suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
58 
59 /**
60  * \brief Creates and returns a new instance of a DetectAddress.
61  *
62  * \retval ag Pointer to the newly created DetectAddress on success;
63  * NULL on failure.
64  */
66 {
67  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
68  if (unlikely(ag == NULL))
69  return NULL;
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84  return;
85 }
86 
87 /**
88  * \internal
89  * \brief Returns a new instance of DetectAddressHead.
90  *
91  * \retval gh Pointer to the new instance of DetectAddressHead.
92  */
93 static DetectAddressHead *DetectAddressHeadInit(void)
94 {
96  if (unlikely(gh == NULL))
97  return NULL;
98  return gh;
99 }
100 
101 /**
102  * \internal
103  * \brief Frees a DetectAddressHead instance.
104  *
105  * \param gh Pointer to the DetectAddressHead instance to be freed.
106  */
107 static void DetectAddressHeadFree(DetectAddressHead *gh)
108 {
109  if (gh != NULL) {
111  SCFree(gh);
112  }
113 }
114 
115 /**
116  * \brief copy a DetectAddress
117  *
118  * \param orig Pointer to the instance of DetectAddress that contains the
119  * address data to be copied to the new instance.
120  *
121  * \retval ag Pointer to the new instance of DetectAddress that contains the
122  * copied address.
123  */
124 static DetectAddress *DetectAddressCopy(DetectAddress *orig)
125 {
127  if (ag == NULL)
128  return NULL;
129 
130  ag->flags = orig->flags;
131  COPY_ADDRESS(&orig->ip, &ag->ip);
132  COPY_ADDRESS(&orig->ip2, &ag->ip2);
133  return ag;
134 }
135 
136 #ifdef DEBUG
137 /**
138  * \brief Prints the address data information for all the DetectAddress
139  * instances in the DetectAddress list sent as the argument.
140  *
141  * \param head Pointer to a list of DetectAddress instances.
142  */
143 void DetectAddressPrintList(DetectAddress *head)
144 {
145  SCLogInfo("list:");
146  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
147  DetectAddressPrint(cur);
148  }
149  SCLogInfo("endlist");
150 }
151 #endif
152 
153 /**
154  * \internal
155  * \brief Frees a list of DetectAddress instances.
156  *
157  * \param head Pointer to a list of DetectAddress instances to be freed.
158  */
159 static void DetectAddressCleanupList(DetectAddress *head)
160 {
161  for (DetectAddress *cur = head; cur != NULL; ) {
162  DetectAddress *next = cur->next;
163  cur->next = NULL;
164  DetectAddressFree(cur);
165  cur = next;
166  }
167 }
168 
169 /**
170  * \internal
171  * \brief Helper function for DetectAddressInsert. Sets one of the
172  * DetectAddressHead head pointers, to the DetectAddress argument
173  * based on its address family.
174  *
175  * \param gh Pointer to the DetectAddressHead.
176  * \param newhead Pointer to the DetectAddress.
177  *
178  * \retval 0 On success.
179  * \retval -1 On failure.
180  */
181 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
182 {
183  if (newhead->ip.family == AF_INET) {
184  gh->ipv4_head = newhead;
185  } else if (newhead->ip.family == AF_INET6) {
186  gh->ipv6_head = newhead;
187  } else {
188  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
189  return -1;
190  }
191 
192  return 0;
193 }
194 
195 /**
196  * \internal
197  * \brief Returns the DetectAddress head from the DetectAddressHeads,
198  * based on the address family of the incoming DetectAddress arg.
199  *
200  * \param gh Pointer to the DetectAddressHead.
201  * \param new Pointer to the DetectAddress.
202  *
203  * \retval head Pointer to the DetectAddress(the head from
204  * DetectAddressHead).
205  */
206 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
207 {
208  DetectAddress *head = NULL;
209 
210  if (new->ip.family == AF_INET)
211  head = gh->ipv4_head;
212  else if (new->ip.family == AF_INET6)
213  head = gh->ipv6_head;
214 
215  return head;
216 }
217 
218 /**
219  * \internal
220  * \brief insert DetectAddress into a DetectAddressHead
221  *
222  * \param de_ctx Pointer to the detection engine context.
223  * \param gh Pointer to the DetectAddressHead list to which it has to
224  * be inserted.
225  * \param new Pointer to the DetectAddress, that has to be inserted.
226  *
227  * \retval 1 On successfully inserting it.
228  * \retval -1 On error.
229  * \retval 0 Not inserted, memory of new is freed.
230  */
231 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
232  DetectAddress *new)
233 {
234  DetectAddress *head = NULL;
235  DetectAddress *cur = NULL;
236  DetectAddress *c = NULL;
237  int r = 0;
238 
239  if (new == NULL)
240  return 0;
241 
242  /* get our head ptr based on the address we want to insert */
243  head = GetHeadPtr(gh, new);
244 
245  /* see if it already exists or overlaps with existing ag's */
246  if (head != NULL) {
247  cur = NULL;
248 
249  for (cur = head; cur != NULL; cur = cur->next) {
250  r = DetectAddressCmp(new, cur);
251  BUG_ON(r == ADDRESS_ER);
252 
253  /* if so, handle that */
254  if (r == ADDRESS_EQ) {
255  /* exact overlap/match */
256  if (cur != new) {
257  DetectAddressFree(new);
258  return 0;
259  }
260 
261  return 1;
262  } else if (r == ADDRESS_GT) {
263  /* only add it now if we are bigger than the last group.
264  * Otherwise we'll handle it later. */
265  if (cur->next == NULL) {
266  /* put in the list */
267  new->prev = cur;
268  cur->next = new;
269 
270  return 1;
271  }
272  } else if (r == ADDRESS_LT) {
273  /* see if we need to insert the ag anywhere put in the list */
274  if (cur->prev != NULL)
275  cur->prev->next = new;
276  new->prev = cur->prev;
277  new->next = cur;
278  cur->prev = new;
279 
280  /* update head if required */
281  if (head == cur) {
282  head = new;
283 
284  if (SetHeadPtr(gh, head) < 0)
285  goto error;
286  }
287 
288  return 1;
289  /* alright, those were the simple cases, lets handle the more
290  * complex ones now */
291  } else if (r == ADDRESS_ES) {
292  c = NULL;
293  r = DetectAddressCut(de_ctx, cur, new, &c);
294  if (r == -1)
295  goto error;
296 
297  DetectAddressInsert(de_ctx, gh, new);
298  if (c != NULL)
299  DetectAddressInsert(de_ctx, gh, c);
300 
301  return 1;
302  } else if (r == ADDRESS_EB) {
303  c = NULL;
304  r = DetectAddressCut(de_ctx, cur, new, &c);
305  if (r == -1)
306  goto error;
307 
308  DetectAddressInsert(de_ctx, gh, new);
309  if (c != NULL)
310  DetectAddressInsert(de_ctx, gh, c);
311 
312  return 1;
313  } else if (r == ADDRESS_LE) {
314  c = NULL;
315  r = DetectAddressCut(de_ctx, cur, new, &c);
316  if (r == -1)
317  goto error;
318 
319  DetectAddressInsert(de_ctx, gh, new);
320  if (c != NULL)
321  DetectAddressInsert(de_ctx, gh, c);
322 
323  return 1;
324  } else if (r == ADDRESS_GE) {
325  c = NULL;
326  r = DetectAddressCut(de_ctx, cur,new,&c);
327  if (r == -1)
328  goto error;
329 
330  DetectAddressInsert(de_ctx, gh, new);
331  if (c != NULL)
332  DetectAddressInsert(de_ctx, gh, c);
333 
334  return 1;
335  }
336  }
337 
338  /* head is NULL, so get a group and set head to it */
339  } else {
340  head = new;
341  if (SetHeadPtr(gh, head) < 0) {
342  SCLogDebug("SetHeadPtr failed");
343  goto error;
344  }
345  }
346 
347  return 1;
348 
349 error:
350  /* XXX */
351  return -1;
352 }
353 
354 /**
355  * \brief Checks if two address group lists are equal.
356  *
357  * \param list1 Pointer to the first address group list.
358  * \param list2 Pointer to the second address group list.
359  *
360  * \retval true On success.
361  * \retval false On failure.
362  */
364 {
365  DetectAddress *item = list1;
366  DetectAddress *it = list2;
367 
368  // First, compare items one by one.
369  while (item != NULL && it != NULL) {
370  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
371  return false;
372  }
373 
374  item = item->next;
375  it = it->next;
376  }
377 
378  // Are the lists of the same size?
379  if (!(item == NULL && it == NULL)) {
380  return false;
381  }
382 
383  return true;
384 }
385 
386 /**
387  * \internal
388  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
389  *
390  * For example if we send a cidr of 7 as argument, an ipv6 address
391  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
392  * in the argument struct in6_addr *in6.
393  *
394  * \todo I think for the final section: while (cidr > 0), we can simply
395  * replace it with a
396  * if (cidr > 0) {
397  * in6->s6_addr[i] = -1 << (8 - cidr);
398  *
399  * \param cidr The value of the cidr.
400  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
401  * hold the cidr netblock result.
402  */
403 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
404 {
405  int i = 0;
406 
407  memset(in6, 0, sizeof(struct in6_addr));
408 
409  while (cidr > 8) {
410  in6->s6_addr[i] = 0xff;
411  cidr -= 8;
412  i++;
413  }
414 
415  while (cidr > 0) {
416  in6->s6_addr[i] |= 0x80;
417  if (--cidr > 0)
418  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
419  }
420 
421  return;
422 }
423 
424 /**
425  * \internal
426  * \brief Parses an ipv4/ipv6 address string and updates the result into the
427  * DetectAddress instance sent as the argument.
428  *
429  * \param dd Pointer to the DetectAddress instance which should be updated with
430  * the address range details from the parsed ip string.
431  * \param str Pointer to address string that has to be parsed.
432  *
433  * \retval 0 On successfully parsing the address string.
434  * \retval -1 On failure.
435  */
436 static int DetectAddressParseString(DetectAddress *dd, const char *str)
437 {
438  char *ip = NULL;
439  char *ip2 = NULL;
440  char *mask = NULL;
441  int r = 0;
442  char ipstr[256];
443 
444  /* shouldn't see 'any' here */
445  BUG_ON(strcasecmp(str, "any") == 0);
446 
447  strlcpy(ipstr, str, sizeof(ipstr));
448  SCLogDebug("str %s", str);
449 
450  /* we work with a copy so that we can put a
451  * nul-termination in it later */
452  ip = ipstr;
453 
454  /* handle the negation case */
455  if (ip[0] == '!') {
456  dd->flags |= ADDRESS_FLAG_NOT;
457  ip++;
458  }
459 
460  /* see if the address is an ipv4 or ipv6 address */
461  if ((strchr(str, ':')) == NULL) {
462  /* IPv4 Address */
463  struct in_addr in;
464 
465  dd->ip.family = AF_INET;
466 
467  if ((mask = strchr(ip, '/')) != NULL) {
468  /* 1.2.3.4/xxx format (either dotted or cidr notation */
469  ip[mask - ip] = '\0';
470  mask++;
471  uint32_t ip4addr = 0;
472  uint32_t netmask = 0;
473 
474  if ((strchr (mask, '.')) == NULL) {
475  /* 1.2.3.4/24 format */
476 
477  for (size_t u = 0; u < strlen(mask); u++) {
478  if(!isdigit((unsigned char)mask[u]))
479  goto error;
480  }
481 
482  int cidr;
483  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
484  goto error;
485  netmask = CIDRGet(cidr);
486  } else {
487  /* 1.2.3.4/255.255.255.0 format */
488  r = inet_pton(AF_INET, mask, &in);
489  if (r <= 0)
490  goto error;
491 
492  netmask = in.s_addr;
493  }
494 
495  r = inet_pton(AF_INET, ip, &in);
496  if (r <= 0)
497  goto error;
498 
499  ip4addr = in.s_addr;
500 
501  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
502  dd->ip2.addr_data32[0] |=~ netmask;
503  } else if ((ip2 = strchr(ip, '-')) != NULL) {
504  /* 1.2.3.4-1.2.3.6 range format */
505  ip[ip2 - ip] = '\0';
506  ip2++;
507 
508  r = inet_pton(AF_INET, ip, &in);
509  if (r <= 0)
510  goto error;
511  dd->ip.addr_data32[0] = in.s_addr;
512 
513  r = inet_pton(AF_INET, ip2, &in);
514  if (r <= 0)
515  goto error;
516  dd->ip2.addr_data32[0] = in.s_addr;
517 
518  /* a > b is illegal, a = b is ok */
519  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
520  goto error;
521  } else {
522  /* 1.2.3.4 format */
523  r = inet_pton(AF_INET, ip, &in);
524  if (r <= 0)
525  goto error;
526  /* single host */
527  dd->ip.addr_data32[0] = in.s_addr;
528  dd->ip2.addr_data32[0] = in.s_addr;
529  }
530  } else {
531  /* IPv6 Address */
532  struct in6_addr in6, mask6;
533  uint32_t ip6addr[4], netmask[4];
534 
535  dd->ip.family = AF_INET6;
536 
537  if ((mask = strchr(ip, '/')) != NULL) {
538  ip[mask - ip] = '\0';
539  mask++;
540 
541  int cidr;
542  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
543  goto error;
544 
545  r = inet_pton(AF_INET6, ip, &in6);
546  if (r <= 0)
547  goto error;
548  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
549 
550  DetectAddressParseIPv6CIDR(cidr, &mask6);
551  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
552 
553  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
554  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
555  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
556  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
557 
558  dd->ip2.addr_data32[0] |=~ netmask[0];
559  dd->ip2.addr_data32[1] |=~ netmask[1];
560  dd->ip2.addr_data32[2] |=~ netmask[2];
561  dd->ip2.addr_data32[3] |=~ netmask[3];
562  } else if ((ip2 = strchr(ip, '-')) != NULL) {
563  /* 2001::1-2001::4 range format */
564  ip[ip2 - ip] = '\0';
565  ip2++;
566 
567  r = inet_pton(AF_INET6, ip, &in6);
568  if (r <= 0)
569  goto error;
570  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
571 
572  r = inet_pton(AF_INET6, ip2, &in6);
573  if (r <= 0)
574  goto error;
575  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
576 
577  /* a > b is illegal, a=b is ok */
578  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
579  goto error;
580  } else {
581  r = inet_pton(AF_INET6, ip, &in6);
582  if (r <= 0)
583  goto error;
584 
585  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
586  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
587  }
588 
589  }
590 
591  BUG_ON(dd->ip.family == 0);
592 
593  return 0;
594 
595 error:
596  return -1;
597 }
598 
599 /**
600  * \internal
601  * \brief Simply parse an address and return a DetectAddress instance containing
602  * the address ranges of the parsed ip addressstring
603  *
604  * \param str Pointer to a character string containing the ip address
605  *
606  * \retval dd Pointer to the DetectAddress instance containing the address
607  * range details from the parsed ip string
608  */
609 static DetectAddress *DetectAddressParseSingle(const char *str)
610 {
611  SCLogDebug("str %s", str);
612 
614  if (dd == NULL)
615  return NULL;
616 
617  if (DetectAddressParseString(dd, str) < 0) {
618  SCLogDebug("AddressParse failed");
619  DetectAddressFree(dd);
620  return NULL;
621  }
622 
623  return dd;
624 }
625 
626 /**
627  * \brief Setup a single address string, parse it and add the resulting
628  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
629  *
630  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
631  * resulting Address-Range(s) from the parsed ip string has to
632  * be added.
633  * \param s Pointer to the ip address string to be parsed.
634  *
635  * \retval 0 On success.
636  * \retval -1 On failure.
637  */
638 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
639 {
640  SCLogDebug("gh %p, s %s", gh, s);
641 
642  while (*s != '\0' && isspace(*s))
643  s++;
644 
645  if (strcasecmp(s, "any") == 0) {
646  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
647 
648  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
649  if (ad == NULL)
650  return -1;
651 
652  BUG_ON(ad->ip.family == 0);
653 
654  if (DetectAddressInsert(NULL, gh, ad) < 0) {
655  SCLogDebug("DetectAddressInsert failed");
656  DetectAddressFree(ad);
657  return -1;
658  }
659 
660  ad = DetectAddressParseSingle("::/0");
661  if (ad == NULL)
662  return -1;
663 
664  BUG_ON(ad->ip.family == 0);
665 
666  if (DetectAddressInsert(NULL, gh, ad) < 0) {
667  SCLogDebug("DetectAddressInsert failed");
668  DetectAddressFree(ad);
669  return -1;
670  }
671  return 0;
672  }
673 
674  /* parse the address */
675  DetectAddress *ad = DetectAddressParseSingle(s);
676  if (ad == NULL) {
678  "failed to parse address \"%s\"", s);
679  return -1;
680  }
681 
682  /* handle the not case, we apply the negation then insert the part(s) */
683  if (ad->flags & ADDRESS_FLAG_NOT) {
684  DetectAddress *ad2 = NULL;
685 
686  if (DetectAddressCutNot(ad, &ad2) < 0) {
687  SCLogDebug("DetectAddressCutNot failed");
688  DetectAddressFree(ad);
689  return -1;
690  }
691 
692  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
693  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
694  if (ad2 != NULL) {
695  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
696  SCLogDebug("DetectAddressInsert failed");
697  DetectAddressFree(ad);
698  DetectAddressFree(ad2);
699  return -1;
700  }
701  }
702  }
703 
704  int r = DetectAddressInsert(NULL, gh, ad);
705  if (r < 0) {
706  SCLogDebug("DetectAddressInsert failed");
707  DetectAddressFree(ad);
708  return -1;
709  }
710  SCLogDebug("r %d",r);
711  return 0;
712 }
713 
714 /**
715  * \brief Parses an address string and updates the 2 address heads with the
716  * address data.
