suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
129 {
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Parses an ipv4/ipv6 address string and updates the result into the
393  * DetectAddress instance sent as the argument.
394  *
395  * \param dd Pointer to the DetectAddress instance which should be updated with
396  * the address range details from the parsed ip string.
397  * \param str Pointer to address string that has to be parsed.
398  *
399  * \retval 0 On successfully parsing the address string.
400  * \retval -1 On failure.
401  */
402 static int DetectAddressParseString(DetectAddress *dd, const char *str)
403 {
404  char *ip = NULL;
405  char *ip2 = NULL;
406  char *mask = NULL;
407  int r = 0;
408  char ipstr[256];
409 
410  /* shouldn't see 'any' here */
411  BUG_ON(strcasecmp(str, "any") == 0);
412 
413  strlcpy(ipstr, str, sizeof(ipstr));
414  SCLogDebug("str %s", str);
415 
416  /* we work with a copy so that we can put a
417  * nul-termination in it later */
418  ip = ipstr;
419 
420  /* handle the negation case */
421  if (ip[0] == '!') {
422  dd->flags |= ADDRESS_FLAG_NOT;
423  ip++;
424  }
425 
426  /* see if the address is an ipv4 or ipv6 address */
427  if ((strchr(str, ':')) == NULL) {
428  /* IPv4 Address */
429  struct in_addr in;
430 
431  dd->ip.family = AF_INET;
432 
433  if ((mask = strchr(ip, '/')) != NULL) {
434  /* 1.2.3.4/xxx format (either dotted or cidr notation */
435  ip[mask - ip] = '\0';
436  mask++;
437  uint32_t ip4addr = 0;
438  uint32_t netmask = 0;
439 
440  if ((strchr (mask, '.')) == NULL) {
441  /* 1.2.3.4/24 format */
442 
443  for (size_t u = 0; u < strlen(mask); u++) {
444  if(!isdigit((unsigned char)mask[u]))
445  goto error;
446  }
447 
448  int cidr;
449  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
450  goto error;
451  netmask = CIDRGet(cidr);
452  } else {
453  /* 1.2.3.4/255.255.255.0 format */
454  r = inet_pton(AF_INET, mask, &in);
455  if (r <= 0)
456  goto error;
457 
458  netmask = in.s_addr;
459 
460  /* validate netmask */
461  int cidr = CIDRFromMask(netmask);
462  if (cidr < 0) {
464  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
465  "CIDR notation are supported. See #5168.",
466  mask);
467  goto error;
468  }
469  }
470 
471  r = inet_pton(AF_INET, ip, &in);
472  if (r <= 0)
473  goto error;
474 
475  ip4addr = in.s_addr;
476 
477  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
478  dd->ip2.addr_data32[0] |=~ netmask;
479  } else if ((ip2 = strchr(ip, '-')) != NULL) {
480  /* 1.2.3.4-1.2.3.6 range format */
481  ip[ip2 - ip] = '\0';
482  ip2++;
483 
484  r = inet_pton(AF_INET, ip, &in);
485  if (r <= 0)
486  goto error;
487  dd->ip.addr_data32[0] = in.s_addr;
488 
489  r = inet_pton(AF_INET, ip2, &in);
490  if (r <= 0)
491  goto error;
492  dd->ip2.addr_data32[0] = in.s_addr;
493 
494  /* a > b is illegal, a = b is ok */
495  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
496  goto error;
497  } else {
498  /* 1.2.3.4 format */
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502  /* single host */
503  dd->ip.addr_data32[0] = in.s_addr;
504  dd->ip2.addr_data32[0] = in.s_addr;
505  }
506  } else {
507  /* IPv6 Address */
508  struct in6_addr in6, mask6;
509  uint32_t ip6addr[4], netmask[4];
510 
511  dd->ip.family = AF_INET6;
512 
513  if ((mask = strchr(ip, '/')) != NULL) {
514  ip[mask - ip] = '\0';
515  mask++;
516 
517  int cidr;
518  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
519  goto error;
520 
521  r = inet_pton(AF_INET6, ip, &in6);
522  if (r <= 0)
523  goto error;
524  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
525 
526  CIDRGetIPv6(cidr, &mask6);
527  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
528 
529  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
530  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
531  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
532  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
533 
534  dd->ip2.addr_data32[0] |=~ netmask[0];
535  dd->ip2.addr_data32[1] |=~ netmask[1];
536  dd->ip2.addr_data32[2] |=~ netmask[2];
537  dd->ip2.addr_data32[3] |=~ netmask[3];
538  } else if ((ip2 = strchr(ip, '-')) != NULL) {
539  /* 2001::1-2001::4 range format */
540  ip[ip2 - ip] = '\0';
541  ip2++;
542 
543  r = inet_pton(AF_INET6, ip, &in6);
544  if (r <= 0)
545  goto error;
546  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
547 
548  r = inet_pton(AF_INET6, ip2, &in6);
549  if (r <= 0)
550  goto error;
551  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
552 
553  /* a > b is illegal, a=b is ok */
554  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
555  goto error;
556  } else {
557  r = inet_pton(AF_INET6, ip, &in6);
558  if (r <= 0)
559  goto error;
560 
561  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
562  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
563  }
564 
565  }
566 
567  BUG_ON(dd->ip.family == 0);
568 
569  return 0;
570 
571 error:
572  return -1;
573 }
574 
575 /**
576  * \internal
577  * \brief Simply parse an address and return a DetectAddress instance containing
578  * the address ranges of the parsed ip addressstring
579  *
580  * \param str Pointer to a character string containing the ip address
581  *
582  * \retval dd Pointer to the DetectAddress instance containing the address
583  * range details from the parsed ip string
584  */
585 static DetectAddress *DetectAddressParseSingle(const char *str)
586 {
587  SCLogDebug("str %s", str);
588 
590  if (dd == NULL)
591  return NULL;
592 
593  if (DetectAddressParseString(dd, str) < 0) {
594  SCLogDebug("AddressParse failed");
595  DetectAddressFree(dd);
596  return NULL;
597  }
598 
599  return dd;
600 }
601 
602 /**
603  * \brief Setup a single address string, parse it and add the resulting
604  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
605  *
606  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
607  * resulting Address-Range(s) from the parsed ip string has to
608  * be added.
609  * \param s Pointer to the ip address string to be parsed.
610  *
611  * \retval 0 On success.
612  * \retval -1 On failure.
613  */
614 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
615 {
616  SCLogDebug("gh %p, s %s", gh, s);
617 
618  while (*s != '\0' && isspace(*s))
619  s++;
620 
621  if (strcasecmp(s, "any") == 0) {
622  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
623 
624  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
625  if (ad == NULL)
626  return -1;
627 
628  BUG_ON(ad->ip.family == 0);
629 
630  if (DetectAddressInsert(NULL, gh, ad) < 0) {
631  SCLogDebug("DetectAddressInsert failed");
632  DetectAddressFree(ad);
633  return -1;
634  }
635 
636  ad = DetectAddressParseSingle("::/0");
637  if (ad == NULL)
638  return -1;
639 
640  BUG_ON(ad->ip.family == 0);
641 
642  if (DetectAddressInsert(NULL, gh, ad) < 0) {
643  SCLogDebug("DetectAddressInsert failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647  return 0;
648  }
649 
650  /* parse the address */
651  DetectAddress *ad = DetectAddressParseSingle(s);
652  if (ad == NULL) {
654  "failed to parse address \"%s\"", s);
655  return -1;
656  }
657 
658  /* handle the not case, we apply the negation then insert the part(s) */
659  if (ad->flags & ADDRESS_FLAG_NOT) {
660  DetectAddress *ad2 = NULL;
661 
662  if (DetectAddressCutNot(ad, &ad2) < 0) {
663  SCLogDebug("DetectAddressCutNot failed");
664  DetectAddressFree(ad);
665  return -1;
666  }
667 
668  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
669  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
670  if (ad2 != NULL) {
671  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
672  SCLogDebug("DetectAddressInsert failed");
673  DetectAddressFree(ad);
674  DetectAddressFree(ad2);
675  return -1;
676  }
677  }
678  }
679 
680  int r = DetectAddressInsert(NULL, gh, ad);
681  if (r < 0) {
682  SCLogDebug("DetectAddressInsert failed");
683  DetectAddressFree(ad);
684  return -1;
685  }
686  SCLogDebug("r %d",r);
687  return 0;
688 }
689 
690 /**
691  * \brief Parses an address string and updates the 2 address heads with the
692  * address data.
