip4addr = 0;
419  uint32_t netmask = 0;
420 
421  if ((strchr (mask, '.')) == NULL) {
422  /* 1.2.3.4/24 format */
423 
424  for (size_t u = 0; u < strlen(mask); u++) {
425  if(!isdigit((unsigned char)mask[u]))
426  goto error;
427  }
428 
429  int cidr;
430  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
431  goto error;
432  netmask = CIDRGet(cidr);
433  } else {
434  /* 1.2.3.4/255.255.255.0 format */
435  r = inet_pton(AF_INET, mask, &in);
436  if (r <= 0)
437  goto error;
438 
439  netmask = in.s_addr;
440 
441  /* validate netmask */
442  int cidr = CIDRFromMask(netmask);
443  if (cidr < 0) {
444  SCLogError(
445  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
446  "CIDR notation are supported. See ticket #5168.",
447  mask);
448  goto error;
449  }
450  }
451 
452  r = inet_pton(AF_INET, ip, &in);
453  if (r <= 0)
454  goto error;
455 
456  ip4addr = in.s_addr;
457 
458  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
459  dd->ip2.addr_data32[0] |=~ netmask;
460  } else if ((ip2 = strchr(ip, '-')) != NULL) {
461  /* 1.2.3.4-1.2.3.6 range format */
462  ip[ip2 - ip] = '\0';
463  ip2++;
464 
465  r = inet_pton(AF_INET, ip, &in);
466  if (r <= 0)
467  goto error;
468  dd->ip.addr_data32[0] = in.s_addr;
469 
470  r = inet_pton(AF_INET, ip2, &in);
471  if (r <= 0)
472  goto error;
473  dd->ip2.addr_data32[0] = in.s_addr;
474 
475  /* a > b is illegal, a = b is ok */
476  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
477  goto error;
478  } else {
479  /* 1.2.3.4 format */
480  r = inet_pton(AF_INET, ip, &in);
481  if (r <= 0)
482  goto error;
483  /* single host */
484  dd->ip.addr_data32[0] = in.s_addr;
485  dd->ip2.addr_data32[0] = in.s_addr;
486  }
487  } else {
488  /* IPv6 Address */
489  struct in6_addr in6, mask6;
490  uint32_t ip6addr[4], netmask[4];
491 
492  dd->ip.family = AF_INET6;
493 
494  if ((mask = strchr(ip, '/')) != NULL) {
495  ip[mask - ip] = '\0';
496  mask++;
497 
498  int cidr;
499  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
500  goto error;
501 
502  r = inet_pton(AF_INET6, ip, &in6);
503  if (r <= 0)
504  goto error;
505  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
506 
507  CIDRGetIPv6(cidr, &mask6);
508  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
509 
510  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
511  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
512  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
513  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
514 
515  dd->ip2.addr_data32[0] |=~ netmask[0];
516  dd->ip2.addr_data32[1] |=~ netmask[1];
517  dd->ip2.addr_data32[2] |=~ netmask[2];
518  dd->ip2.addr_data32[3] |=~ netmask[3];
519  } else if ((ip2 = strchr(ip, '-')) != NULL) {
520  /* 2001::1-2001::4 range format */
521  ip[ip2 - ip] = '\0';
522  ip2++;
523 
524  r = inet_pton(AF_INET6, ip, &in6);
525  if (r <= 0)
526  goto error;
527  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
528 
529  r = inet_pton(AF_INET6, ip2, &in6);
530  if (r <= 0)
531  goto error;
532  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
533 
534  /* a > b is illegal, a=b is ok */
535  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
536  goto error;
537  } else {
538  r = inet_pton(AF_INET6, ip, &in6);
539  if (r <= 0)
540  goto error;
541 
542  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
543  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
544  }
545 
546  }
547 
548  BUG_ON(dd->ip.family == 0);
549 
550  return 0;
551 
552 error:
553  return -1;
554 }
555 
556 /**
557  * \internal
558  * \brief Simply parse an address and return a DetectAddress instance containing
559  * the address ranges of the parsed ip addressstring
560  *
561  * \param str Pointer to a character string containing the ip address
562  *
563  * \retval dd Pointer to the DetectAddress instance containing the address
564  * range details from the parsed ip string
565  */
566 static DetectAddress *DetectAddressParseSingle(const char *str)
567 {
568  SCLogDebug("str %s", str);
569 
571  if (dd == NULL)
572  return NULL;
573 
574  if (DetectAddressParseString(dd, str) < 0) {
575  SCLogDebug("AddressParse failed");
576  DetectAddressFree(dd);
577  return NULL;
578  }
579 
580  return dd;
581 }
582 
583 /**
584  * \brief Setup a single address string, parse it and add the resulting
585  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
586  *
587  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
588  * resulting Address-Range(s) from the parsed ip string has to
589  * be added.
590  * \param s Pointer to the ip address string to be parsed.
591  *
592  * \retval 0 On success.
593  * \retval -1 On failure.
594  */
595 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
596 {
597  SCLogDebug("gh %p, s %s", gh, s);
598 
599  while (*s != '\0' && isspace(*s))
600  s++;
601 
602  if (strcasecmp(s, "any") == 0) {
603  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
604 
605  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
606  if (ad == NULL)
607  return -1;
608 
609  BUG_ON(ad->ip.family == 0);
610 
611  if (DetectAddressInsert(NULL, gh, ad) < 0) {
612  SCLogDebug("DetectAddressInsert failed");
613  DetectAddressFree(ad);
614  return -1;
615  }
616 
617  ad = DetectAddressParseSingle("::/0");
618  if (ad == NULL)
619  return -1;
620 
621  BUG_ON(ad->ip.family == 0);
622 
623  if (DetectAddressInsert(NULL, gh, ad) < 0) {
624  SCLogDebug("DetectAddressInsert failed");
625  DetectAddressFree(ad);
626  return -1;
627  }
628  return 0;
629  }
630 
631  /* parse the address */
632  DetectAddress *ad = DetectAddressParseSingle(s);
633  if (ad == NULL) {
634  SCLogError("failed to parse address \"%s\"", s);
635  return -1;
636  }
637 
638  /* handle the not case, we apply the negation then insert the part(s) */
639  if (ad->flags & ADDRESS_FLAG_NOT) {
640  DetectAddress *ad2 = NULL;
641 
642  if (DetectAddressCutNot(ad, &ad2) < 0) {
643  SCLogDebug("DetectAddressCutNot failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647 
648  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
649  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
650  if (ad2 != NULL) {
651  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
652  SCLogDebug("DetectAddressInsert failed");
653  DetectAddressFree(ad);
654  DetectAddressFree(ad2);
655  return -1;
656  }
657  }
658  }
659 
660  int r = DetectAddressInsert(NULL, gh, ad);
661  if (r < 0) {
662  SCLogDebug("DetectAddressInsert failed");
663  DetectAddressFree(ad);
664  return -1;
665  }
666  SCLogDebug("r %d",r);
667  return 0;
668 }
669 
670 /**
671  * \brief Parses an address string and updates the 2 address heads with the
672  * address data.
673  *
674  * Note that this function should only be called by the wrapping function
675  * DetectAddressParse2. The wrapping function provides long address handling
676  * when the address size exceeds a threshold value.
677  *
678  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
679  * since we pass around negate without keeping a count of ! with depth.
680  * Can solve this by keeping a count of the negations with depth, so that
681  * an even no of negations would count as no negation and an odd no of
682  * negations would count as a negation.
683  *
684  * \param gh Pointer to the address head that should hold address ranges
685  * that are not negated.
686  * \param ghn Pointer to the address head that should hold address ranges
687  * that are negated.
688  * \param s Pointer to the character string holding the address to be
689  * parsed.
690  * \param negate Flag that indicates if the received address string is negated
691  * or not. 0 if it is not, 1 it it is.
692  *
693  * \retval 0 On successfully parsing.
694  * \retval -1 On failure.
695  */
696 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
697  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
698  int recur, char *address, size_t address_length)
699 {
700  size_t x = 0;
701  size_t u = 0;
702  int o_set = 0, n_set = 0, d_set = 0;
703  int depth = 0;
704  const char *rule_var_address = NULL;
705  char *temp_rule_var_address = NULL;
706 
707  if (++recur > 64) {
708  SCLogError("address block recursion "
709  "limit reached (max 64)");
710  goto error;
711  }
712 
713  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
714 
715  size_t size = strlen(s);
716  for (u = 0, x = 0; u < size && x < address_length; u++) {
717  if (x == (address_length - 1)) {
718  SCLogError("Hit the address buffer"
719  " limit for the supplied address. Invalidating sig. "
720  "Please file a bug report on this.");
721  goto error;
722  }
723  address[x] = s[u];
724  x++;
725 
726  if (!o_set && s[u] == '!') {
727  n_set = 1;
728  x--;
729  } else if (s[u] == '[') {
730  if (!o_set) {
731  o_set = 1;
732  x = 0;
733  }
734  depth++;
735  } else if (s[u] == ']') {
736  if (depth == 1) {
737  address[x - 1] = '\0';
738  x = 0;
739  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
740  if (((negate + n_set) % 2) == 0) {
741  /* normal block */
742  SCLogDebug("normal block");
743 
744  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
745  goto error;
746  } else {
747  /* negated block
748  *
749  * Extra steps are necessary. First consider it as a normal
750  * (non-negated) range. Merge the + and - ranges if
751  * applicable. Then insert the result into the ghn list. */
752  SCLogDebug("negated block");
753 
754  DetectAddressHead tmp_gh = { NULL, NULL };
755  DetectAddressHead tmp_ghn = { NULL, NULL };
756 
757  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
758  DetectAddressHeadCleanup(&tmp_gh);
759  DetectAddressHeadCleanup(&tmp_ghn);
760  goto error;
761  }
762 
763  DetectAddress *tmp_ad;
764  DetectAddress *tmp_ad2;
765 #ifdef DEBUG
766  SCLogDebug("tmp_gh: IPv4");
767  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
768  DetectAddressPrint(tmp_ad);
769  }
770  SCLogDebug("tmp_ghn: IPv4");
771  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
772  DetectAddressPrint(tmp_ad);
773  }
774  SCLogDebug("tmp_gh: IPv6");
775  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
776  DetectAddressPrint(tmp_ad);
777  }
778  SCLogDebug("tmp_ghn: IPv6");
779  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
780  DetectAddressPrint(tmp_ad);
781  }
782 #endif
783  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
784  DetectAddressHeadCleanup(&tmp_ghn);
785  DetectAddressHeadCleanup(&tmp_gh);
786  goto error;
787  }
788  DetectAddressHeadCleanup(&tmp_ghn);
789 
790  SCLogDebug("merged successfully");
791 
792  /* insert the IPv4 addresses into the negated list */
793  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
794  /* work with a copy of the address group */
795  tmp_ad2 = DetectAddressCopy(tmp_ad);
796  if (tmp_ad2 == NULL) {
797  SCLogDebug("DetectAddressCopy failed");
798  DetectAddressHeadCleanup(&tmp_gh);
799  goto error;
800  }
801  DetectAddressPrint(tmp_ad2);
802  DetectAddressInsert(NULL, ghn, tmp_ad2);
803  }
804 
805  /* insert the IPv6 addresses into the negated list */
806  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
807  /* work with a copy of the address group */
808  tmp_ad2 = DetectAddressCopy(tmp_ad);
809  if (tmp_ad2 == NULL) {
810  SCLogDebug("DetectAddressCopy failed");
811  DetectAddressHeadCleanup(&tmp_gh);
812  goto error;
813  }
814  DetectAddressPrint(tmp_ad2);
815  DetectAddressInsert(NULL, ghn, tmp_ad2);
816  }
817 
818  DetectAddressHeadCleanup(&tmp_gh);
819  }
820  n_set = 0;
821  }
822  depth--;
823  } else if (depth == 0 && s[u] == ',') {
824  if (o_set == 1) {
825  o_set = 0;
826  } else if (d_set == 1) {
827  address[x - 1] = '\0';
828 
829  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
831  if (rule_var_address == NULL)
832  goto error;
833 
834  if (strlen(rule_var_address) == 0) {
835  SCLogError("variable %s resolved "
836  "to nothing. This is likely a misconfiguration. "
837  "Note that a negated address needs to be quoted, "
838  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
839  s);
840  goto error;
841  }
842 
843  SCLogDebug("rule_var_address %s", rule_var_address);
844  if ((negate + n_set) % 2) {
845  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
846  const size_t str_size = strlen(rule_var_address) + 3 + 1;
847  temp_rule_var_address = SCMalloc(str_size);
848  if (unlikely(temp_rule_var_address == NULL))
849  goto error;
850  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
851  } else {
852  temp_rule_var_address = SCStrdup(rule_var_address);
853  if (unlikely(temp_rule_var_address == NULL))
854  goto error;
855  }
856 
857  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
858  (negate + n_set) % 2, var_list, recur) < 0) {
859  if (temp_rule_var_address != rule_var_address)
860  SCFree(temp_rule_var_address);
861  goto error;
862  }
863  d_set = 0;
864  n_set = 0;
865  SCFree(temp_rule_var_address);
866  } else {
867  address[x - 1] = '\0';
868 
869  if (!((negate + n_set) % 2)) {
870  SCLogDebug("DetectAddressSetup into gh, %s", address);
871  if (DetectAddressSetup(gh, address) < 0)
872  goto error;
873  } else {
874  SCLogDebug("DetectAddressSetup into ghn, %s", address);
875  if (DetectAddressSetup(ghn, address) < 0)
876  goto error;
877  }
878  n_set = 0;
879  }
880  x = 0;
881  } else if (depth == 0 && s[u] == '$') {
882  d_set = 1;
883  } else if (depth == 0 && u == size - 1) {
884  if (x == address_length) {
885  address[x - 1] = '\0';
886  } else {
887  address[x] = '\0';
888  }
889  x = 0;
890 
891  if (AddVariableToResolveList(var_list, address) == -1) {
892  SCLogError("Found a loop in a address "
893  "groups declaration. This is likely a misconfiguration.");
894  goto error;
895  }
896 
897  if (d_set == 1) {
898  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
900  if (rule_var_address == NULL)
901  goto error;
902 
903  if (strlen(rule_var_address) == 0) {
904  SCLogError("variable %s resolved "
905  "to nothing. This is likely a misconfiguration. "
906  "Note that a negated address needs to be quoted, "
907  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
908  s);
909  goto error;
910  }
911 
912  SCLogDebug("rule_var_address %s", rule_var_address);
913  if ((negate + n_set) % 2) {
914  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
915  const size_t str_size = strlen(rule_var_address) + 3 + 1;
916  temp_rule_var_address = SCMalloc(str_size);
917  if (unlikely(temp_rule_var_address == NULL))
918  goto error;
919  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
920  } else {
921  temp_rule_var_address = SCStrdup(rule_var_address);
922  if (unlikely(temp_rule_var_address == NULL))
923  goto error;
924  }
925 
926  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
927  (negate + n_set) % 2, var_list, recur) < 0) {
928  SCLogDebug("DetectAddressParse2 hates us");
929  if (temp_rule_var_address != rule_var_address)
930  SCFree(temp_rule_var_address);
931  goto error;
932  }
933  d_set = 0;
934  SCFree(temp_rule_var_address);
935  } else {
936  if (!((negate + n_set) % 2)) {
937  SCLogDebug("DetectAddressSetup into gh, %s", address);
938  if (DetectAddressSetup(gh, address) < 0) {
939  SCLogDebug("DetectAddressSetup gh fail");
940  goto error;
941  }
942  } else {
943  SCLogDebug("DetectAddressSetup into ghn, %s", address);
944  if (DetectAddressSetup(ghn, address) < 0) {
945  SCLogDebug("DetectAddressSetup ghn fail");
946  goto error;
947  }
948  }
949  }
950  n_set = 0;
951  }
952  }
953  if (depth > 0) {
954  SCLogError("not every address block was "
955  "properly closed in \"%s\", %d missing closing brackets (]). "
956  "Note: problem might be in a variable.",
957  s, depth);
958  goto error;
959  } else if (depth < 0) {
960  SCLogError("not every address block was "
961  "properly opened in \"%s\", %d missing opening brackets ([). "
962  "Note: problem might be in a variable.",
963  s, depth * -1);
964  goto error;
965  }
966 
967  return 0;
968 
969 error:
970 
971  return -1;
972 }
973 
974 /**
975  * \internal
976  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
977  *
978  * \retval Return value from DetectAddressParseInternal
979  */
980 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
981  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
982  int recur)
983 {
984  int rc;
985 #define MAX_ADDRESS_LENGTH 8192
986 
987  size_t address_length = strlen(s);
988  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
989  char *address = SCCalloc(1, address_length);
990  if (address == NULL) {
991  SCLogError("Unable to allocate"
992  " memory for address parsing.");
993  return -1;
994  }
995  rc = DetectAddressParseInternal(
996  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
997  SCFree(address);
998  } else {
999  char address[MAX_ADDRESS_LENGTH] = "";
1000  rc = DetectAddressParseInternal(
1001  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1002  }
1003  return rc;
1004 }
1005 
1006 /**
1007  * \internal
1008  * \brief See if the addresses and ranges in an address head cover the
1009  * entire ip space.
