suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
129 {
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Parses an ipv4/ipv6 address string and updates the result into the
393  * DetectAddress instance sent as the argument.
394  *
395  * \param dd Pointer to the DetectAddress instance which should be updated with
396  * the address range details from the parsed ip string.
397  * \param str Pointer to address string that has to be parsed.
398  *
399  * \retval 0 On successfully parsing the address string.
400  * \retval -1 On failure.
401  */
402 static int DetectAddressParseString(DetectAddress *dd, const char *str)
403 {
404  char *ip = NULL;
405  char *ip2 = NULL;
406  char *mask = NULL;
407  int r = 0;
408  char ipstr[256];
409 
410  /* shouldn't see 'any' here */
411  BUG_ON(strcasecmp(str, "any") == 0);
412 
413  strlcpy(ipstr, str, sizeof(ipstr));
414  SCLogDebug("str %s", str);
415 
416  /* we work with a copy so that we can put a
417  * nul-termination in it later */
418  ip = ipstr;
419 
420  /* handle the negation case */
421  if (ip[0] == '!') {
422  dd->flags |= ADDRESS_FLAG_NOT;
423  ip++;
424  }
425 
426  /* see if the address is an ipv4 or ipv6 address */
427  if ((strchr(str, ':')) == NULL) {
428  /* IPv4 Address */
429  struct in_addr in;
430 
431  dd->ip.family = AF_INET;
432 
433  if ((mask = strchr(ip, '/')) != NULL) {
434  /* 1.2.3.4/xxx format (either dotted or cidr notation */
435  ip[mask - ip] = '\0';
436  mask++;
437  uint32_t ip4addr = 0;
438  uint32_t netmask = 0;
439 
440  if ((strchr (mask, '.')) == NULL) {
441  /* 1.2.3.4/24 format */
442 
443  for (size_t u = 0; u < strlen(mask); u++) {
444  if(!isdigit((unsigned char)mask[u]))
445  goto error;
446  }
447 
448  int cidr;
449  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
450  goto error;
451  netmask = CIDRGet(cidr);
452  } else {
453  /* 1.2.3.4/255.255.255.0 format */
454  r = inet_pton(AF_INET, mask, &in);
455  if (r <= 0)
456  goto error;
457 
458  netmask = in.s_addr;
459 
460  /* validate netmask */
461  int cidr = CIDRFromMask(netmask);
462  if (cidr < 0) {
463  SCLogError(
464  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
465  "CIDR notation are supported. See ticket #5168.",
466  mask);
467  goto error;
468  }
469  }
470 
471  r = inet_pton(AF_INET, ip, &in);
472  if (r <= 0)
473  goto error;
474 
475  ip4addr = in.s_addr;
476 
477  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
478  dd->ip2.addr_data32[0] |=~ netmask;
479  } else if ((ip2 = strchr(ip, '-')) != NULL) {
480  /* 1.2.3.4-1.2.3.6 range format */
481  ip[ip2 - ip] = '\0';
482  ip2++;
483 
484  r = inet_pton(AF_INET, ip, &in);
485  if (r <= 0)
486  goto error;
487  dd->ip.addr_data32[0] = in.s_addr;
488 
489  r = inet_pton(AF_INET, ip2, &in);
490  if (r <= 0)
491  goto error;
492  dd->ip2.addr_data32[0] = in.s_addr;
493 
494  /* a > b is illegal, a = b is ok */
495  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
496  goto error;
497  } else {
498  /* 1.2.3.4 format */
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502  /* single host */
503  dd->ip.addr_data32[0] = in.s_addr;
504  dd->ip2.addr_data32[0] = in.s_addr;
505  }
506  } else {
507  /* IPv6 Address */
508  struct in6_addr in6, mask6;
509  uint32_t ip6addr[4], netmask[4];
510 
511  dd->ip.family = AF_INET6;
512 
513  if ((mask = strchr(ip, '/')) != NULL) {
514  ip[mask - ip] = '\0';
515  mask++;
516 
517  int cidr;
518  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
519  goto error;
520 
521  r = inet_pton(AF_INET6, ip, &in6);
522  if (r <= 0)
523  goto error;
524  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
525 
526  CIDRGetIPv6(cidr, &mask6);
527  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
528 
529  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
530  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
531  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
532  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
533 
534  dd->ip2.addr_data32[0] |=~ netmask[0];
535  dd->ip2.addr_data32[1] |=~ netmask[1];
536  dd->ip2.addr_data32[2] |=~ netmask[2];
537  dd->ip2.addr_data32[3] |=~ netmask[3];
538  } else if ((ip2 = strchr(ip, '-')) != NULL) {
539  /* 2001::1-2001::4 range format */
540  ip[ip2 - ip] = '\0';
541  ip2++;
542 
543  r = inet_pton(AF_INET6, ip, &in6);
544  if (r <= 0)
545  goto error;
546  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
547 
548  r = inet_pton(AF_INET6, ip2, &in6);
549  if (r <= 0)
550  goto error;
551  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
552 
553  /* a > b is illegal, a=b is ok */
554  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
555  goto error;
556  } else {
557  r = inet_pton(AF_INET6, ip, &in6);
558  if (r <= 0)
559  goto error;
560 
561  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
562  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
563  }
564 
565  }
566 
567  BUG_ON(dd->ip.family == 0);
568 
569  return 0;
570 
571 error:
572  return -1;
573 }
574 
575 /**
576  * \internal
577  * \brief Simply parse an address and return a DetectAddress instance containing
578  * the address ranges of the parsed ip addressstring
579  *
580  * \param str Pointer to a character string containing the ip address
581  *
582  * \retval dd Pointer to the DetectAddress instance containing the address
583  * range details from the parsed ip string
584  */
585 static DetectAddress *DetectAddressParseSingle(const char *str)
586 {
587  SCLogDebug("str %s", str);
588 
590  if (dd == NULL)
591  return NULL;
592 
593  if (DetectAddressParseString(dd, str) < 0) {
594  SCLogDebug("AddressParse failed");
595  DetectAddressFree(dd);
596  return NULL;
597  }
598 
599  return dd;
600 }
601 
602 /**
603  * \brief Setup a single address string, parse it and add the resulting
604  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
605  *
606  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
607  * resulting Address-Range(s) from the parsed ip string has to
608  * be added.
609  * \param s Pointer to the ip address string to be parsed.
610  *
611  * \retval 0 On success.
612  * \retval -1 On failure.
613  */
614 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
615 {
616  SCLogDebug("gh %p, s %s", gh, s);
617 
618  while (*s != '\0' && isspace(*s))
619  s++;
620 
621  if (strcasecmp(s, "any") == 0) {
622  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
623 
624  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
625  if (ad == NULL)
626  return -1;
627 
628  BUG_ON(ad->ip.family == 0);
629 
630  if (DetectAddressInsert(NULL, gh, ad) < 0) {
631  SCLogDebug("DetectAddressInsert failed");
632  DetectAddressFree(ad);
633  return -1;
634  }
635 
636  ad = DetectAddressParseSingle("::/0");
637  if (ad == NULL)
638  return -1;
639 
640  BUG_ON(ad->ip.family == 0);
641 
642  if (DetectAddressInsert(NULL, gh, ad) < 0) {
643  SCLogDebug("DetectAddressInsert failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647  return 0;
648  }
649 
650  /* parse the address */
651  DetectAddress *ad = DetectAddressParseSingle(s);
652  if (ad == NULL) {
653  SCLogError("failed to parse address \"%s\"", s);
654  return -1;
655  }
656 
657  /* handle the not case, we apply the negation then insert the part(s) */
658  if (ad->flags & ADDRESS_FLAG_NOT) {
659  DetectAddress *ad2 = NULL;
660 
661  if (DetectAddressCutNot(ad, &ad2) < 0) {
662  SCLogDebug("DetectAddressCutNot failed");
663  DetectAddressFree(ad);
664  return -1;
665  }
666 
667  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
668  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
669  if (ad2 != NULL) {
670  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
671  SCLogDebug("DetectAddressInsert failed");
672  DetectAddressFree(ad);
673  DetectAddressFree(ad2);
674  return -1;
675  }
676  }
677  }
678 
679  int r = DetectAddressInsert(NULL, gh, ad);
680  if (r < 0) {
681  SCLogDebug("DetectAddressInsert failed");
682  DetectAddressFree(ad);
683  return -1;
684  }
685  SCLogDebug("r %d",r);
686  return 0;
687 }
688 
689 /**
690  * \brief Parses an address string and updates the 2 address heads with the
691  * address data.
692  *
693  * Note that this function should only be called by the wrapping function
694  * DetectAddressParse2. The wrapping function provides long address handling
695  * when the address size exceeds a threshold value.
696  *
697  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
698  * since we pass around negate without keeping a count of ! with depth.
699  * Can solve this by keeping a count of the negations with depth, so that
700  * an even no of negations would count as no negation and an odd no of
701  * negations would count as a negation.
702  *
703  * \param gh Pointer to the address head that should hold address ranges
704  * that are not negated.
705  * \param ghn Pointer to the address head that should hold address ranges
706  * that are negated.
707  * \param s Pointer to the character string holding the address to be
708  * parsed.
709  * \param negate Flag that indicates if the received address string is negated
710  * or not. 0 if it is not, 1 it it is.
711  *
712  * \retval 0 On successfully parsing.
713  * \retval -1 On failure.
714  */
715 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
716  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
717  int recur, char *address, size_t address_length)
718 {
719  size_t x = 0;
720  size_t u = 0;
721  int o_set = 0, n_set = 0, d_set = 0;
722  int depth = 0;
723  const char *rule_var_address = NULL;
724  char *temp_rule_var_address = NULL;
725 
726  if (++recur > 64) {
727  SCLogError("address block recursion "
728  "limit reached (max 64)");
729  goto error;
730  }
731 
732  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
733 
734  size_t size = strlen(s);
735  for (u = 0, x = 0; u < size && x < address_length; u++) {
736  if (x == (address_length - 1)) {
737  SCLogError("Hit the address buffer"
738  " limit for the supplied address. Invalidating sig. "
739  "Please file a bug report on this.");
740  goto error;
741  }
742  address[x] = s[u];
743  x++;
744 
745  if (!o_set && s[u] == '!') {
746  n_set = 1;
747  x--;
748  } else if (s[u] == '[') {
749  if (!o_set) {
750  o_set = 1;
751  x = 0;
752  }
753  depth++;
754  } else if (s[u] == ']') {
755  if (depth == 1) {
756  address[x - 1] = '\0';
757  x = 0;
758  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
759  if (((negate + n_set) % 2) == 0) {
760  /* normal block */
761  SCLogDebug("normal block");
762 
763  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
764  goto error;
765  } else {
766  /* negated block
767  *
768  * Extra steps are necessary. First consider it as a normal
769  * (non-negated) range. Merge the + and - ranges if
770  * applicable. Then insert the result into the ghn list. */
771  SCLogDebug("negated block");
772 
773  DetectAddressHead tmp_gh = { NULL, NULL };
774  DetectAddressHead tmp_ghn = { NULL, NULL };
775 
776  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
777  DetectAddressHeadCleanup(&tmp_gh);
778  DetectAddressHeadCleanup(&tmp_ghn);
779  goto error;
780  }
781 
782  DetectAddress *tmp_ad;
783  DetectAddress *tmp_ad2;
784 #ifdef DEBUG
785  SCLogDebug("tmp_gh: IPv4");
786  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
787  DetectAddressPrint(tmp_ad);
788  }
789  SCLogDebug("tmp_ghn: IPv4");
790  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
791  DetectAddressPrint(tmp_ad);
792  }
793  SCLogDebug("tmp_gh: IPv6");
794  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
795  DetectAddressPrint(tmp_ad);
796  }
797  SCLogDebug("tmp_ghn: IPv6");
798  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
799  DetectAddressPrint(tmp_ad);
800  }
801 #endif
802  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
803  DetectAddressHeadCleanup(&tmp_ghn);
804  DetectAddressHeadCleanup(&tmp_gh);
805  goto error;
806  }
807  DetectAddressHeadCleanup(&tmp_ghn);
808 
809  SCLogDebug("merged successfully");
810 
811  /* insert the IPv4 addresses into the negated list */
812  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
813  /* work with a copy of the address group */
814  tmp_ad2 = DetectAddressCopy(tmp_ad);
815  if (tmp_ad2 == NULL) {
816  SCLogDebug("DetectAddressCopy failed");
817  DetectAddressHeadCleanup(&tmp_gh);
818  goto error;
819  }
820  DetectAddressPrint(tmp_ad2);
821  DetectAddressInsert(NULL, ghn, tmp_ad2);
822  }
823 
824  /* insert the IPv6 addresses into the negated list */
825  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
826  /* work with a copy of the address group */
827  tmp_ad2 = DetectAddressCopy(tmp_ad);
828  if (tmp_ad2 == NULL) {
829  SCLogDebug("DetectAddressCopy failed");
830  DetectAddressHeadCleanup(&tmp_gh);
831  goto error;
832  }
833  DetectAddressPrint(tmp_ad2);
834  DetectAddressInsert(NULL, ghn, tmp_ad2);
835  }
836 
837  DetectAddressHeadCleanup(&tmp_gh);
838  }
839  n_set = 0;
840  }
841  depth--;
842  } else if (depth == 0 && s[u] == ',') {
843  if (o_set == 1) {
844  o_set = 0;
845  } else if (d_set == 1) {
846  address[x - 1] = '\0';
847 
848  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
850  if (rule_var_address == NULL)
851  goto error;
852 
853  if (strlen(rule_var_address) == 0) {
854  SCLogError("variable %s resolved "
855  "to nothing. This is likely a misconfiguration. "
856  "Note that a negated address needs to be quoted, "
857  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
858  s);
859  goto error;
860  }
861 
862  SCLogDebug("rule_var_address %s", rule_var_address);
863  if ((negate + n_set) % 2) {
864  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
865  if (unlikely(temp_rule_var_address == NULL))
866  goto error;
867  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
868  "[%s]", rule_var_address);
869  } else {
870  temp_rule_var_address = SCStrdup(rule_var_address);
871  if (unlikely(temp_rule_var_address == NULL))
872  goto error;
873  }
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
876  (negate + n_set) % 2, var_list, recur) < 0) {
877  if (temp_rule_var_address != rule_var_address)
878  SCFree(temp_rule_var_address);
879  goto error;
880  }
881  d_set = 0;
882  n_set = 0;
883  SCFree(temp_rule_var_address);
884  } else {
885  address[x - 1] = '\0';
886 
887  if (!((negate + n_set) % 2)) {
888  SCLogDebug("DetectAddressSetup into gh, %s", address);
889  if (DetectAddressSetup(gh, address) < 0)
890  goto error;
891  } else {
892  SCLogDebug("DetectAddressSetup into ghn, %s", address);
893  if (DetectAddressSetup(ghn, address) < 0)
894  goto error;
895  }
896  n_set = 0;
897  }
898  x = 0;
899  } else if (depth == 0 && s[u] == '$') {
900  d_set = 1;
901  } else if (depth == 0 && u == size - 1) {
902  if (x == address_length) {
903  address[x - 1] = '\0';
904  } else {
905  address[x] = '\0';
906  }
907  x = 0;
908 
909  if (AddVariableToResolveList(var_list, address) == -1) {
910  SCLogError("Found a loop in a address "
911  "groups declaration. This is likely a misconfiguration.");
912  goto error;
913  }
914 
915  if (d_set == 1) {
916  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
918  if (rule_var_address == NULL)
919  goto error;
920 
921  if (strlen(rule_var_address) == 0) {
922  SCLogError("variable %s resolved "
923  "to nothing. This is likely a misconfiguration. "
924  "Note that a negated address needs to be quoted, "
925  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
926  s);
927  goto error;
928  }
929 
930  SCLogDebug("rule_var_address %s", rule_var_address);
931  if ((negate + n_set) % 2) {
932  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
933  if (unlikely(temp_rule_var_address == NULL))
934  goto error;
935  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
936  "[%s]", rule_var_address);
937  } else {
938  temp_rule_var_address = SCStrdup(rule_var_address);
939  if (unlikely(temp_rule_var_address == NULL))
940  goto error;
941  }
942 
943  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
944  (negate + n_set) % 2, var_list, recur) < 0) {
945  SCLogDebug("DetectAddressParse2 hates us");
946  if (temp_rule_var_address != rule_var_address)
947  SCFree(temp_rule_var_address);
948  goto error;
949  }
950  d_set = 0;
951  SCFree(temp_rule_var_address);
952  } else {
953  if (!((negate + n_set) % 2)) {
954  SCLogDebug("DetectAddressSetup into gh, %s", address);
955  if (DetectAddressSetup(gh, address) < 0) {
956  SCLogDebug("DetectAddressSetup gh fail");
957  goto error;
958  }
959  } else {
960  SCLogDebug("DetectAddressSetup into ghn, %s", address);
961  if (DetectAddressSetup(ghn, address) < 0) {
962  SCLogDebug("DetectAddressSetup ghn fail");
963  goto error;
964  }
965  }
966  }
967  n_set = 0;
968  }
969  }
970  if (depth > 0) {
971  SCLogError("not every address block was "
972  "properly closed in \"%s\", %d missing closing brackets (]). "
973  "Note: problem might be in a variable.",
974  s, depth);
975  goto error;
976  } else if (depth < 0) {
977  SCLogError("not every address block was "
978  "properly opened in \"%s\", %d missing opening brackets ([). "
979  "Note: problem might be in a variable.",
980  s, depth * -1);
981  goto error;
982  }
983 
984  return 0;
985 
986 error:
987 
988  return -1;
989 }
990 
991 /**
992  * \internal
993  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
994  *
995  * \retval Return value from DetectAddressParseInternal
996  */
997 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
998  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
999  int recur)
1000 {
1001  int rc;
1002 #define MAX_ADDRESS_LENGTH 8192
1003 
1004  size_t address_length = strlen(s);
1005  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1006  char *address = SCCalloc(1, address_length);
1007  if (address == NULL) {
1008  SCLogError("Unable to allocate"
1009  " memory for address parsing.");
1010  return -1;
1011  }
1012  rc = DetectAddressParseInternal(
1013  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1014  SCFree(address);
1015  } else {
1016  char address[MAX_ADDRESS_LENGTH] = "";
1017  rc = DetectAddressParseInternal(
1018  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1019  }
1020  return rc;
1021 }
1022 
1023 /**
1024  * \internal
1025  * \brief See if the addresses and ranges in an address head cover the
1026  * entire ip space.
