suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
128 {
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 /**
140  * \internal
141  * \brief Frees a list of DetectAddress instances.
142  *
143  * \param head Pointer to a list of DetectAddress instances to be freed.
144  */
145 static void DetectAddressCleanupList(DetectAddress *head)
146 {
147  for (DetectAddress *cur = head; cur != NULL; ) {
148  DetectAddress *next = cur->next;
149  cur->next = NULL;
150  DetectAddressFree(cur);
151  cur = next;
152  }
153 }
154 
155 /**
156  * \internal
157  * \brief Helper function for DetectAddressInsert. Sets one of the
158  * DetectAddressHead head pointers, to the DetectAddress argument
159  * based on its address family.
160  *
161  * \param gh Pointer to the DetectAddressHead.
162  * \param newhead Pointer to the DetectAddress.
163  *
164  * \retval 0 On success.
165  * \retval -1 On failure.
166  */
167 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
168 {
169  if (newhead->ip.family == AF_INET) {
170  gh->ipv4_head = newhead;
171  } else if (newhead->ip.family == AF_INET6) {
172  gh->ipv6_head = newhead;
173  } else {
174  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
175  return -1;
176  }
177 
178  return 0;
179 }
180 
181 /**
182  * \internal
183  * \brief Returns the DetectAddress head from the DetectAddressHeads,
184  * based on the address family of the incoming DetectAddress arg.
185  *
186  * \param gh Pointer to the DetectAddressHead.
187  * \param new Pointer to the DetectAddress.
188  *
189  * \retval head Pointer to the DetectAddress(the head from
190  * DetectAddressHead).
191  */
192 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
193 {
194  DetectAddress *head = NULL;
195 
196  if (new->ip.family == AF_INET)
197  head = gh->ipv4_head;
198  else if (new->ip.family == AF_INET6)
199  head = gh->ipv6_head;
200 
201  return head;
202 }
203 
204 /**
205  * \internal
206  * \brief insert DetectAddress into a DetectAddressHead
207  *
208  * \param de_ctx Pointer to the detection engine context.
209  * \param gh Pointer to the DetectAddressHead list to which it has to
210  * be inserted.
211  * \param new Pointer to the DetectAddress, that has to be inserted.
212  *
213  * \retval 1 On successfully inserting it.
214  * \retval -1 On error.
215  * \retval 0 Not inserted, memory of new is freed.
216  */
217 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
218  DetectAddress *new)
219 {
220  DetectAddress *head = NULL;
221  DetectAddress *cur = NULL;
222  DetectAddress *c = NULL;
223  int r = 0;
224 
225  if (new == NULL)
226  return 0;
227 
228  /* get our head ptr based on the address we want to insert */
229  head = GetHeadPtr(gh, new);
230 
231  /* see if it already exists or overlaps with existing ag's */
232  if (head != NULL) {
233  cur = NULL;
234 
235  for (cur = head; cur != NULL; cur = cur->next) {
236  r = DetectAddressCmp(new, cur);
237  BUG_ON(r == ADDRESS_ER);
238 
239  /* if so, handle that */
240  if (r == ADDRESS_EQ) {
241  /* exact overlap/match */
242  if (cur != new) {
243  DetectAddressFree(new);
244  return 0;
245  }
246 
247  return 1;
248  } else if (r == ADDRESS_GT) {
249  /* only add it now if we are bigger than the last group.
250  * Otherwise we'll handle it later. */
251  if (cur->next == NULL) {
252  /* put in the list */
253  new->prev = cur;
254  cur->next = new;
255 
256  return 1;
257  }
258  } else if (r == ADDRESS_LT) {
259  /* see if we need to insert the ag anywhere put in the list */
260  if (cur->prev != NULL)
261  cur->prev->next = new;
262  new->prev = cur->prev;
263  new->next = cur;
264  cur->prev = new;
265 
266  /* update head if required */
267  if (head == cur) {
268  head = new;
269 
270  if (SetHeadPtr(gh, head) < 0)
271  goto error;
272  }
273 
274  return 1;
275  /* alright, those were the simple cases, lets handle the more
276  * complex ones now */
277  } else if (r == ADDRESS_ES) {
278  c = NULL;
279  r = DetectAddressCut(de_ctx, cur, new, &c);
280  if (r == -1)
281  goto error;
282 
283  DetectAddressInsert(de_ctx, gh, new);
284  if (c != NULL)
285  DetectAddressInsert(de_ctx, gh, c);
286 
287  return 1;
288  } else if (r == ADDRESS_EB) {
289  c = NULL;
290  r = DetectAddressCut(de_ctx, cur, new, &c);
291  if (r == -1)
292  goto error;
293 
294  DetectAddressInsert(de_ctx, gh, new);
295  if (c != NULL)
296  DetectAddressInsert(de_ctx, gh, c);
297 
298  return 1;
299  } else if (r == ADDRESS_LE) {
300  c = NULL;
301  r = DetectAddressCut(de_ctx, cur, new, &c);
302  if (r == -1)
303  goto error;
304 
305  DetectAddressInsert(de_ctx, gh, new);
306  if (c != NULL)
307  DetectAddressInsert(de_ctx, gh, c);
308 
309  return 1;
310  } else if (r == ADDRESS_GE) {
311  c = NULL;
312  r = DetectAddressCut(de_ctx, cur,new,&c);
313  if (r == -1)
314  goto error;
315 
316  DetectAddressInsert(de_ctx, gh, new);
317  if (c != NULL)
318  DetectAddressInsert(de_ctx, gh, c);
319 
320  return 1;
321  }
322  }
323 
324  /* head is NULL, so get a group and set head to it */
325  } else {
326  head = new;
327  if (SetHeadPtr(gh, head) < 0) {
328  SCLogDebug("SetHeadPtr failed");
329  goto error;
330  }
331  }
332 
333  return 1;
334 
335 error:
336  /* XXX */
337  return -1;
338 }
339 
340 /**
341  * \brief Checks if two address group lists are equal.
342  *
343  * \param list1 Pointer to the first address group list.
344  * \param list2 Pointer to the second address group list.
345  *
346  * \retval true On success.
347  * \retval false On failure.
348  */
350 {
351  DetectAddress *item = list1;
352  DetectAddress *it = list2;
353 
354  // First, compare items one by one.
355  while (item != NULL && it != NULL) {
356  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
357  return false;
358  }
359 
360  item = item->next;
361  it = it->next;
362  }
363 
364  // Are the lists of the same size?
365  if (!(item == NULL && it == NULL)) {
366  return false;
367  }
368 
369  return true;
370 }
371 
372 /**
373  * \internal
374  * \brief Parses an ipv4/ipv6 address string and updates the result into the
375  * DetectAddress instance sent as the argument.
376  *
377  * \param dd Pointer to the DetectAddress instance which should be updated with
378  * the address range details from the parsed ip string.
379  * \param str Pointer to address string that has to be parsed.
380  *
381  * \retval 0 On successfully parsing the address string.
382  * \retval -1 On failure.
383  */
384 static int DetectAddressParseString(DetectAddress *dd, const char *str)
385 {
386  char *ip = NULL;
387  char *ip2 = NULL;
388  char *mask = NULL;
389  int r = 0;
390  char ipstr[256];
391 
392  /* shouldn't see 'any' here */
393  BUG_ON(strcasecmp(str, "any") == 0);
394 
395  strlcpy(ipstr, str, sizeof(ipstr));
396  SCLogDebug("str %s", str);
397 
398  /* we work with a copy so that we can put a
399  * nul-termination in it later */
400  ip = ipstr;
401 
402  /* handle the negation case */
403  if (ip[0] == '!') {
404  dd->flags |= ADDRESS_FLAG_NOT;
405  ip++;
406  }
407 
408  /* see if the address is an ipv4 or ipv6 address */
409  if ((strchr(str, ':')) == NULL) {
410  /* IPv4 Address */
411  struct in_addr in;
412 
413  dd->ip.family = AF_INET;
414 
415  if ((mask = strchr(ip, '/')) != NULL) {
416  /* 1.2.3.4/xxx format (either dotted or cidr notation */
417  ip[mask - ip] = '\0';
418  mask++;
419  uint32_t ip4addr = 0;
420  uint32_t netmask = 0;
421 
422  if ((strchr (mask, '.')) == NULL) {
423  /* 1.2.3.4/24 format */
424 
425  for (size_t u = 0; u < strlen(mask); u++) {
426  if(!isdigit((unsigned char)mask[u]))
427  goto error;
428  }
429 
430  int cidr;
431  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
432  goto error;
433  netmask = CIDRGet(cidr);
434  } else {
435  /* 1.2.3.4/255.255.255.0 format */
436  r = inet_pton(AF_INET, mask, &in);
437  if (r <= 0)
438  goto error;
439 
440  netmask = in.s_addr;
441 
442  /* validate netmask */
443  int cidr = CIDRFromMask(netmask);
444  if (cidr < 0) {
445  SCLogError(
446  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
447  "CIDR notation are supported. See ticket #5168.",
448  mask);
449  goto error;
450  }
451  }
452 
453  r = inet_pton(AF_INET, ip, &in);
454  if (r <= 0)
455  goto error;
456 
457  ip4addr = in.s_addr;
458 
459  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
460  dd->ip2.addr_data32[0] |=~ netmask;
461  } else if ((ip2 = strchr(ip, '-')) != NULL) {
462  /* 1.2.3.4-1.2.3.6 range format */
463  ip[ip2 - ip] = '\0';
464  ip2++;
465 
466  r = inet_pton(AF_INET, ip, &in);
467  if (r <= 0)
468  goto error;
469  dd->ip.addr_data32[0] = in.s_addr;
470 
471  r = inet_pton(AF_INET, ip2, &in);
472  if (r <= 0)
473  goto error;
474  dd->ip2.addr_data32[0] = in.s_addr;
475 
476  /* a > b is illegal, a = b is ok */
477  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
478  goto error;
479  } else {
480  /* 1.2.3.4 format */
481  r = inet_pton(AF_INET, ip, &in);
482  if (r <= 0)
483  goto error;
484  /* single host */
485  dd->ip.addr_data32[0] = in.s_addr;
486  dd->ip2.addr_data32[0] = in.s_addr;
487  }
488  } else {
489  /* IPv6 Address */
490  struct in6_addr in6, mask6;
491  uint32_t ip6addr[4], netmask[4];
492 
493  dd->ip.family = AF_INET6;
494 
495  if ((mask = strchr(ip, '/')) != NULL) {
496  ip[mask - ip] = '\0';
497  mask++;
498 
499  int cidr;
500  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
501  goto error;
502 
503  r = inet_pton(AF_INET6, ip, &in6);
504  if (r <= 0)
505  goto error;
506  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
507 
508  CIDRGetIPv6(cidr, &mask6);
509  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
510 
511  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
512  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
513  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
514  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
515 
516  dd->ip2.addr_data32[0] |=~ netmask[0];
517  dd->ip2.addr_data32[1] |=~ netmask[1];
518  dd->ip2.addr_data32[2] |=~ netmask[2];
519  dd->ip2.addr_data32[3] |=~ netmask[3];
520  } else if ((ip2 = strchr(ip, '-')) != NULL) {
521  /* 2001::1-2001::4 range format */
522  ip[ip2 - ip] = '\0';
523  ip2++;
524 
525  r = inet_pton(AF_INET6, ip, &in6);
526  if (r <= 0)
527  goto error;
528  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
529 
530  r = inet_pton(AF_INET6, ip2, &in6);
531  if (r <= 0)
532  goto error;
533  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
534 
535  /* a > b is illegal, a=b is ok */
536  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
537  goto error;
538  } else {
539  r = inet_pton(AF_INET6, ip, &in6);
540  if (r <= 0)
541  goto error;
542 
543  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
544  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
545  }
546 
547  }
548 
549  BUG_ON(dd->ip.family == 0);
550 
551  return 0;
552 
553 error:
554  return -1;
555 }
556 
557 /**
558  * \internal
559  * \brief Simply parse an address and return a DetectAddress instance containing
560  * the address ranges of the parsed ip addressstring
561  *
562  * \param str Pointer to a character string containing the ip address
563  *
564  * \retval dd Pointer to the DetectAddress instance containing the address
565  * range details from the parsed ip string
566  */
567 static DetectAddress *DetectAddressParseSingle(const char *str)
568 {
569  SCLogDebug("str %s", str);
570 
572  if (dd == NULL)
573  return NULL;
574 
575  if (DetectAddressParseString(dd, str) < 0) {
576  SCLogDebug("AddressParse failed");
577  DetectAddressFree(dd);
578  return NULL;
579  }
580 
581  return dd;
582 }
583 
584 /**
585  * \brief Setup a single address string, parse it and add the resulting
586  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
587  *
588  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
589  * resulting Address-Range(s) from the parsed ip string has to
590  * be added.
591  * \param s Pointer to the ip address string to be parsed.
592  *
593  * \retval 0 On success.
594  * \retval -1 On failure.
595  */
596 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
597 {
598  SCLogDebug("gh %p, s %s", gh, s);
599 
600  while (*s != '\0' && isspace(*s))
601  s++;
602 
603  if (strcasecmp(s, "any") == 0) {
604  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
605 
606  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
607  if (ad == NULL)
608  return -1;
609 
610  BUG_ON(ad->ip.family == 0);
611 
612  if (DetectAddressInsert(NULL, gh, ad) < 0) {
613  SCLogDebug("DetectAddressInsert failed");
614  DetectAddressFree(ad);
615  return -1;
616  }
617 
618  ad = DetectAddressParseSingle("::/0");
619  if (ad == NULL)
620  return -1;
621 
622  BUG_ON(ad->ip.family == 0);
623 
624  if (DetectAddressInsert(NULL, gh, ad) < 0) {
625  SCLogDebug("DetectAddressInsert failed");
626  DetectAddressFree(ad);
627  return -1;
628  }
629  return 0;
630  }
631 
632  /* parse the address */
633  DetectAddress *ad = DetectAddressParseSingle(s);
634  if (ad == NULL) {
635  SCLogError("failed to parse address \"%s\"", s);
636  return -1;
637  }
638 
639  /* handle the not case, we apply the negation then insert the part(s) */
640  if (ad->flags & ADDRESS_FLAG_NOT) {
641  DetectAddress *ad2 = NULL;
642 
643  if (DetectAddressCutNot(ad, &ad2) < 0) {
644  SCLogDebug("DetectAddressCutNot failed");
645  DetectAddressFree(ad);
646  return -1;
647  }
648 
649  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
650  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
651  if (ad2 != NULL) {
652  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
653  SCLogDebug("DetectAddressInsert failed");
654  DetectAddressFree(ad);
655  DetectAddressFree(ad2);
656  return -1;
657  }
658  }
659  }
660 
661  int r = DetectAddressInsert(NULL, gh, ad);
662  if (r < 0) {
663  SCLogDebug("DetectAddressInsert failed");
664  DetectAddressFree(ad);
665  return -1;
666  }
667  SCLogDebug("r %d",r);
668  return 0;
669 }
670 
671 /**
672  * \brief Parses an address string and updates the 2 address heads with the
673  * address data.
674  *
675  * Note that this function should only be called by the wrapping function
676  * DetectAddressParse2. The wrapping function provides long address handling
677  * when the address size exceeds a threshold value.
678  *
679  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
680  * since we pass around negate without keeping a count of ! with depth.
681  * Can solve this by keeping a count of the negations with depth, so that
682  * an even no of negations would count as no negation and an odd no of
683  * negations would count as a negation.
684  *
685  * \param gh Pointer to the address head that should hold address ranges
686  * that are not negated.
687  * \param ghn Pointer to the address head that should hold address ranges
688  * that are negated.
689  * \param s Pointer to the character string holding the address to be
690  * parsed.
691  * \param negate Flag that indicates if the received address string is negated
692  * or not. 0 if it is not, 1 it it is.
693  *
694  * \retval 0 On successfully parsing.
695  * \retval -1 On failure.
