suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
58 
59 /**
60  * \brief Creates and returns a new instance of a DetectAddress.
61  *
62  * \retval ag Pointer to the newly created DetectAddress on success;
63  * NULL on failure.
64  */
65 DetectAddress *DetectAddressInit(void)
66 {
67  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
68  if (unlikely(ag == NULL))
69  return NULL;
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
78 void DetectAddressFree(DetectAddress *ag)
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84  return;
85 }
86 
87 /**
88  * \internal
89  * \brief Returns a new instance of DetectAddressHead.
90  *
91  * \retval gh Pointer to the new instance of DetectAddressHead.
92  */
93 static DetectAddressHead *DetectAddressHeadInit(void)
94 {
95  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
96  if (unlikely(gh == NULL))
97  return NULL;
98  return gh;
99 }
100 
101 /**
102  * \internal
103  * \brief Frees a DetectAddressHead instance.
104  *
105  * \param gh Pointer to the DetectAddressHead instance to be freed.
106  */
107 static void DetectAddressHeadFree(DetectAddressHead *gh)
108 {
109  if (gh != NULL) {
110  DetectAddressHeadCleanup(gh);
111  SCFree(gh);
112  }
113 }
114 
115 /**
116  * \brief copy a DetectAddress
117  *
118  * \param orig Pointer to the instance of DetectAddress that contains the
119  * address data to be copied to the new instance.
120  *
121  * \retval ag Pointer to the new instance of DetectAddress that contains the
122  * copied address.
123  */
124 static DetectAddress *DetectAddressCopy(DetectAddress *orig)
125 {
126  DetectAddress *ag = DetectAddressInit();
127  if (ag == NULL)
128  return NULL;
129 
130  ag->flags = orig->flags;
131  COPY_ADDRESS(&orig->ip, &ag->ip);
132  COPY_ADDRESS(&orig->ip2, &ag->ip2);
133  return ag;
134 }
135 
136 #ifdef DEBUG
137 /**
138  * \brief Prints the address data information for all the DetectAddress
139  * instances in the DetectAddress list sent as the argument.
140  *
141  * \param head Pointer to a list of DetectAddress instances.
142  */
143 void DetectAddressPrintList(DetectAddress *head)
144 {
145  SCLogInfo("list:");
146  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
147  DetectAddressPrint(cur);
148  }
149  SCLogInfo("endlist");
150 }
151 #endif
152 
153 /**
154  * \internal
155  * \brief Frees a list of DetectAddress instances.
156  *
157  * \param head Pointer to a list of DetectAddress instances to be freed.
158  */
159 static void DetectAddressCleanupList(DetectAddress *head)
160 {
161  for (DetectAddress *cur = head; cur != NULL; ) {
162  DetectAddress *next = cur->next;
163  cur->next = NULL;
164  DetectAddressFree(cur);
165  cur = next;
166  }
167 }
168 
169 /**
170  * \internal
171  * \brief Helper function for DetectAddressInsert. Sets one of the
172  * DetectAddressHead head pointers, to the DetectAddress argument
173  * based on its address family.
174  *
175  * \param gh Pointer to the DetectAddressHead.
176  * \param newhead Pointer to the DetectAddress.
177  *
178  * \retval 0 On success.
179  * \retval -1 On failure.
180  */
181 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
182 {
183  if (newhead->ip.family == AF_INET) {
184  gh->ipv4_head = newhead;
185  } else if (newhead->ip.family == AF_INET6) {
186  gh->ipv6_head = newhead;
187  } else {
188  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
189  return -1;
190  }
191 
192  return 0;
193 }
194 
195 /**
196  * \internal
197  * \brief Returns the DetectAddress head from the DetectAddressHeads,
198  * based on the address family of the incoming DetectAddress arg.
199  *
200  * \param gh Pointer to the DetectAddressHead.
201  * \param new Pointer to the DetectAddress.
202  *
203  * \retval head Pointer to the DetectAddress(the head from
204  * DetectAddressHead).
205  */
206 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
207 {
208  DetectAddress *head = NULL;
209 
210  if (new->ip.family == AF_INET)
211  head = gh->ipv4_head;
212  else if (new->ip.family == AF_INET6)
213  head = gh->ipv6_head;
214 
215  return head;
216 }
217 
218 /**
219  * \internal
220  * \brief insert DetectAddress into a DetectAddressHead
221  *
222  * \param de_ctx Pointer to the detection engine context.
223  * \param gh Pointer to the DetectAddressHead list to which it has to
224  * be inserted.
225  * \param new Pointer to the DetectAddress, that has to be inserted.
226  *
227  * \retval 1 On successfully inserting it.
228  * \retval -1 On error.
229  * \retval 0 Not inserted, memory of new is freed.
230  */
231 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
232  DetectAddress *new)
233 {
234  DetectAddress *head = NULL;
235  DetectAddress *cur = NULL;
236  DetectAddress *c = NULL;
237  int r = 0;
238 
239  if (new == NULL)
240  return 0;
241 
242  /* get our head ptr based on the address we want to insert */
243  head = GetHeadPtr(gh, new);
244 
245  /* see if it already exists or overlaps with existing ag's */
246  if (head != NULL) {
247  cur = NULL;
248 
249  for (cur = head; cur != NULL; cur = cur->next) {
250  r = DetectAddressCmp(new, cur);
251  BUG_ON(r == ADDRESS_ER);
252 
253  /* if so, handle that */
254  if (r == ADDRESS_EQ) {
255  /* exact overlap/match */
256  if (cur != new) {
257  DetectAddressFree(new);
258  return 0;
259  }
260 
261  return 1;
262  } else if (r == ADDRESS_GT) {
263  /* only add it now if we are bigger than the last group.
264  * Otherwise we'll handle it later. */
265  if (cur->next == NULL) {
266  /* put in the list */
267  new->prev = cur;
268  cur->next = new;
269 
270  return 1;
271  }
272  } else if (r == ADDRESS_LT) {
273  /* see if we need to insert the ag anywhere put in the list */
274  if (cur->prev != NULL)
275  cur->prev->next = new;
276  new->prev = cur->prev;
277  new->next = cur;
278  cur->prev = new;
279 
280  /* update head if required */
281  if (head == cur) {
282  head = new;
283 
284  if (SetHeadPtr(gh, head) < 0)
285  goto error;
286  }
287 
288  return 1;
289  /* alright, those were the simple cases, lets handle the more
290  * complex ones now */
291  } else if (r == ADDRESS_ES) {
292  c = NULL;
293  r = DetectAddressCut(de_ctx, cur, new, &c);
294  if (r == -1)
295  goto error;
296 
297  DetectAddressInsert(de_ctx, gh, new);
298  if (c != NULL)
299  DetectAddressInsert(de_ctx, gh, c);
300 
301  return 1;
302  } else if (r == ADDRESS_EB) {
303  c = NULL;
304  r = DetectAddressCut(de_ctx, cur, new, &c);
305  if (r == -1)
306  goto error;
307 
308  DetectAddressInsert(de_ctx, gh, new);
309  if (c != NULL)
310  DetectAddressInsert(de_ctx, gh, c);
311 
312  return 1;
313  } else if (r == ADDRESS_LE) {
314  c = NULL;
315  r = DetectAddressCut(de_ctx, cur, new, &c);
316  if (r == -1)
317  goto error;
318 
319  DetectAddressInsert(de_ctx, gh, new);
320  if (c != NULL)
321  DetectAddressInsert(de_ctx, gh, c);
322 
323  return 1;
324  } else if (r == ADDRESS_GE) {
325  c = NULL;
326  r = DetectAddressCut(de_ctx, cur,new,&c);
327  if (r == -1)
328  goto error;
329 
330  DetectAddressInsert(de_ctx, gh, new);
331  if (c != NULL)
332  DetectAddressInsert(de_ctx, gh, c);
333 
334  return 1;
335  }
336  }
337 
338  /* head is NULL, so get a group and set head to it */
339  } else {
340  head = new;
341  if (SetHeadPtr(gh, head) < 0) {
342  SCLogDebug("SetHeadPtr failed");
343  goto error;
344  }
345  }
346 
347  return 1;
348 
349 error:
350  /* XXX */
351  return -1;
352 }
353 
354 /**
355  * \brief Checks if two address group lists are equal.
356  *
357  * \param list1 Pointer to the first address group list.
358  * \param list2 Pointer to the second address group list.
359  *
360  * \retval true On success.
361  * \retval false On failure.
362  */
363 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
364 {
365  DetectAddress *item = list1;
366  DetectAddress *it = list2;
367 
368  // First, compare items one by one.
369  while (item != NULL && it != NULL) {
370  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
371  return false;
372  }
373 
374  item = item->next;
375  it = it->next;
376  }
377 
378  // Are the lists of the same size?
379  if (!(item == NULL && it == NULL)) {
380  return false;
381  }
382 
383  return true;
384 }
385 
386 /**
387  * \internal
388  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
389  *
390  * For example if we send a cidr of 7 as argument, an ipv6 address
391  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
392  * in the argument struct in6_addr *in6.
393  *
394  * \todo I think for the final section: while (cidr > 0), we can simply
395  * replace it with a
396  * if (cidr > 0) {
397  * in6->s6_addr[i] = -1 << (8 - cidr);
398  *
399  * \param cidr The value of the cidr.
400  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
401  * hold the cidr netblock result.
402  */
403 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
404 {
405  int i = 0;
406 
407  memset(in6, 0, sizeof(struct in6_addr));
408 
409  while (cidr > 8) {
410  in6->s6_addr[i] = 0xff;
411  cidr -= 8;
412  i++;
413  }
414 
415  while (cidr > 0) {
416  in6->s6_addr[i] |= 0x80;
417  if (--cidr > 0)
418  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
419  }
420 
421  return;
422 }
423 
424 /**
425  * \internal
426  * \brief Parses an ipv4/ipv6 address string and updates the result into the
427  * DetectAddress instance sent as the argument.
428  *
429  * \param dd Pointer to the DetectAddress instance which should be updated with
430  * the address range details from the parsed ip string.
431  * \param str Pointer to address string that has to be parsed.
432  *
433  * \retval 0 On successfully parsing the address string.
434  * \retval -1 On failure.
435  */
436 static int DetectAddressParseString(DetectAddress *dd, const char *str)
437 {
438  char *ip = NULL;
439  char *ip2 = NULL;
440  char *mask = NULL;
441  int r = 0;
442  char ipstr[256];
443 
444  /* shouldn't see 'any' here */
445  BUG_ON(strcasecmp(str, "any") == 0);
446 
447  strlcpy(ipstr, str, sizeof(ipstr));
448  SCLogDebug("str %s", str);
449 
450  /* we work with a copy so that we can put a
451  * nul-termination in it later */
452  ip = ipstr;
453 
454  /* handle the negation case */
455  if (ip[0] == '!') {
456  dd->flags |= ADDRESS_FLAG_NOT;
457  ip++;
458  }
459 
460  /* see if the address is an ipv4 or ipv6 address */
461  if ((strchr(str, ':')) == NULL) {
462  /* IPv4 Address */
463  struct in_addr in;
464 
465  dd->ip.family = AF_INET;
466 
467  if ((mask = strchr(ip, '/')) != NULL) {
468  /* 1.2.3.4/xxx format (either dotted or cidr notation */
469  ip[mask - ip] = '\0';
470  mask++;
471  uint32_t ip4addr = 0;
472  uint32_t netmask = 0;
473 
474  if ((strchr (mask, '.')) == NULL) {
475  /* 1.2.3.4/24 format */
476 
477  for (size_t u = 0; u < strlen(mask); u++) {
478  if(!isdigit((unsigned char)mask[u]))
479  goto error;
480  }
481 
482  int cidr;
483  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
484  goto error;
485  netmask = CIDRGet(cidr);
486  } else {
487  /* 1.2.3.4/255.255.255.0 format */
488  r = inet_pton(AF_INET, mask, &in);
489  if (r <= 0)
490  goto error;
491 
492  netmask = in.s_addr;
493  }
494 
495  r = inet_pton(AF_INET, ip, &in);
496  if (r <= 0)
497  goto error;
498 
499  ip4addr = in.s_addr;
500 
501  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
502  dd->ip2.addr_data32[0] |=~ netmask;
503  } else if ((ip2 = strchr(ip, '-')) != NULL) {
504  /* 1.2.3.4-1.2.3.6 range format */
505  ip[ip2 - ip] = '\0';
506  ip2++;
507 
508  r = inet_pton(AF_INET, ip, &in);
509  if (r <= 0)
510  goto error;
511  dd->ip.addr_data32[0] = in.s_addr;
512 
513  r = inet_pton(AF_INET, ip2, &in);
514  if (r <= 0)
515  goto error;
516  dd->ip2.addr_data32[0] = in.s_addr;
517 
518  /* a > b is illegal, a = b is ok */
519  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
520  goto error;
521  } else {
522  /* 1.2.3.4 format */
523  r = inet_pton(AF_INET, ip, &in);
524  if (r <= 0)
525  goto error;
526  /* single host */
527  dd->ip.addr_data32[0] = in.s_addr;
528  dd->ip2.addr_data32[0] = in.s_addr;
529  }
530  } else {
531  /* IPv6 Address */
532  struct in6_addr in6, mask6;
533  uint32_t ip6addr[4], netmask[4];
534 
535  dd->ip.family = AF_INET6;
536 
537  if ((mask = strchr(ip, '/')) != NULL) {
538  ip[mask - ip] = '\0';
539  mask++;
540 
541  int cidr;
542  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
543  goto error;
544 
545  r = inet_pton(AF_INET6, ip, &in6);
546  if (r <= 0)
547  goto error;
548  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
549 
550  DetectAddressParseIPv6CIDR(cidr, &mask6);
551  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
552 
553  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
554  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
555  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
556  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
557 
558  dd->ip2.addr_data32[0] |=~ netmask[0];
559  dd->ip2.addr_data32[1] |=~ netmask[1];
560  dd->ip2.addr_data32[2] |=~ netmask[2];
561  dd->ip2.addr_data32[3] |=~ netmask[3];
562  } else if ((ip2 = strchr(ip, '-')) != NULL) {
563  /* 2001::1-2001::4 range format */
564  ip[ip2 - ip] = '\0';
565  ip2++;
566 
567  r = inet_pton(AF_INET6, ip, &in6);
568  if (r <= 0)
569  goto error;
570  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
571 
572  r = inet_pton(AF_INET6, ip2, &in6);
573  if (r <= 0)
574  goto error;
575  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
576 
577  /* a > b is illegal, a=b is ok */
578  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
579  goto error;
580  } else {
581  r = inet_pton(AF_INET6, ip, &in6);
582  if (r <= 0)
583  goto error;
584 
585  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
586  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
587  }
588 
589  }
590 
591  BUG_ON(dd->ip.family == 0);
592 
593  return 0;
594 
595 error:
596  return -1;
597 }
598 
599 /**
600  * \internal
601  * \brief Simply parse an address and return a DetectAddress instance containing
602  * the address ranges of the parsed ip addressstring
603  *
604  * \param str Pointer to a character string containing the ip address
605  *
606  * \retval dd Pointer to the DetectAddress instance containing the address
607  * range details from the parsed ip string
608  */
609 static DetectAddress *DetectAddressParseSingle(const char *str)
610 {
611  SCLogDebug("str %s", str);
612 
613  DetectAddress *dd = DetectAddressInit();
614  if (dd == NULL)
615  return NULL;
616 
617  if (DetectAddressParseString(dd, str) < 0) {
618  SCLogDebug("AddressParse failed");
619  DetectAddressFree(dd);
620  return NULL;
621  }
622 
623  return dd;
624 }
625 
626 /**
627  * \brief Setup a single address string, parse it and add the resulting
628  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
629  *
630  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
631  * resulting Address-Range(s) from the parsed ip string has to
632  * be added.
633  * \param s Pointer to the ip address string to be parsed.
634  *
635  * \retval 0 On success.
636  * \retval -1 On failure.
637  */
638 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
639 {
640  SCLogDebug("gh %p, s %s", gh, s);
641 
642  while (*s != '\0' && isspace(*s))
643  s++;
644 
645  if (strcasecmp(s, "any") == 0) {
646  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
647 
648  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
649  if (ad == NULL)
650  return -1;
651 
652  BUG_ON(ad->ip.family == 0);
653 
654  if (DetectAddressInsert(NULL, gh, ad) < 0) {
655  SCLogDebug("DetectAddressInsert failed");
656  DetectAddressFree(ad);
657  return -1;
658  }
659 
660  ad = DetectAddressParseSingle("::/0");
661  if (ad == NULL)
662  return -1;
663 
664  BUG_ON(ad->ip.family == 0);
665 
666  if (DetectAddressInsert(NULL, gh, ad) < 0) {
667  SCLogDebug("DetectAddressInsert failed");
668  DetectAddressFree(ad);
669  return -1;
670  }
671  return 0;
672  }
673 
674  /* parse the address */
675  DetectAddress *ad = DetectAddressParseSingle(s);
676  if (ad == NULL) {
677  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
678  "failed to parse address \"%s\"", s);
679  return -1;
680  }
681 
682  /* handle the not case, we apply the negation then insert the part(s) */
683  if (ad->flags & ADDRESS_FLAG_NOT) {
684  DetectAddress *ad2 = NULL;
685 
686  if (DetectAddressCutNot(ad, &ad2) < 0) {
687  SCLogDebug("DetectAddressCutNot failed");
688  DetectAddressFree(ad);
689  return -1;
690  }
691 
692  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
693  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
694  if (ad2 != NULL) {
695  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
696  SCLogDebug("DetectAddressInsert failed");
697  DetectAddressFree(ad);
698  DetectAddressFree(ad2);
699  return -1;
700  }
701  }
702  }
703 
704  int r = DetectAddressInsert(NULL, gh, ad);
705  if (r < 0) {
706  SCLogDebug("DetectAddressInsert failed");
707  DetectAddressFree(ad);
708  return -1;
709  }
710  SCLogDebug("r %d",r);
711  return 0;
712 }
713 
714 /**
715  * \brief Parses an address string and updates the 2 address heads with the
716  * address data.