717  *
718  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
719  * since we pass around negate without keeping a count of ! with depth.
720  * Can solve this by keeping a count of the negations with depth, so that
721  * an even no of negations would count as no negation and an odd no of
722  * negations would count as a negation.
723  *
724  * \param gh Pointer to the address head that should hold address ranges
725  * that are not negated.
726  * \param ghn Pointer to the address head that should hold address ranges
727  * that are negated.
728  * \param s Pointer to the character string holding the address to be
729  * parsed.
730  * \param negate Flag that indicates if the received address string is negated
731  * or not. 0 if it is not, 1 it it is.
732  *
733  * \retval 0 On successfully parsing.
734  * \retval -1 On failure.
735  */
736 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
738  const char *s, int negate, ResolvedVariablesList *var_list,
739  int recur)
740 {
741  size_t x = 0;
742  size_t u = 0;
743  int o_set = 0, n_set = 0, d_set = 0;
744  int depth = 0;
745  size_t size = strlen(s);
746  char address[8196] = "";
747  const char *rule_var_address = NULL;
748  char *temp_rule_var_address = NULL;
749 
750  if (++recur > 64) {
751  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
752  "limit reached (max 64)");
753  goto error;
754  }
755 
756  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
757 
758  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
759  if (x == (sizeof(address) - 1)) {
760  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
761  " limit for the supplied address. Invalidating sig. "
762  "Please file a bug report on this.");
763  goto error;
764  }
765  address[x] = s[u];
766  x++;
767 
768  if (!o_set && s[u] == '!') {
769  n_set = 1;
770  x--;
771  } else if (s[u] == '[') {
772  if (!o_set) {
773  o_set = 1;
774  x = 0;
775  }
776  depth++;
777  } else if (s[u] == ']') {
778  if (depth == 1) {
779  address[x - 1] = '\0';
780  x = 0;
781  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
782  if (((negate + n_set) % 2) == 0) {
783  /* normal block */
784  SCLogDebug("normal block");
785 
786  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
787  goto error;
788  } else {
789  /* negated block
790  *
791  * Extra steps are necessary. First consider it as a normal
792  * (non-negated) range. Merge the + and - ranges if
793  * applicable. Then insert the result into the ghn list. */
794  SCLogDebug("negated block");
795 
796  DetectAddressHead tmp_gh = { NULL, NULL };
797  DetectAddressHead tmp_ghn = { NULL, NULL };
798 
799  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
800  DetectAddressHeadCleanup(&tmp_gh);
801  DetectAddressHeadCleanup(&tmp_ghn);
802  goto error;
803  }
804 
805  DetectAddress *tmp_ad;
806  DetectAddress *tmp_ad2;
807 #ifdef DEBUG
808  SCLogDebug("tmp_gh: IPv4");
809  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
810  DetectAddressPrint(tmp_ad);
811  }
812  SCLogDebug("tmp_ghn: IPv4");
813  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
814  DetectAddressPrint(tmp_ad);
815  }
816  SCLogDebug("tmp_gh: IPv6");
817  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
818  DetectAddressPrint(tmp_ad);
819  }
820  SCLogDebug("tmp_ghn: IPv6");
821  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
822  DetectAddressPrint(tmp_ad);
823  }
824 #endif
825  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
826  DetectAddressHeadCleanup(&tmp_ghn);
827  DetectAddressHeadCleanup(&tmp_gh);
828  goto error;
829  }
830  DetectAddressHeadCleanup(&tmp_ghn);
831 
832  SCLogDebug("merged succesfully");
833 
834  /* insert the IPv4 addresses into the negated list */
835  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
836  /* work with a copy of the address group */
837  tmp_ad2 = DetectAddressCopy(tmp_ad);
838  if (tmp_ad2 == NULL) {
839  SCLogDebug("DetectAddressCopy failed");
840  DetectAddressHeadCleanup(&tmp_gh);
841  goto error;
842  }
843  DetectAddressPrint(tmp_ad2);
844  DetectAddressInsert(NULL, ghn, tmp_ad2);
845  }
846 
847  /* insert the IPv6 addresses into the negated list */
848  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
849  /* work with a copy of the address group */
850  tmp_ad2 = DetectAddressCopy(tmp_ad);
851  if (tmp_ad2 == NULL) {
852  SCLogDebug("DetectAddressCopy failed");
853  DetectAddressHeadCleanup(&tmp_gh);
854  goto error;
855  }
856  DetectAddressPrint(tmp_ad2);
857  DetectAddressInsert(NULL, ghn, tmp_ad2);
858  }
859 
860  DetectAddressHeadCleanup(&tmp_gh);
861  }
862  n_set = 0;
863  }
864  depth--;
865  } else if (depth == 0 && s[u] == ',') {
866  if (o_set == 1) {
867  o_set = 0;
868  } else if (d_set == 1) {
869  address[x - 1] = '\0';
870 
871  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
873  if (rule_var_address == NULL)
874  goto error;
875 
876  if (strlen(rule_var_address) == 0) {
877  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
878  "to nothing. This is likely a misconfiguration. "
879  "Note that a negated address needs to be quoted, "
880  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
881  goto error;
882  }
883 
884  SCLogDebug("rule_var_address %s", rule_var_address);
885  if ((negate + n_set) % 2) {
886  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
887  if (unlikely(temp_rule_var_address == NULL))
888  goto error;
889  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
890  "[%s]", rule_var_address);
891  } else {
892  temp_rule_var_address = SCStrdup(rule_var_address);
893  if (unlikely(temp_rule_var_address == NULL))
894  goto error;
895  }
896 
897 
898  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
899  (negate + n_set) % 2, var_list, recur) < 0)
900  {
901  if (temp_rule_var_address != rule_var_address)
902  SCFree(temp_rule_var_address);
903  goto error;
904  }
905  d_set = 0;
906  n_set = 0;
907  SCFree(temp_rule_var_address);
908  } else {
909  address[x - 1] = '\0';
910 
911  if (!((negate + n_set) % 2)) {
912  SCLogDebug("DetectAddressSetup into gh, %s", address);
913  if (DetectAddressSetup(gh, address) < 0)
914  goto error;
915  } else {
916  SCLogDebug("DetectAddressSetup into ghn, %s", address);
917  if (DetectAddressSetup(ghn, address) < 0)
918  goto error;
919  }
920  n_set = 0;
921  }
922  x = 0;
923  } else if (depth == 0 && s[u] == '$') {
924  d_set = 1;
925  } else if (depth == 0 && u == size - 1) {
926  if (x == sizeof(address)) {
927  address[x - 1] = '\0';
928  } else {
929  address[x] = '\0';
930  }
931  x = 0;
932 
933  if (AddVariableToResolveList(var_list, address) == -1) {
934  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
935  "groups declaration. This is likely a misconfiguration.");
936  goto error;
937  }
938 
939  if (d_set == 1) {
940  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
942  if (rule_var_address == NULL)
943  goto error;
944 
945  if (strlen(rule_var_address) == 0) {
946  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
947  "to nothing. This is likely a misconfiguration. "
948  "Note that a negated address needs to be quoted, "
949  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
950  goto error;
951  }
952 
953  SCLogDebug("rule_var_address %s", rule_var_address);
954  if ((negate + n_set) % 2) {
955  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
956  if (unlikely(temp_rule_var_address == NULL))
957  goto error;
958  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
959  "[%s]", rule_var_address);
960  } else {
961  temp_rule_var_address = SCStrdup(rule_var_address);
962  if (unlikely(temp_rule_var_address == NULL))
963  goto error;
964  }
965 
966  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
967  (negate + n_set) % 2, var_list, recur) < 0) {
968  SCLogDebug("DetectAddressParse2 hates us");
969  if (temp_rule_var_address != rule_var_address)
970  SCFree(temp_rule_var_address);
971  goto error;
972  }
973  d_set = 0;
974  SCFree(temp_rule_var_address);
975  } else {
976  if (!((negate + n_set) % 2)) {
977  SCLogDebug("DetectAddressSetup into gh, %s", address);
978  if (DetectAddressSetup(gh, address) < 0) {
979  SCLogDebug("DetectAddressSetup gh fail");
980  goto error;
981  }
982  } else {
983  SCLogDebug("DetectAddressSetup into ghn, %s", address);
984  if (DetectAddressSetup(ghn, address) < 0) {
985  SCLogDebug("DetectAddressSetup ghn fail");
986  goto error;
987  }
988  }
989  }
990  n_set = 0;
991  }
992  }
993  if (depth > 0) {
994  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
995  "properly closed in \"%s\", %d missing closing brackets (]). "
996  "Note: problem might be in a variable.", s, depth);
997  goto error;
998  } else if (depth < 0) {
999  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1000  "properly opened in \"%s\", %d missing opening brackets ([). "
1001  "Note: problem might be in a variable.", s, depth*-1);
1002  goto error;
1003  }
1004 
1005  return 0;
1006 
1007 error:
1008 
1009  return -1;
1010 }
1011 
1012 /**
1013  * \internal
1014  * \brief See if the addresses and ranges in an address head cover the
1015  * entire ip space.
1016  *
1017  * \param gh Pointer to the DetectAddressHead to check.
1018  *
1019  * \retval 0 No.
1020  * \retval 1 Yes.
1021  *
1022  * \todo do the same for IPv6
1023  */
1024 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1025 {
1027  if (r == 1)
1028  return 1;
1029 
1030  return 0;
1031 }
1032 
1033 /**
1034  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1035  *
1036  * \param gh Pointer to the address head containing the non-NOT groups.
1037  * \param ghn Pointer to the address head containing the NOT groups.
1038  *
1039  * \retval 0 On success.
1040  * \retval -1 On failure.
1041  */
1043 {
1044  DetectAddress *ad;
1045  DetectAddress *ag, *ag2;
1046  int r = 0;
1047 
1048  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1049  ghn->ipv4_head);
1050 
1051  /* check if the negated list covers the entire ip space. If so
1052  * the user screwed up the rules/vars. */
1053  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1054  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1055  "Rule address range is NIL. Probably have a !any or "
1056  "an address range that supplies a NULL address range");
1057  goto error;
1058  }
1059 
1060  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1061  * not thingy. In that case we add a 0.0.0.0/0 first. */
1062  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1063  r = DetectAddressSetup(gh, "0.0.0.0/0");
1064  if (r < 0) {
1065  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1066  goto error;
1067  }
1068  }
1069  /* ... or ::/0 for ipv6 */
1070  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1071  r = DetectAddressSetup(gh, "::/0");
1072  if (r < 0) {
1073  SCLogDebug("DetectAddressSetup for ::/0 failed");
1074  goto error;
1075  }
1076  }
1077 
1078  /* step 1: insert our ghn members into the gh list */
1079  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1080  /* work with a copy of the ad so we can easily clean up the ghn group
1081  * later. */
1082  ad = DetectAddressCopy(ag);
1083  if (ad == NULL) {
1084  SCLogDebug("DetectAddressCopy failed");
1085  goto error;
1086  }
1087 
1088  r = DetectAddressInsert(NULL, gh, ad);
1089  if (r < 0) {
1090  SCLogDebug("DetectAddressInsert failed");
1091  goto error;
1092  }
1093  }
1094  /* ... and the same for ipv6 */
1095  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1096  /* work with a copy of the ad so we can easily clean up the ghn group
1097  * later. */
1098  ad = DetectAddressCopy(ag);
1099  if (ad == NULL) {
1100  SCLogDebug("DetectAddressCopy failed");
1101  goto error;
1102  }
1103 
1104  r = DetectAddressInsert(NULL, gh, ad);
1105  if (r < 0) {
1106  SCLogDebug("DetectAddressInsert failed");
1107  goto error;
1108  }
1109  }
1110 #ifdef DEBUG
1111  DetectAddress *tmp_ad;
1112  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1113  DetectAddressPrint(tmp_ad);
1114  }
1115 #endif
1116  int ipv4_applied = 0;
1117  int ipv6_applied = 0;
1118 
1119  /* step 2: pull the address blocks that match our 'not' blocks */
1120  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1121  SCLogDebug("ag %p", ag);
1122  DetectAddressPrint(ag);
1123 
1124  int applied = 0;
1125  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1126  SCLogDebug("ag2 %p", ag2);
1127  DetectAddressPrint(ag2);
1128 
1129  r = DetectAddressCmp(ag, ag2);
1130  /* XXX more ??? */
1131  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1132  if (ag2->prev == NULL)
1133  gh->ipv4_head = ag2->next;
1134  else
1135  ag2->prev->next = ag2->next;
1136 
1137  if (ag2->next != NULL)
1138  ag2->next->prev = ag2->prev;
1139 
1140  /* store the next ptr and remove the group */
1141  DetectAddress *next_ag2 = ag2->next;
1142  DetectAddressFree(ag2);
1143  ag2 = next_ag2;
1144  applied = 1;
1145  } else {
1146  ag2 = ag2->next;
1147  }
1148  }
1149 
1150  if (applied) {
1151  ipv4_applied++;
1152  }
1153  }
1154  /* ... and the same for ipv6 */
1155  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1156  int applied = 0;
1157  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1158  r = DetectAddressCmp(ag, ag2);
1159  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1160  if (ag2->prev == NULL)
1161  gh->ipv6_head = ag2->next;
1162  else
1163  ag2->prev->next = ag2->next;
1164 
1165  if (ag2->next != NULL)
1166  ag2->next->prev = ag2->prev;
1167 
1168  /* store the next ptr and remove the group */
1169  DetectAddress *next_ag2 = ag2->next;
1170  DetectAddressFree(ag2);
1171  ag2 = next_ag2;
1172 
1173  SCLogDebug("applied");
1174  applied = 1;
1175  } else {
1176  ag2 = ag2->next;
1177  }
1178  }
1179  if (applied) {
1180  ipv6_applied++;
1181  }
1182  }
1183 #ifdef DEBUG
1184  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1185  DetectAddressPrint(tmp_ad);
1186  }
1187  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1188  DetectAddressPrint(tmp_ad);
1189  }
1190 #endif
1191  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1192  int cnt = 0;
1193  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1194  cnt++;
1195 
1196  if (ipv4_applied != cnt) {
1197  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1198  "could be applied: %d != %d", cnt, ipv4_applied);
1199  goto error;
1200  }
1201 
1202  cnt = 0;
1203  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1204  cnt++;
1205 
1206  if (ipv6_applied != cnt) {
1207  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1208  "could be applied: %d != %d", cnt, ipv6_applied);
1209  goto error;
1210  }
1211  }
1212 
1213  /* if the result is that we have no addresses we return error */
1214  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1215  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1216  "merging addresses and negated addresses");
1217  goto error;
1218  }
1219 
1220  return 0;
1221 
1222 error:
1223  return -1;
1224 }
1225 
1227 {
1228  SCLogDebug("Testing address conf vars for any misconfigured values");
1229 
1230  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1231 
1232  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1233  if (address_vars_node == NULL) {
1234  return 0;
1235  }
1236 
1237  DetectAddressHead *gh = NULL;
1238  DetectAddressHead *ghn = NULL;
1239 
1240  ConfNode *seq_node;
1241  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1242  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1243 
1244  gh = DetectAddressHeadInit();
1245  if (gh == NULL) {
1246  goto error;
1247  }
1248  ghn = DetectAddressHeadInit();
1249  if (ghn == NULL) {
1250  goto error;
1251  }
1252 
1253  if (seq_node->val == NULL) {
1255  "Address var \"%s\" probably has a sequence(something "
1256  "in brackets) value set without any quotes. Please "
1257  "quote it using \"..\".", seq_node->name);
1258  goto error;
1259  }
1260 
1261  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list, 0);
1262 
1263  CleanVariableResolveList(&var_list);
1264 
1265  if (r < 0) {
1267  "failed to parse address var \"%s\" with value \"%s\". "
1268  "Please check it's syntax", seq_node->name, seq_node->val);
1269  goto error;
1270  }
1271 
1272  if (DetectAddressIsCompleteIPSpace(ghn)) {
1274  "address var - \"%s\" has the complete IP space negated "
1275  "with it's value \"%s\". Rule address range is NIL. "
1276  "Probably have a !any or an address range that supplies "
1277  "a NULL address range", seq_node->name, seq_node->val);
1278  goto error;
1279  }
1280 
1281  if (gh != NULL) {
1282  DetectAddressHeadFree(gh);
1283  gh = NULL;
1284  }
1285  if (ghn != NULL) {
1286  DetectAddressHeadFree(ghn);
1287  ghn = NULL;
1288  }
1289  }
1290 
1291  return 0;
1292  error:
1293  if (gh != NULL)
1294  DetectAddressHeadFree(gh);
1295  if (ghn != NULL)
1296  DetectAddressHeadFree(ghn);
1297  return -1;
1298 }
1299 
1300 #include "util-hash-lookup3.h"
1301 
1302 typedef struct DetectAddressMap_ {
1303  char *string;
1307 
1308 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1309 {
1310  const DetectAddressMap *map = (DetectAddressMap *)data;
1311  uint32_t hash = 0;
1312 
1313  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1314  hash %= ht->array_size;
1315 
1316  return hash;
1317 }
1318 
1319 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1320  uint16_t len2)
1321 {
1322  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1323  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1324 
1325 
1326  int r = (strcmp(map1->string, map2->string) == 0);
1327  return r;
1328 }
1329 
1330 static void DetectAddressMapFreeFunc(void *data)
1331 {
1332  DetectAddressMap *map = (DetectAddressMap *)data;
1333  if (map != NULL) {
1334  DetectAddressHeadFree(map->address);
1335  SCFree(map->string);
1336  }
1337  SCFree(map);
1338 }
1339 
1341 {
1342  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1343  DetectAddressMapCompareFunc,
1344  DetectAddressMapFreeFunc);
1345  if (de_ctx->address_table == NULL)
1346  return -1;
1347 
1348  return 0;
1349 }
1350 
1352 {
1353  if (de_ctx->address_table == NULL)
1354  return;
1355 
1357  de_ctx->address_table = NULL;
1358  return;
1359 }
1360 
1361 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1362  DetectAddressHead *address, bool contains_negation)
1363 {
1364  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1365  if (map == NULL)
1366  return -1;
1367 
1368  map->string = SCStrdup(string);
1369  if (map->string == NULL) {
1370  SCFree(map);
1371  return -1;
1372  }
1373  map->address = address;
1374  map->contains_negation = contains_negation;
1375 
1376  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1377  return 0;
1378 }
1379 
1380 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1381  const char *string)
1382 {
1383  DetectAddressMap map = { (char *)string, NULL, false };
1384 
1386  &map, 0);
1387  return res;
1388 }
1389 
1390 /**
1391  * \brief Parses an address group sent as a character string and updates the
1392  * DetectAddressHead sent as the argument with the relevant address
1393  * ranges from the parsed string.
