suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
52 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
53 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
54  DetectAddress **);
56 
57 /**
58  * \brief Creates and returns a new instance of a DetectAddress.
59  *
60  * \retval ag Pointer to the newly created DetectAddress on success;
61  * NULL on failure.
62  */
64 {
65  DetectAddress *ag = SCMalloc(sizeof(DetectAddress));
66  if (unlikely(ag == NULL))
67  return NULL;
68  memset(ag, 0, sizeof(DetectAddress));
69 
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84 
85  return;
86 }
87 
88 /**
89  * \brief Copies the contents of one Address group in DetectAddress and returns
90  * a new instance of the DetectAddress that contains the copied address.
91  *
92  * \param orig Pointer to the instance of DetectAddress that contains the
93  * address data to be copied to the new instance.
94  *
95  * \retval ag Pointer to the new instance of DetectAddress that contains the
96  * copied address.
97  */
99 {
101  if (ag == NULL)
102  return NULL;
103 
104  ag->flags = orig->flags;
105 
106  COPY_ADDRESS(&orig->ip, &ag->ip);
107  COPY_ADDRESS(&orig->ip2, &ag->ip2);
108 
109  return ag;
110 }
111 
112 /**
113  * \brief Used to check if a DetectAddress list contains an instance with
114  * a similar DetectAddress. The comparison done is not the one that
115  * checks the memory for the same instance, but one that checks that the
116  * two instances hold the same content.
117  *
118  * \param head Pointer to the DetectAddress list.
119  * \param ad Pointer to the DetectAddress that has to be checked for in
120  * the DetectAddress list.
121  *
122  * \retval cur Returns a pointer to the DetectAddress on a match; NULL if
123  * no match.
124  */
126 {
127  DetectAddress *cur;
128 
129  if (head != NULL) {
130  for (cur = head; cur != NULL; cur = cur->next) {
131  if (DetectAddressCmp(cur, gr) == ADDRESS_EQ)
132  return cur;
133  }
134  }
135 
136  return NULL;
137 }
138 
139 /**
140  * \brief Prints the address data information for all the DetectAddress
141  * instances in the DetectAddress list sent as the argument.
142  *
143  * \param head Pointer to a list of DetectAddress instances.
144  */
146 {
147  DetectAddress *cur;
148 
149  SCLogInfo("list:");
150  if (head != NULL) {
151  for (cur = head; cur != NULL; cur = cur->next) {
152  DetectAddressPrint(cur);
153  }
154  }
155  SCLogInfo("endlist");
156 
157  return;
158 }
159 
160 /**
161  * \brief Frees a list of DetectAddress instances.
162  *
163  * \param head Pointer to a list of DetectAddress instances to be freed.
164  */
166 {
167  DetectAddress *cur, *next;
168 
169  if (head == NULL)
170  return;
171 
172  for (cur = head; cur != NULL; ) {
173  next = cur->next;
174  cur->next = NULL;
175  DetectAddressFree(cur);
176  cur = next;
177  }
178 
179  return;
180 }
181 
182 /**
183  * \brief Do a sorted insert, where the top of the list should be the biggest
184  * network/range.
185  *
186  * XXX current sorting only works for overlapping nets
187  *
188  * \param head Pointer to the list of DetectAddress.
189  * \param ag Pointer to the DetectAddress that has to be added to the
190  * above list.
191  *
192  * \retval 0 On successfully inserting the DetectAddress.
193  * \retval -1 On failure.
194  */
195 
197 {
198  DetectAddress *cur, *prev_cur = NULL;
199  int r = 0;
200 
201  if (*head != NULL) {
202  for (cur = *head; cur != NULL; cur = cur->next) {
203  prev_cur = cur;
204  r = DetectAddressCmp(ag, cur);
205  if (r == ADDRESS_EB) {
206  /* insert here */
207  ag->prev = cur->prev;
208  ag->next = cur;
209 
210  cur->prev = ag;
211  if (*head == cur)
212  *head = ag;
213  else
214  ag->prev->next = ag;
215 
216  return 0;
217  }
218  }
219  ag->prev = prev_cur;
220  if (prev_cur != NULL)
221  prev_cur->next = ag;
222  } else {
223  *head = ag;
224  }
225 
226  return 0;
227 }
228 
229 /**
230  * \internal
231  * \brief Helper function for DetectAddressInsert. Sets one of the
232  * DetectAddressHead head pointers, to the DetectAddress argument
233  * based on its address family.
234  *
235  * \param gh Pointer to the DetectAddressHead.
236  * \param newhead Pointer to the DetectAddress.
237  *
238  * \retval 0 On success.
239  * \retval -1 On failure.
240  */
241 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
242 {
243  if (newhead->ip.family == AF_INET) {
244  gh->ipv4_head = newhead;
245  } else if (newhead->ip.family == AF_INET6) {
246  gh->ipv6_head = newhead;
247  } else {
248  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
249  return -1;
250  }
251 
252  return 0;
253 }
254 
255 /**
256  * \internal
257  * \brief Returns the DetectAddress head from the DetectAddressHeads,
258  * based on the address family of the incoming DetectAddress arg.
259  *
260  * \param gh Pointer to the DetectAddressHead.
261  * \param new Pointer to the DetectAddress.
262  *
263  * \retval head Pointer to the DetectAddress(the head from
264  * DetectAddressHead).
265  */
266 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
267 {
268  DetectAddress *head = NULL;
269 
270  if (new->ip.family == AF_INET)
271  head = gh->ipv4_head;
272  else if (new->ip.family == AF_INET6)
273  head = gh->ipv6_head;
274 
275  return head;
276 }
277 
278 /**
279  * \brief Same as DetectAddressInsert, but then for inserting a address group
280  * object. This also makes sure SigGroupContainer lists are handled
281  * correctly.
282  *
283  * \param de_ctx Pointer to the detection engine context.
284  * \param gh Pointer to the DetectAddressHead list to which it has to
285  * be inserted.
286  * \param new Pointer to the DetectAddress, that has to be inserted.
287  *
288  * \retval 1 On successfully inserting it.
289  * \retval -1 On error.
290  * \retval 0 Not inserted, memory of new is freed.
291  */
293  DetectAddress *new)
294 {
295  DetectAddress *head = NULL;
296  DetectAddress *cur = NULL;
297  DetectAddress *c = NULL;
298  int r = 0;
299 
300  if (new == NULL)
301  return 0;
302 
303  /* get our head ptr based on the address we want to insert */
304  head = GetHeadPtr(gh, new);
305 
306  /* see if it already exists or overlaps with existing ag's */
307  if (head != NULL) {
308  cur = NULL;
309 
310  for (cur = head; cur != NULL; cur = cur->next) {
311  r = DetectAddressCmp(new, cur);
312  BUG_ON(r == ADDRESS_ER);
313 
314  /* if so, handle that */
315  if (r == ADDRESS_EQ) {
316  /* exact overlap/match */
317  if (cur != new) {
318  DetectAddressFree(new);
319  return 0;
320  }
321 
322  return 1;
323  } else if (r == ADDRESS_GT) {
324  /* only add it now if we are bigger than the last group.
325  * Otherwise we'll handle it later. */
326  if (cur->next == NULL) {
327  /* put in the list */
328  new->prev = cur;
329  cur->next = new;
330 
331  return 1;
332  }
333  } else if (r == ADDRESS_LT) {
334  /* see if we need to insert the ag anywhere put in the list */
335  if (cur->prev != NULL)
336  cur->prev->next = new;
337  new->prev = cur->prev;
338  new->next = cur;
339  cur->prev = new;
340 
341  /* update head if required */
342  if (head == cur) {
343  head = new;
344 
345  if (SetHeadPtr(gh, head) < 0)
346  goto error;
347  }
348 
349  return 1;
350  /* alright, those were the simple cases, lets handle the more
351  * complex ones now */
352  } else if (r == ADDRESS_ES) {
353  c = NULL;
354  r = DetectAddressCut(de_ctx, cur, new, &c);
355  if (r == -1)
356  goto error;
357 
358  DetectAddressInsert(de_ctx, gh, new);
359  if (c != NULL)
360  DetectAddressInsert(de_ctx, gh, c);
361 
362  return 1;
363  } else if (r == ADDRESS_EB) {
364  c = NULL;
365  r = DetectAddressCut(de_ctx, cur, new, &c);
366  if (r == -1)
367  goto error;
368 
369  DetectAddressInsert(de_ctx, gh, new);
370  if (c != NULL)
371  DetectAddressInsert(de_ctx, gh, c);
372 
373  return 1;
374  } else if (r == ADDRESS_LE) {
375  c = NULL;
376  r = DetectAddressCut(de_ctx, cur, new, &c);
377  if (r == -1)
378  goto error;
379 
380  DetectAddressInsert(de_ctx, gh, new);
381  if (c != NULL)
382  DetectAddressInsert(de_ctx, gh, c);
383 
384  return 1;
385  } else if (r == ADDRESS_GE) {
386  c = NULL;
387  r = DetectAddressCut(de_ctx, cur,new,&c);
388  if (r == -1)
389  goto error;
390 
391  DetectAddressInsert(de_ctx, gh, new);
392  if (c != NULL)
393  DetectAddressInsert(de_ctx, gh, c);
394 
395  return 1;
396  }
397  }
398 
399  /* head is NULL, so get a group and set head to it */
400  } else {
401  head = new;
402  if (SetHeadPtr(gh, head) < 0) {
403  SCLogDebug("SetHeadPtr failed");
404  goto error;
405  }
406  }
407 
408  return 1;
409 
410 error:
411  /* XXX */
412  return -1;
413 }
414 
415 /**
416  * \brief Join two addresses groups together.
417  *
418  * \param de_ctx Pointer to the detection engine context.
419  * \param target Pointer to the target address group.
420  * \param source Pointer to the source address group.
421  *
422  * \retval 0 On success.
423  * \retval -1 On failure.
424  */
426  DetectAddress *source)
427 {
428  if (target == NULL || source == NULL)
429  return -1;
430 
431  if (target->ip.family != source->ip.family)
432  return -1;
433 
434  if (target->ip.family == AF_INET)
435  return DetectAddressJoinIPv4(de_ctx, target, source);
436  else if (target->ip.family == AF_INET6)
437  return DetectAddressJoinIPv6(de_ctx, target, source);
438 
439  return -1;
440 }
441 
442 /**
443  * \brief Checks if two address group lists are equal.
444  *
445  * \param list1 Pointer to the first address group list.
446  * \param list2 Pointer to the second address group list.
447  *
448  * \retval true On success.
449  * \retval false On failure.
450  */
452 {
453  DetectAddress *item = list1;
454  DetectAddress *it = list2;
455 
456  // First, compare items one by one.
457  while (item != NULL && it != NULL) {
458  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
459  return false;
460  }
461 
462  item = item->next;
463  it = it->next;
464  }
465 
466  // Are the lists of the same size?
467  if (!(item == NULL && it == NULL)) {
468  return false;
469  }
470 
471  return true;
472 }
473 
474 /**
475  * \internal
476  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
477  *
478  * For example if we send a cidr of 7 as argument, an ipv6 address
479  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
480  * in the argument struct in6_addr *in6.
481  *
482  * \todo I think for the final section: while (cidr > 0), we can simply
483  * replace it with a
484  * if (cidr > 0) {
485  * in6->s6_addr[i] = -1 << (8 - cidr);
486  *
487  * \param cidr The value of the cidr.
488  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
489  * hold the cidr netblock result.
490  */
491 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
492 {
493  int i = 0;
494 
495  memset(in6, 0, sizeof(struct in6_addr));
496 
497  while (cidr > 8) {
498  in6->s6_addr[i] = 0xff;
499  cidr -= 8;
500  i++;
501  }
502 
503  while (cidr > 0) {
504  in6->s6_addr[i] |= 0x80;
505  if (--cidr > 0)
506  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
507  }
508 
509  return;
510 }
511 
512 /**
513  * \internal
514  * \brief Parses an ipv4/ipv6 address string and updates the result into the
515  * DetectAddress instance sent as the argument.
516  *
517  * \param dd Pointer to the DetectAddress instance which should be updated with
518  * the address range details from the parsed ip string.
519  * \param str Pointer to address string that has to be parsed.
520  *
521  * \retval 0 On successfully parsing the address string.
522  * \retval -1 On failure.
523  */
525 {
526  char *ip = NULL;
527  char *ip2 = NULL;
528  char *mask = NULL;
529  int r = 0;
530  char ipstr[256];
531 
532  while (*str != '\0' && *str == ' ')
533  str++;
534 
535  /* shouldn't see 'any' here */
536  BUG_ON(strcasecmp(str, "any") == 0);
537 
538  strlcpy(ipstr, str, sizeof(ipstr));
539  SCLogDebug("str %s", str);
540 
541  /* we work with a copy so that we can put a
542  * nul-termination in it later */
543  ip = ipstr;
544 
545  /* handle the negation case */
546  if (ip[0] == '!') {
547  dd->flags |= ADDRESS_FLAG_NOT;
548  ip++;
549  }
550 
551  /* see if the address is an ipv4 or ipv6 address */
552  if ((strchr(str, ':')) == NULL) {
553  /* IPv4 Address */
554  struct in_addr in;
555 
556  dd->ip.family = AF_INET;
557 
558  if ((mask = strchr(ip, '/')) != NULL) {
559  /* 1.2.3.4/xxx format (either dotted or cidr notation */
560  ip[mask - ip] = '\0';
561  mask++;
562  uint32_t ip4addr = 0;
563  uint32_t netmask = 0;
564  size_t u = 0;
565 
566  if ((strchr (mask, '.')) == NULL) {
567  /* 1.2.3.4/24 format */
568 
569  for (u = 0; u < strlen(mask); u++) {
570  if(!isdigit((unsigned char)mask[u]))
571  goto error;
572  }
573 
574  int cidr = atoi(mask);
575  if (cidr < 0 || cidr > 32)
576  goto error;
577 
578  netmask = CIDRGet(cidr);
579  } else {
580  /* 1.2.3.4/255.255.255.0 format */
581  r = inet_pton(AF_INET, mask, &in);
582  if (r <= 0)
583  goto error;
584 
585  netmask = in.s_addr;
586  }
587 
588  r = inet_pton(AF_INET, ip, &in);
589  if (r <= 0)
590  goto error;
591 
592  ip4addr = in.s_addr;
593 
594  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
595  dd->ip2.addr_data32[0] |=~ netmask;
596  } else if ((ip2 = strchr(ip, '-')) != NULL) {
597  /* 1.2.3.4-1.2.3.6 range format */
598  ip[ip2 - ip] = '\0';
599  ip2++;
600 
601  r = inet_pton(AF_INET, ip, &in);
602  if (r <= 0)
603  goto error;
604  dd->ip.addr_data32[0] = in.s_addr;
605 
606  r = inet_pton(AF_INET, ip2, &in);
607  if (r <= 0)
608  goto error;
609  dd->ip2.addr_data32[0] = in.s_addr;
610 
611  /* a > b is illegal, a = b is ok */
612  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
613  goto error;
614  } else {
615  /* 1.2.3.4 format */
616  r = inet_pton(AF_INET, ip, &in);
617  if (r <= 0)
618  goto error;
619  /* single host */
620  dd->ip.addr_data32[0] = in.s_addr;
621  dd->ip2.addr_data32[0] = in.s_addr;
622  }
623  } else {
624  /* IPv6 Address */
625  struct in6_addr in6, mask6;
626  uint32_t ip6addr[4], netmask[4];
627 
628  dd->ip.family = AF_INET6;
629 
630  if ((mask = strchr(ip, '/')) != NULL) {
631  ip[mask - ip] = '\0';
632  mask++;
633 
634  int cidr = atoi(mask);
635  if (cidr < 0 || cidr > 128)
636  goto error;
637 
638  r = inet_pton(AF_INET6, ip, &in6);
639  if (r <= 0)
640  goto error;
641  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
642 
643  DetectAddressParseIPv6CIDR(cidr, &mask6);
644  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
645 
646  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
647  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
648  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
649  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
650 
651  dd->ip2.addr_data32[0] |=~ netmask[0];
652  dd->ip2.addr_data32[1] |=~ netmask[1];
653  dd->ip2.addr_data32[2] |=~ netmask[2];
654  dd->ip2.addr_data32[3] |=~ netmask[3];
655  } else if ((ip2 = strchr(ip, '-')) != NULL) {
656  /* 2001::1-2001::4 range format */
657  ip[ip2 - ip] = '\0';
658  ip2++;
659 
660  r = inet_pton(AF_INET6, ip, &in6);
661  if (r <= 0)
662  goto error;
663  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
664 
665  r = inet_pton(AF_INET6, ip2, &in6);
666  if (r <= 0)
667  goto error;
668  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
669 
670  /* a > b is illegal, a=b is ok */
671  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
672  goto error;
673  } else {
674  r = inet_pton(AF_INET6, ip, &in6);
675  if (r <= 0)
676  goto error;
677 
678  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
679  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
680  }
681 
682  }
683 
684  BUG_ON(dd->ip.family == 0);
685 
686  return 0;
687 
688 error:
689  return -1;
690 }
691 
692 /**
693  * \internal
694  * \brief Simply parse an address and return a DetectAddress instance containing
695  * the address ranges of the parsed ip addressstring
696  *
697  * \param str Pointer to a character string containing the ip address
698  *
699  * \retval dd Pointer to the DetectAddress instance containing the address
700  * range details from the parsed ip string
701  */
702 static DetectAddress *DetectAddressParseSingle(const char *str)
703 {
704  DetectAddress *dd;
705 
706  SCLogDebug("str %s", str);
707 
708  dd = DetectAddressInit();
709  if (dd == NULL)
710  goto error;
711 
712  if (DetectAddressParseString(dd, str) < 0) {
713  SCLogDebug("AddressParse failed");
714  goto error;
715  }
716 
717  return dd;
718 
719 error:
720  if (dd != NULL)
721  DetectAddressFree(dd);
722  return NULL;
723 }
724 
725 /**
726  * \brief Setup a single address string, parse it and add the resulting
727  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
728  *
729  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
730  * resulting Address-Range(s) from the parsed ip string has to
731  * be added.