693  *
694  * Note that this function should only be called by the wrapping function
695  * DetectAddressParse2. The wrapping function provides long address handling
696  * when the address size exceeds a threshold value.
697  *
698  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
699  * since we pass around negate without keeping a count of ! with depth.
700  * Can solve this by keeping a count of the negations with depth, so that
701  * an even no of negations would count as no negation and an odd no of
702  * negations would count as a negation.
703  *
704  * \param gh Pointer to the address head that should hold address ranges
705  * that are not negated.
706  * \param ghn Pointer to the address head that should hold address ranges
707  * that are negated.
708  * \param s Pointer to the character string holding the address to be
709  * parsed.
710  * \param negate Flag that indicates if the received address string is negated
711  * or not. 0 if it is not, 1 it it is.
712  *
713  * \retval 0 On successfully parsing.
714  * \retval -1 On failure.
715  */
716 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
717  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
718  int recur, char *address, size_t address_length)
719 {
720  size_t x = 0;
721  size_t u = 0;
722  int o_set = 0, n_set = 0, d_set = 0;
723  int depth = 0;
724  const char *rule_var_address = NULL;
725  char *temp_rule_var_address = NULL;
726 
727  if (++recur > 64) {
728  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
729  "limit reached (max 64)");
730  goto error;
731  }
732 
733  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
734 
735  size_t size = strlen(s);
736  for (u = 0, x = 0; u < size && x < address_length; u++) {
737  if (x == (address_length - 1)) {
739  "Hit the address buffer"
740  " limit for the supplied address. Invalidating sig. "
741  "Please file a bug report on this.");
742  goto error;
743  }
744  address[x] = s[u];
745  x++;
746 
747  if (!o_set && s[u] == '!') {
748  n_set = 1;
749  x--;
750  } else if (s[u] == '[') {
751  if (!o_set) {
752  o_set = 1;
753  x = 0;
754  }
755  depth++;
756  } else if (s[u] == ']') {
757  if (depth == 1) {
758  address[x - 1] = '\0';
759  x = 0;
760  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
761  if (((negate + n_set) % 2) == 0) {
762  /* normal block */
763  SCLogDebug("normal block");
764 
765  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
766  goto error;
767  } else {
768  /* negated block
769  *
770  * Extra steps are necessary. First consider it as a normal
771  * (non-negated) range. Merge the + and - ranges if
772  * applicable. Then insert the result into the ghn list. */
773  SCLogDebug("negated block");
774 
775  DetectAddressHead tmp_gh = { NULL, NULL };
776  DetectAddressHead tmp_ghn = { NULL, NULL };
777 
778  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
779  DetectAddressHeadCleanup(&tmp_gh);
780  DetectAddressHeadCleanup(&tmp_ghn);
781  goto error;
782  }
783 
784  DetectAddress *tmp_ad;
785  DetectAddress *tmp_ad2;
786 #ifdef DEBUG
787  SCLogDebug("tmp_gh: IPv4");
788  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
789  DetectAddressPrint(tmp_ad);
790  }
791  SCLogDebug("tmp_ghn: IPv4");
792  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
793  DetectAddressPrint(tmp_ad);
794  }
795  SCLogDebug("tmp_gh: IPv6");
796  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
797  DetectAddressPrint(tmp_ad);
798  }
799  SCLogDebug("tmp_ghn: IPv6");
800  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
801  DetectAddressPrint(tmp_ad);
802  }
803 #endif
804  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
805  DetectAddressHeadCleanup(&tmp_ghn);
806  DetectAddressHeadCleanup(&tmp_gh);
807  goto error;
808  }
809  DetectAddressHeadCleanup(&tmp_ghn);
810 
811  SCLogDebug("merged successfully");
812 
813  /* insert the IPv4 addresses into the negated list */
814  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
815  /* work with a copy of the address group */
816  tmp_ad2 = DetectAddressCopy(tmp_ad);
817  if (tmp_ad2 == NULL) {
818  SCLogDebug("DetectAddressCopy failed");
819  DetectAddressHeadCleanup(&tmp_gh);
820  goto error;
821  }
822  DetectAddressPrint(tmp_ad2);
823  DetectAddressInsert(NULL, ghn, tmp_ad2);
824  }
825 
826  /* insert the IPv6 addresses into the negated list */
827  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
828  /* work with a copy of the address group */
829  tmp_ad2 = DetectAddressCopy(tmp_ad);
830  if (tmp_ad2 == NULL) {
831  SCLogDebug("DetectAddressCopy failed");
832  DetectAddressHeadCleanup(&tmp_gh);
833  goto error;
834  }
835  DetectAddressPrint(tmp_ad2);
836  DetectAddressInsert(NULL, ghn, tmp_ad2);
837  }
838 
839  DetectAddressHeadCleanup(&tmp_gh);
840  }
841  n_set = 0;
842  }
843  depth--;
844  } else if (depth == 0 && s[u] == ',') {
845  if (o_set == 1) {
846  o_set = 0;
847  } else if (d_set == 1) {
848  address[x - 1] = '\0';
849 
850  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
852  if (rule_var_address == NULL)
853  goto error;
854 
855  if (strlen(rule_var_address) == 0) {
856  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
857  "to nothing. This is likely a misconfiguration. "
858  "Note that a negated address needs to be quoted, "
859  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
860  goto error;
861  }
862 
863  SCLogDebug("rule_var_address %s", rule_var_address);
864  if ((negate + n_set) % 2) {
865  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
866  if (unlikely(temp_rule_var_address == NULL))
867  goto error;
868  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
869  "[%s]", rule_var_address);
870  } else {
871  temp_rule_var_address = SCStrdup(rule_var_address);
872  if (unlikely(temp_rule_var_address == NULL))
873  goto error;
874  }
875 
876  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
877  (negate + n_set) % 2, var_list, recur) < 0) {
878  if (temp_rule_var_address != rule_var_address)
879  SCFree(temp_rule_var_address);
880  goto error;
881  }
882  d_set = 0;
883  n_set = 0;
884  SCFree(temp_rule_var_address);
885  } else {
886  address[x - 1] = '\0';
887 
888  if (!((negate + n_set) % 2)) {
889  SCLogDebug("DetectAddressSetup into gh, %s", address);
890  if (DetectAddressSetup(gh, address) < 0)
891  goto error;
892  } else {
893  SCLogDebug("DetectAddressSetup into ghn, %s", address);
894  if (DetectAddressSetup(ghn, address) < 0)
895  goto error;
896  }
897  n_set = 0;
898  }
899  x = 0;
900  } else if (depth == 0 && s[u] == '$') {
901  d_set = 1;
902  } else if (depth == 0 && u == size - 1) {
903  if (x == address_length) {
904  address[x - 1] = '\0';
905  } else {
906  address[x] = '\0';
907  }
908  x = 0;
909 
910  if (AddVariableToResolveList(var_list, address) == -1) {
911  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
912  "groups declaration. This is likely a misconfiguration.");
913  goto error;
914  }
915 
916  if (d_set == 1) {
917  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
919  if (rule_var_address == NULL)
920  goto error;
921 
922  if (strlen(rule_var_address) == 0) {
923  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
924  "to nothing. This is likely a misconfiguration. "
925  "Note that a negated address needs to be quoted, "
926  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
927  goto error;
928  }
929 
930  SCLogDebug("rule_var_address %s", rule_var_address);
931  if ((negate + n_set) % 2) {
932  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
933  if (unlikely(temp_rule_var_address == NULL))
934  goto error;
935  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
936  "[%s]", rule_var_address);
937  } else {
938  temp_rule_var_address = SCStrdup(rule_var_address);
939  if (unlikely(temp_rule_var_address == NULL))
940  goto error;
941  }
942 
943  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
944  (negate + n_set) % 2, var_list, recur) < 0) {
945  SCLogDebug("DetectAddressParse2 hates us");
946  if (temp_rule_var_address != rule_var_address)
947  SCFree(temp_rule_var_address);
948  goto error;
949  }
950  d_set = 0;
951  SCFree(temp_rule_var_address);
952  } else {
953  if (!((negate + n_set) % 2)) {
954  SCLogDebug("DetectAddressSetup into gh, %s", address);
955  if (DetectAddressSetup(gh, address) < 0) {
956  SCLogDebug("DetectAddressSetup gh fail");
957  goto error;
958  }
959  } else {
960  SCLogDebug("DetectAddressSetup into ghn, %s", address);
961  if (DetectAddressSetup(ghn, address) < 0) {
962  SCLogDebug("DetectAddressSetup ghn fail");
963  goto error;
964  }
965  }
966  }
967  n_set = 0;
968  }
969  }
970  if (depth > 0) {
971  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
972  "properly closed in \"%s\", %d missing closing brackets (]). "
973  "Note: problem might be in a variable.", s, depth);
974  goto error;
975  } else if (depth < 0) {
976  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
977  "properly opened in \"%s\", %d missing opening brackets ([). "
978  "Note: problem might be in a variable.", s, depth*-1);
979  goto error;
980  }
981 
982  return 0;
983 
984 error:
985 
986  return -1;
987 }
988 
989 /**
990  * \internal
991  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
992  *
993  * \retval Return value from DetectAddressParseInternal
994  */
995 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
996  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
997  int recur)
998 {
999  int rc;
1000 #define MAX_ADDRESS_LENGTH 8192
1001 
1002  size_t address_length = strlen(s);
1003  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1004  char *address = SCCalloc(1, address_length);
1005  if (address == NULL) {
1006  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Unable to allocate"
1007  " memory for address parsing.");
1008  return -1;
1009  }
1010  rc = DetectAddressParseInternal(
1011  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1012  SCFree(address);
1013  } else {
1014  char address[MAX_ADDRESS_LENGTH] = "";
1015  rc = DetectAddressParseInternal(
1016  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1017  }
1018  return rc;
1019 }
1020 
1021 /**
1022  * \internal
1023  * \brief See if the addresses and ranges in an address head cover the
1024  * entire ip space.
