suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
52 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
53 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
54  DetectAddress **);
56 
57 /**
58  * \brief Creates and returns a new instance of a DetectAddress.
59  *
60  * \retval ag Pointer to the newly created DetectAddress on success;
61  * NULL on failure.
62  */
64 {
65  DetectAddress *ag = SCMalloc(sizeof(DetectAddress));
66  if (unlikely(ag == NULL))
67  return NULL;
68  memset(ag, 0, sizeof(DetectAddress));
69 
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84 
85  return;
86 }
87 
88 /**
89  * \brief Copies the contents of one Address group in DetectAddress and returns
90  * a new instance of the DetectAddress that contains the copied address.
91  *
92  * \param orig Pointer to the instance of DetectAddress that contains the
93  * address data to be copied to the new instance.
94  *
95  * \retval ag Pointer to the new instance of DetectAddress that contains the
96  * copied address.
97  */
99 {
101  if (ag == NULL)
102  return NULL;
103 
104  ag->flags = orig->flags;
105 
106  COPY_ADDRESS(&orig->ip, &ag->ip);
107  COPY_ADDRESS(&orig->ip2, &ag->ip2);
108 
109  return ag;
110 }
111 
112 /**
113  * \brief Used to check if a DetectAddress list contains an instance with
114  * a similar DetectAddress. The comparison done is not the one that
115  * checks the memory for the same instance, but one that checks that the
116  * two instances hold the same content.
117  *
118  * \param head Pointer to the DetectAddress list.
119  * \param ad Pointer to the DetectAddress that has to be checked for in
120  * the DetectAddress list.
121  *
122  * \retval cur Returns a pointer to the DetectAddress on a match; NULL if
123  * no match.
124  */
126 {
127  DetectAddress *cur;
128 
129  if (head != NULL) {
130  for (cur = head; cur != NULL; cur = cur->next) {
131  if (DetectAddressCmp(cur, gr) == ADDRESS_EQ)
132  return cur;
133  }
134  }
135 
136  return NULL;
137 }
138 
139 /**
140  * \brief Prints the address data information for all the DetectAddress
141  * instances in the DetectAddress list sent as the argument.
142  *
143  * \param head Pointer to a list of DetectAddress instances.
144  */
146 {
147  DetectAddress *cur;
148 
149  SCLogInfo("list:");
150  if (head != NULL) {
151  for (cur = head; cur != NULL; cur = cur->next) {
152  DetectAddressPrint(cur);
153  }
154  }
155  SCLogInfo("endlist");
156 
157  return;
158 }
159 
160 /**
161  * \brief Frees a list of DetectAddress instances.
162  *
163  * \param head Pointer to a list of DetectAddress instances to be freed.
164  */
166 {
167  DetectAddress *cur, *next;
168 
169  if (head == NULL)
170  return;
171 
172  for (cur = head; cur != NULL; ) {
173  next = cur->next;
174  cur->next = NULL;
175  DetectAddressFree(cur);
176  cur = next;
177  }
178 
179  return;
180 }
181 
182 /**
183  * \brief Do a sorted insert, where the top of the list should be the biggest
184  * network/range.
185  *
186  * XXX current sorting only works for overlapping nets
187  *
188  * \param head Pointer to the list of DetectAddress.
189  * \param ag Pointer to the DetectAddress that has to be added to the
190  * above list.
191  *
192  * \retval 0 On successfully inserting the DetectAddress.
193  * \retval -1 On failure.
194  */
195 
197 {
198  DetectAddress *cur, *prev_cur = NULL;
199  int r = 0;
200 
201  if (*head != NULL) {
202  for (cur = *head; cur != NULL; cur = cur->next) {
203  prev_cur = cur;
204  r = DetectAddressCmp(ag, cur);
205  if (r == ADDRESS_EB) {
206  /* insert here */
207  ag->prev = cur->prev;
208  ag->next = cur;
209 
210  cur->prev = ag;
211  if (*head == cur)
212  *head = ag;
213  else
214  ag->prev->next = ag;
215 
216  return 0;
217  }
218  }
219  ag->prev = prev_cur;
220  if (prev_cur != NULL)
221  prev_cur->next = ag;
222  } else {
223  *head = ag;
224  }
225 
226  return 0;
227 }
228 
229 /**
230  * \internal
231  * \brief Helper function for DetectAddressInsert. Sets one of the
232  * DetectAddressHead head pointers, to the DetectAddress argument
233  * based on its address family.
234  *
235  * \param gh Pointer to the DetectAddressHead.
236  * \param newhead Pointer to the DetectAddress.
237  *
238  * \retval 0 On success.
239  * \retval -1 On failure.
240  */
241 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
242 {
243  if (newhead->ip.family == AF_INET) {
244  gh->ipv4_head = newhead;
245  } else if (newhead->ip.family == AF_INET6) {
246  gh->ipv6_head = newhead;
247  } else {
248  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
249  return -1;
250  }
251 
252  return 0;
253 }
254 
255 /**
256  * \internal
257  * \brief Returns the DetectAddress head from the DetectAddressHeads,
258  * based on the address family of the incoming DetectAddress arg.
259  *
260  * \param gh Pointer to the DetectAddressHead.
261  * \param new Pointer to the DetectAddress.
262  *
263  * \retval head Pointer to the DetectAddress(the head from
264  * DetectAddressHead).
265  */
266 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
267 {
268  DetectAddress *head = NULL;
269 
270  if (new->ip.family == AF_INET)
271  head = gh->ipv4_head;
272  else if (new->ip.family == AF_INET6)
273  head = gh->ipv6_head;
274 
275  return head;
276 }
277 
278 /**
279  * \brief Same as DetectAddressInsert, but then for inserting a address group
280  * object. This also makes sure SigGroupContainer lists are handled
281  * correctly.
282  *
283  * \param de_ctx Pointer to the detection engine context.
284  * \param gh Pointer to the DetectAddressHead list to which it has to
285  * be inserted.
286  * \param new Pointer to the DetectAddress, that has to be inserted.
287  *
288  * \retval 1 On successfully inserting it.
289  * \retval -1 On error.
290  * \retval 0 Not inserted, memory of new is freed.
291  */
293  DetectAddress *new)
294 {
295  DetectAddress *head = NULL;
296  DetectAddress *cur = NULL;
297  DetectAddress *c = NULL;
298  int r = 0;
299 
300  if (new == NULL)
301  return 0;
302 
303  /* get our head ptr based on the address we want to insert */
304  head = GetHeadPtr(gh, new);
305 
306  /* see if it already exists or overlaps with existing ag's */
307  if (head != NULL) {
308  cur = NULL;
309 
310  for (cur = head; cur != NULL; cur = cur->next) {
311  r = DetectAddressCmp(new, cur);
312  BUG_ON(r == ADDRESS_ER);
313 
314  /* if so, handle that */
315  if (r == ADDRESS_EQ) {
316  /* exact overlap/match */
317  if (cur != new) {
318  DetectAddressFree(new);
319  return 0;
320  }
321 
322  return 1;
323  } else if (r == ADDRESS_GT) {
324  /* only add it now if we are bigger than the last group.
325  * Otherwise we'll handle it later. */
326  if (cur->next == NULL) {
327  /* put in the list */
328  new->prev = cur;
329  cur->next = new;
330 
331  return 1;
332  }
333  } else if (r == ADDRESS_LT) {
334  /* see if we need to insert the ag anywhere put in the list */
335  if (cur->prev != NULL)
336  cur->prev->next = new;
337  new->prev = cur->prev;
338  new->next = cur;
339  cur->prev = new;
340 
341  /* update head if required */
342  if (head == cur) {
343  head = new;
344 
345  if (SetHeadPtr(gh, head) < 0)
346  goto error;
347  }
348 
349  return 1;
350  /* alright, those were the simple cases, lets handle the more
351  * complex ones now */
352  } else if (r == ADDRESS_ES) {
353  c = NULL;
354  r = DetectAddressCut(de_ctx, cur, new, &c);
355  if (r == -1)
356  goto error;
357 
358  DetectAddressInsert(de_ctx, gh, new);
359  if (c != NULL)
360  DetectAddressInsert(de_ctx, gh, c);
361 
362  return 1;
363  } else if (r == ADDRESS_EB) {
364  c = NULL;
365  r = DetectAddressCut(de_ctx, cur, new, &c);
366  if (r == -1)
367  goto error;
368 
369  DetectAddressInsert(de_ctx, gh, new);
370  if (c != NULL)
371  DetectAddressInsert(de_ctx, gh, c);
372 
373  return 1;
374  } else if (r == ADDRESS_LE) {
375  c = NULL;
376  r = DetectAddressCut(de_ctx, cur, new, &c);
377  if (r == -1)
378  goto error;
379 
380  DetectAddressInsert(de_ctx, gh, new);
381  if (c != NULL)
382  DetectAddressInsert(de_ctx, gh, c);
383 
384  return 1;
385  } else if (r == ADDRESS_GE) {
386  c = NULL;
387  r = DetectAddressCut(de_ctx, cur,new,&c);
388  if (r == -1)
389  goto error;
390 
391  DetectAddressInsert(de_ctx, gh, new);
392  if (c != NULL)
393  DetectAddressInsert(de_ctx, gh, c);
394 
395  return 1;
396  }
397  }
398 
399  /* head is NULL, so get a group and set head to it */
400  } else {
401  head = new;
402  if (SetHeadPtr(gh, head) < 0) {
403  SCLogDebug("SetHeadPtr failed");
404  goto error;
405  }
406  }
407 
408  return 1;
409 
410 error:
411  /* XXX */
412  return -1;
413 }
414 
415 /**
416  * \brief Join two addresses groups together.
417  *
418  * \param de_ctx Pointer to the detection engine context.
419  * \param target Pointer to the target address group.
420  * \param source Pointer to the source address group.
421  *
422  * \retval 0 On success.
423  * \retval -1 On failure.
424  */
426  DetectAddress *source)
427 {
428  if (target == NULL || source == NULL)
429  return -1;
430 
431  if (target->ip.family != source->ip.family)
432  return -1;
433 
434  if (target->ip.family == AF_INET)
435  return DetectAddressJoinIPv4(de_ctx, target, source);
436  else if (target->ip.family == AF_INET6)
437  return DetectAddressJoinIPv6(de_ctx, target, source);
438 
439  return -1;
440 }
441 
442 /**
443  * \brief Checks if two address group lists are equal.
444  *
445  * \param list1 Pointer to the first address group list.
446  * \param list2 Pointer to the second address group list.
447  *
448  * \retval true On success.
449  * \retval false On failure.
450  */
452 {
453  DetectAddress *item = list1;
454  DetectAddress *it = list2;
455 
456  // First, compare items one by one.
457  while (item != NULL && it != NULL) {
458  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
459  return false;
460  }
461 
462  item = item->next;
463  it = it->next;
464  }
465 
466  // Are the lists of the same size?
467  if (!(item == NULL && it == NULL)) {
468  return false;
469  }
470 
471  return true;
472 }
473 
474 /**
475  * \internal
476  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
477  *
478  * For example if we send a cidr of 7 as argument, an ipv6 address
479  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
480  * in the argument struct in6_addr *in6.
481  *
482  * \todo I think for the final section: while (cidr > 0), we can simply
483  * replace it with a
484  * if (cidr > 0) {
485  * in6->s6_addr[i] = -1 << (8 - cidr);
486  *
487  * \param cidr The value of the cidr.
488  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
489  * hold the cidr netblock result.
490  */
491 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
492 {
493  int i = 0;
494 
495  memset(in6, 0, sizeof(struct in6_addr));
496 
497  while (cidr > 8) {
498  in6->s6_addr[i] = 0xff;
499  cidr -= 8;
500  i++;
501  }
502 
503  while (cidr > 0) {
504  in6->s6_addr[i] |= 0x80;
505  if (--cidr > 0)
506  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
507  }
508 
509  return;
510 }
511 
512 /**
513  * \internal
514  * \brief Parses an ipv4/ipv6 address string and updates the result into the
515  * DetectAddress instance sent as the argument.
516  *
517  * \param dd Pointer to the DetectAddress instance which should be updated with
518  * the address range details from the parsed ip string.
519  * \param str Pointer to address string that has to be parsed.
520  *
521  * \retval 0 On successfully parsing the address string.
522  * \retval -1 On failure.
523  */
525 {
526  char *ip = NULL;
527  char *ip2 = NULL;
528  char *mask = NULL;
529  int r = 0;
530  char ipstr[256];
531 
532  while (*str != '\0' && *str == ' ')
533  str++;
534 
535  /* shouldn't see 'any' here */
536  BUG_ON(strcasecmp(str, "any") == 0);
537 
538  strlcpy(ipstr, str, sizeof(ipstr));
539  SCLogDebug("str %s", str);
540 
541  /* we work with a copy so that we can put a
542  * nul-termination in it later */
543  ip = ipstr;
544 
545  /* handle the negation case */
546  if (ip[0] == '!') {
547  dd->flags |= ADDRESS_FLAG_NOT;
548  ip++;
549  }
550 
551  /* see if the address is an ipv4 or ipv6 address */
552  if ((strchr(str, ':')) == NULL) {
553  /* IPv4 Address */
554  struct in_addr in;
555 
556  dd->ip.family = AF_INET;
557 
558  if ((mask = strchr(ip, '/')) != NULL) {
559  /* 1.2.3.4/xxx format (either dotted or cidr notation */
560  ip[mask - ip] = '\0';
561  mask++;
562  uint32_t ip4addr = 0;
563  uint32_t netmask = 0;
564  size_t u = 0;
565 
566  if ((strchr (mask, '.')) == NULL) {
567  /* 1.2.3.4/24 format */
568 
569  for (u = 0; u < strlen(mask); u++) {
570  if(!isdigit((unsigned char)mask[u]))
571  goto error;
572  }
573 
574  int cidr = atoi(mask);
575  if (cidr < 0 || cidr > 32)
576  goto error;
577 
578  netmask = CIDRGet(cidr);
579  } else {
580  /* 1.2.3.4/255.255.255.0 format */
581  r = inet_pton(AF_INET, mask, &in);
582  if (r <= 0)
583  goto error;
584 
585  netmask = in.s_addr;
586  }
587 
588  r = inet_pton(AF_INET, ip, &in);
589  if (r <= 0)
590  goto error;
591 
592  ip4addr = in.s_addr;
593 
594  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
595  dd->ip2.addr_data32[0] |=~ netmask;
596  } else if ((ip2 = strchr(ip, '-')) != NULL) {
597  /* 1.2.3.4-1.2.3.6 range format */
598  ip[ip2 - ip] = '\0';
599  ip2++;
600 
601  r = inet_pton(AF_INET, ip, &in);
602  if (r <= 0)
603  goto error;
604  dd->ip.addr_data32[0] = in.s_addr;
605 
606  r = inet_pton(AF_INET, ip2, &in);
607  if (r <= 0)
608  goto error;
609  dd->ip2.addr_data32[0] = in.s_addr;
610 
611  /* a > b is illegal, a = b is ok */
612  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
613  goto error;
614  } else {
615  /* 1.2.3.4 format */
616  r = inet_pton(AF_INET, ip, &in);
617  if (r <= 0)
618  goto error;
619  /* single host */
620  dd->ip.addr_data32[0] = in.s_addr;
621  dd->ip2.addr_data32[0] = in.s_addr;
622  }
623  } else {
624  /* IPv6 Address */
625  struct in6_addr in6, mask6;
626  uint32_t ip6addr[4], netmask[4];
627 
628  dd->ip.family = AF_INET6;
629 
630  if ((mask = strchr(ip, '/')) != NULL) {
631  ip[mask - ip] = '\0';
632  mask++;
633 
634  int cidr = atoi(mask);
635  if (cidr < 0 || cidr > 128)
636  goto error;
637 
638  r = inet_pton(AF_INET6, ip, &in6);
639  if (r <= 0)
640  goto error;
641  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
642 
643  DetectAddressParseIPv6CIDR(cidr, &mask6);
644  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
645 
646  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
647  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
648  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
649  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
650 
651  dd->ip2.addr_data32[0] |=~ netmask[0];
652  dd->ip2.addr_data32[1] |=~ netmask[1];
653  dd->ip2.addr_data32[2] |=~ netmask[2];
654  dd->ip2.addr_data32[3] |=~ netmask[3];
655  } else if ((ip2 = strchr(ip, '-')) != NULL) {
656  /* 2001::1-2001::4 range format */
657  ip[ip2 - ip] = '\0';
658  ip2++;
659 
660  r = inet_pton(AF_INET6, ip, &in6);
661  if (r <= 0)
662  goto error;
663  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
664 
665  r = inet_pton(AF_INET6, ip2, &in6);
666  if (r <= 0)
667  goto error;
668  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
669 
670  /* a > b is illegal, a=b is ok */
671  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
672  goto error;
673  } else {
674  r = inet_pton(AF_INET6, ip, &in6);
675  if (r <= 0)
676  goto error;
677 
678  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
679  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
680  }
681 
682  }
683 
684  BUG_ON(dd->ip.family == 0);
685 
686  return 0;
687 
688 error:
689  return -1;
690 }
691 
692 /**
693  * \internal
694  * \brief Simply parse an address and return a DetectAddress instance containing
695  * the address ranges of the parsed ip addressstring
696  *
697  * \param str Pointer to a character string containing the ip address
698  *
699  * \retval dd Pointer to the DetectAddress instance containing the address
700  * range details from the parsed ip string
701  */
702 static DetectAddress *DetectAddressParseSingle(const char *str)
703 {
704  DetectAddress *dd;
705 
706  SCLogDebug("str %s", str);
707 
708  dd = DetectAddressInit();
709  if (dd == NULL)
710  goto error;
711 
712  if (DetectAddressParseString(dd, str) < 0) {
713  SCLogDebug("AddressParse failed");
714  goto error;
715  }
716 
717  return dd;
718 
719 error:
720  if (dd != NULL)
721  DetectAddressFree(dd);
722  return NULL;
723 }
724 
725 /**
726  * \brief Setup a single address string, parse it and add the resulting
727  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
728  *
729  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
730  * resulting Address-Range(s) from the parsed ip string has to
731  * be added.