1394  *
1395  * \param de_ctx Pointer to the detection engine context
1396  * \param gh Pointer to the DetectAddressHead.
1397  * \param str Pointer to the character string containing the address group
1398  * that has to be parsed.
1399  *
1400  * \retval 1 On success. Contained negation.
1401  * \retval 0 On success. Did not contain negation.
1402  * \retval -1 On failure.
1403  */
1405  DetectAddressHead *gh, const char *str)
1406 {
1407  SCLogDebug("gh %p, str %s", gh, str);
1408 
1409  if (str == NULL) {
1410  SCLogDebug("DetectAddressParse can not be run with NULL address");
1411  return -1;
1412  }
1413 
1414  DetectAddressHead *ghn = DetectAddressHeadInit();
1415  if (ghn == NULL) {
1416  SCLogDebug("DetectAddressHeadInit for ghn failed");
1417  return -1;
1418  }
1419 
1420  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL, 0);
1421  if (r < 0) {
1422  SCLogDebug("DetectAddressParse2 returned %d", r);
1423  DetectAddressHeadFree(ghn);
1424  return -1;
1425  }
1426 
1427  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1428  ghn->ipv4_head);
1429 
1430  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1431 
1432  /* merge the 'not' address groups */
1433  if (DetectAddressMergeNot(gh, ghn) < 0) {
1434  SCLogDebug("DetectAddressMergeNot failed");
1435  DetectAddressHeadFree(ghn);
1436  return -1;
1437  }
1438 
1439  /* free the temp negate head */
1440  DetectAddressHeadFree(ghn);
1441  return contains_negation ? 1 : 0;
1442 }
1443 
1445  const char *string, bool *contains_negation)
1446 {
1447  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1448  if (res != NULL) {
1449  SCLogDebug("found: %s :: %p", string, res);
1450  *contains_negation = res->contains_negation;
1451  return res->address;
1452  }
1453 
1454  SCLogDebug("%s not found", string);
1455 
1456  DetectAddressHead *head = DetectAddressHeadInit();
1457  if (head == NULL)
1458  return NULL;
1459 
1460  const int r = DetectAddressParse(de_ctx, head, string);
1461  if (r < 0) {
1462  DetectAddressHeadFree(head);
1463  return NULL;
1464  } else if (r == 1) {
1465  *contains_negation = true;
1466  } else {
1467  *contains_negation = false;
1468  }
1469 
1470  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1471  *contains_negation);
1472  return head;
1473 }
1474 
1475 /**
1476  * \brief Cleans a DetectAddressHead. The functions frees the address
1477  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1478  * instance.
1479  *
1480  * \param gh Pointer to the DetectAddressHead instance that has to be
1481  * cleaned.
1482  */
1484 {
1485  if (gh != NULL) {
1486  if (gh->ipv4_head != NULL) {
1487  DetectAddressCleanupList(gh->ipv4_head);
1488  gh->ipv4_head = NULL;
1489  }
1490  if (gh->ipv6_head != NULL) {
1491  DetectAddressCleanupList(gh->ipv6_head);
1492  gh->ipv6_head = NULL;
1493  }
1494  }
1495 
1496  return;
1497 }
1498 
1499 /**
1500  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1501  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1502  * explanations on what these functions do.
1503  *
1504  * \param de_ctx Pointer to the DetectEngineCtx.
1505  * \param a Pointer the the first address to be cut.
1506  * \param b Pointer to the second address to be cut.
1507  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1508  * ranges from a and b, demand a third address range.
1509  *
1510  * \retval 0 On success.
1511  * \retval -1 On failure.
1512  */
1513 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1514  DetectAddress *b, DetectAddress **c)
1515 {
1516  if (a->ip.family == AF_INET)
1517  return DetectAddressCutIPv4(de_ctx, a, b, c);
1518  else if (a->ip.family == AF_INET6)
1519  return DetectAddressCutIPv6(de_ctx, a, b, c);
1520 
1521  return -1;
1522 }
1523 
1524 /**
1525  * \brief Cuts a negated address range with respect to the entire ip range, and
1526  * supplies with the address range that doesn't belong to the negated
1527  * address range.
1528  *
1529  * There are 2 cases here -
1530  *
1531  * The first case includes the address being located at the extreme ends
1532  * of the ip space, in which we get a single range.
1533  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1534  *
1535  * The second case includes the address not present at either of the
1536  * ip space extremes, in which case we get 2 ranges. The second range
1537  * would be supplied back with the argument "b" supplied to this function.
1538  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1539  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1540  *
1541  * The above negation cases can similarly be extended to ranges, i.e.
1542  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1543  * ![10.20.30.40 - 10.20.30.50].
1544  *
1545  *
1546  * \param a Pointer to the DetectAddressData instance, that contains the negated
1547  * address range that has to be cut.
1548  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1549  * filled with the address range, if the argument "a", doesn't fall at
1550  * the extreme ends of the ip address space.
1551  *
1552  * \retval 0 On success.
1553  * \retval -1 On failure.
1554  */
1555 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1556 {
1557  if (a->ip.family == AF_INET)
1558  return DetectAddressCutNotIPv4(a, b);
1559  else if (a->ip.family == AF_INET6)
1560  return DetectAddressCutNotIPv6(a, b);
1561 
1562  return -1;
1563 }
1564 
1565 /**
1566  * \brief Used to compare 2 address ranges.
1567  *
1568  * \param a Pointer to the first DetectAddressData to be compared.
1569  * \param b Pointer to the second DetectAddressData to be compared.
1570  */
1572 {
1573  if (a->ip.family != b->ip.family)
1574  return ADDRESS_ER;
1575 
1576  if (a->ip.family == AF_INET)
1577  return DetectAddressCmpIPv4(a, b);
1578  else if (a->ip.family == AF_INET6)
1579  return DetectAddressCmpIPv6(a, b);
1580 
1581  return ADDRESS_ER;
1582 }
1583 
1584 /**
1585  * \brief Match a packets address against a signatures addrs array
1586  *
1587  * \param addrs array of DetectMatchAddressIPv4's
1588  * \param addrs_cnt array size in members
1589  * \param a packets address
1590  *
1591  * \retval 0 no match
1592  * \retval 1 match
1593  *
1594  * \note addresses in addrs are in host order
1595  *
1596  * \todo array should be ordered, so we can break out of the loop
1597  */
1599  uint16_t addrs_cnt, const Address *a)
1600 {
1601  SCEnter();
1602 
1603  if (addrs == NULL || addrs_cnt == 0) {
1604  SCReturnInt(0);
1605  }
1606 
1607  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1608  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1609  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1610  {
1611  SCReturnInt(1);
1612  }
1613  }
1614 
1615  SCReturnInt(0);
1616 }
1617 
1618 /**
1619  * \brief Match a packets address against a signatures addrs array
1620  *
1621  * \param addrs array of DetectMatchAddressIPv6's
1622  * \param addrs_cnt array size in members
1623  * \param a packets address
1624  *
1625  * \retval 0 no match
1626  * \retval 1 match
1627  *
1628  * \note addresses in addrs are in host order
1629  *
1630  * \todo array should be ordered, so we can break out of the loop
1631  */
1633  uint16_t addrs_cnt, const Address *a)
1634 {
1635  SCEnter();
1636 
1637  if (addrs == NULL || addrs_cnt == 0) {
1638  SCReturnInt(0);
1639  }
1640 
1641  /* See if the packet address is within the range of any entry in the
1642  * signature's address match array.
1643  */
1644  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1645  uint16_t result1 = 0, result2 = 0;
1646 
1647  /* See if packet address equals either limit. Return 1 if true. */
1648  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1649  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1650  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1651  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1652  {
1653  SCReturnInt(1);
1654  }
1655  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1656  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1657  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1658  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1659  {
1660  SCReturnInt(1);
1661  }
1662 
1663  /* See if packet address is greater than lower limit
1664  * of the current signature address match pair.
1665  */
1666  for (int i = 0; i < 4; i++) {
1667  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1668  result1 = 1;
1669  break;
1670  }
1671  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1672  result1 = 0;
1673  break;
1674  }
1675  }
1676 
1677  /* If not greater than lower limit, try next address match entry */
1678  if (result1 == 0)
1679  continue;
1680 
1681  /* See if packet address is less than upper limit
1682  * of the current signature address match pair.
1683  */
1684  for (int i = 0; i < 4; i++) {
1685  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1686  result2 = 1;
1687  break;
1688  }
1689  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1690  result2 = 0;
1691  break;
1692  }
1693  }
1694 
1695  /* Return a match if packet address is between the two
1696  * signature address match limits.
1697  */
1698  if (result1 == 1 && result2 == 1)
1699  SCReturnInt(1);
1700  }
1701 
1702  SCReturnInt(0);
1703 }
1704 
1705 /**
1706  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1707  * range in the DetectAddress instance.
1708  *
1709  * We basically check that the address falls inbetween the address
1710  * range in DetectAddress.
1711  *
1712  * \param dd Pointer to the DetectAddress instance.
1713  * \param a Pointer to an Address instance.
1714  *
1715  * \param 1 On a match.
1716  * \param 0 On no match.
1717  */
1718 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1719 {
1720  SCEnter();
1721 
1722  if (dd->ip.family != a->family) {
1723  SCReturnInt(0);
1724  }
1725 
1726  //DetectAddressPrint(dd);
1727  //AddressDebugPrint(a);
1728 
1729  switch (a->family) {
1730  case AF_INET:
1731 
1732  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1733  * Address inside DetectAddressData we can do uint8_t checks */
1734  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1735  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1736  {
1737  SCReturnInt(1);
1738  } else {
1739  SCReturnInt(0);
1740  }
1741 
1742  break;
1743  case AF_INET6:
1744  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1745  AddressIPv6Le(a, &dd->ip2) == 1)
1746  {
1747  SCReturnInt(1);
1748  } else {
1749  SCReturnInt(0);
1750  }
1751 
1752  break;
1753  default:
1754  SCLogDebug("What other address type can we have :-/");
1755  break;
1756  }
1757 
1758  SCReturnInt(0);
1759 }
1760 
1761 #ifdef DEBUG
1762 /**
1763  * \brief Prints the address data held by the DetectAddress. If the address
1764  * data family is IPv4, we print the the ipv4 address and mask, and
1765  * if the address data family is IPv6, we print the ipv6 address and
1766  * mask.
1767  *
1768  * \param ad Pointer to the DetectAddress instance to be printed.
1769  */
1770 static void DetectAddressPrint(DetectAddress *gr)
1771 {
1772  if (gr == NULL)
1773  return;
1774 
1775  if (gr->ip.family == AF_INET) {
1776  struct in_addr in;
1777  char ip[16], mask[16];
1778 
1779  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1780  PrintInet(AF_INET, &in, ip, sizeof(ip));
1781  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1782  PrintInet(AF_INET, &in, mask, sizeof(mask));
1783 
1784  SCLogDebug("%s/%s", ip, mask);
1785 // printf("%s/%s", ip, mask);
1786  } else if (gr->ip.family == AF_INET6) {
1787  struct in6_addr in6;
1788  char ip[66], mask[66];
1789 
1790  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1791  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1792  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1793  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1794 
1795  SCLogDebug("%s/%s", ip, mask);
1796 // printf("%s/%s", ip, mask);
1797  }
1798 
1799  return;
1800 }
1801 #endif
1802 
1803 /**
1804  * \brief Find the group matching address in a group head.
1805  *
1806  * \param gh Pointer to the address group head(DetectAddressHead instance).
1807  * \param a Pointer to an Address instance.
1808  *
1809  * \retval g On success pointer to an DetectAddress if we find a match
1810  * for the Address "a", in the DetectAddressHead "gh".