1010  *
1011  * \param gh Pointer to the DetectAddressHead to check.
1012  *
1013  * \retval 0 No.
1014  * \retval 1 Yes.
1015  *
1016  * \todo do the same for IPv6
1017  */
1018 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1019 {
1021  if (r == 1)
1022  return 1;
1023 
1024  return 0;
1025 }
1026 
1027 /**
1028  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1029  *
1030  * \param gh Pointer to the address head containing the non-NOT groups.
1031  * \param ghn Pointer to the address head containing the NOT groups.
1032  *
1033  * \retval 0 On success.
1034  * \retval -1 On failure.
1035  */
1037 {
1038  DetectAddress *ad;
1039  DetectAddress *ag, *ag2;
1040  int r = 0;
1041 
1042  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1043  ghn->ipv4_head);
1044 
1045  /* check if the negated list covers the entire ip space. If so
1046  * the user screwed up the rules/vars. */
1047  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1048  SCLogError("Complete IP space negated. "
1049  "Rule address range is NIL. Probably have a !any or "
1050  "an address range that supplies a NULL address range");
1051  goto error;
1052  }
1053 
1054  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1055  * not thingy. In that case we add a 0.0.0.0/0 first. */
1056  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1057  r = DetectAddressSetup(gh, "0.0.0.0/0");
1058  if (r < 0) {
1059  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1060  goto error;
1061  }
1062  }
1063  /* ... or ::/0 for ipv6 */
1064  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1065  r = DetectAddressSetup(gh, "::/0");
1066  if (r < 0) {
1067  SCLogDebug("DetectAddressSetup for ::/0 failed");
1068  goto error;
1069  }
1070  }
1071 
1072  /* step 1: insert our ghn members into the gh list */
1073  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1074  /* work with a copy of the ad so we can easily clean up the ghn group
1075  * later. */
1076  ad = DetectAddressCopy(ag);
1077  if (ad == NULL) {
1078  SCLogDebug("DetectAddressCopy failed");
1079  goto error;
1080  }
1081 
1082  r = DetectAddressInsert(NULL, gh, ad);
1083  if (r < 0) {
1084  SCLogDebug("DetectAddressInsert failed");
1085  goto error;
1086  }
1087  }
1088  /* ... and the same for ipv6 */
1089  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1090  /* work with a copy of the ad so we can easily clean up the ghn group
1091  * later. */
1092  ad = DetectAddressCopy(ag);
1093  if (ad == NULL) {
1094  SCLogDebug("DetectAddressCopy failed");
1095  goto error;
1096  }
1097 
1098  r = DetectAddressInsert(NULL, gh, ad);
1099  if (r < 0) {
1100  SCLogDebug("DetectAddressInsert failed");
1101  goto error;
1102  }
1103  }
1104 #ifdef DEBUG
1105  DetectAddress *tmp_ad;
1106  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1107  DetectAddressPrint(tmp_ad);
1108  }
1109 #endif
1110  int ipv4_applied = 0;
1111  int ipv6_applied = 0;
1112 
1113  /* step 2: pull the address blocks that match our 'not' blocks */
1114  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1115  SCLogDebug("ag %p", ag);
1116  DetectAddressPrint(ag);
1117 
1118  int applied = 0;
1119  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1120  SCLogDebug("ag2 %p", ag2);
1121  DetectAddressPrint(ag2);
1122 
1123  r = DetectAddressCmp(ag, ag2);
1124  /* XXX more ??? */
1125  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1126  if (ag2->prev != NULL)
1127  ag2->prev->next = ag2->next;
1128  if (ag2->next != NULL)
1129  ag2->next->prev = ag2->prev;
1130  if (gh->ipv4_head == ag2)
1131  gh->ipv4_head = ag2->next;
1132  /* store the next ptr and remove the group */
1133  DetectAddress *next_ag2 = ag2->next;
1134  DetectAddressFree(ag2);
1135  ag2 = next_ag2;
1136  applied = 1;
1137  } else {
1138  ag2 = ag2->next;
1139  }
1140  }
1141 
1142  if (applied) {
1143  ipv4_applied++;
1144  }
1145  }
1146  /* ... and the same for ipv6 */
1147  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1148  int applied = 0;
1149  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1150  r = DetectAddressCmp(ag, ag2);
1151  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1152  if (ag2->prev != NULL)
1153  ag2->prev->next = ag2->next;
1154  if (ag2->next != NULL)
1155  ag2->next->prev = ag2->prev;
1156  if (gh->ipv6_head == ag2)
1157  gh->ipv6_head = ag2->next;
1158  /* store the next ptr and remove the group */
1159  DetectAddress *next_ag2 = ag2->next;
1160  DetectAddressFree(ag2);
1161  ag2 = next_ag2;
1162 
1163  SCLogDebug("applied");
1164  applied = 1;
1165  } else {
1166  ag2 = ag2->next;
1167  }
1168  }
1169  if (applied) {
1170  ipv6_applied++;
1171  }
1172  }
1173 #ifdef DEBUG
1174  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1175  DetectAddressPrint(tmp_ad);
1176  }
1177  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1178  DetectAddressPrint(tmp_ad);
1179  }
1180 #endif
1181  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1182  int cnt = 0;
1183  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1184  cnt++;
1185 
1186  if (ipv4_applied != cnt) {
1187  SCLogError("not all IPv4 negations "
1188  "could be applied: %d != %d",
1189  cnt, ipv4_applied);
1190  goto error;
1191  }
1192 
1193  cnt = 0;
1194  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1195  cnt++;
1196 
1197  if (ipv6_applied != cnt) {
1198  SCLogError("not all IPv6 negations "
1199  "could be applied: %d != %d",
1200  cnt, ipv6_applied);
1201  goto error;
1202  }
1203  }
1204 
1205  /* if the result is that we have no addresses we return error */
1206  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1207  SCLogError("no addresses left after "
1208  "merging addresses and negated addresses");
1209  goto error;
1210  }
1211 
1212  return 0;
1213 
1214 error:
1215  return -1;
1216 }
1217 
1219 {
1220  SCLogDebug("Testing address conf vars for any misconfigured values");
1221 
1222  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1223 
1224  SCConfNode *address_vars_node = SCConfGetNode("vars.address-groups");
1225  if (address_vars_node == NULL) {
1226  return 0;
1227  }
1228 
1229  DetectAddressHead *gh = NULL;
1230  DetectAddressHead *ghn = NULL;
1231 
1232  SCConfNode *seq_node;
1233  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1234  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1235 
1236  gh = DetectAddressHeadInit();
1237  if (gh == NULL) {
1238  goto error;
1239  }
1240  ghn = DetectAddressHeadInit();
1241  if (ghn == NULL) {
1242  goto error;
1243  }
1244 
1245  if (seq_node->val == NULL) {
1246  SCLogError("Address var \"%s\" probably has a sequence(something "
1247  "in brackets) value set without any quotes. Please "
1248  "quote it using \"..\".",
1249  seq_node->name);
1250  goto error;
1251  }
1252 
1253  int r = DetectAddressParse2(
1254  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1255 
1256  CleanVariableResolveList(&var_list);
1257 
1258  if (r < 0) {
1259  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1260  "Please check its syntax",
1261  seq_node->name, seq_node->val);
1262  goto error;
1263  }
1264 
1265  if (DetectAddressIsCompleteIPSpace(ghn)) {
1266  SCLogError("address var - \"%s\" has the complete IP space negated "
1267  "with its value \"%s\". Rule address range is NIL. "
1268  "Probably have a !any or an address range that supplies "
1269  "a NULL address range",
1270  seq_node->name, seq_node->val);
1271  goto error;
1272  }
1273 
1274  DetectAddressHeadFree(gh);
1275  DetectAddressHeadFree(ghn);
1276  ghn = NULL;
1277  }
1278 
1279  return 0;
1280  error:
1281  if (gh != NULL)
1282  DetectAddressHeadFree(gh);
1283  if (ghn != NULL)
1284  DetectAddressHeadFree(ghn);
1285  return -1;
1286 }
1287 
1288 #include "util-hash-lookup3.h"
1289 
1290 typedef struct DetectAddressMap_ {
1291  char *string;
1295 
1296 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1297 {
1298  const DetectAddressMap *map = (DetectAddressMap *)data;
1299  uint32_t hash = 0;
1300 
1301  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1302  hash %= ht->array_size;
1303 
1304  return hash;
1305 }
1306 
1307 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1308  uint16_t len2)
1309 {
1310  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1311  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1312 
1313  char r = (strcmp(map1->string, map2->string) == 0);
1314  return r;
1315 }
1316 
1317 static void DetectAddressMapFreeFunc(void *data)
1318 {
1319  DetectAddressMap *map = (DetectAddressMap *)data;
1320  if (map != NULL) {
1321  DetectAddressHeadFree(map->address);
1322  SCFree(map->string);
1323  }
1324  SCFree(map);
1325 }
1326 
1328 {
1329  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1330  DetectAddressMapCompareFunc,
1331  DetectAddressMapFreeFunc);
1332  if (de_ctx->address_table == NULL)
1333  return -1;
1334 
1335  return 0;
1336 }
1337 
1339 {
1340  if (de_ctx->address_table == NULL)
1341  return;
1342 
1344  de_ctx->address_table = NULL;
1345 }
1346 
1347 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1348  DetectAddressHead *address, bool contains_negation)
1349 {
1350  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1351  if (map == NULL)
1352  return false;
1353 
1354  map->string = SCStrdup(string);
1355  if (map->string == NULL) {
1356  SCFree(map);
1357  return false;
1358  }
1359  map->address = address;
1360  map->contains_negation = contains_negation;
1361 
1362  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1363  SCFree(map->string);
1364  SCFree(map);
1365  return false;
1366  }
1367 
1368  return true;
1369 }
1370 
1371 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1372  const char *string)
1373 {
1374  DetectAddressMap map = { (char *)string, NULL, false };
1375 
1377  &map, 0);
1378  return res;
1379 }
1380 
1381 /**
1382  * \brief Parses an address group sent as a character string and updates the
1383  * DetectAddressHead sent as the argument with the relevant address
1384  * ranges from the parsed string.
1385  *
1386  * \param de_ctx Pointer to the detection engine context
1387  * \param gh Pointer to the DetectAddressHead.
1388  * \param str Pointer to the character string containing the address group
1389  * that has to be parsed.
1390  *
1391  * \retval 1 On success. Contained negation.
1392  * \retval 0 On success. Did not contain negation.
1393  * \retval -1 On failure.
1394  */
1396  DetectAddressHead *gh, const char *str)
1397 {
1398  SCLogDebug("gh %p, str %s", gh, str);
1399 
1400  if (str == NULL) {
1401  SCLogDebug("DetectAddressParse can not be run with NULL address");
1402  return -1;
1403  }
1404 
1405  DetectAddressHead *ghn = DetectAddressHeadInit();
1406  if (ghn == NULL) {
1407  SCLogDebug("DetectAddressHeadInit for ghn failed");
1408  return -1;
1409  }
1410 
1411  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1412  if (r < 0) {
1413  SCLogDebug("DetectAddressParse2 returned %d", r);
1414  DetectAddressHeadFree(ghn);
1415  return -1;
1416  }
1417 
1418  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1419  ghn->ipv4_head);
1420 
1421  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1422 
1423  /* merge the 'not' address groups */
1424  if (DetectAddressMergeNot(gh, ghn) < 0) {
1425  SCLogDebug("DetectAddressMergeNot failed");
1426  DetectAddressHeadFree(ghn);
1427  return -1;
1428  }
1429 
1430  /* free the temp negate head */
1431  DetectAddressHeadFree(ghn);
1432  return contains_negation ? 1 : 0;
1433 }
1434 
1436  const char *string, bool *contains_negation)
1437 {
1438  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1439  if (res != NULL) {
1440  SCLogDebug("found: %s :: %p", string, res);
1441  *contains_negation = res->contains_negation;
1442  return res->address;
1443  }
1444 
1445  SCLogDebug("%s not found", string);
1446 
1447  DetectAddressHead *head = DetectAddressHeadInit();
1448  if (head == NULL)
1449  return NULL;
1450 
1451  const int r = DetectAddressParse(de_ctx, head, string);
1452  if (r < 0) {
1453  DetectAddressHeadFree(head);
1454  return NULL;
1455  } else if (r == 1) {
1456  *contains_negation = true;
1457  } else {
1458  *contains_negation = false;
1459  }
1460 
1461  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1462  DetectAddressHeadFree(head);
1463  return NULL;
1464  }
1465 
1466  return head;
1467 }
1468 
1469 /**
1470  * \brief Cleans a DetectAddressHead. The functions frees the address
1471  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1472  * instance.
1473  *
1474  * \param gh Pointer to the DetectAddressHead instance that has to be
1475  * cleaned.
1476  */
1478 {
1479  if (gh != NULL) {
1480  if (gh->ipv4_head != NULL) {
1482  gh->ipv4_head = NULL;
1483  }
1484  if (gh->ipv6_head != NULL) {
1486  gh->ipv6_head = NULL;
1487  }
1488  }
1489 }
1490 
1491 /**
1492  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1493  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1494  * explanations on what these functions do.
1495  *
1496  * \param de_ctx Pointer to the DetectEngineCtx.
1497  * \param a Pointer to the first address to be cut.
1498  * \param b Pointer to the second address to be cut.
1499  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1500  * ranges from a and b, demand a third address range.
1501  *
1502  * \retval 0 On success.
1503  * \retval -1 On failure.
1504  */
1505 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1506  DetectAddress *b, DetectAddress **c)
1507 {
1508  if (a->ip.family == AF_INET)
1509  return DetectAddressCutIPv4(de_ctx, a, b, c);
1510  else if (a->ip.family == AF_INET6)
1511  return DetectAddressCutIPv6(de_ctx, a, b, c);
1512 
1513  return -1;
1514 }
1515 
1516 /**
1517  * \brief Cuts a negated address range with respect to the entire ip range, and
1518  * supplies with the address range that doesn't belong to the negated
1519  * address range.
1520  *
1521  * There are 2 cases here -
1522  *
1523  * The first case includes the address being located at the extreme ends
1524  * of the ip space, in which we get a single range.
1525  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1526  *
1527  * The second case includes the address not present at either of the
1528  * ip space extremes, in which case we get 2 ranges. The second range
1529  * would be supplied back with the argument "b" supplied to this function.
1530  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1531  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1532  *
1533  * The above negation cases can similarly be extended to ranges, i.e.
1534  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1535  * ![10.20.30.40 - 10.20.30.50].