732  * \param s Pointer to the ip address string to be parsed.
733  *
734  * \retval 0 On success.
735  * \retval -1 On failure.
736  */
737 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
738 {
739  SCLogDebug("gh %p, s %s", gh, s);
740 
741  if (strcasecmp(s, "any") == 0) {
742  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
743 
744  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
745  if (ad == NULL)
746  return -1;
747 
748  BUG_ON(ad->ip.family == 0);
749 
750  if (DetectAddressInsert(NULL, gh, ad) < 0) {
751  SCLogDebug("DetectAddressInsert failed");
752  DetectAddressFree(ad);
753  return -1;
754  }
755 
756  ad = DetectAddressParseSingle("::/0");
757  if (ad == NULL)
758  return -1;
759 
760  BUG_ON(ad->ip.family == 0);
761 
762  if (DetectAddressInsert(NULL, gh, ad) < 0) {
763  SCLogDebug("DetectAddressInsert failed");
764  DetectAddressFree(ad);
765  return -1;
766  }
767  return 0;
768  }
769 
770  /* parse the address */
771  DetectAddress *ad = DetectAddressParseSingle(s);
772  if (ad == NULL) {
774  "failed to parse address \"%s\"", s);
775  return -1;
776  }
777 
778  /* handle the not case, we apply the negation then insert the part(s) */
779  if (ad->flags & ADDRESS_FLAG_NOT) {
780  DetectAddress *ad2 = NULL;
781 
782  if (DetectAddressCutNot(ad, &ad2) < 0) {
783  SCLogDebug("DetectAddressCutNot failed");
784  DetectAddressFree(ad);
785  return -1;
786  }
787 
788  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
789  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
790  if (ad2 != NULL) {
791  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
792  SCLogDebug("DetectAddressInsert failed");
793  DetectAddressFree(ad);
794  DetectAddressFree(ad2);
795  return -1;
796  }
797  }
798  }
799 
800  int r = DetectAddressInsert(NULL, gh, ad);
801  if (r < 0) {
802  SCLogDebug("DetectAddressInsert failed");
803  DetectAddressFree(ad);
804  return -1;
805  }
806  SCLogDebug("r %d",r);
807  return 0;
808 }
809 
810 /**
811  * \brief Parses an address string and updates the 2 address heads with the
812  * address data.
813  *
814  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
815  * since we pass around negate without keeping a count of ! with depth.
816  * Can solve this by keeping a count of the negations with depth, so that
817  * an even no of negations would count as no negation and an odd no of
818  * negations would count as a negation.
819  *
820  * \param gh Pointer to the address head that should hold address ranges
821  * that are not negated.
822  * \param ghn Pointer to the address head that should hold address ranges
823  * that are negated.
824  * \param s Pointer to the character string holding the address to be
825  * parsed.
826  * \param negate Flag that indicates if the received address string is negated
827  * or not. 0 if it is not, 1 it it is.
828  *
829  * \retval 0 On successfully parsing.
830  * \retval -1 On failure.
831  */
832 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
834  const char *s, int negate, ResolvedVariablesList *var_list)
835 {
836  size_t x = 0;
837  size_t u = 0;
838  int o_set = 0, n_set = 0, d_set = 0;
839  int depth = 0;
840  size_t size = strlen(s);
841  char address[8196] = "";
842  const char *rule_var_address = NULL;
843  char *temp_rule_var_address = NULL;
844 
845  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
846 
847  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
848  if (x == (sizeof(address) - 1)) {
849  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
850  " limit for the supplied address. Invalidating sig. "
851  "Please file a bug report on this.");
852  goto error;
853  }
854  address[x] = s[u];
855  x++;
856 
857  if (!o_set && s[u] == '!') {
858  n_set = 1;
859  x--;
860  } else if (s[u] == '[') {
861  if (!o_set) {
862  o_set = 1;
863  x = 0;
864  }
865  depth++;
866  } else if (s[u] == ']') {
867  if (depth == 1) {
868  address[x - 1] = '\0';
869  x = 0;
870  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
871  if (((negate + n_set) % 2) == 0) {
872  /* normal block */
873  SCLogDebug("normal block");
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
876  goto error;
877  } else {
878  /* negated block
879  *
880  * Extra steps are necessary. First consider it as a normal
881  * (non-negated) range. Merge the + and - ranges if
882  * applicable. Then insert the result into the ghn list. */
883  SCLogDebug("negated block");
884 
885  DetectAddressHead tmp_gh = { NULL, NULL };
886  DetectAddressHead tmp_ghn = { NULL, NULL };
887 
888  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0) {
889  DetectAddressHeadCleanup(&tmp_gh);
890  DetectAddressHeadCleanup(&tmp_ghn);
891  goto error;
892  }
893 
894  DetectAddress *tmp_ad;
895  DetectAddress *tmp_ad2;
896 #ifdef DEBUG
897  SCLogDebug("tmp_gh: IPv4");
898  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
899  DetectAddressPrint(tmp_ad);
900  }
901  SCLogDebug("tmp_ghn: IPv4");
902  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
903  DetectAddressPrint(tmp_ad);
904  }
905  SCLogDebug("tmp_gh: IPv6");
906  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
907  DetectAddressPrint(tmp_ad);
908  }
909  SCLogDebug("tmp_ghn: IPv6");
910  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
911  DetectAddressPrint(tmp_ad);
912  }
913 #endif
914  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
915  DetectAddressHeadCleanup(&tmp_ghn);
916  DetectAddressHeadCleanup(&tmp_gh);
917  goto error;
918  }
919  DetectAddressHeadCleanup(&tmp_ghn);
920 
921  SCLogDebug("merged succesfully");
922 
923  /* insert the IPv4 addresses into the negated list */
924  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
925  /* work with a copy of the address group */
926  tmp_ad2 = DetectAddressCopy(tmp_ad);
927  if (tmp_ad2 == NULL) {
928  SCLogDebug("DetectAddressCopy failed");
929  DetectAddressHeadCleanup(&tmp_gh);
930  goto error;
931  }
932  DetectAddressPrint(tmp_ad2);
933  DetectAddressInsert(NULL, ghn, tmp_ad2);
934  }
935 
936  /* insert the IPv6 addresses into the negated list */
937  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
938  /* work with a copy of the address group */
939  tmp_ad2 = DetectAddressCopy(tmp_ad);
940  if (tmp_ad2 == NULL) {
941  SCLogDebug("DetectAddressCopy failed");
942  DetectAddressHeadCleanup(&tmp_gh);
943  goto error;
944  }
945  DetectAddressPrint(tmp_ad2);
946  DetectAddressInsert(NULL, ghn, tmp_ad2);
947  }
948 
949  DetectAddressHeadCleanup(&tmp_gh);
950  }
951  n_set = 0;
952  }
953  depth--;
954  } else if (depth == 0 && s[u] == ',') {
955  if (o_set == 1) {
956  o_set = 0;
957  } else if (d_set == 1) {
958  address[x - 1] = '\0';
959 
960  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
962  if (rule_var_address == NULL)
963  goto error;
964 
965  if (strlen(rule_var_address) == 0) {
966  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
967  "to nothing. This is likely a misconfiguration. "
968  "Note that a negated address needs to be quoted, "
969  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
970  goto error;
971  }
972 
973  SCLogDebug("rule_var_address %s", rule_var_address);
974  if ((negate + n_set) % 2) {
975  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
976  if (unlikely(temp_rule_var_address == NULL))
977  goto error;
978  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
979  "[%s]", rule_var_address);
980  } else {
981  temp_rule_var_address = SCStrdup(rule_var_address);
982  if (unlikely(temp_rule_var_address == NULL))
983  goto error;
984  }
985 
986 
987  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
988  (negate + n_set) % 2, var_list) < 0)
989  {
990  if (temp_rule_var_address != rule_var_address)
991  SCFree(temp_rule_var_address);
992  goto error;
993  }
994  d_set = 0;
995  n_set = 0;
996  SCFree(temp_rule_var_address);
997  } else {
998  address[x - 1] = '\0';
999 
1000  if (!((negate + n_set) % 2)) {
1001  SCLogDebug("DetectAddressSetup into gh, %s", address);
1002  if (DetectAddressSetup(gh, address) < 0)
1003  goto error;
1004  } else {
1005  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1006  if (DetectAddressSetup(ghn, address) < 0)
1007  goto error;
1008  }
1009  n_set = 0;
1010  }
1011  x = 0;
1012  } else if (depth == 0 && s[u] == '$') {
1013  d_set = 1;
1014  } else if (depth == 0 && u == size - 1) {
1015  if (x == sizeof(address)) {
1016  address[x - 1] = '\0';
1017  } else {
1018  address[x] = '\0';
1019  }
1020  x = 0;
1021 
1022  if (AddVariableToResolveList(var_list, address) == -1) {
1023  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
1024  "groups declaration. This is likely a misconfiguration.");
1025  goto error;
1026  }
1027 
1028  if (d_set == 1) {
1029  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
1031  if (rule_var_address == NULL)
1032  goto error;
1033 
1034  if (strlen(rule_var_address) == 0) {
1035  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
1036  "to nothing. This is likely a misconfiguration. "
1037  "Note that a negated address needs to be quoted, "
1038  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
1039  goto error;
1040  }
1041 
1042  SCLogDebug("rule_var_address %s", rule_var_address);
1043  if ((negate + n_set) % 2) {
1044  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
1045  if (unlikely(temp_rule_var_address == NULL))
1046  goto error;
1047  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
1048  "[%s]", rule_var_address);
1049  } else {
1050  temp_rule_var_address = SCStrdup(rule_var_address);
1051  if (unlikely(temp_rule_var_address == NULL))
1052  goto error;
1053  }
1054 
1055  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
1056  (negate + n_set) % 2, var_list) < 0) {
1057  SCLogDebug("DetectAddressParse2 hates us");
1058  if (temp_rule_var_address != rule_var_address)
1059  SCFree(temp_rule_var_address);
1060  goto error;
1061  }
1062  d_set = 0;
1063  SCFree(temp_rule_var_address);
1064  } else {
1065  if (!((negate + n_set) % 2)) {
1066  SCLogDebug("DetectAddressSetup into gh, %s", address);
1067  if (DetectAddressSetup(gh, address) < 0) {
1068  SCLogDebug("DetectAddressSetup gh fail");
1069  goto error;
1070  }
1071  } else {
1072  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1073  if (DetectAddressSetup(ghn, address) < 0) {
1074  SCLogDebug("DetectAddressSetup ghn fail");
1075  goto error;
1076  }
1077  }
1078  }
1079  n_set = 0;
1080  }
1081  }
1082  if (depth > 0) {
1083  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1084  "properly closed in \"%s\", %d missing closing brackets (]). "
1085  "Note: problem might be in a variable.", s, depth);
1086  goto error;
1087  } else if (depth < 0) {
1088  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1089  "properly opened in \"%s\", %d missing opening brackets ([). "
1090  "Note: problem might be in a variable.", s, depth*-1);
1091  goto error;
1092  }
1093 
1094  return 0;
1095 
1096 error:
1097 
1098  return -1;
1099 }
1100 
1101 /**
1102  * \internal
1103  * \brief See if the addresses and ranges in an address head cover the
1104  * entire ip space.
1105  *
1106  * \param gh Pointer to the DetectAddressHead to check.
1107  *
1108  * \retval 0 No.
1109  * \retval 1 Yes.
1110  *
1111  * \todo do the same for IPv6
1112  */
1113 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1114 {
1116  if (r == 1)
1117  return 1;
1118 
1119  return 0;
1120 }
1121 
1122 /**
1123  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1124  *
1125  * \param gh Pointer to the address head containing the non-NOT groups.
1126  * \param ghn Pointer to the address head containing the NOT groups.
1127  *
1128  * \retval 0 On success.
1129  * \retval -1 On failure.