1811  */
1813 {
1814  SCEnter();
1815 
1816  DetectAddress *g = NULL;
1817 
1818  if (gh == NULL) {
1819  SCReturnPtr(NULL, "DetectAddress");
1820  }
1821 
1822  /* XXX should we really do this check every time we run this function? */
1823  if (a->family == AF_INET) {
1824  SCLogDebug("IPv4");
1825  g = gh->ipv4_head;
1826  } else if (a->family == AF_INET6) {
1827  SCLogDebug("IPv6");
1828  g = gh->ipv6_head;
1829  }
1830 
1831  for ( ; g != NULL; g = g->next) {
1832  if (DetectAddressMatch(g,a) == 1) {
1833  SCReturnPtr(g, "DetectAddress");
1834  }
1835  }
1836 
1837  SCReturnPtr(NULL, "DetectAddress");
1838 }
1839 
1840 /********************************Unittests*************************************/
1841 
1842 #ifdef UNITTESTS
1843 
1844 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1845 {
1846  char str1[46] = "", str2[46] = "";
1847 
1848  if (ad == NULL)
1849  return FALSE;
1850 
1851  switch(ad->ip.family) {
1852  case AF_INET:
1853  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1854  SCLogDebug("%s", str1);
1855  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1856  SCLogDebug("%s", str2);
1857 
1858  if (strcmp(str1, one) != 0) {
1859  SCLogInfo("%s != %s", str1, one);
1860  return FALSE;
1861  }
1862 
1863  if (strcmp(str2, two) != 0) {
1864  SCLogInfo("%s != %s", str2, two);
1865  return FALSE;
1866  }
1867 
1868  return TRUE;
1869  break;
1870 
1871  case AF_INET6:
1872  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1873  SCLogDebug("%s", str1);
1874  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1875  SCLogDebug("%s", str2);
1876 
1877  if (strcmp(str1, one) != 0) {
1878  SCLogInfo("%s != %s", str1, one);
1879  return FALSE;
1880  }
1881 
1882  if (strcmp(str2, two) != 0) {
1883  SCLogInfo("%s != %s", str2, two);
1884  return FALSE;
1885  }
1886 
1887  return TRUE;
1888  break;
1889  }
1890 
1891  return FALSE;
1892 }
1893 
1895  const char *one;
1896  const char *two;
1898 
1899 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1900 {
1901  int expect = nranges;
1902  int have = 0;
1903 
1904  if (gh == NULL)
1905  return FALSE;
1906 
1907  DetectAddress *ad = NULL;
1908  ad = gh->ipv4_head;
1909  if (ad == NULL)
1910  ad = gh->ipv6_head;
1911  while (have < expect) {
1912  if (ad == NULL) {
1913  printf("bad head: have %d ranges, expected %d: ", have, expect);
1914  return FALSE;
1915  }
1916 
1917  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1918  return FALSE;
1919 
1920  ad = ad->next;
1921  have++;
1922  }
1923 
1924  return TRUE;
1925 }
1926 
1927 static int AddressTestParse01(void)
1928 {
1929  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1930 
1931  if (dd) {
1932  DetectAddressFree(dd);
1933  return 1;
1934  }
1935 
1936  return 0;
1937 }
1938 
1939 static int AddressTestParse02(void)
1940 {
1941  int result = 1;
1942  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1943 
1944  if (dd) {
1945  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1946  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1947  result = 0;
1948  }
1949 
1950  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1951  DetectAddressFree(dd);
1952  return result;
1953  }
1954 
1955  return 0;
1956 }
1957 
1958 static int AddressTestParse03(void)
1959 {
1960  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1961 
1962  if (dd) {
1963  DetectAddressFree(dd);
1964  return 1;
1965  }
1966 
1967  return 0;
1968 }
1969 
1970 static int AddressTestParse04(void)
1971 {
1972  int result = 1;
1973  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1974 
1975  if (dd) {
1976  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
1977  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
1978  result = 0;
1979  }
1980 
1981  DetectAddressFree(dd);
1982  return result;
1983  }
1984 
1985  return 0;
1986 }
1987 
1988 static int AddressTestParse05(void)
1989 {
1990  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1991 
1992  if (dd) {
1993  DetectAddressFree(dd);
1994  return 1;
1995  }
1996 
1997  return 0;
1998 }
1999 
2000 static int AddressTestParse06(void)
2001 {
2002  int result = 1;
2003  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2004 
2005  if (dd) {
2006  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2007  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2008  result = 0;
2009  }
2010 
2011  DetectAddressFree(dd);
2012  return result;
2013  }
2014 
2015  return 0;
2016 }
2017 
2018 static int AddressTestParse07(void)
2019 {
2020  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2021 
2022  if (dd) {
2023  DetectAddressFree(dd);
2024  return 1;
2025  }
2026 
2027  return 0;
2028 }
2029 
2030 static int AddressTestParse08(void)
2031 {
2032  int result = 1;
2033  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2034 
2035  if (dd) {
2036  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2037  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2038 
2039  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2040  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2041  DetectAddressPrint(dd);
2042  result = 0;
2043  }
2044 
2045  DetectAddressFree(dd);
2046  return result;
2047  }
2048 
2049  return 0;
2050 }
2051 
2052 static int AddressTestParse09(void)
2053 {
2054  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2055 
2056  if (dd) {
2057  DetectAddressFree(dd);
2058  return 1;
2059  }
2060 
2061  return 0;
2062 }
2063 
2064 static int AddressTestParse10(void)
2065 {
2066  int result = 1;
2067  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2068 
2069  if (dd) {
2070  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2071  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2072 
2073  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2074  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2075  DetectAddressPrint(dd);
2076  result = 0;
2077  }
2078 
2079  DetectAddressFree(dd);
2080  return result;
2081  }
2082 
2083  return 0;
2084 }
2085 
2086 static int AddressTestParse11(void)
2087 {
2088  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2089 
2090  if (dd) {
2091  DetectAddressFree(dd);
2092  return 1;
2093  }
2094 
2095  return 0;
2096 }
2097 
2098 static int AddressTestParse12(void)
2099 {
2100  int result = 1;
2101  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2102 
2103  if (dd) {
2104  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2105  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2106 
2107  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2108  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2109  DetectAddressPrint(dd);
2110  result = 0;
2111  }
2112 
2113  DetectAddressFree(dd);
2114  return result;
2115  }
2116 
2117  return 0;
2118 }
2119 static int AddressTestParse13(void)
2120 {
2121  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2122 
2123  if (dd) {
2124  DetectAddressFree(dd);
2125  return 1;
2126  }
2127 
2128  return 0;
2129 }
2130 
2131 static int AddressTestParse14(void)
2132 {
2133  int result = 1;
2134  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2135 
2136  if (dd) {
2137  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2138  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2139 
2140  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2141  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2142  result = 0;
2143  }
2144 
2145  DetectAddressFree(dd);
2146  return result;
2147  }
2148 
2149  return 0;
2150 }
2151 
2152 static int AddressTestParse15(void)
2153 {
2154  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2155 
2156  if (dd) {
2157  DetectAddressFree(dd);
2158  return 1;
2159  }
2160 
2161  return 0;
2162 }
2163 
2164 static int AddressTestParse16(void)
2165 {
2166  int result = 1;
2167  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2168 
2169  if (dd) {
2170  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2171  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2172 
2173  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2174  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2175  result = 0;
2176  }
2177 
2178  DetectAddressFree(dd);
2179  return result;
2180  }
2181 
2182  return 0;
2183 }
2184 
2185 static int AddressTestParse17(void)
2186 {
2187  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2188 
2189  if (dd) {
2190  DetectAddressFree(dd);
2191  return 1;
2192  }
2193 
2194  return 0;
2195 }
2196 
2197 static int AddressTestParse18(void)
2198 {
2199  int result = 1;
2200  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2201 
2202  if (dd) {
2203  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2204  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2205  result = 0;
2206  }
2207 
2208  DetectAddressFree(dd);
2209  return result;
2210  }
2211 
2212  return 0;
2213 }
2214 
2215 static int AddressTestParse19(void)
2216 {
2217  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2218 
2219  if (dd) {
2220  DetectAddressFree(dd);
2221  return 0;
2222  }
2223 
2224  return 1;
2225 }
2226 
2227 static int AddressTestParse20(void)
2228 {
2229  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2230 
2231  if (dd) {
2232  DetectAddressFree(dd);
2233  return 1;
2234  }
2235 
2236  return 0;
2237 }
2238 
2239 static int AddressTestParse21(void)
2240 {
2241  int result = 1;
2242  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2243 
2244  if (dd) {
2245  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2246  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2247 
2248  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2249  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2250  result = 0;
2251  }
2252 
2253  DetectAddressFree(dd);
2254  return result;
2255  }
2256 
2257  return 0;
2258 }
2259 
2260 static int AddressTestParse22(void)
2261 {
2262  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2263 
2264  if (dd) {
2265  DetectAddressFree(dd);
2266  return 0;
2267  }
2268 
2269  return 1;
2270 }
2271 
2272 static int AddressTestParse23(void)
2273 {
2274  DetectAddressHead *gh = DetectAddressHeadInit();
2275  FAIL_IF_NULL(gh);
2276  int r = DetectAddressParse(NULL, gh, "any");
2277  FAIL_IF_NOT(r == 0);
2278  DetectAddressHeadFree(gh);
2279  PASS;
2280 }
2281 
2282 static int AddressTestParse24(void)
2283 {
2284  DetectAddressHead *gh = DetectAddressHeadInit();
2285  FAIL_IF_NULL(gh);
2286  int r = DetectAddressParse(NULL, gh, "Any");
2287  FAIL_IF_NOT(r == 0);
2288  DetectAddressHeadFree(gh);
2289  PASS;
2290 }
2291 
2292 static int AddressTestParse25(void)
2293 {
2294  DetectAddressHead *gh = DetectAddressHeadInit();
2295  FAIL_IF_NULL(gh);
2296  int r = DetectAddressParse(NULL, gh, "ANY");
2297  FAIL_IF_NOT(r == 0);
2298  DetectAddressHeadFree(gh);
2299  PASS;
2300 }
2301 
2302 /** \test recursion limit */
2303 static int AddressTestParse26(void)
2304 {
2305  DetectAddressHead *gh = DetectAddressHeadInit();
2306  FAIL_IF_NULL(gh);
2307  /* exactly 64: should pass */
2308  int r = DetectAddressParse(NULL, gh,
2309  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2310  "1.2.3.4"
2311  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2312  );
2313  FAIL_IF_NOT(r == 0);
2314  DetectAddressHeadFree(gh);
2315  gh = DetectAddressHeadInit();
2316  FAIL_IF_NULL(gh);
2317  /* exactly 65: should fail */
2318  r = DetectAddressParse(NULL, gh,
2319  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2320  "1.2.3.4"
2321  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2322  );
2323  FAIL_IF(r == 0);
2324  DetectAddressHeadFree(gh);
2325  PASS;
2326 }
2327 
2328 static int AddressTestParse27(void)
2329 {
2330  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2331 
2332  if (dd) {
2333  DetectAddressFree(dd);
2334  return 1;
2335  }
2336 
2337  return 0;
2338 }
2339 
2340 static int AddressTestParse28(void)
2341 {
2342  int result = 0;
2343  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2344 
2345  if (dd) {
2346  if (dd->flags & ADDRESS_FLAG_NOT &&
2347  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2348  result = 1;
2349  }
2350 
2351  DetectAddressFree(dd);
2352  return result;
2353  }
2354 
2355  return 0;
2356 }
2357 
2358 static int AddressTestParse29(void)
2359 {
2360  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2361 
2362  if (dd) {
2363  DetectAddressFree(dd);
2364  return 1;
2365  }
2366 
2367  return 0;
2368 }
2369 
2370 static int AddressTestParse30(void)
2371 {
2372  int result = 0;
2373  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2374 
2375  if (dd) {
2376  if (dd->flags & ADDRESS_FLAG_NOT &&
2377  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2378  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2379  result = 1;
2380  }
2381 
2382  DetectAddressFree(dd);
2383  return result;
2384  }
2385 
2386  return 0;
2387 }
2388 
2389 /**
2390  * \test make sure !any is rejected
2391  */
2392 static int AddressTestParse31(void)
2393 {
2394  DetectAddress *dd = DetectAddressParseSingle("!any");
2395 
2396  if (dd) {
2397  DetectAddressFree(dd);
2398  return 0;
2399  }
2400 
2401  return 1;
2402 }
2403 
2404 static int AddressTestParse32(void)
2405 {
2406  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2407 
2408  if (dd) {
2409  DetectAddressFree(dd);
2410  return 1;
2411  }
2412 
2413  return 0;
2414 }
2415 
2416 static int AddressTestParse33(void)
2417 {
2418  int result = 0;
2419  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2420 
2421  if (dd) {
2422  if (dd->flags & ADDRESS_FLAG_NOT &&
2423  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2424  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2425  result = 1;
2426  }
2427 
2428  DetectAddressFree(dd);
2429  return result;
2430  }
2431 
2432  return 0;
2433 }
2434 
2435 static int AddressTestParse34(void)
2436 {
2437  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2438 
2439  if (dd) {
2440  DetectAddressFree(dd);
2441  return 1;
2442  }
2443 
2444  return 0;
2445 }
2446 
2447 static int AddressTestParse35(void)
2448 {
2449  int result = 0;
2450  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2451 
2452  if (dd) {
2453  if (dd->flags & ADDRESS_FLAG_NOT &&
2454  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2455  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2456 
2457  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2458  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2459  result = 1;
2460  }
2461 
2462  DetectAddressFree(dd);
2463  return result;
2464  }
2465 
2466  return 0;
2467 }
2468 
2469 static int AddressTestParse36(void)
2470 {
2471  int result = 1;
2472  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2473 
2474  if (dd) {
2475  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2476  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2477 
2478  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2479  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2480 
2481  DetectAddressPrint(dd);
2482  result = 0;
2483  }
2484  DetectAddressPrint(dd);
2485 
2486  DetectAddressFree(dd);
2487  return result;
2488  }
2489 
2490  return 0;
2491 }
2492 
2493 static int AddressTestParse37(void)
2494 {
2495  int result = 1;
2496  DetectAddress *dd = DetectAddressParseSingle("::/0");
2497 
2498  if (dd) {
2499  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2500  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2501 
2502  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2503  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2504  DetectAddressPrint(dd);
2505  result = 0;
2506  }
2507  DetectAddressPrint(dd);
2508 
2509  DetectAddressFree(dd);
2510  return result;
2511  }
2512 
2513  return 0;
2514 }
2515 
2516 static int AddressTestMatch01(void)
2517 {
2518  DetectAddress *dd = NULL;
2519  int result = 1;
2520  struct in_addr in;
2521  Address a;
2522 
2523  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2524  return 0;
2525  memset(&a, 0, sizeof(Address));
2526  a.family = AF_INET;
2527  a.addr_data32[0] = in.s_addr;
2528 
2529  dd = DetectAddressParseSingle("1.2.3.4/24");
2530  if (dd) {
2531  if (DetectAddressMatch(dd, &a) == 0)
2532  result = 0;
2533 
2534  DetectAddressFree(dd);
2535  return result;
2536  }
2537 
2538  return 0;
2539 }
2540 
2541 static int AddressTestMatch02(void)
2542 {
2543  DetectAddress *dd = NULL;
2544  int result = 1;
2545  struct in_addr in;
2546  Address a;
2547 
2548  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2549  return 0;
2550  memset(&a, 0, sizeof(Address));
2551  a.family = AF_INET;
2552  a.addr_data32[0] = in.s_addr;
2553 
2554  dd = DetectAddressParseSingle("1.2.3.4/25");
2555  if (dd) {
2556  if (DetectAddressMatch(dd, &a) == 0)
2557  result = 0;
2558 
2559  DetectAddressFree(dd);
2560  return result;
2561  }
2562 
2563  return 0;
2564 }
2565 
2566 static int AddressTestMatch03(void)
2567 {
2568  DetectAddress *dd = NULL;
2569  int result = 1;
2570  struct in_addr in;
2571  Address a;
2572 
2573  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2574  return 0;
2575  memset(&a, 0, sizeof(Address));
2576  a.family = AF_INET;
2577  a.addr_data32[0] = in.s_addr;
2578 
2579  dd = DetectAddressParseSingle("1.2.3.4/25");
2580  if (dd) {
2581  if (DetectAddressMatch(dd, &a) == 1)
2582  result = 0;
2583 
2584  DetectAddressFree(dd);
2585  return result;
2586  }
2587 
2588  return 0;
2589 }
2590 
2591 static int AddressTestMatch04(void)
2592 {
2593  DetectAddress *dd = NULL;
2594  int result = 1;
2595  struct in_addr in;
2596  Address a;
2597 
2598  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2599  return 0;
2600  memset(&a, 0, sizeof(Address));
2601  a.family = AF_INET;
2602  a.addr_data32[0] = in.s_addr;
2603 
2604  dd = DetectAddressParseSingle("1.2.3.4/25");
2605  if (dd) {
2606  if (DetectAddressMatch(dd, &a) == 1)
2607  result = 0;
2608 
2609  DetectAddressFree(dd);
2610  return result;
2611  }
2612 
2613  return 0;
2614 }
2615 
2616 static int AddressTestMatch05(void)
2617 {
2618  DetectAddress *dd = NULL;
2619  int result = 1;
2620  struct in_addr in;
2621  Address a;
2622 
2623  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2624  return 0;