717  *
718  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
719  * since we pass around negate without keeping a count of ! with depth.
720  * Can solve this by keeping a count of the negations with depth, so that
721  * an even no of negations would count as no negation and an odd no of
722  * negations would count as a negation.
723  *
724  * \param gh Pointer to the address head that should hold address ranges
725  * that are not negated.
726  * \param ghn Pointer to the address head that should hold address ranges
727  * that are negated.
728  * \param s Pointer to the character string holding the address to be
729  * parsed.
730  * \param negate Flag that indicates if the received address string is negated
731  * or not. 0 if it is not, 1 it it is.
732  *
733  * \retval 0 On successfully parsing.
734  * \retval -1 On failure.
735  */
736 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
737  DetectAddressHead *gh, DetectAddressHead *ghn,
738  const char *s, int negate, ResolvedVariablesList *var_list,
739  int recur)
740 {
741  size_t x = 0;
742  size_t u = 0;
743  int o_set = 0, n_set = 0, d_set = 0;
744  int depth = 0;
745  size_t size = strlen(s);
746  char address[8196] = "";
747  const char *rule_var_address = NULL;
748  char *temp_rule_var_address = NULL;
749 
750  if (++recur > 64) {
751  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
752  "limit reached (max 64)");
753  goto error;
754  }
755 
756  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
757 
758  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
759  if (x == (sizeof(address) - 1)) {
760  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
761  " limit for the supplied address. Invalidating sig. "
762  "Please file a bug report on this.");
763  goto error;
764  }
765  address[x] = s[u];
766  x++;
767 
768  if (!o_set && s[u] == '!') {
769  n_set = 1;
770  x--;
771  } else if (s[u] == '[') {
772  if (!o_set) {
773  o_set = 1;
774  x = 0;
775  }
776  depth++;
777  } else if (s[u] == ']') {
778  if (depth == 1) {
779  address[x - 1] = '\0';
780  x = 0;
781  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
782  if (((negate + n_set) % 2) == 0) {
783  /* normal block */
784  SCLogDebug("normal block");
785 
786  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
787  goto error;
788  } else {
789  /* negated block
790  *
791  * Extra steps are necessary. First consider it as a normal
792  * (non-negated) range. Merge the + and - ranges if
793  * applicable. Then insert the result into the ghn list. */
794  SCLogDebug("negated block");
795 
796  DetectAddressHead tmp_gh = { NULL, NULL };
797  DetectAddressHead tmp_ghn = { NULL, NULL };
798 
799  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
800  DetectAddressHeadCleanup(&tmp_gh);
801  DetectAddressHeadCleanup(&tmp_ghn);
802  goto error;
803  }
804 
805  DetectAddress *tmp_ad;
806  DetectAddress *tmp_ad2;
807 #ifdef DEBUG
808  SCLogDebug("tmp_gh: IPv4");
809  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
810  DetectAddressPrint(tmp_ad);
811  }
812  SCLogDebug("tmp_ghn: IPv4");
813  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
814  DetectAddressPrint(tmp_ad);
815  }
816  SCLogDebug("tmp_gh: IPv6");
817  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
818  DetectAddressPrint(tmp_ad);
819  }
820  SCLogDebug("tmp_ghn: IPv6");
821  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
822  DetectAddressPrint(tmp_ad);
823  }
824 #endif
825  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
826  DetectAddressHeadCleanup(&tmp_ghn);
827  DetectAddressHeadCleanup(&tmp_gh);
828  goto error;
829  }
830  DetectAddressHeadCleanup(&tmp_ghn);
831 
832  SCLogDebug("merged succesfully");
833 
834  /* insert the IPv4 addresses into the negated list */
835  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
836  /* work with a copy of the address group */
837  tmp_ad2 = DetectAddressCopy(tmp_ad);
838  if (tmp_ad2 == NULL) {
839  SCLogDebug("DetectAddressCopy failed");
840  DetectAddressHeadCleanup(&tmp_gh);
841  goto error;
842  }
843  DetectAddressPrint(tmp_ad2);
844  DetectAddressInsert(NULL, ghn, tmp_ad2);
845  }
846 
847  /* insert the IPv6 addresses into the negated list */
848  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
849  /* work with a copy of the address group */
850  tmp_ad2 = DetectAddressCopy(tmp_ad);
851  if (tmp_ad2 == NULL) {
852  SCLogDebug("DetectAddressCopy failed");
853  DetectAddressHeadCleanup(&tmp_gh);
854  goto error;
855  }
856  DetectAddressPrint(tmp_ad2);
857  DetectAddressInsert(NULL, ghn, tmp_ad2);
858  }
859 
860  DetectAddressHeadCleanup(&tmp_gh);
861  }
862  n_set = 0;
863  }
864  depth--;
865  } else if (depth == 0 && s[u] == ',') {
866  if (o_set == 1) {
867  o_set = 0;
868  } else if (d_set == 1) {
869  address[x - 1] = '\0';
870 
871  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
872  SC_RULE_VARS_ADDRESS_GROUPS);
873  if (rule_var_address == NULL)
874  goto error;
875 
876  if (strlen(rule_var_address) == 0) {
877  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
878  "to nothing. This is likely a misconfiguration. "
879  "Note that a negated address needs to be quoted, "
880  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
881  goto error;
882  }
883 
884  SCLogDebug("rule_var_address %s", rule_var_address);
885  if ((negate + n_set) % 2) {
886  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
887  if (unlikely(temp_rule_var_address == NULL))
888  goto error;
889  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
890  "[%s]", rule_var_address);
891  } else {
892  temp_rule_var_address = SCStrdup(rule_var_address);
893  if (unlikely(temp_rule_var_address == NULL))
894  goto error;
895  }
896 
897 
898  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
899  (negate + n_set) % 2, var_list, recur) < 0)
900  {
901  if (temp_rule_var_address != rule_var_address)
902  SCFree(temp_rule_var_address);
903  goto error;
904  }
905  d_set = 0;
906  n_set = 0;
907  SCFree(temp_rule_var_address);
908  } else {
909  address[x - 1] = '\0';
910 
911  if (!((negate + n_set) % 2)) {
912  SCLogDebug("DetectAddressSetup into gh, %s", address);
913  if (DetectAddressSetup(gh, address) < 0)
914  goto error;
915  } else {
916  SCLogDebug("DetectAddressSetup into ghn, %s", address);
917  if (DetectAddressSetup(ghn, address) < 0)
918  goto error;
919  }
920  n_set = 0;
921  }
922  x = 0;
923  } else if (depth == 0 && s[u] == '$') {
924  d_set = 1;
925  } else if (depth == 0 && u == size - 1) {
926  if (x == sizeof(address)) {
927  address[x - 1] = '\0';
928  } else {
929  address[x] = '\0';
930  }
931  x = 0;
932 
933  if (AddVariableToResolveList(var_list, address) == -1) {
934  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
935  "groups declaration. This is likely a misconfiguration.");
936  goto error;
937  }
938 
939  if (d_set == 1) {
940  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
941  SC_RULE_VARS_ADDRESS_GROUPS);
942  if (rule_var_address == NULL)
943  goto error;
944 
945  if (strlen(rule_var_address) == 0) {
946  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
947  "to nothing. This is likely a misconfiguration. "
948  "Note that a negated address needs to be quoted, "
949  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
950  goto error;
951  }
952 
953  SCLogDebug("rule_var_address %s", rule_var_address);
954  if ((negate + n_set) % 2) {
955  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
956  if (unlikely(temp_rule_var_address == NULL))
957  goto error;
958  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
959  "[%s]", rule_var_address);
960  } else {
961  temp_rule_var_address = SCStrdup(rule_var_address);
962  if (unlikely(temp_rule_var_address == NULL))
963  goto error;
964  }
965 
966  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
967  (negate + n_set) % 2, var_list, recur) < 0) {
968  SCLogDebug("DetectAddressParse2 hates us");
969  if (temp_rule_var_address != rule_var_address)
970  SCFree(temp_rule_var_address);
971  goto error;
972  }
973  d_set = 0;
974  SCFree(temp_rule_var_address);
975  } else {
976  if (!((negate + n_set) % 2)) {
977  SCLogDebug("DetectAddressSetup into gh, %s", address);
978  if (DetectAddressSetup(gh, address) < 0) {
979  SCLogDebug("DetectAddressSetup gh fail");
980  goto error;
981  }
982  } else {
983  SCLogDebug("DetectAddressSetup into ghn, %s", address);
984  if (DetectAddressSetup(ghn, address) < 0) {
985  SCLogDebug("DetectAddressSetup ghn fail");
986  goto error;
987  }
988  }
989  }
990  n_set = 0;
991  }
992  }
993  if (depth > 0) {
994  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
995  "properly closed in \"%s\", %d missing closing brackets (]). "
996  "Note: problem might be in a variable.", s, depth);
997  goto error;
998  } else if (depth < 0) {
999  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1000  "properly opened in \"%s\", %d missing opening brackets ([). "
1001  "Note: problem might be in a variable.", s, depth*-1);
1002  goto error;
1003  }
1004 
1005  return 0;
1006 
1007 error:
1008 
1009  return -1;
1010 }
1011 
1012 /**
1013  * \internal
1014  * \brief See if the addresses and ranges in an address head cover the
1015  * entire ip space.
1016  *
1017  * \param gh Pointer to the DetectAddressHead to check.
1018  *
1019  * \retval 0 No.
1020  * \retval 1 Yes.
1021  *
1022  * \todo do the same for IPv6
1023  */
1024 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1025 {
1026  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1027  if (r == 1)
1028  return 1;
1029 
1030  return 0;
1031 }
1032 
1033 /**
1034  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1035  *
1036  * \param gh Pointer to the address head containing the non-NOT groups.
1037  * \param ghn Pointer to the address head containing the NOT groups.
1038  *
1039  * \retval 0 On success.
1040  * \retval -1 On failure.
1041  */
1042 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1043 {
1044  DetectAddress *ad;
1045  DetectAddress *ag, *ag2;
1046  int r = 0;
1047 
1048  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1049  ghn->ipv4_head);
1050 
1051  /* check if the negated list covers the entire ip space. If so
1052  * the user screwed up the rules/vars. */
1053  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1054  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1055  "Rule address range is NIL. Probably have a !any or "
1056  "an address range that supplies a NULL address range");
1057  goto error;
1058  }
1059 
1060  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1061  * not thingy. In that case we add a 0.0.0.0/0 first. */
1062  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1063  r = DetectAddressSetup(gh, "0.0.0.0/0");
1064  if (r < 0) {
1065  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1066  goto error;
1067  }
1068  }
1069  /* ... or ::/0 for ipv6 */
1070  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1071  r = DetectAddressSetup(gh, "::/0");
1072  if (r < 0) {
1073  SCLogDebug("DetectAddressSetup for ::/0 failed");
1074  goto error;
1075  }
1076  }
1077 
1078  /* step 1: insert our ghn members into the gh list */
1079  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1080  /* work with a copy of the ad so we can easily clean up the ghn group
1081  * later. */
1082  ad = DetectAddressCopy(ag);
1083  if (ad == NULL) {
1084  SCLogDebug("DetectAddressCopy failed");
1085  goto error;
1086  }
1087 
1088  r = DetectAddressInsert(NULL, gh, ad);
1089  if (r < 0) {
1090  SCLogDebug("DetectAddressInsert failed");
1091  goto error;
1092  }
1093  }
1094  /* ... and the same for ipv6 */
1095  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1096  /* work with a copy of the ad so we can easily clean up the ghn group
1097  * later. */
1098  ad = DetectAddressCopy(ag);
1099  if (ad == NULL) {
1100  SCLogDebug("DetectAddressCopy failed");
1101  goto error;
1102  }
1103 
1104  r = DetectAddressInsert(NULL, gh, ad);
1105  if (r < 0) {
1106  SCLogDebug("DetectAddressInsert failed");
1107  goto error;
1108  }
1109  }
1110 #ifdef DEBUG
1111  DetectAddress *tmp_ad;
1112  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1113  DetectAddressPrint(tmp_ad);
1114  }
1115 #endif
1116  int ipv4_applied = 0;
1117  int ipv6_applied = 0;
1118 
1119  /* step 2: pull the address blocks that match our 'not' blocks */
1120  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1121  SCLogDebug("ag %p", ag);
1122  DetectAddressPrint(ag);
1123 
1124  int applied = 0;
1125  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1126  SCLogDebug("ag2 %p", ag2);
1127  DetectAddressPrint(ag2);
1128 
1129  r = DetectAddressCmp(ag, ag2);
1130  /* XXX more ??? */
1131  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1132  if (ag2->prev == NULL)
1133  gh->ipv4_head = ag2->next;
1134  else
1135  ag2->prev->next = ag2->next;
1136 
1137  if (ag2->next != NULL)
1138  ag2->next->prev = ag2->prev;
1139 
1140  /* store the next ptr and remove the group */
1141  DetectAddress *next_ag2 = ag2->next;
1142  DetectAddressFree(ag2);
1143  ag2 = next_ag2;
1144  applied = 1;
1145  } else {
1146  ag2 = ag2->next;
1147  }
1148  }
1149 
1150  if (applied) {
1151  ipv4_applied++;
1152  }
1153  }
1154  /* ... and the same for ipv6 */
1155  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1156  int applied = 0;
1157  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1158  r = DetectAddressCmp(ag, ag2);
1159  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1160  if (ag2->prev == NULL)
1161  gh->ipv6_head = ag2->next;
1162  else
1163  ag2->prev->next = ag2->next;
1164 
1165  if (ag2->next != NULL)
1166  ag2->next->prev = ag2->prev;
1167 
1168  /* store the next ptr and remove the group */
1169  DetectAddress *next_ag2 = ag2->next;
1170  DetectAddressFree(ag2);
1171  ag2 = next_ag2;
1172 
1173  SCLogDebug("applied");
1174  applied = 1;
1175  } else {
1176  ag2 = ag2->next;
1177  }
1178  }
1179  if (applied) {
1180  ipv6_applied++;
1181  }
1182  }
1183 #ifdef DEBUG
1184  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1185  DetectAddressPrint(tmp_ad);
1186  }
1187  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1188  DetectAddressPrint(tmp_ad);
1189  }
1190 #endif
1191  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1192  int cnt = 0;
1193  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1194  cnt++;
1195 
1196  if (ipv4_applied != cnt) {
1197  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1198  "could be applied: %d != %d", cnt, ipv4_applied);
1199  goto error;
1200  }
1201 
1202  cnt = 0;
1203  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1204  cnt++;
1205 
1206  if (ipv6_applied != cnt) {
1207  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1208  "could be applied: %d != %d", cnt, ipv6_applied);
1209  goto error;
1210  }
1211  }
1212 
1213  /* if the result is that we have no addresses we return error */
1214  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1215  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1216  "merging addresses and negated addresses");
1217  goto error;
1218  }
1219 
1220  return 0;
1221 
1222 error:
1223  return -1;
1224 }
1225 
1226 int DetectAddressTestConfVars(void)
1227 {
1228  SCLogDebug("Testing address conf vars for any misconfigured values");
1229 
1230  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1231 
1232  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1233  if (address_vars_node == NULL) {
1234  return 0;
1235  }
1236 
1237  DetectAddressHead *gh = NULL;
1238  DetectAddressHead *ghn = NULL;
1239 
1240  ConfNode *seq_node;
1241  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1242  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1243 
1244  gh = DetectAddressHeadInit();
1245  if (gh == NULL) {
1246  goto error;
1247  }
1248  ghn = DetectAddressHeadInit();
1249  if (ghn == NULL) {
1250  goto error;
1251  }
1252 
1253  if (seq_node->val == NULL) {
1254  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1255  "Address var \"%s\" probably has a sequence(something "
1256  "in brackets) value set without any quotes. Please "
1257  "quote it using \"..\".", seq_node->name);
1258  goto error;
1259  }
1260 
1261  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list, 0);
1262 
1263  CleanVariableResolveList(&var_list);
1264 
1265  if (r < 0) {
1266  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1267  "failed to parse address var \"%s\" with value \"%s\". "
1268  "Please check its syntax",
1269  seq_node->name, seq_node->val);
1270  goto error;
1271  }
1272 
1273  if (DetectAddressIsCompleteIPSpace(ghn)) {
1274  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1275  "address var - \"%s\" has the complete IP space negated "
1276  "with its value \"%s\". Rule address range is NIL. "
1277  "Probably have a !any or an address range that supplies "
1278  "a NULL address range",
1279  seq_node->name, seq_node->val);
1280  goto error;
1281  }
1282 
1283  if (gh != NULL) {
1284  DetectAddressHeadFree(gh);
1285  gh = NULL;
1286  }
1287  if (ghn != NULL) {
1288  DetectAddressHeadFree(ghn);
1289  ghn = NULL;
1290  }
1291  }
1292 
1293  return 0;
1294  error:
1295  if (gh != NULL)
1296  DetectAddressHeadFree(gh);
1297  if (ghn != NULL)
1298  DetectAddressHeadFree(ghn);
1299  return -1;
1300 }
1301 
1302 #include "util-hash-lookup3.h"
1303 
1304 typedef struct DetectAddressMap_ {
1305  char *string;
1306  DetectAddressHead *address;
1307  bool contains_negation;
1308 } DetectAddressMap;
1309 
1310 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1311 {
1312  const DetectAddressMap *map = (DetectAddressMap *)data;
1313  uint32_t hash = 0;
1314 
1315  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1316  hash %= ht->array_size;
1317 
1318  return hash;
1319 }
1320 
1321 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1322  uint16_t len2)
1323 {
1324  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1325  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1326 
1327 
1328  int r = (strcmp(map1->string, map2->string) == 0);
1329  return r;
1330 }
1331 
1332 static void DetectAddressMapFreeFunc(void *data)
1333 {
1334  DetectAddressMap *map = (DetectAddressMap *)data;
1335  if (map != NULL) {
1336  DetectAddressHeadFree(map->address);
1337  SCFree(map->string);
1338  }
1339  SCFree(map);
1340 }
1341 
1342 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1343 {
1344  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1345  DetectAddressMapCompareFunc,
1346  DetectAddressMapFreeFunc);
1347  if (de_ctx->address_table == NULL)
1348  return -1;
1349 
1350  return 0;
1351 }
1352 
1353 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1354 {
1355  if (de_ctx->address_table == NULL)
1356  return;
1357 
1358  HashListTableFree(de_ctx->address_table);
1359  de_ctx->address_table = NULL;
1360  return;
1361 }
1362 
1363 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1364  DetectAddressHead *address, bool contains_negation)
1365 {
1366  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1367  if (map == NULL)
1368  return -1;
1369 
1370  map->string = SCStrdup(string);
1371  if (map->string == NULL) {
1372  SCFree(map);
1373  return -1;
1374  }
1375  map->address = address;
1376  map->contains_negation = contains_negation;
1377 
1378  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1379  return 0;
1380 }
1381 
1382 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1383  const char *string)
1384 {
1385  DetectAddressMap map = { (char *)string, NULL, false };
1386 
1387  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1388  &map, 0);
1389  return res;
1390 }
1391 
1392 /**
1393  * \brief Parses an address group sent as a character string and updates the
1394  * DetectAddressHead sent as the argument with the relevant address
1395  * ranges from the parsed string.