1130  */
1132 {
1133  DetectAddress *ad;
1134  DetectAddress *ag, *ag2;
1135  int r = 0;
1136 
1137  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1138  ghn->ipv4_head);
1139 
1140  /* check if the negated list covers the entire ip space. If so
1141  * the user screwed up the rules/vars. */
1142  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1143  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1144  "Rule address range is NIL. Probably have a !any or "
1145  "an address range that supplies a NULL address range");
1146  goto error;
1147  }
1148 
1149  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1150  * not thingy. In that case we add a 0.0.0.0/0 first. */
1151  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1152  r = DetectAddressSetup(gh, "0.0.0.0/0");
1153  if (r < 0) {
1154  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1155  goto error;
1156  }
1157  }
1158  /* ... or ::/0 for ipv6 */
1159  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1160  r = DetectAddressSetup(gh, "::/0");
1161  if (r < 0) {
1162  SCLogDebug("DetectAddressSetup for ::/0 failed");
1163  goto error;
1164  }
1165  }
1166 
1167  /* step 1: insert our ghn members into the gh list */
1168  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1169  /* work with a copy of the ad so we can easily clean up the ghn group
1170  * later. */
1171  ad = DetectAddressCopy(ag);
1172  if (ad == NULL) {
1173  SCLogDebug("DetectAddressCopy failed");
1174  goto error;
1175  }
1176 
1177  r = DetectAddressInsert(NULL, gh, ad);
1178  if (r < 0) {
1179  SCLogDebug("DetectAddressInsert failed");
1180  goto error;
1181  }
1182  }
1183  /* ... and the same for ipv6 */
1184  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1185  /* work with a copy of the ad so we can easily clean up the ghn group
1186  * later. */
1187  ad = DetectAddressCopy(ag);
1188  if (ad == NULL) {
1189  SCLogDebug("DetectAddressCopy failed");
1190  goto error;
1191  }
1192 
1193  r = DetectAddressInsert(NULL, gh, ad);
1194  if (r < 0) {
1195  SCLogDebug("DetectAddressInsert failed");
1196  goto error;
1197  }
1198  }
1199 #ifdef DEBUG
1200  DetectAddress *tmp_ad;
1201  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1202  DetectAddressPrint(tmp_ad);
1203  }
1204 #endif
1205  int ipv4_applied = 0;
1206  int ipv6_applied = 0;
1207 
1208  /* step 2: pull the address blocks that match our 'not' blocks */
1209  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1210  SCLogDebug("ag %p", ag);
1211  DetectAddressPrint(ag);
1212 
1213  int applied = 0;
1214  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1215  SCLogDebug("ag2 %p", ag2);
1216  DetectAddressPrint(ag2);
1217 
1218  r = DetectAddressCmp(ag, ag2);
1219  /* XXX more ??? */
1220  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1221  if (ag2->prev == NULL)
1222  gh->ipv4_head = ag2->next;
1223  else
1224  ag2->prev->next = ag2->next;
1225 
1226  if (ag2->next != NULL)
1227  ag2->next->prev = ag2->prev;
1228 
1229  /* store the next ptr and remove the group */
1230  DetectAddress *next_ag2 = ag2->next;
1231  DetectAddressFree(ag2);
1232  ag2 = next_ag2;
1233  applied = 1;
1234  } else {
1235  ag2 = ag2->next;
1236  }
1237  }
1238 
1239  if (applied) {
1240  ipv4_applied++;
1241  }
1242  }
1243  /* ... and the same for ipv6 */
1244  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1245  int applied = 0;
1246  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1247  r = DetectAddressCmp(ag, ag2);
1248  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1249  if (ag2->prev == NULL)
1250  gh->ipv6_head = ag2->next;
1251  else
1252  ag2->prev->next = ag2->next;
1253 
1254  if (ag2->next != NULL)
1255  ag2->next->prev = ag2->prev;
1256 
1257  /* store the next ptr and remove the group */
1258  DetectAddress *next_ag2 = ag2->next;
1259  DetectAddressFree(ag2);
1260  ag2 = next_ag2;
1261 
1262  SCLogDebug("applied");
1263  applied = 1;
1264  } else {
1265  ag2 = ag2->next;
1266  }
1267  }
1268  if (applied) {
1269  ipv6_applied++;
1270  }
1271  }
1272 #ifdef DEBUG
1273  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1274  DetectAddressPrint(tmp_ad);
1275  }
1276  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1277  DetectAddressPrint(tmp_ad);
1278  }
1279 #endif
1280  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1281  int cnt = 0;
1282  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1283  cnt++;
1284 
1285  if (ipv4_applied != cnt) {
1286  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1287  "could be applied: %d != %d", cnt, ipv4_applied);
1288  goto error;
1289  }
1290 
1291  cnt = 0;
1292  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1293  cnt++;
1294 
1295  if (ipv6_applied != cnt) {
1296  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1297  "could be applied: %d != %d", cnt, ipv6_applied);
1298  goto error;
1299  }
1300  }
1301 
1302  /* if the result is that we have no addresses we return error */
1303  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1304  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1305  "merging addresses and negated addresses");
1306  goto error;
1307  }
1308 
1309  return 0;
1310 
1311 error:
1312  return -1;
1313 }
1314 
1316 {
1317  SCLogDebug("Testing address conf vars for any misconfigured values");
1318 
1319  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1320 
1321  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1322  if (address_vars_node == NULL) {
1323  return 0;
1324  }
1325 
1326  DetectAddressHead *gh = NULL;
1327  DetectAddressHead *ghn = NULL;
1328 
1329  ConfNode *seq_node;
1330  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1331  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1332 
1333  gh = DetectAddressHeadInit();
1334  if (gh == NULL) {
1335  goto error;
1336  }
1337  ghn = DetectAddressHeadInit();
1338  if (ghn == NULL) {
1339  goto error;
1340  }
1341 
1342  if (seq_node->val == NULL) {
1344  "Address var \"%s\" probably has a sequence(something "
1345  "in brackets) value set without any quotes. Please "
1346  "quote it using \"..\".", seq_node->name);
1347  goto error;
1348  }
1349 
1350  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1351 
1352  CleanVariableResolveList(&var_list);
1353 
1354  if (r < 0) {
1356  "failed to parse address var \"%s\" with value \"%s\". "
1357  "Please check it's syntax", seq_node->name, seq_node->val);
1358  goto error;
1359  }
1360 
1361  if (DetectAddressIsCompleteIPSpace(ghn)) {
1363  "address var - \"%s\" has the complete IP space negated "
1364  "with it's value \"%s\". Rule address range is NIL. "
1365  "Probably have a !any or an address range that supplies "
1366  "a NULL address range", seq_node->name, seq_node->val);
1367  goto error;
1368  }
1369 
1370  if (gh != NULL) {
1372  gh = NULL;
1373  }
1374  if (ghn != NULL) {
1375  DetectAddressHeadFree(ghn);
1376  ghn = NULL;
1377  }
1378  }
1379 
1380  return 0;
1381  error:
1382  if (gh != NULL)
1384  if (ghn != NULL)
1385  DetectAddressHeadFree(ghn);
1386  return -1;
1387 }
1388 
1389 #include "util-hash-lookup3.h"
1390 
1391 typedef struct DetectAddressMap_ {
1392  char *string;
1396 
1397 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1398 {
1399  const DetectAddressMap *map = (DetectAddressMap *)data;
1400  uint32_t hash = 0;
1401 
1402  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1403  hash %= ht->array_size;
1404 
1405  return hash;
1406 }
1407 
1408 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1409  uint16_t len2)
1410 {
1411  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1412  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1413 
1414 
1415  int r = (strcmp(map1->string, map2->string) == 0);
1416  return r;
1417 }
1418 
1419 static void DetectAddressMapFreeFunc(void *data)
1420 {
1421  DetectAddressMap *map = (DetectAddressMap *)data;
1422  if (map != NULL) {
1424  SCFree(map->string);
1425  }
1426  SCFree(map);
1427 }
1428 
1430 {
1431  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1432  DetectAddressMapCompareFunc,
1433  DetectAddressMapFreeFunc);
1434  if (de_ctx->address_table == NULL)
1435  return -1;
1436 
1437  return 0;
1438 }
1439 
1441 {
1442  if (de_ctx->address_table == NULL)
1443  return;
1444 
1446  de_ctx->address_table = NULL;
1447  return;
1448 }
1449 
1450 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1452 {
1453  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1454  if (map == NULL)
1455  return -1;
1456 
1457  map->string = SCStrdup(string);
1458  if (map->string == NULL) {
1459  SCFree(map);
1460  return -1;
1461  }
1462  map->address = address;
1464 
1465  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1466  return 0;
1467 }
1468 
1469 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1470  const char *string)
1471 {
1472  DetectAddressMap map = { (char *)string, NULL, false };
1473 
1475  &map, 0);
1476  return res;
1477 }
1478 
1479 /**
1480  * \brief Parses an address group sent as a character string and updates the
1481  * DetectAddressHead sent as the argument with the relevant address
1482  * ranges from the parsed string.
1483  *
1484  * \param gh Pointer to the DetectAddressHead.
1485  * \param str Pointer to the character string containing the address group
1486  * that has to be parsed.
1487  *
1488  * \retval 1 On success. Contained negation.
1489  * \retval 0 On success. Did not contain negation.
1490  * \retval -1 On failure.
1491  */
1493  DetectAddressHead *gh, const char *str)
1494 {
1495  int r;
1496  DetectAddressHead *ghn = NULL;
1497 
1498  SCLogDebug("gh %p, str %s", gh, str);
1499 
1500  if (str == NULL) {
1501  SCLogDebug("DetectAddressParse can not be run with NULL address");
1502  goto error;
1503  }
1504 
1505  ghn = DetectAddressHeadInit();
1506  if (ghn == NULL) {
1507  SCLogDebug("DetectAddressHeadInit for ghn failed");
1508  goto error;
1509  }
1510 
1511  r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1512  if (r < 0) {
1513  SCLogDebug("DetectAddressParse2 returned %d", r);
1514  goto error;
1515  }
1516 
1517  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1518  ghn->ipv4_head);
1519 
1520  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1521 
1522  /* merge the 'not' address groups */
1523  if (DetectAddressMergeNot(gh, ghn) < 0) {
1524  SCLogDebug("DetectAddressMergeNot failed");
1525  goto error;
1526  }
1527 
1528  /* free the temp negate head */
1529  DetectAddressHeadFree(ghn);
1530  return contains_negation ? 1 : 0;
1531 
1532 error:
1533  if (ghn != NULL)
1534  DetectAddressHeadFree(ghn);
1535  return -1;
1536 }
1537 
1539  const char *string, bool *contains_negation)
1540 {
1541  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1542  if (res != NULL) {
1543  SCLogDebug("found: %s :: %p", string, res);
1544  *contains_negation = res->contains_negation;
1545  return res->address;
1546  }
1547 
1548  SCLogDebug("%s not found", string);
1549 
1551  if (head == NULL)
1552  return NULL;
1553 
1554  const int r = DetectAddressParse(de_ctx, head, string);
1555  if (r < 0) {
1556  DetectAddressHeadFree(head);
1557  return NULL;
1558  } else if (r == 1) {
1559  *contains_negation = true;
1560  } else {
1561  *contains_negation = false;
1562  }
1563 
1564  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1565  *contains_negation);
1566  return head;
1567 }
1568 
1569 /**
1570  * \brief Returns a new instance of DetectAddressHead.
1571  *
1572  * \retval gh Pointer to the new instance of DetectAddressHead.
1573  */
1575 {
1577  if (unlikely(gh == NULL))
1578  return NULL;
1579  memset(gh, 0, sizeof(DetectAddressHead));
1580 
1581  return gh;
1582 }
1583 
1584 /**
1585  * \brief Cleans a DetectAddressHead. The functions frees the address
1586  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1587  * instance.
1588  *
1589  * \param gh Pointer to the DetectAddressHead instance that has to be
1590  * cleaned.
1591  */
1593 {
1594  if (gh != NULL) {
1595  if (gh->ipv4_head != NULL) {
1597  gh->ipv4_head = NULL;
1598  }
1599  if (gh->ipv6_head != NULL) {
1601  gh->ipv6_head = NULL;
1602  }
1603  }
1604 
1605  return;
1606 }
1607 
1608 /**
1609  * \brief Frees a DetectAddressHead instance.
1610  *
1611  * \param gh Pointer to the DetectAddressHead instance to be freed.
1612  */
1614 {
1615  if (gh != NULL) {
1617  SCFree(gh);
1618  }
1619 
1620  return;
1621 }
1622 
1623 /**
1624  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1625  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1626  * explanations on what these functions do.
1627  *
1628  * \param de_ctx Pointer to the DetectEngineCtx.
1629  * \param a Pointer the the first address to be cut.
1630  * \param b Pointer to the second address to be cut.
1631  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1632  * ranges from a and b, demand a third address range.
1633  *
1634  * \retval 0 On success.
1635  * \retval -1 On failure.
1636  */
1637 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1638  DetectAddress *b, DetectAddress **c)
1639 {
1640  if (a->ip.family == AF_INET)
1641  return DetectAddressCutIPv4(de_ctx, a, b, c);
1642  else if (a->ip.family == AF_INET6)
1643  return DetectAddressCutIPv6(de_ctx, a, b, c);
1644 
1645  return -1;
1646 }
1647 
1648 /**
1649  * \brief Cuts a negated address range with respect to the entire ip range, and
1650  * supplies with the address range that doesn't belong to the negated
1651  * address range.
1652  *
1653  * There are 2 cases here -
1654  *
1655  * The first case includes the address being located at the extreme ends
1656  * of the ip space, in which we get a single range.
1657  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1658  *
1659  * The second case includes the address not present at either of the
1660  * ip space extremes, in which case we get 2 ranges. The second range
1661  * would be supplied back with the argument "b" supplied to this function.
1662  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1663  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1664  *
1665  * The above negation cases can similarly be extended to ranges, i.e.
1666  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1667  * ![10.20.30.40 - 10.20.30.50].
1668  *
1669  *
1670  * \param a Pointer to the DetectAddressData instance, that contains the negated
1671  * address range that has to be cut.
1672  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1673  * filled with the address range, if the argument "a", doesn't fall at
1674  * the extreme ends of the ip address space.
1675  *
1676  * \retval 0 On success.
1677  * \retval -1 On failure.
1678  */
1679 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1680 {
1681  if (a->ip.family == AF_INET)
1682  return DetectAddressCutNotIPv4(a, b);
1683  else if (a->ip.family == AF_INET6)
1684  return DetectAddressCutNotIPv6(a, b);
1685 
1686  return -1;
1687 }
1688 
1689 /**
1690  * \brief Used to compare 2 address ranges.
1691  *
1692  * \param a Pointer to the first DetectAddressData to be compared.
1693  * \param b Pointer to the second DetectAddressData to be compared.
1694  */
1696 {
1697  if (a->ip.family != b->ip.family)
1698  return ADDRESS_ER;
1699 
1700  if (a->ip.family == AF_INET)
1701  return DetectAddressCmpIPv4(a, b);
1702  else if (a->ip.family == AF_INET6)
1703  return DetectAddressCmpIPv6(a, b);
1704 
1705  return ADDRESS_ER;
1706 }
1707 
1708 /**
1709  * \brief Match a packets address against a signatures addrs array
1710  *
1711  * \param addrs array of DetectMatchAddressIPv4's
1712  * \param addrs_cnt array size in members
1713  * \param a packets address
1714  *
1715  * \retval 0 no match
1716  * \retval 1 match
1717  *
1718  * \note addresses in addrs are in host order
1719  *
1720  * \todo array should be ordered, so we can break out of the loop
1721  */
1723  uint16_t addrs_cnt, const Address *a)
1724 {
1725  SCEnter();
1726 
1727  if (addrs == NULL || addrs_cnt == 0) {
1728  SCReturnInt(0);
1729  }
1730 
1731  uint16_t idx;
1732  for (idx = 0; idx < addrs_cnt; idx++) {
1733  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1734  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1735  {
1736  SCReturnInt(1);
1737  }
1738  }
1739 
1740  SCReturnInt(0);
1741 }
1742 
1743 /**
1744  * \brief Match a packets address against a signatures addrs array
1745  *
1746  * \param addrs array of DetectMatchAddressIPv6's
1747  * \param addrs_cnt array size in members
1748  * \param a packets address
1749  *
1750  * \retval 0 no match
1751  * \retval 1 match
1752  *
1753  * \note addresses in addrs are in host order
1754  *
1755  * \todo array should be ordered, so we can break out of the loop
1756  */
1758  uint16_t addrs_cnt, const Address *a)
1759 {
1760  SCEnter();
1761 
1762  if (addrs == NULL || addrs_cnt == 0) {
1763  SCReturnInt(0);
1764  }
1765 
1766  uint16_t idx;
1767  int i = 0;
1768  uint16_t result1, result2;
1769 
1770  /* See if the packet address is within the range of any entry in the
1771  * signature's address match array.
1772  */
1773  for (idx = 0; idx < addrs_cnt; idx++) {
1774  result1 = result2 = 0;
1775 
1776  /* See if packet address equals either limit. Return 1 if true. */
1777  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1778  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1779  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1780  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1781  {
1782  SCReturnInt(1);
1783  }
1784  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1785  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1786  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1787  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1788  {
1789  SCReturnInt(1);
1790  }
1791 
1792  /* See if packet address is greater than lower limit
1793  * of the current signature address match pair.
1794  */
1795  for (i = 0; i < 4; i++) {
1796  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1797  result1 = 1;
1798  break;
1799  }
1800  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1801  result1 = 0;
1802  break;
1803  }
1804  }
1805 
1806  /* If not greater than lower limit, try next address match entry */
1807  if (result1 == 0)
1808  continue;
1809 
1810  /* See if packet address is less than upper limit
1811  * of the current signature address match pair.
1812  */
1813  for (i = 0; i < 4; i++) {
1814  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1815  result2 = 1;
1816  break;
1817  }
1818  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1819  result2 = 0;
1820  break;
1821  }
1822  }
1823 
1824  /* Return a match if packet address is between the two
1825  * signature address match limits.
1826  */
1827  if (result1 == 1 && result2 == 1)
1828  SCReturnInt(1);
1829  }
1830 
1831  SCReturnInt(0);
1832 }
1833 
1834 /**
1835  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1836  * range in the DetectAddress instance.
1837  *
1838  * We basically check that the address falls inbetween the address
1839  * range in DetectAddress.
1840  *
1841  * \param dd Pointer to the DetectAddress instance.
1842  * \param a Pointer to an Address instance.
1843  *
1844  * \param 1 On a match.
1845  * \param 0 On no match.
1846  */
1848 {
1849  SCEnter();
1850 
1851  if (dd->ip.family != a->family) {
1852  SCReturnInt(0);
1853  }
1854 
1855  //DetectAddressPrint(dd);
1856  //AddressDebugPrint(a);
1857 
1858  switch (a->family) {
1859  case AF_INET:
1860 
1861  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1862  * Address inside DetectAddressData we can do uint8_t checks */
1863  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1864  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1865  {
1866  SCReturnInt(1);
1867  } else {
1868  SCReturnInt(0);
1869  }
1870 
1871  break;
1872  case AF_INET6:
1873  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1874  AddressIPv6Le(a, &dd->ip2) == 1)
1875  {
1876  SCReturnInt(1);
1877  } else {
1878  SCReturnInt(0);
1879  }
1880 
1881  break;
1882  default:
1883  SCLogDebug("What other address type can we have :-/");
1884  break;
1885  }
1886 
1887  SCReturnInt(0);
1888 }
1889 
1890 /**
1891  * \brief Prints the address data held by the DetectAddress. If the address
1892  * data family is IPv4, we print the the ipv4 address and mask, and
1893  * if the address data family is IPv6, we print the ipv6 address and
1894  * mask.
