suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
52 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
53 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
54  DetectAddress **);
56 
57 /**
58  * \brief Creates and returns a new instance of a DetectAddress.
59  *
60  * \retval ag Pointer to the newly created DetectAddress on success;
61  * NULL on failure.
62  */
64 {
65  DetectAddress *ag = SCMalloc(sizeof(DetectAddress));
66  if (unlikely(ag == NULL))
67  return NULL;
68  memset(ag, 0, sizeof(DetectAddress));
69 
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84 
85  return;
86 }
87 
88 /**
89  * \brief Copies the contents of one Address group in DetectAddress and returns
90  * a new instance of the DetectAddress that contains the copied address.
91  *
92  * \param orig Pointer to the instance of DetectAddress that contains the
93  * address data to be copied to the new instance.
94  *
95  * \retval ag Pointer to the new instance of DetectAddress that contains the
96  * copied address.
97  */
99 {
101  if (ag == NULL)
102  return NULL;
103 
104  ag->flags = orig->flags;
105 
106  COPY_ADDRESS(&orig->ip, &ag->ip);
107  COPY_ADDRESS(&orig->ip2, &ag->ip2);
108 
109  return ag;
110 }
111 
112 /**
113  * \brief Used to check if a DetectAddress list contains an instance with
114  * a similar DetectAddress. The comparison done is not the one that
115  * checks the memory for the same instance, but one that checks that the
116  * two instances hold the same content.
117  *
118  * \param head Pointer to the DetectAddress list.
119  * \param ad Pointer to the DetectAddress that has to be checked for in
120  * the DetectAddress list.
121  *
122  * \retval cur Returns a pointer to the DetectAddress on a match; NULL if
123  * no match.
124  */
126 {
127  DetectAddress *cur;
128 
129  if (head != NULL) {
130  for (cur = head; cur != NULL; cur = cur->next) {
131  if (DetectAddressCmp(cur, gr) == ADDRESS_EQ)
132  return cur;
133  }
134  }
135 
136  return NULL;
137 }
138 
139 /**
140  * \brief Prints the address data information for all the DetectAddress
141  * instances in the DetectAddress list sent as the argument.
142  *
143  * \param head Pointer to a list of DetectAddress instances.
144  */
146 {
147  DetectAddress *cur;
148 
149  SCLogInfo("list:");
150  if (head != NULL) {
151  for (cur = head; cur != NULL; cur = cur->next) {
152  DetectAddressPrint(cur);
153  }
154  }
155  SCLogInfo("endlist");
156 
157  return;
158 }
159 
160 /**
161  * \brief Frees a list of DetectAddress instances.
162  *
163  * \param head Pointer to a list of DetectAddress instances to be freed.
164  */
166 {
167  DetectAddress *cur, *next;
168 
169  if (head == NULL)
170  return;
171 
172  for (cur = head; cur != NULL; ) {
173  next = cur->next;
174  cur->next = NULL;
175  DetectAddressFree(cur);
176  cur = next;
177  }
178 
179  return;
180 }
181 
182 /**
183  * \brief Do a sorted insert, where the top of the list should be the biggest
184  * network/range.
185  *
186  * XXX current sorting only works for overlapping nets
187  *
188  * \param head Pointer to the list of DetectAddress.
189  * \param ag Pointer to the DetectAddress that has to be added to the
190  * above list.
191  *
192  * \retval 0 On successfully inserting the DetectAddress.
193  * \retval -1 On failure.
194  */
195 
197 {
198  DetectAddress *cur, *prev_cur = NULL;
199  int r = 0;
200 
201  if (*head != NULL) {
202  for (cur = *head; cur != NULL; cur = cur->next) {
203  prev_cur = cur;
204  r = DetectAddressCmp(ag, cur);
205  if (r == ADDRESS_EB) {
206  /* insert here */
207  ag->prev = cur->prev;
208  ag->next = cur;
209 
210  cur->prev = ag;
211  if (*head == cur)
212  *head = ag;
213  else
214  ag->prev->next = ag;
215 
216  return 0;
217  }
218  }
219  ag->prev = prev_cur;
220  if (prev_cur != NULL)
221  prev_cur->next = ag;
222  } else {
223  *head = ag;
224  }
225 
226  return 0;
227 }
228 
229 /**
230  * \internal
231  * \brief Helper function for DetectAddressInsert. Sets one of the
232  * DetectAddressHead head pointers, to the DetectAddress argument
233  * based on its address family.
234  *
235  * \param gh Pointer to the DetectAddressHead.
236  * \param newhead Pointer to the DetectAddress.
237  *
238  * \retval 0 On success.
239  * \retval -1 On failure.
240  */
241 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
242 {
243  if (newhead->ip.family == AF_INET) {
244  gh->ipv4_head = newhead;
245  } else if (newhead->ip.family == AF_INET6) {
246  gh->ipv6_head = newhead;
247  } else {
248  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
249  return -1;
250  }
251 
252  return 0;
253 }
254 
255 /**
256  * \internal
257  * \brief Returns the DetectAddress head from the DetectAddressHeads,
258  * based on the address family of the incoming DetectAddress arg.
259  *
260  * \param gh Pointer to the DetectAddressHead.
261  * \param new Pointer to the DetectAddress.
262  *
263  * \retval head Pointer to the DetectAddress(the head from
264  * DetectAddressHead).
265  */
266 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
267 {
268  DetectAddress *head = NULL;
269 
270  if (new->ip.family == AF_INET)
271  head = gh->ipv4_head;
272  else if (new->ip.family == AF_INET6)
273  head = gh->ipv6_head;
274 
275  return head;
276 }
277 
278 /**
279  * \brief Same as DetectAddressInsert, but then for inserting a address group
280  * object. This also makes sure SigGroupContainer lists are handled
281  * correctly.
282  *
283  * \param de_ctx Pointer to the detection engine context.
284  * \param gh Pointer to the DetectAddressHead list to which it has to
285  * be inserted.
286  * \param new Pointer to the DetectAddress, that has to be inserted.
287  *
288  * \retval 1 On successfully inserting it.
289  * \retval -1 On error.
290  * \retval 0 Not inserted, memory of new is freed.
291  */
293  DetectAddress *new)
294 {
295  DetectAddress *head = NULL;
296  DetectAddress *cur = NULL;
297  DetectAddress *c = NULL;
298  int r = 0;
299 
300  if (new == NULL)
301  return 0;
302 
303  /* get our head ptr based on the address we want to insert */
304  head = GetHeadPtr(gh, new);
305 
306  /* see if it already exists or overlaps with existing ag's */
307  if (head != NULL) {
308  cur = NULL;
309 
310  for (cur = head; cur != NULL; cur = cur->next) {
311  r = DetectAddressCmp(new, cur);
312  BUG_ON(r == ADDRESS_ER);
313 
314  /* if so, handle that */
315  if (r == ADDRESS_EQ) {
316  /* exact overlap/match */
317  if (cur != new) {
318  DetectAddressFree(new);
319  return 0;
320  }
321 
322  return 1;
323  } else if (r == ADDRESS_GT) {
324  /* only add it now if we are bigger than the last group.
325  * Otherwise we'll handle it later. */
326  if (cur->next == NULL) {
327  /* put in the list */
328  new->prev = cur;
329  cur->next = new;
330 
331  return 1;
332  }
333  } else if (r == ADDRESS_LT) {
334  /* see if we need to insert the ag anywhere put in the list */
335  if (cur->prev != NULL)
336  cur->prev->next = new;
337  new->prev = cur->prev;
338  new->next = cur;
339  cur->prev = new;
340 
341  /* update head if required */
342  if (head == cur) {
343  head = new;
344 
345  if (SetHeadPtr(gh, head) < 0)
346  goto error;
347  }
348 
349  return 1;
350  /* alright, those were the simple cases, lets handle the more
351  * complex ones now */
352  } else if (r == ADDRESS_ES) {
353  c = NULL;
354  r = DetectAddressCut(de_ctx, cur, new, &c);
355  if (r == -1)
356  goto error;
357 
358  DetectAddressInsert(de_ctx, gh, new);
359  if (c != NULL)
360  DetectAddressInsert(de_ctx, gh, c);
361 
362  return 1;
363  } else if (r == ADDRESS_EB) {
364  c = NULL;
365  r = DetectAddressCut(de_ctx, cur, new, &c);
366  if (r == -1)
367  goto error;
368 
369  DetectAddressInsert(de_ctx, gh, new);
370  if (c != NULL)
371  DetectAddressInsert(de_ctx, gh, c);
372 
373  return 1;
374  } else if (r == ADDRESS_LE) {
375  c = NULL;
376  r = DetectAddressCut(de_ctx, cur, new, &c);
377  if (r == -1)
378  goto error;
379 
380  DetectAddressInsert(de_ctx, gh, new);
381  if (c != NULL)
382  DetectAddressInsert(de_ctx, gh, c);
383 
384  return 1;
385  } else if (r == ADDRESS_GE) {
386  c = NULL;
387  r = DetectAddressCut(de_ctx, cur,new,&c);
388  if (r == -1)
389  goto error;
390 
391  DetectAddressInsert(de_ctx, gh, new);
392  if (c != NULL)
393  DetectAddressInsert(de_ctx, gh, c);
394 
395  return 1;
396  }
397  }
398 
399  /* head is NULL, so get a group and set head to it */
400  } else {
401  head = new;
402  if (SetHeadPtr(gh, head) < 0) {
403  SCLogDebug("SetHeadPtr failed");
404  goto error;
405  }
406  }
407 
408  return 1;
409 
410 error:
411  /* XXX */
412  return -1;
413 }
414 
415 /**
416  * \brief Join two addresses groups together.
417  *
418  * \param de_ctx Pointer to the detection engine context.
419  * \param target Pointer to the target address group.
420  * \param source Pointer to the source address group.
421  *
422  * \retval 0 On success.
423  * \retval -1 On failure.
424  */
426  DetectAddress *source)
427 {
428  if (target == NULL || source == NULL)
429  return -1;
430 
431  if (target->ip.family != source->ip.family)
432  return -1;
433 
434  if (target->ip.family == AF_INET)
435  return DetectAddressJoinIPv4(de_ctx, target, source);
436  else if (target->ip.family == AF_INET6)
437  return DetectAddressJoinIPv6(de_ctx, target, source);
438 
439  return -1;
440 }
441 
442 /**
443  * \brief Checks if two address group lists are equal.
444  *
445  * \param list1 Pointer to the first address group list.
446  * \param list2 Pointer to the second address group list.
447  *
448  * \retval true On success.
449  * \retval false On failure.
450  */
452 {
453  DetectAddress *item = list1;
454  DetectAddress *it = list2;
455 
456  // First, compare items one by one.
457  while (item != NULL && it != NULL) {
458  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
459  return false;
460  }
461 
462  item = item->next;
463  it = it->next;
464  }
465 
466  // Are the lists of the same size?
467  if (!(item == NULL && it == NULL)) {
468  return false;
469  }
470 
471  return true;
472 }
473 
474 /**
475  * \internal
476  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
477  *
478  * For example if we send a cidr of 7 as argument, an ipv6 address
479  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
480  * in the argument struct in6_addr *in6.
481  *
482  * \todo I think for the final section: while (cidr > 0), we can simply
483  * replace it with a
484  * if (cidr > 0) {
485  * in6->s6_addr[i] = -1 << (8 - cidr);
486  *
487  * \param cidr The value of the cidr.
488  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
489  * hold the cidr netblock result.
490  */
491 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
492 {
493  int i = 0;
494 
495  memset(in6, 0, sizeof(struct in6_addr));
496 
497  while (cidr > 8) {
498  in6->s6_addr[i] = 0xff;
499  cidr -= 8;
500  i++;
501  }
502 
503  while (cidr > 0) {
504  in6->s6_addr[i] |= 0x80;
505  if (--cidr > 0)
506  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
507  }
508 
509  return;
510 }
511 
512 /**
513  * \internal
514  * \brief Parses an ipv4/ipv6 address string and updates the result into the
515  * DetectAddress instance sent as the argument.
516  *
517  * \param dd Pointer to the DetectAddress instance which should be updated with
518  * the address range details from the parsed ip string.
519  * \param str Pointer to address string that has to be parsed.
520  *
521  * \retval 0 On successfully parsing the address string.
522  * \retval -1 On failure.
523  */
525 {
526  char *ip = NULL;
527  char *ip2 = NULL;
528  char *mask = NULL;
529  int r = 0;
530  char ipstr[256];
531 
532  while (*str != '\0' && *str == ' ')
533  str++;
534 
535  /* shouldn't see 'any' here */
536  BUG_ON(strcasecmp(str, "any") == 0);
537 
538  strlcpy(ipstr, str, sizeof(ipstr));
539  SCLogDebug("str %s", str);
540 
541  /* we work with a copy so that we can put a
542  * nul-termination in it later */
543  ip = ipstr;
544 
545  /* handle the negation case */
546  if (ip[0] == '!') {
547  dd->flags |= ADDRESS_FLAG_NOT;
548  ip++;
549  }
550 
551  /* see if the address is an ipv4 or ipv6 address */
552  if ((strchr(str, ':')) == NULL) {
553  /* IPv4 Address */
554  struct in_addr in;
555 
556  dd->ip.family = AF_INET;
557 
558  if ((mask = strchr(ip, '/')) != NULL) {
559  /* 1.2.3.4/xxx format (either dotted or cidr notation */
560  ip[mask - ip] = '\0';
561  mask++;
562  uint32_t ip4addr = 0;
563  uint32_t netmask = 0;
564  size_t u = 0;
565 
566  if ((strchr (mask, '.')) == NULL) {
567  /* 1.2.3.4/24 format */
568 
569  for (u = 0; u < strlen(mask); u++) {
570  if(!isdigit((unsigned char)mask[u]))
571  goto error;
572  }
573 
574  int cidr = atoi(mask);
575  if (cidr < 0 || cidr > 32)
576  goto error;
577 
578  netmask = CIDRGet(cidr);
579  } else {
580  /* 1.2.3.4/255.255.255.0 format */
581  r = inet_pton(AF_INET, mask, &in);
582  if (r <= 0)
583  goto error;
584 
585  netmask = in.s_addr;
586  }
587 
588  r = inet_pton(AF_INET, ip, &in);
589  if (r <= 0)
590  goto error;
591 
592  ip4addr = in.s_addr;
593 
594  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
595  dd->ip2.addr_data32[0] |=~ netmask;
596  } else if ((ip2 = strchr(ip, '-')) != NULL) {
597  /* 1.2.3.4-1.2.3.6 range format */
598  ip[ip2 - ip] = '\0';
599  ip2++;
600 
601  r = inet_pton(AF_INET, ip, &in);
602  if (r <= 0)
603  goto error;
604  dd->ip.addr_data32[0] = in.s_addr;
605 
606  r = inet_pton(AF_INET, ip2, &in);
607  if (r <= 0)
608  goto error;
609  dd->ip2.addr_data32[0] = in.s_addr;
610 
611  /* a > b is illegal, a = b is ok */
612  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
613  goto error;
614  } else {
615  /* 1.2.3.4 format */
616  r = inet_pton(AF_INET, ip, &in);
617  if (r <= 0)
618  goto error;
619  /* single host */
620  dd->ip.addr_data32[0] = in.s_addr;
621  dd->ip2.addr_data32[0] = in.s_addr;
622  }
623  } else {
624  /* IPv6 Address */
625  struct in6_addr in6, mask6;
626  uint32_t ip6addr[4], netmask[4];
627 
628  dd->ip.family = AF_INET6;
629 
630  if ((mask = strchr(ip, '/')) != NULL) {
631  ip[mask - ip] = '\0';
632  mask++;
633 
634  int cidr = atoi(mask);
635  if (cidr < 0 || cidr > 128)
636  goto error;
637 
638  r = inet_pton(AF_INET6, ip, &in6);
639  if (r <= 0)
640  goto error;
641  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
642 
643  DetectAddressParseIPv6CIDR(cidr, &mask6);
644  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
645 
646  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
647  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
648  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
649  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
650 
651  dd->ip2.addr_data32[0] |=~ netmask[0];
652  dd->ip2.addr_data32[1] |=~ netmask[1];
653  dd->ip2.addr_data32[2] |=~ netmask[2];
654  dd->ip2.addr_data32[3] |=~ netmask[3];
655  } else if ((ip2 = strchr(ip, '-')) != NULL) {
656  /* 2001::1-2001::4 range format */
657  ip[ip2 - ip] = '\0';
658  ip2++;
659 
660  r = inet_pton(AF_INET6, ip, &in6);
661  if (r <= 0)
662  goto error;
663  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
664 
665  r = inet_pton(AF_INET6, ip2, &in6);
666  if (r <= 0)
667  goto error;
668  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
669 
670  /* a > b is illegal, a=b is ok */
671  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
672  goto error;
673  } else {
674  r = inet_pton(AF_INET6, ip, &in6);
675  if (r <= 0)
676  goto error;
677 
678  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
679  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
680  }
681 
682  }
683 
684  BUG_ON(dd->ip.family == 0);
685 
686  return 0;
687 
688 error:
689  return -1;
690 }
691 
692 /**
693  * \internal
694  * \brief Simply parse an address and return a DetectAddress instance containing
695  * the address ranges of the parsed ip addressstring
696  *
697  * \param str Pointer to a character string containing the ip address
698  *
699  * \retval dd Pointer to the DetectAddress instance containing the address
700  * range details from the parsed ip string
701  */
702 static DetectAddress *DetectAddressParseSingle(const char *str)
703 {
704  DetectAddress *dd;
705 
706  SCLogDebug("str %s", str);
707 
708  dd = DetectAddressInit();
709  if (dd == NULL)
710  goto error;
711 
712  if (DetectAddressParseString(dd, str) < 0) {
713  SCLogDebug("AddressParse failed");
714  goto error;
715  }
716 
717  return dd;
718 
719 error:
720  if (dd != NULL)
721  DetectAddressFree(dd);
722  return NULL;
723 }
724 
725 /**
726  * \brief Setup a single address string, parse it and add the resulting
727  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
728  *
729  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
730  * resulting Address-Range(s) from the parsed ip string has to
731  * be added.
