suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
98  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
113  DetectAddressHeadCleanup(gh);
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
127 DetectAddress *DetectAddressCopy(DetectAddress *orig)
128 {
129  DetectAddress *ag = DetectAddressInit();
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 /**
140  * \brief Frees a list of DetectAddress instances.
141  *
142  * \param head Pointer to a list of DetectAddress instances to be freed.
143  */
144 void DetectAddressCleanupList(DetectAddress *head)
145 {
146  for (DetectAddress *cur = head; cur != NULL; ) {
147  DetectAddress *next = cur->next;
148  cur->next = NULL;
149  DetectAddressFree(cur);
150  cur = next;
151  }
152 }
153 
154 /**
155  * \internal
156  * \brief Helper function for DetectAddressInsert. Sets one of the
157  * DetectAddressHead head pointers, to the DetectAddress argument
158  * based on its address family.
159  *
160  * \param gh Pointer to the DetectAddressHead.
161  * \param newhead Pointer to the DetectAddress.
162  *
163  * \retval 0 On success.
164  * \retval -1 On failure.
165  */
166 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
167 {
168  if (newhead->ip.family == AF_INET) {
169  gh->ipv4_head = newhead;
170  } else if (newhead->ip.family == AF_INET6) {
171  gh->ipv6_head = newhead;
172  } else {
173  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
174  return -1;
175  }
176 
177  return 0;
178 }
179 
180 /**
181  * \internal
182  * \brief Returns the DetectAddress head from the DetectAddressHeads,
183  * based on the address family of the incoming DetectAddress arg.
184  *
185  * \param gh Pointer to the DetectAddressHead.
186  * \param new Pointer to the DetectAddress.
187  *
188  * \retval head Pointer to the DetectAddress(the head from
189  * DetectAddressHead).
190  */
191 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
192 {
193  DetectAddress *head = NULL;
194 
195  if (new->ip.family == AF_INET)
196  head = gh->ipv4_head;
197  else if (new->ip.family == AF_INET6)
198  head = gh->ipv6_head;
199 
200  return head;
201 }
202 
203 /**
204  * \internal
205  * \brief insert DetectAddress into a DetectAddressHead
206  *
207  * \param de_ctx Pointer to the detection engine context.
208  * \param gh Pointer to the DetectAddressHead list to which it has to
209  * be inserted.
210  * \param new Pointer to the DetectAddress, that has to be inserted.
211  *
212  * \retval 1 On successfully inserting it.
213  * \retval -1 On error.
214  * \retval 0 Not inserted, memory of new is freed.
215  */
216 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
217  DetectAddress *new)
218 {
219  DetectAddress *head = NULL;
220  DetectAddress *cur = NULL;
221  DetectAddress *c = NULL;
222  int r = 0;
223 
224  if (new == NULL)
225  return 0;
226 
227  /* get our head ptr based on the address we want to insert */
228  head = GetHeadPtr(gh, new);
229 
230  /* see if it already exists or overlaps with existing ag's */
231  if (head != NULL) {
232  cur = NULL;
233 
234  for (cur = head; cur != NULL; cur = cur->next) {
235  r = DetectAddressCmp(new, cur);
236  BUG_ON(r == ADDRESS_ER);
237 
238  /* if so, handle that */
239  if (r == ADDRESS_EQ) {
240  /* exact overlap/match */
241  if (cur != new) {
242  DetectAddressFree(new);
243  return 0;
244  }
245 
246  return 1;
247  } else if (r == ADDRESS_GT) {
248  /* only add it now if we are bigger than the last group.
249  * Otherwise we'll handle it later. */
250  if (cur->next == NULL) {
251  /* put in the list */
252  new->prev = cur;
253  cur->next = new;
254 
255  return 1;
256  }
257  } else if (r == ADDRESS_LT) {
258  /* see if we need to insert the ag anywhere put in the list */
259  if (cur->prev != NULL)
260  cur->prev->next = new;
261  new->prev = cur->prev;
262  new->next = cur;
263  cur->prev = new;
264 
265  /* update head if required */
266  if (head == cur) {
267  head = new;
268 
269  if (SetHeadPtr(gh, head) < 0)
270  goto error;
271  }
272 
273  return 1;
274  /* alright, those were the simple cases, lets handle the more
275  * complex ones now */
276  } else if (r == ADDRESS_ES) {
277  c = NULL;
278  r = DetectAddressCut(de_ctx, cur, new, &c);
279  if (r == -1)
280  goto error;
281 
282  DetectAddressInsert(de_ctx, gh, new);
283  if (c != NULL)
284  DetectAddressInsert(de_ctx, gh, c);
285 
286  return 1;
287  } else if (r == ADDRESS_EB) {
288  c = NULL;
289  r = DetectAddressCut(de_ctx, cur, new, &c);
290  if (r == -1)
291  goto error;
292 
293  DetectAddressInsert(de_ctx, gh, new);
294  if (c != NULL)
295  DetectAddressInsert(de_ctx, gh, c);
296 
297  return 1;
298  } else if (r == ADDRESS_LE) {
299  c = NULL;
300  r = DetectAddressCut(de_ctx, cur, new, &c);
301  if (r == -1)
302  goto error;
303 
304  DetectAddressInsert(de_ctx, gh, new);
305  if (c != NULL)
306  DetectAddressInsert(de_ctx, gh, c);
307 
308  return 1;
309  } else if (r == ADDRESS_GE) {
310  c = NULL;
311  r = DetectAddressCut(de_ctx, cur,new,&c);
312  if (r == -1)
313  goto error;
314 
315  DetectAddressInsert(de_ctx, gh, new);
316  if (c != NULL)
317  DetectAddressInsert(de_ctx, gh, c);
318 
319  return 1;
320  }
321  }
322 
323  /* head is NULL, so get a group and set head to it */
324  } else {
325  head = new;
326  if (SetHeadPtr(gh, head) < 0) {
327  SCLogDebug("SetHeadPtr failed");
328  goto error;
329  }
330  }
331 
332  return 1;
333 
334 error:
335  /* XXX */
336  return -1;
337 }
338 
339 /**
340  * \brief Checks if two address group lists are equal.
341  *
342  * \param list1 Pointer to the first address group list.
343  * \param list2 Pointer to the second address group list.
344  *
345  * \retval true On success.
346  * \retval false On failure.
347  */
348 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
349 {
350  DetectAddress *item = list1;
351  DetectAddress *it = list2;
352 
353  // First, compare items one by one.
354  while (item != NULL && it != NULL) {
355  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
356  return false;
357  }
358 
359  item = item->next;
360  it = it->next;
361  }
362 
363  // Are the lists of the same size?
364  return item == NULL && it == NULL;
365 }
366 
367 /**
368  * \internal
369  * \brief Parses an ipv4/ipv6 address string and updates the result into the
370  * DetectAddress instance sent as the argument.
371  *
372  * \param dd Pointer to the DetectAddress instance which should be updated with
373  * the address range details from the parsed ip string.
374  * \param str Pointer to address string that has to be parsed.
375  *
376  * \retval 0 On successfully parsing the address string.
377  * \retval -1 On failure.
378  */
379 static int DetectAddressParseString(DetectAddress *dd, const char *str)
380 {
381  char *ip = NULL;
382  char *ip2 = NULL;
383  char *mask = NULL;
384  int r = 0;
385  char ipstr[256];
386 
387  /* shouldn't see 'any' here */
388  BUG_ON(strcasecmp(str, "any") == 0);
389 
390  strlcpy(ipstr, str, sizeof(ipstr));
391  SCLogDebug("str %s", str);
392 
393  /* we work with a copy so that we can put a
394  * nul-termination in it later */
395  ip = ipstr;
396 
397  /* handle the negation case */
398  if (ip[0] == '!') {
399  dd->flags |= ADDRESS_FLAG_NOT;
400  ip++;
401  }
402 
403  /* see if the address is an ipv4 or ipv6 address */
404  if ((strchr(str, ':')) == NULL) {
405  /* IPv4 Address */
406  struct in_addr in;
407 
408  dd->ip.family = AF_INET;
409 
410  if ((mask = strchr(ip, '/')) != NULL) {
411  /* 1.2.3.4/xxx format (either dotted or cidr notation */
412  ip[mask - ip] = '\0';
413  mask++;
414  uint32_t ip4addr = 0;
415  uint32_t netmask = 0;
416 
417  if ((strchr (mask, '.')) == NULL) {
418  /* 1.2.3.4/24 format */
419 
420  for (size_t u = 0; u < strlen(mask); u++) {
421  if(!isdigit((unsigned char)mask[u]))
422  goto error;
423  }
424 
425  int cidr;
426  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
427  goto error;
428  netmask = CIDRGet(cidr);
429  } else {
430  /* 1.2.3.4/255.255.255.0 format */
431  r = inet_pton(AF_INET, mask, &in);
432  if (r <= 0)
433  goto error;
434 
435  netmask = in.s_addr;
436 
437  /* validate netmask */
438  int cidr = CIDRFromMask(netmask);
439  if (cidr < 0) {
440  SCLogError(
441  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
442  "CIDR notation are supported. See ticket #5168.",
443  mask);
444  goto error;
445  }
446  }
447 
448  r = inet_pton(AF_INET, ip, &in);
449  if (r <= 0)
450  goto error;
451 
452  ip4addr = in.s_addr;
453 
454  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
455  dd->ip2.addr_data32[0] |=~ netmask;
456  } else if ((ip2 = strchr(ip, '-')) != NULL) {
457  /* 1.2.3.4-1.2.3.6 range format */
458  ip[ip2 - ip] = '\0';
459  ip2++;
460 
461  r = inet_pton(AF_INET, ip, &in);
462  if (r <= 0)
463  goto error;
464  dd->ip.addr_data32[0] = in.s_addr;
465 
466  r = inet_pton(AF_INET, ip2, &in);
467  if (r <= 0)
468  goto error;
469  dd->ip2.addr_data32[0] = in.s_addr;
470 
471  /* a > b is illegal, a = b is ok */
472  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
473  goto error;
474  } else {
475  /* 1.2.3.4 format */
476  r = inet_pton(AF_INET, ip, &in);
477  if (r <= 0)
478  goto error;
479  /* single host */
480  dd->ip.addr_data32[0] = in.s_addr;
481  dd->ip2.addr_data32[0] = in.s_addr;
482  }
483  } else {
484  /* IPv6 Address */
485  struct in6_addr in6, mask6;
486  uint32_t ip6addr[4], netmask[4];
487 
488  dd->ip.family = AF_INET6;
489 
490  if ((mask = strchr(ip, '/')) != NULL) {
491  ip[mask - ip] = '\0';
492  mask++;
493 
494  int cidr;
495  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
496  goto error;
497 
498  r = inet_pton(AF_INET6, ip, &in6);
499  if (r <= 0)
500  goto error;
501  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
502 
503  CIDRGetIPv6(cidr, &mask6);
504  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
505 
506  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
507  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
508  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
509  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
510 
511  dd->ip2.addr_data32[0] |=~ netmask[0];
512  dd->ip2.addr_data32[1] |=~ netmask[1];
513  dd->ip2.addr_data32[2] |=~ netmask[2];
514  dd->ip2.addr_data32[3] |=~ netmask[3];
515  } else if ((ip2 = strchr(ip, '-')) != NULL) {
516  /* 2001::1-2001::4 range format */
517  ip[ip2 - ip] = '\0';
518  ip2++;
519 
520  r = inet_pton(AF_INET6, ip, &in6);
521  if (r <= 0)
522  goto error;
523  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
524 
525  r = inet_pton(AF_INET6, ip2, &in6);
526  if (r <= 0)
527  goto error;
528  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
529 
530  /* a > b is illegal, a=b is ok */
531  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
532  goto error;
533  } else {
534  r = inet_pton(AF_INET6, ip, &in6);
535  if (r <= 0)
536  goto error;
537 
538  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
539  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
540  }
541 
542  }
543 
544  BUG_ON(dd->ip.family == 0);
545 
546  return 0;
547 
548 error:
549  return -1;
550 }
551 
552 /**
553  * \internal
554  * \brief Simply parse an address and return a DetectAddress instance containing
555  * the address ranges of the parsed ip addressstring
556  *
557  * \param str Pointer to a character string containing the ip address
558  *
559  * \retval dd Pointer to the DetectAddress instance containing the address
560  * range details from the parsed ip string
561  */
562 static DetectAddress *DetectAddressParseSingle(const char *str)
563 {
564  SCLogDebug("str %s", str);
565 
566  DetectAddress *dd = DetectAddressInit();
567  if (dd == NULL)
568  return NULL;
569 
570  if (DetectAddressParseString(dd, str) < 0) {
571  SCLogDebug("AddressParse failed");
572  DetectAddressFree(dd);
573  return NULL;
574  }
575 
576  return dd;
577 }
578 
579 /**
580  * \brief Setup a single address string, parse it and add the resulting
581  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
582  *
583  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
584  * resulting Address-Range(s) from the parsed ip string has to
585  * be added.
586  * \param s Pointer to the ip address string to be parsed.
587  *
588  * \retval 0 On success.
589  * \retval -1 On failure.
590  */
591 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
592 {
593  SCLogDebug("gh %p, s %s", gh, s);
594 
595  while (*s != '\0' && isspace(*s))
596  s++;
597 
598  if (strcasecmp(s, "any") == 0) {
599  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
600 
601  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
602  if (ad == NULL)
603  return -1;
604 
605  BUG_ON(ad->ip.family == 0);
606 
607  if (DetectAddressInsert(NULL, gh, ad) < 0) {
608  SCLogDebug("DetectAddressInsert failed");
609  DetectAddressFree(ad);
610  return -1;
611  }
612 
613  ad = DetectAddressParseSingle("::/0");
614  if (ad == NULL)
615  return -1;
616 
617  BUG_ON(ad->ip.family == 0);
618 
619  if (DetectAddressInsert(NULL, gh, ad) < 0) {
620  SCLogDebug("DetectAddressInsert failed");
621  DetectAddressFree(ad);
622  return -1;
623  }
624  return 0;
625  }
626 
627  /* parse the address */
628  DetectAddress *ad = DetectAddressParseSingle(s);
629  if (ad == NULL) {
630  SCLogError("failed to parse address \"%s\"", s);
631  return -1;
632  }
633 
634  /* handle the not case, we apply the negation then insert the part(s) */
635  if (ad->flags & ADDRESS_FLAG_NOT) {
636  DetectAddress *ad2 = NULL;
637 
638  if (DetectAddressCutNot(ad, &ad2) < 0) {
639  SCLogDebug("DetectAddressCutNot failed");
640  DetectAddressFree(ad);
641  return -1;
642  }
643 
644  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
645  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
646  if (ad2 != NULL) {
647  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
648  SCLogDebug("DetectAddressInsert failed");
649  DetectAddressFree(ad);
650  DetectAddressFree(ad2);
651  return -1;
652  }
653  }
654  }
655 
656  int r = DetectAddressInsert(NULL, gh, ad);
657  if (r < 0) {
658  SCLogDebug("DetectAddressInsert failed");
659  DetectAddressFree(ad);
660  return -1;
661  }
662  SCLogDebug("r %d",r);
663  return 0;
664 }
665 
666 /**
667  * \brief Parses an address string and updates the 2 address heads with the
668  * address data.
669  *
670  * Note that this function should only be called by the wrapping function
671  * DetectAddressParse2. The wrapping function provides long address handling
672  * when the address size exceeds a threshold value.
673  *
674  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
675  * since we pass around negate without keeping a count of ! with depth.
676  * Can solve this by keeping a count of the negations with depth, so that
677  * an even no of negations would count as no negation and an odd no of
678  * negations would count as a negation.
679  *
680  * \param gh Pointer to the address head that should hold address ranges
681  * that are not negated.
682  * \param ghn Pointer to the address head that should hold address ranges
683  * that are negated.
684  * \param s Pointer to the character string holding the address to be
685  * parsed.
686  * \param negate Flag that indicates if the received address string is negated
687  * or not. 0 if it is not, 1 it it is.
688  *
689  * \retval 0 On successfully parsing.
690  * \retval -1 On failure.