1536  *
1537  *
1538  * \param a Pointer to the DetectAddressData instance, that contains the negated
1539  * address range that has to be cut.
1540  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1541  * filled with the address range, if the argument "a", doesn't fall at
1542  * the extreme ends of the ip address space.
1543  *
1544  * \retval 0 On success.
1545  * \retval -1 On failure.
1546  */
1547 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1548 {
1549  if (a->ip.family == AF_INET)
1550  return DetectAddressCutNotIPv4(a, b);
1551  else if (a->ip.family == AF_INET6)
1552  return DetectAddressCutNotIPv6(a, b);
1553 
1554  return -1;
1555 }
1556 
1557 /**
1558  * \brief Used to compare 2 address ranges.
1559  *
1560  * \param a Pointer to the first DetectAddressData to be compared.
1561  * \param b Pointer to the second DetectAddressData to be compared.
1562  */
1564 {
1565  if (a->ip.family != b->ip.family)
1566  return ADDRESS_ER;
1567 
1568  if (a->ip.family == AF_INET)
1569  return DetectAddressCmpIPv4(a, b);
1570  else if (a->ip.family == AF_INET6)
1571  return DetectAddressCmpIPv6(a, b);
1572 
1573  return ADDRESS_ER;
1574 }
1575 
1576 /**
1577  * \brief Match a packets address against a signatures addrs array
1578  *
1579  * \param addrs array of DetectMatchAddressIPv4's
1580  * \param addrs_cnt array size in members
1581  * \param a packets address
1582  *
1583  * \retval 0 no match
1584  * \retval 1 match
1585  *
1586  * \note addresses in addrs are in host order
1587  *
1588  * \todo array should be ordered, so we can break out of the loop
1589  */
1591  uint16_t addrs_cnt, const Address *a)
1592 {
1593  SCEnter();
1594 
1595  if (addrs == NULL || addrs_cnt == 0) {
1596  SCReturnInt(0);
1597  }
1598 
1599  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1600  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1601  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1602  SCReturnInt(1);
1603  }
1604  }
1605 
1606  SCReturnInt(0);
1607 }
1608 
1609 /**
1610  * \brief Match a packets address against a signatures addrs array
1611  *
1612  * \param addrs array of DetectMatchAddressIPv6's
1613  * \param addrs_cnt array size in members
1614  * \param a packets address
1615  *
1616  * \retval 0 no match
1617  * \retval 1 match
1618  *
1619  * \note addresses in addrs are in host order
1620  *
1621  * \todo array should be ordered, so we can break out of the loop
1622  */
1624  uint16_t addrs_cnt, const Address *a)
1625 {
1626  SCEnter();
1627 
1628  if (addrs == NULL || addrs_cnt == 0) {
1629  SCReturnInt(0);
1630  }
1631 
1632  uint32_t match_addr[4];
1633  match_addr[0] = SCNtohl(a->addr_data32[0]);
1634  match_addr[1] = SCNtohl(a->addr_data32[1]);
1635  match_addr[2] = SCNtohl(a->addr_data32[2]);
1636  match_addr[3] = SCNtohl(a->addr_data32[3]);
1637 
1638  /* See if the packet address is within the range of any entry in the
1639  * signature's address match array.
1640  */
1641  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1642  uint16_t result1 = 0, result2 = 0;
1643 
1644  /* See if packet address equals either limit. Return 1 if true. */
1645  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1646  SCReturnInt(1);
1647  }
1648  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1649  SCReturnInt(1);
1650  }
1651 
1652  /* See if packet address is greater than lower limit
1653  * of the current signature address match pair.
1654  */
1655  for (int i = 0; i < 4; i++) {
1656  if (match_addr[i] > addrs[idx].ip[i]) {
1657  result1 = 1;
1658  break;
1659  }
1660  if (match_addr[i] < addrs[idx].ip[i]) {
1661  result1 = 0;
1662  break;
1663  }
1664  }
1665 
1666  /* If not greater than lower limit, try next address match entry */
1667  if (result1 == 0)
1668  continue;
1669 
1670  /* See if packet address is less than upper limit
1671  * of the current signature address match pair.
1672  */
1673  for (int i = 0; i < 4; i++) {
1674  if (match_addr[i] < addrs[idx].ip2[i]) {
1675  result2 = 1;
1676  break;
1677  }
1678  if (match_addr[i] > addrs[idx].ip2[i]) {
1679  result2 = 0;
1680  break;
1681  }
1682  }
1683 
1684  /* Return a match if packet address is between the two
1685  * signature address match limits.
1686  */
1687  if (result1 == 1 && result2 == 1)
1688  SCReturnInt(1);
1689  }
1690 
1691  SCReturnInt(0);
1692 }
1693 
1694 /**
1695  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1696  * range in the DetectAddress instance.
1697  *
1698  * We basically check that the address falls in between the address
1699  * range in DetectAddress.
1700  *
1701  * \param dd Pointer to the DetectAddress instance.
1702  * \param a Pointer to an Address instance.
1703  *
1704  * \param 1 On a match.
1705  * \param 0 On no match.
1706  */
1707 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1708 {
1709  SCEnter();
1710 
1711  if (dd->ip.family != a->family) {
1712  SCReturnInt(0);
1713  }
1714 
1715  //DetectAddressPrint(dd);
1716  //AddressDebugPrint(a);
1717 
1718  switch (a->family) {
1719  case AF_INET:
1720 
1721  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1722  * Address inside DetectAddressData we can do uint8_t checks */
1723  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1724  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1725  {
1726  SCReturnInt(1);
1727  } else {
1728  SCReturnInt(0);
1729  }
1730 
1731  break;
1732  case AF_INET6:
1733  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1734  AddressIPv6Le(a, &dd->ip2) == 1)
1735  {
1736  SCReturnInt(1);
1737  } else {
1738  SCReturnInt(0);
1739  }
1740 
1741  break;
1742  default:
1743  SCLogDebug("What other address type can we have :-/");
1744  break;
1745  }
1746 
1747  SCReturnInt(0);
1748 }
1749 
1750 #ifdef DEBUG
1751 /**
1752  * \brief Prints the address data held by the DetectAddress. If the address
1753  * data family is IPv4, we print the ipv4 address and mask, and
1754  * if the address data family is IPv6, we print the ipv6 address and
1755  * mask.
1756  *
1757  * \param ad Pointer to the DetectAddress instance to be printed.
1758  */
1759 static void DetectAddressPrint(DetectAddress *gr)
1760 {
1761  if (gr == NULL)
1762  return;
1763 
1764  if (gr->ip.family == AF_INET) {
1765  struct in_addr in;
1766  char ip[16], mask[16];
1767 
1768  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1769  PrintInet(AF_INET, &in, ip, sizeof(ip));
1770  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1771  PrintInet(AF_INET, &in, mask, sizeof(mask));
1772 
1773  SCLogDebug("%s/%s", ip, mask);
1774 // printf("%s/%s", ip, mask);
1775  } else if (gr->ip.family == AF_INET6) {
1776  struct in6_addr in6;
1777  char ip[66], mask[66];
1778 
1779  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1780  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1781  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1782  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1783 
1784  SCLogDebug("%s/%s", ip, mask);
1785 // printf("%s/%s", ip, mask);
1786  }
1787 }
1788 #endif
1789 
1790 /**
1791  * \brief Find the group matching address in a group head.
1792  *
1793  * \param gh Pointer to the address group head(DetectAddressHead instance).
1794  * \param a Pointer to an Address instance.
1795  *
1796  * \retval g On success pointer to an DetectAddress if we find a match
1797  * for the Address "a", in the DetectAddressHead "gh".
1798  */
1800 {
1801  SCEnter();
1802 
1803  DetectAddress *g = NULL;
1804 
1805  if (gh == NULL) {
1806  SCReturnPtr(NULL, "DetectAddress");
1807  }
1808 
1809  /* XXX should we really do this check every time we run this function? */
1810  if (a->family == AF_INET) {
1811  SCLogDebug("IPv4");
1812  g = gh->ipv4_head;
1813  } else if (a->family == AF_INET6) {
1814  SCLogDebug("IPv6");
1815  g = gh->ipv6_head;
1816  }
1817 
1818  for ( ; g != NULL; g = g->next) {
1819  if (DetectAddressMatch(g,a) == 1) {
1820  SCReturnPtr(g, "DetectAddress");
1821  }
1822  }
1823 
1824  SCReturnPtr(NULL, "DetectAddress");
1825 }
1826 
1827 /********************************Unittests*************************************/
1828 
1829 #ifdef UNITTESTS
1830 
1831 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1832 {
1833  char str1[46] = "", str2[46] = "";
1834 
1835  if (ad == NULL)
1836  return false;
1837 
1838  switch(ad->ip.family) {
1839  case AF_INET:
1840  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1841  SCLogDebug("%s", str1);
1842  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1843  SCLogDebug("%s", str2);
1844 
1845  if (strcmp(str1, one) != 0) {
1846  SCLogInfo("%s != %s", str1, one);
1847  return false;
1848  }
1849 
1850  if (strcmp(str2, two) != 0) {
1851  SCLogInfo("%s != %s", str2, two);
1852  return false;
1853  }
1854 
1855  return true;
1856  break;
1857 
1858  case AF_INET6:
1859  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1860  SCLogDebug("%s", str1);
1861  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1862  SCLogDebug("%s", str2);
1863 
1864  if (strcmp(str1, one) != 0) {
1865  SCLogInfo("%s != %s", str1, one);
1866  return false;
1867  }
1868 
1869  if (strcmp(str2, two) != 0) {
1870  SCLogInfo("%s != %s", str2, two);
1871  return false;
1872  }
1873 
1874  return true;
1875  break;
1876  }
1877 
1878  return false;
1879 }
1880 
1882  const char *one;
1883  const char *two;
1885 
1886 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1887 {
1888  int expect = nranges;
1889  int have = 0;
1890 
1891  if (gh == NULL)
1892  return false;
1893 
1894  DetectAddress *ad = NULL;
1895  ad = gh->ipv4_head;
1896  if (ad == NULL)
1897  ad = gh->ipv6_head;
1898  while (have < expect) {
1899  if (ad == NULL) {
1900  printf("bad head: have %d ranges, expected %d: ", have, expect);
1901  return false;
1902  }
1903 
1904  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1905  return false;
1906 
1907  ad = ad->next;
1908  have++;
1909  }
1910 
1911  return true;
1912 }
1913 
1914 static int AddressTestParse01(void)
1915 {
1916  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1917 
1918  if (dd) {
1919  DetectAddressFree(dd);
1920  return 1;
1921  }
1922 
1923  return 0;
1924 }
1925 
1926 static int AddressTestParse02(void)
1927 {
1928  int result = 1;
1929  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1930 
1931  if (dd) {
1932  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1933  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1934  result = 0;
1935  }
1936 
1937  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1938  DetectAddressFree(dd);
1939  return result;
1940  }
1941 
1942  return 0;
1943 }
1944 
1945 static int AddressTestParse03(void)
1946 {
1947  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1948 
1949  if (dd) {
1950  DetectAddressFree(dd);
1951  return 1;
1952  }
1953 
1954  return 0;
1955 }
1956 
1957 static int AddressTestParse04(void)
1958 {
1959  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1960  FAIL_IF_NULL(dd);
1961 
1962  char left[16], right[16];
1963  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1964  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1965  SCLogDebug("left %s right %s", left, right);
1966  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1967  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1968  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1969  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1970 
1971  DetectAddressFree(dd);
1972  PASS;
1973 }
1974 
1975 /** \test that address range sets proper start address */
1976 static int AddressTestParse04bug5081(void)
1977 {
1978  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1979  FAIL_IF_NULL(dd);
1980 
1981  char left[16], right[16];
1982  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1983  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1984  SCLogDebug("left %s right %s", left, right);
1985  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1986  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1987 
1988  DetectAddressFree(dd);
1989  PASS;
1990 }
1991 
1992 static int AddressTestParse05(void)
1993 {
1994  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1995 
1996  if (dd) {
1997  DetectAddressFree(dd);
1998  return 1;
1999  }
2000 
2001  return 0;
2002 }
2003 
2004 static int AddressTestParse06(void)
2005 {
2006  int result = 1;
2007  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2008 
2009  if (dd) {
2010  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2011  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2012  result = 0;
2013  }
2014 
2015  DetectAddressFree(dd);
2016  return result;
2017  }
2018 
2019  return 0;
2020 }
2021 
2022 static int AddressTestParse07(void)
2023 {
2024  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2025 
2026  if (dd) {
2027  DetectAddressFree(dd);
2028  return 1;
2029  }
2030 
2031  return 0;
2032 }
2033 
2034 static int AddressTestParse08(void)
2035 {
2036  int result = 1;
2037  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2038 
2039  if (dd) {
2040  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2041  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2042 
2043  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2044  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2045  DetectAddressPrint(dd);
2046  result = 0;
2047  }
2048 
2049  DetectAddressFree(dd);
2050  return result;
2051  }
2052 
2053  return 0;
2054 }
2055 
2056 static int AddressTestParse09(void)
2057 {
2058  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2059 
2060  if (dd) {
2061  DetectAddressFree(dd);
2062  return 1;
2063  }
2064 
2065  return 0;
2066 }
2067 
2068 static int AddressTestParse10(void)
2069 {
2070  int result = 1;
2071  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2072 
2073  if (dd) {
2074  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2075  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2076 
2077  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2078  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2079  DetectAddressPrint(dd);
2080  result = 0;
2081  }
2082 
2083  DetectAddressFree(dd);
2084  return result;
2085  }
2086 
2087  return 0;
2088 }
2089 
2090 static int AddressTestParse11(void)
2091 {
2092  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2093 
2094  if (dd) {
2095  DetectAddressFree(dd);
2096  return 1;
2097  }
2098 
2099  return 0;
2100 }
2101 
2102 static int AddressTestParse12(void)
2103 {
2104  int result = 1;
2105  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2106 
2107  if (dd) {
2108  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2109  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2110 
2111  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2112  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2113  DetectAddressPrint(dd);
2114  result = 0;
2115  }
2116 
2117  DetectAddressFree(dd);
2118  return result;
2119  }
2120 
2121  return 0;
2122 }
2123 static int AddressTestParse13(void)
2124 {
2125  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2126 
2127  if (dd) {
2128  DetectAddressFree(dd);
2129  return 1;
2130  }
2131 
2132  return 0;
2133 }
2134 
2135 static int AddressTestParse14(void)
2136 {
2137  int result = 1;
2138  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2139 
2140  if (dd) {
2141  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2142  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2143 
2144  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2145  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2146  result = 0;
2147  }
2148 
2149  DetectAddressFree(dd);
2150  return result;
2151  }
2152 
2153  return 0;
2154 }
2155 
2156 static int AddressTestParse15(void)
2157 {
2158  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2159 
2160  if (dd) {
2161  DetectAddressFree(dd);
2162  return 1;
2163  }
2164 
2165  return 0;
2166 }
2167 
2168 static int AddressTestParse16(void)
2169 {
2170  int result = 1;
2171  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2172 
2173  if (dd) {
2174  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2175  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2176 
2177  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2178  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2179  result = 0;
2180  }
2181 
2182  DetectAddressFree(dd);
2183  return result;
2184  }
2185 
2186  return 0;
2187 }
2188 
2189 static int AddressTestParse17(void)
2190 {
2191  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2192 
2193  if (dd) {
2194  DetectAddressFree(dd);
2195  return 1;
2196  }
2197 
2198  return 0;
2199 }
2200 
2201 static int AddressTestParse18(void)
2202 {
2203  int result = 1;
2204  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2205 
