suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
99  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
114  DetectAddressHeadCleanup(gh);
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
128 DetectAddress *DetectAddressCopy(DetectAddress *orig)
129 {
130  DetectAddress *ag = DetectAddressInit();
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 /**
141  * \internal
142  * \brief Frees a list of DetectAddress instances.
143  *
144  * \param head Pointer to a list of DetectAddress instances to be freed.
145  */
146 static void DetectAddressCleanupList(DetectAddress *head)
147 {
148  for (DetectAddress *cur = head; cur != NULL; ) {
149  DetectAddress *next = cur->next;
150  cur->next = NULL;
151  DetectAddressFree(cur);
152  cur = next;
153  }
154 }
155 
156 /**
157  * \internal
158  * \brief Helper function for DetectAddressInsert. Sets one of the
159  * DetectAddressHead head pointers, to the DetectAddress argument
160  * based on its address family.
161  *
162  * \param gh Pointer to the DetectAddressHead.
163  * \param newhead Pointer to the DetectAddress.
164  *
165  * \retval 0 On success.
166  * \retval -1 On failure.
167  */
168 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
169 {
170  if (newhead->ip.family == AF_INET) {
171  gh->ipv4_head = newhead;
172  } else if (newhead->ip.family == AF_INET6) {
173  gh->ipv6_head = newhead;
174  } else {
175  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
176  return -1;
177  }
178 
179  return 0;
180 }
181 
182 /**
183  * \internal
184  * \brief Returns the DetectAddress head from the DetectAddressHeads,
185  * based on the address family of the incoming DetectAddress arg.
186  *
187  * \param gh Pointer to the DetectAddressHead.
188  * \param new Pointer to the DetectAddress.
189  *
190  * \retval head Pointer to the DetectAddress(the head from
191  * DetectAddressHead).
192  */
193 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
194 {
195  DetectAddress *head = NULL;
196 
197  if (new->ip.family == AF_INET)
198  head = gh->ipv4_head;
199  else if (new->ip.family == AF_INET6)
200  head = gh->ipv6_head;
201 
202  return head;
203 }
204 
205 /**
206  * \internal
207  * \brief insert DetectAddress into a DetectAddressHead
208  *
209  * \param de_ctx Pointer to the detection engine context.
210  * \param gh Pointer to the DetectAddressHead list to which it has to
211  * be inserted.
212  * \param new Pointer to the DetectAddress, that has to be inserted.
213  *
214  * \retval 1 On successfully inserting it.
215  * \retval -1 On error.
216  * \retval 0 Not inserted, memory of new is freed.
217  */
218 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
219  DetectAddress *new)
220 {
221  DetectAddress *head = NULL;
222  DetectAddress *cur = NULL;
223  DetectAddress *c = NULL;
224  int r = 0;
225 
226  if (new == NULL)
227  return 0;
228 
229  /* get our head ptr based on the address we want to insert */
230  head = GetHeadPtr(gh, new);
231 
232  /* see if it already exists or overlaps with existing ag's */
233  if (head != NULL) {
234  cur = NULL;
235 
236  for (cur = head; cur != NULL; cur = cur->next) {
237  r = DetectAddressCmp(new, cur);
238  BUG_ON(r == ADDRESS_ER);
239 
240  /* if so, handle that */
241  if (r == ADDRESS_EQ) {
242  /* exact overlap/match */
243  if (cur != new) {
244  DetectAddressFree(new);
245  return 0;
246  }
247 
248  return 1;
249  } else if (r == ADDRESS_GT) {
250  /* only add it now if we are bigger than the last group.
251  * Otherwise we'll handle it later. */
252  if (cur->next == NULL) {
253  /* put in the list */
254  new->prev = cur;
255  cur->next = new;
256 
257  return 1;
258  }
259  } else if (r == ADDRESS_LT) {
260  /* see if we need to insert the ag anywhere put in the list */
261  if (cur->prev != NULL)
262  cur->prev->next = new;
263  new->prev = cur->prev;
264  new->next = cur;
265  cur->prev = new;
266 
267  /* update head if required */
268  if (head == cur) {
269  head = new;
270 
271  if (SetHeadPtr(gh, head) < 0)
272  goto error;
273  }
274 
275  return 1;
276  /* alright, those were the simple cases, lets handle the more
277  * complex ones now */
278  } else if (r == ADDRESS_ES) {
279  c = NULL;
280  r = DetectAddressCut(de_ctx, cur, new, &c);
281  if (r == -1)
282  goto error;
283 
284  DetectAddressInsert(de_ctx, gh, new);
285  if (c != NULL)
286  DetectAddressInsert(de_ctx, gh, c);
287 
288  return 1;
289  } else if (r == ADDRESS_EB) {
290  c = NULL;
291  r = DetectAddressCut(de_ctx, cur, new, &c);
292  if (r == -1)
293  goto error;
294 
295  DetectAddressInsert(de_ctx, gh, new);
296  if (c != NULL)
297  DetectAddressInsert(de_ctx, gh, c);
298 
299  return 1;
300  } else if (r == ADDRESS_LE) {
301  c = NULL;
302  r = DetectAddressCut(de_ctx, cur, new, &c);
303  if (r == -1)
304  goto error;
305 
306  DetectAddressInsert(de_ctx, gh, new);
307  if (c != NULL)
308  DetectAddressInsert(de_ctx, gh, c);
309 
310  return 1;
311  } else if (r == ADDRESS_GE) {
312  c = NULL;
313  r = DetectAddressCut(de_ctx, cur,new,&c);
314  if (r == -1)
315  goto error;
316 
317  DetectAddressInsert(de_ctx, gh, new);
318  if (c != NULL)
319  DetectAddressInsert(de_ctx, gh, c);
320 
321  return 1;
322  }
323  }
324 
325  /* head is NULL, so get a group and set head to it */
326  } else {
327  head = new;
328  if (SetHeadPtr(gh, head) < 0) {
329  SCLogDebug("SetHeadPtr failed");
330  goto error;
331  }
332  }
333 
334  return 1;
335 
336 error:
337  /* XXX */
338  return -1;
339 }
340 
341 /**
342  * \brief Checks if two address group lists are equal.
343  *
344  * \param list1 Pointer to the first address group list.
345  * \param list2 Pointer to the second address group list.
346  *
347  * \retval true On success.
348  * \retval false On failure.
349  */
350 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
351 {
352  DetectAddress *item = list1;
353  DetectAddress *it = list2;
354 
355  // First, compare items one by one.
356  while (item != NULL && it != NULL) {
357  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
358  return false;
359  }
360 
361  item = item->next;
362  it = it->next;
363  }
364 
365  // Are the lists of the same size?
366  if (!(item == NULL && it == NULL)) {
367  return false;
368  }
369 
370  return true;
371 }
372 
373 /**
374  * \internal
375  * \brief Parses an ipv4/ipv6 address string and updates the result into the
376  * DetectAddress instance sent as the argument.
377  *
378  * \param dd Pointer to the DetectAddress instance which should be updated with
379  * the address range details from the parsed ip string.
380  * \param str Pointer to address string that has to be parsed.
381  *
382  * \retval 0 On successfully parsing the address string.
383  * \retval -1 On failure.
384  */
385 static int DetectAddressParseString(DetectAddress *dd, const char *str)
386 {
387  char *ip = NULL;
388  char *ip2 = NULL;
389  char *mask = NULL;
390  int r = 0;
391  char ipstr[256];
392 
393  /* shouldn't see 'any' here */
394  BUG_ON(strcasecmp(str, "any") == 0);
395 
396  strlcpy(ipstr, str, sizeof(ipstr));
397  SCLogDebug("str %s", str);
398 
399  /* we work with a copy so that we can put a
400  * nul-termination in it later */
401  ip = ipstr;
402 
403  /* handle the negation case */
404  if (ip[0] == '!') {
405  dd->flags |= ADDRESS_FLAG_NOT;
406  ip++;
407  }
408 
409  /* see if the address is an ipv4 or ipv6 address */
410  if ((strchr(str, ':')) == NULL) {
411  /* IPv4 Address */
412  struct in_addr in;
413 
414  dd->ip.family = AF_INET;
415 
416  if ((mask = strchr(ip, '/')) != NULL) {
417  /* 1.2.3.4/xxx format (either dotted or cidr notation */
418  ip[mask - ip] = '\0';
419  mask++;
420  uint32_t ip4addr = 0;
421  uint32_t netmask = 0;
422 
423  if ((strchr (mask, '.')) == NULL) {
424  /* 1.2.3.4/24 format */
425 
426  for (size_t u = 0; u < strlen(mask); u++) {
427  if(!isdigit((unsigned char)mask[u]))
428  goto error;
429  }
430 
431  int cidr;
432  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
433  goto error;
434  netmask = CIDRGet(cidr);
435  } else {
436  /* 1.2.3.4/255.255.255.0 format */
437  r = inet_pton(AF_INET, mask, &in);
438  if (r <= 0)
439  goto error;
440 
441  netmask = in.s_addr;
442 
443  /* validate netmask */
444  int cidr = CIDRFromMask(netmask);
445  if (cidr < 0) {
446  SCLogError(
447  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
448  "CIDR notation are supported. See ticket #5168.",
449  mask);
450  goto error;
451  }
452  }
453 
454  r = inet_pton(AF_INET, ip, &in);
455  if (r <= 0)
456  goto error;
457 
458  ip4addr = in.s_addr;
459 
460  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
461  dd->ip2.addr_data32[0] |=~ netmask;
462  } else if ((ip2 = strchr(ip, '-')) != NULL) {
463  /* 1.2.3.4-1.2.3.6 range format */
464  ip[ip2 - ip] = '\0';
465  ip2++;
466 
467  r = inet_pton(AF_INET, ip, &in);
468  if (r <= 0)
469  goto error;
470  dd->ip.addr_data32[0] = in.s_addr;
471 
472  r = inet_pton(AF_INET, ip2, &in);
473  if (r <= 0)
474  goto error;
475  dd->ip2.addr_data32[0] = in.s_addr;
476 
477  /* a > b is illegal, a = b is ok */
478  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
479  goto error;
480  } else {
481  /* 1.2.3.4 format */
482  r = inet_pton(AF_INET, ip, &in);
483  if (r <= 0)
484  goto error;
485  /* single host */
486  dd->ip.addr_data32[0] = in.s_addr;
487  dd->ip2.addr_data32[0] = in.s_addr;
488  }
489  } else {
490  /* IPv6 Address */
491  struct in6_addr in6, mask6;
492  uint32_t ip6addr[4], netmask[4];
493 
494  dd->ip.family = AF_INET6;
495 
496  if ((mask = strchr(ip, '/')) != NULL) {
497  ip[mask - ip] = '\0';
498  mask++;
499 
500  int cidr;
501  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
502  goto error;
503 
504  r = inet_pton(AF_INET6, ip, &in6);
505  if (r <= 0)
506  goto error;
507  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
508 
509  CIDRGetIPv6(cidr, &mask6);
510  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
511 
512  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
513  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
514  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
515  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
516 
517  dd->ip2.addr_data32[0] |=~ netmask[0];
518  dd->ip2.addr_data32[1] |=~ netmask[1];
519  dd->ip2.addr_data32[2] |=~ netmask[2];
520  dd->ip2.addr_data32[3] |=~ netmask[3];
521  } else if ((ip2 = strchr(ip, '-')) != NULL) {
522  /* 2001::1-2001::4 range format */
523  ip[ip2 - ip] = '\0';
524  ip2++;
525 
526  r = inet_pton(AF_INET6, ip, &in6);
527  if (r <= 0)
528  goto error;
529  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
530 
531  r = inet_pton(AF_INET6, ip2, &in6);
532  if (r <= 0)
533  goto error;
534  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
535 
536  /* a > b is illegal, a=b is ok */
537  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
538  goto error;
539  } else {
540  r = inet_pton(AF_INET6, ip, &in6);
541  if (r <= 0)
542  goto error;
543 
544  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
545  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
546  }
547 
548  }
549 
550  BUG_ON(dd->ip.family == 0);
551 
552  return 0;
553 
554 error:
555  return -1;
556 }
557 
558 /**
559  * \internal
560  * \brief Simply parse an address and return a DetectAddress instance containing
561  * the address ranges of the parsed ip addressstring
562  *
563  * \param str Pointer to a character string containing the ip address
564  *
565  * \retval dd Pointer to the DetectAddress instance containing the address
566  * range details from the parsed ip string
567  */
568 static DetectAddress *DetectAddressParseSingle(const char *str)
569 {
570  SCLogDebug("str %s", str);
571 
572  DetectAddress *dd = DetectAddressInit();
573  if (dd == NULL)
574  return NULL;
575 
576  if (DetectAddressParseString(dd, str) < 0) {
577  SCLogDebug("AddressParse failed");
578  DetectAddressFree(dd);
579  return NULL;
580  }
581 
582  return dd;
583 }
584 
585 /**
586  * \brief Setup a single address string, parse it and add the resulting
587  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
588  *
589  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
590  * resulting Address-Range(s) from the parsed ip string has to
591  * be added.
592  * \param s Pointer to the ip address string to be parsed.
593  *
594  * \retval 0 On success.
595  * \retval -1 On failure.
596  */
597 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
598 {
599  SCLogDebug("gh %p, s %s", gh, s);
600 
601  while (*s != '\0' && isspace(*s))
602  s++;
603 
604  if (strcasecmp(s, "any") == 0) {
605  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
606 
607  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
608  if (ad == NULL)
609  return -1;
610 
611  BUG_ON(ad->ip.family == 0);
612 
613  if (DetectAddressInsert(NULL, gh, ad) < 0) {
614  SCLogDebug("DetectAddressInsert failed");
615  DetectAddressFree(ad);
616  return -1;
617  }
618 
619  ad = DetectAddressParseSingle("::/0");
620  if (ad == NULL)
621  return -1;
622 
623  BUG_ON(ad->ip.family == 0);
624 
625  if (DetectAddressInsert(NULL, gh, ad) < 0) {
626  SCLogDebug("DetectAddressInsert failed");
627  DetectAddressFree(ad);
628  return -1;
629  }
630  return 0;
631  }
632 
633  /* parse the address */
634  DetectAddress *ad = DetectAddressParseSingle(s);
635  if (ad == NULL) {
636  SCLogError("failed to parse address \"%s\"", s);
637  return -1;
638  }
639 
640  /* handle the not case, we apply the negation then insert the part(s) */
641  if (ad->flags & ADDRESS_FLAG_NOT) {
642  DetectAddress *ad2 = NULL;
643 
644  if (DetectAddressCutNot(ad, &ad2) < 0) {
645  SCLogDebug("DetectAddressCutNot failed");
646  DetectAddressFree(ad);
647  return -1;
648  }
649 
650  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
651  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
652  if (ad2 != NULL) {
653  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
654  SCLogDebug("DetectAddressInsert failed");
655  DetectAddressFree(ad);
656  DetectAddressFree(ad2);
657  return -1;
658  }
659  }
660  }
661 
662  int r = DetectAddressInsert(NULL, gh, ad);
663  if (r < 0) {
664  SCLogDebug("DetectAddressInsert failed");
665  DetectAddressFree(ad);
666  return -1;
667  }
668  SCLogDebug("r %d",r);
669  return 0;
670 }
671 
672 /**
673  * \brief Parses an address string and updates the 2 address heads with the
674  * address data.
675  *
676  * Note that this function should only be called by the wrapping function
677  * DetectAddressParse2. The wrapping function provides long address handling
678  * when the address size exceeds a threshold value.
679  *
680  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
681  * since we pass around negate without keeping a count of ! with depth.
682  * Can solve this by keeping a count of the negations with depth, so that
683  * an even no of negations would count as no negation and an odd no of
684  * negations would count as a negation.
685  *
686  * \param gh Pointer to the address head that should hold address ranges
687  * that are not negated.
688  * \param ghn Pointer to the address head that should hold address ranges
689  * that are negated.
690  * \param s Pointer to the character string holding the address to be
691  * parsed.
692  * \param negate Flag that indicates if the received address string is negated
693  * or not. 0 if it is not, 1 it it is.
694  *
695  * \retval 0 On successfully parsing.
696  * \retval -1 On failure.