1025  *
1026  * \param gh Pointer to the DetectAddressHead to check.
1027  *
1028  * \retval 0 No.
1029  * \retval 1 Yes.
1030  *
1031  * \todo do the same for IPv6
1032  */
1033 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1034 {
1036  if (r == 1)
1037  return 1;
1038 
1039  return 0;
1040 }
1041 
1042 /**
1043  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1044  *
1045  * \param gh Pointer to the address head containing the non-NOT groups.
1046  * \param ghn Pointer to the address head containing the NOT groups.
1047  *
1048  * \retval 0 On success.
1049  * \retval -1 On failure.
1050  */
1052 {
1053  DetectAddress *ad;
1054  DetectAddress *ag, *ag2;
1055  int r = 0;
1056 
1057  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1058  ghn->ipv4_head);
1059 
1060  /* check if the negated list covers the entire ip space. If so
1061  * the user screwed up the rules/vars. */
1062  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1063  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1064  "Rule address range is NIL. Probably have a !any or "
1065  "an address range that supplies a NULL address range");
1066  goto error;
1067  }
1068 
1069  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1070  * not thingy. In that case we add a 0.0.0.0/0 first. */
1071  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1072  r = DetectAddressSetup(gh, "0.0.0.0/0");
1073  if (r < 0) {
1074  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1075  goto error;
1076  }
1077  }
1078  /* ... or ::/0 for ipv6 */
1079  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1080  r = DetectAddressSetup(gh, "::/0");
1081  if (r < 0) {
1082  SCLogDebug("DetectAddressSetup for ::/0 failed");
1083  goto error;
1084  }
1085  }
1086 
1087  /* step 1: insert our ghn members into the gh list */
1088  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1089  /* work with a copy of the ad so we can easily clean up the ghn group
1090  * later. */
1091  ad = DetectAddressCopy(ag);
1092  if (ad == NULL) {
1093  SCLogDebug("DetectAddressCopy failed");
1094  goto error;
1095  }
1096 
1097  r = DetectAddressInsert(NULL, gh, ad);
1098  if (r < 0) {
1099  SCLogDebug("DetectAddressInsert failed");
1100  goto error;
1101  }
1102  }
1103  /* ... and the same for ipv6 */
1104  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1105  /* work with a copy of the ad so we can easily clean up the ghn group
1106  * later. */
1107  ad = DetectAddressCopy(ag);
1108  if (ad == NULL) {
1109  SCLogDebug("DetectAddressCopy failed");
1110  goto error;
1111  }
1112 
1113  r = DetectAddressInsert(NULL, gh, ad);
1114  if (r < 0) {
1115  SCLogDebug("DetectAddressInsert failed");
1116  goto error;
1117  }
1118  }
1119 #ifdef DEBUG
1120  DetectAddress *tmp_ad;
1121  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1122  DetectAddressPrint(tmp_ad);
1123  }
1124 #endif
1125  int ipv4_applied = 0;
1126  int ipv6_applied = 0;
1127 
1128  /* step 2: pull the address blocks that match our 'not' blocks */
1129  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1130  SCLogDebug("ag %p", ag);
1131  DetectAddressPrint(ag);
1132 
1133  int applied = 0;
1134  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1135  SCLogDebug("ag2 %p", ag2);
1136  DetectAddressPrint(ag2);
1137 
1138  r = DetectAddressCmp(ag, ag2);
1139  /* XXX more ??? */
1140  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1141  if (ag2->prev == NULL)
1142  gh->ipv4_head = ag2->next;
1143  else
1144  ag2->prev->next = ag2->next;
1145 
1146  if (ag2->next != NULL)
1147  ag2->next->prev = ag2->prev;
1148 
1149  /* store the next ptr and remove the group */
1150  DetectAddress *next_ag2 = ag2->next;
1151  DetectAddressFree(ag2);
1152  ag2 = next_ag2;
1153  applied = 1;
1154  } else {
1155  ag2 = ag2->next;
1156  }
1157  }
1158 
1159  if (applied) {
1160  ipv4_applied++;
1161  }
1162  }
1163  /* ... and the same for ipv6 */
1164  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1165  int applied = 0;
1166  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1167  r = DetectAddressCmp(ag, ag2);
1168  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1169  if (ag2->prev == NULL)
1170  gh->ipv6_head = ag2->next;
1171  else
1172  ag2->prev->next = ag2->next;
1173 
1174  if (ag2->next != NULL)
1175  ag2->next->prev = ag2->prev;
1176 
1177  /* store the next ptr and remove the group */
1178  DetectAddress *next_ag2 = ag2->next;
1179  DetectAddressFree(ag2);
1180  ag2 = next_ag2;
1181 
1182  SCLogDebug("applied");
1183  applied = 1;
1184  } else {
1185  ag2 = ag2->next;
1186  }
1187  }
1188  if (applied) {
1189  ipv6_applied++;
1190  }
1191  }
1192 #ifdef DEBUG
1193  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1194  DetectAddressPrint(tmp_ad);
1195  }
1196  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1197  DetectAddressPrint(tmp_ad);
1198  }
1199 #endif
1200  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1201  int cnt = 0;
1202  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1203  cnt++;
1204 
1205  if (ipv4_applied != cnt) {
1206  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1207  "could be applied: %d != %d", cnt, ipv4_applied);
1208  goto error;
1209  }
1210 
1211  cnt = 0;
1212  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1213  cnt++;
1214 
1215  if (ipv6_applied != cnt) {
1216  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1217  "could be applied: %d != %d", cnt, ipv6_applied);
1218  goto error;
1219  }
1220  }
1221 
1222  /* if the result is that we have no addresses we return error */
1223  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1224  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1225  "merging addresses and negated addresses");
1226  goto error;
1227  }
1228 
1229  return 0;
1230 
1231 error:
1232  return -1;
1233 }
1234 
1236 {
1237  SCLogDebug("Testing address conf vars for any misconfigured values");
1238 
1239  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1240 
1241  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1242  if (address_vars_node == NULL) {
1243  return 0;
1244  }
1245 
1246  DetectAddressHead *gh = NULL;
1247  DetectAddressHead *ghn = NULL;
1248 
1249  ConfNode *seq_node;
1250  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1251  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1252 
1253  gh = DetectAddressHeadInit();
1254  if (gh == NULL) {
1255  goto error;
1256  }
1257  ghn = DetectAddressHeadInit();
1258  if (ghn == NULL) {
1259  goto error;
1260  }
1261 
1262  if (seq_node->val == NULL) {
1264  "Address var \"%s\" probably has a sequence(something "
1265  "in brackets) value set without any quotes. Please "
1266  "quote it using \"..\".", seq_node->name);
1267  goto error;
1268  }
1269 
1270  int r = DetectAddressParse2(
1271  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1272 
1273  CleanVariableResolveList(&var_list);
1274 
1275  if (r < 0) {
1277  "failed to parse address var \"%s\" with value \"%s\". "
1278  "Please check its syntax",
1279  seq_node->name, seq_node->val);
1280  goto error;
1281  }
1282 
1283  if (DetectAddressIsCompleteIPSpace(ghn)) {
1285  "address var - \"%s\" has the complete IP space negated "
1286  "with its value \"%s\". Rule address range is NIL. "
1287  "Probably have a !any or an address range that supplies "
1288  "a NULL address range",
1289  seq_node->name, seq_node->val);
1290  goto error;
1291  }
1292 
1293  DetectAddressHeadFree(gh);
1294  gh = NULL;
1295  DetectAddressHeadFree(ghn);
1296  ghn = NULL;
1297  }
1298 
1299  return 0;
1300  error:
1301  if (gh != NULL)
1302  DetectAddressHeadFree(gh);
1303  if (ghn != NULL)
1304  DetectAddressHeadFree(ghn);
1305  return -1;
1306 }
1307 
1308 #include "util-hash-lookup3.h"
1309 