691  */
692 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
693  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
694  int recur, char *address, size_t address_length)
695 {
696  size_t x = 0;
697  size_t u = 0;
698  int o_set = 0, n_set = 0, d_set = 0;
699  int depth = 0;
700  const char *rule_var_address = NULL;
701  char *temp_rule_var_address = NULL;
702 
703  if (++recur > 64) {
704  SCLogError("address block recursion "
705  "limit reached (max 64)");
706  goto error;
707  }
708 
709  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
710 
711  size_t size = strlen(s);
712  for (u = 0, x = 0; u < size && x < address_length; u++) {
713  if (x == (address_length - 1)) {
714  SCLogError("Hit the address buffer"
715  " limit for the supplied address. Invalidating sig. "
716  "Please file a bug report on this.");
717  goto error;
718  }
719  address[x] = s[u];
720  x++;
721 
722  if (!o_set && s[u] == '!') {
723  n_set = 1;
724  x--;
725  } else if (s[u] == '[') {
726  if (!o_set) {
727  o_set = 1;
728  x = 0;
729  }
730  depth++;
731  } else if (s[u] == ']') {
732  if (depth == 1) {
733  address[x - 1] = '\0';
734  x = 0;
735  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
736  if (((negate + n_set) % 2) == 0) {
737  /* normal block */
738  SCLogDebug("normal block");
739 
740  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
741  goto error;
742  } else {
743  /* negated block
744  *
745  * Extra steps are necessary. First consider it as a normal
746  * (non-negated) range. Merge the + and - ranges if
747  * applicable. Then insert the result into the ghn list. */
748  SCLogDebug("negated block");
749 
750  DetectAddressHead tmp_gh = { NULL, NULL };
751  DetectAddressHead tmp_ghn = { NULL, NULL };
752 
753  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
754  DetectAddressHeadCleanup(&tmp_gh);
755  DetectAddressHeadCleanup(&tmp_ghn);
756  goto error;
757  }
758 
759  DetectAddress *tmp_ad;
760  DetectAddress *tmp_ad2;
761 #ifdef DEBUG
762  SCLogDebug("tmp_gh: IPv4");
763  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
764  DetectAddressPrint(tmp_ad);
765  }
766  SCLogDebug("tmp_ghn: IPv4");
767  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
768  DetectAddressPrint(tmp_ad);
769  }
770  SCLogDebug("tmp_gh: IPv6");
771  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
772  DetectAddressPrint(tmp_ad);
773  }
774  SCLogDebug("tmp_ghn: IPv6");
775  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
776  DetectAddressPrint(tmp_ad);
777  }
778 #endif
779  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
780  DetectAddressHeadCleanup(&tmp_ghn);
781  DetectAddressHeadCleanup(&tmp_gh);
782  goto error;
783  }
784  DetectAddressHeadCleanup(&tmp_ghn);
785 
786  SCLogDebug("merged successfully");
787 
788  /* insert the IPv4 addresses into the negated list */
789  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
790  /* work with a copy of the address group */
791  tmp_ad2 = DetectAddressCopy(tmp_ad);
792  if (tmp_ad2 == NULL) {
793  SCLogDebug("DetectAddressCopy failed");
794  DetectAddressHeadCleanup(&tmp_gh);
795  goto error;
796  }
797  DetectAddressPrint(tmp_ad2);
798  DetectAddressInsert(NULL, ghn, tmp_ad2);
799  }
800 
801  /* insert the IPv6 addresses into the negated list */
802  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
803  /* work with a copy of the address group */
804  tmp_ad2 = DetectAddressCopy(tmp_ad);
805  if (tmp_ad2 == NULL) {
806  SCLogDebug("DetectAddressCopy failed");
807  DetectAddressHeadCleanup(&tmp_gh);
808  goto error;
809  }
810  DetectAddressPrint(tmp_ad2);
811  DetectAddressInsert(NULL, ghn, tmp_ad2);
812  }
813 
814  DetectAddressHeadCleanup(&tmp_gh);
815  }
816  n_set = 0;
817  }
818  depth--;
819  } else if (depth == 0 && s[u] == ',') {
820  if (o_set == 1) {
821  o_set = 0;
822  } else if (d_set == 1) {
823  address[x - 1] = '\0';
824 
825  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
826  SC_RULE_VARS_ADDRESS_GROUPS);
827  if (rule_var_address == NULL)
828  goto error;
829 
830  if (strlen(rule_var_address) == 0) {
831  SCLogError("variable %s resolved "
832  "to nothing. This is likely a misconfiguration. "
833  "Note that a negated address needs to be quoted, "
834  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
835  s);
836  goto error;
837  }
838 
839  SCLogDebug("rule_var_address %s", rule_var_address);
840  if ((negate + n_set) % 2) {
841  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
842  const size_t str_size = strlen(rule_var_address) + 3 + 1;
843  temp_rule_var_address = SCMalloc(str_size);
844  if (unlikely(temp_rule_var_address == NULL))
845  goto error;
846  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
847  } else {
848  temp_rule_var_address = SCStrdup(rule_var_address);
849  if (unlikely(temp_rule_var_address == NULL))
850  goto error;
851  }
852 
853  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
854  (negate + n_set) % 2, var_list, recur) < 0) {
855  if (temp_rule_var_address != rule_var_address)
856  SCFree(temp_rule_var_address);
857  goto error;
858  }
859  d_set = 0;
860  n_set = 0;
861  SCFree(temp_rule_var_address);
862  } else {
863  address[x - 1] = '\0';
864 
865  if (!((negate + n_set) % 2)) {
866  SCLogDebug("DetectAddressSetup into gh, %s", address);
867  if (DetectAddressSetup(gh, address) < 0)
868  goto error;
869  } else {
870  SCLogDebug("DetectAddressSetup into ghn, %s", address);
871  if (DetectAddressSetup(ghn, address) < 0)
872  goto error;
873  }
874  n_set = 0;
875  }
876  x = 0;
877  } else if (depth == 0 && s[u] == '$') {
878  d_set = 1;
879  } else if (depth == 0 && u == size - 1) {
880  if (x == address_length) {
881  address[x - 1] = '\0';
882  } else {
883  address[x] = '\0';
884  }
885  x = 0;
886 
887  if (AddVariableToResolveList(var_list, address) == -1) {
888  SCLogError("Found a loop in a address "
889  "groups declaration. This is likely a misconfiguration.");
890  goto error;
891  }
892 
893  if (d_set == 1) {
894  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
895  SC_RULE_VARS_ADDRESS_GROUPS);
896  if (rule_var_address == NULL)
897  goto error;
898 
899  if (strlen(rule_var_address) == 0) {
900  SCLogError("variable %s resolved "
901  "to nothing. This is likely a misconfiguration. "
902  "Note that a negated address needs to be quoted, "
903  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
904  s);
905  goto error;
906  }
907 
908  SCLogDebug("rule_var_address %s", rule_var_address);
909  if ((negate + n_set) % 2) {
910  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
911  const size_t str_size = strlen(rule_var_address) + 3 + 1;
912  temp_rule_var_address = SCMalloc(str_size);
913  if (unlikely(temp_rule_var_address == NULL))
914  goto error;
915  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
916  } else {
917  temp_rule_var_address = SCStrdup(rule_var_address);
918  if (unlikely(temp_rule_var_address == NULL))
919  goto error;
920  }
921 
922  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
923  (negate + n_set) % 2, var_list, recur) < 0) {
924  SCLogDebug("DetectAddressParse2 hates us");
925  if (temp_rule_var_address != rule_var_address)
926  SCFree(temp_rule_var_address);
927  goto error;
928  }
929  d_set = 0;
930  SCFree(temp_rule_var_address);
931  } else {
932  if (!((negate + n_set) % 2)) {
933  SCLogDebug("DetectAddressSetup into gh, %s", address);
934  if (DetectAddressSetup(gh, address) < 0) {
935  SCLogDebug("DetectAddressSetup gh fail");
936  goto error;
937  }
938  } else {
939  SCLogDebug("DetectAddressSetup into ghn, %s", address);
940  if (DetectAddressSetup(ghn, address) < 0) {
941  SCLogDebug("DetectAddressSetup ghn fail");
942  goto error;
943  }
944  }
945  }
946  n_set = 0;
947  }
948  }
949  if (depth > 0) {
950  SCLogError("not every address block was "
951  "properly closed in \"%s\", %d missing closing brackets (]). "
952  "Note: problem might be in a variable.",
953  s, depth);
954  goto error;
955  } else if (depth < 0) {
956  SCLogError("not every address block was "
957  "properly opened in \"%s\", %d missing opening brackets ([). "
958  "Note: problem might be in a variable.",
959  s, depth * -1);
960  goto error;
961  }
962 
963  return 0;
964 
965 error:
966 
967  return -1;
968 }
969 
970 /**
971  * \internal
972  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
973  *
974  * \retval Return value from DetectAddressParseInternal
975  */
976 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
977  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
978  int recur)
979 {
980  int rc;
981 #define MAX_ADDRESS_LENGTH 8192
982 
983  size_t address_length = strlen(s);
984  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
985  char *address = SCCalloc(1, address_length);
986  if (address == NULL) {
987  SCLogError("Unable to allocate"
988  " memory for address parsing.");
989  return -1;
990  }
991  rc = DetectAddressParseInternal(
992  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
993  SCFree(address);
994  } else {
995  char address[MAX_ADDRESS_LENGTH] = "";
996  rc = DetectAddressParseInternal(
997  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
998  }
999  return rc;
1000 }
1001 
1002 /**
1003  * \internal
1004  * \brief See if the addresses and ranges in an address head cover the
1005  * entire ip space.
1006  *
1007  * \param gh Pointer to the DetectAddressHead to check.
1008  *
1009  * \retval 0 No.
1010  * \retval 1 Yes.
1011  *
1012  * \todo do the same for IPv6
1013  */
1014 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1015 {
1016  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1017  if (r == 1)
1018  return 1;
1019 
1020  return 0;
1021 }
1022 
1023 /**
1024  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1025  *
1026  * \param gh Pointer to the address head containing the non-NOT groups.
1027  * \param ghn Pointer to the address head containing the NOT groups.
1028  *
1029  * \retval 0 On success.
1030  * \retval -1 On failure.
1031  */
1032 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1033 {
1034  DetectAddress *ad;
1035  DetectAddress *ag, *ag2;
1036  int r = 0;
1037 
1038  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1039  ghn->ipv4_head);
1040 
1041  /* check if the negated list covers the entire ip space. If so
1042  * the user screwed up the rules/vars. */
1043  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1044  SCLogError("Complete IP space negated. "
1045  "Rule address range is NIL. Probably have a !any or "
1046  "an address range that supplies a NULL address range");
1047  goto error;
1048  }
1049 
1050  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1051  * not thingy. In that case we add a 0.0.0.0/0 first. */
1052  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1053  r = DetectAddressSetup(gh, "0.0.0.0/0");
1054  if (r < 0) {
1055  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1056  goto error;
1057  }
1058  }
1059  /* ... or ::/0 for ipv6 */
1060  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1061  r = DetectAddressSetup(gh, "::/0");
1062  if (r < 0) {
1063  SCLogDebug("DetectAddressSetup for ::/0 failed");
1064  goto error;
1065  }
1066  }
1067 
1068  /* step 1: insert our ghn members into the gh list */
1069  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1070  /* work with a copy of the ad so we can easily clean up the ghn group
1071  * later. */
1072  ad = DetectAddressCopy(ag);
1073  if (ad == NULL) {
1074  SCLogDebug("DetectAddressCopy failed");
1075  goto error;
1076  }
1077 
1078  r = DetectAddressInsert(NULL, gh, ad);
1079  if (r < 0) {
1080  SCLogDebug("DetectAddressInsert failed");
1081  goto error;
1082  }
1083  }
1084  /* ... and the same for ipv6 */
1085  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1086  /* work with a copy of the ad so we can easily clean up the ghn group
1087  * later. */
1088  ad = DetectAddressCopy(ag);
1089  if (ad == NULL) {
1090  SCLogDebug("DetectAddressCopy failed");
1091  goto error;
1092  }
1093 
1094  r = DetectAddressInsert(NULL, gh, ad);
1095  if (r < 0) {
1096  SCLogDebug("DetectAddressInsert failed");
1097  goto error;
1098  }
1099  }
1100 #ifdef DEBUG
1101  DetectAddress *tmp_ad;
1102  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1103  DetectAddressPrint(tmp_ad);
1104  }
1105 #endif
1106  int ipv4_applied = 0;
1107  int ipv6_applied = 0;
1108 
1109  /* step 2: pull the address blocks that match our 'not' blocks */
1110  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1111  SCLogDebug("ag %p", ag);
1112  DetectAddressPrint(ag);
1113 
1114  int applied = 0;
1115  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1116  SCLogDebug("ag2 %p", ag2);
1117  DetectAddressPrint(ag2);
1118 
1119  r = DetectAddressCmp(ag, ag2);
1120  /* XXX more ??? */
1121  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1122  if (ag2->prev != NULL)
1123  ag2->prev->next = ag2->next;
1124  if (ag2->next != NULL)
1125  ag2->next->prev = ag2->prev;
1126  if (gh->ipv4_head == ag2)
1127  gh->ipv4_head = ag2->next;
1128  /* store the next ptr and remove the group */
1129  DetectAddress *next_ag2 = ag2->next;
1130  DetectAddressFree(ag2);
1131  ag2 = next_ag2;
1132  applied = 1;
1133  } else {
1134  ag2 = ag2->next;
1135  }
1136  }
1137 
1138  if (applied) {
1139  ipv4_applied++;
1140  }
1141  }
1142  /* ... and the same for ipv6 */
1143  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1144  int applied = 0;
1145  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1146  r = DetectAddressCmp(ag, ag2);
1147  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1148  if (ag2->prev != NULL)
1149  ag2->prev->next = ag2->next;
1150  if (ag2->next != NULL)
1151  ag2->next->prev = ag2->prev;
1152  if (gh->ipv6_head == ag2)
1153  gh->ipv6_head = ag2->next;
1154  /* store the next ptr and remove the group */
1155  DetectAddress *next_ag2 = ag2->next;
1156  DetectAddressFree(ag2);
1157  ag2 = next_ag2;
1158 
1159  SCLogDebug("applied");
1160  applied = 1;
1161  } else {
1162  ag2 = ag2->next;
1163  }
1164  }
1165  if (applied) {
1166  ipv6_applied++;
1167  }
1168  }
1169 #ifdef DEBUG
1170  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1171  DetectAddressPrint(tmp_ad);
1172  }
1173  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1174  DetectAddressPrint(tmp_ad);
1175  }
1176 #endif
1177  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1178  int cnt = 0;
1179  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1180  cnt++;
1181 
1182  if (ipv4_applied != cnt) {
1183  SCLogError("not all IPv4 negations "
1184  "could be applied: %d != %d",
1185  cnt, ipv4_applied);
1186  goto error;
1187  }
1188 
1189  cnt = 0;
1190  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1191  cnt++;
1192 
1193  if (ipv6_applied != cnt) {
1194  SCLogError("not all IPv6 negations "
1195  "could be applied: %d != %d",
1196  cnt, ipv6_applied);
1197  goto error;
1198  }
1199  }
1200 
1201  /* if the result is that we have no addresses we return error */
1202  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1203  SCLogError("no addresses left after "
1204  "merging addresses and negated addresses");
1205  goto error;
1206  }
1207 
1208  return 0;
1209 
1210 error:
1211  return -1;
1212 }
1213 
1214 int DetectAddressTestConfVars(void)
1215 {
1216  SCLogDebug("Testing address conf vars for any misconfigured values");
1217 
1218  ResolvedVariablesList var_list;
1219  TAILQ_INIT(&var_list);
1220 
1221  SCConfNode *address_vars_node = SCConfGetNode("vars.address-groups");
1222  if (address_vars_node == NULL) {
1223  return 0;
1224  }
1225 
1226  DetectAddressHead *gh = NULL;
1227  DetectAddressHead *ghn = NULL;
1228 
1229  SCConfNode *seq_node;
1230  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1231  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1232 
1233  gh = DetectAddressHeadInit();
1234  if (gh == NULL) {
1235  goto error;
1236  }
1237  ghn = DetectAddressHeadInit();
1238  if (ghn == NULL) {
1239  goto error;
1240  }
1241 
1242  if (seq_node->val == NULL) {
1243  SCLogError("Address var \"%s\" probably has a sequence(something "
1244  "in brackets) value set without any quotes. Please "
1245  "quote it using \"..\".",
1246  seq_node->name);
1247  goto error;
1248  }
1249 
1250  int r = DetectAddressParse2(
1251  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1252 
1253  CleanVariableResolveList(&var_list);
1254 
1255  if (r < 0) {
1256  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1257  "Please check its syntax",
1258  seq_node->name, seq_node->val);
1259  goto error;
1260  }
1261 
1262  if (DetectAddressIsCompleteIPSpace(ghn)) {
1263  SCLogError("address var - \"%s\" has the complete IP space negated "
1264  "with its value \"%s\". Rule address range is NIL. "
1265  "Probably have a !any or an address range that supplies "
1266  "a NULL address range",
1267  seq_node->name, seq_node->val);
1268  goto error;
1269  }
1270 
1271  DetectAddressHeadFree(gh);
1272  DetectAddressHeadFree(ghn);
1273  ghn = NULL;
1274  }
1275 
1276  return 0;
1277  error:
1278  if (gh != NULL)
1279  DetectAddressHeadFree(gh);
1280  if (ghn != NULL)
1281  DetectAddressHeadFree(ghn);
1282  return -1;
1283 }
1284 
1285 #include "util-hash-lookup3.h"
1286 
1287 typedef struct DetectAddressMap_ {
1288  char *string;
1289  DetectAddressHead *address;
1290  bool contains_negation;
1291 } DetectAddressMap;
1292 
1293 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1294 {
1295  const DetectAddressMap *map = (DetectAddressMap *)data;
1296  uint32_t hash = 0;
1297 
1298  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1299  hash %= ht->array_size;
1300 
1301  return hash;
1302 }
1303 
1304 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1305  uint16_t len2)
1306 {
1307  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1308  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1309 
1310  char r = (strcmp(map1->string, map2->string) == 0);
1311  return r;
1312 }
1313 
1314 static void DetectAddressMapFreeFunc(void *data)
1315 {
1316  DetectAddressMap *map = (DetectAddressMap *)data;
1317  if (map != NULL) {
1318  DetectAddressHeadFree(map->address);
1319  SCFree(map->string);
1320  }
1321  SCFree(map);
1322 }
1323 
1324 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1325 {
1326  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1327  DetectAddressMapCompareFunc,
1328  DetectAddressMapFreeFunc);
1329  if (de_ctx->address_table == NULL)
1330  return -1;
1331 
1332  return 0;
1333 }
1334 
1335 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1336 {
1337  if (de_ctx->address_table == NULL)
1338  return;
1339 
1340  HashListTableFree(de_ctx->address_table);
1341  de_ctx->address_table = NULL;
1342 }
1343 
1344 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1345  DetectAddressHead *address, bool contains_negation)
1346 {
1347  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1348  if (map == NULL)
1349  return false;
1350 
1351  map->string = SCStrdup(string);
1352  if (map->string == NULL) {
1353  SCFree(map);
1354  return false;
1355  }
1356  map->address = address;
1357  map->contains_negation = contains_negation;
1358 
1359  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1360  SCFree(map->string);
1361  SCFree(map);
1362  return false;
1363  }
1364 
1365  return true;
1366 }
1367 
1368 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1369  const char *string)
1370 {
1371  DetectAddressMap map = { (char *)string, NULL, false };
1372 
1373  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1374  &map, 0);
1375  return res;
1376 }
1377 
1378 /**
1379  * \brief Parses an address group sent as a character string and updates the
1380  * DetectAddressHead sent as the argument with the relevant address
1381  * ranges from the parsed string.
