suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
51 #ifdef DEBUG
52 static void DetectAddressPrint(DetectAddress *);
53 #else
54 #define DetectAddressPrint(...)
55 #endif
56 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
57 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
58  DetectAddress **);
60 
61 /**
62  * \brief Creates and returns a new instance of a DetectAddress.
63  *
64  * \retval ag Pointer to the newly created DetectAddress on success;
65  * NULL on failure.
66  */
68 {
69  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
70  if (unlikely(ag == NULL))
71  return NULL;
72  return ag;
73 }
74 
75 /**
76  * \brief Frees a DetectAddress instance.
77  *
78  * \param ag Pointer to the DetectAddress instance to be freed.
79  */
81 {
82  if (ag == NULL)
83  return;
84 
85  SCFree(ag);
86 
87  return;
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
127 static DetectAddress *DetectAddressCopy(DetectAddress *orig)
128 {
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 #ifdef DEBUG
140 /**
141  * \brief Prints the address data information for all the DetectAddress
142  * instances in the DetectAddress list sent as the argument.
143  *
144  * \param head Pointer to a list of DetectAddress instances.
145  */
146 void DetectAddressPrintList(DetectAddress *head)
147 {
148  SCLogInfo("list:");
149  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
150  DetectAddressPrint(cur);
151  }
152  SCLogInfo("endlist");
153 }
154 #endif
155 
156 /**
157  * \internal
158  * \brief Frees a list of DetectAddress instances.
159  *
160  * \param head Pointer to a list of DetectAddress instances to be freed.
161  */
162 static void DetectAddressCleanupList(DetectAddress *head)
163 {
164  for (DetectAddress *cur = head; cur != NULL; ) {
165  DetectAddress *next = cur->next;
166  cur->next = NULL;
167  DetectAddressFree(cur);
168  cur = next;
169  }
170 }
171 
172 /**
173  * \internal
174  * \brief Helper function for DetectAddressInsert. Sets one of the
175  * DetectAddressHead head pointers, to the DetectAddress argument
176  * based on its address family.
177  *
178  * \param gh Pointer to the DetectAddressHead.
179  * \param newhead Pointer to the DetectAddress.
180  *
181  * \retval 0 On success.
182  * \retval -1 On failure.
183  */
184 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
185 {
186  if (newhead->ip.family == AF_INET) {
187  gh->ipv4_head = newhead;
188  } else if (newhead->ip.family == AF_INET6) {
189  gh->ipv6_head = newhead;
190  } else {
191  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
192  return -1;
193  }
194 
195  return 0;
196 }
197 
198 /**
199  * \internal
200  * \brief Returns the DetectAddress head from the DetectAddressHeads,
201  * based on the address family of the incoming DetectAddress arg.
202  *
203  * \param gh Pointer to the DetectAddressHead.
204  * \param new Pointer to the DetectAddress.
205  *
206  * \retval head Pointer to the DetectAddress(the head from
207  * DetectAddressHead).
208  */
209 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
210 {
211  DetectAddress *head = NULL;
212 
213  if (new->ip.family == AF_INET)
214  head = gh->ipv4_head;
215  else if (new->ip.family == AF_INET6)
216  head = gh->ipv6_head;
217 
218  return head;
219 }
220 
221 /**
222  * \internal
223  * \brief insert DetectAddress into a DetectAddressHead
224  *
225  * \param de_ctx Pointer to the detection engine context.
226  * \param gh Pointer to the DetectAddressHead list to which it has to
227  * be inserted.
228  * \param new Pointer to the DetectAddress, that has to be inserted.
229  *
230  * \retval 1 On successfully inserting it.
231  * \retval -1 On error.
232  * \retval 0 Not inserted, memory of new is freed.
233  */
234 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
235  DetectAddress *new)
236 {
237  DetectAddress *head = NULL;
238  DetectAddress *cur = NULL;
239  DetectAddress *c = NULL;
240  int r = 0;
241 
242  if (new == NULL)
243  return 0;
244 
245  /* get our head ptr based on the address we want to insert */
246  head = GetHeadPtr(gh, new);
247 
248  /* see if it already exists or overlaps with existing ag's */
249  if (head != NULL) {
250  cur = NULL;
251 
252  for (cur = head; cur != NULL; cur = cur->next) {
253  r = DetectAddressCmp(new, cur);
254  BUG_ON(r == ADDRESS_ER);
255 
256  /* if so, handle that */
257  if (r == ADDRESS_EQ) {
258  /* exact overlap/match */
259  if (cur != new) {
260  DetectAddressFree(new);
261  return 0;
262  }
263 
264  return 1;
265  } else if (r == ADDRESS_GT) {
266  /* only add it now if we are bigger than the last group.
267  * Otherwise we'll handle it later. */
268  if (cur->next == NULL) {
269  /* put in the list */
270  new->prev = cur;
271  cur->next = new;
272 
273  return 1;
274  }
275  } else if (r == ADDRESS_LT) {
276  /* see if we need to insert the ag anywhere put in the list */
277  if (cur->prev != NULL)
278  cur->prev->next = new;
279  new->prev = cur->prev;
280  new->next = cur;
281  cur->prev = new;
282 
283  /* update head if required */
284  if (head == cur) {
285  head = new;
286 
287  if (SetHeadPtr(gh, head) < 0)
288  goto error;
289  }
290 
291  return 1;
292  /* alright, those were the simple cases, lets handle the more
293  * complex ones now */
294  } else if (r == ADDRESS_ES) {
295  c = NULL;
296  r = DetectAddressCut(de_ctx, cur, new, &c);
297  if (r == -1)
298  goto error;
299 
300  DetectAddressInsert(de_ctx, gh, new);
301  if (c != NULL)
302  DetectAddressInsert(de_ctx, gh, c);
303 
304  return 1;
305  } else if (r == ADDRESS_EB) {
306  c = NULL;
307  r = DetectAddressCut(de_ctx, cur, new, &c);
308  if (r == -1)
309  goto error;
310 
311  DetectAddressInsert(de_ctx, gh, new);
312  if (c != NULL)
313  DetectAddressInsert(de_ctx, gh, c);
314 
315  return 1;
316  } else if (r == ADDRESS_LE) {
317  c = NULL;
318  r = DetectAddressCut(de_ctx, cur, new, &c);
319  if (r == -1)
320  goto error;
321 
322  DetectAddressInsert(de_ctx, gh, new);
323  if (c != NULL)
324  DetectAddressInsert(de_ctx, gh, c);
325 
326  return 1;
327  } else if (r == ADDRESS_GE) {
328  c = NULL;
329  r = DetectAddressCut(de_ctx, cur,new,&c);
330  if (r == -1)
331  goto error;
332 
333  DetectAddressInsert(de_ctx, gh, new);
334  if (c != NULL)
335  DetectAddressInsert(de_ctx, gh, c);
336 
337  return 1;
338  }
339  }
340 
341  /* head is NULL, so get a group and set head to it */
342  } else {
343  head = new;
344  if (SetHeadPtr(gh, head) < 0) {
345  SCLogDebug("SetHeadPtr failed");
346  goto error;
347  }
348  }
349 
350  return 1;
351 
352 error:
353  /* XXX */
354  return -1;
355 }
356 
357 /**
358  * \brief Checks if two address group lists are equal.
359  *
360  * \param list1 Pointer to the first address group list.
361  * \param list2 Pointer to the second address group list.
362  *
363  * \retval true On success.
364  * \retval false On failure.
365  */
367 {
368  DetectAddress *item = list1;
369  DetectAddress *it = list2;
370 
371  // First, compare items one by one.
372  while (item != NULL && it != NULL) {
373  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
374  return false;
375  }
376 
377  item = item->next;
378  it = it->next;
379  }
380 
381  // Are the lists of the same size?
382  if (!(item == NULL && it == NULL)) {
383  return false;
384  }
385 
386  return true;
387 }
388 
389 /**
390  * \internal
391  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
392  *
393  * For example if we send a cidr of 7 as argument, an ipv6 address
394  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
395  * in the argument struct in6_addr *in6.
396  *
397  * \todo I think for the final section: while (cidr > 0), we can simply
398  * replace it with a
399  * if (cidr > 0) {
400  * in6->s6_addr[i] = -1 << (8 - cidr);
401  *
402  * \param cidr The value of the cidr.
403  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
404  * hold the cidr netblock result.
405  */
406 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
407 {
408  int i = 0;
409 
410  memset(in6, 0, sizeof(struct in6_addr));
411 
412  while (cidr > 8) {
413  in6->s6_addr[i] = 0xff;
414  cidr -= 8;
415  i++;
416  }
417 
418  while (cidr > 0) {
419  in6->s6_addr[i] |= 0x80;
420  if (--cidr > 0)
421  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
422  }
423 
424  return;
425 }
426 
427 /**
428  * \internal
429  * \brief Parses an ipv4/ipv6 address string and updates the result into the
430  * DetectAddress instance sent as the argument.
431  *
432  * \param dd Pointer to the DetectAddress instance which should be updated with
433  * the address range details from the parsed ip string.
434  * \param str Pointer to address string that has to be parsed.
435  *
436  * \retval 0 On successfully parsing the address string.
437  * \retval -1 On failure.
438  */
439 static int DetectAddressParseString(DetectAddress *dd, const char *str)
440 {
441  char *ip = NULL;
442  char *ip2 = NULL;
443  char *mask = NULL;
444  int r = 0;
445  char ipstr[256];
446 
447  /* shouldn't see 'any' here */
448  BUG_ON(strcasecmp(str, "any") == 0);
449 
450  strlcpy(ipstr, str, sizeof(ipstr));
451  SCLogDebug("str %s", str);
452 
453  /* we work with a copy so that we can put a
454  * nul-termination in it later */
455  ip = ipstr;
456 
457  /* handle the negation case */
458  if (ip[0] == '!') {
459  dd->flags |= ADDRESS_FLAG_NOT;
460  ip++;
461  }
462 
463  /* see if the address is an ipv4 or ipv6 address */
464  if ((strchr(str, ':')) == NULL) {
465  /* IPv4 Address */
466  struct in_addr in;
467 
468  dd->ip.family = AF_INET;
469 
470  if ((mask = strchr(ip, '/')) != NULL) {
471  /* 1.2.3.4/xxx format (either dotted or cidr notation */
472  ip[mask - ip] = '\0';
473  mask++;
474  uint32_t ip4addr = 0;
475  uint32_t netmask = 0;
476  size_t u = 0;
477 
478  if ((strchr (mask, '.')) == NULL) {
479  /* 1.2.3.4/24 format */
480 
481  for (u = 0; u < strlen(mask); u++) {
482  if(!isdigit((unsigned char)mask[u]))
483  goto error;
484  }
485 
486  int cidr = atoi(mask);
487  if (cidr < 0 || cidr > 32)
488  goto error;
489 
490  netmask = CIDRGet(cidr);
491  } else {
492  /* 1.2.3.4/255.255.255.0 format */
493  r = inet_pton(AF_INET, mask, &in);
494  if (r <= 0)
495  goto error;
496 
497  netmask = in.s_addr;
498  }
499 
500  r = inet_pton(AF_INET, ip, &in);
501  if (r <= 0)
502  goto error;
503 
504  ip4addr = in.s_addr;
505 
506  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
507  dd->ip2.addr_data32[0] |=~ netmask;
508  } else if ((ip2 = strchr(ip, '-')) != NULL) {
509  /* 1.2.3.4-1.2.3.6 range format */
510  ip[ip2 - ip] = '\0';
511  ip2++;
512 
513  r = inet_pton(AF_INET, ip, &in);
514  if (r <= 0)
515  goto error;
516  dd->ip.addr_data32[0] = in.s_addr;
517 
518  r = inet_pton(AF_INET, ip2, &in);
519  if (r <= 0)
520  goto error;
521  dd->ip2.addr_data32[0] = in.s_addr;
522 
523  /* a > b is illegal, a = b is ok */
524  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
525  goto error;
526  } else {
527  /* 1.2.3.4 format */
528  r = inet_pton(AF_INET, ip, &in);
529  if (r <= 0)
530  goto error;
531  /* single host */
532  dd->ip.addr_data32[0] = in.s_addr;
533  dd->ip2.addr_data32[0] = in.s_addr;
534  }
535  } else {
536  /* IPv6 Address */
537  struct in6_addr in6, mask6;
538  uint32_t ip6addr[4], netmask[4];
539 
540  dd->ip.family = AF_INET6;
541 
542  if ((mask = strchr(ip, '/')) != NULL) {
543  ip[mask - ip] = '\0';
544  mask++;
545 
546  int cidr = atoi(mask);
547  if (cidr < 0 || cidr > 128)
548  goto error;
549 
550  r = inet_pton(AF_INET6, ip, &in6);
551  if (r <= 0)
552  goto error;
553  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
554 
555  DetectAddressParseIPv6CIDR(cidr, &mask6);
556  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
557 
558  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
559  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
560  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
561  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
562 
563  dd->ip2.addr_data32[0] |=~ netmask[0];
564  dd->ip2.addr_data32[1] |=~ netmask[1];
565  dd->ip2.addr_data32[2] |=~ netmask[2];
566  dd->ip2.addr_data32[3] |=~ netmask[3];
567  } else if ((ip2 = strchr(ip, '-')) != NULL) {
568  /* 2001::1-2001::4 range format */
569  ip[ip2 - ip] = '\0';
570  ip2++;
571 
572  r = inet_pton(AF_INET6, ip, &in6);
573  if (r <= 0)
574  goto error;
575  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
576 
577  r = inet_pton(AF_INET6, ip2, &in6);
578  if (r <= 0)
579  goto error;
580  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
581 
582  /* a > b is illegal, a=b is ok */
583  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
584  goto error;
585  } else {
586  r = inet_pton(AF_INET6, ip, &in6);
587  if (r <= 0)
588  goto error;
589 
590  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
591  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
592  }
593 
594  }
595 
596  BUG_ON(dd->ip.family == 0);
597 
598  return 0;
599 
600 error:
601  return -1;
602 }
603 
604 /**
605  * \internal
606  * \brief Simply parse an address and return a DetectAddress instance containing
607  * the address ranges of the parsed ip addressstring
608  *
609  * \param str Pointer to a character string containing the ip address
610  *
611  * \retval dd Pointer to the DetectAddress instance containing the address
612  * range details from the parsed ip string
613  */
614 static DetectAddress *DetectAddressParseSingle(const char *str)
615 {
616  SCLogDebug("str %s", str);
617 
619  if (dd == NULL)
620  return NULL;
621 
622  if (DetectAddressParseString(dd, str) < 0) {
623  SCLogDebug("AddressParse failed");
624  DetectAddressFree(dd);
625  return NULL;
626  }
627 
628  return dd;
629 }
630 
631 /**
632  * \brief Setup a single address string, parse it and add the resulting
633  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
634  *
635  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
636  * resulting Address-Range(s) from the parsed ip string has to
637  * be added.
638  * \param s Pointer to the ip address string to be parsed.
639  *
640  * \retval 0 On success.
641  * \retval -1 On failure.
642  */
643 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
644 {
645  SCLogDebug("gh %p, s %s", gh, s);
646 
647  while (*s != '\0' && isspace(*s))
648  s++;
649 
650  if (strcasecmp(s, "any") == 0) {
651  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
652 
653  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
654  if (ad == NULL)
655  return -1;
656 
657  BUG_ON(ad->ip.family == 0);
658 
659  if (DetectAddressInsert(NULL, gh, ad) < 0) {
660  SCLogDebug("DetectAddressInsert failed");
661  DetectAddressFree(ad);
662  return -1;
663  }
664 
665  ad = DetectAddressParseSingle("::/0");
666  if (ad == NULL)
667  return -1;
668 
669  BUG_ON(ad->ip.family == 0);
670 
671  if (DetectAddressInsert(NULL, gh, ad) < 0) {
672  SCLogDebug("DetectAddressInsert failed");
673  DetectAddressFree(ad);
674  return -1;
675  }
676  return 0;
677  }
678 
679  /* parse the address */
680  DetectAddress *ad = DetectAddressParseSingle(s);
681  if (ad == NULL) {
683  "failed to parse address \"%s\"", s);
684  return -1;
685  }
686 
687  /* handle the not case, we apply the negation then insert the part(s) */
688  if (ad->flags & ADDRESS_FLAG_NOT) {
689  DetectAddress *ad2 = NULL;
690 
691  if (DetectAddressCutNot(ad, &ad2) < 0) {
692  SCLogDebug("DetectAddressCutNot failed");
693  DetectAddressFree(ad);
694  return -1;
695  }
696 
697  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
698  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
699  if (ad2 != NULL) {
700  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
701  SCLogDebug("DetectAddressInsert failed");
702  DetectAddressFree(ad);
703  DetectAddressFree(ad2);
704  return -1;
705  }
706  }
707  }
708 
709  int r = DetectAddressInsert(NULL, gh, ad);
710  if (r < 0) {
711  SCLogDebug("DetectAddressInsert failed");
712  DetectAddressFree(ad);
713  return -1;
714  }
715  SCLogDebug("r %d",r);
716  return 0;
717 }
718 
719 /**
720  * \brief Parses an address string and updates the 2 address heads with the
721  * address data.