2206  if (dd) {
2207  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2208  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2209  result = 0;
2210  }
2211 
2212  DetectAddressFree(dd);
2213  return result;
2214  }
2215 
2216  return 0;
2217 }
2218 
2219 static int AddressTestParse19(void)
2220 {
2221  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2222 
2223  if (dd) {
2224  DetectAddressFree(dd);
2225  return 0;
2226  }
2227 
2228  return 1;
2229 }
2230 
2231 static int AddressTestParse20(void)
2232 {
2233  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2234 
2235  if (dd) {
2236  DetectAddressFree(dd);
2237  return 1;
2238  }
2239 
2240  return 0;
2241 }
2242 
2243 static int AddressTestParse21(void)
2244 {
2245  int result = 1;
2246  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2247 
2248  if (dd) {
2249  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2250  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2251 
2252  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2253  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2254  result = 0;
2255  }
2256 
2257  DetectAddressFree(dd);
2258  return result;
2259  }
2260 
2261  return 0;
2262 }
2263 
2264 static int AddressTestParse22(void)
2265 {
2266  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2267 
2268  if (dd) {
2269  DetectAddressFree(dd);
2270  return 0;
2271  }
2272 
2273  return 1;
2274 }
2275 
2276 static int AddressTestParse23(void)
2277 {
2278  DetectAddressHead *gh = DetectAddressHeadInit();
2279  FAIL_IF_NULL(gh);
2280  int r = DetectAddressParse(NULL, gh, "any");
2281  FAIL_IF_NOT(r == 0);
2282  DetectAddressHeadFree(gh);
2283  PASS;
2284 }
2285 
2286 static int AddressTestParse24(void)
2287 {
2288  DetectAddressHead *gh = DetectAddressHeadInit();
2289  FAIL_IF_NULL(gh);
2290  int r = DetectAddressParse(NULL, gh, "Any");
2291  FAIL_IF_NOT(r == 0);
2292  DetectAddressHeadFree(gh);
2293  PASS;
2294 }
2295 
2296 static int AddressTestParse25(void)
2297 {
2298  DetectAddressHead *gh = DetectAddressHeadInit();
2299  FAIL_IF_NULL(gh);
2300  int r = DetectAddressParse(NULL, gh, "ANY");
2301  FAIL_IF_NOT(r == 0);
2302  DetectAddressHeadFree(gh);
2303  PASS;
2304 }
2305 
2306 /** \test recursion limit */
2307 static int AddressTestParse26(void)
2308 {
2309  DetectAddressHead *gh = DetectAddressHeadInit();
2310  FAIL_IF_NULL(gh);
2311  /* exactly 64: should pass */
2312  int r = DetectAddressParse(NULL, gh,
2313  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2314  "1.2.3.4"
2315  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2316  );
2317  FAIL_IF_NOT(r == 0);
2318  DetectAddressHeadFree(gh);
2319  gh = DetectAddressHeadInit();
2320  FAIL_IF_NULL(gh);
2321  /* exactly 65: should fail */
2322  r = DetectAddressParse(NULL, gh,
2323  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2324  "1.2.3.4"
2325  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2326  );
2327  FAIL_IF(r == 0);
2328  DetectAddressHeadFree(gh);
2329  PASS;
2330 }
2331 
2332 static int AddressTestParse27(void)
2333 {
2334  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2335 
2336  if (dd) {
2337  DetectAddressFree(dd);
2338  return 1;
2339  }
2340 
2341  return 0;
2342 }
2343 
2344 static int AddressTestParse28(void)
2345 {
2346  int result = 0;
2347  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2348 
2349  if (dd) {
2350  if (dd->flags & ADDRESS_FLAG_NOT &&
2351  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2352  result = 1;
2353  }
2354 
2355  DetectAddressFree(dd);
2356  return result;
2357  }
2358 
2359  return 0;
2360 }
2361 
2362 static int AddressTestParse29(void)
2363 {
2364  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2365 
2366  if (dd) {
2367  DetectAddressFree(dd);
2368  return 1;
2369  }
2370 
2371  return 0;
2372 }
2373 
2374 static int AddressTestParse30(void)
2375 {
2376  int result = 0;
2377  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2378 
2379  if (dd) {
2380  if (dd->flags & ADDRESS_FLAG_NOT &&
2381  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2382  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2383  result = 1;
2384  }
2385 
2386  DetectAddressFree(dd);
2387  return result;
2388  }
2389 
2390  return 0;
2391 }
2392 
2393 /**
2394  * \test make sure !any is rejected
2395  */
2396 static int AddressTestParse31(void)
2397 {
2398  DetectAddress *dd = DetectAddressParseSingle("!any");
2399 
2400  if (dd) {
2401  DetectAddressFree(dd);
2402  return 0;
2403  }
2404 
2405  return 1;
2406 }
2407 
2408 static int AddressTestParse32(void)
2409 {
2410  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2411 
2412  if (dd) {
2413  DetectAddressFree(dd);
2414  return 1;
2415  }
2416 
2417  return 0;
2418 }
2419 
2420 static int AddressTestParse33(void)
2421 {
2422  int result = 0;
2423  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2424 
2425  if (dd) {
2426  if (dd->flags & ADDRESS_FLAG_NOT &&
2427  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2428  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2429  result = 1;
2430  }
2431 
2432  DetectAddressFree(dd);
2433  return result;
2434  }
2435 
2436  return 0;
2437 }
2438 
2439 static int AddressTestParse34(void)
2440 {
2441  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2442 
2443  if (dd) {
2444  DetectAddressFree(dd);
2445  return 1;
2446  }
2447 
2448  return 0;
2449 }
2450 
2451 static int AddressTestParse35(void)
2452 {
2453  int result = 0;
2454  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2455 
2456  if (dd) {
2457  if (dd->flags & ADDRESS_FLAG_NOT &&
2458  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2459  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2460 
2461  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2462  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2463  result = 1;
2464  }
2465 
2466  DetectAddressFree(dd);
2467  return result;
2468  }
2469 
2470  return 0;
2471 }
2472 
2473 static int AddressTestParse36(void)
2474 {
2475  int result = 1;
2476  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2477 
2478  if (dd) {
2479  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2480  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2481 
2482  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2483  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2484 
2485  DetectAddressPrint(dd);
2486  result = 0;
2487  }
2488  DetectAddressPrint(dd);
2489 
2490  DetectAddressFree(dd);
2491  return result;
2492  }
2493 
2494  return 0;
2495 }
2496 
2497 static int AddressTestParse37(void)
2498 {
2499  int result = 1;
2500  DetectAddress *dd = DetectAddressParseSingle("::/0");
2501 
2502  if (dd) {
2503  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2504  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2505 
2506  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2507  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2508  DetectAddressPrint(dd);
2509  result = 0;
2510  }
2511  DetectAddressPrint(dd);
2512 
2513  DetectAddressFree(dd);
2514  return result;
2515  }
2516 
2517  return 0;
2518 }
2519 
2520 static int AddressTestMatch01(void)
2521 {
2522  DetectAddress *dd = NULL;
2523  int result = 1;
2524  struct in_addr in;
2525  Address a;
2526 
2527  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2528  return 0;
2529  memset(&a, 0, sizeof(Address));
2530  a.family = AF_INET;
2531  a.addr_data32[0] = in.s_addr;
2532 
2533  dd = DetectAddressParseSingle("1.2.3.4/24");
2534  if (dd) {
2535  if (DetectAddressMatch(dd, &a) == 0)
2536  result = 0;
2537 
2538  DetectAddressFree(dd);
2539  return result;
2540  }
2541 
2542  return 0;
2543 }
2544 
2545 static int AddressTestMatch02(void)
2546 {
2547  DetectAddress *dd = NULL;
2548  int result = 1;
2549  struct in_addr in;
2550  Address a;
2551 
2552  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2553  return 0;
2554  memset(&a, 0, sizeof(Address));
2555  a.family = AF_INET;
2556  a.addr_data32[0] = in.s_addr;
2557 
2558  dd = DetectAddressParseSingle("1.2.3.4/25");
2559  if (dd) {
2560  if (DetectAddressMatch(dd, &a) == 0)
2561  result = 0;
2562 
2563  DetectAddressFree(dd);
2564  return result;
2565  }
2566 
2567  return 0;
2568 }
2569 
2570 static int AddressTestMatch03(void)
2571 {
2572  DetectAddress *dd = NULL;
2573  int result = 1;
2574  struct in_addr in;
2575  Address a;
2576 
2577  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2578  return 0;
2579  memset(&a, 0, sizeof(Address));
2580  a.family = AF_INET;
2581  a.addr_data32[0] = in.s_addr;
2582 
2583  dd = DetectAddressParseSingle("1.2.3.4/25");
2584  if (dd) {
2585  if (DetectAddressMatch(dd, &a) == 1)
2586  result = 0;
2587 
2588  DetectAddressFree(dd);
2589  return result;
2590  }
2591 
2592  return 0;
2593 }
2594 
2595 static int AddressTestMatch04(void)
2596 {
2597  DetectAddress *dd = NULL;
2598  int result = 1;
2599  struct in_addr in;
2600  Address a;
2601 
2602  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2603  return 0;
2604  memset(&a, 0, sizeof(Address));
2605  a.family = AF_INET;
2606  a.addr_data32[0] = in.s_addr;
2607 
2608  dd = DetectAddressParseSingle("1.2.3.4/25");
2609  if (dd) {
2610  if (DetectAddressMatch(dd, &a) == 1)
2611  result = 0;
2612 
2613  DetectAddressFree(dd);
2614  return result;
2615  }
2616 
2617  return 0;
2618 }
2619 
2620 static int AddressTestMatch05(void)
2621 {
2622  DetectAddress *dd = NULL;
2623  int result = 1;
2624  struct in_addr in;
2625  Address a;
2626 
2627  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2628  return 0;
2629  memset(&a, 0, sizeof(Address));
2630  a.family = AF_INET;
2631  a.addr_data32[0] = in.s_addr;
2632 
2633  dd = DetectAddressParseSingle("1.2.3.4/32");
2634  if (dd) {
2635  if (DetectAddressMatch(dd, &a) == 0)
2636  result = 0;
2637 
2638  DetectAddressFree(dd);
2639  return result;
2640  }
2641 
2642  return 0;
2643 }
2644 
2645 static int AddressTestMatch06(void)
2646 {
2647  DetectAddress *dd = NULL;
2648  int result = 1;
2649  struct in_addr in;
2650  Address a;
2651 
2652  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2653  return 0;
2654  memset(&a, 0, sizeof(Address));
2655  a.family = AF_INET;
2656  a.addr_data32[0] = in.s_addr;
2657 
2658  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2659  if (dd) {
2660  if (DetectAddressMatch(dd, &a) == 0)
2661  result = 0;
2662 
2663  DetectAddressFree(dd);
2664  return result;
2665  }
2666 
2667  return 0;
2668 }
2669 
2670 static int AddressTestMatch07(void)
2671 {
2672  DetectAddress *dd = NULL;
2673  int result = 1;
2674  struct in6_addr in6;
2675  Address a;
2676 
2677  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2678  return 0;
2679  memset(&a, 0, sizeof(Address));
2680  a.family = AF_INET6;
2681  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2682 
2683  dd = DetectAddressParseSingle("2001::/3");
2684  if (dd) {
2685  if (DetectAddressMatch(dd, &a) == 0)
2686  result = 0;
2687 
2688  DetectAddressFree(dd);
2689  return result;
2690  }
2691 
2692  return 0;
2693 }
2694 
2695 static int AddressTestMatch08(void)
2696 {
2697  DetectAddress *dd = NULL;
2698  int result = 1;
2699  struct in6_addr in6;
2700  Address a;
2701 
2702  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2703  return 0;
2704  memset(&a, 0, sizeof(Address));
2705  a.family = AF_INET6;
2706  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2707 
2708  dd = DetectAddressParseSingle("2001::/3");
2709  if (dd) {
2710  if (DetectAddressMatch(dd, &a) == 1)
2711  result = 0;
2712 
2713  DetectAddressFree(dd);
2714  return result;
2715  }
2716 
2717  return 0;
2718 }
2719 
2720 static int AddressTestMatch09(void)
2721 {
2722  DetectAddress *dd = NULL;
2723  int result = 1;
2724  struct in6_addr in6;
2725  Address a;
2726 
2727  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2728  return 0;
2729  memset(&a, 0, sizeof(Address));
2730  a.family = AF_INET6;
2731  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2732 
2733  dd = DetectAddressParseSingle("2001::1/128");
2734  if (dd) {
2735  if (DetectAddressMatch(dd, &a) == 1)
2736  result = 0;
2737 
2738  DetectAddressFree(dd);
2739  return result;
2740  }
2741 
2742  return 0;
2743 }
2744 
2745 static int AddressTestMatch10(void)
2746 {
2747  DetectAddress *dd = NULL;
2748  int result = 1;
2749  struct in6_addr in6;
2750  Address a;
2751 
2752  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2753  return 0;
2754  memset(&a, 0, sizeof(Address));
2755  a.family = AF_INET6;
2756  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2757 
2758  dd = DetectAddressParseSingle("2001::1/126");
2759  if (dd) {
2760  if (DetectAddressMatch(dd, &a) == 0)
2761  result = 0;
2762 
2763  DetectAddressFree(dd);
2764  return result;
2765  }
2766 
2767  return 0;
2768 }
2769 
2770 static int AddressTestMatch11(void)
2771 {
2772  DetectAddress *dd = NULL;
2773  int result = 1;
2774  struct in6_addr in6;
2775  Address a;
2776 
2777  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2778  return 0;
2779  memset(&a, 0, sizeof(Address));
2780  a.family = AF_INET6;
2781  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2782 
2783  dd = DetectAddressParseSingle("2001::1/127");
2784  if (dd) {
2785  if (DetectAddressMatch(dd, &a) == 1)
2786  result = 0;
2787 
2788  DetectAddressFree(dd);
2789  return result;
2790  }
2791 
2792  return 0;
2793 }
2794 
2795 static int AddressTestCmp01(void)
2796 {
2797  DetectAddress *da = NULL, *db = NULL;
2798  int result = 1;
2799 
2800  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2801  if (da == NULL) goto error;
2802  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2803  if (db == NULL) goto error;
2804 
2805  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2806  result = 0;
2807 
2808  DetectAddressFree(da);
2809  DetectAddressFree(db);
2810  return result;
2811 
2812 error:
2813  if (da) DetectAddressFree(da);
2814  if (db) DetectAddressFree(db);
2815  return 0;
2816 }
2817 
2818 static int AddressTestCmp02(void)
2819 {
2820  DetectAddress *da = NULL, *db = NULL;
2821  int result = 1;
2822 
2823  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2824  if (da == NULL) goto error;
2825  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2826  if (db == NULL) goto error;
2827 
2828  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2829  result = 0;
2830 
2831  DetectAddressFree(da);
2832  DetectAddressFree(db);
2833  return result;
2834 
2835 error:
2836  if (da) DetectAddressFree(da);
2837  if (db) DetectAddressFree(db);
2838  return 0;
2839 }
2840 
2841 static int AddressTestCmp03(void)
2842 {
2843  DetectAddress *da = NULL, *db = NULL;
2844  int result = 1;
2845 
2846  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2847  if (da == NULL) goto error;
2848  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2849  if (db == NULL) goto error;
2850 
2851  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2852  result = 0;
2853 
2854  DetectAddressFree(da);
2855  DetectAddressFree(db);
2856  return result;
2857 
2858 error:
2859  if (da) DetectAddressFree(da);
2860  if (db) DetectAddressFree(db);
2861  return 0;
2862 }
2863 
2864 static int AddressTestCmp04(void)
2865 {
2866  DetectAddress *da = NULL, *db = NULL;
2867  int result = 1;
2868 
2869  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2870  if (da == NULL) goto error;
2871  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2872  if (db == NULL) goto error;
2873 
2874  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2875  result = 0;
2876 
2877  DetectAddressFree(da);
2878  DetectAddressFree(db);
2879  return result;
2880 
2881 error:
2882  if (da) DetectAddressFree(da);
2883  if (db) DetectAddressFree(db);
2884  return 0;
2885 }
2886 
2887 static int AddressTestCmp05(void)
2888 {
2889  DetectAddress *da = NULL, *db = NULL;
2890  int result = 1;
2891 
2892  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2893  if (da == NULL) goto error;
2894  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2895  if (db == NULL) goto error;
2896 
2897  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2898  result = 0;
2899 
2900  DetectAddressFree(da);
2901  DetectAddressFree(db);
2902  return result;
2903 
2904 error:
2905  if (da) DetectAddressFree(da);
2906  if (db) DetectAddressFree(db);
2907  return 0;
2908 }
2909 
2910 static int AddressTestCmp06(void)
2911 {
2912  DetectAddress *da = NULL, *db = NULL;
2913  int result = 1;
2914 
2915  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2916  if (da == NULL) goto error;
2917  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2918  if (db == NULL) goto error;
2919 
2920  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2921  result = 0;
2922 