732  * \param s Pointer to the ip address string to be parsed.
733  *
734  * \retval 0 On success.
735  * \retval -1 On failure.
736  */
737 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
738 {
739  SCLogDebug("gh %p, s %s", gh, s);
740 
741  if (strcasecmp(s, "any") == 0) {
742  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
743 
744  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
745  if (ad == NULL)
746  return -1;
747 
748  BUG_ON(ad->ip.family == 0);
749 
750  if (DetectAddressInsert(NULL, gh, ad) < 0) {
751  SCLogDebug("DetectAddressInsert failed");
752  DetectAddressFree(ad);
753  return -1;
754  }
755 
756  ad = DetectAddressParseSingle("::/0");
757  if (ad == NULL)
758  return -1;
759 
760  BUG_ON(ad->ip.family == 0);
761 
762  if (DetectAddressInsert(NULL, gh, ad) < 0) {
763  SCLogDebug("DetectAddressInsert failed");
764  DetectAddressFree(ad);
765  return -1;
766  }
767  return 0;
768  }
769 
770  /* parse the address */
771  DetectAddress *ad = DetectAddressParseSingle(s);
772  if (ad == NULL) {
774  "failed to parse address \"%s\"", s);
775  return -1;
776  }
777 
778  /* handle the not case, we apply the negation then insert the part(s) */
779  if (ad->flags & ADDRESS_FLAG_NOT) {
780  DetectAddress *ad2 = NULL;
781 
782  if (DetectAddressCutNot(ad, &ad2) < 0) {
783  SCLogDebug("DetectAddressCutNot failed");
784  DetectAddressFree(ad);
785  return -1;
786  }
787 
788  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
789  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
790  if (ad2 != NULL) {
791  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
792  SCLogDebug("DetectAddressInsert failed");
793  DetectAddressFree(ad);
794  DetectAddressFree(ad2);
795  return -1;
796  }
797  }
798  }
799 
800  int r = DetectAddressInsert(NULL, gh, ad);
801  if (r < 0) {
802  SCLogDebug("DetectAddressInsert failed");
803  DetectAddressFree(ad);
804  return -1;
805  }
806  SCLogDebug("r %d",r);
807  return 0;
808 }
809 
810 /**
811  * \brief Parses an address string and updates the 2 address heads with the
812  * address data.
813  *
814  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
815  * since we pass around negate without keeping a count of ! with depth.
816  * Can solve this by keeping a count of the negations with depth, so that
817  * an even no of negations would count as no negation and an odd no of
818  * negations would count as a negation.
819  *
820  * \param gh Pointer to the address head that should hold address ranges
821  * that are not negated.
822  * \param ghn Pointer to the address head that should hold address ranges
823  * that are negated.
824  * \param s Pointer to the character string holding the address to be
825  * parsed.
826  * \param negate Flag that indicates if the received address string is negated
827  * or not. 0 if it is not, 1 it it is.
828  *
829  * \retval 0 On successfully parsing.
830  * \retval -1 On failure.
831  */
832 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
834  const char *s, int negate, ResolvedVariablesList *var_list)
835 {
836  size_t x = 0;
837  size_t u = 0;
838  int o_set = 0, n_set = 0, d_set = 0;
839  int depth = 0;
840  size_t size = strlen(s);
841  char address[8196] = "";
842  const char *rule_var_address = NULL;
843  char *temp_rule_var_address = NULL;
844 
845  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
846 
847  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
848  if (x == (sizeof(address) - 1)) {
849  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
850  " limit for the supplied address. Invalidating sig. "
851  "Please file a bug report on this.");
852  goto error;
853  }
854  address[x] = s[u];
855  x++;
856 
857  if (!o_set && s[u] == '!') {
858  n_set = 1;
859  x--;
860  } else if (s[u] == '[') {
861  if (!o_set) {
862  o_set = 1;
863  x = 0;
864  }
865  depth++;
866  } else if (s[u] == ']') {
867  if (depth == 1) {
868  address[x - 1] = '\0';
869  x = 0;
870  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
871  if (((negate + n_set) % 2) == 0) {
872  /* normal block */
873  SCLogDebug("normal block");
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
876  goto error;
877  } else {
878  /* negated block
879  *
880  * Extra steps are necessary. First consider it as a normal
881  * (non-negated) range. Merge the + and - ranges if
882  * applicable. Then insert the result into the ghn list. */
883  SCLogDebug("negated block");
884 
885  DetectAddressHead tmp_gh = { NULL, NULL };
886  DetectAddressHead tmp_ghn = { NULL, NULL };
887 
888  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0) {
889  DetectAddressHeadCleanup(&tmp_gh);
890  DetectAddressHeadCleanup(&tmp_ghn);
891  goto error;
892  }
893 
894  DetectAddress *tmp_ad;
895  DetectAddress *tmp_ad2;
896 #ifdef DEBUG
897  SCLogDebug("tmp_gh: IPv4");
898  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
899  DetectAddressPrint(tmp_ad);
900  }
901  SCLogDebug("tmp_ghn: IPv4");
902  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
903  DetectAddressPrint(tmp_ad);
904  }
905  SCLogDebug("tmp_gh: IPv6");
906  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
907  DetectAddressPrint(tmp_ad);
908  }
909  SCLogDebug("tmp_ghn: IPv6");
910  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
911  DetectAddressPrint(tmp_ad);
912  }
913 #endif
914  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0)
915  goto error;
916 
917  SCLogDebug("merged succesfully");
918 
919  /* insert the IPv4 addresses into the negated list */
920  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
921  /* work with a copy of the address group */
922  tmp_ad2 = DetectAddressCopy(tmp_ad);
923  if (tmp_ad2 == NULL) {
924  SCLogDebug("DetectAddressCopy failed");
925  goto error;
926  }
927  DetectAddressPrint(tmp_ad2);
928  DetectAddressInsert(NULL, ghn, tmp_ad2);
929  }
930 
931  /* insert the IPv6 addresses into the negated list */
932  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
933  /* work with a copy of the address group */
934  tmp_ad2 = DetectAddressCopy(tmp_ad);
935  if (tmp_ad2 == NULL) {
936  SCLogDebug("DetectAddressCopy failed");
937  goto error;
938  }
939  DetectAddressPrint(tmp_ad2);
940  DetectAddressInsert(NULL, ghn, tmp_ad2);
941  }
942 
943  DetectAddressHeadCleanup(&tmp_gh);
944  DetectAddressHeadCleanup(&tmp_ghn);
945  }
946  n_set = 0;
947  }
948  depth--;
949  } else if (depth == 0 && s[u] == ',') {
950  if (o_set == 1) {
951  o_set = 0;
952  } else if (d_set == 1) {
953  address[x - 1] = '\0';
954 
955  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
957  if (rule_var_address == NULL)
958  goto error;
959 
960  if (strlen(rule_var_address) == 0) {
961  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
962  "to nothing. This is likely a misconfiguration. "
963  "Note that a negated address needs to be quoted, "
964  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
965  goto error;
966  }
967 
968  SCLogDebug("rule_var_address %s", rule_var_address);
969  if ((negate + n_set) % 2) {
970  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
971  if (unlikely(temp_rule_var_address == NULL))
972  goto error;
973  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
974  "[%s]", rule_var_address);
975  } else {
976  temp_rule_var_address = SCStrdup(rule_var_address);
977  if (unlikely(temp_rule_var_address == NULL))
978  goto error;
979  }
980 
981 
982  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
983  (negate + n_set) % 2, var_list) < 0)
984  {
985  if (temp_rule_var_address != rule_var_address)
986  SCFree(temp_rule_var_address);
987  goto error;
988  }
989  d_set = 0;
990  n_set = 0;
991  SCFree(temp_rule_var_address);
992  } else {
993  address[x - 1] = '\0';
994 
995  if (!((negate + n_set) % 2)) {
996  SCLogDebug("DetectAddressSetup into gh, %s", address);
997  if (DetectAddressSetup(gh, address) < 0)
998  goto error;
999  } else {
1000  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1001  if (DetectAddressSetup(ghn, address) < 0)
1002  goto error;
1003  }
1004  n_set = 0;
1005  }
1006  x = 0;
1007  } else if (depth == 0 && s[u] == '$') {
1008  d_set = 1;
1009  } else if (depth == 0 && u == size - 1) {
1010  if (x == sizeof(address)) {
1011  address[x - 1] = '\0';
1012  } else {
1013  address[x] = '\0';
1014  }
1015  x = 0;
1016 
1017  if (AddVariableToResolveList(var_list, address) == -1) {
1018  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
1019  "groups declaration. This is likely a misconfiguration.");
1020  goto error;
1021  }
1022 
1023  if (d_set == 1) {
1024  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
1026  if (rule_var_address == NULL)
1027  goto error;
1028 
1029  if (strlen(rule_var_address) == 0) {
1030  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
1031  "to nothing. This is likely a misconfiguration. "
1032  "Note that a negated address needs to be quoted, "
1033  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
1034  goto error;
1035  }
1036 
1037  SCLogDebug("rule_var_address %s", rule_var_address);
1038  if ((negate + n_set) % 2) {
1039  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
1040  if (unlikely(temp_rule_var_address == NULL))
1041  goto error;
1042  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
1043  "[%s]", rule_var_address);
1044  } else {
1045  temp_rule_var_address = SCStrdup(rule_var_address);
1046  if (unlikely(temp_rule_var_address == NULL))
1047  goto error;
1048  }
1049 
1050  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
1051  (negate + n_set) % 2, var_list) < 0) {
1052  SCLogDebug("DetectAddressParse2 hates us");
1053  if (temp_rule_var_address != rule_var_address)
1054  SCFree(temp_rule_var_address);
1055  goto error;
1056  }
1057  d_set = 0;
1058  SCFree(temp_rule_var_address);
1059  } else {
1060  if (!((negate + n_set) % 2)) {
1061  SCLogDebug("DetectAddressSetup into gh, %s", address);
1062  if (DetectAddressSetup(gh, address) < 0) {
1063  SCLogDebug("DetectAddressSetup gh fail");
1064  goto error;
1065  }
1066  } else {
1067  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1068  if (DetectAddressSetup(ghn, address) < 0) {
1069  SCLogDebug("DetectAddressSetup ghn fail");
1070  goto error;
1071  }
1072  }
1073  }
1074  n_set = 0;
1075  }
1076  }
1077  if (depth > 0) {
1078  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1079  "properly closed in \"%s\", %d missing closing brackets (]). "
1080  "Note: problem might be in a variable.", s, depth);
1081  goto error;
1082  } else if (depth < 0) {
1083  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1084  "properly opened in \"%s\", %d missing opening brackets ([). "
1085  "Note: problem might be in a variable.", s, depth*-1);
1086  goto error;
1087  }
1088 
1089  return 0;
1090 
1091 error:
1092 
1093  return -1;
1094 }
1095 
1096 /**
1097  * \internal
1098  * \brief See if the addresses and ranges in an address head cover the
1099  * entire ip space.
1100  *
1101  * \param gh Pointer to the DetectAddressHead to check.
1102  *
1103  * \retval 0 No.
1104  * \retval 1 Yes.
1105  *
1106  * \todo do the same for IPv6
1107  */
1108 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1109 {
1111  if (r == 1)
1112  return 1;
1113 
1114  return 0;
1115 }
1116 
1117 /**
1118  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1119  *
1120  * \param gh Pointer to the address head containing the non-NOT groups.
1121  * \param ghn Pointer to the address head containing the NOT groups.
1122  *
1123  * \retval 0 On success.
1124  * \retval -1 On failure.