697  */
698 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
699  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
700  int recur, char *address, size_t address_length)
701 {
702  size_t x = 0;
703  size_t u = 0;
704  int o_set = 0, n_set = 0, d_set = 0;
705  int depth = 0;
706  const char *rule_var_address = NULL;
707  char *temp_rule_var_address = NULL;
708 
709  if (++recur > 64) {
710  SCLogError("address block recursion "
711  "limit reached (max 64)");
712  goto error;
713  }
714 
715  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
716 
717  size_t size = strlen(s);
718  for (u = 0, x = 0; u < size && x < address_length; u++) {
719  if (x == (address_length - 1)) {
720  SCLogError("Hit the address buffer"
721  " limit for the supplied address. Invalidating sig. "
722  "Please file a bug report on this.");
723  goto error;
724  }
725  address[x] = s[u];
726  x++;
727 
728  if (!o_set && s[u] == '!') {
729  n_set = 1;
730  x--;
731  } else if (s[u] == '[') {
732  if (!o_set) {
733  o_set = 1;
734  x = 0;
735  }
736  depth++;
737  } else if (s[u] == ']') {
738  if (depth == 1) {
739  address[x - 1] = '\0';
740  x = 0;
741  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
742  if (((negate + n_set) % 2) == 0) {
743  /* normal block */
744  SCLogDebug("normal block");
745 
746  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
747  goto error;
748  } else {
749  /* negated block
750  *
751  * Extra steps are necessary. First consider it as a normal
752  * (non-negated) range. Merge the + and - ranges if
753  * applicable. Then insert the result into the ghn list. */
754  SCLogDebug("negated block");
755 
756  DetectAddressHead tmp_gh = { NULL, NULL };
757  DetectAddressHead tmp_ghn = { NULL, NULL };
758 
759  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
760  DetectAddressHeadCleanup(&tmp_gh);
761  DetectAddressHeadCleanup(&tmp_ghn);
762  goto error;
763  }
764 
765  DetectAddress *tmp_ad;
766  DetectAddress *tmp_ad2;
767 #ifdef DEBUG
768  SCLogDebug("tmp_gh: IPv4");
769  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
770  DetectAddressPrint(tmp_ad);
771  }
772  SCLogDebug("tmp_ghn: IPv4");
773  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
774  DetectAddressPrint(tmp_ad);
775  }
776  SCLogDebug("tmp_gh: IPv6");
777  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
778  DetectAddressPrint(tmp_ad);
779  }
780  SCLogDebug("tmp_ghn: IPv6");
781  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
782  DetectAddressPrint(tmp_ad);
783  }
784 #endif
785  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
786  DetectAddressHeadCleanup(&tmp_ghn);
787  DetectAddressHeadCleanup(&tmp_gh);
788  goto error;
789  }
790  DetectAddressHeadCleanup(&tmp_ghn);
791 
792  SCLogDebug("merged successfully");
793 
794  /* insert the IPv4 addresses into the negated list */
795  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
796  /* work with a copy of the address group */
797  tmp_ad2 = DetectAddressCopy(tmp_ad);
798  if (tmp_ad2 == NULL) {
799  SCLogDebug("DetectAddressCopy failed");
800  DetectAddressHeadCleanup(&tmp_gh);
801  goto error;
802  }
803  DetectAddressPrint(tmp_ad2);
804  DetectAddressInsert(NULL, ghn, tmp_ad2);
805  }
806 
807  /* insert the IPv6 addresses into the negated list */
808  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
809  /* work with a copy of the address group */
810  tmp_ad2 = DetectAddressCopy(tmp_ad);
811  if (tmp_ad2 == NULL) {
812  SCLogDebug("DetectAddressCopy failed");
813  DetectAddressHeadCleanup(&tmp_gh);
814  goto error;
815  }
816  DetectAddressPrint(tmp_ad2);
817  DetectAddressInsert(NULL, ghn, tmp_ad2);
818  }
819 
820  DetectAddressHeadCleanup(&tmp_gh);
821  }
822  n_set = 0;
823  }
824  depth--;
825  } else if (depth == 0 && s[u] == ',') {
826  if (o_set == 1) {
827  o_set = 0;
828  } else if (d_set == 1) {
829  address[x - 1] = '\0';
830 
831  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
832  SC_RULE_VARS_ADDRESS_GROUPS);
833  if (rule_var_address == NULL)
834  goto error;
835 
836  if (strlen(rule_var_address) == 0) {
837  SCLogError("variable %s resolved "
838  "to nothing. This is likely a misconfiguration. "
839  "Note that a negated address needs to be quoted, "
840  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
841  s);
842  goto error;
843  }
844 
845  SCLogDebug("rule_var_address %s", rule_var_address);
846  if ((negate + n_set) % 2) {
847  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
848  if (unlikely(temp_rule_var_address == NULL))
849  goto error;
850  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
851  "[%s]", rule_var_address);
852  } else {
853  temp_rule_var_address = SCStrdup(rule_var_address);
854  if (unlikely(temp_rule_var_address == NULL))
855  goto error;
856  }
857 
858  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
859  (negate + n_set) % 2, var_list, recur) < 0) {
860  if (temp_rule_var_address != rule_var_address)
861  SCFree(temp_rule_var_address);
862  goto error;
863  }
864  d_set = 0;
865  n_set = 0;
866  SCFree(temp_rule_var_address);
867  } else {
868  address[x - 1] = '\0';
869 
870  if (!((negate + n_set) % 2)) {
871  SCLogDebug("DetectAddressSetup into gh, %s", address);
872  if (DetectAddressSetup(gh, address) < 0)
873  goto error;
874  } else {
875  SCLogDebug("DetectAddressSetup into ghn, %s", address);
876  if (DetectAddressSetup(ghn, address) < 0)
877  goto error;
878  }
879  n_set = 0;
880  }
881  x = 0;
882  } else if (depth == 0 && s[u] == '$') {
883  d_set = 1;
884  } else if (depth == 0 && u == size - 1) {
885  if (x == address_length) {
886  address[x - 1] = '\0';
887  } else {
888  address[x] = '\0';
889  }
890  x = 0;
891 
892  if (AddVariableToResolveList(var_list, address) == -1) {
893  SCLogError("Found a loop in a address "
894  "groups declaration. This is likely a misconfiguration.");
895  goto error;
896  }
897 
898  if (d_set == 1) {
899  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
900  SC_RULE_VARS_ADDRESS_GROUPS);
901  if (rule_var_address == NULL)
902  goto error;
903 
904  if (strlen(rule_var_address) == 0) {
905  SCLogError("variable %s resolved "
906  "to nothing. This is likely a misconfiguration. "
907  "Note that a negated address needs to be quoted, "
908  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
909  s);
910  goto error;
911  }
912 
913  SCLogDebug("rule_var_address %s", rule_var_address);
914  if ((negate + n_set) % 2) {
915  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
916  if (unlikely(temp_rule_var_address == NULL))
917  goto error;
918  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
919  "[%s]", rule_var_address);
920  } else {
921  temp_rule_var_address = SCStrdup(rule_var_address);
922  if (unlikely(temp_rule_var_address == NULL))
923  goto error;
924  }
925 
926  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
927  (negate + n_set) % 2, var_list, recur) < 0) {
928  SCLogDebug("DetectAddressParse2 hates us");
929  if (temp_rule_var_address != rule_var_address)
930  SCFree(temp_rule_var_address);
931  goto error;
932  }
933  d_set = 0;
934  SCFree(temp_rule_var_address);
935  } else {
936  if (!((negate + n_set) % 2)) {
937  SCLogDebug("DetectAddressSetup into gh, %s", address);
938  if (DetectAddressSetup(gh, address) < 0) {
939  SCLogDebug("DetectAddressSetup gh fail");
940  goto error;
941  }
942  } else {
943  SCLogDebug("DetectAddressSetup into ghn, %s", address);
944  if (DetectAddressSetup(ghn, address) < 0) {
945  SCLogDebug("DetectAddressSetup ghn fail");
946  goto error;
947  }
948  }
949  }
950  n_set = 0;
951  }
952  }
953  if (depth > 0) {
954  SCLogError("not every address block was "
955  "properly closed in \"%s\", %d missing closing brackets (]). "
956  "Note: problem might be in a variable.",
957  s, depth);
958  goto error;
959  } else if (depth < 0) {
960  SCLogError("not every address block was "
961  "properly opened in \"%s\", %d missing opening brackets ([). "
962  "Note: problem might be in a variable.",
963  s, depth * -1);
964  goto error;
965  }
966 
967  return 0;
968 
969 error:
970 
971  return -1;
972 }
973 
974 /**
975  * \internal
976  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
977  *
978  * \retval Return value from DetectAddressParseInternal
979  */
980 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
981  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
982  int recur)
983 {
984  int rc;
985 #define MAX_ADDRESS_LENGTH 8192
986 
987  size_t address_length = strlen(s);
988  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
989  char *address = SCCalloc(1, address_length);
990  if (address == NULL) {
991  SCLogError("Unable to allocate"
992  " memory for address parsing.");
993  return -1;
994  }
995  rc = DetectAddressParseInternal(
996  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
997  SCFree(address);
998  } else {
999  char address[MAX_ADDRESS_LENGTH] = "";
1000  rc = DetectAddressParseInternal(
1001  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1002  }
1003  return rc;
1004 }
1005 
1006 /**
1007  * \internal
1008  * \brief See if the addresses and ranges in an address head cover the
1009  * entire ip space.
1010  *
1011  * \param gh Pointer to the DetectAddressHead to check.
1012  *
1013  * \retval 0 No.
1014  * \retval 1 Yes.
1015  *
1016  * \todo do the same for IPv6
1017  */
1018 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1019 {
1020  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1021  if (r == 1)
1022  return 1;
1023 
1024  return 0;
1025 }
1026 
1027 /**
1028  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1029  *
1030  * \param gh Pointer to the address head containing the non-NOT groups.
1031  * \param ghn Pointer to the address head containing the NOT groups.
1032  *
1033  * \retval 0 On success.
1034  * \retval -1 On failure.
1035  */
1036 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1037 {
1038  DetectAddress *ad;
1039  DetectAddress *ag, *ag2;
1040  int r = 0;
1041 
1042  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1043  ghn->ipv4_head);
1044 
1045  /* check if the negated list covers the entire ip space. If so
1046  * the user screwed up the rules/vars. */
1047  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1048  SCLogError("Complete IP space negated. "
1049  "Rule address range is NIL. Probably have a !any or "
1050  "an address range that supplies a NULL address range");
1051  goto error;
1052  }
1053 
1054  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1055  * not thingy. In that case we add a 0.0.0.0/0 first. */
1056  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1057  r = DetectAddressSetup(gh, "0.0.0.0/0");
1058  if (r < 0) {
1059  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1060  goto error;
1061  }
1062  }
1063  /* ... or ::/0 for ipv6 */
1064  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1065  r = DetectAddressSetup(gh, "::/0");
1066  if (r < 0) {
1067  SCLogDebug("DetectAddressSetup for ::/0 failed");
1068  goto error;
1069  }
1070  }
1071 
1072  /* step 1: insert our ghn members into the gh list */
1073  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1074  /* work with a copy of the ad so we can easily clean up the ghn group
1075  * later. */
1076  ad = DetectAddressCopy(ag);
1077  if (ad == NULL) {
1078  SCLogDebug("DetectAddressCopy failed");
1079  goto error;
1080  }
1081 
1082  r = DetectAddressInsert(NULL, gh, ad);
1083  if (r < 0) {
1084  SCLogDebug("DetectAddressInsert failed");
1085  goto error;
1086  }
1087  }
1088  /* ... and the same for ipv6 */
1089  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1090  /* work with a copy of the ad so we can easily clean up the ghn group
1091  * later. */
1092  ad = DetectAddressCopy(ag);
1093  if (ad == NULL) {
1094  SCLogDebug("DetectAddressCopy failed");
1095  goto error;
1096  }
1097 
1098  r = DetectAddressInsert(NULL, gh, ad);
1099  if (r < 0) {
1100  SCLogDebug("DetectAddressInsert failed");
1101  goto error;
1102  }
1103  }
1104 #ifdef DEBUG
1105  DetectAddress *tmp_ad;
1106  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1107  DetectAddressPrint(tmp_ad);
1108  }
1109 #endif
1110  int ipv4_applied = 0;
1111  int ipv6_applied = 0;
1112 
1113  /* step 2: pull the address blocks that match our 'not' blocks */
1114  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1115  SCLogDebug("ag %p", ag);
1116  DetectAddressPrint(ag);
1117 
1118  int applied = 0;
1119  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1120  SCLogDebug("ag2 %p", ag2);
1121  DetectAddressPrint(ag2);
1122 
1123  r = DetectAddressCmp(ag, ag2);
1124  /* XXX more ??? */
1125  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1126  if (ag2->prev != NULL)
1127  ag2->prev->next = ag2->next;
1128  if (ag2->next != NULL)
1129  ag2->next->prev = ag2->prev;
1130  if (gh->ipv4_head == ag2)
1131  gh->ipv4_head = ag2->next;
1132  /* store the next ptr and remove the group */
1133  DetectAddress *next_ag2 = ag2->next;
1134  DetectAddressFree(ag2);
1135  ag2 = next_ag2;
1136  applied = 1;
1137  } else {
1138  ag2 = ag2->next;
1139  }
1140  }
1141 
1142  if (applied) {
1143  ipv4_applied++;
1144  }
1145  }
1146  /* ... and the same for ipv6 */
1147  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1148  int applied = 0;
1149  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1150  r = DetectAddressCmp(ag, ag2);
1151  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1152  if (ag2->prev != NULL)
1153  ag2->prev->next = ag2->next;
1154  if (ag2->next != NULL)
1155  ag2->next->prev = ag2->prev;
1156  if (gh->ipv6_head == ag2)
1157  gh->ipv6_head = ag2->next;
1158  /* store the next ptr and remove the group */
1159  DetectAddress *next_ag2 = ag2->next;
1160  DetectAddressFree(ag2);
1161  ag2 = next_ag2;
1162 
1163  SCLogDebug("applied");
1164  applied = 1;
1165  } else {
1166  ag2 = ag2->next;
1167  }
1168  }
1169  if (applied) {
1170  ipv6_applied++;
1171  }
1172  }
1173 #ifdef DEBUG
1174  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1175  DetectAddressPrint(tmp_ad);
1176  }
1177  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1178  DetectAddressPrint(tmp_ad);
1179  }
1180 #endif
1181  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1182  int cnt = 0;
1183  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1184  cnt++;
1185 
1186  if (ipv4_applied != cnt) {
1187  SCLogError("not all IPv4 negations "
1188  "could be applied: %d != %d",
1189  cnt, ipv4_applied);
1190  goto error;
1191  }
1192 
1193  cnt = 0;
1194  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1195  cnt++;
1196 
1197  if (ipv6_applied != cnt) {
1198  SCLogError("not all IPv6 negations "
1199  "could be applied: %d != %d",
1200  cnt, ipv6_applied);
1201  goto error;
1202  }
1203  }
1204 
1205  /* if the result is that we have no addresses we return error */
1206  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1207  SCLogError("no addresses left after "
1208  "merging addresses and negated addresses");
1209  goto error;
1210  }
1211 
1212  return 0;
1213 
1214 error:
1215  return -1;
1216 }
1217 
1218 int DetectAddressTestConfVars(void)
1219 {
1220  SCLogDebug("Testing address conf vars for any misconfigured values");
1221 
1222  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1223 
1224  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1225  if (address_vars_node == NULL) {
1226  return 0;
1227  }
1228 
1229  DetectAddressHead *gh = NULL;
1230  DetectAddressHead *ghn = NULL;
1231 
1232  ConfNode *seq_node;
1233  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1234  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1235 
1236  gh = DetectAddressHeadInit();
1237  if (gh == NULL) {
1238  goto error;
1239  }
1240  ghn = DetectAddressHeadInit();
1241  if (ghn == NULL) {
1242  goto error;
1243  }
1244 
1245  if (seq_node->val == NULL) {
1246  SCLogError("Address var \"%s\" probably has a sequence(something "
1247  "in brackets) value set without any quotes. Please "
1248  "quote it using \"..\".",
1249  seq_node->name);
1250  goto error;
1251  }
1252 
1253  int r = DetectAddressParse2(
1254  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1255 
1256  CleanVariableResolveList(&var_list);
1257 
1258  if (r < 0) {
1259  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1260  "Please check its syntax",
1261  seq_node->name, seq_node->val);
1262  goto error;
1263  }
1264 
1265  if (DetectAddressIsCompleteIPSpace(ghn)) {
1266  SCLogError("address var - \"%s\" has the complete IP space negated "
1267  "with its value \"%s\". Rule address range is NIL. "
1268  "Probably have a !any or an address range that supplies "
1269  "a NULL address range",
1270  seq_node->name, seq_node->val);
1271  goto error;
1272  }
1273 
1274  DetectAddressHeadFree(gh);
1275  DetectAddressHeadFree(ghn);
1276  ghn = NULL;
1277  }
1278 
1279  return 0;
1280  error:
1281  if (gh != NULL)
1282  DetectAddressHeadFree(gh);
1283  if (ghn != NULL)
1284  DetectAddressHeadFree(ghn);
1285  return -1;
1286 }
1287 
1288 #include "util-hash-lookup3.h"
1289 
1290 typedef struct DetectAddressMap_ {
1291  char *string;
1292  DetectAddressHead *address;
1293  bool contains_negation;
1294 } DetectAddressMap;
1295 
1296 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1297 {
1298  const DetectAddressMap *map = (DetectAddressMap *)data;
1299  uint32_t hash = 0;
1300 
1301  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1302  hash %= ht->array_size;
1303 
1304  return hash;
1305 }
1306 
1307 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1308  uint16_t len2)
1309 {
1310  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1311  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1312 
1313  char r = (strcmp(map1->string, map2->string) == 0);
1314  return r;
1315 }
1316 
1317 static void DetectAddressMapFreeFunc(void *data)
1318 {
1319  DetectAddressMap *map = (DetectAddressMap *)data;
1320  if (map != NULL) {
1321  DetectAddressHeadFree(map->address);
1322  SCFree(map->string);
1323  }
1324  SCFree(map);
1325 }
1326 
1327 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1328 {
1329  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1330  DetectAddressMapCompareFunc,
1331  DetectAddressMapFreeFunc);
1332  if (de_ctx->address_table == NULL)
1333  return -1;
1334 
1335  return 0;
1336 }
1337 
1338 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1339 {
1340  if (de_ctx->address_table == NULL)
1341  return;
1342 
1343  HashListTableFree(de_ctx->address_table);
1344  de_ctx->address_table = NULL;
1345  return;
1346 }
1347 
1348 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1349  DetectAddressHead *address, bool contains_negation)
1350 {
1351  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1352  if (map == NULL)
1353  return false;
1354 
1355  map->string = SCStrdup(string);
1356  if (map->string == NULL) {
1357  SCFree(map);
1358  return false;
1359  }
1360  map->address = address;
1361  map->contains_negation = contains_negation;
1362 
1363  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1364  SCFree(map->string);
1365  SCFree(map);
1366  return false;
1367  }
1368 
1369  return true;
1370 }
1371 
1372 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1373  const char *string)
1374 {
1375  DetectAddressMap map = { (char *)string, NULL, false };
1376 
1377  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1378  &map, 0);
1379  return res;
1380 }
1381 
1382 /**
1383  * \brief Parses an address group sent as a character string and updates the
1384  * DetectAddressHead sent as the argument with the relevant address
1385  * ranges from the parsed string.