1396  *
1397  * \param de_ctx Pointer to the detection engine context
1398  * \param gh Pointer to the DetectAddressHead.
1399  * \param str Pointer to the character string containing the address group
1400  * that has to be parsed.
1401  *
1402  * \retval 1 On success. Contained negation.
1403  * \retval 0 On success. Did not contain negation.
1404  * \retval -1 On failure.
1405  */
1406 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1407  DetectAddressHead *gh, const char *str)
1408 {
1409  SCLogDebug("gh %p, str %s", gh, str);
1410 
1411  if (str == NULL) {
1412  SCLogDebug("DetectAddressParse can not be run with NULL address");
1413  return -1;
1414  }
1415 
1416  DetectAddressHead *ghn = DetectAddressHeadInit();
1417  if (ghn == NULL) {
1418  SCLogDebug("DetectAddressHeadInit for ghn failed");
1419  return -1;
1420  }
1421 
1422  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL, 0);
1423  if (r < 0) {
1424  SCLogDebug("DetectAddressParse2 returned %d", r);
1425  DetectAddressHeadFree(ghn);
1426  return -1;
1427  }
1428 
1429  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1430  ghn->ipv4_head);
1431 
1432  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1433 
1434  /* merge the 'not' address groups */
1435  if (DetectAddressMergeNot(gh, ghn) < 0) {
1436  SCLogDebug("DetectAddressMergeNot failed");
1437  DetectAddressHeadFree(ghn);
1438  return -1;
1439  }
1440 
1441  /* free the temp negate head */
1442  DetectAddressHeadFree(ghn);
1443  return contains_negation ? 1 : 0;
1444 }
1445 
1446 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1447  const char *string, bool *contains_negation)
1448 {
1449  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1450  if (res != NULL) {
1451  SCLogDebug("found: %s :: %p", string, res);
1452  *contains_negation = res->contains_negation;
1453  return res->address;
1454  }
1455 
1456  SCLogDebug("%s not found", string);
1457 
1458  DetectAddressHead *head = DetectAddressHeadInit();
1459  if (head == NULL)
1460  return NULL;
1461 
1462  const int r = DetectAddressParse(de_ctx, head, string);
1463  if (r < 0) {
1464  DetectAddressHeadFree(head);
1465  return NULL;
1466  } else if (r == 1) {
1467  *contains_negation = true;
1468  } else {
1469  *contains_negation = false;
1470  }
1471 
1472  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1473  *contains_negation);
1474  return head;
1475 }
1476 
1477 /**
1478  * \brief Cleans a DetectAddressHead. The functions frees the address
1479  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1480  * instance.
1481  *
1482  * \param gh Pointer to the DetectAddressHead instance that has to be
1483  * cleaned.
1484  */
1485 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1486 {
1487  if (gh != NULL) {
1488  if (gh->ipv4_head != NULL) {
1489  DetectAddressCleanupList(gh->ipv4_head);
1490  gh->ipv4_head = NULL;
1491  }
1492  if (gh->ipv6_head != NULL) {
1493  DetectAddressCleanupList(gh->ipv6_head);
1494  gh->ipv6_head = NULL;
1495  }
1496  }
1497 
1498  return;
1499 }
1500 
1501 /**
1502  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1503  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1504  * explanations on what these functions do.
1505  *
1506  * \param de_ctx Pointer to the DetectEngineCtx.
1507  * \param a Pointer the the first address to be cut.
1508  * \param b Pointer to the second address to be cut.
1509  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1510  * ranges from a and b, demand a third address range.
1511  *
1512  * \retval 0 On success.
1513  * \retval -1 On failure.
1514  */
1515 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1516  DetectAddress *b, DetectAddress **c)
1517 {
1518  if (a->ip.family == AF_INET)
1519  return DetectAddressCutIPv4(de_ctx, a, b, c);
1520  else if (a->ip.family == AF_INET6)
1521  return DetectAddressCutIPv6(de_ctx, a, b, c);
1522 
1523  return -1;
1524 }
1525 
1526 /**
1527  * \brief Cuts a negated address range with respect to the entire ip range, and
1528  * supplies with the address range that doesn't belong to the negated
1529  * address range.
1530  *
1531  * There are 2 cases here -
1532  *
1533  * The first case includes the address being located at the extreme ends
1534  * of the ip space, in which we get a single range.
1535  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1536  *
1537  * The second case includes the address not present at either of the
1538  * ip space extremes, in which case we get 2 ranges. The second range
1539  * would be supplied back with the argument "b" supplied to this function.
1540  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1541  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1542  *
1543  * The above negation cases can similarly be extended to ranges, i.e.
1544  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1545  * ![10.20.30.40 - 10.20.30.50].
1546  *
1547  *
1548  * \param a Pointer to the DetectAddressData instance, that contains the negated
1549  * address range that has to be cut.
1550  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1551  * filled with the address range, if the argument "a", doesn't fall at
1552  * the extreme ends of the ip address space.
1553  *
1554  * \retval 0 On success.
1555  * \retval -1 On failure.
1556  */
1557 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1558 {
1559  if (a->ip.family == AF_INET)
1560  return DetectAddressCutNotIPv4(a, b);
1561  else if (a->ip.family == AF_INET6)
1562  return DetectAddressCutNotIPv6(a, b);
1563 
1564  return -1;
1565 }
1566 
1567 /**
1568  * \brief Used to compare 2 address ranges.
1569  *
1570  * \param a Pointer to the first DetectAddressData to be compared.
1571  * \param b Pointer to the second DetectAddressData to be compared.
1572  */
1573 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1574 {
1575  if (a->ip.family != b->ip.family)
1576  return ADDRESS_ER;
1577 
1578  if (a->ip.family == AF_INET)
1579  return DetectAddressCmpIPv4(a, b);
1580  else if (a->ip.family == AF_INET6)
1581  return DetectAddressCmpIPv6(a, b);
1582 
1583  return ADDRESS_ER;
1584 }
1585 
1586 /**
1587  * \brief Match a packets address against a signatures addrs array
1588  *
1589  * \param addrs array of DetectMatchAddressIPv4's
1590  * \param addrs_cnt array size in members
1591  * \param a packets address
1592  *
1593  * \retval 0 no match
1594  * \retval 1 match
1595  *
1596  * \note addresses in addrs are in host order
1597  *
1598  * \todo array should be ordered, so we can break out of the loop
1599  */
1600 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1601  uint16_t addrs_cnt, const Address *a)
1602 {
1603  SCEnter();
1604 
1605  if (addrs == NULL || addrs_cnt == 0) {
1606  SCReturnInt(0);
1607  }
1608 
1609  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1610  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1611  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1612  {
1613  SCReturnInt(1);
1614  }
1615  }
1616 
1617  SCReturnInt(0);
1618 }
1619 
1620 /**
1621  * \brief Match a packets address against a signatures addrs array
1622  *
1623  * \param addrs array of DetectMatchAddressIPv6's
1624  * \param addrs_cnt array size in members
1625  * \param a packets address
1626  *
1627  * \retval 0 no match
1628  * \retval 1 match
1629  *
1630  * \note addresses in addrs are in host order
1631  *
1632  * \todo array should be ordered, so we can break out of the loop
1633  */
1634 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1635  uint16_t addrs_cnt, const Address *a)
1636 {
1637  SCEnter();
1638 
1639  if (addrs == NULL || addrs_cnt == 0) {
1640  SCReturnInt(0);
1641  }
1642 
1643  /* See if the packet address is within the range of any entry in the
1644  * signature's address match array.
1645  */
1646  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1647  uint16_t result1 = 0, result2 = 0;
1648 
1649  /* See if packet address equals either limit. Return 1 if true. */
1650  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1651  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1652  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1653  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1654  {
1655  SCReturnInt(1);
1656  }
1657  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1658  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1659  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1660  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1661  {
1662  SCReturnInt(1);
1663  }
1664 
1665  /* See if packet address is greater than lower limit
1666  * of the current signature address match pair.
1667  */
1668  for (int i = 0; i < 4; i++) {
1669  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1670  result1 = 1;
1671  break;
1672  }
1673  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1674  result1 = 0;
1675  break;
1676  }
1677  }
1678 
1679  /* If not greater than lower limit, try next address match entry */
1680  if (result1 == 0)
1681  continue;
1682 
1683  /* See if packet address is less than upper limit
1684  * of the current signature address match pair.
1685  */
1686  for (int i = 0; i < 4; i++) {
1687  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1688  result2 = 1;
1689  break;
1690  }
1691  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1692  result2 = 0;
1693  break;
1694  }
1695  }
1696 
1697  /* Return a match if packet address is between the two
1698  * signature address match limits.
1699  */
1700  if (result1 == 1 && result2 == 1)
1701  SCReturnInt(1);
1702  }
1703 
1704  SCReturnInt(0);
1705 }
1706 
1707 /**
1708  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1709  * range in the DetectAddress instance.
1710  *
1711  * We basically check that the address falls inbetween the address
1712  * range in DetectAddress.
1713  *
1714  * \param dd Pointer to the DetectAddress instance.
1715  * \param a Pointer to an Address instance.
1716  *
1717  * \param 1 On a match.
1718  * \param 0 On no match.
1719  */
1720 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1721 {
1722  SCEnter();
1723 
1724  if (dd->ip.family != a->family) {
1725  SCReturnInt(0);
1726  }
1727 
1728  //DetectAddressPrint(dd);
1729  //AddressDebugPrint(a);
1730 
1731  switch (a->family) {
1732  case AF_INET:
1733 
1734  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1735  * Address inside DetectAddressData we can do uint8_t checks */
1736  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1737  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1738  {
1739  SCReturnInt(1);
1740  } else {
1741  SCReturnInt(0);
1742  }
1743 
1744  break;
1745  case AF_INET6:
1746  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1747  AddressIPv6Le(a, &dd->ip2) == 1)
1748  {
1749  SCReturnInt(1);
1750  } else {
1751  SCReturnInt(0);
1752  }
1753 
1754  break;
1755  default:
1756  SCLogDebug("What other address type can we have :-/");
1757  break;
1758  }
1759 
1760  SCReturnInt(0);
1761 }
1762 
1763 #ifdef DEBUG
1764 /**
1765  * \brief Prints the address data held by the DetectAddress. If the address
1766  * data family is IPv4, we print the the ipv4 address and mask, and
1767  * if the address data family is IPv6, we print the ipv6 address and
1768  * mask.
1769  *
1770  * \param ad Pointer to the DetectAddress instance to be printed.
1771  */
1772 static void DetectAddressPrint(DetectAddress *gr)
1773 {
1774  if (gr == NULL)
1775  return;
1776 
1777  if (gr->ip.family == AF_INET) {
1778  struct in_addr in;
1779  char ip[16], mask[16];
1780 
1781  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1782  PrintInet(AF_INET, &in, ip, sizeof(ip));
1783  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1784  PrintInet(AF_INET, &in, mask, sizeof(mask));
1785 
1786  SCLogDebug("%s/%s", ip, mask);
1787 // printf("%s/%s", ip, mask);
1788  } else if (gr->ip.family == AF_INET6) {
1789  struct in6_addr in6;
1790  char ip[66], mask[66];
1791 
1792  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1793  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1794  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1795  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1796 
1797  SCLogDebug("%s/%s", ip, mask);
1798 // printf("%s/%s", ip, mask);
1799  }
1800 
1801  return;
1802 }
1803 #endif
1804 
1805 /**
1806  * \brief Find the group matching address in a group head.
1807  *
1808  * \param gh Pointer to the address group head(DetectAddressHead instance).
1809  * \param a Pointer to an Address instance.
1810  *
1811  * \retval g On success pointer to an DetectAddress if we find a match
1812  * for the Address "a", in the DetectAddressHead "gh".