722  *
723  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
724  * since we pass around negate without keeping a count of ! with depth.
725  * Can solve this by keeping a count of the negations with depth, so that
726  * an even no of negations would count as no negation and an odd no of
727  * negations would count as a negation.
728  *
729  * \param gh Pointer to the address head that should hold address ranges
730  * that are not negated.
731  * \param ghn Pointer to the address head that should hold address ranges
732  * that are negated.
733  * \param s Pointer to the character string holding the address to be
734  * parsed.
735  * \param negate Flag that indicates if the received address string is negated
736  * or not. 0 if it is not, 1 it it is.
737  *
738  * \retval 0 On successfully parsing.
739  * \retval -1 On failure.
740  */
741 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
743  const char *s, int negate, ResolvedVariablesList *var_list)
744 {
745  size_t x = 0;
746  size_t u = 0;
747  int o_set = 0, n_set = 0, d_set = 0;
748  int depth = 0;
749  size_t size = strlen(s);
750  char address[8196] = "";
751  const char *rule_var_address = NULL;
752  char *temp_rule_var_address = NULL;
753 
754  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
755 
756  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
757  if (x == (sizeof(address) - 1)) {
758  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
759  " limit for the supplied address. Invalidating sig. "
760  "Please file a bug report on this.");
761  goto error;
762  }
763  address[x] = s[u];
764  x++;
765 
766  if (!o_set && s[u] == '!') {
767  n_set = 1;
768  x--;
769  } else if (s[u] == '[') {
770  if (!o_set) {
771  o_set = 1;
772  x = 0;
773  }
774  depth++;
775  } else if (s[u] == ']') {
776  if (depth == 1) {
777  address[x - 1] = '\0';
778  x = 0;
779  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
780  if (((negate + n_set) % 2) == 0) {
781  /* normal block */
782  SCLogDebug("normal block");
783 
784  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
785  goto error;
786  } else {
787  /* negated block
788  *
789  * Extra steps are necessary. First consider it as a normal
790  * (non-negated) range. Merge the + and - ranges if
791  * applicable. Then insert the result into the ghn list. */
792  SCLogDebug("negated block");
793 
794  DetectAddressHead tmp_gh = { NULL, NULL };
795  DetectAddressHead tmp_ghn = { NULL, NULL };
796 
797  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0) {
798  DetectAddressHeadCleanup(&tmp_gh);
799  DetectAddressHeadCleanup(&tmp_ghn);
800  goto error;
801  }
802 
803  DetectAddress *tmp_ad;
804  DetectAddress *tmp_ad2;
805 #ifdef DEBUG
806  SCLogDebug("tmp_gh: IPv4");
807  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
808  DetectAddressPrint(tmp_ad);
809  }
810  SCLogDebug("tmp_ghn: IPv4");
811  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
812  DetectAddressPrint(tmp_ad);
813  }
814  SCLogDebug("tmp_gh: IPv6");
815  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
816  DetectAddressPrint(tmp_ad);
817  }
818  SCLogDebug("tmp_ghn: IPv6");
819  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
820  DetectAddressPrint(tmp_ad);
821  }
822 #endif
823  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
824  DetectAddressHeadCleanup(&tmp_ghn);
825  DetectAddressHeadCleanup(&tmp_gh);
826  goto error;
827  }
828  DetectAddressHeadCleanup(&tmp_ghn);
829 
830  SCLogDebug("merged succesfully");
831 
832  /* insert the IPv4 addresses into the negated list */
833  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
834  /* work with a copy of the address group */
835  tmp_ad2 = DetectAddressCopy(tmp_ad);
836  if (tmp_ad2 == NULL) {
837  SCLogDebug("DetectAddressCopy failed");
838  DetectAddressHeadCleanup(&tmp_gh);
839  goto error;
840  }
841  DetectAddressPrint(tmp_ad2);
842  DetectAddressInsert(NULL, ghn, tmp_ad2);
843  }
844 
845  /* insert the IPv6 addresses into the negated list */
846  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
847  /* work with a copy of the address group */
848  tmp_ad2 = DetectAddressCopy(tmp_ad);
849  if (tmp_ad2 == NULL) {
850  SCLogDebug("DetectAddressCopy failed");
851  DetectAddressHeadCleanup(&tmp_gh);
852  goto error;
853  }
854  DetectAddressPrint(tmp_ad2);
855  DetectAddressInsert(NULL, ghn, tmp_ad2);
856  }
857 
858  DetectAddressHeadCleanup(&tmp_gh);
859  }
860  n_set = 0;
861  }
862  depth--;
863  } else if (depth == 0 && s[u] == ',') {
864  if (o_set == 1) {
865  o_set = 0;
866  } else if (d_set == 1) {
867  address[x - 1] = '\0';
868 
869  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
871  if (rule_var_address == NULL)
872  goto error;
873 
874  if (strlen(rule_var_address) == 0) {
875  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
876  "to nothing. This is likely a misconfiguration. "
877  "Note that a negated address needs to be quoted, "
878  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
879  goto error;
880  }
881 
882  SCLogDebug("rule_var_address %s", rule_var_address);
883  if ((negate + n_set) % 2) {
884  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
885  if (unlikely(temp_rule_var_address == NULL))
886  goto error;
887  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
888  "[%s]", rule_var_address);
889  } else {
890  temp_rule_var_address = SCStrdup(rule_var_address);
891  if (unlikely(temp_rule_var_address == NULL))
892  goto error;
893  }
894 
895 
896  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
897  (negate + n_set) % 2, var_list) < 0)
898  {
899  if (temp_rule_var_address != rule_var_address)
900  SCFree(temp_rule_var_address);
901  goto error;
902  }
903  d_set = 0;
904  n_set = 0;
905  SCFree(temp_rule_var_address);
906  } else {
907  address[x - 1] = '\0';
908 
909  if (!((negate + n_set) % 2)) {
910  SCLogDebug("DetectAddressSetup into gh, %s", address);
911  if (DetectAddressSetup(gh, address) < 0)
912  goto error;
913  } else {
914  SCLogDebug("DetectAddressSetup into ghn, %s", address);
915  if (DetectAddressSetup(ghn, address) < 0)
916  goto error;
917  }
918  n_set = 0;
919  }
920  x = 0;
921  } else if (depth == 0 && s[u] == '$') {
922  d_set = 1;
923  } else if (depth == 0 && u == size - 1) {
924  if (x == sizeof(address)) {
925  address[x - 1] = '\0';
926  } else {
927  address[x] = '\0';
928  }
929  x = 0;
930 
931  if (AddVariableToResolveList(var_list, address) == -1) {
932  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
933  "groups declaration. This is likely a misconfiguration.");
934  goto error;
935  }
936 
937  if (d_set == 1) {
938  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
940  if (rule_var_address == NULL)
941  goto error;
942 
943  if (strlen(rule_var_address) == 0) {
944  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
945  "to nothing. This is likely a misconfiguration. "
946  "Note that a negated address needs to be quoted, "
947  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
948  goto error;
949  }
950 
951  SCLogDebug("rule_var_address %s", rule_var_address);
952  if ((negate + n_set) % 2) {
953  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
954  if (unlikely(temp_rule_var_address == NULL))
955  goto error;
956  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
957  "[%s]", rule_var_address);
958  } else {
959  temp_rule_var_address = SCStrdup(rule_var_address);
960  if (unlikely(temp_rule_var_address == NULL))
961  goto error;
962  }
963 
964  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
965  (negate + n_set) % 2, var_list) < 0) {
966  SCLogDebug("DetectAddressParse2 hates us");
967  if (temp_rule_var_address != rule_var_address)
968  SCFree(temp_rule_var_address);
969  goto error;
970  }
971  d_set = 0;
972  SCFree(temp_rule_var_address);
973  } else {
974  if (!((negate + n_set) % 2)) {
975  SCLogDebug("DetectAddressSetup into gh, %s", address);
976  if (DetectAddressSetup(gh, address) < 0) {
977  SCLogDebug("DetectAddressSetup gh fail");
978  goto error;
979  }
980  } else {
981  SCLogDebug("DetectAddressSetup into ghn, %s", address);
982  if (DetectAddressSetup(ghn, address) < 0) {
983  SCLogDebug("DetectAddressSetup ghn fail");
984  goto error;
985  }
986  }
987  }
988  n_set = 0;
989  }
990  }
991  if (depth > 0) {
992  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
993  "properly closed in \"%s\", %d missing closing brackets (]). "
994  "Note: problem might be in a variable.", s, depth);
995  goto error;
996  } else if (depth < 0) {
997  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
998  "properly opened in \"%s\", %d missing opening brackets ([). "
999  "Note: problem might be in a variable.", s, depth*-1);
1000  goto error;
1001  }
1002 
1003  return 0;
1004 
1005 error:
1006 
1007  return -1;
1008 }
1009 
1010 /**
1011  * \internal
1012  * \brief See if the addresses and ranges in an address head cover the
1013  * entire ip space.
1014  *
1015  * \param gh Pointer to the DetectAddressHead to check.
1016  *
1017  * \retval 0 No.
1018  * \retval 1 Yes.
1019  *
1020  * \todo do the same for IPv6
1021  */
1022 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1023 {
1025  if (r == 1)
1026  return 1;
1027 
1028  return 0;
1029 }
1030 
1031 /**
1032  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1033  *
1034  * \param gh Pointer to the address head containing the non-NOT groups.
1035  * \param ghn Pointer to the address head containing the NOT groups.
1036  *
1037  * \retval 0 On success.
1038  * \retval -1 On failure.
1039  */
1041 {
1042  DetectAddress *ad;
1043  DetectAddress *ag, *ag2;
1044  int r = 0;
1045 
1046  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1047  ghn->ipv4_head);
1048 
1049  /* check if the negated list covers the entire ip space. If so
1050  * the user screwed up the rules/vars. */
1051  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1052  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1053  "Rule address range is NIL. Probably have a !any or "
1054  "an address range that supplies a NULL address range");
1055  goto error;
1056  }
1057 
1058  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1059  * not thingy. In that case we add a 0.0.0.0/0 first. */
1060  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1061  r = DetectAddressSetup(gh, "0.0.0.0/0");
1062  if (r < 0) {
1063  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1064  goto error;
1065  }
1066  }
1067  /* ... or ::/0 for ipv6 */
1068  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1069  r = DetectAddressSetup(gh, "::/0");
1070  if (r < 0) {
1071  SCLogDebug("DetectAddressSetup for ::/0 failed");
1072  goto error;
1073  }
1074  }
1075 
1076  /* step 1: insert our ghn members into the gh list */
1077  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1078  /* work with a copy of the ad so we can easily clean up the ghn group
1079  * later. */
1080  ad = DetectAddressCopy(ag);
1081  if (ad == NULL) {
1082  SCLogDebug("DetectAddressCopy failed");
1083  goto error;
1084  }
1085 
1086  r = DetectAddressInsert(NULL, gh, ad);
1087  if (r < 0) {
1088  SCLogDebug("DetectAddressInsert failed");
1089  goto error;
1090  }
1091  }
1092  /* ... and the same for ipv6 */
1093  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1094  /* work with a copy of the ad so we can easily clean up the ghn group
1095  * later. */
1096  ad = DetectAddressCopy(ag);
1097  if (ad == NULL) {
1098  SCLogDebug("DetectAddressCopy failed");
1099  goto error;
1100  }
1101 
1102  r = DetectAddressInsert(NULL, gh, ad);
1103  if (r < 0) {
1104  SCLogDebug("DetectAddressInsert failed");
1105  goto error;
1106  }
1107  }
1108 #ifdef DEBUG
1109  DetectAddress *tmp_ad;
1110  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1111  DetectAddressPrint(tmp_ad);
1112  }
1113 #endif
1114  int ipv4_applied = 0;
1115  int ipv6_applied = 0;
1116 
1117  /* step 2: pull the address blocks that match our 'not' blocks */
1118  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1119  SCLogDebug("ag %p", ag);
1120  DetectAddressPrint(ag);
1121 
1122  int applied = 0;
1123  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1124  SCLogDebug("ag2 %p", ag2);
1125  DetectAddressPrint(ag2);
1126 
1127  r = DetectAddressCmp(ag, ag2);
1128  /* XXX more ??? */
1129  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1130  if (ag2->prev == NULL)
1131  gh->ipv4_head = ag2->next;
1132  else
1133  ag2->prev->next = ag2->next;
1134 
1135  if (ag2->next != NULL)
1136  ag2->next->prev = ag2->prev;
1137 
1138  /* store the next ptr and remove the group */
1139  DetectAddress *next_ag2 = ag2->next;
1140  DetectAddressFree(ag2);
1141  ag2 = next_ag2;
1142  applied = 1;
1143  } else {
1144  ag2 = ag2->next;
1145  }
1146  }
1147 
1148  if (applied) {
1149  ipv4_applied++;
1150  }
1151  }
1152  /* ... and the same for ipv6 */
1153  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1154  int applied = 0;
1155  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1156  r = DetectAddressCmp(ag, ag2);
1157  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1158  if (ag2->prev == NULL)
1159  gh->ipv6_head = ag2->next;
1160  else
1161  ag2->prev->next = ag2->next;
1162 
1163  if (ag2->next != NULL)
1164  ag2->next->prev = ag2->prev;
1165 
1166  /* store the next ptr and remove the group */
1167  DetectAddress *next_ag2 = ag2->next;
1168  DetectAddressFree(ag2);
1169  ag2 = next_ag2;
1170 
1171  SCLogDebug("applied");
1172  applied = 1;
1173  } else {
1174  ag2 = ag2->next;
1175  }
1176  }
1177  if (applied) {
1178  ipv6_applied++;
1179  }
1180  }
1181 #ifdef DEBUG
1182  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1183  DetectAddressPrint(tmp_ad);
1184  }
1185  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1186  DetectAddressPrint(tmp_ad);
1187  }
1188 #endif
1189  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1190  int cnt = 0;
1191  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1192  cnt++;
1193 
1194  if (ipv4_applied != cnt) {
1195  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1196  "could be applied: %d != %d", cnt, ipv4_applied);
1197  goto error;
1198  }
1199 
1200  cnt = 0;
1201  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1202  cnt++;
1203 
1204  if (ipv6_applied != cnt) {
1205  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1206  "could be applied: %d != %d", cnt, ipv6_applied);
1207  goto error;
1208  }
1209  }
1210 
1211  /* if the result is that we have no addresses we return error */
1212  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1213  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1214  "merging addresses and negated addresses");
1215  goto error;
1216  }
1217 
1218  return 0;
1219 
1220 error:
1221  return -1;
1222 }
1223 
1225 {
1226  SCLogDebug("Testing address conf vars for any misconfigured values");
1227 
1228  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1229 
1230  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1231  if (address_vars_node == NULL) {
1232  return 0;
1233  }
1234 
1235  DetectAddressHead *gh = NULL;
1236  DetectAddressHead *ghn = NULL;
1237 
1238  ConfNode *seq_node;
1239  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1240  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1241 
1242  gh = DetectAddressHeadInit();
1243  if (gh == NULL) {
1244  goto error;
1245  }
1246  ghn = DetectAddressHeadInit();
1247  if (ghn == NULL) {
1248  goto error;
1249  }
1250 
1251  if (seq_node->val == NULL) {
1253  "Address var \"%s\" probably has a sequence(something "
1254  "in brackets) value set without any quotes. Please "
1255  "quote it using \"..\".", seq_node->name);
1256  goto error;
1257  }
1258 
1259  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1260 
1261  CleanVariableResolveList(&var_list);
1262 
1263  if (r < 0) {
1265  "failed to parse address var \"%s\" with value \"%s\". "
1266  "Please check it's syntax", seq_node->name, seq_node->val);
1267  goto error;
1268  }
1269 
1270  if (DetectAddressIsCompleteIPSpace(ghn)) {
1272  "address var - \"%s\" has the complete IP space negated "
1273  "with it's value \"%s\". Rule address range is NIL. "
1274  "Probably have a !any or an address range that supplies "
1275  "a NULL address range", seq_node->name, seq_node->val);
1276  goto error;
1277  }
1278 
1279  if (gh != NULL) {
1280  DetectAddressHeadFree(gh);
1281  gh = NULL;
1282  }
1283  if (ghn != NULL) {
1284  DetectAddressHeadFree(ghn);
1285  ghn = NULL;
1286  }
1287  }
1288 
1289  return 0;
1290  error:
1291  if (gh != NULL)
1292  DetectAddressHeadFree(gh);
1293  if (ghn != NULL)
1294  DetectAddressHeadFree(ghn);
1295  return -1;
1296 }
1297 
1298 #include "util-hash-lookup3.h"
1299 
1300 typedef struct DetectAddressMap_ {
1301  char *string;
1305 
1306 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1307 {
1308  const DetectAddressMap *map = (DetectAddressMap *)data;
1309  uint32_t hash = 0;
1310 
1311  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1312  hash %= ht->array_size;
1313 
1314  return hash;
1315 }
1316 
1317 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1318  uint16_t len2)
1319 {
1320  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1321  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1322 
1323 
1324  int r = (strcmp(map1->string, map2->string) == 0);
1325  return r;
1326 }
1327 
1328 static void DetectAddressMapFreeFunc(void *data)
1329 {
1330  DetectAddressMap *map = (DetectAddressMap *)data;
1331  if (map != NULL) {
1332  DetectAddressHeadFree(map->address);
1333  SCFree(map->string);
1334  }
1335  SCFree(map);
1336 }
1337 
1339 {
1340  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1341  DetectAddressMapCompareFunc,
1342  DetectAddressMapFreeFunc);
1343  if (de_ctx->address_table == NULL)
1344  return -1;
1345 
1346  return 0;
1347 }
1348 
1350 {
1351  if (de_ctx->address_table == NULL)
1352  return;
1353 
1355  de_ctx->address_table = NULL;
1356  return;
1357 }
1358 
1359 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1360  DetectAddressHead *address, bool contains_negation)
1361 {
1362  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1363  if (map == NULL)
1364  return -1;
1365 
1366  map->string = SCStrdup(string);
1367  if (map->string == NULL) {
1368  SCFree(map);
1369  return -1;
1370  }
1371  map->address = address;
1372  map->contains_negation = contains_negation;
1373 
1374  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1375  return 0;
1376 }
1377 
1378 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1379  const char *string)
1380 {
1381  DetectAddressMap map = { (char *)string, NULL, false };
1382 
1384  &map, 0);
1385  return res;
1386 }
1387 
1388 /**
1389  * \brief Parses an address group sent as a character string and updates the
1390  * DetectAddressHead sent as the argument with the relevant address
1391  * ranges from the parsed string.