1382  *
1383  * \param de_ctx Pointer to the detection engine context
1384  * \param gh Pointer to the DetectAddressHead.
1385  * \param str Pointer to the character string containing the address group
1386  * that has to be parsed.
1387  *
1388  * \retval 1 On success. Contained negation.
1389  * \retval 0 On success. Did not contain negation.
1390  * \retval -1 On failure.
1391  */
1392 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1393  DetectAddressHead *gh, const char *str)
1394 {
1395  SCLogDebug("gh %p, str %s", gh, str);
1396 
1397  if (str == NULL) {
1398  SCLogDebug("DetectAddressParse can not be run with NULL address");
1399  return -1;
1400  }
1401 
1402  DetectAddressHead *ghn = DetectAddressHeadInit();
1403  if (ghn == NULL) {
1404  SCLogDebug("DetectAddressHeadInit for ghn failed");
1405  return -1;
1406  }
1407 
1408  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1409  if (r < 0) {
1410  SCLogDebug("DetectAddressParse2 returned %d", r);
1411  DetectAddressHeadFree(ghn);
1412  return -1;
1413  }
1414 
1415  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1416  ghn->ipv4_head);
1417 
1418  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1419 
1420  /* merge the 'not' address groups */
1421  if (DetectAddressMergeNot(gh, ghn) < 0) {
1422  SCLogDebug("DetectAddressMergeNot failed");
1423  DetectAddressHeadFree(ghn);
1424  return -1;
1425  }
1426 
1427  /* free the temp negate head */
1428  DetectAddressHeadFree(ghn);
1429  return contains_negation ? 1 : 0;
1430 }
1431 
1432 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1433  const char *string, bool *contains_negation)
1434 {
1435  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1436  if (res != NULL) {
1437  SCLogDebug("found: %s :: %p", string, res);
1438  *contains_negation = res->contains_negation;
1439  return res->address;
1440  }
1441 
1442  SCLogDebug("%s not found", string);
1443 
1444  DetectAddressHead *head = DetectAddressHeadInit();
1445  if (head == NULL)
1446  return NULL;
1447 
1448  const int r = DetectAddressParse(de_ctx, head, string);
1449  if (r < 0) {
1450  DetectAddressHeadFree(head);
1451  return NULL;
1452  } else if (r == 1) {
1453  *contains_negation = true;
1454  } else {
1455  *contains_negation = false;
1456  }
1457 
1458  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1459  DetectAddressHeadFree(head);
1460  return NULL;
1461  }
1462 
1463  return head;
1464 }
1465 
1466 /**
1467  * \brief Cleans a DetectAddressHead. The functions frees the address
1468  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1469  * instance.
1470  *
1471  * \param gh Pointer to the DetectAddressHead instance that has to be
1472  * cleaned.
1473  */
1474 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1475 {
1476  if (gh != NULL) {
1477  if (gh->ipv4_head != NULL) {
1478  DetectAddressCleanupList(gh->ipv4_head);
1479  gh->ipv4_head = NULL;
1480  }
1481  if (gh->ipv6_head != NULL) {
1482  DetectAddressCleanupList(gh->ipv6_head);
1483  gh->ipv6_head = NULL;
1484  }
1485  }
1486 }
1487 
1488 /**
1489  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1490  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1491  * explanations on what these functions do.
1492  *
1493  * \param de_ctx Pointer to the DetectEngineCtx.
1494  * \param a Pointer to the first address to be cut.
1495  * \param b Pointer to the second address to be cut.
1496  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1497  * ranges from a and b, demand a third address range.
1498  *
1499  * \retval 0 On success.
1500  * \retval -1 On failure.
1501  */
1502 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1503  DetectAddress *b, DetectAddress **c)
1504 {
1505  if (a->ip.family == AF_INET)
1506  return DetectAddressCutIPv4(de_ctx, a, b, c);
1507  else if (a->ip.family == AF_INET6)
1508  return DetectAddressCutIPv6(de_ctx, a, b, c);
1509 
1510  return -1;
1511 }
1512 
1513 /**
1514  * \brief Cuts a negated address range with respect to the entire ip range, and
1515  * supplies with the address range that doesn't belong to the negated
1516  * address range.
1517  *
1518  * There are 2 cases here -
1519  *
1520  * The first case includes the address being located at the extreme ends
1521  * of the ip space, in which we get a single range.
1522  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1523  *
1524  * The second case includes the address not present at either of the
1525  * ip space extremes, in which case we get 2 ranges. The second range
1526  * would be supplied back with the argument "b" supplied to this function.
1527  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1528  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1529  *
1530  * The above negation cases can similarly be extended to ranges, i.e.
1531  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1532  * ![10.20.30.40 - 10.20.30.50].
1533  *
1534  *
1535  * \param a Pointer to the DetectAddressData instance, that contains the negated
1536  * address range that has to be cut.
1537  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1538  * filled with the address range, if the argument "a", doesn't fall at
1539  * the extreme ends of the ip address space.
1540  *
1541  * \retval 0 On success.
1542  * \retval -1 On failure.
1543  */
1544 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1545 {
1546  if (a->ip.family == AF_INET)
1547  return DetectAddressCutNotIPv4(a, b);
1548  else if (a->ip.family == AF_INET6)
1549  return DetectAddressCutNotIPv6(a, b);
1550 
1551  return -1;
1552 }
1553 
1554 /**
1555  * \brief Used to compare 2 address ranges.
1556  *
1557  * \param a Pointer to the first DetectAddressData to be compared.
1558  * \param b Pointer to the second DetectAddressData to be compared.
1559  */
1560 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1561 {
1562  if (a->ip.family != b->ip.family)
1563  return ADDRESS_ER;
1564 
1565  if (a->ip.family == AF_INET)
1566  return DetectAddressCmpIPv4(a, b);
1567  else if (a->ip.family == AF_INET6)
1568  return DetectAddressCmpIPv6(a, b);
1569 
1570  return ADDRESS_ER;
1571 }
1572 
1573 /**
1574  * \brief Match a packets address against a signatures addrs array
1575  *
1576  * \param addrs array of DetectMatchAddressIPv4's
1577  * \param addrs_cnt array size in members
1578  * \param a packets address
1579  *
1580  * \retval 0 no match
1581  * \retval 1 match
1582  *
1583  * \note addresses in addrs are in host order
1584  *
1585  * \todo array should be ordered, so we can break out of the loop
1586  */
1587 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1588  uint16_t addrs_cnt, const Address *a)
1589 {
1590  SCEnter();
1591 
1592  if (addrs == NULL || addrs_cnt == 0) {
1593  SCReturnInt(0);
1594  }
1595 
1596  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1597  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1598  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1599  SCReturnInt(1);
1600  }
1601  }
1602 
1603  SCReturnInt(0);
1604 }
1605 
1606 /**
1607  * \brief Match a packets address against a signatures addrs array
1608  *
1609  * \param addrs array of DetectMatchAddressIPv6's
1610  * \param addrs_cnt array size in members
1611  * \param a packets address
1612  *
1613  * \retval 0 no match
1614  * \retval 1 match
1615  *
1616  * \note addresses in addrs are in host order
1617  *
1618  * \todo array should be ordered, so we can break out of the loop
1619  */
1620 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1621  uint16_t addrs_cnt, const Address *a)
1622 {
1623  SCEnter();
1624 
1625  if (addrs == NULL || addrs_cnt == 0) {
1626  SCReturnInt(0);
1627  }
1628 
1629  uint32_t match_addr[4];
1630  match_addr[0] = SCNtohl(a->addr_data32[0]);
1631  match_addr[1] = SCNtohl(a->addr_data32[1]);
1632  match_addr[2] = SCNtohl(a->addr_data32[2]);
1633  match_addr[3] = SCNtohl(a->addr_data32[3]);
1634 
1635  /* See if the packet address is within the range of any entry in the
1636  * signature's address match array.
1637  */
1638  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1639  uint16_t result1 = 0, result2 = 0;
1640 
1641  /* See if packet address equals either limit. Return 1 if true. */
1642  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1643  SCReturnInt(1);
1644  }
1645  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1646  SCReturnInt(1);
1647  }
1648 
1649  /* See if packet address is greater than lower limit
1650  * of the current signature address match pair.
1651  */
1652  for (int i = 0; i < 4; i++) {
1653  if (match_addr[i] > addrs[idx].ip[i]) {
1654  result1 = 1;
1655  break;
1656  }
1657  if (match_addr[i] < addrs[idx].ip[i]) {
1658  result1 = 0;
1659  break;
1660  }
1661  }
1662 
1663  /* If not greater than lower limit, try next address match entry */
1664  if (result1 == 0)
1665  continue;
1666 
1667  /* See if packet address is less than upper limit
1668  * of the current signature address match pair.
1669  */
1670  for (int i = 0; i < 4; i++) {
1671  if (match_addr[i] < addrs[idx].ip2[i]) {
1672  result2 = 1;
1673  break;
1674  }
1675  if (match_addr[i] > addrs[idx].ip2[i]) {
1676  result2 = 0;
1677  break;
1678  }
1679  }
1680 
1681  /* Return a match if packet address is between the two
1682  * signature address match limits.
1683  */
1684  if (result1 == 1 && result2 == 1)
1685  SCReturnInt(1);
1686  }
1687 
1688  SCReturnInt(0);
1689 }
1690 
1691 /**
1692  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1693  * range in the DetectAddress instance.
1694  *
1695  * We basically check that the address falls in between the address
1696  * range in DetectAddress.
1697  *
1698  * \param dd Pointer to the DetectAddress instance.
1699  * \param a Pointer to an Address instance.
1700  *
1701  * \param 1 On a match.
1702  * \param 0 On no match.
1703  */
1704 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1705 {
1706  SCEnter();
1707 
1708  if (dd->ip.family != a->family) {
1709  SCReturnInt(0);
1710  }
1711 
1712  //DetectAddressPrint(dd);
1713  //AddressDebugPrint(a);
1714 
1715  switch (a->family) {
1716  case AF_INET:
1717 
1718  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1719  * Address inside DetectAddressData we can do uint8_t checks */
1720  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1721  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1722  {
1723  SCReturnInt(1);
1724  } else {
1725  SCReturnInt(0);
1726  }
1727 
1728  break;
1729  case AF_INET6:
1730  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1731  AddressIPv6Le(a, &dd->ip2) == 1)
1732  {
1733  SCReturnInt(1);
1734  } else {
1735  SCReturnInt(0);
1736  }
1737 
1738  break;
1739  default:
1740  SCLogDebug("What other address type can we have :-/");
1741  break;
1742  }
1743 
1744  SCReturnInt(0);
1745 }
1746 
1747 #ifdef DEBUG
1748 /**
1749  * \brief Prints the address data held by the DetectAddress. If the address
1750  * data family is IPv4, we print the ipv4 address and mask, and
1751  * if the address data family is IPv6, we print the ipv6 address and
1752  * mask.
1753  *
1754  * \param ad Pointer to the DetectAddress instance to be printed.
1755  */
1756 static void DetectAddressPrint(DetectAddress *gr)
1757 {
1758  if (gr == NULL)
1759  return;
1760 
1761  if (gr->ip.family == AF_INET) {
1762  struct in_addr in;
1763  char ip[16], mask[16];
1764 
1765  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1766  PrintInet(AF_INET, &in, ip, sizeof(ip));
1767  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1768  PrintInet(AF_INET, &in, mask, sizeof(mask));
1769 
1770  SCLogDebug("%s/%s", ip, mask);
1771 // printf("%s/%s", ip, mask);
1772  } else if (gr->ip.family == AF_INET6) {
1773  struct in6_addr in6;
1774  char ip[66], mask[66];
1775 
1776  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1777  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1778  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1779  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1780 
1781  SCLogDebug("%s/%s", ip, mask);
1782 // printf("%s/%s", ip, mask);
1783  }
1784 }
1785 #endif
1786 
1787 /**
1788  * \brief Find the group matching address in a group head.
1789  *
1790  * \param gh Pointer to the address group head(DetectAddressHead instance).
1791  * \param a Pointer to an Address instance.
1792  *
1793  * \retval g On success pointer to an DetectAddress if we find a match
1794  * for the Address "a", in the DetectAddressHead "gh".