2923  DetectAddressFree(da);
2924  DetectAddressFree(db);
2925  return result;
2926 
2927 error:
2928  if (da) DetectAddressFree(da);
2929  if (db) DetectAddressFree(db);
2930  return 0;
2931 }
2932 
2933 static int AddressTestCmpIPv407(void)
2934 {
2935  DetectAddress *da = NULL, *db = NULL;
2936  int result = 1;
2937 
2938  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2939  if (da == NULL) goto error;
2940  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2941  if (db == NULL) goto error;
2942 
2943  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2944  result = 0;
2945 
2946  DetectAddressFree(da);
2947  DetectAddressFree(db);
2948  return result;
2949 
2950 error:
2951  if (da) DetectAddressFree(da);
2952  if (db) DetectAddressFree(db);
2953  return 0;
2954 }
2955 
2956 static int AddressTestCmpIPv408(void)
2957 {
2958  DetectAddress *da = NULL, *db = NULL;
2959  int result = 1;
2960 
2961  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2962  if (da == NULL) goto error;
2963  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2964  if (db == NULL) goto error;
2965 
2966  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2967  result = 0;
2968 
2969  DetectAddressFree(da);
2970  DetectAddressFree(db);
2971  return result;
2972 
2973 error:
2974  if (da) DetectAddressFree(da);
2975  if (db) DetectAddressFree(db);
2976  return 0;
2977 }
2978 
2979 static int AddressTestCmp07(void)
2980 {
2981  DetectAddress *da = NULL, *db = NULL;
2982  int result = 1;
2983 
2984  da = DetectAddressParseSingle("2001::/3");
2985  if (da == NULL) goto error;
2986  db = DetectAddressParseSingle("2001::1/3");
2987  if (db == NULL) goto error;
2988 
2989  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2990  result = 0;
2991 
2992  DetectAddressFree(da);
2993  DetectAddressFree(db);
2994  return result;
2995 
2996 error:
2997  if (da) DetectAddressFree(da);
2998  if (db) DetectAddressFree(db);
2999  return 0;
3000 }
3001 
3002 static int AddressTestCmp08(void)
3003 {
3004  DetectAddress *da = NULL, *db = NULL;
3005  int result = 1;
3006 
3007  da = DetectAddressParseSingle("2001::/3");
3008  if (da == NULL) goto error;
3009  db = DetectAddressParseSingle("2001::/8");
3010  if (db == NULL) goto error;
3011 
3012  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3013  result = 0;
3014 
3015  DetectAddressFree(da);
3016  DetectAddressFree(db);
3017  return result;
3018 
3019 error:
3020  if (da) DetectAddressFree(da);
3021  if (db) DetectAddressFree(db);
3022  return 0;
3023 }
3024 
3025 static int AddressTestCmp09(void)
3026 {
3027  DetectAddress *da = NULL, *db = NULL;
3028  int result = 1;
3029 
3030  da = DetectAddressParseSingle("2001::/8");
3031  if (da == NULL) goto error;
3032  db = DetectAddressParseSingle("2001::/3");
3033  if (db == NULL) goto error;
3034 
3035  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3036  result = 0;
3037 
3038  DetectAddressFree(da);
3039  DetectAddressFree(db);
3040  return result;
3041 
3042 error:
3043  if (da) DetectAddressFree(da);
3044  if (db) DetectAddressFree(db);
3045  return 0;
3046 }
3047 
3048 static int AddressTestCmp10(void)
3049 {
3050  DetectAddress *da = NULL, *db = NULL;
3051  int result = 1;
3052 
3053  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3054  if (da == NULL) goto error;
3055  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3056  if (db == NULL) goto error;
3057 
3058  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3059  result = 0;
3060 
3061  DetectAddressFree(da);
3062  DetectAddressFree(db);
3063  return result;
3064 
3065 error:
3066  if (da) DetectAddressFree(da);
3067  if (db) DetectAddressFree(db);
3068  return 0;
3069 }
3070 
3071 static int AddressTestCmp11(void)
3072 {
3073  DetectAddress *da = NULL, *db = NULL;
3074  int result = 1;
3075 
3076  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3077  if (da == NULL) goto error;
3078  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3079  if (db == NULL) goto error;
3080 
3081  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3082  result = 0;
3083 
3084  DetectAddressFree(da);
3085  DetectAddressFree(db);
3086  return result;
3087 
3088 error:
3089  if (da) DetectAddressFree(da);
3090  if (db) DetectAddressFree(db);
3091  return 0;
3092 }
3093 
3094 static int AddressTestCmp12(void)
3095 {
3096  DetectAddress *da = NULL, *db = NULL;
3097  int result = 1;
3098 
3099  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3100  if (da == NULL) goto error;
3101  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3102  if (db == NULL) goto error;
3103 
3104  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3105  result = 0;
3106 
3107  DetectAddressFree(da);
3108  DetectAddressFree(db);
3109  return result;
3110 
3111 error:
3112  if (da) DetectAddressFree(da);
3113  if (db) DetectAddressFree(db);
3114  return 0;
3115 }
3116 
3117 static int AddressTestAddressGroupSetup01(void)
3118 {
3119  int result = 0;
3120  DetectAddressHead *gh = DetectAddressHeadInit();
3121 
3122  if (gh != NULL) {
3123  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3124  if (r == 0)
3125  result = 1;
3126 
3127  DetectAddressHeadFree(gh);
3128  }
3129  return result;
3130 }
3131 
3132 static int AddressTestAddressGroupSetup02(void)
3133 {
3134  int result = 0;
3135  DetectAddressHead *gh = DetectAddressHeadInit();
3136 
3137  if (gh != NULL) {
3138  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3139  if (r == 0 && gh->ipv4_head != NULL)
3140  result = 1;
3141 
3142  DetectAddressHeadFree(gh);
3143  }
3144  return result;
3145 }
3146 
3147 static int AddressTestAddressGroupSetup03(void)
3148 {
3149  int result = 0;
3150  DetectAddressHead *gh = DetectAddressHeadInit();
3151 
3152  if (gh != NULL) {
3153  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3154  if (r == 0 && gh->ipv4_head != NULL) {
3155  DetectAddress *prev_head = gh->ipv4_head;
3156 
3157  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3158  if (r == 0 && gh->ipv4_head != prev_head &&
3159  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3160  result = 1;
3161  }
3162  }
3163 
3164  DetectAddressHeadFree(gh);
3165  }
3166  return result;
3167 }
3168 
3169 static int AddressTestAddressGroupSetup04(void)
3170 {
3171  int result = 0;
3172  DetectAddressHead *gh = DetectAddressHeadInit();
3173 
3174  if (gh != NULL) {
3175  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3176  if (r == 0 && gh->ipv4_head != NULL) {
3177  DetectAddress *prev_head = gh->ipv4_head;
3178 
3179  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3180  if (r == 0 && gh->ipv4_head != prev_head &&
3181  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3182  DetectAddress *ph = gh->ipv4_head;
3183 
3184  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3185  if (r == 0 && gh->ipv4_head != ph &&
3186  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3187  result = 1;
3188  }
3189  }
3190  }
3191 
3192  DetectAddressHeadFree(gh);
3193  }
3194  return result;
3195 }
3196 
3197 static int AddressTestAddressGroupSetup05(void)
3198 {
3199  int result = 0;
3200  DetectAddressHead *gh = DetectAddressHeadInit();
3201 
3202  if (gh != NULL) {
3203  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3204  if (r == 0 && gh->ipv4_head != NULL) {
3205  DetectAddress *prev_head = gh->ipv4_head;
3206 
3207  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3208  if (r == 0 && gh->ipv4_head == prev_head &&
3209  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3210  DetectAddress *ph = gh->ipv4_head;
3211 
3212  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3213  if (r == 0 && gh->ipv4_head == ph &&
3214  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3215  result = 1;
3216  }
3217  }
3218  }
3219 
3220  DetectAddressHeadFree(gh);
3221  }
3222  return result;
3223 }
3224 
3225 static int AddressTestAddressGroupSetup06(void)
3226 {
3227  int result = 0;
3228  DetectAddressHead *gh = DetectAddressHeadInit();
3229 
3230  if (gh != NULL) {
3231  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3232  if (r == 0 && gh->ipv4_head != NULL) {
3233  DetectAddress *prev_head = gh->ipv4_head;
3234 
3235  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3236  if (r == 0 && gh->ipv4_head == prev_head &&
3237  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3238  result = 1;
3239  }
3240  }
3241 
3242  DetectAddressHeadFree(gh);
3243  }
3244  return result;
3245 }
3246 
3247 static int AddressTestAddressGroupSetup07(void)
3248 {
3249  int result = 0;
3250  DetectAddressHead *gh = DetectAddressHeadInit();
3251 
3252  if (gh != NULL) {
3253  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3254  if (r == 0 && gh->ipv4_head != NULL) {
3255  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3256  if (r == 0 && gh->ipv4_head != NULL &&
3257  gh->ipv4_head->next != NULL &&
3258  gh->ipv4_head->next->next != NULL) {
3259  result = 1;
3260  }
3261  }
3262 
3263  DetectAddressHeadFree(gh);
3264  }
3265  return result;
3266 }
3267 
3268 static int AddressTestAddressGroupSetup08(void)
3269 {
3270  int result = 0;
3271  DetectAddressHead *gh = DetectAddressHeadInit();
3272 
3273  if (gh != NULL) {
3274  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3275  if (r == 0 && gh->ipv4_head != NULL) {
3276  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3277  if (r == 0 && gh->ipv4_head != NULL &&
3278  gh->ipv4_head->next != NULL &&
3279  gh->ipv4_head->next->next != NULL) {
3280  result = 1;
3281  }
3282  }
3283 
3284  DetectAddressHeadFree(gh);
3285  }
3286  return result;
3287 }
3288 
3289 static int AddressTestAddressGroupSetup09(void)
3290 {
3291  int result = 0;
3292  DetectAddressHead *gh = DetectAddressHeadInit();
3293 
3294  if (gh != NULL) {
3295  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3296  if (r == 0 && gh->ipv4_head != NULL) {
3297  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3298  if (r == 0 && gh->ipv4_head != NULL &&
3299  gh->ipv4_head->next != NULL &&
3300  gh->ipv4_head->next->next != NULL) {
3301  result = 1;
3302  }
3303  }
3304 
3305  DetectAddressHeadFree(gh);
3306  }
3307  return result;
3308 }
3309 
3310 static int AddressTestAddressGroupSetup10(void)
3311 {
3312  int result = 0;
3313  DetectAddressHead *gh = DetectAddressHeadInit();
3314 
3315  if (gh != NULL) {
3316  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3317  if (r == 0 && gh->ipv4_head != NULL) {
3318  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3319  if (r == 0 && gh->ipv4_head != NULL &&
3320  gh->ipv4_head->next != NULL &&
3321  gh->ipv4_head->next->next != NULL) {
3322  result = 1;
3323  }
3324  }
3325 
3326  DetectAddressHeadFree(gh);
3327  }
3328  return result;
3329 }
3330 
3331 static int AddressTestAddressGroupSetup11(void)
3332 {
3333  int result = 0;
3334  DetectAddressHead *gh = DetectAddressHeadInit();
3335 
3336  if (gh != NULL) {
3337  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3338  if (r == 0) {
3339  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3340  if (r == 0) {
3341  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3342  if (r == 0) {
3343  DetectAddress *one = gh->ipv4_head, *two = one->next,
3344  *three = two->next, *four = three->next,
3345  *five = four->next;
3346 
3347  /* result should be:
3348  * 0.0.0.0/10.10.9.255
3349  * 10.10.10.0/10.10.10.9
3350  * 10.10.10.10/10.10.10.255
3351  * 10.10.11.0/10.10.11.1
3352  * 10.10.11.2/255.255.255.255
3353  */
3354  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3355  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3356  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3357  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3358  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3359  result = 1;
3360  }
3361  }
3362  }
3363  }
3364 
3365  DetectAddressHeadFree(gh);
3366  }
3367  return result;
3368 }
3369 
3370 static int AddressTestAddressGroupSetup12 (void)
3371 {
3372  int result = 0;
3373  DetectAddressHead *gh = DetectAddressHeadInit();
3374 
3375  if (gh != NULL) {
3376  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3377  if (r == 0) {
3378  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3379  if (r == 0) {
3380  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3381  if (r == 0) {
3382  DetectAddress *one = gh->ipv4_head, *two = one->next,
3383  *three = two->next, *four = three->next,
3384  *five = four->next;
3385 
3386  /* result should be:
3387  * 0.0.0.0/10.10.9.255
3388  * 10.10.10.0/10.10.10.9
3389  * 10.10.10.10/10.10.10.255
3390  * 10.10.11.0/10.10.11.1
3391  * 10.10.11.2/255.255.255.255
3392  */
3393  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3394  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3395  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3396  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3397  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3398  result = 1;
3399  }
3400  }
3401  }
3402  }
3403 
3404  DetectAddressHeadFree(gh);
3405  }
3406  return result;
3407 }
3408 
3409 static int AddressTestAddressGroupSetup13(void)
3410 {
3411  int result = 0;
3412  DetectAddressHead *gh = DetectAddressHeadInit();
3413 
3414  if (gh != NULL) {
3415  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3416  if (r == 0) {
3417  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3418  if (r == 0) {
3419  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3420  if (r == 0) {
3421  DetectAddress *one = gh->ipv4_head, *two = one->next,
3422  *three = two->next, *four = three->next,
3423  *five = four->next;
3424 
3425  /* result should be:
3426  * 0.0.0.0/10.10.9.255
3427  * 10.10.10.0/10.10.10.9
3428  * 10.10.10.10/10.10.10.255
3429  * 10.10.11.0/10.10.11.1
3430  * 10.10.11.2/255.255.255.255
3431  */
3432  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3433  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3434  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3435  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3436  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3437  result = 1;
3438  }
3439  }
3440  }
3441  }
3442 
3443  DetectAddressHeadFree(gh);
3444  }
3445  return result;
3446 }
3447 
3448 static int AddressTestAddressGroupSetupIPv414(void)
3449 {
3450  DetectAddressHead *gh = DetectAddressHeadInit();
3451  FAIL_IF_NULL(gh);
3452 
3453  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3454  FAIL_IF_NOT(r == 1);
3455 
3456  DetectAddress *one = gh->ipv4_head;
3457  FAIL_IF_NULL(one);
3458  DetectAddress *two = one->next;
3459  FAIL_IF_NULL(two);
3460 
3461  /* result should be:
3462  * 0.0.0.0/1.2.3.3
3463  * 1.2.3.5/255.255.255.255
3464  */
3465  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3466  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3467  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3468  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3469  DetectAddressHeadFree(gh);
3470 
3471  PASS;
3472 }
3473 
3474 static int AddressTestAddressGroupSetupIPv415(void)
3475 {
3476  DetectAddressHead *gh = DetectAddressHeadInit();
3477  FAIL_IF_NULL(gh);
3478 
3479  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3480  FAIL_IF_NOT(r == 1);
3481 
3482  DetectAddress *one = gh->ipv4_head;
3483  FAIL_IF_NULL(one);
3484  FAIL_IF_NOT_NULL(one->next);
3485 
3486  /* result should be:
3487  * 0.0.0.1/255.255.255.255
3488  */
3489  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3490  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3491 
3492  DetectAddressHeadFree(gh);
3493  PASS;
3494 }
3495 
3496 static int AddressTestAddressGroupSetupIPv416(void)
3497 {
3498  DetectAddressHead *gh = DetectAddressHeadInit();
3499  FAIL_IF_NULL(gh);
3500 
3501  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3502  FAIL_IF_NOT(r == 1);
3503 
3504  DetectAddress *one = gh->ipv4_head;
3505  FAIL_IF_NULL(one);
3506  FAIL_IF_NOT_NULL(one->next);
3507 
3508  /* result should be:
3509  * 0.0.0.0/255.255.255.254
3510  */
3511  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3512  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3513 
3514  DetectAddressHeadFree(gh);
3515  PASS;
3516 }
3517 
3518 static int AddressTestAddressGroupSetup14(void)
3519 {
3520  int result = 0;
3521  DetectAddressHead *gh = DetectAddressHeadInit();
3522 
3523  if (gh != NULL) {
3524  int r = DetectAddressParse(NULL, gh, "2001::1");
3525  if (r == 0)
3526  result = 1;
3527 
3528  DetectAddressHeadFree(gh);
3529  }
3530  return result;
3531 }
3532 
3533 static int AddressTestAddressGroupSetup15(void)
3534 {
3535  int result = 0;
3536  DetectAddressHead *gh = DetectAddressHeadInit();
3537 
3538  if (gh != NULL) {
3539  int r = DetectAddressParse(NULL, gh, "2001::1");