1386  *
1387  * \param de_ctx Pointer to the detection engine context
1388  * \param gh Pointer to the DetectAddressHead.
1389  * \param str Pointer to the character string containing the address group
1390  * that has to be parsed.
1391  *
1392  * \retval 1 On success. Contained negation.
1393  * \retval 0 On success. Did not contain negation.
1394  * \retval -1 On failure.
1395  */
1396 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1397  DetectAddressHead *gh, const char *str)
1398 {
1399  SCLogDebug("gh %p, str %s", gh, str);
1400 
1401  if (str == NULL) {
1402  SCLogDebug("DetectAddressParse can not be run with NULL address");
1403  return -1;
1404  }
1405 
1406  DetectAddressHead *ghn = DetectAddressHeadInit();
1407  if (ghn == NULL) {
1408  SCLogDebug("DetectAddressHeadInit for ghn failed");
1409  return -1;
1410  }
1411 
1412  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1413  if (r < 0) {
1414  SCLogDebug("DetectAddressParse2 returned %d", r);
1415  DetectAddressHeadFree(ghn);
1416  return -1;
1417  }
1418 
1419  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1420  ghn->ipv4_head);
1421 
1422  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1423 
1424  /* merge the 'not' address groups */
1425  if (DetectAddressMergeNot(gh, ghn) < 0) {
1426  SCLogDebug("DetectAddressMergeNot failed");
1427  DetectAddressHeadFree(ghn);
1428  return -1;
1429  }
1430 
1431  /* free the temp negate head */
1432  DetectAddressHeadFree(ghn);
1433  return contains_negation ? 1 : 0;
1434 }
1435 
1436 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1437  const char *string, bool *contains_negation)
1438 {
1439  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1440  if (res != NULL) {
1441  SCLogDebug("found: %s :: %p", string, res);
1442  *contains_negation = res->contains_negation;
1443  return res->address;
1444  }
1445 
1446  SCLogDebug("%s not found", string);
1447 
1448  DetectAddressHead *head = DetectAddressHeadInit();
1449  if (head == NULL)
1450  return NULL;
1451 
1452  const int r = DetectAddressParse(de_ctx, head, string);
1453  if (r < 0) {
1454  DetectAddressHeadFree(head);
1455  return NULL;
1456  } else if (r == 1) {
1457  *contains_negation = true;
1458  } else {
1459  *contains_negation = false;
1460  }
1461 
1462  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1463  DetectAddressHeadFree(head);
1464  return NULL;
1465  }
1466 
1467  return head;
1468 }
1469 
1470 /**
1471  * \brief Cleans a DetectAddressHead. The functions frees the address
1472  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1473  * instance.
1474  *
1475  * \param gh Pointer to the DetectAddressHead instance that has to be
1476  * cleaned.
1477  */
1478 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1479 {
1480  if (gh != NULL) {
1481  if (gh->ipv4_head != NULL) {
1482  DetectAddressCleanupList(gh->ipv4_head);
1483  gh->ipv4_head = NULL;
1484  }
1485  if (gh->ipv6_head != NULL) {
1486  DetectAddressCleanupList(gh->ipv6_head);
1487  gh->ipv6_head = NULL;
1488  }
1489  }
1490 
1491  return;
1492 }
1493 
1494 /**
1495  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1496  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1497  * explanations on what these functions do.
1498  *
1499  * \param de_ctx Pointer to the DetectEngineCtx.
1500  * \param a Pointer to the first address to be cut.
1501  * \param b Pointer to the second address to be cut.
1502  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1503  * ranges from a and b, demand a third address range.
1504  *
1505  * \retval 0 On success.
1506  * \retval -1 On failure.
1507  */
1508 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1509  DetectAddress *b, DetectAddress **c)
1510 {
1511  if (a->ip.family == AF_INET)
1512  return DetectAddressCutIPv4(de_ctx, a, b, c);
1513  else if (a->ip.family == AF_INET6)
1514  return DetectAddressCutIPv6(de_ctx, a, b, c);
1515 
1516  return -1;
1517 }
1518 
1519 /**
1520  * \brief Cuts a negated address range with respect to the entire ip range, and
1521  * supplies with the address range that doesn't belong to the negated
1522  * address range.
1523  *
1524  * There are 2 cases here -
1525  *
1526  * The first case includes the address being located at the extreme ends
1527  * of the ip space, in which we get a single range.
1528  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1529  *
1530  * The second case includes the address not present at either of the
1531  * ip space extremes, in which case we get 2 ranges. The second range
1532  * would be supplied back with the argument "b" supplied to this function.
1533  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1534  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1535  *
1536  * The above negation cases can similarly be extended to ranges, i.e.
1537  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1538  * ![10.20.30.40 - 10.20.30.50].
1539  *
1540  *
1541  * \param a Pointer to the DetectAddressData instance, that contains the negated
1542  * address range that has to be cut.
1543  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1544  * filled with the address range, if the argument "a", doesn't fall at
1545  * the extreme ends of the ip address space.
1546  *
1547  * \retval 0 On success.
1548  * \retval -1 On failure.
1549  */
1550 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1551 {
1552  if (a->ip.family == AF_INET)
1553  return DetectAddressCutNotIPv4(a, b);
1554  else if (a->ip.family == AF_INET6)
1555  return DetectAddressCutNotIPv6(a, b);
1556 
1557  return -1;
1558 }
1559 
1560 /**
1561  * \brief Used to compare 2 address ranges.
1562  *
1563  * \param a Pointer to the first DetectAddressData to be compared.
1564  * \param b Pointer to the second DetectAddressData to be compared.
1565  */
1566 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1567 {
1568  if (a->ip.family != b->ip.family)
1569  return ADDRESS_ER;
1570 
1571  if (a->ip.family == AF_INET)
1572  return DetectAddressCmpIPv4(a, b);
1573  else if (a->ip.family == AF_INET6)
1574  return DetectAddressCmpIPv6(a, b);
1575 
1576  return ADDRESS_ER;
1577 }
1578 
1579 /**
1580  * \brief Match a packets address against a signatures addrs array
1581  *
1582  * \param addrs array of DetectMatchAddressIPv4's
1583  * \param addrs_cnt array size in members
1584  * \param a packets address
1585  *
1586  * \retval 0 no match
1587  * \retval 1 match
1588  *
1589  * \note addresses in addrs are in host order
1590  *
1591  * \todo array should be ordered, so we can break out of the loop
1592  */
1593 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1594  uint16_t addrs_cnt, const Address *a)
1595 {
1596  SCEnter();
1597 
1598  if (addrs == NULL || addrs_cnt == 0) {
1599  SCReturnInt(0);
1600  }
1601 
1602  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1603  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1604  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1605  SCReturnInt(1);
1606  }
1607  }
1608 
1609  SCReturnInt(0);
1610 }
1611 
1612 /**
1613  * \brief Match a packets address against a signatures addrs array
1614  *
1615  * \param addrs array of DetectMatchAddressIPv6's
1616  * \param addrs_cnt array size in members
1617  * \param a packets address
1618  *
1619  * \retval 0 no match
1620  * \retval 1 match
1621  *
1622  * \note addresses in addrs are in host order
1623  *
1624  * \todo array should be ordered, so we can break out of the loop
1625  */
1626 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1627  uint16_t addrs_cnt, const Address *a)
1628 {
1629  SCEnter();
1630 
1631  if (addrs == NULL || addrs_cnt == 0) {
1632  SCReturnInt(0);
1633  }
1634 
1635  uint32_t match_addr[4];
1636  match_addr[0] = SCNtohl(a->addr_data32[0]);
1637  match_addr[1] = SCNtohl(a->addr_data32[1]);
1638  match_addr[2] = SCNtohl(a->addr_data32[2]);
1639  match_addr[3] = SCNtohl(a->addr_data32[3]);
1640 
1641  /* See if the packet address is within the range of any entry in the
1642  * signature's address match array.
1643  */
1644  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1645  uint16_t result1 = 0, result2 = 0;
1646 
1647  /* See if packet address equals either limit. Return 1 if true. */
1648  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1649  SCReturnInt(1);
1650  }
1651  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1652  SCReturnInt(1);
1653  }
1654 
1655  /* See if packet address is greater than lower limit
1656  * of the current signature address match pair.
1657  */
1658  for (int i = 0; i < 4; i++) {
1659  if (match_addr[i] > addrs[idx].ip[i]) {
1660  result1 = 1;
1661  break;
1662  }
1663  if (match_addr[i] < addrs[idx].ip[i]) {
1664  result1 = 0;
1665  break;
1666  }
1667  }
1668 
1669  /* If not greater than lower limit, try next address match entry */
1670  if (result1 == 0)
1671  continue;
1672 
1673  /* See if packet address is less than upper limit
1674  * of the current signature address match pair.
1675  */
1676  for (int i = 0; i < 4; i++) {
1677  if (match_addr[i] < addrs[idx].ip2[i]) {
1678  result2 = 1;
1679  break;
1680  }
1681  if (match_addr[i] > addrs[idx].ip2[i]) {
1682  result2 = 0;
1683  break;
1684  }
1685  }
1686 
1687  /* Return a match if packet address is between the two
1688  * signature address match limits.
1689  */
1690  if (result1 == 1 && result2 == 1)
1691  SCReturnInt(1);
1692  }
1693 
1694  SCReturnInt(0);
1695 }
1696 
1697 /**
1698  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1699  * range in the DetectAddress instance.
1700  *
1701  * We basically check that the address falls in between the address
1702  * range in DetectAddress.
1703  *
1704  * \param dd Pointer to the DetectAddress instance.
1705  * \param a Pointer to an Address instance.
1706  *
1707  * \param 1 On a match.
1708  * \param 0 On no match.
1709  */
1710 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1711 {
1712  SCEnter();
1713 
1714  if (dd->ip.family != a->family) {
1715  SCReturnInt(0);
1716  }
1717 
1718  //DetectAddressPrint(dd);
1719  //AddressDebugPrint(a);
1720 
1721  switch (a->family) {
1722  case AF_INET:
1723 
1724  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1725  * Address inside DetectAddressData we can do uint8_t checks */
1726  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1727  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1728  {
1729  SCReturnInt(1);
1730  } else {
1731  SCReturnInt(0);
1732  }
1733 
1734  break;
1735  case AF_INET6:
1736  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1737  AddressIPv6Le(a, &dd->ip2) == 1)
1738  {
1739  SCReturnInt(1);
1740  } else {
1741  SCReturnInt(0);
1742  }
1743 
1744  break;
1745  default:
1746  SCLogDebug("What other address type can we have :-/");
1747  break;
1748  }
1749 
1750  SCReturnInt(0);
1751 }
1752 
1753 #ifdef DEBUG
1754 /**
1755  * \brief Prints the address data held by the DetectAddress. If the address
1756  * data family is IPv4, we print the ipv4 address and mask, and
1757  * if the address data family is IPv6, we print the ipv6 address and
1758  * mask.
1759  *
1760  * \param ad Pointer to the DetectAddress instance to be printed.
1761  */
1762 static void DetectAddressPrint(DetectAddress *gr)
1763 {
1764  if (gr == NULL)
1765  return;
1766 
1767  if (gr->ip.family == AF_INET) {
1768  struct in_addr in;
1769  char ip[16], mask[16];
1770 
1771  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1772  PrintInet(AF_INET, &in, ip, sizeof(ip));
1773  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1774  PrintInet(AF_INET, &in, mask, sizeof(mask));
1775 
1776  SCLogDebug("%s/%s", ip, mask);
1777 // printf("%s/%s", ip, mask);
1778  } else if (gr->ip.family == AF_INET6) {
1779  struct in6_addr in6;
1780  char ip[66], mask[66];
1781 
1782  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1783  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1784  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1785  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1786 
1787  SCLogDebug("%s/%s", ip, mask);
1788 // printf("%s/%s", ip, mask);
1789  }
1790 
1791  return;
1792 }
1793 #endif
1794 
1795 /**
1796  * \brief Find the group matching address in a group head.
1797  *
1798  * \param gh Pointer to the address group head(DetectAddressHead instance).
1799  * \param a Pointer to an Address instance.
1800  *
1801  * \retval g On success pointer to an DetectAddress if we find a match
1802  * for the Address "a", in the DetectAddressHead "gh".