1027  *
1028  * \param gh Pointer to the DetectAddressHead to check.
1029  *
1030  * \retval 0 No.
1031  * \retval 1 Yes.
1032  *
1033  * \todo do the same for IPv6
1034  */
1035 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1036 {
1038  if (r == 1)
1039  return 1;
1040 
1041  return 0;
1042 }
1043 
1044 /**
1045  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1046  *
1047  * \param gh Pointer to the address head containing the non-NOT groups.
1048  * \param ghn Pointer to the address head containing the NOT groups.
1049  *
1050  * \retval 0 On success.
1051  * \retval -1 On failure.
1052  */
1054 {
1055  DetectAddress *ad;
1056  DetectAddress *ag, *ag2;
1057  int r = 0;
1058 
1059  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1060  ghn->ipv4_head);
1061 
1062  /* check if the negated list covers the entire ip space. If so
1063  * the user screwed up the rules/vars. */
1064  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1065  SCLogError("Complete IP space negated. "
1066  "Rule address range is NIL. Probably have a !any or "
1067  "an address range that supplies a NULL address range");
1068  goto error;
1069  }
1070 
1071  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1072  * not thingy. In that case we add a 0.0.0.0/0 first. */
1073  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1074  r = DetectAddressSetup(gh, "0.0.0.0/0");
1075  if (r < 0) {
1076  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1077  goto error;
1078  }
1079  }
1080  /* ... or ::/0 for ipv6 */
1081  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1082  r = DetectAddressSetup(gh, "::/0");
1083  if (r < 0) {
1084  SCLogDebug("DetectAddressSetup for ::/0 failed");
1085  goto error;
1086  }
1087  }
1088 
1089  /* step 1: insert our ghn members into the gh list */
1090  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1091  /* work with a copy of the ad so we can easily clean up the ghn group
1092  * later. */
1093  ad = DetectAddressCopy(ag);
1094  if (ad == NULL) {
1095  SCLogDebug("DetectAddressCopy failed");
1096  goto error;
1097  }
1098 
1099  r = DetectAddressInsert(NULL, gh, ad);
1100  if (r < 0) {
1101  SCLogDebug("DetectAddressInsert failed");
1102  goto error;
1103  }
1104  }
1105  /* ... and the same for ipv6 */
1106  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1107  /* work with a copy of the ad so we can easily clean up the ghn group
1108  * later. */
1109  ad = DetectAddressCopy(ag);
1110  if (ad == NULL) {
1111  SCLogDebug("DetectAddressCopy failed");
1112  goto error;
1113  }
1114 
1115  r = DetectAddressInsert(NULL, gh, ad);
1116  if (r < 0) {
1117  SCLogDebug("DetectAddressInsert failed");
1118  goto error;
1119  }
1120  }
1121 #ifdef DEBUG
1122  DetectAddress *tmp_ad;
1123  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1124  DetectAddressPrint(tmp_ad);
1125  }
1126 #endif
1127  int ipv4_applied = 0;
1128  int ipv6_applied = 0;
1129 
1130  /* step 2: pull the address blocks that match our 'not' blocks */
1131  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1132  SCLogDebug("ag %p", ag);
1133  DetectAddressPrint(ag);
1134 
1135  int applied = 0;
1136  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1137  SCLogDebug("ag2 %p", ag2);
1138  DetectAddressPrint(ag2);
1139 
1140  r = DetectAddressCmp(ag, ag2);
1141  /* XXX more ??? */
1142  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1143  if (ag2->prev == NULL)
1144  gh->ipv4_head = ag2->next;
1145  else
1146  ag2->prev->next = ag2->next;
1147 
1148  if (ag2->next != NULL)
1149  ag2->next->prev = ag2->prev;
1150 
1151  /* store the next ptr and remove the group */
1152  DetectAddress *next_ag2 = ag2->next;
1153  DetectAddressFree(ag2);
1154  ag2 = next_ag2;
1155  applied = 1;
1156  } else {
1157  ag2 = ag2->next;
1158  }
1159  }
1160 
1161  if (applied) {
1162  ipv4_applied++;
1163  }
1164  }
1165  /* ... and the same for ipv6 */
1166  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1167  int applied = 0;
1168  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1169  r = DetectAddressCmp(ag, ag2);
1170  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1171  if (ag2->prev == NULL)
1172  gh->ipv6_head = ag2->next;
1173  else
1174  ag2->prev->next = ag2->next;
1175 
1176  if (ag2->next != NULL)
1177  ag2->next->prev = ag2->prev;
1178 
1179  /* store the next ptr and remove the group */
1180  DetectAddress *next_ag2 = ag2->next;
1181  DetectAddressFree(ag2);
1182  ag2 = next_ag2;
1183 
1184  SCLogDebug("applied");
1185  applied = 1;
1186  } else {
1187  ag2 = ag2->next;
1188  }
1189  }
1190  if (applied) {
1191  ipv6_applied++;
1192  }
1193  }
1194 #ifdef DEBUG
1195  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1196  DetectAddressPrint(tmp_ad);
1197  }
1198  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1199  DetectAddressPrint(tmp_ad);
1200  }
1201 #endif
1202  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1203  int cnt = 0;
1204  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1205  cnt++;
1206 
1207  if (ipv4_applied != cnt) {
1208  SCLogError("not all IPv4 negations "
1209  "could be applied: %d != %d",
1210  cnt, ipv4_applied);
1211  goto error;
1212  }
1213 
1214  cnt = 0;
1215  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1216  cnt++;
1217 
1218  if (ipv6_applied != cnt) {
1219  SCLogError("not all IPv6 negations "
1220  "could be applied: %d != %d",
1221  cnt, ipv6_applied);
1222  goto error;
1223  }
1224  }
1225 
1226  /* if the result is that we have no addresses we return error */
1227  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1228  SCLogError("no addresses left after "
1229  "merging addresses and negated addresses");
1230  goto error;
1231  }
1232 
1233  return 0;
1234 
1235 error:
1236  return -1;
1237 }
1238 
1240 {
1241  SCLogDebug("Testing address conf vars for any misconfigured values");
1242 
1243  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1244 
1245  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1246  if (address_vars_node == NULL) {
1247  return 0;
1248  }
1249 
1250  DetectAddressHead *gh = NULL;
1251  DetectAddressHead *ghn = NULL;
1252 
1253  ConfNode *seq_node;
1254  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1255  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1256 
1257  gh = DetectAddressHeadInit();
1258  if (gh == NULL) {
1259  goto error;
1260  }
1261  ghn = DetectAddressHeadInit();
1262  if (ghn == NULL) {
1263  goto error;
1264  }
1265 
1266  if (seq_node->val == NULL) {
1267  SCLogError("Address var \"%s\" probably has a sequence(something "
1268  "in brackets) value set without any quotes. Please "
1269  "quote it using \"..\".",
1270  seq_node->name);
1271  goto error;
1272  }
1273 
1274  int r = DetectAddressParse2(
1275  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1276 
1277  CleanVariableResolveList(&var_list);
1278 
1279  if (r < 0) {
1280  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1281  "Please check its syntax",
1282  seq_node->name, seq_node->val);
1283  goto error;
1284  }
1285 
1286  if (DetectAddressIsCompleteIPSpace(ghn)) {
1287  SCLogError("address var - \"%s\" has the complete IP space negated "
1288  "with its value \"%s\". Rule address range is NIL. "
1289  "Probably have a !any or an address range that supplies "
1290  "a NULL address range",
1291  seq_node->name, seq_node->val);
1292  goto error;
1293  }
1294 
1295  DetectAddressHeadFree(gh);
1296  gh = NULL;
1297  DetectAddressHeadFree(ghn);
1298  ghn = NULL;
1299  }
1300 
1301  return 0;
1302  error:
1303  if (gh != NULL)
1304  DetectAddressHeadFree(gh);
1305  if (ghn != NULL)
1306  DetectAddressHeadFree(ghn);
1307  return -1;
1308 }
1309 
1310 #include "util-hash-lookup3.h"
1311 
1312 typedef struct DetectAddressMap_ {
1313  char *string;
1317 
1318 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1319 {
1320  const DetectAddressMap *map = (DetectAddressMap *)data;
1321  uint32_t hash = 0;
1322 
1323  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1324  hash %= ht->array_size;
1325 
1326  return hash;
1327 }
1328 
1329 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1330  uint16_t len2)
1331 {
1332  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1333  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1334 
1335  char r = (strcmp(map1->string, map2->string) == 0);
1336  return r;
1337 }
1338 
1339 static void DetectAddressMapFreeFunc(void *data)
1340 {
1341  DetectAddressMap *map = (DetectAddressMap *)data;
1342  if (map != NULL) {
1343  DetectAddressHeadFree(map->address);
1344  SCFree(map->string);
1345  }
1346  SCFree(map);
1347 }
1348 
1350 {
1351  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1352  DetectAddressMapCompareFunc,
1353  DetectAddressMapFreeFunc);
1354  if (de_ctx->address_table == NULL)
1355  return -1;
1356 
1357  return 0;
1358 }
1359 
1361 {
1362  if (de_ctx->address_table == NULL)
1363  return;
1364 
1366  de_ctx->address_table = NULL;
1367  return;
1368 }
1369 
1370 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1371  DetectAddressHead *address, bool contains_negation)
1372 {
1373  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1374  if (map == NULL)
1375  return -1;
1376 
1377  map->string = SCStrdup(string);
1378  if (map->string == NULL) {
1379  SCFree(map);
1380  return -1;
1381  }
1382  map->address = address;
1383  map->contains_negation = contains_negation;
1384 
1385  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1386  return 0;
1387 }
1388 
1389 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1390  const char *string)
1391 {
1392  DetectAddressMap map = { (char *)string, NULL, false };
1393 
1395  &map, 0);
1396  return res;
1397 }
1398 
1399 /**
1400  * \brief Parses an address group sent as a character string and updates the
1401  * DetectAddressHead sent as the argument with the relevant address
1402  * ranges from the parsed string.
1403  *
1404  * \param de_ctx Pointer to the detection engine context
1405  * \param gh Pointer to the DetectAddressHead.
1406  * \param str Pointer to the character string containing the address group
1407  * that has to be parsed.
1408  *
1409  * \retval 1 On success. Contained negation.
1410  * \retval 0 On success. Did not contain negation.
1411  * \retval -1 On failure.
1412  */
1414  DetectAddressHead *gh, const char *str)
1415 {
1416  SCLogDebug("gh %p, str %s", gh, str);
1417 
1418  if (str == NULL) {
1419  SCLogDebug("DetectAddressParse can not be run with NULL address");
1420  return -1;
1421  }
1422 
1423  DetectAddressHead *ghn = DetectAddressHeadInit();
1424  if (ghn == NULL) {
1425  SCLogDebug("DetectAddressHeadInit for ghn failed");
1426  return -1;
1427  }
1428 
1429  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1430  if (r < 0) {
1431  SCLogDebug("DetectAddressParse2 returned %d", r);
1432  DetectAddressHeadFree(ghn);
1433  return -1;
1434  }
1435 
1436  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1437  ghn->ipv4_head);
1438 
1439  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1440 
1441  /* merge the 'not' address groups */
1442  if (DetectAddressMergeNot(gh, ghn) < 0) {
1443  SCLogDebug("DetectAddressMergeNot failed");
1444  DetectAddressHeadFree(ghn);
1445  return -1;
1446  }
1447 
1448  /* free the temp negate head */
1449  DetectAddressHeadFree(ghn);
1450  return contains_negation ? 1 : 0;
1451 }
1452 
1454  const char *string, bool *contains_negation)
1455 {
1456  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1457  if (res != NULL) {
1458  SCLogDebug("found: %s :: %p", string, res);
1459  *contains_negation = res->contains_negation;
1460  return res->address;
1461  }
1462 
1463  SCLogDebug("%s not found", string);
1464 
1465  DetectAddressHead *head = DetectAddressHeadInit();
1466  if (head == NULL)
1467  return NULL;
1468 
1469  const int r = DetectAddressParse(de_ctx, head, string);
1470  if (r < 0) {
1471  DetectAddressHeadFree(head);
1472  return NULL;
1473  } else if (r == 1) {
1474  *contains_negation = true;
1475  } else {
1476  *contains_negation = false;
1477  }
1478 
1479  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1480  *contains_negation);
1481  return head;
1482 }
1483 
1484 /**
1485  * \brief Cleans a DetectAddressHead. The functions frees the address
1486  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1487  * instance.
1488  *
1489  * \param gh Pointer to the DetectAddressHead instance that has to be
1490  * cleaned.
1491  */
1493 {
1494  if (gh != NULL) {
1495  if (gh->ipv4_head != NULL) {
1496  DetectAddressCleanupList(gh->ipv4_head);
1497  gh->ipv4_head = NULL;
1498  }
1499  if (gh->ipv6_head != NULL) {
1500  DetectAddressCleanupList(gh->ipv6_head);
1501  gh->ipv6_head = NULL;
1502  }
1503  }
1504 
1505  return;
1506 }
1507 
1508 /**
1509  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1510  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1511  * explanations on what these functions do.
1512  *
1513  * \param de_ctx Pointer to the DetectEngineCtx.
1514  * \param a Pointer to the first address to be cut.
1515  * \param b Pointer to the second address to be cut.
1516  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1517  * ranges from a and b, demand a third address range.
1518  *
1519  * \retval 0 On success.
1520  * \retval -1 On failure.