732  * \param s Pointer to the ip address string to be parsed.
733  *
734  * \retval 0 On success.
735  * \retval -1 On failure.
736  */
737 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
738 {
739  SCLogDebug("gh %p, s %s", gh, s);
740 
741  if (strcasecmp(s, "any") == 0) {
742  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
743 
744  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
745  if (ad == NULL)
746  return -1;
747 
748  BUG_ON(ad->ip.family == 0);
749 
750  if (DetectAddressInsert(NULL, gh, ad) < 0) {
751  SCLogDebug("DetectAddressInsert failed");
752  DetectAddressFree(ad);
753  return -1;
754  }
755 
756  ad = DetectAddressParseSingle("::/0");
757  if (ad == NULL)
758  return -1;
759 
760  BUG_ON(ad->ip.family == 0);
761 
762  if (DetectAddressInsert(NULL, gh, ad) < 0) {
763  SCLogDebug("DetectAddressInsert failed");
764  DetectAddressFree(ad);
765  return -1;
766  }
767  return 0;
768  }
769 
770  /* parse the address */
771  DetectAddress *ad = DetectAddressParseSingle(s);
772  if (ad == NULL) {
774  "failed to parse address \"%s\"", s);
775  return -1;
776  }
777 
778  /* handle the not case, we apply the negation then insert the part(s) */
779  if (ad->flags & ADDRESS_FLAG_NOT) {
780  DetectAddress *ad2 = NULL;
781 
782  if (DetectAddressCutNot(ad, &ad2) < 0) {
783  SCLogDebug("DetectAddressCutNot failed");
784  DetectAddressFree(ad);
785  return -1;
786  }
787 
788  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
789  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
790  if (ad2 != NULL) {
791  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
792  SCLogDebug("DetectAddressInsert failed");
793  DetectAddressFree(ad);
794  DetectAddressFree(ad2);
795  return -1;
796  }
797  }
798  }
799 
800  int r = DetectAddressInsert(NULL, gh, ad);
801  if (r < 0) {
802  SCLogDebug("DetectAddressInsert failed");
803  DetectAddressFree(ad);
804  return -1;
805  }
806  SCLogDebug("r %d",r);
807  return 0;
808 }
809 
810 /**
811  * \brief Parses an address string and updates the 2 address heads with the
812  * address data.
813  *
814  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
815  * since we pass around negate without keeping a count of ! with depth.
816  * Can solve this by keeping a count of the negations with depth, so that
817  * an even no of negations would count as no negation and an odd no of
818  * negations would count as a negation.
819  *
820  * \param gh Pointer to the address head that should hold address ranges
821  * that are not negated.
822  * \param ghn Pointer to the address head that should hold address ranges
823  * that are negated.
824  * \param s Pointer to the character string holding the address to be
825  * parsed.
826  * \param negate Flag that indicates if the received address string is negated
827  * or not. 0 if it is not, 1 it it is.
828  *
829  * \retval 0 On successfully parsing.
830  * \retval -1 On failure.
831  */
832 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
834  const char *s, int negate, ResolvedVariablesList *var_list)
835 {
836  size_t x = 0;
837  size_t u = 0;
838  int o_set = 0, n_set = 0, d_set = 0;
839  int depth = 0;
840  size_t size = strlen(s);
841  char address[8196] = "";
842  const char *rule_var_address = NULL;
843  char *temp_rule_var_address = NULL;
844 
845  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
846 
847  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
848  if (x == (sizeof(address) - 1)) {
849  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
850  " limit for the supplied address. Invalidating sig. "
851  "Please file a bug report on this.");
852  goto error;
853  }
854  address[x] = s[u];
855  x++;
856 
857  if (!o_set && s[u] == '!') {
858  n_set = 1;
859  x--;
860  } else if (s[u] == '[') {
861  if (!o_set) {
862  o_set = 1;
863  x = 0;
864  }
865  depth++;
866  } else if (s[u] == ']') {
867  if (depth == 1) {
868  address[x - 1] = '\0';
869  x = 0;
870  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
871  if (((negate + n_set) % 2) == 0) {
872  /* normal block */
873  SCLogDebug("normal block");
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
876  goto error;
877  } else {
878  /* negated block
879  *
880  * Extra steps are necessary. First consider it as a normal
881  * (non-negated) range. Merge the + and - ranges if
882  * applicable. Then insert the result into the ghn list. */
883  SCLogDebug("negated block");
884 
885  DetectAddressHead tmp_gh = { NULL, NULL };
886  DetectAddressHead tmp_ghn = { NULL, NULL };
887 
888  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0)
889  goto error;
890 
891  DetectAddress *tmp_ad;
892  DetectAddress *tmp_ad2;
893 #ifdef DEBUG
894  SCLogDebug("tmp_gh: IPv4");
895  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
896  DetectAddressPrint(tmp_ad);
897  }
898  SCLogDebug("tmp_ghn: IPv4");
899  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
900  DetectAddressPrint(tmp_ad);
901  }
902  SCLogDebug("tmp_gh: IPv6");
903  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
904  DetectAddressPrint(tmp_ad);
905  }
906  SCLogDebug("tmp_ghn: IPv6");
907  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
908  DetectAddressPrint(tmp_ad);
909  }
910 #endif
911  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0)
912  goto error;
913 
914  SCLogDebug("merged succesfully");
915 
916  /* insert the IPv4 addresses into the negated list */
917  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
918  /* work with a copy of the address group */
919  tmp_ad2 = DetectAddressCopy(tmp_ad);
920  if (tmp_ad2 == NULL) {
921  SCLogDebug("DetectAddressCopy failed");
922  goto error;
923  }
924  DetectAddressPrint(tmp_ad2);
925  DetectAddressInsert(NULL, ghn, tmp_ad2);
926  }
927 
928  /* insert the IPv6 addresses into the negated list */
929  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
930  /* work with a copy of the address group */
931  tmp_ad2 = DetectAddressCopy(tmp_ad);
932  if (tmp_ad2 == NULL) {
933  SCLogDebug("DetectAddressCopy failed");
934  goto error;
935  }
936  DetectAddressPrint(tmp_ad2);
937  DetectAddressInsert(NULL, ghn, tmp_ad2);
938  }
939 
940  DetectAddressHeadCleanup(&tmp_gh);
941  DetectAddressHeadCleanup(&tmp_ghn);
942  }
943  n_set = 0;
944  }
945  depth--;
946  } else if (depth == 0 && s[u] == ',') {
947  if (o_set == 1) {
948  o_set = 0;
949  } else if (d_set == 1) {
950  address[x - 1] = '\0';
951 
952  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
954  if (rule_var_address == NULL)
955  goto error;
956 
957  if (strlen(rule_var_address) == 0) {
958  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
959  "to nothing. This is likely a misconfiguration. "
960  "Note that a negated address needs to be quoted, "
961  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
962  goto error;
963  }
964 
965  SCLogDebug("rule_var_address %s", rule_var_address);
966  if ((negate + n_set) % 2) {
967  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
968  if (unlikely(temp_rule_var_address == NULL))
969  goto error;
970  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
971  "[%s]", rule_var_address);
972  } else {
973  temp_rule_var_address = SCStrdup(rule_var_address);
974  if (unlikely(temp_rule_var_address == NULL))
975  goto error;
976  }
977 
978 
979  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
980  (negate + n_set) % 2, var_list) < 0)
981  {
982  if (temp_rule_var_address != rule_var_address)
983  SCFree(temp_rule_var_address);
984  goto error;
985  }
986  d_set = 0;
987  n_set = 0;
988  SCFree(temp_rule_var_address);
989  } else {
990  address[x - 1] = '\0';
991 
992  if (!((negate + n_set) % 2)) {
993  SCLogDebug("DetectAddressSetup into gh, %s", address);
994  if (DetectAddressSetup(gh, address) < 0)
995  goto error;
996  } else {
997  SCLogDebug("DetectAddressSetup into ghn, %s", address);
998  if (DetectAddressSetup(ghn, address) < 0)
999  goto error;
1000  }
1001  n_set = 0;
1002  }
1003  x = 0;
1004  } else if (depth == 0 && s[u] == '$') {
1005  d_set = 1;
1006  } else if (depth == 0 && u == size - 1) {
1007  if (x == sizeof(address)) {
1008  address[x - 1] = '\0';
1009  } else {
1010  address[x] = '\0';
1011  }
1012  x = 0;
1013 
1014  if (AddVariableToResolveList(var_list, address) == -1) {
1015  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
1016  "groups declaration. This is likely a misconfiguration.");
1017  goto error;
1018  }
1019 
1020  if (d_set == 1) {
1021  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
1023  if (rule_var_address == NULL)
1024  goto error;
1025 
1026  if (strlen(rule_var_address) == 0) {
1027  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
1028  "to nothing. This is likely a misconfiguration. "
1029  "Note that a negated address needs to be quoted, "
1030  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
1031  goto error;
1032  }
1033 
1034  SCLogDebug("rule_var_address %s", rule_var_address);
1035  if ((negate + n_set) % 2) {
1036  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
1037  if (unlikely(temp_rule_var_address == NULL))
1038  goto error;
1039  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
1040  "[%s]", rule_var_address);
1041  } else {
1042  temp_rule_var_address = SCStrdup(rule_var_address);
1043  if (unlikely(temp_rule_var_address == NULL))
1044  goto error;
1045  }
1046 
1047  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
1048  (negate + n_set) % 2, var_list) < 0) {
1049  SCLogDebug("DetectAddressParse2 hates us");
1050  if (temp_rule_var_address != rule_var_address)
1051  SCFree(temp_rule_var_address);
1052  goto error;
1053  }
1054  d_set = 0;
1055  SCFree(temp_rule_var_address);
1056  } else {
1057  if (!((negate + n_set) % 2)) {
1058  SCLogDebug("DetectAddressSetup into gh, %s", address);
1059  if (DetectAddressSetup(gh, address) < 0) {
1060  SCLogDebug("DetectAddressSetup gh fail");
1061  goto error;
1062  }
1063  } else {
1064  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1065  if (DetectAddressSetup(ghn, address) < 0) {
1066  SCLogDebug("DetectAddressSetup ghn fail");
1067  goto error;
1068  }
1069  }
1070  }
1071  n_set = 0;
1072  }
1073  }
1074  if (depth > 0) {
1075  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1076  "properly closed in \"%s\", %d missing closing brackets (]). "
1077  "Note: problem might be in a variable.", s, depth);
1078  goto error;
1079  } else if (depth < 0) {
1080  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1081  "properly opened in \"%s\", %d missing opening brackets ([). "
1082  "Note: problem might be in a variable.", s, depth*-1);
1083  goto error;
1084  }
1085 
1086  return 0;
1087 
1088 error:
1089 
1090  return -1;
1091 }
1092 
1093 /**
1094  * \internal
1095  * \brief See if the addresses and ranges in an address head cover the
1096  * entire ip space.
1097  *
1098  * \param gh Pointer to the DetectAddressHead to check.
1099  *
1100  * \retval 0 No.
1101  * \retval 1 Yes.
1102  *
1103  * \todo do the same for IPv6
1104  */
1105 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1106 {
1108  if (r == 1)
1109  return 1;
1110 
1111  return 0;
1112 }
1113 
1114 /**
1115  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1116  *
1117  * \param gh Pointer to the address head containing the non-NOT groups.
1118  * \param ghn Pointer to the address head containing the NOT groups.
1119  *
1120  * \retval 0 On success.
1121  * \retval -1 On failure.