1795  */
1796 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1797 {
1798  SCEnter();
1799 
1800  DetectAddress *g = NULL;
1801 
1802  if (gh == NULL) {
1803  SCReturnPtr(NULL, "DetectAddress");
1804  }
1805 
1806  /* XXX should we really do this check every time we run this function? */
1807  if (a->family == AF_INET) {
1808  SCLogDebug("IPv4");
1809  g = gh->ipv4_head;
1810  } else if (a->family == AF_INET6) {
1811  SCLogDebug("IPv6");
1812  g = gh->ipv6_head;
1813  }
1814 
1815  for ( ; g != NULL; g = g->next) {
1816  if (DetectAddressMatch(g,a) == 1) {
1817  SCReturnPtr(g, "DetectAddress");
1818  }
1819  }
1820 
1821  SCReturnPtr(NULL, "DetectAddress");
1822 }
1823 
1824 /********************************Unittests*************************************/
1825 
1826 #ifdef UNITTESTS
1827 
1828 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1829 {
1830  char str1[46] = "", str2[46] = "";
1831 
1832  if (ad == NULL)
1833  return false;
1834 
1835  switch(ad->ip.family) {
1836  case AF_INET:
1837  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1838  SCLogDebug("%s", str1);
1839  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1840  SCLogDebug("%s", str2);
1841 
1842  if (strcmp(str1, one) != 0) {
1843  SCLogInfo("%s != %s", str1, one);
1844  return false;
1845  }
1846 
1847  if (strcmp(str2, two) != 0) {
1848  SCLogInfo("%s != %s", str2, two);
1849  return false;
1850  }
1851 
1852  return true;
1853  break;
1854 
1855  case AF_INET6:
1856  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1857  SCLogDebug("%s", str1);
1858  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1859  SCLogDebug("%s", str2);
1860 
1861  if (strcmp(str1, one) != 0) {
1862  SCLogInfo("%s != %s", str1, one);
1863  return false;
1864  }
1865 
1866  if (strcmp(str2, two) != 0) {
1867  SCLogInfo("%s != %s", str2, two);
1868  return false;
1869  }
1870 
1871  return true;
1872  break;
1873  }
1874 
1875  return false;
1876 }
1877 
1878 typedef struct UTHValidateDetectAddressHeadRange_ {
1879  const char *one;
1880  const char *two;
1881 } UTHValidateDetectAddressHeadRange;
1882 
1883 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1884 {
1885  int expect = nranges;
1886  int have = 0;
1887 
1888  if (gh == NULL)
1889  return false;
1890 
1891  DetectAddress *ad = NULL;
1892  ad = gh->ipv4_head;
1893  if (ad == NULL)
1894  ad = gh->ipv6_head;
1895  while (have < expect) {
1896  if (ad == NULL) {
1897  printf("bad head: have %d ranges, expected %d: ", have, expect);
1898  return false;
1899  }
1900 
1901  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1902  return false;
1903 
1904  ad = ad->next;
1905  have++;
1906  }
1907 
1908  return true;
1909 }
1910 
1911 static int AddressTestParse01(void)
1912 {
1913  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1914 
1915  if (dd) {
1916  DetectAddressFree(dd);
1917  return 1;
1918  }
1919 
1920  return 0;
1921 }
1922 
1923 static int AddressTestParse02(void)
1924 {
1925  int result = 1;
1926  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1927 
1928  if (dd) {
1929  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1930  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1931  result = 0;
1932  }
1933 
1934  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1935  DetectAddressFree(dd);
1936  return result;
1937  }
1938 
1939  return 0;
1940 }
1941 
1942 static int AddressTestParse03(void)
1943 {
1944  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1945 
1946  if (dd) {
1947  DetectAddressFree(dd);
1948  return 1;
1949  }
1950 
1951  return 0;
1952 }
1953 
1954 static int AddressTestParse04(void)
1955 {
1956  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1957  FAIL_IF_NULL(dd);
1958 
1959  char left[16], right[16];
1960  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1961  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1962  SCLogDebug("left %s right %s", left, right);
1963  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1964  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1965  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1966  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1967 
1968  DetectAddressFree(dd);
1969  PASS;
1970 }
1971 
1972 /** \test that address range sets proper start address */
1973 static int AddressTestParse04bug5081(void)
1974 {
1975  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1976  FAIL_IF_NULL(dd);
1977 
1978  char left[16], right[16];
1979  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1980  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1981  SCLogDebug("left %s right %s", left, right);
1982  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1983  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1984 
1985  DetectAddressFree(dd);
1986  PASS;
1987 }
1988 
1989 static int AddressTestParse05(void)
1990 {
1991  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1992 
1993  if (dd) {
1994  DetectAddressFree(dd);
1995  return 1;
1996  }
1997 
1998  return 0;
1999 }
2000 
2001 static int AddressTestParse06(void)
2002 {
2003  int result = 1;
2004  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2005 
2006  if (dd) {
2007  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2008  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2009  result = 0;
2010  }
2011 
2012  DetectAddressFree(dd);
2013  return result;
2014  }
2015 
2016  return 0;
2017 }
2018 
2019 static int AddressTestParse07(void)
2020 {
2021  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2022 
2023  if (dd) {
2024  DetectAddressFree(dd);
2025  return 1;
2026  }
2027 
2028  return 0;
2029 }
2030 
2031 static int AddressTestParse08(void)
2032 {
2033  int result = 1;
2034  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2035 
2036  if (dd) {
2037  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2038  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2039 
2040  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2041  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2042  DetectAddressPrint(dd);
2043  result = 0;
2044  }
2045 
2046  DetectAddressFree(dd);
2047  return result;
2048  }
2049 
2050  return 0;
2051 }
2052 
2053 static int AddressTestParse09(void)
2054 {
2055  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2056 
2057  if (dd) {
2058  DetectAddressFree(dd);
2059  return 1;
2060  }
2061 
2062  return 0;
2063 }
2064 
2065 static int AddressTestParse10(void)
2066 {
2067  int result = 1;
2068  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2069 
2070  if (dd) {
2071  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2072  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2073 
2074  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2075  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2076  DetectAddressPrint(dd);
2077  result = 0;
2078  }
2079 
2080  DetectAddressFree(dd);
2081  return result;
2082  }
2083 
2084  return 0;
2085 }
2086 
2087 static int AddressTestParse11(void)
2088 {
2089  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2090 
2091  if (dd) {
2092  DetectAddressFree(dd);
2093  return 1;
2094  }
2095 
2096  return 0;
2097 }
2098 
2099 static int AddressTestParse12(void)
2100 {
2101  int result = 1;
2102  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2103 
2104  if (dd) {
2105  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2106  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2107 
2108  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2109  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2110  DetectAddressPrint(dd);
2111  result = 0;
2112  }
2113 
2114  DetectAddressFree(dd);
2115  return result;
2116  }
2117 
2118  return 0;
2119 }
2120 static int AddressTestParse13(void)
2121 {
2122  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2123 
2124  if (dd) {
2125  DetectAddressFree(dd);
2126  return 1;
2127  }
2128 
2129  return 0;
2130 }
2131 
2132 static int AddressTestParse14(void)
2133 {
2134  int result = 1;
2135  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2136 
2137  if (dd) {
2138  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2139  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2140 
2141  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2142  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2143  result = 0;
2144  }
2145 
2146  DetectAddressFree(dd);
2147  return result;
2148  }
2149 
2150  return 0;
2151 }
2152 
2153 static int AddressTestParse15(void)
2154 {
2155  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2156 
2157  if (dd) {
2158  DetectAddressFree(dd);
2159  return 1;
2160  }
2161 
2162  return 0;
2163 }
2164 
2165 static int AddressTestParse16(void)
2166 {
2167  int result = 1;
2168  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2169 
2170  if (dd) {
2171  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2172  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2173 
2174  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2175  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2176  result = 0;
2177  }
2178 
2179  DetectAddressFree(dd);
2180  return result;
2181  }
2182 
2183  return 0;
2184 }
2185 
2186 static int AddressTestParse17(void)
2187 {
2188  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2189 
2190  if (dd) {
2191  DetectAddressFree(dd);
2192  return 1;
2193  }
2194 
2195  return 0;
2196 }
2197 
2198 static int AddressTestParse18(void)
2199 {
2200  int result = 1;
2201  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2202 
2203  if (dd) {
2204  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2205  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2206  result = 0;
2207  }
2208 
2209  DetectAddressFree(dd);
2210  return result;
2211  }
2212 
2213  return 0;
2214 }
2215 
2216 static int AddressTestParse19(void)
2217 {
2218  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2219 
2220  if (dd) {
2221  DetectAddressFree(dd);
2222  return 0;
2223  }
2224 
2225  return 1;
2226 }
2227 
2228 static int AddressTestParse20(void)
2229 {
2230  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2231 
2232  if (dd) {
2233  DetectAddressFree(dd);
2234  return 1;
2235  }
2236 
2237  return 0;
2238 }
2239 
2240 static int AddressTestParse21(void)
2241 {
2242  int result = 1;
2243  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2244 
2245  if (dd) {
2246  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2247  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2248 
2249  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2250  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2251  result = 0;
2252  }
2253 
2254  DetectAddressFree(dd);
2255  return result;
2256  }
2257 
2258  return 0;
2259 }
2260 
2261 static int AddressTestParse22(void)
2262 {
2263  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2264 
2265  if (dd) {
2266  DetectAddressFree(dd);
2267  return 0;
2268  }
2269 
2270  return 1;
2271 }
2272 
2273 static int AddressTestParse23(void)
2274 {
2275  DetectAddressHead *gh = DetectAddressHeadInit();
2276  FAIL_IF_NULL(gh);
2277  int r = DetectAddressParse(NULL, gh, "any");
2278  FAIL_IF_NOT(r == 0);
2279  DetectAddressHeadFree(gh);
2280  PASS;
2281 }
2282 
2283 static int AddressTestParse24(void)
2284 {
2285  DetectAddressHead *gh = DetectAddressHeadInit();
2286  FAIL_IF_NULL(gh);
2287  int r = DetectAddressParse(NULL, gh, "Any");
2288  FAIL_IF_NOT(r == 0);
2289  DetectAddressHeadFree(gh);
2290  PASS;
2291 }
2292 
2293 static int AddressTestParse25(void)
2294 {
2295  DetectAddressHead *gh = DetectAddressHeadInit();
2296  FAIL_IF_NULL(gh);
2297  int r = DetectAddressParse(NULL, gh, "ANY");
2298  FAIL_IF_NOT(r == 0);
2299  DetectAddressHeadFree(gh);
2300  PASS;
2301 }
2302 
2303 /** \test recursion limit */
2304 static int AddressTestParse26(void)
2305 {
2306  DetectAddressHead *gh = DetectAddressHeadInit();
2307  FAIL_IF_NULL(gh);
2308  /* exactly 64: should pass */
2309  int r = DetectAddressParse(NULL, gh,
2310  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2311  "1.2.3.4"
2312  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2313  );
2314  FAIL_IF_NOT(r == 0);
2315  DetectAddressHeadFree(gh);
2316  gh = DetectAddressHeadInit();
2317  FAIL_IF_NULL(gh);
2318  /* exactly 65: should fail */
2319  r = DetectAddressParse(NULL, gh,
2320  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2321  "1.2.3.4"
2322  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2323  );
2324  FAIL_IF(r == 0);
2325  DetectAddressHeadFree(gh);
2326  PASS;
2327 }
2328 
2329 static int AddressTestParse27(void)
2330 {
2331  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2332 
2333  if (dd) {
2334  DetectAddressFree(dd);
2335  return 1;
2336  }
2337 
2338  return 0;
2339 }
2340 
2341 static int AddressTestParse28(void)
2342 {
2343  int result = 0;
2344  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2345 
2346  if (dd) {
2347  if (dd->flags & ADDRESS_FLAG_NOT &&
2348  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2349  result = 1;
2350  }
2351 
2352  DetectAddressFree(dd);
2353  return result;
2354  }
2355 
2356  return 0;
2357 }
2358 
2359 static int AddressTestParse29(void)
2360 {
2361  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2362 
2363  if (dd) {
2364  DetectAddressFree(dd);
2365  return 1;
2366  }
2367 
2368  return 0;
2369 }
2370 
2371 static int AddressTestParse30(void)
2372 {
2373  int result = 0;
2374  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2375 
2376  if (dd) {
2377  if (dd->flags & ADDRESS_FLAG_NOT &&
2378  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2379  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2380  result = 1;
2381  }
2382 
2383  DetectAddressFree(dd);
2384  return result;
2385  }
2386 
2387  return 0;
2388 }
2389 
2390 /**
2391  * \test make sure !any is rejected
2392  */
2393 static int AddressTestParse31(void)
2394 {
2395  DetectAddress *dd = DetectAddressParseSingle("!any");
2396 
2397  if (dd) {
2398  DetectAddressFree(dd);
2399  return 0;
2400  }
2401 
2402  return 1;
2403 }
2404 
2405 static int AddressTestParse32(void)
2406 {
2407  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2408 
2409  if (dd) {
2410  DetectAddressFree(dd);
2411  return 1;
2412  }
2413 
2414  return 0;
2415 }
2416 
2417 static int AddressTestParse33(void)
2418 {
2419  int result = 0;
2420  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2421 
2422  if (dd) {
2423  if (dd->flags & ADDRESS_FLAG_NOT &&
2424  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2425  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2426  result = 1;
2427  }
2428 
2429  DetectAddressFree(dd);
2430  return result;
2431  }
2432 
2433  return 0;
2434 }
2435 
2436 static int AddressTestParse34(void)
2437 {
2438  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2439 
2440  if (dd) {
2441  DetectAddressFree(dd);
2442  return 1;
2443  }
2444 
2445  return 0;
2446 }
2447 
2448 static int AddressTestParse35(void)
2449 {
2450  int result = 0;
2451  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2452 
2453  if (dd) {
2454  if (dd->flags & ADDRESS_FLAG_NOT &&
2455  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2456  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2457 
2458  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2459  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2460  result = 1;
2461  }
2462 
2463  DetectAddressFree(dd);
2464  return result;
2465  }
2466 
2467  return 0;
2468 }
2469 
2470 static int AddressTestParse36(void)
2471 {
2472  int result = 1;
2473  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2474 
2475  if (dd) {
2476  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2477  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2478 
2479  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2480  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2481 
2482  DetectAddressPrint(dd);
2483  result = 0;
2484  }
2485  DetectAddressPrint(dd);
2486 
2487  DetectAddressFree(dd);
2488  return result;
2489  }
2490 
2491  return 0;
2492 }
2493 
2494 static int AddressTestParse37(void)
2495 {
2496  int result = 1;
2497  DetectAddress *dd = DetectAddressParseSingle("::/0");
2498 
2499  if (dd) {
2500  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2501  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2502 
2503  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2504  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2505  DetectAddressPrint(dd);
2506  result = 0;
2507  }
2508  DetectAddressPrint(dd);
2509 
2510  DetectAddressFree(dd);
2511  return result;
2512  }
2513 
2514  return 0;
2515 }
2516 
2517 static int AddressTestMatch01(void)
2518 {
2519  DetectAddress *dd = NULL;
2520  int result = 1;
2521  struct in_addr in;
2522  Address a;
2523 
2524  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2525  return 0;
2526  memset(&a, 0, sizeof(Address));
2527  a.family = AF_INET;
2528  a.addr_data32[0] = in.s_addr;
2529 
2530  dd = DetectAddressParseSingle("1.2.3.4/24");
2531  if (dd) {
2532  if (DetectAddressMatch(dd, &a) == 0)
2533  result = 0;
2534 
2535  DetectAddressFree(dd);
2536  return result;
2537  }
2538 
2539  return 0;
2540 }
2541 
2542 static int AddressTestMatch02(void)
2543 {
2544  DetectAddress *dd = NULL;
2545  int result = 1;
2546  struct in_addr in;
2547  Address a;
2548 
2549  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2550  return 0;
2551  memset(&a, 0, sizeof(Address));
2552  a.family = AF_INET;
2553  a.addr_data32[0] = in.s_addr;
2554 
2555  dd = DetectAddressParseSingle("1.2.3.4/25");
2556  if (dd) {
2557  if (DetectAddressMatch(dd, &a) == 0)
2558  result = 0;
2559 
2560  DetectAddressFree(dd);
2561  return result;
2562  }
2563 
2564  return 0;
2565 }
2566 
2567 static int AddressTestMatch03(void)
2568 {
2569  DetectAddress *dd = NULL;
2570  int result = 1;
2571  struct in_addr in;
2572  Address a;
2573 
2574  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2575  return 0;
2576  memset(&a, 0, sizeof(Address));
2577  a.family = AF_INET;
2578  a.addr_data32[0] = in.s_addr;
2579 
2580  dd = DetectAddressParseSingle("1.2.3.4/25");
2581  if (dd) {
2582  if (DetectAddressMatch(dd, &a) == 1)
2583  result = 0;
2584 
2585  DetectAddressFree(dd);
2586  return result;
2587  }
2588 
2589  return 0;
2590 }
2591 
2592 static int AddressTestMatch04(void)
2593 {
2594  DetectAddress *dd = NULL;
2595  int result = 1;
2596  struct in_addr in;
2597  Address a;
2598 
2599  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2600  return 0;
2601  memset(&a, 0, sizeof(Address));
2602  a.family = AF_INET;
2603  a.addr_data32[0] = in.s_addr;
2604 
2605  dd = DetectAddressParseSingle("1.2.3.4/25");
2606  if (dd) {
2607  if (DetectAddressMatch(dd, &a) == 1)
2608  result = 0;
2609 
2610  DetectAddressFree(dd);
2611  return result;
2612  }
2613 
2614  return 0;
2615 }
2616 
2617 static int AddressTestMatch05(void)