1521  */
1522 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1523  DetectAddress *b, DetectAddress **c)
1524 {
1525  if (a->ip.family == AF_INET)
1526  return DetectAddressCutIPv4(de_ctx, a, b, c);
1527  else if (a->ip.family == AF_INET6)
1528  return DetectAddressCutIPv6(de_ctx, a, b, c);
1529 
1530  return -1;
1531 }
1532 
1533 /**
1534  * \brief Cuts a negated address range with respect to the entire ip range, and
1535  * supplies with the address range that doesn't belong to the negated
1536  * address range.
1537  *
1538  * There are 2 cases here -
1539  *
1540  * The first case includes the address being located at the extreme ends
1541  * of the ip space, in which we get a single range.
1542  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1543  *
1544  * The second case includes the address not present at either of the
1545  * ip space extremes, in which case we get 2 ranges. The second range
1546  * would be supplied back with the argument "b" supplied to this function.
1547  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1548  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1549  *
1550  * The above negation cases can similarly be extended to ranges, i.e.
1551  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1552  * ![10.20.30.40 - 10.20.30.50].
1553  *
1554  *
1555  * \param a Pointer to the DetectAddressData instance, that contains the negated
1556  * address range that has to be cut.
1557  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1558  * filled with the address range, if the argument "a", doesn't fall at
1559  * the extreme ends of the ip address space.
1560  *
1561  * \retval 0 On success.
1562  * \retval -1 On failure.
1563  */
1564 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1565 {
1566  if (a->ip.family == AF_INET)
1567  return DetectAddressCutNotIPv4(a, b);
1568  else if (a->ip.family == AF_INET6)
1569  return DetectAddressCutNotIPv6(a, b);
1570 
1571  return -1;
1572 }
1573 
1574 /**
1575  * \brief Used to compare 2 address ranges.
1576  *
1577  * \param a Pointer to the first DetectAddressData to be compared.
1578  * \param b Pointer to the second DetectAddressData to be compared.
1579  */
1581 {
1582  if (a->ip.family != b->ip.family)
1583  return ADDRESS_ER;
1584 
1585  if (a->ip.family == AF_INET)
1586  return DetectAddressCmpIPv4(a, b);
1587  else if (a->ip.family == AF_INET6)
1588  return DetectAddressCmpIPv6(a, b);
1589 
1590  return ADDRESS_ER;
1591 }
1592 
1593 /**
1594  * \brief Match a packets address against a signatures addrs array
1595  *
1596  * \param addrs array of DetectMatchAddressIPv4's
1597  * \param addrs_cnt array size in members
1598  * \param a packets address
1599  *
1600  * \retval 0 no match
1601  * \retval 1 match
1602  *
1603  * \note addresses in addrs are in host order
1604  *
1605  * \todo array should be ordered, so we can break out of the loop
1606  */
1608  uint16_t addrs_cnt, const Address *a)
1609 {
1610  SCEnter();
1611 
1612  if (addrs == NULL || addrs_cnt == 0) {
1613  SCReturnInt(0);
1614  }
1615 
1616  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1617  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1618  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1619  SCReturnInt(1);
1620  }
1621  }
1622 
1623  SCReturnInt(0);
1624 }
1625 
1626 /**
1627  * \brief Match a packets address against a signatures addrs array
1628  *
1629  * \param addrs array of DetectMatchAddressIPv6's
1630  * \param addrs_cnt array size in members
1631  * \param a packets address
1632  *
1633  * \retval 0 no match
1634  * \retval 1 match
1635  *
1636  * \note addresses in addrs are in host order
1637  *
1638  * \todo array should be ordered, so we can break out of the loop
1639  */
1641  uint16_t addrs_cnt, const Address *a)
1642 {
1643  SCEnter();
1644 
1645  if (addrs == NULL || addrs_cnt == 0) {
1646  SCReturnInt(0);
1647  }
1648 
1649  uint32_t match_addr[4];
1650  match_addr[0] = SCNtohl(a->addr_data32[0]);
1651  match_addr[1] = SCNtohl(a->addr_data32[1]);
1652  match_addr[2] = SCNtohl(a->addr_data32[2]);
1653  match_addr[3] = SCNtohl(a->addr_data32[3]);
1654 
1655  /* See if the packet address is within the range of any entry in the
1656  * signature's address match array.
1657  */
1658  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1659  uint16_t result1 = 0, result2 = 0;
1660 
1661  /* See if packet address equals either limit. Return 1 if true. */
1662  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1663  SCReturnInt(1);
1664  }
1665  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1666  SCReturnInt(1);
1667  }
1668 
1669  /* See if packet address is greater than lower limit
1670  * of the current signature address match pair.
1671  */
1672  for (int i = 0; i < 4; i++) {
1673  if (match_addr[i] > addrs[idx].ip[i]) {
1674  result1 = 1;
1675  break;
1676  }
1677  if (match_addr[i] < addrs[idx].ip[i]) {
1678  result1 = 0;
1679  break;
1680  }
1681  }
1682 
1683  /* If not greater than lower limit, try next address match entry */
1684  if (result1 == 0)
1685  continue;
1686 
1687  /* See if packet address is less than upper limit
1688  * of the current signature address match pair.
1689  */
1690  for (int i = 0; i < 4; i++) {
1691  if (match_addr[i] < addrs[idx].ip2[i]) {
1692  result2 = 1;
1693  break;
1694  }
1695  if (match_addr[i] > addrs[idx].ip2[i]) {
1696  result2 = 0;
1697  break;
1698  }
1699  }
1700 
1701  /* Return a match if packet address is between the two
1702  * signature address match limits.
1703  */
1704  if (result1 == 1 && result2 == 1)
1705  SCReturnInt(1);
1706  }
1707 
1708  SCReturnInt(0);
1709 }
1710 
1711 /**
1712  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1713  * range in the DetectAddress instance.
1714  *
1715  * We basically check that the address falls in between the address
1716  * range in DetectAddress.
1717  *
1718  * \param dd Pointer to the DetectAddress instance.
1719  * \param a Pointer to an Address instance.
1720  *
1721  * \param 1 On a match.
1722  * \param 0 On no match.
1723  */
1724 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1725 {
1726  SCEnter();
1727 
1728  if (dd->ip.family != a->family) {
1729  SCReturnInt(0);
1730  }
1731 
1732  //DetectAddressPrint(dd);
1733  //AddressDebugPrint(a);
1734 
1735  switch (a->family) {
1736  case AF_INET:
1737 
1738  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1739  * Address inside DetectAddressData we can do uint8_t checks */
1740  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1741  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1742  {
1743  SCReturnInt(1);
1744  } else {
1745  SCReturnInt(0);
1746  }
1747 
1748  break;
1749  case AF_INET6:
1750  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1751  AddressIPv6Le(a, &dd->ip2) == 1)
1752  {
1753  SCReturnInt(1);
1754  } else {
1755  SCReturnInt(0);
1756  }
1757 
1758  break;
1759  default:
1760  SCLogDebug("What other address type can we have :-/");
1761  break;
1762  }
1763 
1764  SCReturnInt(0);
1765 }
1766 
1767 #ifdef DEBUG
1768 /**
1769  * \brief Prints the address data held by the DetectAddress. If the address
1770  * data family is IPv4, we print the the ipv4 address and mask, and
1771  * if the address data family is IPv6, we print the ipv6 address and
1772  * mask.
1773  *
1774  * \param ad Pointer to the DetectAddress instance to be printed.
1775  */
1776 static void DetectAddressPrint(DetectAddress *gr)
1777 {
1778  if (gr == NULL)
1779  return;
1780 
1781  if (gr->ip.family == AF_INET) {
1782  struct in_addr in;
1783  char ip[16], mask[16];
1784 
1785  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1786  PrintInet(AF_INET, &in, ip, sizeof(ip));
1787  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1788  PrintInet(AF_INET, &in, mask, sizeof(mask));
1789 
1790  SCLogDebug("%s/%s", ip, mask);
1791 // printf("%s/%s", ip, mask);
1792  } else if (gr->ip.family == AF_INET6) {
1793  struct in6_addr in6;
1794  char ip[66], mask[66];
1795 
1796  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1797  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1798  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1799  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1800 
1801  SCLogDebug("%s/%s", ip, mask);
1802 // printf("%s/%s", ip, mask);
1803  }
1804 
1805  return;
1806 }
1807 #endif
1808 
1809 /**
1810  * \brief Find the group matching address in a group head.
1811  *
1812  * \param gh Pointer to the address group head(DetectAddressHead instance).
1813  * \param a Pointer to an Address instance.
1814  *
1815  * \retval g On success pointer to an DetectAddress if we find a match
1816  * for the Address "a", in the DetectAddressHead "gh".
1817  */
1819 {
1820  SCEnter();
1821 
1822  DetectAddress *g = NULL;
1823 
1824  if (gh == NULL) {
1825  SCReturnPtr(NULL, "DetectAddress");
1826  }
1827 
1828  /* XXX should we really do this check every time we run this function? */
1829  if (a->family == AF_INET) {
1830  SCLogDebug("IPv4");
1831  g = gh->ipv4_head;
1832  } else if (a->family == AF_INET6) {
1833  SCLogDebug("IPv6");
1834  g = gh->ipv6_head;
1835  }
1836 
1837  for ( ; g != NULL; g = g->next) {
1838  if (DetectAddressMatch(g,a) == 1) {
1839  SCReturnPtr(g, "DetectAddress");
1840  }
1841  }
1842 
1843  SCReturnPtr(NULL, "DetectAddress");
1844 }
1845 
1846 /********************************Unittests*************************************/
1847 
1848 #ifdef UNITTESTS
1849 
1850 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1851 {
1852  char str1[46] = "", str2[46] = "";
1853 
1854  if (ad == NULL)
1855  return FALSE;
1856 
1857  switch(ad->ip.family) {
1858  case AF_INET:
1859  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1860  SCLogDebug("%s", str1);
1861  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1862  SCLogDebug("%s", str2);
1863 
1864  if (strcmp(str1, one) != 0) {
1865  SCLogInfo("%s != %s", str1, one);
1866  return FALSE;
1867  }
1868 
1869  if (strcmp(str2, two) != 0) {
1870  SCLogInfo("%s != %s", str2, two);
1871  return FALSE;
1872  }
1873 
1874  return TRUE;
1875  break;
1876 
1877  case AF_INET6:
1878  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1879  SCLogDebug("%s", str1);
1880  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1881  SCLogDebug("%s", str2);
1882 
1883  if (strcmp(str1, one) != 0) {
1884  SCLogInfo("%s != %s", str1, one);
1885  return FALSE;
1886  }
1887 
1888  if (strcmp(str2, two) != 0) {
1889  SCLogInfo("%s != %s", str2, two);
1890  return FALSE;
1891  }
1892 
1893  return TRUE;
1894  break;
1895  }
1896 
1897  return FALSE;
1898 }
1899 
1901  const char *one;
1902  const char *two;
1904 
1905 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1906 {
1907  int expect = nranges;
1908  int have = 0;
1909 
1910  if (gh == NULL)
1911  return FALSE;
1912 
1913  DetectAddress *ad = NULL;
1914  ad = gh->ipv4_head;
1915  if (ad == NULL)
1916  ad = gh->ipv6_head;
1917  while (have < expect) {
1918  if (ad == NULL) {
1919  printf("bad head: have %d ranges, expected %d: ", have, expect);
1920  return FALSE;
1921  }
1922 
1923  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1924  return FALSE;
1925 
1926  ad = ad->next;
1927  have++;
1928  }
1929 
1930  return TRUE;
1931 }
1932 
1933 static int AddressTestParse01(void)
1934 {
1935  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1936 
1937  if (dd) {
1938  DetectAddressFree(dd);
1939  return 1;
1940  }
1941 
1942  return 0;
1943 }
1944 
1945 static int AddressTestParse02(void)
1946 {
1947  int result = 1;
1948  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1949 
1950  if (dd) {
1951  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1952  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1953  result = 0;
1954  }
1955 
1956  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1957  DetectAddressFree(dd);
1958  return result;
1959  }
1960 
1961  return 0;
1962 }
1963 
1964 static int AddressTestParse03(void)
1965 {
1966  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1967 
1968  if (dd) {
1969  DetectAddressFree(dd);
1970  return 1;
1971  }
1972 
1973  return 0;
1974 }
1975 
1976 static int AddressTestParse04(void)
1977 {
1978  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1979  FAIL_IF_NULL(dd);
1980 
1981  char left[16], right[16];
1982  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1983  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1984  SCLogDebug("left %s right %s", left, right);
1985  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1986  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1987  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1988  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1989 
1990  DetectAddressFree(dd);
1991  PASS;
1992 }
1993 
1994 /** \test that address range sets proper start address */
1995 static int AddressTestParse04bug5081(void)
1996 {
1997  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1998  FAIL_IF_NULL(dd);
1999 
2000  char left[16], right[16];
2001  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
2002  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
2003  SCLogDebug("left %s right %s", left, right);
2004  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
2005  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
2006 
2007  DetectAddressFree(dd);
2008  PASS;
2009 }
2010 
2011 static int AddressTestParse05(void)
2012 {
2013  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2014 
2015  if (dd) {
2016  DetectAddressFree(dd);
2017  return 1;
2018  }
2019 
2020  return 0;
2021 }
2022 
2023 static int AddressTestParse06(void)
2024 {
2025  int result = 1;
2026  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2027 
2028  if (dd) {
2029  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2030  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2031  result = 0;
2032  }
2033 
2034  DetectAddressFree(dd);
2035  return result;
2036  }
2037 
2038  return 0;
2039 }
2040 
2041 static int AddressTestParse07(void)
2042 {
2043  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2044 
2045  if (dd) {
2046  DetectAddressFree(dd);
2047  return 1;
2048  }
2049 
2050  return 0;
2051 }
2052 
2053 static int AddressTestParse08(void)
2054 {
2055  int result = 1;
2056  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2057 
2058  if (dd) {
2059  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2060  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2061 
2062  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2063  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2064  DetectAddressPrint(dd);
2065  result = 0;
2066  }
2067 
2068  DetectAddressFree(dd);
2069  return result;
2070  }
2071 
2072  return 0;
2073 }
2074 
2075 static int AddressTestParse09(void)
2076 {
2077  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2078 
2079  if (dd) {
2080  DetectAddressFree(dd);
2081  return 1;
2082  }
2083 
2084  return 0;
2085 }
2086 
2087 static int AddressTestParse10(void)
2088 {
2089  int result = 1;
2090  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2091 
2092  if (dd) {
2093  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2094  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2095 
2096  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2097  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2098  DetectAddressPrint(dd);
2099  result = 0;
2100  }
2101 
2102  DetectAddressFree(dd);
2103  return result;
2104  }
2105 
2106  return 0;
2107 }
2108 
2109 static int AddressTestParse11(void)
2110 {
2111  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2112 
2113  if (dd) {
2114  DetectAddressFree(dd);
2115  return 1;
2116  }
2117 
2118  return 0;
2119 }
2120 
2121 static int AddressTestParse12(void)
2122 {
2123  int result = 1;
2124  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2125 
2126  if (dd) {
2127  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2128  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2129 
2130  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2131  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2132  DetectAddressPrint(dd);
2133  result = 0;
2134  }
2135 
2136  DetectAddressFree(dd);
2137  return result;
2138  }
2139 
2140  return 0;
2141 }
2142 static int AddressTestParse13(void)
2143 {
2144  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2145 
2146  if (dd) {
2147  DetectAddressFree(dd);
2148  return 1;
2149  }
2150 
2151  return 0;
2152 }
2153 
2154 static int AddressTestParse14(void)
2155 {
2156  int result = 1;
2157  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2158 
2159  if (dd) {
2160  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2161  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2162 