1392  *
1393  * \param gh Pointer to the DetectAddressHead.
1394  * \param str Pointer to the character string containing the address group
1395  * that has to be parsed.
1396  *
1397  * \retval 1 On success. Contained negation.
1398  * \retval 0 On success. Did not contain negation.
1399  * \retval -1 On failure.
1400  */
1402  DetectAddressHead *gh, const char *str)
1403 {
1404  SCLogDebug("gh %p, str %s", gh, str);
1405 
1406  if (str == NULL) {
1407  SCLogDebug("DetectAddressParse can not be run with NULL address");
1408  return -1;
1409  }
1410 
1411  DetectAddressHead *ghn = DetectAddressHeadInit();
1412  if (ghn == NULL) {
1413  SCLogDebug("DetectAddressHeadInit for ghn failed");
1414  return -1;
1415  }
1416 
1417  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1418  if (r < 0) {
1419  SCLogDebug("DetectAddressParse2 returned %d", r);
1420  DetectAddressHeadFree(ghn);
1421  return -1;
1422  }
1423 
1424  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1425  ghn->ipv4_head);
1426 
1427  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1428 
1429  /* merge the 'not' address groups */
1430  if (DetectAddressMergeNot(gh, ghn) < 0) {
1431  SCLogDebug("DetectAddressMergeNot failed");
1432  DetectAddressHeadFree(ghn);
1433  return -1;
1434  }
1435 
1436  /* free the temp negate head */
1437  DetectAddressHeadFree(ghn);
1438  return contains_negation ? 1 : 0;
1439 }
1440 
1442  const char *string, bool *contains_negation)
1443 {
1444  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1445  if (res != NULL) {
1446  SCLogDebug("found: %s :: %p", string, res);
1447  *contains_negation = res->contains_negation;
1448  return res->address;
1449  }
1450 
1451  SCLogDebug("%s not found", string);
1452 
1453  DetectAddressHead *head = DetectAddressHeadInit();
1454  if (head == NULL)
1455  return NULL;
1456 
1457  const int r = DetectAddressParse(de_ctx, head, string);
1458  if (r < 0) {
1459  DetectAddressHeadFree(head);
1460  return NULL;
1461  } else if (r == 1) {
1462  *contains_negation = true;
1463  } else {
1464  *contains_negation = false;
1465  }
1466 
1467  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1468  *contains_negation);
1469  return head;
1470 }
1471 
1472 /**
1473  * \brief Cleans a DetectAddressHead. The functions frees the address
1474  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1475  * instance.
1476  *
1477  * \param gh Pointer to the DetectAddressHead instance that has to be
1478  * cleaned.
1479  */
1481 {
1482  if (gh != NULL) {
1483  if (gh->ipv4_head != NULL) {
1484  DetectAddressCleanupList(gh->ipv4_head);
1485  gh->ipv4_head = NULL;
1486  }
1487  if (gh->ipv6_head != NULL) {
1488  DetectAddressCleanupList(gh->ipv6_head);
1489  gh->ipv6_head = NULL;
1490  }
1491  }
1492 
1493  return;
1494 }
1495 
1496 /**
1497  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1498  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1499  * explanations on what these functions do.
1500  *
1501  * \param de_ctx Pointer to the DetectEngineCtx.
1502  * \param a Pointer the the first address to be cut.
1503  * \param b Pointer to the second address to be cut.
1504  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1505  * ranges from a and b, demand a third address range.
1506  *
1507  * \retval 0 On success.
1508  * \retval -1 On failure.
1509  */
1510 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1511  DetectAddress *b, DetectAddress **c)
1512 {
1513  if (a->ip.family == AF_INET)
1514  return DetectAddressCutIPv4(de_ctx, a, b, c);
1515  else if (a->ip.family == AF_INET6)
1516  return DetectAddressCutIPv6(de_ctx, a, b, c);
1517 
1518  return -1;
1519 }
1520 
1521 /**
1522  * \brief Cuts a negated address range with respect to the entire ip range, and
1523  * supplies with the address range that doesn't belong to the negated
1524  * address range.
1525  *
1526  * There are 2 cases here -
1527  *
1528  * The first case includes the address being located at the extreme ends
1529  * of the ip space, in which we get a single range.
1530  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1531  *
1532  * The second case includes the address not present at either of the
1533  * ip space extremes, in which case we get 2 ranges. The second range
1534  * would be supplied back with the argument "b" supplied to this function.
1535  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1536  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1537  *
1538  * The above negation cases can similarly be extended to ranges, i.e.
1539  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1540  * ![10.20.30.40 - 10.20.30.50].
1541  *
1542  *
1543  * \param a Pointer to the DetectAddressData instance, that contains the negated
1544  * address range that has to be cut.
1545  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1546  * filled with the address range, if the argument "a", doesn't fall at
1547  * the extreme ends of the ip address space.
1548  *
1549  * \retval 0 On success.
1550  * \retval -1 On failure.
1551  */
1552 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1553 {
1554  if (a->ip.family == AF_INET)
1555  return DetectAddressCutNotIPv4(a, b);
1556  else if (a->ip.family == AF_INET6)
1557  return DetectAddressCutNotIPv6(a, b);
1558 
1559  return -1;
1560 }
1561 
1562 /**
1563  * \brief Used to compare 2 address ranges.
1564  *
1565  * \param a Pointer to the first DetectAddressData to be compared.
1566  * \param b Pointer to the second DetectAddressData to be compared.
1567  */
1569 {
1570  if (a->ip.family != b->ip.family)
1571  return ADDRESS_ER;
1572 
1573  if (a->ip.family == AF_INET)
1574  return DetectAddressCmpIPv4(a, b);
1575  else if (a->ip.family == AF_INET6)
1576  return DetectAddressCmpIPv6(a, b);
1577 
1578  return ADDRESS_ER;
1579 }
1580 
1581 /**
1582  * \brief Match a packets address against a signatures addrs array
1583  *
1584  * \param addrs array of DetectMatchAddressIPv4's
1585  * \param addrs_cnt array size in members
1586  * \param a packets address
1587  *
1588  * \retval 0 no match
1589  * \retval 1 match
1590  *
1591  * \note addresses in addrs are in host order
1592  *
1593  * \todo array should be ordered, so we can break out of the loop
1594  */
1596  uint16_t addrs_cnt, const Address *a)
1597 {
1598  SCEnter();
1599 
1600  if (addrs == NULL || addrs_cnt == 0) {
1601  SCReturnInt(0);
1602  }
1603 
1604  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1605  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1606  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1607  {
1608  SCReturnInt(1);
1609  }
1610  }
1611 
1612  SCReturnInt(0);
1613 }
1614 
1615 /**
1616  * \brief Match a packets address against a signatures addrs array
1617  *
1618  * \param addrs array of DetectMatchAddressIPv6's
1619  * \param addrs_cnt array size in members
1620  * \param a packets address
1621  *
1622  * \retval 0 no match
1623  * \retval 1 match
1624  *
1625  * \note addresses in addrs are in host order
1626  *
1627  * \todo array should be ordered, so we can break out of the loop
1628  */
1630  uint16_t addrs_cnt, const Address *a)
1631 {
1632  SCEnter();
1633 
1634  if (addrs == NULL || addrs_cnt == 0) {
1635  SCReturnInt(0);
1636  }
1637 
1638  /* See if the packet address is within the range of any entry in the
1639  * signature's address match array.
1640  */
1641  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1642  uint16_t result1 = 0, result2 = 0;
1643 
1644  /* See if packet address equals either limit. Return 1 if true. */
1645  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1646  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1647  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1648  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1649  {
1650  SCReturnInt(1);
1651  }
1652  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1653  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1654  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1655  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1656  {
1657  SCReturnInt(1);
1658  }
1659 
1660  /* See if packet address is greater than lower limit
1661  * of the current signature address match pair.
1662  */
1663  for (int i = 0; i < 4; i++) {
1664  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1665  result1 = 1;
1666  break;
1667  }
1668  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1669  result1 = 0;
1670  break;
1671  }
1672  }
1673 
1674  /* If not greater than lower limit, try next address match entry */
1675  if (result1 == 0)
1676  continue;
1677 
1678  /* See if packet address is less than upper limit
1679  * of the current signature address match pair.
1680  */
1681  for (int i = 0; i < 4; i++) {
1682  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1683  result2 = 1;
1684  break;
1685  }
1686  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1687  result2 = 0;
1688  break;
1689  }
1690  }
1691 
1692  /* Return a match if packet address is between the two
1693  * signature address match limits.
1694  */
1695  if (result1 == 1 && result2 == 1)
1696  SCReturnInt(1);
1697  }
1698 
1699  SCReturnInt(0);
1700 }
1701 
1702 /**
1703  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1704  * range in the DetectAddress instance.
1705  *
1706  * We basically check that the address falls inbetween the address
1707  * range in DetectAddress.
1708  *
1709  * \param dd Pointer to the DetectAddress instance.
1710  * \param a Pointer to an Address instance.
1711  *
1712  * \param 1 On a match.
1713  * \param 0 On no match.
1714  */
1715 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1716 {
1717  SCEnter();
1718 
1719  if (dd->ip.family != a->family) {
1720  SCReturnInt(0);
1721  }
1722 
1723  //DetectAddressPrint(dd);
1724  //AddressDebugPrint(a);
1725 
1726  switch (a->family) {
1727  case AF_INET:
1728 
1729  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1730  * Address inside DetectAddressData we can do uint8_t checks */
1731  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1732  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1733  {
1734  SCReturnInt(1);
1735  } else {
1736  SCReturnInt(0);
1737  }
1738 
1739  break;
1740  case AF_INET6:
1741  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1742  AddressIPv6Le(a, &dd->ip2) == 1)
1743  {
1744  SCReturnInt(1);
1745  } else {
1746  SCReturnInt(0);
1747  }
1748 
1749  break;
1750  default:
1751  SCLogDebug("What other address type can we have :-/");
1752  break;
1753  }
1754 
1755  SCReturnInt(0);
1756 }
1757 
1758 #ifdef DEBUG
1759 /**
1760  * \brief Prints the address data held by the DetectAddress. If the address
1761  * data family is IPv4, we print the the ipv4 address and mask, and
1762  * if the address data family is IPv6, we print the ipv6 address and
1763  * mask.
1764  *
1765  * \param ad Pointer to the DetectAddress instance to be printed.
1766  */
1767 static void DetectAddressPrint(DetectAddress *gr)
1768 {
1769  if (gr == NULL)
1770  return;
1771 
1772  if (gr->ip.family == AF_INET) {
1773  struct in_addr in;
1774  char ip[16], mask[16];
1775 
1776  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1777  PrintInet(AF_INET, &in, ip, sizeof(ip));
1778  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1779  PrintInet(AF_INET, &in, mask, sizeof(mask));
1780 
1781  SCLogDebug("%s/%s", ip, mask);
1782 // printf("%s/%s", ip, mask);
1783  } else if (gr->ip.family == AF_INET6) {
1784  struct in6_addr in6;
1785  char ip[66], mask[66];
1786 
1787  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1788  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1789  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1790  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1791 
1792  SCLogDebug("%s/%s", ip, mask);
1793 // printf("%s/%s", ip, mask);
1794  }
1795 
1796  return;
1797 }
1798 #endif
1799 
1800 /**
1801  * \brief Find the group matching address in a group head.
1802  *
1803  * \param gh Pointer to the address group head(DetectAddressHead instance).
1804  * \param a Pointer to an Address instance.
1805  *
1806  * \retval g On success pointer to an DetectAddress if we find a match
1807  * for the Address "a", in the DetectAddressHead "gh".