1310 typedef struct DetectAddressMap_ {
1311  char *string;
1315 
1316 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1317 {
1318  const DetectAddressMap *map = (DetectAddressMap *)data;
1319  uint32_t hash = 0;
1320 
1321  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1322  hash %= ht->array_size;
1323 
1324  return hash;
1325 }
1326 
1327 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1328  uint16_t len2)
1329 {
1330  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1331  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1332 
1333  char r = (strcmp(map1->string, map2->string) == 0);
1334  return r;
1335 }
1336 
1337 static void DetectAddressMapFreeFunc(void *data)
1338 {
1339  DetectAddressMap *map = (DetectAddressMap *)data;
1340  if (map != NULL) {
1341  DetectAddressHeadFree(map->address);
1342  SCFree(map->string);
1343  }
1344  SCFree(map);
1345 }
1346 
1348 {
1349  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1350  DetectAddressMapCompareFunc,
1351  DetectAddressMapFreeFunc);
1352  if (de_ctx->address_table == NULL)
1353  return -1;
1354 
1355  return 0;
1356 }
1357 
1359 {
1360  if (de_ctx->address_table == NULL)
1361  return;
1362 
1364  de_ctx->address_table = NULL;
1365  return;
1366 }
1367 
1368 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1369  DetectAddressHead *address, bool contains_negation)
1370 {
1371  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1372  if (map == NULL)
1373  return -1;
1374 
1375  map->string = SCStrdup(string);
1376  if (map->string == NULL) {
1377  SCFree(map);
1378  return -1;
1379  }
1380  map->address = address;
1381  map->contains_negation = contains_negation;
1382 
1383  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1384  return 0;
1385 }
1386 
1387 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1388  const char *string)
1389 {
1390  DetectAddressMap map = { (char *)string, NULL, false };
1391 
1393  &map, 0);
1394  return res;
1395 }
1396 
1397 /**
1398  * \brief Parses an address group sent as a character string and updates the
1399  * DetectAddressHead sent as the argument with the relevant address
1400  * ranges from the parsed string.
1401  *
1402  * \param de_ctx Pointer to the detection engine context
1403  * \param gh Pointer to the DetectAddressHead.
1404  * \param str Pointer to the character string containing the address group
1405  * that has to be parsed.
1406  *
1407  * \retval 1 On success. Contained negation.
1408  * \retval 0 On success. Did not contain negation.
1409  * \retval -1 On failure.
1410  */
1412  DetectAddressHead *gh, const char *str)
1413 {
1414  SCLogDebug("gh %p, str %s", gh, str);
1415 
1416  if (str == NULL) {
1417  SCLogDebug("DetectAddressParse can not be run with NULL address");
1418  return -1;
1419  }
1420 
1421  DetectAddressHead *ghn = DetectAddressHeadInit();
1422  if (ghn == NULL) {
1423  SCLogDebug("DetectAddressHeadInit for ghn failed");
1424  return -1;
1425  }
1426 
1427  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1428  if (r < 0) {
1429  SCLogDebug("DetectAddressParse2 returned %d", r);
1430  DetectAddressHeadFree(ghn);
1431  return -1;
1432  }
1433 
1434  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1435  ghn->ipv4_head);
1436 
1437  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1438 
1439  /* merge the 'not' address groups */
1440  if (DetectAddressMergeNot(gh, ghn) < 0) {
1441  SCLogDebug("DetectAddressMergeNot failed");
1442  DetectAddressHeadFree(ghn);
1443  return -1;
1444  }
1445 
1446  /* free the temp negate head */
1447  DetectAddressHeadFree(ghn);
1448  return contains_negation ? 1 : 0;
1449 }
1450 
1452  const char *string, bool *contains_negation)
1453 {
1454  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1455  if (res != NULL) {
1456  SCLogDebug("found: %s :: %p", string, res);
1457  *contains_negation = res->contains_negation;
1458  return res->address;
1459  }
1460 
1461  SCLogDebug("%s not found", string);
1462 
1463  DetectAddressHead *head = DetectAddressHeadInit();
1464  if (head == NULL)
1465  return NULL;
1466 
1467  const int r = DetectAddressParse(de_ctx, head, string);
1468  if (r < 0) {
1469  DetectAddressHeadFree(head);
1470  return NULL;
1471  } else if (r == 1) {
1472  *contains_negation = true;
1473  } else {
1474  *contains_negation = false;
1475  }
1476 
1477  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1478  *contains_negation);
1479  return head;
1480 }
1481 
1482 /**
1483  * \brief Cleans a DetectAddressHead. The functions frees the address
1484  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1485  * instance.
1486  *
1487  * \param gh Pointer to the DetectAddressHead instance that has to be
1488  * cleaned.
1489  */
1491 {
1492  if (gh != NULL) {
1493  if (gh->ipv4_head != NULL) {
1494  DetectAddressCleanupList(gh->ipv4_head);
1495  gh->ipv4_head = NULL;
1496  }
1497  if (gh->ipv6_head != NULL) {
1498  DetectAddressCleanupList(gh->ipv6_head);
1499  gh->ipv6_head = NULL;
1500  }
1501  }
1502 
1503  return;
1504 }
1505 
1506 /**
1507  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1508  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1509  * explanations on what these functions do.
1510  *
1511  * \param de_ctx Pointer to the DetectEngineCtx.
1512  * \param a Pointer to the first address to be cut.
1513  * \param b Pointer to the second address to be cut.
1514  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1515  * ranges from a and b, demand a third address range.
1516  *
1517  * \retval 0 On success.
1518  * \retval -1 On failure.
1519  */
1520 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1521  DetectAddress *b, DetectAddress **c)
1522 {
1523  if (a->ip.family == AF_INET)
1524  return DetectAddressCutIPv4(de_ctx, a, b, c);
1525  else if (a->ip.family == AF_INET6)
1526  return DetectAddressCutIPv6(de_ctx, a, b, c);
1527 
1528  return -1;
1529 }
1530 
1531 /**
1532  * \brief Cuts a negated address range with respect to the entire ip range, and
1533  * supplies with the address range that doesn't belong to the negated
1534  * address range.
1535  *
1536  * There are 2 cases here -
1537  *
1538  * The first case includes the address being located at the extreme ends
1539  * of the ip space, in which we get a single range.
1540  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1541  *
1542  * The second case includes the address not present at either of the
1543  * ip space extremes, in which case we get 2 ranges. The second range
1544  * would be supplied back with the argument "b" supplied to this function.
1545  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1546  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1547  *
1548  * The above negation cases can similarly be extended to ranges, i.e.
1549  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1550  * ![10.20.30.40 - 10.20.30.50].
1551  *
1552  *
1553  * \param a Pointer to the DetectAddressData instance, that contains the negated
1554  * address range that has to be cut.
1555  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1556  * filled with the address range, if the argument "a", doesn't fall at
1557  * the extreme ends of the ip address space.
1558  *
1559  * \retval 0 On success.
1560  * \retval -1 On failure.
1561  */
1562 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1563 {
1564  if (a->ip.family == AF_INET)
1565  return DetectAddressCutNotIPv4(a, b);
1566  else if (a->ip.family == AF_INET6)
1567  return DetectAddressCutNotIPv6(a, b);
1568 
1569  return -1;
1570 }
1571 
1572 /**
1573  * \brief Used to compare 2 address ranges.
1574  *
1575  * \param a Pointer to the first DetectAddressData to be compared.
1576  * \param b Pointer to the second DetectAddressData to be compared.