1895  *
1896  * \param ad Pointer to the DetectAddress instance to be printed.
1897  */
1899 {
1900  if (gr == NULL)
1901  return;
1902 
1903  if (gr->ip.family == AF_INET) {
1904  struct in_addr in;
1905  char ip[16], mask[16];
1906 
1907  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1908  PrintInet(AF_INET, &in, ip, sizeof(ip));
1909  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1910  PrintInet(AF_INET, &in, mask, sizeof(mask));
1911 
1912  SCLogDebug("%s/%s", ip, mask);
1913 // printf("%s/%s", ip, mask);
1914  } else if (gr->ip.family == AF_INET6) {
1915  struct in6_addr in6;
1916  char ip[66], mask[66];
1917 
1918  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1919  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1920  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1921  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1922 
1923  SCLogDebug("%s/%s", ip, mask);
1924 // printf("%s/%s", ip, mask);
1925  }
1926 
1927  return;
1928 }
1929 
1930 /**
1931  * \brief Find the group matching address in a group head.
1932  *
1933  * \param gh Pointer to the address group head(DetectAddressHead instance).
1934  * \param a Pointer to an Address instance.
1935  *
1936  * \retval g On success pointer to an DetectAddress if we find a match
1937  * for the Address "a", in the DetectAddressHead "gh".
1938  */
1940 {
1941  SCEnter();
1942 
1943  DetectAddress *g = NULL;
1944 
1945  if (gh == NULL) {
1946  SCReturnPtr(NULL, "DetectAddress");
1947  }
1948 
1949  /* XXX should we really do this check every time we run this function? */
1950  if (a->family == AF_INET) {
1951  SCLogDebug("IPv4");
1952  g = gh->ipv4_head;
1953  } else if (a->family == AF_INET6) {
1954  SCLogDebug("IPv6");
1955  g = gh->ipv6_head;
1956  }
1957 
1958  for ( ; g != NULL; g = g->next) {
1959  if (DetectAddressMatch(g,a) == 1) {
1960  SCReturnPtr(g, "DetectAddress");
1961  }
1962  }
1963 
1964  SCReturnPtr(NULL, "DetectAddress");
1965 }
1966 
1967 /********************************Unittests*************************************/
1968 
1969 #ifdef UNITTESTS
1970 
1971 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1972 {
1973  char str1[46] = "", str2[46] = "";
1974 
1975  if (ad == NULL)
1976  return FALSE;
1977 
1978  switch(ad->ip.family) {
1979  case AF_INET:
1980  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1981  SCLogDebug("%s", str1);
1982  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1983  SCLogDebug("%s", str2);
1984 
1985  if (strcmp(str1, one) != 0) {
1986  SCLogInfo("%s != %s", str1, one);
1987  return FALSE;
1988  }
1989 
1990  if (strcmp(str2, two) != 0) {
1991  SCLogInfo("%s != %s", str2, two);
1992  return FALSE;
1993  }
1994 
1995  return TRUE;
1996  break;
1997 
1998  case AF_INET6:
1999  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
2000  SCLogDebug("%s", str1);
2001  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
2002  SCLogDebug("%s", str2);
2003 
2004  if (strcmp(str1, one) != 0) {
2005  SCLogInfo("%s != %s", str1, one);
2006  return FALSE;
2007  }
2008 
2009  if (strcmp(str2, two) != 0) {
2010  SCLogInfo("%s != %s", str2, two);
2011  return FALSE;
2012  }
2013 
2014  return TRUE;
2015  break;
2016  }
2017 
2018  return FALSE;
2019 }
2020 
2022  const char *one;
2023  const char *two;
2025 
2026 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
2027 {
2028  int expect = nranges;
2029  int have = 0;
2030 
2031  if (gh == NULL)
2032  return FALSE;
2033 
2034  DetectAddress *ad = NULL;
2035  ad = gh->ipv4_head;
2036  if (ad == NULL)
2037  ad = gh->ipv6_head;
2038  while (have < expect) {
2039  if (ad == NULL) {
2040  printf("bad head: have %d ranges, expected %d: ", have, expect);
2041  return FALSE;
2042  }
2043 
2044  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
2045  return FALSE;
2046 
2047  ad = ad->next;
2048  have++;
2049  }
2050 
2051  return TRUE;
2052 }
2053 
2054 static int AddressTestParse01(void)
2055 {
2056  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2057 
2058  if (dd) {
2059  DetectAddressFree(dd);
2060  return 1;
2061  }
2062 
2063  return 0;
2064 }
2065 
2066 static int AddressTestParse02(void)
2067 {
2068  int result = 1;
2069  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2070 
2071  if (dd) {
2072  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
2073  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2074  result = 0;
2075  }
2076 
2077  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
2078  DetectAddressFree(dd);
2079  return result;
2080  }
2081 
2082  return 0;
2083 }
2084 
2085 static int AddressTestParse03(void)
2086 {
2087  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2088 
2089  if (dd) {
2090  DetectAddressFree(dd);
2091  return 1;
2092  }
2093 
2094  return 0;
2095 }
2096 
2097 static int AddressTestParse04(void)
2098 {
2099  int result = 1;
2100  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2101 
2102  if (dd) {
2103  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2104  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2105  result = 0;
2106  }
2107 
2108  DetectAddressFree(dd);
2109  return result;
2110  }
2111 
2112  return 0;
2113 }
2114 
2115 static int AddressTestParse05(void)
2116 {
2117  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2118 
2119  if (dd) {
2120  DetectAddressFree(dd);
2121  return 1;
2122  }
2123 
2124  return 0;
2125 }
2126 
2127 static int AddressTestParse06(void)
2128 {
2129  int result = 1;
2130  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2131 
2132  if (dd) {
2133  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2134  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2135  result = 0;
2136  }
2137 
2138  DetectAddressFree(dd);
2139  return result;
2140  }
2141 
2142  return 0;
2143 }
2144 
2145 static int AddressTestParse07(void)
2146 {
2147  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2148 
2149  if (dd) {
2150  DetectAddressFree(dd);
2151  return 1;
2152  }
2153 
2154  return 0;
2155 }
2156 
2157 static int AddressTestParse08(void)
2158 {
2159  int result = 1;
2160  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2161 
2162  if (dd) {
2163  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2164  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2165 
2166  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2167  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2168  DetectAddressPrint(dd);
2169  result = 0;
2170  }
2171 
2172  DetectAddressFree(dd);
2173  return result;
2174  }
2175 
2176  return 0;
2177 }
2178 
2179 static int AddressTestParse09(void)
2180 {
2181  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2182 
2183  if (dd) {
2184  DetectAddressFree(dd);
2185  return 1;
2186  }
2187 
2188  return 0;
2189 }
2190 
2191 static int AddressTestParse10(void)
2192 {
2193  int result = 1;
2194  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2195 
2196  if (dd) {
2197  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2198  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2199 
2200  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2201  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2202  DetectAddressPrint(dd);
2203  result = 0;
2204  }
2205 
2206  DetectAddressFree(dd);
2207  return result;
2208  }
2209 
2210  return 0;
2211 }
2212 
2213 static int AddressTestParse11(void)
2214 {
2215  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2216 
2217  if (dd) {
2218  DetectAddressFree(dd);
2219  return 1;
2220  }
2221 
2222  return 0;
2223 }
2224 
2225 static int AddressTestParse12(void)
2226 {
2227  int result = 1;
2228  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2229 
2230  if (dd) {
2231  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2232  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2233 
2234  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2235  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2236  DetectAddressPrint(dd);
2237  result = 0;
2238  }
2239 
2240  DetectAddressFree(dd);
2241  return result;
2242  }
2243 
2244  return 0;
2245 }
2246 static int AddressTestParse13(void)
2247 {
2248  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2249 
2250  if (dd) {
2251  DetectAddressFree(dd);
2252  return 1;
2253  }
2254 
2255  return 0;
2256 }
2257 
2258 static int AddressTestParse14(void)
2259 {
2260  int result = 1;
2261  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2262 
2263  if (dd) {
2264  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2265  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2266 
2267  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2268  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2269  result = 0;
2270  }
2271 
2272  DetectAddressFree(dd);
2273  return result;
2274  }
2275 
2276  return 0;
2277 }
2278 
2279 static int AddressTestParse15(void)
2280 {
2281  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2282 
2283  if (dd) {
2284  DetectAddressFree(dd);
2285  return 1;
2286  }
2287 
2288  return 0;
2289 }
2290 
2291 static int AddressTestParse16(void)
2292 {
2293  int result = 1;
2294  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2295 
2296  if (dd) {
2297  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2298  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2299 
2300  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2301  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2302  result = 0;
2303  }
2304 
2305  DetectAddressFree(dd);
2306  return result;
2307  }
2308 
2309  return 0;
2310 }
2311 
2312 static int AddressTestParse17(void)
2313 {
2314  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2315 
2316  if (dd) {
2317  DetectAddressFree(dd);
2318  return 1;
2319  }
2320 
2321  return 0;
2322 }
2323 
2324 static int AddressTestParse18(void)
2325 {
2326  int result = 1;
2327  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2328 
2329  if (dd) {
2330  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2331  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2332  result = 0;
2333  }
2334 
2335  DetectAddressFree(dd);
2336  return result;
2337  }
2338 
2339  return 0;
2340 }
2341 
2342 static int AddressTestParse19(void)
2343 {
2344  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2345 
2346  if (dd) {
2347  DetectAddressFree(dd);
2348  return 0;
2349  }
2350 
2351  return 1;
2352 }
2353 
2354 static int AddressTestParse20(void)
2355 {
2356  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2357 
2358  if (dd) {
2359  DetectAddressFree(dd);
2360  return 1;
2361  }
2362 
2363  return 0;
2364 }
2365 
2366 static int AddressTestParse21(void)
2367 {
2368  int result = 1;
2369  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2370 
2371  if (dd) {
2372  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2373  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2374 
2375  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2376  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2377  result = 0;
2378  }
2379 
2380  DetectAddressFree(dd);
2381  return result;
2382  }
2383 
2384  return 0;
2385 }
2386 
2387 static int AddressTestParse22(void)
2388 {
2389  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2390 
2391  if (dd) {
2392  DetectAddressFree(dd);
2393  return 0;
2394  }
2395 
2396  return 1;
2397 }
2398 
2399 static int AddressTestParse23(void)
2400 {
2402  FAIL_IF_NULL(gh);
2403  int r = DetectAddressParse(NULL, gh, "any");
2404  FAIL_IF_NOT(r == 0);
2406  PASS;
2407 }
2408 
2409 static int AddressTestParse24(void)
2410 {
2412  FAIL_IF_NULL(gh);
2413  int r = DetectAddressParse(NULL, gh, "Any");
2414  FAIL_IF_NOT(r == 0);
2416  PASS;
2417 }
2418 
2419 static int AddressTestParse25(void)
2420 {
2422  FAIL_IF_NULL(gh);
2423  int r = DetectAddressParse(NULL, gh, "ANY");
2424  FAIL_IF_NOT(r == 0);
2426  PASS;
2427 }
2428 
2429 static int AddressTestParse27(void)
2430 {
2431  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2432 
2433  if (dd) {
2434  DetectAddressFree(dd);
2435  return 1;
2436  }
2437 
2438  return 0;
2439 }
2440 
2441 static int AddressTestParse28(void)
2442 {
2443  int result = 0;
2444  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2445 
2446  if (dd) {
2447  if (dd->flags & ADDRESS_FLAG_NOT &&
2448  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2449  result = 1;
2450  }
2451 
2452  DetectAddressFree(dd);
2453  return result;
2454  }
2455 
2456  return 0;
2457 }
2458 
2459 static int AddressTestParse29(void)
2460 {
2461  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2462 
2463  if (dd) {
2464  DetectAddressFree(dd);
2465  return 1;
2466  }
2467 
2468  return 0;
2469 }
2470 
2471 static int AddressTestParse30(void)
2472 {
2473  int result = 0;
2474  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2475 
2476  if (dd) {
2477  if (dd->flags & ADDRESS_FLAG_NOT &&
2478  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2479  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2480  result = 1;
2481  }
2482 
2483  DetectAddressFree(dd);
2484  return result;
2485  }
2486 
2487  return 0;
2488 }
2489 
2490 /**
2491  * \test make sure !any is rejected
2492  */
2493 static int AddressTestParse31(void)
2494 {
2495  DetectAddress *dd = DetectAddressParseSingle("!any");
2496 
2497  if (dd) {
2498  DetectAddressFree(dd);
2499  return 0;
2500  }
2501 
2502  return 1;
2503 }
2504 
2505 static int AddressTestParse32(void)
2506 {
2507  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2508 
2509  if (dd) {
2510  DetectAddressFree(dd);
2511  return 1;
2512  }
2513 
2514  return 0;
2515 }
2516 
2517 static int AddressTestParse33(void)
2518 {
2519  int result = 0;
2520  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2521 
2522  if (dd) {
2523  if (dd->flags & ADDRESS_FLAG_NOT &&
2524  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2525  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2526  result = 1;
2527  }
2528 
2529  DetectAddressFree(dd);
2530  return result;
2531  }
2532 
2533  return 0;
2534 }
2535 
2536 static int AddressTestParse34(void)
2537 {
2538  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2539 
2540  if (dd) {
2541  DetectAddressFree(dd);
2542  return 1;
2543  }
2544 
2545  return 0;
2546 }
2547 
2548 static int AddressTestParse35(void)
2549 {
2550  int result = 0;
2551  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2552 
2553  if (dd) {
2554  if (dd->flags & ADDRESS_FLAG_NOT &&
2555  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2556  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2557 
2558  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2559  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2560  result = 1;
2561  }
2562 
2563  DetectAddressFree(dd);
2564  return result;
2565  }
2566 
2567  return 0;
2568 }
2569 
2570 static int AddressTestParse36(void)
2571 {
2572  int result = 1;
2573  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2574 
2575  if (dd) {
2576  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2577  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2578 
2579  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2580  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2581 
2582  DetectAddressPrint(dd);
2583  result = 0;
2584  }
2585  DetectAddressPrint(dd);
2586 
2587  DetectAddressFree(dd);
2588  return result;
2589  }
2590 
2591  return 0;
2592 }
2593 
2594 static int AddressTestParse37(void)
2595 {
2596  int result = 1;
2597  DetectAddress *dd = DetectAddressParseSingle("::/0");
2598 
2599  if (dd) {
2600  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2601  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2602 
2603  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2604  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2605  DetectAddressPrint(dd);
2606  result = 0;
2607  }
2608  DetectAddressPrint(dd);
2609 
2610  DetectAddressFree(dd);
2611  return result;
2612  }
2613 
2614  return 0;
2615 }
2616 
2617 static int AddressTestMatch01(void)
2618 {
2619  DetectAddress *dd = NULL;
2620  int result = 1;
2621  struct in_addr in;
2622  Address a;
2623 
2624  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2625  return 0;
2626  memset(&a, 0, sizeof(Address));
2627  a.family = AF_INET;
2628  a.addr_data32[0] = in.s_addr;
2629 
2630  dd = DetectAddressParseSingle("1.2.3.4/24");
2631  if (dd) {
2632  if (DetectAddressMatch(dd, &a) == 0)
2633  result = 0;
2634 
2635  DetectAddressFree(dd);
2636  return result;
2637  }
2638 
2639  return 0;
2640 }
2641 
2642 static int AddressTestMatch02(void)
2643 {
2644  DetectAddress *dd = NULL;
2645  int result = 1;
2646  struct in_addr in;
2647  Address a;
2648 
2649  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2650  return 0;
2651  memset(&a, 0, sizeof(Address));
2652  a.family = AF_INET;
2653  a.addr_data32[0] = in.s_addr;
2654 
2655  dd = DetectAddressParseSingle("1.2.3.4/25");
2656  if (dd) {
2657  if (DetectAddressMatch(dd, &a) == 0)
2658  result = 0;
2659 
2660  DetectAddressFree(dd);
2661  return result;
2662  }
2663 
2664  return 0;
2665 }
2666 
2667 static int AddressTestMatch03(void)
2668 {
2669  DetectAddress *dd = NULL;
2670  int result = 1;
2671  struct in_addr in;
2672  Address a;
2673 
2674  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2675  return 0;
2676  memset(&a, 0, sizeof(Address));