1122  */
1124 {
1125  DetectAddress *ad;
1126  DetectAddress *ag, *ag2;
1127  int r = 0;
1128 
1129  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1130  ghn->ipv4_head);
1131 
1132  /* check if the negated list covers the entire ip space. If so
1133  * the user screwed up the rules/vars. */
1134  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1135  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1136  "Rule address range is NIL. Probably have a !any or "
1137  "an address range that supplies a NULL address range");
1138  goto error;
1139  }
1140 
1141  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1142  * not thingy. In that case we add a 0.0.0.0/0 first. */
1143  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1144  r = DetectAddressSetup(gh, "0.0.0.0/0");
1145  if (r < 0) {
1146  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1147  goto error;
1148  }
1149  }
1150  /* ... or ::/0 for ipv6 */
1151  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1152  r = DetectAddressSetup(gh, "::/0");
1153  if (r < 0) {
1154  SCLogDebug("DetectAddressSetup for ::/0 failed");
1155  goto error;
1156  }
1157  }
1158 
1159  /* step 1: insert our ghn members into the gh list */
1160  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1161  /* work with a copy of the ad so we can easily clean up the ghn group
1162  * later. */
1163  ad = DetectAddressCopy(ag);
1164  if (ad == NULL) {
1165  SCLogDebug("DetectAddressCopy failed");
1166  goto error;
1167  }
1168 
1169  r = DetectAddressInsert(NULL, gh, ad);
1170  if (r < 0) {
1171  SCLogDebug("DetectAddressInsert failed");
1172  goto error;
1173  }
1174  }
1175  /* ... and the same for ipv6 */
1176  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1177  /* work with a copy of the ad so we can easily clean up the ghn group
1178  * later. */
1179  ad = DetectAddressCopy(ag);
1180  if (ad == NULL) {
1181  SCLogDebug("DetectAddressCopy failed");
1182  goto error;
1183  }
1184 
1185  r = DetectAddressInsert(NULL, gh, ad);
1186  if (r < 0) {
1187  SCLogDebug("DetectAddressInsert failed");
1188  goto error;
1189  }
1190  }
1191 #ifdef DEBUG
1192  DetectAddress *tmp_ad;
1193  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1194  DetectAddressPrint(tmp_ad);
1195  }
1196 #endif
1197  int ipv4_applied = 0;
1198  int ipv6_applied = 0;
1199 
1200  /* step 2: pull the address blocks that match our 'not' blocks */
1201  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1202  SCLogDebug("ag %p", ag);
1203  DetectAddressPrint(ag);
1204 
1205  int applied = 0;
1206  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1207  SCLogDebug("ag2 %p", ag2);
1208  DetectAddressPrint(ag2);
1209 
1210  r = DetectAddressCmp(ag, ag2);
1211  /* XXX more ??? */
1212  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1213  if (ag2->prev == NULL)
1214  gh->ipv4_head = ag2->next;
1215  else
1216  ag2->prev->next = ag2->next;
1217 
1218  if (ag2->next != NULL)
1219  ag2->next->prev = ag2->prev;
1220 
1221  /* store the next ptr and remove the group */
1222  DetectAddress *next_ag2 = ag2->next;
1223  DetectAddressFree(ag2);
1224  ag2 = next_ag2;
1225  applied = 1;
1226  } else {
1227  ag2 = ag2->next;
1228  }
1229  }
1230 
1231  if (applied) {
1232  ipv4_applied++;
1233  }
1234  }
1235  /* ... and the same for ipv6 */
1236  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1237  int applied = 0;
1238  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1239  r = DetectAddressCmp(ag, ag2);
1240  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1241  if (ag2->prev == NULL)
1242  gh->ipv6_head = ag2->next;
1243  else
1244  ag2->prev->next = ag2->next;
1245 
1246  if (ag2->next != NULL)
1247  ag2->next->prev = ag2->prev;
1248 
1249  /* store the next ptr and remove the group */
1250  DetectAddress *next_ag2 = ag2->next;
1251  DetectAddressFree(ag2);
1252  ag2 = next_ag2;
1253 
1254  SCLogDebug("applied");
1255  applied = 1;
1256  } else {
1257  ag2 = ag2->next;
1258  }
1259  }
1260  if (applied) {
1261  ipv6_applied++;
1262  }
1263  }
1264 #ifdef DEBUG
1265  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1266  DetectAddressPrint(tmp_ad);
1267  }
1268  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1269  DetectAddressPrint(tmp_ad);
1270  }
1271 #endif
1272  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1273  int cnt = 0;
1274  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1275  cnt++;
1276 
1277  if (ipv4_applied != cnt) {
1278  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1279  "could be applied: %d != %d", cnt, ipv4_applied);
1280  goto error;
1281  }
1282 
1283  cnt = 0;
1284  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1285  cnt++;
1286 
1287  if (ipv6_applied != cnt) {
1288  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1289  "could be applied: %d != %d", cnt, ipv6_applied);
1290  goto error;
1291  }
1292  }
1293 
1294  /* if the result is that we have no addresses we return error */
1295  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1296  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1297  "merging addresses and negated addresses");
1298  goto error;
1299  }
1300 
1301  return 0;
1302 
1303 error:
1304  return -1;
1305 }
1306 
1308 {
1309  SCLogDebug("Testing address conf vars for any misconfigured values");
1310 
1311  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1312 
1313  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1314  if (address_vars_node == NULL) {
1315  return 0;
1316  }
1317 
1318  DetectAddressHead *gh = NULL;
1319  DetectAddressHead *ghn = NULL;
1320 
1321  ConfNode *seq_node;
1322  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1323  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1324 
1325  gh = DetectAddressHeadInit();
1326  if (gh == NULL) {
1327  goto error;
1328  }
1329  ghn = DetectAddressHeadInit();
1330  if (ghn == NULL) {
1331  goto error;
1332  }
1333 
1334  if (seq_node->val == NULL) {
1336  "Address var \"%s\" probably has a sequence(something "
1337  "in brackets) value set without any quotes. Please "
1338  "quote it using \"..\".", seq_node->name);
1339  goto error;
1340  }
1341 
1342  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1343 
1344  CleanVariableResolveList(&var_list);
1345 
1346  if (r < 0) {
1348  "failed to parse address var \"%s\" with value \"%s\". "
1349  "Please check it's syntax", seq_node->name, seq_node->val);
1350  goto error;
1351  }
1352 
1353  if (DetectAddressIsCompleteIPSpace(ghn)) {
1355  "address var - \"%s\" has the complete IP space negated "
1356  "with it's value \"%s\". Rule address range is NIL. "
1357  "Probably have a !any or an address range that supplies "
1358  "a NULL address range", seq_node->name, seq_node->val);
1359  goto error;
1360  }
1361 
1362  if (gh != NULL) {
1364  gh = NULL;
1365  }
1366  if (ghn != NULL) {
1367  DetectAddressHeadFree(ghn);
1368  ghn = NULL;
1369  }
1370  }
1371 
1372  return 0;
1373  error:
1374  if (gh != NULL)
1376  if (ghn != NULL)
1377  DetectAddressHeadFree(ghn);
1378  return -1;
1379 }
1380 
1381 #include "util-hash-lookup3.h"
1382 
1383 typedef struct DetectAddressMap_ {
1384  char *string;
1387 
1388 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1389 {
1390  const DetectAddressMap *map = (DetectAddressMap *)data;
1391  uint32_t hash = 0;
1392 
1393  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1394  hash %= ht->array_size;
1395 
1396  return hash;
1397 }
1398 
1399 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1400  uint16_t len2)
1401 {
1402  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1403  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1404 
1405 
1406  int r = (strcmp(map1->string, map2->string) == 0);
1407  return r;
1408 }
1409 
1410 static void DetectAddressMapFreeFunc(void *data)
1411 {
1412  DetectAddressMap *map = (DetectAddressMap *)data;
1413  if (map != NULL) {
1415  SCFree(map->string);
1416  }
1417  SCFree(map);
1418 }
1419 
1421 {
1422  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1423  DetectAddressMapCompareFunc,
1424  DetectAddressMapFreeFunc);
1425  if (de_ctx->address_table == NULL)
1426  return -1;
1427 
1428  return 0;
1429 }
1430 
1432 {
1433  if (de_ctx->address_table == NULL)
1434  return;
1435 
1437  de_ctx->address_table = NULL;
1438  return;
1439 }
1440 
1441 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1443 {
1444  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1445  if (map == NULL)
1446  return -1;
1447 
1448  map->string = SCStrdup(string);
1449  if (map->string == NULL) {
1450  SCFree(map);
1451  return -1;
1452  }
1453  map->address = address;
1454 
1455  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1456  return 0;
1457 }
1458 
1459 static const DetectAddressHead *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1460  const char *string)
1461 {
1462  DetectAddressMap map = { (char *)string, NULL };
1463 
1465  &map, 0);
1466  if (res == NULL)
1467  return NULL;
1468  else {
1469  return (const DetectAddressHead *)res->address;
1470  }
1471 }
1472 
1473 /**
1474  * \brief Parses an address group sent as a character string and updates the
1475  * DetectAddressHead sent as the argument with the relevant address
1476  * ranges from the parsed string.
1477  *
1478  * \param gh Pointer to the DetectAddressHead.
1479  * \param str Pointer to the character string containing the address group
1480  * that has to be parsed.
1481  *
1482  * \retval 0 On success.
1483  * \retval -1 On failure.
1484  */
1486  DetectAddressHead *gh, const char *str)
1487 {
1488  int r;
1489  DetectAddressHead *ghn = NULL;
1490 
1491  SCLogDebug("gh %p, str %s", gh, str);
1492 
1493  if (str == NULL) {
1494  SCLogDebug("DetectAddressParse can not be run with NULL address");
1495  goto error;
1496  }
1497 
1498  ghn = DetectAddressHeadInit();
1499  if (ghn == NULL) {
1500  SCLogDebug("DetectAddressHeadInit for ghn failed");
1501  goto error;
1502  }
1503 
1504  r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1505  if (r < 0) {
1506  SCLogDebug("DetectAddressParse2 returned %d", r);
1507  goto error;
1508  }
1509 
1510  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1511  ghn->ipv4_head);
1512 
1513  /* merge the 'not' address groups */
1514  if (DetectAddressMergeNot(gh, ghn) < 0) {
1515  SCLogDebug("DetectAddressMergeNot failed");
1516  goto error;
1517  }
1518 
1519  /* free the temp negate head */
1520  DetectAddressHeadFree(ghn);
1521  return 0;
1522 
1523 error:
1524  if (ghn != NULL)
1525  DetectAddressHeadFree(ghn);
1526  return -1;
1527 }
1528 
1530  const char *string)
1531 {
1532  const DetectAddressHead *h = DetectAddressMapLookup(de_ctx, string);
1533  if (h != NULL) {
1534  SCLogDebug("found: %s :: %p", string, h);
1535  return h;
1536  }
1537 
1538  SCLogDebug("%s not found", string);
1539 
1541  if (head == NULL)
1542  return NULL;
1543 
1544  if (DetectAddressParse(de_ctx, head, string) == -1)
1545  {
1546  DetectAddressHeadFree(head);
1547  return NULL;
1548  }
1549 
1550  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head);
1551  return head;
1552 }
1553 
1554 /**
1555  * \brief Returns a new instance of DetectAddressHead.
1556  *
1557  * \retval gh Pointer to the new instance of DetectAddressHead.
1558  */
1560 {
1562  if (unlikely(gh == NULL))
1563  return NULL;
1564  memset(gh, 0, sizeof(DetectAddressHead));
1565 
1566  return gh;
1567 }
1568 
1569 /**
1570  * \brief Cleans a DetectAddressHead. The functions frees the address
1571  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1572  * instance.
1573  *
1574  * \param gh Pointer to the DetectAddressHead instance that has to be
1575  * cleaned.
1576  */
1578 {
1579  if (gh != NULL) {
1580  if (gh->ipv4_head != NULL) {
1582  gh->ipv4_head = NULL;
1583  }
1584  if (gh->ipv6_head != NULL) {
1586  gh->ipv6_head = NULL;
1587  }
1588  }
1589 
1590  return;
1591 }
1592 
1593 /**
1594  * \brief Frees a DetectAddressHead instance.
1595  *
1596  * \param gh Pointer to the DetectAddressHead instance to be freed.
1597  */
1599 {
1600  if (gh != NULL) {
1602  SCFree(gh);
1603  }
1604 
1605  return;
1606 }
1607 
1608 /**
1609  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1610  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1611  * explanations on what these functions do.
1612  *
1613  * \param de_ctx Pointer to the DetectEngineCtx.
1614  * \param a Pointer the the first address to be cut.
1615  * \param b Pointer to the second address to be cut.
1616  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1617  * ranges from a and b, demand a third address range.
1618  *
1619  * \retval 0 On success.
1620  * \retval -1 On failure.
1621  */
1622 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1623  DetectAddress *b, DetectAddress **c)
1624 {
1625  if (a->ip.family == AF_INET)
1626  return DetectAddressCutIPv4(de_ctx, a, b, c);
1627  else if (a->ip.family == AF_INET6)
1628  return DetectAddressCutIPv6(de_ctx, a, b, c);
1629 
1630  return -1;
1631 }
1632 
1633 /**
1634  * \brief Cuts a negated address range with respect to the entire ip range, and
1635  * supplies with the address range that doesn't belong to the negated
1636  * address range.
1637  *
1638  * There are 2 cases here -
1639  *
1640  * The first case includes the address being located at the extreme ends
1641  * of the ip space, in which we get a single range.
1642  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1643  *
1644  * The second case includes the address not present at either of the
1645  * ip space extremes, in which case we get 2 ranges. The second range
1646  * would be supplied back with the argument "b" supplied to this function.
1647  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1648  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1649  *
1650  * The above negation cases can similarly be extended to ranges, i.e.
1651  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1652  * ![10.20.30.40 - 10.20.30.50].
1653  *
1654  *
1655  * \param a Pointer to the DetectAddressData instance, that contains the negated
1656  * address range that has to be cut.
1657  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1658  * filled with the address range, if the argument "a", doesn't fall at
1659  * the extreme ends of the ip address space.
1660  *
1661  * \retval 0 On success.
1662  * \retval -1 On failure.
1663  */
1664 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1665 {
1666  if (a->ip.family == AF_INET)
1667  return DetectAddressCutNotIPv4(a, b);
1668  else if (a->ip.family == AF_INET6)
1669  return DetectAddressCutNotIPv6(a, b);
1670 
1671  return -1;
1672 }
1673 
1674 /**
1675  * \brief Used to compare 2 address ranges.
1676  *
1677  * \param a Pointer to the first DetectAddressData to be compared.
1678  * \param b Pointer to the second DetectAddressData to be compared.
1679  */
1681 {
1682  if (a->ip.family != b->ip.family)
1683  return ADDRESS_ER;
1684 
1685  if (a->ip.family == AF_INET)
1686  return DetectAddressCmpIPv4(a, b);
1687  else if (a->ip.family == AF_INET6)
1688  return DetectAddressCmpIPv6(a, b);
1689 
1690  return ADDRESS_ER;
1691 }
1692 
1693 /**
1694  * \brief Match a packets address against a signatures addrs array
1695  *
1696  * \param addrs array of DetectMatchAddressIPv4's
1697  * \param addrs_cnt array size in members
1698  * \param a packets address
1699  *
1700  * \retval 0 no match
1701  * \retval 1 match
1702  *
1703  * \note addresses in addrs are in host order
1704  *
1705  * \todo array should be ordered, so we can break out of the loop
1706  */
1708  uint16_t addrs_cnt, const Address *a)
1709 {
1710  SCEnter();
1711 
1712  if (addrs == NULL || addrs_cnt == 0) {
1713  SCReturnInt(0);
1714  }
1715 
1716  uint16_t idx;
1717  for (idx = 0; idx < addrs_cnt; idx++) {
1718  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1719  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1720  {
1721  SCReturnInt(1);
1722  }
1723  }
1724 
1725  SCReturnInt(0);
1726 }
1727 
1728 /**
1729  * \brief Match a packets address against a signatures addrs array
1730  *
1731  * \param addrs array of DetectMatchAddressIPv6's
1732  * \param addrs_cnt array size in members
1733  * \param a packets address
1734  *
1735  * \retval 0 no match
1736  * \retval 1 match
1737  *
1738  * \note addresses in addrs are in host order
1739  *
1740  * \todo array should be ordered, so we can break out of the loop
1741  */
1743  uint16_t addrs_cnt, const Address *a)
1744 {
1745  SCEnter();
1746 
1747  if (addrs == NULL || addrs_cnt == 0) {
1748  SCReturnInt(0);
1749  }
1750 
1751  uint16_t idx;
1752  int i = 0;
1753  uint16_t result1, result2;
1754 
1755  /* See if the packet address is within the range of any entry in the
1756  * signature's address match array.
1757  */
1758  for (idx = 0; idx < addrs_cnt; idx++) {
1759  result1 = result2 = 0;
1760 
1761  /* See if packet address equals either limit. Return 1 if true. */
1762  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1763  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1764  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1765  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1766  {
1767  SCReturnInt(1);
1768  }
1769  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1770  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1771  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1772  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1773  {
1774  SCReturnInt(1);
1775  }
1776 
1777  /* See if packet address is greater than lower limit
1778  * of the current signature address match pair.
1779  */
1780  for (i = 0; i < 4; i++) {
1781  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1782  result1 = 1;
1783  break;
1784  }
1785  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1786  result1 = 0;
1787  break;
1788  }
1789  }
1790 
1791  /* If not greater than lower limit, try next address match entry */
1792  if (result1 == 0)
1793  continue;
1794 
1795  /* See if packet address is less than upper limit
1796  * of the current signature address match pair.
1797  */
1798  for (i = 0; i < 4; i++) {
1799  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1800  result2 = 1;
1801  break;
1802  }
1803  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1804  result2 = 0;
1805  break;
1806  }
1807  }
1808 
1809  /* Return a match if packet address is between the two
1810  * signature address match limits.
1811  */
1812  if (result1 == 1 && result2 == 1)
1813  SCReturnInt(1);
1814  }
1815 
1816  SCReturnInt(0);
1817 }
1818 
1819 /**
1820  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1821  * range in the DetectAddress instance.
1822  *
1823  * We basically check that the address falls inbetween the address
1824  * range in DetectAddress.
1825  *
1826  * \param dd Pointer to the DetectAddress instance.
1827  * \param a Pointer to an Address instance.
1828  *
1829  * \param 1 On a match.
1830  * \param 0 On no match.
1831  */
1833 {
1834  SCEnter();
1835 
1836  if (dd->ip.family != a->family) {
1837  SCReturnInt(0);
1838  }
1839 
1840  //DetectAddressPrint(dd);
1841  //AddressDebugPrint(a);
1842 
1843  switch (a->family) {
1844  case AF_INET:
1845 
1846  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1847  * Address inside DetectAddressData we can do uint8_t checks */
1848  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1849  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1850  {
1851  SCReturnInt(1);
1852  } else {
1853  SCReturnInt(0);
1854  }
1855 
1856  break;
1857  case AF_INET6:
1858  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1859  AddressIPv6Le(a, &dd->ip2) == 1)
1860  {
1861  SCReturnInt(1);
1862  } else {
1863  SCReturnInt(0);
1864  }
1865 
1866  break;
1867  default:
1868  SCLogDebug("What other address type can we have :-/");
1869  break;
1870  }
1871 
1872  SCReturnInt(0);
1873 }
1874 
1875 /**
1876  * \brief Prints the address data held by the DetectAddress. If the address
1877  * data family is IPv4, we print the the ipv4 address and mask, and
1878  * if the address data family is IPv6, we print the ipv6 address and
1879  * mask.
1880  *
1881  * \param ad Pointer to the DetectAddress instance to be printed.