1125  */
1127 {
1128  DetectAddress *ad;
1129  DetectAddress *ag, *ag2;
1130  int r = 0;
1131 
1132  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1133  ghn->ipv4_head);
1134 
1135  /* check if the negated list covers the entire ip space. If so
1136  * the user screwed up the rules/vars. */
1137  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1138  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1139  "Rule address range is NIL. Probably have a !any or "
1140  "an address range that supplies a NULL address range");
1141  goto error;
1142  }
1143 
1144  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1145  * not thingy. In that case we add a 0.0.0.0/0 first. */
1146  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1147  r = DetectAddressSetup(gh, "0.0.0.0/0");
1148  if (r < 0) {
1149  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1150  goto error;
1151  }
1152  }
1153  /* ... or ::/0 for ipv6 */
1154  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1155  r = DetectAddressSetup(gh, "::/0");
1156  if (r < 0) {
1157  SCLogDebug("DetectAddressSetup for ::/0 failed");
1158  goto error;
1159  }
1160  }
1161 
1162  /* step 1: insert our ghn members into the gh list */
1163  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1164  /* work with a copy of the ad so we can easily clean up the ghn group
1165  * later. */
1166  ad = DetectAddressCopy(ag);
1167  if (ad == NULL) {
1168  SCLogDebug("DetectAddressCopy failed");
1169  goto error;
1170  }
1171 
1172  r = DetectAddressInsert(NULL, gh, ad);
1173  if (r < 0) {
1174  SCLogDebug("DetectAddressInsert failed");
1175  goto error;
1176  }
1177  }
1178  /* ... and the same for ipv6 */
1179  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1180  /* work with a copy of the ad so we can easily clean up the ghn group
1181  * later. */
1182  ad = DetectAddressCopy(ag);
1183  if (ad == NULL) {
1184  SCLogDebug("DetectAddressCopy failed");
1185  goto error;
1186  }
1187 
1188  r = DetectAddressInsert(NULL, gh, ad);
1189  if (r < 0) {
1190  SCLogDebug("DetectAddressInsert failed");
1191  goto error;
1192  }
1193  }
1194 #ifdef DEBUG
1195  DetectAddress *tmp_ad;
1196  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1197  DetectAddressPrint(tmp_ad);
1198  }
1199 #endif
1200  int ipv4_applied = 0;
1201  int ipv6_applied = 0;
1202 
1203  /* step 2: pull the address blocks that match our 'not' blocks */
1204  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1205  SCLogDebug("ag %p", ag);
1206  DetectAddressPrint(ag);
1207 
1208  int applied = 0;
1209  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1210  SCLogDebug("ag2 %p", ag2);
1211  DetectAddressPrint(ag2);
1212 
1213  r = DetectAddressCmp(ag, ag2);
1214  /* XXX more ??? */
1215  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1216  if (ag2->prev == NULL)
1217  gh->ipv4_head = ag2->next;
1218  else
1219  ag2->prev->next = ag2->next;
1220 
1221  if (ag2->next != NULL)
1222  ag2->next->prev = ag2->prev;
1223 
1224  /* store the next ptr and remove the group */
1225  DetectAddress *next_ag2 = ag2->next;
1226  DetectAddressFree(ag2);
1227  ag2 = next_ag2;
1228  applied = 1;
1229  } else {
1230  ag2 = ag2->next;
1231  }
1232  }
1233 
1234  if (applied) {
1235  ipv4_applied++;
1236  }
1237  }
1238  /* ... and the same for ipv6 */
1239  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1240  int applied = 0;
1241  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1242  r = DetectAddressCmp(ag, ag2);
1243  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1244  if (ag2->prev == NULL)
1245  gh->ipv6_head = ag2->next;
1246  else
1247  ag2->prev->next = ag2->next;
1248 
1249  if (ag2->next != NULL)
1250  ag2->next->prev = ag2->prev;
1251 
1252  /* store the next ptr and remove the group */
1253  DetectAddress *next_ag2 = ag2->next;
1254  DetectAddressFree(ag2);
1255  ag2 = next_ag2;
1256 
1257  SCLogDebug("applied");
1258  applied = 1;
1259  } else {
1260  ag2 = ag2->next;
1261  }
1262  }
1263  if (applied) {
1264  ipv6_applied++;
1265  }
1266  }
1267 #ifdef DEBUG
1268  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1269  DetectAddressPrint(tmp_ad);
1270  }
1271  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1272  DetectAddressPrint(tmp_ad);
1273  }
1274 #endif
1275  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1276  int cnt = 0;
1277  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1278  cnt++;
1279 
1280  if (ipv4_applied != cnt) {
1281  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1282  "could be applied: %d != %d", cnt, ipv4_applied);
1283  goto error;
1284  }
1285 
1286  cnt = 0;
1287  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1288  cnt++;
1289 
1290  if (ipv6_applied != cnt) {
1291  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1292  "could be applied: %d != %d", cnt, ipv6_applied);
1293  goto error;
1294  }
1295  }
1296 
1297  /* if the result is that we have no addresses we return error */
1298  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1299  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1300  "merging addresses and negated addresses");
1301  goto error;
1302  }
1303 
1304  return 0;
1305 
1306 error:
1307  return -1;
1308 }
1309 
1311 {
1312  SCLogDebug("Testing address conf vars for any misconfigured values");
1313 
1314  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1315 
1316  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1317  if (address_vars_node == NULL) {
1318  return 0;
1319  }
1320 
1321  DetectAddressHead *gh = NULL;
1322  DetectAddressHead *ghn = NULL;
1323 
1324  ConfNode *seq_node;
1325  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1326  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1327 
1328  gh = DetectAddressHeadInit();
1329  if (gh == NULL) {
1330  goto error;
1331  }
1332  ghn = DetectAddressHeadInit();
1333  if (ghn == NULL) {
1334  goto error;
1335  }
1336 
1337  if (seq_node->val == NULL) {
1339  "Address var \"%s\" probably has a sequence(something "
1340  "in brackets) value set without any quotes. Please "
1341  "quote it using \"..\".", seq_node->name);
1342  goto error;
1343  }
1344 
1345  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1346 
1347  CleanVariableResolveList(&var_list);
1348 
1349  if (r < 0) {
1351  "failed to parse address var \"%s\" with value \"%s\". "
1352  "Please check it's syntax", seq_node->name, seq_node->val);
1353  goto error;
1354  }
1355 
1356  if (DetectAddressIsCompleteIPSpace(ghn)) {
1358  "address var - \"%s\" has the complete IP space negated "
1359  "with it's value \"%s\". Rule address range is NIL. "
1360  "Probably have a !any or an address range that supplies "
1361  "a NULL address range", seq_node->name, seq_node->val);
1362  goto error;
1363  }
1364 
1365  if (gh != NULL) {
1367  gh = NULL;
1368  }
1369  if (ghn != NULL) {
1370  DetectAddressHeadFree(ghn);
1371  ghn = NULL;
1372  }
1373  }
1374 
1375  return 0;
1376  error:
1377  if (gh != NULL)
1379  if (ghn != NULL)
1380  DetectAddressHeadFree(ghn);
1381  return -1;
1382 }
1383 
1384 #include "util-hash-lookup3.h"
1385 
1386 typedef struct DetectAddressMap_ {
1387  char *string;
1390 
1391 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1392 {
1393  const DetectAddressMap *map = (DetectAddressMap *)data;
1394  uint32_t hash = 0;
1395 
1396  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1397  hash %= ht->array_size;
1398 
1399  return hash;
1400 }
1401 
1402 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1403  uint16_t len2)
1404 {
1405  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1406  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1407 
1408 
1409  int r = (strcmp(map1->string, map2->string) == 0);
1410  return r;
1411 }
1412 
1413 static void DetectAddressMapFreeFunc(void *data)
1414 {
1415  DetectAddressMap *map = (DetectAddressMap *)data;
1416  if (map != NULL) {
1418  SCFree(map->string);
1419  }
1420  SCFree(map);
1421 }
1422 
1424 {
1425  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1426  DetectAddressMapCompareFunc,
1427  DetectAddressMapFreeFunc);
1428  if (de_ctx->address_table == NULL)
1429  return -1;
1430 
1431  return 0;
1432 }
1433 
1435 {
1436  if (de_ctx->address_table == NULL)
1437  return;
1438 
1440  de_ctx->address_table = NULL;
1441  return;
1442 }
1443 
1444 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1446 {
1447  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1448  if (map == NULL)
1449  return -1;
1450 
1451  map->string = SCStrdup(string);
1452  if (map->string == NULL) {
1453  SCFree(map);
1454  return -1;
1455  }
1456  map->address = address;
1457 
1458  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1459  return 0;
1460 }
1461 
1462 static const DetectAddressHead *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1463  const char *string)
1464 {
1465  DetectAddressMap map = { (char *)string, NULL };
1466 
1468  &map, 0);
1469  if (res == NULL)
1470  return NULL;
1471  else {
1472  return (const DetectAddressHead *)res->address;
1473  }
1474 }
1475 
1476 /**
1477  * \brief Parses an address group sent as a character string and updates the
1478  * DetectAddressHead sent as the argument with the relevant address
1479  * ranges from the parsed string.
1480  *
1481  * \param gh Pointer to the DetectAddressHead.
1482  * \param str Pointer to the character string containing the address group
1483  * that has to be parsed.
1484  *
1485  * \retval 0 On success.
1486  * \retval -1 On failure.
1487  */
1489  DetectAddressHead *gh, const char *str)
1490 {
1491  int r;
1492  DetectAddressHead *ghn = NULL;
1493 
1494  SCLogDebug("gh %p, str %s", gh, str);
1495 
1496  if (str == NULL) {
1497  SCLogDebug("DetectAddressParse can not be run with NULL address");
1498  goto error;
1499  }
1500 
1501  ghn = DetectAddressHeadInit();
1502  if (ghn == NULL) {
1503  SCLogDebug("DetectAddressHeadInit for ghn failed");
1504  goto error;
1505  }
1506 
1507  r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1508  if (r < 0) {
1509  SCLogDebug("DetectAddressParse2 returned %d", r);
1510  goto error;
1511  }
1512 
1513  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1514  ghn->ipv4_head);
1515 
1516  /* merge the 'not' address groups */
1517  if (DetectAddressMergeNot(gh, ghn) < 0) {
1518  SCLogDebug("DetectAddressMergeNot failed");
1519  goto error;
1520  }
1521 
1522  /* free the temp negate head */
1523  DetectAddressHeadFree(ghn);
1524  return 0;
1525 
1526 error:
1527  if (ghn != NULL)
1528  DetectAddressHeadFree(ghn);
1529  return -1;
1530 }
1531 
1533  const char *string)
1534 {
1535  const DetectAddressHead *h = DetectAddressMapLookup(de_ctx, string);
1536  if (h != NULL) {
1537  SCLogDebug("found: %s :: %p", string, h);
1538  return h;
1539  }
1540 
1541  SCLogDebug("%s not found", string);
1542 
1544  if (head == NULL)
1545  return NULL;
1546 
1547  if (DetectAddressParse(de_ctx, head, string) == -1)
1548  {
1549  DetectAddressHeadFree(head);
1550  return NULL;
1551  }
1552 
1553  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head);
1554  return head;
1555 }
1556 
1557 /**
1558  * \brief Returns a new instance of DetectAddressHead.
1559  *
1560  * \retval gh Pointer to the new instance of DetectAddressHead.
1561  */
1563 {
1565  if (unlikely(gh == NULL))
1566  return NULL;
1567  memset(gh, 0, sizeof(DetectAddressHead));
1568 
1569  return gh;
1570 }
1571 
1572 /**
1573  * \brief Cleans a DetectAddressHead. The functions frees the address
1574  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1575  * instance.
1576  *
1577  * \param gh Pointer to the DetectAddressHead instance that has to be
1578  * cleaned.
1579  */
1581 {
1582  if (gh != NULL) {
1583  if (gh->ipv4_head != NULL) {
1585  gh->ipv4_head = NULL;
1586  }
1587  if (gh->ipv6_head != NULL) {
1589  gh->ipv6_head = NULL;
1590  }
1591  }
1592 
1593  return;
1594 }
1595 
1596 /**
1597  * \brief Frees a DetectAddressHead instance.
1598  *
1599  * \param gh Pointer to the DetectAddressHead instance to be freed.
1600  */
1602 {
1603  if (gh != NULL) {
1605  SCFree(gh);
1606  }
1607 
1608  return;
1609 }
1610 
1611 /**
1612  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1613  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1614  * explanations on what these functions do.
1615  *
1616  * \param de_ctx Pointer to the DetectEngineCtx.
1617  * \param a Pointer the the first address to be cut.
1618  * \param b Pointer to the second address to be cut.
1619  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1620  * ranges from a and b, demand a third address range.
1621  *
1622  * \retval 0 On success.
1623  * \retval -1 On failure.
1624  */
1625 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1626  DetectAddress *b, DetectAddress **c)
1627 {
1628  if (a->ip.family == AF_INET)
1629  return DetectAddressCutIPv4(de_ctx, a, b, c);
1630  else if (a->ip.family == AF_INET6)
1631  return DetectAddressCutIPv6(de_ctx, a, b, c);
1632 
1633  return -1;
1634 }
1635 
1636 /**
1637  * \brief Cuts a negated address range with respect to the entire ip range, and
1638  * supplies with the address range that doesn't belong to the negated
1639  * address range.
1640  *
1641  * There are 2 cases here -
1642  *
1643  * The first case includes the address being located at the extreme ends
1644  * of the ip space, in which we get a single range.
1645  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1646  *
1647  * The second case includes the address not present at either of the
1648  * ip space extremes, in which case we get 2 ranges. The second range
1649  * would be supplied back with the argument "b" supplied to this function.
1650  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1651  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1652  *
1653  * The above negation cases can similarly be extended to ranges, i.e.
1654  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1655  * ![10.20.30.40 - 10.20.30.50].
1656  *
1657  *
1658  * \param a Pointer to the DetectAddressData instance, that contains the negated
1659  * address range that has to be cut.
1660  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1661  * filled with the address range, if the argument "a", doesn't fall at
1662  * the extreme ends of the ip address space.
1663  *
1664  * \retval 0 On success.
1665  * \retval -1 On failure.
1666  */
1667 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1668 {
1669  if (a->ip.family == AF_INET)
1670  return DetectAddressCutNotIPv4(a, b);
1671  else if (a->ip.family == AF_INET6)
1672  return DetectAddressCutNotIPv6(a, b);
1673 
1674  return -1;
1675 }
1676 
1677 /**
1678  * \brief Used to compare 2 address ranges.
1679  *
1680  * \param a Pointer to the first DetectAddressData to be compared.
1681  * \param b Pointer to the second DetectAddressData to be compared.
1682  */
1684 {
1685  if (a->ip.family != b->ip.family)
1686  return ADDRESS_ER;
1687 
1688  if (a->ip.family == AF_INET)
1689  return DetectAddressCmpIPv4(a, b);
1690  else if (a->ip.family == AF_INET6)
1691  return DetectAddressCmpIPv6(a, b);
1692 
1693  return ADDRESS_ER;
1694 }
1695 
1696 /**
1697  * \brief Match a packets address against a signatures addrs array
1698  *
1699  * \param addrs array of DetectMatchAddressIPv4's
1700  * \param addrs_cnt array size in members
1701  * \param a packets address
1702  *
1703  * \retval 0 no match
1704  * \retval 1 match
1705  *
1706  * \note addresses in addrs are in host order
1707  *
1708  * \todo array should be ordered, so we can break out of the loop
1709  */
1711  uint16_t addrs_cnt, const Address *a)
1712 {
1713  SCEnter();
1714 
1715  if (addrs == NULL || addrs_cnt == 0) {
1716  SCReturnInt(0);
1717  }
1718 
1719  uint16_t idx;
1720  for (idx = 0; idx < addrs_cnt; idx++) {
1721  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1722  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1723  {
1724  SCReturnInt(1);
1725  }
1726  }
1727 
1728  SCReturnInt(0);
1729 }
1730 
1731 /**
1732  * \brief Match a packets address against a signatures addrs array
1733  *
1734  * \param addrs array of DetectMatchAddressIPv6's
1735  * \param addrs_cnt array size in members
1736  * \param a packets address
1737  *
1738  * \retval 0 no match
1739  * \retval 1 match
1740  *
1741  * \note addresses in addrs are in host order
1742  *
1743  * \todo array should be ordered, so we can break out of the loop
1744  */
1746  uint16_t addrs_cnt, const Address *a)
1747 {
1748  SCEnter();
1749 
1750  if (addrs == NULL || addrs_cnt == 0) {
1751  SCReturnInt(0);
1752  }
1753 
1754  uint16_t idx;
1755  int i = 0;
1756  uint16_t result1, result2;
1757 
1758  /* See if the packet address is within the range of any entry in the
1759  * signature's address match array.
1760  */
1761  for (idx = 0; idx < addrs_cnt; idx++) {
1762  result1 = result2 = 0;
1763 
1764  /* See if packet address equals either limit. Return 1 if true. */
1765  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1766  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1767  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1768  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1769  {
1770  SCReturnInt(1);
1771  }
1772  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1773  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1774  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1775  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1776  {
1777  SCReturnInt(1);
1778  }
1779 
1780  /* See if packet address is greater than lower limit
1781  * of the current signature address match pair.
1782  */
1783  for (i = 0; i < 4; i++) {
1784  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1785  result1 = 1;
1786  break;
1787  }
1788  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1789  result1 = 0;
1790  break;
1791  }
1792  }
1793 
1794  /* If not greater than lower limit, try next address match entry */
1795  if (result1 == 0)
1796  continue;
1797 
1798  /* See if packet address is less than upper limit
1799  * of the current signature address match pair.
1800  */
1801  for (i = 0; i < 4; i++) {
1802  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1803  result2 = 1;
1804  break;
1805  }
1806  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1807  result2 = 0;
1808  break;
1809  }
1810  }
1811 
1812  /* Return a match if packet address is between the two
1813  * signature address match limits.
1814  */
1815  if (result1 == 1 && result2 == 1)
1816  SCReturnInt(1);
1817  }
1818 
1819  SCReturnInt(0);
1820 }
1821 
1822 /**
1823  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1824  * range in the DetectAddress instance.
1825  *
1826  * We basically check that the address falls inbetween the address
1827  * range in DetectAddress.
1828  *
1829  * \param dd Pointer to the DetectAddress instance.
1830  * \param a Pointer to an Address instance.
1831  *
1832  * \param 1 On a match.
1833  * \param 0 On no match.
1834  */
1836 {
1837  SCEnter();
1838 
1839  if (dd->ip.family != a->family) {
1840  SCReturnInt(0);
1841  }
1842 
1843  //DetectAddressPrint(dd);
1844  //AddressDebugPrint(a);
1845 
1846  switch (a->family) {
1847  case AF_INET:
1848 
1849  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1850  * Address inside DetectAddressData we can do uint8_t checks */
1851  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1852  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1853  {
1854  SCReturnInt(1);
1855  } else {
1856  SCReturnInt(0);
1857  }
1858 
1859  break;
1860  case AF_INET6:
1861  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1862  AddressIPv6Le(a, &dd->ip2) == 1)
1863  {
1864  SCReturnInt(1);
1865  } else {
1866  SCReturnInt(0);
1867  }
1868 
1869  break;
1870  default:
1871  SCLogDebug("What other address type can we have :-/");
1872  break;
1873  }
1874 
1875  SCReturnInt(0);
1876 }
1877 
1878 /**
1879  * \brief Prints the address data held by the DetectAddress. If the address
1880  * data family is IPv4, we print the the ipv4 address and mask, and
1881  * if the address data family is IPv6, we print the ipv6 address and
1882  * mask.
1883  *
1884  * \param ad Pointer to the DetectAddress instance to be printed.