2677  a.family = AF_INET;
2678  a.addr_data32[0] = in.s_addr;
2679 
2680  dd = DetectAddressParseSingle("1.2.3.4/25");
2681  if (dd) {
2682  if (DetectAddressMatch(dd, &a) == 1)
2683  result = 0;
2684 
2685  DetectAddressFree(dd);
2686  return result;
2687  }
2688 
2689  return 0;
2690 }
2691 
2692 static int AddressTestMatch04(void)
2693 {
2694  DetectAddress *dd = NULL;
2695  int result = 1;
2696  struct in_addr in;
2697  Address a;
2698 
2699  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2700  return 0;
2701  memset(&a, 0, sizeof(Address));
2702  a.family = AF_INET;
2703  a.addr_data32[0] = in.s_addr;
2704 
2705  dd = DetectAddressParseSingle("1.2.3.4/25");
2706  if (dd) {
2707  if (DetectAddressMatch(dd, &a) == 1)
2708  result = 0;
2709 
2710  DetectAddressFree(dd);
2711  return result;
2712  }
2713 
2714  return 0;
2715 }
2716 
2717 static int AddressTestMatch05(void)
2718 {
2719  DetectAddress *dd = NULL;
2720  int result = 1;
2721  struct in_addr in;
2722  Address a;
2723 
2724  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2725  return 0;
2726  memset(&a, 0, sizeof(Address));
2727  a.family = AF_INET;
2728  a.addr_data32[0] = in.s_addr;
2729 
2730  dd = DetectAddressParseSingle("1.2.3.4/32");
2731  if (dd) {
2732  if (DetectAddressMatch(dd, &a) == 0)
2733  result = 0;
2734 
2735  DetectAddressFree(dd);
2736  return result;
2737  }
2738 
2739  return 0;
2740 }
2741 
2742 static int AddressTestMatch06(void)
2743 {
2744  DetectAddress *dd = NULL;
2745  int result = 1;
2746  struct in_addr in;
2747  Address a;
2748 
2749  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2750  return 0;
2751  memset(&a, 0, sizeof(Address));
2752  a.family = AF_INET;
2753  a.addr_data32[0] = in.s_addr;
2754 
2755  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2756  if (dd) {
2757  if (DetectAddressMatch(dd, &a) == 0)
2758  result = 0;
2759 
2760  DetectAddressFree(dd);
2761  return result;
2762  }
2763 
2764  return 0;
2765 }
2766 
2767 static int AddressTestMatch07(void)
2768 {
2769  DetectAddress *dd = NULL;
2770  int result = 1;
2771  struct in6_addr in6;
2772  Address a;
2773 
2774  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2775  return 0;
2776  memset(&a, 0, sizeof(Address));
2777  a.family = AF_INET6;
2778  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2779 
2780  dd = DetectAddressParseSingle("2001::/3");
2781  if (dd) {
2782  if (DetectAddressMatch(dd, &a) == 0)
2783  result = 0;
2784 
2785  DetectAddressFree(dd);
2786  return result;
2787  }
2788 
2789  return 0;
2790 }
2791 
2792 static int AddressTestMatch08(void)
2793 {
2794  DetectAddress *dd = NULL;
2795  int result = 1;
2796  struct in6_addr in6;
2797  Address a;
2798 
2799  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2800  return 0;
2801  memset(&a, 0, sizeof(Address));
2802  a.family = AF_INET6;
2803  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2804 
2805  dd = DetectAddressParseSingle("2001::/3");
2806  if (dd) {
2807  if (DetectAddressMatch(dd, &a) == 1)
2808  result = 0;
2809 
2810  DetectAddressFree(dd);
2811  return result;
2812  }
2813 
2814  return 0;
2815 }
2816 
2817 static int AddressTestMatch09(void)
2818 {
2819  DetectAddress *dd = NULL;
2820  int result = 1;
2821  struct in6_addr in6;
2822  Address a;
2823 
2824  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2825  return 0;
2826  memset(&a, 0, sizeof(Address));
2827  a.family = AF_INET6;
2828  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2829 
2830  dd = DetectAddressParseSingle("2001::1/128");
2831  if (dd) {
2832  if (DetectAddressMatch(dd, &a) == 1)
2833  result = 0;
2834 
2835  DetectAddressFree(dd);
2836  return result;
2837  }
2838 
2839  return 0;
2840 }
2841 
2842 static int AddressTestMatch10(void)
2843 {
2844  DetectAddress *dd = NULL;
2845  int result = 1;
2846  struct in6_addr in6;
2847  Address a;
2848 
2849  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2850  return 0;
2851  memset(&a, 0, sizeof(Address));
2852  a.family = AF_INET6;
2853  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2854 
2855  dd = DetectAddressParseSingle("2001::1/126");
2856  if (dd) {
2857  if (DetectAddressMatch(dd, &a) == 0)
2858  result = 0;
2859 
2860  DetectAddressFree(dd);
2861  return result;
2862  }
2863 
2864  return 0;
2865 }
2866 
2867 static int AddressTestMatch11(void)
2868 {
2869  DetectAddress *dd = NULL;
2870  int result = 1;
2871  struct in6_addr in6;
2872  Address a;
2873 
2874  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2875  return 0;
2876  memset(&a, 0, sizeof(Address));
2877  a.family = AF_INET6;
2878  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2879 
2880  dd = DetectAddressParseSingle("2001::1/127");
2881  if (dd) {
2882  if (DetectAddressMatch(dd, &a) == 1)
2883  result = 0;
2884 
2885  DetectAddressFree(dd);
2886  return result;
2887  }
2888 
2889  return 0;
2890 }
2891 
2892 static int AddressTestCmp01(void)
2893 {
2894  DetectAddress *da = NULL, *db = NULL;
2895  int result = 1;
2896 
2897  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2898  if (da == NULL) goto error;
2899  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2900  if (db == NULL) goto error;
2901 
2902  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2903  result = 0;
2904 
2905  DetectAddressFree(da);
2906  DetectAddressFree(db);
2907  return result;
2908 
2909 error:
2910  if (da) DetectAddressFree(da);
2911  if (db) DetectAddressFree(db);
2912  return 0;
2913 }
2914 
2915 static int AddressTestCmp02(void)
2916 {
2917  DetectAddress *da = NULL, *db = NULL;
2918  int result = 1;
2919 
2920  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2921  if (da == NULL) goto error;
2922  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2923  if (db == NULL) goto error;
2924 
2925  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2926  result = 0;
2927 
2928  DetectAddressFree(da);
2929  DetectAddressFree(db);
2930  return result;
2931 
2932 error:
2933  if (da) DetectAddressFree(da);
2934  if (db) DetectAddressFree(db);
2935  return 0;
2936 }
2937 
2938 static int AddressTestCmp03(void)
2939 {
2940  DetectAddress *da = NULL, *db = NULL;
2941  int result = 1;
2942 
2943  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2944  if (da == NULL) goto error;
2945  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2946  if (db == NULL) goto error;
2947 
2948  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2949  result = 0;
2950 
2951  DetectAddressFree(da);
2952  DetectAddressFree(db);
2953  return result;
2954 
2955 error:
2956  if (da) DetectAddressFree(da);
2957  if (db) DetectAddressFree(db);
2958  return 0;
2959 }
2960 
2961 static int AddressTestCmp04(void)
2962 {
2963  DetectAddress *da = NULL, *db = NULL;
2964  int result = 1;
2965 
2966  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2967  if (da == NULL) goto error;
2968  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2969  if (db == NULL) goto error;
2970 
2971  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2972  result = 0;
2973 
2974  DetectAddressFree(da);
2975  DetectAddressFree(db);
2976  return result;
2977 
2978 error:
2979  if (da) DetectAddressFree(da);
2980  if (db) DetectAddressFree(db);
2981  return 0;
2982 }
2983 
2984 static int AddressTestCmp05(void)
2985 {
2986  DetectAddress *da = NULL, *db = NULL;
2987  int result = 1;
2988 
2989  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2990  if (da == NULL) goto error;
2991  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2992  if (db == NULL) goto error;
2993 
2994  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2995  result = 0;
2996 
2997  DetectAddressFree(da);
2998  DetectAddressFree(db);
2999  return result;
3000 
3001 error:
3002  if (da) DetectAddressFree(da);
3003  if (db) DetectAddressFree(db);
3004  return 0;
3005 }
3006 
3007 static int AddressTestCmp06(void)
3008 {
3009  DetectAddress *da = NULL, *db = NULL;
3010  int result = 1;
3011 
3012  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
3013  if (da == NULL) goto error;
3014  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
3015  if (db == NULL) goto error;
3016 
3017  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3018  result = 0;
3019 
3020  DetectAddressFree(da);
3021  DetectAddressFree(db);
3022  return result;
3023 
3024 error:
3025  if (da) DetectAddressFree(da);
3026  if (db) DetectAddressFree(db);
3027  return 0;
3028 }
3029 
3030 static int AddressTestCmpIPv407(void)
3031 {
3032  DetectAddress *da = NULL, *db = NULL;
3033  int result = 1;
3034 
3035  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3036  if (da == NULL) goto error;
3037  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3038  if (db == NULL) goto error;
3039 
3040  if (DetectAddressCmp(da, db) != ADDRESS_LE)
3041  result = 0;
3042 
3043  DetectAddressFree(da);
3044  DetectAddressFree(db);
3045  return result;
3046 
3047 error:
3048  if (da) DetectAddressFree(da);
3049  if (db) DetectAddressFree(db);
3050  return 0;
3051 }
3052 
3053 static int AddressTestCmpIPv408(void)
3054 {
3055  DetectAddress *da = NULL, *db = NULL;
3056  int result = 1;
3057 
3058  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3059  if (da == NULL) goto error;
3060  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3061  if (db == NULL) goto error;
3062 
3063  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3064  result = 0;
3065 
3066  DetectAddressFree(da);
3067  DetectAddressFree(db);
3068  return result;
3069 
3070 error:
3071  if (da) DetectAddressFree(da);
3072  if (db) DetectAddressFree(db);
3073  return 0;
3074 }
3075 
3076 static int AddressTestCmp07(void)
3077 {
3078  DetectAddress *da = NULL, *db = NULL;
3079  int result = 1;
3080 
3081  da = DetectAddressParseSingle("2001::/3");
3082  if (da == NULL) goto error;
3083  db = DetectAddressParseSingle("2001::1/3");
3084  if (db == NULL) goto error;
3085 
3086  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3087  result = 0;
3088 
3089  DetectAddressFree(da);
3090  DetectAddressFree(db);
3091  return result;
3092 
3093 error:
3094  if (da) DetectAddressFree(da);
3095  if (db) DetectAddressFree(db);
3096  return 0;
3097 }
3098 
3099 static int AddressTestCmp08(void)
3100 {
3101  DetectAddress *da = NULL, *db = NULL;
3102  int result = 1;
3103 
3104  da = DetectAddressParseSingle("2001::/3");
3105  if (da == NULL) goto error;
3106  db = DetectAddressParseSingle("2001::/8");
3107  if (db == NULL) goto error;
3108 
3109  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3110  result = 0;
3111 
3112  DetectAddressFree(da);
3113  DetectAddressFree(db);
3114  return result;
3115 
3116 error:
3117  if (da) DetectAddressFree(da);
3118  if (db) DetectAddressFree(db);
3119  return 0;
3120 }
3121 
3122 static int AddressTestCmp09(void)
3123 {
3124  DetectAddress *da = NULL, *db = NULL;
3125  int result = 1;
3126 
3127  da = DetectAddressParseSingle("2001::/8");
3128  if (da == NULL) goto error;
3129  db = DetectAddressParseSingle("2001::/3");
3130  if (db == NULL) goto error;
3131 
3132  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3133  result = 0;
3134 
3135  DetectAddressFree(da);
3136  DetectAddressFree(db);
3137  return result;
3138 
3139 error:
3140  if (da) DetectAddressFree(da);
3141  if (db) DetectAddressFree(db);
3142  return 0;
3143 }
3144 
3145 static int AddressTestCmp10(void)
3146 {
3147  DetectAddress *da = NULL, *db = NULL;
3148  int result = 1;
3149 
3150  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3151  if (da == NULL) goto error;
3152  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3153  if (db == NULL) goto error;
3154 
3155  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3156  result = 0;
3157 
3158  DetectAddressFree(da);
3159  DetectAddressFree(db);
3160  return result;
3161 
3162 error:
3163  if (da) DetectAddressFree(da);
3164  if (db) DetectAddressFree(db);
3165  return 0;
3166 }
3167 
3168 static int AddressTestCmp11(void)
3169 {
3170  DetectAddress *da = NULL, *db = NULL;
3171  int result = 1;
3172 
3173  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3174  if (da == NULL) goto error;
3175  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3176  if (db == NULL) goto error;
3177 
3178  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3179  result = 0;
3180 
3181  DetectAddressFree(da);
3182  DetectAddressFree(db);
3183  return result;
3184 
3185 error:
3186  if (da) DetectAddressFree(da);
3187  if (db) DetectAddressFree(db);
3188  return 0;
3189 }
3190 
3191 static int AddressTestCmp12(void)
3192 {
3193  DetectAddress *da = NULL, *db = NULL;
3194  int result = 1;
3195 
3196  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3197  if (da == NULL) goto error;
3198  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3199  if (db == NULL) goto error;
3200 
3201  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3202  result = 0;
3203 
3204  DetectAddressFree(da);
3205  DetectAddressFree(db);
3206  return result;
3207 
3208 error:
3209  if (da) DetectAddressFree(da);
3210  if (db) DetectAddressFree(db);
3211  return 0;
3212 }
3213 
3214 static int AddressTestAddressGroupSetup01(void)
3215 {
3216  int result = 0;
3218 
3219  if (gh != NULL) {
3220  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3221  if (r == 0)
3222  result = 1;
3223 
3225  }
3226  return result;
3227 }
3228 
3229 static int AddressTestAddressGroupSetup02(void)
3230 {
3231  int result = 0;
3233 
3234  if (gh != NULL) {
3235  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3236  if (r == 0 && gh->ipv4_head != NULL)
3237  result = 1;
3238 
3240  }
3241  return result;
3242 }
3243 
3244 static int AddressTestAddressGroupSetup03(void)
3245 {
3246  int result = 0;
3248 
3249  if (gh != NULL) {
3250  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3251  if (r == 0 && gh->ipv4_head != NULL) {
3252  DetectAddress *prev_head = gh->ipv4_head;
3253 
3254  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3255  if (r == 0 && gh->ipv4_head != prev_head &&
3256  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3257  result = 1;
3258  }
3259  }
3260 
3262  }
3263  return result;
3264 }
3265 
3266 static int AddressTestAddressGroupSetup04(void)
3267 {
3268  int result = 0;
3270 
3271  if (gh != NULL) {
3272  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3273  if (r == 0 && gh->ipv4_head != NULL) {
3274  DetectAddress *prev_head = gh->ipv4_head;
3275 
3276  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3277  if (r == 0 && gh->ipv4_head != prev_head &&
3278  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3279  DetectAddress *ph = gh->ipv4_head;
3280 
3281  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3282  if (r == 0 && gh->ipv4_head != ph &&
3283  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3284  result = 1;
3285  }
3286  }
3287  }
3288 
3290  }
3291  return result;
3292 }
3293 
3294 static int AddressTestAddressGroupSetup05(void)
3295 {
3296  int result = 0;
3298 
3299  if (gh != NULL) {
3300  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3301  if (r == 0 && gh->ipv4_head != NULL) {
3302  DetectAddress *prev_head = gh->ipv4_head;
3303 
3304  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3305  if (r == 0 && gh->ipv4_head == prev_head &&
3306  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3307  DetectAddress *ph = gh->ipv4_head;
3308 
3309  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3310  if (r == 0 && gh->ipv4_head == ph &&
3311  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3312  result = 1;
3313  }
3314  }
3315  }
3316 
3318  }
3319  return result;
3320 }
3321 
3322 static int AddressTestAddressGroupSetup06(void)
3323 {
3324  int result = 0;
3326 
3327  if (gh != NULL) {
3328  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3329  if (r == 0 && gh->ipv4_head != NULL) {
3330  DetectAddress *prev_head = gh->ipv4_head;
3331 
3332  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3333  if (r == 0 && gh->ipv4_head == prev_head &&
3334  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3335  result = 1;
3336  }
3337  }
3338 
3340  }
3341  return result;
3342 }
3343 
3344 static int AddressTestAddressGroupSetup07(void)
3345 {
3346  int result = 0;
3348 
3349  if (gh != NULL) {
3350  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3351  if (r == 0 && gh->ipv4_head != NULL) {
3352  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3353  if (r == 0 && gh->ipv4_head != NULL &&
3354  gh->ipv4_head->next != NULL &&
3355  gh->ipv4_head->next->next != NULL) {
3356  result = 1;
3357  }
3358  }
3359 
3361  }
3362  return result;
3363 }
3364 
3365 static int AddressTestAddressGroupSetup08(void)
3366 {
3367  int result = 0;
3369 
3370  if (gh != NULL) {
3371  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3372  if (r == 0 && gh->ipv4_head != NULL) {
3373  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3374  if (r == 0 && gh->ipv4_head != NULL &&
3375  gh->ipv4_head->next != NULL &&
3376  gh->ipv4_head->next->next != NULL) {
3377  result = 1;
3378  }
3379  }
3380 
3382  }
3383  return result;
3384 }
3385 
3386 static int AddressTestAddressGroupSetup09(void)
3387 {
3388  int result = 0;
3390 
3391  if (gh != NULL) {
3392  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3393  if (r == 0 && gh->ipv4_head != NULL) {