2625  memset(&a, 0, sizeof(Address));
2626  a.family = AF_INET;
2627  a.addr_data32[0] = in.s_addr;
2628 
2629  dd = DetectAddressParseSingle("1.2.3.4/32");
2630  if (dd) {
2631  if (DetectAddressMatch(dd, &a) == 0)
2632  result = 0;
2633 
2634  DetectAddressFree(dd);
2635  return result;
2636  }
2637 
2638  return 0;
2639 }
2640 
2641 static int AddressTestMatch06(void)
2642 {
2643  DetectAddress *dd = NULL;
2644  int result = 1;
2645  struct in_addr in;
2646  Address a;
2647 
2648  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2649  return 0;
2650  memset(&a, 0, sizeof(Address));
2651  a.family = AF_INET;
2652  a.addr_data32[0] = in.s_addr;
2653 
2654  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2655  if (dd) {
2656  if (DetectAddressMatch(dd, &a) == 0)
2657  result = 0;
2658 
2659  DetectAddressFree(dd);
2660  return result;
2661  }
2662 
2663  return 0;
2664 }
2665 
2666 static int AddressTestMatch07(void)
2667 {
2668  DetectAddress *dd = NULL;
2669  int result = 1;
2670  struct in6_addr in6;
2671  Address a;
2672 
2673  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2674  return 0;
2675  memset(&a, 0, sizeof(Address));
2676  a.family = AF_INET6;
2677  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2678 
2679  dd = DetectAddressParseSingle("2001::/3");
2680  if (dd) {
2681  if (DetectAddressMatch(dd, &a) == 0)
2682  result = 0;
2683 
2684  DetectAddressFree(dd);
2685  return result;
2686  }
2687 
2688  return 0;
2689 }
2690 
2691 static int AddressTestMatch08(void)
2692 {
2693  DetectAddress *dd = NULL;
2694  int result = 1;
2695  struct in6_addr in6;
2696  Address a;
2697 
2698  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2699  return 0;
2700  memset(&a, 0, sizeof(Address));
2701  a.family = AF_INET6;
2702  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2703 
2704  dd = DetectAddressParseSingle("2001::/3");
2705  if (dd) {
2706  if (DetectAddressMatch(dd, &a) == 1)
2707  result = 0;
2708 
2709  DetectAddressFree(dd);
2710  return result;
2711  }
2712 
2713  return 0;
2714 }
2715 
2716 static int AddressTestMatch09(void)
2717 {
2718  DetectAddress *dd = NULL;
2719  int result = 1;
2720  struct in6_addr in6;
2721  Address a;
2722 
2723  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2724  return 0;
2725  memset(&a, 0, sizeof(Address));
2726  a.family = AF_INET6;
2727  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2728 
2729  dd = DetectAddressParseSingle("2001::1/128");
2730  if (dd) {
2731  if (DetectAddressMatch(dd, &a) == 1)
2732  result = 0;
2733 
2734  DetectAddressFree(dd);
2735  return result;
2736  }
2737 
2738  return 0;
2739 }
2740 
2741 static int AddressTestMatch10(void)
2742 {
2743  DetectAddress *dd = NULL;
2744  int result = 1;
2745  struct in6_addr in6;
2746  Address a;
2747 
2748  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2749  return 0;
2750  memset(&a, 0, sizeof(Address));
2751  a.family = AF_INET6;
2752  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2753 
2754  dd = DetectAddressParseSingle("2001::1/126");
2755  if (dd) {
2756  if (DetectAddressMatch(dd, &a) == 0)
2757  result = 0;
2758 
2759  DetectAddressFree(dd);
2760  return result;
2761  }
2762 
2763  return 0;
2764 }
2765 
2766 static int AddressTestMatch11(void)
2767 {
2768  DetectAddress *dd = NULL;
2769  int result = 1;
2770  struct in6_addr in6;
2771  Address a;
2772 
2773  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2774  return 0;
2775  memset(&a, 0, sizeof(Address));
2776  a.family = AF_INET6;
2777  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2778 
2779  dd = DetectAddressParseSingle("2001::1/127");
2780  if (dd) {
2781  if (DetectAddressMatch(dd, &a) == 1)
2782  result = 0;
2783 
2784  DetectAddressFree(dd);
2785  return result;
2786  }
2787 
2788  return 0;
2789 }
2790 
2791 static int AddressTestCmp01(void)
2792 {
2793  DetectAddress *da = NULL, *db = NULL;
2794  int result = 1;
2795 
2796  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2797  if (da == NULL) goto error;
2798  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2799  if (db == NULL) goto error;
2800 
2801  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2802  result = 0;
2803 
2804  DetectAddressFree(da);
2805  DetectAddressFree(db);
2806  return result;
2807 
2808 error:
2809  if (da) DetectAddressFree(da);
2810  if (db) DetectAddressFree(db);
2811  return 0;
2812 }
2813 
2814 static int AddressTestCmp02(void)
2815 {
2816  DetectAddress *da = NULL, *db = NULL;
2817  int result = 1;
2818 
2819  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2820  if (da == NULL) goto error;
2821  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2822  if (db == NULL) goto error;
2823 
2824  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2825  result = 0;
2826 
2827  DetectAddressFree(da);
2828  DetectAddressFree(db);
2829  return result;
2830 
2831 error:
2832  if (da) DetectAddressFree(da);
2833  if (db) DetectAddressFree(db);
2834  return 0;
2835 }
2836 
2837 static int AddressTestCmp03(void)
2838 {
2839  DetectAddress *da = NULL, *db = NULL;
2840  int result = 1;
2841 
2842  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2843  if (da == NULL) goto error;
2844  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2845  if (db == NULL) goto error;
2846 
2847  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2848  result = 0;
2849 
2850  DetectAddressFree(da);
2851  DetectAddressFree(db);
2852  return result;
2853 
2854 error:
2855  if (da) DetectAddressFree(da);
2856  if (db) DetectAddressFree(db);
2857  return 0;
2858 }
2859 
2860 static int AddressTestCmp04(void)
2861 {
2862  DetectAddress *da = NULL, *db = NULL;
2863  int result = 1;
2864 
2865  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2866  if (da == NULL) goto error;
2867  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2868  if (db == NULL) goto error;
2869 
2870  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2871  result = 0;
2872 
2873  DetectAddressFree(da);
2874  DetectAddressFree(db);
2875  return result;
2876 
2877 error:
2878  if (da) DetectAddressFree(da);
2879  if (db) DetectAddressFree(db);
2880  return 0;
2881 }
2882 
2883 static int AddressTestCmp05(void)
2884 {
2885  DetectAddress *da = NULL, *db = NULL;
2886  int result = 1;
2887 
2888  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2889  if (da == NULL) goto error;
2890  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2891  if (db == NULL) goto error;
2892 
2893  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2894  result = 0;
2895 
2896  DetectAddressFree(da);
2897  DetectAddressFree(db);
2898  return result;
2899 
2900 error:
2901  if (da) DetectAddressFree(da);
2902  if (db) DetectAddressFree(db);
2903  return 0;
2904 }
2905 
2906 static int AddressTestCmp06(void)
2907 {
2908  DetectAddress *da = NULL, *db = NULL;
2909  int result = 1;
2910 
2911  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2912  if (da == NULL) goto error;
2913  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2914  if (db == NULL) goto error;
2915 
2916  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2917  result = 0;
2918 
2919  DetectAddressFree(da);
2920  DetectAddressFree(db);
2921  return result;
2922 
2923 error:
2924  if (da) DetectAddressFree(da);
2925  if (db) DetectAddressFree(db);
2926  return 0;
2927 }
2928 
2929 static int AddressTestCmpIPv407(void)
2930 {
2931  DetectAddress *da = NULL, *db = NULL;
2932  int result = 1;
2933 
2934  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2935  if (da == NULL) goto error;
2936  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2937  if (db == NULL) goto error;
2938 
2939  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2940  result = 0;
2941 
2942  DetectAddressFree(da);
2943  DetectAddressFree(db);
2944  return result;
2945 
2946 error:
2947  if (da) DetectAddressFree(da);
2948  if (db) DetectAddressFree(db);
2949  return 0;
2950 }
2951 
2952 static int AddressTestCmpIPv408(void)
2953 {
2954  DetectAddress *da = NULL, *db = NULL;
2955  int result = 1;
2956 
2957  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2958  if (da == NULL) goto error;
2959  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2960  if (db == NULL) goto error;
2961 
2962  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2963  result = 0;
2964 
2965  DetectAddressFree(da);
2966  DetectAddressFree(db);
2967  return result;
2968 
2969 error:
2970  if (da) DetectAddressFree(da);
2971  if (db) DetectAddressFree(db);
2972  return 0;
2973 }
2974 
2975 static int AddressTestCmp07(void)
2976 {
2977  DetectAddress *da = NULL, *db = NULL;
2978  int result = 1;
2979 
2980  da = DetectAddressParseSingle("2001::/3");
2981  if (da == NULL) goto error;
2982  db = DetectAddressParseSingle("2001::1/3");
2983  if (db == NULL) goto error;
2984 
2985  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2986  result = 0;
2987 
2988  DetectAddressFree(da);
2989  DetectAddressFree(db);
2990  return result;
2991 
2992 error:
2993  if (da) DetectAddressFree(da);
2994  if (db) DetectAddressFree(db);
2995  return 0;
2996 }
2997 
2998 static int AddressTestCmp08(void)
2999 {
3000  DetectAddress *da = NULL, *db = NULL;
3001  int result = 1;
3002 
3003  da = DetectAddressParseSingle("2001::/3");
3004  if (da == NULL) goto error;
3005  db = DetectAddressParseSingle("2001::/8");
3006  if (db == NULL) goto error;
3007 
3008  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3009  result = 0;
3010 
3011  DetectAddressFree(da);
3012  DetectAddressFree(db);
3013  return result;
3014 
3015 error:
3016  if (da) DetectAddressFree(da);
3017  if (db) DetectAddressFree(db);
3018  return 0;
3019 }
3020 
3021 static int AddressTestCmp09(void)
3022 {
3023  DetectAddress *da = NULL, *db = NULL;
3024  int result = 1;
3025 
3026  da = DetectAddressParseSingle("2001::/8");
3027  if (da == NULL) goto error;
3028  db = DetectAddressParseSingle("2001::/3");
3029  if (db == NULL) goto error;
3030 
3031  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3032  result = 0;
3033 
3034  DetectAddressFree(da);
3035  DetectAddressFree(db);
3036  return result;
3037 
3038 error:
3039  if (da) DetectAddressFree(da);
3040  if (db) DetectAddressFree(db);
3041  return 0;
3042 }
3043 
3044 static int AddressTestCmp10(void)
3045 {
3046  DetectAddress *da = NULL, *db = NULL;
3047  int result = 1;
3048 
3049  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3050  if (da == NULL) goto error;
3051  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3052  if (db == NULL) goto error;
3053 
3054  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3055  result = 0;
3056 
3057  DetectAddressFree(da);
3058  DetectAddressFree(db);
3059  return result;
3060 
3061 error:
3062  if (da) DetectAddressFree(da);
3063  if (db) DetectAddressFree(db);
3064  return 0;
3065 }
3066 
3067 static int AddressTestCmp11(void)
3068 {
3069  DetectAddress *da = NULL, *db = NULL;
3070  int result = 1;
3071 
3072  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3073  if (da == NULL) goto error;
3074  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3075  if (db == NULL) goto error;
3076 
3077  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3078  result = 0;
3079 
3080  DetectAddressFree(da);
3081  DetectAddressFree(db);
3082  return result;
3083 
3084 error:
3085  if (da) DetectAddressFree(da);
3086  if (db) DetectAddressFree(db);
3087  return 0;
3088 }
3089 
3090 static int AddressTestCmp12(void)
3091 {
3092  DetectAddress *da = NULL, *db = NULL;
3093  int result = 1;
3094 
3095  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3096  if (da == NULL) goto error;
3097  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3098  if (db == NULL) goto error;
3099 
3100  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3101  result = 0;
3102 
3103  DetectAddressFree(da);
3104  DetectAddressFree(db);
3105  return result;
3106 
3107 error:
3108  if (da) DetectAddressFree(da);
3109  if (db) DetectAddressFree(db);
3110  return 0;
3111 }
3112 
3113 static int AddressTestAddressGroupSetup01(void)
3114 {
3115  int result = 0;
3116  DetectAddressHead *gh = DetectAddressHeadInit();
3117 
3118  if (gh != NULL) {
3119  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3120  if (r == 0)
3121  result = 1;
3122 
3123  DetectAddressHeadFree(gh);
3124  }
3125  return result;
3126 }
3127 
3128 static int AddressTestAddressGroupSetup02(void)
3129 {
3130  int result = 0;
3131  DetectAddressHead *gh = DetectAddressHeadInit();
3132 
3133  if (gh != NULL) {
3134  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3135  if (r == 0 && gh->ipv4_head != NULL)
3136  result = 1;
3137 
3138  DetectAddressHeadFree(gh);
3139  }
3140  return result;
3141 }
3142 
3143 static int AddressTestAddressGroupSetup03(void)
3144 {
3145  int result = 0;
3146  DetectAddressHead *gh = DetectAddressHeadInit();
3147 
3148  if (gh != NULL) {
3149  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3150  if (r == 0 && gh->ipv4_head != NULL) {
3151  DetectAddress *prev_head = gh->ipv4_head;
3152 
3153  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3154  if (r == 0 && gh->ipv4_head != prev_head &&
3155  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3156  result = 1;
3157  }
3158  }
3159 
3160  DetectAddressHeadFree(gh);
3161  }
3162  return result;
3163 }
3164 
3165 static int AddressTestAddressGroupSetup04(void)
3166 {
3167  int result = 0;
3168  DetectAddressHead *gh = DetectAddressHeadInit();
3169 
3170  if (gh != NULL) {
3171  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3172  if (r == 0 && gh->ipv4_head != NULL) {
3173  DetectAddress *prev_head = gh->ipv4_head;
3174 
3175  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3176  if (r == 0 && gh->ipv4_head != prev_head &&
3177  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3178  DetectAddress *ph = gh->ipv4_head;
3179 
3180  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3181  if (r == 0 && gh->ipv4_head != ph &&
3182  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3183  result = 1;
3184  }
3185  }
3186  }
3187 
3188  DetectAddressHeadFree(gh);
3189  }
3190  return result;
3191 }
3192 
3193 static int AddressTestAddressGroupSetup05(void)
3194 {
3195  int result = 0;
3196  DetectAddressHead *gh = DetectAddressHeadInit();
3197 
3198  if (gh != NULL) {
3199  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3200  if (r == 0 && gh->ipv4_head != NULL) {
3201  DetectAddress *prev_head = gh->ipv4_head;
3202 
3203  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3204  if (r == 0 && gh->ipv4_head == prev_head &&
3205  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3206  DetectAddress *ph = gh->ipv4_head;
3207 
3208  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3209  if (r == 0 && gh->ipv4_head == ph &&
3210  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3211  result = 1;
3212  }
3213  }
3214  }
3215 
3216  DetectAddressHeadFree(gh);
3217  }
3218  return result;
3219 }
3220 
3221 static int AddressTestAddressGroupSetup06(void)
3222 {
3223  int result = 0;
3224  DetectAddressHead *gh = DetectAddressHeadInit();
3225 
3226  if (gh != NULL) {
3227  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3228  if (r == 0 && gh->ipv4_head != NULL) {
3229  DetectAddress *prev_head = gh->ipv4_head;
3230 
3231  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3232  if (r == 0 && gh->ipv4_head == prev_head &&
3233  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3234  result = 1;
3235  }
3236  }
3237 
3238  DetectAddressHeadFree(gh);
3239  }
3240  return result;
3241 }
3242 
3243 static int AddressTestAddressGroupSetup07(void)
3244 {
3245  int result = 0;
3246  DetectAddressHead *gh = DetectAddressHeadInit();
3247 
3248  if (gh != NULL) {
3249  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3250  if (r == 0 && gh->ipv4_head != NULL) {
3251  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3252  if (r == 0 && gh->ipv4_head != NULL &&
3253  gh->ipv4_head->next != NULL &&
3254  gh->ipv4_head->next->next != NULL) {
3255  result = 1;
3256  }
3257  }
3258 
3259  DetectAddressHeadFree(gh);
3260  }
3261  return result;
3262 }
3263 
3264 static int AddressTestAddressGroupSetup08(void)
3265 {
3266  int result = 0;
3267  DetectAddressHead *gh = DetectAddressHeadInit();
3268 
3269  if (gh != NULL) {
3270  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3271  if (r == 0 && gh->ipv4_head != NULL) {
3272  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3273  if (r == 0 && gh->ipv4_head != NULL &&
3274  gh->ipv4_head->next != NULL &&
3275  gh->ipv4_head->next->next != NULL) {
3276  result = 1;
3277  }
3278  }
3279 
3280  DetectAddressHeadFree(gh);
3281  }
3282  return result;
3283 }
3284 
3285 static int AddressTestAddressGroupSetup09(void)
3286 {
3287  int result = 0;
3288  DetectAddressHead *gh = DetectAddressHeadInit();
3289 
3290  if (gh != NULL) {
3291  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3292  if (r == 0 && gh->ipv4_head != NULL) {
3293  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3294  if (r == 0 && gh->ipv4_head != NULL &&
3295  gh->ipv4_head->next != NULL &&
3296  gh->ipv4_head->next->next != NULL) {
3297  result = 1;
3298  }
3299  }
3300 
3301  DetectAddressHeadFree(gh);
3302  }
3303  return result;
3304 }
3305 
3306 static int AddressTestAddressGroupSetup10(void)
3307 {
3308  int result = 0;
3309  DetectAddressHead *gh = DetectAddressHeadInit();
3310 
3311  if (gh != NULL) {
3312  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3313  if (r == 0 && gh->ipv4_head != NULL) {
3314  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3315  if (r == 0 && gh->ipv4_head != NULL &&
3316  gh->ipv4_head->next != NULL &&
3317  gh->ipv4_head->next->next != NULL) {
3318  result = 1;
3319  }
3320  }
3321 
3322  DetectAddressHeadFree(gh);
3323  }
3324  return result;
3325 }
3326 
3327 static int AddressTestAddressGroupSetup11(void)
3328 {
3329  int result = 0;
3330  DetectAddressHead *gh = DetectAddressHeadInit();
3331 
3332  if (gh != NULL) {