1808  */
1810 {
1811  SCEnter();
1812 
1813  DetectAddress *g = NULL;
1814 
1815  if (gh == NULL) {
1816  SCReturnPtr(NULL, "DetectAddress");
1817  }
1818 
1819  /* XXX should we really do this check every time we run this function? */
1820  if (a->family == AF_INET) {
1821  SCLogDebug("IPv4");
1822  g = gh->ipv4_head;
1823  } else if (a->family == AF_INET6) {
1824  SCLogDebug("IPv6");
1825  g = gh->ipv6_head;
1826  }
1827 
1828  for ( ; g != NULL; g = g->next) {
1829  if (DetectAddressMatch(g,a) == 1) {
1830  SCReturnPtr(g, "DetectAddress");
1831  }
1832  }
1833 
1834  SCReturnPtr(NULL, "DetectAddress");
1835 }
1836 
1837 /********************************Unittests*************************************/
1838 
1839 #ifdef UNITTESTS
1840 
1841 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1842 {
1843  char str1[46] = "", str2[46] = "";
1844 
1845  if (ad == NULL)
1846  return FALSE;
1847 
1848  switch(ad->ip.family) {
1849  case AF_INET:
1850  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1851  SCLogDebug("%s", str1);
1852  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1853  SCLogDebug("%s", str2);
1854 
1855  if (strcmp(str1, one) != 0) {
1856  SCLogInfo("%s != %s", str1, one);
1857  return FALSE;
1858  }
1859 
1860  if (strcmp(str2, two) != 0) {
1861  SCLogInfo("%s != %s", str2, two);
1862  return FALSE;
1863  }
1864 
1865  return TRUE;
1866  break;
1867 
1868  case AF_INET6:
1869  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1870  SCLogDebug("%s", str1);
1871  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1872  SCLogDebug("%s", str2);
1873 
1874  if (strcmp(str1, one) != 0) {
1875  SCLogInfo("%s != %s", str1, one);
1876  return FALSE;
1877  }
1878 
1879  if (strcmp(str2, two) != 0) {
1880  SCLogInfo("%s != %s", str2, two);
1881  return FALSE;
1882  }
1883 
1884  return TRUE;
1885  break;
1886  }
1887 
1888  return FALSE;
1889 }
1890 
1892  const char *one;
1893  const char *two;
1895 
1896 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1897 {
1898  int expect = nranges;
1899  int have = 0;
1900 
1901  if (gh == NULL)
1902  return FALSE;
1903 
1904  DetectAddress *ad = NULL;
1905  ad = gh->ipv4_head;
1906  if (ad == NULL)
1907  ad = gh->ipv6_head;
1908  while (have < expect) {
1909  if (ad == NULL) {
1910  printf("bad head: have %d ranges, expected %d: ", have, expect);
1911  return FALSE;
1912  }
1913 
1914  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1915  return FALSE;
1916 
1917  ad = ad->next;
1918  have++;
1919  }
1920 
1921  return TRUE;
1922 }
1923 
1924 static int AddressTestParse01(void)
1925 {
1926  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1927 
1928  if (dd) {
1929  DetectAddressFree(dd);
1930  return 1;
1931  }
1932 
1933  return 0;
1934 }
1935 
1936 static int AddressTestParse02(void)
1937 {
1938  int result = 1;
1939  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1940 
1941  if (dd) {
1942  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1943  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1944  result = 0;
1945  }
1946 
1947  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1948  DetectAddressFree(dd);
1949  return result;
1950  }
1951 
1952  return 0;
1953 }
1954 
1955 static int AddressTestParse03(void)
1956 {
1957  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1958 
1959  if (dd) {
1960  DetectAddressFree(dd);
1961  return 1;
1962  }
1963 
1964  return 0;
1965 }
1966 
1967 static int AddressTestParse04(void)
1968 {
1969  int result = 1;
1970  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1971 
1972  if (dd) {
1973  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
1974  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
1975  result = 0;
1976  }
1977 
1978  DetectAddressFree(dd);
1979  return result;
1980  }
1981 
1982  return 0;
1983 }
1984 
1985 static int AddressTestParse05(void)
1986 {
1987  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1988 
1989  if (dd) {
1990  DetectAddressFree(dd);
1991  return 1;
1992  }
1993 
1994  return 0;
1995 }
1996 
1997 static int AddressTestParse06(void)
1998 {
1999  int result = 1;
2000  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2001 
2002  if (dd) {
2003  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2004  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2005  result = 0;
2006  }
2007 
2008  DetectAddressFree(dd);
2009  return result;
2010  }
2011 
2012  return 0;
2013 }
2014 
2015 static int AddressTestParse07(void)
2016 {
2017  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2018 
2019  if (dd) {
2020  DetectAddressFree(dd);
2021  return 1;
2022  }
2023 
2024  return 0;
2025 }
2026 
2027 static int AddressTestParse08(void)
2028 {
2029  int result = 1;
2030  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2031 
2032  if (dd) {
2033  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2034  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2035 
2036  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2037  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2038  DetectAddressPrint(dd);
2039  result = 0;
2040  }
2041 
2042  DetectAddressFree(dd);
2043  return result;
2044  }
2045 
2046  return 0;
2047 }
2048 
2049 static int AddressTestParse09(void)
2050 {
2051  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2052 
2053  if (dd) {
2054  DetectAddressFree(dd);
2055  return 1;
2056  }
2057 
2058  return 0;
2059 }
2060 
2061 static int AddressTestParse10(void)
2062 {
2063  int result = 1;
2064  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2065 
2066  if (dd) {
2067  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2068  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2069 
2070  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2071  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2072  DetectAddressPrint(dd);
2073  result = 0;
2074  }
2075 
2076  DetectAddressFree(dd);
2077  return result;
2078  }
2079 
2080  return 0;
2081 }
2082 
2083 static int AddressTestParse11(void)
2084 {
2085  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2086 
2087  if (dd) {
2088  DetectAddressFree(dd);
2089  return 1;
2090  }
2091 
2092  return 0;
2093 }
2094 
2095 static int AddressTestParse12(void)
2096 {
2097  int result = 1;
2098  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2099 
2100  if (dd) {
2101  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2102  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2103 
2104  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2105  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2106  DetectAddressPrint(dd);
2107  result = 0;
2108  }
2109 
2110  DetectAddressFree(dd);
2111  return result;
2112  }
2113 
2114  return 0;
2115 }
2116 static int AddressTestParse13(void)
2117 {
2118  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2119 
2120  if (dd) {
2121  DetectAddressFree(dd);
2122  return 1;
2123  }
2124 
2125  return 0;
2126 }
2127 
2128 static int AddressTestParse14(void)
2129 {
2130  int result = 1;
2131  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2132 
2133  if (dd) {
2134  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2135  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2136 
2137  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2138  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2139  result = 0;
2140  }
2141 
2142  DetectAddressFree(dd);
2143  return result;
2144  }
2145 
2146  return 0;
2147 }
2148 
2149 static int AddressTestParse15(void)
2150 {
2151  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2152 
2153  if (dd) {
2154  DetectAddressFree(dd);
2155  return 1;
2156  }
2157 
2158  return 0;
2159 }
2160 
2161 static int AddressTestParse16(void)
2162 {
2163  int result = 1;
2164  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2165 
2166  if (dd) {
2167  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2168  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2169 
2170  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2171  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2172  result = 0;
2173  }
2174 
2175  DetectAddressFree(dd);
2176  return result;
2177  }
2178 
2179  return 0;
2180 }
2181 
2182 static int AddressTestParse17(void)
2183 {
2184  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2185 
2186  if (dd) {
2187  DetectAddressFree(dd);
2188  return 1;
2189  }
2190 
2191  return 0;
2192 }
2193 
2194 static int AddressTestParse18(void)
2195 {
2196  int result = 1;
2197  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2198 
2199  if (dd) {
2200  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2201  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2202  result = 0;
2203  }
2204 
2205  DetectAddressFree(dd);
2206  return result;
2207  }
2208 
2209  return 0;
2210 }
2211 
2212 static int AddressTestParse19(void)
2213 {
2214  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2215 
2216  if (dd) {
2217  DetectAddressFree(dd);
2218  return 0;
2219  }
2220 
2221  return 1;
2222 }
2223 
2224 static int AddressTestParse20(void)
2225 {
2226  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2227 
2228  if (dd) {
2229  DetectAddressFree(dd);
2230  return 1;
2231  }
2232 
2233  return 0;
2234 }
2235 
2236 static int AddressTestParse21(void)
2237 {
2238  int result = 1;
2239  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2240 
2241  if (dd) {
2242  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2243  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2244 
2245  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2246  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2247  result = 0;
2248  }
2249 
2250  DetectAddressFree(dd);
2251  return result;
2252  }
2253 
2254  return 0;
2255 }
2256 
2257 static int AddressTestParse22(void)
2258 {
2259  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2260 
2261  if (dd) {
2262  DetectAddressFree(dd);
2263  return 0;
2264  }
2265 
2266  return 1;
2267 }
2268 
2269 static int AddressTestParse23(void)
2270 {
2271  DetectAddressHead *gh = DetectAddressHeadInit();
2272  FAIL_IF_NULL(gh);
2273  int r = DetectAddressParse(NULL, gh, "any");
2274  FAIL_IF_NOT(r == 0);
2275  DetectAddressHeadFree(gh);
2276  PASS;
2277 }
2278 
2279 static int AddressTestParse24(void)
2280 {
2281  DetectAddressHead *gh = DetectAddressHeadInit();
2282  FAIL_IF_NULL(gh);
2283  int r = DetectAddressParse(NULL, gh, "Any");
2284  FAIL_IF_NOT(r == 0);
2285  DetectAddressHeadFree(gh);
2286  PASS;
2287 }
2288 
2289 static int AddressTestParse25(void)
2290 {
2291  DetectAddressHead *gh = DetectAddressHeadInit();
2292  FAIL_IF_NULL(gh);
2293  int r = DetectAddressParse(NULL, gh, "ANY");
2294  FAIL_IF_NOT(r == 0);
2295  DetectAddressHeadFree(gh);
2296  PASS;
2297 }
2298 
2299 static int AddressTestParse27(void)
2300 {
2301  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2302 
2303  if (dd) {
2304  DetectAddressFree(dd);
2305  return 1;
2306  }
2307 
2308  return 0;
2309 }
2310 
2311 static int AddressTestParse28(void)
2312 {
2313  int result = 0;
2314  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2315 
2316  if (dd) {
2317  if (dd->flags & ADDRESS_FLAG_NOT &&
2318  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2319  result = 1;
2320  }
2321 
2322  DetectAddressFree(dd);
2323  return result;
2324  }
2325 
2326  return 0;
2327 }
2328 
2329 static int AddressTestParse29(void)
2330 {
2331  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2332 
2333  if (dd) {
2334  DetectAddressFree(dd);
2335  return 1;
2336  }
2337 
2338  return 0;
2339 }
2340 
2341 static int AddressTestParse30(void)
2342 {
2343  int result = 0;
2344  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2345 
2346  if (dd) {
2347  if (dd->flags & ADDRESS_FLAG_NOT &&
2348  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2349  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2350  result = 1;
2351  }
2352 
2353  DetectAddressFree(dd);
2354  return result;
2355  }
2356 
2357  return 0;
2358 }
2359 
2360 /**
2361  * \test make sure !any is rejected
2362  */
2363 static int AddressTestParse31(void)
2364 {
2365  DetectAddress *dd = DetectAddressParseSingle("!any");
2366 
2367  if (dd) {
2368  DetectAddressFree(dd);
2369  return 0;
2370  }
2371 
2372  return 1;
2373 }
2374 
2375 static int AddressTestParse32(void)
2376 {
2377  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2378 
2379  if (dd) {
2380  DetectAddressFree(dd);
2381  return 1;
2382  }
2383 
2384  return 0;
2385 }
2386 
2387 static int AddressTestParse33(void)
2388 {
2389  int result = 0;
2390  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2391 
2392  if (dd) {
2393  if (dd->flags & ADDRESS_FLAG_NOT &&
2394  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2395  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2396  result = 1;
2397  }
2398 
2399  DetectAddressFree(dd);
2400  return result;
2401  }
2402 
2403  return 0;
2404 }
2405 
2406 static int AddressTestParse34(void)
2407 {
2408  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2409 
2410  if (dd) {
2411  DetectAddressFree(dd);
2412  return 1;
2413  }
2414 
2415  return 0;
2416 }
2417 
2418 static int AddressTestParse35(void)
2419 {
2420  int result = 0;
2421  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2422 
2423  if (dd) {
2424  if (dd->flags & ADDRESS_FLAG_NOT &&
2425  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2426  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2427 
2428  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2429  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2430  result = 1;
2431  }
2432 
2433  DetectAddressFree(dd);
2434  return result;
2435  }
2436 
2437  return 0;
2438 }
2439 
2440 static int AddressTestParse36(void)
2441 {
2442  int result = 1;
2443  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2444 
2445  if (dd) {
2446  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2447  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2448 
2449  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2450  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2451 
2452  DetectAddressPrint(dd);
2453  result = 0;
2454  }
2455  DetectAddressPrint(dd);
2456 
2457  DetectAddressFree(dd);
2458  return result;
2459  }
2460 
2461  return 0;
2462 }
2463 
2464 static int AddressTestParse37(void)
2465 {
2466  int result = 1;
2467  DetectAddress *dd = DetectAddressParseSingle("::/0");
2468 
2469  if (dd) {
2470  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2471  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2472 
2473  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2474  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2475  DetectAddressPrint(dd);
2476  result = 0;
2477  }
2478  DetectAddressPrint(dd);
2479 
2480  DetectAddressFree(dd);
2481  return result;
2482  }
2483 
2484  return 0;
2485 }
2486 
2487 static int AddressTestMatch01(void)
2488 {
2489  DetectAddress *dd = NULL;
2490  int result = 1;
2491  struct in_addr in;
2492  Address a;
2493 
2494  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2495  return 0;
2496  memset(&a, 0, sizeof(Address));
2497  a.family = AF_INET;
2498  a.addr_data32[0] = in.s_addr;
2499 
2500  dd = DetectAddressParseSingle("1.2.3.4/24");
2501  if (dd) {
2502  if (DetectAddressMatch(dd, &a) == 0)
2503  result = 0;
2504 
2505  DetectAddressFree(dd);
2506  return result;
2507  }
2508 
2509  return 0;
2510 }
2511 
2512 static int AddressTestMatch02(void)
2513 {
2514  DetectAddress *dd = NULL;
2515  int result = 1;
2516  struct in_addr in;
2517  Address a;
2518 
2519  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2520  return 0;
2521  memset(&a, 0, sizeof(Address));
2522  a.family = AF_INET;
2523  a.addr_data32[0] = in.s_addr;
2524 
2525  dd = DetectAddressParseSingle("1.2.3.4/25");
2526  if (dd) {
2527  if (DetectAddressMatch(dd, &a) == 0)
2528  result = 0;
2529 
2530  DetectAddressFree(dd);
2531  return result;
2532  }
2533 
2534  return 0;
2535 }
2536 
2537 static int AddressTestMatch03(void)
2538 {
2539  DetectAddress *dd = NULL;
2540  int result = 1;
2541  struct in_addr in;
2542  Address a;
2543 
2544  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2545  return 0;
2546  memset(&a, 0, sizeof(Address));
2547  a.family = AF_INET;
2548  a.addr_data32[0] = in.s_addr;
2549 
2550  dd = DetectAddressParseSingle("1.2.3.4/25");
2551  if (dd) {
2552  if (DetectAddressMatch(dd, &a) == 1)
2553  result = 0;
2554 
2555  DetectAddressFree(dd);
2556  return result;
2557  }
2558 
2559  return 0;
2560 }
2561 
2562 static int AddressTestMatch04(void)
2563 {
2564  DetectAddress *dd = NULL;
2565  int result = 1;
2566  struct in_addr in;
2567  Address a;
2568 
2569  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2570  return 0;
2571  memset(&a, 0, sizeof(Address));
2572  a.family = AF_INET;
2573  a.addr_data32[0] = in.s_addr;
2574 
2575  dd = DetectAddressParseSingle("1.2.3.4/25");
2576  if (dd) {
2577  if (DetectAddressMatch(dd, &a) == 1)
2578  result = 0;
2579 
2580  DetectAddressFree(dd);
2581  return result;
2582  }
2583 
2584  return 0;
2585 }
2586 
2587 static int AddressTestMatch05(void)
2588 {
2589  DetectAddress *dd = NULL;
2590  int result = 1;
2591  struct in_addr in;
2592  Address a;
2593 
2594  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2595  return 0;
2596  memset(&a, 0, sizeof(Address));
2597  a.family = AF_INET;
2598  a.addr_data32[0] = in.s_addr;
2599 
2600  dd = DetectAddressParseSingle("1.2.3.4/32");
2601  if (dd) {
2602  if (DetectAddressMatch(dd, &a) == 0)
2603  result = 0;
2604 
2605  DetectAddressFree(dd);
2606  return result;
2607  }
2608 
2609  return 0;
2610 }
2611 
2612 static int AddressTestMatch06(void)
2613 {
2614  DetectAddress *dd = NULL;
2615  int result = 1;
2616  struct in_addr in;
2617  Address a;
2618 
2619  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2620  return 0;
2621  memset(&a, 0, sizeof(Address));
2622  a.family = AF_INET;
2623  a.addr_data32[0] = in.s_addr;
2624 
2625  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2626  if (dd) {
2627  if (DetectAddressMatch(dd, &a) == 0)
2628  result = 0;
2629 
2630  DetectAddressFree(dd);