1882  */
1884 {
1885  if (gr == NULL)
1886  return;
1887 
1888  if (gr->ip.family == AF_INET) {
1889  struct in_addr in;
1890  char ip[16], mask[16];
1891 
1892  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1893  PrintInet(AF_INET, &in, ip, sizeof(ip));
1894  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1895  PrintInet(AF_INET, &in, mask, sizeof(mask));
1896 
1897  SCLogDebug("%s/%s", ip, mask);
1898 // printf("%s/%s", ip, mask);
1899  } else if (gr->ip.family == AF_INET6) {
1900  struct in6_addr in6;
1901  char ip[66], mask[66];
1902 
1903  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1904  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1905  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1906  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1907 
1908  SCLogDebug("%s/%s", ip, mask);
1909 // printf("%s/%s", ip, mask);
1910  }
1911 
1912  return;
1913 }
1914 
1915 /**
1916  * \brief Find the group matching address in a group head.
1917  *
1918  * \param gh Pointer to the address group head(DetectAddressHead instance).
1919  * \param a Pointer to an Address instance.
1920  *
1921  * \retval g On success pointer to an DetectAddress if we find a match
1922  * for the Address "a", in the DetectAddressHead "gh".
1923  */
1925 {
1926  SCEnter();
1927 
1928  DetectAddress *g = NULL;
1929 
1930  if (gh == NULL) {
1931  SCReturnPtr(NULL, "DetectAddress");
1932  }
1933 
1934  /* XXX should we really do this check every time we run this function? */
1935  if (a->family == AF_INET) {
1936  SCLogDebug("IPv4");
1937  g = gh->ipv4_head;
1938  } else if (a->family == AF_INET6) {
1939  SCLogDebug("IPv6");
1940  g = gh->ipv6_head;
1941  }
1942 
1943  for ( ; g != NULL; g = g->next) {
1944  if (DetectAddressMatch(g,a) == 1) {
1945  SCReturnPtr(g, "DetectAddress");
1946  }
1947  }
1948 
1949  SCReturnPtr(NULL, "DetectAddress");
1950 }
1951 
1952 /********************************Unittests*************************************/
1953 
1954 #ifdef UNITTESTS
1955 
1956 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1957 {
1958  char str1[46] = "", str2[46] = "";
1959 
1960  if (ad == NULL)
1961  return FALSE;
1962 
1963  switch(ad->ip.family) {
1964  case AF_INET:
1965  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1966  SCLogDebug("%s", str1);
1967  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1968  SCLogDebug("%s", str2);
1969 
1970  if (strcmp(str1, one) != 0) {
1971  SCLogInfo("%s != %s", str1, one);
1972  return FALSE;
1973  }
1974 
1975  if (strcmp(str2, two) != 0) {
1976  SCLogInfo("%s != %s", str2, two);
1977  return FALSE;
1978  }
1979 
1980  return TRUE;
1981  break;
1982 
1983  case AF_INET6:
1984  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1985  SCLogDebug("%s", str1);
1986  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1987  SCLogDebug("%s", str2);
1988 
1989  if (strcmp(str1, one) != 0) {
1990  SCLogInfo("%s != %s", str1, one);
1991  return FALSE;
1992  }
1993 
1994  if (strcmp(str2, two) != 0) {
1995  SCLogInfo("%s != %s", str2, two);
1996  return FALSE;
1997  }
1998 
1999  return TRUE;
2000  break;
2001  }
2002 
2003  return FALSE;
2004 }
2005 
2007  const char *one;
2008  const char *two;
2010 
2011 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
2012 {
2013  int expect = nranges;
2014  int have = 0;
2015 
2016  if (gh == NULL)
2017  return FALSE;
2018 
2019  DetectAddress *ad = NULL;
2020  ad = gh->ipv4_head;
2021  if (ad == NULL)
2022  ad = gh->ipv6_head;
2023  while (have < expect) {
2024  if (ad == NULL) {
2025  printf("bad head: have %d ranges, expected %d: ", have, expect);
2026  return FALSE;
2027  }
2028 
2029  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
2030  return FALSE;
2031 
2032  ad = ad->next;
2033  have++;
2034  }
2035 
2036  return TRUE;
2037 }
2038 
2039 static int AddressTestParse01(void)
2040 {
2041  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2042 
2043  if (dd) {
2044  DetectAddressFree(dd);
2045  return 1;
2046  }
2047 
2048  return 0;
2049 }
2050 
2051 static int AddressTestParse02(void)
2052 {
2053  int result = 1;
2054  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2055 
2056  if (dd) {
2057  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
2058  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2059  result = 0;
2060  }
2061 
2062  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
2063  DetectAddressFree(dd);
2064  return result;
2065  }
2066 
2067  return 0;
2068 }
2069 
2070 static int AddressTestParse03(void)
2071 {
2072  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2073 
2074  if (dd) {
2075  DetectAddressFree(dd);
2076  return 1;
2077  }
2078 
2079  return 0;
2080 }
2081 
2082 static int AddressTestParse04(void)
2083 {
2084  int result = 1;
2085  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2086 
2087  if (dd) {
2088  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2089  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2090  result = 0;
2091  }
2092 
2093  DetectAddressFree(dd);
2094  return result;
2095  }
2096 
2097  return 0;
2098 }
2099 
2100 static int AddressTestParse05(void)
2101 {
2102  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2103 
2104  if (dd) {
2105  DetectAddressFree(dd);
2106  return 1;
2107  }
2108 
2109  return 0;
2110 }
2111 
2112 static int AddressTestParse06(void)
2113 {
2114  int result = 1;
2115  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2116 
2117  if (dd) {
2118  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2119  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2120  result = 0;
2121  }
2122 
2123  DetectAddressFree(dd);
2124  return result;
2125  }
2126 
2127  return 0;
2128 }
2129 
2130 static int AddressTestParse07(void)
2131 {
2132  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2133 
2134  if (dd) {
2135  DetectAddressFree(dd);
2136  return 1;
2137  }
2138 
2139  return 0;
2140 }
2141 
2142 static int AddressTestParse08(void)
2143 {
2144  int result = 1;
2145  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2146 
2147  if (dd) {
2148  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2149  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2150 
2151  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2152  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2153  DetectAddressPrint(dd);
2154  result = 0;
2155  }
2156 
2157  DetectAddressFree(dd);
2158  return result;
2159  }
2160 
2161  return 0;
2162 }
2163 
2164 static int AddressTestParse09(void)
2165 {
2166  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2167 
2168  if (dd) {
2169  DetectAddressFree(dd);
2170  return 1;
2171  }
2172 
2173  return 0;
2174 }
2175 
2176 static int AddressTestParse10(void)
2177 {
2178  int result = 1;
2179  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2180 
2181  if (dd) {
2182  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2183  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2184 
2185  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2186  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2187  DetectAddressPrint(dd);
2188  result = 0;
2189  }
2190 
2191  DetectAddressFree(dd);
2192  return result;
2193  }
2194 
2195  return 0;
2196 }
2197 
2198 static int AddressTestParse11(void)
2199 {
2200  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2201 
2202  if (dd) {
2203  DetectAddressFree(dd);
2204  return 1;
2205  }
2206 
2207  return 0;
2208 }
2209 
2210 static int AddressTestParse12(void)
2211 {
2212  int result = 1;
2213  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2214 
2215  if (dd) {
2216  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2217  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2218 
2219  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2220  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2221  DetectAddressPrint(dd);
2222  result = 0;
2223  }
2224 
2225  DetectAddressFree(dd);
2226  return result;
2227  }
2228 
2229  return 0;
2230 }
2231 static int AddressTestParse13(void)
2232 {
2233  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2234 
2235  if (dd) {
2236  DetectAddressFree(dd);
2237  return 1;
2238  }
2239 
2240  return 0;
2241 }
2242 
2243 static int AddressTestParse14(void)
2244 {
2245  int result = 1;
2246  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2247 
2248  if (dd) {
2249  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2250  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2251 
2252  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2253  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2254  result = 0;
2255  }
2256 
2257  DetectAddressFree(dd);
2258  return result;
2259  }
2260 
2261  return 0;
2262 }
2263 
2264 static int AddressTestParse15(void)
2265 {
2266  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2267 
2268  if (dd) {
2269  DetectAddressFree(dd);
2270  return 1;
2271  }
2272 
2273  return 0;
2274 }
2275 
2276 static int AddressTestParse16(void)
2277 {
2278  int result = 1;
2279  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2280 
2281  if (dd) {
2282  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2283  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2284 
2285  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2286  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2287  result = 0;
2288  }
2289 
2290  DetectAddressFree(dd);
2291  return result;
2292  }
2293 
2294  return 0;
2295 }
2296 
2297 static int AddressTestParse17(void)
2298 {
2299  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2300 
2301  if (dd) {
2302  DetectAddressFree(dd);
2303  return 1;
2304  }
2305 
2306  return 0;
2307 }
2308 
2309 static int AddressTestParse18(void)
2310 {
2311  int result = 1;
2312  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2313 
2314  if (dd) {
2315  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2316  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2317  result = 0;
2318  }
2319 
2320  DetectAddressFree(dd);
2321  return result;
2322  }
2323 
2324  return 0;
2325 }
2326 
2327 static int AddressTestParse19(void)
2328 {
2329  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2330 
2331  if (dd) {
2332  DetectAddressFree(dd);
2333  return 0;
2334  }
2335 
2336  return 1;
2337 }
2338 
2339 static int AddressTestParse20(void)
2340 {
2341  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2342 
2343  if (dd) {
2344  DetectAddressFree(dd);
2345  return 1;
2346  }
2347 
2348  return 0;
2349 }
2350 
2351 static int AddressTestParse21(void)
2352 {
2353  int result = 1;
2354  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2355 
2356  if (dd) {
2357  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2358  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2359 
2360  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2361  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2362  result = 0;
2363  }
2364 
2365  DetectAddressFree(dd);
2366  return result;
2367  }
2368 
2369  return 0;
2370 }
2371 
2372 static int AddressTestParse22(void)
2373 {
2374  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2375 
2376  if (dd) {
2377  DetectAddressFree(dd);
2378  return 0;
2379  }
2380 
2381  return 1;
2382 }
2383 
2384 static int AddressTestParse23(void)
2385 {
2387  FAIL_IF_NULL(gh);
2388  int r = DetectAddressParse(NULL, gh, "any");
2389  FAIL_IF_NOT(r == 0);
2391  PASS;
2392 }
2393 
2394 static int AddressTestParse24(void)
2395 {
2397  FAIL_IF_NULL(gh);
2398  int r = DetectAddressParse(NULL, gh, "Any");
2399  FAIL_IF_NOT(r == 0);
2401  PASS;
2402 }
2403 
2404 static int AddressTestParse25(void)
2405 {
2407  FAIL_IF_NULL(gh);
2408  int r = DetectAddressParse(NULL, gh, "ANY");
2409  FAIL_IF_NOT(r == 0);
2411  PASS;
2412 }
2413 
2414 static int AddressTestParse27(void)
2415 {
2416  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2417 
2418  if (dd) {
2419  DetectAddressFree(dd);
2420  return 1;
2421  }
2422 
2423  return 0;
2424 }
2425 
2426 static int AddressTestParse28(void)
2427 {
2428  int result = 0;
2429  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2430 
2431  if (dd) {
2432  if (dd->flags & ADDRESS_FLAG_NOT &&
2433  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2434  result = 1;
2435  }
2436 
2437  DetectAddressFree(dd);
2438  return result;
2439  }
2440 
2441  return 0;
2442 }
2443 
2444 static int AddressTestParse29(void)
2445 {
2446  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2447 
2448  if (dd) {
2449  DetectAddressFree(dd);
2450  return 1;
2451  }
2452 
2453  return 0;
2454 }
2455 
2456 static int AddressTestParse30(void)
2457 {
2458  int result = 0;
2459  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2460 
2461  if (dd) {
2462  if (dd->flags & ADDRESS_FLAG_NOT &&
2463  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2464  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2465  result = 1;
2466  }
2467 
2468  DetectAddressFree(dd);
2469  return result;
2470  }
2471 
2472  return 0;
2473 }
2474 
2475 /**
2476  * \test make sure !any is rejected
2477  */
2478 static int AddressTestParse31(void)
2479 {
2480  DetectAddress *dd = DetectAddressParseSingle("!any");
2481 
2482  if (dd) {
2483  DetectAddressFree(dd);
2484  return 0;
2485  }
2486 
2487  return 1;
2488 }
2489 
2490 static int AddressTestParse32(void)
2491 {
2492  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2493 
2494  if (dd) {
2495  DetectAddressFree(dd);
2496  return 1;
2497  }
2498 
2499  return 0;
2500 }
2501 
2502 static int AddressTestParse33(void)
2503 {
2504  int result = 0;
2505  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2506 
2507  if (dd) {
2508  if (dd->flags & ADDRESS_FLAG_NOT &&
2509  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2510  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2511  result = 1;
2512  }
2513 
2514  DetectAddressFree(dd);
2515  return result;
2516  }
2517 
2518  return 0;
2519 }
2520 
2521 static int AddressTestParse34(void)
2522 {
2523  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2524 
2525  if (dd) {
2526  DetectAddressFree(dd);
2527  return 1;
2528  }
2529 
2530  return 0;
2531 }
2532 
2533 static int AddressTestParse35(void)
2534 {
2535  int result = 0;
2536  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2537 
2538  if (dd) {
2539  if (dd->flags & ADDRESS_FLAG_NOT &&
2540  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2541  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2542 
2543  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2544  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2545  result = 1;
2546  }
2547 
2548  DetectAddressFree(dd);
2549  return result;
2550  }
2551 
2552  return 0;
2553 }
2554 
2555 static int AddressTestParse36(void)
2556 {
2557  int result = 1;
2558  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2559 
2560  if (dd) {
2561  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2562  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2563 
2564  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2565  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2566 
2567  DetectAddressPrint(dd);
2568  result = 0;
2569  }
2570  DetectAddressPrint(dd);
2571 
2572  DetectAddressFree(dd);
2573  return result;
2574  }
2575 
2576  return 0;
2577 }
2578 
2579 static int AddressTestParse37(void)
2580 {
2581  int result = 1;
2582  DetectAddress *dd = DetectAddressParseSingle("::/0");
2583 
2584  if (dd) {
2585  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2586  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2587 
2588  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2589  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2590  DetectAddressPrint(dd);
2591  result = 0;
2592  }
2593  DetectAddressPrint(dd);
2594 
2595  DetectAddressFree(dd);
2596  return result;
2597  }
2598 
2599  return 0;
2600 }
2601 
2602 static int AddressTestMatch01(void)
2603 {
2604  DetectAddress *dd = NULL;
2605  int result = 1;
2606  struct in_addr in;
2607  Address a;
2608 
2609  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2610  return 0;
2611  memset(&a, 0, sizeof(Address));
2612  a.family = AF_INET;
2613  a.addr_data32[0] = in.s_addr;
2614 
2615  dd = DetectAddressParseSingle("1.2.3.4/24");
2616  if (dd) {
2617  if (DetectAddressMatch(dd, &a) == 0)
2618  result = 0;
2619 
2620  DetectAddressFree(dd);
2621  return result;
2622  }
2623 
2624  return 0;
2625 }
2626 
2627 static int AddressTestMatch02(void)
2628 {
2629  DetectAddress *dd = NULL;
2630  int result = 1;
2631  struct in_addr in;
2632  Address a;
2633 
2634  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2635  return 0;
2636  memset(&a, 0, sizeof(Address));
2637  a.family = AF_INET;
2638  a.addr_data32[0] = in.s_addr;
2639 
2640  dd = DetectAddressParseSingle("1.2.3.4/25");
2641  if (dd) {
2642  if (DetectAddressMatch(dd, &a) == 0)
2643  result = 0;
2644 
2645  DetectAddressFree(dd);
2646  return result;
2647  }
2648 
2649  return 0;
2650 }
2651 
2652 static int AddressTestMatch03(void)
2653 {
2654  DetectAddress *dd = NULL;
2655  int result = 1;
2656  struct in_addr in;
2657  Address a;
2658 
2659  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2660  return 0;
2661  memset(&a, 0, sizeof(Address));
2662  a.family = AF_INET;
2663  a.addr_data32[0] = in.s_addr;
2664 
2665  dd = DetectAddressParseSingle("1.2.3.4/25");