1885  */
1887 {
1888  if (gr == NULL)
1889  return;
1890 
1891  if (gr->ip.family == AF_INET) {
1892  struct in_addr in;
1893  char ip[16], mask[16];
1894 
1895  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1896  PrintInet(AF_INET, &in, ip, sizeof(ip));
1897  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1898  PrintInet(AF_INET, &in, mask, sizeof(mask));
1899 
1900  SCLogDebug("%s/%s", ip, mask);
1901 // printf("%s/%s", ip, mask);
1902  } else if (gr->ip.family == AF_INET6) {
1903  struct in6_addr in6;
1904  char ip[66], mask[66];
1905 
1906  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1907  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1908  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1909  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1910 
1911  SCLogDebug("%s/%s", ip, mask);
1912 // printf("%s/%s", ip, mask);
1913  }
1914 
1915  return;
1916 }
1917 
1918 /**
1919  * \brief Find the group matching address in a group head.
1920  *
1921  * \param gh Pointer to the address group head(DetectAddressHead instance).
1922  * \param a Pointer to an Address instance.
1923  *
1924  * \retval g On success pointer to an DetectAddress if we find a match
1925  * for the Address "a", in the DetectAddressHead "gh".
1926  */
1928 {
1929  SCEnter();
1930 
1931  DetectAddress *g = NULL;
1932 
1933  if (gh == NULL) {
1934  SCReturnPtr(NULL, "DetectAddress");
1935  }
1936 
1937  /* XXX should we really do this check every time we run this function? */
1938  if (a->family == AF_INET) {
1939  SCLogDebug("IPv4");
1940  g = gh->ipv4_head;
1941  } else if (a->family == AF_INET6) {
1942  SCLogDebug("IPv6");
1943  g = gh->ipv6_head;
1944  }
1945 
1946  for ( ; g != NULL; g = g->next) {
1947  if (DetectAddressMatch(g,a) == 1) {
1948  SCReturnPtr(g, "DetectAddress");
1949  }
1950  }
1951 
1952  SCReturnPtr(NULL, "DetectAddress");
1953 }
1954 
1955 /********************************Unittests*************************************/
1956 
1957 #ifdef UNITTESTS
1958 
1959 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1960 {
1961  char str1[46] = "", str2[46] = "";
1962 
1963  if (ad == NULL)
1964  return FALSE;
1965 
1966  switch(ad->ip.family) {
1967  case AF_INET:
1968  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1969  SCLogDebug("%s", str1);
1970  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1971  SCLogDebug("%s", str2);
1972 
1973  if (strcmp(str1, one) != 0) {
1974  SCLogInfo("%s != %s", str1, one);
1975  return FALSE;
1976  }
1977 
1978  if (strcmp(str2, two) != 0) {
1979  SCLogInfo("%s != %s", str2, two);
1980  return FALSE;
1981  }
1982 
1983  return TRUE;
1984  break;
1985 
1986  case AF_INET6:
1987  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1988  SCLogDebug("%s", str1);
1989  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1990  SCLogDebug("%s", str2);
1991 
1992  if (strcmp(str1, one) != 0) {
1993  SCLogInfo("%s != %s", str1, one);
1994  return FALSE;
1995  }
1996 
1997  if (strcmp(str2, two) != 0) {
1998  SCLogInfo("%s != %s", str2, two);
1999  return FALSE;
2000  }
2001 
2002  return TRUE;
2003  break;
2004  }
2005 
2006  return FALSE;
2007 }
2008 
2010  const char *one;
2011  const char *two;
2013 
2014 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
2015 {
2016  int expect = nranges;
2017  int have = 0;
2018 
2019  if (gh == NULL)
2020  return FALSE;
2021 
2022  DetectAddress *ad = NULL;
2023  ad = gh->ipv4_head;
2024  if (ad == NULL)
2025  ad = gh->ipv6_head;
2026  while (have < expect) {
2027  if (ad == NULL) {
2028  printf("bad head: have %d ranges, expected %d: ", have, expect);
2029  return FALSE;
2030  }
2031 
2032  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
2033  return FALSE;
2034 
2035  ad = ad->next;
2036  have++;
2037  }
2038 
2039  return TRUE;
2040 }
2041 
2042 static int AddressTestParse01(void)
2043 {
2044  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2045 
2046  if (dd) {
2047  DetectAddressFree(dd);
2048  return 1;
2049  }
2050 
2051  return 0;
2052 }
2053 
2054 static int AddressTestParse02(void)
2055 {
2056  int result = 1;
2057  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2058 
2059  if (dd) {
2060  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
2061  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2062  result = 0;
2063  }
2064 
2065  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
2066  DetectAddressFree(dd);
2067  return result;
2068  }
2069 
2070  return 0;
2071 }
2072 
2073 static int AddressTestParse03(void)
2074 {
2075  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2076 
2077  if (dd) {
2078  DetectAddressFree(dd);
2079  return 1;
2080  }
2081 
2082  return 0;
2083 }
2084 
2085 static int AddressTestParse04(void)
2086 {
2087  int result = 1;
2088  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2089 
2090  if (dd) {
2091  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2092  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2093  result = 0;
2094  }
2095 
2096  DetectAddressFree(dd);
2097  return result;
2098  }
2099 
2100  return 0;
2101 }
2102 
2103 static int AddressTestParse05(void)
2104 {
2105  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2106 
2107  if (dd) {
2108  DetectAddressFree(dd);
2109  return 1;
2110  }
2111 
2112  return 0;
2113 }
2114 
2115 static int AddressTestParse06(void)
2116 {
2117  int result = 1;
2118  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2119 
2120  if (dd) {
2121  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2122  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2123  result = 0;
2124  }
2125 
2126  DetectAddressFree(dd);
2127  return result;
2128  }
2129 
2130  return 0;
2131 }
2132 
2133 static int AddressTestParse07(void)
2134 {
2135  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2136 
2137  if (dd) {
2138  DetectAddressFree(dd);
2139  return 1;
2140  }
2141 
2142  return 0;
2143 }
2144 
2145 static int AddressTestParse08(void)
2146 {
2147  int result = 1;
2148  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2149 
2150  if (dd) {
2151  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2152  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2153 
2154  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2155  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2156  DetectAddressPrint(dd);
2157  result = 0;
2158  }
2159 
2160  DetectAddressFree(dd);
2161  return result;
2162  }
2163 
2164  return 0;
2165 }
2166 
2167 static int AddressTestParse09(void)
2168 {
2169  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2170 
2171  if (dd) {
2172  DetectAddressFree(dd);
2173  return 1;
2174  }
2175 
2176  return 0;
2177 }
2178 
2179 static int AddressTestParse10(void)
2180 {
2181  int result = 1;
2182  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2183 
2184  if (dd) {
2185  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2186  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2187 
2188  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2189  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2190  DetectAddressPrint(dd);
2191  result = 0;
2192  }
2193 
2194  DetectAddressFree(dd);
2195  return result;
2196  }
2197 
2198  return 0;
2199 }
2200 
2201 static int AddressTestParse11(void)
2202 {
2203  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2204 
2205  if (dd) {
2206  DetectAddressFree(dd);
2207  return 1;
2208  }
2209 
2210  return 0;
2211 }
2212 
2213 static int AddressTestParse12(void)
2214 {
2215  int result = 1;
2216  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2217 
2218  if (dd) {
2219  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2220  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2221 
2222  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2223  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2224  DetectAddressPrint(dd);
2225  result = 0;
2226  }
2227 
2228  DetectAddressFree(dd);
2229  return result;
2230  }
2231 
2232  return 0;
2233 }
2234 static int AddressTestParse13(void)
2235 {
2236  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2237 
2238  if (dd) {
2239  DetectAddressFree(dd);
2240  return 1;
2241  }
2242 
2243  return 0;
2244 }
2245 
2246 static int AddressTestParse14(void)
2247 {
2248  int result = 1;
2249  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2250 
2251  if (dd) {
2252  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2253  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2254 
2255  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2256  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2257  result = 0;
2258  }
2259 
2260  DetectAddressFree(dd);
2261  return result;
2262  }
2263 
2264  return 0;
2265 }
2266 
2267 static int AddressTestParse15(void)
2268 {
2269  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2270 
2271  if (dd) {
2272  DetectAddressFree(dd);
2273  return 1;
2274  }
2275 
2276  return 0;
2277 }
2278 
2279 static int AddressTestParse16(void)
2280 {
2281  int result = 1;
2282  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2283 
2284  if (dd) {
2285  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2286  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2287 
2288  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2289  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2290  result = 0;
2291  }
2292 
2293  DetectAddressFree(dd);
2294  return result;
2295  }
2296 
2297  return 0;
2298 }
2299 
2300 static int AddressTestParse17(void)
2301 {
2302  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2303 
2304  if (dd) {
2305  DetectAddressFree(dd);
2306  return 1;
2307  }
2308 
2309  return 0;
2310 }
2311 
2312 static int AddressTestParse18(void)
2313 {
2314  int result = 1;
2315  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2316 
2317  if (dd) {
2318  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2319  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2320  result = 0;
2321  }
2322 
2323  DetectAddressFree(dd);
2324  return result;
2325  }
2326 
2327  return 0;
2328 }
2329 
2330 static int AddressTestParse19(void)
2331 {
2332  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2333 
2334  if (dd) {
2335  DetectAddressFree(dd);
2336  return 0;
2337  }
2338 
2339  return 1;
2340 }
2341 
2342 static int AddressTestParse20(void)
2343 {
2344  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2345 
2346  if (dd) {
2347  DetectAddressFree(dd);
2348  return 1;
2349  }
2350 
2351  return 0;
2352 }
2353 
2354 static int AddressTestParse21(void)
2355 {
2356  int result = 1;
2357  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2358 
2359  if (dd) {
2360  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2361  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2362 
2363  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2364  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2365  result = 0;
2366  }
2367 
2368  DetectAddressFree(dd);
2369  return result;
2370  }
2371 
2372  return 0;
2373 }
2374 
2375 static int AddressTestParse22(void)
2376 {
2377  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2378 
2379  if (dd) {
2380  DetectAddressFree(dd);
2381  return 0;
2382  }
2383 
2384  return 1;
2385 }
2386 
2387 static int AddressTestParse23(void)
2388 {
2390  FAIL_IF_NULL(gh);
2391  int r = DetectAddressParse(NULL, gh, "any");
2392  FAIL_IF_NOT(r == 0);
2394  PASS;
2395 }
2396 
2397 static int AddressTestParse24(void)
2398 {
2400  FAIL_IF_NULL(gh);
2401  int r = DetectAddressParse(NULL, gh, "Any");
2402  FAIL_IF_NOT(r == 0);
2404  PASS;
2405 }
2406 
2407 static int AddressTestParse25(void)
2408 {
2410  FAIL_IF_NULL(gh);
2411  int r = DetectAddressParse(NULL, gh, "ANY");
2412  FAIL_IF_NOT(r == 0);
2414  PASS;
2415 }
2416 
2417 static int AddressTestParse27(void)
2418 {
2419  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2420 
2421  if (dd) {
2422  DetectAddressFree(dd);
2423  return 1;
2424  }
2425 
2426  return 0;
2427 }
2428 
2429 static int AddressTestParse28(void)
2430 {
2431  int result = 0;
2432  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2433 
2434  if (dd) {
2435  if (dd->flags & ADDRESS_FLAG_NOT &&
2436  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2437  result = 1;
2438  }
2439 
2440  DetectAddressFree(dd);
2441  return result;
2442  }
2443 
2444  return 0;
2445 }
2446 
2447 static int AddressTestParse29(void)
2448 {
2449  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2450 
2451  if (dd) {
2452  DetectAddressFree(dd);
2453  return 1;
2454  }
2455 
2456  return 0;
2457 }
2458 
2459 static int AddressTestParse30(void)
2460 {
2461  int result = 0;
2462  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2463 
2464  if (dd) {
2465  if (dd->flags & ADDRESS_FLAG_NOT &&
2466  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2467  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2468  result = 1;
2469  }
2470 
2471  DetectAddressFree(dd);
2472  return result;
2473  }
2474 
2475  return 0;
2476 }
2477 
2478 /**
2479  * \test make sure !any is rejected
2480  */
2481 static int AddressTestParse31(void)
2482 {
2483  DetectAddress *dd = DetectAddressParseSingle("!any");
2484 
2485  if (dd) {
2486  DetectAddressFree(dd);
2487  return 0;
2488  }
2489 
2490  return 1;
2491 }
2492 
2493 static int AddressTestParse32(void)
2494 {
2495  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2496 
2497  if (dd) {
2498  DetectAddressFree(dd);
2499  return 1;
2500  }
2501 
2502  return 0;
2503 }
2504 
2505 static int AddressTestParse33(void)
2506 {
2507  int result = 0;
2508  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2509 
2510  if (dd) {
2511  if (dd->flags & ADDRESS_FLAG_NOT &&
2512  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2513  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2514  result = 1;
2515  }
2516 
2517  DetectAddressFree(dd);
2518  return result;
2519  }
2520 
2521  return 0;
2522 }
2523 
2524 static int AddressTestParse34(void)
2525 {
2526  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2527 
2528  if (dd) {
2529  DetectAddressFree(dd);
2530  return 1;
2531  }
2532 
2533  return 0;
2534 }
2535 
2536 static int AddressTestParse35(void)
2537 {
2538  int result = 0;
2539  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2540 
2541  if (dd) {
2542  if (dd->flags & ADDRESS_FLAG_NOT &&
2543  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2544  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2545 
2546  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2547  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2548  result = 1;
2549  }
2550 
2551  DetectAddressFree(dd);
2552  return result;
2553  }
2554 
2555  return 0;
2556 }
2557 
2558 static int AddressTestParse36(void)
2559 {
2560  int result = 1;
2561  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2562 
2563  if (dd) {
2564  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2565  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2566 
2567  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2568  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2569 
2570  DetectAddressPrint(dd);
2571  result = 0;
2572  }
2573  DetectAddressPrint(dd);
2574 
2575  DetectAddressFree(dd);
2576  return result;
2577  }
2578 
2579  return 0;
2580 }
2581 
2582 static int AddressTestParse37(void)
2583 {
2584  int result = 1;
2585  DetectAddress *dd = DetectAddressParseSingle("::/0");
2586 
2587  if (dd) {
2588  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2589  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2590 
2591  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2592  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2593  DetectAddressPrint(dd);
2594  result = 0;
2595  }
2596  DetectAddressPrint(dd);
2597 
2598  DetectAddressFree(dd);
2599  return result;
2600  }
2601 
2602  return 0;
2603 }
2604 
2605 static int AddressTestMatch01(void)
2606 {
2607  DetectAddress *dd = NULL;
2608  int result = 1;
2609  struct in_addr in;
2610  Address a;
2611 
2612  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2613  return 0;
2614  memset(&a, 0, sizeof(Address));
2615  a.family = AF_INET;
2616  a.addr_data32[0] = in.s_addr;
2617 
2618  dd = DetectAddressParseSingle("1.2.3.4/24");
2619  if (dd) {
2620  if (DetectAddressMatch(dd, &a) == 0)
2621  result = 0;
2622 
2623  DetectAddressFree(dd);
2624  return result;
2625  }
2626 
2627  return 0;
2628 }
2629 
2630 static int AddressTestMatch02(void)
2631 {
2632  DetectAddress *dd = NULL;
2633  int result = 1;
2634  struct in_addr in;
2635  Address a;
2636 
2637  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2638  return 0;
2639  memset(&a, 0, sizeof(Address));
2640  a.family = AF_INET;
2641  a.addr_data32[0] = in.s_addr;
2642 
2643  dd = DetectAddressParseSingle("1.2.3.4/25");
2644  if (dd) {
2645  if (DetectAddressMatch(dd, &a) == 0)
2646  result = 0;
2647 
2648  DetectAddressFree(dd);
2649  return result;
2650  }
2651 
2652  return 0;
2653 }
2654 
2655 static int AddressTestMatch03(void)
2656 {
2657  DetectAddress *dd = NULL;
2658  int result = 1;
2659  struct in_addr in;
2660  Address a;
2661 
2662  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2663  return 0;
2664  memset(&a, 0, sizeof(Address));
2665  a.family = AF_INET;
2666  a.addr_data32[0] = in.s_addr;
2667 
2668  dd = DetectAddressParseSingle("1.2.3.4/25");