2163  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2164  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2165  result = 0;
2166  }
2167 
2168  DetectAddressFree(dd);
2169  return result;
2170  }
2171 
2172  return 0;
2173 }
2174 
2175 static int AddressTestParse15(void)
2176 {
2177  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2178 
2179  if (dd) {
2180  DetectAddressFree(dd);
2181  return 1;
2182  }
2183 
2184  return 0;
2185 }
2186 
2187 static int AddressTestParse16(void)
2188 {
2189  int result = 1;
2190  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2191 
2192  if (dd) {
2193  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2194  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2195 
2196  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2197  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2198  result = 0;
2199  }
2200 
2201  DetectAddressFree(dd);
2202  return result;
2203  }
2204 
2205  return 0;
2206 }
2207 
2208 static int AddressTestParse17(void)
2209 {
2210  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2211 
2212  if (dd) {
2213  DetectAddressFree(dd);
2214  return 1;
2215  }
2216 
2217  return 0;
2218 }
2219 
2220 static int AddressTestParse18(void)
2221 {
2222  int result = 1;
2223  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2224 
2225  if (dd) {
2226  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2227  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2228  result = 0;
2229  }
2230 
2231  DetectAddressFree(dd);
2232  return result;
2233  }
2234 
2235  return 0;
2236 }
2237 
2238 static int AddressTestParse19(void)
2239 {
2240  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2241 
2242  if (dd) {
2243  DetectAddressFree(dd);
2244  return 0;
2245  }
2246 
2247  return 1;
2248 }
2249 
2250 static int AddressTestParse20(void)
2251 {
2252  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2253 
2254  if (dd) {
2255  DetectAddressFree(dd);
2256  return 1;
2257  }
2258 
2259  return 0;
2260 }
2261 
2262 static int AddressTestParse21(void)
2263 {
2264  int result = 1;
2265  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2266 
2267  if (dd) {
2268  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2269  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2270 
2271  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2272  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2273  result = 0;
2274  }
2275 
2276  DetectAddressFree(dd);
2277  return result;
2278  }
2279 
2280  return 0;
2281 }
2282 
2283 static int AddressTestParse22(void)
2284 {
2285  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2286 
2287  if (dd) {
2288  DetectAddressFree(dd);
2289  return 0;
2290  }
2291 
2292  return 1;
2293 }
2294 
2295 static int AddressTestParse23(void)
2296 {
2297  DetectAddressHead *gh = DetectAddressHeadInit();
2298  FAIL_IF_NULL(gh);
2299  int r = DetectAddressParse(NULL, gh, "any");
2300  FAIL_IF_NOT(r == 0);
2301  DetectAddressHeadFree(gh);
2302  PASS;
2303 }
2304 
2305 static int AddressTestParse24(void)
2306 {
2307  DetectAddressHead *gh = DetectAddressHeadInit();
2308  FAIL_IF_NULL(gh);
2309  int r = DetectAddressParse(NULL, gh, "Any");
2310  FAIL_IF_NOT(r == 0);
2311  DetectAddressHeadFree(gh);
2312  PASS;
2313 }
2314 
2315 static int AddressTestParse25(void)
2316 {
2317  DetectAddressHead *gh = DetectAddressHeadInit();
2318  FAIL_IF_NULL(gh);
2319  int r = DetectAddressParse(NULL, gh, "ANY");
2320  FAIL_IF_NOT(r == 0);
2321  DetectAddressHeadFree(gh);
2322  PASS;
2323 }
2324 
2325 /** \test recursion limit */
2326 static int AddressTestParse26(void)
2327 {
2328  DetectAddressHead *gh = DetectAddressHeadInit();
2329  FAIL_IF_NULL(gh);
2330  /* exactly 64: should pass */
2331  int r = DetectAddressParse(NULL, gh,
2332  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2333  "1.2.3.4"
2334  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2335  );
2336  FAIL_IF_NOT(r == 0);
2337  DetectAddressHeadFree(gh);
2338  gh = DetectAddressHeadInit();
2339  FAIL_IF_NULL(gh);
2340  /* exactly 65: should fail */
2341  r = DetectAddressParse(NULL, gh,
2342  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2343  "1.2.3.4"
2344  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2345  );
2346  FAIL_IF(r == 0);
2347  DetectAddressHeadFree(gh);
2348  PASS;
2349 }
2350 
2351 static int AddressTestParse27(void)
2352 {
2353  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2354 
2355  if (dd) {
2356  DetectAddressFree(dd);
2357  return 1;
2358  }
2359 
2360  return 0;
2361 }
2362 
2363 static int AddressTestParse28(void)
2364 {
2365  int result = 0;
2366  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2367 
2368  if (dd) {
2369  if (dd->flags & ADDRESS_FLAG_NOT &&
2370  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2371  result = 1;
2372  }
2373 
2374  DetectAddressFree(dd);
2375  return result;
2376  }
2377 
2378  return 0;
2379 }
2380 
2381 static int AddressTestParse29(void)
2382 {
2383  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2384 
2385  if (dd) {
2386  DetectAddressFree(dd);
2387  return 1;
2388  }
2389 
2390  return 0;
2391 }
2392 
2393 static int AddressTestParse30(void)
2394 {
2395  int result = 0;
2396  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2397 
2398  if (dd) {
2399  if (dd->flags & ADDRESS_FLAG_NOT &&
2400  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2401  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2402  result = 1;
2403  }
2404 
2405  DetectAddressFree(dd);
2406  return result;
2407  }
2408 
2409  return 0;
2410 }
2411 
2412 /**
2413  * \test make sure !any is rejected
2414  */
2415 static int AddressTestParse31(void)
2416 {
2417  DetectAddress *dd = DetectAddressParseSingle("!any");
2418 
2419  if (dd) {
2420  DetectAddressFree(dd);
2421  return 0;
2422  }
2423 
2424  return 1;
2425 }
2426 
2427 static int AddressTestParse32(void)
2428 {
2429  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2430 
2431  if (dd) {
2432  DetectAddressFree(dd);
2433  return 1;
2434  }
2435 
2436  return 0;
2437 }
2438 
2439 static int AddressTestParse33(void)
2440 {
2441  int result = 0;
2442  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2443 
2444  if (dd) {
2445  if (dd->flags & ADDRESS_FLAG_NOT &&
2446  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2447  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2448  result = 1;
2449  }
2450 
2451  DetectAddressFree(dd);
2452  return result;
2453  }
2454 
2455  return 0;
2456 }
2457 
2458 static int AddressTestParse34(void)
2459 {
2460  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2461 
2462  if (dd) {
2463  DetectAddressFree(dd);
2464  return 1;
2465  }
2466 
2467  return 0;
2468 }
2469 
2470 static int AddressTestParse35(void)
2471 {
2472  int result = 0;
2473  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2474 
2475  if (dd) {
2476  if (dd->flags & ADDRESS_FLAG_NOT &&
2477  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2478  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2479 
2480  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2481  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2482  result = 1;
2483  }
2484 
2485  DetectAddressFree(dd);
2486  return result;
2487  }
2488 
2489  return 0;
2490 }
2491 
2492 static int AddressTestParse36(void)
2493 {
2494  int result = 1;
2495  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2496 
2497  if (dd) {
2498  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2499  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2500 
2501  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2502  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2503 
2504  DetectAddressPrint(dd);
2505  result = 0;
2506  }
2507  DetectAddressPrint(dd);
2508 
2509  DetectAddressFree(dd);
2510  return result;
2511  }
2512 
2513  return 0;
2514 }
2515 
2516 static int AddressTestParse37(void)
2517 {
2518  int result = 1;
2519  DetectAddress *dd = DetectAddressParseSingle("::/0");
2520 
2521  if (dd) {
2522  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2523  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2524 
2525  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2526  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2527  DetectAddressPrint(dd);
2528  result = 0;
2529  }
2530  DetectAddressPrint(dd);
2531 
2532  DetectAddressFree(dd);
2533  return result;
2534  }
2535 
2536  return 0;
2537 }
2538 
2539 static int AddressTestMatch01(void)
2540 {
2541  DetectAddress *dd = NULL;
2542  int result = 1;
2543  struct in_addr in;
2544  Address a;
2545 
2546  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2547  return 0;
2548  memset(&a, 0, sizeof(Address));
2549  a.family = AF_INET;
2550  a.addr_data32[0] = in.s_addr;
2551 
2552  dd = DetectAddressParseSingle("1.2.3.4/24");
2553  if (dd) {
2554  if (DetectAddressMatch(dd, &a) == 0)
2555  result = 0;
2556 
2557  DetectAddressFree(dd);
2558  return result;
2559  }
2560 
2561  return 0;
2562 }
2563 
2564 static int AddressTestMatch02(void)
2565 {
2566  DetectAddress *dd = NULL;
2567  int result = 1;
2568  struct in_addr in;
2569  Address a;
2570 
2571  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2572  return 0;
2573  memset(&a, 0, sizeof(Address));
2574  a.family = AF_INET;
2575  a.addr_data32[0] = in.s_addr;
2576 
2577  dd = DetectAddressParseSingle("1.2.3.4/25");
2578  if (dd) {
2579  if (DetectAddressMatch(dd, &a) == 0)
2580  result = 0;
2581 
2582  DetectAddressFree(dd);
2583  return result;
2584  }
2585 
2586  return 0;
2587 }
2588 
2589 static int AddressTestMatch03(void)
2590 {
2591  DetectAddress *dd = NULL;
2592  int result = 1;
2593  struct in_addr in;
2594  Address a;
2595 
2596  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2597  return 0;
2598  memset(&a, 0, sizeof(Address));
2599  a.family = AF_INET;
2600  a.addr_data32[0] = in.s_addr;
2601 
2602  dd = DetectAddressParseSingle("1.2.3.4/25");
2603  if (dd) {
2604  if (DetectAddressMatch(dd, &a) == 1)
2605  result = 0;
2606 
2607  DetectAddressFree(dd);
2608  return result;
2609  }
2610 
2611  return 0;
2612 }
2613 
2614 static int AddressTestMatch04(void)
2615 {
2616  DetectAddress *dd = NULL;
2617  int result = 1;
2618  struct in_addr in;
2619  Address a;
2620 
2621  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2622  return 0;
2623  memset(&a, 0, sizeof(Address));
2624  a.family = AF_INET;
2625  a.addr_data32[0] = in.s_addr;
2626 
2627  dd = DetectAddressParseSingle("1.2.3.4/25");
2628  if (dd) {
2629  if (DetectAddressMatch(dd, &a) == 1)
2630  result = 0;
2631 
2632  DetectAddressFree(dd);
2633  return result;
2634  }
2635 
2636  return 0;
2637 }
2638 
2639 static int AddressTestMatch05(void)
2640 {
2641  DetectAddress *dd = NULL;
2642  int result = 1;
2643  struct in_addr in;
2644  Address a;
2645 
2646  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2647  return 0;
2648  memset(&a, 0, sizeof(Address));
2649  a.family = AF_INET;
2650  a.addr_data32[0] = in.s_addr;
2651 
2652  dd = DetectAddressParseSingle("1.2.3.4/32");
2653  if (dd) {
2654  if (DetectAddressMatch(dd, &a) == 0)
2655  result = 0;
2656 
2657  DetectAddressFree(dd);
2658  return result;
2659  }
2660 
2661  return 0;
2662 }
2663 
2664 static int AddressTestMatch06(void)
2665 {
2666  DetectAddress *dd = NULL;
2667  int result = 1;
2668  struct in_addr in;
2669  Address a;
2670 
2671  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2672  return 0;
2673  memset(&a, 0, sizeof(Address));
2674  a.family = AF_INET;
2675  a.addr_data32[0] = in.s_addr;
2676 
2677  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2678  if (dd) {
2679  if (DetectAddressMatch(dd, &a) == 0)
2680  result = 0;
2681 
2682  DetectAddressFree(dd);
2683  return result;
2684  }
2685 
2686  return 0;
2687 }
2688 
2689 static int AddressTestMatch07(void)
2690 {
2691  DetectAddress *dd = NULL;
2692  int result = 1;
2693  struct in6_addr in6;
2694  Address a;
2695 
2696  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2697  return 0;
2698  memset(&a, 0, sizeof(Address));
2699  a.family = AF_INET6;
2700  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2701 
2702  dd = DetectAddressParseSingle("2001::/3");
2703  if (dd) {
2704  if (DetectAddressMatch(dd, &a) == 0)
2705  result = 0;
2706 
2707  DetectAddressFree(dd);
2708  return result;
2709  }
2710 
2711  return 0;
2712 }
2713 
2714 static int AddressTestMatch08(void)
2715 {
2716  DetectAddress *dd = NULL;
2717  int result = 1;
2718  struct in6_addr in6;
2719  Address a;
2720 
2721  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2722  return 0;
2723  memset(&a, 0, sizeof(Address));
2724  a.family = AF_INET6;
2725  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2726 
2727  dd = DetectAddressParseSingle("2001::/3");
2728  if (dd) {
2729  if (DetectAddressMatch(dd, &a) == 1)
2730  result = 0;
2731 
2732  DetectAddressFree(dd);
2733  return result;
2734  }
2735 
2736  return 0;
2737 }
2738 
2739 static int AddressTestMatch09(void)
2740 {
2741  DetectAddress *dd = NULL;
2742  int result = 1;
2743  struct in6_addr in6;
2744  Address a;
2745 
2746  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2747  return 0;
2748  memset(&a, 0, sizeof(Address));
2749  a.family = AF_INET6;
2750  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2751 
2752  dd = DetectAddressParseSingle("2001::1/128");
2753  if (dd) {
2754  if (DetectAddressMatch(dd, &a) == 1)
2755  result = 0;
2756 
2757  DetectAddressFree(dd);
2758  return result;
2759  }
2760 
2761  return 0;
2762 }
2763 
2764 static int AddressTestMatch10(void)
2765 {
2766  DetectAddress *dd = NULL;
2767  int result = 1;
2768  struct in6_addr in6;
2769  Address a;
2770 
2771  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2772  return 0;
2773  memset(&a, 0, sizeof(Address));
2774  a.family = AF_INET6;
2775  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2776 
2777  dd = DetectAddressParseSingle("2001::1/126");
2778  if (dd) {
2779  if (DetectAddressMatch(dd, &a) == 0)
2780  result = 0;
2781 
2782  DetectAddressFree(dd);
2783  return result;
2784  }
2785 
2786  return 0;
2787 }
2788 
2789 static int AddressTestMatch11(void)
2790 {
2791  DetectAddress *dd = NULL;
2792  int result = 1;
2793  struct in6_addr in6;
2794  Address a;
2795 
2796  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2797  return 0;
2798  memset(&a, 0, sizeof(Address));
2799  a.family = AF_INET6;
2800  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2801 
2802  dd = DetectAddressParseSingle("2001::1/127");
2803  if (dd) {
2804  if (DetectAddressMatch(dd, &a) == 1)
2805  result = 0;
2806 
2807  DetectAddressFree(dd);
2808  return result;
2809  }
2810 
2811  return 0;
2812 }
2813 
2814 static int AddressTestCmp01(void)
2815 {
2816  DetectAddress *da = NULL, *db = NULL;
2817  int result = 1;
2818 
2819  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2820  if (da == NULL) goto error;
2821  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2822  if (db == NULL) goto error;
2823 
2824  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2825  result = 0;
2826 
2827  DetectAddressFree(da);
2828  DetectAddressFree(db);
2829  return result;
2830 
2831 error:
2832  if (da) DetectAddressFree(da);
2833  if (db) DetectAddressFree(db);
2834  return 0;
2835 }
2836 
2837 static int AddressTestCmp02(void)
2838 {
2839  DetectAddress *da = NULL, *db = NULL;
2840  int result = 1;
2841 
2842  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2843  if (da == NULL) goto error;
2844  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2845  if (db == NULL) goto error;
2846 
2847  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2848  result = 0;
2849 
2850  DetectAddressFree(da);
2851  DetectAddressFree(db);
2852  return result;
2853 
2854 error:
2855  if (da) DetectAddressFree(da);
2856  if (db) DetectAddressFree(db);
2857  return 0;
2858 }
2859 
2860 static int AddressTestCmp03(void)
2861 {
2862  DetectAddress *da = NULL, *db = NULL;
2863  int result = 1;
2864 
2865  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2866  if (da == NULL) goto error;
2867  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2868  if (db == NULL) goto error;
2869 
2870  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2871  result = 0;
2872 
2873  DetectAddressFree(da);
2874  DetectAddressFree(db);
2875  return result;
2876 
2877 error:
2878  if (da) DetectAddressFree(da);
2879  if (db) DetectAddressFree(db);
2880  return 0;
2881 }
2882 
2883 static int AddressTestCmp04(void)
2884 {
2885  DetectAddress *da = NULL, *db = NULL;
2886  int result = 1;
2887 
2888  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2889  if (da == NULL) goto error;
2890  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2891  if (db == NULL) goto error;
2892 
2893  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2894  result = 0;