3333  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3334  if (r == 0) {
3335  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3336  if (r == 0) {
3337  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3338  if (r == 0) {
3339  DetectAddress *one = gh->ipv4_head, *two = one->next,
3340  *three = two->next, *four = three->next,
3341  *five = four->next;
3342 
3343  /* result should be:
3344  * 0.0.0.0/10.10.9.255
3345  * 10.10.10.0/10.10.10.9
3346  * 10.10.10.10/10.10.10.255
3347  * 10.10.11.0/10.10.11.1
3348  * 10.10.11.2/255.255.255.255
3349  */
3350  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3351  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3352  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3353  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3354  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3355  result = 1;
3356  }
3357  }
3358  }
3359  }
3360 
3361  DetectAddressHeadFree(gh);
3362  }
3363  return result;
3364 }
3365 
3366 static int AddressTestAddressGroupSetup12 (void)
3367 {
3368  int result = 0;
3369  DetectAddressHead *gh = DetectAddressHeadInit();
3370 
3371  if (gh != NULL) {
3372  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3373  if (r == 0) {
3374  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3375  if (r == 0) {
3376  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3377  if (r == 0) {
3378  DetectAddress *one = gh->ipv4_head, *two = one->next,
3379  *three = two->next, *four = three->next,
3380  *five = four->next;
3381 
3382  /* result should be:
3383  * 0.0.0.0/10.10.9.255
3384  * 10.10.10.0/10.10.10.9
3385  * 10.10.10.10/10.10.10.255
3386  * 10.10.11.0/10.10.11.1
3387  * 10.10.11.2/255.255.255.255
3388  */
3389  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3390  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3391  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3392  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3393  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3394  result = 1;
3395  }
3396  }
3397  }
3398  }
3399 
3400  DetectAddressHeadFree(gh);
3401  }
3402  return result;
3403 }
3404 
3405 static int AddressTestAddressGroupSetup13(void)
3406 {
3407  int result = 0;
3408  DetectAddressHead *gh = DetectAddressHeadInit();
3409 
3410  if (gh != NULL) {
3411  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3412  if (r == 0) {
3413  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3414  if (r == 0) {
3415  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3416  if (r == 0) {
3417  DetectAddress *one = gh->ipv4_head, *two = one->next,
3418  *three = two->next, *four = three->next,
3419  *five = four->next;
3420 
3421  /* result should be:
3422  * 0.0.0.0/10.10.9.255
3423  * 10.10.10.0/10.10.10.9
3424  * 10.10.10.10/10.10.10.255
3425  * 10.10.11.0/10.10.11.1
3426  * 10.10.11.2/255.255.255.255
3427  */
3428  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3429  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3430  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3431  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3432  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3433  result = 1;
3434  }
3435  }
3436  }
3437  }
3438 
3439  DetectAddressHeadFree(gh);
3440  }
3441  return result;
3442 }
3443 
3444 static int AddressTestAddressGroupSetupIPv414(void)
3445 {
3446  DetectAddressHead *gh = DetectAddressHeadInit();
3447  FAIL_IF_NULL(gh);
3448 
3449  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3450  FAIL_IF_NOT(r == 1);
3451 
3452  DetectAddress *one = gh->ipv4_head;
3453  FAIL_IF_NULL(one);
3454  DetectAddress *two = one->next;
3455  FAIL_IF_NULL(two);
3456 
3457  /* result should be:
3458  * 0.0.0.0/1.2.3.3
3459  * 1.2.3.5/255.255.255.255
3460  */
3461  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3462  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3463  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3464  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3465  DetectAddressHeadFree(gh);
3466 
3467  PASS;
3468 }
3469 
3470 static int AddressTestAddressGroupSetupIPv415(void)
3471 {
3472  DetectAddressHead *gh = DetectAddressHeadInit();
3473  FAIL_IF_NULL(gh);
3474 
3475  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3476  FAIL_IF_NOT(r == 1);
3477 
3478  DetectAddress *one = gh->ipv4_head;
3479  FAIL_IF_NULL(one);
3480  FAIL_IF_NOT_NULL(one->next);
3481 
3482  /* result should be:
3483  * 0.0.0.1/255.255.255.255
3484  */
3485  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3486  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3487 
3488  DetectAddressHeadFree(gh);
3489  PASS;
3490 }
3491 
3492 static int AddressTestAddressGroupSetupIPv416(void)
3493 {
3494  DetectAddressHead *gh = DetectAddressHeadInit();
3495  FAIL_IF_NULL(gh);
3496 
3497  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3498  FAIL_IF_NOT(r == 1);
3499 
3500  DetectAddress *one = gh->ipv4_head;
3501  FAIL_IF_NULL(one);
3502  FAIL_IF_NOT_NULL(one->next);
3503 
3504  /* result should be:
3505  * 0.0.0.0/255.255.255.254
3506  */
3507  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3508  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3509 
3510  DetectAddressHeadFree(gh);
3511  PASS;
3512 }
3513 
3514 static int AddressTestAddressGroupSetup14(void)
3515 {
3516  int result = 0;
3517  DetectAddressHead *gh = DetectAddressHeadInit();
3518 
3519  if (gh != NULL) {
3520  int r = DetectAddressParse(NULL, gh, "2001::1");
3521  if (r == 0)
3522  result = 1;
3523 
3524  DetectAddressHeadFree(gh);
3525  }
3526  return result;
3527 }
3528 
3529 static int AddressTestAddressGroupSetup15(void)
3530 {
3531  int result = 0;
3532  DetectAddressHead *gh = DetectAddressHeadInit();
3533 
3534  if (gh != NULL) {
3535  int r = DetectAddressParse(NULL, gh, "2001::1");
3536  if (r == 0 && gh->ipv6_head != NULL)
3537  result = 1;
3538 
3539  DetectAddressHeadFree(gh);
3540  }
3541  return result;
3542 }
3543 
3544 static int AddressTestAddressGroupSetup16(void)
3545 {
3546  int result = 0;
3547  DetectAddressHead *gh = DetectAddressHeadInit();
3548 
3549  if (gh != NULL) {
3550  int r = DetectAddressParse(NULL, gh, "2001::4");
3551  if (r == 0 && gh->ipv6_head != NULL) {
3552  DetectAddress *prev_head = gh->ipv6_head;
3553 
3554  r = DetectAddressParse(NULL, gh, "2001::3");
3555  if (r == 0 && gh->ipv6_head != prev_head &&
3556  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3557  result = 1;
3558  }
3559  }
3560 
3561  DetectAddressHeadFree(gh);
3562  }
3563  return result;
3564 }
3565 
3566 static int AddressTestAddressGroupSetup17(void)
3567 {
3568  int result = 0;
3569  DetectAddressHead *gh = DetectAddressHeadInit();
3570 
3571  if (gh != NULL) {
3572  int r = DetectAddressParse(NULL, gh, "2001::4");
3573  if (r == 0 && gh->ipv6_head != NULL) {
3574  DetectAddress *prev_head = gh->ipv6_head;
3575 
3576  r = DetectAddressParse(NULL, gh, "2001::3");
3577  if (r == 0 && gh->ipv6_head != prev_head &&
3578  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3579  DetectAddress *ph = gh->ipv6_head;
3580 
3581  r = DetectAddressParse(NULL, gh, "2001::2");
3582  if (r == 0 && gh->ipv6_head != ph &&
3583  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3584  result = 1;
3585  }
3586  }
3587  }
3588 
3589  DetectAddressHeadFree(gh);
3590  }
3591  return result;
3592 }
3593 
3594 static int AddressTestAddressGroupSetup18(void)
3595 {
3596  int result = 0;
3597  DetectAddressHead *gh = DetectAddressHeadInit();
3598 
3599  if (gh != NULL) {
3600  int r = DetectAddressParse(NULL, gh, "2001::2");
3601  if (r == 0 && gh->ipv6_head != NULL) {
3602  DetectAddress *prev_head = gh->ipv6_head;
3603 
3604  r = DetectAddressParse(NULL, gh, "2001::3");
3605  if (r == 0 && gh->ipv6_head == prev_head &&
3606  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3607  DetectAddress *ph = gh->ipv6_head;
3608 
3609  r = DetectAddressParse(NULL, gh, "2001::4");
3610  if (r == 0 && gh->ipv6_head == ph &&
3611  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3612  result = 1;
3613  }
3614  }
3615  }
3616 
3617  DetectAddressHeadFree(gh);
3618  }
3619  return result;
3620 }
3621 
3622 static int AddressTestAddressGroupSetup19(void)
3623 {
3624  int result = 0;
3625  DetectAddressHead *gh = DetectAddressHeadInit();
3626 
3627  if (gh != NULL) {
3628  int r = DetectAddressParse(NULL, gh, "2001::2");
3629  if (r == 0 && gh->ipv6_head != NULL) {
3630  DetectAddress *prev_head = gh->ipv6_head;
3631 
3632  r = DetectAddressParse(NULL, gh, "2001::2");
3633  if (r == 0 && gh->ipv6_head == prev_head &&
3634  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3635  result = 1;
3636  }
3637  }
3638 
3639  DetectAddressHeadFree(gh);
3640  }
3641  return result;
3642 }
3643 
3644 static int AddressTestAddressGroupSetup20(void)
3645 {
3646  int result = 0;
3647  DetectAddressHead *gh = DetectAddressHeadInit();
3648 
3649  if (gh != NULL) {
3650  int r = DetectAddressParse(NULL, gh, "2000::/3");
3651  if (r == 0 && gh->ipv6_head != NULL) {
3652  r = DetectAddressParse(NULL, gh, "2001::4");
3653  if (r == 0 && gh->ipv6_head != NULL &&
3654  gh->ipv6_head->next != NULL &&
3655  gh->ipv6_head->next->next != NULL) {
3656  result = 1;
3657  }
3658  }
3659 
3660  DetectAddressHeadFree(gh);
3661  }
3662  return result;
3663 }
3664 
3665 static int AddressTestAddressGroupSetup21(void)
3666 {
3667  int result = 0;
3668  DetectAddressHead *gh = DetectAddressHeadInit();
3669 
3670  if (gh != NULL) {
3671  int r = DetectAddressParse(NULL, gh, "2001::4");
3672  if (r == 0 && gh->ipv6_head != NULL) {
3673  r = DetectAddressParse(NULL, gh, "2000::/3");
3674  if (r == 0 && gh->ipv6_head != NULL &&
3675  gh->ipv6_head->next != NULL &&
3676  gh->ipv6_head->next->next != NULL) {
3677  result = 1;
3678  }
3679  }
3680 
3681  DetectAddressHeadFree(gh);
3682  }
3683  return result;
3684 }
3685 
3686 static int AddressTestAddressGroupSetup22(void)
3687 {
3688  int result = 0;
3689  DetectAddressHead *gh = DetectAddressHeadInit();
3690 
3691  if (gh != NULL) {
3692  int r = DetectAddressParse(NULL, gh, "2000::/3");
3693  if (r == 0 && gh->ipv6_head != NULL) {
3694  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3695  if (r == 0 && gh->ipv6_head != NULL &&
3696  gh->ipv6_head->next != NULL &&
3697  gh->ipv6_head->next->next != NULL) {
3698  result = 1;
3699  }
3700  }
3701 
3702  DetectAddressHeadFree(gh);
3703  }
3704  return result;
3705 }
3706 
3707 static int AddressTestAddressGroupSetup23(void)
3708 {
3709  int result = 0;
3710  DetectAddressHead *gh = DetectAddressHeadInit();
3711 
3712  if (gh != NULL) {
3713  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3714  if (r == 0 && gh->ipv6_head != NULL) {
3715  r = DetectAddressParse(NULL, gh, "2000::/3");
3716  if (r == 0 && gh->ipv6_head != NULL &&
3717  gh->ipv6_head->next != NULL &&
3718  gh->ipv6_head->next->next != NULL) {
3719  result = 1;
3720  }
3721  }
3722 
3723  DetectAddressHeadFree(gh);
3724  }
3725  return result;
3726 }
3727 
3728 static int AddressTestAddressGroupSetup24(void)
3729 {
3730  int result = 0;
3731  DetectAddressHead *gh = DetectAddressHeadInit();
3732 
3733  if (gh != NULL) {
3734  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3735  if (r == 0) {
3736  r = DetectAddressParse(NULL, gh, "2001::/3");
3737  if (r == 0) {
3738  r = DetectAddressParse(NULL, gh, "::/0");
3739  if (r == 0) {
3740  DetectAddress *one = gh->ipv6_head, *two = one->next,
3741  *three = two->next, *four = three->next,
3742  *five = four->next;
3743  if (one->ip.addr_data32[0] == 0x00000000 &&
3744  one->ip.addr_data32[1] == 0x00000000 &&
3745  one->ip.addr_data32[2] == 0x00000000 &&
3746  one->ip.addr_data32[3] == 0x00000000 &&
3747  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3748  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3749  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3750  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3751 
3752  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3753  two->ip.addr_data32[1] == 0x00000000 &&
3754  two->ip.addr_data32[2] == 0x00000000 &&
3755  two->ip.addr_data32[3] == 0x00000000 &&
3756  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3757  two->ip2.addr_data32[1] == 0x00000000 &&
3758  two->ip2.addr_data32[2] == 0x00000000 &&
3759  two->ip2.addr_data32[3] == SCNtohl(3) &&
3760 
3761  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3762  three->ip.addr_data32[1] == 0x00000000 &&
3763  three->ip.addr_data32[2] == 0x00000000 &&
3764  three->ip.addr_data32[3] == SCNtohl(4) &&
3765  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3766  three->ip2.addr_data32[1] == 0x00000000 &&
3767  three->ip2.addr_data32[2] == 0x00000000 &&
3768  three->ip2.addr_data32[3] == SCNtohl(6) &&
3769 
3770  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3771  four->ip.addr_data32[1] == 0x00000000 &&
3772  four->ip.addr_data32[2] == 0x00000000 &&
3773  four->ip.addr_data32[3] == SCNtohl(7) &&
3774  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3775  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3776  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3777  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3778 
3779  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3780  five->ip.addr_data32[1] == 0x00000000 &&
3781  five->ip.addr_data32[2] == 0x00000000 &&
3782  five->ip.addr_data32[3] == 0x00000000 &&
3783  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3784  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3785  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3786  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3787  result = 1;
3788  }
3789  }
3790  }
3791  }
3792 
3793  DetectAddressHeadFree(gh);
3794  }
3795  return result;
3796 }
3797 
3798 static int AddressTestAddressGroupSetup25(void)
3799 {
3800  int result = 0;
3801  DetectAddressHead *gh = DetectAddressHeadInit();
3802 
3803  if (gh != NULL) {
3804  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3805  if (r == 0) {
3806  r = DetectAddressParse(NULL, gh, "::/0");
3807  if (r == 0) {
3808  r = DetectAddressParse(NULL, gh, "2001::/3");
3809  if (r == 0) {
3810  DetectAddress *one = gh->ipv6_head, *two = one->next,
3811  *three = two->next, *four = three->next,
3812  *five = four->next;
3813  if (one->ip.addr_data32[0] == 0x00000000 &&
3814  one->ip.addr_data32[1] == 0x00000000 &&
3815  one->ip.addr_data32[2] == 0x00000000 &&
3816  one->ip.addr_data32[3] == 0x00000000 &&
3817  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3818  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3819  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3820  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3821 
3822  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3823  two->ip.addr_data32[1] == 0x00000000 &&
3824  two->ip.addr_data32[2] == 0x00000000 &&
3825  two->ip.addr_data32[3] == 0x00000000 &&
3826  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3827  two->ip2.addr_data32[1] == 0x00000000 &&
3828  two->ip2.addr_data32[2] == 0x00000000 &&
3829  two->ip2.addr_data32[3] == SCNtohl(3) &&
3830 
3831  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3832  three->ip.addr_data32[1] == 0x00000000 &&
3833  three->ip.addr_data32[2] == 0x00000000 &&
3834  three->ip.addr_data32[3] == SCNtohl(4) &&
3835  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3836  three->ip2.addr_data32[1] == 0x00000000 &&
3837  three->ip2.addr_data32[2] == 0x00000000 &&
3838  three->ip2.addr_data32[3] == SCNtohl(6) &&
3839 
3840  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3841  four->ip.addr_data32[1] == 0x00000000 &&
3842  four->ip.addr_data32[2] == 0x00000000 &&
3843  four->ip.addr_data32[3] == SCNtohl(7) &&
3844  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3845  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3846  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3847  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3848 
3849  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3850  five->ip.addr_data32[1] == 0x00000000 &&
3851  five->ip.addr_data32[2] == 0x00000000 &&
3852  five->ip.addr_data32[3] == 0x00000000 &&
3853  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3854  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3855  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3856  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3857  result = 1;
3858  }
3859  }
3860  }
3861  }
3862 
3863  DetectAddressHeadFree(gh);
3864  }
3865  return result;
3866 }
3867 
3868 static int AddressTestAddressGroupSetup26(void)
3869 {
3870  int result = 0;
3871  DetectAddressHead *gh = DetectAddressHeadInit();
3872 
3873  if (gh != NULL) {
3874  int r = DetectAddressParse(NULL, gh, "::/0");
3875  if (r == 0) {
3876  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3877  if (r == 0) {
3878  r = DetectAddressParse(NULL, gh, "2001::/3");
3879  if (r == 0) {
3880  DetectAddress *one = gh->ipv6_head, *two = one->next,
3881  *three = two->next, *four = three->next,
3882  *five = four->next;
3883  if (one->ip.addr_data32[0] == 0x00000000 &&
3884  one->ip.addr_data32[1] == 0x00000000 &&
3885  one->ip.addr_data32[2] == 0x00000000 &&
3886  one->ip.addr_data32[3] == 0x00000000 &&
3887  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3888  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3889  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3890  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3891 
3892  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3893  two->ip.addr_data32[1] == 0x00000000 &&
3894  two->ip.addr_data32[2] == 0x00000000 &&
3895  two->ip.addr_data32[3] == 0x00000000 &&
3896  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3897  two->ip2.addr_data32[1] == 0x00000000 &&
3898  two->ip2.addr_data32[2] == 0x00000000 &&
3899  two->ip2.addr_data32[3] == SCNtohl(3) &&
3900 
3901  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3902  three->ip.addr_data32[1] == 0x00000000 &&
3903  three->ip.addr_data32[2] == 0x00000000 &&
3904  three->ip.addr_data32[3] == SCNtohl(4) &&