1577  */
1579 {
1580  if (a->ip.family != b->ip.family)
1581  return ADDRESS_ER;
1582 
1583  if (a->ip.family == AF_INET)
1584  return DetectAddressCmpIPv4(a, b);
1585  else if (a->ip.family == AF_INET6)
1586  return DetectAddressCmpIPv6(a, b);
1587 
1588  return ADDRESS_ER;
1589 }
1590 
1591 /**
1592  * \brief Match a packets address against a signatures addrs array
1593  *
1594  * \param addrs array of DetectMatchAddressIPv4's
1595  * \param addrs_cnt array size in members
1596  * \param a packets address
1597  *
1598  * \retval 0 no match
1599  * \retval 1 match
1600  *
1601  * \note addresses in addrs are in host order
1602  *
1603  * \todo array should be ordered, so we can break out of the loop
1604  */
1606  uint16_t addrs_cnt, const Address *a)
1607 {
1608  SCEnter();
1609 
1610  if (addrs == NULL || addrs_cnt == 0) {
1611  SCReturnInt(0);
1612  }
1613 
1614  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1615  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1616  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1617  SCReturnInt(1);
1618  }
1619  }
1620 
1621  SCReturnInt(0);
1622 }
1623 
1624 /**
1625  * \brief Match a packets address against a signatures addrs array
1626  *
1627  * \param addrs array of DetectMatchAddressIPv6's
1628  * \param addrs_cnt array size in members
1629  * \param a packets address
1630  *
1631  * \retval 0 no match
1632  * \retval 1 match
1633  *
1634  * \note addresses in addrs are in host order
1635  *
1636  * \todo array should be ordered, so we can break out of the loop
1637  */
1639  uint16_t addrs_cnt, const Address *a)
1640 {
1641  SCEnter();
1642 
1643  if (addrs == NULL || addrs_cnt == 0) {
1644  SCReturnInt(0);
1645  }
1646 
1647  uint32_t match_addr[4];
1648  match_addr[0] = SCNtohl(a->addr_data32[0]);
1649  match_addr[1] = SCNtohl(a->addr_data32[1]);
1650  match_addr[2] = SCNtohl(a->addr_data32[2]);
1651  match_addr[3] = SCNtohl(a->addr_data32[3]);
1652 
1653  /* See if the packet address is within the range of any entry in the
1654  * signature's address match array.
1655  */
1656  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1657  uint16_t result1 = 0, result2 = 0;
1658 
1659  /* See if packet address equals either limit. Return 1 if true. */
1660  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1661  SCReturnInt(1);
1662  }
1663  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1664  SCReturnInt(1);
1665  }
1666 
1667  /* See if packet address is greater than lower limit
1668  * of the current signature address match pair.
1669  */
1670  for (int i = 0; i < 4; i++) {
1671  if (match_addr[i] > addrs[idx].ip[i]) {
1672  result1 = 1;
1673  break;
1674  }
1675  if (match_addr[i] < addrs[idx].ip[i]) {
1676  result1 = 0;
1677  break;
1678  }
1679  }
1680 
1681  /* If not greater than lower limit, try next address match entry */
1682  if (result1 == 0)
1683  continue;
1684 
1685  /* See if packet address is less than upper limit
1686  * of the current signature address match pair.
1687  */
1688  for (int i = 0; i < 4; i++) {
1689  if (match_addr[i] < addrs[idx].ip2[i]) {
1690  result2 = 1;
1691  break;
1692  }
1693  if (match_addr[i] > addrs[idx].ip2[i]) {
1694  result2 = 0;
1695  break;
1696  }
1697  }
1698 
1699  /* Return a match if packet address is between the two
1700  * signature address match limits.
1701  */
1702  if (result1 == 1 && result2 == 1)
1703  SCReturnInt(1);
1704  }
1705 
1706  SCReturnInt(0);
1707 }
1708 
1709 /**
1710  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1711  * range in the DetectAddress instance.
1712  *
1713  * We basically check that the address falls in between the address
1714  * range in DetectAddress.
1715  *
1716  * \param dd Pointer to the DetectAddress instance.
1717  * \param a Pointer to an Address instance.
1718  *
1719  * \param 1 On a match.
1720  * \param 0 On no match.
1721  */
1722 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1723 {
1724  SCEnter();
1725 
1726  if (dd->ip.family != a->family) {
1727  SCReturnInt(0);
1728  }
1729 
1730  //DetectAddressPrint(dd);
1731  //AddressDebugPrint(a);
1732 
1733  switch (a->family) {
1734  case AF_INET:
1735 
1736  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1737  * Address inside DetectAddressData we can do uint8_t checks */
1738  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1739  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1740  {
1741  SCReturnInt(1);
1742  } else {
1743  SCReturnInt(0);
1744  }
1745 
1746  break;
1747  case AF_INET6:
1748  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1749  AddressIPv6Le(a, &dd->ip2) == 1)
1750  {
1751  SCReturnInt(1);
1752  } else {
1753  SCReturnInt(0);
1754  }
1755 
1756  break;
1757  default:
1758  SCLogDebug("What other address type can we have :-/");
1759  break;
1760  }
1761 
1762  SCReturnInt(0);
1763 }
1764 
1765 #ifdef DEBUG
1766 /**
1767  * \brief Prints the address data held by the DetectAddress. If the address
1768  * data family is IPv4, we print the the ipv4 address and mask, and
1769  * if the address data family is IPv6, we print the ipv6 address and
1770  * mask.
1771  *
1772  * \param ad Pointer to the DetectAddress instance to be printed.
1773  */
1774 static void DetectAddressPrint(DetectAddress *gr)
1775 {
1776  if (gr == NULL)
1777  return;
1778 
1779  if (gr->ip.family == AF_INET) {
1780  struct in_addr in;
1781  char ip[16], mask[16];
1782 
1783  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1784  PrintInet(AF_INET, &in, ip, sizeof(ip));
1785  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1786  PrintInet(AF_INET, &in, mask, sizeof(mask));
1787 
1788  SCLogDebug("%s/%s", ip, mask);
1789 // printf("%s/%s", ip, mask);
1790  } else if (gr->ip.family == AF_INET6) {
1791  struct in6_addr in6;
1792  char ip[66], mask[66];
1793 
1794  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1795  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1796  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1797  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1798 
1799  SCLogDebug("%s/%s", ip, mask);
1800 // printf("%s/%s", ip, mask);
1801  }
1802 
1803  return;
1804 }
1805 #endif
1806 
1807 /**
1808  * \brief Find the group matching address in a group head.
1809  *
1810  * \param gh Pointer to the address group head(DetectAddressHead instance).
1811  * \param a Pointer to an Address instance.
1812  *
1813  * \retval g On success pointer to an DetectAddress if we find a match
1814  * for the Address "a", in the DetectAddressHead "gh".