696  */
697 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
698  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
699  int recur, char *address, size_t address_length)
700 {
701  size_t x = 0;
702  size_t u = 0;
703  int o_set = 0, n_set = 0, d_set = 0;
704  int depth = 0;
705  const char *rule_var_address = NULL;
706  char *temp_rule_var_address = NULL;
707 
708  if (++recur > 64) {
709  SCLogError("address block recursion "
710  "limit reached (max 64)");
711  goto error;
712  }
713 
714  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
715 
716  size_t size = strlen(s);
717  for (u = 0, x = 0; u < size && x < address_length; u++) {
718  if (x == (address_length - 1)) {
719  SCLogError("Hit the address buffer"
720  " limit for the supplied address. Invalidating sig. "
721  "Please file a bug report on this.");
722  goto error;
723  }
724  address[x] = s[u];
725  x++;
726 
727  if (!o_set && s[u] == '!') {
728  n_set = 1;
729  x--;
730  } else if (s[u] == '[') {
731  if (!o_set) {
732  o_set = 1;
733  x = 0;
734  }
735  depth++;
736  } else if (s[u] == ']') {
737  if (depth == 1) {
738  address[x - 1] = '\0';
739  x = 0;
740  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
741  if (((negate + n_set) % 2) == 0) {
742  /* normal block */
743  SCLogDebug("normal block");
744 
745  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
746  goto error;
747  } else {
748  /* negated block
749  *
750  * Extra steps are necessary. First consider it as a normal
751  * (non-negated) range. Merge the + and - ranges if
752  * applicable. Then insert the result into the ghn list. */
753  SCLogDebug("negated block");
754 
755  DetectAddressHead tmp_gh = { NULL, NULL };
756  DetectAddressHead tmp_ghn = { NULL, NULL };
757 
758  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
759  DetectAddressHeadCleanup(&tmp_gh);
760  DetectAddressHeadCleanup(&tmp_ghn);
761  goto error;
762  }
763 
764  DetectAddress *tmp_ad;
765  DetectAddress *tmp_ad2;
766 #ifdef DEBUG
767  SCLogDebug("tmp_gh: IPv4");
768  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
769  DetectAddressPrint(tmp_ad);
770  }
771  SCLogDebug("tmp_ghn: IPv4");
772  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
773  DetectAddressPrint(tmp_ad);
774  }
775  SCLogDebug("tmp_gh: IPv6");
776  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
777  DetectAddressPrint(tmp_ad);
778  }
779  SCLogDebug("tmp_ghn: IPv6");
780  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
781  DetectAddressPrint(tmp_ad);
782  }
783 #endif
784  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
785  DetectAddressHeadCleanup(&tmp_ghn);
786  DetectAddressHeadCleanup(&tmp_gh);
787  goto error;
788  }
789  DetectAddressHeadCleanup(&tmp_ghn);
790 
791  SCLogDebug("merged successfully");
792 
793  /* insert the IPv4 addresses into the negated list */
794  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
795  /* work with a copy of the address group */
796  tmp_ad2 = DetectAddressCopy(tmp_ad);
797  if (tmp_ad2 == NULL) {
798  SCLogDebug("DetectAddressCopy failed");
799  DetectAddressHeadCleanup(&tmp_gh);
800  goto error;
801  }
802  DetectAddressPrint(tmp_ad2);
803  DetectAddressInsert(NULL, ghn, tmp_ad2);
804  }
805 
806  /* insert the IPv6 addresses into the negated list */
807  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
808  /* work with a copy of the address group */
809  tmp_ad2 = DetectAddressCopy(tmp_ad);
810  if (tmp_ad2 == NULL) {
811  SCLogDebug("DetectAddressCopy failed");
812  DetectAddressHeadCleanup(&tmp_gh);
813  goto error;
814  }
815  DetectAddressPrint(tmp_ad2);
816  DetectAddressInsert(NULL, ghn, tmp_ad2);
817  }
818 
819  DetectAddressHeadCleanup(&tmp_gh);
820  }
821  n_set = 0;
822  }
823  depth--;
824  } else if (depth == 0 && s[u] == ',') {
825  if (o_set == 1) {
826  o_set = 0;
827  } else if (d_set == 1) {
828  address[x - 1] = '\0';
829 
830  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
832  if (rule_var_address == NULL)
833  goto error;
834 
835  if (strlen(rule_var_address) == 0) {
836  SCLogError("variable %s resolved "
837  "to nothing. This is likely a misconfiguration. "
838  "Note that a negated address needs to be quoted, "
839  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
840  s);
841  goto error;
842  }
843 
844  SCLogDebug("rule_var_address %s", rule_var_address);
845  if ((negate + n_set) % 2) {
846  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
847  if (unlikely(temp_rule_var_address == NULL))
848  goto error;
849  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
850  "[%s]", rule_var_address);
851  } else {
852  temp_rule_var_address = SCStrdup(rule_var_address);
853  if (unlikely(temp_rule_var_address == NULL))
854  goto error;
855  }
856 
857  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
858  (negate + n_set) % 2, var_list, recur) < 0) {
859  if (temp_rule_var_address != rule_var_address)
860  SCFree(temp_rule_var_address);
861  goto error;
862  }
863  d_set = 0;
864  n_set = 0;
865  SCFree(temp_rule_var_address);
866  } else {
867  address[x - 1] = '\0';
868 
869  if (!((negate + n_set) % 2)) {
870  SCLogDebug("DetectAddressSetup into gh, %s", address);
871  if (DetectAddressSetup(gh, address) < 0)
872  goto error;
873  } else {
874  SCLogDebug("DetectAddressSetup into ghn, %s", address);
875  if (DetectAddressSetup(ghn, address) < 0)
876  goto error;
877  }
878  n_set = 0;
879  }
880  x = 0;
881  } else if (depth == 0 && s[u] == '$') {
882  d_set = 1;
883  } else if (depth == 0 && u == size - 1) {
884  if (x == address_length) {
885  address[x - 1] = '\0';
886  } else {
887  address[x] = '\0';
888  }
889  x = 0;
890 
891  if (AddVariableToResolveList(var_list, address) == -1) {
892  SCLogError("Found a loop in a address "
893  "groups declaration. This is likely a misconfiguration.");
894  goto error;
895  }
896 
897  if (d_set == 1) {
898  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
900  if (rule_var_address == NULL)
901  goto error;
902 
903  if (strlen(rule_var_address) == 0) {
904  SCLogError("variable %s resolved "
905  "to nothing. This is likely a misconfiguration. "
906  "Note that a negated address needs to be quoted, "
907  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
908  s);
909  goto error;
910  }
911 
912  SCLogDebug("rule_var_address %s", rule_var_address);
913  if ((negate + n_set) % 2) {
914  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
915  if (unlikely(temp_rule_var_address == NULL))
916  goto error;
917  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
918  "[%s]", rule_var_address);
919  } else {
920  temp_rule_var_address = SCStrdup(rule_var_address);
921  if (unlikely(temp_rule_var_address == NULL))
922  goto error;
923  }
924 
925  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
926  (negate + n_set) % 2, var_list, recur) < 0) {
927  SCLogDebug("DetectAddressParse2 hates us");
928  if (temp_rule_var_address != rule_var_address)
929  SCFree(temp_rule_var_address);
930  goto error;
931  }
932  d_set = 0;
933  SCFree(temp_rule_var_address);
934  } else {
935  if (!((negate + n_set) % 2)) {
936  SCLogDebug("DetectAddressSetup into gh, %s", address);
937  if (DetectAddressSetup(gh, address) < 0) {
938  SCLogDebug("DetectAddressSetup gh fail");
939  goto error;
940  }
941  } else {
942  SCLogDebug("DetectAddressSetup into ghn, %s", address);
943  if (DetectAddressSetup(ghn, address) < 0) {
944  SCLogDebug("DetectAddressSetup ghn fail");
945  goto error;
946  }
947  }
948  }
949  n_set = 0;
950  }
951  }
952  if (depth > 0) {
953  SCLogError("not every address block was "
954  "properly closed in \"%s\", %d missing closing brackets (]). "
955  "Note: problem might be in a variable.",
956  s, depth);
957  goto error;
958  } else if (depth < 0) {
959  SCLogError("not every address block was "
960  "properly opened in \"%s\", %d missing opening brackets ([). "
961  "Note: problem might be in a variable.",
962  s, depth * -1);
963  goto error;
964  }
965 
966  return 0;
967 
968 error:
969 
970  return -1;
971 }
972 
973 /**
974  * \internal
975  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
976  *
977  * \retval Return value from DetectAddressParseInternal
978  */
979 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
980  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
981  int recur)
982 {
983  int rc;
984 #define MAX_ADDRESS_LENGTH 8192
985 
986  size_t address_length = strlen(s);
987  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
988  char *address = SCCalloc(1, address_length);
989  if (address == NULL) {
990  SCLogError("Unable to allocate"
991  " memory for address parsing.");
992  return -1;
993  }
994  rc = DetectAddressParseInternal(
995  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
996  SCFree(address);
997  } else {
998  char address[MAX_ADDRESS_LENGTH] = "";
999  rc = DetectAddressParseInternal(
1000  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1001  }
1002  return rc;
1003 }
1004 
1005 /**
1006  * \internal
1007  * \brief See if the addresses and ranges in an address head cover the
1008  * entire ip space.
1009  *
1010  * \param gh Pointer to the DetectAddressHead to check.
1011  *
1012  * \retval 0 No.
1013  * \retval 1 Yes.
1014  *
1015  * \todo do the same for IPv6
1016  */
1017 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1018 {
1020  if (r == 1)
1021  return 1;
1022 
1023  return 0;
1024 }
1025 
1026 /**
1027  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1028  *
1029  * \param gh Pointer to the address head containing the non-NOT groups.
1030  * \param ghn Pointer to the address head containing the NOT groups.
1031  *
1032  * \retval 0 On success.
1033  * \retval -1 On failure.
1034  */
1036 {
1037  DetectAddress *ad;
1038  DetectAddress *ag, *ag2;
1039  int r = 0;
1040 
1041  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1042  ghn->ipv4_head);
1043 
1044  /* check if the negated list covers the entire ip space. If so
1045  * the user screwed up the rules/vars. */
1046  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1047  SCLogError("Complete IP space negated. "
1048  "Rule address range is NIL. Probably have a !any or "
1049  "an address range that supplies a NULL address range");
1050  goto error;
1051  }
1052 
1053  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1054  * not thingy. In that case we add a 0.0.0.0/0 first. */
1055  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1056  r = DetectAddressSetup(gh, "0.0.0.0/0");
1057  if (r < 0) {
1058  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1059  goto error;
1060  }
1061  }
1062  /* ... or ::/0 for ipv6 */
1063  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1064  r = DetectAddressSetup(gh, "::/0");
1065  if (r < 0) {
1066  SCLogDebug("DetectAddressSetup for ::/0 failed");
1067  goto error;
1068  }
1069  }
1070 
1071  /* step 1: insert our ghn members into the gh list */
1072  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1073  /* work with a copy of the ad so we can easily clean up the ghn group
1074  * later. */
1075  ad = DetectAddressCopy(ag);
1076  if (ad == NULL) {
1077  SCLogDebug("DetectAddressCopy failed");
1078  goto error;
1079  }
1080 
1081  r = DetectAddressInsert(NULL, gh, ad);
1082  if (r < 0) {
1083  SCLogDebug("DetectAddressInsert failed");
1084  goto error;
1085  }
1086  }
1087  /* ... and the same for ipv6 */
1088  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1089  /* work with a copy of the ad so we can easily clean up the ghn group
1090  * later. */
1091  ad = DetectAddressCopy(ag);
1092  if (ad == NULL) {
1093  SCLogDebug("DetectAddressCopy failed");
1094  goto error;
1095  }
1096 
1097  r = DetectAddressInsert(NULL, gh, ad);
1098  if (r < 0) {
1099  SCLogDebug("DetectAddressInsert failed");
1100  goto error;
1101  }
1102  }
1103 #ifdef DEBUG
1104  DetectAddress *tmp_ad;
1105  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1106  DetectAddressPrint(tmp_ad);
1107  }
1108 #endif
1109  int ipv4_applied = 0;
1110  int ipv6_applied = 0;
1111 
1112  /* step 2: pull the address blocks that match our 'not' blocks */
1113  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1114  SCLogDebug("ag %p", ag);
1115  DetectAddressPrint(ag);
1116 
1117  int applied = 0;
1118  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1119  SCLogDebug("ag2 %p", ag2);
1120  DetectAddressPrint(ag2);
1121 
1122  r = DetectAddressCmp(ag, ag2);
1123  /* XXX more ??? */
1124  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1125  if (ag2->prev != NULL)
1126  ag2->prev->next = ag2->next;
1127  if (ag2->next != NULL)
1128  ag2->next->prev = ag2->prev;
1129  if (gh->ipv4_head == ag2)
1130  gh->ipv4_head = ag2->next;
1131  /* store the next ptr and remove the group */
1132  DetectAddress *next_ag2 = ag2->next;
1133  DetectAddressFree(ag2);
1134  ag2 = next_ag2;
1135  applied = 1;
1136  } else {
1137  ag2 = ag2->next;
1138  }
1139  }
1140 
1141  if (applied) {
1142  ipv4_applied++;
1143  }
1144  }
1145  /* ... and the same for ipv6 */
1146  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1147  int applied = 0;
1148  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1149  r = DetectAddressCmp(ag, ag2);
1150  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1151  if (ag2->prev != NULL)
1152  ag2->prev->next = ag2->next;
1153  if (ag2->next != NULL)
1154  ag2->next->prev = ag2->prev;
1155  if (gh->ipv6_head == ag2)
1156  gh->ipv6_head = ag2->next;
1157  /* store the next ptr and remove the group */
1158  DetectAddress *next_ag2 = ag2->next;
1159  DetectAddressFree(ag2);
1160  ag2 = next_ag2;
1161 
1162  SCLogDebug("applied");
1163  applied = 1;
1164  } else {
1165  ag2 = ag2->next;
1166  }
1167  }
1168  if (applied) {
1169  ipv6_applied++;
1170  }
1171  }
1172 #ifdef DEBUG
1173  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1174  DetectAddressPrint(tmp_ad);
1175  }
1176  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1177  DetectAddressPrint(tmp_ad);
1178  }
1179 #endif
1180  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1181  int cnt = 0;
1182  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1183  cnt++;
1184 
1185  if (ipv4_applied != cnt) {
1186  SCLogError("not all IPv4 negations "
1187  "could be applied: %d != %d",
1188  cnt, ipv4_applied);
1189  goto error;
1190  }
1191 
1192  cnt = 0;
1193  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1194  cnt++;
1195 
1196  if (ipv6_applied != cnt) {
1197  SCLogError("not all IPv6 negations "
1198  "could be applied: %d != %d",
1199  cnt, ipv6_applied);
1200  goto error;
1201  }
1202  }
1203 
1204  /* if the result is that we have no addresses we return error */
1205  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1206  SCLogError("no addresses left after "
1207  "merging addresses and negated addresses");
1208  goto error;
1209  }
1210 
1211  return 0;
1212 
1213 error:
1214  return -1;
1215 }
1216 
1218 {
1219  SCLogDebug("Testing address conf vars for any misconfigured values");
1220 
1221  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1222 
1223  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1224  if (address_vars_node == NULL) {
1225  return 0;
1226  }
1227 
1228  DetectAddressHead *gh = NULL;
1229  DetectAddressHead *ghn = NULL;
1230 
1231  ConfNode *seq_node;
1232  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1233  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1234 
1235  gh = DetectAddressHeadInit();
1236  if (gh == NULL) {
1237  goto error;
1238  }
1239  ghn = DetectAddressHeadInit();
1240  if (ghn == NULL) {
1241  goto error;
1242  }
1243 
1244  if (seq_node->val == NULL) {
1245  SCLogError("Address var \"%s\" probably has a sequence(something "
1246  "in brackets) value set without any quotes. Please "
1247  "quote it using \"..\".",
1248  seq_node->name);
1249  goto error;
1250  }
1251 
1252  int r = DetectAddressParse2(
1253  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1254 
1255  CleanVariableResolveList(&var_list);
1256 
1257  if (r < 0) {
1258  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1259  "Please check its syntax",
1260  seq_node->name, seq_node->val);
1261  goto error;
1262  }
1263 
1264  if (DetectAddressIsCompleteIPSpace(ghn)) {
1265  SCLogError("address var - \"%s\" has the complete IP space negated "
1266  "with its value \"%s\". Rule address range is NIL. "
1267  "Probably have a !any or an address range that supplies "
1268  "a NULL address range",
1269  seq_node->name, seq_node->val);
1270  goto error;
1271  }
1272 
1273  DetectAddressHeadFree(gh);
1274  DetectAddressHeadFree(ghn);
1275  ghn = NULL;
1276  }
1277 
1278  return 0;
1279  error:
1280  if (gh != NULL)
1281  DetectAddressHeadFree(gh);
1282  if (ghn != NULL)
1283  DetectAddressHeadFree(ghn);
1284  return -1;
1285 }
1286 
1287 #include "util-hash-lookup3.h"
1288 
1289 typedef struct DetectAddressMap_ {
1290  char *string;
1294 
1295 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1296 {
1297  const DetectAddressMap *map = (DetectAddressMap *)data;
1298  uint32_t hash = 0;
1299 
1300  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1301  hash %= ht->array_size;
1302 
1303  return hash;
1304 }
1305 
1306 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1307  uint16_t len2)
1308 {
1309  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1310  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1311 
1312  char r = (strcmp(map1->string, map2->string) == 0);
1313  return r;
1314 }
1315 
1316 static void DetectAddressMapFreeFunc(void *data)
1317 {
1318  DetectAddressMap *map = (DetectAddressMap *)data;
1319  if (map != NULL) {
1320  DetectAddressHeadFree(map->address);
1321  SCFree(map->string);
1322  }
1323  SCFree(map);
1324 }
1325 
1327 {
1328  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1329  DetectAddressMapCompareFunc,
1330  DetectAddressMapFreeFunc);
1331  if (de_ctx->address_table == NULL)
1332  return -1;
1333 
1334  return 0;
1335 }
1336 
1338 {
1339  if (de_ctx->address_table == NULL)
1340  return;
1341 
1343  de_ctx->address_table = NULL;
1344 }
1345 
1346 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1347  DetectAddressHead *address, bool contains_negation)
1348 {
1349  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1350  if (map == NULL)
1351  return false;
1352 
1353  map->string = SCStrdup(string);
1354  if (map->string == NULL) {
1355  SCFree(map);
1356  return false;
1357  }
1358  map->address = address;
1359  map->contains_negation = contains_negation;
1360 
1361  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1362  SCFree(map->string);
1363  SCFree(map);
1364  return false;
1365  }
1366 
1367  return true;
1368 }
1369 
1370 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1371  const char *string)
1372 {
1373  DetectAddressMap map = { (char *)string, NULL, false };
1374 
1376  &map, 0);
1377  return res;
1378 }
1379 
1380 /**
1381  * \brief Parses an address group sent as a character string and updates the
1382  * DetectAddressHead sent as the argument with the relevant address
1383  * ranges from the parsed string.