2618 {
2619  DetectAddress *dd = NULL;
2620  int result = 1;
2621  struct in_addr in;
2622  Address a;
2623 
2624  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2625  return 0;
2626  memset(&a, 0, sizeof(Address));
2627  a.family = AF_INET;
2628  a.addr_data32[0] = in.s_addr;
2629 
2630  dd = DetectAddressParseSingle("1.2.3.4/32");
2631  if (dd) {
2632  if (DetectAddressMatch(dd, &a) == 0)
2633  result = 0;
2634 
2635  DetectAddressFree(dd);
2636  return result;
2637  }
2638 
2639  return 0;
2640 }
2641 
2642 static int AddressTestMatch06(void)
2643 {
2644  DetectAddress *dd = NULL;
2645  int result = 1;
2646  struct in_addr in;
2647  Address a;
2648 
2649  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2650  return 0;
2651  memset(&a, 0, sizeof(Address));
2652  a.family = AF_INET;
2653  a.addr_data32[0] = in.s_addr;
2654 
2655  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2656  if (dd) {
2657  if (DetectAddressMatch(dd, &a) == 0)
2658  result = 0;
2659 
2660  DetectAddressFree(dd);
2661  return result;
2662  }
2663 
2664  return 0;
2665 }
2666 
2667 static int AddressTestMatch07(void)
2668 {
2669  DetectAddress *dd = NULL;
2670  int result = 1;
2671  struct in6_addr in6;
2672  Address a;
2673 
2674  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2675  return 0;
2676  memset(&a, 0, sizeof(Address));
2677  a.family = AF_INET6;
2678  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2679 
2680  dd = DetectAddressParseSingle("2001::/3");
2681  if (dd) {
2682  if (DetectAddressMatch(dd, &a) == 0)
2683  result = 0;
2684 
2685  DetectAddressFree(dd);
2686  return result;
2687  }
2688 
2689  return 0;
2690 }
2691 
2692 static int AddressTestMatch08(void)
2693 {
2694  DetectAddress *dd = NULL;
2695  int result = 1;
2696  struct in6_addr in6;
2697  Address a;
2698 
2699  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2700  return 0;
2701  memset(&a, 0, sizeof(Address));
2702  a.family = AF_INET6;
2703  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2704 
2705  dd = DetectAddressParseSingle("2001::/3");
2706  if (dd) {
2707  if (DetectAddressMatch(dd, &a) == 1)
2708  result = 0;
2709 
2710  DetectAddressFree(dd);
2711  return result;
2712  }
2713 
2714  return 0;
2715 }
2716 
2717 static int AddressTestMatch09(void)
2718 {
2719  DetectAddress *dd = NULL;
2720  int result = 1;
2721  struct in6_addr in6;
2722  Address a;
2723 
2724  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2725  return 0;
2726  memset(&a, 0, sizeof(Address));
2727  a.family = AF_INET6;
2728  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2729 
2730  dd = DetectAddressParseSingle("2001::1/128");
2731  if (dd) {
2732  if (DetectAddressMatch(dd, &a) == 1)
2733  result = 0;
2734 
2735  DetectAddressFree(dd);
2736  return result;
2737  }
2738 
2739  return 0;
2740 }
2741 
2742 static int AddressTestMatch10(void)
2743 {
2744  DetectAddress *dd = NULL;
2745  int result = 1;
2746  struct in6_addr in6;
2747  Address a;
2748 
2749  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2750  return 0;
2751  memset(&a, 0, sizeof(Address));
2752  a.family = AF_INET6;
2753  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2754 
2755  dd = DetectAddressParseSingle("2001::1/126");
2756  if (dd) {
2757  if (DetectAddressMatch(dd, &a) == 0)
2758  result = 0;
2759 
2760  DetectAddressFree(dd);
2761  return result;
2762  }
2763 
2764  return 0;
2765 }
2766 
2767 static int AddressTestMatch11(void)
2768 {
2769  DetectAddress *dd = NULL;
2770  int result = 1;
2771  struct in6_addr in6;
2772  Address a;
2773 
2774  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2775  return 0;
2776  memset(&a, 0, sizeof(Address));
2777  a.family = AF_INET6;
2778  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2779 
2780  dd = DetectAddressParseSingle("2001::1/127");
2781  if (dd) {
2782  if (DetectAddressMatch(dd, &a) == 1)
2783  result = 0;
2784 
2785  DetectAddressFree(dd);
2786  return result;
2787  }
2788 
2789  return 0;
2790 }
2791 
2792 static int AddressTestCmp01(void)
2793 {
2794  DetectAddress *da = NULL, *db = NULL;
2795  int result = 1;
2796 
2797  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2798  if (da == NULL) goto error;
2799  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2800  if (db == NULL) goto error;
2801 
2802  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2803  result = 0;
2804 
2805  DetectAddressFree(da);
2806  DetectAddressFree(db);
2807  return result;
2808 
2809 error:
2810  if (da) DetectAddressFree(da);
2811  if (db) DetectAddressFree(db);
2812  return 0;
2813 }
2814 
2815 static int AddressTestCmp02(void)
2816 {
2817  DetectAddress *da = NULL, *db = NULL;
2818  int result = 1;
2819 
2820  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2821  if (da == NULL) goto error;
2822  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2823  if (db == NULL) goto error;
2824 
2825  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2826  result = 0;
2827 
2828  DetectAddressFree(da);
2829  DetectAddressFree(db);
2830  return result;
2831 
2832 error:
2833  if (da) DetectAddressFree(da);
2834  if (db) DetectAddressFree(db);
2835  return 0;
2836 }
2837 
2838 static int AddressTestCmp03(void)
2839 {
2840  DetectAddress *da = NULL, *db = NULL;
2841  int result = 1;
2842 
2843  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2844  if (da == NULL) goto error;
2845  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2846  if (db == NULL) goto error;
2847 
2848  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2849  result = 0;
2850 
2851  DetectAddressFree(da);
2852  DetectAddressFree(db);
2853  return result;
2854 
2855 error:
2856  if (da) DetectAddressFree(da);
2857  if (db) DetectAddressFree(db);
2858  return 0;
2859 }
2860 
2861 static int AddressTestCmp04(void)
2862 {
2863  DetectAddress *da = NULL, *db = NULL;
2864  int result = 1;
2865 
2866  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2867  if (da == NULL) goto error;
2868  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2869  if (db == NULL) goto error;
2870 
2871  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2872  result = 0;
2873 
2874  DetectAddressFree(da);
2875  DetectAddressFree(db);
2876  return result;
2877 
2878 error:
2879  if (da) DetectAddressFree(da);
2880  if (db) DetectAddressFree(db);
2881  return 0;
2882 }
2883 
2884 static int AddressTestCmp05(void)
2885 {
2886  DetectAddress *da = NULL, *db = NULL;
2887  int result = 1;
2888 
2889  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2890  if (da == NULL) goto error;
2891  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2892  if (db == NULL) goto error;
2893 
2894  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2895  result = 0;
2896 
2897  DetectAddressFree(da);
2898  DetectAddressFree(db);
2899  return result;
2900 
2901 error:
2902  if (da) DetectAddressFree(da);
2903  if (db) DetectAddressFree(db);
2904  return 0;
2905 }
2906 
2907 static int AddressTestCmp06(void)
2908 {
2909  DetectAddress *da = NULL, *db = NULL;
2910  int result = 1;
2911 
2912  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2913  if (da == NULL) goto error;
2914  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2915  if (db == NULL) goto error;
2916 
2917  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2918  result = 0;
2919 
2920  DetectAddressFree(da);
2921  DetectAddressFree(db);
2922  return result;
2923 
2924 error:
2925  if (da) DetectAddressFree(da);
2926  if (db) DetectAddressFree(db);
2927  return 0;
2928 }
2929 
2930 static int AddressTestCmpIPv407(void)
2931 {
2932  DetectAddress *da = NULL, *db = NULL;
2933  int result = 1;
2934 
2935  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2936  if (da == NULL) goto error;
2937  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2938  if (db == NULL) goto error;
2939 
2940  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2941  result = 0;
2942 
2943  DetectAddressFree(da);
2944  DetectAddressFree(db);
2945  return result;
2946 
2947 error:
2948  if (da) DetectAddressFree(da);
2949  if (db) DetectAddressFree(db);
2950  return 0;
2951 }
2952 
2953 static int AddressTestCmpIPv408(void)
2954 {
2955  DetectAddress *da = NULL, *db = NULL;
2956  int result = 1;
2957 
2958  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2959  if (da == NULL) goto error;
2960  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2961  if (db == NULL) goto error;
2962 
2963  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2964  result = 0;
2965 
2966  DetectAddressFree(da);
2967  DetectAddressFree(db);
2968  return result;
2969 
2970 error:
2971  if (da) DetectAddressFree(da);
2972  if (db) DetectAddressFree(db);
2973  return 0;
2974 }
2975 
2976 static int AddressTestCmp07(void)
2977 {
2978  DetectAddress *da = NULL, *db = NULL;
2979  int result = 1;
2980 
2981  da = DetectAddressParseSingle("2001::/3");
2982  if (da == NULL) goto error;
2983  db = DetectAddressParseSingle("2001::1/3");
2984  if (db == NULL) goto error;
2985 
2986  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2987  result = 0;
2988 
2989  DetectAddressFree(da);
2990  DetectAddressFree(db);
2991  return result;
2992 
2993 error:
2994  if (da) DetectAddressFree(da);
2995  if (db) DetectAddressFree(db);
2996  return 0;
2997 }
2998 
2999 static int AddressTestCmp08(void)
3000 {
3001  DetectAddress *da = NULL, *db = NULL;
3002  int result = 1;
3003 
3004  da = DetectAddressParseSingle("2001::/3");
3005  if (da == NULL) goto error;
3006  db = DetectAddressParseSingle("2001::/8");
3007  if (db == NULL) goto error;
3008 
3009  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3010  result = 0;
3011 
3012  DetectAddressFree(da);
3013  DetectAddressFree(db);
3014  return result;
3015 
3016 error:
3017  if (da) DetectAddressFree(da);
3018  if (db) DetectAddressFree(db);
3019  return 0;
3020 }
3021 
3022 static int AddressTestCmp09(void)
3023 {
3024  DetectAddress *da = NULL, *db = NULL;
3025  int result = 1;
3026 
3027  da = DetectAddressParseSingle("2001::/8");
3028  if (da == NULL) goto error;
3029  db = DetectAddressParseSingle("2001::/3");
3030  if (db == NULL) goto error;
3031 
3032  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3033  result = 0;
3034 
3035  DetectAddressFree(da);
3036  DetectAddressFree(db);
3037  return result;
3038 
3039 error:
3040  if (da) DetectAddressFree(da);
3041  if (db) DetectAddressFree(db);
3042  return 0;
3043 }
3044 
3045 static int AddressTestCmp10(void)
3046 {
3047  DetectAddress *da = NULL, *db = NULL;
3048  int result = 1;
3049 
3050  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3051  if (da == NULL) goto error;
3052  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3053  if (db == NULL) goto error;
3054 
3055  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3056  result = 0;
3057 
3058  DetectAddressFree(da);
3059  DetectAddressFree(db);
3060  return result;
3061 
3062 error:
3063  if (da) DetectAddressFree(da);
3064  if (db) DetectAddressFree(db);
3065  return 0;
3066 }
3067 
3068 static int AddressTestCmp11(void)
3069 {
3070  DetectAddress *da = NULL, *db = NULL;
3071  int result = 1;
3072 
3073  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3074  if (da == NULL) goto error;
3075  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3076  if (db == NULL) goto error;
3077 
3078  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3079  result = 0;
3080 
3081  DetectAddressFree(da);
3082  DetectAddressFree(db);
3083  return result;
3084 
3085 error:
3086  if (da) DetectAddressFree(da);
3087  if (db) DetectAddressFree(db);
3088  return 0;
3089 }
3090 
3091 static int AddressTestCmp12(void)
3092 {
3093  DetectAddress *da = NULL, *db = NULL;
3094  int result = 1;
3095 
3096  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3097  if (da == NULL) goto error;
3098  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3099  if (db == NULL) goto error;
3100 
3101  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3102  result = 0;
3103 
3104  DetectAddressFree(da);
3105  DetectAddressFree(db);
3106  return result;
3107 
3108 error:
3109  if (da) DetectAddressFree(da);
3110  if (db) DetectAddressFree(db);
3111  return 0;
3112 }
3113 
3114 static int AddressTestAddressGroupSetup01(void)
3115 {
3116  int result = 0;
3117  DetectAddressHead *gh = DetectAddressHeadInit();
3118 
3119  if (gh != NULL) {
3120  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3121  if (r == 0)
3122  result = 1;
3123 
3124  DetectAddressHeadFree(gh);
3125  }
3126  return result;
3127 }
3128 
3129 static int AddressTestAddressGroupSetup02(void)
3130 {
3131  int result = 0;
3132  DetectAddressHead *gh = DetectAddressHeadInit();
3133 
3134  if (gh != NULL) {
3135  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3136  if (r == 0 && gh->ipv4_head != NULL)
3137  result = 1;
3138 
3139  DetectAddressHeadFree(gh);
3140  }
3141  return result;
3142 }
3143 
3144 static int AddressTestAddressGroupSetup03(void)
3145 {
3146  int result = 0;
3147  DetectAddressHead *gh = DetectAddressHeadInit();
3148 
3149  if (gh != NULL) {
3150  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3151  if (r == 0 && gh->ipv4_head != NULL) {
3152  DetectAddress *prev_head = gh->ipv4_head;
3153 
3154  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3155  if (r == 0 && gh->ipv4_head != prev_head &&
3156  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3157  result = 1;
3158  }
3159  }
3160 
3161  DetectAddressHeadFree(gh);
3162  }
3163  return result;
3164 }
3165 
3166 static int AddressTestAddressGroupSetup04(void)
3167 {
3168  int result = 0;
3169  DetectAddressHead *gh = DetectAddressHeadInit();
3170 
3171  if (gh != NULL) {
3172  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3173  if (r == 0 && gh->ipv4_head != NULL) {
3174  DetectAddress *prev_head = gh->ipv4_head;
3175 
3176  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3177  if (r == 0 && gh->ipv4_head != prev_head &&
3178  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3179  DetectAddress *ph = gh->ipv4_head;
3180 
3181  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3182  if (r == 0 && gh->ipv4_head != ph &&
3183  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3184  result = 1;
3185  }
3186  }
3187  }
3188 
3189  DetectAddressHeadFree(gh);
3190  }
3191  return result;
3192 }
3193 
3194 static int AddressTestAddressGroupSetup05(void)
3195 {
3196  int result = 0;
3197  DetectAddressHead *gh = DetectAddressHeadInit();
3198 
3199  if (gh != NULL) {
3200  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3201  if (r == 0 && gh->ipv4_head != NULL) {
3202  DetectAddress *prev_head = gh->ipv4_head;
3203 
3204  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3205  if (r == 0 && gh->ipv4_head == prev_head &&
3206  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3207  DetectAddress *ph = gh->ipv4_head;
3208 
3209  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3210  if (r == 0 && gh->ipv4_head == ph &&
3211  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3212  result = 1;
3213  }
3214  }
3215  }
3216 
3217  DetectAddressHeadFree(gh);
3218  }
3219  return result;
3220 }
3221 
3222 static int AddressTestAddressGroupSetup06(void)
3223 {
3224  int result = 0;
3225  DetectAddressHead *gh = DetectAddressHeadInit();
3226 
3227  if (gh != NULL) {
3228  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3229  if (r == 0 && gh->ipv4_head != NULL) {
3230  DetectAddress *prev_head = gh->ipv4_head;
3231 
3232  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3233  if (r == 0 && gh->ipv4_head == prev_head &&
3234  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3235  result = 1;
3236  }
3237  }
3238 
3239  DetectAddressHeadFree(gh);
3240  }
3241  return result;
3242 }
3243 
3244 static int AddressTestAddressGroupSetup07(void)
3245 {
3246  int result = 0;
3247  DetectAddressHead *gh = DetectAddressHeadInit();
3248 
3249  if (gh != NULL) {
3250  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3251  if (r == 0 && gh->ipv4_head != NULL) {
3252  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3253  if (r == 0 && gh->ipv4_head != NULL &&
3254  gh->ipv4_head->next != NULL &&
3255  gh->ipv4_head->next->next != NULL) {
3256  result = 1;
3257  }
3258  }
3259 
3260  DetectAddressHeadFree(gh);
3261  }
3262  return result;
3263 }
3264 
3265 static int AddressTestAddressGroupSetup08(void)
3266 {
3267  int result = 0;
3268  DetectAddressHead *gh = DetectAddressHeadInit();
3269 
3270  if (gh != NULL) {
3271  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3272  if (r == 0 && gh->ipv4_head != NULL) {
3273  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3274  if (r == 0 && gh->ipv4_head != NULL &&
3275  gh->ipv4_head->next != NULL &&
3276  gh->ipv4_head->next->next != NULL) {
3277  result = 1;
3278  }
3279  }
3280 
3281  DetectAddressHeadFree(gh);
3282  }
3283  return result;
3284 }
3285 
3286 static int AddressTestAddressGroupSetup09(void)
3287 {
3288  int result = 0;
3289  DetectAddressHead *gh = DetectAddressHeadInit();
3290 
3291  if (gh != NULL) {
3292  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3293  if (r == 0 && gh->ipv4_head != NULL) {
3294  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3295  if (r == 0 && gh->ipv4_head != NULL &&
3296  gh->ipv4_head->next != NULL &&
3297  gh->ipv4_head->next->next != NULL) {
3298  result = 1;
3299  }
3300  }
3301 
3302  DetectAddressHeadFree(gh);
3303  }
3304  return result;
3305 }
3306 
3307 static int AddressTestAddressGroupSetup10(void)
3308 {
3309  int result = 0;
3310  DetectAddressHead *gh = DetectAddressHeadInit();
3311 
3312  if (gh != NULL) {
3313  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3314  if (r == 0 && gh->ipv4_head != NULL) {
3315  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3316  if (r == 0 && gh->ipv4_head != NULL &&
3317  gh->ipv4_head->next != NULL &&
3318  gh->ipv4_head->next->next != NULL) {
3319  result = 1;
3320  }
3321  }
3322 
3323  DetectAddressHeadFree(gh);
3324  }
3325  return result;
3326 }
3327 
3328 static int AddressTestAddressGroupSetup11(void)
3329 {
3330  int result = 0;
3331  DetectAddressHead *gh = DetectAddressHeadInit();
3332 
3333  if (gh != NULL) {
3334  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3335  if (r == 0) {
3336  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3337  if (r == 0) {
3338  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3339  if (r == 0) {
3340  DetectAddress *one = gh->ipv4_head, *two = one->next,
3341  *three = two->next, *four = three->next,
3342  *five = four->next;
3343 
3344  /* result should be:
3345  * 0.0.0.0/10.10.9.255
3346  * 10.10.10.0/10.10.10.9
3347  * 10.10.10.10/10.10.10.255
3348  * 10.10.11.0/10.10.11.1
3349  * 10.10.11.2/255.255.255.255
3350  */