2631  return result;
2632  }
2633 
2634  return 0;
2635 }
2636 
2637 static int AddressTestMatch07(void)
2638 {
2639  DetectAddress *dd = NULL;
2640  int result = 1;
2641  struct in6_addr in6;
2642  Address a;
2643 
2644  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2645  return 0;
2646  memset(&a, 0, sizeof(Address));
2647  a.family = AF_INET6;
2648  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2649 
2650  dd = DetectAddressParseSingle("2001::/3");
2651  if (dd) {
2652  if (DetectAddressMatch(dd, &a) == 0)
2653  result = 0;
2654 
2655  DetectAddressFree(dd);
2656  return result;
2657  }
2658 
2659  return 0;
2660 }
2661 
2662 static int AddressTestMatch08(void)
2663 {
2664  DetectAddress *dd = NULL;
2665  int result = 1;
2666  struct in6_addr in6;
2667  Address a;
2668 
2669  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2670  return 0;
2671  memset(&a, 0, sizeof(Address));
2672  a.family = AF_INET6;
2673  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2674 
2675  dd = DetectAddressParseSingle("2001::/3");
2676  if (dd) {
2677  if (DetectAddressMatch(dd, &a) == 1)
2678  result = 0;
2679 
2680  DetectAddressFree(dd);
2681  return result;
2682  }
2683 
2684  return 0;
2685 }
2686 
2687 static int AddressTestMatch09(void)
2688 {
2689  DetectAddress *dd = NULL;
2690  int result = 1;
2691  struct in6_addr in6;
2692  Address a;
2693 
2694  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2695  return 0;
2696  memset(&a, 0, sizeof(Address));
2697  a.family = AF_INET6;
2698  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2699 
2700  dd = DetectAddressParseSingle("2001::1/128");
2701  if (dd) {
2702  if (DetectAddressMatch(dd, &a) == 1)
2703  result = 0;
2704 
2705  DetectAddressFree(dd);
2706  return result;
2707  }
2708 
2709  return 0;
2710 }
2711 
2712 static int AddressTestMatch10(void)
2713 {
2714  DetectAddress *dd = NULL;
2715  int result = 1;
2716  struct in6_addr in6;
2717  Address a;
2718 
2719  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2720  return 0;
2721  memset(&a, 0, sizeof(Address));
2722  a.family = AF_INET6;
2723  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2724 
2725  dd = DetectAddressParseSingle("2001::1/126");
2726  if (dd) {
2727  if (DetectAddressMatch(dd, &a) == 0)
2728  result = 0;
2729 
2730  DetectAddressFree(dd);
2731  return result;
2732  }
2733 
2734  return 0;
2735 }
2736 
2737 static int AddressTestMatch11(void)
2738 {
2739  DetectAddress *dd = NULL;
2740  int result = 1;
2741  struct in6_addr in6;
2742  Address a;
2743 
2744  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2745  return 0;
2746  memset(&a, 0, sizeof(Address));
2747  a.family = AF_INET6;
2748  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2749 
2750  dd = DetectAddressParseSingle("2001::1/127");
2751  if (dd) {
2752  if (DetectAddressMatch(dd, &a) == 1)
2753  result = 0;
2754 
2755  DetectAddressFree(dd);
2756  return result;
2757  }
2758 
2759  return 0;
2760 }
2761 
2762 static int AddressTestCmp01(void)
2763 {
2764  DetectAddress *da = NULL, *db = NULL;
2765  int result = 1;
2766 
2767  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2768  if (da == NULL) goto error;
2769  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2770  if (db == NULL) goto error;
2771 
2772  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2773  result = 0;
2774 
2775  DetectAddressFree(da);
2776  DetectAddressFree(db);
2777  return result;
2778 
2779 error:
2780  if (da) DetectAddressFree(da);
2781  if (db) DetectAddressFree(db);
2782  return 0;
2783 }
2784 
2785 static int AddressTestCmp02(void)
2786 {
2787  DetectAddress *da = NULL, *db = NULL;
2788  int result = 1;
2789 
2790  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2791  if (da == NULL) goto error;
2792  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2793  if (db == NULL) goto error;
2794 
2795  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2796  result = 0;
2797 
2798  DetectAddressFree(da);
2799  DetectAddressFree(db);
2800  return result;
2801 
2802 error:
2803  if (da) DetectAddressFree(da);
2804  if (db) DetectAddressFree(db);
2805  return 0;
2806 }
2807 
2808 static int AddressTestCmp03(void)
2809 {
2810  DetectAddress *da = NULL, *db = NULL;
2811  int result = 1;
2812 
2813  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2814  if (da == NULL) goto error;
2815  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2816  if (db == NULL) goto error;
2817 
2818  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2819  result = 0;
2820 
2821  DetectAddressFree(da);
2822  DetectAddressFree(db);
2823  return result;
2824 
2825 error:
2826  if (da) DetectAddressFree(da);
2827  if (db) DetectAddressFree(db);
2828  return 0;
2829 }
2830 
2831 static int AddressTestCmp04(void)
2832 {
2833  DetectAddress *da = NULL, *db = NULL;
2834  int result = 1;
2835 
2836  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2837  if (da == NULL) goto error;
2838  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2839  if (db == NULL) goto error;
2840 
2841  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2842  result = 0;
2843 
2844  DetectAddressFree(da);
2845  DetectAddressFree(db);
2846  return result;
2847 
2848 error:
2849  if (da) DetectAddressFree(da);
2850  if (db) DetectAddressFree(db);
2851  return 0;
2852 }
2853 
2854 static int AddressTestCmp05(void)
2855 {
2856  DetectAddress *da = NULL, *db = NULL;
2857  int result = 1;
2858 
2859  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2860  if (da == NULL) goto error;
2861  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2862  if (db == NULL) goto error;
2863 
2864  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2865  result = 0;
2866 
2867  DetectAddressFree(da);
2868  DetectAddressFree(db);
2869  return result;
2870 
2871 error:
2872  if (da) DetectAddressFree(da);
2873  if (db) DetectAddressFree(db);
2874  return 0;
2875 }
2876 
2877 static int AddressTestCmp06(void)
2878 {
2879  DetectAddress *da = NULL, *db = NULL;
2880  int result = 1;
2881 
2882  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2883  if (da == NULL) goto error;
2884  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2885  if (db == NULL) goto error;
2886 
2887  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2888  result = 0;
2889 
2890  DetectAddressFree(da);
2891  DetectAddressFree(db);
2892  return result;
2893 
2894 error:
2895  if (da) DetectAddressFree(da);
2896  if (db) DetectAddressFree(db);
2897  return 0;
2898 }
2899 
2900 static int AddressTestCmpIPv407(void)
2901 {
2902  DetectAddress *da = NULL, *db = NULL;
2903  int result = 1;
2904 
2905  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2906  if (da == NULL) goto error;
2907  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2908  if (db == NULL) goto error;
2909 
2910  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2911  result = 0;
2912 
2913  DetectAddressFree(da);
2914  DetectAddressFree(db);
2915  return result;
2916 
2917 error:
2918  if (da) DetectAddressFree(da);
2919  if (db) DetectAddressFree(db);
2920  return 0;
2921 }
2922 
2923 static int AddressTestCmpIPv408(void)
2924 {
2925  DetectAddress *da = NULL, *db = NULL;
2926  int result = 1;
2927 
2928  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2929  if (da == NULL) goto error;
2930  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2931  if (db == NULL) goto error;
2932 
2933  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2934  result = 0;
2935 
2936  DetectAddressFree(da);
2937  DetectAddressFree(db);
2938  return result;
2939 
2940 error:
2941  if (da) DetectAddressFree(da);
2942  if (db) DetectAddressFree(db);
2943  return 0;
2944 }
2945 
2946 static int AddressTestCmp07(void)
2947 {
2948  DetectAddress *da = NULL, *db = NULL;
2949  int result = 1;
2950 
2951  da = DetectAddressParseSingle("2001::/3");
2952  if (da == NULL) goto error;
2953  db = DetectAddressParseSingle("2001::1/3");
2954  if (db == NULL) goto error;
2955 
2956  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2957  result = 0;
2958 
2959  DetectAddressFree(da);
2960  DetectAddressFree(db);
2961  return result;
2962 
2963 error:
2964  if (da) DetectAddressFree(da);
2965  if (db) DetectAddressFree(db);
2966  return 0;
2967 }
2968 
2969 static int AddressTestCmp08(void)
2970 {
2971  DetectAddress *da = NULL, *db = NULL;
2972  int result = 1;
2973 
2974  da = DetectAddressParseSingle("2001::/3");
2975  if (da == NULL) goto error;
2976  db = DetectAddressParseSingle("2001::/8");
2977  if (db == NULL) goto error;
2978 
2979  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2980  result = 0;
2981 
2982  DetectAddressFree(da);
2983  DetectAddressFree(db);
2984  return result;
2985 
2986 error:
2987  if (da) DetectAddressFree(da);
2988  if (db) DetectAddressFree(db);
2989  return 0;
2990 }
2991 
2992 static int AddressTestCmp09(void)
2993 {
2994  DetectAddress *da = NULL, *db = NULL;
2995  int result = 1;
2996 
2997  da = DetectAddressParseSingle("2001::/8");
2998  if (da == NULL) goto error;
2999  db = DetectAddressParseSingle("2001::/3");
3000  if (db == NULL) goto error;
3001 
3002  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3003  result = 0;
3004 
3005  DetectAddressFree(da);
3006  DetectAddressFree(db);
3007  return result;
3008 
3009 error:
3010  if (da) DetectAddressFree(da);
3011  if (db) DetectAddressFree(db);
3012  return 0;
3013 }
3014 
3015 static int AddressTestCmp10(void)
3016 {
3017  DetectAddress *da = NULL, *db = NULL;
3018  int result = 1;
3019 
3020  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3021  if (da == NULL) goto error;
3022  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3023  if (db == NULL) goto error;
3024 
3025  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3026  result = 0;
3027 
3028  DetectAddressFree(da);
3029  DetectAddressFree(db);
3030  return result;
3031 
3032 error:
3033  if (da) DetectAddressFree(da);
3034  if (db) DetectAddressFree(db);
3035  return 0;
3036 }
3037 
3038 static int AddressTestCmp11(void)
3039 {
3040  DetectAddress *da = NULL, *db = NULL;
3041  int result = 1;
3042 
3043  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3044  if (da == NULL) goto error;
3045  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3046  if (db == NULL) goto error;
3047 
3048  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3049  result = 0;
3050 
3051  DetectAddressFree(da);
3052  DetectAddressFree(db);
3053  return result;
3054 
3055 error:
3056  if (da) DetectAddressFree(da);
3057  if (db) DetectAddressFree(db);
3058  return 0;
3059 }
3060 
3061 static int AddressTestCmp12(void)
3062 {
3063  DetectAddress *da = NULL, *db = NULL;
3064  int result = 1;
3065 
3066  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3067  if (da == NULL) goto error;
3068  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3069  if (db == NULL) goto error;
3070 
3071  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3072  result = 0;
3073 
3074  DetectAddressFree(da);
3075  DetectAddressFree(db);
3076  return result;
3077 
3078 error:
3079  if (da) DetectAddressFree(da);
3080  if (db) DetectAddressFree(db);
3081  return 0;
3082 }
3083 
3084 static int AddressTestAddressGroupSetup01(void)
3085 {
3086  int result = 0;
3087  DetectAddressHead *gh = DetectAddressHeadInit();
3088 
3089  if (gh != NULL) {
3090  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3091  if (r == 0)
3092  result = 1;
3093 
3094  DetectAddressHeadFree(gh);
3095  }
3096  return result;
3097 }
3098 
3099 static int AddressTestAddressGroupSetup02(void)
3100 {
3101  int result = 0;
3102  DetectAddressHead *gh = DetectAddressHeadInit();
3103 
3104  if (gh != NULL) {
3105  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3106  if (r == 0 && gh->ipv4_head != NULL)
3107  result = 1;
3108 
3109  DetectAddressHeadFree(gh);
3110  }
3111  return result;
3112 }
3113 
3114 static int AddressTestAddressGroupSetup03(void)
3115 {
3116  int result = 0;
3117  DetectAddressHead *gh = DetectAddressHeadInit();
3118 
3119  if (gh != NULL) {
3120  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3121  if (r == 0 && gh->ipv4_head != NULL) {
3122  DetectAddress *prev_head = gh->ipv4_head;
3123 
3124  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3125  if (r == 0 && gh->ipv4_head != prev_head &&
3126  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3127  result = 1;
3128  }
3129  }
3130 
3131  DetectAddressHeadFree(gh);
3132  }
3133  return result;
3134 }
3135 
3136 static int AddressTestAddressGroupSetup04(void)
3137 {
3138  int result = 0;
3139  DetectAddressHead *gh = DetectAddressHeadInit();
3140 
3141  if (gh != NULL) {
3142  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3143  if (r == 0 && gh->ipv4_head != NULL) {
3144  DetectAddress *prev_head = gh->ipv4_head;
3145 
3146  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3147  if (r == 0 && gh->ipv4_head != prev_head &&
3148  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3149  DetectAddress *ph = gh->ipv4_head;
3150 
3151  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3152  if (r == 0 && gh->ipv4_head != ph &&
3153  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3154  result = 1;
3155  }
3156  }
3157  }
3158 
3159  DetectAddressHeadFree(gh);
3160  }
3161  return result;
3162 }
3163 
3164 static int AddressTestAddressGroupSetup05(void)
3165 {
3166  int result = 0;
3167  DetectAddressHead *gh = DetectAddressHeadInit();
3168 
3169  if (gh != NULL) {
3170  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3171  if (r == 0 && gh->ipv4_head != NULL) {
3172  DetectAddress *prev_head = gh->ipv4_head;
3173 
3174  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3175  if (r == 0 && gh->ipv4_head == prev_head &&
3176  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3177  DetectAddress *ph = gh->ipv4_head;
3178 
3179  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3180  if (r == 0 && gh->ipv4_head == ph &&
3181  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3182  result = 1;
3183  }
3184  }
3185  }
3186 
3187  DetectAddressHeadFree(gh);
3188  }
3189  return result;
3190 }
3191 
3192 static int AddressTestAddressGroupSetup06(void)
3193 {
3194  int result = 0;
3195  DetectAddressHead *gh = DetectAddressHeadInit();
3196 
3197  if (gh != NULL) {
3198  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3199  if (r == 0 && gh->ipv4_head != NULL) {
3200  DetectAddress *prev_head = gh->ipv4_head;
3201 
3202  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3203  if (r == 0 && gh->ipv4_head == prev_head &&
3204  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3205  result = 1;
3206  }
3207  }
3208 
3209  DetectAddressHeadFree(gh);
3210  }
3211  return result;
3212 }
3213 
3214 static int AddressTestAddressGroupSetup07(void)
3215 {
3216  int result = 0;
3217  DetectAddressHead *gh = DetectAddressHeadInit();
3218 
3219  if (gh != NULL) {
3220  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3221  if (r == 0 && gh->ipv4_head != NULL) {
3222  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3223  if (r == 0 && gh->ipv4_head != NULL &&
3224  gh->ipv4_head->next != NULL &&
3225  gh->ipv4_head->next->next != NULL) {
3226  result = 1;
3227  }
3228  }
3229 
3230  DetectAddressHeadFree(gh);
3231  }
3232  return result;
3233 }
3234 
3235 static int AddressTestAddressGroupSetup08(void)
3236 {
3237  int result = 0;
3238  DetectAddressHead *gh = DetectAddressHeadInit();
3239 
3240  if (gh != NULL) {
3241  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3242  if (r == 0 && gh->ipv4_head != NULL) {
3243  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3244  if (r == 0 && gh->ipv4_head != NULL &&
3245  gh->ipv4_head->next != NULL &&
3246  gh->ipv4_head->next->next != NULL) {
3247  result = 1;
3248  }
3249  }
3250 
3251  DetectAddressHeadFree(gh);
3252  }
3253  return result;
3254 }
3255 
3256 static int AddressTestAddressGroupSetup09(void)
3257 {
3258  int result = 0;
3259  DetectAddressHead *gh = DetectAddressHeadInit();
3260 
3261  if (gh != NULL) {
3262  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3263  if (r == 0 && gh->ipv4_head != NULL) {
3264  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3265  if (r == 0 && gh->ipv4_head != NULL &&
3266  gh->ipv4_head->next != NULL &&
3267  gh->ipv4_head->next->next != NULL) {
3268  result = 1;
3269  }
3270  }
3271 
3272  DetectAddressHeadFree(gh);
3273  }
3274  return result;
3275 }
3276 
3277 static int AddressTestAddressGroupSetup10(void)
3278 {
3279  int result = 0;
3280  DetectAddressHead *gh = DetectAddressHeadInit();
3281 
3282  if (gh != NULL) {
3283  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3284  if (r == 0 && gh->ipv4_head != NULL) {
3285  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3286  if (r == 0 && gh->ipv4_head != NULL &&
3287  gh->ipv4_head->next != NULL &&
3288  gh->ipv4_head->next->next != NULL) {
3289  result = 1;
3290  }
3291  }
3292 
3293  DetectAddressHeadFree(gh);
3294  }
3295  return result;
3296 }
3297 
3298 static int AddressTestAddressGroupSetup11(void)
3299 {
3300  int result = 0;
3301  DetectAddressHead *gh = DetectAddressHeadInit();
3302 
3303  if (gh != NULL) {
3304  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3305  if (r == 0) {
3306  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3307  if (r == 0) {
3308  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3309  if (r == 0) {
3310  DetectAddress *one = gh->ipv4_head, *two = one->next,
3311  *three = two->next, *four = three->next,
3312  *five = four->next;
3313 
3314  /* result should be:
3315  * 0.0.0.0/10.10.9.255
3316  * 10.10.10.0/10.10.10.9
3317  * 10.10.10.10/10.10.10.255
3318  * 10.10.11.0/10.10.11.1
3319  * 10.10.11.2/255.255.255.255
3320  */
3321  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3322  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3323  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3324  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3325  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3326  result = 1;
3327  }
3328  }
3329  }