2666  if (dd) {
2667  if (DetectAddressMatch(dd, &a) == 1)
2668  result = 0;
2669 
2670  DetectAddressFree(dd);
2671  return result;
2672  }
2673 
2674  return 0;
2675 }
2676 
2677 static int AddressTestMatch04(void)
2678 {
2679  DetectAddress *dd = NULL;
2680  int result = 1;
2681  struct in_addr in;
2682  Address a;
2683 
2684  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2685  return 0;
2686  memset(&a, 0, sizeof(Address));
2687  a.family = AF_INET;
2688  a.addr_data32[0] = in.s_addr;
2689 
2690  dd = DetectAddressParseSingle("1.2.3.4/25");
2691  if (dd) {
2692  if (DetectAddressMatch(dd, &a) == 1)
2693  result = 0;
2694 
2695  DetectAddressFree(dd);
2696  return result;
2697  }
2698 
2699  return 0;
2700 }
2701 
2702 static int AddressTestMatch05(void)
2703 {
2704  DetectAddress *dd = NULL;
2705  int result = 1;
2706  struct in_addr in;
2707  Address a;
2708 
2709  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2710  return 0;
2711  memset(&a, 0, sizeof(Address));
2712  a.family = AF_INET;
2713  a.addr_data32[0] = in.s_addr;
2714 
2715  dd = DetectAddressParseSingle("1.2.3.4/32");
2716  if (dd) {
2717  if (DetectAddressMatch(dd, &a) == 0)
2718  result = 0;
2719 
2720  DetectAddressFree(dd);
2721  return result;
2722  }
2723 
2724  return 0;
2725 }
2726 
2727 static int AddressTestMatch06(void)
2728 {
2729  DetectAddress *dd = NULL;
2730  int result = 1;
2731  struct in_addr in;
2732  Address a;
2733 
2734  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2735  return 0;
2736  memset(&a, 0, sizeof(Address));
2737  a.family = AF_INET;
2738  a.addr_data32[0] = in.s_addr;
2739 
2740  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2741  if (dd) {
2742  if (DetectAddressMatch(dd, &a) == 0)
2743  result = 0;
2744 
2745  DetectAddressFree(dd);
2746  return result;
2747  }
2748 
2749  return 0;
2750 }
2751 
2752 static int AddressTestMatch07(void)
2753 {
2754  DetectAddress *dd = NULL;
2755  int result = 1;
2756  struct in6_addr in6;
2757  Address a;
2758 
2759  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2760  return 0;
2761  memset(&a, 0, sizeof(Address));
2762  a.family = AF_INET6;
2763  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2764 
2765  dd = DetectAddressParseSingle("2001::/3");
2766  if (dd) {
2767  if (DetectAddressMatch(dd, &a) == 0)
2768  result = 0;
2769 
2770  DetectAddressFree(dd);
2771  return result;
2772  }
2773 
2774  return 0;
2775 }
2776 
2777 static int AddressTestMatch08(void)
2778 {
2779  DetectAddress *dd = NULL;
2780  int result = 1;
2781  struct in6_addr in6;
2782  Address a;
2783 
2784  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2785  return 0;
2786  memset(&a, 0, sizeof(Address));
2787  a.family = AF_INET6;
2788  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2789 
2790  dd = DetectAddressParseSingle("2001::/3");
2791  if (dd) {
2792  if (DetectAddressMatch(dd, &a) == 1)
2793  result = 0;
2794 
2795  DetectAddressFree(dd);
2796  return result;
2797  }
2798 
2799  return 0;
2800 }
2801 
2802 static int AddressTestMatch09(void)
2803 {
2804  DetectAddress *dd = NULL;
2805  int result = 1;
2806  struct in6_addr in6;
2807  Address a;
2808 
2809  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2810  return 0;
2811  memset(&a, 0, sizeof(Address));
2812  a.family = AF_INET6;
2813  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2814 
2815  dd = DetectAddressParseSingle("2001::1/128");
2816  if (dd) {
2817  if (DetectAddressMatch(dd, &a) == 1)
2818  result = 0;
2819 
2820  DetectAddressFree(dd);
2821  return result;
2822  }
2823 
2824  return 0;
2825 }
2826 
2827 static int AddressTestMatch10(void)
2828 {
2829  DetectAddress *dd = NULL;
2830  int result = 1;
2831  struct in6_addr in6;
2832  Address a;
2833 
2834  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2835  return 0;
2836  memset(&a, 0, sizeof(Address));
2837  a.family = AF_INET6;
2838  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2839 
2840  dd = DetectAddressParseSingle("2001::1/126");
2841  if (dd) {
2842  if (DetectAddressMatch(dd, &a) == 0)
2843  result = 0;
2844 
2845  DetectAddressFree(dd);
2846  return result;
2847  }
2848 
2849  return 0;
2850 }
2851 
2852 static int AddressTestMatch11(void)
2853 {
2854  DetectAddress *dd = NULL;
2855  int result = 1;
2856  struct in6_addr in6;
2857  Address a;
2858 
2859  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2860  return 0;
2861  memset(&a, 0, sizeof(Address));
2862  a.family = AF_INET6;
2863  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2864 
2865  dd = DetectAddressParseSingle("2001::1/127");
2866  if (dd) {
2867  if (DetectAddressMatch(dd, &a) == 1)
2868  result = 0;
2869 
2870  DetectAddressFree(dd);
2871  return result;
2872  }
2873 
2874  return 0;
2875 }
2876 
2877 static int AddressTestCmp01(void)
2878 {
2879  DetectAddress *da = NULL, *db = NULL;
2880  int result = 1;
2881 
2882  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2883  if (da == NULL) goto error;
2884  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2885  if (db == NULL) goto error;
2886 
2887  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2888  result = 0;
2889 
2890  DetectAddressFree(da);
2891  DetectAddressFree(db);
2892  return result;
2893 
2894 error:
2895  if (da) DetectAddressFree(da);
2896  if (db) DetectAddressFree(db);
2897  return 0;
2898 }
2899 
2900 static int AddressTestCmp02(void)
2901 {
2902  DetectAddress *da = NULL, *db = NULL;
2903  int result = 1;
2904 
2905  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2906  if (da == NULL) goto error;
2907  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2908  if (db == NULL) goto error;
2909 
2910  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2911  result = 0;
2912 
2913  DetectAddressFree(da);
2914  DetectAddressFree(db);
2915  return result;
2916 
2917 error:
2918  if (da) DetectAddressFree(da);
2919  if (db) DetectAddressFree(db);
2920  return 0;
2921 }
2922 
2923 static int AddressTestCmp03(void)
2924 {
2925  DetectAddress *da = NULL, *db = NULL;
2926  int result = 1;
2927 
2928  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2929  if (da == NULL) goto error;
2930  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2931  if (db == NULL) goto error;
2932 
2933  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2934  result = 0;
2935 
2936  DetectAddressFree(da);
2937  DetectAddressFree(db);
2938  return result;
2939 
2940 error:
2941  if (da) DetectAddressFree(da);
2942  if (db) DetectAddressFree(db);
2943  return 0;
2944 }
2945 
2946 static int AddressTestCmp04(void)
2947 {
2948  DetectAddress *da = NULL, *db = NULL;
2949  int result = 1;
2950 
2951  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2952  if (da == NULL) goto error;
2953  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2954  if (db == NULL) goto error;
2955 
2956  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2957  result = 0;
2958 
2959  DetectAddressFree(da);
2960  DetectAddressFree(db);
2961  return result;
2962 
2963 error:
2964  if (da) DetectAddressFree(da);
2965  if (db) DetectAddressFree(db);
2966  return 0;
2967 }
2968 
2969 static int AddressTestCmp05(void)
2970 {
2971  DetectAddress *da = NULL, *db = NULL;
2972  int result = 1;
2973 
2974  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2975  if (da == NULL) goto error;
2976  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2977  if (db == NULL) goto error;
2978 
2979  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2980  result = 0;
2981 
2982  DetectAddressFree(da);
2983  DetectAddressFree(db);
2984  return result;
2985 
2986 error:
2987  if (da) DetectAddressFree(da);
2988  if (db) DetectAddressFree(db);
2989  return 0;
2990 }
2991 
2992 static int AddressTestCmp06(void)
2993 {
2994  DetectAddress *da = NULL, *db = NULL;
2995  int result = 1;
2996 
2997  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2998  if (da == NULL) goto error;
2999  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
3000  if (db == NULL) goto error;
3001 
3002  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3003  result = 0;
3004 
3005  DetectAddressFree(da);
3006  DetectAddressFree(db);
3007  return result;
3008 
3009 error:
3010  if (da) DetectAddressFree(da);
3011  if (db) DetectAddressFree(db);
3012  return 0;
3013 }
3014 
3015 static int AddressTestCmpIPv407(void)
3016 {
3017  DetectAddress *da = NULL, *db = NULL;
3018  int result = 1;
3019 
3020  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3021  if (da == NULL) goto error;
3022  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3023  if (db == NULL) goto error;
3024 
3025  if (DetectAddressCmp(da, db) != ADDRESS_LE)
3026  result = 0;
3027 
3028  DetectAddressFree(da);
3029  DetectAddressFree(db);
3030  return result;
3031 
3032 error:
3033  if (da) DetectAddressFree(da);
3034  if (db) DetectAddressFree(db);
3035  return 0;
3036 }
3037 
3038 static int AddressTestCmpIPv408(void)
3039 {
3040  DetectAddress *da = NULL, *db = NULL;
3041  int result = 1;
3042 
3043  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3044  if (da == NULL) goto error;
3045  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3046  if (db == NULL) goto error;
3047 
3048  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3049  result = 0;
3050 
3051  DetectAddressFree(da);
3052  DetectAddressFree(db);
3053  return result;
3054 
3055 error:
3056  if (da) DetectAddressFree(da);
3057  if (db) DetectAddressFree(db);
3058  return 0;
3059 }
3060 
3061 static int AddressTestCmp07(void)
3062 {
3063  DetectAddress *da = NULL, *db = NULL;
3064  int result = 1;
3065 
3066  da = DetectAddressParseSingle("2001::/3");
3067  if (da == NULL) goto error;
3068  db = DetectAddressParseSingle("2001::1/3");
3069  if (db == NULL) goto error;
3070 
3071  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3072  result = 0;
3073 
3074  DetectAddressFree(da);
3075  DetectAddressFree(db);
3076  return result;
3077 
3078 error:
3079  if (da) DetectAddressFree(da);
3080  if (db) DetectAddressFree(db);
3081  return 0;
3082 }
3083 
3084 static int AddressTestCmp08(void)
3085 {
3086  DetectAddress *da = NULL, *db = NULL;
3087  int result = 1;
3088 
3089  da = DetectAddressParseSingle("2001::/3");
3090  if (da == NULL) goto error;
3091  db = DetectAddressParseSingle("2001::/8");
3092  if (db == NULL) goto error;
3093 
3094  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3095  result = 0;
3096 
3097  DetectAddressFree(da);
3098  DetectAddressFree(db);
3099  return result;
3100 
3101 error:
3102  if (da) DetectAddressFree(da);
3103  if (db) DetectAddressFree(db);
3104  return 0;
3105 }
3106 
3107 static int AddressTestCmp09(void)
3108 {
3109  DetectAddress *da = NULL, *db = NULL;
3110  int result = 1;
3111 
3112  da = DetectAddressParseSingle("2001::/8");
3113  if (da == NULL) goto error;
3114  db = DetectAddressParseSingle("2001::/3");
3115  if (db == NULL) goto error;
3116 
3117  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3118  result = 0;
3119 
3120  DetectAddressFree(da);
3121  DetectAddressFree(db);
3122  return result;
3123 
3124 error:
3125  if (da) DetectAddressFree(da);
3126  if (db) DetectAddressFree(db);
3127  return 0;
3128 }
3129 
3130 static int AddressTestCmp10(void)
3131 {
3132  DetectAddress *da = NULL, *db = NULL;
3133  int result = 1;
3134 
3135  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3136  if (da == NULL) goto error;
3137  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3138  if (db == NULL) goto error;
3139 
3140  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3141  result = 0;
3142 
3143  DetectAddressFree(da);
3144  DetectAddressFree(db);
3145  return result;
3146 
3147 error:
3148  if (da) DetectAddressFree(da);
3149  if (db) DetectAddressFree(db);
3150  return 0;
3151 }
3152 
3153 static int AddressTestCmp11(void)
3154 {
3155  DetectAddress *da = NULL, *db = NULL;
3156  int result = 1;
3157 
3158  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3159  if (da == NULL) goto error;
3160  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3161  if (db == NULL) goto error;
3162 
3163  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3164  result = 0;
3165 
3166  DetectAddressFree(da);
3167  DetectAddressFree(db);
3168  return result;
3169 
3170 error:
3171  if (da) DetectAddressFree(da);
3172  if (db) DetectAddressFree(db);
3173  return 0;
3174 }
3175 
3176 static int AddressTestCmp12(void)
3177 {
3178  DetectAddress *da = NULL, *db = NULL;
3179  int result = 1;
3180 
3181  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3182  if (da == NULL) goto error;
3183  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3184  if (db == NULL) goto error;
3185 
3186  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3187  result = 0;
3188 
3189  DetectAddressFree(da);
3190  DetectAddressFree(db);
3191  return result;
3192 
3193 error:
3194  if (da) DetectAddressFree(da);
3195  if (db) DetectAddressFree(db);
3196  return 0;
3197 }
3198 
3199 static int AddressTestAddressGroupSetup01(void)
3200 {
3201  int result = 0;
3203 
3204  if (gh != NULL) {
3205  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3206  if (r == 0)
3207  result = 1;
3208 
3210  }
3211  return result;
3212 }
3213 
3214 static int AddressTestAddressGroupSetup02(void)
3215 {
3216  int result = 0;
3218 
3219  if (gh != NULL) {
3220  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3221  if (r == 0 && gh->ipv4_head != NULL)
3222  result = 1;
3223 
3225  }
3226  return result;
3227 }
3228 
3229 static int AddressTestAddressGroupSetup03(void)
3230 {
3231  int result = 0;
3233 
3234  if (gh != NULL) {
3235  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3236  if (r == 0 && gh->ipv4_head != NULL) {
3237  DetectAddress *prev_head = gh->ipv4_head;
3238 
3239  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3240  if (r == 0 && gh->ipv4_head != prev_head &&
3241  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3242  result = 1;
3243  }
3244  }
3245 
3247  }
3248  return result;
3249 }
3250 
3251 static int AddressTestAddressGroupSetup04(void)
3252 {
3253  int result = 0;
3255 
3256  if (gh != NULL) {
3257  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3258  if (r == 0 && gh->ipv4_head != NULL) {
3259  DetectAddress *prev_head = gh->ipv4_head;
3260 
3261  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3262  if (r == 0 && gh->ipv4_head != prev_head &&
3263  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3264  DetectAddress *ph = gh->ipv4_head;
3265 
3266  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3267  if (r == 0 && gh->ipv4_head != ph &&
3268  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3269  result = 1;
3270  }
3271  }
3272  }
3273 
3275  }
3276  return result;
3277 }
3278 
3279 static int AddressTestAddressGroupSetup05(void)
3280 {
3281  int result = 0;
3283 
3284  if (gh != NULL) {
3285  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3286  if (r == 0 && gh->ipv4_head != NULL) {
3287  DetectAddress *prev_head = gh->ipv4_head;
3288 
3289  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3290  if (r == 0 && gh->ipv4_head == prev_head &&
3291  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3292  DetectAddress *ph = gh->ipv4_head;
3293 
3294  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3295  if (r == 0 && gh->ipv4_head == ph &&
3296  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3297  result = 1;
3298  }
3299  }
3300  }
3301 
3303  }
3304  return result;
3305 }
3306 
3307 static int AddressTestAddressGroupSetup06(void)
3308 {
3309  int result = 0;
3311 
3312  if (gh != NULL) {
3313  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3314  if (r == 0 && gh->ipv4_head != NULL) {
3315  DetectAddress *prev_head = gh->ipv4_head;
3316 
3317  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3318  if (r == 0 && gh->ipv4_head == prev_head &&
3319  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3320  result = 1;
3321  }
3322  }
3323 
3325  }
3326  return result;
3327 }
3328 
3329 static int AddressTestAddressGroupSetup07(void)
3330 {
3331  int result = 0;
3333 
3334  if (gh != NULL) {
3335  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3336  if (r == 0 && gh->ipv4_head != NULL) {
3337  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3338  if (r == 0 && gh->ipv4_head != NULL &&
3339  gh->ipv4_head->next != NULL &&
3340  gh->ipv4_head->next->next != NULL) {
3341  result = 1;
3342  }
3343  }
3344 
3346  }
3347  return result;
3348 }
3349 
3350 static int AddressTestAddressGroupSetup08(void)
3351 {
3352  int result = 0;
3354 
3355  if (gh != NULL) {
3356  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3357  if (r == 0 && gh->ipv4_head != NULL) {
3358  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3359  if (r == 0 && gh->ipv4_head != NULL &&
3360  gh->ipv4_head->next != NULL &&
3361  gh->ipv4_head->next->next != NULL) {
3362  result = 1;
3363  }
3364  }
3365 
3367  }
3368  return result;
3369 }
3370 
3371 static int AddressTestAddressGroupSetup09(void)
3372 {
3373  int result = 0;
3375 
3376  if (gh != NULL) {
3377  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3378  if (r == 0 && gh->ipv4_head != NULL) {
3379  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3380  if (r == 0 && gh->ipv4_head != NULL &&