2895 
2896  DetectAddressFree(da);
2897  DetectAddressFree(db);
2898  return result;
2899 
2900 error:
2901  if (da) DetectAddressFree(da);
2902  if (db) DetectAddressFree(db);
2903  return 0;
2904 }
2905 
2906 static int AddressTestCmp05(void)
2907 {
2908  DetectAddress *da = NULL, *db = NULL;
2909  int result = 1;
2910 
2911  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2912  if (da == NULL) goto error;
2913  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2914  if (db == NULL) goto error;
2915 
2916  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2917  result = 0;
2918 
2919  DetectAddressFree(da);
2920  DetectAddressFree(db);
2921  return result;
2922 
2923 error:
2924  if (da) DetectAddressFree(da);
2925  if (db) DetectAddressFree(db);
2926  return 0;
2927 }
2928 
2929 static int AddressTestCmp06(void)
2930 {
2931  DetectAddress *da = NULL, *db = NULL;
2932  int result = 1;
2933 
2934  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2935  if (da == NULL) goto error;
2936  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2937  if (db == NULL) goto error;
2938 
2939  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2940  result = 0;
2941 
2942  DetectAddressFree(da);
2943  DetectAddressFree(db);
2944  return result;
2945 
2946 error:
2947  if (da) DetectAddressFree(da);
2948  if (db) DetectAddressFree(db);
2949  return 0;
2950 }
2951 
2952 static int AddressTestCmpIPv407(void)
2953 {
2954  DetectAddress *da = NULL, *db = NULL;
2955  int result = 1;
2956 
2957  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2958  if (da == NULL) goto error;
2959  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2960  if (db == NULL) goto error;
2961 
2962  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2963  result = 0;
2964 
2965  DetectAddressFree(da);
2966  DetectAddressFree(db);
2967  return result;
2968 
2969 error:
2970  if (da) DetectAddressFree(da);
2971  if (db) DetectAddressFree(db);
2972  return 0;
2973 }
2974 
2975 static int AddressTestCmpIPv408(void)
2976 {
2977  DetectAddress *da = NULL, *db = NULL;
2978  int result = 1;
2979 
2980  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2981  if (da == NULL) goto error;
2982  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2983  if (db == NULL) goto error;
2984 
2985  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2986  result = 0;
2987 
2988  DetectAddressFree(da);
2989  DetectAddressFree(db);
2990  return result;
2991 
2992 error:
2993  if (da) DetectAddressFree(da);
2994  if (db) DetectAddressFree(db);
2995  return 0;
2996 }
2997 
2998 static int AddressTestCmp07(void)
2999 {
3000  DetectAddress *da = NULL, *db = NULL;
3001  int result = 1;
3002 
3003  da = DetectAddressParseSingle("2001::/3");
3004  if (da == NULL) goto error;
3005  db = DetectAddressParseSingle("2001::1/3");
3006  if (db == NULL) goto error;
3007 
3008  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3009  result = 0;
3010 
3011  DetectAddressFree(da);
3012  DetectAddressFree(db);
3013  return result;
3014 
3015 error:
3016  if (da) DetectAddressFree(da);
3017  if (db) DetectAddressFree(db);
3018  return 0;
3019 }
3020 
3021 static int AddressTestCmp08(void)
3022 {
3023  DetectAddress *da = NULL, *db = NULL;
3024  int result = 1;
3025 
3026  da = DetectAddressParseSingle("2001::/3");
3027  if (da == NULL) goto error;
3028  db = DetectAddressParseSingle("2001::/8");
3029  if (db == NULL) goto error;
3030 
3031  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3032  result = 0;
3033 
3034  DetectAddressFree(da);
3035  DetectAddressFree(db);
3036  return result;
3037 
3038 error:
3039  if (da) DetectAddressFree(da);
3040  if (db) DetectAddressFree(db);
3041  return 0;
3042 }
3043 
3044 static int AddressTestCmp09(void)
3045 {
3046  DetectAddress *da = NULL, *db = NULL;
3047  int result = 1;
3048 
3049  da = DetectAddressParseSingle("2001::/8");
3050  if (da == NULL) goto error;
3051  db = DetectAddressParseSingle("2001::/3");
3052  if (db == NULL) goto error;
3053 
3054  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3055  result = 0;
3056 
3057  DetectAddressFree(da);
3058  DetectAddressFree(db);
3059  return result;
3060 
3061 error:
3062  if (da) DetectAddressFree(da);
3063  if (db) DetectAddressFree(db);
3064  return 0;
3065 }
3066 
3067 static int AddressTestCmp10(void)
3068 {
3069  DetectAddress *da = NULL, *db = NULL;
3070  int result = 1;
3071 
3072  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3073  if (da == NULL) goto error;
3074  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3075  if (db == NULL) goto error;
3076 
3077  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3078  result = 0;
3079 
3080  DetectAddressFree(da);
3081  DetectAddressFree(db);
3082  return result;
3083 
3084 error:
3085  if (da) DetectAddressFree(da);
3086  if (db) DetectAddressFree(db);
3087  return 0;
3088 }
3089 
3090 static int AddressTestCmp11(void)
3091 {
3092  DetectAddress *da = NULL, *db = NULL;
3093  int result = 1;
3094 
3095  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3096  if (da == NULL) goto error;
3097  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3098  if (db == NULL) goto error;
3099 
3100  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3101  result = 0;
3102 
3103  DetectAddressFree(da);
3104  DetectAddressFree(db);
3105  return result;
3106 
3107 error:
3108  if (da) DetectAddressFree(da);
3109  if (db) DetectAddressFree(db);
3110  return 0;
3111 }
3112 
3113 static int AddressTestCmp12(void)
3114 {
3115  DetectAddress *da = NULL, *db = NULL;
3116  int result = 1;
3117 
3118  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3119  if (da == NULL) goto error;
3120  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3121  if (db == NULL) goto error;
3122 
3123  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3124  result = 0;
3125 
3126  DetectAddressFree(da);
3127  DetectAddressFree(db);
3128  return result;
3129 
3130 error:
3131  if (da) DetectAddressFree(da);
3132  if (db) DetectAddressFree(db);
3133  return 0;
3134 }
3135 
3136 static int AddressTestAddressGroupSetup01(void)
3137 {
3138  int result = 0;
3139  DetectAddressHead *gh = DetectAddressHeadInit();
3140 
3141  if (gh != NULL) {
3142  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3143  if (r == 0)
3144  result = 1;
3145 
3146  DetectAddressHeadFree(gh);
3147  }
3148  return result;
3149 }
3150 
3151 static int AddressTestAddressGroupSetup02(void)
3152 {
3153  int result = 0;
3154  DetectAddressHead *gh = DetectAddressHeadInit();
3155 
3156  if (gh != NULL) {
3157  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3158  if (r == 0 && gh->ipv4_head != NULL)
3159  result = 1;
3160 
3161  DetectAddressHeadFree(gh);
3162  }
3163  return result;
3164 }
3165 
3166 static int AddressTestAddressGroupSetup03(void)
3167 {
3168  int result = 0;
3169  DetectAddressHead *gh = DetectAddressHeadInit();
3170 
3171  if (gh != NULL) {
3172  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3173  if (r == 0 && gh->ipv4_head != NULL) {
3174  DetectAddress *prev_head = gh->ipv4_head;
3175 
3176  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3177  if (r == 0 && gh->ipv4_head != prev_head &&
3178  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3179  result = 1;
3180  }
3181  }
3182 
3183  DetectAddressHeadFree(gh);
3184  }
3185  return result;
3186 }
3187 
3188 static int AddressTestAddressGroupSetup04(void)
3189 {
3190  int result = 0;
3191  DetectAddressHead *gh = DetectAddressHeadInit();
3192 
3193  if (gh != NULL) {
3194  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3195  if (r == 0 && gh->ipv4_head != NULL) {
3196  DetectAddress *prev_head = gh->ipv4_head;
3197 
3198  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3199  if (r == 0 && gh->ipv4_head != prev_head &&
3200  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3201  DetectAddress *ph = gh->ipv4_head;
3202 
3203  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3204  if (r == 0 && gh->ipv4_head != ph &&
3205  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3206  result = 1;
3207  }
3208  }
3209  }
3210 
3211  DetectAddressHeadFree(gh);
3212  }
3213  return result;
3214 }
3215 
3216 static int AddressTestAddressGroupSetup05(void)
3217 {
3218  int result = 0;
3219  DetectAddressHead *gh = DetectAddressHeadInit();
3220 
3221  if (gh != NULL) {
3222  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3223  if (r == 0 && gh->ipv4_head != NULL) {
3224  DetectAddress *prev_head = gh->ipv4_head;
3225 
3226  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3227  if (r == 0 && gh->ipv4_head == prev_head &&
3228  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3229  DetectAddress *ph = gh->ipv4_head;
3230 
3231  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3232  if (r == 0 && gh->ipv4_head == ph &&
3233  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3234  result = 1;
3235  }
3236  }
3237  }
3238 
3239  DetectAddressHeadFree(gh);
3240  }
3241  return result;
3242 }
3243 
3244 static int AddressTestAddressGroupSetup06(void)
3245 {
3246  int result = 0;
3247  DetectAddressHead *gh = DetectAddressHeadInit();
3248 
3249  if (gh != NULL) {
3250  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3251  if (r == 0 && gh->ipv4_head != NULL) {
3252  DetectAddress *prev_head = gh->ipv4_head;
3253 
3254  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3255  if (r == 0 && gh->ipv4_head == prev_head &&
3256  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3257  result = 1;
3258  }
3259  }
3260 
3261  DetectAddressHeadFree(gh);
3262  }
3263  return result;
3264 }
3265 
3266 static int AddressTestAddressGroupSetup07(void)
3267 {
3268  int result = 0;
3269  DetectAddressHead *gh = DetectAddressHeadInit();
3270 
3271  if (gh != NULL) {
3272  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3273  if (r == 0 && gh->ipv4_head != NULL) {
3274  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3275  if (r == 0 && gh->ipv4_head != NULL &&
3276  gh->ipv4_head->next != NULL &&
3277  gh->ipv4_head->next->next != NULL) {
3278  result = 1;
3279  }
3280  }
3281 
3282  DetectAddressHeadFree(gh);
3283  }
3284  return result;
3285 }
3286 
3287 static int AddressTestAddressGroupSetup08(void)
3288 {
3289  int result = 0;
3290  DetectAddressHead *gh = DetectAddressHeadInit();
3291 
3292  if (gh != NULL) {
3293  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3294  if (r == 0 && gh->ipv4_head != NULL) {
3295  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3296  if (r == 0 && gh->ipv4_head != NULL &&
3297  gh->ipv4_head->next != NULL &&
3298  gh->ipv4_head->next->next != NULL) {
3299  result = 1;
3300  }
3301  }
3302 
3303  DetectAddressHeadFree(gh);
3304  }
3305  return result;
3306 }
3307 
3308 static int AddressTestAddressGroupSetup09(void)
3309 {
3310  int result = 0;
3311  DetectAddressHead *gh = DetectAddressHeadInit();
3312 
3313  if (gh != NULL) {
3314  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3315  if (r == 0 && gh->ipv4_head != NULL) {
3316  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3317  if (r == 0 && gh->ipv4_head != NULL &&
3318  gh->ipv4_head->next != NULL &&
3319  gh->ipv4_head->next->next != NULL) {
3320  result = 1;
3321  }
3322  }
3323 
3324  DetectAddressHeadFree(gh);
3325  }
3326  return result;
3327 }
3328 
3329 static int AddressTestAddressGroupSetup10(void)
3330 {
3331  int result = 0;
3332  DetectAddressHead *gh = DetectAddressHeadInit();
3333 
3334  if (gh != NULL) {
3335  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3336  if (r == 0 && gh->ipv4_head != NULL) {
3337  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3338  if (r == 0 && gh->ipv4_head != NULL &&
3339  gh->ipv4_head->next != NULL &&
3340  gh->ipv4_head->next->next != NULL) {
3341  result = 1;
3342  }
3343  }
3344 
3345  DetectAddressHeadFree(gh);
3346  }
3347  return result;
3348 }
3349 
3350 static int AddressTestAddressGroupSetup11(void)
3351 {
3352  int result = 0;
3353  DetectAddressHead *gh = DetectAddressHeadInit();
3354 
3355  if (gh != NULL) {
3356  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3357  if (r == 0) {
3358  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3359  if (r == 0) {
3360  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3361  if (r == 0) {
3362  DetectAddress *one = gh->ipv4_head, *two = one->next,
3363  *three = two->next, *four = three->next,
3364  *five = four->next;
3365 
3366  /* result should be:
3367  * 0.0.0.0/10.10.9.255
3368  * 10.10.10.0/10.10.10.9
3369  * 10.10.10.10/10.10.10.255
3370  * 10.10.11.0/10.10.11.1
3371  * 10.10.11.2/255.255.255.255
3372  */
3373  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3374  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3375  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3376  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3377  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3378  result = 1;
3379  }
3380  }
3381  }
3382  }
3383 
3384  DetectAddressHeadFree(gh);
3385  }
3386  return result;
3387 }
3388 
3389 static int AddressTestAddressGroupSetup12 (void)
3390 {
3391  int result = 0;
3392  DetectAddressHead *gh = DetectAddressHeadInit();
3393 
3394  if (gh != NULL) {
3395  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3396  if (r == 0) {
3397  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3398  if (r == 0) {
3399  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3400  if (r == 0) {
3401  DetectAddress *one = gh->ipv4_head, *two = one->next,
3402  *three = two->next, *four = three->next,
3403  *five = four->next;
3404 
3405  /* result should be:
3406  * 0.0.0.0/10.10.9.255
3407  * 10.10.10.0/10.10.10.9
3408  * 10.10.10.10/10.10.10.255
3409  * 10.10.11.0/10.10.11.1
3410  * 10.10.11.2/255.255.255.255
3411  */
3412  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3413  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3414  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3415  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3416  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3417  result = 1;
3418  }
3419  }
3420  }
3421  }
3422 
3423  DetectAddressHeadFree(gh);
3424  }
3425  return result;
3426 }
3427 
3428 static int AddressTestAddressGroupSetup13(void)
3429 {
3430  int result = 0;
3431  DetectAddressHead *gh = DetectAddressHeadInit();
3432 
3433  if (gh != NULL) {
3434  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3435  if (r == 0) {
3436  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3437  if (r == 0) {
3438  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3439  if (r == 0) {
3440  DetectAddress *one = gh->ipv4_head, *two = one->next,
3441  *three = two->next, *four = three->next,
3442  *five = four->next;
3443 
3444  /* result should be:
3445  * 0.0.0.0/10.10.9.255
3446  * 10.10.10.0/10.10.10.9
3447  * 10.10.10.10/10.10.10.255
3448  * 10.10.11.0/10.10.11.1
3449  * 10.10.11.2/255.255.255.255
3450  */
3451  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3452  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3453  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3454  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3455  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3456  result = 1;
3457  }
3458  }
3459  }
3460  }
3461 
3462  DetectAddressHeadFree(gh);
3463  }
3464  return result;
3465 }
3466 
3467 static int AddressTestAddressGroupSetupIPv414(void)
3468 {
3469  DetectAddressHead *gh = DetectAddressHeadInit();
3470  FAIL_IF_NULL(gh);
3471 
3472  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3473  FAIL_IF_NOT(r == 1);
3474 
3475  DetectAddress *one = gh->ipv4_head;
3476  FAIL_IF_NULL(one);
3477  DetectAddress *two = one->next;
3478  FAIL_IF_NULL(two);
3479 
3480  /* result should be:
3481  * 0.0.0.0/1.2.3.3
3482  * 1.2.3.5/255.255.255.255
3483  */
3484  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3485  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3486  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3487  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3488  DetectAddressHeadFree(gh);
3489 
3490  PASS;
3491 }
3492 
3493 static int AddressTestAddressGroupSetupIPv415(void)
3494 {
3495  DetectAddressHead *gh = DetectAddressHeadInit();
3496  FAIL_IF_NULL(gh);
3497 
3498  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3499  FAIL_IF_NOT(r == 1);
3500 
3501  DetectAddress *one = gh->ipv4_head;
3502  FAIL_IF_NULL(one);
3503  FAIL_IF_NOT_NULL(one->next);
3504 
3505  /* result should be:
3506  * 0.0.0.1/255.255.255.255
3507  */
3508  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3509  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3510 
3511  DetectAddressHeadFree(gh);
3512  PASS;
3513 }
3514 