3330  }
3331 
3332  DetectAddressHeadFree(gh);
3333  }
3334  return result;
3335 }
3336 
3337 static int AddressTestAddressGroupSetup12 (void)
3338 {
3339  int result = 0;
3340  DetectAddressHead *gh = DetectAddressHeadInit();
3341 
3342  if (gh != NULL) {
3343  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3344  if (r == 0) {
3345  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3346  if (r == 0) {
3347  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3348  if (r == 0) {
3349  DetectAddress *one = gh->ipv4_head, *two = one->next,
3350  *three = two->next, *four = three->next,
3351  *five = four->next;
3352 
3353  /* result should be:
3354  * 0.0.0.0/10.10.9.255
3355  * 10.10.10.0/10.10.10.9
3356  * 10.10.10.10/10.10.10.255
3357  * 10.10.11.0/10.10.11.1
3358  * 10.10.11.2/255.255.255.255
3359  */
3360  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3361  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3362  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3363  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3364  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3365  result = 1;
3366  }
3367  }
3368  }
3369  }
3370 
3371  DetectAddressHeadFree(gh);
3372  }
3373  return result;
3374 }
3375 
3376 static int AddressTestAddressGroupSetup13(void)
3377 {
3378  int result = 0;
3379  DetectAddressHead *gh = DetectAddressHeadInit();
3380 
3381  if (gh != NULL) {
3382  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3383  if (r == 0) {
3384  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3385  if (r == 0) {
3386  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3387  if (r == 0) {
3388  DetectAddress *one = gh->ipv4_head, *two = one->next,
3389  *three = two->next, *four = three->next,
3390  *five = four->next;
3391 
3392  /* result should be:
3393  * 0.0.0.0/10.10.9.255
3394  * 10.10.10.0/10.10.10.9
3395  * 10.10.10.10/10.10.10.255
3396  * 10.10.11.0/10.10.11.1
3397  * 10.10.11.2/255.255.255.255
3398  */
3399  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3400  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3401  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3402  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3403  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3404  result = 1;
3405  }
3406  }
3407  }
3408  }
3409 
3410  DetectAddressHeadFree(gh);
3411  }
3412  return result;
3413 }
3414 
3415 static int AddressTestAddressGroupSetupIPv414(void)
3416 {
3417  DetectAddressHead *gh = DetectAddressHeadInit();
3418  FAIL_IF_NULL(gh);
3419 
3420  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3421  FAIL_IF_NOT(r == 1);
3422 
3423  DetectAddress *one = gh->ipv4_head;
3424  FAIL_IF_NULL(one);
3425  DetectAddress *two = one->next;
3426  FAIL_IF_NULL(two);
3427 
3428  /* result should be:
3429  * 0.0.0.0/1.2.3.3
3430  * 1.2.3.5/255.255.255.255
3431  */
3432  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3433  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3434  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3435  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3436  DetectAddressHeadFree(gh);
3437 
3438  PASS;
3439 }
3440 
3441 static int AddressTestAddressGroupSetupIPv415(void)
3442 {
3443  DetectAddressHead *gh = DetectAddressHeadInit();
3444  FAIL_IF_NULL(gh);
3445 
3446  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3447  FAIL_IF_NOT(r == 1);
3448 
3449  DetectAddress *one = gh->ipv4_head;
3450  FAIL_IF_NULL(one);
3451  FAIL_IF_NOT_NULL(one->next);
3452 
3453  /* result should be:
3454  * 0.0.0.1/255.255.255.255
3455  */
3456  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3457  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3458 
3459  DetectAddressHeadFree(gh);
3460  PASS;
3461 }
3462 
3463 static int AddressTestAddressGroupSetupIPv416(void)
3464 {
3465  DetectAddressHead *gh = DetectAddressHeadInit();
3466  FAIL_IF_NULL(gh);
3467 
3468  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3469  FAIL_IF_NOT(r == 1);
3470 
3471  DetectAddress *one = gh->ipv4_head;
3472  FAIL_IF_NULL(one);
3473  FAIL_IF_NOT_NULL(one->next);
3474 
3475  /* result should be:
3476  * 0.0.0.0/255.255.255.254
3477  */
3478  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3479  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3480 
3481  DetectAddressHeadFree(gh);
3482  PASS;
3483 }
3484 
3485 static int AddressTestAddressGroupSetup14(void)
3486 {
3487  int result = 0;
3488  DetectAddressHead *gh = DetectAddressHeadInit();
3489 
3490  if (gh != NULL) {
3491  int r = DetectAddressParse(NULL, gh, "2001::1");
3492  if (r == 0)
3493  result = 1;
3494 
3495  DetectAddressHeadFree(gh);
3496  }
3497  return result;
3498 }
3499 
3500 static int AddressTestAddressGroupSetup15(void)
3501 {
3502  int result = 0;
3503  DetectAddressHead *gh = DetectAddressHeadInit();
3504 
3505  if (gh != NULL) {
3506  int r = DetectAddressParse(NULL, gh, "2001::1");
3507  if (r == 0 && gh->ipv6_head != NULL)
3508  result = 1;
3509 
3510  DetectAddressHeadFree(gh);
3511  }
3512  return result;
3513 }
3514 
3515 static int AddressTestAddressGroupSetup16(void)
3516 {
3517  int result = 0;
3518  DetectAddressHead *gh = DetectAddressHeadInit();
3519 
3520  if (gh != NULL) {
3521  int r = DetectAddressParse(NULL, gh, "2001::4");
3522  if (r == 0 && gh->ipv6_head != NULL) {
3523  DetectAddress *prev_head = gh->ipv6_head;
3524 
3525  r = DetectAddressParse(NULL, gh, "2001::3");
3526  if (r == 0 && gh->ipv6_head != prev_head &&
3527  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3528  result = 1;
3529  }
3530  }
3531 
3532  DetectAddressHeadFree(gh);
3533  }
3534  return result;
3535 }
3536 
3537 static int AddressTestAddressGroupSetup17(void)
3538 {
3539  int result = 0;
3540  DetectAddressHead *gh = DetectAddressHeadInit();
3541 
3542  if (gh != NULL) {
3543  int r = DetectAddressParse(NULL, gh, "2001::4");
3544  if (r == 0 && gh->ipv6_head != NULL) {
3545  DetectAddress *prev_head = gh->ipv6_head;
3546 
3547  r = DetectAddressParse(NULL, gh, "2001::3");
3548  if (r == 0 && gh->ipv6_head != prev_head &&
3549  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3550  DetectAddress *ph = gh->ipv6_head;
3551 
3552  r = DetectAddressParse(NULL, gh, "2001::2");
3553  if (r == 0 && gh->ipv6_head != ph &&
3554  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3555  result = 1;
3556  }
3557  }
3558  }
3559 
3560  DetectAddressHeadFree(gh);
3561  }
3562  return result;
3563 }
3564 
3565 static int AddressTestAddressGroupSetup18(void)
3566 {
3567  int result = 0;
3568  DetectAddressHead *gh = DetectAddressHeadInit();
3569 
3570  if (gh != NULL) {
3571  int r = DetectAddressParse(NULL, gh, "2001::2");
3572  if (r == 0 && gh->ipv6_head != NULL) {
3573  DetectAddress *prev_head = gh->ipv6_head;
3574 
3575  r = DetectAddressParse(NULL, gh, "2001::3");
3576  if (r == 0 && gh->ipv6_head == prev_head &&
3577  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3578  DetectAddress *ph = gh->ipv6_head;
3579 
3580  r = DetectAddressParse(NULL, gh, "2001::4");
3581  if (r == 0 && gh->ipv6_head == ph &&
3582  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3583  result = 1;
3584  }
3585  }
3586  }
3587 
3588  DetectAddressHeadFree(gh);
3589  }
3590  return result;
3591 }
3592 
3593 static int AddressTestAddressGroupSetup19(void)
3594 {
3595  int result = 0;
3596  DetectAddressHead *gh = DetectAddressHeadInit();
3597 
3598  if (gh != NULL) {
3599  int r = DetectAddressParse(NULL, gh, "2001::2");
3600  if (r == 0 && gh->ipv6_head != NULL) {
3601  DetectAddress *prev_head = gh->ipv6_head;
3602 
3603  r = DetectAddressParse(NULL, gh, "2001::2");
3604  if (r == 0 && gh->ipv6_head == prev_head &&
3605  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3606  result = 1;
3607  }
3608  }
3609 
3610  DetectAddressHeadFree(gh);
3611  }
3612  return result;
3613 }
3614 
3615 static int AddressTestAddressGroupSetup20(void)
3616 {
3617  int result = 0;
3618  DetectAddressHead *gh = DetectAddressHeadInit();
3619 
3620  if (gh != NULL) {
3621  int r = DetectAddressParse(NULL, gh, "2000::/3");
3622  if (r == 0 && gh->ipv6_head != NULL) {
3623  r = DetectAddressParse(NULL, gh, "2001::4");
3624  if (r == 0 && gh->ipv6_head != NULL &&
3625  gh->ipv6_head->next != NULL &&
3626  gh->ipv6_head->next->next != NULL) {
3627  result = 1;
3628  }
3629  }
3630 
3631  DetectAddressHeadFree(gh);
3632  }
3633  return result;
3634 }
3635 
3636 static int AddressTestAddressGroupSetup21(void)
3637 {
3638  int result = 0;
3639  DetectAddressHead *gh = DetectAddressHeadInit();
3640 
3641  if (gh != NULL) {
3642  int r = DetectAddressParse(NULL, gh, "2001::4");
3643  if (r == 0 && gh->ipv6_head != NULL) {
3644  r = DetectAddressParse(NULL, gh, "2000::/3");
3645  if (r == 0 && gh->ipv6_head != NULL &&
3646  gh->ipv6_head->next != NULL &&
3647  gh->ipv6_head->next->next != NULL) {
3648  result = 1;
3649  }
3650  }
3651 
3652  DetectAddressHeadFree(gh);
3653  }
3654  return result;
3655 }
3656 
3657 static int AddressTestAddressGroupSetup22(void)
3658 {
3659  int result = 0;
3660  DetectAddressHead *gh = DetectAddressHeadInit();
3661 
3662  if (gh != NULL) {
3663  int r = DetectAddressParse(NULL, gh, "2000::/3");
3664  if (r == 0 && gh->ipv6_head != NULL) {
3665  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3666  if (r == 0 && gh->ipv6_head != NULL &&
3667  gh->ipv6_head->next != NULL &&
3668  gh->ipv6_head->next->next != NULL) {
3669  result = 1;
3670  }
3671  }
3672 
3673  DetectAddressHeadFree(gh);
3674  }
3675  return result;
3676 }
3677 
3678 static int AddressTestAddressGroupSetup23(void)
3679 {
3680  int result = 0;
3681  DetectAddressHead *gh = DetectAddressHeadInit();
3682 
3683  if (gh != NULL) {
3684  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3685  if (r == 0 && gh->ipv6_head != NULL) {
3686  r = DetectAddressParse(NULL, gh, "2000::/3");
3687  if (r == 0 && gh->ipv6_head != NULL &&
3688  gh->ipv6_head->next != NULL &&
3689  gh->ipv6_head->next->next != NULL) {
3690  result = 1;
3691  }
3692  }
3693 
3694  DetectAddressHeadFree(gh);
3695  }
3696  return result;
3697 }
3698 
3699 static int AddressTestAddressGroupSetup24(void)
3700 {
3701  int result = 0;
3702  DetectAddressHead *gh = DetectAddressHeadInit();
3703 
3704  if (gh != NULL) {
3705  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3706  if (r == 0) {
3707  r = DetectAddressParse(NULL, gh, "2001::/3");
3708  if (r == 0) {
3709  r = DetectAddressParse(NULL, gh, "::/0");
3710  if (r == 0) {
3711  DetectAddress *one = gh->ipv6_head, *two = one->next,
3712  *three = two->next, *four = three->next,
3713  *five = four->next;
3714  if (one->ip.addr_data32[0] == 0x00000000 &&
3715  one->ip.addr_data32[1] == 0x00000000 &&
3716  one->ip.addr_data32[2] == 0x00000000 &&
3717  one->ip.addr_data32[3] == 0x00000000 &&
3718  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3719  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3720  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3721  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3722 
3723  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3724  two->ip.addr_data32[1] == 0x00000000 &&
3725  two->ip.addr_data32[2] == 0x00000000 &&
3726  two->ip.addr_data32[3] == 0x00000000 &&
3727  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3728  two->ip2.addr_data32[1] == 0x00000000 &&
3729  two->ip2.addr_data32[2] == 0x00000000 &&
3730  two->ip2.addr_data32[3] == SCNtohl(3) &&
3731 
3732  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3733  three->ip.addr_data32[1] == 0x00000000 &&
3734  three->ip.addr_data32[2] == 0x00000000 &&
3735  three->ip.addr_data32[3] == SCNtohl(4) &&
3736  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3737  three->ip2.addr_data32[1] == 0x00000000 &&
3738  three->ip2.addr_data32[2] == 0x00000000 &&
3739  three->ip2.addr_data32[3] == SCNtohl(6) &&
3740 
3741  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3742  four->ip.addr_data32[1] == 0x00000000 &&
3743  four->ip.addr_data32[2] == 0x00000000 &&
3744  four->ip.addr_data32[3] == SCNtohl(7) &&
3745  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3746  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3747  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3748  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3749 
3750  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3751  five->ip.addr_data32[1] == 0x00000000 &&
3752  five->ip.addr_data32[2] == 0x00000000 &&
3753  five->ip.addr_data32[3] == 0x00000000 &&
3754  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3755  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3756  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3757  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3758  result = 1;
3759  }
3760  }
3761  }
3762  }
3763 
3764  DetectAddressHeadFree(gh);
3765  }
3766  return result;
3767 }
3768 
3769 static int AddressTestAddressGroupSetup25(void)
3770 {
3771  int result = 0;
3772  DetectAddressHead *gh = DetectAddressHeadInit();
3773 
3774  if (gh != NULL) {
3775  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3776  if (r == 0) {
3777  r = DetectAddressParse(NULL, gh, "::/0");
3778  if (r == 0) {
3779  r = DetectAddressParse(NULL, gh, "2001::/3");
3780  if (r == 0) {
3781  DetectAddress *one = gh->ipv6_head, *two = one->next,
3782  *three = two->next, *four = three->next,
3783  *five = four->next;
3784  if (one->ip.addr_data32[0] == 0x00000000 &&
3785  one->ip.addr_data32[1] == 0x00000000 &&
3786  one->ip.addr_data32[2] == 0x00000000 &&
3787  one->ip.addr_data32[3] == 0x00000000 &&
3788  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3789  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3790  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3791  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3792 
3793  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3794  two->ip.addr_data32[1] == 0x00000000 &&
3795  two->ip.addr_data32[2] == 0x00000000 &&
3796  two->ip.addr_data32[3] == 0x00000000 &&
3797  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3798  two->ip2.addr_data32[1] == 0x00000000 &&
3799  two->ip2.addr_data32[2] == 0x00000000 &&
3800  two->ip2.addr_data32[3] == SCNtohl(3) &&
3801 
3802  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3803  three->ip.addr_data32[1] == 0x00000000 &&
3804  three->ip.addr_data32[2] == 0x00000000 &&
3805  three->ip.addr_data32[3] == SCNtohl(4) &&
3806  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3807  three->ip2.addr_data32[1] == 0x00000000 &&
3808  three->ip2.addr_data32[2] == 0x00000000 &&
3809  three->ip2.addr_data32[3] == SCNtohl(6) &&
3810 
3811  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3812  four->ip.addr_data32[1] == 0x00000000 &&
3813  four->ip.addr_data32[2] == 0x00000000 &&
3814  four->ip.addr_data32[3] == SCNtohl(7) &&
3815  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3816  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3817  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3818  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3819 
3820  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3821  five->ip.addr_data32[1] == 0x00000000 &&
3822  five->ip.addr_data32[2] == 0x00000000 &&
3823  five->ip.addr_data32[3] == 0x00000000 &&
3824  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3825  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3826  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3827  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3828  result = 1;
3829  }
3830  }
3831  }
3832  }
3833 
3834  DetectAddressHeadFree(gh);
3835  }
3836  return result;
3837 }
3838 
3839 static int AddressTestAddressGroupSetup26(void)
3840 {
3841  int result = 0;
3842  DetectAddressHead *gh = DetectAddressHeadInit();
3843 
3844  if (gh != NULL) {
3845  int r = DetectAddressParse(NULL, gh, "::/0");
3846  if (r == 0) {
3847  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3848  if (r == 0) {
3849  r = DetectAddressParse(NULL, gh, "2001::/3");
3850  if (r == 0) {
3851  DetectAddress *one = gh->ipv6_head, *two = one->next,
3852  *three = two->next, *four = three->next,
3853  *five = four->next;
3854  if (one->ip.addr_data32[0] == 0x00000000 &&
3855  one->ip.addr_data32[1] == 0x00000000 &&
3856  one->ip.addr_data32[2] == 0x00000000 &&
3857  one->ip.addr_data32[3] == 0x00000000 &&
3858  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3859  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3860  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3861  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3862 
3863  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3864  two->ip.addr_data32[1] == 0x00000000 &&
3865  two->ip.addr_data32[2] == 0x00000000 &&
3866  two->ip.addr_data32[3] == 0x00000000 &&
3867  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3868  two->ip2.addr_data32[1] == 0x00000000 &&
3869  two->ip2.addr_data32[2] == 0x00000000 &&
3870  two->ip2.addr_data32[3] == SCNtohl(3) &&
3871 
3872  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3873  three->ip.addr_data32[1] == 0x00000000 &&
3874  three->ip.addr_data32[2] == 0x00000000 &&
3875  three->ip.addr_data32[3] == SCNtohl(4) &&
3876  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3877  three->ip2.addr_data32[1] == 0x00000000 &&
3878  three->ip2.addr_data32[2] == 0x00000000 &&
3879  three->ip2.addr_data32[3] == SCNtohl(6) &&
3880 
3881  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3882  four->ip.addr_data32[1] == 0x00000000 &&
3883  four->ip.addr_data32[2] == 0x00000000 &&
3884  four->ip.addr_data32[3] == SCNtohl(7) &&
3885  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3886  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3887  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3888  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3889 
3890  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3891  five->ip.addr_data32[1] == 0x00000000 &&
3892  five->ip.addr_data32[2] == 0x00000000 &&
3893  five->ip.addr_data32[3] == 0x00000000 &&