2669  if (dd) {
2670  if (DetectAddressMatch(dd, &a) == 1)
2671  result = 0;
2672 
2673  DetectAddressFree(dd);
2674  return result;
2675  }
2676 
2677  return 0;
2678 }
2679 
2680 static int AddressTestMatch04(void)
2681 {
2682  DetectAddress *dd = NULL;
2683  int result = 1;
2684  struct in_addr in;
2685  Address a;
2686 
2687  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2688  return 0;
2689  memset(&a, 0, sizeof(Address));
2690  a.family = AF_INET;
2691  a.addr_data32[0] = in.s_addr;
2692 
2693  dd = DetectAddressParseSingle("1.2.3.4/25");
2694  if (dd) {
2695  if (DetectAddressMatch(dd, &a) == 1)
2696  result = 0;
2697 
2698  DetectAddressFree(dd);
2699  return result;
2700  }
2701 
2702  return 0;
2703 }
2704 
2705 static int AddressTestMatch05(void)
2706 {
2707  DetectAddress *dd = NULL;
2708  int result = 1;
2709  struct in_addr in;
2710  Address a;
2711 
2712  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2713  return 0;
2714  memset(&a, 0, sizeof(Address));
2715  a.family = AF_INET;
2716  a.addr_data32[0] = in.s_addr;
2717 
2718  dd = DetectAddressParseSingle("1.2.3.4/32");
2719  if (dd) {
2720  if (DetectAddressMatch(dd, &a) == 0)
2721  result = 0;
2722 
2723  DetectAddressFree(dd);
2724  return result;
2725  }
2726 
2727  return 0;
2728 }
2729 
2730 static int AddressTestMatch06(void)
2731 {
2732  DetectAddress *dd = NULL;
2733  int result = 1;
2734  struct in_addr in;
2735  Address a;
2736 
2737  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2738  return 0;
2739  memset(&a, 0, sizeof(Address));
2740  a.family = AF_INET;
2741  a.addr_data32[0] = in.s_addr;
2742 
2743  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2744  if (dd) {
2745  if (DetectAddressMatch(dd, &a) == 0)
2746  result = 0;
2747 
2748  DetectAddressFree(dd);
2749  return result;
2750  }
2751 
2752  return 0;
2753 }
2754 
2755 static int AddressTestMatch07(void)
2756 {
2757  DetectAddress *dd = NULL;
2758  int result = 1;
2759  struct in6_addr in6;
2760  Address a;
2761 
2762  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2763  return 0;
2764  memset(&a, 0, sizeof(Address));
2765  a.family = AF_INET6;
2766  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2767 
2768  dd = DetectAddressParseSingle("2001::/3");
2769  if (dd) {
2770  if (DetectAddressMatch(dd, &a) == 0)
2771  result = 0;
2772 
2773  DetectAddressFree(dd);
2774  return result;
2775  }
2776 
2777  return 0;
2778 }
2779 
2780 static int AddressTestMatch08(void)
2781 {
2782  DetectAddress *dd = NULL;
2783  int result = 1;
2784  struct in6_addr in6;
2785  Address a;
2786 
2787  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2788  return 0;
2789  memset(&a, 0, sizeof(Address));
2790  a.family = AF_INET6;
2791  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2792 
2793  dd = DetectAddressParseSingle("2001::/3");
2794  if (dd) {
2795  if (DetectAddressMatch(dd, &a) == 1)
2796  result = 0;
2797 
2798  DetectAddressFree(dd);
2799  return result;
2800  }
2801 
2802  return 0;
2803 }
2804 
2805 static int AddressTestMatch09(void)
2806 {
2807  DetectAddress *dd = NULL;
2808  int result = 1;
2809  struct in6_addr in6;
2810  Address a;
2811 
2812  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2813  return 0;
2814  memset(&a, 0, sizeof(Address));
2815  a.family = AF_INET6;
2816  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2817 
2818  dd = DetectAddressParseSingle("2001::1/128");
2819  if (dd) {
2820  if (DetectAddressMatch(dd, &a) == 1)
2821  result = 0;
2822 
2823  DetectAddressFree(dd);
2824  return result;
2825  }
2826 
2827  return 0;
2828 }
2829 
2830 static int AddressTestMatch10(void)
2831 {
2832  DetectAddress *dd = NULL;
2833  int result = 1;
2834  struct in6_addr in6;
2835  Address a;
2836 
2837  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2838  return 0;
2839  memset(&a, 0, sizeof(Address));
2840  a.family = AF_INET6;
2841  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2842 
2843  dd = DetectAddressParseSingle("2001::1/126");
2844  if (dd) {
2845  if (DetectAddressMatch(dd, &a) == 0)
2846  result = 0;
2847 
2848  DetectAddressFree(dd);
2849  return result;
2850  }
2851 
2852  return 0;
2853 }
2854 
2855 static int AddressTestMatch11(void)
2856 {
2857  DetectAddress *dd = NULL;
2858  int result = 1;
2859  struct in6_addr in6;
2860  Address a;
2861 
2862  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2863  return 0;
2864  memset(&a, 0, sizeof(Address));
2865  a.family = AF_INET6;
2866  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2867 
2868  dd = DetectAddressParseSingle("2001::1/127");
2869  if (dd) {
2870  if (DetectAddressMatch(dd, &a) == 1)
2871  result = 0;
2872 
2873  DetectAddressFree(dd);
2874  return result;
2875  }
2876 
2877  return 0;
2878 }
2879 
2880 static int AddressTestCmp01(void)
2881 {
2882  DetectAddress *da = NULL, *db = NULL;
2883  int result = 1;
2884 
2885  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2886  if (da == NULL) goto error;
2887  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2888  if (db == NULL) goto error;
2889 
2890  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2891  result = 0;
2892 
2893  DetectAddressFree(da);
2894  DetectAddressFree(db);
2895  return result;
2896 
2897 error:
2898  if (da) DetectAddressFree(da);
2899  if (db) DetectAddressFree(db);
2900  return 0;
2901 }
2902 
2903 static int AddressTestCmp02(void)
2904 {
2905  DetectAddress *da = NULL, *db = NULL;
2906  int result = 1;
2907 
2908  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2909  if (da == NULL) goto error;
2910  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2911  if (db == NULL) goto error;
2912 
2913  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2914  result = 0;
2915 
2916  DetectAddressFree(da);
2917  DetectAddressFree(db);
2918  return result;
2919 
2920 error:
2921  if (da) DetectAddressFree(da);
2922  if (db) DetectAddressFree(db);
2923  return 0;
2924 }
2925 
2926 static int AddressTestCmp03(void)
2927 {
2928  DetectAddress *da = NULL, *db = NULL;
2929  int result = 1;
2930 
2931  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2932  if (da == NULL) goto error;
2933  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2934  if (db == NULL) goto error;
2935 
2936  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2937  result = 0;
2938 
2939  DetectAddressFree(da);
2940  DetectAddressFree(db);
2941  return result;
2942 
2943 error:
2944  if (da) DetectAddressFree(da);
2945  if (db) DetectAddressFree(db);
2946  return 0;
2947 }
2948 
2949 static int AddressTestCmp04(void)
2950 {
2951  DetectAddress *da = NULL, *db = NULL;
2952  int result = 1;
2953 
2954  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2955  if (da == NULL) goto error;
2956  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2957  if (db == NULL) goto error;
2958 
2959  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2960  result = 0;
2961 
2962  DetectAddressFree(da);
2963  DetectAddressFree(db);
2964  return result;
2965 
2966 error:
2967  if (da) DetectAddressFree(da);
2968  if (db) DetectAddressFree(db);
2969  return 0;
2970 }
2971 
2972 static int AddressTestCmp05(void)
2973 {
2974  DetectAddress *da = NULL, *db = NULL;
2975  int result = 1;
2976 
2977  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2978  if (da == NULL) goto error;
2979  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2980  if (db == NULL) goto error;
2981 
2982  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2983  result = 0;
2984 
2985  DetectAddressFree(da);
2986  DetectAddressFree(db);
2987  return result;
2988 
2989 error:
2990  if (da) DetectAddressFree(da);
2991  if (db) DetectAddressFree(db);
2992  return 0;
2993 }
2994 
2995 static int AddressTestCmp06(void)
2996 {
2997  DetectAddress *da = NULL, *db = NULL;
2998  int result = 1;
2999 
3000  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
3001  if (da == NULL) goto error;
3002  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
3003  if (db == NULL) goto error;
3004 
3005  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3006  result = 0;
3007 
3008  DetectAddressFree(da);
3009  DetectAddressFree(db);
3010  return result;
3011 
3012 error:
3013  if (da) DetectAddressFree(da);
3014  if (db) DetectAddressFree(db);
3015  return 0;
3016 }
3017 
3018 static int AddressTestCmpIPv407(void)
3019 {
3020  DetectAddress *da = NULL, *db = NULL;
3021  int result = 1;
3022 
3023  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3024  if (da == NULL) goto error;
3025  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3026  if (db == NULL) goto error;
3027 
3028  if (DetectAddressCmp(da, db) != ADDRESS_LE)
3029  result = 0;
3030 
3031  DetectAddressFree(da);
3032  DetectAddressFree(db);
3033  return result;
3034 
3035 error:
3036  if (da) DetectAddressFree(da);
3037  if (db) DetectAddressFree(db);
3038  return 0;
3039 }
3040 
3041 static int AddressTestCmpIPv408(void)
3042 {
3043  DetectAddress *da = NULL, *db = NULL;
3044  int result = 1;
3045 
3046  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3047  if (da == NULL) goto error;
3048  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3049  if (db == NULL) goto error;
3050 
3051  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3052  result = 0;
3053 
3054  DetectAddressFree(da);
3055  DetectAddressFree(db);
3056  return result;
3057 
3058 error:
3059  if (da) DetectAddressFree(da);
3060  if (db) DetectAddressFree(db);
3061  return 0;
3062 }
3063 
3064 static int AddressTestCmp07(void)
3065 {
3066  DetectAddress *da = NULL, *db = NULL;
3067  int result = 1;
3068 
3069  da = DetectAddressParseSingle("2001::/3");
3070  if (da == NULL) goto error;
3071  db = DetectAddressParseSingle("2001::1/3");
3072  if (db == NULL) goto error;
3073 
3074  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3075  result = 0;
3076 
3077  DetectAddressFree(da);
3078  DetectAddressFree(db);
3079  return result;
3080 
3081 error:
3082  if (da) DetectAddressFree(da);
3083  if (db) DetectAddressFree(db);
3084  return 0;
3085 }
3086 
3087 static int AddressTestCmp08(void)
3088 {
3089  DetectAddress *da = NULL, *db = NULL;
3090  int result = 1;
3091 
3092  da = DetectAddressParseSingle("2001::/3");
3093  if (da == NULL) goto error;
3094  db = DetectAddressParseSingle("2001::/8");
3095  if (db == NULL) goto error;
3096 
3097  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3098  result = 0;
3099 
3100  DetectAddressFree(da);
3101  DetectAddressFree(db);
3102  return result;
3103 
3104 error:
3105  if (da) DetectAddressFree(da);
3106  if (db) DetectAddressFree(db);
3107  return 0;
3108 }
3109 
3110 static int AddressTestCmp09(void)
3111 {
3112  DetectAddress *da = NULL, *db = NULL;
3113  int result = 1;
3114 
3115  da = DetectAddressParseSingle("2001::/8");
3116  if (da == NULL) goto error;
3117  db = DetectAddressParseSingle("2001::/3");
3118  if (db == NULL) goto error;
3119 
3120  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3121  result = 0;
3122 
3123  DetectAddressFree(da);
3124  DetectAddressFree(db);
3125  return result;
3126 
3127 error:
3128  if (da) DetectAddressFree(da);
3129  if (db) DetectAddressFree(db);
3130  return 0;
3131 }
3132 
3133 static int AddressTestCmp10(void)
3134 {
3135  DetectAddress *da = NULL, *db = NULL;
3136  int result = 1;
3137 
3138  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3139  if (da == NULL) goto error;
3140  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3141  if (db == NULL) goto error;
3142 
3143  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3144  result = 0;
3145 
3146  DetectAddressFree(da);
3147  DetectAddressFree(db);
3148  return result;
3149 
3150 error:
3151  if (da) DetectAddressFree(da);
3152  if (db) DetectAddressFree(db);
3153  return 0;
3154 }
3155 
3156 static int AddressTestCmp11(void)
3157 {
3158  DetectAddress *da = NULL, *db = NULL;
3159  int result = 1;
3160 
3161  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3162  if (da == NULL) goto error;
3163  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3164  if (db == NULL) goto error;
3165 
3166  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3167  result = 0;
3168 
3169  DetectAddressFree(da);
3170  DetectAddressFree(db);
3171  return result;
3172 
3173 error:
3174  if (da) DetectAddressFree(da);
3175  if (db) DetectAddressFree(db);
3176  return 0;
3177 }
3178 
3179 static int AddressTestCmp12(void)
3180 {
3181  DetectAddress *da = NULL, *db = NULL;
3182  int result = 1;
3183 
3184  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3185  if (da == NULL) goto error;
3186  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3187  if (db == NULL) goto error;
3188 
3189  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3190  result = 0;
3191 
3192  DetectAddressFree(da);
3193  DetectAddressFree(db);
3194  return result;
3195 
3196 error:
3197  if (da) DetectAddressFree(da);
3198  if (db) DetectAddressFree(db);
3199  return 0;
3200 }
3201 
3202 static int AddressTestAddressGroupSetup01(void)
3203 {
3204  int result = 0;
3206 
3207  if (gh != NULL) {
3208  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3209  if (r == 0)
3210  result = 1;
3211 
3213  }
3214  return result;
3215 }
3216 
3217 static int AddressTestAddressGroupSetup02(void)
3218 {
3219  int result = 0;
3221 
3222  if (gh != NULL) {
3223  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3224  if (r == 0 && gh->ipv4_head != NULL)
3225  result = 1;
3226 
3228  }
3229  return result;
3230 }
3231 
3232 static int AddressTestAddressGroupSetup03(void)
3233 {
3234  int result = 0;
3236 
3237  if (gh != NULL) {
3238  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3239  if (r == 0 && gh->ipv4_head != NULL) {
3240  DetectAddress *prev_head = gh->ipv4_head;
3241 
3242  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3243  if (r == 0 && gh->ipv4_head != prev_head &&
3244  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3245  result = 1;
3246  }
3247  }
3248 
3250  }
3251  return result;
3252 }
3253 
3254 static int AddressTestAddressGroupSetup04(void)
3255 {
3256  int result = 0;
3258 
3259  if (gh != NULL) {
3260  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3261  if (r == 0 && gh->ipv4_head != NULL) {
3262  DetectAddress *prev_head = gh->ipv4_head;
3263 
3264  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3265  if (r == 0 && gh->ipv4_head != prev_head &&
3266  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3267  DetectAddress *ph = gh->ipv4_head;
3268 
3269  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3270  if (r == 0 && gh->ipv4_head != ph &&
3271  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3272  result = 1;
3273  }
3274  }
3275  }
3276 
3278  }
3279  return result;
3280 }
3281 
3282 static int AddressTestAddressGroupSetup05(void)
3283 {
3284  int result = 0;
3286 
3287  if (gh != NULL) {
3288  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3289  if (r == 0 && gh->ipv4_head != NULL) {
3290  DetectAddress *prev_head = gh->ipv4_head;
3291 
3292  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3293  if (r == 0 && gh->ipv4_head == prev_head &&
3294  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3295  DetectAddress *ph = gh->ipv4_head;
3296 
3297  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3298  if (r == 0 && gh->ipv4_head == ph &&
3299  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3300  result = 1;
3301  }
3302  }
3303  }
3304 
3306  }
3307  return result;
3308 }
3309 
3310 static int AddressTestAddressGroupSetup06(void)
3311 {
3312  int result = 0;
3314 
3315  if (gh != NULL) {
3316  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3317  if (r == 0 && gh->ipv4_head != NULL) {
3318  DetectAddress *prev_head = gh->ipv4_head;
3319 
3320  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3321  if (r == 0 && gh->ipv4_head == prev_head &&
3322  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3323  result = 1;
3324  }
3325  }
3326 
3328  }
3329  return result;
3330 }
3331 
3332 static int AddressTestAddressGroupSetup07(void)
3333 {
3334  int result = 0;
3336 
3337  if (gh != NULL) {
3338  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3339  if (r == 0 && gh->ipv4_head != NULL) {
3340  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3341  if (r == 0 && gh->ipv4_head != NULL &&
3342  gh->ipv4_head->next != NULL &&
3343  gh->ipv4_head->next->next != NULL) {
3344  result = 1;
3345  }
3346  }
3347 
3349  }
3350  return result;
3351 }
3352 
3353 static int AddressTestAddressGroupSetup08(void)
3354 {
3355  int result = 0;
3357 
3358  if (gh != NULL) {
3359  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3360  if (r == 0 && gh->ipv4_head != NULL) {
3361  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3362  if (r == 0 && gh->ipv4_head != NULL &&
3363  gh->ipv4_head->next != NULL &&
3364  gh->ipv4_head->next->next != NULL) {
3365  result = 1;
3366  }
3367  }
3368 
3370  }
3371  return result;
3372 }
3373 
3374 static int AddressTestAddressGroupSetup09(void)
3375 {
3376  int result = 0;
3378 
3379  if (gh != NULL) {
3380  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3381  if (r == 0 && gh->ipv4_head != NULL) {
3382  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3383  if (r == 0 && gh->ipv4_head != NULL &&