1815  */
1817 {
1818  SCEnter();
1819 
1820  DetectAddress *g = NULL;
1821 
1822  if (gh == NULL) {
1823  SCReturnPtr(NULL, "DetectAddress");
1824  }
1825 
1826  /* XXX should we really do this check every time we run this function? */
1827  if (a->family == AF_INET) {
1828  SCLogDebug("IPv4");
1829  g = gh->ipv4_head;
1830  } else if (a->family == AF_INET6) {
1831  SCLogDebug("IPv6");
1832  g = gh->ipv6_head;
1833  }
1834 
1835  for ( ; g != NULL; g = g->next) {
1836  if (DetectAddressMatch(g,a) == 1) {
1837  SCReturnPtr(g, "DetectAddress");
1838  }
1839  }
1840 
1841  SCReturnPtr(NULL, "DetectAddress");
1842 }
1843 
1844 /********************************Unittests*************************************/
1845 
1846 #ifdef UNITTESTS
1847 
1848 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1849 {
1850  char str1[46] = "", str2[46] = "";
1851 
1852  if (ad == NULL)
1853  return FALSE;
1854 
1855  switch(ad->ip.family) {
1856  case AF_INET:
1857  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1858  SCLogDebug("%s", str1);
1859  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1860  SCLogDebug("%s", str2);
1861 
1862  if (strcmp(str1, one) != 0) {
1863  SCLogInfo("%s != %s", str1, one);
1864  return FALSE;
1865  }
1866 
1867  if (strcmp(str2, two) != 0) {
1868  SCLogInfo("%s != %s", str2, two);
1869  return FALSE;
1870  }
1871 
1872  return TRUE;
1873  break;
1874 
1875  case AF_INET6:
1876  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1877  SCLogDebug("%s", str1);
1878  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1879  SCLogDebug("%s", str2);
1880 
1881  if (strcmp(str1, one) != 0) {
1882  SCLogInfo("%s != %s", str1, one);
1883  return FALSE;
1884  }
1885 
1886  if (strcmp(str2, two) != 0) {
1887  SCLogInfo("%s != %s", str2, two);
1888  return FALSE;
1889  }
1890 
1891  return TRUE;
1892  break;
1893  }
1894 
1895  return FALSE;
1896 }
1897 
1899  const char *one;
1900  const char *two;
1902 
1903 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1904 {
1905  int expect = nranges;
1906  int have = 0;
1907 
1908  if (gh == NULL)
1909  return FALSE;
1910 
1911  DetectAddress *ad = NULL;
1912  ad = gh->ipv4_head;
1913  if (ad == NULL)
1914  ad = gh->ipv6_head;
1915  while (have < expect) {
1916  if (ad == NULL) {
1917  printf("bad head: have %d ranges, expected %d: ", have, expect);
1918  return FALSE;
1919  }
1920 
1921  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1922  return FALSE;
1923 
1924  ad = ad->next;
1925  have++;
1926  }
1927 
1928  return TRUE;
1929 }
1930 
1931 static int AddressTestParse01(void)
1932 {
1933  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1934 
1935  if (dd) {
1936  DetectAddressFree(dd);
1937  return 1;
1938  }
1939 
1940  return 0;
1941 }
1942 
1943 static int AddressTestParse02(void)
1944 {
1945  int result = 1;
1946  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1947 
1948  if (dd) {
1949  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1950  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1951  result = 0;
1952  }
1953 
1954  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1955  DetectAddressFree(dd);
1956  return result;
1957  }
1958 
1959  return 0;
1960 }
1961 
1962 static int AddressTestParse03(void)
1963 {
1964  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1965 
1966  if (dd) {
1967  DetectAddressFree(dd);
1968  return 1;
1969  }
1970 
1971  return 0;
1972 }
1973 
1974 static int AddressTestParse04(void)
1975 {
1976  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1977  FAIL_IF_NULL(dd);
1978 
1979  char left[16], right[16];
1980  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1981  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1982  SCLogDebug("left %s right %s", left, right);
1983  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1984  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1985  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1986  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1987 
1988  DetectAddressFree(dd);
1989  PASS;
1990 }
1991 
1992 /** \test that address range sets proper start address */
1993 static int AddressTestParse04bug5081(void)
1994 {
1995  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1996  FAIL_IF_NULL(dd);
1997 
1998  char left[16], right[16];
1999  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
2000  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
2001  SCLogDebug("left %s right %s", left, right);
2002  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
2003  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
2004 
2005  DetectAddressFree(dd);
2006  PASS;
2007 }
2008 
2009 static int AddressTestParse05(void)
2010 {
2011  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2012 
2013  if (dd) {
2014  DetectAddressFree(dd);
2015  return 1;
2016  }
2017 
2018  return 0;
2019 }
2020 
2021 static int AddressTestParse06(void)
2022 {
2023  int result = 1;
2024  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2025 
2026  if (dd) {
2027  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2028  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2029  result = 0;
2030  }
2031 
2032  DetectAddressFree(dd);
2033  return result;
2034  }
2035 
2036  return 0;
2037 }
2038 
2039 static int AddressTestParse07(void)
2040 {
2041  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2042 
2043  if (dd) {
2044  DetectAddressFree(dd);
2045  return 1;
2046  }
2047 
2048  return 0;
2049 }
2050 
2051 static int AddressTestParse08(void)
2052 {
2053  int result = 1;
2054  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2055 
2056  if (dd) {
2057  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2058  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2059 
2060  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2061  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2062  DetectAddressPrint(dd);
2063  result = 0;
2064  }
2065 
2066  DetectAddressFree(dd);
2067  return result;
2068  }
2069 
2070  return 0;
2071 }
2072 
2073 static int AddressTestParse09(void)
2074 {
2075  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2076 
2077  if (dd) {
2078  DetectAddressFree(dd);
2079  return 1;
2080  }
2081 
2082  return 0;
2083 }
2084 
2085 static int AddressTestParse10(void)
2086 {
2087  int result = 1;
2088  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2089 
2090  if (dd) {
2091  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2092  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2093 
2094  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2095  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2096  DetectAddressPrint(dd);
2097  result = 0;
2098  }
2099 
2100  DetectAddressFree(dd);
2101  return result;
2102  }
2103 
2104  return 0;
2105 }
2106 
2107 static int AddressTestParse11(void)
2108 {
2109  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2110 
2111  if (dd) {
2112  DetectAddressFree(dd);
2113  return 1;
2114  }
2115 
2116  return 0;
2117 }
2118 
2119 static int AddressTestParse12(void)
2120 {
2121  int result = 1;
2122  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2123 
2124  if (dd) {
2125  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2126  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2127 
2128  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2129  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2130  DetectAddressPrint(dd);
2131  result = 0;
2132  }
2133 
2134  DetectAddressFree(dd);
2135  return result;
2136  }
2137 
2138  return 0;
2139 }
2140 static int AddressTestParse13(void)
2141 {
2142  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2143 
2144  if (dd) {
2145  DetectAddressFree(dd);
2146  return 1;
2147  }
2148 
2149  return 0;
2150 }
2151 
2152 static int AddressTestParse14(void)
2153 {
2154  int result = 1;
2155  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2156 
2157  if (dd) {
2158  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2159  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2160 
2161  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2162  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2163  result = 0;
2164  }
2165 
2166  DetectAddressFree(dd);
2167  return result;
2168  }
2169 
2170  return 0;
2171 }
2172 
2173 static int AddressTestParse15(void)
2174 {
2175  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2176 
2177  if (dd) {
2178  DetectAddressFree(dd);
2179  return 1;
2180  }
2181 
2182  return 0;
2183 }
2184 
2185 static int AddressTestParse16(void)
2186 {
2187  int result = 1;
2188  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2189 
2190  if (dd) {
2191  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2192  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2193 
2194  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2195  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2196  result = 0;
2197  }
2198 
2199  DetectAddressFree(dd);
2200  return result;
2201  }
2202 
2203  return 0;
2204 }
2205 
2206 static int AddressTestParse17(void)
2207 {
2208  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2209 
2210  if (dd) {
2211  DetectAddressFree(dd);
2212  return 1;
2213  }
2214 
2215  return 0;
2216 }
2217 
2218 static int AddressTestParse18(void)
2219 {
2220  int result = 1;
2221  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2222 