3381  gh->ipv4_head->next != NULL &&
3382  gh->ipv4_head->next->next != NULL) {
3383  result = 1;
3384  }
3385  }
3386 
3388  }
3389  return result;
3390 }
3391 
3392 static int AddressTestAddressGroupSetup10(void)
3393 {
3394  int result = 0;
3396 
3397  if (gh != NULL) {
3398  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3399  if (r == 0 && gh->ipv4_head != NULL) {
3400  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3401  if (r == 0 && gh->ipv4_head != NULL &&
3402  gh->ipv4_head->next != NULL &&
3403  gh->ipv4_head->next->next != NULL) {
3404  result = 1;
3405  }
3406  }
3407 
3409  }
3410  return result;
3411 }
3412 
3413 static int AddressTestAddressGroupSetup11(void)
3414 {
3415  int result = 0;
3417 
3418  if (gh != NULL) {
3419  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3420  if (r == 0) {
3421  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3422  if (r == 0) {
3423  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3424  if (r == 0) {
3425  DetectAddress *one = gh->ipv4_head, *two = one->next,
3426  *three = two->next, *four = three->next,
3427  *five = four->next;
3428 
3429  /* result should be:
3430  * 0.0.0.0/10.10.9.255
3431  * 10.10.10.0/10.10.10.9
3432  * 10.10.10.10/10.10.10.255
3433  * 10.10.11.0/10.10.11.1
3434  * 10.10.11.2/255.255.255.255
3435  */
3436  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3437  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3438  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3439  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3440  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3441  result = 1;
3442  }
3443  }
3444  }
3445  }
3446 
3448  }
3449  return result;
3450 }
3451 
3452 static int AddressTestAddressGroupSetup12 (void)
3453 {
3454  int result = 0;
3456 
3457  if (gh != NULL) {
3458  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3459  if (r == 0) {
3460  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3461  if (r == 0) {
3462  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3463  if (r == 0) {
3464  DetectAddress *one = gh->ipv4_head, *two = one->next,
3465  *three = two->next, *four = three->next,
3466  *five = four->next;
3467 
3468  /* result should be:
3469  * 0.0.0.0/10.10.9.255
3470  * 10.10.10.0/10.10.10.9
3471  * 10.10.10.10/10.10.10.255
3472  * 10.10.11.0/10.10.11.1
3473  * 10.10.11.2/255.255.255.255
3474  */
3475  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3476  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3477  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3478  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3479  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3480  result = 1;
3481  }
3482  }
3483  }
3484  }
3485 
3487  }
3488  return result;
3489 }
3490 
3491 static int AddressTestAddressGroupSetup13(void)
3492 {
3493  int result = 0;
3495 
3496  if (gh != NULL) {
3497  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3498  if (r == 0) {
3499  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3500  if (r == 0) {
3501  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3502  if (r == 0) {
3503  DetectAddress *one = gh->ipv4_head, *two = one->next,
3504  *three = two->next, *four = three->next,
3505  *five = four->next;
3506 
3507  /* result should be:
3508  * 0.0.0.0/10.10.9.255
3509  * 10.10.10.0/10.10.10.9
3510  * 10.10.10.10/10.10.10.255
3511  * 10.10.11.0/10.10.11.1
3512  * 10.10.11.2/255.255.255.255
3513  */
3514  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3515  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3516  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3517  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3518  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3519  result = 1;
3520  }
3521  }
3522  }
3523  }
3524 
3526  }
3527  return result;
3528 }
3529 
3530 static int AddressTestAddressGroupSetupIPv414(void)
3531 {
3532  int result = 0;
3534 
3535  if (gh != NULL) {
3536  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3537  if (r == 0) {
3538  DetectAddress *one = gh->ipv4_head;
3539  DetectAddress *two = one ? one->next : NULL;
3540 
3541  if (one && two) {
3542  /* result should be:
3543  * 0.0.0.0/1.2.3.3
3544  * 1.2.3.5/255.255.255.255
3545  */
3546  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(16909059) &&
3547  two->ip.addr_data32[0] == SCNtohl(16909061) && two->ip2.addr_data32[0] == 0xFFFFFFFF) {
3548  result = 1;
3549  } else {
3550  printf("unexpected addresses: ");
3551  }
3552  } else {
3553  printf("one %p two %p: ", one, two);
3554  }
3555  } else {
3556  printf("DetectAddressParse returned %d, expected 0: ", r);
3557  }
3558 
3560  }
3561  return result;
3562 }
3563 
3564 static int AddressTestAddressGroupSetupIPv415(void)
3565 {
3566  int result = 0;
3568 
3569  if (gh != NULL) {
3570  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3571  if (r == 0) {
3572  DetectAddress *one = gh->ipv4_head;
3573 
3574  if (one && one->next == NULL) {
3575  /* result should be:
3576  * 0.0.0.1/255.255.255.255
3577  */
3578  if (one->ip.addr_data32[0] == SCNtohl(1) && one->ip2.addr_data32[0] == 0xFFFFFFFF)
3579  result = 1;
3580  }
3581  }
3582 
3584  }
3585  return result;
3586 }
3587 
3588 static int AddressTestAddressGroupSetupIPv416(void)
3589 {
3590  int result = 0;
3592 
3593  if (gh != NULL) {
3594  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3595  if (r == 0) {
3596  DetectAddress *one = gh->ipv4_head;
3597 
3598  if (one && one->next == NULL) {
3599  /* result should be:
3600  * 0.0.0.0/255.255.255.254
3601  */
3602  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(4294967294))
3603  result = 1;
3604  }
3605  }
3606 
3608  }
3609  return result;
3610 }
3611 
3612 static int AddressTestAddressGroupSetup14(void)
3613 {
3614  int result = 0;
3616 
3617  if (gh != NULL) {
3618  int r = DetectAddressParse(NULL, gh, "2001::1");
3619  if (r == 0)
3620  result = 1;
3621 
3623  }
3624  return result;
3625 }
3626 
3627 static int AddressTestAddressGroupSetup15(void)
3628 {
3629  int result = 0;
3631 
3632  if (gh != NULL) {
3633  int r = DetectAddressParse(NULL, gh, "2001::1");
3634  if (r == 0 && gh->ipv6_head != NULL)
3635  result = 1;
3636 
3638  }
3639  return result;
3640 }
3641 
3642 static int AddressTestAddressGroupSetup16(void)
3643 {
3644  int result = 0;
3646 
3647  if (gh != NULL) {
3648  int r = DetectAddressParse(NULL, gh, "2001::4");
3649  if (r == 0 && gh->ipv6_head != NULL) {
3650  DetectAddress *prev_head = gh->ipv6_head;
3651 
3652  r = DetectAddressParse(NULL, gh, "2001::3");
3653  if (r == 0 && gh->ipv6_head != prev_head &&
3654  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3655  result = 1;
3656  }
3657  }
3658 
3660  }
3661  return result;
3662 }
3663 
3664 static int AddressTestAddressGroupSetup17(void)
3665 {
3666  int result = 0;
3668 
3669  if (gh != NULL) {
3670  int r = DetectAddressParse(NULL, gh, "2001::4");
3671  if (r == 0 && gh->ipv6_head != NULL) {
3672  DetectAddress *prev_head = gh->ipv6_head;
3673 
3674  r = DetectAddressParse(NULL, gh, "2001::3");
3675  if (r == 0 && gh->ipv6_head != prev_head &&
3676  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3677  DetectAddress *ph = gh->ipv6_head;
3678 
3679  r = DetectAddressParse(NULL, gh, "2001::2");
3680  if (r == 0 && gh->ipv6_head != ph &&
3681  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3682  result = 1;
3683  }
3684  }
3685  }
3686 
3688  }
3689  return result;
3690 }
3691 
3692 static int AddressTestAddressGroupSetup18(void)
3693 {
3694  int result = 0;
3696 
3697  if (gh != NULL) {
3698  int r = DetectAddressParse(NULL, gh, "2001::2");
3699  if (r == 0 && gh->ipv6_head != NULL) {
3700  DetectAddress *prev_head = gh->ipv6_head;
3701 
3702  r = DetectAddressParse(NULL, gh, "2001::3");
3703  if (r == 0 && gh->ipv6_head == prev_head &&
3704  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3705  DetectAddress *ph = gh->ipv6_head;
3706 
3707  r = DetectAddressParse(NULL, gh, "2001::4");
3708  if (r == 0 && gh->ipv6_head == ph &&
3709  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3710  result = 1;
3711  }
3712  }
3713  }
3714 
3716  }
3717  return result;
3718 }
3719 
3720 static int AddressTestAddressGroupSetup19(void)
3721 {
3722  int result = 0;
3724 
3725  if (gh != NULL) {
3726  int r = DetectAddressParse(NULL, gh, "2001::2");
3727  if (r == 0 && gh->ipv6_head != NULL) {
3728  DetectAddress *prev_head = gh->ipv6_head;
3729 
3730  r = DetectAddressParse(NULL, gh, "2001::2");
3731  if (r == 0 && gh->ipv6_head == prev_head &&
3732  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3733  result = 1;
3734  }
3735  }
3736 
3738  }
3739  return result;
3740 }
3741 
3742 static int AddressTestAddressGroupSetup20(void)
3743 {
3744  int result = 0;
3746 
3747  if (gh != NULL) {
3748  int r = DetectAddressParse(NULL, gh, "2000::/3");
3749  if (r == 0 && gh->ipv6_head != NULL) {
3750  r = DetectAddressParse(NULL, gh, "2001::4");
3751  if (r == 0 && gh->ipv6_head != NULL &&
3752  gh->ipv6_head->next != NULL &&
3753  gh->ipv6_head->next->next != NULL) {
3754  result = 1;
3755  }
3756  }
3757 
3759  }
3760  return result;
3761 }
3762 
3763 static int AddressTestAddressGroupSetup21(void)
3764 {
3765  int result = 0;
3767 
3768  if (gh != NULL) {
3769  int r = DetectAddressParse(NULL, gh, "2001::4");
3770  if (r == 0 && gh->ipv6_head != NULL) {
3771  r = DetectAddressParse(NULL, gh, "2000::/3");
3772  if (r == 0 && gh->ipv6_head != NULL &&
3773  gh->ipv6_head->next != NULL &&
3774  gh->ipv6_head->next->next != NULL) {
3775  result = 1;
3776  }
3777  }
3778 
3780  }
3781  return result;
3782 }
3783 
3784 static int AddressTestAddressGroupSetup22(void)
3785 {
3786  int result = 0;
3788 
3789  if (gh != NULL) {
3790  int r = DetectAddressParse(NULL, gh, "2000::/3");
3791  if (r == 0 && gh->ipv6_head != NULL) {
3792  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3793  if (r == 0 && gh->ipv6_head != NULL &&
3794  gh->ipv6_head->next != NULL &&
3795  gh->ipv6_head->next->next != NULL) {
3796  result = 1;
3797  }
3798  }
3799 
3801  }
3802  return result;
3803 }
3804 
3805 static int AddressTestAddressGroupSetup23(void)
3806 {
3807  int result = 0;
3809 
3810  if (gh != NULL) {
3811  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3812  if (r == 0 && gh->ipv6_head != NULL) {
3813  r = DetectAddressParse(NULL, gh, "2000::/3");
3814  if (r == 0 && gh->ipv6_head != NULL &&
3815  gh->ipv6_head->next != NULL &&
3816  gh->ipv6_head->next->next != NULL) {
3817  result = 1;
3818  }
3819  }
3820 
3822  }
3823  return result;
3824 }
3825 
3826 static int AddressTestAddressGroupSetup24(void)
3827 {
3828  int result = 0;
3830 
3831  if (gh != NULL) {
3832  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3833  if (r == 0) {
3834  r = DetectAddressParse(NULL, gh, "2001::/3");
3835  if (r == 0) {
3836  r = DetectAddressParse(NULL, gh, "::/0");
3837  if (r == 0) {
3838  DetectAddress *one = gh->ipv6_head, *two = one->next,
3839  *three = two->next, *four = three->next,
3840  *five = four->next;
3841  if (one->ip.addr_data32[0] == 0x00000000 &&
3842  one->ip.addr_data32[1] == 0x00000000 &&
3843  one->ip.addr_data32[2] == 0x00000000 &&
3844  one->ip.addr_data32[3] == 0x00000000 &&
3845  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3846  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3847  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3848  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3849 
3850  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3851  two->ip.addr_data32[1] == 0x00000000 &&
3852  two->ip.addr_data32[2] == 0x00000000 &&
3853  two->ip.addr_data32[3] == 0x00000000 &&
3854  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3855  two->ip2.addr_data32[1] == 0x00000000 &&
3856  two->ip2.addr_data32[2] == 0x00000000 &&
3857  two->ip2.addr_data32[3] == SCNtohl(3) &&
3858 
3859  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3860  three->ip.addr_data32[1] == 0x00000000 &&
3861  three->ip.addr_data32[2] == 0x00000000 &&
3862  three->ip.addr_data32[3] == SCNtohl(4) &&
3863  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3864  three->ip2.addr_data32[1] == 0x00000000 &&
3865  three->ip2.addr_data32[2] == 0x00000000 &&
3866  three->ip2.addr_data32[3] == SCNtohl(6) &&
3867 
3868  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3869  four->ip.addr_data32[1] == 0x00000000 &&
3870  four->ip.addr_data32[2] == 0x00000000 &&
3871  four->ip.addr_data32[3] == SCNtohl(7) &&
3872  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3873  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3874  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3875  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3876 
3877  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3878  five->ip.addr_data32[1] == 0x00000000 &&
3879  five->ip.addr_data32[2] == 0x00000000 &&
3880  five->ip.addr_data32[3] == 0x00000000 &&
3881  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3882  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3883  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3884  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3885  result = 1;
3886  }
3887  }
3888  }
3889  }
3890 
3892  }
3893  return result;
3894 }
3895 
3896 static int AddressTestAddressGroupSetup25(void)
3897 {
3898  int result = 0;
3900 
3901  if (gh != NULL) {
3902  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3903  if (r == 0) {
3904  r = DetectAddressParse(NULL, gh, "::/0");
3905  if (r == 0) {
3906  r = DetectAddressParse(NULL, gh, "2001::/3");
3907  if (r == 0) {
3908  DetectAddress *one = gh->ipv6_head, *two = one->next,
3909  *three = two->next, *four = three->next,
3910  *five = four->next;
3911  if (one->ip.addr_data32[0] == 0x00000000 &&
3912  one->ip.addr_data32[1] == 0x00000000 &&
3913  one->ip.addr_data32[2] == 0x00000000 &&
3914  one->ip.addr_data32[3] == 0x00000000 &&
3915  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3916  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3917  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3918  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3919 
3920  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3921  two->ip.addr_data32[1] == 0x00000000 &&
3922  two->ip.addr_data32[2] == 0x00000000 &&
3923  two->ip.addr_data32[3] == 0x00000000 &&
3924  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3925  two->ip2.addr_data32[1] == 0x00000000 &&
3926  two->ip2.addr_data32[2] == 0x00000000 &&
3927  two->ip2.addr_data32[3] == SCNtohl(3) &&
3928 
3929  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3930  three->ip.addr_data32[1] == 0x00000000 &&
3931  three->ip.addr_data32[2] == 0x00000000 &&
3932  three->ip.addr_data32[3] == SCNtohl(4) &&
3933  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3934  three->ip2.addr_data32[1] == 0x00000000 &&
3935  three->ip2.addr_data32[2] == 0x00000000 &&
3936  three->ip2.addr_data32[3] == SCNtohl(6) &&
3937 
3938  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3939  four->ip.addr_data32[1] == 0x00000000 &&
3940  four->ip.addr_data32[2] == 0x00000000 &&
3941  four->ip.addr_data32[3] == SCNtohl(7) &&
3942  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3943  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3944  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3945  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3946 
3947  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3948  five->ip.addr_data32[1] == 0x00000000 &&
3949  five->ip.addr_data32[2] == 0x00000000 &&
3950  five->ip.addr_data32[3] == 0x00000000 &&
3951  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3952  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3953  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3954  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3955  result = 1;
3956  }
3957  }
3958  }
3959  }
3960 
3962  }
3963  return result;
3964 }
3965 
3966 static int AddressTestAddressGroupSetup26(void)
3967 {
3968  int result = 0;
3970 
3971  if (gh != NULL) {
3972  int r = DetectAddressParse(NULL, gh, "::/0");
3973  if (r == 0) {
3974  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3975  if (r == 0) {
3976  r = DetectAddressParse(NULL, gh, "2001::/3");
3977  if (r == 0) {
3978  DetectAddress *one = gh->ipv6_head, *two = one->next,
3979  *three = two->next, *four = three->next,
3980  *five = four->next;
3981  if (one->ip.addr_data32[0] == 0x00000000 &&
3982  one->ip.addr_data32[1] == 0x00000000 &&
3983  one->ip.addr_data32[2] == 0x00000000 &&
3984  one->ip.addr_data32[3] == 0x00000000 &&
3985  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3986  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3987  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3988  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3989 
3990  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3991  two->ip.addr_data32[1] == 0x00000000 &&
3992  two->ip.addr_data32[2] == 0x00000000 &&
3993  two->ip.addr_data32[3] == 0x00000000 &&
3994  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3995  two->ip2.addr_data32[1] == 0x00000000 &&
3996  two->ip2.addr_data32[2] == 0x00000000 &&
3997  two->ip2.addr_data32[3] == SCNtohl(3) &&
3998 
3999  three->ip.addr_data32[0] == SCNtohl(536936448) &&
4000  three->ip.addr_data32[1] == 0x00000000 &&