3384  gh->ipv4_head->next != NULL &&
3385  gh->ipv4_head->next->next != NULL) {
3386  result = 1;
3387  }
3388  }
3389 
3391  }
3392  return result;
3393 }
3394 
3395 static int AddressTestAddressGroupSetup10(void)
3396 {
3397  int result = 0;
3399 
3400  if (gh != NULL) {
3401  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3402  if (r == 0 && gh->ipv4_head != NULL) {
3403  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3404  if (r == 0 && gh->ipv4_head != NULL &&
3405  gh->ipv4_head->next != NULL &&
3406  gh->ipv4_head->next->next != NULL) {
3407  result = 1;
3408  }
3409  }
3410 
3412  }
3413  return result;
3414 }
3415 
3416 static int AddressTestAddressGroupSetup11(void)
3417 {
3418  int result = 0;
3420 
3421  if (gh != NULL) {
3422  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3423  if (r == 0) {
3424  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3425  if (r == 0) {
3426  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3427  if (r == 0) {
3428  DetectAddress *one = gh->ipv4_head, *two = one->next,
3429  *three = two->next, *four = three->next,
3430  *five = four->next;
3431 
3432  /* result should be:
3433  * 0.0.0.0/10.10.9.255
3434  * 10.10.10.0/10.10.10.9
3435  * 10.10.10.10/10.10.10.255
3436  * 10.10.11.0/10.10.11.1
3437  * 10.10.11.2/255.255.255.255
3438  */
3439  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3440  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3441  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3442  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3443  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3444  result = 1;
3445  }
3446  }
3447  }
3448  }
3449 
3451  }
3452  return result;
3453 }
3454 
3455 static int AddressTestAddressGroupSetup12 (void)
3456 {
3457  int result = 0;
3459 
3460  if (gh != NULL) {
3461  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3462  if (r == 0) {
3463  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3464  if (r == 0) {
3465  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3466  if (r == 0) {
3467  DetectAddress *one = gh->ipv4_head, *two = one->next,
3468  *three = two->next, *four = three->next,
3469  *five = four->next;
3470 
3471  /* result should be:
3472  * 0.0.0.0/10.10.9.255
3473  * 10.10.10.0/10.10.10.9
3474  * 10.10.10.10/10.10.10.255
3475  * 10.10.11.0/10.10.11.1
3476  * 10.10.11.2/255.255.255.255
3477  */
3478  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3479  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3480  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3481  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3482  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3483  result = 1;
3484  }
3485  }
3486  }
3487  }
3488 
3490  }
3491  return result;
3492 }
3493 
3494 static int AddressTestAddressGroupSetup13(void)
3495 {
3496  int result = 0;
3498 
3499  if (gh != NULL) {
3500  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3501  if (r == 0) {
3502  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3503  if (r == 0) {
3504  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3505  if (r == 0) {
3506  DetectAddress *one = gh->ipv4_head, *two = one->next,
3507  *three = two->next, *four = three->next,
3508  *five = four->next;
3509 
3510  /* result should be:
3511  * 0.0.0.0/10.10.9.255
3512  * 10.10.10.0/10.10.10.9
3513  * 10.10.10.10/10.10.10.255
3514  * 10.10.11.0/10.10.11.1
3515  * 10.10.11.2/255.255.255.255
3516  */
3517  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3518  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3519  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3520  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3521  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3522  result = 1;
3523  }
3524  }
3525  }
3526  }
3527 
3529  }
3530  return result;
3531 }
3532 
3533 static int AddressTestAddressGroupSetupIPv414(void)
3534 {
3535  int result = 0;
3537 
3538  if (gh != NULL) {
3539  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3540  if (r == 0) {
3541  DetectAddress *one = gh->ipv4_head;
3542  DetectAddress *two = one ? one->next : NULL;
3543 
3544  if (one && two) {
3545  /* result should be:
3546  * 0.0.0.0/1.2.3.3
3547  * 1.2.3.5/255.255.255.255
3548  */
3549  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(16909059) &&
3550  two->ip.addr_data32[0] == SCNtohl(16909061) && two->ip2.addr_data32[0] == 0xFFFFFFFF) {
3551  result = 1;
3552  } else {
3553  printf("unexpected addresses: ");
3554  }
3555  } else {
3556  printf("one %p two %p: ", one, two);
3557  }
3558  } else {
3559  printf("DetectAddressParse returned %d, expected 0: ", r);
3560  }
3561 
3563  }
3564  return result;
3565 }
3566 
3567 static int AddressTestAddressGroupSetupIPv415(void)
3568 {
3569  int result = 0;
3571 
3572  if (gh != NULL) {
3573  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3574  if (r == 0) {
3575  DetectAddress *one = gh->ipv4_head;
3576 
3577  if (one && one->next == NULL) {
3578  /* result should be:
3579  * 0.0.0.1/255.255.255.255
3580  */
3581  if (one->ip.addr_data32[0] == SCNtohl(1) && one->ip2.addr_data32[0] == 0xFFFFFFFF)
3582  result = 1;
3583  }
3584  }
3585 
3587  }
3588  return result;
3589 }
3590 
3591 static int AddressTestAddressGroupSetupIPv416(void)
3592 {
3593  int result = 0;
3595 
3596  if (gh != NULL) {
3597  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3598  if (r == 0) {
3599  DetectAddress *one = gh->ipv4_head;
3600 
3601  if (one && one->next == NULL) {
3602  /* result should be:
3603  * 0.0.0.0/255.255.255.254
3604  */
3605  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(4294967294))
3606  result = 1;
3607  }
3608  }
3609 
3611  }
3612  return result;
3613 }
3614 
3615 static int AddressTestAddressGroupSetup14(void)
3616 {
3617  int result = 0;
3619 
3620  if (gh != NULL) {
3621  int r = DetectAddressParse(NULL, gh, "2001::1");
3622  if (r == 0)
3623  result = 1;
3624 
3626  }
3627  return result;
3628 }
3629 
3630 static int AddressTestAddressGroupSetup15(void)
3631 {
3632  int result = 0;
3634 
3635  if (gh != NULL) {
3636  int r = DetectAddressParse(NULL, gh, "2001::1");
3637  if (r == 0 && gh->ipv6_head != NULL)
3638  result = 1;
3639 
3641  }
3642  return result;
3643 }
3644 
3645 static int AddressTestAddressGroupSetup16(void)
3646 {
3647  int result = 0;
3649 
3650  if (gh != NULL) {
3651  int r = DetectAddressParse(NULL, gh, "2001::4");
3652  if (r == 0 && gh->ipv6_head != NULL) {
3653  DetectAddress *prev_head = gh->ipv6_head;
3654 
3655  r = DetectAddressParse(NULL, gh, "2001::3");
3656  if (r == 0 && gh->ipv6_head != prev_head &&
3657  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3658  result = 1;
3659  }
3660  }
3661 
3663  }
3664  return result;
3665 }
3666 
3667 static int AddressTestAddressGroupSetup17(void)
3668 {
3669  int result = 0;
3671 
3672  if (gh != NULL) {
3673  int r = DetectAddressParse(NULL, gh, "2001::4");
3674  if (r == 0 && gh->ipv6_head != NULL) {
3675  DetectAddress *prev_head = gh->ipv6_head;
3676 
3677  r = DetectAddressParse(NULL, gh, "2001::3");
3678  if (r == 0 && gh->ipv6_head != prev_head &&
3679  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3680  DetectAddress *ph = gh->ipv6_head;
3681 
3682  r = DetectAddressParse(NULL, gh, "2001::2");
3683  if (r == 0 && gh->ipv6_head != ph &&
3684  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3685  result = 1;
3686  }
3687  }
3688  }
3689 
3691  }
3692  return result;
3693 }
3694 
3695 static int AddressTestAddressGroupSetup18(void)
3696 {
3697  int result = 0;
3699 
3700  if (gh != NULL) {
3701  int r = DetectAddressParse(NULL, gh, "2001::2");
3702  if (r == 0 && gh->ipv6_head != NULL) {
3703  DetectAddress *prev_head = gh->ipv6_head;
3704 
3705  r = DetectAddressParse(NULL, gh, "2001::3");
3706  if (r == 0 && gh->ipv6_head == prev_head &&
3707  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3708  DetectAddress *ph = gh->ipv6_head;
3709 
3710  r = DetectAddressParse(NULL, gh, "2001::4");
3711  if (r == 0 && gh->ipv6_head == ph &&
3712  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3713  result = 1;
3714  }
3715  }
3716  }
3717 
3719  }
3720  return result;
3721 }
3722 
3723 static int AddressTestAddressGroupSetup19(void)
3724 {
3725  int result = 0;
3727 
3728  if (gh != NULL) {
3729  int r = DetectAddressParse(NULL, gh, "2001::2");
3730  if (r == 0 && gh->ipv6_head != NULL) {
3731  DetectAddress *prev_head = gh->ipv6_head;
3732 
3733  r = DetectAddressParse(NULL, gh, "2001::2");
3734  if (r == 0 && gh->ipv6_head == prev_head &&
3735  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3736  result = 1;
3737  }
3738  }
3739 
3741  }
3742  return result;
3743 }
3744 
3745 static int AddressTestAddressGroupSetup20(void)
3746 {
3747  int result = 0;
3749 
3750  if (gh != NULL) {
3751  int r = DetectAddressParse(NULL, gh, "2000::/3");
3752  if (r == 0 && gh->ipv6_head != NULL) {
3753  r = DetectAddressParse(NULL, gh, "2001::4");
3754  if (r == 0 && gh->ipv6_head != NULL &&
3755  gh->ipv6_head->next != NULL &&
3756  gh->ipv6_head->next->next != NULL) {
3757  result = 1;
3758  }
3759  }
3760 
3762  }
3763  return result;
3764 }
3765 
3766 static int AddressTestAddressGroupSetup21(void)
3767 {
3768  int result = 0;
3770 
3771  if (gh != NULL) {
3772  int r = DetectAddressParse(NULL, gh, "2001::4");
3773  if (r == 0 && gh->ipv6_head != NULL) {
3774  r = DetectAddressParse(NULL, gh, "2000::/3");
3775  if (r == 0 && gh->ipv6_head != NULL &&
3776  gh->ipv6_head->next != NULL &&
3777  gh->ipv6_head->next->next != NULL) {
3778  result = 1;
3779  }
3780  }
3781 
3783  }
3784  return result;
3785 }
3786 
3787 static int AddressTestAddressGroupSetup22(void)
3788 {
3789  int result = 0;
3791 
3792  if (gh != NULL) {
3793  int r = DetectAddressParse(NULL, gh, "2000::/3");
3794  if (r == 0 && gh->ipv6_head != NULL) {
3795  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3796  if (r == 0 && gh->ipv6_head != NULL &&
3797  gh->ipv6_head->next != NULL &&
3798  gh->ipv6_head->next->next != NULL) {
3799  result = 1;
3800  }
3801  }
3802 
3804  }
3805  return result;
3806 }
3807 
3808 static int AddressTestAddressGroupSetup23(void)
3809 {
3810  int result = 0;
3812 
3813  if (gh != NULL) {
3814  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3815  if (r == 0 && gh->ipv6_head != NULL) {
3816  r = DetectAddressParse(NULL, gh, "2000::/3");
3817  if (r == 0 && gh->ipv6_head != NULL &&
3818  gh->ipv6_head->next != NULL &&
3819  gh->ipv6_head->next->next != NULL) {
3820  result = 1;
3821  }
3822  }
3823 
3825  }
3826  return result;
3827 }
3828 
3829 static int AddressTestAddressGroupSetup24(void)
3830 {
3831  int result = 0;
3833 
3834  if (gh != NULL) {
3835  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3836  if (r == 0) {
3837  r = DetectAddressParse(NULL, gh, "2001::/3");
3838  if (r == 0) {
3839  r = DetectAddressParse(NULL, gh, "::/0");
3840  if (r == 0) {
3841  DetectAddress *one = gh->ipv6_head, *two = one->next,
3842  *three = two->next, *four = three->next,
3843  *five = four->next;
3844  if (one->ip.addr_data32[0] == 0x00000000 &&
3845  one->ip.addr_data32[1] == 0x00000000 &&
3846  one->ip.addr_data32[2] == 0x00000000 &&
3847  one->ip.addr_data32[3] == 0x00000000 &&
3848  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3849  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3850  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3851  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3852 
3853  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3854  two->ip.addr_data32[1] == 0x00000000 &&
3855  two->ip.addr_data32[2] == 0x00000000 &&
3856  two->ip.addr_data32[3] == 0x00000000 &&
3857  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3858  two->ip2.addr_data32[1] == 0x00000000 &&
3859  two->ip2.addr_data32[2] == 0x00000000 &&
3860  two->ip2.addr_data32[3] == SCNtohl(3) &&
3861 
3862  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3863  three->ip.addr_data32[1] == 0x00000000 &&
3864  three->ip.addr_data32[2] == 0x00000000 &&
3865  three->ip.addr_data32[3] == SCNtohl(4) &&
3866  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3867  three->ip2.addr_data32[1] == 0x00000000 &&
3868  three->ip2.addr_data32[2] == 0x00000000 &&
3869  three->ip2.addr_data32[3] == SCNtohl(6) &&
3870 
3871  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3872  four->ip.addr_data32[1] == 0x00000000 &&
3873  four->ip.addr_data32[2] == 0x00000000 &&
3874  four->ip.addr_data32[3] == SCNtohl(7) &&
3875  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3876  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3877  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3878  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3879 
3880  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3881  five->ip.addr_data32[1] == 0x00000000 &&
3882  five->ip.addr_data32[2] == 0x00000000 &&
3883  five->ip.addr_data32[3] == 0x00000000 &&
3884  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3885  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3886  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3887  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3888  result = 1;
3889  }
3890  }
3891  }
3892  }
3893 
3895  }
3896  return result;
3897 }
3898 
3899 static int AddressTestAddressGroupSetup25(void)
3900 {
3901  int result = 0;
3903 
3904  if (gh != NULL) {
3905  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3906  if (r == 0) {
3907  r = DetectAddressParse(NULL, gh, "::/0");
3908  if (r == 0) {
3909  r = DetectAddressParse(NULL, gh, "2001::/3");
3910  if (r == 0) {
3911  DetectAddress *one = gh->ipv6_head, *two = one->next,
3912  *three = two->next, *four = three->next,
3913  *five = four->next;
3914  if (one->ip.addr_data32[0] == 0x00000000 &&
3915  one->ip.addr_data32[1] == 0x00000000 &&
3916  one->ip.addr_data32[2] == 0x00000000 &&
3917  one->ip.addr_data32[3] == 0x00000000 &&
3918  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3919  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3920  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3921  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3922 
3923  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3924  two->ip.addr_data32[1] == 0x00000000 &&
3925  two->ip.addr_data32[2] == 0x00000000 &&
3926  two->ip.addr_data32[3] == 0x00000000 &&
3927  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3928  two->ip2.addr_data32[1] == 0x00000000 &&
3929  two->ip2.addr_data32[2] == 0x00000000 &&
3930  two->ip2.addr_data32[3] == SCNtohl(3) &&
3931 
3932  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3933  three->ip.addr_data32[1] == 0x00000000 &&
3934  three->ip.addr_data32[2] == 0x00000000 &&
3935  three->ip.addr_data32[3] == SCNtohl(4) &&
3936  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3937  three->ip2.addr_data32[1] == 0x00000000 &&
3938  three->ip2.addr_data32[2] == 0x00000000 &&
3939  three->ip2.addr_data32[3] == SCNtohl(6) &&
3940 
3941  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3942  four->ip.addr_data32[1] == 0x00000000 &&
3943  four->ip.addr_data32[2] == 0x00000000 &&
3944  four->ip.addr_data32[3] == SCNtohl(7) &&
3945  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3946  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3947  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3948  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3949 
3950  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3951  five->ip.addr_data32[1] == 0x00000000 &&
3952  five->ip.addr_data32[2] == 0x00000000 &&
3953  five->ip.addr_data32[3] == 0x00000000 &&
3954  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3955  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3956  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3957  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3958  result = 1;
3959  }
3960  }
3961  }
3962  }
3963 
3965  }
3966  return result;
3967 }
3968 
3969 static int AddressTestAddressGroupSetup26(void)
3970 {
3971  int result = 0;
3973 
3974  if (gh != NULL) {
3975  int r = DetectAddressParse(NULL, gh, "::/0");
3976  if (r == 0) {
3977  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3978  if (r == 0) {
3979  r = DetectAddressParse(NULL, gh, "2001::/3");
3980  if (r == 0) {
3981  DetectAddress *one = gh->ipv6_head, *two = one->next,
3982  *three = two->next, *four = three->next,
3983  *five = four->next;
3984  if (one->ip.addr_data32[0] == 0x00000000 &&
3985  one->ip.addr_data32[1] == 0x00000000 &&
3986  one->ip.addr_data32[2] == 0x00000000 &&
3987  one->ip.addr_data32[3] == 0x00000000 &&
3988  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3989  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3990  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3991  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3992 
3993  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3994  two->ip.addr_data32[1] == 0x00000000 &&
3995  two->ip.addr_data32[2] == 0x00000000 &&
3996  two->ip.addr_data32[3] == 0x00000000 &&
3997  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3998  two->ip2.addr_data32[1] == 0x00000000 &&
3999  two->ip2.addr_data32[2] == 0x00000000 &&
4000  two->ip2.addr_data32[3] == SCNtohl(3) &&
4001 
4002  three->ip.addr_data32[0] == SCNtohl(536936448) &&
4003  three->ip.addr_data32[1] == 0x00000000 &&