3905  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3906  three->ip2.addr_data32[1] == 0x00000000 &&
3907  three->ip2.addr_data32[2] == 0x00000000 &&
3908  three->ip2.addr_data32[3] == SCNtohl(6) &&
3909 
3910  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3911  four->ip.addr_data32[1] == 0x00000000 &&
3912  four->ip.addr_data32[2] == 0x00000000 &&
3913  four->ip.addr_data32[3] == SCNtohl(7) &&
3914  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3915  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3916  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3917  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3918 
3919  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3920  five->ip.addr_data32[1] == 0x00000000 &&
3921  five->ip.addr_data32[2] == 0x00000000 &&
3922  five->ip.addr_data32[3] == 0x00000000 &&
3923  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3924  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3925  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3926  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3927  result = 1;
3928  }
3929  }
3930  }
3931  }
3932 
3933  DetectAddressHeadFree(gh);
3934  }
3935  return result;
3936 }
3937 
3938 static int AddressTestAddressGroupSetup27(void)
3939 {
3940  int result = 0;
3941  DetectAddressHead *gh = DetectAddressHeadInit();
3942 
3943  if (gh != NULL) {
3944  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3945  if (r == 0)
3946  result = 1;
3947 
3948  DetectAddressHeadFree(gh);
3949  }
3950  return result;
3951 }
3952 
3953 static int AddressTestAddressGroupSetup28(void)
3954 {
3955  int result = 0;
3956  DetectAddressHead *gh = DetectAddressHeadInit();
3957 
3958  if (gh != NULL) {
3959  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3960  if (r == 0)
3961  result = 1;
3962 
3963  DetectAddressHeadFree(gh);
3964  }
3965  return result;
3966 }
3967 
3968 static int AddressTestAddressGroupSetup29(void)
3969 {
3970  int result = 0;
3971  DetectAddressHead *gh = DetectAddressHeadInit();
3972 
3973  if (gh != NULL) {
3974  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3975  if (r == 0)
3976  result = 1;
3977 
3978  DetectAddressHeadFree(gh);
3979  }
3980  return result;
3981 }
3982 
3983 static int AddressTestAddressGroupSetup30(void)
3984 {
3985  int result = 0;
3986  DetectAddressHead *gh = DetectAddressHeadInit();
3987 
3988  if (gh != NULL) {
3989  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3990  if (r == 0)
3991  result = 1;
3992 
3993  DetectAddressHeadFree(gh);
3994  }
3995  return result;
3996 }
3997 
3998 static int AddressTestAddressGroupSetup31(void)
3999 {
4000  int result = 0;
4001  DetectAddressHead *gh = DetectAddressHeadInit();
4002 
4003  if (gh != NULL) {
4004  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4005  if (r == 0)
4006  result = 1;
4007 
4008  DetectAddressHeadFree(gh);
4009  }
4010  return result;
4011 }
4012 
4013 static int AddressTestAddressGroupSetup32(void)
4014 {
4015  int result = 0;
4016  DetectAddressHead *gh = DetectAddressHeadInit();
4017 
4018  if (gh != NULL) {
4019  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4020  if (r == 0)
4021  result = 1;
4022 
4023  DetectAddressHeadFree(gh);
4024  }
4025  return result;
4026 }
4027 
4028 static int AddressTestAddressGroupSetup33(void)
4029 {
4030  int result = 0;
4031  DetectAddressHead *gh = DetectAddressHeadInit();
4032 
4033  if (gh != NULL) {
4034  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4035  if (r == 1)
4036  result = 1;
4037 
4038  DetectAddressHeadFree(gh);
4039  }
4040  return result;
4041 }
4042 
4043 static int AddressTestAddressGroupSetup34(void)
4044 {
4045  int result = 0;
4046  DetectAddressHead *gh = DetectAddressHeadInit();
4047 
4048  if (gh != NULL) {
4049  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4050  if (r == 1)
4051  result = 1;
4052 
4053  DetectAddressHeadFree(gh);
4054  }
4055  return result;
4056 }
4057 
4058 static int AddressTestAddressGroupSetup35(void)
4059 {
4060  int result = 0;
4061  DetectAddressHead *gh = DetectAddressHeadInit();
4062 
4063  if (gh != NULL) {
4064  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4065  if (r == 1)
4066  result = 1;
4067 
4068  DetectAddressHeadFree(gh);
4069  }
4070  return result;
4071 }
4072 
4073 static int AddressTestAddressGroupSetup36 (void)
4074 {
4075  int result = 0;
4076 
4077  DetectAddressHead *gh = DetectAddressHeadInit();
4078  if (gh != NULL) {
4079  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4080  if (r == 1)
4081  result = 1;
4082 
4083  DetectAddressHeadFree(gh);
4084  }
4085  return result;
4086 }
4087 
4088 static int AddressTestAddressGroupSetup37(void)
4089 {
4090  int result = 0;
4091  DetectAddressHead *gh = DetectAddressHeadInit();
4092 
4093  if (gh != NULL) {
4094  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4095  if (r == 0)
4096  result = 1;
4097 
4098  DetectAddressHeadFree(gh);
4099  }
4100  return result;
4101 }
4102 
4103 static int AddressTestAddressGroupSetup38(void)
4104 {
4105  UTHValidateDetectAddressHeadRange expectations[3] = {
4106  { "0.0.0.0", "192.167.255.255" },
4107  { "192.168.14.0", "192.168.14.255" },
4108  { "192.169.0.0", "255.255.255.255" } };
4109  int result = 0;
4110  DetectAddressHead *gh = DetectAddressHeadInit();
4111 
4112  if (gh != NULL) {
4113  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4114  if (r == 1) {
4115  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4116  result = 1;
4117  }
4118 
4119  DetectAddressHeadFree(gh);
4120  }
4121  return result;
4122 }
4123 
4124 static int AddressTestAddressGroupSetup39(void)
4125 {
4126  UTHValidateDetectAddressHeadRange expectations[3] = {
4127  { "0.0.0.0", "192.167.255.255" },
4128  { "192.168.14.0", "192.168.14.255" },
4129  { "192.169.0.0", "255.255.255.255" } };
4130  int result = 0;
4131  DetectAddressHead *gh = DetectAddressHeadInit();
4132 
4133  if (gh != NULL) {
4134  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4135  if (r == 1) {
4136  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4137  result = 1;
4138  }
4139 
4140  DetectAddressHeadFree(gh);
4141  }
4142  return result;
4143 }
4144 
4145 static int AddressTestAddressGroupSetup40(void)
4146 {
4147  UTHValidateDetectAddressHeadRange expectations[3] = {
4148  { "0.0.0.0", "192.167.255.255" },
4149  { "192.168.14.0", "192.168.14.255" },
4150  { "192.169.0.0", "255.255.255.255" } };
4151  int result = 0;
4152  DetectAddressHead *gh = DetectAddressHeadInit();
4153  if (gh != NULL) {
4154  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4155  if (r == 1) {
4156  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4157  result = 1;
4158  }
4159 
4160  DetectAddressHeadFree(gh);
4161  }
4162  return result;
4163 }
4164 
4165 static int AddressTestAddressGroupSetup41(void)
4166 {
4167  UTHValidateDetectAddressHeadRange expectations[3] = {
4168  { "0.0.0.0", "192.167.255.255" },
4169  { "192.168.14.0", "192.168.14.255" },
4170  { "192.169.0.0", "255.255.255.255" } };
4171  int result = 0;
4172  DetectAddressHead *gh = DetectAddressHeadInit();
4173  if (gh != NULL) {
4174  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4175  if (r == 1) {
4176  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4177  result = 1;
4178  }
4179 
4180  DetectAddressHeadFree(gh);
4181  }
4182  return result;
4183 }
4184 
4185 static int AddressTestAddressGroupSetup42(void)
4186 {
4187  UTHValidateDetectAddressHeadRange expectations[1] = {
4188  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4189  int result = 0;
4190  DetectAddressHead *gh = DetectAddressHeadInit();
4191  if (gh != NULL) {
4192  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4193  if (r == 0) {
4194  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4195  result = 1;
4196  }
4197 
4198  DetectAddressHeadFree(gh);
4199  }
4200  return result;
4201 }
4202 
4203 static int AddressTestAddressGroupSetup43(void)
4204 {
4205  UTHValidateDetectAddressHeadRange expectations[2] = {
4206  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4207  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4208  int result = 0;
4209  DetectAddressHead *gh = DetectAddressHeadInit();
4210  if (gh != NULL) {
4211  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4212  if (r == 1) {
4213  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4214  result = 1;
4215  }
4216 
4217  DetectAddressHeadFree(gh);
4218  }
4219  return result;
4220 }
4221 
4222 static int AddressTestAddressGroupSetup44(void)
4223 {
4224  UTHValidateDetectAddressHeadRange expectations[2] = {
4225  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4226  int result = 0;
4227  DetectAddressHead *gh = DetectAddressHeadInit();
4228  if (gh != NULL) {
4229  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4230  if (r == 0) {
4231  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4232  result = 1;
4233  }
4234 
4235  DetectAddressHeadFree(gh);
4236  }
4237  return result;
4238 }
4239 
4240 static int AddressTestAddressGroupSetup45(void)
4241 {
4242  int result = 0;
4243  DetectAddressHead *gh = DetectAddressHeadInit();
4244  if (gh != NULL) {
4245  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4246  if (r != 0) {
4247  result = 1;
4248  }
4249 
4250  DetectAddressHeadFree(gh);
4251  }
4252  return result;
4253 }
4254 
4255 static int AddressTestAddressGroupSetup46(void)
4256 {
4257  UTHValidateDetectAddressHeadRange expectations[4] = {
4258  { "0.0.0.0", "192.167.255.255" },
4259  { "192.168.1.0", "192.168.1.255" },
4260  { "192.168.3.0", "192.168.3.255" },
4261  { "192.169.0.0", "255.255.255.255" } };
4262  int result = 0;
4263  DetectAddressHead *gh = DetectAddressHeadInit();
4264  if (gh != NULL) {
4265  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4266  if (r == 1) {
4267  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4268  result = 1;
4269  }
4270 
4271  DetectAddressHeadFree(gh);
4272  }
4273  return result;
4274 }
4275 
4276 /** \test net with some negations, then all negated */
4277 static int AddressTestAddressGroupSetup47(void)
4278 {
4279  UTHValidateDetectAddressHeadRange expectations[5] = {
4280  { "0.0.0.0", "192.167.255.255" },
4281  { "192.168.1.0", "192.168.1.255" },
4282  { "192.168.3.0", "192.168.3.255" },
4283  { "192.168.5.0", "192.168.5.255" },
4284  { "192.169.0.0", "255.255.255.255" } };
4285  int result = 0;
4286  DetectAddressHead *gh = DetectAddressHeadInit();
4287  if (gh != NULL) {
4288  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4289  if (r == 1) {
4290  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4291  result = 1;
4292  }
4293 
4294  DetectAddressHeadFree(gh);
4295  }
4296  return result;
4297 }
4298 
4299 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4300 static int AddressTestAddressGroupSetup48(void)
4301 {
4302  UTHValidateDetectAddressHeadRange expectations[4] = {
4303  { "192.168.0.0", "192.168.0.255" },
4304  { "192.168.2.0", "192.168.2.255" },
4305  { "192.168.4.0", "192.168.4.255" },
4306  { "192.168.6.0", "192.168.255.255" } };
4307  int result = 0;
4308  DetectAddressHead *gh = DetectAddressHeadInit();
4309  if (gh != NULL) {
4310  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4311  if (r == 1) {
4312  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4313  result = 1;
4314  }
4315 
4316  DetectAddressHeadFree(gh);
4317  }
4318  return result;
4319 }
4320 
4321 static int AddressTestCutIPv401(void)
4322 {
4323  DetectAddress *a, *b, *c;
4324  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4325  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4326 
4327  if (DetectAddressCut(NULL, a, b, &c) == -1)
4328  goto error;
4329 
4330  DetectAddressFree(a);
4331  DetectAddressFree(b);
4332  DetectAddressFree(c);
4333  return 1;
4334 
4335 error:
4336  DetectAddressFree(a);
4337  DetectAddressFree(b);
4338  DetectAddressFree(c);
4339  return 0;
4340 }
4341 
4342 static int AddressTestCutIPv402(void)
4343 {
4344  DetectAddress *a, *b, *c;
4345  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4346  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4347 
4348  if (DetectAddressCut(NULL, a, b, &c) == -1)
4349  goto error;
4350 
4351  if (c == NULL)
4352  goto error;
4353 
4354  DetectAddressFree(a);
4355  DetectAddressFree(b);
4356  DetectAddressFree(c);
4357  return 1;
4358 
4359 error:
4360  DetectAddressFree(a);
4361  DetectAddressFree(b);
4362  DetectAddressFree(c);
4363  return 0;
4364 }
4365 
4366 static int AddressTestCutIPv403(void)
4367 {
4368  DetectAddress *a, *b, *c;
4369  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4370  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4371 
4372  if (DetectAddressCut(NULL, a, b, &c) == -1)
4373  goto error;
4374 
4375  if (c == NULL)
4376  goto error;
4377 
4378  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4379  goto error;
4380  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4381  goto error;
4382  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4383  goto error;
4384 
4385  DetectAddressFree(a);
4386  DetectAddressFree(b);
4387  DetectAddressFree(c);
4388  return 1;
4389 
4390 error:
4391  DetectAddressFree(a);
4392  DetectAddressFree(b);
4393  DetectAddressFree(c);
4394  return 0;
4395 }
4396 
4397 static int AddressTestCutIPv404(void)
4398 {
4399  DetectAddress *a, *b, *c;
4400  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4401  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4402 
4403  if (DetectAddressCut(NULL, a, b, &c) == -1)
4404  goto error;
4405 
4406  if (c == NULL)
4407  goto error;
4408 
4409  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4410  goto error;
4411  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4412  goto error;
4413  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4414  goto error;
4415 
4416 
4417  DetectAddressFree(a);
4418  DetectAddressFree(b);
4419  DetectAddressFree(c);
4420  return 1;
4421 
4422 error:
4423  DetectAddressFree(a);
4424  DetectAddressFree(b);
4425  DetectAddressFree(c);
4426  return 0;
4427 }
4428 
4429 static int AddressTestCutIPv405(void)
4430 {
4431  DetectAddress *a, *b, *c;
4432  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4433  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4434 
4435  if (DetectAddressCut(NULL, a, b, &c) == -1)
4436  goto error;
4437 
4438  if (c == NULL)
4439  goto error;
4440 
4441  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4442  goto error;
4443  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4444  goto error;
4445  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4446  goto error;
4447 
4448  DetectAddressFree(a);
4449  DetectAddressFree(b);
4450  DetectAddressFree(c);
4451  return 1;
4452 
4453 error:
4454  DetectAddressFree(a);
4455  DetectAddressFree(b);
4456  DetectAddressFree(c);
4457  return 0;
4458 }
4459 
4460 static int AddressTestCutIPv406(void)
4461 {
4462  DetectAddress *a, *b, *c;
4463  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4464  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4465 
4466  if (DetectAddressCut(NULL, a, b, &c) == -1)
4467  goto error;
4468 
4469  if (c == NULL)
4470  goto error;
4471 
4472  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4473  goto error;
4474  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4475  goto error;
4476  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4477  goto error;
4478 
4479  DetectAddressFree(a);
4480  DetectAddressFree(b);
4481  DetectAddressFree(c);
4482  return 1;
4483 
4484 error:
4485  DetectAddressFree(a);
4486  DetectAddressFree(b);
4487  DetectAddressFree(c);
4488  return 0;
4489 }
4490 
4491 static int AddressTestCutIPv407(void)
4492 {
4493  DetectAddress *a, *b, *c;
4494  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4495  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4496 
4497  if (DetectAddressCut(NULL, a, b, &c) == -1)
4498  goto error;
4499 
4500  if (c != NULL)
4501  goto error;
4502 
4503  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4504  goto error;
4505  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4506  goto error;
4507 
4508  DetectAddressFree(a);
4509  DetectAddressFree(b);
4510  DetectAddressFree(c);
4511  return 1;
4512 
4513 error:
4514  DetectAddressFree(a);
4515  DetectAddressFree(b);
4516  DetectAddressFree(c);
4517  return 0;
4518 }
4519 
4520 static int AddressTestCutIPv408(void)
4521 {
4522  DetectAddress *a, *b, *c;
4523  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4524  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4525 
4526  if (DetectAddressCut(NULL, a, b, &c) == -1)
4527  goto error;
4528 
4529  if (c != NULL)
4530  goto error;
4531 
4532  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4533  goto error;
4534  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4535  goto error;
4536 
4537  DetectAddressFree(a);
4538  DetectAddressFree(b);
4539  DetectAddressFree(c);
4540  return 1;
4541 
4542 error:
4543  DetectAddressFree(a);
4544  DetectAddressFree(b);
4545  DetectAddressFree(c);
4546  return 0;
4547 }
4548 
4549 static int AddressTestCutIPv409(void)
4550 {
4551  DetectAddress *a, *b, *c;
4552  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4553  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4554 
4555  if (DetectAddressCut(NULL, a, b, &c) == -1)
4556  goto error;
4557 
4558  if (c != NULL)
4559  goto error;
4560 
4561  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4562  goto error;
4563  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4564  goto error;
4565 
4566  DetectAddressFree(a);
4567  DetectAddressFree(b);
4568  DetectAddressFree(c);
4569  return 1;
4570 
4571 error:
4572  DetectAddressFree(a);
4573  DetectAddressFree(b);
4574  DetectAddressFree(c);
4575  return 0;
4576 }
4577 
4578 static int AddressTestCutIPv410(void)
4579 {
4580  DetectAddress *a, *b, *c;
4581  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4582  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4583 
4584  if (DetectAddressCut(NULL, a, b, &c) == -1)
4585  goto error;
4586 
4587  if (c != NULL)
4588  goto error;