1803  */
1804 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1805 {
1806  SCEnter();
1807 
1808  DetectAddress *g = NULL;
1809 
1810  if (gh == NULL) {
1811  SCReturnPtr(NULL, "DetectAddress");
1812  }
1813 
1814  /* XXX should we really do this check every time we run this function? */
1815  if (a->family == AF_INET) {
1816  SCLogDebug("IPv4");
1817  g = gh->ipv4_head;
1818  } else if (a->family == AF_INET6) {
1819  SCLogDebug("IPv6");
1820  g = gh->ipv6_head;
1821  }
1822 
1823  for ( ; g != NULL; g = g->next) {
1824  if (DetectAddressMatch(g,a) == 1) {
1825  SCReturnPtr(g, "DetectAddress");
1826  }
1827  }
1828 
1829  SCReturnPtr(NULL, "DetectAddress");
1830 }
1831 
1832 /********************************Unittests*************************************/
1833 
1834 #ifdef UNITTESTS
1835 
1836 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1837 {
1838  char str1[46] = "", str2[46] = "";
1839 
1840  if (ad == NULL)
1841  return false;
1842 
1843  switch(ad->ip.family) {
1844  case AF_INET:
1845  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1846  SCLogDebug("%s", str1);
1847  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1848  SCLogDebug("%s", str2);
1849 
1850  if (strcmp(str1, one) != 0) {
1851  SCLogInfo("%s != %s", str1, one);
1852  return false;
1853  }
1854 
1855  if (strcmp(str2, two) != 0) {
1856  SCLogInfo("%s != %s", str2, two);
1857  return false;
1858  }
1859 
1860  return true;
1861  break;
1862 
1863  case AF_INET6:
1864  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1865  SCLogDebug("%s", str1);
1866  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1867  SCLogDebug("%s", str2);
1868 
1869  if (strcmp(str1, one) != 0) {
1870  SCLogInfo("%s != %s", str1, one);
1871  return false;
1872  }
1873 
1874  if (strcmp(str2, two) != 0) {
1875  SCLogInfo("%s != %s", str2, two);
1876  return false;
1877  }
1878 
1879  return true;
1880  break;
1881  }
1882 
1883  return false;
1884 }
1885 
1886 typedef struct UTHValidateDetectAddressHeadRange_ {
1887  const char *one;
1888  const char *two;
1889 } UTHValidateDetectAddressHeadRange;
1890 
1891 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1892 {
1893  int expect = nranges;
1894  int have = 0;
1895 
1896  if (gh == NULL)
1897  return false;
1898 
1899  DetectAddress *ad = NULL;
1900  ad = gh->ipv4_head;
1901  if (ad == NULL)
1902  ad = gh->ipv6_head;
1903  while (have < expect) {
1904  if (ad == NULL) {
1905  printf("bad head: have %d ranges, expected %d: ", have, expect);
1906  return false;
1907  }
1908 
1909  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1910  return false;
1911 
1912  ad = ad->next;
1913  have++;
1914  }
1915 
1916  return true;
1917 }
1918 
1919 static int AddressTestParse01(void)
1920 {
1921  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1922 
1923  if (dd) {
1924  DetectAddressFree(dd);
1925  return 1;
1926  }
1927 
1928  return 0;
1929 }
1930 
1931 static int AddressTestParse02(void)
1932 {
1933  int result = 1;
1934  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1935 
1936  if (dd) {
1937  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1938  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1939  result = 0;
1940  }
1941 
1942  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1943  DetectAddressFree(dd);
1944  return result;
1945  }
1946 
1947  return 0;
1948 }
1949 
1950 static int AddressTestParse03(void)
1951 {
1952  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1953 
1954  if (dd) {
1955  DetectAddressFree(dd);
1956  return 1;
1957  }
1958 
1959  return 0;
1960 }
1961 
1962 static int AddressTestParse04(void)
1963 {
1964  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1965  FAIL_IF_NULL(dd);
1966 
1967  char left[16], right[16];
1968  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1969  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1970  SCLogDebug("left %s right %s", left, right);
1971  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1972  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1973  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1974  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1975 
1976  DetectAddressFree(dd);
1977  PASS;
1978 }
1979 
1980 /** \test that address range sets proper start address */
1981 static int AddressTestParse04bug5081(void)
1982 {
1983  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1984  FAIL_IF_NULL(dd);
1985 
1986  char left[16], right[16];
1987  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1988  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1989  SCLogDebug("left %s right %s", left, right);
1990  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1991  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1992 
1993  DetectAddressFree(dd);
1994  PASS;
1995 }
1996 
1997 static int AddressTestParse05(void)
1998 {
1999  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2000 
2001  if (dd) {
2002  DetectAddressFree(dd);
2003  return 1;
2004  }
2005 
2006  return 0;
2007 }
2008 
2009 static int AddressTestParse06(void)
2010 {
2011  int result = 1;
2012  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2013 
2014  if (dd) {
2015  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2016  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2017  result = 0;
2018  }
2019 
2020  DetectAddressFree(dd);
2021  return result;
2022  }
2023 
2024  return 0;
2025 }
2026 
2027 static int AddressTestParse07(void)
2028 {
2029  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2030 
2031  if (dd) {
2032  DetectAddressFree(dd);
2033  return 1;
2034  }
2035 
2036  return 0;
2037 }
2038 
2039 static int AddressTestParse08(void)
2040 {
2041  int result = 1;
2042  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2043 
2044  if (dd) {
2045  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2046  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2047 
2048  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2049  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2050  DetectAddressPrint(dd);
2051  result = 0;
2052  }
2053 
2054  DetectAddressFree(dd);
2055  return result;
2056  }
2057 
2058  return 0;
2059 }
2060 
2061 static int AddressTestParse09(void)
2062 {
2063  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2064 
2065  if (dd) {
2066  DetectAddressFree(dd);
2067  return 1;
2068  }
2069 
2070  return 0;
2071 }
2072 
2073 static int AddressTestParse10(void)
2074 {
2075  int result = 1;
2076  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2077 
2078  if (dd) {
2079  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2080  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2081 
2082  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2083  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2084  DetectAddressPrint(dd);
2085  result = 0;
2086  }
2087 
2088  DetectAddressFree(dd);
2089  return result;
2090  }
2091 
2092  return 0;
2093 }
2094 
2095 static int AddressTestParse11(void)
2096 {
2097  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2098 
2099  if (dd) {
2100  DetectAddressFree(dd);
2101  return 1;
2102  }
2103 
2104  return 0;
2105 }
2106 
2107 static int AddressTestParse12(void)
2108 {
2109  int result = 1;
2110  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2111 
2112  if (dd) {
2113  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2114  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2115 
2116  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2117  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2118  DetectAddressPrint(dd);
2119  result = 0;
2120  }
2121 
2122  DetectAddressFree(dd);
2123  return result;
2124  }
2125 
2126  return 0;
2127 }
2128 static int AddressTestParse13(void)
2129 {
2130  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2131 
2132  if (dd) {
2133  DetectAddressFree(dd);
2134  return 1;
2135  }
2136 
2137  return 0;
2138 }
2139 
2140 static int AddressTestParse14(void)
2141 {
2142  int result = 1;
2143  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2144 
2145  if (dd) {
2146  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2147  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2148 
2149  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2150  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2151  result = 0;
2152  }
2153 
2154  DetectAddressFree(dd);
2155  return result;
2156  }
2157 
2158  return 0;
2159 }
2160 
2161 static int AddressTestParse15(void)
2162 {
2163  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2164 
2165  if (dd) {
2166  DetectAddressFree(dd);
2167  return 1;
2168  }
2169 
2170  return 0;
2171 }
2172 
2173 static int AddressTestParse16(void)
2174 {
2175  int result = 1;
2176  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2177 
2178  if (dd) {
2179  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2180  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2181 
2182  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2183  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2184  result = 0;
2185  }
2186 
2187  DetectAddressFree(dd);
2188  return result;
2189  }
2190 
2191  return 0;
2192 }
2193 
2194 static int AddressTestParse17(void)
2195 {
2196  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2197 
2198  if (dd) {
2199  DetectAddressFree(dd);
2200  return 1;
2201  }
2202 
2203  return 0;
2204 }
2205 
2206 static int AddressTestParse18(void)
2207 {
2208  int result = 1;
2209  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2210 
2211  if (dd) {
2212  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2213  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2214  result = 0;
2215  }
2216 
2217  DetectAddressFree(dd);
2218  return result;
2219  }
2220 
2221  return 0;
2222 }
2223 
2224 static int AddressTestParse19(void)
2225 {
2226  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2227 
2228  if (dd) {
2229  DetectAddressFree(dd);
2230  return 0;
2231  }
2232 
2233  return 1;
2234 }
2235 
2236 static int AddressTestParse20(void)
2237 {
2238  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2239 
2240  if (dd) {
2241  DetectAddressFree(dd);
2242  return 1;
2243  }
2244 
2245  return 0;
2246 }
2247 
2248 static int AddressTestParse21(void)
2249 {
2250  int result = 1;
2251  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2252 
2253  if (dd) {
2254  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2255  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2256 
2257  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2258  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2259  result = 0;
2260  }
2261 
2262  DetectAddressFree(dd);
2263  return result;
2264  }
2265 
2266  return 0;
2267 }
2268 
2269 static int AddressTestParse22(void)
2270 {
2271  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2272 
2273  if (dd) {
2274  DetectAddressFree(dd);
2275  return 0;
2276  }
2277 
2278  return 1;
2279 }
2280 
2281 static int AddressTestParse23(void)
2282 {
2283  DetectAddressHead *gh = DetectAddressHeadInit();
2284  FAIL_IF_NULL(gh);
2285  int r = DetectAddressParse(NULL, gh, "any");
2286  FAIL_IF_NOT(r == 0);
2287  DetectAddressHeadFree(gh);
2288  PASS;
2289 }
2290 
2291 static int AddressTestParse24(void)
2292 {
2293  DetectAddressHead *gh = DetectAddressHeadInit();
2294  FAIL_IF_NULL(gh);
2295  int r = DetectAddressParse(NULL, gh, "Any");
2296  FAIL_IF_NOT(r == 0);
2297  DetectAddressHeadFree(gh);
2298  PASS;
2299 }
2300 
2301 static int AddressTestParse25(void)
2302 {
2303  DetectAddressHead *gh = DetectAddressHeadInit();
2304  FAIL_IF_NULL(gh);
2305  int r = DetectAddressParse(NULL, gh, "ANY");
2306  FAIL_IF_NOT(r == 0);
2307  DetectAddressHeadFree(gh);
2308  PASS;
2309 }
2310 
2311 /** \test recursion limit */
2312 static int AddressTestParse26(void)
2313 {
2314  DetectAddressHead *gh = DetectAddressHeadInit();
2315  FAIL_IF_NULL(gh);
2316  /* exactly 64: should pass */
2317  int r = DetectAddressParse(NULL, gh,
2318  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2319  "1.2.3.4"
2320  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2321  );
2322  FAIL_IF_NOT(r == 0);
2323  DetectAddressHeadFree(gh);
2324  gh = DetectAddressHeadInit();
2325  FAIL_IF_NULL(gh);
2326  /* exactly 65: should fail */
2327  r = DetectAddressParse(NULL, gh,
2328  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2329  "1.2.3.4"
2330  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2331  );
2332  FAIL_IF(r == 0);
2333  DetectAddressHeadFree(gh);
2334  PASS;
2335 }
2336 
2337 static int AddressTestParse27(void)
2338 {
2339  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2340 
2341  if (dd) {
2342  DetectAddressFree(dd);
2343  return 1;
2344  }
2345 
2346  return 0;
2347 }
2348 
2349 static int AddressTestParse28(void)
2350 {
2351  int result = 0;
2352  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2353 
2354  if (dd) {
2355  if (dd->flags & ADDRESS_FLAG_NOT &&
2356  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2357  result = 1;
2358  }
2359 
2360  DetectAddressFree(dd);
2361  return result;
2362  }
2363 
2364  return 0;
2365 }
2366 
2367 static int AddressTestParse29(void)
2368 {
2369  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2370 
2371  if (dd) {
2372  DetectAddressFree(dd);
2373  return 1;
2374  }
2375 
2376  return 0;
2377 }
2378 
2379 static int AddressTestParse30(void)
2380 {
2381  int result = 0;
2382  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2383 
2384  if (dd) {
2385  if (dd->flags & ADDRESS_FLAG_NOT &&
2386  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2387  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2388  result = 1;
2389  }
2390 
2391  DetectAddressFree(dd);
2392  return result;
2393  }
2394 
2395  return 0;
2396 }
2397 
2398 /**
2399  * \test make sure !any is rejected
2400  */
2401 static int AddressTestParse31(void)
2402 {
2403  DetectAddress *dd = DetectAddressParseSingle("!any");
2404 
2405  if (dd) {
2406  DetectAddressFree(dd);
2407  return 0;
2408  }
2409 
2410  return 1;
2411 }
2412 
2413 static int AddressTestParse32(void)
2414 {
2415  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2416 
2417  if (dd) {
2418  DetectAddressFree(dd);
2419  return 1;
2420  }
2421 
2422  return 0;
2423 }
2424 
2425 static int AddressTestParse33(void)
2426 {
2427  int result = 0;
2428  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2429 
2430  if (dd) {
2431  if (dd->flags & ADDRESS_FLAG_NOT &&
2432  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2433  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2434  result = 1;
2435  }
2436 
2437  DetectAddressFree(dd);
2438  return result;
2439  }
2440 
2441  return 0;
2442 }
2443 
2444 static int AddressTestParse34(void)
2445 {
2446  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2447 
2448  if (dd) {
2449  DetectAddressFree(dd);
2450  return 1;
2451  }
2452 
2453  return 0;
2454 }
2455 
2456 static int AddressTestParse35(void)
2457 {
2458  int result = 0;
2459  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2460 
2461  if (dd) {
2462  if (dd->flags & ADDRESS_FLAG_NOT &&
2463  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2464  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2465 
2466  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2467  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2468  result = 1;
2469  }
2470 
2471  DetectAddressFree(dd);
2472  return result;
2473  }
2474 
2475  return 0;
2476 }
2477 
2478 static int AddressTestParse36(void)
2479 {
2480  int result = 1;
2481  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2482 
2483  if (dd) {
2484  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2485  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2486 
2487  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2488  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2489 
2490  DetectAddressPrint(dd);
2491  result = 0;
2492  }
2493  DetectAddressPrint(dd);
2494 
2495  DetectAddressFree(dd);
2496  return result;
2497  }
2498 
2499  return 0;
2500 }
2501 
2502 static int AddressTestParse37(void)
2503 {
2504  int result = 1;
2505  DetectAddress *dd = DetectAddressParseSingle("::/0");
2506 
2507  if (dd) {
2508  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2509  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2510 
2511  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2512  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2513  DetectAddressPrint(dd);
2514  result = 0;
2515  }
2516  DetectAddressPrint(dd);
2517 
2518  DetectAddressFree(dd);
2519  return result;
2520  }
2521 
2522  return 0;
2523 }
2524 
2525 static int AddressTestMatch01(void)
2526 {
2527  DetectAddress *dd = NULL;
2528  int result = 1;
2529  struct in_addr in;
2530  Address a;
2531 
2532  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2533  return 0;
2534  memset(&a, 0, sizeof(Address));
2535  a.family = AF_INET;
2536  a.addr_data32[0] = in.s_addr;
2537 
2538  dd = DetectAddressParseSingle("1.2.3.4/24");
2539  if (dd) {
2540  if (DetectAddressMatch(dd, &a) == 0)
2541  result = 0;
2542 
2543  DetectAddressFree(dd);
2544  return result;
2545  }
2546 
2547  return 0;
2548 }
2549 
2550 static int AddressTestMatch02(void)
2551 {
2552  DetectAddress *dd = NULL;
2553  int result = 1;
2554  struct in_addr in;
2555  Address a;
2556 
2557  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2558  return 0;
2559  memset(&a, 0, sizeof(Address));
2560  a.family = AF_INET;
2561  a.addr_data32[0] = in.s_addr;
2562 
2563  dd = DetectAddressParseSingle("1.2.3.4/25");
2564  if (dd) {
2565  if (DetectAddressMatch(dd, &a) == 0)
2566  result = 0;
2567 
2568  DetectAddressFree(dd);
2569  return result;
2570  }
2571 
2572  return 0;
2573 }
2574 
2575 static int AddressTestMatch03(void)
2576 {
2577  DetectAddress *dd = NULL;
2578  int result = 1;
2579  struct in_addr in;
2580  Address a;
2581 
2582  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2583  return 0;
2584  memset(&a, 0, sizeof(Address));
2585  a.family = AF_INET;
2586  a.addr_data32[0] = in.s_addr;
2587 
2588  dd = DetectAddressParseSingle("1.2.3.4/25");
2589  if (dd) {
2590  if (DetectAddressMatch(dd, &a) == 1)
2591  result = 0;
2592 
2593  DetectAddressFree(dd);
2594  return result;
2595  }
2596 
2597  return 0;
2598 }
2599 
2600 static int AddressTestMatch04(void)
2601 {
2602  DetectAddress *dd = NULL;
2603  int result = 1;
2604  struct in_addr in;
2605  Address a;
2606 