4004  three->ip.addr_data32[2] == 0x00000000 &&
4005  three->ip.addr_data32[3] == SCNtohl(4) &&
4006  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
4007  three->ip2.addr_data32[1] == 0x00000000 &&
4008  three->ip2.addr_data32[2] == 0x00000000 &&
4009  three->ip2.addr_data32[3] == SCNtohl(6) &&
4010 
4011  four->ip.addr_data32[0] == SCNtohl(536936448) &&
4012  four->ip.addr_data32[1] == 0x00000000 &&
4013  four->ip.addr_data32[2] == 0x00000000 &&
4014  four->ip.addr_data32[3] == SCNtohl(7) &&
4015  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
4016  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
4017  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
4018  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
4019 
4020  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
4021  five->ip.addr_data32[1] == 0x00000000 &&
4022  five->ip.addr_data32[2] == 0x00000000 &&
4023  five->ip.addr_data32[3] == 0x00000000 &&
4024  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4025  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4026  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4027  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4028  result = 1;
4029  }
4030  }
4031  }
4032  }
4033 
4035  }
4036  return result;
4037 }
4038 
4039 static int AddressTestAddressGroupSetup27(void)
4040 {
4041  int result = 0;
4043 
4044  if (gh != NULL) {
4045  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
4046  if (r == 0)
4047  result = 1;
4048 
4050  }
4051  return result;
4052 }
4053 
4054 static int AddressTestAddressGroupSetup28(void)
4055 {
4056  int result = 0;
4058 
4059  if (gh != NULL) {
4060  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4061  if (r == 0)
4062  result = 1;
4063 
4065  }
4066  return result;
4067 }
4068 
4069 static int AddressTestAddressGroupSetup29(void)
4070 {
4071  int result = 0;
4073 
4074  if (gh != NULL) {
4075  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4076  if (r == 0)
4077  result = 1;
4078 
4080  }
4081  return result;
4082 }
4083 
4084 static int AddressTestAddressGroupSetup30(void)
4085 {
4086  int result = 0;
4088 
4089  if (gh != NULL) {
4090  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4091  if (r == 0)
4092  result = 1;
4093 
4095  }
4096  return result;
4097 }
4098 
4099 static int AddressTestAddressGroupSetup31(void)
4100 {
4101  int result = 0;
4103 
4104  if (gh != NULL) {
4105  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4106  if (r == 0)
4107  result = 1;
4108 
4110  }
4111  return result;
4112 }
4113 
4114 static int AddressTestAddressGroupSetup32(void)
4115 {
4116  int result = 0;
4118 
4119  if (gh != NULL) {
4120  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4121  if (r == 0)
4122  result = 1;
4123 
4125  }
4126  return result;
4127 }
4128 
4129 static int AddressTestAddressGroupSetup33(void)
4130 {
4131  int result = 0;
4133 
4134  if (gh != NULL) {
4135  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4136  if (r == 0)
4137  result = 1;
4138 
4140  }
4141  return result;
4142 }
4143 
4144 static int AddressTestAddressGroupSetup34(void)
4145 {
4146  int result = 0;
4148 
4149  if (gh != NULL) {
4150  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4151  if (r == 0)
4152  result = 1;
4153 
4155  }
4156  return result;
4157 }
4158 
4159 static int AddressTestAddressGroupSetup35(void)
4160 {
4161  int result = 0;
4163 
4164  if (gh != NULL) {
4165  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4166  if (r == 0)
4167  result = 1;
4168 
4170  }
4171  return result;
4172 }
4173 
4174 static int AddressTestAddressGroupSetup36 (void)
4175 {
4176  int result = 0;
4177 
4179  if (gh != NULL) {
4180  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4181  if (r == 0)
4182  result = 1;
4183 
4185  }
4186  return result;
4187 }
4188 
4189 static int AddressTestAddressGroupSetup37(void)
4190 {
4191  int result = 0;
4193 
4194  if (gh != NULL) {
4195  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4196  if (r == 0)
4197  result = 1;
4198 
4200  }
4201  return result;
4202 }
4203 
4204 static int AddressTestAddressGroupSetup38(void)
4205 {
4206  UTHValidateDetectAddressHeadRange expectations[3] = {
4207  { "0.0.0.0", "192.167.255.255" },
4208  { "192.168.14.0", "192.168.14.255" },
4209  { "192.169.0.0", "255.255.255.255" } };
4210  int result = 0;
4212 
4213  if (gh != NULL) {
4214  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4215  if (r == 0) {
4216  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4217  result = 1;
4218  }
4219 
4221  }
4222  return result;
4223 }
4224 
4225 static int AddressTestAddressGroupSetup39(void)
4226 {
4227  UTHValidateDetectAddressHeadRange expectations[3] = {
4228  { "0.0.0.0", "192.167.255.255" },
4229  { "192.168.14.0", "192.168.14.255" },
4230  { "192.169.0.0", "255.255.255.255" } };
4231  int result = 0;
4233 
4234  if (gh != NULL) {
4235  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4236  if (r == 0) {
4237  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4238  result = 1;
4239  }
4240 
4242  }
4243  return result;
4244 }
4245 
4246 static int AddressTestAddressGroupSetup40(void)
4247 {
4248  UTHValidateDetectAddressHeadRange expectations[3] = {
4249  { "0.0.0.0", "192.167.255.255" },
4250  { "192.168.14.0", "192.168.14.255" },
4251  { "192.169.0.0", "255.255.255.255" } };
4252  int result = 0;
4254  if (gh != NULL) {
4255  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4256  if (r == 0) {
4257  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4258  result = 1;
4259  }
4260 
4262  }
4263  return result;
4264 }
4265 
4266 static int AddressTestAddressGroupSetup41(void)
4267 {
4268  UTHValidateDetectAddressHeadRange expectations[3] = {
4269  { "0.0.0.0", "192.167.255.255" },
4270  { "192.168.14.0", "192.168.14.255" },
4271  { "192.169.0.0", "255.255.255.255" } };
4272  int result = 0;
4274  if (gh != NULL) {
4275  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4276  if (r == 0) {
4277  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4278  result = 1;
4279  }
4280 
4282  }
4283  return result;
4284 }
4285 
4286 static int AddressTestAddressGroupSetup42(void)
4287 {
4288  UTHValidateDetectAddressHeadRange expectations[1] = {
4289  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4290  int result = 0;
4292  if (gh != NULL) {
4293  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4294  if (r == 0) {
4295  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4296  result = 1;
4297  }
4298 
4300  }
4301  return result;
4302 }
4303 
4304 static int AddressTestAddressGroupSetup43(void)
4305 {
4306  UTHValidateDetectAddressHeadRange expectations[2] = {
4307  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4308  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4309  int result = 0;
4311  if (gh != NULL) {
4312  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4313  if (r == 0) {
4314  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4315  result = 1;
4316  }
4317 
4319  }
4320  return result;
4321 }
4322 
4323 static int AddressTestAddressGroupSetup44(void)
4324 {
4325  UTHValidateDetectAddressHeadRange expectations[2] = {
4326  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4327  int result = 0;
4329  if (gh != NULL) {
4330  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4331  if (r == 0) {
4332  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4333  result = 1;
4334  }
4335 
4337  }
4338  return result;
4339 }
4340 
4341 static int AddressTestAddressGroupSetup45(void)
4342 {
4343  int result = 0;
4345  if (gh != NULL) {
4346  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4347  if (r != 0) {
4348  result = 1;
4349  }
4350 
4352  }
4353  return result;
4354 }
4355 
4356 static int AddressTestAddressGroupSetup46(void)
4357 {
4358  UTHValidateDetectAddressHeadRange expectations[4] = {
4359  { "0.0.0.0", "192.167.255.255" },
4360  { "192.168.1.0", "192.168.1.255" },
4361  { "192.168.3.0", "192.168.3.255" },
4362  { "192.169.0.0", "255.255.255.255" } };
4363  int result = 0;
4365  if (gh != NULL) {
4366  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4367  if (r == 0) {
4368  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4369  result = 1;
4370  }
4371 
4373  }
4374  return result;
4375 }
4376 
4377 /** \test net with some negations, then all negated */
4378 static int AddressTestAddressGroupSetup47(void)
4379 {
4380  UTHValidateDetectAddressHeadRange expectations[5] = {
4381  { "0.0.0.0", "192.167.255.255" },
4382  { "192.168.1.0", "192.168.1.255" },
4383  { "192.168.3.0", "192.168.3.255" },
4384  { "192.168.5.0", "192.168.5.255" },
4385  { "192.169.0.0", "255.255.255.255" } };
4386  int result = 0;
4388  if (gh != NULL) {
4389  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4390  if (r == 0) {
4391  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4392  result = 1;
4393  }
4394 
4396  }
4397  return result;
4398 }
4399 
4400 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4401 static int AddressTestAddressGroupSetup48(void)
4402 {
4403  UTHValidateDetectAddressHeadRange expectations[4] = {
4404  { "192.168.0.0", "192.168.0.255" },
4405  { "192.168.2.0", "192.168.2.255" },
4406  { "192.168.4.0", "192.168.4.255" },
4407  { "192.168.6.0", "192.168.255.255" } };
4408  int result = 0;
4410  if (gh != NULL) {
4411  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4412  if (r == 0) {
4413  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4414  result = 1;
4415  }
4416 
4418  }
4419  return result;
4420 }
4421 
4422 static int AddressTestCutIPv401(void)
4423 {
4424  DetectAddress *a, *b, *c;
4425  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4426  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4427 
4428  if (DetectAddressCut(NULL, a, b, &c) == -1)
4429  goto error;
4430 
4431  DetectAddressFree(a);
4432  DetectAddressFree(b);
4433  DetectAddressFree(c);
4434  return 1;
4435 
4436 error:
4437  DetectAddressFree(a);
4438  DetectAddressFree(b);
4439  DetectAddressFree(c);
4440  return 0;
4441 }
4442 
4443 static int AddressTestCutIPv402(void)
4444 {
4445  DetectAddress *a, *b, *c;
4446  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4447  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4448 
4449  if (DetectAddressCut(NULL, a, b, &c) == -1)
4450  goto error;
4451 
4452  if (c == NULL)
4453  goto error;
4454 
4455  DetectAddressFree(a);
4456  DetectAddressFree(b);
4457  DetectAddressFree(c);
4458  return 1;
4459 
4460 error:
4461  DetectAddressFree(a);
4462  DetectAddressFree(b);
4463  DetectAddressFree(c);
4464  return 0;
4465 }
4466 
4467 static int AddressTestCutIPv403(void)
4468 {
4469  DetectAddress *a, *b, *c;
4470  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4471  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4472 
4473  if (DetectAddressCut(NULL, a, b, &c) == -1)
4474  goto error;
4475 
4476  if (c == NULL)
4477  goto error;
4478 
4479  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4480  goto error;
4481  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4482  goto error;
4483  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4484  goto error;
4485 
4486  DetectAddressFree(a);
4487  DetectAddressFree(b);
4488  DetectAddressFree(c);
4489  return 1;
4490 
4491 error:
4492  DetectAddressFree(a);
4493  DetectAddressFree(b);
4494  DetectAddressFree(c);
4495  return 0;
4496 }
4497 
4498 static int AddressTestCutIPv404(void)
4499 {
4500  DetectAddress *a, *b, *c;
4501  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4502  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4503 
4504  if (DetectAddressCut(NULL, a, b, &c) == -1)
4505  goto error;
4506 
4507  if (c == NULL)
4508  goto error;
4509 
4510  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4511  goto error;
4512  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4513  goto error;
4514  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4515  goto error;
4516 
4517 
4518  DetectAddressFree(a);
4519  DetectAddressFree(b);
4520  DetectAddressFree(c);
4521  return 1;
4522 
4523 error:
4524  DetectAddressFree(a);
4525  DetectAddressFree(b);
4526  DetectAddressFree(c);
4527  return 0;
4528 }
4529 
4530 static int AddressTestCutIPv405(void)
4531 {
4532  DetectAddress *a, *b, *c;
4533  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4534  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4535 
4536  if (DetectAddressCut(NULL, a, b, &c) == -1)
4537  goto error;
4538 
4539  if (c == NULL)
4540  goto error;
4541 
4542  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4543  goto error;
4544  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4545  goto error;
4546  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4547  goto error;
4548 
4549  DetectAddressFree(a);
4550  DetectAddressFree(b);
4551  DetectAddressFree(c);
4552  return 1;
4553 
4554 error:
4555  DetectAddressFree(a);
4556  DetectAddressFree(b);
4557  DetectAddressFree(c);
4558  return 0;
4559 }
4560 
4561 static int AddressTestCutIPv406(void)
4562 {
4563  DetectAddress *a, *b, *c;
4564  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4565  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4566 
4567  if (DetectAddressCut(NULL, a, b, &c) == -1)
4568  goto error;
4569 
4570  if (c == NULL)
4571  goto error;
4572 
4573  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4574  goto error;
4575  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4576  goto error;
4577  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4578  goto error;
4579 
4580  DetectAddressFree(a);
4581  DetectAddressFree(b);
4582  DetectAddressFree(c);
4583  return 1;
4584 
4585 error:
4586  DetectAddressFree(a);
4587  DetectAddressFree(b);
4588  DetectAddressFree(c);
4589  return 0;
4590 }
4591 
4592 static int AddressTestCutIPv407(void)
4593 {
4594  DetectAddress *a, *b, *c;
4595  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4596  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4597 
4598  if (DetectAddressCut(NULL, a, b, &c) == -1)
4599  goto error;
4600 
4601  if (c != NULL)
4602  goto error;
4603 
4604  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4605  goto error;
4606  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4607  goto error;
4608 
4609  DetectAddressFree(a);
4610  DetectAddressFree(b);
4611  DetectAddressFree(c);
4612  return 1;
4613 
4614 error:
4615  DetectAddressFree(a);
4616  DetectAddressFree(b);
4617  DetectAddressFree(c);
4618  return 0;
4619 }
4620 
4621 static int AddressTestCutIPv408(void)
4622 {
4623  DetectAddress *a, *b, *c;
4624  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4625  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4626 
4627  if (DetectAddressCut(NULL, a, b, &c) == -1)
4628  goto error;
4629 
4630  if (c != NULL)
4631  goto error;
4632 
4633  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4634  goto error;
4635  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4636  goto error;
4637 
4638  DetectAddressFree(a);
4639  DetectAddressFree(b);
4640  DetectAddressFree(c);
4641  return 1;
4642 
4643 error:
4644  DetectAddressFree(a);
4645  DetectAddressFree(b);
4646  DetectAddressFree(c);
4647  return 0;
4648 }
4649 
4650 static int AddressTestCutIPv409(void)
4651 {
4652  DetectAddress *a, *b, *c;
4653  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4654  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4655 
4656  if (DetectAddressCut(NULL, a, b, &c) == -1)
4657  goto error;
4658 
4659  if (c != NULL)
4660  goto error;
4661 
4662  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4663  goto error;
4664  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4665  goto error;
4666 
4667  DetectAddressFree(a);
4668  DetectAddressFree(b);
4669  DetectAddressFree(c);
4670  return 1;
4671 
4672 error:
4673  DetectAddressFree(a);
4674  DetectAddressFree(b);
4675  DetectAddressFree(c);
4676  return 0;
4677 }
4678 
4679 static int AddressTestCutIPv410(void)
4680 {
4681  DetectAddress *a, *b, *c;
4682  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4683  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4684 
4685  if (DetectAddressCut(NULL, a, b, &c) == -1)
4686  goto error;
4687 
4688  if (c != NULL)
4689  goto error;
4690 
4691  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4692  goto error;
4693  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4694  goto error;
4695 
4696  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4697 
4698  DetectAddressFree(a);
4699  DetectAddressFree(b);
4700  DetectAddressFree(c);
4701  return 1;
4702 
4703 error:
4704  DetectAddressFree(a);
4705  DetectAddressFree(b);
4706  DetectAddressFree(c);
4707  return 0;
4708 }
4709 
4710 static int AddressTestParseInvalidMask01(void)
4711 {
4712  int result = 1;
4713  DetectAddress *dd = NULL;
4714 
4715  dd = DetectAddressParseSingle("192.168.2.0/33");
4716  if (dd != NULL) {
4717  DetectAddressFree(dd);
4718  result = 0;
4719  }
4720  return result;
4721 }
4722 
4723 static int AddressTestParseInvalidMask02(void)
4724 {
4725  int result = 1;
4726  DetectAddress *dd = NULL;
4727 
4728  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4729  if (dd != NULL) {
4730  DetectAddressFree(dd);
4731  result = 0;
4732  }
4733  return result;
4734 }
4735 
4736 static int AddressTestParseInvalidMask03(void)