1384  *
1385  * \param de_ctx Pointer to the detection engine context
1386  * \param gh Pointer to the DetectAddressHead.
1387  * \param str Pointer to the character string containing the address group
1388  * that has to be parsed.
1389  *
1390  * \retval 1 On success. Contained negation.
1391  * \retval 0 On success. Did not contain negation.
1392  * \retval -1 On failure.
1393  */
1395  DetectAddressHead *gh, const char *str)
1396 {
1397  SCLogDebug("gh %p, str %s", gh, str);
1398 
1399  if (str == NULL) {
1400  SCLogDebug("DetectAddressParse can not be run with NULL address");
1401  return -1;
1402  }
1403 
1404  DetectAddressHead *ghn = DetectAddressHeadInit();
1405  if (ghn == NULL) {
1406  SCLogDebug("DetectAddressHeadInit for ghn failed");
1407  return -1;
1408  }
1409 
1410  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1411  if (r < 0) {
1412  SCLogDebug("DetectAddressParse2 returned %d", r);
1413  DetectAddressHeadFree(ghn);
1414  return -1;
1415  }
1416 
1417  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1418  ghn->ipv4_head);
1419 
1420  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1421 
1422  /* merge the 'not' address groups */
1423  if (DetectAddressMergeNot(gh, ghn) < 0) {
1424  SCLogDebug("DetectAddressMergeNot failed");
1425  DetectAddressHeadFree(ghn);
1426  return -1;
1427  }
1428 
1429  /* free the temp negate head */
1430  DetectAddressHeadFree(ghn);
1431  return contains_negation ? 1 : 0;
1432 }
1433 
1435  const char *string, bool *contains_negation)
1436 {
1437  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1438  if (res != NULL) {
1439  SCLogDebug("found: %s :: %p", string, res);
1440  *contains_negation = res->contains_negation;
1441  return res->address;
1442  }
1443 
1444  SCLogDebug("%s not found", string);
1445 
1446  DetectAddressHead *head = DetectAddressHeadInit();
1447  if (head == NULL)
1448  return NULL;
1449 
1450  const int r = DetectAddressParse(de_ctx, head, string);
1451  if (r < 0) {
1452  DetectAddressHeadFree(head);
1453  return NULL;
1454  } else if (r == 1) {
1455  *contains_negation = true;
1456  } else {
1457  *contains_negation = false;
1458  }
1459 
1460  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1461  DetectAddressHeadFree(head);
1462  return NULL;
1463  }
1464 
1465  return head;
1466 }
1467 
1468 /**
1469  * \brief Cleans a DetectAddressHead. The functions frees the address
1470  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1471  * instance.
1472  *
1473  * \param gh Pointer to the DetectAddressHead instance that has to be
1474  * cleaned.
1475  */
1477 {
1478  if (gh != NULL) {
1479  if (gh->ipv4_head != NULL) {
1480  DetectAddressCleanupList(gh->ipv4_head);
1481  gh->ipv4_head = NULL;
1482  }
1483  if (gh->ipv6_head != NULL) {
1484  DetectAddressCleanupList(gh->ipv6_head);
1485  gh->ipv6_head = NULL;
1486  }
1487  }
1488 }
1489 
1490 /**
1491  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1492  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1493  * explanations on what these functions do.
1494  *
1495  * \param de_ctx Pointer to the DetectEngineCtx.
1496  * \param a Pointer to the first address to be cut.
1497  * \param b Pointer to the second address to be cut.
1498  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1499  * ranges from a and b, demand a third address range.
1500  *
1501  * \retval 0 On success.
1502  * \retval -1 On failure.
1503  */
1504 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1505  DetectAddress *b, DetectAddress **c)
1506 {
1507  if (a->ip.family == AF_INET)
1508  return DetectAddressCutIPv4(de_ctx, a, b, c);
1509  else if (a->ip.family == AF_INET6)
1510  return DetectAddressCutIPv6(de_ctx, a, b, c);
1511 
1512  return -1;
1513 }
1514 
1515 /**
1516  * \brief Cuts a negated address range with respect to the entire ip range, and
1517  * supplies with the address range that doesn't belong to the negated
1518  * address range.
1519  *
1520  * There are 2 cases here -
1521  *
1522  * The first case includes the address being located at the extreme ends
1523  * of the ip space, in which we get a single range.
1524  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1525  *
1526  * The second case includes the address not present at either of the
1527  * ip space extremes, in which case we get 2 ranges. The second range
1528  * would be supplied back with the argument "b" supplied to this function.
1529  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1530  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1531  *
1532  * The above negation cases can similarly be extended to ranges, i.e.
1533  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1534  * ![10.20.30.40 - 10.20.30.50].
1535  *
1536  *
1537  * \param a Pointer to the DetectAddressData instance, that contains the negated
1538  * address range that has to be cut.
1539  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1540  * filled with the address range, if the argument "a", doesn't fall at
1541  * the extreme ends of the ip address space.
1542  *
1543  * \retval 0 On success.
1544  * \retval -1 On failure.
1545  */
1546 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1547 {
1548  if (a->ip.family == AF_INET)
1549  return DetectAddressCutNotIPv4(a, b);
1550  else if (a->ip.family == AF_INET6)
1551  return DetectAddressCutNotIPv6(a, b);
1552 
1553  return -1;
1554 }
1555 
1556 /**
1557  * \brief Used to compare 2 address ranges.
1558  *
1559  * \param a Pointer to the first DetectAddressData to be compared.
1560  * \param b Pointer to the second DetectAddressData to be compared.
1561  */
1563 {
1564  if (a->ip.family != b->ip.family)
1565  return ADDRESS_ER;
1566 
1567  if (a->ip.family == AF_INET)
1568  return DetectAddressCmpIPv4(a, b);
1569  else if (a->ip.family == AF_INET6)
1570  return DetectAddressCmpIPv6(a, b);
1571 
1572  return ADDRESS_ER;
1573 }
1574 
1575 /**
1576  * \brief Match a packets address against a signatures addrs array
1577  *
1578  * \param addrs array of DetectMatchAddressIPv4's
1579  * \param addrs_cnt array size in members
1580  * \param a packets address
1581  *
1582  * \retval 0 no match
1583  * \retval 1 match
1584  *
1585  * \note addresses in addrs are in host order
1586  *
1587  * \todo array should be ordered, so we can break out of the loop
1588  */
1590  uint16_t addrs_cnt, const Address *a)
1591 {
1592  SCEnter();
1593 
1594  if (addrs == NULL || addrs_cnt == 0) {
1595  SCReturnInt(0);
1596  }
1597 
1598  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1599  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1600  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1601  SCReturnInt(1);
1602  }
1603  }
1604 
1605  SCReturnInt(0);
1606 }
1607 
1608 /**
1609  * \brief Match a packets address against a signatures addrs array
1610  *
1611  * \param addrs array of DetectMatchAddressIPv6's
1612  * \param addrs_cnt array size in members
1613  * \param a packets address
1614  *
1615  * \retval 0 no match
1616  * \retval 1 match
1617  *
1618  * \note addresses in addrs are in host order
1619  *
1620  * \todo array should be ordered, so we can break out of the loop
1621  */
1623  uint16_t addrs_cnt, const Address *a)
1624 {
1625  SCEnter();
1626 
1627  if (addrs == NULL || addrs_cnt == 0) {
1628  SCReturnInt(0);
1629  }
1630 
1631  uint32_t match_addr[4];
1632  match_addr[0] = SCNtohl(a->addr_data32[0]);
1633  match_addr[1] = SCNtohl(a->addr_data32[1]);
1634  match_addr[2] = SCNtohl(a->addr_data32[2]);
1635  match_addr[3] = SCNtohl(a->addr_data32[3]);
1636 
1637  /* See if the packet address is within the range of any entry in the
1638  * signature's address match array.
1639  */
1640  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1641  uint16_t result1 = 0, result2 = 0;
1642 
1643  /* See if packet address equals either limit. Return 1 if true. */
1644  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1645  SCReturnInt(1);
1646  }
1647  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1648  SCReturnInt(1);
1649  }
1650 
1651  /* See if packet address is greater than lower limit
1652  * of the current signature address match pair.
1653  */
1654  for (int i = 0; i < 4; i++) {
1655  if (match_addr[i] > addrs[idx].ip[i]) {
1656  result1 = 1;
1657  break;
1658  }
1659  if (match_addr[i] < addrs[idx].ip[i]) {
1660  result1 = 0;
1661  break;
1662  }
1663  }
1664 
1665  /* If not greater than lower limit, try next address match entry */
1666  if (result1 == 0)
1667  continue;
1668 
1669  /* See if packet address is less than upper limit
1670  * of the current signature address match pair.
1671  */
1672  for (int i = 0; i < 4; i++) {
1673  if (match_addr[i] < addrs[idx].ip2[i]) {
1674  result2 = 1;
1675  break;
1676  }
1677  if (match_addr[i] > addrs[idx].ip2[i]) {
1678  result2 = 0;
1679  break;
1680  }
1681  }
1682 
1683  /* Return a match if packet address is between the two
1684  * signature address match limits.
1685  */
1686  if (result1 == 1 && result2 == 1)
1687  SCReturnInt(1);
1688  }
1689 
1690  SCReturnInt(0);
1691 }
1692 
1693 /**
1694  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1695  * range in the DetectAddress instance.
1696  *
1697  * We basically check that the address falls in between the address
1698  * range in DetectAddress.
1699  *
1700  * \param dd Pointer to the DetectAddress instance.
1701  * \param a Pointer to an Address instance.
1702  *
1703  * \param 1 On a match.
1704  * \param 0 On no match.
1705  */
1706 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1707 {
1708  SCEnter();
1709 
1710  if (dd->ip.family != a->family) {
1711  SCReturnInt(0);
1712  }
1713 
1714  //DetectAddressPrint(dd);
1715  //AddressDebugPrint(a);
1716 
1717  switch (a->family) {
1718  case AF_INET:
1719 
1720  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1721  * Address inside DetectAddressData we can do uint8_t checks */
1722  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1723  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1724  {
1725  SCReturnInt(1);
1726  } else {
1727  SCReturnInt(0);
1728  }
1729 
1730  break;
1731  case AF_INET6:
1732  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1733  AddressIPv6Le(a, &dd->ip2) == 1)
1734  {
1735  SCReturnInt(1);
1736  } else {
1737  SCReturnInt(0);
1738  }
1739 
1740  break;
1741  default:
1742  SCLogDebug("What other address type can we have :-/");
1743  break;
1744  }
1745 
1746  SCReturnInt(0);
1747 }
1748 
1749 #ifdef DEBUG
1750 /**
1751  * \brief Prints the address data held by the DetectAddress. If the address
1752  * data family is IPv4, we print the ipv4 address and mask, and
1753  * if the address data family is IPv6, we print the ipv6 address and
1754  * mask.
1755  *
1756  * \param ad Pointer to the DetectAddress instance to be printed.
1757  */
1758 static void DetectAddressPrint(DetectAddress *gr)
1759 {
1760  if (gr == NULL)
1761  return;
1762 
1763  if (gr->ip.family == AF_INET) {
1764  struct in_addr in;
1765  char ip[16], mask[16];
1766 
1767  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1768  PrintInet(AF_INET, &in, ip, sizeof(ip));
1769  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1770  PrintInet(AF_INET, &in, mask, sizeof(mask));
1771 
1772  SCLogDebug("%s/%s", ip, mask);
1773 // printf("%s/%s", ip, mask);
1774  } else if (gr->ip.family == AF_INET6) {
1775  struct in6_addr in6;
1776  char ip[66], mask[66];
1777 
1778  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1779  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1780  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1781  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1782 
1783  SCLogDebug("%s/%s", ip, mask);
1784 // printf("%s/%s", ip, mask);
1785  }
1786 }
1787 #endif
1788 
1789 /**
1790  * \brief Find the group matching address in a group head.
1791  *
1792  * \param gh Pointer to the address group head(DetectAddressHead instance).
1793  * \param a Pointer to an Address instance.
1794  *
1795  * \retval g On success pointer to an DetectAddress if we find a match
1796  * for the Address "a", in the DetectAddressHead "gh".