1813  */
1814 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1815 {
1816  SCEnter();
1817 
1818  DetectAddress *g = NULL;
1819 
1820  if (gh == NULL) {
1821  SCReturnPtr(NULL, "DetectAddress");
1822  }
1823 
1824  /* XXX should we really do this check every time we run this function? */
1825  if (a->family == AF_INET) {
1826  SCLogDebug("IPv4");
1827  g = gh->ipv4_head;
1828  } else if (a->family == AF_INET6) {
1829  SCLogDebug("IPv6");
1830  g = gh->ipv6_head;
1831  }
1832 
1833  for ( ; g != NULL; g = g->next) {
1834  if (DetectAddressMatch(g,a) == 1) {
1835  SCReturnPtr(g, "DetectAddress");
1836  }
1837  }
1838 
1839  SCReturnPtr(NULL, "DetectAddress");
1840 }
1841 
1842 /********************************Unittests*************************************/
1843 
1844 #ifdef UNITTESTS
1845 
1846 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1847 {
1848  char str1[46] = "", str2[46] = "";
1849 
1850  if (ad == NULL)
1851  return FALSE;
1852 
1853  switch(ad->ip.family) {
1854  case AF_INET:
1855  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1856  SCLogDebug("%s", str1);
1857  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1858  SCLogDebug("%s", str2);
1859 
1860  if (strcmp(str1, one) != 0) {
1861  SCLogInfo("%s != %s", str1, one);
1862  return FALSE;
1863  }
1864 
1865  if (strcmp(str2, two) != 0) {
1866  SCLogInfo("%s != %s", str2, two);
1867  return FALSE;
1868  }
1869 
1870  return TRUE;
1871  break;
1872 
1873  case AF_INET6:
1874  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1875  SCLogDebug("%s", str1);
1876  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1877  SCLogDebug("%s", str2);
1878 
1879  if (strcmp(str1, one) != 0) {
1880  SCLogInfo("%s != %s", str1, one);
1881  return FALSE;
1882  }
1883 
1884  if (strcmp(str2, two) != 0) {
1885  SCLogInfo("%s != %s", str2, two);
1886  return FALSE;
1887  }
1888 
1889  return TRUE;
1890  break;
1891  }
1892 
1893  return FALSE;
1894 }
1895 
1896 typedef struct UTHValidateDetectAddressHeadRange_ {
1897  const char *one;
1898  const char *two;
1899 } UTHValidateDetectAddressHeadRange;
1900 
1901 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1902 {
1903  int expect = nranges;
1904  int have = 0;
1905 
1906  if (gh == NULL)
1907  return FALSE;
1908 
1909  DetectAddress *ad = NULL;
1910  ad = gh->ipv4_head;
1911  if (ad == NULL)
1912  ad = gh->ipv6_head;
1913  while (have < expect) {
1914  if (ad == NULL) {
1915  printf("bad head: have %d ranges, expected %d: ", have, expect);
1916  return FALSE;
1917  }
1918 
1919  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1920  return FALSE;
1921 
1922  ad = ad->next;
1923  have++;
1924  }
1925 
1926  return TRUE;
1927 }
1928 
1929 static int AddressTestParse01(void)
1930 {
1931  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1932 
1933  if (dd) {
1934  DetectAddressFree(dd);
1935  return 1;
1936  }
1937 
1938  return 0;
1939 }
1940 
1941 static int AddressTestParse02(void)
1942 {
1943  int result = 1;
1944  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1945 
1946  if (dd) {
1947  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1948  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1949  result = 0;
1950  }
1951 
1952  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1953  DetectAddressFree(dd);
1954  return result;
1955  }
1956 
1957  return 0;
1958 }
1959 
1960 static int AddressTestParse03(void)
1961 {
1962  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1963 
1964  if (dd) {
1965  DetectAddressFree(dd);
1966  return 1;
1967  }
1968 
1969  return 0;
1970 }
1971 
1972 static int AddressTestParse04(void)
1973 {
1974  int result = 1;
1975  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1976 
1977  if (dd) {
1978  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
1979  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
1980  result = 0;
1981  }
1982 
1983  DetectAddressFree(dd);
1984  return result;
1985  }
1986 
1987  return 0;
1988 }
1989 
1990 static int AddressTestParse05(void)
1991 {
1992  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1993 
1994  if (dd) {
1995  DetectAddressFree(dd);
1996  return 1;
1997  }
1998 
1999  return 0;
2000 }
2001 
2002 static int AddressTestParse06(void)
2003 {
2004  int result = 1;
2005  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2006 
2007  if (dd) {
2008  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2009  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2010  result = 0;
2011  }
2012 
2013  DetectAddressFree(dd);
2014  return result;
2015  }
2016 
2017  return 0;
2018 }
2019 
2020 static int AddressTestParse07(void)
2021 {
2022  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2023 
2024  if (dd) {
2025  DetectAddressFree(dd);
2026  return 1;
2027  }
2028 
2029  return 0;
2030 }
2031 
2032 static int AddressTestParse08(void)
2033 {
2034  int result = 1;
2035  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2036 
2037  if (dd) {
2038  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2039  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2040 
2041  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2042  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2043  DetectAddressPrint(dd);
2044  result = 0;
2045  }
2046 
2047  DetectAddressFree(dd);
2048  return result;
2049  }
2050 
2051  return 0;
2052 }
2053 
2054 static int AddressTestParse09(void)
2055 {
2056  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2057 
2058  if (dd) {
2059  DetectAddressFree(dd);
2060  return 1;
2061  }
2062 
2063  return 0;
2064 }
2065 
2066 static int AddressTestParse10(void)
2067 {
2068  int result = 1;
2069  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2070 
2071  if (dd) {
2072  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2073  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2074 
2075  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2076  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2077  DetectAddressPrint(dd);
2078  result = 0;
2079  }
2080 
2081  DetectAddressFree(dd);
2082  return result;
2083  }
2084 
2085  return 0;
2086 }
2087 
2088 static int AddressTestParse11(void)
2089 {
2090  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2091 
2092  if (dd) {
2093  DetectAddressFree(dd);
2094  return 1;
2095  }
2096 
2097  return 0;
2098 }
2099 
2100 static int AddressTestParse12(void)
2101 {
2102  int result = 1;
2103  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2104 
2105  if (dd) {
2106  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2107  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2108 
2109  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2110  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2111  DetectAddressPrint(dd);
2112  result = 0;
2113  }
2114 
2115  DetectAddressFree(dd);
2116  return result;
2117  }
2118 
2119  return 0;
2120 }
2121 static int AddressTestParse13(void)
2122 {
2123  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2124 
2125  if (dd) {
2126  DetectAddressFree(dd);
2127  return 1;
2128  }
2129 
2130  return 0;
2131 }
2132 
2133 static int AddressTestParse14(void)
2134 {
2135  int result = 1;
2136  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2137 
2138  if (dd) {
2139  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2140  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2141 
2142  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2143  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2144  result = 0;
2145  }
2146 
2147  DetectAddressFree(dd);
2148  return result;
2149  }
2150 
2151  return 0;
2152 }
2153 
2154 static int AddressTestParse15(void)
2155 {
2156  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2157 
2158  if (dd) {
2159  DetectAddressFree(dd);
2160  return 1;
2161  }
2162 
2163  return 0;
2164 }
2165 
2166 static int AddressTestParse16(void)
2167 {
2168  int result = 1;
2169  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2170 
2171  if (dd) {
2172  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2173  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2174 
2175  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2176  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2177  result = 0;
2178  }
2179 
2180  DetectAddressFree(dd);
2181  return result;
2182  }
2183 
2184  return 0;
2185 }
2186 
2187 static int AddressTestParse17(void)
2188 {
2189  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2190 
2191  if (dd) {
2192  DetectAddressFree(dd);
2193  return 1;
2194  }
2195 
2196  return 0;
2197 }
2198 
2199 static int AddressTestParse18(void)
2200 {
2201  int result = 1;
2202  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2203 
2204  if (dd) {
2205  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2206  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2207  result = 0;
2208  }
2209 
2210  DetectAddressFree(dd);
2211  return result;
2212  }
2213 
2214  return 0;
2215 }
2216 
2217 static int AddressTestParse19(void)
2218 {
2219  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2220 
2221  if (dd) {
2222  DetectAddressFree(dd);
2223  return 0;
2224  }
2225 
2226  return 1;
2227 }
2228 
2229 static int AddressTestParse20(void)
2230 {
2231  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2232 
2233  if (dd) {
2234  DetectAddressFree(dd);
2235  return 1;
2236  }
2237 
2238  return 0;
2239 }
2240 
2241 static int AddressTestParse21(void)
2242 {
2243  int result = 1;
2244  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2245 
2246  if (dd) {
2247  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2248  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2249 
2250  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2251  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2252  result = 0;
2253  }
2254 
2255  DetectAddressFree(dd);
2256  return result;
2257  }
2258 
2259  return 0;
2260 }
2261 
2262 static int AddressTestParse22(void)
2263 {
2264  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2265 
2266  if (dd) {
2267  DetectAddressFree(dd);
2268  return 0;
2269  }
2270 
2271  return 1;
2272 }
2273 
2274 static int AddressTestParse23(void)
2275 {
2276  DetectAddressHead *gh = DetectAddressHeadInit();
2277  FAIL_IF_NULL(gh);
2278  int r = DetectAddressParse(NULL, gh, "any");
2279  FAIL_IF_NOT(r == 0);
2280  DetectAddressHeadFree(gh);
2281  PASS;
2282 }
2283 
2284 static int AddressTestParse24(void)
2285 {
2286  DetectAddressHead *gh = DetectAddressHeadInit();
2287  FAIL_IF_NULL(gh);
2288  int r = DetectAddressParse(NULL, gh, "Any");
2289  FAIL_IF_NOT(r == 0);
2290  DetectAddressHeadFree(gh);
2291  PASS;
2292 }
2293 
2294 static int AddressTestParse25(void)
2295 {
2296  DetectAddressHead *gh = DetectAddressHeadInit();
2297  FAIL_IF_NULL(gh);
2298  int r = DetectAddressParse(NULL, gh, "ANY");
2299  FAIL_IF_NOT(r == 0);
2300  DetectAddressHeadFree(gh);
2301  PASS;
2302 }
2303 
2304 /** \test recursion limit */
2305 static int AddressTestParse26(void)
2306 {
2307  DetectAddressHead *gh = DetectAddressHeadInit();
2308  FAIL_IF_NULL(gh);
2309  /* exactly 64: should pass */
2310  int r = DetectAddressParse(NULL, gh,
2311  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2312  "1.2.3.4"
2313  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2314  );
2315  FAIL_IF_NOT(r == 0);
2316  DetectAddressHeadFree(gh);
2317  gh = DetectAddressHeadInit();
2318  FAIL_IF_NULL(gh);
2319  /* exactly 65: should fail */
2320  r = DetectAddressParse(NULL, gh,
2321  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2322  "1.2.3.4"
2323  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2324  );
2325  FAIL_IF(r == 0);
2326  DetectAddressHeadFree(gh);
2327  PASS;
2328 }
2329 
2330 static int AddressTestParse27(void)
2331 {
2332  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2333 
2334  if (dd) {
2335  DetectAddressFree(dd);
2336  return 1;
2337  }
2338 
2339  return 0;
2340 }
2341 
2342 static int AddressTestParse28(void)
2343 {
2344  int result = 0;
2345  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2346 
2347  if (dd) {
2348  if (dd->flags & ADDRESS_FLAG_NOT &&
2349  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2350  result = 1;
2351  }
2352 
2353  DetectAddressFree(dd);
2354  return result;
2355  }
2356 
2357  return 0;
2358 }
2359 
2360 static int AddressTestParse29(void)
2361 {
2362  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2363 
2364  if (dd) {
2365  DetectAddressFree(dd);
2366  return 1;
2367  }
2368 
2369  return 0;
2370 }
2371 
2372 static int AddressTestParse30(void)
2373 {
2374  int result = 0;
2375  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2376 
2377  if (dd) {
2378  if (dd->flags & ADDRESS_FLAG_NOT &&
2379  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2380  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2381  result = 1;
2382  }
2383 
2384  DetectAddressFree(dd);
2385  return result;
2386  }
2387 
2388  return 0;
2389 }
2390 
2391 /**
2392  * \test make sure !any is rejected
2393  */
2394 static int AddressTestParse31(void)
2395 {
2396  DetectAddress *dd = DetectAddressParseSingle("!any");
2397 
2398  if (dd) {
2399  DetectAddressFree(dd);
2400  return 0;
2401  }
2402 
2403  return 1;
2404 }
2405 
2406 static int AddressTestParse32(void)
2407 {
2408  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2409 
2410  if (dd) {
2411  DetectAddressFree(dd);
2412  return 1;
2413  }
2414 
2415  return 0;
2416 }
2417 
2418 static int AddressTestParse33(void)
2419 {
2420  int result = 0;
2421  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2422 
2423  if (dd) {
2424  if (dd->flags & ADDRESS_FLAG_NOT &&
2425  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2426  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2427  result = 1;
2428  }
2429 
2430  DetectAddressFree(dd);
2431  return result;
2432  }
2433 
2434  return 0;
2435 }
2436 
2437 static int AddressTestParse34(void)
2438 {
2439  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2440 
2441  if (dd) {
2442  DetectAddressFree(dd);
2443  return 1;
2444  }
2445 
2446  return 0;
2447 }
2448 
2449 static int AddressTestParse35(void)
2450 {
2451  int result = 0;
2452  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2453 
2454  if (dd) {
2455  if (dd->flags & ADDRESS_FLAG_NOT &&
2456  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2457  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2458 
2459  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2460  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2461  result = 1;
2462  }
2463 
2464  DetectAddressFree(dd);
2465  return result;
2466  }
2467 
2468  return 0;
2469 }
2470 
2471 static int AddressTestParse36(void)
2472 {
2473  int result = 1;
2474  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2475 
2476  if (dd) {
2477  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2478  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2479 
2480  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2481  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2482 
2483  DetectAddressPrint(dd);
2484  result = 0;
2485  }
2486  DetectAddressPrint(dd);
2487 
2488  DetectAddressFree(dd);
2489  return result;
2490  }
2491 
2492  return 0;
2493 }
2494 
2495 static int AddressTestParse37(void)
2496 {
2497  int result = 1;
2498  DetectAddress *dd = DetectAddressParseSingle("::/0");
2499 
2500  if (dd) {
2501  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2502  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2503 
2504  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2505  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2506  DetectAddressPrint(dd);
2507  result = 0;
2508  }
2509  DetectAddressPrint(dd);
2510 
2511  DetectAddressFree(dd);
2512  return result;
2513  }
2514 
2515  return 0;
2516 }
2517 
2518 static int AddressTestMatch01(void)
2519 {
2520  DetectAddress *dd = NULL;
2521  int result = 1;
2522  struct in_addr in;
2523  Address a;
2524 
2525  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2526  return 0;
2527  memset(&a, 0, sizeof(Address));
2528  a.family = AF_INET;
2529  a.addr_data32[0] = in.s_addr;
2530 
2531  dd = DetectAddressParseSingle("1.2.3.4/24");
2532  if (dd) {
2533  if (DetectAddressMatch(dd, &a) == 0)
2534  result = 0;
2535 
2536  DetectAddressFree(dd);
2537  return result;
2538  }
2539 
2540  return 0;
2541 }
2542 
2543 static int AddressTestMatch02(void)
2544 {
2545  DetectAddress *dd = NULL;
2546  int result = 1;
2547  struct in_addr in;
2548  Address a;
2549 
2550  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2551  return 0;
2552  memset(&a, 0, sizeof(Address));
2553  a.family = AF_INET;
2554  a.addr_data32[0] = in.s_addr;
2555 
2556  dd = DetectAddressParseSingle("1.2.3.4/25");
2557  if (dd) {
2558  if (DetectAddressMatch(dd, &a) == 0)
2559  result = 0;
2560 
2561  DetectAddressFree(dd);
2562  return result;
2563  }
2564 
2565  return 0;
2566 }
2567 
2568 static int AddressTestMatch03(void)
2569 {
2570  DetectAddress *dd = NULL;
2571  int result = 1;
2572  struct in_addr in;
2573  Address a;
2574 
2575  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2576  return 0;
2577  memset(&a, 0, sizeof(Address));
2578  a.family = AF_INET;
2579  a.addr_data32[0] = in.s_addr;
2580 
2581  dd = DetectAddressParseSingle("1.2.3.4/25");
2582  if (dd) {
2583  if (DetectAddressMatch(dd, &a) == 1)
2584  result = 0;
2585 
2586  DetectAddressFree(dd);
2587  return result;
2588  }
2589 
2590  return 0;
2591 }
2592 
2593 static int AddressTestMatch04(void)
2594 {
2595  DetectAddress *dd = NULL;
2596  int result = 1;
2597  struct in_addr in;
2598  Address a;
2599 
2600  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2601  return 0;
2602  memset(&a, 0, sizeof(Address));
2603  a.family = AF_INET;
2604  a.addr_data32[0] = in.s_addr;
2605 
2606  dd = DetectAddressParseSingle("1.2.3.4/25");
2607  if (dd) {
2608  if (DetectAddressMatch(dd, &a) == 1)
2609  result = 0;
2610 
2611  DetectAddressFree(dd);
2612  return result;
2613  }
2614 
2615  return 0;
2616 }
2617 
2618 static int AddressTestMatch05(void)
2619 {
2620  DetectAddress *dd = NULL;
2621  int result = 1;
2622  struct in_addr in;
2623  Address a;
2624 
2625  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2626  return 0;