3394  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3395  if (r == 0 && gh->ipv4_head != NULL &&
3396  gh->ipv4_head->next != NULL &&
3397  gh->ipv4_head->next->next != NULL) {
3398  result = 1;
3399  }
3400  }
3401 
3403  }
3404  return result;
3405 }
3406 
3407 static int AddressTestAddressGroupSetup10(void)
3408 {
3409  int result = 0;
3411 
3412  if (gh != NULL) {
3413  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3414  if (r == 0 && gh->ipv4_head != NULL) {
3415  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3416  if (r == 0 && gh->ipv4_head != NULL &&
3417  gh->ipv4_head->next != NULL &&
3418  gh->ipv4_head->next->next != NULL) {
3419  result = 1;
3420  }
3421  }
3422 
3424  }
3425  return result;
3426 }
3427 
3428 static int AddressTestAddressGroupSetup11(void)
3429 {
3430  int result = 0;
3432 
3433  if (gh != NULL) {
3434  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3435  if (r == 0) {
3436  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3437  if (r == 0) {
3438  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3439  if (r == 0) {
3440  DetectAddress *one = gh->ipv4_head, *two = one->next,
3441  *three = two->next, *four = three->next,
3442  *five = four->next;
3443 
3444  /* result should be:
3445  * 0.0.0.0/10.10.9.255
3446  * 10.10.10.0/10.10.10.9
3447  * 10.10.10.10/10.10.10.255
3448  * 10.10.11.0/10.10.11.1
3449  * 10.10.11.2/255.255.255.255
3450  */
3451  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3452  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3453  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3454  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3455  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3456  result = 1;
3457  }
3458  }
3459  }
3460  }
3461 
3463  }
3464  return result;
3465 }
3466 
3467 static int AddressTestAddressGroupSetup12 (void)
3468 {
3469  int result = 0;
3471 
3472  if (gh != NULL) {
3473  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3474  if (r == 0) {
3475  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3476  if (r == 0) {
3477  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3478  if (r == 0) {
3479  DetectAddress *one = gh->ipv4_head, *two = one->next,
3480  *three = two->next, *four = three->next,
3481  *five = four->next;
3482 
3483  /* result should be:
3484  * 0.0.0.0/10.10.9.255
3485  * 10.10.10.0/10.10.10.9
3486  * 10.10.10.10/10.10.10.255
3487  * 10.10.11.0/10.10.11.1
3488  * 10.10.11.2/255.255.255.255
3489  */
3490  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3491  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3492  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3493  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3494  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3495  result = 1;
3496  }
3497  }
3498  }
3499  }
3500 
3502  }
3503  return result;
3504 }
3505 
3506 static int AddressTestAddressGroupSetup13(void)
3507 {
3508  int result = 0;
3510 
3511  if (gh != NULL) {
3512  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3513  if (r == 0) {
3514  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3515  if (r == 0) {
3516  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3517  if (r == 0) {
3518  DetectAddress *one = gh->ipv4_head, *two = one->next,
3519  *three = two->next, *four = three->next,
3520  *five = four->next;
3521 
3522  /* result should be:
3523  * 0.0.0.0/10.10.9.255
3524  * 10.10.10.0/10.10.10.9
3525  * 10.10.10.10/10.10.10.255
3526  * 10.10.11.0/10.10.11.1
3527  * 10.10.11.2/255.255.255.255
3528  */
3529  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3530  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3531  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3532  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3533  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3534  result = 1;
3535  }
3536  }
3537  }
3538  }
3539 
3541  }
3542  return result;
3543 }
3544 
3545 static int AddressTestAddressGroupSetupIPv414(void)
3546 {
3548  FAIL_IF_NULL(gh);
3549 
3550  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3551  FAIL_IF_NOT(r == 1);
3552 
3553  DetectAddress *one = gh->ipv4_head;
3554  FAIL_IF_NULL(one);
3555  DetectAddress *two = one->next;
3556  FAIL_IF_NULL(two);
3557 
3558  /* result should be:
3559  * 0.0.0.0/1.2.3.3
3560  * 1.2.3.5/255.255.255.255
3561  */
3562  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3563  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3564  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3565  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3567 
3568  PASS;
3569 }
3570 
3571 static int AddressTestAddressGroupSetupIPv415(void)
3572 {
3574  FAIL_IF_NULL(gh);
3575 
3576  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3577  FAIL_IF_NOT(r == 1);
3578 
3579  DetectAddress *one = gh->ipv4_head;
3580  FAIL_IF_NULL(one);
3581  FAIL_IF_NOT_NULL(one->next);
3582 
3583  /* result should be:
3584  * 0.0.0.1/255.255.255.255
3585  */
3586  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3587  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3588 
3590  PASS;
3591 }
3592 
3593 static int AddressTestAddressGroupSetupIPv416(void)
3594 {
3596  FAIL_IF_NULL(gh);
3597 
3598  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3599  FAIL_IF_NOT(r == 1);
3600 
3601  DetectAddress *one = gh->ipv4_head;
3602  FAIL_IF_NULL(one);
3603  FAIL_IF_NOT_NULL(one->next);
3604 
3605  /* result should be:
3606  * 0.0.0.0/255.255.255.254
3607  */
3608  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3609  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3610 
3612  PASS;
3613 }
3614 
3615 static int AddressTestAddressGroupSetup14(void)
3616 {
3617  int result = 0;
3619 
3620  if (gh != NULL) {
3621  int r = DetectAddressParse(NULL, gh, "2001::1");
3622  if (r == 0)
3623  result = 1;
3624 
3626  }
3627  return result;
3628 }
3629 
3630 static int AddressTestAddressGroupSetup15(void)
3631 {
3632  int result = 0;
3634 
3635  if (gh != NULL) {
3636  int r = DetectAddressParse(NULL, gh, "2001::1");
3637  if (r == 0 && gh->ipv6_head != NULL)
3638  result = 1;
3639 
3641  }
3642  return result;
3643 }
3644 
3645 static int AddressTestAddressGroupSetup16(void)
3646 {
3647  int result = 0;
3649 
3650  if (gh != NULL) {
3651  int r = DetectAddressParse(NULL, gh, "2001::4");
3652  if (r == 0 && gh->ipv6_head != NULL) {
3653  DetectAddress *prev_head = gh->ipv6_head;
3654 
3655  r = DetectAddressParse(NULL, gh, "2001::3");
3656  if (r == 0 && gh->ipv6_head != prev_head &&
3657  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3658  result = 1;
3659  }
3660  }
3661 
3663  }
3664  return result;
3665 }
3666 
3667 static int AddressTestAddressGroupSetup17(void)
3668 {
3669  int result = 0;
3671 
3672  if (gh != NULL) {
3673  int r = DetectAddressParse(NULL, gh, "2001::4");
3674  if (r == 0 && gh->ipv6_head != NULL) {
3675  DetectAddress *prev_head = gh->ipv6_head;
3676 
3677  r = DetectAddressParse(NULL, gh, "2001::3");
3678  if (r == 0 && gh->ipv6_head != prev_head &&
3679  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3680  DetectAddress *ph = gh->ipv6_head;
3681 
3682  r = DetectAddressParse(NULL, gh, "2001::2");
3683  if (r == 0 && gh->ipv6_head != ph &&
3684  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3685  result = 1;
3686  }
3687  }
3688  }
3689 
3691  }
3692  return result;
3693 }
3694 
3695 static int AddressTestAddressGroupSetup18(void)
3696 {
3697  int result = 0;
3699 
3700  if (gh != NULL) {
3701  int r = DetectAddressParse(NULL, gh, "2001::2");
3702  if (r == 0 && gh->ipv6_head != NULL) {
3703  DetectAddress *prev_head = gh->ipv6_head;
3704 
3705  r = DetectAddressParse(NULL, gh, "2001::3");
3706  if (r == 0 && gh->ipv6_head == prev_head &&
3707  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3708  DetectAddress *ph = gh->ipv6_head;
3709 
3710  r = DetectAddressParse(NULL, gh, "2001::4");
3711  if (r == 0 && gh->ipv6_head == ph &&
3712  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3713  result = 1;
3714  }
3715  }
3716  }
3717 
3719  }
3720  return result;
3721 }
3722 
3723 static int AddressTestAddressGroupSetup19(void)
3724 {
3725  int result = 0;
3727 
3728  if (gh != NULL) {
3729  int r = DetectAddressParse(NULL, gh, "2001::2");
3730  if (r == 0 && gh->ipv6_head != NULL) {
3731  DetectAddress *prev_head = gh->ipv6_head;
3732 
3733  r = DetectAddressParse(NULL, gh, "2001::2");
3734  if (r == 0 && gh->ipv6_head == prev_head &&
3735  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3736  result = 1;
3737  }
3738  }
3739 
3741  }
3742  return result;
3743 }
3744 
3745 static int AddressTestAddressGroupSetup20(void)
3746 {
3747  int result = 0;
3749 
3750  if (gh != NULL) {
3751  int r = DetectAddressParse(NULL, gh, "2000::/3");
3752  if (r == 0 && gh->ipv6_head != NULL) {
3753  r = DetectAddressParse(NULL, gh, "2001::4");
3754  if (r == 0 && gh->ipv6_head != NULL &&
3755  gh->ipv6_head->next != NULL &&
3756  gh->ipv6_head->next->next != NULL) {
3757  result = 1;
3758  }
3759  }
3760 
3762  }
3763  return result;
3764 }
3765 
3766 static int AddressTestAddressGroupSetup21(void)
3767 {
3768  int result = 0;
3770 
3771  if (gh != NULL) {
3772  int r = DetectAddressParse(NULL, gh, "2001::4");
3773  if (r == 0 && gh->ipv6_head != NULL) {
3774  r = DetectAddressParse(NULL, gh, "2000::/3");
3775  if (r == 0 && gh->ipv6_head != NULL &&
3776  gh->ipv6_head->next != NULL &&
3777  gh->ipv6_head->next->next != NULL) {
3778  result = 1;
3779  }
3780  }
3781 
3783  }
3784  return result;
3785 }
3786 
3787 static int AddressTestAddressGroupSetup22(void)
3788 {
3789  int result = 0;
3791 
3792  if (gh != NULL) {
3793  int r = DetectAddressParse(NULL, gh, "2000::/3");
3794  if (r == 0 && gh->ipv6_head != NULL) {
3795  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3796  if (r == 0 && gh->ipv6_head != NULL &&
3797  gh->ipv6_head->next != NULL &&
3798  gh->ipv6_head->next->next != NULL) {
3799  result = 1;
3800  }
3801  }
3802 
3804  }
3805  return result;
3806 }
3807 
3808 static int AddressTestAddressGroupSetup23(void)
3809 {
3810  int result = 0;
3812 
3813  if (gh != NULL) {
3814  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3815  if (r == 0 && gh->ipv6_head != NULL) {
3816  r = DetectAddressParse(NULL, gh, "2000::/3");
3817  if (r == 0 && gh->ipv6_head != NULL &&
3818  gh->ipv6_head->next != NULL &&
3819  gh->ipv6_head->next->next != NULL) {
3820  result = 1;
3821  }
3822  }
3823 
3825  }
3826  return result;
3827 }
3828 
3829 static int AddressTestAddressGroupSetup24(void)
3830 {
3831  int result = 0;
3833 
3834  if (gh != NULL) {
3835  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3836  if (r == 0) {
3837  r = DetectAddressParse(NULL, gh, "2001::/3");
3838  if (r == 0) {
3839  r = DetectAddressParse(NULL, gh, "::/0");
3840  if (r == 0) {
3841  DetectAddress *one = gh->ipv6_head, *two = one->next,
3842  *three = two->next, *four = three->next,
3843  *five = four->next;
3844  if (one->ip.addr_data32[0] == 0x00000000 &&
3845  one->ip.addr_data32[1] == 0x00000000 &&
3846  one->ip.addr_data32[2] == 0x00000000 &&
3847  one->ip.addr_data32[3] == 0x00000000 &&
3848  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3849  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3850  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3851  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3852 
3853  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3854  two->ip.addr_data32[1] == 0x00000000 &&
3855  two->ip.addr_data32[2] == 0x00000000 &&
3856  two->ip.addr_data32[3] == 0x00000000 &&
3857  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3858  two->ip2.addr_data32[1] == 0x00000000 &&
3859  two->ip2.addr_data32[2] == 0x00000000 &&
3860  two->ip2.addr_data32[3] == SCNtohl(3) &&
3861 
3862  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3863  three->ip.addr_data32[1] == 0x00000000 &&
3864  three->ip.addr_data32[2] == 0x00000000 &&
3865  three->ip.addr_data32[3] == SCNtohl(4) &&
3866  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3867  three->ip2.addr_data32[1] == 0x00000000 &&
3868  three->ip2.addr_data32[2] == 0x00000000 &&
3869  three->ip2.addr_data32[3] == SCNtohl(6) &&
3870 
3871  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3872  four->ip.addr_data32[1] == 0x00000000 &&
3873  four->ip.addr_data32[2] == 0x00000000 &&
3874  four->ip.addr_data32[3] == SCNtohl(7) &&
3875  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3876  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3877  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3878  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3879 
3880  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3881  five->ip.addr_data32[1] == 0x00000000 &&
3882  five->ip.addr_data32[2] == 0x00000000 &&
3883  five->ip.addr_data32[3] == 0x00000000 &&
3884  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3885  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3886  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3887  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3888  result = 1;
3889  }
3890  }
3891  }
3892  }
3893 
3895  }
3896  return result;
3897 }
3898 
3899 static int AddressTestAddressGroupSetup25(void)
3900 {
3901  int result = 0;
3903 
3904  if (gh != NULL) {
3905  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3906  if (r == 0) {
3907  r = DetectAddressParse(NULL, gh, "::/0");
3908  if (r == 0) {
3909  r = DetectAddressParse(NULL, gh, "2001::/3");
3910  if (r == 0) {
3911  DetectAddress *one = gh->ipv6_head, *two = one->next,
3912  *three = two->next, *four = three->next,
3913  *five = four->next;
3914  if (one->ip.addr_data32[0] == 0x00000000 &&
3915  one->ip.addr_data32[1] == 0x00000000 &&
3916  one->ip.addr_data32[2] == 0x00000000 &&
3917  one->ip.addr_data32[3] == 0x00000000 &&
3918  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3919  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3920  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3921  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3922 
3923  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3924  two->ip.addr_data32[1] == 0x00000000 &&
3925  two->ip.addr_data32[2] == 0x00000000 &&
3926  two->ip.addr_data32[3] == 0x00000000 &&
3927  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3928  two->ip2.addr_data32[1] == 0x00000000 &&
3929  two->ip2.addr_data32[2] == 0x00000000 &&
3930  two->ip2.addr_data32[3] == SCNtohl(3) &&
3931 
3932  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3933  three->ip.addr_data32[1] == 0x00000000 &&
3934  three->ip.addr_data32[2] == 0x00000000 &&
3935  three->ip.addr_data32[3] == SCNtohl(4) &&
3936  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3937  three->ip2.addr_data32[1] == 0x00000000 &&
3938  three->ip2.addr_data32[2] == 0x00000000 &&
3939  three->ip2.addr_data32[3] == SCNtohl(6) &&
3940 
3941  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3942  four->ip.addr_data32[1] == 0x00000000 &&
3943  four->ip.addr_data32[2] == 0x00000000 &&
3944  four->ip.addr_data32[3] == SCNtohl(7) &&
3945  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3946  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3947  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3948  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3949 
3950  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3951  five->ip.addr_data32[1] == 0x00000000 &&
3952  five->ip.addr_data32[2] == 0x00000000 &&
3953  five->ip.addr_data32[3] == 0x00000000 &&
3954  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3955  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3956  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3957  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3958  result = 1;
3959  }
3960  }
3961  }
3962  }
3963 
3965  }
3966  return result;
3967 }
3968 
3969 static int AddressTestAddressGroupSetup26(void)
3970 {
3971  int result = 0;
3973 
3974  if (gh != NULL) {
3975  int r = DetectAddressParse(NULL, gh, "::/0");
3976  if (r == 0) {
3977  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3978  if (r == 0) {
3979  r = DetectAddressParse(NULL, gh, "2001::/3");
3980  if (r == 0) {
3981  DetectAddress *one = gh->ipv6_head, *two = one->next,
3982  *three = two->next, *four = three->next,
3983  *five = four->next;
3984  if (one->ip.addr_data32[0] == 0x00000000 &&
3985  one->ip.addr_data32[1] == 0x00000000 &&
3986  one->ip.addr_data32[2] == 0x00000000 &&
3987  one->ip.addr_data32[3] == 0x00000000 &&
3988  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3989  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3990  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3991  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3992 
3993  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3994  two->ip.addr_data32[1] == 0x00000000 &&
3995  two->ip.addr_data32[2] == 0x00000000 &&
3996  two->ip.addr_data32[3] == 0x00000000 &&
3997  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3998  two->ip2.addr_data32[1] == 0x00000000 &&
3999  two->ip2.addr_data32[2] == 0x00000000 &&
4000  two->ip2.addr_data32[3] == SCNtohl(3) &&
4001 
4002  three->ip.addr_data32[0] == SCNtohl(536936448) &&
4003  three->ip.addr_data32[1] == 0x00000000 &&