1797  */
1799 {
1800  SCEnter();
1801 
1802  DetectAddress *g = NULL;
1803 
1804  if (gh == NULL) {
1805  SCReturnPtr(NULL, "DetectAddress");
1806  }
1807 
1808  /* XXX should we really do this check every time we run this function? */
1809  if (a->family == AF_INET) {
1810  SCLogDebug("IPv4");
1811  g = gh->ipv4_head;
1812  } else if (a->family == AF_INET6) {
1813  SCLogDebug("IPv6");
1814  g = gh->ipv6_head;
1815  }
1816 
1817  for ( ; g != NULL; g = g->next) {
1818  if (DetectAddressMatch(g,a) == 1) {
1819  SCReturnPtr(g, "DetectAddress");
1820  }
1821  }
1822 
1823  SCReturnPtr(NULL, "DetectAddress");
1824 }
1825 
1826 /********************************Unittests*************************************/
1827 
1828 #ifdef UNITTESTS
1829 
1830 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1831 {
1832  char str1[46] = "", str2[46] = "";
1833 
1834  if (ad == NULL)
1835  return false;
1836 
1837  switch(ad->ip.family) {
1838  case AF_INET:
1839  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1840  SCLogDebug("%s", str1);
1841  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1842  SCLogDebug("%s", str2);
1843 
1844  if (strcmp(str1, one) != 0) {
1845  SCLogInfo("%s != %s", str1, one);
1846  return false;
1847  }
1848 
1849  if (strcmp(str2, two) != 0) {
1850  SCLogInfo("%s != %s", str2, two);
1851  return false;
1852  }
1853 
1854  return true;
1855  break;
1856 
1857  case AF_INET6:
1858  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1859  SCLogDebug("%s", str1);
1860  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1861  SCLogDebug("%s", str2);
1862 
1863  if (strcmp(str1, one) != 0) {
1864  SCLogInfo("%s != %s", str1, one);
1865  return false;
1866  }
1867 
1868  if (strcmp(str2, two) != 0) {
1869  SCLogInfo("%s != %s", str2, two);
1870  return false;
1871  }
1872 
1873  return true;
1874  break;
1875  }
1876 
1877  return false;
1878 }
1879 
1881  const char *one;
1882  const char *two;
1884 
1885 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1886 {
1887  int expect = nranges;
1888  int have = 0;
1889 
1890  if (gh == NULL)
1891  return false;
1892 
1893  DetectAddress *ad = NULL;
1894  ad = gh->ipv4_head;
1895  if (ad == NULL)
1896  ad = gh->ipv6_head;
1897  while (have < expect) {
1898  if (ad == NULL) {
1899  printf("bad head: have %d ranges, expected %d: ", have, expect);
1900  return false;
1901  }
1902 
1903  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1904  return false;
1905 
1906  ad = ad->next;
1907  have++;
1908  }
1909 
1910  return true;
1911 }
1912 
1913 static int AddressTestParse01(void)
1914 {
1915  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1916 
1917  if (dd) {
1918  DetectAddressFree(dd);
1919  return 1;
1920  }
1921 
1922  return 0;
1923 }
1924 
1925 static int AddressTestParse02(void)
1926 {
1927  int result = 1;
1928  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1929 
1930  if (dd) {
1931  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1932  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1933  result = 0;
1934  }
1935 
1936  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1937  DetectAddressFree(dd);
1938  return result;
1939  }
1940 
1941  return 0;
1942 }
1943 
1944 static int AddressTestParse03(void)
1945 {
1946  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1947 
1948  if (dd) {
1949  DetectAddressFree(dd);
1950  return 1;
1951  }
1952 
1953  return 0;
1954 }
1955 
1956 static int AddressTestParse04(void)
1957 {
1958  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1959  FAIL_IF_NULL(dd);
1960 
1961  char left[16], right[16];
1962  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1963  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1964  SCLogDebug("left %s right %s", left, right);
1965  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1966  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1967  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1968  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1969 
1970  DetectAddressFree(dd);
1971  PASS;
1972 }
1973 
1974 /** \test that address range sets proper start address */
1975 static int AddressTestParse04bug5081(void)
1976 {
1977  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1978  FAIL_IF_NULL(dd);
1979 
1980  char left[16], right[16];
1981  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1982  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1983  SCLogDebug("left %s right %s", left, right);
1984  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1985  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1986 
1987  DetectAddressFree(dd);
1988  PASS;
1989 }
1990 
1991 static int AddressTestParse05(void)
1992 {
1993  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1994 
1995  if (dd) {
1996  DetectAddressFree(dd);
1997  return 1;
1998  }
1999 
2000  return 0;
2001 }
2002 
2003 static int AddressTestParse06(void)
2004 {
2005  int result = 1;
2006  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2007 
2008  if (dd) {
2009  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2010  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2011  result = 0;
2012  }
2013 
2014  DetectAddressFree(dd);
2015  return result;
2016  }
2017 
2018  return 0;
2019 }
2020 
2021 static int AddressTestParse07(void)
2022 {
2023  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2024 
2025  if (dd) {
2026  DetectAddressFree(dd);
2027  return 1;
2028  }
2029 
2030  return 0;
2031 }
2032 
2033 static int AddressTestParse08(void)
2034 {
2035  int result = 1;
2036  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2037 
2038  if (dd) {
2039  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2040  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2041 
2042  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2043  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2044  DetectAddressPrint(dd);
2045  result = 0;
2046  }
2047 
2048  DetectAddressFree(dd);
2049  return result;
2050  }
2051 
2052  return 0;
2053 }
2054 
2055 static int AddressTestParse09(void)
2056 {
2057  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2058 
2059  if (dd) {
2060  DetectAddressFree(dd);
2061  return 1;
2062  }
2063 
2064  return 0;
2065 }
2066 
2067 static int AddressTestParse10(void)
2068 {
2069  int result = 1;
2070  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2071 
2072  if (dd) {
2073  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2074  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2075 
2076  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2077  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2078  DetectAddressPrint(dd);
2079  result = 0;
2080  }
2081 
2082  DetectAddressFree(dd);
2083  return result;
2084  }
2085 
2086  return 0;
2087 }
2088 
2089 static int AddressTestParse11(void)
2090 {
2091  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2092 
2093  if (dd) {
2094  DetectAddressFree(dd);
2095  return 1;
2096  }
2097 
2098  return 0;
2099 }
2100 
2101 static int AddressTestParse12(void)
2102 {
2103  int result = 1;
2104  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2105 
2106  if (dd) {
2107  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2108  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2109 
2110  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2111  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2112  DetectAddressPrint(dd);
2113  result = 0;
2114  }
2115 
2116  DetectAddressFree(dd);
2117  return result;
2118  }
2119 
2120  return 0;
2121 }
2122 static int AddressTestParse13(void)
2123 {
2124  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2125 
2126  if (dd) {
2127  DetectAddressFree(dd);
2128  return 1;
2129  }
2130 
2131  return 0;
2132 }
2133 
2134 static int AddressTestParse14(void)
2135 {
2136  int result = 1;
2137  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2138 
2139  if (dd) {
2140  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2141  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2142 
2143  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2144  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2145  result = 0;
2146  }
2147 
2148  DetectAddressFree(dd);
2149  return result;
2150  }
2151 
2152  return 0;
2153 }
2154 
2155 static int AddressTestParse15(void)
2156 {
2157  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2158 
2159  if (dd) {
2160  DetectAddressFree(dd);
2161  return 1;
2162  }
2163 
2164  return 0;
2165 }
2166 
2167 static int AddressTestParse16(void)
2168 {
2169  int result = 1;
2170  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2171 
2172  if (dd) {
2173  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2174  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2175 
2176  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2177  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2178  result = 0;
2179  }
2180 
2181  DetectAddressFree(dd);
2182  return result;
2183  }
2184 
2185  return 0;
2186 }
2187 
2188 static int AddressTestParse17(void)
2189 {
2190  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2191 
2192  if (dd) {
2193  DetectAddressFree(dd);
2194  return 1;
2195  }
2196 
2197  return 0;
2198 }
2199 
2200 static int AddressTestParse18(void)
2201 {
2202  int result = 1;
2203  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2204 
2205  if (dd) {
2206  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2207  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2208  result = 0;
2209  }
2210 
2211  DetectAddressFree(dd);
2212  return result;
2213  }
2214 
2215  return 0;
2216 }
2217 
2218 static int AddressTestParse19(void)
2219 {
2220  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2221 
2222  if (dd) {
2223  DetectAddressFree(dd);
2224  return 0;
2225  }
2226 
2227  return 1;
2228 }
2229 
2230 static int AddressTestParse20(void)
2231 {
2232  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2233 
2234  if (dd) {
2235  DetectAddressFree(dd);
2236  return 1;
2237  }
2238 
2239  return 0;
2240 }
2241 
2242 static int AddressTestParse21(void)
2243 {
2244  int result = 1;
2245  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2246 
2247  if (dd) {
2248  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2249  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2250 
2251  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2252  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2253  result = 0;
2254  }
2255 
2256  DetectAddressFree(dd);
2257  return result;
2258  }
2259 
2260  return 0;
2261 }
2262 
2263 static int AddressTestParse22(void)
2264 {
2265  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2266 
2267  if (dd) {
2268  DetectAddressFree(dd);
2269  return 0;
2270  }
2271 
2272  return 1;
2273 }
2274 
2275 static int AddressTestParse23(void)
2276 {
2277  DetectAddressHead *gh = DetectAddressHeadInit();
2278  FAIL_IF_NULL(gh);
2279  int r = DetectAddressParse(NULL, gh, "any");
2280  FAIL_IF_NOT(r == 0);
2281  DetectAddressHeadFree(gh);
2282  PASS;
2283 }
2284 
2285 static int AddressTestParse24(void)
2286 {
2287  DetectAddressHead *gh = DetectAddressHeadInit();
2288  FAIL_IF_NULL(gh);
2289  int r = DetectAddressParse(NULL, gh, "Any");
2290  FAIL_IF_NOT(r == 0);
2291  DetectAddressHeadFree(gh);
2292  PASS;
2293 }
2294 
2295 static int AddressTestParse25(void)
2296 {
2297  DetectAddressHead *gh = DetectAddressHeadInit();
2298  FAIL_IF_NULL(gh);
2299  int r = DetectAddressParse(NULL, gh, "ANY");
2300  FAIL_IF_NOT(r == 0);
2301  DetectAddressHeadFree(gh);
2302  PASS;
2303 }
2304 
2305 /** \test recursion limit */
2306 static int AddressTestParse26(void)
2307 {
2308  DetectAddressHead *gh = DetectAddressHeadInit();
2309  FAIL_IF_NULL(gh);
2310  /* exactly 64: should pass */
2311  int r = DetectAddressParse(NULL, gh,
2312  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2313  "1.2.3.4"
2314  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2315  );
2316  FAIL_IF_NOT(r == 0);
2317  DetectAddressHeadFree(gh);
2318  gh = DetectAddressHeadInit();
2319  FAIL_IF_NULL(gh);
2320  /* exactly 65: should fail */
2321  r = DetectAddressParse(NULL, gh,
2322  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2323  "1.2.3.4"
2324  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2325  );
2326  FAIL_IF(r == 0);
2327  DetectAddressHeadFree(gh);
2328  PASS;
2329 }
2330 
2331 static int AddressTestParse27(void)
2332 {
2333  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2334 
2335  if (dd) {
2336  DetectAddressFree(dd);
2337  return 1;
2338  }
2339 
2340  return 0;
2341 }
2342 
2343 static int AddressTestParse28(void)
2344 {
2345  int result = 0;
2346  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2347 
2348  if (dd) {
2349  if (dd->flags & ADDRESS_FLAG_NOT &&
2350  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2351  result = 1;
2352  }
2353 
2354  DetectAddressFree(dd);
2355  return result;
2356  }
2357 
2358  return 0;
2359 }
2360 
2361 static int AddressTestParse29(void)
2362 {
2363  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2364 
2365  if (dd) {
2366  DetectAddressFree(dd);
2367  return 1;
2368  }
2369 
2370  return 0;
2371 }
2372 
2373 static int AddressTestParse30(void)
2374 {
2375  int result = 0;
2376  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2377 
2378  if (dd) {
2379  if (dd->flags & ADDRESS_FLAG_NOT &&
2380  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2381  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2382  result = 1;
2383  }
2384 
2385  DetectAddressFree(dd);
2386  return result;
2387  }
2388 
2389  return 0;
2390 }
2391 
2392 /**
2393  * \test make sure !any is rejected
2394  */
2395 static int AddressTestParse31(void)
2396 {
2397  DetectAddress *dd = DetectAddressParseSingle("!any");
2398 
2399  if (dd) {
2400  DetectAddressFree(dd);
2401  return 0;
2402  }
2403 
2404  return 1;
2405 }
2406 
2407 static int AddressTestParse32(void)
2408 {
2409  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2410 
2411  if (dd) {
2412  DetectAddressFree(dd);
2413  return 1;
2414  }
2415 
2416  return 0;
2417 }
2418 
2419 static int AddressTestParse33(void)
2420 {
2421  int result = 0;
2422  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2423 
2424  if (dd) {
2425  if (dd->flags & ADDRESS_FLAG_NOT &&
2426  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2427  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2428  result = 1;
2429  }
2430 
2431  DetectAddressFree(dd);
2432  return result;
2433  }
2434 
2435  return 0;
2436 }
2437 
2438 static int AddressTestParse34(void)
2439 {
2440  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2441 
2442  if (dd) {
2443  DetectAddressFree(dd);
2444  return 1;
2445  }
2446 
2447  return 0;
2448 }
2449 
2450 static int AddressTestParse35(void)
2451 {
2452  int result = 0;
2453  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2454 
2455  if (dd) {
2456  if (dd->flags & ADDRESS_FLAG_NOT &&
2457  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2458  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2459 
2460  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2461  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2462  result = 1;
2463  }
2464 
2465  DetectAddressFree(dd);
2466  return result;
2467  }
2468 
2469  return 0;
2470 }
2471 
2472 static int AddressTestParse36(void)
2473 {
2474  int result = 1;
2475  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2476 
2477  if (dd) {
2478  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2479  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2480 
2481  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2482  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2483 
2484  DetectAddressPrint(dd);
2485  result = 0;
2486  }
2487  DetectAddressPrint(dd);
2488 
2489  DetectAddressFree(dd);
2490  return result;
2491  }
2492 
2493  return 0;
2494 }
2495 
2496 static int AddressTestParse37(void)
2497 {
2498  int result = 1;
2499  DetectAddress *dd = DetectAddressParseSingle("::/0");
2500 
2501  if (dd) {
2502  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2503  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2504 
2505  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2506  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2507  DetectAddressPrint(dd);
2508  result = 0;
2509  }
2510  DetectAddressPrint(dd);
2511 
2512  DetectAddressFree(dd);
2513  return result;
2514  }
2515 
2516  return 0;
2517 }
2518 
2519 static int AddressTestMatch01(void)
2520 {
2521  DetectAddress *dd = NULL;
2522  int result = 1;
2523  struct in_addr in;
2524  Address a;
2525 
2526  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2527  return 0;
2528  memset(&a, 0, sizeof(Address));
2529  a.family = AF_INET;
2530  a.addr_data32[0] = in.s_addr;
2531 
2532  dd = DetectAddressParseSingle("1.2.3.4/24");
2533  if (dd) {
2534  if (DetectAddressMatch(dd, &a) == 0)
2535  result = 0;
2536 
2537  DetectAddressFree(dd);
2538  return result;
2539  }
2540 
2541  return 0;
2542 }
2543 
2544 static int AddressTestMatch02(void)
2545 {
2546  DetectAddress *dd = NULL;
2547  int result = 1;
2548  struct in_addr in;
2549  Address a;
2550 
2551  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2552  return 0;
2553  memset(&a, 0, sizeof(Address));
2554  a.family = AF_INET;
2555  a.addr_data32[0] = in.s_addr;
2556 
2557  dd = DetectAddressParseSingle("1.2.3.4/25");
2558  if (dd) {
2559  if (DetectAddressMatch(dd, &a) == 0)
2560  result = 0;
2561 
2562  DetectAddressFree(dd);
2563  return result;
2564  }
2565 
2566  return 0;
2567 }
2568 
2569 static int AddressTestMatch03(void)
2570 {
2571  DetectAddress *dd = NULL;
2572  int result = 1;
2573  struct in_addr in;
2574  Address a;
2575 
2576  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2577  return 0;
2578  memset(&a, 0, sizeof(Address));
2579  a.family = AF_INET;
2580  a.addr_data32[0] = in.s_addr;
2581 
2582  dd = DetectAddressParseSingle("1.2.3.4/25");
2583  if (dd) {
2584  if (DetectAddressMatch(dd, &a) == 1)
2585  result = 0;
2586 
2587  DetectAddressFree(dd);
2588  return result;
2589  }
2590 
2591  return 0;
2592 }
2593 
2594 static int AddressTestMatch04(void)
2595 {
2596  DetectAddress *dd = NULL;
2597  int result = 1;
2598  struct in_addr in;
2599  Address a;
2600 
2601  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2602  return 0;
2603  memset(&a, 0, sizeof(Address));
2604  a.family = AF_INET;
2605  a.addr_data32[0] = in.s_addr;
2606 