3540  if (r == 0 && gh->ipv6_head != NULL)
3541  result = 1;
3542 
3543  DetectAddressHeadFree(gh);
3544  }
3545  return result;
3546 }
3547 
3548 static int AddressTestAddressGroupSetup16(void)
3549 {
3550  int result = 0;
3551  DetectAddressHead *gh = DetectAddressHeadInit();
3552 
3553  if (gh != NULL) {
3554  int r = DetectAddressParse(NULL, gh, "2001::4");
3555  if (r == 0 && gh->ipv6_head != NULL) {
3556  DetectAddress *prev_head = gh->ipv6_head;
3557 
3558  r = DetectAddressParse(NULL, gh, "2001::3");
3559  if (r == 0 && gh->ipv6_head != prev_head &&
3560  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3561  result = 1;
3562  }
3563  }
3564 
3565  DetectAddressHeadFree(gh);
3566  }
3567  return result;
3568 }
3569 
3570 static int AddressTestAddressGroupSetup17(void)
3571 {
3572  int result = 0;
3573  DetectAddressHead *gh = DetectAddressHeadInit();
3574 
3575  if (gh != NULL) {
3576  int r = DetectAddressParse(NULL, gh, "2001::4");
3577  if (r == 0 && gh->ipv6_head != NULL) {
3578  DetectAddress *prev_head = gh->ipv6_head;
3579 
3580  r = DetectAddressParse(NULL, gh, "2001::3");
3581  if (r == 0 && gh->ipv6_head != prev_head &&
3582  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3583  DetectAddress *ph = gh->ipv6_head;
3584 
3585  r = DetectAddressParse(NULL, gh, "2001::2");
3586  if (r == 0 && gh->ipv6_head != ph &&
3587  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3588  result = 1;
3589  }
3590  }
3591  }
3592 
3593  DetectAddressHeadFree(gh);
3594  }
3595  return result;
3596 }
3597 
3598 static int AddressTestAddressGroupSetup18(void)
3599 {
3600  int result = 0;
3601  DetectAddressHead *gh = DetectAddressHeadInit();
3602 
3603  if (gh != NULL) {
3604  int r = DetectAddressParse(NULL, gh, "2001::2");
3605  if (r == 0 && gh->ipv6_head != NULL) {
3606  DetectAddress *prev_head = gh->ipv6_head;
3607 
3608  r = DetectAddressParse(NULL, gh, "2001::3");
3609  if (r == 0 && gh->ipv6_head == prev_head &&
3610  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3611  DetectAddress *ph = gh->ipv6_head;
3612 
3613  r = DetectAddressParse(NULL, gh, "2001::4");
3614  if (r == 0 && gh->ipv6_head == ph &&
3615  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3616  result = 1;
3617  }
3618  }
3619  }
3620 
3621  DetectAddressHeadFree(gh);
3622  }
3623  return result;
3624 }
3625 
3626 static int AddressTestAddressGroupSetup19(void)
3627 {
3628  int result = 0;
3629  DetectAddressHead *gh = DetectAddressHeadInit();
3630 
3631  if (gh != NULL) {
3632  int r = DetectAddressParse(NULL, gh, "2001::2");
3633  if (r == 0 && gh->ipv6_head != NULL) {
3634  DetectAddress *prev_head = gh->ipv6_head;
3635 
3636  r = DetectAddressParse(NULL, gh, "2001::2");
3637  if (r == 0 && gh->ipv6_head == prev_head &&
3638  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3639  result = 1;
3640  }
3641  }
3642 
3643  DetectAddressHeadFree(gh);
3644  }
3645  return result;
3646 }
3647 
3648 static int AddressTestAddressGroupSetup20(void)
3649 {
3650  int result = 0;
3651  DetectAddressHead *gh = DetectAddressHeadInit();
3652 
3653  if (gh != NULL) {
3654  int r = DetectAddressParse(NULL, gh, "2000::/3");
3655  if (r == 0 && gh->ipv6_head != NULL) {
3656  r = DetectAddressParse(NULL, gh, "2001::4");
3657  if (r == 0 && gh->ipv6_head != NULL &&
3658  gh->ipv6_head->next != NULL &&
3659  gh->ipv6_head->next->next != NULL) {
3660  result = 1;
3661  }
3662  }
3663 
3664  DetectAddressHeadFree(gh);
3665  }
3666  return result;
3667 }
3668 
3669 static int AddressTestAddressGroupSetup21(void)
3670 {
3671  int result = 0;
3672  DetectAddressHead *gh = DetectAddressHeadInit();
3673 
3674  if (gh != NULL) {
3675  int r = DetectAddressParse(NULL, gh, "2001::4");
3676  if (r == 0 && gh->ipv6_head != NULL) {
3677  r = DetectAddressParse(NULL, gh, "2000::/3");
3678  if (r == 0 && gh->ipv6_head != NULL &&
3679  gh->ipv6_head->next != NULL &&
3680  gh->ipv6_head->next->next != NULL) {
3681  result = 1;
3682  }
3683  }
3684 
3685  DetectAddressHeadFree(gh);
3686  }
3687  return result;
3688 }
3689 
3690 static int AddressTestAddressGroupSetup22(void)
3691 {
3692  int result = 0;
3693  DetectAddressHead *gh = DetectAddressHeadInit();
3694 
3695  if (gh != NULL) {
3696  int r = DetectAddressParse(NULL, gh, "2000::/3");
3697  if (r == 0 && gh->ipv6_head != NULL) {
3698  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3699  if (r == 0 && gh->ipv6_head != NULL &&
3700  gh->ipv6_head->next != NULL &&
3701  gh->ipv6_head->next->next != NULL) {
3702  result = 1;
3703  }
3704  }
3705 
3706  DetectAddressHeadFree(gh);
3707  }
3708  return result;
3709 }
3710 
3711 static int AddressTestAddressGroupSetup23(void)
3712 {
3713  int result = 0;
3714  DetectAddressHead *gh = DetectAddressHeadInit();
3715 
3716  if (gh != NULL) {
3717  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3718  if (r == 0 && gh->ipv6_head != NULL) {
3719  r = DetectAddressParse(NULL, gh, "2000::/3");
3720  if (r == 0 && gh->ipv6_head != NULL &&
3721  gh->ipv6_head->next != NULL &&
3722  gh->ipv6_head->next->next != NULL) {
3723  result = 1;
3724  }
3725  }
3726 
3727  DetectAddressHeadFree(gh);
3728  }
3729  return result;
3730 }
3731 
3732 static int AddressTestAddressGroupSetup24(void)
3733 {
3734  int result = 0;
3735  DetectAddressHead *gh = DetectAddressHeadInit();
3736 
3737  if (gh != NULL) {
3738  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3739  if (r == 0) {
3740  r = DetectAddressParse(NULL, gh, "2001::/3");
3741  if (r == 0) {
3742  r = DetectAddressParse(NULL, gh, "::/0");
3743  if (r == 0) {
3744  DetectAddress *one = gh->ipv6_head, *two = one->next,
3745  *three = two->next, *four = three->next,
3746  *five = four->next;
3747  if (one->ip.addr_data32[0] == 0x00000000 &&
3748  one->ip.addr_data32[1] == 0x00000000 &&
3749  one->ip.addr_data32[2] == 0x00000000 &&
3750  one->ip.addr_data32[3] == 0x00000000 &&
3751  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3752  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3753  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3754  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3755 
3756  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3757  two->ip.addr_data32[1] == 0x00000000 &&
3758  two->ip.addr_data32[2] == 0x00000000 &&
3759  two->ip.addr_data32[3] == 0x00000000 &&
3760  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3761  two->ip2.addr_data32[1] == 0x00000000 &&
3762  two->ip2.addr_data32[2] == 0x00000000 &&
3763  two->ip2.addr_data32[3] == SCNtohl(3) &&
3764 
3765  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3766  three->ip.addr_data32[1] == 0x00000000 &&
3767  three->ip.addr_data32[2] == 0x00000000 &&
3768  three->ip.addr_data32[3] == SCNtohl(4) &&
3769  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3770  three->ip2.addr_data32[1] == 0x00000000 &&
3771  three->ip2.addr_data32[2] == 0x00000000 &&
3772  three->ip2.addr_data32[3] == SCNtohl(6) &&
3773 
3774  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3775  four->ip.addr_data32[1] == 0x00000000 &&
3776  four->ip.addr_data32[2] == 0x00000000 &&
3777  four->ip.addr_data32[3] == SCNtohl(7) &&
3778  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3779  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3780  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3781  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3782 
3783  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3784  five->ip.addr_data32[1] == 0x00000000 &&
3785  five->ip.addr_data32[2] == 0x00000000 &&
3786  five->ip.addr_data32[3] == 0x00000000 &&
3787  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3788  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3789  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3790  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3791  result = 1;
3792  }
3793  }
3794  }
3795  }
3796 
3797  DetectAddressHeadFree(gh);
3798  }
3799  return result;
3800 }
3801 
3802 static int AddressTestAddressGroupSetup25(void)
3803 {
3804  int result = 0;
3805  DetectAddressHead *gh = DetectAddressHeadInit();
3806 
3807  if (gh != NULL) {
3808  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3809  if (r == 0) {
3810  r = DetectAddressParse(NULL, gh, "::/0");
3811  if (r == 0) {
3812  r = DetectAddressParse(NULL, gh, "2001::/3");
3813  if (r == 0) {
3814  DetectAddress *one = gh->ipv6_head, *two = one->next,
3815  *three = two->next, *four = three->next,
3816  *five = four->next;
3817  if (one->ip.addr_data32[0] == 0x00000000 &&
3818  one->ip.addr_data32[1] == 0x00000000 &&
3819  one->ip.addr_data32[2] == 0x00000000 &&
3820  one->ip.addr_data32[3] == 0x00000000 &&
3821  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3822  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3823  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3824  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3825 
3826  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3827  two->ip.addr_data32[1] == 0x00000000 &&
3828  two->ip.addr_data32[2] == 0x00000000 &&
3829  two->ip.addr_data32[3] == 0x00000000 &&
3830  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3831  two->ip2.addr_data32[1] == 0x00000000 &&
3832  two->ip2.addr_data32[2] == 0x00000000 &&
3833  two->ip2.addr_data32[3] == SCNtohl(3) &&
3834 
3835  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3836  three->ip.addr_data32[1] == 0x00000000 &&
3837  three->ip.addr_data32[2] == 0x00000000 &&
3838  three->ip.addr_data32[3] == SCNtohl(4) &&
3839  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3840  three->ip2.addr_data32[1] == 0x00000000 &&
3841  three->ip2.addr_data32[2] == 0x00000000 &&
3842  three->ip2.addr_data32[3] == SCNtohl(6) &&
3843 
3844  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3845  four->ip.addr_data32[1] == 0x00000000 &&
3846  four->ip.addr_data32[2] == 0x00000000 &&
3847  four->ip.addr_data32[3] == SCNtohl(7) &&
3848  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3849  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3850  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3851  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3852 
3853  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3854  five->ip.addr_data32[1] == 0x00000000 &&
3855  five->ip.addr_data32[2] == 0x00000000 &&
3856  five->ip.addr_data32[3] == 0x00000000 &&
3857  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3858  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3859  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3860  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3861  result = 1;
3862  }
3863  }
3864  }
3865  }
3866 
3867  DetectAddressHeadFree(gh);
3868  }
3869  return result;
3870 }
3871 
3872 static int AddressTestAddressGroupSetup26(void)
3873 {
3874  int result = 0;
3875  DetectAddressHead *gh = DetectAddressHeadInit();
3876 
3877  if (gh != NULL) {
3878  int r = DetectAddressParse(NULL, gh, "::/0");
3879  if (r == 0) {
3880  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3881  if (r == 0) {
3882  r = DetectAddressParse(NULL, gh, "2001::/3");
3883  if (r == 0) {
3884  DetectAddress *one = gh->ipv6_head, *two = one->next,
3885  *three = two->next, *four = three->next,
3886  *five = four->next;
3887  if (one->ip.addr_data32[0] == 0x00000000 &&
3888  one->ip.addr_data32[1] == 0x00000000 &&
3889  one->ip.addr_data32[2] == 0x00000000 &&
3890  one->ip.addr_data32[3] == 0x00000000 &&
3891  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3892  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3893  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3894  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3895 
3896  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3897  two->ip.addr_data32[1] == 0x00000000 &&
3898  two->ip.addr_data32[2] == 0x00000000 &&
3899  two->ip.addr_data32[3] == 0x00000000 &&
3900  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3901  two->ip2.addr_data32[1] == 0x00000000 &&
3902  two->ip2.addr_data32[2] == 0x00000000 &&
3903  two->ip2.addr_data32[3] == SCNtohl(3) &&
3904 
3905  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3906  three->ip.addr_data32[1] == 0x00000000 &&
3907  three->ip.addr_data32[2] == 0x00000000 &&
3908  three->ip.addr_data32[3] == SCNtohl(4) &&
3909  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3910  three->ip2.addr_data32[1] == 0x00000000 &&
3911  three->ip2.addr_data32[2] == 0x00000000 &&
3912  three->ip2.addr_data32[3] == SCNtohl(6) &&
3913 
3914  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3915  four->ip.addr_data32[1] == 0x00000000 &&
3916  four->ip.addr_data32[2] == 0x00000000 &&
3917  four->ip.addr_data32[3] == SCNtohl(7) &&
3918  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3919  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3920  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3921  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3922 
3923  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3924  five->ip.addr_data32[1] == 0x00000000 &&
3925  five->ip.addr_data32[2] == 0x00000000 &&
3926  five->ip.addr_data32[3] == 0x00000000 &&
3927  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3928  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3929  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3930  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3931  result = 1;
3932  }
3933  }
3934  }
3935  }
3936 
3937  DetectAddressHeadFree(gh);
3938  }
3939  return result;
3940 }
3941 
3942 static int AddressTestAddressGroupSetup27(void)
3943 {
3944  int result = 0;
3945  DetectAddressHead *gh = DetectAddressHeadInit();
3946 
3947  if (gh != NULL) {
3948  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3949  if (r == 0)
3950  result = 1;
3951 
3952  DetectAddressHeadFree(gh);
3953  }
3954  return result;
3955 }
3956 
3957 static int AddressTestAddressGroupSetup28(void)
3958 {
3959  int result = 0;
3960  DetectAddressHead *gh = DetectAddressHeadInit();
3961 
3962  if (gh != NULL) {
3963  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3964  if (r == 0)
3965  result = 1;
3966 
3967  DetectAddressHeadFree(gh);
3968  }
3969  return result;
3970 }
3971 
3972 static int AddressTestAddressGroupSetup29(void)
3973 {
3974  int result = 0;
3975  DetectAddressHead *gh = DetectAddressHeadInit();
3976 
3977  if (gh != NULL) {
3978  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3979  if (r == 0)
3980  result = 1;
3981 
3982  DetectAddressHeadFree(gh);
3983  }
3984  return result;
3985 }
3986 
3987 static int AddressTestAddressGroupSetup30(void)
3988 {
3989  int result = 0;
3990  DetectAddressHead *gh = DetectAddressHeadInit();
3991 
3992  if (gh != NULL) {
3993  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3994  if (r == 0)
3995  result = 1;
3996 
3997  DetectAddressHeadFree(gh);
3998  }
3999  return result;
4000 }
4001 
4002 static int AddressTestAddressGroupSetup31(void)
4003 {
4004  int result = 0;
4005  DetectAddressHead *gh = DetectAddressHeadInit();
4006 
4007  if (gh != NULL) {
4008  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4009  if (r == 0)
4010  result = 1;
4011 
4012  DetectAddressHeadFree(gh);
4013  }
4014  return result;
4015 }
4016 
4017 static int AddressTestAddressGroupSetup32(void)
4018 {
4019  int result = 0;
4020  DetectAddressHead *gh = DetectAddressHeadInit();
4021 
4022  if (gh != NULL) {
4023  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4024  if (r == 0)
4025  result = 1;
4026 
4027  DetectAddressHeadFree(gh);
4028  }
4029  return result;
4030 }
4031 
4032 static int AddressTestAddressGroupSetup33(void)
4033 {
4034  int result = 0;
4035  DetectAddressHead *gh = DetectAddressHeadInit();
4036 
4037  if (gh != NULL) {
4038  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4039  if (r == 1)
4040  result = 1;
4041 
4042  DetectAddressHeadFree(gh);
4043  }
4044  return result;
4045 }
4046 
4047 static int AddressTestAddressGroupSetup34(void)
4048 {
4049  int result = 0;
4050  DetectAddressHead *gh = DetectAddressHeadInit();
4051 
4052  if (gh != NULL) {
4053  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4054  if (r == 1)
4055  result = 1;
4056 
4057  DetectAddressHeadFree(gh);
4058  }
4059  return result;
4060 }
4061 
4062 static int AddressTestAddressGroupSetup35(void)
4063 {
4064  int result = 0;
4065  DetectAddressHead *gh = DetectAddressHeadInit();
4066 
4067  if (gh != NULL) {
4068  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4069  if (r == 1)
4070  result = 1;
4071 
4072  DetectAddressHeadFree(gh);
4073  }
4074  return result;
4075 }
4076 
4077 static int AddressTestAddressGroupSetup36 (void)
4078 {
4079  int result = 0;
4080 
4081  DetectAddressHead *gh = DetectAddressHeadInit();
4082  if (gh != NULL) {