2607  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2608  return 0;
2609  memset(&a, 0, sizeof(Address));
2610  a.family = AF_INET;
2611  a.addr_data32[0] = in.s_addr;
2612 
2613  dd = DetectAddressParseSingle("1.2.3.4/25");
2614  if (dd) {
2615  if (DetectAddressMatch(dd, &a) == 1)
2616  result = 0;
2617 
2618  DetectAddressFree(dd);
2619  return result;
2620  }
2621 
2622  return 0;
2623 }
2624 
2625 static int AddressTestMatch05(void)
2626 {
2627  DetectAddress *dd = NULL;
2628  int result = 1;
2629  struct in_addr in;
2630  Address a;
2631 
2632  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2633  return 0;
2634  memset(&a, 0, sizeof(Address));
2635  a.family = AF_INET;
2636  a.addr_data32[0] = in.s_addr;
2637 
2638  dd = DetectAddressParseSingle("1.2.3.4/32");
2639  if (dd) {
2640  if (DetectAddressMatch(dd, &a) == 0)
2641  result = 0;
2642 
2643  DetectAddressFree(dd);
2644  return result;
2645  }
2646 
2647  return 0;
2648 }
2649 
2650 static int AddressTestMatch06(void)
2651 {
2652  DetectAddress *dd = NULL;
2653  int result = 1;
2654  struct in_addr in;
2655  Address a;
2656 
2657  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2658  return 0;
2659  memset(&a, 0, sizeof(Address));
2660  a.family = AF_INET;
2661  a.addr_data32[0] = in.s_addr;
2662 
2663  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2664  if (dd) {
2665  if (DetectAddressMatch(dd, &a) == 0)
2666  result = 0;
2667 
2668  DetectAddressFree(dd);
2669  return result;
2670  }
2671 
2672  return 0;
2673 }
2674 
2675 static int AddressTestMatch07(void)
2676 {
2677  DetectAddress *dd = NULL;
2678  int result = 1;
2679  struct in6_addr in6;
2680  Address a;
2681 
2682  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2683  return 0;
2684  memset(&a, 0, sizeof(Address));
2685  a.family = AF_INET6;
2686  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2687 
2688  dd = DetectAddressParseSingle("2001::/3");
2689  if (dd) {
2690  if (DetectAddressMatch(dd, &a) == 0)
2691  result = 0;
2692 
2693  DetectAddressFree(dd);
2694  return result;
2695  }
2696 
2697  return 0;
2698 }
2699 
2700 static int AddressTestMatch08(void)
2701 {
2702  DetectAddress *dd = NULL;
2703  int result = 1;
2704  struct in6_addr in6;
2705  Address a;
2706 
2707  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2708  return 0;
2709  memset(&a, 0, sizeof(Address));
2710  a.family = AF_INET6;
2711  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2712 
2713  dd = DetectAddressParseSingle("2001::/3");
2714  if (dd) {
2715  if (DetectAddressMatch(dd, &a) == 1)
2716  result = 0;
2717 
2718  DetectAddressFree(dd);
2719  return result;
2720  }
2721 
2722  return 0;
2723 }
2724 
2725 static int AddressTestMatch09(void)
2726 {
2727  DetectAddress *dd = NULL;
2728  int result = 1;
2729  struct in6_addr in6;
2730  Address a;
2731 
2732  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2733  return 0;
2734  memset(&a, 0, sizeof(Address));
2735  a.family = AF_INET6;
2736  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2737 
2738  dd = DetectAddressParseSingle("2001::1/128");
2739  if (dd) {
2740  if (DetectAddressMatch(dd, &a) == 1)
2741  result = 0;
2742 
2743  DetectAddressFree(dd);
2744  return result;
2745  }
2746 
2747  return 0;
2748 }
2749 
2750 static int AddressTestMatch10(void)
2751 {
2752  DetectAddress *dd = NULL;
2753  int result = 1;
2754  struct in6_addr in6;
2755  Address a;
2756 
2757  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2758  return 0;
2759  memset(&a, 0, sizeof(Address));
2760  a.family = AF_INET6;
2761  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2762 
2763  dd = DetectAddressParseSingle("2001::1/126");
2764  if (dd) {
2765  if (DetectAddressMatch(dd, &a) == 0)
2766  result = 0;
2767 
2768  DetectAddressFree(dd);
2769  return result;
2770  }
2771 
2772  return 0;
2773 }
2774 
2775 static int AddressTestMatch11(void)
2776 {
2777  DetectAddress *dd = NULL;
2778  int result = 1;
2779  struct in6_addr in6;
2780  Address a;
2781 
2782  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2783  return 0;
2784  memset(&a, 0, sizeof(Address));
2785  a.family = AF_INET6;
2786  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2787 
2788  dd = DetectAddressParseSingle("2001::1/127");
2789  if (dd) {
2790  if (DetectAddressMatch(dd, &a) == 1)
2791  result = 0;
2792 
2793  DetectAddressFree(dd);
2794  return result;
2795  }
2796 
2797  return 0;
2798 }
2799 
2800 static int AddressTestCmp01(void)
2801 {
2802  DetectAddress *da = NULL, *db = NULL;
2803  int result = 1;
2804 
2805  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2806  if (da == NULL) goto error;
2807  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2808  if (db == NULL) goto error;
2809 
2810  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2811  result = 0;
2812 
2813  DetectAddressFree(da);
2814  DetectAddressFree(db);
2815  return result;
2816 
2817 error:
2818  if (da) DetectAddressFree(da);
2819  if (db) DetectAddressFree(db);
2820  return 0;
2821 }
2822 
2823 static int AddressTestCmp02(void)
2824 {
2825  DetectAddress *da = NULL, *db = NULL;
2826  int result = 1;
2827 
2828  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2829  if (da == NULL) goto error;
2830  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2831  if (db == NULL) goto error;
2832 
2833  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2834  result = 0;
2835 
2836  DetectAddressFree(da);
2837  DetectAddressFree(db);
2838  return result;
2839 
2840 error:
2841  if (da) DetectAddressFree(da);
2842  if (db) DetectAddressFree(db);
2843  return 0;
2844 }
2845 
2846 static int AddressTestCmp03(void)
2847 {
2848  DetectAddress *da = NULL, *db = NULL;
2849  int result = 1;
2850 
2851  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2852  if (da == NULL) goto error;
2853  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2854  if (db == NULL) goto error;
2855 
2856  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2857  result = 0;
2858 
2859  DetectAddressFree(da);
2860  DetectAddressFree(db);
2861  return result;
2862 
2863 error:
2864  if (da) DetectAddressFree(da);
2865  if (db) DetectAddressFree(db);
2866  return 0;
2867 }
2868 
2869 static int AddressTestCmp04(void)
2870 {
2871  DetectAddress *da = NULL, *db = NULL;
2872  int result = 1;
2873 
2874  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2875  if (da == NULL) goto error;
2876  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2877  if (db == NULL) goto error;
2878 
2879  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2880  result = 0;
2881 
2882  DetectAddressFree(da);
2883  DetectAddressFree(db);
2884  return result;
2885 
2886 error:
2887  if (da) DetectAddressFree(da);
2888  if (db) DetectAddressFree(db);
2889  return 0;
2890 }
2891 
2892 static int AddressTestCmp05(void)
2893 {
2894  DetectAddress *da = NULL, *db = NULL;
2895  int result = 1;
2896 
2897  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2898  if (da == NULL) goto error;
2899  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2900  if (db == NULL) goto error;
2901 
2902  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2903  result = 0;
2904 
2905  DetectAddressFree(da);
2906  DetectAddressFree(db);
2907  return result;
2908 
2909 error:
2910  if (da) DetectAddressFree(da);
2911  if (db) DetectAddressFree(db);
2912  return 0;
2913 }
2914 
2915 static int AddressTestCmp06(void)
2916 {
2917  DetectAddress *da = NULL, *db = NULL;
2918  int result = 1;
2919 
2920  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2921  if (da == NULL) goto error;
2922  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2923  if (db == NULL) goto error;
2924 
2925  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2926  result = 0;
2927 
2928  DetectAddressFree(da);
2929  DetectAddressFree(db);
2930  return result;
2931 
2932 error:
2933  if (da) DetectAddressFree(da);
2934  if (db) DetectAddressFree(db);
2935  return 0;
2936 }
2937 
2938 static int AddressTestCmpIPv407(void)
2939 {
2940  DetectAddress *da = NULL, *db = NULL;
2941  int result = 1;
2942 
2943  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2944  if (da == NULL) goto error;
2945  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2946  if (db == NULL) goto error;
2947 
2948  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2949  result = 0;
2950 
2951  DetectAddressFree(da);
2952  DetectAddressFree(db);
2953  return result;
2954 
2955 error:
2956  if (da) DetectAddressFree(da);
2957  if (db) DetectAddressFree(db);
2958  return 0;
2959 }
2960 
2961 static int AddressTestCmpIPv408(void)
2962 {
2963  DetectAddress *da = NULL, *db = NULL;
2964  int result = 1;
2965 
2966  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2967  if (da == NULL) goto error;
2968  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2969  if (db == NULL) goto error;
2970 
2971  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2972  result = 0;
2973 
2974  DetectAddressFree(da);
2975  DetectAddressFree(db);
2976  return result;
2977 
2978 error:
2979  if (da) DetectAddressFree(da);
2980  if (db) DetectAddressFree(db);
2981  return 0;
2982 }
2983 
2984 static int AddressTestCmp07(void)
2985 {
2986  DetectAddress *da = NULL, *db = NULL;
2987  int result = 1;
2988 
2989  da = DetectAddressParseSingle("2001::/3");
2990  if (da == NULL) goto error;
2991  db = DetectAddressParseSingle("2001::1/3");
2992  if (db == NULL) goto error;
2993 
2994  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2995  result = 0;
2996 
2997  DetectAddressFree(da);
2998  DetectAddressFree(db);
2999  return result;
3000 
3001 error:
3002  if (da) DetectAddressFree(da);
3003  if (db) DetectAddressFree(db);
3004  return 0;
3005 }
3006 
3007 static int AddressTestCmp08(void)
3008 {
3009  DetectAddress *da = NULL, *db = NULL;
3010  int result = 1;
3011 
3012  da = DetectAddressParseSingle("2001::/3");
3013  if (da == NULL) goto error;
3014  db = DetectAddressParseSingle("2001::/8");
3015  if (db == NULL) goto error;
3016 
3017  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3018  result = 0;
3019 
3020  DetectAddressFree(da);
3021  DetectAddressFree(db);
3022  return result;
3023 
3024 error:
3025  if (da) DetectAddressFree(da);
3026  if (db) DetectAddressFree(db);
3027  return 0;
3028 }
3029 
3030 static int AddressTestCmp09(void)
3031 {
3032  DetectAddress *da = NULL, *db = NULL;
3033  int result = 1;
3034 
3035  da = DetectAddressParseSingle("2001::/8");
3036  if (da == NULL) goto error;
3037  db = DetectAddressParseSingle("2001::/3");
3038  if (db == NULL) goto error;
3039 
3040  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3041  result = 0;
3042 
3043  DetectAddressFree(da);
3044  DetectAddressFree(db);
3045  return result;
3046 
3047 error:
3048  if (da) DetectAddressFree(da);
3049  if (db) DetectAddressFree(db);
3050  return 0;
3051 }
3052 
3053 static int AddressTestCmp10(void)
3054 {
3055  DetectAddress *da = NULL, *db = NULL;
3056  int result = 1;
3057 
3058  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3059  if (da == NULL) goto error;
3060  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3061  if (db == NULL) goto error;
3062 
3063  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3064  result = 0;
3065 
3066  DetectAddressFree(da);
3067  DetectAddressFree(db);
3068  return result;
3069 
3070 error:
3071  if (da) DetectAddressFree(da);
3072  if (db) DetectAddressFree(db);
3073  return 0;
3074 }
3075 
3076 static int AddressTestCmp11(void)
3077 {
3078  DetectAddress *da = NULL, *db = NULL;
3079  int result = 1;
3080 
3081  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3082  if (da == NULL) goto error;
3083  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3084  if (db == NULL) goto error;
3085 
3086  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3087  result = 0;
3088 
3089  DetectAddressFree(da);
3090  DetectAddressFree(db);
3091  return result;
3092 
3093 error:
3094  if (da) DetectAddressFree(da);
3095  if (db) DetectAddressFree(db);
3096  return 0;
3097 }
3098 
3099 static int AddressTestCmp12(void)
3100 {
3101  DetectAddress *da = NULL, *db = NULL;
3102  int result = 1;
3103 
3104  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3105  if (da == NULL) goto error;
3106  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3107  if (db == NULL) goto error;
3108 
3109  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3110  result = 0;
3111 
3112  DetectAddressFree(da);
3113  DetectAddressFree(db);
3114  return result;
3115 
3116 error:
3117  if (da) DetectAddressFree(da);
3118  if (db) DetectAddressFree(db);
3119  return 0;
3120 }
3121 
3122 static int AddressTestAddressGroupSetup01(void)
3123 {
3124  int result = 0;
3125  DetectAddressHead *gh = DetectAddressHeadInit();
3126 
3127  if (gh != NULL) {
3128  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3129  if (r == 0)
3130  result = 1;
3131 
3132  DetectAddressHeadFree(gh);
3133  }
3134  return result;
3135 }
3136 
3137 static int AddressTestAddressGroupSetup02(void)
3138 {
3139  int result = 0;
3140  DetectAddressHead *gh = DetectAddressHeadInit();
3141 
3142  if (gh != NULL) {
3143  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3144  if (r == 0 && gh->ipv4_head != NULL)
3145  result = 1;
3146 
3147  DetectAddressHeadFree(gh);
3148  }
3149  return result;
3150 }
3151 
3152 static int AddressTestAddressGroupSetup03(void)
3153 {
3154  int result = 0;
3155  DetectAddressHead *gh = DetectAddressHeadInit();
3156 
3157  if (gh != NULL) {
3158  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3159  if (r == 0 && gh->ipv4_head != NULL) {
3160  DetectAddress *prev_head = gh->ipv4_head;
3161 
3162  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3163  if (r == 0 && gh->ipv4_head != prev_head &&
3164  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3165  result = 1;
3166  }
3167  }
3168 
3169  DetectAddressHeadFree(gh);
3170  }
3171  return result;
3172 }
3173 
3174 static int AddressTestAddressGroupSetup04(void)
3175 {
3176  int result = 0;
3177  DetectAddressHead *gh = DetectAddressHeadInit();
3178 
3179  if (gh != NULL) {
3180  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3181  if (r == 0 && gh->ipv4_head != NULL) {
3182  DetectAddress *prev_head = gh->ipv4_head;
3183 
3184  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3185  if (r == 0 && gh->ipv4_head != prev_head &&
3186  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3187  DetectAddress *ph = gh->ipv4_head;
3188 
3189  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3190  if (r == 0 && gh->ipv4_head != ph &&
3191  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3192  result = 1;
3193  }
3194  }
3195  }
3196 
3197  DetectAddressHeadFree(gh);
3198  }
3199  return result;
3200 }
3201 
3202 static int AddressTestAddressGroupSetup05(void)
3203 {
3204  int result = 0;
3205  DetectAddressHead *gh = DetectAddressHeadInit();
3206 
3207  if (gh != NULL) {
3208  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3209  if (r == 0 && gh->ipv4_head != NULL) {
3210  DetectAddress *prev_head = gh->ipv4_head;
3211 
3212  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3213  if (r == 0 && gh->ipv4_head == prev_head &&
3214  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3215  DetectAddress *ph = gh->ipv4_head;
3216 
3217  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3218  if (r == 0 && gh->ipv4_head == ph &&
3219  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3220  result = 1;
3221  }
3222  }
3223  }
3224 
3225  DetectAddressHeadFree(gh);
3226  }
3227  return result;
3228 }
3229 
3230 static int AddressTestAddressGroupSetup06(void)
3231 {
3232  int result = 0;
3233  DetectAddressHead *gh = DetectAddressHeadInit();
3234 
3235  if (gh != NULL) {
3236  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3237  if (r == 0 && gh->ipv4_head != NULL) {
3238  DetectAddress *prev_head = gh->ipv4_head;
3239 
3240  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3241  if (r == 0 && gh->ipv4_head == prev_head &&
3242  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3243  result = 1;
3244  }
3245  }
3246 
3247  DetectAddressHeadFree(gh);
3248  }
3249  return result;
3250 }
3251 
3252 static int AddressTestAddressGroupSetup07(void)
3253 {
3254  int result = 0;
3255  DetectAddressHead *gh = DetectAddressHeadInit();
3256 
3257  if (gh != NULL) {
3258  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3259  if (r == 0 && gh->ipv4_head != NULL) {
3260  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3261  if (r == 0 && gh->ipv4_head != NULL &&
3262  gh->ipv4_head->next != NULL &&
3263  gh->ipv4_head->next->next != NULL) {
3264  result = 1;
3265  }
3266  }
3267 
3268  DetectAddressHeadFree(gh);
3269  }
3270  return result;
3271 }
3272 
3273 static int AddressTestAddressGroupSetup08(void)
3274 {
3275  int result = 0;
3276  DetectAddressHead *gh = DetectAddressHeadInit();
3277 
3278  if (gh != NULL) {
3279  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3280  if (r == 0 && gh->ipv4_head != NULL) {
3281  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3282  if (r == 0 && gh->ipv4_head != NULL &&
3283  gh->ipv4_head->next != NULL &&
3284  gh->ipv4_head->next->next != NULL) {
3285  result = 1;
3286  }
3287  }
3288 
3289  DetectAddressHeadFree(gh);
3290  }
3291  return result;
3292 }
3293 
3294 static int AddressTestAddressGroupSetup09(void)
3295 {
3296  int result = 0;
3297  DetectAddressHead *gh = DetectAddressHeadInit();
3298 
3299  if (gh != NULL) {
3300  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3301  if (r == 0 && gh->ipv4_head != NULL) {
3302  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3303  if (r == 0 && gh->ipv4_head != NULL &&
3304  gh->ipv4_head->next != NULL &&
3305  gh->ipv4_head->next->next != NULL) {
3306  result = 1;
3307  }
3308  }
3309 
3310  DetectAddressHeadFree(gh);
3311  }
3312  return result;
3313 }
3314 
3315 static int AddressTestAddressGroupSetup10(void)
3316 {
3317  int result = 0;
3318  DetectAddressHead *gh = DetectAddressHeadInit();
3319 
3320  if (gh != NULL) {
3321  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3322  if (r == 0 && gh->ipv4_head != NULL) {
3323  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3324  if (r == 0 && gh->ipv4_head != NULL &&
3325  gh->ipv4_head->next != NULL &&
3326  gh->ipv4_head->next->next != NULL) {
3327  result = 1;
3328  }
3329  }
3330 
3331  DetectAddressHeadFree(gh);
3332  }
3333  return result;
3334 }
3335 