2607  dd = DetectAddressParseSingle("1.2.3.4/25");
2608  if (dd) {
2609  if (DetectAddressMatch(dd, &a) == 1)
2610  result = 0;
2611 
2612  DetectAddressFree(dd);
2613  return result;
2614  }
2615 
2616  return 0;
2617 }
2618 
2619 static int AddressTestMatch05(void)
2620 {
2621  DetectAddress *dd = NULL;
2622  int result = 1;
2623  struct in_addr in;
2624  Address a;
2625 
2626  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2627  return 0;
2628  memset(&a, 0, sizeof(Address));
2629  a.family = AF_INET;
2630  a.addr_data32[0] = in.s_addr;
2631 
2632  dd = DetectAddressParseSingle("1.2.3.4/32");
2633  if (dd) {
2634  if (DetectAddressMatch(dd, &a) == 0)
2635  result = 0;
2636 
2637  DetectAddressFree(dd);
2638  return result;
2639  }
2640 
2641  return 0;
2642 }
2643 
2644 static int AddressTestMatch06(void)
2645 {
2646  DetectAddress *dd = NULL;
2647  int result = 1;
2648  struct in_addr in;
2649  Address a;
2650 
2651  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2652  return 0;
2653  memset(&a, 0, sizeof(Address));
2654  a.family = AF_INET;
2655  a.addr_data32[0] = in.s_addr;
2656 
2657  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2658  if (dd) {
2659  if (DetectAddressMatch(dd, &a) == 0)
2660  result = 0;
2661 
2662  DetectAddressFree(dd);
2663  return result;
2664  }
2665 
2666  return 0;
2667 }
2668 
2669 static int AddressTestMatch07(void)
2670 {
2671  DetectAddress *dd = NULL;
2672  int result = 1;
2673  struct in6_addr in6;
2674  Address a;
2675 
2676  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2677  return 0;
2678  memset(&a, 0, sizeof(Address));
2679  a.family = AF_INET6;
2680  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2681 
2682  dd = DetectAddressParseSingle("2001::/3");
2683  if (dd) {
2684  if (DetectAddressMatch(dd, &a) == 0)
2685  result = 0;
2686 
2687  DetectAddressFree(dd);
2688  return result;
2689  }
2690 
2691  return 0;
2692 }
2693 
2694 static int AddressTestMatch08(void)
2695 {
2696  DetectAddress *dd = NULL;
2697  int result = 1;
2698  struct in6_addr in6;
2699  Address a;
2700 
2701  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2702  return 0;
2703  memset(&a, 0, sizeof(Address));
2704  a.family = AF_INET6;
2705  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2706 
2707  dd = DetectAddressParseSingle("2001::/3");
2708  if (dd) {
2709  if (DetectAddressMatch(dd, &a) == 1)
2710  result = 0;
2711 
2712  DetectAddressFree(dd);
2713  return result;
2714  }
2715 
2716  return 0;
2717 }
2718 
2719 static int AddressTestMatch09(void)
2720 {
2721  DetectAddress *dd = NULL;
2722  int result = 1;
2723  struct in6_addr in6;
2724  Address a;
2725 
2726  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2727  return 0;
2728  memset(&a, 0, sizeof(Address));
2729  a.family = AF_INET6;
2730  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2731 
2732  dd = DetectAddressParseSingle("2001::1/128");
2733  if (dd) {
2734  if (DetectAddressMatch(dd, &a) == 1)
2735  result = 0;
2736 
2737  DetectAddressFree(dd);
2738  return result;
2739  }
2740 
2741  return 0;
2742 }
2743 
2744 static int AddressTestMatch10(void)
2745 {
2746  DetectAddress *dd = NULL;
2747  int result = 1;
2748  struct in6_addr in6;
2749  Address a;
2750 
2751  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2752  return 0;
2753  memset(&a, 0, sizeof(Address));
2754  a.family = AF_INET6;
2755  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2756 
2757  dd = DetectAddressParseSingle("2001::1/126");
2758  if (dd) {
2759  if (DetectAddressMatch(dd, &a) == 0)
2760  result = 0;
2761 
2762  DetectAddressFree(dd);
2763  return result;
2764  }
2765 
2766  return 0;
2767 }
2768 
2769 static int AddressTestMatch11(void)
2770 {
2771  DetectAddress *dd = NULL;
2772  int result = 1;
2773  struct in6_addr in6;
2774  Address a;
2775 
2776  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2777  return 0;
2778  memset(&a, 0, sizeof(Address));
2779  a.family = AF_INET6;
2780  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2781 
2782  dd = DetectAddressParseSingle("2001::1/127");
2783  if (dd) {
2784  if (DetectAddressMatch(dd, &a) == 1)
2785  result = 0;
2786 
2787  DetectAddressFree(dd);
2788  return result;
2789  }
2790 
2791  return 0;
2792 }
2793 
2794 static int AddressTestCmp01(void)
2795 {
2796  DetectAddress *da = NULL, *db = NULL;
2797  int result = 1;
2798 
2799  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2800  if (da == NULL) goto error;
2801  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2802  if (db == NULL) goto error;
2803 
2804  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2805  result = 0;
2806 
2807  DetectAddressFree(da);
2808  DetectAddressFree(db);
2809  return result;
2810 
2811 error:
2812  if (da) DetectAddressFree(da);
2813  if (db) DetectAddressFree(db);
2814  return 0;
2815 }
2816 
2817 static int AddressTestCmp02(void)
2818 {
2819  DetectAddress *da = NULL, *db = NULL;
2820  int result = 1;
2821 
2822  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2823  if (da == NULL) goto error;
2824  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2825  if (db == NULL) goto error;
2826 
2827  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2828  result = 0;
2829 
2830  DetectAddressFree(da);
2831  DetectAddressFree(db);
2832  return result;
2833 
2834 error:
2835  if (da) DetectAddressFree(da);
2836  if (db) DetectAddressFree(db);
2837  return 0;
2838 }
2839 
2840 static int AddressTestCmp03(void)
2841 {
2842  DetectAddress *da = NULL, *db = NULL;
2843  int result = 1;
2844 
2845  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2846  if (da == NULL) goto error;
2847  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2848  if (db == NULL) goto error;
2849 
2850  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2851  result = 0;
2852 
2853  DetectAddressFree(da);
2854  DetectAddressFree(db);
2855  return result;
2856 
2857 error:
2858  if (da) DetectAddressFree(da);
2859  if (db) DetectAddressFree(db);
2860  return 0;
2861 }
2862 
2863 static int AddressTestCmp04(void)
2864 {
2865  DetectAddress *da = NULL, *db = NULL;
2866  int result = 1;
2867 
2868  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2869  if (da == NULL) goto error;
2870  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2871  if (db == NULL) goto error;
2872 
2873  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2874  result = 0;
2875 
2876  DetectAddressFree(da);
2877  DetectAddressFree(db);
2878  return result;
2879 
2880 error:
2881  if (da) DetectAddressFree(da);
2882  if (db) DetectAddressFree(db);
2883  return 0;
2884 }
2885 
2886 static int AddressTestCmp05(void)
2887 {
2888  DetectAddress *da = NULL, *db = NULL;
2889  int result = 1;
2890 
2891  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2892  if (da == NULL) goto error;
2893  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2894  if (db == NULL) goto error;
2895 
2896  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2897  result = 0;
2898 
2899  DetectAddressFree(da);
2900  DetectAddressFree(db);
2901  return result;
2902 
2903 error:
2904  if (da) DetectAddressFree(da);
2905  if (db) DetectAddressFree(db);
2906  return 0;
2907 }
2908 
2909 static int AddressTestCmp06(void)
2910 {
2911  DetectAddress *da = NULL, *db = NULL;
2912  int result = 1;
2913 
2914  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2915  if (da == NULL) goto error;
2916  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2917  if (db == NULL) goto error;
2918 
2919  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2920  result = 0;
2921 
2922  DetectAddressFree(da);
2923  DetectAddressFree(db);
2924  return result;
2925 
2926 error:
2927  if (da) DetectAddressFree(da);
2928  if (db) DetectAddressFree(db);
2929  return 0;
2930 }
2931 
2932 static int AddressTestCmpIPv407(void)
2933 {
2934  DetectAddress *da = NULL, *db = NULL;
2935  int result = 1;
2936 
2937  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2938  if (da == NULL) goto error;
2939  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2940  if (db == NULL) goto error;
2941 
2942  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2943  result = 0;
2944 
2945  DetectAddressFree(da);
2946  DetectAddressFree(db);
2947  return result;
2948 
2949 error:
2950  if (da) DetectAddressFree(da);
2951  if (db) DetectAddressFree(db);
2952  return 0;
2953 }
2954 
2955 static int AddressTestCmpIPv408(void)
2956 {
2957  DetectAddress *da = NULL, *db = NULL;
2958  int result = 1;
2959 
2960  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2961  if (da == NULL) goto error;
2962  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2963  if (db == NULL) goto error;
2964 
2965  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2966  result = 0;
2967 
2968  DetectAddressFree(da);
2969  DetectAddressFree(db);
2970  return result;
2971 
2972 error:
2973  if (da) DetectAddressFree(da);
2974  if (db) DetectAddressFree(db);
2975  return 0;
2976 }
2977 
2978 static int AddressTestCmp07(void)
2979 {
2980  DetectAddress *da = NULL, *db = NULL;
2981  int result = 1;
2982 
2983  da = DetectAddressParseSingle("2001::/3");
2984  if (da == NULL) goto error;
2985  db = DetectAddressParseSingle("2001::1/3");
2986  if (db == NULL) goto error;
2987 
2988  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2989  result = 0;
2990 
2991  DetectAddressFree(da);
2992  DetectAddressFree(db);
2993  return result;
2994 
2995 error:
2996  if (da) DetectAddressFree(da);
2997  if (db) DetectAddressFree(db);
2998  return 0;
2999 }
3000 
3001 static int AddressTestCmp08(void)
3002 {
3003  DetectAddress *da = NULL, *db = NULL;
3004  int result = 1;
3005 
3006  da = DetectAddressParseSingle("2001::/3");
3007  if (da == NULL) goto error;
3008  db = DetectAddressParseSingle("2001::/8");
3009  if (db == NULL) goto error;
3010 
3011  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3012  result = 0;
3013 
3014  DetectAddressFree(da);
3015  DetectAddressFree(db);
3016  return result;
3017 
3018 error:
3019  if (da) DetectAddressFree(da);
3020  if (db) DetectAddressFree(db);
3021  return 0;
3022 }
3023 
3024 static int AddressTestCmp09(void)
3025 {
3026  DetectAddress *da = NULL, *db = NULL;
3027  int result = 1;
3028 
3029  da = DetectAddressParseSingle("2001::/8");
3030  if (da == NULL) goto error;
3031  db = DetectAddressParseSingle("2001::/3");
3032  if (db == NULL) goto error;
3033 
3034  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3035  result = 0;
3036 
3037  DetectAddressFree(da);
3038  DetectAddressFree(db);
3039  return result;
3040 
3041 error:
3042  if (da) DetectAddressFree(da);
3043  if (db) DetectAddressFree(db);
3044  return 0;
3045 }
3046 
3047 static int AddressTestCmp10(void)
3048 {
3049  DetectAddress *da = NULL, *db = NULL;
3050  int result = 1;
3051 
3052  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3053  if (da == NULL) goto error;
3054  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3055  if (db == NULL) goto error;
3056 
3057  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3058  result = 0;
3059 
3060  DetectAddressFree(da);
3061  DetectAddressFree(db);
3062  return result;
3063 
3064 error:
3065  if (da) DetectAddressFree(da);
3066  if (db) DetectAddressFree(db);
3067  return 0;
3068 }
3069 
3070 static int AddressTestCmp11(void)
3071 {
3072  DetectAddress *da = NULL, *db = NULL;
3073  int result = 1;
3074 
3075  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3076  if (da == NULL) goto error;
3077  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3078  if (db == NULL) goto error;
3079 
3080  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3081  result = 0;
3082 
3083  DetectAddressFree(da);
3084  DetectAddressFree(db);
3085  return result;
3086 
3087 error:
3088  if (da) DetectAddressFree(da);
3089  if (db) DetectAddressFree(db);
3090  return 0;
3091 }
3092 
3093 static int AddressTestCmp12(void)
3094 {
3095  DetectAddress *da = NULL, *db = NULL;
3096  int result = 1;
3097 
3098  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3099  if (da == NULL) goto error;
3100  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3101  if (db == NULL) goto error;
3102 
3103  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3104  result = 0;
3105 
3106  DetectAddressFree(da);
3107  DetectAddressFree(db);
3108  return result;
3109 
3110 error:
3111  if (da) DetectAddressFree(da);
3112  if (db) DetectAddressFree(db);
3113  return 0;
3114 }
3115 
3116 static int AddressTestAddressGroupSetup01(void)
3117 {
3118  int result = 0;
3119  DetectAddressHead *gh = DetectAddressHeadInit();
3120 
3121  if (gh != NULL) {
3122  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3123  if (r == 0)
3124  result = 1;
3125 
3126  DetectAddressHeadFree(gh);
3127  }
3128  return result;
3129 }
3130 
3131 static int AddressTestAddressGroupSetup02(void)
3132 {
3133  int result = 0;
3134  DetectAddressHead *gh = DetectAddressHeadInit();
3135 
3136  if (gh != NULL) {
3137  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3138  if (r == 0 && gh->ipv4_head != NULL)
3139  result = 1;
3140 
3141  DetectAddressHeadFree(gh);
3142  }
3143  return result;
3144 }
3145 
3146 static int AddressTestAddressGroupSetup03(void)
3147 {
3148  int result = 0;
3149  DetectAddressHead *gh = DetectAddressHeadInit();
3150 
3151  if (gh != NULL) {
3152  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3153  if (r == 0 && gh->ipv4_head != NULL) {
3154  DetectAddress *prev_head = gh->ipv4_head;
3155 
3156  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3157  if (r == 0 && gh->ipv4_head != prev_head &&
3158  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3159  result = 1;
3160  }
3161  }
3162 
3163  DetectAddressHeadFree(gh);
3164  }
3165  return result;
3166 }
3167 
3168 static int AddressTestAddressGroupSetup04(void)
3169 {
3170  int result = 0;
3171  DetectAddressHead *gh = DetectAddressHeadInit();
3172 
3173  if (gh != NULL) {
3174  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3175  if (r == 0 && gh->ipv4_head != NULL) {
3176  DetectAddress *prev_head = gh->ipv4_head;
3177 
3178  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3179  if (r == 0 && gh->ipv4_head != prev_head &&
3180  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3181  DetectAddress *ph = gh->ipv4_head;
3182 
3183  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3184  if (r == 0 && gh->ipv4_head != ph &&
3185  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3186  result = 1;
3187  }
3188  }
3189  }
3190 
3191  DetectAddressHeadFree(gh);
3192  }
3193  return result;
3194 }
3195 
3196 static int AddressTestAddressGroupSetup05(void)
3197 {
3198  int result = 0;
3199  DetectAddressHead *gh = DetectAddressHeadInit();
3200 
3201  if (gh != NULL) {
3202  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3203  if (r == 0 && gh->ipv4_head != NULL) {
3204  DetectAddress *prev_head = gh->ipv4_head;
3205 
3206  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3207  if (r == 0 && gh->ipv4_head == prev_head &&
3208  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3209  DetectAddress *ph = gh->ipv4_head;
3210 
3211  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3212  if (r == 0 && gh->ipv4_head == ph &&
3213  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3214  result = 1;
3215  }
3216  }
3217  }
3218 
3219  DetectAddressHeadFree(gh);
3220  }
3221  return result;
3222 }
3223 
3224 static int AddressTestAddressGroupSetup06(void)
3225 {
3226  int result = 0;
3227  DetectAddressHead *gh = DetectAddressHeadInit();
3228 
3229  if (gh != NULL) {
3230  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3231  if (r == 0 && gh->ipv4_head != NULL) {
3232  DetectAddress *prev_head = gh->ipv4_head;
3233 
3234  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3235  if (r == 0 && gh->ipv4_head == prev_head &&
3236  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3237  result = 1;
3238  }
3239  }
3240 
3241  DetectAddressHeadFree(gh);
3242  }
3243  return result;
3244 }
3245 
3246 static int AddressTestAddressGroupSetup07(void)
3247 {
3248  int result = 0;
3249  DetectAddressHead *gh = DetectAddressHeadInit();
3250 
3251  if (gh != NULL) {
3252  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3253  if (r == 0 && gh->ipv4_head != NULL) {
3254  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3255  if (r == 0 && gh->ipv4_head != NULL &&
3256  gh->ipv4_head->next != NULL &&
3257  gh->ipv4_head->next->next != NULL) {
3258  result = 1;
3259  }
3260  }
3261 
3262  DetectAddressHeadFree(gh);
3263  }
3264  return result;
3265 }
3266 
3267 static int AddressTestAddressGroupSetup08(void)
3268 {
3269  int result = 0;
3270  DetectAddressHead *gh = DetectAddressHeadInit();
3271 
3272  if (gh != NULL) {
3273  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3274  if (r == 0 && gh->ipv4_head != NULL) {
3275  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3276  if (r == 0 && gh->ipv4_head != NULL &&
3277  gh->ipv4_head->next != NULL &&
3278  gh->ipv4_head->next->next != NULL) {
3279  result = 1;
3280  }
3281  }
3282 
3283  DetectAddressHeadFree(gh);
3284  }
3285  return result;
3286 }
3287 
3288 static int AddressTestAddressGroupSetup09(void)
3289 {
3290  int result = 0;
3291  DetectAddressHead *gh = DetectAddressHeadInit();
3292 
3293  if (gh != NULL) {
3294  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3295  if (r == 0 && gh->ipv4_head != NULL) {
3296  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3297  if (r == 0 && gh->ipv4_head != NULL &&
3298  gh->ipv4_head->next != NULL &&
3299  gh->ipv4_head->next->next != NULL) {
3300  result = 1;
3301  }
3302  }
3303 
3304  DetectAddressHeadFree(gh);
3305  }
3306  return result;
3307 }
3308 
3309 static int AddressTestAddressGroupSetup10(void)
3310 {
3311  int result = 0;
3312  DetectAddressHead *gh = DetectAddressHeadInit();
3313 
3314  if (gh != NULL) {
3315  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3316  if (r == 0 && gh->ipv4_head != NULL) {
3317  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3318  if (r == 0 && gh->ipv4_head != NULL &&
3319  gh->ipv4_head->next != NULL &&
3320  gh->ipv4_head->next->next != NULL) {
3321  result = 1;
3322  }
3323  }
3324 
3325  DetectAddressHeadFree(gh);
3326  }
3327  return result;
3328 }
3329 
3330 static int AddressTestAddressGroupSetup11(void)
3331 {
3332  int result = 0;
3333  DetectAddressHead *gh = DetectAddressHeadInit();
3334 
3335  if (gh != NULL) {