3351  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3352  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3353  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3354  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3355  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3356  result = 1;
3357  }
3358  }
3359  }
3360  }
3361 
3362  DetectAddressHeadFree(gh);
3363  }
3364  return result;
3365 }
3366 
3367 static int AddressTestAddressGroupSetup12 (void)
3368 {
3369  int result = 0;
3370  DetectAddressHead *gh = DetectAddressHeadInit();
3371 
3372  if (gh != NULL) {
3373  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3374  if (r == 0) {
3375  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3376  if (r == 0) {
3377  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3378  if (r == 0) {
3379  DetectAddress *one = gh->ipv4_head, *two = one->next,
3380  *three = two->next, *four = three->next,
3381  *five = four->next;
3382 
3383  /* result should be:
3384  * 0.0.0.0/10.10.9.255
3385  * 10.10.10.0/10.10.10.9
3386  * 10.10.10.10/10.10.10.255
3387  * 10.10.11.0/10.10.11.1
3388  * 10.10.11.2/255.255.255.255
3389  */
3390  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3391  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3392  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3393  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3394  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3395  result = 1;
3396  }
3397  }
3398  }
3399  }
3400 
3401  DetectAddressHeadFree(gh);
3402  }
3403  return result;
3404 }
3405 
3406 static int AddressTestAddressGroupSetup13(void)
3407 {
3408  int result = 0;
3409  DetectAddressHead *gh = DetectAddressHeadInit();
3410 
3411  if (gh != NULL) {
3412  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3413  if (r == 0) {
3414  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3415  if (r == 0) {
3416  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3417  if (r == 0) {
3418  DetectAddress *one = gh->ipv4_head, *two = one->next,
3419  *three = two->next, *four = three->next,
3420  *five = four->next;
3421 
3422  /* result should be:
3423  * 0.0.0.0/10.10.9.255
3424  * 10.10.10.0/10.10.10.9
3425  * 10.10.10.10/10.10.10.255
3426  * 10.10.11.0/10.10.11.1
3427  * 10.10.11.2/255.255.255.255
3428  */
3429  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3430  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3431  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3432  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3433  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3434  result = 1;
3435  }
3436  }
3437  }
3438  }
3439 
3440  DetectAddressHeadFree(gh);
3441  }
3442  return result;
3443 }
3444 
3445 static int AddressTestAddressGroupSetupIPv414(void)
3446 {
3447  DetectAddressHead *gh = DetectAddressHeadInit();
3448  FAIL_IF_NULL(gh);
3449 
3450  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3451  FAIL_IF_NOT(r == 1);
3452 
3453  DetectAddress *one = gh->ipv4_head;
3454  FAIL_IF_NULL(one);
3455  DetectAddress *two = one->next;
3456  FAIL_IF_NULL(two);
3457 
3458  /* result should be:
3459  * 0.0.0.0/1.2.3.3
3460  * 1.2.3.5/255.255.255.255
3461  */
3462  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3463  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3464  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3465  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3466  DetectAddressHeadFree(gh);
3467 
3468  PASS;
3469 }
3470 
3471 static int AddressTestAddressGroupSetupIPv415(void)
3472 {
3473  DetectAddressHead *gh = DetectAddressHeadInit();
3474  FAIL_IF_NULL(gh);
3475 
3476  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3477  FAIL_IF_NOT(r == 1);
3478 
3479  DetectAddress *one = gh->ipv4_head;
3480  FAIL_IF_NULL(one);
3481  FAIL_IF_NOT_NULL(one->next);
3482 
3483  /* result should be:
3484  * 0.0.0.1/255.255.255.255
3485  */
3486  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3487  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3488 
3489  DetectAddressHeadFree(gh);
3490  PASS;
3491 }
3492 
3493 static int AddressTestAddressGroupSetupIPv416(void)
3494 {
3495  DetectAddressHead *gh = DetectAddressHeadInit();
3496  FAIL_IF_NULL(gh);
3497 
3498  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3499  FAIL_IF_NOT(r == 1);
3500 
3501  DetectAddress *one = gh->ipv4_head;
3502  FAIL_IF_NULL(one);
3503  FAIL_IF_NOT_NULL(one->next);
3504 
3505  /* result should be:
3506  * 0.0.0.0/255.255.255.254
3507  */
3508  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3509  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3510 
3511  DetectAddressHeadFree(gh);
3512  PASS;
3513 }
3514 
3515 static int AddressTestAddressGroupSetup14(void)
3516 {
3517  int result = 0;
3518  DetectAddressHead *gh = DetectAddressHeadInit();
3519 
3520  if (gh != NULL) {
3521  int r = DetectAddressParse(NULL, gh, "2001::1");
3522  if (r == 0)
3523  result = 1;
3524 
3525  DetectAddressHeadFree(gh);
3526  }
3527  return result;
3528 }
3529 
3530 static int AddressTestAddressGroupSetup15(void)
3531 {
3532  int result = 0;
3533  DetectAddressHead *gh = DetectAddressHeadInit();
3534 
3535  if (gh != NULL) {
3536  int r = DetectAddressParse(NULL, gh, "2001::1");
3537  if (r == 0 && gh->ipv6_head != NULL)
3538  result = 1;
3539 
3540  DetectAddressHeadFree(gh);
3541  }
3542  return result;
3543 }
3544 
3545 static int AddressTestAddressGroupSetup16(void)
3546 {
3547  int result = 0;
3548  DetectAddressHead *gh = DetectAddressHeadInit();
3549 
3550  if (gh != NULL) {
3551  int r = DetectAddressParse(NULL, gh, "2001::4");
3552  if (r == 0 && gh->ipv6_head != NULL) {
3553  DetectAddress *prev_head = gh->ipv6_head;
3554 
3555  r = DetectAddressParse(NULL, gh, "2001::3");
3556  if (r == 0 && gh->ipv6_head != prev_head &&
3557  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3558  result = 1;
3559  }
3560  }
3561 
3562  DetectAddressHeadFree(gh);
3563  }
3564  return result;
3565 }
3566 
3567 static int AddressTestAddressGroupSetup17(void)
3568 {
3569  int result = 0;
3570  DetectAddressHead *gh = DetectAddressHeadInit();
3571 
3572  if (gh != NULL) {
3573  int r = DetectAddressParse(NULL, gh, "2001::4");
3574  if (r == 0 && gh->ipv6_head != NULL) {
3575  DetectAddress *prev_head = gh->ipv6_head;
3576 
3577  r = DetectAddressParse(NULL, gh, "2001::3");
3578  if (r == 0 && gh->ipv6_head != prev_head &&
3579  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3580  DetectAddress *ph = gh->ipv6_head;
3581 
3582  r = DetectAddressParse(NULL, gh, "2001::2");
3583  if (r == 0 && gh->ipv6_head != ph &&
3584  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3585  result = 1;
3586  }
3587  }
3588  }
3589 
3590  DetectAddressHeadFree(gh);
3591  }
3592  return result;
3593 }
3594 
3595 static int AddressTestAddressGroupSetup18(void)
3596 {
3597  int result = 0;
3598  DetectAddressHead *gh = DetectAddressHeadInit();
3599 
3600  if (gh != NULL) {
3601  int r = DetectAddressParse(NULL, gh, "2001::2");
3602  if (r == 0 && gh->ipv6_head != NULL) {
3603  DetectAddress *prev_head = gh->ipv6_head;
3604 
3605  r = DetectAddressParse(NULL, gh, "2001::3");
3606  if (r == 0 && gh->ipv6_head == prev_head &&
3607  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3608  DetectAddress *ph = gh->ipv6_head;
3609 
3610  r = DetectAddressParse(NULL, gh, "2001::4");
3611  if (r == 0 && gh->ipv6_head == ph &&
3612  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3613  result = 1;
3614  }
3615  }
3616  }
3617 
3618  DetectAddressHeadFree(gh);
3619  }
3620  return result;
3621 }
3622 
3623 static int AddressTestAddressGroupSetup19(void)
3624 {
3625  int result = 0;
3626  DetectAddressHead *gh = DetectAddressHeadInit();
3627 
3628  if (gh != NULL) {
3629  int r = DetectAddressParse(NULL, gh, "2001::2");
3630  if (r == 0 && gh->ipv6_head != NULL) {
3631  DetectAddress *prev_head = gh->ipv6_head;
3632 
3633  r = DetectAddressParse(NULL, gh, "2001::2");
3634  if (r == 0 && gh->ipv6_head == prev_head &&
3635  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3636  result = 1;
3637  }
3638  }
3639 
3640  DetectAddressHeadFree(gh);
3641  }
3642  return result;
3643 }
3644 
3645 static int AddressTestAddressGroupSetup20(void)
3646 {
3647  int result = 0;
3648  DetectAddressHead *gh = DetectAddressHeadInit();
3649 
3650  if (gh != NULL) {
3651  int r = DetectAddressParse(NULL, gh, "2000::/3");
3652  if (r == 0 && gh->ipv6_head != NULL) {
3653  r = DetectAddressParse(NULL, gh, "2001::4");
3654  if (r == 0 && gh->ipv6_head != NULL &&
3655  gh->ipv6_head->next != NULL &&
3656  gh->ipv6_head->next->next != NULL) {
3657  result = 1;
3658  }
3659  }
3660 
3661  DetectAddressHeadFree(gh);
3662  }
3663  return result;
3664 }
3665 
3666 static int AddressTestAddressGroupSetup21(void)
3667 {
3668  int result = 0;
3669  DetectAddressHead *gh = DetectAddressHeadInit();
3670 
3671  if (gh != NULL) {
3672  int r = DetectAddressParse(NULL, gh, "2001::4");
3673  if (r == 0 && gh->ipv6_head != NULL) {
3674  r = DetectAddressParse(NULL, gh, "2000::/3");
3675  if (r == 0 && gh->ipv6_head != NULL &&
3676  gh->ipv6_head->next != NULL &&
3677  gh->ipv6_head->next->next != NULL) {
3678  result = 1;
3679  }
3680  }
3681 
3682  DetectAddressHeadFree(gh);
3683  }
3684  return result;
3685 }
3686 
3687 static int AddressTestAddressGroupSetup22(void)
3688 {
3689  int result = 0;
3690  DetectAddressHead *gh = DetectAddressHeadInit();
3691 
3692  if (gh != NULL) {
3693  int r = DetectAddressParse(NULL, gh, "2000::/3");
3694  if (r == 0 && gh->ipv6_head != NULL) {
3695  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3696  if (r == 0 && gh->ipv6_head != NULL &&
3697  gh->ipv6_head->next != NULL &&
3698  gh->ipv6_head->next->next != NULL) {
3699  result = 1;
3700  }
3701  }
3702 
3703  DetectAddressHeadFree(gh);
3704  }
3705  return result;
3706 }
3707 
3708 static int AddressTestAddressGroupSetup23(void)
3709 {
3710  int result = 0;
3711  DetectAddressHead *gh = DetectAddressHeadInit();
3712 
3713  if (gh != NULL) {
3714  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3715  if (r == 0 && gh->ipv6_head != NULL) {
3716  r = DetectAddressParse(NULL, gh, "2000::/3");
3717  if (r == 0 && gh->ipv6_head != NULL &&
3718  gh->ipv6_head->next != NULL &&
3719  gh->ipv6_head->next->next != NULL) {
3720  result = 1;
3721  }
3722  }
3723 
3724  DetectAddressHeadFree(gh);
3725  }
3726  return result;
3727 }
3728 
3729 static int AddressTestAddressGroupSetup24(void)
3730 {
3731  int result = 0;
3732  DetectAddressHead *gh = DetectAddressHeadInit();
3733 
3734  if (gh != NULL) {
3735  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3736  if (r == 0) {
3737  r = DetectAddressParse(NULL, gh, "2001::/3");
3738  if (r == 0) {
3739  r = DetectAddressParse(NULL, gh, "::/0");
3740  if (r == 0) {
3741  DetectAddress *one = gh->ipv6_head, *two = one->next,
3742  *three = two->next, *four = three->next,
3743  *five = four->next;
3744  if (one->ip.addr_data32[0] == 0x00000000 &&
3745  one->ip.addr_data32[1] == 0x00000000 &&
3746  one->ip.addr_data32[2] == 0x00000000 &&
3747  one->ip.addr_data32[3] == 0x00000000 &&
3748  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3749  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3750  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3751  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3752 
3753  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3754  two->ip.addr_data32[1] == 0x00000000 &&
3755  two->ip.addr_data32[2] == 0x00000000 &&
3756  two->ip.addr_data32[3] == 0x00000000 &&
3757  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3758  two->ip2.addr_data32[1] == 0x00000000 &&
3759  two->ip2.addr_data32[2] == 0x00000000 &&
3760  two->ip2.addr_data32[3] == SCNtohl(3) &&
3761 
3762  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3763  three->ip.addr_data32[1] == 0x00000000 &&
3764  three->ip.addr_data32[2] == 0x00000000 &&
3765  three->ip.addr_data32[3] == SCNtohl(4) &&
3766  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3767  three->ip2.addr_data32[1] == 0x00000000 &&
3768  three->ip2.addr_data32[2] == 0x00000000 &&
3769  three->ip2.addr_data32[3] == SCNtohl(6) &&
3770 
3771  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3772  four->ip.addr_data32[1] == 0x00000000 &&
3773  four->ip.addr_data32[2] == 0x00000000 &&
3774  four->ip.addr_data32[3] == SCNtohl(7) &&
3775  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3776  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3777  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3778  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3779 
3780  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3781  five->ip.addr_data32[1] == 0x00000000 &&
3782  five->ip.addr_data32[2] == 0x00000000 &&
3783  five->ip.addr_data32[3] == 0x00000000 &&
3784  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3785  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3786  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3787  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3788  result = 1;
3789  }
3790  }
3791  }
3792  }
3793 
3794  DetectAddressHeadFree(gh);
3795  }
3796  return result;
3797 }
3798 
3799 static int AddressTestAddressGroupSetup25(void)
3800 {
3801  int result = 0;
3802  DetectAddressHead *gh = DetectAddressHeadInit();
3803 
3804  if (gh != NULL) {
3805  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3806  if (r == 0) {
3807  r = DetectAddressParse(NULL, gh, "::/0");
3808  if (r == 0) {
3809  r = DetectAddressParse(NULL, gh, "2001::/3");
3810  if (r == 0) {
3811  DetectAddress *one = gh->ipv6_head, *two = one->next,
3812  *three = two->next, *four = three->next,
3813  *five = four->next;
3814  if (one->ip.addr_data32[0] == 0x00000000 &&
3815  one->ip.addr_data32[1] == 0x00000000 &&
3816  one->ip.addr_data32[2] == 0x00000000 &&
3817  one->ip.addr_data32[3] == 0x00000000 &&
3818  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3819  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3820  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3821  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3822 
3823  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3824  two->ip.addr_data32[1] == 0x00000000 &&
3825  two->ip.addr_data32[2] == 0x00000000 &&
3826  two->ip.addr_data32[3] == 0x00000000 &&
3827  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3828  two->ip2.addr_data32[1] == 0x00000000 &&
3829  two->ip2.addr_data32[2] == 0x00000000 &&
3830  two->ip2.addr_data32[3] == SCNtohl(3) &&
3831 
3832  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3833  three->ip.addr_data32[1] == 0x00000000 &&
3834  three->ip.addr_data32[2] == 0x00000000 &&
3835  three->ip.addr_data32[3] == SCNtohl(4) &&
3836  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3837  three->ip2.addr_data32[1] == 0x00000000 &&
3838  three->ip2.addr_data32[2] == 0x00000000 &&
3839  three->ip2.addr_data32[3] == SCNtohl(6) &&
3840 
3841  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3842  four->ip.addr_data32[1] == 0x00000000 &&
3843  four->ip.addr_data32[2] == 0x00000000 &&
3844  four->ip.addr_data32[3] == SCNtohl(7) &&
3845  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3846  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3847  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3848  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3849 
3850  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3851  five->ip.addr_data32[1] == 0x00000000 &&
3852  five->ip.addr_data32[2] == 0x00000000 &&
3853  five->ip.addr_data32[3] == 0x00000000 &&
3854  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3855  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3856  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3857  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3858  result = 1;
3859  }
3860  }
3861  }
3862  }
3863 
3864  DetectAddressHeadFree(gh);
3865  }
3866  return result;
3867 }
3868 
3869 static int AddressTestAddressGroupSetup26(void)
3870 {
3871  int result = 0;
3872  DetectAddressHead *gh = DetectAddressHeadInit();
3873 
3874  if (gh != NULL) {
3875  int r = DetectAddressParse(NULL, gh, "::/0");
3876  if (r == 0) {
3877  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3878  if (r == 0) {
3879  r = DetectAddressParse(NULL, gh, "2001::/3");
3880  if (r == 0) {
3881  DetectAddress *one = gh->ipv6_head, *two = one->next,
3882  *three = two->next, *four = three->next,
3883  *five = four->next;
3884  if (one->ip.addr_data32[0] == 0x00000000 &&
3885  one->ip.addr_data32[1] == 0x00000000 &&
3886  one->ip.addr_data32[2] == 0x00000000 &&
3887  one->ip.addr_data32[3] == 0x00000000 &&
3888  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3889  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3890  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3891  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3892 
3893  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3894  two->ip.addr_data32[1] == 0x00000000 &&
3895  two->ip.addr_data32[2] == 0x00000000 &&
3896  two->ip.addr_data32[3] == 0x00000000 &&
3897  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3898  two->ip2.addr_data32[1] == 0x00000000 &&
3899  two->ip2.addr_data32[2] == 0x00000000 &&
3900  two->ip2.addr_data32[3] == SCNtohl(3) &&
3901 
3902  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3903  three->ip.addr_data32[1] == 0x00000000 &&
3904  three->ip.addr_data32[2] == 0x00000000 &&
3905  three->ip.addr_data32[3] == SCNtohl(4) &&
3906  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3907  three->ip2.addr_data32[1] == 0x00000000 &&
3908  three->ip2.addr_data32[2] == 0x00000000 &&
3909  three->ip2.addr_data32[3] == SCNtohl(6) &&
3910 
3911  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3912  four->ip.addr_data32[1] == 0x00000000 &&
3913  four->ip.addr_data32[2] == 0x00000000 &&
3914  four->ip.addr_data32[3] == SCNtohl(7) &&
3915  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3916  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3917  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3918  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3919 
3920  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3921  five->ip.addr_data32[1] == 0x00000000 &&
3922  five->ip.addr_data32[2] == 0x00000000 &&
3923  five->ip.addr_data32[3] == 0x00000000 &&
3924  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3925  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3926  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3927  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3928  result = 1;
3929  }
3930  }
3931  }
3932  }
3933 
3934  DetectAddressHeadFree(gh);
3935  }
3936  return result;
3937 }
3938 
3939 static int AddressTestAddressGroupSetup27(void)
3940 {
3941  int result = 0;
3942  DetectAddressHead *gh = DetectAddressHeadInit();
3943 
3944  if (gh != NULL) {
3945  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3946  if (r == 0)
3947  result = 1;