4004  three->ip.addr_data32[2] == 0x00000000 &&
4005  three->ip.addr_data32[3] == SCNtohl(4) &&
4006  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
4007  three->ip2.addr_data32[1] == 0x00000000 &&
4008  three->ip2.addr_data32[2] == 0x00000000 &&
4009  three->ip2.addr_data32[3] == SCNtohl(6) &&
4010 
4011  four->ip.addr_data32[0] == SCNtohl(536936448) &&
4012  four->ip.addr_data32[1] == 0x00000000 &&
4013  four->ip.addr_data32[2] == 0x00000000 &&
4014  four->ip.addr_data32[3] == SCNtohl(7) &&
4015  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
4016  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
4017  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
4018  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
4019 
4020  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
4021  five->ip.addr_data32[1] == 0x00000000 &&
4022  five->ip.addr_data32[2] == 0x00000000 &&
4023  five->ip.addr_data32[3] == 0x00000000 &&
4024  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4025  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4026  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4027  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4028  result = 1;
4029  }
4030  }
4031  }
4032  }
4033 
4035  }
4036  return result;
4037 }
4038 
4039 static int AddressTestAddressGroupSetup27(void)
4040 {
4041  int result = 0;
4043 
4044  if (gh != NULL) {
4045  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
4046  if (r == 0)
4047  result = 1;
4048 
4050  }
4051  return result;
4052 }
4053 
4054 static int AddressTestAddressGroupSetup28(void)
4055 {
4056  int result = 0;
4058 
4059  if (gh != NULL) {
4060  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4061  if (r == 0)
4062  result = 1;
4063 
4065  }
4066  return result;
4067 }
4068 
4069 static int AddressTestAddressGroupSetup29(void)
4070 {
4071  int result = 0;
4073 
4074  if (gh != NULL) {
4075  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4076  if (r == 0)
4077  result = 1;
4078 
4080  }
4081  return result;
4082 }
4083 
4084 static int AddressTestAddressGroupSetup30(void)
4085 {
4086  int result = 0;
4088 
4089  if (gh != NULL) {
4090  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4091  if (r == 0)
4092  result = 1;
4093 
4095  }
4096  return result;
4097 }
4098 
4099 static int AddressTestAddressGroupSetup31(void)
4100 {
4101  int result = 0;
4103 
4104  if (gh != NULL) {
4105  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4106  if (r == 0)
4107  result = 1;
4108 
4110  }
4111  return result;
4112 }
4113 
4114 static int AddressTestAddressGroupSetup32(void)
4115 {
4116  int result = 0;
4118 
4119  if (gh != NULL) {
4120  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4121  if (r == 0)
4122  result = 1;
4123 
4125  }
4126  return result;
4127 }
4128 
4129 static int AddressTestAddressGroupSetup33(void)
4130 {
4131  int result = 0;
4133 
4134  if (gh != NULL) {
4135  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4136  if (r == 1)
4137  result = 1;
4138 
4140  }
4141  return result;
4142 }
4143 
4144 static int AddressTestAddressGroupSetup34(void)
4145 {
4146  int result = 0;
4148 
4149  if (gh != NULL) {
4150  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4151  if (r == 1)
4152  result = 1;
4153 
4155  }
4156  return result;
4157 }
4158 
4159 static int AddressTestAddressGroupSetup35(void)
4160 {
4161  int result = 0;
4163 
4164  if (gh != NULL) {
4165  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4166  if (r == 1)
4167  result = 1;
4168 
4170  }
4171  return result;
4172 }
4173 
4174 static int AddressTestAddressGroupSetup36 (void)
4175 {
4176  int result = 0;
4177 
4179  if (gh != NULL) {
4180  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4181  if (r == 1)
4182  result = 1;
4183 
4185  }
4186  return result;
4187 }
4188 
4189 static int AddressTestAddressGroupSetup37(void)
4190 {
4191  int result = 0;
4193 
4194  if (gh != NULL) {
4195  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4196  if (r == 0)
4197  result = 1;
4198 
4200  }
4201  return result;
4202 }
4203 
4204 static int AddressTestAddressGroupSetup38(void)
4205 {
4206  UTHValidateDetectAddressHeadRange expectations[3] = {
4207  { "0.0.0.0", "192.167.255.255" },
4208  { "192.168.14.0", "192.168.14.255" },
4209  { "192.169.0.0", "255.255.255.255" } };
4210  int result = 0;
4212 
4213  if (gh != NULL) {
4214  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4215  if (r == 1) {
4216  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4217  result = 1;
4218  }
4219 
4221  }
4222  return result;
4223 }
4224 
4225 static int AddressTestAddressGroupSetup39(void)
4226 {
4227  UTHValidateDetectAddressHeadRange expectations[3] = {
4228  { "0.0.0.0", "192.167.255.255" },
4229  { "192.168.14.0", "192.168.14.255" },
4230  { "192.169.0.0", "255.255.255.255" } };
4231  int result = 0;
4233 
4234  if (gh != NULL) {
4235  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4236  if (r == 1) {
4237  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4238  result = 1;
4239  }
4240 
4242  }
4243  return result;
4244 }
4245 
4246 static int AddressTestAddressGroupSetup40(void)
4247 {
4248  UTHValidateDetectAddressHeadRange expectations[3] = {
4249  { "0.0.0.0", "192.167.255.255" },
4250  { "192.168.14.0", "192.168.14.255" },
4251  { "192.169.0.0", "255.255.255.255" } };
4252  int result = 0;
4254  if (gh != NULL) {
4255  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4256  if (r == 1) {
4257  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4258  result = 1;
4259  }
4260 
4262  }
4263  return result;
4264 }
4265 
4266 static int AddressTestAddressGroupSetup41(void)
4267 {
4268  UTHValidateDetectAddressHeadRange expectations[3] = {
4269  { "0.0.0.0", "192.167.255.255" },
4270  { "192.168.14.0", "192.168.14.255" },
4271  { "192.169.0.0", "255.255.255.255" } };
4272  int result = 0;
4274  if (gh != NULL) {
4275  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4276  if (r == 1) {
4277  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4278  result = 1;
4279  }
4280 
4282  }
4283  return result;
4284 }
4285 
4286 static int AddressTestAddressGroupSetup42(void)
4287 {
4288  UTHValidateDetectAddressHeadRange expectations[1] = {
4289  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4290  int result = 0;
4292  if (gh != NULL) {
4293  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4294  if (r == 0) {
4295  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4296  result = 1;
4297  }
4298 
4300  }
4301  return result;
4302 }
4303 
4304 static int AddressTestAddressGroupSetup43(void)
4305 {
4306  UTHValidateDetectAddressHeadRange expectations[2] = {
4307  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4308  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4309  int result = 0;
4311  if (gh != NULL) {
4312  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4313  if (r == 1) {
4314  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4315  result = 1;
4316  }
4317 
4319  }
4320  return result;
4321 }
4322 
4323 static int AddressTestAddressGroupSetup44(void)
4324 {
4325  UTHValidateDetectAddressHeadRange expectations[2] = {
4326  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4327  int result = 0;
4329  if (gh != NULL) {
4330  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4331  if (r == 0) {
4332  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4333  result = 1;
4334  }
4335 
4337  }
4338  return result;
4339 }
4340 
4341 static int AddressTestAddressGroupSetup45(void)
4342 {
4343  int result = 0;
4345  if (gh != NULL) {
4346  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4347  if (r != 0) {
4348  result = 1;
4349  }
4350 
4352  }
4353  return result;
4354 }
4355 
4356 static int AddressTestAddressGroupSetup46(void)
4357 {
4358  UTHValidateDetectAddressHeadRange expectations[4] = {
4359  { "0.0.0.0", "192.167.255.255" },
4360  { "192.168.1.0", "192.168.1.255" },
4361  { "192.168.3.0", "192.168.3.255" },
4362  { "192.169.0.0", "255.255.255.255" } };
4363  int result = 0;
4365  if (gh != NULL) {
4366  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4367  if (r == 1) {
4368  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4369  result = 1;
4370  }
4371 
4373  }
4374  return result;
4375 }
4376 
4377 /** \test net with some negations, then all negated */
4378 static int AddressTestAddressGroupSetup47(void)
4379 {
4380  UTHValidateDetectAddressHeadRange expectations[5] = {
4381  { "0.0.0.0", "192.167.255.255" },
4382  { "192.168.1.0", "192.168.1.255" },
4383  { "192.168.3.0", "192.168.3.255" },
4384  { "192.168.5.0", "192.168.5.255" },
4385  { "192.169.0.0", "255.255.255.255" } };
4386  int result = 0;
4388  if (gh != NULL) {
4389  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4390  if (r == 1) {
4391  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4392  result = 1;
4393  }
4394 
4396  }
4397  return result;
4398 }
4399 
4400 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4401 static int AddressTestAddressGroupSetup48(void)
4402 {
4403  UTHValidateDetectAddressHeadRange expectations[4] = {
4404  { "192.168.0.0", "192.168.0.255" },
4405  { "192.168.2.0", "192.168.2.255" },
4406  { "192.168.4.0", "192.168.4.255" },
4407  { "192.168.6.0", "192.168.255.255" } };
4408  int result = 0;
4410  if (gh != NULL) {
4411  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4412  if (r == 1) {
4413  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4414  result = 1;
4415  }
4416 
4418  }
4419  return result;
4420 }
4421 
4422 static int AddressTestCutIPv401(void)
4423 {
4424  DetectAddress *a, *b, *c;
4425  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4426  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4427 
4428  if (DetectAddressCut(NULL, a, b, &c) == -1)
4429  goto error;
4430 
4431  DetectAddressFree(a);
4432  DetectAddressFree(b);
4433  DetectAddressFree(c);
4434  return 1;
4435 
4436 error:
4437  DetectAddressFree(a);
4438  DetectAddressFree(b);
4439  DetectAddressFree(c);
4440  return 0;
4441 }
4442 
4443 static int AddressTestCutIPv402(void)
4444 {
4445  DetectAddress *a, *b, *c;
4446  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4447  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4448 
4449  if (DetectAddressCut(NULL, a, b, &c) == -1)
4450  goto error;
4451 
4452  if (c == NULL)
4453  goto error;
4454 
4455  DetectAddressFree(a);
4456  DetectAddressFree(b);
4457  DetectAddressFree(c);
4458  return 1;
4459 
4460 error:
4461  DetectAddressFree(a);
4462  DetectAddressFree(b);
4463  DetectAddressFree(c);
4464  return 0;
4465 }
4466 
4467 static int AddressTestCutIPv403(void)
4468 {
4469  DetectAddress *a, *b, *c;
4470  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4471  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4472 
4473  if (DetectAddressCut(NULL, a, b, &c) == -1)
4474  goto error;
4475 
4476  if (c == NULL)
4477  goto error;
4478 
4479  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4480  goto error;
4481  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4482  goto error;
4483  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4484  goto error;
4485 
4486  DetectAddressFree(a);
4487  DetectAddressFree(b);
4488  DetectAddressFree(c);
4489  return 1;
4490 
4491 error:
4492  DetectAddressFree(a);
4493  DetectAddressFree(b);
4494  DetectAddressFree(c);
4495  return 0;
4496 }
4497 
4498 static int AddressTestCutIPv404(void)
4499 {
4500  DetectAddress *a, *b, *c;
4501  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4502  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4503 
4504  if (DetectAddressCut(NULL, a, b, &c) == -1)
4505  goto error;
4506 
4507  if (c == NULL)
4508  goto error;
4509 
4510  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4511  goto error;
4512  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4513  goto error;
4514  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4515  goto error;
4516 
4517 
4518  DetectAddressFree(a);
4519  DetectAddressFree(b);
4520  DetectAddressFree(c);
4521  return 1;
4522 
4523 error:
4524  DetectAddressFree(a);
4525  DetectAddressFree(b);
4526  DetectAddressFree(c);
4527  return 0;
4528 }
4529 
4530 static int AddressTestCutIPv405(void)
4531 {
4532  DetectAddress *a, *b, *c;
4533  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4534  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4535 
4536  if (DetectAddressCut(NULL, a, b, &c) == -1)
4537  goto error;
4538 
4539  if (c == NULL)
4540  goto error;
4541 
4542  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4543  goto error;
4544  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4545  goto error;
4546  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4547  goto error;
4548 
4549  DetectAddressFree(a);
4550  DetectAddressFree(b);
4551  DetectAddressFree(c);
4552  return 1;
4553 
4554 error:
4555  DetectAddressFree(a);
4556  DetectAddressFree(b);
4557  DetectAddressFree(c);
4558  return 0;
4559 }
4560 
4561 static int AddressTestCutIPv406(void)
4562 {
4563  DetectAddress *a, *b, *c;
4564  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4565  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4566 
4567  if (DetectAddressCut(NULL, a, b, &c) == -1)
4568  goto error;
4569 
4570  if (c == NULL)
4571  goto error;
4572 
4573  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4574  goto error;
4575  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4576  goto error;
4577  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4578  goto error;
4579 
4580  DetectAddressFree(a);
4581  DetectAddressFree(b);
4582  DetectAddressFree(c);
4583  return 1;
4584 
4585 error:
4586  DetectAddressFree(a);
4587  DetectAddressFree(b);
4588  DetectAddressFree(c);
4589  return 0;
4590 }
4591 
4592 static int AddressTestCutIPv407(void)
4593 {
4594  DetectAddress *a, *b, *c;
4595  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4596  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4597 
4598  if (DetectAddressCut(NULL, a, b, &c) == -1)
4599  goto error;
4600 
4601  if (c != NULL)
4602  goto error;
4603 
4604  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4605  goto error;
4606  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4607  goto error;
4608 
4609  DetectAddressFree(a);
4610  DetectAddressFree(b);
4611  DetectAddressFree(c);
4612  return 1;
4613 
4614 error:
4615  DetectAddressFree(a);
4616  DetectAddressFree(b);
4617  DetectAddressFree(c);
4618  return 0;
4619 }
4620 
4621 static int AddressTestCutIPv408(void)
4622 {
4623  DetectAddress *a, *b, *c;
4624  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4625  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4626 
4627  if (DetectAddressCut(NULL, a, b, &c) == -1)
4628  goto error;
4629 
4630  if (c != NULL)
4631  goto error;
4632 
4633  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4634  goto error;
4635  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4636  goto error;
4637 
4638  DetectAddressFree(a);
4639  DetectAddressFree(b);
4640  DetectAddressFree(c);
4641  return 1;
4642 
4643 error:
4644  DetectAddressFree(a);
4645  DetectAddressFree(b);
4646  DetectAddressFree(c);
4647  return 0;
4648 }
4649 
4650 static int AddressTestCutIPv409(void)
4651 {
4652  DetectAddress *a, *b, *c;
4653  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4654  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4655 
4656  if (DetectAddressCut(NULL, a, b, &c) == -1)
4657  goto error;
4658 
4659  if (c != NULL)
4660  goto error;
4661 
4662  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4663  goto error;
4664  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4665  goto error;
4666 
4667  DetectAddressFree(a);
4668  DetectAddressFree(b);
4669  DetectAddressFree(c);
4670  return 1;
4671 
4672 error:
4673  DetectAddressFree(a);
4674  DetectAddressFree(b);
4675  DetectAddressFree(c);
4676  return 0;
4677 }
4678 
4679 static int AddressTestCutIPv410(void)
4680 {
4681  DetectAddress *a, *b, *c;
4682  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4683  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4684 
4685  if (DetectAddressCut(NULL, a, b, &c) == -1)
4686  goto error;
4687 
4688  if (c != NULL)
4689  goto error;
4690 
4691  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4692  goto error;
4693  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4694  goto error;
4695 
4696  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4697 
4698  DetectAddressFree(a);
4699  DetectAddressFree(b);
4700  DetectAddressFree(c);
4701  return 1;
4702 
4703 error:
4704  DetectAddressFree(a);
4705  DetectAddressFree(b);
4706  DetectAddressFree(c);
4707  return 0;
4708 }
4709 
4710 static int AddressTestParseInvalidMask01(void)
4711 {
4712  int result = 1;
4713  DetectAddress *dd = NULL;
4714 
4715  dd = DetectAddressParseSingle("192.168.2.0/33");
4716  if (dd != NULL) {
4717  DetectAddressFree(dd);
4718  result = 0;
4719  }
4720  return result;
4721 }
4722 
4723 static int AddressTestParseInvalidMask02(void)
4724 {
4725  int result = 1;
4726  DetectAddress *dd = NULL;
4727 
4728  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4729  if (dd != NULL) {
4730  DetectAddressFree(dd);
4731  result = 0;
4732  }
4733  return result;
4734 }
4735 
4736 static int AddressTestParseInvalidMask03(void)