3336  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3337  if (r == 0) {
3338  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3339  if (r == 0) {
3340  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3341  if (r == 0) {
3342  DetectAddress *one = gh->ipv4_head, *two = one->next,
3343  *three = two->next, *four = three->next,
3344  *five = four->next;
3345 
3346  /* result should be:
3347  * 0.0.0.0/10.10.9.255
3348  * 10.10.10.0/10.10.10.9
3349  * 10.10.10.10/10.10.10.255
3350  * 10.10.11.0/10.10.11.1
3351  * 10.10.11.2/255.255.255.255
3352  */
3353  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3354  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3355  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3356  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3357  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3358  result = 1;
3359  }
3360  }
3361  }
3362  }
3363 
3364  DetectAddressHeadFree(gh);
3365  }
3366  return result;
3367 }
3368 
3369 static int AddressTestAddressGroupSetup12 (void)
3370 {
3371  int result = 0;
3372  DetectAddressHead *gh = DetectAddressHeadInit();
3373 
3374  if (gh != NULL) {
3375  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3376  if (r == 0) {
3377  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3378  if (r == 0) {
3379  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3380  if (r == 0) {
3381  DetectAddress *one = gh->ipv4_head, *two = one->next,
3382  *three = two->next, *four = three->next,
3383  *five = four->next;
3384 
3385  /* result should be:
3386  * 0.0.0.0/10.10.9.255
3387  * 10.10.10.0/10.10.10.9
3388  * 10.10.10.10/10.10.10.255
3389  * 10.10.11.0/10.10.11.1
3390  * 10.10.11.2/255.255.255.255
3391  */
3392  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3393  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3394  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3395  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3396  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3397  result = 1;
3398  }
3399  }
3400  }
3401  }
3402 
3403  DetectAddressHeadFree(gh);
3404  }
3405  return result;
3406 }
3407 
3408 static int AddressTestAddressGroupSetup13(void)
3409 {
3410  int result = 0;
3411  DetectAddressHead *gh = DetectAddressHeadInit();
3412 
3413  if (gh != NULL) {
3414  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3415  if (r == 0) {
3416  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3417  if (r == 0) {
3418  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3419  if (r == 0) {
3420  DetectAddress *one = gh->ipv4_head, *two = one->next,
3421  *three = two->next, *four = three->next,
3422  *five = four->next;
3423 
3424  /* result should be:
3425  * 0.0.0.0/10.10.9.255
3426  * 10.10.10.0/10.10.10.9
3427  * 10.10.10.10/10.10.10.255
3428  * 10.10.11.0/10.10.11.1
3429  * 10.10.11.2/255.255.255.255
3430  */
3431  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3432  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3433  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3434  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3435  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3436  result = 1;
3437  }
3438  }
3439  }
3440  }
3441 
3442  DetectAddressHeadFree(gh);
3443  }
3444  return result;
3445 }
3446 
3447 static int AddressTestAddressGroupSetupIPv414(void)
3448 {
3449  DetectAddressHead *gh = DetectAddressHeadInit();
3450  FAIL_IF_NULL(gh);
3451 
3452  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3453  FAIL_IF_NOT(r == 1);
3454 
3455  DetectAddress *one = gh->ipv4_head;
3456  FAIL_IF_NULL(one);
3457  DetectAddress *two = one->next;
3458  FAIL_IF_NULL(two);
3459 
3460  /* result should be:
3461  * 0.0.0.0/1.2.3.3
3462  * 1.2.3.5/255.255.255.255
3463  */
3464  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3465  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3466  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3467  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3468  DetectAddressHeadFree(gh);
3469 
3470  PASS;
3471 }
3472 
3473 static int AddressTestAddressGroupSetupIPv415(void)
3474 {
3475  DetectAddressHead *gh = DetectAddressHeadInit();
3476  FAIL_IF_NULL(gh);
3477 
3478  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3479  FAIL_IF_NOT(r == 1);
3480 
3481  DetectAddress *one = gh->ipv4_head;
3482  FAIL_IF_NULL(one);
3483  FAIL_IF_NOT_NULL(one->next);
3484 
3485  /* result should be:
3486  * 0.0.0.1/255.255.255.255
3487  */
3488  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3489  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3490 
3491  DetectAddressHeadFree(gh);
3492  PASS;
3493 }
3494 
3495 static int AddressTestAddressGroupSetupIPv416(void)
3496 {
3497  DetectAddressHead *gh = DetectAddressHeadInit();
3498  FAIL_IF_NULL(gh);
3499 
3500  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3501  FAIL_IF_NOT(r == 1);
3502 
3503  DetectAddress *one = gh->ipv4_head;
3504  FAIL_IF_NULL(one);
3505  FAIL_IF_NOT_NULL(one->next);
3506 
3507  /* result should be:
3508  * 0.0.0.0/255.255.255.254
3509  */
3510  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3511  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3512 
3513  DetectAddressHeadFree(gh);
3514  PASS;
3515 }
3516 
3517 static int AddressTestAddressGroupSetup14(void)
3518 {
3519  int result = 0;
3520  DetectAddressHead *gh = DetectAddressHeadInit();
3521 
3522  if (gh != NULL) {
3523  int r = DetectAddressParse(NULL, gh, "2001::1");
3524  if (r == 0)
3525  result = 1;
3526 
3527  DetectAddressHeadFree(gh);
3528  }
3529  return result;
3530 }
3531 
3532 static int AddressTestAddressGroupSetup15(void)
3533 {
3534  int result = 0;
3535  DetectAddressHead *gh = DetectAddressHeadInit();
3536 
3537  if (gh != NULL) {
3538  int r = DetectAddressParse(NULL, gh, "2001::1");
3539  if (r == 0 && gh->ipv6_head != NULL)
3540  result = 1;
3541 
3542  DetectAddressHeadFree(gh);
3543  }
3544  return result;
3545 }
3546 
3547 static int AddressTestAddressGroupSetup16(void)
3548 {
3549  int result = 0;
3550  DetectAddressHead *gh = DetectAddressHeadInit();
3551 
3552  if (gh != NULL) {
3553  int r = DetectAddressParse(NULL, gh, "2001::4");
3554  if (r == 0 && gh->ipv6_head != NULL) {
3555  DetectAddress *prev_head = gh->ipv6_head;
3556 
3557  r = DetectAddressParse(NULL, gh, "2001::3");
3558  if (r == 0 && gh->ipv6_head != prev_head &&
3559  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3560  result = 1;
3561  }
3562  }
3563 
3564  DetectAddressHeadFree(gh);
3565  }
3566  return result;
3567 }
3568 
3569 static int AddressTestAddressGroupSetup17(void)
3570 {
3571  int result = 0;
3572  DetectAddressHead *gh = DetectAddressHeadInit();
3573 
3574  if (gh != NULL) {
3575  int r = DetectAddressParse(NULL, gh, "2001::4");
3576  if (r == 0 && gh->ipv6_head != NULL) {
3577  DetectAddress *prev_head = gh->ipv6_head;
3578 
3579  r = DetectAddressParse(NULL, gh, "2001::3");
3580  if (r == 0 && gh->ipv6_head != prev_head &&
3581  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3582  DetectAddress *ph = gh->ipv6_head;
3583 
3584  r = DetectAddressParse(NULL, gh, "2001::2");
3585  if (r == 0 && gh->ipv6_head != ph &&
3586  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3587  result = 1;
3588  }
3589  }
3590  }
3591 
3592  DetectAddressHeadFree(gh);
3593  }
3594  return result;
3595 }
3596 
3597 static int AddressTestAddressGroupSetup18(void)
3598 {
3599  int result = 0;
3600  DetectAddressHead *gh = DetectAddressHeadInit();
3601 
3602  if (gh != NULL) {
3603  int r = DetectAddressParse(NULL, gh, "2001::2");
3604  if (r == 0 && gh->ipv6_head != NULL) {
3605  DetectAddress *prev_head = gh->ipv6_head;
3606 
3607  r = DetectAddressParse(NULL, gh, "2001::3");
3608  if (r == 0 && gh->ipv6_head == prev_head &&
3609  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3610  DetectAddress *ph = gh->ipv6_head;
3611 
3612  r = DetectAddressParse(NULL, gh, "2001::4");
3613  if (r == 0 && gh->ipv6_head == ph &&
3614  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3615  result = 1;
3616  }
3617  }
3618  }
3619 
3620  DetectAddressHeadFree(gh);
3621  }
3622  return result;
3623 }
3624 
3625 static int AddressTestAddressGroupSetup19(void)
3626 {
3627  int result = 0;
3628  DetectAddressHead *gh = DetectAddressHeadInit();
3629 
3630  if (gh != NULL) {
3631  int r = DetectAddressParse(NULL, gh, "2001::2");
3632  if (r == 0 && gh->ipv6_head != NULL) {
3633  DetectAddress *prev_head = gh->ipv6_head;
3634 
3635  r = DetectAddressParse(NULL, gh, "2001::2");
3636  if (r == 0 && gh->ipv6_head == prev_head &&
3637  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3638  result = 1;
3639  }
3640  }
3641 
3642  DetectAddressHeadFree(gh);
3643  }
3644  return result;
3645 }
3646 
3647 static int AddressTestAddressGroupSetup20(void)
3648 {
3649  int result = 0;
3650  DetectAddressHead *gh = DetectAddressHeadInit();
3651 
3652  if (gh != NULL) {
3653  int r = DetectAddressParse(NULL, gh, "2000::/3");
3654  if (r == 0 && gh->ipv6_head != NULL) {
3655  r = DetectAddressParse(NULL, gh, "2001::4");
3656  if (r == 0 && gh->ipv6_head != NULL &&
3657  gh->ipv6_head->next != NULL &&
3658  gh->ipv6_head->next->next != NULL) {
3659  result = 1;
3660  }
3661  }
3662 
3663  DetectAddressHeadFree(gh);
3664  }
3665  return result;
3666 }
3667 
3668 static int AddressTestAddressGroupSetup21(void)
3669 {
3670  int result = 0;
3671  DetectAddressHead *gh = DetectAddressHeadInit();
3672 
3673  if (gh != NULL) {
3674  int r = DetectAddressParse(NULL, gh, "2001::4");
3675  if (r == 0 && gh->ipv6_head != NULL) {
3676  r = DetectAddressParse(NULL, gh, "2000::/3");
3677  if (r == 0 && gh->ipv6_head != NULL &&
3678  gh->ipv6_head->next != NULL &&
3679  gh->ipv6_head->next->next != NULL) {
3680  result = 1;
3681  }
3682  }
3683 
3684  DetectAddressHeadFree(gh);
3685  }
3686  return result;
3687 }
3688 
3689 static int AddressTestAddressGroupSetup22(void)
3690 {
3691  int result = 0;
3692  DetectAddressHead *gh = DetectAddressHeadInit();
3693 
3694  if (gh != NULL) {
3695  int r = DetectAddressParse(NULL, gh, "2000::/3");
3696  if (r == 0 && gh->ipv6_head != NULL) {
3697  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3698  if (r == 0 && gh->ipv6_head != NULL &&
3699  gh->ipv6_head->next != NULL &&
3700  gh->ipv6_head->next->next != NULL) {
3701  result = 1;
3702  }
3703  }
3704 
3705  DetectAddressHeadFree(gh);
3706  }
3707  return result;
3708 }
3709 
3710 static int AddressTestAddressGroupSetup23(void)
3711 {
3712  int result = 0;
3713  DetectAddressHead *gh = DetectAddressHeadInit();
3714 
3715  if (gh != NULL) {
3716  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3717  if (r == 0 && gh->ipv6_head != NULL) {
3718  r = DetectAddressParse(NULL, gh, "2000::/3");
3719  if (r == 0 && gh->ipv6_head != NULL &&
3720  gh->ipv6_head->next != NULL &&
3721  gh->ipv6_head->next->next != NULL) {
3722  result = 1;
3723  }
3724  }
3725 
3726  DetectAddressHeadFree(gh);
3727  }
3728  return result;
3729 }
3730 
3731 static int AddressTestAddressGroupSetup24(void)
3732 {
3733  int result = 0;
3734  DetectAddressHead *gh = DetectAddressHeadInit();
3735 
3736  if (gh != NULL) {
3737  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3738  if (r == 0) {
3739  r = DetectAddressParse(NULL, gh, "2001::/3");
3740  if (r == 0) {
3741  r = DetectAddressParse(NULL, gh, "::/0");
3742  if (r == 0) {
3743  DetectAddress *one = gh->ipv6_head, *two = one->next,
3744  *three = two->next, *four = three->next,
3745  *five = four->next;
3746  if (one->ip.addr_data32[0] == 0x00000000 &&
3747  one->ip.addr_data32[1] == 0x00000000 &&
3748  one->ip.addr_data32[2] == 0x00000000 &&
3749  one->ip.addr_data32[3] == 0x00000000 &&
3750  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3751  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3752  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3753  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3754 
3755  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3756  two->ip.addr_data32[1] == 0x00000000 &&
3757  two->ip.addr_data32[2] == 0x00000000 &&
3758  two->ip.addr_data32[3] == 0x00000000 &&
3759  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3760  two->ip2.addr_data32[1] == 0x00000000 &&
3761  two->ip2.addr_data32[2] == 0x00000000 &&
3762  two->ip2.addr_data32[3] == SCNtohl(3) &&
3763 
3764  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3765  three->ip.addr_data32[1] == 0x00000000 &&
3766  three->ip.addr_data32[2] == 0x00000000 &&
3767  three->ip.addr_data32[3] == SCNtohl(4) &&
3768  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3769  three->ip2.addr_data32[1] == 0x00000000 &&
3770  three->ip2.addr_data32[2] == 0x00000000 &&
3771  three->ip2.addr_data32[3] == SCNtohl(6) &&
3772 
3773  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3774  four->ip.addr_data32[1] == 0x00000000 &&
3775  four->ip.addr_data32[2] == 0x00000000 &&
3776  four->ip.addr_data32[3] == SCNtohl(7) &&
3777  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3778  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3779  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3780  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3781 
3782  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3783  five->ip.addr_data32[1] == 0x00000000 &&
3784  five->ip.addr_data32[2] == 0x00000000 &&
3785  five->ip.addr_data32[3] == 0x00000000 &&
3786  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3787  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3788  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3789  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3790  result = 1;
3791  }
3792  }
3793  }
3794  }
3795 
3796  DetectAddressHeadFree(gh);
3797  }
3798  return result;
3799 }
3800 
3801 static int AddressTestAddressGroupSetup25(void)
3802 {
3803  int result = 0;
3804  DetectAddressHead *gh = DetectAddressHeadInit();
3805 
3806  if (gh != NULL) {
3807  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3808  if (r == 0) {
3809  r = DetectAddressParse(NULL, gh, "::/0");
3810  if (r == 0) {
3811  r = DetectAddressParse(NULL, gh, "2001::/3");
3812  if (r == 0) {
3813  DetectAddress *one = gh->ipv6_head, *two = one->next,
3814  *three = two->next, *four = three->next,
3815  *five = four->next;
3816  if (one->ip.addr_data32[0] == 0x00000000 &&
3817  one->ip.addr_data32[1] == 0x00000000 &&
3818  one->ip.addr_data32[2] == 0x00000000 &&
3819  one->ip.addr_data32[3] == 0x00000000 &&
3820  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3821  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3822  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3823  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3824 
3825  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3826  two->ip.addr_data32[1] == 0x00000000 &&
3827  two->ip.addr_data32[2] == 0x00000000 &&
3828  two->ip.addr_data32[3] == 0x00000000 &&
3829  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3830  two->ip2.addr_data32[1] == 0x00000000 &&
3831  two->ip2.addr_data32[2] == 0x00000000 &&
3832  two->ip2.addr_data32[3] == SCNtohl(3) &&
3833 
3834  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3835  three->ip.addr_data32[1] == 0x00000000 &&
3836  three->ip.addr_data32[2] == 0x00000000 &&
3837  three->ip.addr_data32[3] == SCNtohl(4) &&
3838  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3839  three->ip2.addr_data32[1] == 0x00000000 &&
3840  three->ip2.addr_data32[2] == 0x00000000 &&
3841  three->ip2.addr_data32[3] == SCNtohl(6) &&
3842 
3843  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3844  four->ip.addr_data32[1] == 0x00000000 &&
3845  four->ip.addr_data32[2] == 0x00000000 &&
3846  four->ip.addr_data32[3] == SCNtohl(7) &&
3847  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3848  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3849  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3850  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3851 
3852  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3853  five->ip.addr_data32[1] == 0x00000000 &&
3854  five->ip.addr_data32[2] == 0x00000000 &&
3855  five->ip.addr_data32[3] == 0x00000000 &&
3856  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3857  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3858  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3859  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3860  result = 1;
3861  }
3862  }
3863  }
3864  }
3865 
3866  DetectAddressHeadFree(gh);
3867  }
3868  return result;
3869 }
3870 
3871 static int AddressTestAddressGroupSetup26(void)
3872 {
3873  int result = 0;
3874  DetectAddressHead *gh = DetectAddressHeadInit();
3875 
3876  if (gh != NULL) {
3877  int r = DetectAddressParse(NULL, gh, "::/0");
3878  if (r == 0) {
3879  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3880  if (r == 0) {
3881  r = DetectAddressParse(NULL, gh, "2001::/3");
3882  if (r == 0) {
3883  DetectAddress *one = gh->ipv6_head, *two = one->next,
3884  *three = two->next, *four = three->next,
3885  *five = four->next;
3886  if (one->ip.addr_data32[0] == 0x00000000 &&
3887  one->ip.addr_data32[1] == 0x00000000 &&
3888  one->ip.addr_data32[2] == 0x00000000 &&
3889  one->ip.addr_data32[3] == 0x00000000 &&
3890  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3891  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3892  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3893  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3894 
3895  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3896  two->ip.addr_data32[1] == 0x00000000 &&
3897  two->ip.addr_data32[2] == 0x00000000 &&
3898  two->ip.addr_data32[3] == 0x00000000 &&
3899  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3900  two->ip2.addr_data32[1] == 0x00000000 &&
3901  two->ip2.addr_data32[2] == 0x00000000 &&
3902  two->ip2.addr_data32[3] == SCNtohl(3) &&
3903 
3904  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3905  three->ip.addr_data32[1] == 0x00000000 &&
3906  three->ip.addr_data32[2] == 0x00000000 &&
3907  three->ip.addr_data32[3] == SCNtohl(4) &&
3908  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3909  three->ip2.addr_data32[1] == 0x00000000 &&
3910  three->ip2.addr_data32[2] == 0x00000000 &&
3911  three->ip2.addr_data32[3] == SCNtohl(6) &&
3912 
3913  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3914  four->ip.addr_data32[1] == 0x00000000 &&
3915  four->ip.addr_data32[2] == 0x00000000 &&