3948 
3949  DetectAddressHeadFree(gh);
3950  }
3951  return result;
3952 }
3953 
3954 static int AddressTestAddressGroupSetup28(void)
3955 {
3956  int result = 0;
3957  DetectAddressHead *gh = DetectAddressHeadInit();
3958 
3959  if (gh != NULL) {
3960  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3961  if (r == 0)
3962  result = 1;
3963 
3964  DetectAddressHeadFree(gh);
3965  }
3966  return result;
3967 }
3968 
3969 static int AddressTestAddressGroupSetup29(void)
3970 {
3971  int result = 0;
3972  DetectAddressHead *gh = DetectAddressHeadInit();
3973 
3974  if (gh != NULL) {
3975  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3976  if (r == 0)
3977  result = 1;
3978 
3979  DetectAddressHeadFree(gh);
3980  }
3981  return result;
3982 }
3983 
3984 static int AddressTestAddressGroupSetup30(void)
3985 {
3986  int result = 0;
3987  DetectAddressHead *gh = DetectAddressHeadInit();
3988 
3989  if (gh != NULL) {
3990  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3991  if (r == 0)
3992  result = 1;
3993 
3994  DetectAddressHeadFree(gh);
3995  }
3996  return result;
3997 }
3998 
3999 static int AddressTestAddressGroupSetup31(void)
4000 {
4001  int result = 0;
4002  DetectAddressHead *gh = DetectAddressHeadInit();
4003 
4004  if (gh != NULL) {
4005  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4006  if (r == 0)
4007  result = 1;
4008 
4009  DetectAddressHeadFree(gh);
4010  }
4011  return result;
4012 }
4013 
4014 static int AddressTestAddressGroupSetup32(void)
4015 {
4016  int result = 0;
4017  DetectAddressHead *gh = DetectAddressHeadInit();
4018 
4019  if (gh != NULL) {
4020  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4021  if (r == 0)
4022  result = 1;
4023 
4024  DetectAddressHeadFree(gh);
4025  }
4026  return result;
4027 }
4028 
4029 static int AddressTestAddressGroupSetup33(void)
4030 {
4031  int result = 0;
4032  DetectAddressHead *gh = DetectAddressHeadInit();
4033 
4034  if (gh != NULL) {
4035  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4036  if (r == 1)
4037  result = 1;
4038 
4039  DetectAddressHeadFree(gh);
4040  }
4041  return result;
4042 }
4043 
4044 static int AddressTestAddressGroupSetup34(void)
4045 {
4046  int result = 0;
4047  DetectAddressHead *gh = DetectAddressHeadInit();
4048 
4049  if (gh != NULL) {
4050  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4051  if (r == 1)
4052  result = 1;
4053 
4054  DetectAddressHeadFree(gh);
4055  }
4056  return result;
4057 }
4058 
4059 static int AddressTestAddressGroupSetup35(void)
4060 {
4061  int result = 0;
4062  DetectAddressHead *gh = DetectAddressHeadInit();
4063 
4064  if (gh != NULL) {
4065  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4066  if (r == 1)
4067  result = 1;
4068 
4069  DetectAddressHeadFree(gh);
4070  }
4071  return result;
4072 }
4073 
4074 static int AddressTestAddressGroupSetup36 (void)
4075 {
4076  int result = 0;
4077 
4078  DetectAddressHead *gh = DetectAddressHeadInit();
4079  if (gh != NULL) {
4080  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4081  if (r == 1)
4082  result = 1;
4083 
4084  DetectAddressHeadFree(gh);
4085  }
4086  return result;
4087 }
4088 
4089 static int AddressTestAddressGroupSetup37(void)
4090 {
4091  int result = 0;
4092  DetectAddressHead *gh = DetectAddressHeadInit();
4093 
4094  if (gh != NULL) {
4095  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4096  if (r == 0)
4097  result = 1;
4098 
4099  DetectAddressHeadFree(gh);
4100  }
4101  return result;
4102 }
4103 
4104 static int AddressTestAddressGroupSetup38(void)
4105 {
4106  UTHValidateDetectAddressHeadRange expectations[3] = {
4107  { "0.0.0.0", "192.167.255.255" },
4108  { "192.168.14.0", "192.168.14.255" },
4109  { "192.169.0.0", "255.255.255.255" } };
4110  int result = 0;
4111  DetectAddressHead *gh = DetectAddressHeadInit();
4112 
4113  if (gh != NULL) {
4114  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4115  if (r == 1) {
4116  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4117  result = 1;
4118  }
4119 
4120  DetectAddressHeadFree(gh);
4121  }
4122  return result;
4123 }
4124 
4125 static int AddressTestAddressGroupSetup39(void)
4126 {
4127  UTHValidateDetectAddressHeadRange expectations[3] = {
4128  { "0.0.0.0", "192.167.255.255" },
4129  { "192.168.14.0", "192.168.14.255" },
4130  { "192.169.0.0", "255.255.255.255" } };
4131  int result = 0;
4132  DetectAddressHead *gh = DetectAddressHeadInit();
4133 
4134  if (gh != NULL) {
4135  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4136  if (r == 1) {
4137  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4138  result = 1;
4139  }
4140 
4141  DetectAddressHeadFree(gh);
4142  }
4143  return result;
4144 }
4145 
4146 static int AddressTestAddressGroupSetup40(void)
4147 {
4148  UTHValidateDetectAddressHeadRange expectations[3] = {
4149  { "0.0.0.0", "192.167.255.255" },
4150  { "192.168.14.0", "192.168.14.255" },
4151  { "192.169.0.0", "255.255.255.255" } };
4152  int result = 0;
4153  DetectAddressHead *gh = DetectAddressHeadInit();
4154  if (gh != NULL) {
4155  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4156  if (r == 1) {
4157  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4158  result = 1;
4159  }
4160 
4161  DetectAddressHeadFree(gh);
4162  }
4163  return result;
4164 }
4165 
4166 static int AddressTestAddressGroupSetup41(void)
4167 {
4168  UTHValidateDetectAddressHeadRange expectations[3] = {
4169  { "0.0.0.0", "192.167.255.255" },
4170  { "192.168.14.0", "192.168.14.255" },
4171  { "192.169.0.0", "255.255.255.255" } };
4172  int result = 0;
4173  DetectAddressHead *gh = DetectAddressHeadInit();
4174  if (gh != NULL) {
4175  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4176  if (r == 1) {
4177  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4178  result = 1;
4179  }
4180 
4181  DetectAddressHeadFree(gh);
4182  }
4183  return result;
4184 }
4185 
4186 static int AddressTestAddressGroupSetup42(void)
4187 {
4188  UTHValidateDetectAddressHeadRange expectations[1] = {
4189  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4190  int result = 0;
4191  DetectAddressHead *gh = DetectAddressHeadInit();
4192  if (gh != NULL) {
4193  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4194  if (r == 0) {
4195  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4196  result = 1;
4197  }
4198 
4199  DetectAddressHeadFree(gh);
4200  }
4201  return result;
4202 }
4203 
4204 static int AddressTestAddressGroupSetup43(void)
4205 {
4206  UTHValidateDetectAddressHeadRange expectations[2] = {
4207  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4208  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4209  int result = 0;
4210  DetectAddressHead *gh = DetectAddressHeadInit();
4211  if (gh != NULL) {
4212  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4213  if (r == 1) {
4214  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4215  result = 1;
4216  }
4217 
4218  DetectAddressHeadFree(gh);
4219  }
4220  return result;
4221 }
4222 
4223 static int AddressTestAddressGroupSetup44(void)
4224 {
4225  UTHValidateDetectAddressHeadRange expectations[2] = {
4226  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4227  int result = 0;
4228  DetectAddressHead *gh = DetectAddressHeadInit();
4229  if (gh != NULL) {
4230  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4231  if (r == 0) {
4232  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4233  result = 1;
4234  }
4235 
4236  DetectAddressHeadFree(gh);
4237  }
4238  return result;
4239 }
4240 
4241 static int AddressTestAddressGroupSetup45(void)
4242 {
4243  int result = 0;
4244  DetectAddressHead *gh = DetectAddressHeadInit();
4245  if (gh != NULL) {
4246  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4247  if (r != 0) {
4248  result = 1;
4249  }
4250 
4251  DetectAddressHeadFree(gh);
4252  }
4253  return result;
4254 }
4255 
4256 static int AddressTestAddressGroupSetup46(void)
4257 {
4258  UTHValidateDetectAddressHeadRange expectations[4] = {
4259  { "0.0.0.0", "192.167.255.255" },
4260  { "192.168.1.0", "192.168.1.255" },
4261  { "192.168.3.0", "192.168.3.255" },
4262  { "192.169.0.0", "255.255.255.255" } };
4263  int result = 0;
4264  DetectAddressHead *gh = DetectAddressHeadInit();
4265  if (gh != NULL) {
4266  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4267  if (r == 1) {
4268  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4269  result = 1;
4270  }
4271 
4272  DetectAddressHeadFree(gh);
4273  }
4274  return result;
4275 }
4276 
4277 /** \test net with some negations, then all negated */
4278 static int AddressTestAddressGroupSetup47(void)
4279 {
4280  UTHValidateDetectAddressHeadRange expectations[5] = {
4281  { "0.0.0.0", "192.167.255.255" },
4282  { "192.168.1.0", "192.168.1.255" },
4283  { "192.168.3.0", "192.168.3.255" },
4284  { "192.168.5.0", "192.168.5.255" },
4285  { "192.169.0.0", "255.255.255.255" } };
4286  int result = 0;
4287  DetectAddressHead *gh = DetectAddressHeadInit();
4288  if (gh != NULL) {
4289  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4290  if (r == 1) {
4291  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4292  result = 1;
4293  }
4294 
4295  DetectAddressHeadFree(gh);
4296  }
4297  return result;
4298 }
4299 
4300 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4301 static int AddressTestAddressGroupSetup48(void)
4302 {
4303  UTHValidateDetectAddressHeadRange expectations[4] = {
4304  { "192.168.0.0", "192.168.0.255" },
4305  { "192.168.2.0", "192.168.2.255" },
4306  { "192.168.4.0", "192.168.4.255" },
4307  { "192.168.6.0", "192.168.255.255" } };
4308  int result = 0;
4309  DetectAddressHead *gh = DetectAddressHeadInit();
4310  if (gh != NULL) {
4311  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4312  if (r == 1) {
4313  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4314  result = 1;
4315  }
4316 
4317  DetectAddressHeadFree(gh);
4318  }
4319  return result;
4320 }
4321 
4322 static int AddressTestCutIPv401(void)
4323 {
4324  DetectAddress *c;
4325  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4326  FAIL_IF_NULL(a);
4327  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4328  FAIL_IF_NULL(b);
4329 
4330  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4331 
4332  DetectAddressFree(a);
4333  DetectAddressFree(b);
4334  DetectAddressFree(c);
4335  PASS;
4336 }
4337 
4338 static int AddressTestCutIPv402(void)
4339 {
4340  DetectAddress *a, *b, *c = NULL;
4341  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4342  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4343 
4344  if (DetectAddressCut(NULL, a, b, &c) == -1)
4345  goto error;
4346 
4347  if (c == NULL)
4348  goto error;
4349 
4350  DetectAddressFree(a);
4351  DetectAddressFree(b);
4352  DetectAddressFree(c);
4353  return 1;
4354 
4355 error:
4356  DetectAddressFree(a);
4357  DetectAddressFree(b);
4358  DetectAddressFree(c);
4359  return 0;
4360 }
4361 
4362 static int AddressTestCutIPv403(void)
4363 {
4364  DetectAddress *a, *b, *c = NULL;
4365  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4366  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4367 
4368  if (DetectAddressCut(NULL, a, b, &c) == -1)
4369  goto error;
4370 
4371  if (c == NULL)
4372  goto error;
4373 
4374  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4375  goto error;
4376  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4377  goto error;
4378  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4379  goto error;
4380 
4381  DetectAddressFree(a);
4382  DetectAddressFree(b);
4383  DetectAddressFree(c);
4384  return 1;
4385 
4386 error:
4387  DetectAddressFree(a);
4388  DetectAddressFree(b);
4389  DetectAddressFree(c);
4390  return 0;
4391 }
4392 
4393 static int AddressTestCutIPv404(void)
4394 {
4395  DetectAddress *a, *b, *c = NULL;
4396  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4397  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4398 
4399  if (DetectAddressCut(NULL, a, b, &c) == -1)
4400  goto error;
4401 
4402  if (c == NULL)
4403  goto error;
4404 
4405  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4406  goto error;
4407  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4408  goto error;
4409  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4410  goto error;
4411 
4412 
4413  DetectAddressFree(a);
4414  DetectAddressFree(b);
4415  DetectAddressFree(c);
4416  return 1;
4417 
4418 error:
4419  DetectAddressFree(a);
4420  DetectAddressFree(b);
4421  DetectAddressFree(c);
4422  return 0;
4423 }
4424 
4425 static int AddressTestCutIPv405(void)
4426 {
4427  DetectAddress *a, *b, *c = NULL;
4428  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4429  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4430 
4431  if (DetectAddressCut(NULL, a, b, &c) == -1)
4432  goto error;
4433 
4434  if (c == NULL)
4435  goto error;
4436 
4437  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4438  goto error;
4439  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4440  goto error;
4441  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4442  goto error;
4443 
4444  DetectAddressFree(a);
4445  DetectAddressFree(b);
4446  DetectAddressFree(c);
4447  return 1;
4448 
4449 error:
4450  DetectAddressFree(a);
4451  DetectAddressFree(b);
4452  DetectAddressFree(c);
4453  return 0;
4454 }
4455 
4456 static int AddressTestCutIPv406(void)
4457 {
4458  DetectAddress *a, *b, *c = NULL;
4459  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4460  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4461 
4462  if (DetectAddressCut(NULL, a, b, &c) == -1)
4463  goto error;
4464 
4465  if (c == NULL)
4466  goto error;
4467 
4468  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4469  goto error;
4470  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4471  goto error;
4472  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4473  goto error;
4474 
4475  DetectAddressFree(a);
4476  DetectAddressFree(b);
4477  DetectAddressFree(c);
4478  return 1;
4479 
4480 error:
4481  DetectAddressFree(a);
4482  DetectAddressFree(b);
4483  DetectAddressFree(c);
4484  return 0;
4485 }
4486 
4487 static int AddressTestCutIPv407(void)
4488 {
4489  DetectAddress *a, *b, *c = NULL;
4490  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4491  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4492 
4493  if (DetectAddressCut(NULL, a, b, &c) == -1)
4494  goto error;
4495 
4496  if (c != NULL)
4497  goto error;
4498 
4499  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4500  goto error;
4501  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4502  goto error;
4503 
4504  DetectAddressFree(a);
4505  DetectAddressFree(b);
4506  DetectAddressFree(c);
4507  return 1;
4508 
4509 error:
4510  DetectAddressFree(a);
4511  DetectAddressFree(b);
4512  DetectAddressFree(c);
4513  return 0;
4514 }
4515 
4516 static int AddressTestCutIPv408(void)
4517 {
4518  DetectAddress *a, *b, *c = NULL;
4519  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4520  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4521 
4522  if (DetectAddressCut(NULL, a, b, &c) == -1)
4523  goto error;
4524 
4525  if (c != NULL)
4526  goto error;
4527 
4528  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4529  goto error;
4530  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4531  goto error;
4532 
4533  DetectAddressFree(a);
4534  DetectAddressFree(b);
4535  DetectAddressFree(c);
4536  return 1;
4537 
4538 error:
4539  DetectAddressFree(a);
4540  DetectAddressFree(b);
4541  DetectAddressFree(c);
4542  return 0;
4543 }
4544 
4545 static int AddressTestCutIPv409(void)
4546 {
4547  DetectAddress *a, *b, *c = NULL;
4548  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4549  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4550 
4551  if (DetectAddressCut(NULL, a, b, &c) == -1)
4552  goto error;
4553 
4554  if (c != NULL)
4555  goto error;
4556 
4557  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4558  goto error;
4559  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4560  goto error;
4561 
4562  DetectAddressFree(a);
4563  DetectAddressFree(b);
4564  DetectAddressFree(c);
4565  return 1;
4566 
4567 error:
4568  DetectAddressFree(a);
4569  DetectAddressFree(b);
4570  DetectAddressFree(c);
4571  return 0;
4572 }
4573 
4574 static int AddressTestCutIPv410(void)
4575 {
4576  DetectAddress *a, *b, *c = NULL;
4577  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4578  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4579 
4580  if (DetectAddressCut(NULL, a, b, &c) == -1)
4581  goto error;
4582 
4583  if (c != NULL)
4584  goto error;
4585 
4586  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4587  goto error;
4588  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4589  goto error;
4590 
4591  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4592 
4593  DetectAddressFree(a);
4594  DetectAddressFree(b);
4595  DetectAddressFree(c);
4596  return 1;
4597 
4598 error:
4599  DetectAddressFree(a);
4600  DetectAddressFree(b);
4601  DetectAddressFree(c);
4602  return 0;
4603 }
4604 
4605 static int AddressTestParseInvalidMask01(void)
4606 {
4607  int result = 1;
4608  DetectAddress *dd = NULL;
4609 
4610  dd = DetectAddressParseSingle("192.168.2.0/33");
4611  if (dd != NULL) {
4612  DetectAddressFree(dd);
4613  result = 0;
4614  }
4615  return result;
4616 }
4617 
4618 static int AddressTestParseInvalidMask02(void)
4619 {
4620  int result = 1;
4621  DetectAddress *dd = NULL;
4622 
4623  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4624  if (dd != NULL) {
4625  DetectAddressFree(dd);
4626  result = 0;
4627  }
4628  return result;
4629 }
4630 
4631 static int AddressTestParseInvalidMask03(void)
4632 {
4633  int result = 1;
4634  DetectAddress *dd = NULL;
4635 
4636  dd = DetectAddressParseSingle("192.168.2.0/blue");
4637  if (dd != NULL) {
4638  DetectAddressFree(dd);
4639  result = 0;
4640  }
4641  return result;
4642 }
4643 
4644 static int AddressConfVarsTest01(void)
4645 {
4646  static const char *dummy_conf_string =
4647  "%YAML 1.1\n"
4648  "---\n"
4649  "\n"
4650  "vars:\n"
4651  "\n"
4652  " address-groups:\n"
4653  "\n"
4654  " HOME_NET: \"any\"\n"
4655  "\n"
4656  " EXTERNAL_NET: \"!any\"\n"
4657  "\n"
4658  " port-groups:\n"
4659  "\n"
4660  " HTTP_PORTS: \"any\"\n"
4661  "\n"
4662  " SHELLCODE_PORTS: \"!any\"\n"
4663  "\n";
4664 
4665  int result = 0;
4666 
4667  SCConfCreateContextBackup();
4668  SCConfInit();
4669  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4670 
4671  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4672  result = 1;
4673 
4674  SCConfDeInit();
4675  SCConfRestoreContextBackup();
4676 
4677  return result;
4678 }
4679 
4680 static int AddressConfVarsTest02(void)
4681 {
4682  static const char *dummy_conf_string =
4683  "%YAML 1.1\n"
4684  "---\n"
4685  "\n"
4686  "vars:\n"
4687  "\n"
4688  " address-groups:\n"
4689  "\n"
4690  " HOME_NET: \"any\"\n"