3515 static int AddressTestAddressGroupSetupIPv416(void)
3516 {
3517  DetectAddressHead *gh = DetectAddressHeadInit();
3518  FAIL_IF_NULL(gh);
3519 
3520  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3521  FAIL_IF_NOT(r == 1);
3522 
3523  DetectAddress *one = gh->ipv4_head;
3524  FAIL_IF_NULL(one);
3525  FAIL_IF_NOT_NULL(one->next);
3526 
3527  /* result should be:
3528  * 0.0.0.0/255.255.255.254
3529  */
3530  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3531  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3532 
3533  DetectAddressHeadFree(gh);
3534  PASS;
3535 }
3536 
3537 static int AddressTestAddressGroupSetup14(void)
3538 {
3539  int result = 0;
3540  DetectAddressHead *gh = DetectAddressHeadInit();
3541 
3542  if (gh != NULL) {
3543  int r = DetectAddressParse(NULL, gh, "2001::1");
3544  if (r == 0)
3545  result = 1;
3546 
3547  DetectAddressHeadFree(gh);
3548  }
3549  return result;
3550 }
3551 
3552 static int AddressTestAddressGroupSetup15(void)
3553 {
3554  int result = 0;
3555  DetectAddressHead *gh = DetectAddressHeadInit();
3556 
3557  if (gh != NULL) {
3558  int r = DetectAddressParse(NULL, gh, "2001::1");
3559  if (r == 0 && gh->ipv6_head != NULL)
3560  result = 1;
3561 
3562  DetectAddressHeadFree(gh);
3563  }
3564  return result;
3565 }
3566 
3567 static int AddressTestAddressGroupSetup16(void)
3568 {
3569  int result = 0;
3570  DetectAddressHead *gh = DetectAddressHeadInit();
3571 
3572  if (gh != NULL) {
3573  int r = DetectAddressParse(NULL, gh, "2001::4");
3574  if (r == 0 && gh->ipv6_head != NULL) {
3575  DetectAddress *prev_head = gh->ipv6_head;
3576 
3577  r = DetectAddressParse(NULL, gh, "2001::3");
3578  if (r == 0 && gh->ipv6_head != prev_head &&
3579  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3580  result = 1;
3581  }
3582  }
3583 
3584  DetectAddressHeadFree(gh);
3585  }
3586  return result;
3587 }
3588 
3589 static int AddressTestAddressGroupSetup17(void)
3590 {
3591  int result = 0;
3592  DetectAddressHead *gh = DetectAddressHeadInit();
3593 
3594  if (gh != NULL) {
3595  int r = DetectAddressParse(NULL, gh, "2001::4");
3596  if (r == 0 && gh->ipv6_head != NULL) {
3597  DetectAddress *prev_head = gh->ipv6_head;
3598 
3599  r = DetectAddressParse(NULL, gh, "2001::3");
3600  if (r == 0 && gh->ipv6_head != prev_head &&
3601  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3602  DetectAddress *ph = gh->ipv6_head;
3603 
3604  r = DetectAddressParse(NULL, gh, "2001::2");
3605  if (r == 0 && gh->ipv6_head != ph &&
3606  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3607  result = 1;
3608  }
3609  }
3610  }
3611 
3612  DetectAddressHeadFree(gh);
3613  }
3614  return result;
3615 }
3616 
3617 static int AddressTestAddressGroupSetup18(void)
3618 {
3619  int result = 0;
3620  DetectAddressHead *gh = DetectAddressHeadInit();
3621 
3622  if (gh != NULL) {
3623  int r = DetectAddressParse(NULL, gh, "2001::2");
3624  if (r == 0 && gh->ipv6_head != NULL) {
3625  DetectAddress *prev_head = gh->ipv6_head;
3626 
3627  r = DetectAddressParse(NULL, gh, "2001::3");
3628  if (r == 0 && gh->ipv6_head == prev_head &&
3629  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3630  DetectAddress *ph = gh->ipv6_head;
3631 
3632  r = DetectAddressParse(NULL, gh, "2001::4");
3633  if (r == 0 && gh->ipv6_head == ph &&
3634  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3635  result = 1;
3636  }
3637  }
3638  }
3639 
3640  DetectAddressHeadFree(gh);
3641  }
3642  return result;
3643 }
3644 
3645 static int AddressTestAddressGroupSetup19(void)
3646 {
3647  int result = 0;
3648  DetectAddressHead *gh = DetectAddressHeadInit();
3649 
3650  if (gh != NULL) {
3651  int r = DetectAddressParse(NULL, gh, "2001::2");
3652  if (r == 0 && gh->ipv6_head != NULL) {
3653  DetectAddress *prev_head = gh->ipv6_head;
3654 
3655  r = DetectAddressParse(NULL, gh, "2001::2");
3656  if (r == 0 && gh->ipv6_head == prev_head &&
3657  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3658  result = 1;
3659  }
3660  }
3661 
3662  DetectAddressHeadFree(gh);
3663  }
3664  return result;
3665 }
3666 
3667 static int AddressTestAddressGroupSetup20(void)
3668 {
3669  int result = 0;
3670  DetectAddressHead *gh = DetectAddressHeadInit();
3671 
3672  if (gh != NULL) {
3673  int r = DetectAddressParse(NULL, gh, "2000::/3");
3674  if (r == 0 && gh->ipv6_head != NULL) {
3675  r = DetectAddressParse(NULL, gh, "2001::4");
3676  if (r == 0 && gh->ipv6_head != NULL &&
3677  gh->ipv6_head->next != NULL &&
3678  gh->ipv6_head->next->next != NULL) {
3679  result = 1;
3680  }
3681  }
3682 
3683  DetectAddressHeadFree(gh);
3684  }
3685  return result;
3686 }
3687 
3688 static int AddressTestAddressGroupSetup21(void)
3689 {
3690  int result = 0;
3691  DetectAddressHead *gh = DetectAddressHeadInit();
3692 
3693  if (gh != NULL) {
3694  int r = DetectAddressParse(NULL, gh, "2001::4");
3695  if (r == 0 && gh->ipv6_head != NULL) {
3696  r = DetectAddressParse(NULL, gh, "2000::/3");
3697  if (r == 0 && gh->ipv6_head != NULL &&
3698  gh->ipv6_head->next != NULL &&
3699  gh->ipv6_head->next->next != NULL) {
3700  result = 1;
3701  }
3702  }
3703 
3704  DetectAddressHeadFree(gh);
3705  }
3706  return result;
3707 }
3708 
3709 static int AddressTestAddressGroupSetup22(void)
3710 {
3711  int result = 0;
3712  DetectAddressHead *gh = DetectAddressHeadInit();
3713 
3714  if (gh != NULL) {
3715  int r = DetectAddressParse(NULL, gh, "2000::/3");
3716  if (r == 0 && gh->ipv6_head != NULL) {
3717  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3718  if (r == 0 && gh->ipv6_head != NULL &&
3719  gh->ipv6_head->next != NULL &&
3720  gh->ipv6_head->next->next != NULL) {
3721  result = 1;
3722  }
3723  }
3724 
3725  DetectAddressHeadFree(gh);
3726  }
3727  return result;
3728 }
3729 
3730 static int AddressTestAddressGroupSetup23(void)
3731 {
3732  int result = 0;
3733  DetectAddressHead *gh = DetectAddressHeadInit();
3734 
3735  if (gh != NULL) {
3736  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3737  if (r == 0 && gh->ipv6_head != NULL) {
3738  r = DetectAddressParse(NULL, gh, "2000::/3");
3739  if (r == 0 && gh->ipv6_head != NULL &&
3740  gh->ipv6_head->next != NULL &&
3741  gh->ipv6_head->next->next != NULL) {
3742  result = 1;
3743  }
3744  }
3745 
3746  DetectAddressHeadFree(gh);
3747  }
3748  return result;
3749 }
3750 
3751 static int AddressTestAddressGroupSetup24(void)
3752 {
3753  int result = 0;
3754  DetectAddressHead *gh = DetectAddressHeadInit();
3755 
3756  if (gh != NULL) {
3757  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3758  if (r == 0) {
3759  r = DetectAddressParse(NULL, gh, "2001::/3");
3760  if (r == 0) {
3761  r = DetectAddressParse(NULL, gh, "::/0");
3762  if (r == 0) {
3763  DetectAddress *one = gh->ipv6_head, *two = one->next,
3764  *three = two->next, *four = three->next,
3765  *five = four->next;
3766  if (one->ip.addr_data32[0] == 0x00000000 &&
3767  one->ip.addr_data32[1] == 0x00000000 &&
3768  one->ip.addr_data32[2] == 0x00000000 &&
3769  one->ip.addr_data32[3] == 0x00000000 &&
3770  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3771  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3772  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3773  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3774 
3775  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3776  two->ip.addr_data32[1] == 0x00000000 &&
3777  two->ip.addr_data32[2] == 0x00000000 &&
3778  two->ip.addr_data32[3] == 0x00000000 &&
3779  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3780  two->ip2.addr_data32[1] == 0x00000000 &&
3781  two->ip2.addr_data32[2] == 0x00000000 &&
3782  two->ip2.addr_data32[3] == SCNtohl(3) &&
3783 
3784  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3785  three->ip.addr_data32[1] == 0x00000000 &&
3786  three->ip.addr_data32[2] == 0x00000000 &&
3787  three->ip.addr_data32[3] == SCNtohl(4) &&
3788  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3789  three->ip2.addr_data32[1] == 0x00000000 &&
3790  three->ip2.addr_data32[2] == 0x00000000 &&
3791  three->ip2.addr_data32[3] == SCNtohl(6) &&
3792 
3793  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3794  four->ip.addr_data32[1] == 0x00000000 &&
3795  four->ip.addr_data32[2] == 0x00000000 &&
3796  four->ip.addr_data32[3] == SCNtohl(7) &&
3797  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3798  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3799  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3800  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3801 
3802  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3803  five->ip.addr_data32[1] == 0x00000000 &&
3804  five->ip.addr_data32[2] == 0x00000000 &&
3805  five->ip.addr_data32[3] == 0x00000000 &&
3806  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3807  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3808  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3809  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3810  result = 1;
3811  }
3812  }
3813  }
3814  }
3815 
3816  DetectAddressHeadFree(gh);
3817  }
3818  return result;
3819 }
3820 
3821 static int AddressTestAddressGroupSetup25(void)
3822 {
3823  int result = 0;
3824  DetectAddressHead *gh = DetectAddressHeadInit();
3825 
3826  if (gh != NULL) {
3827  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3828  if (r == 0) {
3829  r = DetectAddressParse(NULL, gh, "::/0");
3830  if (r == 0) {
3831  r = DetectAddressParse(NULL, gh, "2001::/3");
3832  if (r == 0) {
3833  DetectAddress *one = gh->ipv6_head, *two = one->next,
3834  *three = two->next, *four = three->next,
3835  *five = four->next;
3836  if (one->ip.addr_data32[0] == 0x00000000 &&
3837  one->ip.addr_data32[1] == 0x00000000 &&
3838  one->ip.addr_data32[2] == 0x00000000 &&
3839  one->ip.addr_data32[3] == 0x00000000 &&
3840  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3841  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3842  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3843  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3844 
3845  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3846  two->ip.addr_data32[1] == 0x00000000 &&
3847  two->ip.addr_data32[2] == 0x00000000 &&
3848  two->ip.addr_data32[3] == 0x00000000 &&
3849  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3850  two->ip2.addr_data32[1] == 0x00000000 &&
3851  two->ip2.addr_data32[2] == 0x00000000 &&
3852  two->ip2.addr_data32[3] == SCNtohl(3) &&
3853 
3854  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3855  three->ip.addr_data32[1] == 0x00000000 &&
3856  three->ip.addr_data32[2] == 0x00000000 &&
3857  three->ip.addr_data32[3] == SCNtohl(4) &&
3858  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3859  three->ip2.addr_data32[1] == 0x00000000 &&
3860  three->ip2.addr_data32[2] == 0x00000000 &&
3861  three->ip2.addr_data32[3] == SCNtohl(6) &&
3862 
3863  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3864  four->ip.addr_data32[1] == 0x00000000 &&
3865  four->ip.addr_data32[2] == 0x00000000 &&
3866  four->ip.addr_data32[3] == SCNtohl(7) &&
3867  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3868  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3869  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3870  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3871 
3872  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3873  five->ip.addr_data32[1] == 0x00000000 &&
3874  five->ip.addr_data32[2] == 0x00000000 &&
3875  five->ip.addr_data32[3] == 0x00000000 &&
3876  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3877  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3878  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3879  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3880  result = 1;
3881  }
3882  }
3883  }
3884  }
3885 
3886  DetectAddressHeadFree(gh);
3887  }
3888  return result;
3889 }
3890 
3891 static int AddressTestAddressGroupSetup26(void)
3892 {
3893  int result = 0;
3894  DetectAddressHead *gh = DetectAddressHeadInit();
3895 
3896  if (gh != NULL) {
3897  int r = DetectAddressParse(NULL, gh, "::/0");
3898  if (r == 0) {
3899  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3900  if (r == 0) {
3901  r = DetectAddressParse(NULL, gh, "2001::/3");
3902  if (r == 0) {
3903  DetectAddress *one = gh->ipv6_head, *two = one->next,
3904  *three = two->next, *four = three->next,
3905  *five = four->next;
3906  if (one->ip.addr_data32[0] == 0x00000000 &&
3907  one->ip.addr_data32[1] == 0x00000000 &&
3908  one->ip.addr_data32[2] == 0x00000000 &&
3909  one->ip.addr_data32[3] == 0x00000000 &&
3910  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3911  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3912  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3913  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3914 
3915  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3916  two->ip.addr_data32[1] == 0x00000000 &&
3917  two->ip.addr_data32[2] == 0x00000000 &&
3918  two->ip.addr_data32[3] == 0x00000000 &&
3919  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3920  two->ip2.addr_data32[1] == 0x00000000 &&
3921  two->ip2.addr_data32[2] == 0x00000000 &&
3922  two->ip2.addr_data32[3] == SCNtohl(3) &&
3923 
3924  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3925  three->ip.addr_data32[1] == 0x00000000 &&
3926  three->ip.addr_data32[2] == 0x00000000 &&
3927  three->ip.addr_data32[3] == SCNtohl(4) &&
3928  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3929  three->ip2.addr_data32[1] == 0x00000000 &&
3930  three->ip2.addr_data32[2] == 0x00000000 &&
3931  three->ip2.addr_data32[3] == SCNtohl(6) &&
3932 
3933  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3934  four->ip.addr_data32[1] == 0x00000000 &&
3935  four->ip.addr_data32[2] == 0x00000000 &&
3936  four->ip.addr_data32[3] == SCNtohl(7) &&
3937  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3938  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3939  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3940  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3941 
3942  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3943  five->ip.addr_data32[1] == 0x00000000 &&
3944  five->ip.addr_data32[2] == 0x00000000 &&
3945  five->ip.addr_data32[3] == 0x00000000 &&
3946  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3947  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3948  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3949  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3950  result = 1;
3951  }
3952  }
3953  }
3954  }
3955 
3956  DetectAddressHeadFree(gh);
3957  }
3958  return result;
3959 }
3960 
3961 static int AddressTestAddressGroupSetup27(void)
3962 {
3963  int result = 0;
3964  DetectAddressHead *gh = DetectAddressHeadInit();
3965 
3966  if (gh != NULL) {
3967  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3968  if (r == 0)
3969  result = 1;
3970 
3971  DetectAddressHeadFree(gh);
3972  }
3973  return result;
3974 }
3975 
3976 static int AddressTestAddressGroupSetup28(void)
3977 {
3978  int result = 0;
3979  DetectAddressHead *gh = DetectAddressHeadInit();
3980 
3981  if (gh != NULL) {
3982  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3983  if (r == 0)
3984  result = 1;
3985 
3986  DetectAddressHeadFree(gh);
3987  }
3988  return result;
3989 }
3990 
3991 static int AddressTestAddressGroupSetup29(void)
3992 {
3993  int result = 0;
3994  DetectAddressHead *gh = DetectAddressHeadInit();
3995 
3996  if (gh != NULL) {
3997  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3998  if (r == 0)
3999  result = 1;
4000 
4001  DetectAddressHeadFree(gh);
4002  }
4003  return result;
4004 }
4005 
4006 static int AddressTestAddressGroupSetup30(void)
4007 {
4008  int result = 0;
4009  DetectAddressHead *gh = DetectAddressHeadInit();
4010 
4011  if (gh != NULL) {
4012  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4013  if (r == 0)
4014  result = 1;
4015 
4016  DetectAddressHeadFree(gh);
4017  }
4018  return result;
4019 }
4020 
4021 static int AddressTestAddressGroupSetup31(void)
4022 {
4023  int result = 0;
4024  DetectAddressHead *gh = DetectAddressHeadInit();
4025 
4026  if (gh != NULL) {
4027  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4028  if (r == 0)
4029  result = 1;
4030 
4031  DetectAddressHeadFree(gh);
4032  }
4033  return result;
4034 }
4035 
4036 static int AddressTestAddressGroupSetup32(void)
4037 {
4038  int result = 0;
4039  DetectAddressHead *gh = DetectAddressHeadInit();
4040 
4041  if (gh != NULL) {
4042  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4043  if (r == 0)
4044  result = 1;
4045 
4046  DetectAddressHeadFree(gh);
4047  }
4048  return result;
4049 }
4050 
4051 static int AddressTestAddressGroupSetup33(void)
4052 {
4053  int result = 0;
4054  DetectAddressHead *gh = DetectAddressHeadInit();