3916  four->ip.addr_data32[3] == SCNtohl(7) &&
3917  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3918  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3919  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3920  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3921 
3922  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3923  five->ip.addr_data32[1] == 0x00000000 &&
3924  five->ip.addr_data32[2] == 0x00000000 &&
3925  five->ip.addr_data32[3] == 0x00000000 &&
3926  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3927  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3928  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3929  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3930  result = 1;
3931  }
3932  }
3933  }
3934  }
3935 
3936  DetectAddressHeadFree(gh);
3937  }
3938  return result;
3939 }
3940 
3941 static int AddressTestAddressGroupSetup27(void)
3942 {
3943  int result = 0;
3944  DetectAddressHead *gh = DetectAddressHeadInit();
3945 
3946  if (gh != NULL) {
3947  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3948  if (r == 0)
3949  result = 1;
3950 
3951  DetectAddressHeadFree(gh);
3952  }
3953  return result;
3954 }
3955 
3956 static int AddressTestAddressGroupSetup28(void)
3957 {
3958  int result = 0;
3959  DetectAddressHead *gh = DetectAddressHeadInit();
3960 
3961  if (gh != NULL) {
3962  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3963  if (r == 0)
3964  result = 1;
3965 
3966  DetectAddressHeadFree(gh);
3967  }
3968  return result;
3969 }
3970 
3971 static int AddressTestAddressGroupSetup29(void)
3972 {
3973  int result = 0;
3974  DetectAddressHead *gh = DetectAddressHeadInit();
3975 
3976  if (gh != NULL) {
3977  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3978  if (r == 0)
3979  result = 1;
3980 
3981  DetectAddressHeadFree(gh);
3982  }
3983  return result;
3984 }
3985 
3986 static int AddressTestAddressGroupSetup30(void)
3987 {
3988  int result = 0;
3989  DetectAddressHead *gh = DetectAddressHeadInit();
3990 
3991  if (gh != NULL) {
3992  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3993  if (r == 0)
3994  result = 1;
3995 
3996  DetectAddressHeadFree(gh);
3997  }
3998  return result;
3999 }
4000 
4001 static int AddressTestAddressGroupSetup31(void)
4002 {
4003  int result = 0;
4004  DetectAddressHead *gh = DetectAddressHeadInit();
4005 
4006  if (gh != NULL) {
4007  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4008  if (r == 0)
4009  result = 1;
4010 
4011  DetectAddressHeadFree(gh);
4012  }
4013  return result;
4014 }
4015 
4016 static int AddressTestAddressGroupSetup32(void)
4017 {
4018  int result = 0;
4019  DetectAddressHead *gh = DetectAddressHeadInit();
4020 
4021  if (gh != NULL) {
4022  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4023  if (r == 0)
4024  result = 1;
4025 
4026  DetectAddressHeadFree(gh);
4027  }
4028  return result;
4029 }
4030 
4031 static int AddressTestAddressGroupSetup33(void)
4032 {
4033  int result = 0;
4034  DetectAddressHead *gh = DetectAddressHeadInit();
4035 
4036  if (gh != NULL) {
4037  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4038  if (r == 1)
4039  result = 1;
4040 
4041  DetectAddressHeadFree(gh);
4042  }
4043  return result;
4044 }
4045 
4046 static int AddressTestAddressGroupSetup34(void)
4047 {
4048  int result = 0;
4049  DetectAddressHead *gh = DetectAddressHeadInit();
4050 
4051  if (gh != NULL) {
4052  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4053  if (r == 1)
4054  result = 1;
4055 
4056  DetectAddressHeadFree(gh);
4057  }
4058  return result;
4059 }
4060 
4061 static int AddressTestAddressGroupSetup35(void)
4062 {
4063  int result = 0;
4064  DetectAddressHead *gh = DetectAddressHeadInit();
4065 
4066  if (gh != NULL) {
4067  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4068  if (r == 1)
4069  result = 1;
4070 
4071  DetectAddressHeadFree(gh);
4072  }
4073  return result;
4074 }
4075 
4076 static int AddressTestAddressGroupSetup36 (void)
4077 {
4078  int result = 0;
4079 
4080  DetectAddressHead *gh = DetectAddressHeadInit();
4081  if (gh != NULL) {
4082  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4083  if (r == 1)
4084  result = 1;
4085 
4086  DetectAddressHeadFree(gh);
4087  }
4088  return result;
4089 }
4090 
4091 static int AddressTestAddressGroupSetup37(void)
4092 {
4093  int result = 0;
4094  DetectAddressHead *gh = DetectAddressHeadInit();
4095 
4096  if (gh != NULL) {
4097  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4098  if (r == 0)
4099  result = 1;
4100 
4101  DetectAddressHeadFree(gh);
4102  }
4103  return result;
4104 }
4105 
4106 static int AddressTestAddressGroupSetup38(void)
4107 {
4108  UTHValidateDetectAddressHeadRange expectations[3] = {
4109  { "0.0.0.0", "192.167.255.255" },
4110  { "192.168.14.0", "192.168.14.255" },
4111  { "192.169.0.0", "255.255.255.255" } };
4112  int result = 0;
4113  DetectAddressHead *gh = DetectAddressHeadInit();
4114 
4115  if (gh != NULL) {
4116  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4117  if (r == 1) {
4118  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4119  result = 1;
4120  }
4121 
4122  DetectAddressHeadFree(gh);
4123  }
4124  return result;
4125 }
4126 
4127 static int AddressTestAddressGroupSetup39(void)
4128 {
4129  UTHValidateDetectAddressHeadRange expectations[3] = {
4130  { "0.0.0.0", "192.167.255.255" },
4131  { "192.168.14.0", "192.168.14.255" },
4132  { "192.169.0.0", "255.255.255.255" } };
4133  int result = 0;
4134  DetectAddressHead *gh = DetectAddressHeadInit();
4135 
4136  if (gh != NULL) {
4137  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4138  if (r == 1) {
4139  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4140  result = 1;
4141  }
4142 
4143  DetectAddressHeadFree(gh);
4144  }
4145  return result;
4146 }
4147 
4148 static int AddressTestAddressGroupSetup40(void)
4149 {
4150  UTHValidateDetectAddressHeadRange expectations[3] = {
4151  { "0.0.0.0", "192.167.255.255" },
4152  { "192.168.14.0", "192.168.14.255" },
4153  { "192.169.0.0", "255.255.255.255" } };
4154  int result = 0;
4155  DetectAddressHead *gh = DetectAddressHeadInit();
4156  if (gh != NULL) {
4157  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4158  if (r == 1) {
4159  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4160  result = 1;
4161  }
4162 
4163  DetectAddressHeadFree(gh);
4164  }
4165  return result;
4166 }
4167 
4168 static int AddressTestAddressGroupSetup41(void)
4169 {
4170  UTHValidateDetectAddressHeadRange expectations[3] = {
4171  { "0.0.0.0", "192.167.255.255" },
4172  { "192.168.14.0", "192.168.14.255" },
4173  { "192.169.0.0", "255.255.255.255" } };
4174  int result = 0;
4175  DetectAddressHead *gh = DetectAddressHeadInit();
4176  if (gh != NULL) {
4177  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4178  if (r == 1) {
4179  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4180  result = 1;
4181  }
4182 
4183  DetectAddressHeadFree(gh);
4184  }
4185  return result;
4186 }
4187 
4188 static int AddressTestAddressGroupSetup42(void)
4189 {
4190  UTHValidateDetectAddressHeadRange expectations[1] = {
4191  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4192  int result = 0;
4193  DetectAddressHead *gh = DetectAddressHeadInit();
4194  if (gh != NULL) {
4195  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4196  if (r == 0) {
4197  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4198  result = 1;
4199  }
4200 
4201  DetectAddressHeadFree(gh);
4202  }
4203  return result;
4204 }
4205 
4206 static int AddressTestAddressGroupSetup43(void)
4207 {
4208  UTHValidateDetectAddressHeadRange expectations[2] = {
4209  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4210  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4211  int result = 0;
4212  DetectAddressHead *gh = DetectAddressHeadInit();
4213  if (gh != NULL) {
4214  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4215  if (r == 1) {
4216  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4217  result = 1;
4218  }
4219 
4220  DetectAddressHeadFree(gh);
4221  }
4222  return result;
4223 }
4224 
4225 static int AddressTestAddressGroupSetup44(void)
4226 {
4227  UTHValidateDetectAddressHeadRange expectations[2] = {
4228  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4229  int result = 0;
4230  DetectAddressHead *gh = DetectAddressHeadInit();
4231  if (gh != NULL) {
4232  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4233  if (r == 0) {
4234  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4235  result = 1;
4236  }
4237 
4238  DetectAddressHeadFree(gh);
4239  }
4240  return result;
4241 }
4242 
4243 static int AddressTestAddressGroupSetup45(void)
4244 {
4245  int result = 0;
4246  DetectAddressHead *gh = DetectAddressHeadInit();
4247  if (gh != NULL) {
4248  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4249  if (r != 0) {
4250  result = 1;
4251  }
4252 
4253  DetectAddressHeadFree(gh);
4254  }
4255  return result;
4256 }
4257 
4258 static int AddressTestAddressGroupSetup46(void)
4259 {
4260  UTHValidateDetectAddressHeadRange expectations[4] = {
4261  { "0.0.0.0", "192.167.255.255" },
4262  { "192.168.1.0", "192.168.1.255" },
4263  { "192.168.3.0", "192.168.3.255" },
4264  { "192.169.0.0", "255.255.255.255" } };
4265  int result = 0;
4266  DetectAddressHead *gh = DetectAddressHeadInit();
4267  if (gh != NULL) {
4268  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4269  if (r == 1) {
4270  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4271  result = 1;
4272  }
4273 
4274  DetectAddressHeadFree(gh);
4275  }
4276  return result;
4277 }
4278 
4279 /** \test net with some negations, then all negated */
4280 static int AddressTestAddressGroupSetup47(void)
4281 {
4282  UTHValidateDetectAddressHeadRange expectations[5] = {
4283  { "0.0.0.0", "192.167.255.255" },
4284  { "192.168.1.0", "192.168.1.255" },
4285  { "192.168.3.0", "192.168.3.255" },
4286  { "192.168.5.0", "192.168.5.255" },
4287  { "192.169.0.0", "255.255.255.255" } };
4288  int result = 0;
4289  DetectAddressHead *gh = DetectAddressHeadInit();
4290  if (gh != NULL) {
4291  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4292  if (r == 1) {
4293  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4294  result = 1;
4295  }
4296 
4297  DetectAddressHeadFree(gh);
4298  }
4299  return result;
4300 }
4301 
4302 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4303 static int AddressTestAddressGroupSetup48(void)
4304 {
4305  UTHValidateDetectAddressHeadRange expectations[4] = {
4306  { "192.168.0.0", "192.168.0.255" },
4307  { "192.168.2.0", "192.168.2.255" },
4308  { "192.168.4.0", "192.168.4.255" },
4309  { "192.168.6.0", "192.168.255.255" } };
4310  int result = 0;
4311  DetectAddressHead *gh = DetectAddressHeadInit();
4312  if (gh != NULL) {
4313  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4314  if (r == 1) {
4315  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4316  result = 1;
4317  }
4318 
4319  DetectAddressHeadFree(gh);
4320  }
4321  return result;
4322 }
4323 
4324 static int AddressTestCutIPv401(void)
4325 {
4326  DetectAddress *c;
4327  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4328  FAIL_IF_NULL(a);
4329  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4330  FAIL_IF_NULL(b);
4331 
4332  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4333 
4334  DetectAddressFree(a);
4335  DetectAddressFree(b);
4336  DetectAddressFree(c);
4337  PASS;
4338 }
4339 
4340 static int AddressTestCutIPv402(void)
4341 {
4342  DetectAddress *a, *b, *c;
4343  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4344  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4345 
4346  if (DetectAddressCut(NULL, a, b, &c) == -1)
4347  goto error;
4348 
4349  if (c == NULL)
4350  goto error;
4351 
4352  DetectAddressFree(a);
4353  DetectAddressFree(b);
4354  DetectAddressFree(c);
4355  return 1;
4356 
4357 error:
4358  DetectAddressFree(a);
4359  DetectAddressFree(b);
4360  DetectAddressFree(c);
4361  return 0;
4362 }
4363 
4364 static int AddressTestCutIPv403(void)
4365 {
4366  DetectAddress *a, *b, *c;
4367  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4368  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4369 
4370  if (DetectAddressCut(NULL, a, b, &c) == -1)
4371  goto error;
4372 
4373  if (c == NULL)
4374  goto error;
4375 
4376  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4377  goto error;
4378  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4379  goto error;
4380  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4381  goto error;
4382 
4383  DetectAddressFree(a);
4384  DetectAddressFree(b);
4385  DetectAddressFree(c);
4386  return 1;
4387 
4388 error:
4389  DetectAddressFree(a);
4390  DetectAddressFree(b);
4391  DetectAddressFree(c);
4392  return 0;
4393 }
4394 
4395 static int AddressTestCutIPv404(void)
4396 {
4397  DetectAddress *a, *b, *c;
4398  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4399  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4400 
4401  if (DetectAddressCut(NULL, a, b, &c) == -1)
4402  goto error;
4403 
4404  if (c == NULL)
4405  goto error;
4406 
4407  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4408  goto error;
4409  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4410  goto error;
4411  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4412  goto error;
4413 
4414 
4415  DetectAddressFree(a);
4416  DetectAddressFree(b);
4417  DetectAddressFree(c);
4418  return 1;
4419 
4420 error:
4421  DetectAddressFree(a);
4422  DetectAddressFree(b);
4423  DetectAddressFree(c);
4424  return 0;
4425 }
4426 
4427 static int AddressTestCutIPv405(void)
4428 {
4429  DetectAddress *a, *b, *c;
4430  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4431  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4432 
4433  if (DetectAddressCut(NULL, a, b, &c) == -1)
4434  goto error;
4435 
4436  if (c == NULL)
4437  goto error;
4438 
4439  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4440  goto error;
4441  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4442  goto error;
4443  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4444  goto error;
4445 
4446  DetectAddressFree(a);
4447  DetectAddressFree(b);
4448  DetectAddressFree(c);
4449  return 1;
4450 
4451 error:
4452  DetectAddressFree(a);
4453  DetectAddressFree(b);
4454  DetectAddressFree(c);
4455  return 0;
4456 }
4457 
4458 static int AddressTestCutIPv406(void)
4459 {
4460  DetectAddress *a, *b, *c;
4461  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4462  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4463 
4464  if (DetectAddressCut(NULL, a, b, &c) == -1)
4465  goto error;
4466 
4467  if (c == NULL)
4468  goto error;
4469 
4470  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4471  goto error;
4472  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4473  goto error;
4474  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4475  goto error;
4476 
4477  DetectAddressFree(a);
4478  DetectAddressFree(b);
4479  DetectAddressFree(c);
4480  return 1;
4481 
4482 error:
4483  DetectAddressFree(a);
4484  DetectAddressFree(b);
4485  DetectAddressFree(c);
4486  return 0;
4487 }
4488 
4489 static int AddressTestCutIPv407(void)
4490 {
4491  DetectAddress *a, *b, *c;
4492  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4493  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4494 
4495  if (DetectAddressCut(NULL, a, b, &c) == -1)
4496  goto error;
4497 
4498  if (c != NULL)
4499  goto error;
4500 
4501  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4502  goto error;
4503  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4504  goto error;
4505 
4506  DetectAddressFree(a);
4507  DetectAddressFree(b);
4508  DetectAddressFree(c);
4509  return 1;
4510 
4511 error:
4512  DetectAddressFree(a);
4513  DetectAddressFree(b);
4514  DetectAddressFree(c);
4515  return 0;
4516 }
4517 
4518 static int AddressTestCutIPv408(void)
4519 {
4520  DetectAddress *a, *b, *c;
4521  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4522  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4523 
4524  if (DetectAddressCut(NULL, a, b, &c) == -1)
4525  goto error;
4526 
4527  if (c != NULL)
4528  goto error;
4529 
4530  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4531  goto error;
4532  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4533  goto error;
4534 
4535  DetectAddressFree(a);
4536  DetectAddressFree(b);
4537  DetectAddressFree(c);
4538  return 1;
4539 
4540 error:
4541  DetectAddressFree(a);
4542  DetectAddressFree(b);
4543  DetectAddressFree(c);
4544  return 0;
4545 }
4546 
4547 static int AddressTestCutIPv409(void)
4548 {
4549  DetectAddress *a, *b, *c;
4550  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4551  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4552 
4553  if (DetectAddressCut(NULL, a, b, &c) == -1)
4554  goto error;
4555 
4556  if (c != NULL)
4557  goto error;
4558 
4559  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4560  goto error;
4561  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4562  goto error;
4563 
4564  DetectAddressFree(a);
4565  DetectAddressFree(b);
4566  DetectAddressFree(c);
4567  return 1;
4568 
4569 error:
4570  DetectAddressFree(a);
4571  DetectAddressFree(b);
4572  DetectAddressFree(c);
4573  return 0;
4574 }
4575 
4576 static int AddressTestCutIPv410(void)
4577 {
4578  DetectAddress *a, *b, *c;
4579  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4580  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4581 
4582  if (DetectAddressCut(NULL, a, b, &c) == -1)
4583  goto error;
4584 
4585  if (c != NULL)
4586  goto error;
4587 
4588  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4589  goto error;
4590  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4591  goto error;
4592 
4593  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4594 
4595  DetectAddressFree(a);
4596  DetectAddressFree(b);
4597  DetectAddressFree(c);
4598  return 1;
4599 
4600 error:
4601  DetectAddressFree(a);
4602  DetectAddressFree(b);
4603  DetectAddressFree(c);
4604  return 0;
4605 }
4606 
4607 static int AddressTestParseInvalidMask01(void)
4608 {
4609  int result = 1;
4610  DetectAddress *dd = NULL;
4611 
4612  dd = DetectAddressParseSingle("192.168.2.0/33");
4613  if (dd != NULL) {
4614  DetectAddressFree(dd);
4615  result = 0;
4616  }
4617  return result;
4618 }
4619 
4620 static int AddressTestParseInvalidMask02(void)
4621 {
4622  int result = 1;