3894  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3895  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3896  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3897  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3898  result = 1;
3899  }
3900  }
3901  }
3902  }
3903 
3904  DetectAddressHeadFree(gh);
3905  }
3906  return result;
3907 }
3908 
3909 static int AddressTestAddressGroupSetup27(void)
3910 {
3911  int result = 0;
3912  DetectAddressHead *gh = DetectAddressHeadInit();
3913 
3914  if (gh != NULL) {
3915  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3916  if (r == 0)
3917  result = 1;
3918 
3919  DetectAddressHeadFree(gh);
3920  }
3921  return result;
3922 }
3923 
3924 static int AddressTestAddressGroupSetup28(void)
3925 {
3926  int result = 0;
3927  DetectAddressHead *gh = DetectAddressHeadInit();
3928 
3929  if (gh != NULL) {
3930  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3931  if (r == 0)
3932  result = 1;
3933 
3934  DetectAddressHeadFree(gh);
3935  }
3936  return result;
3937 }
3938 
3939 static int AddressTestAddressGroupSetup29(void)
3940 {
3941  int result = 0;
3942  DetectAddressHead *gh = DetectAddressHeadInit();
3943 
3944  if (gh != NULL) {
3945  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3946  if (r == 0)
3947  result = 1;
3948 
3949  DetectAddressHeadFree(gh);
3950  }
3951  return result;
3952 }
3953 
3954 static int AddressTestAddressGroupSetup30(void)
3955 {
3956  int result = 0;
3957  DetectAddressHead *gh = DetectAddressHeadInit();
3958 
3959  if (gh != NULL) {
3960  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3961  if (r == 0)
3962  result = 1;
3963 
3964  DetectAddressHeadFree(gh);
3965  }
3966  return result;
3967 }
3968 
3969 static int AddressTestAddressGroupSetup31(void)
3970 {
3971  int result = 0;
3972  DetectAddressHead *gh = DetectAddressHeadInit();
3973 
3974  if (gh != NULL) {
3975  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
3976  if (r == 0)
3977  result = 1;
3978 
3979  DetectAddressHeadFree(gh);
3980  }
3981  return result;
3982 }
3983 
3984 static int AddressTestAddressGroupSetup32(void)
3985 {
3986  int result = 0;
3987  DetectAddressHead *gh = DetectAddressHeadInit();
3988 
3989  if (gh != NULL) {
3990  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
3991  if (r == 0)
3992  result = 1;
3993 
3994  DetectAddressHeadFree(gh);
3995  }
3996  return result;
3997 }
3998 
3999 static int AddressTestAddressGroupSetup33(void)
4000 {
4001  int result = 0;
4002  DetectAddressHead *gh = DetectAddressHeadInit();
4003 
4004  if (gh != NULL) {
4005  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4006  if (r == 1)
4007  result = 1;
4008 
4009  DetectAddressHeadFree(gh);
4010  }
4011  return result;
4012 }
4013 
4014 static int AddressTestAddressGroupSetup34(void)
4015 {
4016  int result = 0;
4017  DetectAddressHead *gh = DetectAddressHeadInit();
4018 
4019  if (gh != NULL) {
4020  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4021  if (r == 1)
4022  result = 1;
4023 
4024  DetectAddressHeadFree(gh);
4025  }
4026  return result;
4027 }
4028 
4029 static int AddressTestAddressGroupSetup35(void)
4030 {
4031  int result = 0;
4032  DetectAddressHead *gh = DetectAddressHeadInit();
4033 
4034  if (gh != NULL) {
4035  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4036  if (r == 1)
4037  result = 1;
4038 
4039  DetectAddressHeadFree(gh);
4040  }
4041  return result;
4042 }
4043 
4044 static int AddressTestAddressGroupSetup36 (void)
4045 {
4046  int result = 0;
4047 
4048  DetectAddressHead *gh = DetectAddressHeadInit();
4049  if (gh != NULL) {
4050  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4051  if (r == 1)
4052  result = 1;
4053 
4054  DetectAddressHeadFree(gh);
4055  }
4056  return result;
4057 }
4058 
4059 static int AddressTestAddressGroupSetup37(void)
4060 {
4061  int result = 0;
4062  DetectAddressHead *gh = DetectAddressHeadInit();
4063 
4064  if (gh != NULL) {
4065  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4066  if (r == 0)
4067  result = 1;
4068 
4069  DetectAddressHeadFree(gh);
4070  }
4071  return result;
4072 }
4073 
4074 static int AddressTestAddressGroupSetup38(void)
4075 {
4076  UTHValidateDetectAddressHeadRange expectations[3] = {
4077  { "0.0.0.0", "192.167.255.255" },
4078  { "192.168.14.0", "192.168.14.255" },
4079  { "192.169.0.0", "255.255.255.255" } };
4080  int result = 0;
4081  DetectAddressHead *gh = DetectAddressHeadInit();
4082 
4083  if (gh != NULL) {
4084  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4085  if (r == 1) {
4086  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4087  result = 1;
4088  }
4089 
4090  DetectAddressHeadFree(gh);
4091  }
4092  return result;
4093 }
4094 
4095 static int AddressTestAddressGroupSetup39(void)
4096 {
4097  UTHValidateDetectAddressHeadRange expectations[3] = {
4098  { "0.0.0.0", "192.167.255.255" },
4099  { "192.168.14.0", "192.168.14.255" },
4100  { "192.169.0.0", "255.255.255.255" } };
4101  int result = 0;
4102  DetectAddressHead *gh = DetectAddressHeadInit();
4103 
4104  if (gh != NULL) {
4105  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4106  if (r == 1) {
4107  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4108  result = 1;
4109  }
4110 
4111  DetectAddressHeadFree(gh);
4112  }
4113  return result;
4114 }
4115 
4116 static int AddressTestAddressGroupSetup40(void)
4117 {
4118  UTHValidateDetectAddressHeadRange expectations[3] = {
4119  { "0.0.0.0", "192.167.255.255" },
4120  { "192.168.14.0", "192.168.14.255" },
4121  { "192.169.0.0", "255.255.255.255" } };
4122  int result = 0;
4123  DetectAddressHead *gh = DetectAddressHeadInit();
4124  if (gh != NULL) {
4125  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4126  if (r == 1) {
4127  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4128  result = 1;
4129  }
4130 
4131  DetectAddressHeadFree(gh);
4132  }
4133  return result;
4134 }
4135 
4136 static int AddressTestAddressGroupSetup41(void)
4137 {
4138  UTHValidateDetectAddressHeadRange expectations[3] = {
4139  { "0.0.0.0", "192.167.255.255" },
4140  { "192.168.14.0", "192.168.14.255" },
4141  { "192.169.0.0", "255.255.255.255" } };
4142  int result = 0;
4143  DetectAddressHead *gh = DetectAddressHeadInit();
4144  if (gh != NULL) {
4145  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4146  if (r == 1) {
4147  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4148  result = 1;
4149  }
4150 
4151  DetectAddressHeadFree(gh);
4152  }
4153  return result;
4154 }
4155 
4156 static int AddressTestAddressGroupSetup42(void)
4157 {
4158  UTHValidateDetectAddressHeadRange expectations[1] = {
4159  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4160  int result = 0;
4161  DetectAddressHead *gh = DetectAddressHeadInit();
4162  if (gh != NULL) {
4163  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4164  if (r == 0) {
4165  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4166  result = 1;
4167  }
4168 
4169  DetectAddressHeadFree(gh);
4170  }
4171  return result;
4172 }
4173 
4174 static int AddressTestAddressGroupSetup43(void)
4175 {
4176  UTHValidateDetectAddressHeadRange expectations[2] = {
4177  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4178  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4179  int result = 0;
4180  DetectAddressHead *gh = DetectAddressHeadInit();
4181  if (gh != NULL) {
4182  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4183  if (r == 1) {
4184  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4185  result = 1;
4186  }
4187 
4188  DetectAddressHeadFree(gh);
4189  }
4190  return result;
4191 }
4192 
4193 static int AddressTestAddressGroupSetup44(void)
4194 {
4195  UTHValidateDetectAddressHeadRange expectations[2] = {
4196  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4197  int result = 0;
4198  DetectAddressHead *gh = DetectAddressHeadInit();
4199  if (gh != NULL) {
4200  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4201  if (r == 0) {
4202  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4203  result = 1;
4204  }
4205 
4206  DetectAddressHeadFree(gh);
4207  }
4208  return result;
4209 }
4210 
4211 static int AddressTestAddressGroupSetup45(void)
4212 {
4213  int result = 0;
4214  DetectAddressHead *gh = DetectAddressHeadInit();
4215  if (gh != NULL) {
4216  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4217  if (r != 0) {
4218  result = 1;
4219  }
4220 
4221  DetectAddressHeadFree(gh);
4222  }
4223  return result;
4224 }
4225 
4226 static int AddressTestAddressGroupSetup46(void)
4227 {
4228  UTHValidateDetectAddressHeadRange expectations[4] = {
4229  { "0.0.0.0", "192.167.255.255" },
4230  { "192.168.1.0", "192.168.1.255" },
4231  { "192.168.3.0", "192.168.3.255" },
4232  { "192.169.0.0", "255.255.255.255" } };
4233  int result = 0;
4234  DetectAddressHead *gh = DetectAddressHeadInit();
4235  if (gh != NULL) {
4236  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4237  if (r == 1) {
4238  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4239  result = 1;
4240  }
4241 
4242  DetectAddressHeadFree(gh);
4243  }
4244  return result;
4245 }
4246 
4247 /** \test net with some negations, then all negated */
4248 static int AddressTestAddressGroupSetup47(void)
4249 {
4250  UTHValidateDetectAddressHeadRange expectations[5] = {
4251  { "0.0.0.0", "192.167.255.255" },
4252  { "192.168.1.0", "192.168.1.255" },
4253  { "192.168.3.0", "192.168.3.255" },
4254  { "192.168.5.0", "192.168.5.255" },
4255  { "192.169.0.0", "255.255.255.255" } };
4256  int result = 0;
4257  DetectAddressHead *gh = DetectAddressHeadInit();
4258  if (gh != NULL) {
4259  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4260  if (r == 1) {
4261  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4262  result = 1;
4263  }
4264 
4265  DetectAddressHeadFree(gh);
4266  }
4267  return result;
4268 }
4269 
4270 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4271 static int AddressTestAddressGroupSetup48(void)
4272 {
4273  UTHValidateDetectAddressHeadRange expectations[4] = {
4274  { "192.168.0.0", "192.168.0.255" },
4275  { "192.168.2.0", "192.168.2.255" },
4276  { "192.168.4.0", "192.168.4.255" },
4277  { "192.168.6.0", "192.168.255.255" } };
4278  int result = 0;
4279  DetectAddressHead *gh = DetectAddressHeadInit();
4280  if (gh != NULL) {
4281  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4282  if (r == 1) {
4283  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4284  result = 1;
4285  }
4286 
4287  DetectAddressHeadFree(gh);
4288  }
4289  return result;
4290 }
4291 
4292 static int AddressTestCutIPv401(void)
4293 {
4294  DetectAddress *a, *b, *c;
4295  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4296  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4297 
4298  if (DetectAddressCut(NULL, a, b, &c) == -1)
4299  goto error;
4300 
4301  DetectAddressFree(a);
4302  DetectAddressFree(b);
4303  DetectAddressFree(c);
4304  return 1;
4305 
4306 error:
4307  DetectAddressFree(a);
4308  DetectAddressFree(b);
4309  DetectAddressFree(c);
4310  return 0;
4311 }
4312 
4313 static int AddressTestCutIPv402(void)
4314 {
4315  DetectAddress *a, *b, *c;
4316  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4317  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4318 
4319  if (DetectAddressCut(NULL, a, b, &c) == -1)
4320  goto error;
4321 
4322  if (c == NULL)
4323  goto error;
4324 
4325  DetectAddressFree(a);
4326  DetectAddressFree(b);
4327  DetectAddressFree(c);
4328  return 1;
4329 
4330 error:
4331  DetectAddressFree(a);
4332  DetectAddressFree(b);
4333  DetectAddressFree(c);
4334  return 0;
4335 }
4336 
4337 static int AddressTestCutIPv403(void)
4338 {
4339  DetectAddress *a, *b, *c;
4340  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4341  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4342 
4343  if (DetectAddressCut(NULL, a, b, &c) == -1)
4344  goto error;
4345 
4346  if (c == NULL)
4347  goto error;
4348 
4349  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4350  goto error;
4351  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4352  goto error;
4353  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4354  goto error;
4355 
4356  DetectAddressFree(a);
4357  DetectAddressFree(b);
4358  DetectAddressFree(c);
4359  return 1;
4360 
4361 error:
4362  DetectAddressFree(a);
4363  DetectAddressFree(b);
4364  DetectAddressFree(c);
4365  return 0;
4366 }
4367 
4368 static int AddressTestCutIPv404(void)
4369 {
4370  DetectAddress *a, *b, *c;
4371  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4372  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4373 
4374  if (DetectAddressCut(NULL, a, b, &c) == -1)
4375  goto error;
4376 
4377  if (c == NULL)
4378  goto error;
4379 
4380  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4381  goto error;
4382  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4383  goto error;
4384  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4385  goto error;
4386 
4387 
4388  DetectAddressFree(a);
4389  DetectAddressFree(b);
4390  DetectAddressFree(c);
4391  return 1;
4392 
4393 error:
4394  DetectAddressFree(a);
4395  DetectAddressFree(b);
4396  DetectAddressFree(c);
4397  return 0;
4398 }
4399 
4400 static int AddressTestCutIPv405(void)
4401 {
4402  DetectAddress *a, *b, *c;
4403  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4404  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4405 
4406  if (DetectAddressCut(NULL, a, b, &c) == -1)
4407  goto error;
4408 
4409  if (c == NULL)
4410  goto error;
4411 
4412  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4413  goto error;
4414  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4415  goto error;
4416  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4417  goto error;
4418 
4419  DetectAddressFree(a);
4420  DetectAddressFree(b);
4421  DetectAddressFree(c);
4422  return 1;
4423 
4424 error:
4425  DetectAddressFree(a);
4426  DetectAddressFree(b);
4427  DetectAddressFree(c);
4428  return 0;
4429 }
4430 
4431 static int AddressTestCutIPv406(void)
4432 {
4433  DetectAddress *a, *b, *c;
4434  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4435  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4436 
4437  if (DetectAddressCut(NULL, a, b, &c) == -1)
4438  goto error;
4439 
4440  if (c == NULL)
4441  goto error;
4442 
4443  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4444  goto error;
4445  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4446  goto error;
4447  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4448  goto error;
4449 
4450  DetectAddressFree(a);
4451  DetectAddressFree(b);
4452  DetectAddressFree(c);
4453  return 1;
4454 
4455 error:
4456  DetectAddressFree(a);
4457  DetectAddressFree(b);
4458  DetectAddressFree(c);
4459  return 0;
4460 }
4461 
4462 static int AddressTestCutIPv407(void)
4463 {
4464  DetectAddress *a, *b, *c;
4465  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4466  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4467 
4468  if (DetectAddressCut(NULL, a, b, &c) == -1)
4469  goto error;
4470 
4471  if (c != NULL)
4472  goto error;
4473 
4474  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4475  goto error;
4476  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4477  goto error;
4478 
4479  DetectAddressFree(a);
4480  DetectAddressFree(b);
4481  DetectAddressFree(c);
4482  return 1;
4483 
4484 error:
4485  DetectAddressFree(a);
4486  DetectAddressFree(b);
4487  DetectAddressFree(c);
4488  return 0;
4489 }
4490 
4491 static int AddressTestCutIPv408(void)
4492 {
4493  DetectAddress *a, *b, *c;
4494  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4495  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4496 
4497  if (DetectAddressCut(NULL, a, b, &c) == -1)
4498  goto error;
4499 
4500  if (c != NULL)
4501  goto error;
4502 
4503  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4504  goto error;
4505  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4506  goto error;
4507 
4508  DetectAddressFree(a);
4509  DetectAddressFree(b);
4510  DetectAddressFree(c);
4511  return 1;
4512 
4513 error:
4514  DetectAddressFree(a);
4515  DetectAddressFree(b);
4516  DetectAddressFree(c);
4517  return 0;
4518 }
4519 
4520 static int AddressTestCutIPv409(void)
4521 {
4522  DetectAddress *a, *b, *c;
4523  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4524  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4525 
4526  if (DetectAddressCut(NULL, a, b, &c) == -1)
4527  goto error;
4528 
4529  if (c != NULL)
4530  goto error;
4531 
4532  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4533  goto error;
4534  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4535  goto error;
4536 
4537  DetectAddressFree(a);
4538  DetectAddressFree(b);
4539  DetectAddressFree(c);
4540  return 1;
4541 
4542 error:
4543  DetectAddressFree(a);
4544  DetectAddressFree(b);
4545  DetectAddressFree(c);
4546  return 0;
4547 }
4548 
4549 static int AddressTestCutIPv410(void)
4550 {
4551  DetectAddress *a, *b, *c;
4552  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4553  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4554 
4555  if (DetectAddressCut(NULL, a, b, &c) == -1)
4556  goto error;
4557 
4558  if (c != NULL)
4559  goto error;
4560 
4561  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4562  goto error;
4563  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4564  goto error;
4565 
4566  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4567 
4568  DetectAddressFree(a);
4569  DetectAddressFree(b);
4570  DetectAddressFree(c);
4571  return 1;
4572 
4573 error:
4574  DetectAddressFree(a);
4575  DetectAddressFree(b);
4576  DetectAddressFree(c);
4577  return 0;
4578 }
4579 
4580 static int AddressTestParseInvalidMask01(void)
4581 {
4582  int result = 1;
4583  DetectAddress *dd = NULL;
4584 
4585  dd = DetectAddressParseSingle("192.168.2.0/33");
4586  if (dd != NULL) {
4587  DetectAddressFree(dd);
4588  result = 0;
4589  }
4590  return result;
4591 }
4592 
4593 static int AddressTestParseInvalidMask02(void)
4594 {
4595  int result = 1;
4596  DetectAddress *dd = NULL;
4597 
4598  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4599  if (dd != NULL) {