4083  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4084  if (r == 1)
4085  result = 1;
4086 
4087  DetectAddressHeadFree(gh);
4088  }
4089  return result;
4090 }
4091 
4092 static int AddressTestAddressGroupSetup37(void)
4093 {
4094  int result = 0;
4095  DetectAddressHead *gh = DetectAddressHeadInit();
4096 
4097  if (gh != NULL) {
4098  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4099  if (r == 0)
4100  result = 1;
4101 
4102  DetectAddressHeadFree(gh);
4103  }
4104  return result;
4105 }
4106 
4107 static int AddressTestAddressGroupSetup38(void)
4108 {
4109  UTHValidateDetectAddressHeadRange expectations[3] = {
4110  { "0.0.0.0", "192.167.255.255" },
4111  { "192.168.14.0", "192.168.14.255" },
4112  { "192.169.0.0", "255.255.255.255" } };
4113  int result = 0;
4114  DetectAddressHead *gh = DetectAddressHeadInit();
4115 
4116  if (gh != NULL) {
4117  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4118  if (r == 1) {
4119  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4120  result = 1;
4121  }
4122 
4123  DetectAddressHeadFree(gh);
4124  }
4125  return result;
4126 }
4127 
4128 static int AddressTestAddressGroupSetup39(void)
4129 {
4130  UTHValidateDetectAddressHeadRange expectations[3] = {
4131  { "0.0.0.0", "192.167.255.255" },
4132  { "192.168.14.0", "192.168.14.255" },
4133  { "192.169.0.0", "255.255.255.255" } };
4134  int result = 0;
4135  DetectAddressHead *gh = DetectAddressHeadInit();
4136 
4137  if (gh != NULL) {
4138  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4139  if (r == 1) {
4140  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4141  result = 1;
4142  }
4143 
4144  DetectAddressHeadFree(gh);
4145  }
4146  return result;
4147 }
4148 
4149 static int AddressTestAddressGroupSetup40(void)
4150 {
4151  UTHValidateDetectAddressHeadRange expectations[3] = {
4152  { "0.0.0.0", "192.167.255.255" },
4153  { "192.168.14.0", "192.168.14.255" },
4154  { "192.169.0.0", "255.255.255.255" } };
4155  int result = 0;
4156  DetectAddressHead *gh = DetectAddressHeadInit();
4157  if (gh != NULL) {
4158  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4159  if (r == 1) {
4160  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4161  result = 1;
4162  }
4163 
4164  DetectAddressHeadFree(gh);
4165  }
4166  return result;
4167 }
4168 
4169 static int AddressTestAddressGroupSetup41(void)
4170 {
4171  UTHValidateDetectAddressHeadRange expectations[3] = {
4172  { "0.0.0.0", "192.167.255.255" },
4173  { "192.168.14.0", "192.168.14.255" },
4174  { "192.169.0.0", "255.255.255.255" } };
4175  int result = 0;
4176  DetectAddressHead *gh = DetectAddressHeadInit();
4177  if (gh != NULL) {
4178  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4179  if (r == 1) {
4180  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4181  result = 1;
4182  }
4183 
4184  DetectAddressHeadFree(gh);
4185  }
4186  return result;
4187 }
4188 
4189 static int AddressTestAddressGroupSetup42(void)
4190 {
4191  UTHValidateDetectAddressHeadRange expectations[1] = {
4192  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4193  int result = 0;
4194  DetectAddressHead *gh = DetectAddressHeadInit();
4195  if (gh != NULL) {
4196  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4197  if (r == 0) {
4198  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4199  result = 1;
4200  }
4201 
4202  DetectAddressHeadFree(gh);
4203  }
4204  return result;
4205 }
4206 
4207 static int AddressTestAddressGroupSetup43(void)
4208 {
4209  UTHValidateDetectAddressHeadRange expectations[2] = {
4210  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4211  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4212  int result = 0;
4213  DetectAddressHead *gh = DetectAddressHeadInit();
4214  if (gh != NULL) {
4215  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4216  if (r == 1) {
4217  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4218  result = 1;
4219  }
4220 
4221  DetectAddressHeadFree(gh);
4222  }
4223  return result;
4224 }
4225 
4226 static int AddressTestAddressGroupSetup44(void)
4227 {
4228  UTHValidateDetectAddressHeadRange expectations[2] = {
4229  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4230  int result = 0;
4231  DetectAddressHead *gh = DetectAddressHeadInit();
4232  if (gh != NULL) {
4233  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4234  if (r == 0) {
4235  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4236  result = 1;
4237  }
4238 
4239  DetectAddressHeadFree(gh);
4240  }
4241  return result;
4242 }
4243 
4244 static int AddressTestAddressGroupSetup45(void)
4245 {
4246  int result = 0;
4247  DetectAddressHead *gh = DetectAddressHeadInit();
4248  if (gh != NULL) {
4249  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4250  if (r != 0) {
4251  result = 1;
4252  }
4253 
4254  DetectAddressHeadFree(gh);
4255  }
4256  return result;
4257 }
4258 
4259 static int AddressTestAddressGroupSetup46(void)
4260 {
4261  UTHValidateDetectAddressHeadRange expectations[4] = {
4262  { "0.0.0.0", "192.167.255.255" },
4263  { "192.168.1.0", "192.168.1.255" },
4264  { "192.168.3.0", "192.168.3.255" },
4265  { "192.169.0.0", "255.255.255.255" } };
4266  int result = 0;
4267  DetectAddressHead *gh = DetectAddressHeadInit();
4268  if (gh != NULL) {
4269  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4270  if (r == 1) {
4271  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4272  result = 1;
4273  }
4274 
4275  DetectAddressHeadFree(gh);
4276  }
4277  return result;
4278 }
4279 
4280 /** \test net with some negations, then all negated */
4281 static int AddressTestAddressGroupSetup47(void)
4282 {
4283  UTHValidateDetectAddressHeadRange expectations[5] = {
4284  { "0.0.0.0", "192.167.255.255" },
4285  { "192.168.1.0", "192.168.1.255" },
4286  { "192.168.3.0", "192.168.3.255" },
4287  { "192.168.5.0", "192.168.5.255" },
4288  { "192.169.0.0", "255.255.255.255" } };
4289  int result = 0;
4290  DetectAddressHead *gh = DetectAddressHeadInit();
4291  if (gh != NULL) {
4292  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4293  if (r == 1) {
4294  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4295  result = 1;
4296  }
4297 
4298  DetectAddressHeadFree(gh);
4299  }
4300  return result;
4301 }
4302 
4303 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4304 static int AddressTestAddressGroupSetup48(void)
4305 {
4306  UTHValidateDetectAddressHeadRange expectations[4] = {
4307  { "192.168.0.0", "192.168.0.255" },
4308  { "192.168.2.0", "192.168.2.255" },
4309  { "192.168.4.0", "192.168.4.255" },
4310  { "192.168.6.0", "192.168.255.255" } };
4311  int result = 0;
4312  DetectAddressHead *gh = DetectAddressHeadInit();
4313  if (gh != NULL) {
4314  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4315  if (r == 1) {
4316  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4317  result = 1;
4318  }
4319 
4320  DetectAddressHeadFree(gh);
4321  }
4322  return result;
4323 }
4324 
4325 static int AddressTestCutIPv401(void)
4326 {
4327  DetectAddress *c;
4328  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4329  FAIL_IF_NULL(a);
4330  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4331  FAIL_IF_NULL(b);
4332 
4333  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4334 
4335  DetectAddressFree(a);
4336  DetectAddressFree(b);
4337  DetectAddressFree(c);
4338  PASS;
4339 }
4340 
4341 static int AddressTestCutIPv402(void)
4342 {
4343  DetectAddress *a, *b, *c = NULL;
4344  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4345  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4346 
4347  if (DetectAddressCut(NULL, a, b, &c) == -1)
4348  goto error;
4349 
4350  if (c == NULL)
4351  goto error;
4352 
4353  DetectAddressFree(a);
4354  DetectAddressFree(b);
4355  DetectAddressFree(c);
4356  return 1;
4357 
4358 error:
4359  DetectAddressFree(a);
4360  DetectAddressFree(b);
4361  DetectAddressFree(c);
4362  return 0;
4363 }
4364 
4365 static int AddressTestCutIPv403(void)
4366 {
4367  DetectAddress *a, *b, *c = NULL;
4368  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4369  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4370 
4371  if (DetectAddressCut(NULL, a, b, &c) == -1)
4372  goto error;
4373 
4374  if (c == NULL)
4375  goto error;
4376 
4377  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4378  goto error;
4379  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4380  goto error;
4381  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4382  goto error;
4383 
4384  DetectAddressFree(a);
4385  DetectAddressFree(b);
4386  DetectAddressFree(c);
4387  return 1;
4388 
4389 error:
4390  DetectAddressFree(a);
4391  DetectAddressFree(b);
4392  DetectAddressFree(c);
4393  return 0;
4394 }
4395 
4396 static int AddressTestCutIPv404(void)
4397 {
4398  DetectAddress *a, *b, *c = NULL;
4399  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4400  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4401 
4402  if (DetectAddressCut(NULL, a, b, &c) == -1)
4403  goto error;
4404 
4405  if (c == NULL)
4406  goto error;
4407 
4408  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4409  goto error;
4410  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4411  goto error;
4412  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4413  goto error;
4414 
4415 
4416  DetectAddressFree(a);
4417  DetectAddressFree(b);
4418  DetectAddressFree(c);
4419  return 1;
4420 
4421 error:
4422  DetectAddressFree(a);
4423  DetectAddressFree(b);
4424  DetectAddressFree(c);
4425  return 0;
4426 }
4427 
4428 static int AddressTestCutIPv405(void)
4429 {
4430  DetectAddress *a, *b, *c = NULL;
4431  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4432  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4433 
4434  if (DetectAddressCut(NULL, a, b, &c) == -1)
4435  goto error;
4436 
4437  if (c == NULL)
4438  goto error;
4439 
4440  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4441  goto error;
4442  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4443  goto error;
4444  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4445  goto error;
4446 
4447  DetectAddressFree(a);
4448  DetectAddressFree(b);
4449  DetectAddressFree(c);
4450  return 1;
4451 
4452 error:
4453  DetectAddressFree(a);
4454  DetectAddressFree(b);
4455  DetectAddressFree(c);
4456  return 0;
4457 }
4458 
4459 static int AddressTestCutIPv406(void)
4460 {
4461  DetectAddress *a, *b, *c = NULL;
4462  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4463  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4464 
4465  if (DetectAddressCut(NULL, a, b, &c) == -1)
4466  goto error;
4467 
4468  if (c == NULL)
4469  goto error;
4470 
4471  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4472  goto error;
4473  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4474  goto error;
4475  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4476  goto error;
4477 
4478  DetectAddressFree(a);
4479  DetectAddressFree(b);
4480  DetectAddressFree(c);
4481  return 1;
4482 
4483 error:
4484  DetectAddressFree(a);
4485  DetectAddressFree(b);
4486  DetectAddressFree(c);
4487  return 0;
4488 }
4489 
4490 static int AddressTestCutIPv407(void)
4491 {
4492  DetectAddress *a, *b, *c = NULL;
4493  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4494  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4495 
4496  if (DetectAddressCut(NULL, a, b, &c) == -1)
4497  goto error;
4498 
4499  if (c != NULL)
4500  goto error;
4501 
4502  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4503  goto error;
4504  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4505  goto error;
4506 
4507  DetectAddressFree(a);
4508  DetectAddressFree(b);
4509  DetectAddressFree(c);
4510  return 1;
4511 
4512 error:
4513  DetectAddressFree(a);
4514  DetectAddressFree(b);
4515  DetectAddressFree(c);
4516  return 0;
4517 }
4518 
4519 static int AddressTestCutIPv408(void)
4520 {
4521  DetectAddress *a, *b, *c = NULL;
4522  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4523  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4524 
4525  if (DetectAddressCut(NULL, a, b, &c) == -1)
4526  goto error;
4527 
4528  if (c != NULL)
4529  goto error;
4530 
4531  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4532  goto error;
4533  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4534  goto error;
4535 
4536  DetectAddressFree(a);
4537  DetectAddressFree(b);
4538  DetectAddressFree(c);
4539  return 1;
4540 
4541 error:
4542  DetectAddressFree(a);
4543  DetectAddressFree(b);
4544  DetectAddressFree(c);
4545  return 0;
4546 }
4547 
4548 static int AddressTestCutIPv409(void)
4549 {
4550  DetectAddress *a, *b, *c = NULL;
4551  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4552  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4553 
4554  if (DetectAddressCut(NULL, a, b, &c) == -1)
4555  goto error;
4556 
4557  if (c != NULL)
4558  goto error;
4559 
4560  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4561  goto error;
4562  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4563  goto error;
4564 
4565  DetectAddressFree(a);
4566  DetectAddressFree(b);
4567  DetectAddressFree(c);
4568  return 1;
4569 
4570 error:
4571  DetectAddressFree(a);
4572  DetectAddressFree(b);
4573  DetectAddressFree(c);
4574  return 0;
4575 }
4576 
4577 static int AddressTestCutIPv410(void)
4578 {
4579  DetectAddress *a, *b, *c = NULL;
4580  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4581  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4582 
4583  if (DetectAddressCut(NULL, a, b, &c) == -1)
4584  goto error;
4585 
4586  if (c != NULL)
4587  goto error;
4588 
4589  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4590  goto error;
4591  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4592  goto error;
4593 
4594  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4595 
4596  DetectAddressFree(a);
4597  DetectAddressFree(b);
4598  DetectAddressFree(c);
4599  return 1;
4600 
4601 error:
4602  DetectAddressFree(a);
4603  DetectAddressFree(b);
4604  DetectAddressFree(c);
4605  return 0;
4606 }
4607 
4608 static int AddressTestParseInvalidMask01(void)
4609 {
4610  int result = 1;
4611  DetectAddress *dd = NULL;
4612 
4613  dd = DetectAddressParseSingle("192.168.2.0/33");
4614  if (dd != NULL) {
4615  DetectAddressFree(dd);
4616  result = 0;
4617  }
4618  return result;
4619 }
4620 
4621 static int AddressTestParseInvalidMask02(void)
4622 {
4623  int result = 1;
4624  DetectAddress *dd = NULL;
4625 
4626  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4627  if (dd != NULL) {
4628  DetectAddressFree(dd);
4629  result = 0;
4630  }
4631  return result;
4632 }
4633 
4634 static int AddressTestParseInvalidMask03(void)
4635 {
4636  int result = 1;
4637  DetectAddress *dd = NULL;
4638 
4639  dd = DetectAddressParseSingle("192.168.2.0/blue");
4640  if (dd != NULL) {
4641  DetectAddressFree(dd);
4642  result = 0;
4643  }
4644  return result;
4645 }
4646 
4647 static int AddressConfVarsTest01(void)
4648 {
4649  static const char *dummy_conf_string =
4650  "%YAML 1.1\n"
4651  "---\n"
4652  "\n"
4653  "vars:\n"
4654  "\n"
4655  " address-groups:\n"
4656  "\n"
4657  " HOME_NET: \"any\"\n"
4658  "\n"
4659  " EXTERNAL_NET: \"!any\"\n"
4660  "\n"
4661  " port-groups:\n"
4662  "\n"
4663  " HTTP_PORTS: \"any\"\n"
4664  "\n"
4665  " SHELLCODE_PORTS: \"!any\"\n"
4666  "\n";
4667 
4668  int result = 0;
4669 
4671  SCConfInit();
4672  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4673 
4675  result = 1;
4676 
4677  SCConfDeInit();
4679 
4680  return result;
4681 }
4682 
4683 static int AddressConfVarsTest02(void)
4684 {
4685  static const char *dummy_conf_string =
4686  "%YAML 1.1\n"
4687  "---\n"
4688  "\n"
4689  "vars:\n"
4690  "\n"
4691  " address-groups:\n"
4692  "\n"
4693  " HOME_NET: \"any\"\n"
4694  "\n"
4695  " EXTERNAL_NET: \"any\"\n"
4696  "\n"
4697  " port-groups:\n"
4698  "\n"
4699  " HTTP_PORTS: \"any\"\n"
4700  "\n"
4701  " SHELLCODE_PORTS: \"!any\"\n"
4702  "\n";
4703 
4704  int result = 0;
4705 
4707  SCConfInit();
4708  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4709 
4711  result = 1;
4712 
4713  SCConfDeInit();
4715 
4716  return result;
4717 }
4718 
4719 static int AddressConfVarsTest03(void)
4720 {
4721  static const char *dummy_conf_string =
4722  "%YAML 1.1\n"
4723  "---\n"
4724  "\n"
4725  "vars:\n"
4726  "\n"
4727  " address-groups:\n"
4728  "\n"
4729  " HOME_NET: \"any\"\n"
4730  "\n"
4731  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4732  "\n"
4733  " port-groups:\n"
4734  "\n"
4735  " HTTP_PORTS: \"any\"\n"
4736  "\n"
4737  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4738  "\n";
4739 
4740  int result = 0;
4741 
4743  SCConfInit();
4744  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4745 