4623  DetectAddress *dd = NULL;
4624 
4625  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4626  if (dd != NULL) {
4627  DetectAddressFree(dd);
4628  result = 0;
4629  }
4630  return result;
4631 }
4632 
4633 static int AddressTestParseInvalidMask03(void)
4634 {
4635  int result = 1;
4636  DetectAddress *dd = NULL;
4637 
4638  dd = DetectAddressParseSingle("192.168.2.0/blue");
4639  if (dd != NULL) {
4640  DetectAddressFree(dd);
4641  result = 0;
4642  }
4643  return result;
4644 }
4645 
4646 static int AddressConfVarsTest01(void)
4647 {
4648  static const char *dummy_conf_string =
4649  "%YAML 1.1\n"
4650  "---\n"
4651  "\n"
4652  "vars:\n"
4653  "\n"
4654  " address-groups:\n"
4655  "\n"
4656  " HOME_NET: \"any\"\n"
4657  "\n"
4658  " EXTERNAL_NET: \"!any\"\n"
4659  "\n"
4660  " port-groups:\n"
4661  "\n"
4662  " HTTP_PORTS: \"any\"\n"
4663  "\n"
4664  " SHELLCODE_PORTS: \"!any\"\n"
4665  "\n";
4666 
4667  int result = 0;
4668 
4670  ConfInit();
4671  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4672 
4674  result = 1;
4675 
4676  ConfDeInit();
4678 
4679  return result;
4680 }
4681 
4682 static int AddressConfVarsTest02(void)
4683 {
4684  static const char *dummy_conf_string =
4685  "%YAML 1.1\n"
4686  "---\n"
4687  "\n"
4688  "vars:\n"
4689  "\n"
4690  " address-groups:\n"
4691  "\n"
4692  " HOME_NET: \"any\"\n"
4693  "\n"
4694  " EXTERNAL_NET: \"any\"\n"
4695  "\n"
4696  " port-groups:\n"
4697  "\n"
4698  " HTTP_PORTS: \"any\"\n"
4699  "\n"
4700  " SHELLCODE_PORTS: \"!any\"\n"
4701  "\n";
4702 
4703  int result = 0;
4704 
4706  ConfInit();
4707  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4708 
4710  result = 1;
4711 
4712  ConfDeInit();
4714 
4715  return result;
4716 }
4717 
4718 static int AddressConfVarsTest03(void)
4719 {
4720  static const char *dummy_conf_string =
4721  "%YAML 1.1\n"
4722  "---\n"
4723  "\n"
4724  "vars:\n"
4725  "\n"
4726  " address-groups:\n"
4727  "\n"
4728  " HOME_NET: \"any\"\n"
4729  "\n"
4730  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4731  "\n"
4732  " port-groups:\n"
4733  "\n"
4734  " HTTP_PORTS: \"any\"\n"
4735  "\n"
4736  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4737  "\n";
4738 
4739  int result = 0;
4740 
4742  ConfInit();
4743  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4744 
4746  result = 1;
4747 
4748  ConfDeInit();
4750 
4751  return result;
4752 }
4753 
4754 static int AddressConfVarsTest04(void)
4755 {
4756  static const char *dummy_conf_string =
4757  "%YAML 1.1\n"
4758  "---\n"
4759  "\n"
4760  "vars:\n"
4761  "\n"
4762  " address-groups:\n"
4763  "\n"
4764  " HOME_NET: \"any\"\n"
4765  "\n"
4766  " EXTERNAL_NET: \"$HOME_NET\"\n"
4767  "\n"
4768  " port-groups:\n"
4769  "\n"
4770  " HTTP_PORTS: \"any\"\n"
4771  "\n"
4772  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4773  "\n";
4774 
4775  int result = 0;
4776 
4778  ConfInit();
4779  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4780 
4782  result = 1;
4783 
4784  ConfDeInit();
4786 
4787  return result;
4788 }
4789 
4790 static int AddressConfVarsTest05(void)
4791 {
4792  static const char *dummy_conf_string =
4793  "%YAML 1.1\n"
4794  "---\n"
4795  "\n"
4796  "vars:\n"
4797  "\n"
4798  " address-groups:\n"
4799  "\n"
4800  " HOME_NET: \"any\"\n"
4801  "\n"
4802  " EXTERNAL_NET: [192.168.0.1]\n"
4803  "\n"
4804  " port-groups:\n"
4805  "\n"
4806  " HTTP_PORTS: \"any\"\n"
4807  "\n"
4808  " SHELLCODE_PORTS: [80]\n"
4809  "\n";
4810 
4811  int result = 0;
4812 
4814  ConfInit();
4815  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4816 
4817  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4818  goto end;
4819 
4820  result = 1;
4821 
4822  end:
4823  ConfDeInit();
4825 
4826  return result;
4827 }
4828 
4829 static int AddressConfVarsTest06(void)
4830 {
4831  // HOME_NET value size = 10261 bytes
4832  static const char *dummy_conf_string =
4833  "%YAML 1.1\n"
4834  "---\n"
4835  "\n"
4836  "vars:\n"
4837  "\n"
4838  " address-groups:\n"
4839  "\n"
4840  " HOME_NET: "
4841  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4842  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4843  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4844  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4845  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4846  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4847  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4976  "\n"
4977  " EXTERNAL_NET: \"any\"\n"
4978  "\n";
4979 
4981  ConfInit();
4982  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4983 
4985 
4986  ConfDeInit();
4988 
4989  PASS;
4990 }
4991 
4992 #endif /* UNITTESTS */
4993 
4994 void DetectAddressTests(void)
4995 {
4996 #ifdef UNITTESTS
4999 
5000  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5001  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5002  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5003  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5004  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5005  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5006  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5007  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5008  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5009  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5010  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5011  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5012  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5013  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5014  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5015  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5016  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5017  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5018  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5019  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5020  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5021  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5022  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5023  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5024  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5025  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5026  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5027  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5028  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5029  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5030  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5031  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5032  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5033  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5034  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5035  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5036  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5037  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5038 
5039  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5040  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5041  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5042  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5043  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5044  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5045  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5046  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5047  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5048  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5049  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5050 
5051  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5052  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5053  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5054  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5055  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5056  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5057  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5058  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5059 
5060  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5061  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5062  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5063  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5064  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5065  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5066 
5067  UtRegisterTest("AddressTestAddressGroupSetup01",
5068  AddressTestAddressGroupSetup01);
5069  UtRegisterTest("AddressTestAddressGroupSetup02",
5070  AddressTestAddressGroupSetup02);
5071  UtRegisterTest("AddressTestAddressGroupSetup03",
5072  AddressTestAddressGroupSetup03);
5073  UtRegisterTest("AddressTestAddressGroupSetup04",
5074  AddressTestAddressGroupSetup04);
5075  UtRegisterTest("AddressTestAddressGroupSetup05",
5076  AddressTestAddressGroupSetup05);
5077  UtRegisterTest("AddressTestAddressGroupSetup06",
5078  AddressTestAddressGroupSetup06);
5079  UtRegisterTest("AddressTestAddressGroupSetup07",
5080  AddressTestAddressGroupSetup07);
5081  UtRegisterTest("AddressTestAddressGroupSetup08",
5082  AddressTestAddressGroupSetup08);
5083  UtRegisterTest("AddressTestAddressGroupSetup09",
5084  AddressTestAddressGroupSetup09);
5085  UtRegisterTest("AddressTestAddressGroupSetup10",
5086  AddressTestAddressGroupSetup10);
5087  UtRegisterTest("AddressTestAddressGroupSetup11",
5088  AddressTestAddressGroupSetup11);
5089  UtRegisterTest("AddressTestAddressGroupSetup12",
5090  AddressTestAddressGroupSetup12);
5091  UtRegisterTest("AddressTestAddressGroupSetup13",
5092  AddressTestAddressGroupSetup13);
5093  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5094  AddressTestAddressGroupSetupIPv414);
5095  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5096  AddressTestAddressGroupSetupIPv415);
5097  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5098  AddressTestAddressGroupSetupIPv416);
5099 
5100  UtRegisterTest("AddressTestAddressGroupSetup14",
5101  AddressTestAddressGroupSetup14);
5102  UtRegisterTest("AddressTestAddressGroupSetup15",
5103  AddressTestAddressGroupSetup15);
5104  UtRegisterTest("AddressTestAddressGroupSetup16",
5105  AddressTestAddressGroupSetup16);
5106  UtRegisterTest("AddressTestAddressGroupSetup17",
5107  AddressTestAddressGroupSetup17);
5108  UtRegisterTest("AddressTestAddressGroupSetup18",
5109  AddressTestAddressGroupSetup18);
5110  UtRegisterTest("AddressTestAddressGroupSetup19",
5111  AddressTestAddressGroupSetup19);
5112  UtRegisterTest("AddressTestAddressGroupSetup20",
5113  AddressTestAddressGroupSetup20);
5114  UtRegisterTest("AddressTestAddressGroupSetup21",
5115  AddressTestAddressGroupSetup21);
5116  UtRegisterTest("AddressTestAddressGroupSetup22",
5117  AddressTestAddressGroupSetup22);
5118  UtRegisterTest("AddressTestAddressGroupSetup23",
5119  AddressTestAddressGroupSetup23);
5120  UtRegisterTest("AddressTestAddressGroupSetup24",
5121  AddressTestAddressGroupSetup24);
5122  UtRegisterTest("AddressTestAddressGroupSetup25",
5123  AddressTestAddressGroupSetup25);
5124  UtRegisterTest("AddressTestAddressGroupSetup26",
5125  AddressTestAddressGroupSetup26);
5126 
5127  UtRegisterTest("AddressTestAddressGroupSetup27",
5128  AddressTestAddressGroupSetup27);
5129  UtRegisterTest("AddressTestAddressGroupSetup28",
5130  AddressTestAddressGroupSetup28);
5131  UtRegisterTest("AddressTestAddressGroupSetup29",
5132  AddressTestAddressGroupSetup29);
5133  UtRegisterTest("AddressTestAddressGroupSetup30",
5134  AddressTestAddressGroupSetup30);
5135  UtRegisterTest("AddressTestAddressGroupSetup31",
5136  AddressTestAddressGroupSetup31);
5137  UtRegisterTest("AddressTestAddressGroupSetup32",
5138  AddressTestAddressGroupSetup32);
5139  UtRegisterTest("AddressTestAddressGroupSetup33",
5140  AddressTestAddressGroupSetup33);
5141  UtRegisterTest("AddressTestAddressGroupSetup34",
5142  AddressTestAddressGroupSetup34);
5143  UtRegisterTest("AddressTestAddressGroupSetup35",
5144  AddressTestAddressGroupSetup35);
5145  UtRegisterTest("AddressTestAddressGroupSetup36",
5146  AddressTestAddressGroupSetup36);
5147  UtRegisterTest("AddressTestAddressGroupSetup37",
5148  AddressTestAddressGroupSetup37);
5149  UtRegisterTest("AddressTestAddressGroupSetup38",
5150  AddressTestAddressGroupSetup38);
5151  UtRegisterTest("AddressTestAddressGroupSetup39",
5152  AddressTestAddressGroupSetup39);
5153  UtRegisterTest("AddressTestAddressGroupSetup40",
5154  AddressTestAddressGroupSetup40);
5155  UtRegisterTest("AddressTestAddressGroupSetup41",
5156  AddressTestAddressGroupSetup41);
5157  UtRegisterTest("AddressTestAddressGroupSetup42",
5158  AddressTestAddressGroupSetup42);
5159  UtRegisterTest("AddressTestAddressGroupSetup43",
5160  AddressTestAddressGroupSetup43);
5161  UtRegisterTest("AddressTestAddressGroupSetup44",
5162  AddressTestAddressGroupSetup44);
5163  UtRegisterTest("AddressTestAddressGroupSetup45",
5164  AddressTestAddressGroupSetup45);
5165  UtRegisterTest("AddressTestAddressGroupSetup46",
5166  AddressTestAddressGroupSetup46);
5167  UtRegisterTest("AddressTestAddressGroupSetup47",
5168  AddressTestAddressGroupSetup47);
5169  UtRegisterTest("AddressTestAddressGroupSetup48",
5170  AddressTestAddressGroupSetup48);
5171 
5172  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5173  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5174  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5175  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5176  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5177  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5178  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5179  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5180  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5181  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5182 
5183  UtRegisterTest("AddressTestParseInvalidMask01",
5184  AddressTestParseInvalidMask01);
5185  UtRegisterTest("AddressTestParseInvalidMask02",
5186  AddressTestParseInvalidMask02);
5187  UtRegisterTest("AddressTestParseInvalidMask03",
5188  AddressTestParseInvalidMask03);
5189 
5190  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5191  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5192  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5193  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5194  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5195  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5196 #endif /* UNITTESTS */
5197 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:349
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:167
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1394
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1292
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:353
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AddressIPv6Le
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1589
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:165
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectAddressHead_
Definition: detect.h:180
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1476
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
Address_::address
union Address_::@26 address
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:154
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1337
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
Address_
Definition: decode.h:108
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:156
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:168
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1106
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1798
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:174
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:155
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1881
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:230
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:150
detect-engine-port.h
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:151
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:523
DetectAddress_::ip2
Address ip2
Definition: detect.h:168
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1035
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:482
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:127
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
util-rule-vars.h
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:669
HashListTable_
Definition: util-hashlist.h:37
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:149
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
DetectAddressMap_
Definition: detect-engine-address.c:1289
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:182
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1622
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:986
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
ConfNode_::name
char * name
Definition: conf.h:33
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:679
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1326
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:178
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1880
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1291
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:413
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:704
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:139
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:176
DetectMatchAddressIPv6_
Definition: detect.h:191
DetectMatchAddressIPv4_
Definition: detect.h:186
Address_::family
char family
Definition: decode.h:109
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1434
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:688
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1874
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:159
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1882
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:123
AddressIPv6Gt
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
AddressIPv6Ge
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:171
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1562
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:181
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:152
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1290
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1217
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:153