4600  DetectAddressFree(dd);
4601  result = 0;
4602  }
4603  return result;
4604 }
4605 
4606 static int AddressTestParseInvalidMask03(void)
4607 {
4608  int result = 1;
4609  DetectAddress *dd = NULL;
4610 
4611  dd = DetectAddressParseSingle("192.168.2.0/blue");
4612  if (dd != NULL) {
4613  DetectAddressFree(dd);
4614  result = 0;
4615  }
4616  return result;
4617 }
4618 
4619 static int AddressConfVarsTest01(void)
4620 {
4621  static const char *dummy_conf_string =
4622  "%YAML 1.1\n"
4623  "---\n"
4624  "\n"
4625  "vars:\n"
4626  "\n"
4627  " address-groups:\n"
4628  "\n"
4629  " HOME_NET: \"any\"\n"
4630  "\n"
4631  " EXTERNAL_NET: \"!any\"\n"
4632  "\n"
4633  " port-groups:\n"
4634  "\n"
4635  " HTTP_PORTS: \"any\"\n"
4636  "\n"
4637  " SHELLCODE_PORTS: \"!any\"\n"
4638  "\n";
4639 
4640  int result = 0;
4641 
4643  ConfInit();
4644  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4645 
4647  result = 1;
4648 
4649  ConfDeInit();
4651 
4652  return result;
4653 }
4654 
4655 static int AddressConfVarsTest02(void)
4656 {
4657  static const char *dummy_conf_string =
4658  "%YAML 1.1\n"
4659  "---\n"
4660  "\n"
4661  "vars:\n"
4662  "\n"
4663  " address-groups:\n"
4664  "\n"
4665  " HOME_NET: \"any\"\n"
4666  "\n"
4667  " EXTERNAL_NET: \"any\"\n"
4668  "\n"
4669  " port-groups:\n"
4670  "\n"
4671  " HTTP_PORTS: \"any\"\n"
4672  "\n"
4673  " SHELLCODE_PORTS: \"!any\"\n"
4674  "\n";
4675 
4676  int result = 0;
4677 
4679  ConfInit();
4680  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4681 
4683  result = 1;
4684 
4685  ConfDeInit();
4687 
4688  return result;
4689 }
4690 
4691 static int AddressConfVarsTest03(void)
4692 {
4693  static const char *dummy_conf_string =
4694  "%YAML 1.1\n"
4695  "---\n"
4696  "\n"
4697  "vars:\n"
4698  "\n"
4699  " address-groups:\n"
4700  "\n"
4701  " HOME_NET: \"any\"\n"
4702  "\n"
4703  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4704  "\n"
4705  " port-groups:\n"
4706  "\n"
4707  " HTTP_PORTS: \"any\"\n"
4708  "\n"
4709  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4710  "\n";
4711 
4712  int result = 0;
4713 
4715  ConfInit();
4716  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4717 
4719  result = 1;
4720 
4721  ConfDeInit();
4723 
4724  return result;
4725 }
4726 
4727 static int AddressConfVarsTest04(void)
4728 {
4729  static const char *dummy_conf_string =
4730  "%YAML 1.1\n"
4731  "---\n"
4732  "\n"
4733  "vars:\n"
4734  "\n"
4735  " address-groups:\n"
4736  "\n"
4737  " HOME_NET: \"any\"\n"
4738  "\n"
4739  " EXTERNAL_NET: \"$HOME_NET\"\n"
4740  "\n"
4741  " port-groups:\n"
4742  "\n"
4743  " HTTP_PORTS: \"any\"\n"
4744  "\n"
4745  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4746  "\n";
4747 
4748  int result = 0;
4749 
4751  ConfInit();
4752  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4753 
4755  result = 1;
4756 
4757  ConfDeInit();
4759 
4760  return result;
4761 }
4762 
4763 static int AddressConfVarsTest05(void)
4764 {
4765  static const char *dummy_conf_string =
4766  "%YAML 1.1\n"
4767  "---\n"
4768  "\n"
4769  "vars:\n"
4770  "\n"
4771  " address-groups:\n"
4772  "\n"
4773  " HOME_NET: \"any\"\n"
4774  "\n"
4775  " EXTERNAL_NET: [192.168.0.1]\n"
4776  "\n"
4777  " port-groups:\n"
4778  "\n"
4779  " HTTP_PORTS: \"any\"\n"
4780  "\n"
4781  " SHELLCODE_PORTS: [80]\n"
4782  "\n";
4783 
4784  int result = 0;
4785 
4787  ConfInit();
4788  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4789 
4790  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4791  goto end;
4792 
4793  result = 1;
4794 
4795  end:
4796  ConfDeInit();
4798 
4799  return result;
4800 }
4801 
4802 #endif /* UNITTESTS */
4803 
4805 {
4806 #ifdef UNITTESTS
4809 
4810  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4811  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4812  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4813  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4814  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4815  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4816  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4817  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4818  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4819  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4820  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4821  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4822  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4823  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4824  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4825  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4826  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4827  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4828  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4829  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4830  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4831  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4832  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4833  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4834  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4835  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4836  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4837  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4838  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4839  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4840  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4841  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4842  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4843  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4844  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4845  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4846 
4847  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4848  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4849  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4850  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4851  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4852  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4853  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4854  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4855  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4856  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4857  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4858 
4859  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4860  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4861  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4862  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4863  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4864  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4865  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4866  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4867 
4868  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4869  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
4870  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
4871  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
4872  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
4873  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
4874 
4875  UtRegisterTest("AddressTestAddressGroupSetup01",
4876  AddressTestAddressGroupSetup01);
4877  UtRegisterTest("AddressTestAddressGroupSetup02",
4878  AddressTestAddressGroupSetup02);
4879  UtRegisterTest("AddressTestAddressGroupSetup03",
4880  AddressTestAddressGroupSetup03);
4881  UtRegisterTest("AddressTestAddressGroupSetup04",
4882  AddressTestAddressGroupSetup04);
4883  UtRegisterTest("AddressTestAddressGroupSetup05",
4884  AddressTestAddressGroupSetup05);
4885  UtRegisterTest("AddressTestAddressGroupSetup06",
4886  AddressTestAddressGroupSetup06);
4887  UtRegisterTest("AddressTestAddressGroupSetup07",
4888  AddressTestAddressGroupSetup07);
4889  UtRegisterTest("AddressTestAddressGroupSetup08",
4890  AddressTestAddressGroupSetup08);
4891  UtRegisterTest("AddressTestAddressGroupSetup09",
4892  AddressTestAddressGroupSetup09);
4893  UtRegisterTest("AddressTestAddressGroupSetup10",
4894  AddressTestAddressGroupSetup10);
4895  UtRegisterTest("AddressTestAddressGroupSetup11",
4896  AddressTestAddressGroupSetup11);
4897  UtRegisterTest("AddressTestAddressGroupSetup12",
4898  AddressTestAddressGroupSetup12);
4899  UtRegisterTest("AddressTestAddressGroupSetup13",
4900  AddressTestAddressGroupSetup13);
4901  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
4902  AddressTestAddressGroupSetupIPv414);
4903  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
4904  AddressTestAddressGroupSetupIPv415);
4905  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
4906  AddressTestAddressGroupSetupIPv416);
4907 
4908  UtRegisterTest("AddressTestAddressGroupSetup14",
4909  AddressTestAddressGroupSetup14);
4910  UtRegisterTest("AddressTestAddressGroupSetup15",
4911  AddressTestAddressGroupSetup15);
4912  UtRegisterTest("AddressTestAddressGroupSetup16",
4913  AddressTestAddressGroupSetup16);
4914  UtRegisterTest("AddressTestAddressGroupSetup17",
4915  AddressTestAddressGroupSetup17);
4916  UtRegisterTest("AddressTestAddressGroupSetup18",
4917  AddressTestAddressGroupSetup18);
4918  UtRegisterTest("AddressTestAddressGroupSetup19",
4919  AddressTestAddressGroupSetup19);
4920  UtRegisterTest("AddressTestAddressGroupSetup20",
4921  AddressTestAddressGroupSetup20);
4922  UtRegisterTest("AddressTestAddressGroupSetup21",
4923  AddressTestAddressGroupSetup21);
4924  UtRegisterTest("AddressTestAddressGroupSetup22",
4925  AddressTestAddressGroupSetup22);
4926  UtRegisterTest("AddressTestAddressGroupSetup23",
4927  AddressTestAddressGroupSetup23);
4928  UtRegisterTest("AddressTestAddressGroupSetup24",
4929  AddressTestAddressGroupSetup24);
4930  UtRegisterTest("AddressTestAddressGroupSetup25",
4931  AddressTestAddressGroupSetup25);
4932  UtRegisterTest("AddressTestAddressGroupSetup26",
4933  AddressTestAddressGroupSetup26);
4934 
4935  UtRegisterTest("AddressTestAddressGroupSetup27",
4936  AddressTestAddressGroupSetup27);
4937  UtRegisterTest("AddressTestAddressGroupSetup28",
4938  AddressTestAddressGroupSetup28);
4939  UtRegisterTest("AddressTestAddressGroupSetup29",
4940  AddressTestAddressGroupSetup29);
4941  UtRegisterTest("AddressTestAddressGroupSetup30",
4942  AddressTestAddressGroupSetup30);
4943  UtRegisterTest("AddressTestAddressGroupSetup31",
4944  AddressTestAddressGroupSetup31);
4945  UtRegisterTest("AddressTestAddressGroupSetup32",
4946  AddressTestAddressGroupSetup32);
4947  UtRegisterTest("AddressTestAddressGroupSetup33",
4948  AddressTestAddressGroupSetup33);
4949  UtRegisterTest("AddressTestAddressGroupSetup34",
4950  AddressTestAddressGroupSetup34);
4951  UtRegisterTest("AddressTestAddressGroupSetup35",
4952  AddressTestAddressGroupSetup35);
4953  UtRegisterTest("AddressTestAddressGroupSetup36",
4954  AddressTestAddressGroupSetup36);
4955  UtRegisterTest("AddressTestAddressGroupSetup37",
4956  AddressTestAddressGroupSetup37);
4957  UtRegisterTest("AddressTestAddressGroupSetup38",
4958  AddressTestAddressGroupSetup38);
4959  UtRegisterTest("AddressTestAddressGroupSetup39",
4960  AddressTestAddressGroupSetup39);
4961  UtRegisterTest("AddressTestAddressGroupSetup40",
4962  AddressTestAddressGroupSetup40);
4963  UtRegisterTest("AddressTestAddressGroupSetup41",
4964  AddressTestAddressGroupSetup41);
4965  UtRegisterTest("AddressTestAddressGroupSetup42",
4966  AddressTestAddressGroupSetup42);
4967  UtRegisterTest("AddressTestAddressGroupSetup43",
4968  AddressTestAddressGroupSetup43);
4969  UtRegisterTest("AddressTestAddressGroupSetup44",
4970  AddressTestAddressGroupSetup44);
4971  UtRegisterTest("AddressTestAddressGroupSetup45",
4972  AddressTestAddressGroupSetup45);
4973  UtRegisterTest("AddressTestAddressGroupSetup46",
4974  AddressTestAddressGroupSetup46);
4975  UtRegisterTest("AddressTestAddressGroupSetup47",
4976  AddressTestAddressGroupSetup47);
4977  UtRegisterTest("AddressTestAddressGroupSetup48",
4978  AddressTestAddressGroupSetup48);
4979 
4980  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
4981  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
4982  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
4983  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
4984  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
4985  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
4986  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
4987  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
4988  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
4989  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
4990 
4991  UtRegisterTest("AddressTestParseInvalidMask01",
4992  AddressTestParseInvalidMask01);
4993  UtRegisterTest("AddressTestParseInvalidMask02",
4994  AddressTestParseInvalidMask02);
4995  UtRegisterTest("AddressTestParseInvalidMask03",
4996  AddressTestParseInvalidMask03);
4997 
4998  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
4999  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5000  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5001  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5002  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5003 #endif /* UNITTESTS */
5004 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:366
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:128
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
DetectAddress_::ip
Address ip
Definition: detect.h:141
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:80
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1401
SCStrdup
#define SCStrdup(a)
Definition: util-mem.h:268
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1303
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
SCFree
#define SCFree(a)
Definition: util-mem.h:322
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1595
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:139
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
DetectAddressHead_
Definition: detect.h:154
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:2
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1480
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1349
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
Address_
Definition: decode.h:111
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1157
util-var.h
DetectMatchAddressIPv4_::ip
uint32_t ip
Definition: detect.h:161
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1809
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:148
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
DetectMatchAddressIPv6_::ip2
uint32_t ip2[4]
Definition: detect.h:167
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:130
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:123
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:16
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
res
PoolThreadReserved res
Definition: stream-tcp-private.h:60
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1892
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
DetectAddressTests
void DetectAddressTests(void)
Definition: detect-engine-address.c:4804
detect-engine-port.h
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:129
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:451
DetectAddress_::ip2
Address ip2
Definition: detect.h:142
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1040
TRUE
#define TRUE
Definition: suricata-common.h:33
SCMalloc
#define SCMalloc(a)
Definition: util-mem.h:222
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:265
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
SCCalloc
#define SCCalloc(nm, a)
Definition: util-mem.h:253
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
DetectAddressMap_
Definition: detect-engine-address.c:1300
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:124
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:156
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1629
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:913
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
Address_::address
union Address_::@42 address
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
DetectMatchAddressIPv4_::ip2
uint32_t ip2
Definition: detect.h:162
util-hash-lookup3.h
detect-engine-address-ipv6.h
DetectMatchAddressIPv6_::ip
uint32_t ip[4]
Definition: detect.h:166
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1338
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:174
str
#define str(s)
Definition: suricata-common.h:256
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1891
head
Flow * head
Definition: flow-hash.h:2
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1302
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:374
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:723
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:2
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:150
DetectMatchAddressIPv6_
Definition: detect.h:165
DetectMatchAddressIPv4_
Definition: detect.h:160
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:127
Address_::family
char family
Definition: decode.h:112
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1441
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1893
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1893
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:126
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:341
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:125
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:145
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1568
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:155
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:54
detect-engine-address.h
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:126
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1301
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:67
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1224
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162