3336 static int AddressTestAddressGroupSetup11(void)
3337 {
3338  int result = 0;
3339  DetectAddressHead *gh = DetectAddressHeadInit();
3340 
3341  if (gh != NULL) {
3342  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3343  if (r == 0) {
3344  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3345  if (r == 0) {
3346  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3347  if (r == 0) {
3348  DetectAddress *one = gh->ipv4_head, *two = one->next,
3349  *three = two->next, *four = three->next,
3350  *five = four->next;
3351 
3352  /* result should be:
3353  * 0.0.0.0/10.10.9.255
3354  * 10.10.10.0/10.10.10.9
3355  * 10.10.10.10/10.10.10.255
3356  * 10.10.11.0/10.10.11.1
3357  * 10.10.11.2/255.255.255.255
3358  */
3359  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3360  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3361  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3362  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3363  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3364  result = 1;
3365  }
3366  }
3367  }
3368  }
3369 
3370  DetectAddressHeadFree(gh);
3371  }
3372  return result;
3373 }
3374 
3375 static int AddressTestAddressGroupSetup12 (void)
3376 {
3377  int result = 0;
3378  DetectAddressHead *gh = DetectAddressHeadInit();
3379 
3380  if (gh != NULL) {
3381  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3382  if (r == 0) {
3383  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3384  if (r == 0) {
3385  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3386  if (r == 0) {
3387  DetectAddress *one = gh->ipv4_head, *two = one->next,
3388  *three = two->next, *four = three->next,
3389  *five = four->next;
3390 
3391  /* result should be:
3392  * 0.0.0.0/10.10.9.255
3393  * 10.10.10.0/10.10.10.9
3394  * 10.10.10.10/10.10.10.255
3395  * 10.10.11.0/10.10.11.1
3396  * 10.10.11.2/255.255.255.255
3397  */
3398  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3399  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3400  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3401  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3402  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3403  result = 1;
3404  }
3405  }
3406  }
3407  }
3408 
3409  DetectAddressHeadFree(gh);
3410  }
3411  return result;
3412 }
3413 
3414 static int AddressTestAddressGroupSetup13(void)
3415 {
3416  int result = 0;
3417  DetectAddressHead *gh = DetectAddressHeadInit();
3418 
3419  if (gh != NULL) {
3420  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3421  if (r == 0) {
3422  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3423  if (r == 0) {
3424  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3425  if (r == 0) {
3426  DetectAddress *one = gh->ipv4_head, *two = one->next,
3427  *three = two->next, *four = three->next,
3428  *five = four->next;
3429 
3430  /* result should be:
3431  * 0.0.0.0/10.10.9.255
3432  * 10.10.10.0/10.10.10.9
3433  * 10.10.10.10/10.10.10.255
3434  * 10.10.11.0/10.10.11.1
3435  * 10.10.11.2/255.255.255.255
3436  */
3437  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3438  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3439  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3440  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3441  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3442  result = 1;
3443  }
3444  }
3445  }
3446  }
3447 
3448  DetectAddressHeadFree(gh);
3449  }
3450  return result;
3451 }
3452 
3453 static int AddressTestAddressGroupSetupIPv414(void)
3454 {
3455  DetectAddressHead *gh = DetectAddressHeadInit();
3456  FAIL_IF_NULL(gh);
3457 
3458  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3459  FAIL_IF_NOT(r == 1);
3460 
3461  DetectAddress *one = gh->ipv4_head;
3462  FAIL_IF_NULL(one);
3463  DetectAddress *two = one->next;
3464  FAIL_IF_NULL(two);
3465 
3466  /* result should be:
3467  * 0.0.0.0/1.2.3.3
3468  * 1.2.3.5/255.255.255.255
3469  */
3470  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3471  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3472  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3473  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3474  DetectAddressHeadFree(gh);
3475 
3476  PASS;
3477 }
3478 
3479 static int AddressTestAddressGroupSetupIPv415(void)
3480 {
3481  DetectAddressHead *gh = DetectAddressHeadInit();
3482  FAIL_IF_NULL(gh);
3483 
3484  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3485  FAIL_IF_NOT(r == 1);
3486 
3487  DetectAddress *one = gh->ipv4_head;
3488  FAIL_IF_NULL(one);
3489  FAIL_IF_NOT_NULL(one->next);
3490 
3491  /* result should be:
3492  * 0.0.0.1/255.255.255.255
3493  */
3494  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3495  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3496 
3497  DetectAddressHeadFree(gh);
3498  PASS;
3499 }
3500 
3501 static int AddressTestAddressGroupSetupIPv416(void)
3502 {
3503  DetectAddressHead *gh = DetectAddressHeadInit();
3504  FAIL_IF_NULL(gh);
3505 
3506  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3507  FAIL_IF_NOT(r == 1);
3508 
3509  DetectAddress *one = gh->ipv4_head;
3510  FAIL_IF_NULL(one);
3511  FAIL_IF_NOT_NULL(one->next);
3512 
3513  /* result should be:
3514  * 0.0.0.0/255.255.255.254
3515  */
3516  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3517  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3518 
3519  DetectAddressHeadFree(gh);
3520  PASS;
3521 }
3522 
3523 static int AddressTestAddressGroupSetup14(void)
3524 {
3525  int result = 0;
3526  DetectAddressHead *gh = DetectAddressHeadInit();
3527 
3528  if (gh != NULL) {
3529  int r = DetectAddressParse(NULL, gh, "2001::1");
3530  if (r == 0)
3531  result = 1;
3532 
3533  DetectAddressHeadFree(gh);
3534  }
3535  return result;
3536 }
3537 
3538 static int AddressTestAddressGroupSetup15(void)
3539 {
3540  int result = 0;
3541  DetectAddressHead *gh = DetectAddressHeadInit();
3542 
3543  if (gh != NULL) {
3544  int r = DetectAddressParse(NULL, gh, "2001::1");
3545  if (r == 0 && gh->ipv6_head != NULL)
3546  result = 1;
3547 
3548  DetectAddressHeadFree(gh);
3549  }
3550  return result;
3551 }
3552 
3553 static int AddressTestAddressGroupSetup16(void)
3554 {
3555  int result = 0;
3556  DetectAddressHead *gh = DetectAddressHeadInit();
3557 
3558  if (gh != NULL) {
3559  int r = DetectAddressParse(NULL, gh, "2001::4");
3560  if (r == 0 && gh->ipv6_head != NULL) {
3561  DetectAddress *prev_head = gh->ipv6_head;
3562 
3563  r = DetectAddressParse(NULL, gh, "2001::3");
3564  if (r == 0 && gh->ipv6_head != prev_head &&
3565  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3566  result = 1;
3567  }
3568  }
3569 
3570  DetectAddressHeadFree(gh);
3571  }
3572  return result;
3573 }
3574 
3575 static int AddressTestAddressGroupSetup17(void)
3576 {
3577  int result = 0;
3578  DetectAddressHead *gh = DetectAddressHeadInit();
3579 
3580  if (gh != NULL) {
3581  int r = DetectAddressParse(NULL, gh, "2001::4");
3582  if (r == 0 && gh->ipv6_head != NULL) {
3583  DetectAddress *prev_head = gh->ipv6_head;
3584 
3585  r = DetectAddressParse(NULL, gh, "2001::3");
3586  if (r == 0 && gh->ipv6_head != prev_head &&
3587  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3588  DetectAddress *ph = gh->ipv6_head;
3589 
3590  r = DetectAddressParse(NULL, gh, "2001::2");
3591  if (r == 0 && gh->ipv6_head != ph &&
3592  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3593  result = 1;
3594  }
3595  }
3596  }
3597 
3598  DetectAddressHeadFree(gh);
3599  }
3600  return result;
3601 }
3602 
3603 static int AddressTestAddressGroupSetup18(void)
3604 {
3605  int result = 0;
3606  DetectAddressHead *gh = DetectAddressHeadInit();
3607 
3608  if (gh != NULL) {
3609  int r = DetectAddressParse(NULL, gh, "2001::2");
3610  if (r == 0 && gh->ipv6_head != NULL) {
3611  DetectAddress *prev_head = gh->ipv6_head;
3612 
3613  r = DetectAddressParse(NULL, gh, "2001::3");
3614  if (r == 0 && gh->ipv6_head == prev_head &&
3615  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3616  DetectAddress *ph = gh->ipv6_head;
3617 
3618  r = DetectAddressParse(NULL, gh, "2001::4");
3619  if (r == 0 && gh->ipv6_head == ph &&
3620  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3621  result = 1;
3622  }
3623  }
3624  }
3625 
3626  DetectAddressHeadFree(gh);
3627  }
3628  return result;
3629 }
3630 
3631 static int AddressTestAddressGroupSetup19(void)
3632 {
3633  int result = 0;
3634  DetectAddressHead *gh = DetectAddressHeadInit();
3635 
3636  if (gh != NULL) {
3637  int r = DetectAddressParse(NULL, gh, "2001::2");
3638  if (r == 0 && gh->ipv6_head != NULL) {
3639  DetectAddress *prev_head = gh->ipv6_head;
3640 
3641  r = DetectAddressParse(NULL, gh, "2001::2");
3642  if (r == 0 && gh->ipv6_head == prev_head &&
3643  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3644  result = 1;
3645  }
3646  }
3647 
3648  DetectAddressHeadFree(gh);
3649  }
3650  return result;
3651 }
3652 
3653 static int AddressTestAddressGroupSetup20(void)
3654 {
3655  int result = 0;
3656  DetectAddressHead *gh = DetectAddressHeadInit();
3657 
3658  if (gh != NULL) {
3659  int r = DetectAddressParse(NULL, gh, "2000::/3");
3660  if (r == 0 && gh->ipv6_head != NULL) {
3661  r = DetectAddressParse(NULL, gh, "2001::4");
3662  if (r == 0 && gh->ipv6_head != NULL &&
3663  gh->ipv6_head->next != NULL &&
3664  gh->ipv6_head->next->next != NULL) {
3665  result = 1;
3666  }
3667  }
3668 
3669  DetectAddressHeadFree(gh);
3670  }
3671  return result;
3672 }
3673 
3674 static int AddressTestAddressGroupSetup21(void)
3675 {
3676  int result = 0;
3677  DetectAddressHead *gh = DetectAddressHeadInit();
3678 
3679  if (gh != NULL) {
3680  int r = DetectAddressParse(NULL, gh, "2001::4");
3681  if (r == 0 && gh->ipv6_head != NULL) {
3682  r = DetectAddressParse(NULL, gh, "2000::/3");
3683  if (r == 0 && gh->ipv6_head != NULL &&
3684  gh->ipv6_head->next != NULL &&
3685  gh->ipv6_head->next->next != NULL) {
3686  result = 1;
3687  }
3688  }
3689 
3690  DetectAddressHeadFree(gh);
3691  }
3692  return result;
3693 }
3694 
3695 static int AddressTestAddressGroupSetup22(void)
3696 {
3697  int result = 0;
3698  DetectAddressHead *gh = DetectAddressHeadInit();
3699 
3700  if (gh != NULL) {
3701  int r = DetectAddressParse(NULL, gh, "2000::/3");
3702  if (r == 0 && gh->ipv6_head != NULL) {
3703  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3704  if (r == 0 && gh->ipv6_head != NULL &&
3705  gh->ipv6_head->next != NULL &&
3706  gh->ipv6_head->next->next != NULL) {
3707  result = 1;
3708  }
3709  }
3710 
3711  DetectAddressHeadFree(gh);
3712  }
3713  return result;
3714 }
3715 
3716 static int AddressTestAddressGroupSetup23(void)
3717 {
3718  int result = 0;
3719  DetectAddressHead *gh = DetectAddressHeadInit();
3720 
3721  if (gh != NULL) {
3722  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3723  if (r == 0 && gh->ipv6_head != NULL) {
3724  r = DetectAddressParse(NULL, gh, "2000::/3");
3725  if (r == 0 && gh->ipv6_head != NULL &&
3726  gh->ipv6_head->next != NULL &&
3727  gh->ipv6_head->next->next != NULL) {
3728  result = 1;
3729  }
3730  }
3731 
3732  DetectAddressHeadFree(gh);
3733  }
3734  return result;
3735 }
3736 
3737 static int AddressTestAddressGroupSetup24(void)
3738 {
3739  int result = 0;
3740  DetectAddressHead *gh = DetectAddressHeadInit();
3741 
3742  if (gh != NULL) {
3743  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3744  if (r == 0) {
3745  r = DetectAddressParse(NULL, gh, "2001::/3");
3746  if (r == 0) {
3747  r = DetectAddressParse(NULL, gh, "::/0");
3748  if (r == 0) {
3749  DetectAddress *one = gh->ipv6_head, *two = one->next,
3750  *three = two->next, *four = three->next,
3751  *five = four->next;
3752  if (one->ip.addr_data32[0] == 0x00000000 &&
3753  one->ip.addr_data32[1] == 0x00000000 &&
3754  one->ip.addr_data32[2] == 0x00000000 &&
3755  one->ip.addr_data32[3] == 0x00000000 &&
3756  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3757  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3758  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3759  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3760 
3761  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3762  two->ip.addr_data32[1] == 0x00000000 &&
3763  two->ip.addr_data32[2] == 0x00000000 &&
3764  two->ip.addr_data32[3] == 0x00000000 &&
3765  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3766  two->ip2.addr_data32[1] == 0x00000000 &&
3767  two->ip2.addr_data32[2] == 0x00000000 &&
3768  two->ip2.addr_data32[3] == SCNtohl(3) &&
3769 
3770  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3771  three->ip.addr_data32[1] == 0x00000000 &&
3772  three->ip.addr_data32[2] == 0x00000000 &&
3773  three->ip.addr_data32[3] == SCNtohl(4) &&
3774  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3775  three->ip2.addr_data32[1] == 0x00000000 &&
3776  three->ip2.addr_data32[2] == 0x00000000 &&
3777  three->ip2.addr_data32[3] == SCNtohl(6) &&
3778 
3779  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3780  four->ip.addr_data32[1] == 0x00000000 &&
3781  four->ip.addr_data32[2] == 0x00000000 &&
3782  four->ip.addr_data32[3] == SCNtohl(7) &&
3783  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3784  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3785  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3786  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3787 
3788  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3789  five->ip.addr_data32[1] == 0x00000000 &&
3790  five->ip.addr_data32[2] == 0x00000000 &&
3791  five->ip.addr_data32[3] == 0x00000000 &&
3792  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3793  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3794  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3795  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3796  result = 1;
3797  }
3798  }
3799  }
3800  }
3801 
3802  DetectAddressHeadFree(gh);
3803  }
3804  return result;
3805 }
3806 
3807 static int AddressTestAddressGroupSetup25(void)
3808 {
3809  int result = 0;
3810  DetectAddressHead *gh = DetectAddressHeadInit();
3811 
3812  if (gh != NULL) {
3813  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3814  if (r == 0) {
3815  r = DetectAddressParse(NULL, gh, "::/0");
3816  if (r == 0) {
3817  r = DetectAddressParse(NULL, gh, "2001::/3");
3818  if (r == 0) {
3819  DetectAddress *one = gh->ipv6_head, *two = one->next,
3820  *three = two->next, *four = three->next,
3821  *five = four->next;
3822  if (one->ip.addr_data32[0] == 0x00000000 &&
3823  one->ip.addr_data32[1] == 0x00000000 &&
3824  one->ip.addr_data32[2] == 0x00000000 &&
3825  one->ip.addr_data32[3] == 0x00000000 &&
3826  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3827  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3828  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3829  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3830 
3831  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3832  two->ip.addr_data32[1] == 0x00000000 &&
3833  two->ip.addr_data32[2] == 0x00000000 &&
3834  two->ip.addr_data32[3] == 0x00000000 &&
3835  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3836  two->ip2.addr_data32[1] == 0x00000000 &&
3837  two->ip2.addr_data32[2] == 0x00000000 &&
3838  two->ip2.addr_data32[3] == SCNtohl(3) &&
3839 
3840  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3841  three->ip.addr_data32[1] == 0x00000000 &&
3842  three->ip.addr_data32[2] == 0x00000000 &&
3843  three->ip.addr_data32[3] == SCNtohl(4) &&
3844  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3845  three->ip2.addr_data32[1] == 0x00000000 &&
3846  three->ip2.addr_data32[2] == 0x00000000 &&
3847  three->ip2.addr_data32[3] == SCNtohl(6) &&
3848 
3849  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3850  four->ip.addr_data32[1] == 0x00000000 &&
3851  four->ip.addr_data32[2] == 0x00000000 &&
3852  four->ip.addr_data32[3] == SCNtohl(7) &&
3853  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3854  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3855  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3856  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3857 
3858  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3859  five->ip.addr_data32[1] == 0x00000000 &&
3860  five->ip.addr_data32[2] == 0x00000000 &&
3861  five->ip.addr_data32[3] == 0x00000000 &&
3862  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3863  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3864  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3865  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3866  result = 1;
3867  }
3868  }
3869  }
3870  }
3871 
3872  DetectAddressHeadFree(gh);
3873  }
3874  return result;
3875 }
3876 
3877 static int AddressTestAddressGroupSetup26(void)
3878 {
3879  int result = 0;
3880  DetectAddressHead *gh = DetectAddressHeadInit();
3881 
3882  if (gh != NULL) {
3883  int r = DetectAddressParse(NULL, gh, "::/0");
3884  if (r == 0) {
3885  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3886  if (r == 0) {
3887  r = DetectAddressParse(NULL, gh, "2001::/3");
3888  if (r == 0) {
3889  DetectAddress *one = gh->ipv6_head, *two = one->next,
3890  *three = two->next, *four = three->next,
3891  *five = four->next;
3892  if (one->ip.addr_data32[0] == 0x00000000 &&
3893  one->ip.addr_data32[1] == 0x00000000 &&
3894  one->ip.addr_data32[2] == 0x00000000 &&
3895  one->ip.addr_data32[3] == 0x00000000 &&
3896  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3897  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3898  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3899  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3900 
3901  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3902  two->ip.addr_data32[1] == 0x00000000 &&
3903  two->ip.addr_data32[2] == 0x00000000 &&
3904  two->ip.addr_data32[3] == 0x00000000 &&
3905  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3906  two->ip2.addr_data32[1] == 0x00000000 &&
3907  two->ip2.addr_data32[2] == 0x00000000 &&
3908  two->ip2.addr_data32[3] == SCNtohl(3) &&
3909 
3910  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3911  three->ip.addr_data32[1] == 0x00000000 &&
3912  three->ip.addr_data32[2] == 0x00000000 &&
3913  three->ip.addr_data32[3] == SCNtohl(4) &&
3914  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3915  three->ip2.addr_data32[1] == 0x00000000 &&
3916  three->ip2.addr_data32[2] == 0x00000000 &&
3917  three->ip2.addr_data32[3] == SCNtohl(6) &&
3918 