4055 
4056  if (gh != NULL) {
4057  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4058  if (r == 1)
4059  result = 1;
4060 
4061  DetectAddressHeadFree(gh);
4062  }
4063  return result;
4064 }
4065 
4066 static int AddressTestAddressGroupSetup34(void)
4067 {
4068  int result = 0;
4069  DetectAddressHead *gh = DetectAddressHeadInit();
4070 
4071  if (gh != NULL) {
4072  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4073  if (r == 1)
4074  result = 1;
4075 
4076  DetectAddressHeadFree(gh);
4077  }
4078  return result;
4079 }
4080 
4081 static int AddressTestAddressGroupSetup35(void)
4082 {
4083  int result = 0;
4084  DetectAddressHead *gh = DetectAddressHeadInit();
4085 
4086  if (gh != NULL) {
4087  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4088  if (r == 1)
4089  result = 1;
4090 
4091  DetectAddressHeadFree(gh);
4092  }
4093  return result;
4094 }
4095 
4096 static int AddressTestAddressGroupSetup36 (void)
4097 {
4098  int result = 0;
4099 
4100  DetectAddressHead *gh = DetectAddressHeadInit();
4101  if (gh != NULL) {
4102  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4103  if (r == 1)
4104  result = 1;
4105 
4106  DetectAddressHeadFree(gh);
4107  }
4108  return result;
4109 }
4110 
4111 static int AddressTestAddressGroupSetup37(void)
4112 {
4113  int result = 0;
4114  DetectAddressHead *gh = DetectAddressHeadInit();
4115 
4116  if (gh != NULL) {
4117  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4118  if (r == 0)
4119  result = 1;
4120 
4121  DetectAddressHeadFree(gh);
4122  }
4123  return result;
4124 }
4125 
4126 static int AddressTestAddressGroupSetup38(void)
4127 {
4128  UTHValidateDetectAddressHeadRange expectations[3] = {
4129  { "0.0.0.0", "192.167.255.255" },
4130  { "192.168.14.0", "192.168.14.255" },
4131  { "192.169.0.0", "255.255.255.255" } };
4132  int result = 0;
4133  DetectAddressHead *gh = DetectAddressHeadInit();
4134 
4135  if (gh != NULL) {
4136  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4137  if (r == 1) {
4138  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4139  result = 1;
4140  }
4141 
4142  DetectAddressHeadFree(gh);
4143  }
4144  return result;
4145 }
4146 
4147 static int AddressTestAddressGroupSetup39(void)
4148 {
4149  UTHValidateDetectAddressHeadRange expectations[3] = {
4150  { "0.0.0.0", "192.167.255.255" },
4151  { "192.168.14.0", "192.168.14.255" },
4152  { "192.169.0.0", "255.255.255.255" } };
4153  int result = 0;
4154  DetectAddressHead *gh = DetectAddressHeadInit();
4155 
4156  if (gh != NULL) {
4157  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4158  if (r == 1) {
4159  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4160  result = 1;
4161  }
4162 
4163  DetectAddressHeadFree(gh);
4164  }
4165  return result;
4166 }
4167 
4168 static int AddressTestAddressGroupSetup40(void)
4169 {
4170  UTHValidateDetectAddressHeadRange expectations[3] = {
4171  { "0.0.0.0", "192.167.255.255" },
4172  { "192.168.14.0", "192.168.14.255" },
4173  { "192.169.0.0", "255.255.255.255" } };
4174  int result = 0;
4175  DetectAddressHead *gh = DetectAddressHeadInit();
4176  if (gh != NULL) {
4177  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4178  if (r == 1) {
4179  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4180  result = 1;
4181  }
4182 
4183  DetectAddressHeadFree(gh);
4184  }
4185  return result;
4186 }
4187 
4188 static int AddressTestAddressGroupSetup41(void)
4189 {
4190  UTHValidateDetectAddressHeadRange expectations[3] = {
4191  { "0.0.0.0", "192.167.255.255" },
4192  { "192.168.14.0", "192.168.14.255" },
4193  { "192.169.0.0", "255.255.255.255" } };
4194  int result = 0;
4195  DetectAddressHead *gh = DetectAddressHeadInit();
4196  if (gh != NULL) {
4197  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4198  if (r == 1) {
4199  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4200  result = 1;
4201  }
4202 
4203  DetectAddressHeadFree(gh);
4204  }
4205  return result;
4206 }
4207 
4208 static int AddressTestAddressGroupSetup42(void)
4209 {
4210  UTHValidateDetectAddressHeadRange expectations[1] = {
4211  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4212  int result = 0;
4213  DetectAddressHead *gh = DetectAddressHeadInit();
4214  if (gh != NULL) {
4215  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4216  if (r == 0) {
4217  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4218  result = 1;
4219  }
4220 
4221  DetectAddressHeadFree(gh);
4222  }
4223  return result;
4224 }
4225 
4226 static int AddressTestAddressGroupSetup43(void)
4227 {
4228  UTHValidateDetectAddressHeadRange expectations[2] = {
4229  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4230  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4231  int result = 0;
4232  DetectAddressHead *gh = DetectAddressHeadInit();
4233  if (gh != NULL) {
4234  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4235  if (r == 1) {
4236  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4237  result = 1;
4238  }
4239 
4240  DetectAddressHeadFree(gh);
4241  }
4242  return result;
4243 }
4244 
4245 static int AddressTestAddressGroupSetup44(void)
4246 {
4247  UTHValidateDetectAddressHeadRange expectations[2] = {
4248  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4249  int result = 0;
4250  DetectAddressHead *gh = DetectAddressHeadInit();
4251  if (gh != NULL) {
4252  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4253  if (r == 0) {
4254  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4255  result = 1;
4256  }
4257 
4258  DetectAddressHeadFree(gh);
4259  }
4260  return result;
4261 }
4262 
4263 static int AddressTestAddressGroupSetup45(void)
4264 {
4265  int result = 0;
4266  DetectAddressHead *gh = DetectAddressHeadInit();
4267  if (gh != NULL) {
4268  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4269  if (r != 0) {
4270  result = 1;
4271  }
4272 
4273  DetectAddressHeadFree(gh);
4274  }
4275  return result;
4276 }
4277 
4278 static int AddressTestAddressGroupSetup46(void)
4279 {
4280  UTHValidateDetectAddressHeadRange expectations[4] = {
4281  { "0.0.0.0", "192.167.255.255" },
4282  { "192.168.1.0", "192.168.1.255" },
4283  { "192.168.3.0", "192.168.3.255" },
4284  { "192.169.0.0", "255.255.255.255" } };
4285  int result = 0;
4286  DetectAddressHead *gh = DetectAddressHeadInit();
4287  if (gh != NULL) {
4288  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4289  if (r == 1) {
4290  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4291  result = 1;
4292  }
4293 
4294  DetectAddressHeadFree(gh);
4295  }
4296  return result;
4297 }
4298 
4299 /** \test net with some negations, then all negated */
4300 static int AddressTestAddressGroupSetup47(void)
4301 {
4302  UTHValidateDetectAddressHeadRange expectations[5] = {
4303  { "0.0.0.0", "192.167.255.255" },
4304  { "192.168.1.0", "192.168.1.255" },
4305  { "192.168.3.0", "192.168.3.255" },
4306  { "192.168.5.0", "192.168.5.255" },
4307  { "192.169.0.0", "255.255.255.255" } };
4308  int result = 0;
4309  DetectAddressHead *gh = DetectAddressHeadInit();
4310  if (gh != NULL) {
4311  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4312  if (r == 1) {
4313  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4314  result = 1;
4315  }
4316 
4317  DetectAddressHeadFree(gh);
4318  }
4319  return result;
4320 }
4321 
4322 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4323 static int AddressTestAddressGroupSetup48(void)
4324 {
4325  UTHValidateDetectAddressHeadRange expectations[4] = {
4326  { "192.168.0.0", "192.168.0.255" },
4327  { "192.168.2.0", "192.168.2.255" },
4328  { "192.168.4.0", "192.168.4.255" },
4329  { "192.168.6.0", "192.168.255.255" } };
4330  int result = 0;
4331  DetectAddressHead *gh = DetectAddressHeadInit();
4332  if (gh != NULL) {
4333  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4334  if (r == 1) {
4335  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4336  result = 1;
4337  }
4338 
4339  DetectAddressHeadFree(gh);
4340  }
4341  return result;
4342 }
4343 
4344 static int AddressTestCutIPv401(void)
4345 {
4346  DetectAddress *c;
4347  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4348  FAIL_IF_NULL(a);
4349  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4350  FAIL_IF_NULL(b);
4351 
4352  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4353 
4354  DetectAddressFree(a);
4355  DetectAddressFree(b);
4356  DetectAddressFree(c);
4357  PASS;
4358 }
4359 
4360 static int AddressTestCutIPv402(void)
4361 {
4362  DetectAddress *a, *b, *c;
4363  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4364  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4365 
4366  if (DetectAddressCut(NULL, a, b, &c) == -1)
4367  goto error;
4368 
4369  if (c == NULL)
4370  goto error;
4371 
4372  DetectAddressFree(a);
4373  DetectAddressFree(b);
4374  DetectAddressFree(c);
4375  return 1;
4376 
4377 error:
4378  DetectAddressFree(a);
4379  DetectAddressFree(b);
4380  DetectAddressFree(c);
4381  return 0;
4382 }
4383 
4384 static int AddressTestCutIPv403(void)
4385 {
4386  DetectAddress *a, *b, *c;
4387  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4388  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4389 
4390  if (DetectAddressCut(NULL, a, b, &c) == -1)
4391  goto error;
4392 
4393  if (c == NULL)
4394  goto error;
4395 
4396  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4397  goto error;
4398  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4399  goto error;
4400  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4401  goto error;
4402 
4403  DetectAddressFree(a);
4404  DetectAddressFree(b);
4405  DetectAddressFree(c);
4406  return 1;
4407 
4408 error:
4409  DetectAddressFree(a);
4410  DetectAddressFree(b);
4411  DetectAddressFree(c);
4412  return 0;
4413 }
4414 
4415 static int AddressTestCutIPv404(void)
4416 {
4417  DetectAddress *a, *b, *c;
4418  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4419  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4420 
4421  if (DetectAddressCut(NULL, a, b, &c) == -1)
4422  goto error;
4423 
4424  if (c == NULL)
4425  goto error;
4426 
4427  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4428  goto error;
4429  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4430  goto error;
4431  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4432  goto error;
4433 
4434 
4435  DetectAddressFree(a);
4436  DetectAddressFree(b);
4437  DetectAddressFree(c);
4438  return 1;
4439 
4440 error:
4441  DetectAddressFree(a);
4442  DetectAddressFree(b);
4443  DetectAddressFree(c);
4444  return 0;
4445 }
4446 
4447 static int AddressTestCutIPv405(void)
4448 {
4449  DetectAddress *a, *b, *c;
4450  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4451  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4452 
4453  if (DetectAddressCut(NULL, a, b, &c) == -1)
4454  goto error;
4455 
4456  if (c == NULL)
4457  goto error;
4458 
4459  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4460  goto error;
4461  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4462  goto error;
4463  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4464  goto error;
4465 
4466  DetectAddressFree(a);
4467  DetectAddressFree(b);
4468  DetectAddressFree(c);
4469  return 1;
4470 
4471 error:
4472  DetectAddressFree(a);
4473  DetectAddressFree(b);
4474  DetectAddressFree(c);
4475  return 0;
4476 }
4477 
4478 static int AddressTestCutIPv406(void)
4479 {
4480  DetectAddress *a, *b, *c;
4481  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4482  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4483 
4484  if (DetectAddressCut(NULL, a, b, &c) == -1)
4485  goto error;
4486 
4487  if (c == NULL)
4488  goto error;
4489 
4490  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4491  goto error;
4492  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4493  goto error;
4494  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4495  goto error;
4496 
4497  DetectAddressFree(a);
4498  DetectAddressFree(b);
4499  DetectAddressFree(c);
4500  return 1;
4501 
4502 error:
4503  DetectAddressFree(a);
4504  DetectAddressFree(b);
4505  DetectAddressFree(c);
4506  return 0;
4507 }
4508 
4509 static int AddressTestCutIPv407(void)
4510 {
4511  DetectAddress *a, *b, *c;
4512  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4513  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4514 
4515  if (DetectAddressCut(NULL, a, b, &c) == -1)
4516  goto error;
4517 
4518  if (c != NULL)
4519  goto error;
4520 
4521  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4522  goto error;
4523  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4524  goto error;
4525 
4526  DetectAddressFree(a);
4527  DetectAddressFree(b);
4528  DetectAddressFree(c);
4529  return 1;
4530 
4531 error:
4532  DetectAddressFree(a);
4533  DetectAddressFree(b);
4534  DetectAddressFree(c);
4535  return 0;
4536 }
4537 
4538 static int AddressTestCutIPv408(void)
4539 {
4540  DetectAddress *a, *b, *c;
4541  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4542  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4543 
4544  if (DetectAddressCut(NULL, a, b, &c) == -1)
4545  goto error;
4546 
4547  if (c != NULL)
4548  goto error;
4549 
4550  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4551  goto error;
4552  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4553  goto error;
4554 
4555  DetectAddressFree(a);
4556  DetectAddressFree(b);
4557  DetectAddressFree(c);
4558  return 1;
4559 
4560 error:
4561  DetectAddressFree(a);
4562  DetectAddressFree(b);
4563  DetectAddressFree(c);
4564  return 0;
4565 }
4566 
4567 static int AddressTestCutIPv409(void)
4568 {
4569  DetectAddress *a, *b, *c;
4570  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4571  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4572 
4573  if (DetectAddressCut(NULL, a, b, &c) == -1)
4574  goto error;
4575 
4576  if (c != NULL)
4577  goto error;
4578 
4579  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4580  goto error;
4581  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4582  goto error;
4583 
4584  DetectAddressFree(a);
4585  DetectAddressFree(b);
4586  DetectAddressFree(c);
4587  return 1;
4588 
4589 error:
4590  DetectAddressFree(a);
4591  DetectAddressFree(b);
4592  DetectAddressFree(c);
4593  return 0;
4594 }
4595 
4596 static int AddressTestCutIPv410(void)
4597 {
4598  DetectAddress *a, *b, *c;
4599  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4600  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4601 
4602  if (DetectAddressCut(NULL, a, b, &c) == -1)
4603  goto error;
4604 
4605  if (c != NULL)
4606  goto error;
4607 
4608  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4609  goto error;
4610  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4611  goto error;
4612 
4613  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4614 
4615  DetectAddressFree(a);
4616  DetectAddressFree(b);
4617  DetectAddressFree(c);
4618  return 1;
4619 
4620 error:
4621  DetectAddressFree(a);
4622  DetectAddressFree(b);
4623  DetectAddressFree(c);
4624  return 0;
4625 }
4626 
4627 static int AddressTestParseInvalidMask01(void)
4628 {
4629  int result = 1;
4630  DetectAddress *dd = NULL;
4631 
4632  dd = DetectAddressParseSingle("192.168.2.0/33");
4633  if (dd != NULL) {
4634  DetectAddressFree(dd);
4635  result = 0;
4636  }
4637  return result;
4638 }
4639 
4640 static int AddressTestParseInvalidMask02(void)
4641 {
4642  int result = 1;
4643  DetectAddress *dd = NULL;
4644 
4645  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4646  if (dd != NULL) {
4647  DetectAddressFree(dd);
4648  result = 0;
4649  }
4650  return result;
4651 }
4652 
4653 static int AddressTestParseInvalidMask03(void)
4654 {
4655  int result = 1;
4656  DetectAddress *dd = NULL;
4657 
4658  dd = DetectAddressParseSingle("192.168.2.0/blue");
4659  if (dd != NULL) {
4660  DetectAddressFree(dd);
4661  result = 0;
4662  }
4663  return result;
4664 }
4665 
4666 static int AddressConfVarsTest01(void)
4667 {
4668  static const char *dummy_conf_string =
4669  "%YAML 1.1\n"
4670  "---\n"
4671  "\n"
4672  "vars:\n"
4673  "\n"
4674  " address-groups:\n"
4675  "\n"
4676  " HOME_NET: \"any\"\n"
4677  "\n"
4678  " EXTERNAL_NET: \"!any\"\n"
4679  "\n"
4680  " port-groups:\n"
4681  "\n"
4682  " HTTP_PORTS: \"any\"\n"
4683  "\n"
4684  " SHELLCODE_PORTS: \"!any\"\n"
4685  "\n";
4686 
4687  int result = 0;
4688 
4690  ConfInit();
4691  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4692 
4694  result = 1;
4695 
4696  ConfDeInit();
4698 
4699  return result;
4700 }
4701 
4702 static int AddressConfVarsTest02(void)
4703 {
4704  static const char *dummy_conf_string =
4705  "%YAML 1.1\n"
4706  "---\n"
4707  "\n"
4708  "vars:\n"
4709  "\n"
4710  " address-groups:\n"
4711  "\n"