4001  three->ip.addr_data32[2] == 0x00000000 &&
4002  three->ip.addr_data32[3] == SCNtohl(4) &&
4003  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
4004  three->ip2.addr_data32[1] == 0x00000000 &&
4005  three->ip2.addr_data32[2] == 0x00000000 &&
4006  three->ip2.addr_data32[3] == SCNtohl(6) &&
4007 
4008  four->ip.addr_data32[0] == SCNtohl(536936448) &&
4009  four->ip.addr_data32[1] == 0x00000000 &&
4010  four->ip.addr_data32[2] == 0x00000000 &&
4011  four->ip.addr_data32[3] == SCNtohl(7) &&
4012  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
4013  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
4014  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
4015  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
4016 
4017  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
4018  five->ip.addr_data32[1] == 0x00000000 &&
4019  five->ip.addr_data32[2] == 0x00000000 &&
4020  five->ip.addr_data32[3] == 0x00000000 &&
4021  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4022  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4023  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4024  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4025  result = 1;
4026  }
4027  }
4028  }
4029  }
4030 
4032  }
4033  return result;
4034 }
4035 
4036 static int AddressTestAddressGroupSetup27(void)
4037 {
4038  int result = 0;
4040 
4041  if (gh != NULL) {
4042  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
4043  if (r == 0)
4044  result = 1;
4045 
4047  }
4048  return result;
4049 }
4050 
4051 static int AddressTestAddressGroupSetup28(void)
4052 {
4053  int result = 0;
4055 
4056  if (gh != NULL) {
4057  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4058  if (r == 0)
4059  result = 1;
4060 
4062  }
4063  return result;
4064 }
4065 
4066 static int AddressTestAddressGroupSetup29(void)
4067 {
4068  int result = 0;
4070 
4071  if (gh != NULL) {
4072  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4073  if (r == 0)
4074  result = 1;
4075 
4077  }
4078  return result;
4079 }
4080 
4081 static int AddressTestAddressGroupSetup30(void)
4082 {
4083  int result = 0;
4085 
4086  if (gh != NULL) {
4087  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4088  if (r == 0)
4089  result = 1;
4090 
4092  }
4093  return result;
4094 }
4095 
4096 static int AddressTestAddressGroupSetup31(void)
4097 {
4098  int result = 0;
4100 
4101  if (gh != NULL) {
4102  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4103  if (r == 0)
4104  result = 1;
4105 
4107  }
4108  return result;
4109 }
4110 
4111 static int AddressTestAddressGroupSetup32(void)
4112 {
4113  int result = 0;
4115 
4116  if (gh != NULL) {
4117  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4118  if (r == 0)
4119  result = 1;
4120 
4122  }
4123  return result;
4124 }
4125 
4126 static int AddressTestAddressGroupSetup33(void)
4127 {
4128  int result = 0;
4130 
4131  if (gh != NULL) {
4132  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4133  if (r == 0)
4134  result = 1;
4135 
4137  }
4138  return result;
4139 }
4140 
4141 static int AddressTestAddressGroupSetup34(void)
4142 {
4143  int result = 0;
4145 
4146  if (gh != NULL) {
4147  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4148  if (r == 0)
4149  result = 1;
4150 
4152  }
4153  return result;
4154 }
4155 
4156 static int AddressTestAddressGroupSetup35(void)
4157 {
4158  int result = 0;
4160 
4161  if (gh != NULL) {
4162  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4163  if (r == 0)
4164  result = 1;
4165 
4167  }
4168  return result;
4169 }
4170 
4171 static int AddressTestAddressGroupSetup36 (void)
4172 {
4173  int result = 0;
4174 
4176  if (gh != NULL) {
4177  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4178  if (r == 0)
4179  result = 1;
4180 
4182  }
4183  return result;
4184 }
4185 
4186 static int AddressTestAddressGroupSetup37(void)
4187 {
4188  int result = 0;
4190 
4191  if (gh != NULL) {
4192  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4193  if (r == 0)
4194  result = 1;
4195 
4197  }
4198  return result;
4199 }
4200 
4201 static int AddressTestAddressGroupSetup38(void)
4202 {
4203  UTHValidateDetectAddressHeadRange expectations[3] = {
4204  { "0.0.0.0", "192.167.255.255" },
4205  { "192.168.14.0", "192.168.14.255" },
4206  { "192.169.0.0", "255.255.255.255" } };
4207  int result = 0;
4209 
4210  if (gh != NULL) {
4211  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4212  if (r == 0) {
4213  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4214  result = 1;
4215  }
4216 
4218  }
4219  return result;
4220 }
4221 
4222 static int AddressTestAddressGroupSetup39(void)
4223 {
4224  UTHValidateDetectAddressHeadRange expectations[3] = {
4225  { "0.0.0.0", "192.167.255.255" },
4226  { "192.168.14.0", "192.168.14.255" },
4227  { "192.169.0.0", "255.255.255.255" } };
4228  int result = 0;
4230 
4231  if (gh != NULL) {
4232  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4233  if (r == 0) {
4234  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4235  result = 1;
4236  }
4237 
4239  }
4240  return result;
4241 }
4242 
4243 static int AddressTestAddressGroupSetup40(void)
4244 {
4245  UTHValidateDetectAddressHeadRange expectations[3] = {
4246  { "0.0.0.0", "192.167.255.255" },
4247  { "192.168.14.0", "192.168.14.255" },
4248  { "192.169.0.0", "255.255.255.255" } };
4249  int result = 0;
4251  if (gh != NULL) {
4252  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4253  if (r == 0) {
4254  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4255  result = 1;
4256  }
4257 
4259  }
4260  return result;
4261 }
4262 
4263 static int AddressTestAddressGroupSetup41(void)
4264 {
4265  UTHValidateDetectAddressHeadRange expectations[3] = {
4266  { "0.0.0.0", "192.167.255.255" },
4267  { "192.168.14.0", "192.168.14.255" },
4268  { "192.169.0.0", "255.255.255.255" } };
4269  int result = 0;
4271  if (gh != NULL) {
4272  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4273  if (r == 0) {
4274  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4275  result = 1;
4276  }
4277 
4279  }
4280  return result;
4281 }
4282 
4283 static int AddressTestAddressGroupSetup42(void)
4284 {
4285  UTHValidateDetectAddressHeadRange expectations[1] = {
4286  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4287  int result = 0;
4289  if (gh != NULL) {
4290  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4291  if (r == 0) {
4292  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4293  result = 1;
4294  }
4295 
4297  }
4298  return result;
4299 }
4300 
4301 static int AddressTestAddressGroupSetup43(void)
4302 {
4303  UTHValidateDetectAddressHeadRange expectations[2] = {
4304  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4305  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4306  int result = 0;
4308  if (gh != NULL) {
4309  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4310  if (r == 0) {
4311  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4312  result = 1;
4313  }
4314 
4316  }
4317  return result;
4318 }
4319 
4320 static int AddressTestAddressGroupSetup44(void)
4321 {
4322  UTHValidateDetectAddressHeadRange expectations[2] = {
4323  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4324  int result = 0;
4326  if (gh != NULL) {
4327  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4328  if (r == 0) {
4329  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4330  result = 1;
4331  }
4332 
4334  }
4335  return result;
4336 }
4337 
4338 static int AddressTestAddressGroupSetup45(void)
4339 {
4340  int result = 0;
4342  if (gh != NULL) {
4343  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4344  if (r != 0) {
4345  result = 1;
4346  }
4347 
4349  }
4350  return result;
4351 }
4352 
4353 static int AddressTestAddressGroupSetup46(void)
4354 {
4355  UTHValidateDetectAddressHeadRange expectations[4] = {
4356  { "0.0.0.0", "192.167.255.255" },
4357  { "192.168.1.0", "192.168.1.255" },
4358  { "192.168.3.0", "192.168.3.255" },
4359  { "192.169.0.0", "255.255.255.255" } };
4360  int result = 0;
4362  if (gh != NULL) {
4363  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4364  if (r == 0) {
4365  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4366  result = 1;
4367  }
4368 
4370  }
4371  return result;
4372 }
4373 
4374 /** \test net with some negations, then all negated */
4375 static int AddressTestAddressGroupSetup47(void)
4376 {
4377  UTHValidateDetectAddressHeadRange expectations[5] = {
4378  { "0.0.0.0", "192.167.255.255" },
4379  { "192.168.1.0", "192.168.1.255" },
4380  { "192.168.3.0", "192.168.3.255" },
4381  { "192.168.5.0", "192.168.5.255" },
4382  { "192.169.0.0", "255.255.255.255" } };
4383  int result = 0;
4385  if (gh != NULL) {
4386  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4387  if (r == 0) {
4388  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4389  result = 1;
4390  }
4391 
4393  }
4394  return result;
4395 }
4396 
4397 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4398 static int AddressTestAddressGroupSetup48(void)
4399 {
4400  UTHValidateDetectAddressHeadRange expectations[4] = {
4401  { "192.168.0.0", "192.168.0.255" },
4402  { "192.168.2.0", "192.168.2.255" },
4403  { "192.168.4.0", "192.168.4.255" },
4404  { "192.168.6.0", "192.168.255.255" } };
4405  int result = 0;
4407  if (gh != NULL) {
4408  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4409  if (r == 0) {
4410  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4411  result = 1;
4412  }
4413 
4415  }
4416  return result;
4417 }
4418 
4419 static int AddressTestCutIPv401(void)
4420 {
4421  DetectAddress *a, *b, *c;
4422  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4423  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4424 
4425  if (DetectAddressCut(NULL, a, b, &c) == -1)
4426  goto error;
4427 
4428  DetectAddressFree(a);
4429  DetectAddressFree(b);
4430  DetectAddressFree(c);
4431  return 1;
4432 
4433 error:
4434  DetectAddressFree(a);
4435  DetectAddressFree(b);
4436  DetectAddressFree(c);
4437  return 0;
4438 }
4439 
4440 static int AddressTestCutIPv402(void)
4441 {
4442  DetectAddress *a, *b, *c;
4443  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4444  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4445 
4446  if (DetectAddressCut(NULL, a, b, &c) == -1)
4447  goto error;
4448 
4449  if (c == NULL)
4450  goto error;
4451 
4452  DetectAddressFree(a);
4453  DetectAddressFree(b);
4454  DetectAddressFree(c);
4455  return 1;
4456 
4457 error:
4458  DetectAddressFree(a);
4459  DetectAddressFree(b);
4460  DetectAddressFree(c);
4461  return 0;
4462 }
4463 
4464 static int AddressTestCutIPv403(void)
4465 {
4466  DetectAddress *a, *b, *c;
4467  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4468  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4469 
4470  if (DetectAddressCut(NULL, a, b, &c) == -1)
4471  goto error;
4472 
4473  if (c == NULL)
4474  goto error;
4475 
4476  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4477  goto error;
4478  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4479  goto error;
4480  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4481  goto error;
4482 
4483  DetectAddressFree(a);
4484  DetectAddressFree(b);
4485  DetectAddressFree(c);
4486  return 1;
4487 
4488 error:
4489  DetectAddressFree(a);
4490  DetectAddressFree(b);
4491  DetectAddressFree(c);
4492  return 0;
4493 }
4494 
4495 static int AddressTestCutIPv404(void)
4496 {
4497  DetectAddress *a, *b, *c;
4498  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4499  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4500 
4501  if (DetectAddressCut(NULL, a, b, &c) == -1)
4502  goto error;
4503 
4504  if (c == NULL)
4505  goto error;
4506 
4507  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4508  goto error;
4509  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4510  goto error;
4511  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4512  goto error;
4513 
4514 
4515  DetectAddressFree(a);
4516  DetectAddressFree(b);
4517  DetectAddressFree(c);
4518  return 1;
4519 
4520 error:
4521  DetectAddressFree(a);
4522  DetectAddressFree(b);
4523  DetectAddressFree(c);
4524  return 0;
4525 }
4526 
4527 static int AddressTestCutIPv405(void)
4528 {
4529  DetectAddress *a, *b, *c;
4530  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4531  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4532 
4533  if (DetectAddressCut(NULL, a, b, &c) == -1)
4534  goto error;
4535 
4536  if (c == NULL)
4537  goto error;
4538 
4539  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4540  goto error;
4541  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4542  goto error;
4543  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4544  goto error;
4545 
4546  DetectAddressFree(a);
4547  DetectAddressFree(b);
4548  DetectAddressFree(c);
4549  return 1;
4550 
4551 error:
4552  DetectAddressFree(a);
4553  DetectAddressFree(b);
4554  DetectAddressFree(c);
4555  return 0;
4556 }
4557 
4558 static int AddressTestCutIPv406(void)
4559 {
4560  DetectAddress *a, *b, *c;
4561  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4562  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4563 
4564  if (DetectAddressCut(NULL, a, b, &c) == -1)
4565  goto error;
4566 
4567  if (c == NULL)
4568  goto error;
4569 
4570  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4571  goto error;
4572  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4573  goto error;
4574  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4575  goto error;
4576 
4577  DetectAddressFree(a);
4578  DetectAddressFree(b);
4579  DetectAddressFree(c);
4580  return 1;
4581 
4582 error:
4583  DetectAddressFree(a);
4584  DetectAddressFree(b);
4585  DetectAddressFree(c);
4586  return 0;
4587 }
4588 
4589 static int AddressTestCutIPv407(void)
4590 {
4591  DetectAddress *a, *b, *c;
4592  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4593  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4594 
4595  if (DetectAddressCut(NULL, a, b, &c) == -1)
4596  goto error;
4597 
4598  if (c != NULL)
4599  goto error;
4600 
4601  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4602  goto error;
4603  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4604  goto error;
4605 
4606  DetectAddressFree(a);
4607  DetectAddressFree(b);
4608  DetectAddressFree(c);
4609  return 1;
4610 
4611 error:
4612  DetectAddressFree(a);
4613  DetectAddressFree(b);
4614  DetectAddressFree(c);
4615  return 0;
4616 }
4617 
4618 static int AddressTestCutIPv408(void)
4619 {
4620  DetectAddress *a, *b, *c;
4621  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4622  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4623 
4624  if (DetectAddressCut(NULL, a, b, &c) == -1)
4625  goto error;
4626 
4627  if (c != NULL)
4628  goto error;
4629 
4630  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4631  goto error;
4632  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4633  goto error;
4634 
4635  DetectAddressFree(a);
4636  DetectAddressFree(b);
4637  DetectAddressFree(c);
4638  return 1;
4639 
4640 error:
4641  DetectAddressFree(a);
4642  DetectAddressFree(b);
4643  DetectAddressFree(c);
4644  return 0;
4645 }
4646 
4647 static int AddressTestCutIPv409(void)
4648 {
4649  DetectAddress *a, *b, *c;
4650  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4651  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4652 
4653  if (DetectAddressCut(NULL, a, b, &c) == -1)
4654  goto error;
4655 
4656  if (c != NULL)
4657  goto error;
4658 
4659  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4660  goto error;
4661  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4662  goto error;
4663 
4664  DetectAddressFree(a);
4665  DetectAddressFree(b);
4666  DetectAddressFree(c);
4667  return 1;
4668 
4669 error:
4670  DetectAddressFree(a);
4671  DetectAddressFree(b);
4672  DetectAddressFree(c);
4673  return 0;
4674 }
4675 
4676 static int AddressTestCutIPv410(void)
4677 {
4678  DetectAddress *a, *b, *c;
4679  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4680  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4681 
4682  if (DetectAddressCut(NULL, a, b, &c) == -1)
4683  goto error;
4684 
4685  if (c != NULL)
4686  goto error;
4687 
4688  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4689  goto error;
4690  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4691  goto error;
4692 
4693  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4694 
4695  DetectAddressFree(a);
4696  DetectAddressFree(b);
4697  DetectAddressFree(c);
4698  return 1;
4699 
4700 error:
4701  DetectAddressFree(a);
4702  DetectAddressFree(b);
4703  DetectAddressFree(c);
4704  return 0;
4705 }
4706 
4707 static int AddressTestParseInvalidMask01(void)
4708 {
4709  int result = 1;
4710  DetectAddress *dd = NULL;
4711 
4712  dd = DetectAddressParseSingle("192.168.2.0/33");
4713  if (dd != NULL) {
4714  DetectAddressFree(dd);
4715  result = 0;
4716  }
4717  return result;
4718 }
4719 
4720 static int AddressTestParseInvalidMask02(void)
4721 {
4722  int result = 1;
4723  DetectAddress *dd = NULL;
4724 
4725  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4726  if (dd != NULL) {
4727  DetectAddressFree(dd);
4728  result = 0;
4729  }
4730  return result;
4731 }
4732 
4733 static int AddressTestParseInvalidMask03(void)