2223  if (dd) {
2224  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2225  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2226  result = 0;
2227  }
2228 
2229  DetectAddressFree(dd);
2230  return result;
2231  }
2232 
2233  return 0;
2234 }
2235 
2236 static int AddressTestParse19(void)
2237 {
2238  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2239 
2240  if (dd) {
2241  DetectAddressFree(dd);
2242  return 0;
2243  }
2244 
2245  return 1;
2246 }
2247 
2248 static int AddressTestParse20(void)
2249 {
2250  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2251 
2252  if (dd) {
2253  DetectAddressFree(dd);
2254  return 1;
2255  }
2256 
2257  return 0;
2258 }
2259 
2260 static int AddressTestParse21(void)
2261 {
2262  int result = 1;
2263  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2264 
2265  if (dd) {
2266  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2267  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2268 
2269  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2270  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2271  result = 0;
2272  }
2273 
2274  DetectAddressFree(dd);
2275  return result;
2276  }
2277 
2278  return 0;
2279 }
2280 
2281 static int AddressTestParse22(void)
2282 {
2283  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2284 
2285  if (dd) {
2286  DetectAddressFree(dd);
2287  return 0;
2288  }
2289 
2290  return 1;
2291 }
2292 
2293 static int AddressTestParse23(void)
2294 {
2295  DetectAddressHead *gh = DetectAddressHeadInit();
2296  FAIL_IF_NULL(gh);
2297  int r = DetectAddressParse(NULL, gh, "any");
2298  FAIL_IF_NOT(r == 0);
2299  DetectAddressHeadFree(gh);
2300  PASS;
2301 }
2302 
2303 static int AddressTestParse24(void)
2304 {
2305  DetectAddressHead *gh = DetectAddressHeadInit();
2306  FAIL_IF_NULL(gh);
2307  int r = DetectAddressParse(NULL, gh, "Any");
2308  FAIL_IF_NOT(r == 0);
2309  DetectAddressHeadFree(gh);
2310  PASS;
2311 }
2312 
2313 static int AddressTestParse25(void)
2314 {
2315  DetectAddressHead *gh = DetectAddressHeadInit();
2316  FAIL_IF_NULL(gh);
2317  int r = DetectAddressParse(NULL, gh, "ANY");
2318  FAIL_IF_NOT(r == 0);
2319  DetectAddressHeadFree(gh);
2320  PASS;
2321 }
2322 
2323 /** \test recursion limit */
2324 static int AddressTestParse26(void)
2325 {
2326  DetectAddressHead *gh = DetectAddressHeadInit();
2327  FAIL_IF_NULL(gh);
2328  /* exactly 64: should pass */
2329  int r = DetectAddressParse(NULL, gh,
2330  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2331  "1.2.3.4"
2332  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2333  );
2334  FAIL_IF_NOT(r == 0);
2335  DetectAddressHeadFree(gh);
2336  gh = DetectAddressHeadInit();
2337  FAIL_IF_NULL(gh);
2338  /* exactly 65: should fail */
2339  r = DetectAddressParse(NULL, gh,
2340  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2341  "1.2.3.4"
2342  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2343  );
2344  FAIL_IF(r == 0);
2345  DetectAddressHeadFree(gh);
2346  PASS;
2347 }
2348 
2349 static int AddressTestParse27(void)
2350 {
2351  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2352 
2353  if (dd) {
2354  DetectAddressFree(dd);
2355  return 1;
2356  }
2357 
2358  return 0;
2359 }
2360 
2361 static int AddressTestParse28(void)
2362 {
2363  int result = 0;
2364  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2365 
2366  if (dd) {
2367  if (dd->flags & ADDRESS_FLAG_NOT &&
2368  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2369  result = 1;
2370  }
2371 
2372  DetectAddressFree(dd);
2373  return result;
2374  }
2375 
2376  return 0;
2377 }
2378 
2379 static int AddressTestParse29(void)
2380 {
2381  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2382 
2383  if (dd) {
2384  DetectAddressFree(dd);
2385  return 1;
2386  }
2387 
2388  return 0;
2389 }
2390 
2391 static int AddressTestParse30(void)
2392 {
2393  int result = 0;
2394  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2395 
2396  if (dd) {
2397  if (dd->flags & ADDRESS_FLAG_NOT &&
2398  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2399  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2400  result = 1;
2401  }
2402 
2403  DetectAddressFree(dd);
2404  return result;
2405  }
2406 
2407  return 0;
2408 }
2409 
2410 /**
2411  * \test make sure !any is rejected
2412  */
2413 static int AddressTestParse31(void)
2414 {
2415  DetectAddress *dd = DetectAddressParseSingle("!any");
2416 
2417  if (dd) {
2418  DetectAddressFree(dd);
2419  return 0;
2420  }
2421 
2422  return 1;
2423 }
2424 
2425 static int AddressTestParse32(void)
2426 {
2427  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2428 
2429  if (dd) {
2430  DetectAddressFree(dd);
2431  return 1;
2432  }
2433 
2434  return 0;
2435 }
2436 
2437 static int AddressTestParse33(void)
2438 {
2439  int result = 0;
2440  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2441 
2442  if (dd) {
2443  if (dd->flags & ADDRESS_FLAG_NOT &&
2444  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2445  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2446  result = 1;
2447  }
2448 
2449  DetectAddressFree(dd);
2450  return result;
2451  }
2452 
2453  return 0;
2454 }
2455 
2456 static int AddressTestParse34(void)
2457 {
2458  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2459 
2460  if (dd) {
2461  DetectAddressFree(dd);
2462  return 1;
2463  }
2464 
2465  return 0;
2466 }
2467 
2468 static int AddressTestParse35(void)
2469 {
2470  int result = 0;
2471  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2472 
2473  if (dd) {
2474  if (dd->flags & ADDRESS_FLAG_NOT &&
2475  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2476  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2477 
2478  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2479  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2480  result = 1;
2481  }
2482 
2483  DetectAddressFree(dd);
2484  return result;
2485  }
2486 
2487  return 0;
2488 }
2489 
2490 static int AddressTestParse36(void)
2491 {
2492  int result = 1;
2493  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2494 
2495  if (dd) {
2496  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2497  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2498 
2499  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2500  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2501 
2502  DetectAddressPrint(dd);
2503  result = 0;
2504  }
2505  DetectAddressPrint(dd);
2506 
2507  DetectAddressFree(dd);
2508  return result;
2509  }
2510 
2511  return 0;
2512 }
2513 
2514 static int AddressTestParse37(void)
2515 {
2516  int result = 1;
2517  DetectAddress *dd = DetectAddressParseSingle("::/0");
2518 
2519  if (dd) {
2520  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2521  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2522 
2523  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2524  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2525  DetectAddressPrint(dd);
2526  result = 0;
2527  }
2528  DetectAddressPrint(dd);
2529 
2530  DetectAddressFree(dd);
2531  return result;
2532  }
2533 
2534  return 0;
2535 }
2536 
2537 static int AddressTestMatch01(void)
2538 {
2539  DetectAddress *dd = NULL;
2540  int result = 1;
2541  struct in_addr in;
2542  Address a;
2543 
2544  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2545  return 0;
2546  memset(&a, 0, sizeof(Address));
2547  a.family = AF_INET;
2548  a.addr_data32[0] = in.s_addr;
2549 
2550  dd = DetectAddressParseSingle("1.2.3.4/24");
2551  if (dd) {
2552  if (DetectAddressMatch(dd, &a) == 0)
2553  result = 0;
2554 
2555  DetectAddressFree(dd);
2556  return result;
2557  }
2558 
2559  return 0;
2560 }
2561 
2562 static int AddressTestMatch02(void)
2563 {
2564  DetectAddress *dd = NULL;
2565  int result = 1;
2566  struct in_addr in;
2567  Address a;
2568 
2569  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2570  return 0;
2571  memset(&a, 0, sizeof(Address));
2572  a.family = AF_INET;
2573  a.addr_data32[0] = in.s_addr;
2574 
2575  dd = DetectAddressParseSingle("1.2.3.4/25");
2576  if (dd) {
2577  if (DetectAddressMatch(dd, &a) == 0)
2578  result = 0;
2579 
2580  DetectAddressFree(dd);
2581  return result;
2582  }
2583 
2584  return 0;
2585 }
2586 
2587 static int AddressTestMatch03(void)
2588 {
2589  DetectAddress *dd = NULL;
2590  int result = 1;
2591  struct in_addr in;
2592  Address a;
2593 
2594  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2595  return 0;
2596  memset(&a, 0, sizeof(Address));
2597  a.family = AF_INET;
2598  a.addr_data32[0] = in.s_addr;
2599 
2600  dd = DetectAddressParseSingle("1.2.3.4/25");
2601  if (dd) {
2602  if (DetectAddressMatch(dd, &a) == 1)
2603  result = 0;
2604 
2605  DetectAddressFree(dd);
2606  return result;
2607  }
2608 
2609  return 0;
2610 }
2611 
2612 static int AddressTestMatch04(void)
2613 {
2614  DetectAddress *dd = NULL;
2615  int result = 1;
2616  struct in_addr in;
2617  Address a;
2618 
2619  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2620  return 0;
2621  memset(&a, 0, sizeof(Address));
2622  a.family = AF_INET;
2623  a.addr_data32[0] = in.s_addr;
2624 
2625  dd = DetectAddressParseSingle("1.2.3.4/25");
2626  if (dd) {
2627  if (DetectAddressMatch(dd, &a) == 1)
2628  result = 0;
2629 
2630  DetectAddressFree(dd);
2631  return result;