4712  " HOME_NET: \"any\"\n"
4713  "\n"
4714  " EXTERNAL_NET: \"any\"\n"
4715  "\n"
4716  " port-groups:\n"
4717  "\n"
4718  " HTTP_PORTS: \"any\"\n"
4719  "\n"
4720  " SHELLCODE_PORTS: \"!any\"\n"
4721  "\n";
4722 
4723  int result = 0;
4724 
4726  ConfInit();
4727  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4728 
4730  result = 1;
4731 
4732  ConfDeInit();
4734 
4735  return result;
4736 }
4737 
4738 static int AddressConfVarsTest03(void)
4739 {
4740  static const char *dummy_conf_string =
4741  "%YAML 1.1\n"
4742  "---\n"
4743  "\n"
4744  "vars:\n"
4745  "\n"
4746  " address-groups:\n"
4747  "\n"
4748  " HOME_NET: \"any\"\n"
4749  "\n"
4750  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4751  "\n"
4752  " port-groups:\n"
4753  "\n"
4754  " HTTP_PORTS: \"any\"\n"
4755  "\n"
4756  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4757  "\n";
4758 
4759  int result = 0;
4760 
4762  ConfInit();
4763  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4764 
4766  result = 1;
4767 
4768  ConfDeInit();
4770 
4771  return result;
4772 }
4773 
4774 static int AddressConfVarsTest04(void)
4775 {
4776  static const char *dummy_conf_string =
4777  "%YAML 1.1\n"
4778  "---\n"
4779  "\n"
4780  "vars:\n"
4781  "\n"
4782  " address-groups:\n"
4783  "\n"
4784  " HOME_NET: \"any\"\n"
4785  "\n"
4786  " EXTERNAL_NET: \"$HOME_NET\"\n"
4787  "\n"
4788  " port-groups:\n"
4789  "\n"
4790  " HTTP_PORTS: \"any\"\n"
4791  "\n"
4792  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4793  "\n";
4794 
4795  int result = 0;
4796 
4798  ConfInit();
4799  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4800 
4802  result = 1;
4803 
4804  ConfDeInit();
4806 
4807  return result;
4808 }
4809 
4810 static int AddressConfVarsTest05(void)
4811 {
4812  static const char *dummy_conf_string =
4813  "%YAML 1.1\n"
4814  "---\n"
4815  "\n"
4816  "vars:\n"
4817  "\n"
4818  " address-groups:\n"
4819  "\n"
4820  " HOME_NET: \"any\"\n"
4821  "\n"
4822  " EXTERNAL_NET: [192.168.0.1]\n"
4823  "\n"
4824  " port-groups:\n"
4825  "\n"
4826  " HTTP_PORTS: \"any\"\n"
4827  "\n"
4828  " SHELLCODE_PORTS: [80]\n"
4829  "\n";
4830 
4831  int result = 0;
4832 
4834  ConfInit();
4835  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4836 
4837  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4838  goto end;
4839 
4840  result = 1;
4841 
4842  end:
4843  ConfDeInit();
4845 
4846  return result;
4847 }
4848 
4849 static int AddressConfVarsTest06(void)
4850 {
4851  // HOME_NET value size = 10261 bytes
4852  static const char *dummy_conf_string =
4853  "%YAML 1.1\n"
4854  "---\n"
4855  "\n"
4856  "vars:\n"
4857  "\n"
4858  " address-groups:\n"
4859  "\n"
4860  " HOME_NET: "
4861  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4992  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4993  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4994  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4995  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4996  "\n"
4997  " EXTERNAL_NET: \"any\"\n"
4998  "\n";
4999 
5001  ConfInit();
5002  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
5003 
5005 
5006  ConfDeInit();
5008 
5009  PASS;
5010 }
5011 
5012 #endif /* UNITTESTS */
5013 
5014 void DetectAddressTests(void)
5015 {
5016 #ifdef UNITTESTS
5019 
5020  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5021  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5022  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5023  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5024  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5025  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5026  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5027  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5028  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5029  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5030  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5031  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5032  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5033  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5034  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5035  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5036  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5037  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5038  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5039  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5040  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5041  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5042  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5043  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5044  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5045  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5046  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5047  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5048  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5049  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5050  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5051  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5052  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5053  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5054  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5055  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5056  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5057  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5058 
5059  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5060  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5061  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5062  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5063  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5064  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5065  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5066  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5067  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5068  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5069  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5070 
5071  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5072  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5073  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5074  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5075  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5076  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5077  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5078  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5079 
5080  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5081  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5082  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5083  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5084  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5085  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5086 
5087  UtRegisterTest("AddressTestAddressGroupSetup01",
5088  AddressTestAddressGroupSetup01);
5089  UtRegisterTest("AddressTestAddressGroupSetup02",
5090  AddressTestAddressGroupSetup02);
5091  UtRegisterTest("AddressTestAddressGroupSetup03",
5092  AddressTestAddressGroupSetup03);
5093  UtRegisterTest("AddressTestAddressGroupSetup04",
5094  AddressTestAddressGroupSetup04);
5095  UtRegisterTest("AddressTestAddressGroupSetup05",
5096  AddressTestAddressGroupSetup05);
5097  UtRegisterTest("AddressTestAddressGroupSetup06",
5098  AddressTestAddressGroupSetup06);
5099  UtRegisterTest("AddressTestAddressGroupSetup07",
5100  AddressTestAddressGroupSetup07);
5101  UtRegisterTest("AddressTestAddressGroupSetup08",
5102  AddressTestAddressGroupSetup08);
5103  UtRegisterTest("AddressTestAddressGroupSetup09",
5104  AddressTestAddressGroupSetup09);
5105  UtRegisterTest("AddressTestAddressGroupSetup10",
5106  AddressTestAddressGroupSetup10);
5107  UtRegisterTest("AddressTestAddressGroupSetup11",
5108  AddressTestAddressGroupSetup11);
5109  UtRegisterTest("AddressTestAddressGroupSetup12",
5110  AddressTestAddressGroupSetup12);
5111  UtRegisterTest("AddressTestAddressGroupSetup13",
5112  AddressTestAddressGroupSetup13);
5113  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5114  AddressTestAddressGroupSetupIPv414);
5115  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5116  AddressTestAddressGroupSetupIPv415);
5117  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5118  AddressTestAddressGroupSetupIPv416);
5119 
5120  UtRegisterTest("AddressTestAddressGroupSetup14",
5121  AddressTestAddressGroupSetup14);
5122  UtRegisterTest("AddressTestAddressGroupSetup15",
5123  AddressTestAddressGroupSetup15);
5124  UtRegisterTest("AddressTestAddressGroupSetup16",
5125  AddressTestAddressGroupSetup16);
5126  UtRegisterTest("AddressTestAddressGroupSetup17",
5127  AddressTestAddressGroupSetup17);
5128  UtRegisterTest("AddressTestAddressGroupSetup18",
5129  AddressTestAddressGroupSetup18);
5130  UtRegisterTest("AddressTestAddressGroupSetup19",
5131  AddressTestAddressGroupSetup19);
5132  UtRegisterTest("AddressTestAddressGroupSetup20",
5133  AddressTestAddressGroupSetup20);
5134  UtRegisterTest("AddressTestAddressGroupSetup21",
5135  AddressTestAddressGroupSetup21);
5136  UtRegisterTest("AddressTestAddressGroupSetup22",
5137  AddressTestAddressGroupSetup22);
5138  UtRegisterTest("AddressTestAddressGroupSetup23",
5139  AddressTestAddressGroupSetup23);
5140  UtRegisterTest("AddressTestAddressGroupSetup24",
5141  AddressTestAddressGroupSetup24);
5142  UtRegisterTest("AddressTestAddressGroupSetup25",
5143  AddressTestAddressGroupSetup25);
5144  UtRegisterTest("AddressTestAddressGroupSetup26",
5145  AddressTestAddressGroupSetup26);
5146 
5147  UtRegisterTest("AddressTestAddressGroupSetup27",
5148  AddressTestAddressGroupSetup27);
5149  UtRegisterTest("AddressTestAddressGroupSetup28",
5150  AddressTestAddressGroupSetup28);
5151  UtRegisterTest("AddressTestAddressGroupSetup29",
5152  AddressTestAddressGroupSetup29);
5153  UtRegisterTest("AddressTestAddressGroupSetup30",
5154  AddressTestAddressGroupSetup30);
5155  UtRegisterTest("AddressTestAddressGroupSetup31",
5156  AddressTestAddressGroupSetup31);
5157  UtRegisterTest("AddressTestAddressGroupSetup32",
5158  AddressTestAddressGroupSetup32);
5159  UtRegisterTest("AddressTestAddressGroupSetup33",
5160  AddressTestAddressGroupSetup33);
5161  UtRegisterTest("AddressTestAddressGroupSetup34",
5162  AddressTestAddressGroupSetup34);
5163  UtRegisterTest("AddressTestAddressGroupSetup35",
5164  AddressTestAddressGroupSetup35);
5165  UtRegisterTest("AddressTestAddressGroupSetup36",
5166  AddressTestAddressGroupSetup36);
5167  UtRegisterTest("AddressTestAddressGroupSetup37",
5168  AddressTestAddressGroupSetup37);
5169  UtRegisterTest("AddressTestAddressGroupSetup38",
5170  AddressTestAddressGroupSetup38);
5171  UtRegisterTest("AddressTestAddressGroupSetup39",
5172  AddressTestAddressGroupSetup39);
5173  UtRegisterTest("AddressTestAddressGroupSetup40",
5174  AddressTestAddressGroupSetup40);
5175  UtRegisterTest("AddressTestAddressGroupSetup41",
5176  AddressTestAddressGroupSetup41);
5177  UtRegisterTest("AddressTestAddressGroupSetup42",
5178  AddressTestAddressGroupSetup42);
5179  UtRegisterTest("AddressTestAddressGroupSetup43",
5180  AddressTestAddressGroupSetup43);
5181  UtRegisterTest("AddressTestAddressGroupSetup44",
5182  AddressTestAddressGroupSetup44);
5183  UtRegisterTest("AddressTestAddressGroupSetup45",
5184  AddressTestAddressGroupSetup45);
5185  UtRegisterTest("AddressTestAddressGroupSetup46",
5186  AddressTestAddressGroupSetup46);
5187  UtRegisterTest("AddressTestAddressGroupSetup47",
5188  AddressTestAddressGroupSetup47);
5189  UtRegisterTest("AddressTestAddressGroupSetup48",
5190  AddressTestAddressGroupSetup48);
5191 
5192  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5193  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5194  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5195  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5196  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5197  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5198  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5199  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5200  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5201  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5202 
5203  UtRegisterTest("AddressTestParseInvalidMask01",
5204  AddressTestParseInvalidMask01);
5205  UtRegisterTest("AddressTestParseInvalidMask02",
5206  AddressTestParseInvalidMask02);
5207  UtRegisterTest("AddressTestParseInvalidMask03",
5208  AddressTestParseInvalidMask03);
5209 
5210  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5211  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5212  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5213  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5214  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5215  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5216 #endif /* UNITTESTS */
5217 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:130
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1413
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1315
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:113
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1607
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:128
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectAddressHead_
Definition: detect.h:143
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:117
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1492
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:56
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:119
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1360
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:115
Address_
Definition: decode.h:114
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:256
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1176
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1818
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:124
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:137
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1901
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:274
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:491
DetectAddress_::ip2
Address ip2
Definition: detect.h:131
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1053
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:289
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
turn 32 bit mask into CIDR
Definition: util-cidr.c:34
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:116
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:112
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:664
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:118
HashListTable_
Definition: util-hashlist.h:37
Address_::address
union Address_::@31 address
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
Flow_::next
struct Flow_ * next
Definition: flow.h:402
DetectAddressMap_
Definition: detect-engine-address.c:1312
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:145
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:81
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:114
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1640
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:938
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:90
ConfNode_::name
char * name
Definition: conf.h:33
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:676
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1349
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:177
str
#define str(s)
Definition: suricata-common.h:280
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1900
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1314
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:402
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:139
DetectMatchAddressIPv6_
Definition: detect.h:154
DetectMatchAddressIPv4_
Definition: detect.h:149
Address_::family
char family
Definition: decode.h:115
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1453
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:687
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:122
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1902
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:129
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:134
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1580
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:144
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1313
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1239
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162