4734 {
4735  int result = 1;
4736  DetectAddress *dd = NULL;
4737 
4738  dd = DetectAddressParseSingle("192.168.2.0/blue");
4739  if (dd != NULL) {
4740  DetectAddressFree(dd);
4741  result = 0;
4742  }
4743  return result;
4744 }
4745 
4746 static int AddressConfVarsTest01(void)
4747 {
4748  static const char *dummy_conf_string =
4749  "%YAML 1.1\n"
4750  "---\n"
4751  "\n"
4752  "vars:\n"
4753  "\n"
4754  " address-groups:\n"
4755  "\n"
4756  " HOME_NET: \"any\"\n"
4757  "\n"
4758  " EXTERNAL_NET: \"!any\"\n"
4759  "\n"
4760  " port-groups:\n"
4761  "\n"
4762  " HTTP_PORTS: \"any\"\n"
4763  "\n"
4764  " SHELLCODE_PORTS: \"!any\"\n"
4765  "\n";
4766 
4767  int result = 0;
4768 
4770  ConfInit();
4771  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4772 
4774  result = 1;
4775 
4776  ConfDeInit();
4778 
4779  return result;
4780 }
4781 
4782 static int AddressConfVarsTest02(void)
4783 {
4784  static const char *dummy_conf_string =
4785  "%YAML 1.1\n"
4786  "---\n"
4787  "\n"
4788  "vars:\n"
4789  "\n"
4790  " address-groups:\n"
4791  "\n"
4792  " HOME_NET: \"any\"\n"
4793  "\n"
4794  " EXTERNAL_NET: \"any\"\n"
4795  "\n"
4796  " port-groups:\n"
4797  "\n"
4798  " HTTP_PORTS: \"any\"\n"
4799  "\n"
4800  " SHELLCODE_PORTS: \"!any\"\n"
4801  "\n";
4802 
4803  int result = 0;
4804 
4806  ConfInit();
4807  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4808 
4810  result = 1;
4811 
4812  ConfDeInit();
4814 
4815  return result;
4816 }
4817 
4818 static int AddressConfVarsTest03(void)
4819 {
4820  static const char *dummy_conf_string =
4821  "%YAML 1.1\n"
4822  "---\n"
4823  "\n"
4824  "vars:\n"
4825  "\n"
4826  " address-groups:\n"
4827  "\n"
4828  " HOME_NET: \"any\"\n"
4829  "\n"
4830  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4831  "\n"
4832  " port-groups:\n"
4833  "\n"
4834  " HTTP_PORTS: \"any\"\n"
4835  "\n"
4836  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4837  "\n";
4838 
4839  int result = 0;
4840 
4842  ConfInit();
4843  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4844 
4846  result = 1;
4847 
4848  ConfDeInit();
4850 
4851  return result;
4852 }
4853 
4854 static int AddressConfVarsTest04(void)
4855 {
4856  static const char *dummy_conf_string =
4857  "%YAML 1.1\n"
4858  "---\n"
4859  "\n"
4860  "vars:\n"
4861  "\n"
4862  " address-groups:\n"
4863  "\n"
4864  " HOME_NET: \"any\"\n"
4865  "\n"
4866  " EXTERNAL_NET: \"$HOME_NET\"\n"
4867  "\n"
4868  " port-groups:\n"
4869  "\n"
4870  " HTTP_PORTS: \"any\"\n"
4871  "\n"
4872  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4873  "\n";
4874 
4875  int result = 0;
4876 
4878  ConfInit();
4879  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4880 
4882  result = 1;
4883 
4884  ConfDeInit();
4886 
4887  return result;
4888 }
4889 
4890 static int AddressConfVarsTest05(void)
4891 {
4892  static const char *dummy_conf_string =
4893  "%YAML 1.1\n"
4894  "---\n"
4895  "\n"
4896  "vars:\n"
4897  "\n"
4898  " address-groups:\n"
4899  "\n"
4900  " HOME_NET: \"any\"\n"
4901  "\n"
4902  " EXTERNAL_NET: [192.168.0.1]\n"
4903  "\n"
4904  " port-groups:\n"
4905  "\n"
4906  " HTTP_PORTS: \"any\"\n"
4907  "\n"
4908  " SHELLCODE_PORTS: [80]\n"
4909  "\n";
4910 
4911  int result = 0;
4912 
4914  ConfInit();
4915  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4916 
4917  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4918  goto end;
4919 
4920  result = 1;
4921 
4922  end:
4923  ConfDeInit();
4925 
4926  return result;
4927 }
4928 
4929 #endif /* UNITTESTS */
4930 
4932 {
4933 #ifdef UNITTESTS
4936 
4937  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4938  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4939  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4940  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4941  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4942  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4943  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4944  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4945  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4946  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4947  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4948  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4949  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4950  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4951  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4952  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4953  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4954  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4955  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4956  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4957  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4958  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4959  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4960  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4961  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4962  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4963  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4964  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4965  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4966  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4967  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4968  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4969  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4970  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4971  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4972  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4973 
4974  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4975  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4976  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4977  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4978  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4979  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4980  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4981  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4982  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4983  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4984  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4985 
4986  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4987  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4988  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4989  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4990  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4991  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4992  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4993  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4994 
4995  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4996  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
4997  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
4998  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
4999  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5000  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5001 
5002  UtRegisterTest("AddressTestAddressGroupSetup01",
5003  AddressTestAddressGroupSetup01);
5004  UtRegisterTest("AddressTestAddressGroupSetup02",
5005  AddressTestAddressGroupSetup02);
5006  UtRegisterTest("AddressTestAddressGroupSetup03",
5007  AddressTestAddressGroupSetup03);
5008  UtRegisterTest("AddressTestAddressGroupSetup04",
5009  AddressTestAddressGroupSetup04);
5010  UtRegisterTest("AddressTestAddressGroupSetup05",
5011  AddressTestAddressGroupSetup05);
5012  UtRegisterTest("AddressTestAddressGroupSetup06",
5013  AddressTestAddressGroupSetup06);
5014  UtRegisterTest("AddressTestAddressGroupSetup07",
5015  AddressTestAddressGroupSetup07);
5016  UtRegisterTest("AddressTestAddressGroupSetup08",
5017  AddressTestAddressGroupSetup08);
5018  UtRegisterTest("AddressTestAddressGroupSetup09",
5019  AddressTestAddressGroupSetup09);
5020  UtRegisterTest("AddressTestAddressGroupSetup10",
5021  AddressTestAddressGroupSetup10);
5022  UtRegisterTest("AddressTestAddressGroupSetup11",
5023  AddressTestAddressGroupSetup11);
5024  UtRegisterTest("AddressTestAddressGroupSetup12",
5025  AddressTestAddressGroupSetup12);
5026  UtRegisterTest("AddressTestAddressGroupSetup13",
5027  AddressTestAddressGroupSetup13);
5028  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5029  AddressTestAddressGroupSetupIPv414);
5030  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5031  AddressTestAddressGroupSetupIPv415);
5032  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5033  AddressTestAddressGroupSetupIPv416);
5034 
5035  UtRegisterTest("AddressTestAddressGroupSetup14",
5036  AddressTestAddressGroupSetup14);
5037  UtRegisterTest("AddressTestAddressGroupSetup15",
5038  AddressTestAddressGroupSetup15);
5039  UtRegisterTest("AddressTestAddressGroupSetup16",
5040  AddressTestAddressGroupSetup16);
5041  UtRegisterTest("AddressTestAddressGroupSetup17",
5042  AddressTestAddressGroupSetup17);
5043  UtRegisterTest("AddressTestAddressGroupSetup18",
5044  AddressTestAddressGroupSetup18);
5045  UtRegisterTest("AddressTestAddressGroupSetup19",
5046  AddressTestAddressGroupSetup19);
5047  UtRegisterTest("AddressTestAddressGroupSetup20",
5048  AddressTestAddressGroupSetup20);
5049  UtRegisterTest("AddressTestAddressGroupSetup21",
5050  AddressTestAddressGroupSetup21);
5051  UtRegisterTest("AddressTestAddressGroupSetup22",
5052  AddressTestAddressGroupSetup22);
5053  UtRegisterTest("AddressTestAddressGroupSetup23",
5054  AddressTestAddressGroupSetup23);
5055  UtRegisterTest("AddressTestAddressGroupSetup24",
5056  AddressTestAddressGroupSetup24);
5057  UtRegisterTest("AddressTestAddressGroupSetup25",
5058  AddressTestAddressGroupSetup25);
5059  UtRegisterTest("AddressTestAddressGroupSetup26",
5060  AddressTestAddressGroupSetup26);
5061 
5062  UtRegisterTest("AddressTestAddressGroupSetup27",
5063  AddressTestAddressGroupSetup27);
5064  UtRegisterTest("AddressTestAddressGroupSetup28",
5065  AddressTestAddressGroupSetup28);
5066  UtRegisterTest("AddressTestAddressGroupSetup29",
5067  AddressTestAddressGroupSetup29);
5068  UtRegisterTest("AddressTestAddressGroupSetup30",
5069  AddressTestAddressGroupSetup30);
5070  UtRegisterTest("AddressTestAddressGroupSetup31",
5071  AddressTestAddressGroupSetup31);
5072  UtRegisterTest("AddressTestAddressGroupSetup32",
5073  AddressTestAddressGroupSetup32);
5074  UtRegisterTest("AddressTestAddressGroupSetup33",
5075  AddressTestAddressGroupSetup33);
5076  UtRegisterTest("AddressTestAddressGroupSetup34",
5077  AddressTestAddressGroupSetup34);
5078  UtRegisterTest("AddressTestAddressGroupSetup35",
5079  AddressTestAddressGroupSetup35);
5080  UtRegisterTest("AddressTestAddressGroupSetup36",
5081  AddressTestAddressGroupSetup36);
5082  UtRegisterTest("AddressTestAddressGroupSetup37",
5083  AddressTestAddressGroupSetup37);
5084  UtRegisterTest("AddressTestAddressGroupSetup38",
5085  AddressTestAddressGroupSetup38);
5086  UtRegisterTest("AddressTestAddressGroupSetup39",
5087  AddressTestAddressGroupSetup39);
5088  UtRegisterTest("AddressTestAddressGroupSetup40",
5089  AddressTestAddressGroupSetup40);
5090  UtRegisterTest("AddressTestAddressGroupSetup41",
5091  AddressTestAddressGroupSetup41);
5092  UtRegisterTest("AddressTestAddressGroupSetup42",
5093  AddressTestAddressGroupSetup42);
5094  UtRegisterTest("AddressTestAddressGroupSetup43",
5095  AddressTestAddressGroupSetup43);
5096  UtRegisterTest("AddressTestAddressGroupSetup44",
5097  AddressTestAddressGroupSetup44);
5098  UtRegisterTest("AddressTestAddressGroupSetup45",
5099  AddressTestAddressGroupSetup45);
5100  UtRegisterTest("AddressTestAddressGroupSetup46",
5101  AddressTestAddressGroupSetup46);
5102  UtRegisterTest("AddressTestAddressGroupSetup47",
5103  AddressTestAddressGroupSetup47);
5104  UtRegisterTest("AddressTestAddressGroupSetup48",
5105  AddressTestAddressGroupSetup48);
5106 
5107  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5108  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5109  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5110  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5111  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5112  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5113  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5114  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5115  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5116  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5117 
5118  UtRegisterTest("AddressTestParseInvalidMask01",
5119  AddressTestParseInvalidMask01);
5120  UtRegisterTest("AddressTestParseInvalidMask02",
5121  AddressTestParseInvalidMask02);
5122  UtRegisterTest("AddressTestParseInvalidMask03",
5123  AddressTestParseInvalidMask03);
5124 
5125  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5126  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5127  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5128  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5129  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5130 #endif /* UNITTESTS */
5131 }
int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, DetectAddress *new)
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigG...
#define COPY_ADDRESS(a, b)
Definition: decode.h:123
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t ip2[4]
Definition: detect.h:172
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
int DetectAddressParseString(DetectAddress *dd, const char *str)
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
struct DetectAddress_ * prev
Definition: detect.h:151
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
#define BUG_ON(x)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string)
#define FALSE
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Address ip
Definition: detect.h:144
address structure for use in the detection engine.
Definition: detect.h:142
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
void DetectAddressHeadFree(DetectAddressHead *gh)
Frees a DetectAddressHead instance.
DetectAddress * DetectAddressCopy(DetectAddress *orig)
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAdd...
int DetectAddressMatch(DetectAddress *dd, Address *a)
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance...
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
uint32_t ip[4]
Definition: detect.h:171
struct DetectAddressMap_ DetectAddressMap
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
char * val
Definition: conf.h:34
Flow * head
Definition: flow-hash.h:102
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
DetectAddress * DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr)
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
#define TRUE
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
main detection engine ctx
Definition: detect.h:723
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
struct DetectAddress_ * next
Definition: detect.h:153
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:197
HashListTable * address_table
Definition: detect.h:873
uint8_t flags
Definition: detect.h:148
char family
Definition: decode.h:109
void DetectAddressPrintList(DetectAddress *head)
Prints the address data information for all the DetectAddress instances in the DetectAddress list sen...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
int DetectAddressTestConfVars(void)
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
Address ip2
Definition: detect.h:145
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * ipv4_head
Definition: detect.h:158
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
#define SCReturnInt(x)
Definition: util-debug.h:341
#define SCNtohl(x)
union Address_::@40 address
#define ADDRESS_FLAG_NOT
Definition: detect.h:136
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: conf.h:32
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
#define SCMalloc(a)
Definition: util-mem.h:166
void DetectAddressIPv6Tests(void)
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
#define SCFree(a)
Definition: util-mem.h:228
PoolThreadReserved res
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
uint8_t address
Definition: decode-ppp.h:311
void DetectAddressPrint(DetectAddress *)
Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectPortTestConfVars(void)
char * name
Definition: conf.h:33
void DetectAddressTests(void)
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Join two addresses groups together.
uint32_t array_size
Definition: util-hashlist.h:41
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - &#39;not&#39; match)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:212
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressHead * DetectAddressHeadInit(void)
Returns a new instance of DetectAddressHead.
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressAdd(DetectAddress **head, DetectAddress *ag)
Do a sorted insert, where the top of the list should be the biggest network/range.
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
DetectAddressHead * address
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
void DetectAddressIPv4Tests(void)
DetectAddress * ipv6_head
Definition: detect.h:159
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133