2627  memset(&a, 0, sizeof(Address));
2628  a.family = AF_INET;
2629  a.addr_data32[0] = in.s_addr;
2630 
2631  dd = DetectAddressParseSingle("1.2.3.4/32");
2632  if (dd) {
2633  if (DetectAddressMatch(dd, &a) == 0)
2634  result = 0;
2635 
2636  DetectAddressFree(dd);
2637  return result;
2638  }
2639 
2640  return 0;
2641 }
2642 
2643 static int AddressTestMatch06(void)
2644 {
2645  DetectAddress *dd = NULL;
2646  int result = 1;
2647  struct in_addr in;
2648  Address a;
2649 
2650  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2651  return 0;
2652  memset(&a, 0, sizeof(Address));
2653  a.family = AF_INET;
2654  a.addr_data32[0] = in.s_addr;
2655 
2656  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2657  if (dd) {
2658  if (DetectAddressMatch(dd, &a) == 0)
2659  result = 0;
2660 
2661  DetectAddressFree(dd);
2662  return result;
2663  }
2664 
2665  return 0;
2666 }
2667 
2668 static int AddressTestMatch07(void)
2669 {
2670  DetectAddress *dd = NULL;
2671  int result = 1;
2672  struct in6_addr in6;
2673  Address a;
2674 
2675  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2676  return 0;
2677  memset(&a, 0, sizeof(Address));
2678  a.family = AF_INET6;
2679  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2680 
2681  dd = DetectAddressParseSingle("2001::/3");
2682  if (dd) {
2683  if (DetectAddressMatch(dd, &a) == 0)
2684  result = 0;
2685 
2686  DetectAddressFree(dd);
2687  return result;
2688  }
2689 
2690  return 0;
2691 }
2692 
2693 static int AddressTestMatch08(void)
2694 {
2695  DetectAddress *dd = NULL;
2696  int result = 1;
2697  struct in6_addr in6;
2698  Address a;
2699 
2700  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2701  return 0;
2702  memset(&a, 0, sizeof(Address));
2703  a.family = AF_INET6;
2704  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2705 
2706  dd = DetectAddressParseSingle("2001::/3");
2707  if (dd) {
2708  if (DetectAddressMatch(dd, &a) == 1)
2709  result = 0;
2710 
2711  DetectAddressFree(dd);
2712  return result;
2713  }
2714 
2715  return 0;
2716 }
2717 
2718 static int AddressTestMatch09(void)
2719 {
2720  DetectAddress *dd = NULL;
2721  int result = 1;
2722  struct in6_addr in6;
2723  Address a;
2724 
2725  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2726  return 0;
2727  memset(&a, 0, sizeof(Address));
2728  a.family = AF_INET6;
2729  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2730 
2731  dd = DetectAddressParseSingle("2001::1/128");
2732  if (dd) {
2733  if (DetectAddressMatch(dd, &a) == 1)
2734  result = 0;
2735 
2736  DetectAddressFree(dd);
2737  return result;
2738  }
2739 
2740  return 0;
2741 }
2742 
2743 static int AddressTestMatch10(void)
2744 {
2745  DetectAddress *dd = NULL;
2746  int result = 1;
2747  struct in6_addr in6;
2748  Address a;
2749 
2750  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2751  return 0;
2752  memset(&a, 0, sizeof(Address));
2753  a.family = AF_INET6;
2754  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2755 
2756  dd = DetectAddressParseSingle("2001::1/126");
2757  if (dd) {
2758  if (DetectAddressMatch(dd, &a) == 0)
2759  result = 0;
2760 
2761  DetectAddressFree(dd);
2762  return result;
2763  }
2764 
2765  return 0;
2766 }
2767 
2768 static int AddressTestMatch11(void)
2769 {
2770  DetectAddress *dd = NULL;
2771  int result = 1;
2772  struct in6_addr in6;
2773  Address a;
2774 
2775  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2776  return 0;
2777  memset(&a, 0, sizeof(Address));
2778  a.family = AF_INET6;
2779  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2780 
2781  dd = DetectAddressParseSingle("2001::1/127");
2782  if (dd) {
2783  if (DetectAddressMatch(dd, &a) == 1)
2784  result = 0;
2785 
2786  DetectAddressFree(dd);
2787  return result;
2788  }
2789 
2790  return 0;
2791 }
2792 
2793 static int AddressTestCmp01(void)
2794 {
2795  DetectAddress *da = NULL, *db = NULL;
2796  int result = 1;
2797 
2798  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2799  if (da == NULL) goto error;
2800  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2801  if (db == NULL) goto error;
2802 
2803  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2804  result = 0;
2805 
2806  DetectAddressFree(da);
2807  DetectAddressFree(db);
2808  return result;
2809 
2810 error:
2811  if (da) DetectAddressFree(da);
2812  if (db) DetectAddressFree(db);
2813  return 0;
2814 }
2815 
2816 static int AddressTestCmp02(void)
2817 {
2818  DetectAddress *da = NULL, *db = NULL;
2819  int result = 1;
2820 
2821  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2822  if (da == NULL) goto error;
2823  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2824  if (db == NULL) goto error;
2825 
2826  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2827  result = 0;
2828 
2829  DetectAddressFree(da);
2830  DetectAddressFree(db);
2831  return result;
2832 
2833 error:
2834  if (da) DetectAddressFree(da);
2835  if (db) DetectAddressFree(db);
2836  return 0;
2837 }
2838 
2839 static int AddressTestCmp03(void)
2840 {
2841  DetectAddress *da = NULL, *db = NULL;
2842  int result = 1;
2843 
2844  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2845  if (da == NULL) goto error;
2846  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2847  if (db == NULL) goto error;
2848 
2849  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2850  result = 0;
2851 
2852  DetectAddressFree(da);
2853  DetectAddressFree(db);
2854  return result;
2855 
2856 error:
2857  if (da) DetectAddressFree(da);
2858  if (db) DetectAddressFree(db);
2859  return 0;
2860 }
2861 
2862 static int AddressTestCmp04(void)
2863 {
2864  DetectAddress *da = NULL, *db = NULL;
2865  int result = 1;
2866 
2867  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2868  if (da == NULL) goto error;
2869  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2870  if (db == NULL) goto error;
2871 
2872  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2873  result = 0;
2874 
2875  DetectAddressFree(da);
2876  DetectAddressFree(db);
2877  return result;
2878 
2879 error:
2880  if (da) DetectAddressFree(da);
2881  if (db) DetectAddressFree(db);
2882  return 0;
2883 }
2884 
2885 static int AddressTestCmp05(void)
2886 {
2887  DetectAddress *da = NULL, *db = NULL;
2888  int result = 1;
2889 
2890  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2891  if (da == NULL) goto error;
2892  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2893  if (db == NULL) goto error;
2894 
2895  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2896  result = 0;
2897 
2898  DetectAddressFree(da);
2899  DetectAddressFree(db);
2900  return result;
2901 
2902 error:
2903  if (da) DetectAddressFree(da);
2904  if (db) DetectAddressFree(db);
2905  return 0;
2906 }
2907 
2908 static int AddressTestCmp06(void)
2909 {
2910  DetectAddress *da = NULL, *db = NULL;
2911  int result = 1;
2912 
2913  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2914  if (da == NULL) goto error;
2915  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2916  if (db == NULL) goto error;
2917 
2918  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2919  result = 0;
2920 
2921  DetectAddressFree(da);
2922  DetectAddressFree(db);
2923  return result;
2924 
2925 error:
2926  if (da) DetectAddressFree(da);
2927  if (db) DetectAddressFree(db);
2928  return 0;
2929 }
2930 
2931 static int AddressTestCmpIPv407(void)
2932 {
2933  DetectAddress *da = NULL, *db = NULL;
2934  int result = 1;
2935 
2936  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2937  if (da == NULL) goto error;
2938  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2939  if (db == NULL) goto error;
2940 
2941  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2942  result = 0;
2943 
2944  DetectAddressFree(da);
2945  DetectAddressFree(db);
2946  return result;
2947 
2948 error:
2949  if (da) DetectAddressFree(da);
2950  if (db) DetectAddressFree(db);
2951  return 0;
2952 }
2953 
2954 static int AddressTestCmpIPv408(void)
2955 {
2956  DetectAddress *da = NULL, *db = NULL;
2957  int result = 1;
2958 
2959  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2960  if (da == NULL) goto error;
2961  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2962  if (db == NULL) goto error;
2963 
2964  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2965  result = 0;
2966 
2967  DetectAddressFree(da);
2968  DetectAddressFree(db);
2969  return result;
2970 
2971 error:
2972  if (da) DetectAddressFree(da);
2973  if (db) DetectAddressFree(db);
2974  return 0;
2975 }
2976 
2977 static int AddressTestCmp07(void)
2978 {
2979  DetectAddress *da = NULL, *db = NULL;
2980  int result = 1;
2981 
2982  da = DetectAddressParseSingle("2001::/3");
2983  if (da == NULL) goto error;
2984  db = DetectAddressParseSingle("2001::1/3");
2985  if (db == NULL) goto error;
2986 
2987  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2988  result = 0;
2989 
2990  DetectAddressFree(da);
2991  DetectAddressFree(db);
2992  return result;
2993 
2994 error:
2995  if (da) DetectAddressFree(da);
2996  if (db) DetectAddressFree(db);
2997  return 0;
2998 }
2999 
3000 static int AddressTestCmp08(void)
3001 {
3002  DetectAddress *da = NULL, *db = NULL;
3003  int result = 1;
3004 
3005  da = DetectAddressParseSingle("2001::/3");
3006  if (da == NULL) goto error;
3007  db = DetectAddressParseSingle("2001::/8");
3008  if (db == NULL) goto error;
3009 
3010  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3011  result = 0;
3012 
3013  DetectAddressFree(da);
3014  DetectAddressFree(db);
3015  return result;
3016 
3017 error:
3018  if (da) DetectAddressFree(da);
3019  if (db) DetectAddressFree(db);
3020  return 0;
3021 }
3022 
3023 static int AddressTestCmp09(void)
3024 {
3025  DetectAddress *da = NULL, *db = NULL;
3026  int result = 1;
3027 
3028  da = DetectAddressParseSingle("2001::/8");
3029  if (da == NULL) goto error;
3030  db = DetectAddressParseSingle("2001::/3");
3031  if (db == NULL) goto error;
3032 
3033  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3034  result = 0;
3035 
3036  DetectAddressFree(da);
3037  DetectAddressFree(db);
3038  return result;
3039 
3040 error:
3041  if (da) DetectAddressFree(da);
3042  if (db) DetectAddressFree(db);
3043  return 0;
3044 }
3045 
3046 static int AddressTestCmp10(void)
3047 {
3048  DetectAddress *da = NULL, *db = NULL;
3049  int result = 1;
3050 
3051  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3052  if (da == NULL) goto error;
3053  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3054  if (db == NULL) goto error;
3055 
3056  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3057  result = 0;
3058 
3059  DetectAddressFree(da);
3060  DetectAddressFree(db);
3061  return result;
3062 
3063 error:
3064  if (da) DetectAddressFree(da);
3065  if (db) DetectAddressFree(db);
3066  return 0;
3067 }
3068 
3069 static int AddressTestCmp11(void)
3070 {
3071  DetectAddress *da = NULL, *db = NULL;
3072  int result = 1;
3073 
3074  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3075  if (da == NULL) goto error;
3076  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3077  if (db == NULL) goto error;
3078 
3079  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3080  result = 0;
3081 
3082  DetectAddressFree(da);
3083  DetectAddressFree(db);
3084  return result;
3085 
3086 error:
3087  if (da) DetectAddressFree(da);
3088  if (db) DetectAddressFree(db);
3089  return 0;
3090 }
3091 
3092 static int AddressTestCmp12(void)
3093 {
3094  DetectAddress *da = NULL, *db = NULL;
3095  int result = 1;
3096 
3097  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3098  if (da == NULL) goto error;
3099  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3100  if (db == NULL) goto error;
3101 
3102  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3103  result = 0;
3104 
3105  DetectAddressFree(da);
3106  DetectAddressFree(db);
3107  return result;
3108 
3109 error:
3110  if (da) DetectAddressFree(da);
3111  if (db) DetectAddressFree(db);
3112  return 0;
3113 }
3114 
3115 static int AddressTestAddressGroupSetup01(void)
3116 {
3117  int result = 0;
3118  DetectAddressHead *gh = DetectAddressHeadInit();
3119 
3120  if (gh != NULL) {
3121  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3122  if (r == 0)
3123  result = 1;
3124 
3125  DetectAddressHeadFree(gh);
3126  }
3127  return result;
3128 }
3129 
3130 static int AddressTestAddressGroupSetup02(void)
3131 {
3132  int result = 0;
3133  DetectAddressHead *gh = DetectAddressHeadInit();
3134 
3135  if (gh != NULL) {
3136  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3137  if (r == 0 && gh->ipv4_head != NULL)
3138  result = 1;
3139 
3140  DetectAddressHeadFree(gh);
3141  }
3142  return result;
3143 }
3144 
3145 static int AddressTestAddressGroupSetup03(void)
3146 {
3147  int result = 0;
3148  DetectAddressHead *gh = DetectAddressHeadInit();
3149 
3150  if (gh != NULL) {
3151  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3152  if (r == 0 && gh->ipv4_head != NULL) {
3153  DetectAddress *prev_head = gh->ipv4_head;
3154 
3155  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3156  if (r == 0 && gh->ipv4_head != prev_head &&
3157  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3158  result = 1;
3159  }
3160  }
3161 
3162  DetectAddressHeadFree(gh);
3163  }
3164  return result;
3165 }
3166 
3167 static int AddressTestAddressGroupSetup04(void)
3168 {
3169  int result = 0;
3170  DetectAddressHead *gh = DetectAddressHeadInit();
3171 
3172  if (gh != NULL) {
3173  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3174  if (r == 0 && gh->ipv4_head != NULL) {
3175  DetectAddress *prev_head = gh->ipv4_head;
3176 
3177  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3178  if (r == 0 && gh->ipv4_head != prev_head &&
3179  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3180  DetectAddress *ph = gh->ipv4_head;
3181 
3182  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3183  if (r == 0 && gh->ipv4_head != ph &&
3184  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3185  result = 1;
3186  }
3187  }
3188  }
3189 
3190  DetectAddressHeadFree(gh);
3191  }
3192  return result;
3193 }
3194 
3195 static int AddressTestAddressGroupSetup05(void)
3196 {
3197  int result = 0;
3198  DetectAddressHead *gh = DetectAddressHeadInit();
3199 
3200  if (gh != NULL) {
3201  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3202  if (r == 0 && gh->ipv4_head != NULL) {
3203  DetectAddress *prev_head = gh->ipv4_head;
3204 
3205  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3206  if (r == 0 && gh->ipv4_head == prev_head &&
3207  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3208  DetectAddress *ph = gh->ipv4_head;
3209 
3210  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3211  if (r == 0 && gh->ipv4_head == ph &&
3212  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3213  result = 1;
3214  }
3215  }
3216  }
3217 
3218  DetectAddressHeadFree(gh);
3219  }
3220  return result;
3221 }
3222 
3223 static int AddressTestAddressGroupSetup06(void)
3224 {
3225  int result = 0;
3226  DetectAddressHead *gh = DetectAddressHeadInit();
3227 
3228  if (gh != NULL) {
3229  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3230  if (r == 0 && gh->ipv4_head != NULL) {
3231  DetectAddress *prev_head = gh->ipv4_head;
3232 
3233  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3234  if (r == 0 && gh->ipv4_head == prev_head &&
3235  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3236  result = 1;
3237  }
3238  }
3239 
3240  DetectAddressHeadFree(gh);
3241  }
3242  return result;
3243 }
3244 
3245 static int AddressTestAddressGroupSetup07(void)
3246 {
3247  int result = 0;
3248  DetectAddressHead *gh = DetectAddressHeadInit();
3249 
3250  if (gh != NULL) {
3251  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3252  if (r == 0 && gh->ipv4_head != NULL) {
3253  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3254  if (r == 0 && gh->ipv4_head != NULL &&
3255  gh->ipv4_head->next != NULL &&
3256  gh->ipv4_head->next->next != NULL) {
3257  result = 1;
3258  }
3259  }
3260 
3261  DetectAddressHeadFree(gh);
3262  }
3263  return result;
3264 }
3265 
3266 static int AddressTestAddressGroupSetup08(void)
3267 {
3268  int result = 0;
3269  DetectAddressHead *gh = DetectAddressHeadInit();
3270 
3271  if (gh != NULL) {
3272  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3273  if (r == 0 && gh->ipv4_head != NULL) {
3274  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3275  if (r == 0 && gh->ipv4_head != NULL &&
3276  gh->ipv4_head->next != NULL &&
3277  gh->ipv4_head->next->next != NULL) {
3278  result = 1;
3279  }
3280  }
3281 
3282  DetectAddressHeadFree(gh);
3283  }
3284  return result;
3285 }
3286 
3287 static int AddressTestAddressGroupSetup09(void)
3288 {
3289  int result = 0;
3290  DetectAddressHead *gh = DetectAddressHeadInit();
3291 
3292  if (gh != NULL) {
3293  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3294  if (r == 0 && gh->ipv4_head != NULL) {
3295  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3296  if (r == 0 && gh->ipv4_head != NULL &&
3297  gh->ipv4_head->next != NULL &&
3298  gh->ipv4_head->next->next != NULL) {
3299  result = 1;
3300  }
3301  }
3302 
3303  DetectAddressHeadFree(gh);
3304  }
3305  return result;
3306 }
3307 
3308 static int AddressTestAddressGroupSetup10(void)
3309 {
3310  int result = 0;
3311  DetectAddressHead *gh = DetectAddressHeadInit();
3312 
3313  if (gh != NULL) {
3314  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3315  if (r == 0 && gh->ipv4_head != NULL) {
3316  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3317  if (r == 0 && gh->ipv4_head != NULL &&
3318  gh->ipv4_head->next != NULL &&
3319  gh->ipv4_head->next->next != NULL) {
3320  result = 1;
3321  }
3322  }
3323 
3324  DetectAddressHeadFree(gh);
3325  }
3326  return result;
3327 }
3328 
3329 static int AddressTestAddressGroupSetup11(void)
3330 {
3331  int result = 0;
3332  DetectAddressHead *gh = DetectAddressHeadInit();
3333 
3334  if (gh != NULL) {
3335  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3336  if (r == 0) {
3337  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3338  if (r == 0) {
3339  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3340  if (r == 0) {