4747  result = 1;
4748 
4749  SCConfDeInit();
4751 
4752  return result;
4753 }
4754 
4755 static int AddressConfVarsTest04(void)
4756 {
4757  static const char *dummy_conf_string =
4758  "%YAML 1.1\n"
4759  "---\n"
4760  "\n"
4761  "vars:\n"
4762  "\n"
4763  " address-groups:\n"
4764  "\n"
4765  " HOME_NET: \"any\"\n"
4766  "\n"
4767  " EXTERNAL_NET: \"$HOME_NET\"\n"
4768  "\n"
4769  " port-groups:\n"
4770  "\n"
4771  " HTTP_PORTS: \"any\"\n"
4772  "\n"
4773  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4774  "\n";
4775 
4776  int result = 0;
4777 
4779  SCConfInit();
4780  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4781 
4783  result = 1;
4784 
4785  SCConfDeInit();
4787 
4788  return result;
4789 }
4790 
4791 static int AddressConfVarsTest05(void)
4792 {
4793  static const char *dummy_conf_string =
4794  "%YAML 1.1\n"
4795  "---\n"
4796  "\n"
4797  "vars:\n"
4798  "\n"
4799  " address-groups:\n"
4800  "\n"
4801  " HOME_NET: \"any\"\n"
4802  "\n"
4803  " EXTERNAL_NET: [192.168.0.1]\n"
4804  "\n"
4805  " port-groups:\n"
4806  "\n"
4807  " HTTP_PORTS: \"any\"\n"
4808  "\n"
4809  " SHELLCODE_PORTS: [80]\n"
4810  "\n";
4811 
4812  int result = 0;
4813 
4815  SCConfInit();
4816  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4817 
4818  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4819  goto end;
4820 
4821  result = 1;
4822 
4823  end:
4824  SCConfDeInit();
4826 
4827  return result;
4828 }
4829 
4830 static int AddressConfVarsTest06(void)
4831 {
4832  // HOME_NET value size = 10261 bytes
4833  static const char *dummy_conf_string =
4834  "%YAML 1.1\n"
4835  "---\n"
4836  "\n"
4837  "vars:\n"
4838  "\n"
4839  " address-groups:\n"
4840  "\n"
4841  " HOME_NET: "
4842  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4843  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4844  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4845  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4846  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4847  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4977  "\n"
4978  " EXTERNAL_NET: \"any\"\n"
4979  "\n";
4980 
4982  SCConfInit();
4983  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4984 
4986 
4987  SCConfDeInit();
4989 
4990  PASS;
4991 }
4992 
4993 #endif /* UNITTESTS */
4994 
4995 void DetectAddressTests(void)
4996 {
4997 #ifdef UNITTESTS
5000 
5001  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5002  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5003  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5004  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5005  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5006  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5007  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5008  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5009  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5010  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5011  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5012  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5013  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5014  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5015  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5016  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5017  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5018  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5019  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5020  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5021  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5022  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5023  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5024  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5025  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5026  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5027  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5028  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5029  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5030  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5031  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5032  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5033  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5034  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5035  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5036  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5037  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5038  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5039 
5040  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5041  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5042  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5043  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5044  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5045  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5046  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5047  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5048  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5049  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5050  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5051 
5052  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5053  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5054  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5055  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5056  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5057  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5058  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5059  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5060 
5061  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5062  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5063  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5064  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5065  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5066  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5067 
5068  UtRegisterTest("AddressTestAddressGroupSetup01",
5069  AddressTestAddressGroupSetup01);
5070  UtRegisterTest("AddressTestAddressGroupSetup02",
5071  AddressTestAddressGroupSetup02);
5072  UtRegisterTest("AddressTestAddressGroupSetup03",
5073  AddressTestAddressGroupSetup03);
5074  UtRegisterTest("AddressTestAddressGroupSetup04",
5075  AddressTestAddressGroupSetup04);
5076  UtRegisterTest("AddressTestAddressGroupSetup05",
5077  AddressTestAddressGroupSetup05);
5078  UtRegisterTest("AddressTestAddressGroupSetup06",
5079  AddressTestAddressGroupSetup06);
5080  UtRegisterTest("AddressTestAddressGroupSetup07",
5081  AddressTestAddressGroupSetup07);
5082  UtRegisterTest("AddressTestAddressGroupSetup08",
5083  AddressTestAddressGroupSetup08);
5084  UtRegisterTest("AddressTestAddressGroupSetup09",
5085  AddressTestAddressGroupSetup09);
5086  UtRegisterTest("AddressTestAddressGroupSetup10",
5087  AddressTestAddressGroupSetup10);
5088  UtRegisterTest("AddressTestAddressGroupSetup11",
5089  AddressTestAddressGroupSetup11);
5090  UtRegisterTest("AddressTestAddressGroupSetup12",
5091  AddressTestAddressGroupSetup12);
5092  UtRegisterTest("AddressTestAddressGroupSetup13",
5093  AddressTestAddressGroupSetup13);
5094  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5095  AddressTestAddressGroupSetupIPv414);
5096  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5097  AddressTestAddressGroupSetupIPv415);
5098  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5099  AddressTestAddressGroupSetupIPv416);
5100 
5101  UtRegisterTest("AddressTestAddressGroupSetup14",
5102  AddressTestAddressGroupSetup14);
5103  UtRegisterTest("AddressTestAddressGroupSetup15",
5104  AddressTestAddressGroupSetup15);
5105  UtRegisterTest("AddressTestAddressGroupSetup16",
5106  AddressTestAddressGroupSetup16);
5107  UtRegisterTest("AddressTestAddressGroupSetup17",
5108  AddressTestAddressGroupSetup17);
5109  UtRegisterTest("AddressTestAddressGroupSetup18",
5110  AddressTestAddressGroupSetup18);
5111  UtRegisterTest("AddressTestAddressGroupSetup19",
5112  AddressTestAddressGroupSetup19);
5113  UtRegisterTest("AddressTestAddressGroupSetup20",
5114  AddressTestAddressGroupSetup20);
5115  UtRegisterTest("AddressTestAddressGroupSetup21",
5116  AddressTestAddressGroupSetup21);
5117  UtRegisterTest("AddressTestAddressGroupSetup22",
5118  AddressTestAddressGroupSetup22);
5119  UtRegisterTest("AddressTestAddressGroupSetup23",
5120  AddressTestAddressGroupSetup23);
5121  UtRegisterTest("AddressTestAddressGroupSetup24",
5122  AddressTestAddressGroupSetup24);
5123  UtRegisterTest("AddressTestAddressGroupSetup25",
5124  AddressTestAddressGroupSetup25);
5125  UtRegisterTest("AddressTestAddressGroupSetup26",
5126  AddressTestAddressGroupSetup26);
5127 
5128  UtRegisterTest("AddressTestAddressGroupSetup27",
5129  AddressTestAddressGroupSetup27);
5130  UtRegisterTest("AddressTestAddressGroupSetup28",
5131  AddressTestAddressGroupSetup28);
5132  UtRegisterTest("AddressTestAddressGroupSetup29",
5133  AddressTestAddressGroupSetup29);
5134  UtRegisterTest("AddressTestAddressGroupSetup30",
5135  AddressTestAddressGroupSetup30);
5136  UtRegisterTest("AddressTestAddressGroupSetup31",
5137  AddressTestAddressGroupSetup31);
5138  UtRegisterTest("AddressTestAddressGroupSetup32",
5139  AddressTestAddressGroupSetup32);
5140  UtRegisterTest("AddressTestAddressGroupSetup33",
5141  AddressTestAddressGroupSetup33);
5142  UtRegisterTest("AddressTestAddressGroupSetup34",
5143  AddressTestAddressGroupSetup34);
5144  UtRegisterTest("AddressTestAddressGroupSetup35",
5145  AddressTestAddressGroupSetup35);
5146  UtRegisterTest("AddressTestAddressGroupSetup36",
5147  AddressTestAddressGroupSetup36);
5148  UtRegisterTest("AddressTestAddressGroupSetup37",
5149  AddressTestAddressGroupSetup37);
5150  UtRegisterTest("AddressTestAddressGroupSetup38",
5151  AddressTestAddressGroupSetup38);
5152  UtRegisterTest("AddressTestAddressGroupSetup39",
5153  AddressTestAddressGroupSetup39);
5154  UtRegisterTest("AddressTestAddressGroupSetup40",
5155  AddressTestAddressGroupSetup40);
5156  UtRegisterTest("AddressTestAddressGroupSetup41",
5157  AddressTestAddressGroupSetup41);
5158  UtRegisterTest("AddressTestAddressGroupSetup42",
5159  AddressTestAddressGroupSetup42);
5160  UtRegisterTest("AddressTestAddressGroupSetup43",
5161  AddressTestAddressGroupSetup43);
5162  UtRegisterTest("AddressTestAddressGroupSetup44",
5163  AddressTestAddressGroupSetup44);
5164  UtRegisterTest("AddressTestAddressGroupSetup45",
5165  AddressTestAddressGroupSetup45);
5166  UtRegisterTest("AddressTestAddressGroupSetup46",
5167  AddressTestAddressGroupSetup46);
5168  UtRegisterTest("AddressTestAddressGroupSetup47",
5169  AddressTestAddressGroupSetup47);
5170  UtRegisterTest("AddressTestAddressGroupSetup48",
5171  AddressTestAddressGroupSetup48);
5172 
5173  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5174  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5175  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5176  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5177  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5178  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5179  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5180  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5181  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5182  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5183 
5184  UtRegisterTest("AddressTestParseInvalidMask01",
5185  AddressTestParseInvalidMask01);
5186  UtRegisterTest("AddressTestParseInvalidMask02",
5187  AddressTestParseInvalidMask02);
5188  UtRegisterTest("AddressTestParseInvalidMask03",
5189  AddressTestParseInvalidMask03);
5190 
5191  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5192  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5193  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5194  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5195  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5196  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5197 #endif /* UNITTESTS */
5198 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:348
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:170
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:523
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1395
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1293
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:353
detect-engine-siggroup.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AddressIPv6Le
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1590
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:168
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:279
DetectAddressHead_
Definition: detect.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1477
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1338
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
Address_
Definition: decode.h:112
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:168
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1109
util-var.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:159
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1799
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:156
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:177
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:158
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:728
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1882
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:281
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:154
detect-engine-port.h
DetectAddress_::ip2
Address ip2
Definition: detect.h:171
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1036
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:482
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:127
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
Address_::address
union Address_::@30 address
util-rule-vars.h
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:153
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
DetectAddressCleanupList
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
Definition: detect-engine-address.c:144
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:297
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
SCConfCreateContextBackup
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:684
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:229
DetectAddressMap_
Definition: detect-engine-address.c:1290
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:185
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:157
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1623
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:1072
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:152
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:703
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1327
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:123
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:155
str
#define str(s)
Definition: suricata-common.h:308
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:271
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1881
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1292
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:430
detect-engine-address-ipv4.h
SCConfRestoreContextBackup
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:694
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:704
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:139
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:179
DetectMatchAddressIPv6_
Definition: detect.h:194
DetectMatchAddressIPv4_
Definition: detect.h:189
Address_::family
char family
Definition: decode.h:113
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1435
SCConfNode_::name
char * name
Definition: conf.h:38
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1874
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:162
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1883
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:127
AddressIPv6Gt
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
AddressIPv6Ge
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:285
SCConfNode_
Definition: conf.h:37
flow-var.h
SCConfNode_::val
char * val
Definition: conf.h:39
DetectAddress_::flags
uint8_t flags
Definition: detect.h:174
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1563
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:184
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1291
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1218