4691  "\n"
4692  " EXTERNAL_NET: \"any\"\n"
4693  "\n"
4694  " port-groups:\n"
4695  "\n"
4696  " HTTP_PORTS: \"any\"\n"
4697  "\n"
4698  " SHELLCODE_PORTS: \"!any\"\n"
4699  "\n";
4700 
4701  int result = 0;
4702 
4703  SCConfCreateContextBackup();
4704  SCConfInit();
4705  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4706 
4707  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4708  result = 1;
4709 
4710  SCConfDeInit();
4711  SCConfRestoreContextBackup();
4712 
4713  return result;
4714 }
4715 
4716 static int AddressConfVarsTest03(void)
4717 {
4718  static const char *dummy_conf_string =
4719  "%YAML 1.1\n"
4720  "---\n"
4721  "\n"
4722  "vars:\n"
4723  "\n"
4724  " address-groups:\n"
4725  "\n"
4726  " HOME_NET: \"any\"\n"
4727  "\n"
4728  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4729  "\n"
4730  " port-groups:\n"
4731  "\n"
4732  " HTTP_PORTS: \"any\"\n"
4733  "\n"
4734  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4735  "\n";
4736 
4737  int result = 0;
4738 
4739  SCConfCreateContextBackup();
4740  SCConfInit();
4741  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4742 
4743  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4744  result = 1;
4745 
4746  SCConfDeInit();
4747  SCConfRestoreContextBackup();
4748 
4749  return result;
4750 }
4751 
4752 static int AddressConfVarsTest04(void)
4753 {
4754  static const char *dummy_conf_string =
4755  "%YAML 1.1\n"
4756  "---\n"
4757  "\n"
4758  "vars:\n"
4759  "\n"
4760  " address-groups:\n"
4761  "\n"
4762  " HOME_NET: \"any\"\n"
4763  "\n"
4764  " EXTERNAL_NET: \"$HOME_NET\"\n"
4765  "\n"
4766  " port-groups:\n"
4767  "\n"
4768  " HTTP_PORTS: \"any\"\n"
4769  "\n"
4770  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4771  "\n";
4772 
4773  int result = 0;
4774 
4775  SCConfCreateContextBackup();
4776  SCConfInit();
4777  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4778 
4779  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4780  result = 1;
4781 
4782  SCConfDeInit();
4783  SCConfRestoreContextBackup();
4784 
4785  return result;
4786 }
4787 
4788 static int AddressConfVarsTest05(void)
4789 {
4790  static const char *dummy_conf_string =
4791  "%YAML 1.1\n"
4792  "---\n"
4793  "\n"
4794  "vars:\n"
4795  "\n"
4796  " address-groups:\n"
4797  "\n"
4798  " HOME_NET: \"any\"\n"
4799  "\n"
4800  " EXTERNAL_NET: [192.168.0.1]\n"
4801  "\n"
4802  " port-groups:\n"
4803  "\n"
4804  " HTTP_PORTS: \"any\"\n"
4805  "\n"
4806  " SHELLCODE_PORTS: [80]\n"
4807  "\n";
4808 
4809  int result = 0;
4810 
4811  SCConfCreateContextBackup();
4812  SCConfInit();
4813  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4814 
4815  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4816  goto end;
4817 
4818  result = 1;
4819 
4820  end:
4821  SCConfDeInit();
4822  SCConfRestoreContextBackup();
4823 
4824  return result;
4825 }
4826 
4827 static int AddressConfVarsTest06(void)
4828 {
4829  // HOME_NET value size = 10261 bytes
4830  static const char *dummy_conf_string =
4831  "%YAML 1.1\n"
4832  "---\n"
4833  "\n"
4834  "vars:\n"
4835  "\n"
4836  " address-groups:\n"
4837  "\n"
4838  " HOME_NET: "
4839  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4840  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4841  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4842  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4843  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4844  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4845  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4846  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4847  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4974  "\n"
4975  " EXTERNAL_NET: \"any\"\n"
4976  "\n";
4977 
4978  SCConfCreateContextBackup();
4979  SCConfInit();
4980  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4981 
4982  FAIL_IF(0 != DetectAddressTestConfVars());
4983 
4984  SCConfDeInit();
4985  SCConfRestoreContextBackup();
4986 
4987  PASS;
4988 }
4989 
4990 #endif /* UNITTESTS */
4991 
4992 void DetectAddressTests(void)
4993 {
4994 #ifdef UNITTESTS
4995  DetectAddressIPv4Tests();
4996  DetectAddressIPv6Tests();
4997 
4998  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4999  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5000  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5001  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5002  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5003  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5004  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5005  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5006  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5007  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5008  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5009  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5010  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5011  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5012  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5013  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5014  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5015  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5016  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5017  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5018  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5019  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5020  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5021  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5022  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5023  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5024  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5025  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5026  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5027  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5028  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5029  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5030  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5031  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5032  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5033  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5034  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5035  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5036 
5037  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5038  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5039  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5040  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5041  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5042  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5043  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5044  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5045  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5046  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5047  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5048 
5049  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5050  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5051  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5052  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5053  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5054  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5055  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5056  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5057 
5058  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5059  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5060  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5061  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5062  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5063  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5064 
5065  UtRegisterTest("AddressTestAddressGroupSetup01",
5066  AddressTestAddressGroupSetup01);
5067  UtRegisterTest("AddressTestAddressGroupSetup02",
5068  AddressTestAddressGroupSetup02);
5069  UtRegisterTest("AddressTestAddressGroupSetup03",
5070  AddressTestAddressGroupSetup03);
5071  UtRegisterTest("AddressTestAddressGroupSetup04",
5072  AddressTestAddressGroupSetup04);
5073  UtRegisterTest("AddressTestAddressGroupSetup05",
5074  AddressTestAddressGroupSetup05);
5075  UtRegisterTest("AddressTestAddressGroupSetup06",
5076  AddressTestAddressGroupSetup06);
5077  UtRegisterTest("AddressTestAddressGroupSetup07",
5078  AddressTestAddressGroupSetup07);
5079  UtRegisterTest("AddressTestAddressGroupSetup08",
5080  AddressTestAddressGroupSetup08);
5081  UtRegisterTest("AddressTestAddressGroupSetup09",
5082  AddressTestAddressGroupSetup09);
5083  UtRegisterTest("AddressTestAddressGroupSetup10",
5084  AddressTestAddressGroupSetup10);
5085  UtRegisterTest("AddressTestAddressGroupSetup11",
5086  AddressTestAddressGroupSetup11);
5087  UtRegisterTest("AddressTestAddressGroupSetup12",
5088  AddressTestAddressGroupSetup12);
5089  UtRegisterTest("AddressTestAddressGroupSetup13",
5090  AddressTestAddressGroupSetup13);
5091  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5092  AddressTestAddressGroupSetupIPv414);
5093  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5094  AddressTestAddressGroupSetupIPv415);
5095  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5096  AddressTestAddressGroupSetupIPv416);
5097 
5098  UtRegisterTest("AddressTestAddressGroupSetup14",
5099  AddressTestAddressGroupSetup14);
5100  UtRegisterTest("AddressTestAddressGroupSetup15",
5101  AddressTestAddressGroupSetup15);
5102  UtRegisterTest("AddressTestAddressGroupSetup16",
5103  AddressTestAddressGroupSetup16);
5104  UtRegisterTest("AddressTestAddressGroupSetup17",
5105  AddressTestAddressGroupSetup17);
5106  UtRegisterTest("AddressTestAddressGroupSetup18",
5107  AddressTestAddressGroupSetup18);
5108  UtRegisterTest("AddressTestAddressGroupSetup19",
5109  AddressTestAddressGroupSetup19);
5110  UtRegisterTest("AddressTestAddressGroupSetup20",
5111  AddressTestAddressGroupSetup20);
5112  UtRegisterTest("AddressTestAddressGroupSetup21",
5113  AddressTestAddressGroupSetup21);
5114  UtRegisterTest("AddressTestAddressGroupSetup22",
5115  AddressTestAddressGroupSetup22);
5116  UtRegisterTest("AddressTestAddressGroupSetup23",
5117  AddressTestAddressGroupSetup23);
5118  UtRegisterTest("AddressTestAddressGroupSetup24",
5119  AddressTestAddressGroupSetup24);
5120  UtRegisterTest("AddressTestAddressGroupSetup25",
5121  AddressTestAddressGroupSetup25);
5122  UtRegisterTest("AddressTestAddressGroupSetup26",
5123  AddressTestAddressGroupSetup26);
5124 
5125  UtRegisterTest("AddressTestAddressGroupSetup27",
5126  AddressTestAddressGroupSetup27);
5127  UtRegisterTest("AddressTestAddressGroupSetup28",
5128  AddressTestAddressGroupSetup28);
5129  UtRegisterTest("AddressTestAddressGroupSetup29",
5130  AddressTestAddressGroupSetup29);
5131  UtRegisterTest("AddressTestAddressGroupSetup30",
5132  AddressTestAddressGroupSetup30);
5133  UtRegisterTest("AddressTestAddressGroupSetup31",
5134  AddressTestAddressGroupSetup31);
5135  UtRegisterTest("AddressTestAddressGroupSetup32",
5136  AddressTestAddressGroupSetup32);
5137  UtRegisterTest("AddressTestAddressGroupSetup33",
5138  AddressTestAddressGroupSetup33);
5139  UtRegisterTest("AddressTestAddressGroupSetup34",
5140  AddressTestAddressGroupSetup34);
5141  UtRegisterTest("AddressTestAddressGroupSetup35",
5142  AddressTestAddressGroupSetup35);
5143  UtRegisterTest("AddressTestAddressGroupSetup36",
5144  AddressTestAddressGroupSetup36);
5145  UtRegisterTest("AddressTestAddressGroupSetup37",
5146  AddressTestAddressGroupSetup37);
5147  UtRegisterTest("AddressTestAddressGroupSetup38",
5148  AddressTestAddressGroupSetup38);
5149  UtRegisterTest("AddressTestAddressGroupSetup39",
5150  AddressTestAddressGroupSetup39);
5151  UtRegisterTest("AddressTestAddressGroupSetup40",
5152  AddressTestAddressGroupSetup40);
5153  UtRegisterTest("AddressTestAddressGroupSetup41",
5154  AddressTestAddressGroupSetup41);
5155  UtRegisterTest("AddressTestAddressGroupSetup42",
5156  AddressTestAddressGroupSetup42);
5157  UtRegisterTest("AddressTestAddressGroupSetup43",
5158  AddressTestAddressGroupSetup43);
5159  UtRegisterTest("AddressTestAddressGroupSetup44",
5160  AddressTestAddressGroupSetup44);
5161  UtRegisterTest("AddressTestAddressGroupSetup45",
5162  AddressTestAddressGroupSetup45);
5163  UtRegisterTest("AddressTestAddressGroupSetup46",
5164  AddressTestAddressGroupSetup46);
5165  UtRegisterTest("AddressTestAddressGroupSetup47",
5166  AddressTestAddressGroupSetup47);
5167  UtRegisterTest("AddressTestAddressGroupSetup48",
5168  AddressTestAddressGroupSetup48);
5169 
5170  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5171  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5172  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5173  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5174  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5175  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5176  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5177  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5178  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5179  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5180 
5181  UtRegisterTest("AddressTestParseInvalidMask01",
5182  AddressTestParseInvalidMask01);
5183  UtRegisterTest("AddressTestParseInvalidMask02",
5184  AddressTestParseInvalidMask02);
5185  UtRegisterTest("AddressTestParseInvalidMask03",
5186  AddressTestParseInvalidMask03);
5187 
5188  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5189  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5190  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5191  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5192  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5193  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5194 #endif /* UNITTESTS */
5195 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:348
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:170
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:536
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1392
DetectAddressTests
void DetectAddressTests(void)
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:157
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:154
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1290
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:353
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
detect-engine-siggroup.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AddressIPv6Le
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1587
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:168
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:282
DetectAddressHead_
Definition: detect.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1474
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:153
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1335
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:973
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:155
Address_
Definition: decode.h:113
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:168
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1058
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1796
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:177
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
Address_::address
union Address_::@29 address
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:121
util-cidr.h
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:22
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:681
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:158
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1879
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:284
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:238
detect-engine-port.h
DetectAddress_::ip2
Address ip2
Definition: detect.h:171
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1032
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:325
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:482
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:127
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
util-rule-vars.h
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
DetectAddressCleanupList
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
Definition: detect-engine-address.c:144
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:300
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
SCConfCreateContextBackup
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:715
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:232
DetectAddressMap_
Definition: detect-engine-address.c:1287
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:185
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1620
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:1119
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:734
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1324
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:124
str
#define str(s)
Definition: suricata-common.h:316
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:182
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1878
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1289
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:438
detect-engine-address-ipv4.h
SCConfRestoreContextBackup
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:725
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:704
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:139
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:179
DetectMatchAddressIPv6_
Definition: detect.h:194
DetectMatchAddressIPv4_
Definition: detect.h:189
Address_::family
char family
Definition: decode.h:114
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:156
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1432
SCConfNode_::name
char * name
Definition: conf.h:38
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1531
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:162
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1880
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:128
AddressIPv6Gt
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
AddressIPv6Ge
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:288
SCConfNode_
Definition: conf.h:37
flow-var.h
SCConfNode_::val
char * val
Definition: conf.h:39
DetectAddress_::flags
uint8_t flags
Definition: detect.h:174
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1560
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:184
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1288
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1214
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:152
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:159