4737 {
4738  int result = 1;
4739  DetectAddress *dd = NULL;
4740 
4741  dd = DetectAddressParseSingle("192.168.2.0/blue");
4742  if (dd != NULL) {
4743  DetectAddressFree(dd);
4744  result = 0;
4745  }
4746  return result;
4747 }
4748 
4749 static int AddressConfVarsTest01(void)
4750 {
4751  static const char *dummy_conf_string =
4752  "%YAML 1.1\n"
4753  "---\n"
4754  "\n"
4755  "vars:\n"
4756  "\n"
4757  " address-groups:\n"
4758  "\n"
4759  " HOME_NET: \"any\"\n"
4760  "\n"
4761  " EXTERNAL_NET: \"!any\"\n"
4762  "\n"
4763  " port-groups:\n"
4764  "\n"
4765  " HTTP_PORTS: \"any\"\n"
4766  "\n"
4767  " SHELLCODE_PORTS: \"!any\"\n"
4768  "\n";
4769 
4770  int result = 0;
4771 
4773  ConfInit();
4774  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4775 
4777  result = 1;
4778 
4779  ConfDeInit();
4781 
4782  return result;
4783 }
4784 
4785 static int AddressConfVarsTest02(void)
4786 {
4787  static const char *dummy_conf_string =
4788  "%YAML 1.1\n"
4789  "---\n"
4790  "\n"
4791  "vars:\n"
4792  "\n"
4793  " address-groups:\n"
4794  "\n"
4795  " HOME_NET: \"any\"\n"
4796  "\n"
4797  " EXTERNAL_NET: \"any\"\n"
4798  "\n"
4799  " port-groups:\n"
4800  "\n"
4801  " HTTP_PORTS: \"any\"\n"
4802  "\n"
4803  " SHELLCODE_PORTS: \"!any\"\n"
4804  "\n";
4805 
4806  int result = 0;
4807 
4809  ConfInit();
4810  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4811 
4813  result = 1;
4814 
4815  ConfDeInit();
4817 
4818  return result;
4819 }
4820 
4821 static int AddressConfVarsTest03(void)
4822 {
4823  static const char *dummy_conf_string =
4824  "%YAML 1.1\n"
4825  "---\n"
4826  "\n"
4827  "vars:\n"
4828  "\n"
4829  " address-groups:\n"
4830  "\n"
4831  " HOME_NET: \"any\"\n"
4832  "\n"
4833  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4834  "\n"
4835  " port-groups:\n"
4836  "\n"
4837  " HTTP_PORTS: \"any\"\n"
4838  "\n"
4839  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4840  "\n";
4841 
4842  int result = 0;
4843 
4845  ConfInit();
4846  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4847 
4849  result = 1;
4850 
4851  ConfDeInit();
4853 
4854  return result;
4855 }
4856 
4857 static int AddressConfVarsTest04(void)
4858 {
4859  static const char *dummy_conf_string =
4860  "%YAML 1.1\n"
4861  "---\n"
4862  "\n"
4863  "vars:\n"
4864  "\n"
4865  " address-groups:\n"
4866  "\n"
4867  " HOME_NET: \"any\"\n"
4868  "\n"
4869  " EXTERNAL_NET: \"$HOME_NET\"\n"
4870  "\n"
4871  " port-groups:\n"
4872  "\n"
4873  " HTTP_PORTS: \"any\"\n"
4874  "\n"
4875  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4876  "\n";
4877 
4878  int result = 0;
4879 
4881  ConfInit();
4882  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4883 
4885  result = 1;
4886 
4887  ConfDeInit();
4889 
4890  return result;
4891 }
4892 
4893 static int AddressConfVarsTest05(void)
4894 {
4895  static const char *dummy_conf_string =
4896  "%YAML 1.1\n"
4897  "---\n"
4898  "\n"
4899  "vars:\n"
4900  "\n"
4901  " address-groups:\n"
4902  "\n"
4903  " HOME_NET: \"any\"\n"
4904  "\n"
4905  " EXTERNAL_NET: [192.168.0.1]\n"
4906  "\n"
4907  " port-groups:\n"
4908  "\n"
4909  " HTTP_PORTS: \"any\"\n"
4910  "\n"
4911  " SHELLCODE_PORTS: [80]\n"
4912  "\n";
4913 
4914  int result = 0;
4915 
4917  ConfInit();
4918  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4919 
4920  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4921  goto end;
4922 
4923  result = 1;
4924 
4925  end:
4926  ConfDeInit();
4928 
4929  return result;
4930 }
4931 
4932 #endif /* UNITTESTS */
4933 
4935 {
4936 #ifdef UNITTESTS
4939 
4940  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4941  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4942  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4943  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4944  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4945  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4946  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4947  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4948  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4949  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4950  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4951  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4952  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4953  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4954  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4955  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4956  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4957  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4958  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4959  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4960  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4961  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4962  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4963  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4964  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4965  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4966  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4967  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4968  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4969  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4970  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4971  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4972  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4973  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4974  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4975  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4976 
4977  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4978  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4979  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4980  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4981  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4982  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4983  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4984  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4985  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4986  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4987  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4988 
4989  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4990  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4991  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4992  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4993  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4994  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4995  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4996  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4997 
4998  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4999  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5000  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5001  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5002  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5003  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5004 
5005  UtRegisterTest("AddressTestAddressGroupSetup01",
5006  AddressTestAddressGroupSetup01);
5007  UtRegisterTest("AddressTestAddressGroupSetup02",
5008  AddressTestAddressGroupSetup02);
5009  UtRegisterTest("AddressTestAddressGroupSetup03",
5010  AddressTestAddressGroupSetup03);
5011  UtRegisterTest("AddressTestAddressGroupSetup04",
5012  AddressTestAddressGroupSetup04);
5013  UtRegisterTest("AddressTestAddressGroupSetup05",
5014  AddressTestAddressGroupSetup05);
5015  UtRegisterTest("AddressTestAddressGroupSetup06",
5016  AddressTestAddressGroupSetup06);
5017  UtRegisterTest("AddressTestAddressGroupSetup07",
5018  AddressTestAddressGroupSetup07);
5019  UtRegisterTest("AddressTestAddressGroupSetup08",
5020  AddressTestAddressGroupSetup08);
5021  UtRegisterTest("AddressTestAddressGroupSetup09",
5022  AddressTestAddressGroupSetup09);
5023  UtRegisterTest("AddressTestAddressGroupSetup10",
5024  AddressTestAddressGroupSetup10);
5025  UtRegisterTest("AddressTestAddressGroupSetup11",
5026  AddressTestAddressGroupSetup11);
5027  UtRegisterTest("AddressTestAddressGroupSetup12",
5028  AddressTestAddressGroupSetup12);
5029  UtRegisterTest("AddressTestAddressGroupSetup13",
5030  AddressTestAddressGroupSetup13);
5031  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5032  AddressTestAddressGroupSetupIPv414);
5033  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5034  AddressTestAddressGroupSetupIPv415);
5035  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5036  AddressTestAddressGroupSetupIPv416);
5037 
5038  UtRegisterTest("AddressTestAddressGroupSetup14",
5039  AddressTestAddressGroupSetup14);
5040  UtRegisterTest("AddressTestAddressGroupSetup15",
5041  AddressTestAddressGroupSetup15);
5042  UtRegisterTest("AddressTestAddressGroupSetup16",
5043  AddressTestAddressGroupSetup16);
5044  UtRegisterTest("AddressTestAddressGroupSetup17",
5045  AddressTestAddressGroupSetup17);
5046  UtRegisterTest("AddressTestAddressGroupSetup18",
5047  AddressTestAddressGroupSetup18);
5048  UtRegisterTest("AddressTestAddressGroupSetup19",
5049  AddressTestAddressGroupSetup19);
5050  UtRegisterTest("AddressTestAddressGroupSetup20",
5051  AddressTestAddressGroupSetup20);
5052  UtRegisterTest("AddressTestAddressGroupSetup21",
5053  AddressTestAddressGroupSetup21);
5054  UtRegisterTest("AddressTestAddressGroupSetup22",
5055  AddressTestAddressGroupSetup22);
5056  UtRegisterTest("AddressTestAddressGroupSetup23",
5057  AddressTestAddressGroupSetup23);
5058  UtRegisterTest("AddressTestAddressGroupSetup24",
5059  AddressTestAddressGroupSetup24);
5060  UtRegisterTest("AddressTestAddressGroupSetup25",
5061  AddressTestAddressGroupSetup25);
5062  UtRegisterTest("AddressTestAddressGroupSetup26",
5063  AddressTestAddressGroupSetup26);
5064 
5065  UtRegisterTest("AddressTestAddressGroupSetup27",
5066  AddressTestAddressGroupSetup27);
5067  UtRegisterTest("AddressTestAddressGroupSetup28",
5068  AddressTestAddressGroupSetup28);
5069  UtRegisterTest("AddressTestAddressGroupSetup29",
5070  AddressTestAddressGroupSetup29);
5071  UtRegisterTest("AddressTestAddressGroupSetup30",
5072  AddressTestAddressGroupSetup30);
5073  UtRegisterTest("AddressTestAddressGroupSetup31",
5074  AddressTestAddressGroupSetup31);
5075  UtRegisterTest("AddressTestAddressGroupSetup32",
5076  AddressTestAddressGroupSetup32);
5077  UtRegisterTest("AddressTestAddressGroupSetup33",
5078  AddressTestAddressGroupSetup33);
5079  UtRegisterTest("AddressTestAddressGroupSetup34",
5080  AddressTestAddressGroupSetup34);
5081  UtRegisterTest("AddressTestAddressGroupSetup35",
5082  AddressTestAddressGroupSetup35);
5083  UtRegisterTest("AddressTestAddressGroupSetup36",
5084  AddressTestAddressGroupSetup36);
5085  UtRegisterTest("AddressTestAddressGroupSetup37",
5086  AddressTestAddressGroupSetup37);
5087  UtRegisterTest("AddressTestAddressGroupSetup38",
5088  AddressTestAddressGroupSetup38);
5089  UtRegisterTest("AddressTestAddressGroupSetup39",
5090  AddressTestAddressGroupSetup39);
5091  UtRegisterTest("AddressTestAddressGroupSetup40",
5092  AddressTestAddressGroupSetup40);
5093  UtRegisterTest("AddressTestAddressGroupSetup41",
5094  AddressTestAddressGroupSetup41);
5095  UtRegisterTest("AddressTestAddressGroupSetup42",
5096  AddressTestAddressGroupSetup42);
5097  UtRegisterTest("AddressTestAddressGroupSetup43",
5098  AddressTestAddressGroupSetup43);
5099  UtRegisterTest("AddressTestAddressGroupSetup44",
5100  AddressTestAddressGroupSetup44);
5101  UtRegisterTest("AddressTestAddressGroupSetup45",
5102  AddressTestAddressGroupSetup45);
5103  UtRegisterTest("AddressTestAddressGroupSetup46",
5104  AddressTestAddressGroupSetup46);
5105  UtRegisterTest("AddressTestAddressGroupSetup47",
5106  AddressTestAddressGroupSetup47);
5107  UtRegisterTest("AddressTestAddressGroupSetup48",
5108  AddressTestAddressGroupSetup48);
5109 
5110  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5111  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5112  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5113  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5114  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5115  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5116  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5117  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5118  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5119  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5120 
5121  UtRegisterTest("AddressTestParseInvalidMask01",
5122  AddressTestParseInvalidMask01);
5123  UtRegisterTest("AddressTestParseInvalidMask02",
5124  AddressTestParseInvalidMask02);
5125  UtRegisterTest("AddressTestParseInvalidMask03",
5126  AddressTestParseInvalidMask03);
5127 
5128  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5129  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5130  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5131  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5132  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5133 #endif /* UNITTESTS */
5134 }
int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, DetectAddress *new)
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigG...
#define COPY_ADDRESS(a, b)
Definition: decode.h:125
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t ip2[4]
Definition: detect.h:163
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
int DetectAddressParseString(DetectAddress *dd, const char *str)
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
struct DetectAddress_ * prev
Definition: detect.h:144
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
#define BUG_ON(x)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string)
#define FALSE
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Address ip
Definition: detect.h:137
address structure for use in the detection engine.
Definition: detect.h:135
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
void DetectAddressHeadFree(DetectAddressHead *gh)
Frees a DetectAddressHead instance.
DetectAddress * DetectAddressCopy(DetectAddress *orig)
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAdd...
int DetectAddressMatch(DetectAddress *dd, Address *a)
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance...
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
uint32_t ip[4]
Definition: detect.h:162
struct DetectAddressMap_ DetectAddressMap
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
char * val
Definition: conf.h:34
Flow * head
Definition: flow-hash.h:102
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
DetectAddress * DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr)
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
#define TRUE
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
main detection engine ctx
Definition: detect.h:756
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
struct DetectAddress_ * next
Definition: detect.h:146
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:253
HashListTable * address_table
Definition: detect.h:906
uint8_t flags
Definition: detect.h:141
char family
Definition: decode.h:111
void DetectAddressPrintList(DetectAddress *head)
Prints the address data information for all the DetectAddress instances in the DetectAddress list sen...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
int DetectAddressTestConfVars(void)
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
Address ip2
Definition: detect.h:138
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * ipv4_head
Definition: detect.h:151
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
#define SCReturnInt(x)
Definition: util-debug.h:341
#define SCNtohl(x)
union Address_::@40 address
#define ADDRESS_FLAG_NOT
Definition: detect.h:129
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: conf.h:32
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
#define SCMalloc(a)
Definition: util-mem.h:222
void DetectAddressIPv6Tests(void)
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
#define SCFree(a)
Definition: util-mem.h:322
PoolThreadReserved res
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
uint8_t address
Definition: decode-ppp.h:311
void DetectAddressPrint(DetectAddress *)
Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectPortTestConfVars(void)
char * name
Definition: conf.h:33
void DetectAddressTests(void)
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Join two addresses groups together.
uint32_t array_size
Definition: util-hashlist.h:41
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - &#39;not&#39; match)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:268
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressHead * DetectAddressHeadInit(void)
Returns a new instance of DetectAddressHead.
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressAdd(DetectAddress **head, DetectAddress *ag)
Do a sorted insert, where the top of the list should be the biggest network/range.
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
DetectAddressHead * address
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
void DetectAddressIPv4Tests(void)
DetectAddress * ipv6_head
Definition: detect.h:152
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133