4737 {
4738  int result = 1;
4739  DetectAddress *dd = NULL;
4740 
4741  dd = DetectAddressParseSingle("192.168.2.0/blue");
4742  if (dd != NULL) {
4743  DetectAddressFree(dd);
4744  result = 0;
4745  }
4746  return result;
4747 }
4748 
4749 static int AddressConfVarsTest01(void)
4750 {
4751  static const char *dummy_conf_string =
4752  "%YAML 1.1\n"
4753  "---\n"
4754  "\n"
4755  "vars:\n"
4756  "\n"
4757  " address-groups:\n"
4758  "\n"
4759  " HOME_NET: \"any\"\n"
4760  "\n"
4761  " EXTERNAL_NET: \"!any\"\n"
4762  "\n"
4763  " port-groups:\n"
4764  "\n"
4765  " HTTP_PORTS: \"any\"\n"
4766  "\n"
4767  " SHELLCODE_PORTS: \"!any\"\n"
4768  "\n";
4769 
4770  int result = 0;
4771 
4773  ConfInit();
4774  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4775 
4777  result = 1;
4778 
4779  ConfDeInit();
4781 
4782  return result;
4783 }
4784 
4785 static int AddressConfVarsTest02(void)
4786 {
4787  static const char *dummy_conf_string =
4788  "%YAML 1.1\n"
4789  "---\n"
4790  "\n"
4791  "vars:\n"
4792  "\n"
4793  " address-groups:\n"
4794  "\n"
4795  " HOME_NET: \"any\"\n"
4796  "\n"
4797  " EXTERNAL_NET: \"any\"\n"
4798  "\n"
4799  " port-groups:\n"
4800  "\n"
4801  " HTTP_PORTS: \"any\"\n"
4802  "\n"
4803  " SHELLCODE_PORTS: \"!any\"\n"
4804  "\n";
4805 
4806  int result = 0;
4807 
4809  ConfInit();
4810  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4811 
4813  result = 1;
4814 
4815  ConfDeInit();
4817 
4818  return result;
4819 }
4820 
4821 static int AddressConfVarsTest03(void)
4822 {
4823  static const char *dummy_conf_string =
4824  "%YAML 1.1\n"
4825  "---\n"
4826  "\n"
4827  "vars:\n"
4828  "\n"
4829  " address-groups:\n"
4830  "\n"
4831  " HOME_NET: \"any\"\n"
4832  "\n"
4833  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4834  "\n"
4835  " port-groups:\n"
4836  "\n"
4837  " HTTP_PORTS: \"any\"\n"
4838  "\n"
4839  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4840  "\n";
4841 
4842  int result = 0;
4843 
4845  ConfInit();
4846  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4847 
4849  result = 1;
4850 
4851  ConfDeInit();
4853 
4854  return result;
4855 }
4856 
4857 static int AddressConfVarsTest04(void)
4858 {
4859  static const char *dummy_conf_string =
4860  "%YAML 1.1\n"
4861  "---\n"
4862  "\n"
4863  "vars:\n"
4864  "\n"
4865  " address-groups:\n"
4866  "\n"
4867  " HOME_NET: \"any\"\n"
4868  "\n"
4869  " EXTERNAL_NET: \"$HOME_NET\"\n"
4870  "\n"
4871  " port-groups:\n"
4872  "\n"
4873  " HTTP_PORTS: \"any\"\n"
4874  "\n"
4875  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4876  "\n";
4877 
4878  int result = 0;
4879 
4881  ConfInit();
4882  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4883 
4885  result = 1;
4886 
4887  ConfDeInit();
4889 
4890  return result;
4891 }
4892 
4893 static int AddressConfVarsTest05(void)
4894 {
4895  static const char *dummy_conf_string =
4896  "%YAML 1.1\n"
4897  "---\n"
4898  "\n"
4899  "vars:\n"
4900  "\n"
4901  " address-groups:\n"
4902  "\n"
4903  " HOME_NET: \"any\"\n"
4904  "\n"
4905  " EXTERNAL_NET: [192.168.0.1]\n"
4906  "\n"
4907  " port-groups:\n"
4908  "\n"
4909  " HTTP_PORTS: \"any\"\n"
4910  "\n"
4911  " SHELLCODE_PORTS: [80]\n"
4912  "\n";
4913 
4914  int result = 0;
4915 
4917  ConfInit();
4918  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4919 
4920  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4921  goto end;
4922 
4923  result = 1;
4924 
4925  end:
4926  ConfDeInit();
4928 
4929  return result;
4930 }
4931 
4932 #endif /* UNITTESTS */
4933 
4935 {
4936 #ifdef UNITTESTS
4939 
4940  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4941  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4942  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4943  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4944  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4945  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4946  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4947  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4948  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4949  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4950  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4951  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4952  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4953  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4954  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4955  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4956  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4957  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4958  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4959  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4960  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4961  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4962  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4963  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4964  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4965  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4966  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4967  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4968  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4969  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4970  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4971  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4972  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4973  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4974  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4975  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4976 
4977  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4978  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4979  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4980  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4981  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4982  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4983  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4984  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4985  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4986  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4987  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4988 
4989  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4990  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4991  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4992  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4993  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4994  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
4995  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
4996  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
4997 
4998  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
4999  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5000  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5001  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5002  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5003  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5004 
5005  UtRegisterTest("AddressTestAddressGroupSetup01",
5006  AddressTestAddressGroupSetup01);
5007  UtRegisterTest("AddressTestAddressGroupSetup02",
5008  AddressTestAddressGroupSetup02);
5009  UtRegisterTest("AddressTestAddressGroupSetup03",
5010  AddressTestAddressGroupSetup03);
5011  UtRegisterTest("AddressTestAddressGroupSetup04",
5012  AddressTestAddressGroupSetup04);
5013  UtRegisterTest("AddressTestAddressGroupSetup05",
5014  AddressTestAddressGroupSetup05);
5015  UtRegisterTest("AddressTestAddressGroupSetup06",
5016  AddressTestAddressGroupSetup06);
5017  UtRegisterTest("AddressTestAddressGroupSetup07",
5018  AddressTestAddressGroupSetup07);
5019  UtRegisterTest("AddressTestAddressGroupSetup08",
5020  AddressTestAddressGroupSetup08);
5021  UtRegisterTest("AddressTestAddressGroupSetup09",
5022  AddressTestAddressGroupSetup09);
5023  UtRegisterTest("AddressTestAddressGroupSetup10",
5024  AddressTestAddressGroupSetup10);
5025  UtRegisterTest("AddressTestAddressGroupSetup11",
5026  AddressTestAddressGroupSetup11);
5027  UtRegisterTest("AddressTestAddressGroupSetup12",
5028  AddressTestAddressGroupSetup12);
5029  UtRegisterTest("AddressTestAddressGroupSetup13",
5030  AddressTestAddressGroupSetup13);
5031  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5032  AddressTestAddressGroupSetupIPv414);
5033  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5034  AddressTestAddressGroupSetupIPv415);
5035  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5036  AddressTestAddressGroupSetupIPv416);
5037 
5038  UtRegisterTest("AddressTestAddressGroupSetup14",
5039  AddressTestAddressGroupSetup14);
5040  UtRegisterTest("AddressTestAddressGroupSetup15",
5041  AddressTestAddressGroupSetup15);
5042  UtRegisterTest("AddressTestAddressGroupSetup16",
5043  AddressTestAddressGroupSetup16);
5044  UtRegisterTest("AddressTestAddressGroupSetup17",
5045  AddressTestAddressGroupSetup17);
5046  UtRegisterTest("AddressTestAddressGroupSetup18",
5047  AddressTestAddressGroupSetup18);
5048  UtRegisterTest("AddressTestAddressGroupSetup19",
5049  AddressTestAddressGroupSetup19);
5050  UtRegisterTest("AddressTestAddressGroupSetup20",
5051  AddressTestAddressGroupSetup20);
5052  UtRegisterTest("AddressTestAddressGroupSetup21",
5053  AddressTestAddressGroupSetup21);
5054  UtRegisterTest("AddressTestAddressGroupSetup22",
5055  AddressTestAddressGroupSetup22);
5056  UtRegisterTest("AddressTestAddressGroupSetup23",
5057  AddressTestAddressGroupSetup23);
5058  UtRegisterTest("AddressTestAddressGroupSetup24",
5059  AddressTestAddressGroupSetup24);
5060  UtRegisterTest("AddressTestAddressGroupSetup25",
5061  AddressTestAddressGroupSetup25);
5062  UtRegisterTest("AddressTestAddressGroupSetup26",
5063  AddressTestAddressGroupSetup26);
5064 
5065  UtRegisterTest("AddressTestAddressGroupSetup27",
5066  AddressTestAddressGroupSetup27);
5067  UtRegisterTest("AddressTestAddressGroupSetup28",
5068  AddressTestAddressGroupSetup28);
5069  UtRegisterTest("AddressTestAddressGroupSetup29",
5070  AddressTestAddressGroupSetup29);
5071  UtRegisterTest("AddressTestAddressGroupSetup30",
5072  AddressTestAddressGroupSetup30);
5073  UtRegisterTest("AddressTestAddressGroupSetup31",
5074  AddressTestAddressGroupSetup31);
5075  UtRegisterTest("AddressTestAddressGroupSetup32",
5076  AddressTestAddressGroupSetup32);
5077  UtRegisterTest("AddressTestAddressGroupSetup33",
5078  AddressTestAddressGroupSetup33);
5079  UtRegisterTest("AddressTestAddressGroupSetup34",
5080  AddressTestAddressGroupSetup34);
5081  UtRegisterTest("AddressTestAddressGroupSetup35",
5082  AddressTestAddressGroupSetup35);
5083  UtRegisterTest("AddressTestAddressGroupSetup36",
5084  AddressTestAddressGroupSetup36);
5085  UtRegisterTest("AddressTestAddressGroupSetup37",
5086  AddressTestAddressGroupSetup37);
5087  UtRegisterTest("AddressTestAddressGroupSetup38",
5088  AddressTestAddressGroupSetup38);
5089  UtRegisterTest("AddressTestAddressGroupSetup39",
5090  AddressTestAddressGroupSetup39);
5091  UtRegisterTest("AddressTestAddressGroupSetup40",
5092  AddressTestAddressGroupSetup40);
5093  UtRegisterTest("AddressTestAddressGroupSetup41",
5094  AddressTestAddressGroupSetup41);
5095  UtRegisterTest("AddressTestAddressGroupSetup42",
5096  AddressTestAddressGroupSetup42);
5097  UtRegisterTest("AddressTestAddressGroupSetup43",
5098  AddressTestAddressGroupSetup43);
5099  UtRegisterTest("AddressTestAddressGroupSetup44",
5100  AddressTestAddressGroupSetup44);
5101  UtRegisterTest("AddressTestAddressGroupSetup45",
5102  AddressTestAddressGroupSetup45);
5103  UtRegisterTest("AddressTestAddressGroupSetup46",
5104  AddressTestAddressGroupSetup46);
5105  UtRegisterTest("AddressTestAddressGroupSetup47",
5106  AddressTestAddressGroupSetup47);
5107  UtRegisterTest("AddressTestAddressGroupSetup48",
5108  AddressTestAddressGroupSetup48);
5109 
5110  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5111  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5112  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5113  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5114  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5115  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5116  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5117  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5118  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5119  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5120 
5121  UtRegisterTest("AddressTestParseInvalidMask01",
5122  AddressTestParseInvalidMask01);
5123  UtRegisterTest("AddressTestParseInvalidMask02",
5124  AddressTestParseInvalidMask02);
5125  UtRegisterTest("AddressTestParseInvalidMask03",
5126  AddressTestParseInvalidMask03);
5127 
5128  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5129  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5130  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5131  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5132  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5133 #endif /* UNITTESTS */
5134 }
int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, DetectAddress *new)
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigG...
#define COPY_ADDRESS(a, b)
Definition: decode.h:126
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t ip2[4]
Definition: detect.h:167
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
int DetectAddressParseString(DetectAddress *dd, const char *str)
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
struct DetectAddress_ * prev
Definition: detect.h:148
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
#define BUG_ON(x)
#define FALSE
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Address ip
Definition: detect.h:141
address structure for use in the detection engine.
Definition: detect.h:139
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
void DetectAddressHeadFree(DetectAddressHead *gh)
Frees a DetectAddressHead instance.
DetectAddress * DetectAddressCopy(DetectAddress *orig)
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAdd...
int DetectAddressMatch(DetectAddress *dd, Address *a)
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance...
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
uint32_t ip[4]
Definition: detect.h:166
struct DetectAddressMap_ DetectAddressMap
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
char * val
Definition: conf.h:34
Flow * head
Definition: flow-hash.h:102
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
DetectAddress * DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr)
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
#define TRUE
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
main detection engine ctx
Definition: detect.h:761
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
struct DetectAddress_ * next
Definition: detect.h:150
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:253
HashListTable * address_table
Definition: detect.h:912
uint8_t flags
Definition: detect.h:145
char family
Definition: decode.h:112
void DetectAddressPrintList(DetectAddress *head)
Prints the address data information for all the DetectAddress instances in the DetectAddress list sen...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
int DetectAddressTestConfVars(void)
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
Address ip2
Definition: detect.h:142
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * ipv4_head
Definition: detect.h:155
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
#define SCReturnInt(x)
Definition: util-debug.h:341
#define SCNtohl(x)
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: conf.h:32
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
#define SCMalloc(a)
Definition: util-mem.h:222
void DetectAddressIPv6Tests(void)
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
#define SCFree(a)
Definition: util-mem.h:322
PoolThreadReserved res
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
uint8_t address
Definition: decode-ppp.h:312
void DetectAddressPrint(DetectAddress *)
Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectPortTestConfVars(void)
char * name
Definition: conf.h:33
void DetectAddressTests(void)
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Join two addresses groups together.
uint32_t array_size
Definition: util-hashlist.h:41
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - &#39;not&#39; match)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:268
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressHead * DetectAddressHeadInit(void)
Returns a new instance of DetectAddressHead.
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressAdd(DetectAddress **head, DetectAddress *ag)
Do a sorted insert, where the top of the list should be the biggest network/range.
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
DetectAddressHead * address
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
void DetectAddressIPv4Tests(void)
DetectAddress * ipv6_head
Definition: detect.h:156
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
union Address_::@42 address
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133