3341  DetectAddress *one = gh->ipv4_head, *two = one->next,
3342  *three = two->next, *four = three->next,
3343  *five = four->next;
3344 
3345  /* result should be:
3346  * 0.0.0.0/10.10.9.255
3347  * 10.10.10.0/10.10.10.9
3348  * 10.10.10.10/10.10.10.255
3349  * 10.10.11.0/10.10.11.1
3350  * 10.10.11.2/255.255.255.255
3351  */
3352  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3353  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3354  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3355  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3356  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3357  result = 1;
3358  }
3359  }
3360  }
3361  }
3362 
3363  DetectAddressHeadFree(gh);
3364  }
3365  return result;
3366 }
3367 
3368 static int AddressTestAddressGroupSetup12 (void)
3369 {
3370  int result = 0;
3371  DetectAddressHead *gh = DetectAddressHeadInit();
3372 
3373  if (gh != NULL) {
3374  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3375  if (r == 0) {
3376  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3377  if (r == 0) {
3378  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3379  if (r == 0) {
3380  DetectAddress *one = gh->ipv4_head, *two = one->next,
3381  *three = two->next, *four = three->next,
3382  *five = four->next;
3383 
3384  /* result should be:
3385  * 0.0.0.0/10.10.9.255
3386  * 10.10.10.0/10.10.10.9
3387  * 10.10.10.10/10.10.10.255
3388  * 10.10.11.0/10.10.11.1
3389  * 10.10.11.2/255.255.255.255
3390  */
3391  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3392  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3393  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3394  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3395  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3396  result = 1;
3397  }
3398  }
3399  }
3400  }
3401 
3402  DetectAddressHeadFree(gh);
3403  }
3404  return result;
3405 }
3406 
3407 static int AddressTestAddressGroupSetup13(void)
3408 {
3409  int result = 0;
3410  DetectAddressHead *gh = DetectAddressHeadInit();
3411 
3412  if (gh != NULL) {
3413  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3414  if (r == 0) {
3415  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3416  if (r == 0) {
3417  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3418  if (r == 0) {
3419  DetectAddress *one = gh->ipv4_head, *two = one->next,
3420  *three = two->next, *four = three->next,
3421  *five = four->next;
3422 
3423  /* result should be:
3424  * 0.0.0.0/10.10.9.255
3425  * 10.10.10.0/10.10.10.9
3426  * 10.10.10.10/10.10.10.255
3427  * 10.10.11.0/10.10.11.1
3428  * 10.10.11.2/255.255.255.255
3429  */
3430  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3431  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3432  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3433  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3434  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3435  result = 1;
3436  }
3437  }
3438  }
3439  }
3440 
3441  DetectAddressHeadFree(gh);
3442  }
3443  return result;
3444 }
3445 
3446 static int AddressTestAddressGroupSetupIPv414(void)
3447 {
3448  DetectAddressHead *gh = DetectAddressHeadInit();
3449  FAIL_IF_NULL(gh);
3450 
3451  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3452  FAIL_IF_NOT(r == 1);
3453 
3454  DetectAddress *one = gh->ipv4_head;
3455  FAIL_IF_NULL(one);
3456  DetectAddress *two = one->next;
3457  FAIL_IF_NULL(two);
3458 
3459  /* result should be:
3460  * 0.0.0.0/1.2.3.3
3461  * 1.2.3.5/255.255.255.255
3462  */
3463  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3464  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3465  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3466  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3467  DetectAddressHeadFree(gh);
3468 
3469  PASS;
3470 }
3471 
3472 static int AddressTestAddressGroupSetupIPv415(void)
3473 {
3474  DetectAddressHead *gh = DetectAddressHeadInit();
3475  FAIL_IF_NULL(gh);
3476 
3477  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3478  FAIL_IF_NOT(r == 1);
3479 
3480  DetectAddress *one = gh->ipv4_head;
3481  FAIL_IF_NULL(one);
3482  FAIL_IF_NOT_NULL(one->next);
3483 
3484  /* result should be:
3485  * 0.0.0.1/255.255.255.255
3486  */
3487  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3488  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3489 
3490  DetectAddressHeadFree(gh);
3491  PASS;
3492 }
3493 
3494 static int AddressTestAddressGroupSetupIPv416(void)
3495 {
3496  DetectAddressHead *gh = DetectAddressHeadInit();
3497  FAIL_IF_NULL(gh);
3498 
3499  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3500  FAIL_IF_NOT(r == 1);
3501 
3502  DetectAddress *one = gh->ipv4_head;
3503  FAIL_IF_NULL(one);
3504  FAIL_IF_NOT_NULL(one->next);
3505 
3506  /* result should be:
3507  * 0.0.0.0/255.255.255.254
3508  */
3509  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3510  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3511 
3512  DetectAddressHeadFree(gh);
3513  PASS;
3514 }
3515 
3516 static int AddressTestAddressGroupSetup14(void)
3517 {
3518  int result = 0;
3519  DetectAddressHead *gh = DetectAddressHeadInit();
3520 
3521  if (gh != NULL) {
3522  int r = DetectAddressParse(NULL, gh, "2001::1");
3523  if (r == 0)
3524  result = 1;
3525 
3526  DetectAddressHeadFree(gh);
3527  }
3528  return result;
3529 }
3530 
3531 static int AddressTestAddressGroupSetup15(void)
3532 {
3533  int result = 0;
3534  DetectAddressHead *gh = DetectAddressHeadInit();
3535 
3536  if (gh != NULL) {
3537  int r = DetectAddressParse(NULL, gh, "2001::1");
3538  if (r == 0 && gh->ipv6_head != NULL)
3539  result = 1;
3540 
3541  DetectAddressHeadFree(gh);
3542  }
3543  return result;
3544 }
3545 
3546 static int AddressTestAddressGroupSetup16(void)
3547 {
3548  int result = 0;
3549  DetectAddressHead *gh = DetectAddressHeadInit();
3550 
3551  if (gh != NULL) {
3552  int r = DetectAddressParse(NULL, gh, "2001::4");
3553  if (r == 0 && gh->ipv6_head != NULL) {
3554  DetectAddress *prev_head = gh->ipv6_head;
3555 
3556  r = DetectAddressParse(NULL, gh, "2001::3");
3557  if (r == 0 && gh->ipv6_head != prev_head &&
3558  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3559  result = 1;
3560  }
3561  }
3562 
3563  DetectAddressHeadFree(gh);
3564  }
3565  return result;
3566 }
3567 
3568 static int AddressTestAddressGroupSetup17(void)
3569 {
3570  int result = 0;
3571  DetectAddressHead *gh = DetectAddressHeadInit();
3572 
3573  if (gh != NULL) {
3574  int r = DetectAddressParse(NULL, gh, "2001::4");
3575  if (r == 0 && gh->ipv6_head != NULL) {
3576  DetectAddress *prev_head = gh->ipv6_head;
3577 
3578  r = DetectAddressParse(NULL, gh, "2001::3");
3579  if (r == 0 && gh->ipv6_head != prev_head &&
3580  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3581  DetectAddress *ph = gh->ipv6_head;
3582 
3583  r = DetectAddressParse(NULL, gh, "2001::2");
3584  if (r == 0 && gh->ipv6_head != ph &&
3585  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3586  result = 1;
3587  }
3588  }
3589  }
3590 
3591  DetectAddressHeadFree(gh);
3592  }
3593  return result;
3594 }
3595 
3596 static int AddressTestAddressGroupSetup18(void)
3597 {
3598  int result = 0;
3599  DetectAddressHead *gh = DetectAddressHeadInit();
3600 
3601  if (gh != NULL) {
3602  int r = DetectAddressParse(NULL, gh, "2001::2");
3603  if (r == 0 && gh->ipv6_head != NULL) {
3604  DetectAddress *prev_head = gh->ipv6_head;
3605 
3606  r = DetectAddressParse(NULL, gh, "2001::3");
3607  if (r == 0 && gh->ipv6_head == prev_head &&
3608  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3609  DetectAddress *ph = gh->ipv6_head;
3610 
3611  r = DetectAddressParse(NULL, gh, "2001::4");
3612  if (r == 0 && gh->ipv6_head == ph &&
3613  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3614  result = 1;
3615  }
3616  }
3617  }
3618 
3619  DetectAddressHeadFree(gh);
3620  }
3621  return result;
3622 }
3623 
3624 static int AddressTestAddressGroupSetup19(void)
3625 {
3626  int result = 0;
3627  DetectAddressHead *gh = DetectAddressHeadInit();
3628 
3629  if (gh != NULL) {
3630  int r = DetectAddressParse(NULL, gh, "2001::2");
3631  if (r == 0 && gh->ipv6_head != NULL) {
3632  DetectAddress *prev_head = gh->ipv6_head;
3633 
3634  r = DetectAddressParse(NULL, gh, "2001::2");
3635  if (r == 0 && gh->ipv6_head == prev_head &&
3636  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3637  result = 1;
3638  }
3639  }
3640 
3641  DetectAddressHeadFree(gh);
3642  }
3643  return result;
3644 }
3645 
3646 static int AddressTestAddressGroupSetup20(void)
3647 {
3648  int result = 0;
3649  DetectAddressHead *gh = DetectAddressHeadInit();
3650 
3651  if (gh != NULL) {
3652  int r = DetectAddressParse(NULL, gh, "2000::/3");
3653  if (r == 0 && gh->ipv6_head != NULL) {
3654  r = DetectAddressParse(NULL, gh, "2001::4");
3655  if (r == 0 && gh->ipv6_head != NULL &&
3656  gh->ipv6_head->next != NULL &&
3657  gh->ipv6_head->next->next != NULL) {
3658  result = 1;
3659  }
3660  }
3661 
3662  DetectAddressHeadFree(gh);
3663  }
3664  return result;
3665 }
3666 
3667 static int AddressTestAddressGroupSetup21(void)
3668 {
3669  int result = 0;
3670  DetectAddressHead *gh = DetectAddressHeadInit();
3671 
3672  if (gh != NULL) {
3673  int r = DetectAddressParse(NULL, gh, "2001::4");
3674  if (r == 0 && gh->ipv6_head != NULL) {
3675  r = DetectAddressParse(NULL, gh, "2000::/3");
3676  if (r == 0 && gh->ipv6_head != NULL &&
3677  gh->ipv6_head->next != NULL &&
3678  gh->ipv6_head->next->next != NULL) {
3679  result = 1;
3680  }
3681  }
3682 
3683  DetectAddressHeadFree(gh);
3684  }
3685  return result;
3686 }
3687 
3688 static int AddressTestAddressGroupSetup22(void)
3689 {
3690  int result = 0;
3691  DetectAddressHead *gh = DetectAddressHeadInit();
3692 
3693  if (gh != NULL) {
3694  int r = DetectAddressParse(NULL, gh, "2000::/3");
3695  if (r == 0 && gh->ipv6_head != NULL) {
3696  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3697  if (r == 0 && gh->ipv6_head != NULL &&
3698  gh->ipv6_head->next != NULL &&
3699  gh->ipv6_head->next->next != NULL) {
3700  result = 1;
3701  }
3702  }
3703 
3704  DetectAddressHeadFree(gh);
3705  }
3706  return result;
3707 }
3708 
3709 static int AddressTestAddressGroupSetup23(void)
3710 {
3711  int result = 0;
3712  DetectAddressHead *gh = DetectAddressHeadInit();
3713 
3714  if (gh != NULL) {
3715  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3716  if (r == 0 && gh->ipv6_head != NULL) {
3717  r = DetectAddressParse(NULL, gh, "2000::/3");
3718  if (r == 0 && gh->ipv6_head != NULL &&
3719  gh->ipv6_head->next != NULL &&
3720  gh->ipv6_head->next->next != NULL) {
3721  result = 1;
3722  }
3723  }
3724 
3725  DetectAddressHeadFree(gh);
3726  }
3727  return result;
3728 }
3729 
3730 static int AddressTestAddressGroupSetup24(void)
3731 {
3732  int result = 0;
3733  DetectAddressHead *gh = DetectAddressHeadInit();
3734 
3735  if (gh != NULL) {
3736  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3737  if (r == 0) {
3738  r = DetectAddressParse(NULL, gh, "2001::/3");
3739  if (r == 0) {
3740  r = DetectAddressParse(NULL, gh, "::/0");
3741  if (r == 0) {
3742  DetectAddress *one = gh->ipv6_head, *two = one->next,
3743  *three = two->next, *four = three->next,
3744  *five = four->next;
3745  if (one->ip.addr_data32[0] == 0x00000000 &&
3746  one->ip.addr_data32[1] == 0x00000000 &&
3747  one->ip.addr_data32[2] == 0x00000000 &&
3748  one->ip.addr_data32[3] == 0x00000000 &&
3749  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3750  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3751  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3752  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3753 
3754  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3755  two->ip.addr_data32[1] == 0x00000000 &&
3756  two->ip.addr_data32[2] == 0x00000000 &&
3757  two->ip.addr_data32[3] == 0x00000000 &&
3758  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3759  two->ip2.addr_data32[1] == 0x00000000 &&
3760  two->ip2.addr_data32[2] == 0x00000000 &&
3761  two->ip2.addr_data32[3] == SCNtohl(3) &&
3762 
3763  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3764  three->ip.addr_data32[1] == 0x00000000 &&
3765  three->ip.addr_data32[2] == 0x00000000 &&
3766  three->ip.addr_data32[3] == SCNtohl(4) &&
3767  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3768  three->ip2.addr_data32[1] == 0x00000000 &&
3769  three->ip2.addr_data32[2] == 0x00000000 &&
3770  three->ip2.addr_data32[3] == SCNtohl(6) &&
3771 
3772  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3773  four->ip.addr_data32[1] == 0x00000000 &&
3774  four->ip.addr_data32[2] == 0x00000000 &&
3775  four->ip.addr_data32[3] == SCNtohl(7) &&
3776  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3777  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3778  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3779  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3780 
3781  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3782  five->ip.addr_data32[1] == 0x00000000 &&
3783  five->ip.addr_data32[2] == 0x00000000 &&
3784  five->ip.addr_data32[3] == 0x00000000 &&
3785  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3786  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3787  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3788  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3789  result = 1;
3790  }
3791  }
3792  }
3793  }
3794 
3795  DetectAddressHeadFree(gh);
3796  }
3797  return result;
3798 }
3799 
3800 static int AddressTestAddressGroupSetup25(void)
3801 {
3802  int result = 0;
3803  DetectAddressHead *gh = DetectAddressHeadInit();
3804 
3805  if (gh != NULL) {
3806  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3807  if (r == 0) {
3808  r = DetectAddressParse(NULL, gh, "::/0");
3809  if (r == 0) {
3810  r = DetectAddressParse(NULL, gh, "2001::/3");
3811  if (r == 0) {
3812  DetectAddress *one = gh->ipv6_head, *two = one->next,
3813  *three = two->next, *four = three->next,
3814  *five = four->next;
3815  if (one->ip.addr_data32[0] == 0x00000000 &&
3816  one->ip.addr_data32[1] == 0x00000000 &&
3817  one->ip.addr_data32[2] == 0x00000000 &&
3818  one->ip.addr_data32[3] == 0x00000000 &&
3819  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3820  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3821  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3822  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3823 
3824  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3825  two->ip.addr_data32[1] == 0x00000000 &&
3826  two->ip.addr_data32[2] == 0x00000000 &&
3827  two->ip.addr_data32[3] == 0x00000000 &&
3828  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3829  two->ip2.addr_data32[1] == 0x00000000 &&
3830  two->ip2.addr_data32[2] == 0x00000000 &&
3831  two->ip2.addr_data32[3] == SCNtohl(3) &&
3832 
3833  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3834  three->ip.addr_data32[1] == 0x00000000 &&
3835  three->ip.addr_data32[2] == 0x00000000 &&
3836  three->ip.addr_data32[3] == SCNtohl(4) &&
3837  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3838  three->ip2.addr_data32[1] == 0x00000000 &&
3839  three->ip2.addr_data32[2] == 0x00000000 &&
3840  three->ip2.addr_data32[3] == SCNtohl(6) &&
3841 
3842  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3843  four->ip.addr_data32[1] == 0x00000000 &&
3844  four->ip.addr_data32[2] == 0x00000000 &&
3845  four->ip.addr_data32[3] == SCNtohl(7) &&
3846  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3847  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3848  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3849  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3850 
3851  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3852  five->ip.addr_data32[1] == 0x00000000 &&
3853  five->ip.addr_data32[2] == 0x00000000 &&
3854  five->ip.addr_data32[3] == 0x00000000 &&
3855  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3856  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3857  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3858  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3859  result = 1;
3860  }
3861  }
3862  }
3863  }
3864 
3865  DetectAddressHeadFree(gh);
3866  }
3867  return result;
3868 }
3869 
3870 static int AddressTestAddressGroupSetup26(void)
3871 {
3872  int result = 0;
3873  DetectAddressHead *gh = DetectAddressHeadInit();
3874 
3875  if (gh != NULL) {
3876  int r = DetectAddressParse(NULL, gh, "::/0");
3877  if (r == 0) {
3878  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3879  if (r == 0) {
3880  r = DetectAddressParse(NULL, gh, "2001::/3");
3881  if (r == 0) {
3882  DetectAddress *one = gh->ipv6_head, *two = one->next,
3883  *three = two->next, *four = three->next,
3884  *five = four->next;
3885  if (one->ip.addr_data32[0] == 0x00000000 &&
3886  one->ip.addr_data32[1] == 0x00000000 &&
3887  one->ip.addr_data32[2] == 0x00000000 &&
3888  one->ip.addr_data32[3] == 0x00000000 &&
3889  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3890  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3891  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3892  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3893 
3894  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3895  two->ip.addr_data32[1] == 0x00000000 &&
3896  two->ip.addr_data32[2] == 0x00000000 &&
3897  two->ip.addr_data32[3] == 0x00000000 &&
3898  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3899  two->ip2.addr_data32[1] == 0x00000000 &&
3900  two->ip2.addr_data32[2] == 0x00000000 &&
3901  two->ip2.addr_data32[3] == SCNtohl(3) &&
3902 
3903  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3904  three->ip.addr_data32[1] == 0x00000000 &&
3905  three->ip.addr_data32[2] == 0x00000000 &&
3906  three->ip.addr_data32[3] == SCNtohl(4) &&
3907  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3908  three->ip2.addr_data32[1] == 0x00000000 &&
3909  three->ip2.addr_data32[2] == 0x00000000 &&
3910  three->ip2.addr_data32[3] == SCNtohl(6) &&
3911 
3912  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3913  four->ip.addr_data32[1] == 0x00000000 &&
3914  four->ip.addr_data32[2] == 0x00000000 &&
3915  four->ip.addr_data32[3] == SCNtohl(7) &&