4589 
4590  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4591  goto error;
4592  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4593  goto error;
4594 
4595  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4596 
4597  DetectAddressFree(a);
4598  DetectAddressFree(b);
4599  DetectAddressFree(c);
4600  return 1;
4601 
4602 error:
4603  DetectAddressFree(a);
4604  DetectAddressFree(b);
4605  DetectAddressFree(c);
4606  return 0;
4607 }
4608 
4609 static int AddressTestParseInvalidMask01(void)
4610 {
4611  int result = 1;
4612  DetectAddress *dd = NULL;
4613 
4614  dd = DetectAddressParseSingle("192.168.2.0/33");
4615  if (dd != NULL) {
4616  DetectAddressFree(dd);
4617  result = 0;
4618  }
4619  return result;
4620 }
4621 
4622 static int AddressTestParseInvalidMask02(void)
4623 {
4624  int result = 1;
4625  DetectAddress *dd = NULL;
4626 
4627  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4628  if (dd != NULL) {
4629  DetectAddressFree(dd);
4630  result = 0;
4631  }
4632  return result;
4633 }
4634 
4635 static int AddressTestParseInvalidMask03(void)
4636 {
4637  int result = 1;
4638  DetectAddress *dd = NULL;
4639 
4640  dd = DetectAddressParseSingle("192.168.2.0/blue");
4641  if (dd != NULL) {
4642  DetectAddressFree(dd);
4643  result = 0;
4644  }
4645  return result;
4646 }
4647 
4648 static int AddressConfVarsTest01(void)
4649 {
4650  static const char *dummy_conf_string =
4651  "%YAML 1.1\n"
4652  "---\n"
4653  "\n"
4654  "vars:\n"
4655  "\n"
4656  " address-groups:\n"
4657  "\n"
4658  " HOME_NET: \"any\"\n"
4659  "\n"
4660  " EXTERNAL_NET: \"!any\"\n"
4661  "\n"
4662  " port-groups:\n"
4663  "\n"
4664  " HTTP_PORTS: \"any\"\n"
4665  "\n"
4666  " SHELLCODE_PORTS: \"!any\"\n"
4667  "\n";
4668 
4669  int result = 0;
4670 
4672  ConfInit();
4673  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4674 
4676  result = 1;
4677 
4678  ConfDeInit();
4680 
4681  return result;
4682 }
4683 
4684 static int AddressConfVarsTest02(void)
4685 {
4686  static const char *dummy_conf_string =
4687  "%YAML 1.1\n"
4688  "---\n"
4689  "\n"
4690  "vars:\n"
4691  "\n"
4692  " address-groups:\n"
4693  "\n"
4694  " HOME_NET: \"any\"\n"
4695  "\n"
4696  " EXTERNAL_NET: \"any\"\n"
4697  "\n"
4698  " port-groups:\n"
4699  "\n"
4700  " HTTP_PORTS: \"any\"\n"
4701  "\n"
4702  " SHELLCODE_PORTS: \"!any\"\n"
4703  "\n";
4704 
4705  int result = 0;
4706 
4708  ConfInit();
4709  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4710 
4712  result = 1;
4713 
4714  ConfDeInit();
4716 
4717  return result;
4718 }
4719 
4720 static int AddressConfVarsTest03(void)
4721 {
4722  static const char *dummy_conf_string =
4723  "%YAML 1.1\n"
4724  "---\n"
4725  "\n"
4726  "vars:\n"
4727  "\n"
4728  " address-groups:\n"
4729  "\n"
4730  " HOME_NET: \"any\"\n"
4731  "\n"
4732  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4733  "\n"
4734  " port-groups:\n"
4735  "\n"
4736  " HTTP_PORTS: \"any\"\n"
4737  "\n"
4738  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4739  "\n";
4740 
4741  int result = 0;
4742 
4744  ConfInit();
4745  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4746 
4748  result = 1;
4749 
4750  ConfDeInit();
4752 
4753  return result;
4754 }
4755 
4756 static int AddressConfVarsTest04(void)
4757 {
4758  static const char *dummy_conf_string =
4759  "%YAML 1.1\n"
4760  "---\n"
4761  "\n"
4762  "vars:\n"
4763  "\n"
4764  " address-groups:\n"
4765  "\n"
4766  " HOME_NET: \"any\"\n"
4767  "\n"
4768  " EXTERNAL_NET: \"$HOME_NET\"\n"
4769  "\n"
4770  " port-groups:\n"
4771  "\n"
4772  " HTTP_PORTS: \"any\"\n"
4773  "\n"
4774  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4775  "\n";
4776 
4777  int result = 0;
4778 
4780  ConfInit();
4781  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4782 
4784  result = 1;
4785 
4786  ConfDeInit();
4788 
4789  return result;
4790 }
4791 
4792 static int AddressConfVarsTest05(void)
4793 {
4794  static const char *dummy_conf_string =
4795  "%YAML 1.1\n"
4796  "---\n"
4797  "\n"
4798  "vars:\n"
4799  "\n"
4800  " address-groups:\n"
4801  "\n"
4802  " HOME_NET: \"any\"\n"
4803  "\n"
4804  " EXTERNAL_NET: [192.168.0.1]\n"
4805  "\n"
4806  " port-groups:\n"
4807  "\n"
4808  " HTTP_PORTS: \"any\"\n"
4809  "\n"
4810  " SHELLCODE_PORTS: [80]\n"
4811  "\n";
4812 
4813  int result = 0;
4814 
4816  ConfInit();
4817  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4818 
4819  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4820  goto end;
4821 
4822  result = 1;
4823 
4824  end:
4825  ConfDeInit();
4827 
4828  return result;
4829 }
4830 
4831 #endif /* UNITTESTS */
4832 
4833 void DetectAddressTests(void)
4834 {
4835 #ifdef UNITTESTS
4838 
4839  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4840  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4841  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4842  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4843  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4844  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4845  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4846  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4847  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4848  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4849  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4850  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4851  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4852  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4853  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4854  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4855  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4856  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4857  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4858  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4859  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4860  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4861  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4862  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4863  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4864  UtRegisterTest("AddressTestParse26", AddressTestParse26);
4865  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4866  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4867  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4868  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4869  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4870  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4871  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4872  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4873  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4874  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4875  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4876 
4877  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4878  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4879  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4880  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4881  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4882  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4883  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4884  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4885  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4886  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4887  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4888 
4889  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4890  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4891  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4892  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4893  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4894  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4895  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4896  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4897 
4898  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4899  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
4900  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
4901  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
4902  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
4903  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
4904 
4905  UtRegisterTest("AddressTestAddressGroupSetup01",
4906  AddressTestAddressGroupSetup01);
4907  UtRegisterTest("AddressTestAddressGroupSetup02",
4908  AddressTestAddressGroupSetup02);
4909  UtRegisterTest("AddressTestAddressGroupSetup03",
4910  AddressTestAddressGroupSetup03);
4911  UtRegisterTest("AddressTestAddressGroupSetup04",
4912  AddressTestAddressGroupSetup04);
4913  UtRegisterTest("AddressTestAddressGroupSetup05",
4914  AddressTestAddressGroupSetup05);
4915  UtRegisterTest("AddressTestAddressGroupSetup06",
4916  AddressTestAddressGroupSetup06);
4917  UtRegisterTest("AddressTestAddressGroupSetup07",
4918  AddressTestAddressGroupSetup07);
4919  UtRegisterTest("AddressTestAddressGroupSetup08",
4920  AddressTestAddressGroupSetup08);
4921  UtRegisterTest("AddressTestAddressGroupSetup09",
4922  AddressTestAddressGroupSetup09);
4923  UtRegisterTest("AddressTestAddressGroupSetup10",
4924  AddressTestAddressGroupSetup10);
4925  UtRegisterTest("AddressTestAddressGroupSetup11",
4926  AddressTestAddressGroupSetup11);
4927  UtRegisterTest("AddressTestAddressGroupSetup12",
4928  AddressTestAddressGroupSetup12);
4929  UtRegisterTest("AddressTestAddressGroupSetup13",
4930  AddressTestAddressGroupSetup13);
4931  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
4932  AddressTestAddressGroupSetupIPv414);
4933  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
4934  AddressTestAddressGroupSetupIPv415);
4935  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
4936  AddressTestAddressGroupSetupIPv416);
4937 
4938  UtRegisterTest("AddressTestAddressGroupSetup14",
4939  AddressTestAddressGroupSetup14);
4940  UtRegisterTest("AddressTestAddressGroupSetup15",
4941  AddressTestAddressGroupSetup15);
4942  UtRegisterTest("AddressTestAddressGroupSetup16",
4943  AddressTestAddressGroupSetup16);
4944  UtRegisterTest("AddressTestAddressGroupSetup17",
4945  AddressTestAddressGroupSetup17);
4946  UtRegisterTest("AddressTestAddressGroupSetup18",
4947  AddressTestAddressGroupSetup18);
4948  UtRegisterTest("AddressTestAddressGroupSetup19",
4949  AddressTestAddressGroupSetup19);
4950  UtRegisterTest("AddressTestAddressGroupSetup20",
4951  AddressTestAddressGroupSetup20);
4952  UtRegisterTest("AddressTestAddressGroupSetup21",
4953  AddressTestAddressGroupSetup21);
4954  UtRegisterTest("AddressTestAddressGroupSetup22",
4955  AddressTestAddressGroupSetup22);
4956  UtRegisterTest("AddressTestAddressGroupSetup23",
4957  AddressTestAddressGroupSetup23);
4958  UtRegisterTest("AddressTestAddressGroupSetup24",
4959  AddressTestAddressGroupSetup24);
4960  UtRegisterTest("AddressTestAddressGroupSetup25",
4961  AddressTestAddressGroupSetup25);
4962  UtRegisterTest("AddressTestAddressGroupSetup26",
4963  AddressTestAddressGroupSetup26);
4964 
4965  UtRegisterTest("AddressTestAddressGroupSetup27",
4966  AddressTestAddressGroupSetup27);
4967  UtRegisterTest("AddressTestAddressGroupSetup28",
4968  AddressTestAddressGroupSetup28);
4969  UtRegisterTest("AddressTestAddressGroupSetup29",
4970  AddressTestAddressGroupSetup29);
4971  UtRegisterTest("AddressTestAddressGroupSetup30",
4972  AddressTestAddressGroupSetup30);
4973  UtRegisterTest("AddressTestAddressGroupSetup31",
4974  AddressTestAddressGroupSetup31);
4975  UtRegisterTest("AddressTestAddressGroupSetup32",
4976  AddressTestAddressGroupSetup32);
4977  UtRegisterTest("AddressTestAddressGroupSetup33",
4978  AddressTestAddressGroupSetup33);
4979  UtRegisterTest("AddressTestAddressGroupSetup34",
4980  AddressTestAddressGroupSetup34);
4981  UtRegisterTest("AddressTestAddressGroupSetup35",
4982  AddressTestAddressGroupSetup35);
4983  UtRegisterTest("AddressTestAddressGroupSetup36",
4984  AddressTestAddressGroupSetup36);
4985  UtRegisterTest("AddressTestAddressGroupSetup37",
4986  AddressTestAddressGroupSetup37);
4987  UtRegisterTest("AddressTestAddressGroupSetup38",
4988  AddressTestAddressGroupSetup38);
4989  UtRegisterTest("AddressTestAddressGroupSetup39",
4990  AddressTestAddressGroupSetup39);
4991  UtRegisterTest("AddressTestAddressGroupSetup40",
4992  AddressTestAddressGroupSetup40);
4993  UtRegisterTest("AddressTestAddressGroupSetup41",
4994  AddressTestAddressGroupSetup41);
4995  UtRegisterTest("AddressTestAddressGroupSetup42",
4996  AddressTestAddressGroupSetup42);
4997  UtRegisterTest("AddressTestAddressGroupSetup43",
4998  AddressTestAddressGroupSetup43);
4999  UtRegisterTest("AddressTestAddressGroupSetup44",
5000  AddressTestAddressGroupSetup44);
5001  UtRegisterTest("AddressTestAddressGroupSetup45",
5002  AddressTestAddressGroupSetup45);
5003  UtRegisterTest("AddressTestAddressGroupSetup46",
5004  AddressTestAddressGroupSetup46);
5005  UtRegisterTest("AddressTestAddressGroupSetup47",
5006  AddressTestAddressGroupSetup47);
5007  UtRegisterTest("AddressTestAddressGroupSetup48",
5008  AddressTestAddressGroupSetup48);
5009 
5010  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5011  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5012  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5013  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5014  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5015  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5016  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5017  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5018  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5019  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5020 
5021  UtRegisterTest("AddressTestParseInvalidMask01",
5022  AddressTestParseInvalidMask01);
5023  UtRegisterTest("AddressTestParseInvalidMask02",
5024  AddressTestParseInvalidMask02);
5025  UtRegisterTest("AddressTestParseInvalidMask03",
5026  AddressTestParseInvalidMask03);
5027 
5028  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5029  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5030  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5031  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5032  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5033 #endif /* UNITTESTS */
5034 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:363
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:128
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:141
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:78
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1404
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1305
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1598
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:139
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
DetectAddressHead_
Definition: detect.h:154
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1483
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1351
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
Address_
Definition: decode.h:113
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1165
util-var.h
DetectMatchAddressIPv4_::ip
uint32_t ip
Definition: detect.h:161
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1812
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:124
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:148
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:123
DetectMatchAddressIPv6_::ip2
uint32_t ip2[4]
Definition: detect.h:167
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:129
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:125
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1895
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:463
DetectAddress_::ip2
Address ip2
Definition: detect.h:142
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1042
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:698
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
DetectAddressMap_
Definition: detect-engine-address.c:1302
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:156
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1632
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:918
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:710
DetectMatchAddressIPv4_::ip2
uint32_t ip2
Definition: detect.h:162
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:130
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
DetectMatchAddressIPv6_::ip
uint32_t ip[4]
Definition: detect.h:166
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1340
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:177
str
#define str(s)
Definition: suricata-common.h:273
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1894
head
Flow * head
Definition: flow-hash.h:0
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1304
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:397
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:723
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:150
DetectMatchAddressIPv6_
Definition: detect.h:165
DetectMatchAddressIPv4_
Definition: detect.h:160
Address_::address
union Address_::@39 address
Address_::family
char family
Definition: decode.h:114
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1444
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1893
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1896
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:128
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:126
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:145
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1571
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:127
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:155
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, uint16_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1303
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:65
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1226
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162