3919  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3920  four->ip.addr_data32[1] == 0x00000000 &&
3921  four->ip.addr_data32[2] == 0x00000000 &&
3922  four->ip.addr_data32[3] == SCNtohl(7) &&
3923  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3924  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3925  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3926  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3927 
3928  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3929  five->ip.addr_data32[1] == 0x00000000 &&
3930  five->ip.addr_data32[2] == 0x00000000 &&
3931  five->ip.addr_data32[3] == 0x00000000 &&
3932  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3933  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3934  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3935  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3936  result = 1;
3937  }
3938  }
3939  }
3940  }
3941 
3942  DetectAddressHeadFree(gh);
3943  }
3944  return result;
3945 }
3946 
3947 static int AddressTestAddressGroupSetup27(void)
3948 {
3949  int result = 0;
3950  DetectAddressHead *gh = DetectAddressHeadInit();
3951 
3952  if (gh != NULL) {
3953  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3954  if (r == 0)
3955  result = 1;
3956 
3957  DetectAddressHeadFree(gh);
3958  }
3959  return result;
3960 }
3961 
3962 static int AddressTestAddressGroupSetup28(void)
3963 {
3964  int result = 0;
3965  DetectAddressHead *gh = DetectAddressHeadInit();
3966 
3967  if (gh != NULL) {
3968  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3969  if (r == 0)
3970  result = 1;
3971 
3972  DetectAddressHeadFree(gh);
3973  }
3974  return result;
3975 }
3976 
3977 static int AddressTestAddressGroupSetup29(void)
3978 {
3979  int result = 0;
3980  DetectAddressHead *gh = DetectAddressHeadInit();
3981 
3982  if (gh != NULL) {
3983  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3984  if (r == 0)
3985  result = 1;
3986 
3987  DetectAddressHeadFree(gh);
3988  }
3989  return result;
3990 }
3991 
3992 static int AddressTestAddressGroupSetup30(void)
3993 {
3994  int result = 0;
3995  DetectAddressHead *gh = DetectAddressHeadInit();
3996 
3997  if (gh != NULL) {
3998  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3999  if (r == 0)
4000  result = 1;
4001 
4002  DetectAddressHeadFree(gh);
4003  }
4004  return result;
4005 }
4006 
4007 static int AddressTestAddressGroupSetup31(void)
4008 {
4009  int result = 0;
4010  DetectAddressHead *gh = DetectAddressHeadInit();
4011 
4012  if (gh != NULL) {
4013  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4014  if (r == 0)
4015  result = 1;
4016 
4017  DetectAddressHeadFree(gh);
4018  }
4019  return result;
4020 }
4021 
4022 static int AddressTestAddressGroupSetup32(void)
4023 {
4024  int result = 0;
4025  DetectAddressHead *gh = DetectAddressHeadInit();
4026 
4027  if (gh != NULL) {
4028  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4029  if (r == 0)
4030  result = 1;
4031 
4032  DetectAddressHeadFree(gh);
4033  }
4034  return result;
4035 }
4036 
4037 static int AddressTestAddressGroupSetup33(void)
4038 {
4039  int result = 0;
4040  DetectAddressHead *gh = DetectAddressHeadInit();
4041 
4042  if (gh != NULL) {
4043  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4044  if (r == 1)
4045  result = 1;
4046 
4047  DetectAddressHeadFree(gh);
4048  }
4049  return result;
4050 }
4051 
4052 static int AddressTestAddressGroupSetup34(void)
4053 {
4054  int result = 0;
4055  DetectAddressHead *gh = DetectAddressHeadInit();
4056 
4057  if (gh != NULL) {
4058  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4059  if (r == 1)
4060  result = 1;
4061 
4062  DetectAddressHeadFree(gh);
4063  }
4064  return result;
4065 }
4066 
4067 static int AddressTestAddressGroupSetup35(void)
4068 {
4069  int result = 0;
4070  DetectAddressHead *gh = DetectAddressHeadInit();
4071 
4072  if (gh != NULL) {
4073  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4074  if (r == 1)
4075  result = 1;
4076 
4077  DetectAddressHeadFree(gh);
4078  }
4079  return result;
4080 }
4081 
4082 static int AddressTestAddressGroupSetup36 (void)
4083 {
4084  int result = 0;
4085 
4086  DetectAddressHead *gh = DetectAddressHeadInit();
4087  if (gh != NULL) {
4088  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4089  if (r == 1)
4090  result = 1;
4091 
4092  DetectAddressHeadFree(gh);
4093  }
4094  return result;
4095 }
4096 
4097 static int AddressTestAddressGroupSetup37(void)
4098 {
4099  int result = 0;
4100  DetectAddressHead *gh = DetectAddressHeadInit();
4101 
4102  if (gh != NULL) {
4103  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4104  if (r == 0)
4105  result = 1;
4106 
4107  DetectAddressHeadFree(gh);
4108  }
4109  return result;
4110 }
4111 
4112 static int AddressTestAddressGroupSetup38(void)
4113 {
4114  UTHValidateDetectAddressHeadRange expectations[3] = {
4115  { "0.0.0.0", "192.167.255.255" },
4116  { "192.168.14.0", "192.168.14.255" },
4117  { "192.169.0.0", "255.255.255.255" } };
4118  int result = 0;
4119  DetectAddressHead *gh = DetectAddressHeadInit();
4120 
4121  if (gh != NULL) {
4122  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4123  if (r == 1) {
4124  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4125  result = 1;
4126  }
4127 
4128  DetectAddressHeadFree(gh);
4129  }
4130  return result;
4131 }
4132 
4133 static int AddressTestAddressGroupSetup39(void)
4134 {
4135  UTHValidateDetectAddressHeadRange expectations[3] = {
4136  { "0.0.0.0", "192.167.255.255" },
4137  { "192.168.14.0", "192.168.14.255" },
4138  { "192.169.0.0", "255.255.255.255" } };
4139  int result = 0;
4140  DetectAddressHead *gh = DetectAddressHeadInit();
4141 
4142  if (gh != NULL) {
4143  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4144  if (r == 1) {
4145  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4146  result = 1;
4147  }
4148 
4149  DetectAddressHeadFree(gh);
4150  }
4151  return result;
4152 }
4153 
4154 static int AddressTestAddressGroupSetup40(void)
4155 {
4156  UTHValidateDetectAddressHeadRange expectations[3] = {
4157  { "0.0.0.0", "192.167.255.255" },
4158  { "192.168.14.0", "192.168.14.255" },
4159  { "192.169.0.0", "255.255.255.255" } };
4160  int result = 0;
4161  DetectAddressHead *gh = DetectAddressHeadInit();
4162  if (gh != NULL) {
4163  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4164  if (r == 1) {
4165  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4166  result = 1;
4167  }
4168 
4169  DetectAddressHeadFree(gh);
4170  }
4171  return result;
4172 }
4173 
4174 static int AddressTestAddressGroupSetup41(void)
4175 {
4176  UTHValidateDetectAddressHeadRange expectations[3] = {
4177  { "0.0.0.0", "192.167.255.255" },
4178  { "192.168.14.0", "192.168.14.255" },
4179  { "192.169.0.0", "255.255.255.255" } };
4180  int result = 0;
4181  DetectAddressHead *gh = DetectAddressHeadInit();
4182  if (gh != NULL) {
4183  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4184  if (r == 1) {
4185  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4186  result = 1;
4187  }
4188 
4189  DetectAddressHeadFree(gh);
4190  }
4191  return result;
4192 }
4193 
4194 static int AddressTestAddressGroupSetup42(void)
4195 {
4196  UTHValidateDetectAddressHeadRange expectations[1] = {
4197  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4198  int result = 0;
4199  DetectAddressHead *gh = DetectAddressHeadInit();
4200  if (gh != NULL) {
4201  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4202  if (r == 0) {
4203  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4204  result = 1;
4205  }
4206 
4207  DetectAddressHeadFree(gh);
4208  }
4209  return result;
4210 }
4211 
4212 static int AddressTestAddressGroupSetup43(void)
4213 {
4214  UTHValidateDetectAddressHeadRange expectations[2] = {
4215  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4216  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4217  int result = 0;
4218  DetectAddressHead *gh = DetectAddressHeadInit();
4219  if (gh != NULL) {
4220  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4221  if (r == 1) {
4222  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4223  result = 1;
4224  }
4225 
4226  DetectAddressHeadFree(gh);
4227  }
4228  return result;
4229 }
4230 
4231 static int AddressTestAddressGroupSetup44(void)
4232 {
4233  UTHValidateDetectAddressHeadRange expectations[2] = {
4234  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4235  int result = 0;
4236  DetectAddressHead *gh = DetectAddressHeadInit();
4237  if (gh != NULL) {
4238  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4239  if (r == 0) {
4240  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4241  result = 1;
4242  }
4243 
4244  DetectAddressHeadFree(gh);
4245  }
4246  return result;
4247 }
4248 
4249 static int AddressTestAddressGroupSetup45(void)
4250 {
4251  int result = 0;
4252  DetectAddressHead *gh = DetectAddressHeadInit();
4253  if (gh != NULL) {
4254  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4255  if (r != 0) {
4256  result = 1;
4257  }
4258 
4259  DetectAddressHeadFree(gh);
4260  }
4261  return result;
4262 }
4263 
4264 static int AddressTestAddressGroupSetup46(void)
4265 {
4266  UTHValidateDetectAddressHeadRange expectations[4] = {
4267  { "0.0.0.0", "192.167.255.255" },
4268  { "192.168.1.0", "192.168.1.255" },
4269  { "192.168.3.0", "192.168.3.255" },
4270  { "192.169.0.0", "255.255.255.255" } };
4271  int result = 0;
4272  DetectAddressHead *gh = DetectAddressHeadInit();
4273  if (gh != NULL) {
4274  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4275  if (r == 1) {
4276  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4277  result = 1;
4278  }
4279 
4280  DetectAddressHeadFree(gh);
4281  }
4282  return result;
4283 }
4284 
4285 /** \test net with some negations, then all negated */
4286 static int AddressTestAddressGroupSetup47(void)
4287 {
4288  UTHValidateDetectAddressHeadRange expectations[5] = {
4289  { "0.0.0.0", "192.167.255.255" },
4290  { "192.168.1.0", "192.168.1.255" },
4291  { "192.168.3.0", "192.168.3.255" },
4292  { "192.168.5.0", "192.168.5.255" },
4293  { "192.169.0.0", "255.255.255.255" } };
4294  int result = 0;
4295  DetectAddressHead *gh = DetectAddressHeadInit();
4296  if (gh != NULL) {
4297  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4298  if (r == 1) {
4299  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4300  result = 1;
4301  }
4302 
4303  DetectAddressHeadFree(gh);
4304  }
4305  return result;
4306 }
4307 
4308 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4309 static int AddressTestAddressGroupSetup48(void)
4310 {
4311  UTHValidateDetectAddressHeadRange expectations[4] = {
4312  { "192.168.0.0", "192.168.0.255" },
4313  { "192.168.2.0", "192.168.2.255" },
4314  { "192.168.4.0", "192.168.4.255" },
4315  { "192.168.6.0", "192.168.255.255" } };
4316  int result = 0;
4317  DetectAddressHead *gh = DetectAddressHeadInit();
4318  if (gh != NULL) {
4319  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4320  if (r == 1) {
4321  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4322  result = 1;
4323  }
4324 
4325  DetectAddressHeadFree(gh);
4326  }
4327  return result;
4328 }
4329 
4330 static int AddressTestCutIPv401(void)
4331 {
4332  DetectAddress *c;
4333  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4334  FAIL_IF_NULL(a);
4335  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4336  FAIL_IF_NULL(b);
4337 
4338  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4339 
4340  DetectAddressFree(a);
4341  DetectAddressFree(b);
4342  DetectAddressFree(c);
4343  PASS;
4344 }
4345 
4346 static int AddressTestCutIPv402(void)
4347 {
4348  DetectAddress *a, *b, *c;
4349  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4350  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4351 
4352  if (DetectAddressCut(NULL, a, b, &c) == -1)
4353  goto error;
4354 
4355  if (c == NULL)
4356  goto error;
4357 
4358  DetectAddressFree(a);
4359  DetectAddressFree(b);
4360  DetectAddressFree(c);
4361  return 1;
4362 
4363 error:
4364  DetectAddressFree(a);
4365  DetectAddressFree(b);
4366  DetectAddressFree(c);
4367  return 0;
4368 }
4369 
4370 static int AddressTestCutIPv403(void)
4371 {
4372  DetectAddress *a, *b, *c;
4373  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4374  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4375 
4376  if (DetectAddressCut(NULL, a, b, &c) == -1)
4377  goto error;
4378 
4379  if (c == NULL)
4380  goto error;
4381 
4382  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4383  goto error;
4384  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4385  goto error;
4386  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4387  goto error;
4388 
4389  DetectAddressFree(a);
4390  DetectAddressFree(b);
4391  DetectAddressFree(c);
4392  return 1;
4393 
4394 error:
4395  DetectAddressFree(a);
4396  DetectAddressFree(b);
4397  DetectAddressFree(c);
4398  return 0;
4399 }
4400 
4401 static int AddressTestCutIPv404(void)
4402 {
4403  DetectAddress *a, *b, *c;
4404  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4405  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4406 
4407  if (DetectAddressCut(NULL, a, b, &c) == -1)
4408  goto error;
4409 
4410  if (c == NULL)
4411  goto error;
4412 
4413  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4414  goto error;
4415  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4416  goto error;
4417  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4418  goto error;
4419 
4420 
4421  DetectAddressFree(a);
4422  DetectAddressFree(b);
4423  DetectAddressFree(c);
4424  return 1;
4425 
4426 error:
4427  DetectAddressFree(a);
4428  DetectAddressFree(b);
4429  DetectAddressFree(c);
4430  return 0;
4431 }
4432 
4433 static int AddressTestCutIPv405(void)
4434 {
4435  DetectAddress *a, *b, *c;
4436  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4437  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4438 
4439  if (DetectAddressCut(NULL, a, b, &c) == -1)
4440  goto error;
4441 
4442  if (c == NULL)
4443  goto error;
4444 
4445  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4446  goto error;
4447  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4448  goto error;
4449  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4450  goto error;
4451 
4452  DetectAddressFree(a);
4453  DetectAddressFree(b);
4454  DetectAddressFree(c);
4455  return 1;
4456 
4457 error:
4458  DetectAddressFree(a);
4459  DetectAddressFree(b);
4460  DetectAddressFree(c);
4461  return 0;
4462 }
4463 
4464 static int AddressTestCutIPv406(void)
4465 {
4466  DetectAddress *a, *b, *c;
4467  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4468  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4469 
4470  if (DetectAddressCut(NULL, a, b, &c) == -1)
4471  goto error;
4472 
4473  if (c == NULL)
4474  goto error;
4475 
4476  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4477  goto error;
4478  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4479  goto error;
4480  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4481  goto error;
4482 
4483  DetectAddressFree(a);
4484  DetectAddressFree(b);
4485  DetectAddressFree(c);
4486  return 1;
4487 
4488 error:
4489  DetectAddressFree(a);
4490  DetectAddressFree(b);
4491  DetectAddressFree(c);
4492  return 0;
4493 }
4494 
4495 static int AddressTestCutIPv407(void)
4496 {
4497  DetectAddress *a, *b, *c;
4498  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4499  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4500 
4501  if (DetectAddressCut(NULL, a, b, &c) == -1)
4502  goto error;
4503 
4504  if (c != NULL)
4505  goto error;
4506 
4507  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4508  goto error;
4509  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4510  goto error;
4511 
4512  DetectAddressFree(a);
4513  DetectAddressFree(b);
4514  DetectAddressFree(c);
4515  return 1;
4516 
4517 error:
4518  DetectAddressFree(a);
4519  DetectAddressFree(b);
4520  DetectAddressFree(c);
4521  return 0;
4522 }
4523 
4524 static int AddressTestCutIPv408(void)
4525 {
4526  DetectAddress *a, *b, *c;
4527  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4528  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4529 
4530  if (DetectAddressCut(NULL, a, b, &c) == -1)
4531  goto error;
4532 
4533  if (c != NULL)
4534  goto error;
4535 
4536  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4537  goto error;
4538  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4539  goto error;
4540 
4541  DetectAddressFree(a);
4542  DetectAddressFree(b);
4543  DetectAddressFree(c);
4544  return 1;
4545 
4546 error:
4547  DetectAddressFree(a);
4548  DetectAddressFree(b);
4549  DetectAddressFree(c);
4550  return 0;
4551 }
4552 
4553 static int AddressTestCutIPv409(void)
4554 {
4555  DetectAddress *a, *b, *c;
4556  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4557  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4558 
4559  if (DetectAddressCut(NULL, a, b, &c) == -1)
4560  goto error;
4561 
4562  if (c != NULL)
4563  goto error;
4564 
4565  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4566  goto error;
4567  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4568  goto error;
4569 
4570  DetectAddressFree(a);
4571  DetectAddressFree(b);
4572  DetectAddressFree(c);
4573  return 1;
4574 
4575 error:
4576  DetectAddressFree(a);
4577  DetectAddressFree(b);
4578  DetectAddressFree(c);
4579  return 0;
4580 }
4581 
4582 static int AddressTestCutIPv410(void)
4583 {
4584  DetectAddress *a, *b, *c;
4585  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4586  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4587 
4588  if (DetectAddressCut(NULL, a, b, &c) == -1)
4589  goto error;
4590 
4591  if (c != NULL)
4592  goto error;
4593 
4594  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4595  goto error;
4596  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4597  goto error;
4598 
4599  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4600 
4601  DetectAddressFree(a);
4602  DetectAddressFree(b);
4603  DetectAddressFree(c);
4604  return 1;
4605 
4606 error:
4607  DetectAddressFree(a);
4608  DetectAddressFree(b);
4609  DetectAddressFree(c);
4610  return 0;
4611 }
4612 
4613 static int AddressTestParseInvalidMask01(void)
4614 {
4615  int result = 1;
4616  DetectAddress *dd = NULL;
4617 
4618  dd = DetectAddressParseSingle("192.168.2.0/33");
4619  if (dd != NULL) {
4620  DetectAddressFree(dd);