3916  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3917  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3918  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3919  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3920 
3921  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3922  five->ip.addr_data32[1] == 0x00000000 &&
3923  five->ip.addr_data32[2] == 0x00000000 &&
3924  five->ip.addr_data32[3] == 0x00000000 &&
3925  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3926  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3927  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3928  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3929  result = 1;
3930  }
3931  }
3932  }
3933  }
3934 
3935  DetectAddressHeadFree(gh);
3936  }
3937  return result;
3938 }
3939 
3940 static int AddressTestAddressGroupSetup27(void)
3941 {
3942  int result = 0;
3943  DetectAddressHead *gh = DetectAddressHeadInit();
3944 
3945  if (gh != NULL) {
3946  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3947  if (r == 0)
3948  result = 1;
3949 
3950  DetectAddressHeadFree(gh);
3951  }
3952  return result;
3953 }
3954 
3955 static int AddressTestAddressGroupSetup28(void)
3956 {
3957  int result = 0;
3958  DetectAddressHead *gh = DetectAddressHeadInit();
3959 
3960  if (gh != NULL) {
3961  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3962  if (r == 0)
3963  result = 1;
3964 
3965  DetectAddressHeadFree(gh);
3966  }
3967  return result;
3968 }
3969 
3970 static int AddressTestAddressGroupSetup29(void)
3971 {
3972  int result = 0;
3973  DetectAddressHead *gh = DetectAddressHeadInit();
3974 
3975  if (gh != NULL) {
3976  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3977  if (r == 0)
3978  result = 1;
3979 
3980  DetectAddressHeadFree(gh);
3981  }
3982  return result;
3983 }
3984 
3985 static int AddressTestAddressGroupSetup30(void)
3986 {
3987  int result = 0;
3988  DetectAddressHead *gh = DetectAddressHeadInit();
3989 
3990  if (gh != NULL) {
3991  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3992  if (r == 0)
3993  result = 1;
3994 
3995  DetectAddressHeadFree(gh);
3996  }
3997  return result;
3998 }
3999 
4000 static int AddressTestAddressGroupSetup31(void)
4001 {
4002  int result = 0;
4003  DetectAddressHead *gh = DetectAddressHeadInit();
4004 
4005  if (gh != NULL) {
4006  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4007  if (r == 0)
4008  result = 1;
4009 
4010  DetectAddressHeadFree(gh);
4011  }
4012  return result;
4013 }
4014 
4015 static int AddressTestAddressGroupSetup32(void)
4016 {
4017  int result = 0;
4018  DetectAddressHead *gh = DetectAddressHeadInit();
4019 
4020  if (gh != NULL) {
4021  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4022  if (r == 0)
4023  result = 1;
4024 
4025  DetectAddressHeadFree(gh);
4026  }
4027  return result;
4028 }
4029 
4030 static int AddressTestAddressGroupSetup33(void)
4031 {
4032  int result = 0;
4033  DetectAddressHead *gh = DetectAddressHeadInit();
4034 
4035  if (gh != NULL) {
4036  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4037  if (r == 1)
4038  result = 1;
4039 
4040  DetectAddressHeadFree(gh);
4041  }
4042  return result;
4043 }
4044 
4045 static int AddressTestAddressGroupSetup34(void)
4046 {
4047  int result = 0;
4048  DetectAddressHead *gh = DetectAddressHeadInit();
4049 
4050  if (gh != NULL) {
4051  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4052  if (r == 1)
4053  result = 1;
4054 
4055  DetectAddressHeadFree(gh);
4056  }
4057  return result;
4058 }
4059 
4060 static int AddressTestAddressGroupSetup35(void)
4061 {
4062  int result = 0;
4063  DetectAddressHead *gh = DetectAddressHeadInit();
4064 
4065  if (gh != NULL) {
4066  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4067  if (r == 1)
4068  result = 1;
4069 
4070  DetectAddressHeadFree(gh);
4071  }
4072  return result;
4073 }
4074 
4075 static int AddressTestAddressGroupSetup36 (void)
4076 {
4077  int result = 0;
4078 
4079  DetectAddressHead *gh = DetectAddressHeadInit();
4080  if (gh != NULL) {
4081  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4082  if (r == 1)
4083  result = 1;
4084 
4085  DetectAddressHeadFree(gh);
4086  }
4087  return result;
4088 }
4089 
4090 static int AddressTestAddressGroupSetup37(void)
4091 {
4092  int result = 0;
4093  DetectAddressHead *gh = DetectAddressHeadInit();
4094 
4095  if (gh != NULL) {
4096  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4097  if (r == 0)
4098  result = 1;
4099 
4100  DetectAddressHeadFree(gh);
4101  }
4102  return result;
4103 }
4104 
4105 static int AddressTestAddressGroupSetup38(void)
4106 {
4107  UTHValidateDetectAddressHeadRange expectations[3] = {
4108  { "0.0.0.0", "192.167.255.255" },
4109  { "192.168.14.0", "192.168.14.255" },
4110  { "192.169.0.0", "255.255.255.255" } };
4111  int result = 0;
4112  DetectAddressHead *gh = DetectAddressHeadInit();
4113 
4114  if (gh != NULL) {
4115  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4116  if (r == 1) {
4117  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4118  result = 1;
4119  }
4120 
4121  DetectAddressHeadFree(gh);
4122  }
4123  return result;
4124 }
4125 
4126 static int AddressTestAddressGroupSetup39(void)
4127 {
4128  UTHValidateDetectAddressHeadRange expectations[3] = {
4129  { "0.0.0.0", "192.167.255.255" },
4130  { "192.168.14.0", "192.168.14.255" },
4131  { "192.169.0.0", "255.255.255.255" } };
4132  int result = 0;
4133  DetectAddressHead *gh = DetectAddressHeadInit();
4134 
4135  if (gh != NULL) {
4136  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4137  if (r == 1) {
4138  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4139  result = 1;
4140  }
4141 
4142  DetectAddressHeadFree(gh);
4143  }
4144  return result;
4145 }
4146 
4147 static int AddressTestAddressGroupSetup40(void)
4148 {
4149  UTHValidateDetectAddressHeadRange expectations[3] = {
4150  { "0.0.0.0", "192.167.255.255" },
4151  { "192.168.14.0", "192.168.14.255" },
4152  { "192.169.0.0", "255.255.255.255" } };
4153  int result = 0;
4154  DetectAddressHead *gh = DetectAddressHeadInit();
4155  if (gh != NULL) {
4156  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4157  if (r == 1) {
4158  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4159  result = 1;
4160  }
4161 
4162  DetectAddressHeadFree(gh);
4163  }
4164  return result;
4165 }
4166 
4167 static int AddressTestAddressGroupSetup41(void)
4168 {
4169  UTHValidateDetectAddressHeadRange expectations[3] = {
4170  { "0.0.0.0", "192.167.255.255" },
4171  { "192.168.14.0", "192.168.14.255" },
4172  { "192.169.0.0", "255.255.255.255" } };
4173  int result = 0;
4174  DetectAddressHead *gh = DetectAddressHeadInit();
4175  if (gh != NULL) {
4176  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4177  if (r == 1) {
4178  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4179  result = 1;
4180  }
4181 
4182  DetectAddressHeadFree(gh);
4183  }
4184  return result;
4185 }
4186 
4187 static int AddressTestAddressGroupSetup42(void)
4188 {
4189  UTHValidateDetectAddressHeadRange expectations[1] = {
4190  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4191  int result = 0;
4192  DetectAddressHead *gh = DetectAddressHeadInit();
4193  if (gh != NULL) {
4194  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4195  if (r == 0) {
4196  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4197  result = 1;
4198  }
4199 
4200  DetectAddressHeadFree(gh);
4201  }
4202  return result;
4203 }
4204 
4205 static int AddressTestAddressGroupSetup43(void)
4206 {
4207  UTHValidateDetectAddressHeadRange expectations[2] = {
4208  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4209  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4210  int result = 0;
4211  DetectAddressHead *gh = DetectAddressHeadInit();
4212  if (gh != NULL) {
4213  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4214  if (r == 1) {
4215  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4216  result = 1;
4217  }
4218 
4219  DetectAddressHeadFree(gh);
4220  }
4221  return result;
4222 }
4223 
4224 static int AddressTestAddressGroupSetup44(void)
4225 {
4226  UTHValidateDetectAddressHeadRange expectations[2] = {
4227  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4228  int result = 0;
4229  DetectAddressHead *gh = DetectAddressHeadInit();
4230  if (gh != NULL) {
4231  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4232  if (r == 0) {
4233  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4234  result = 1;
4235  }
4236 
4237  DetectAddressHeadFree(gh);
4238  }
4239  return result;
4240 }
4241 
4242 static int AddressTestAddressGroupSetup45(void)
4243 {
4244  int result = 0;
4245  DetectAddressHead *gh = DetectAddressHeadInit();
4246  if (gh != NULL) {
4247  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4248  if (r != 0) {
4249  result = 1;
4250  }
4251 
4252  DetectAddressHeadFree(gh);
4253  }
4254  return result;
4255 }
4256 
4257 static int AddressTestAddressGroupSetup46(void)
4258 {
4259  UTHValidateDetectAddressHeadRange expectations[4] = {
4260  { "0.0.0.0", "192.167.255.255" },
4261  { "192.168.1.0", "192.168.1.255" },
4262  { "192.168.3.0", "192.168.3.255" },
4263  { "192.169.0.0", "255.255.255.255" } };
4264  int result = 0;
4265  DetectAddressHead *gh = DetectAddressHeadInit();
4266  if (gh != NULL) {
4267  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4268  if (r == 1) {
4269  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4270  result = 1;
4271  }
4272 
4273  DetectAddressHeadFree(gh);
4274  }
4275  return result;
4276 }
4277 
4278 /** \test net with some negations, then all negated */
4279 static int AddressTestAddressGroupSetup47(void)
4280 {
4281  UTHValidateDetectAddressHeadRange expectations[5] = {
4282  { "0.0.0.0", "192.167.255.255" },
4283  { "192.168.1.0", "192.168.1.255" },
4284  { "192.168.3.0", "192.168.3.255" },
4285  { "192.168.5.0", "192.168.5.255" },
4286  { "192.169.0.0", "255.255.255.255" } };
4287  int result = 0;
4288  DetectAddressHead *gh = DetectAddressHeadInit();
4289  if (gh != NULL) {
4290  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4291  if (r == 1) {
4292  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4293  result = 1;
4294  }
4295 
4296  DetectAddressHeadFree(gh);
4297  }
4298  return result;
4299 }
4300 
4301 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4302 static int AddressTestAddressGroupSetup48(void)
4303 {
4304  UTHValidateDetectAddressHeadRange expectations[4] = {
4305  { "192.168.0.0", "192.168.0.255" },
4306  { "192.168.2.0", "192.168.2.255" },
4307  { "192.168.4.0", "192.168.4.255" },
4308  { "192.168.6.0", "192.168.255.255" } };
4309  int result = 0;
4310  DetectAddressHead *gh = DetectAddressHeadInit();
4311  if (gh != NULL) {
4312  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4313  if (r == 1) {
4314  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4315  result = 1;
4316  }
4317 
4318  DetectAddressHeadFree(gh);
4319  }
4320  return result;
4321 }
4322 
4323 static int AddressTestCutIPv401(void)
4324 {
4325  DetectAddress *a, *b, *c;
4326  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4327  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4328 
4329  if (DetectAddressCut(NULL, a, b, &c) == -1)
4330  goto error;
4331 
4332  DetectAddressFree(a);
4333  DetectAddressFree(b);
4334  DetectAddressFree(c);
4335  return 1;
4336 
4337 error:
4338  DetectAddressFree(a);
4339  DetectAddressFree(b);
4340  DetectAddressFree(c);
4341  return 0;
4342 }
4343 
4344 static int AddressTestCutIPv402(void)
4345 {
4346  DetectAddress *a, *b, *c;
4347  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4348  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4349 
4350  if (DetectAddressCut(NULL, a, b, &c) == -1)
4351  goto error;
4352 
4353  if (c == NULL)
4354  goto error;
4355 
4356  DetectAddressFree(a);
4357  DetectAddressFree(b);
4358  DetectAddressFree(c);
4359  return 1;
4360 
4361 error:
4362  DetectAddressFree(a);
4363  DetectAddressFree(b);
4364  DetectAddressFree(c);
4365  return 0;
4366 }
4367 
4368 static int AddressTestCutIPv403(void)
4369 {
4370  DetectAddress *a, *b, *c;
4371  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4372  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4373 
4374  if (DetectAddressCut(NULL, a, b, &c) == -1)
4375  goto error;
4376 
4377  if (c == NULL)
4378  goto error;
4379 
4380  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4381  goto error;
4382  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4383  goto error;
4384  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4385  goto error;
4386 
4387  DetectAddressFree(a);
4388  DetectAddressFree(b);
4389  DetectAddressFree(c);
4390  return 1;
4391 
4392 error:
4393  DetectAddressFree(a);
4394  DetectAddressFree(b);
4395  DetectAddressFree(c);
4396  return 0;
4397 }
4398 
4399 static int AddressTestCutIPv404(void)
4400 {
4401  DetectAddress *a, *b, *c;
4402  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4403  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4404 
4405  if (DetectAddressCut(NULL, a, b, &c) == -1)
4406  goto error;
4407 
4408  if (c == NULL)
4409  goto error;
4410 
4411  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4412  goto error;
4413  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4414  goto error;
4415  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4416  goto error;
4417 
4418 
4419  DetectAddressFree(a);
4420  DetectAddressFree(b);
4421  DetectAddressFree(c);
4422  return 1;
4423 
4424 error:
4425  DetectAddressFree(a);
4426  DetectAddressFree(b);
4427  DetectAddressFree(c);
4428  return 0;
4429 }
4430 
4431 static int AddressTestCutIPv405(void)
4432 {
4433  DetectAddress *a, *b, *c;
4434  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4435  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4436 
4437  if (DetectAddressCut(NULL, a, b, &c) == -1)
4438  goto error;
4439 
4440  if (c == NULL)
4441  goto error;
4442 
4443  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4444  goto error;
4445  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4446  goto error;
4447  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4448  goto error;
4449 
4450  DetectAddressFree(a);
4451  DetectAddressFree(b);
4452  DetectAddressFree(c);
4453  return 1;
4454 
4455 error:
4456  DetectAddressFree(a);
4457  DetectAddressFree(b);
4458  DetectAddressFree(c);
4459  return 0;
4460 }
4461 
4462 static int AddressTestCutIPv406(void)
4463 {
4464  DetectAddress *a, *b, *c;
4465  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4466  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4467 
4468  if (DetectAddressCut(NULL, a, b, &c) == -1)
4469  goto error;
4470 
4471  if (c == NULL)
4472  goto error;
4473 
4474  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4475  goto error;
4476  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4477  goto error;
4478  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4479  goto error;
4480 
4481  DetectAddressFree(a);
4482  DetectAddressFree(b);
4483  DetectAddressFree(c);
4484  return 1;
4485 
4486 error:
4487  DetectAddressFree(a);
4488  DetectAddressFree(b);
4489  DetectAddressFree(c);
4490  return 0;
4491 }
4492 
4493 static int AddressTestCutIPv407(void)
4494 {
4495  DetectAddress *a, *b, *c;
4496  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4497  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4498 
4499  if (DetectAddressCut(NULL, a, b, &c) == -1)
4500  goto error;
4501 
4502  if (c != NULL)
4503  goto error;
4504 
4505  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4506  goto error;
4507  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4508  goto error;
4509 
4510  DetectAddressFree(a);
4511  DetectAddressFree(b);
4512  DetectAddressFree(c);
4513  return 1;
4514 
4515 error:
4516  DetectAddressFree(a);
4517  DetectAddressFree(b);
4518  DetectAddressFree(c);
4519  return 0;
4520 }
4521 
4522 static int AddressTestCutIPv408(void)
4523 {
4524  DetectAddress *a, *b, *c;
4525  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4526  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4527 
4528  if (DetectAddressCut(NULL, a, b, &c) == -1)
4529  goto error;
4530 
4531  if (c != NULL)
4532  goto error;
4533 
4534  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4535  goto error;
4536  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4537  goto error;
4538 
4539  DetectAddressFree(a);
4540  DetectAddressFree(b);
4541  DetectAddressFree(c);
4542  return 1;
4543 
4544 error:
4545  DetectAddressFree(a);
4546  DetectAddressFree(b);
4547  DetectAddressFree(c);
4548  return 0;
4549 }
4550 
4551 static int AddressTestCutIPv409(void)
4552 {
4553  DetectAddress *a, *b, *c;
4554  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4555  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4556 
4557  if (DetectAddressCut(NULL, a, b, &c) == -1)
4558  goto error;
4559 
4560  if (c != NULL)
4561  goto error;
4562 
4563  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4564  goto error;
4565  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4566  goto error;
4567 
4568  DetectAddressFree(a);
4569  DetectAddressFree(b);
4570  DetectAddressFree(c);
4571  return 1;
4572 
4573 error:
4574  DetectAddressFree(a);
4575  DetectAddressFree(b);
4576  DetectAddressFree(c);
4577  return 0;
4578 }
4579 
4580 static int AddressTestCutIPv410(void)
4581 {
4582  DetectAddress *a, *b, *c;
4583  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4584  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4585 
4586  if (DetectAddressCut(NULL, a, b, &c) == -1)
4587  goto error;
4588 
4589  if (c != NULL)
4590  goto error;
4591 
4592  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4593  goto error;
4594  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4595  goto error;
4596 
4597  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4598 
4599  DetectAddressFree(a);
4600  DetectAddressFree(b);
4601  DetectAddressFree(c);
4602  return 1;
4603 
4604 error:
4605  DetectAddressFree(a);
4606  DetectAddressFree(b);
4607  DetectAddressFree(c);
4608  return 0;
4609 }
4610 
4611 static int AddressTestParseInvalidMask01(void)
4612 {
4613  int result = 1;
4614  DetectAddress *dd = NULL;
4615 