4621  result = 0;
4622  }
4623  return result;
4624 }
4625 
4626 static int AddressTestParseInvalidMask02(void)
4627 {
4628  int result = 1;
4629  DetectAddress *dd = NULL;
4630 
4631  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4632  if (dd != NULL) {
4633  DetectAddressFree(dd);
4634  result = 0;
4635  }
4636  return result;
4637 }
4638 
4639 static int AddressTestParseInvalidMask03(void)
4640 {
4641  int result = 1;
4642  DetectAddress *dd = NULL;
4643 
4644  dd = DetectAddressParseSingle("192.168.2.0/blue");
4645  if (dd != NULL) {
4646  DetectAddressFree(dd);
4647  result = 0;
4648  }
4649  return result;
4650 }
4651 
4652 static int AddressConfVarsTest01(void)
4653 {
4654  static const char *dummy_conf_string =
4655  "%YAML 1.1\n"
4656  "---\n"
4657  "\n"
4658  "vars:\n"
4659  "\n"
4660  " address-groups:\n"
4661  "\n"
4662  " HOME_NET: \"any\"\n"
4663  "\n"
4664  " EXTERNAL_NET: \"!any\"\n"
4665  "\n"
4666  " port-groups:\n"
4667  "\n"
4668  " HTTP_PORTS: \"any\"\n"
4669  "\n"
4670  " SHELLCODE_PORTS: \"!any\"\n"
4671  "\n";
4672 
4673  int result = 0;
4674 
4675  ConfCreateContextBackup();
4676  ConfInit();
4677  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4678 
4679  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4680  result = 1;
4681 
4682  ConfDeInit();
4683  ConfRestoreContextBackup();
4684 
4685  return result;
4686 }
4687 
4688 static int AddressConfVarsTest02(void)
4689 {
4690  static const char *dummy_conf_string =
4691  "%YAML 1.1\n"
4692  "---\n"
4693  "\n"
4694  "vars:\n"
4695  "\n"
4696  " address-groups:\n"
4697  "\n"
4698  " HOME_NET: \"any\"\n"
4699  "\n"
4700  " EXTERNAL_NET: \"any\"\n"
4701  "\n"
4702  " port-groups:\n"
4703  "\n"
4704  " HTTP_PORTS: \"any\"\n"
4705  "\n"
4706  " SHELLCODE_PORTS: \"!any\"\n"
4707  "\n";
4708 
4709  int result = 0;
4710 
4711  ConfCreateContextBackup();
4712  ConfInit();
4713  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4714 
4715  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4716  result = 1;
4717 
4718  ConfDeInit();
4719  ConfRestoreContextBackup();
4720 
4721  return result;
4722 }
4723 
4724 static int AddressConfVarsTest03(void)
4725 {
4726  static const char *dummy_conf_string =
4727  "%YAML 1.1\n"
4728  "---\n"
4729  "\n"
4730  "vars:\n"
4731  "\n"
4732  " address-groups:\n"
4733  "\n"
4734  " HOME_NET: \"any\"\n"
4735  "\n"
4736  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4737  "\n"
4738  " port-groups:\n"
4739  "\n"
4740  " HTTP_PORTS: \"any\"\n"
4741  "\n"
4742  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4743  "\n";
4744 
4745  int result = 0;
4746 
4747  ConfCreateContextBackup();
4748  ConfInit();
4749  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4750 
4751  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4752  result = 1;
4753 
4754  ConfDeInit();
4755  ConfRestoreContextBackup();
4756 
4757  return result;
4758 }
4759 
4760 static int AddressConfVarsTest04(void)
4761 {
4762  static const char *dummy_conf_string =
4763  "%YAML 1.1\n"
4764  "---\n"
4765  "\n"
4766  "vars:\n"
4767  "\n"
4768  " address-groups:\n"
4769  "\n"
4770  " HOME_NET: \"any\"\n"
4771  "\n"
4772  " EXTERNAL_NET: \"$HOME_NET\"\n"
4773  "\n"
4774  " port-groups:\n"
4775  "\n"
4776  " HTTP_PORTS: \"any\"\n"
4777  "\n"
4778  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4779  "\n";
4780 
4781  int result = 0;
4782 
4783  ConfCreateContextBackup();
4784  ConfInit();
4785  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4786 
4787  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4788  result = 1;
4789 
4790  ConfDeInit();
4791  ConfRestoreContextBackup();
4792 
4793  return result;
4794 }
4795 
4796 static int AddressConfVarsTest05(void)
4797 {
4798  static const char *dummy_conf_string =
4799  "%YAML 1.1\n"
4800  "---\n"
4801  "\n"
4802  "vars:\n"
4803  "\n"
4804  " address-groups:\n"
4805  "\n"
4806  " HOME_NET: \"any\"\n"
4807  "\n"
4808  " EXTERNAL_NET: [192.168.0.1]\n"
4809  "\n"
4810  " port-groups:\n"
4811  "\n"
4812  " HTTP_PORTS: \"any\"\n"
4813  "\n"
4814  " SHELLCODE_PORTS: [80]\n"
4815  "\n";
4816 
4817  int result = 0;
4818 
4819  ConfCreateContextBackup();
4820  ConfInit();
4821  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4822 
4823  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4824  goto end;
4825 
4826  result = 1;
4827 
4828  end:
4829  ConfDeInit();
4830  ConfRestoreContextBackup();
4831 
4832  return result;
4833 }
4834 
4835 static int AddressConfVarsTest06(void)
4836 {
4837  // HOME_NET value size = 10261 bytes
4838  static const char *dummy_conf_string =
4839  "%YAML 1.1\n"
4840  "---\n"
4841  "\n"
4842  "vars:\n"
4843  "\n"
4844  " address-groups:\n"
4845  "\n"
4846  " HOME_NET: "
4847  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4982  "\n"
4983  " EXTERNAL_NET: \"any\"\n"
4984  "\n";
4985 
4986  ConfCreateContextBackup();
4987  ConfInit();
4988  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4989 
4990  FAIL_IF(0 != DetectAddressTestConfVars());
4991 
4992  ConfDeInit();
4993  ConfRestoreContextBackup();
4994 
4995  PASS;
4996 }
4997 
4998 #endif /* UNITTESTS */
4999 
5000 void DetectAddressTests(void)
5001 {
5002 #ifdef UNITTESTS
5003  DetectAddressIPv4Tests();
5004  DetectAddressIPv6Tests();
5005 
5006  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5007  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5008  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5009  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5010  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5011  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5012  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5013  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5014  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5015  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5016  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5017  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5018  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5019  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5020  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5021  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5022  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5023  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5024  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5025  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5026  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5027  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5028  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5029  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5030  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5031  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5032  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5033  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5034  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5035  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5036  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5037  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5038  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5039  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5040  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5041  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5042  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5043  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5044 
5045  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5046  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5047  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5048  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5049  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5050  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5051  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5052  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5053  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5054  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5055  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5056 
5057  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5058  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5059  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5060  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5061  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5062  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5063  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5064  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5065 
5066  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5067  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5068  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5069  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5070  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5071  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5072 
5073  UtRegisterTest("AddressTestAddressGroupSetup01",
5074  AddressTestAddressGroupSetup01);
5075  UtRegisterTest("AddressTestAddressGroupSetup02",
5076  AddressTestAddressGroupSetup02);
5077  UtRegisterTest("AddressTestAddressGroupSetup03",
5078  AddressTestAddressGroupSetup03);
5079  UtRegisterTest("AddressTestAddressGroupSetup04",
5080  AddressTestAddressGroupSetup04);
5081  UtRegisterTest("AddressTestAddressGroupSetup05",
5082  AddressTestAddressGroupSetup05);
5083  UtRegisterTest("AddressTestAddressGroupSetup06",
5084  AddressTestAddressGroupSetup06);
5085  UtRegisterTest("AddressTestAddressGroupSetup07",
5086  AddressTestAddressGroupSetup07);
5087  UtRegisterTest("AddressTestAddressGroupSetup08",
5088  AddressTestAddressGroupSetup08);
5089  UtRegisterTest("AddressTestAddressGroupSetup09",
5090  AddressTestAddressGroupSetup09);
5091  UtRegisterTest("AddressTestAddressGroupSetup10",
5092  AddressTestAddressGroupSetup10);
5093  UtRegisterTest("AddressTestAddressGroupSetup11",
5094  AddressTestAddressGroupSetup11);
5095  UtRegisterTest("AddressTestAddressGroupSetup12",
5096  AddressTestAddressGroupSetup12);
5097  UtRegisterTest("AddressTestAddressGroupSetup13",
5098  AddressTestAddressGroupSetup13);
5099  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5100  AddressTestAddressGroupSetupIPv414);
5101  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5102  AddressTestAddressGroupSetupIPv415);
5103  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5104  AddressTestAddressGroupSetupIPv416);
5105 
5106  UtRegisterTest("AddressTestAddressGroupSetup14",
5107  AddressTestAddressGroupSetup14);
5108  UtRegisterTest("AddressTestAddressGroupSetup15",
5109  AddressTestAddressGroupSetup15);
5110  UtRegisterTest("AddressTestAddressGroupSetup16",
5111  AddressTestAddressGroupSetup16);
5112  UtRegisterTest("AddressTestAddressGroupSetup17",
5113  AddressTestAddressGroupSetup17);
5114  UtRegisterTest("AddressTestAddressGroupSetup18",
5115  AddressTestAddressGroupSetup18);
5116  UtRegisterTest("AddressTestAddressGroupSetup19",
5117  AddressTestAddressGroupSetup19);
5118  UtRegisterTest("AddressTestAddressGroupSetup20",
5119  AddressTestAddressGroupSetup20);
5120  UtRegisterTest("AddressTestAddressGroupSetup21",
5121  AddressTestAddressGroupSetup21);
5122  UtRegisterTest("AddressTestAddressGroupSetup22",
5123  AddressTestAddressGroupSetup22);
5124  UtRegisterTest("AddressTestAddressGroupSetup23",
5125  AddressTestAddressGroupSetup23);
5126  UtRegisterTest("AddressTestAddressGroupSetup24",
5127  AddressTestAddressGroupSetup24);
5128  UtRegisterTest("AddressTestAddressGroupSetup25",
5129  AddressTestAddressGroupSetup25);
5130  UtRegisterTest("AddressTestAddressGroupSetup26",
5131  AddressTestAddressGroupSetup26);
5132 
5133  UtRegisterTest("AddressTestAddressGroupSetup27",
5134  AddressTestAddressGroupSetup27);
5135  UtRegisterTest("AddressTestAddressGroupSetup28",
5136  AddressTestAddressGroupSetup28);
5137  UtRegisterTest("AddressTestAddressGroupSetup29",
5138  AddressTestAddressGroupSetup29);
5139  UtRegisterTest("AddressTestAddressGroupSetup30",
5140  AddressTestAddressGroupSetup30);
5141  UtRegisterTest("AddressTestAddressGroupSetup31",
5142  AddressTestAddressGroupSetup31);
5143  UtRegisterTest("AddressTestAddressGroupSetup32",
5144  AddressTestAddressGroupSetup32);
5145  UtRegisterTest("AddressTestAddressGroupSetup33",
5146  AddressTestAddressGroupSetup33);
5147  UtRegisterTest("AddressTestAddressGroupSetup34",
5148  AddressTestAddressGroupSetup34);
5149  UtRegisterTest("AddressTestAddressGroupSetup35",
5150  AddressTestAddressGroupSetup35);
5151  UtRegisterTest("AddressTestAddressGroupSetup36",
5152  AddressTestAddressGroupSetup36);
5153  UtRegisterTest("AddressTestAddressGroupSetup37",
5154  AddressTestAddressGroupSetup37);
5155  UtRegisterTest("AddressTestAddressGroupSetup38",
5156  AddressTestAddressGroupSetup38);
5157  UtRegisterTest("AddressTestAddressGroupSetup39",
5158  AddressTestAddressGroupSetup39);
5159  UtRegisterTest("AddressTestAddressGroupSetup40",
5160  AddressTestAddressGroupSetup40);
5161  UtRegisterTest("AddressTestAddressGroupSetup41",
5162  AddressTestAddressGroupSetup41);
5163  UtRegisterTest("AddressTestAddressGroupSetup42",
5164  AddressTestAddressGroupSetup42);
5165  UtRegisterTest("AddressTestAddressGroupSetup43",
5166  AddressTestAddressGroupSetup43);
5167  UtRegisterTest("AddressTestAddressGroupSetup44",
5168  AddressTestAddressGroupSetup44);
5169  UtRegisterTest("AddressTestAddressGroupSetup45",
5170  AddressTestAddressGroupSetup45);
5171  UtRegisterTest("AddressTestAddressGroupSetup46",
5172  AddressTestAddressGroupSetup46);
5173  UtRegisterTest("AddressTestAddressGroupSetup47",
5174  AddressTestAddressGroupSetup47);
5175  UtRegisterTest("AddressTestAddressGroupSetup48",
5176  AddressTestAddressGroupSetup48);
5177 
5178  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5179  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5180  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5181  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5182  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5183  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5184  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5185  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5186  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5187  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5188 
5189  UtRegisterTest("AddressTestParseInvalidMask01",
5190  AddressTestParseInvalidMask01);
5191  UtRegisterTest("AddressTestParseInvalidMask02",
5192  AddressTestParseInvalidMask02);
5193  UtRegisterTest("AddressTestParseInvalidMask03",
5194  AddressTestParseInvalidMask03);
5195 
5196  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5197  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5198  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5199  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5200  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5201  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5202 #endif /* UNITTESTS */
5203 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:350
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:167
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1396
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1293
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:149
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1593
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:165
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectAddressHead_
Definition: detect.h:180
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1478
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1338
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:839
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
Address_
Definition: decode.h:116
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:150
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1106
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1804
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:174
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:154
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1887
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:241
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:522
DetectAddress_::ip2
Address ip2
Definition: detect.h:168
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1036
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
Address_::address
union Address_::@30 address
util-rule-vars.h
conf-yaml-loader.h
conf.h
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:152
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:670
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:155
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
DetectAddressMap_
Definition: detect-engine-address.c:1290
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:182
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1626
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:983
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:156
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
ConfNode_::name
char * name
Definition: conf.h:33
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:682
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:153
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1327
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:179
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1886
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1292
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:413
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:176
DetectMatchAddressIPv6_
Definition: detect.h:191
DetectMatchAddressIPv4_
Definition: detect.h:186
Address_::family
char family
Definition: decode.h:117
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:151
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1436
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:693
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:159
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1888
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:131
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:171
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1566
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:181
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1291
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1218
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162