4616  dd = DetectAddressParseSingle("192.168.2.0/33");
4617  if (dd != NULL) {
4618  DetectAddressFree(dd);
4619  result = 0;
4620  }
4621  return result;
4622 }
4623 
4624 static int AddressTestParseInvalidMask02(void)
4625 {
4626  int result = 1;
4627  DetectAddress *dd = NULL;
4628 
4629  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4630  if (dd != NULL) {
4631  DetectAddressFree(dd);
4632  result = 0;
4633  }
4634  return result;
4635 }
4636 
4637 static int AddressTestParseInvalidMask03(void)
4638 {
4639  int result = 1;
4640  DetectAddress *dd = NULL;
4641 
4642  dd = DetectAddressParseSingle("192.168.2.0/blue");
4643  if (dd != NULL) {
4644  DetectAddressFree(dd);
4645  result = 0;
4646  }
4647  return result;
4648 }
4649 
4650 static int AddressConfVarsTest01(void)
4651 {
4652  static const char *dummy_conf_string =
4653  "%YAML 1.1\n"
4654  "---\n"
4655  "\n"
4656  "vars:\n"
4657  "\n"
4658  " address-groups:\n"
4659  "\n"
4660  " HOME_NET: \"any\"\n"
4661  "\n"
4662  " EXTERNAL_NET: \"!any\"\n"
4663  "\n"
4664  " port-groups:\n"
4665  "\n"
4666  " HTTP_PORTS: \"any\"\n"
4667  "\n"
4668  " SHELLCODE_PORTS: \"!any\"\n"
4669  "\n";
4670 
4671  int result = 0;
4672 
4673  ConfCreateContextBackup();
4674  ConfInit();
4675  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4676 
4677  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4678  result = 1;
4679 
4680  ConfDeInit();
4681  ConfRestoreContextBackup();
4682 
4683  return result;
4684 }
4685 
4686 static int AddressConfVarsTest02(void)
4687 {
4688  static const char *dummy_conf_string =
4689  "%YAML 1.1\n"
4690  "---\n"
4691  "\n"
4692  "vars:\n"
4693  "\n"
4694  " address-groups:\n"
4695  "\n"
4696  " HOME_NET: \"any\"\n"
4697  "\n"
4698  " EXTERNAL_NET: \"any\"\n"
4699  "\n"
4700  " port-groups:\n"
4701  "\n"
4702  " HTTP_PORTS: \"any\"\n"
4703  "\n"
4704  " SHELLCODE_PORTS: \"!any\"\n"
4705  "\n";
4706 
4707  int result = 0;
4708 
4709  ConfCreateContextBackup();
4710  ConfInit();
4711  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4712 
4713  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4714  result = 1;
4715 
4716  ConfDeInit();
4717  ConfRestoreContextBackup();
4718 
4719  return result;
4720 }
4721 
4722 static int AddressConfVarsTest03(void)
4723 {
4724  static const char *dummy_conf_string =
4725  "%YAML 1.1\n"
4726  "---\n"
4727  "\n"
4728  "vars:\n"
4729  "\n"
4730  " address-groups:\n"
4731  "\n"
4732  " HOME_NET: \"any\"\n"
4733  "\n"
4734  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4735  "\n"
4736  " port-groups:\n"
4737  "\n"
4738  " HTTP_PORTS: \"any\"\n"
4739  "\n"
4740  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4741  "\n";
4742 
4743  int result = 0;
4744 
4745  ConfCreateContextBackup();
4746  ConfInit();
4747  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4748 
4749  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4750  result = 1;
4751 
4752  ConfDeInit();
4753  ConfRestoreContextBackup();
4754 
4755  return result;
4756 }
4757 
4758 static int AddressConfVarsTest04(void)
4759 {
4760  static const char *dummy_conf_string =
4761  "%YAML 1.1\n"
4762  "---\n"
4763  "\n"
4764  "vars:\n"
4765  "\n"
4766  " address-groups:\n"
4767  "\n"
4768  " HOME_NET: \"any\"\n"
4769  "\n"
4770  " EXTERNAL_NET: \"$HOME_NET\"\n"
4771  "\n"
4772  " port-groups:\n"
4773  "\n"
4774  " HTTP_PORTS: \"any\"\n"
4775  "\n"
4776  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4777  "\n";
4778 
4779  int result = 0;
4780 
4781  ConfCreateContextBackup();
4782  ConfInit();
4783  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4784 
4785  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4786  result = 1;
4787 
4788  ConfDeInit();
4789  ConfRestoreContextBackup();
4790 
4791  return result;
4792 }
4793 
4794 static int AddressConfVarsTest05(void)
4795 {
4796  static const char *dummy_conf_string =
4797  "%YAML 1.1\n"
4798  "---\n"
4799  "\n"
4800  "vars:\n"
4801  "\n"
4802  " address-groups:\n"
4803  "\n"
4804  " HOME_NET: \"any\"\n"
4805  "\n"
4806  " EXTERNAL_NET: [192.168.0.1]\n"
4807  "\n"
4808  " port-groups:\n"
4809  "\n"
4810  " HTTP_PORTS: \"any\"\n"
4811  "\n"
4812  " SHELLCODE_PORTS: [80]\n"
4813  "\n";
4814 
4815  int result = 0;
4816 
4817  ConfCreateContextBackup();
4818  ConfInit();
4819  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4820 
4821  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4822  goto end;
4823 
4824  result = 1;
4825 
4826  end:
4827  ConfDeInit();
4828  ConfRestoreContextBackup();
4829 
4830  return result;
4831 }
4832 
4833 #endif /* UNITTESTS */
4834 
4835 void DetectAddressTests(void)
4836 {
4837 #ifdef UNITTESTS
4838  DetectAddressIPv4Tests();
4839  DetectAddressIPv6Tests();
4840 
4841  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4842  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4843  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4844  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4845  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4846  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4847  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4848  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4849  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4850  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4851  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4852  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4853  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4854  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4855  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4856  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4857  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4858  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4859  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4860  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4861  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4862  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4863  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4864  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4865  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4866  UtRegisterTest("AddressTestParse26", AddressTestParse26);
4867  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4868  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4869  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4870  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4871  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4872  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4873  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4874  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4875  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4876  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4877  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4878 
4879  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4880  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4881  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4882  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4883  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4884  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4885  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4886  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4887  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4888  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4889  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4890 
4891  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4892  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4893  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4894  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4895  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4896  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4897  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4898  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4899 
4900  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4901  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
4902  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
4903  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
4904  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
4905  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
4906 
4907  UtRegisterTest("AddressTestAddressGroupSetup01",
4908  AddressTestAddressGroupSetup01);
4909  UtRegisterTest("AddressTestAddressGroupSetup02",
4910  AddressTestAddressGroupSetup02);
4911  UtRegisterTest("AddressTestAddressGroupSetup03",
4912  AddressTestAddressGroupSetup03);
4913  UtRegisterTest("AddressTestAddressGroupSetup04",
4914  AddressTestAddressGroupSetup04);
4915  UtRegisterTest("AddressTestAddressGroupSetup05",
4916  AddressTestAddressGroupSetup05);
4917  UtRegisterTest("AddressTestAddressGroupSetup06",
4918  AddressTestAddressGroupSetup06);
4919  UtRegisterTest("AddressTestAddressGroupSetup07",
4920  AddressTestAddressGroupSetup07);
4921  UtRegisterTest("AddressTestAddressGroupSetup08",
4922  AddressTestAddressGroupSetup08);
4923  UtRegisterTest("AddressTestAddressGroupSetup09",
4924  AddressTestAddressGroupSetup09);
4925  UtRegisterTest("AddressTestAddressGroupSetup10",
4926  AddressTestAddressGroupSetup10);
4927  UtRegisterTest("AddressTestAddressGroupSetup11",
4928  AddressTestAddressGroupSetup11);
4929  UtRegisterTest("AddressTestAddressGroupSetup12",
4930  AddressTestAddressGroupSetup12);
4931  UtRegisterTest("AddressTestAddressGroupSetup13",
4932  AddressTestAddressGroupSetup13);
4933  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
4934  AddressTestAddressGroupSetupIPv414);
4935  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
4936  AddressTestAddressGroupSetupIPv415);
4937  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
4938  AddressTestAddressGroupSetupIPv416);
4939 
4940  UtRegisterTest("AddressTestAddressGroupSetup14",
4941  AddressTestAddressGroupSetup14);
4942  UtRegisterTest("AddressTestAddressGroupSetup15",
4943  AddressTestAddressGroupSetup15);
4944  UtRegisterTest("AddressTestAddressGroupSetup16",
4945  AddressTestAddressGroupSetup16);
4946  UtRegisterTest("AddressTestAddressGroupSetup17",
4947  AddressTestAddressGroupSetup17);
4948  UtRegisterTest("AddressTestAddressGroupSetup18",
4949  AddressTestAddressGroupSetup18);
4950  UtRegisterTest("AddressTestAddressGroupSetup19",
4951  AddressTestAddressGroupSetup19);
4952  UtRegisterTest("AddressTestAddressGroupSetup20",
4953  AddressTestAddressGroupSetup20);
4954  UtRegisterTest("AddressTestAddressGroupSetup21",
4955  AddressTestAddressGroupSetup21);
4956  UtRegisterTest("AddressTestAddressGroupSetup22",
4957  AddressTestAddressGroupSetup22);
4958  UtRegisterTest("AddressTestAddressGroupSetup23",
4959  AddressTestAddressGroupSetup23);
4960  UtRegisterTest("AddressTestAddressGroupSetup24",
4961  AddressTestAddressGroupSetup24);
4962  UtRegisterTest("AddressTestAddressGroupSetup25",
4963  AddressTestAddressGroupSetup25);
4964  UtRegisterTest("AddressTestAddressGroupSetup26",
4965  AddressTestAddressGroupSetup26);
4966 
4967  UtRegisterTest("AddressTestAddressGroupSetup27",
4968  AddressTestAddressGroupSetup27);
4969  UtRegisterTest("AddressTestAddressGroupSetup28",
4970  AddressTestAddressGroupSetup28);
4971  UtRegisterTest("AddressTestAddressGroupSetup29",
4972  AddressTestAddressGroupSetup29);
4973  UtRegisterTest("AddressTestAddressGroupSetup30",
4974  AddressTestAddressGroupSetup30);
4975  UtRegisterTest("AddressTestAddressGroupSetup31",
4976  AddressTestAddressGroupSetup31);
4977  UtRegisterTest("AddressTestAddressGroupSetup32",
4978  AddressTestAddressGroupSetup32);
4979  UtRegisterTest("AddressTestAddressGroupSetup33",
4980  AddressTestAddressGroupSetup33);
4981  UtRegisterTest("AddressTestAddressGroupSetup34",
4982  AddressTestAddressGroupSetup34);
4983  UtRegisterTest("AddressTestAddressGroupSetup35",
4984  AddressTestAddressGroupSetup35);
4985  UtRegisterTest("AddressTestAddressGroupSetup36",
4986  AddressTestAddressGroupSetup36);
4987  UtRegisterTest("AddressTestAddressGroupSetup37",
4988  AddressTestAddressGroupSetup37);
4989  UtRegisterTest("AddressTestAddressGroupSetup38",
4990  AddressTestAddressGroupSetup38);
4991  UtRegisterTest("AddressTestAddressGroupSetup39",
4992  AddressTestAddressGroupSetup39);
4993  UtRegisterTest("AddressTestAddressGroupSetup40",
4994  AddressTestAddressGroupSetup40);
4995  UtRegisterTest("AddressTestAddressGroupSetup41",
4996  AddressTestAddressGroupSetup41);
4997  UtRegisterTest("AddressTestAddressGroupSetup42",
4998  AddressTestAddressGroupSetup42);
4999  UtRegisterTest("AddressTestAddressGroupSetup43",
5000  AddressTestAddressGroupSetup43);
5001  UtRegisterTest("AddressTestAddressGroupSetup44",
5002  AddressTestAddressGroupSetup44);
5003  UtRegisterTest("AddressTestAddressGroupSetup45",
5004  AddressTestAddressGroupSetup45);
5005  UtRegisterTest("AddressTestAddressGroupSetup46",
5006  AddressTestAddressGroupSetup46);
5007  UtRegisterTest("AddressTestAddressGroupSetup47",
5008  AddressTestAddressGroupSetup47);
5009  UtRegisterTest("AddressTestAddressGroupSetup48",
5010  AddressTestAddressGroupSetup48);
5011 
5012  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5013  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5014  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5015  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5016  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5017  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5018  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5019  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5020  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5021  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5022 
5023  UtRegisterTest("AddressTestParseInvalidMask01",
5024  AddressTestParseInvalidMask01);
5025  UtRegisterTest("AddressTestParseInvalidMask02",
5026  AddressTestParseInvalidMask02);
5027  UtRegisterTest("AddressTestParseInvalidMask03",
5028  AddressTestParseInvalidMask03);
5029 
5030  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5031  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5032  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5033  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5034  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5035 #endif /* UNITTESTS */
5036 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:363
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:128
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:141
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:78
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1406
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1307
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1600
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:139
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
DetectAddressHead_
Definition: detect.h:154
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1485
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1353
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:767
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
Address_
Definition: decode.h:116
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1165
util-var.h
DetectMatchAddressIPv4_::ip
uint32_t ip
Definition: detect.h:161
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1814
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:124
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:148
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:123
DetectMatchAddressIPv6_::ip2
uint32_t ip2[4]
Definition: detect.h:167
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:129
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:125
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1897
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:271
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:463
DetectAddress_::ip2
Address ip2
Definition: detect.h:142
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1042
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:698
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
Flow_::next
struct Flow_ * next
Definition: flow.h:394
DetectAddressMap_
Definition: detect-engine-address.c:1304
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:156
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1634
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:919
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:710
DetectMatchAddressIPv4_::ip2
uint32_t ip2
Definition: detect.h:162
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:130
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
DetectMatchAddressIPv6_::ip
uint32_t ip[4]
Definition: detect.h:166
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1342
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:178
str
#define str(s)
Definition: suricata-common.h:273
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1896
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1306
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:397
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:723
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:150
DetectMatchAddressIPv6_
Definition: detect.h:165
DetectMatchAddressIPv4_
Definition: detect.h:160
Address_::address
union Address_::@39 address
Address_::family
char family
Definition: decode.h:117
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1446
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1893
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1898
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:131
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:126
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:145
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1573
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:127
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:155
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, uint16_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1305
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:65
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1226
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162