2632  }
2633 
2634  return 0;
2635 }
2636 
2637 static int AddressTestMatch05(void)
2638 {
2639  DetectAddress *dd = NULL;
2640  int result = 1;
2641  struct in_addr in;
2642  Address a;
2643 
2644  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2645  return 0;
2646  memset(&a, 0, sizeof(Address));
2647  a.family = AF_INET;
2648  a.addr_data32[0] = in.s_addr;
2649 
2650  dd = DetectAddressParseSingle("1.2.3.4/32");
2651  if (dd) {
2652  if (DetectAddressMatch(dd, &a) == 0)
2653  result = 0;
2654 
2655  DetectAddressFree(dd);
2656  return result;
2657  }
2658 
2659  return 0;
2660 }
2661 
2662 static int AddressTestMatch06(void)
2663 {
2664  DetectAddress *dd = NULL;
2665  int result = 1;
2666  struct in_addr in;
2667  Address a;
2668 
2669  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2670  return 0;
2671  memset(&a, 0, sizeof(Address));
2672  a.family = AF_INET;
2673  a.addr_data32[0] = in.s_addr;
2674 
2675  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2676  if (dd) {
2677  if (DetectAddressMatch(dd, &a) == 0)
2678  result = 0;
2679 
2680  DetectAddressFree(dd);
2681  return result;
2682  }
2683 
2684  return 0;
2685 }
2686 
2687 static int AddressTestMatch07(void)
2688 {
2689  DetectAddress *dd = NULL;
2690  int result = 1;
2691  struct in6_addr in6;
2692  Address a;
2693 
2694  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2695  return 0;
2696  memset(&a, 0, sizeof(Address));
2697  a.family = AF_INET6;
2698  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2699 
2700  dd = DetectAddressParseSingle("2001::/3");
2701  if (dd) {
2702  if (DetectAddressMatch(dd, &a) == 0)
2703  result = 0;
2704 
2705  DetectAddressFree(dd);
2706  return result;
2707  }
2708 
2709  return 0;
2710 }
2711 
2712 static int AddressTestMatch08(void)
2713 {
2714  DetectAddress *dd = NULL;
2715  int result = 1;
2716  struct in6_addr in6;
2717  Address a;
2718 
2719  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2720  return 0;
2721  memset(&a, 0, sizeof(Address));
2722  a.family = AF_INET6;
2723  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2724 
2725  dd = DetectAddressParseSingle("2001::/3");
2726  if (dd) {
2727  if (DetectAddressMatch(dd, &a) == 1)
2728  result = 0;
2729 
2730  DetectAddressFree(dd);
2731  return result;
2732  }
2733 
2734  return 0;
2735 }
2736 
2737 static int AddressTestMatch09(void)
2738 {
2739  DetectAddress *dd = NULL;
2740  int result = 1;
2741  struct in6_addr in6;
2742  Address a;
2743 
2744  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2745  return 0;
2746  memset(&a, 0, sizeof(Address));
2747  a.family = AF_INET6;
2748  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2749 
2750  dd = DetectAddressParseSingle("2001::1/128");
2751  if (dd) {
2752  if (DetectAddressMatch(dd, &a) == 1)
2753  result = 0;
2754 
2755  DetectAddressFree(dd);
2756  return result;
2757  }
2758 
2759  return 0;
2760 }
2761 
2762 static int AddressTestMatch10(void)
2763 {
2764  DetectAddress *dd = NULL;
2765  int result = 1;
2766  struct in6_addr in6;
2767  Address a;
2768 
2769  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2770  return 0;
2771  memset(&a, 0, sizeof(Address));
2772  a.family = AF_INET6;
2773  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2774 
2775  dd = DetectAddressParseSingle("2001::1/126");
2776  if (dd) {
2777  if (DetectAddressMatch(dd, &a) == 0)
2778  result = 0;
2779 
2780  DetectAddressFree(dd);
2781  return result;
2782  }
2783 
2784  return 0;
2785 }
2786 
2787 static int AddressTestMatch11(void)
2788 {
2789  DetectAddress *dd = NULL;
2790  int result = 1;
2791  struct in6_addr in6;
2792  Address a;
2793 
2794  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2795  return 0;
2796  memset(&a, 0, sizeof(Address));
2797  a.family = AF_INET6;
2798  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2799 
2800  dd = DetectAddressParseSingle("2001::1/127");
2801  if (dd) {
2802  if (DetectAddressMatch(dd, &a) == 1)
2803  result = 0;
2804 
2805  DetectAddressFree(dd);
2806  return result;
2807  }
2808 
2809  return 0;
2810 }
2811 
2812 static int AddressTestCmp01(void)
2813 {
2814  DetectAddress *da = NULL, *db = NULL;
2815  int result = 1;
2816 
2817  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2818  if (da == NULL) goto error;
2819  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2820  if (db == NULL) goto error;
2821 
2822  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2823  result = 0;
2824 
2825  DetectAddressFree(da);
2826  DetectAddressFree(db);
2827  return result;
2828 
2829 error:
2830  if (da) DetectAddressFree(da);
2831  if (db) DetectAddressFree(db);
2832  return 0;
2833 }
2834 
2835 static int AddressTestCmp02(void)
2836 {
2837  DetectAddress *da = NULL, *db = NULL;
2838  int result = 1;
2839 
2840  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2841  if (da == NULL) goto error;
2842  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2843  if (db == NULL) goto error;
2844 
2845  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2846  result = 0;
2847 
2848  DetectAddressFree(da);
2849  DetectAddressFree(db);
2850  return result;
2851 
2852 error:
2853  if (da) DetectAddressFree(da);
2854  if (db) DetectAddressFree(db);
2855  return 0;
2856 }
2857 
2858 static int AddressTestCmp03(void)
2859 {
2860  DetectAddress *da = NULL, *db = NULL;
2861  int result = 1;
2862 
2863  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2864  if (da == NULL) goto error;
2865  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2866  if (db == NULL) goto error;
2867 
2868  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2869  result = 0;
2870 
2871  DetectAddressFree(da);
2872  DetectAddressFree(db);
2873  return result;
2874 
2875 error:
2876  if (da) DetectAddressFree(da);
2877  if (db) DetectAddressFree(db);
2878  return 0;
2879 }
2880 
2881 static int AddressTestCmp04(void)
2882 {
2883  DetectAddress *da = NULL, *db = NULL;
2884  int result = 1;
2885 
2886  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2887  if (da == NULL) goto error;
2888  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2889  if (db == NULL) goto error;
2890 
2891  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2892  result = 0;
2893 
2894  DetectAddressFree(da);
2895  DetectAddressFree(db);
2896  return result;
2897 
2898 error:
2899  if (da) DetectAddressFree(da);
2900  if (db) DetectAddressFree(db);
2901  return 0;
2902 }
2903 
2904 static int AddressTestCmp05(void)
2905 {
2906  DetectAddress *da = NULL, *db = NULL;
2907  int result = 1;
2908 
2909  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2910  if (da == NULL) goto error;
2911  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2912  if (db == NULL) goto error;
2913 
2914  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2915  result = 0;
2916 
2917  DetectAddressFree(da);
2918  DetectAddressFree(db);
2919  return result;
2920 
2921 error:
2922  if (da) DetectAddressFree(da);
2923  if (db) DetectAddressFree(db);
2924  return 0;
2925 }
2926 
2927 static int AddressTestCmp06(void)
2928 {
2929  DetectAddress *da = NULL, *db = NULL;
2930  int result = 1;
2931 
2932  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2933  if (da == NULL) goto error;
2934  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2935  if (db == NULL) goto error;
2936 
2937  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2938  result = 0;
2939 
2940  DetectAddressFree(da);
2941  DetectAddressFree(db);
2942  return result;
2943 
2944 error:
2945  if (da) DetectAddressFree(da);
2946  if (db) DetectAddressFree(db);
2947  return 0;
2948 }
2949 
2950 static int AddressTestCmpIPv407(void)
2951 {
2952  DetectAddress *da = NULL, *db = NULL;
2953  int result = 1;
2954 
2955  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2956  if (da == NULL) goto error;
2957  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2958  if (db == NULL) goto error;
2959 
2960  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2961  result = 0;
2962 
2963  DetectAddressFree(da);
2964  DetectAddressFree(db);
2965  return result;
2966 
2967 error:
2968  if (da) DetectAddressFree(da);
2969  if (db) DetectAddressFree(db);
2970  return 0;
2971 }
2972 
2973 static int AddressTestCmpIPv408(void)
2974 {
2975  DetectAddress *da = NULL, *db = NULL;
2976  int result = 1;
2977 
2978  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2979  if (da == NULL) goto error;
2980  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2981  if (db == NULL) goto error;
2982 
2983  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2984  result = 0;
2985 
2986  DetectAddressFree(da);
2987  DetectAddressFree(db);
2988  return result;
2989 
2990 error:
2991  if (da) DetectAddressFree(da);
2992  if (db) DetectAddressFree(db);
2993  return 0;
2994 }
2995 
2996 static int AddressTestCmp07(void)
2997 {
2998  DetectAddress *da = NULL, *db = NULL;
2999  int result = 1;
3000 
3001  da = DetectAddressParseSingle("2001::/3");
3002  if (da == NULL) goto error;
3003  db = DetectAddressParseSingle("2001::1/3");
3004  if (db == NULL) goto error;
3005 
3006  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3007  result = 0;
3008 
3009  DetectAddressFree(da);
3010  DetectAddressFree(db);
3011  return result;
3012 
3013 error:
3014  if (da) DetectAddressFree(da);
3015  if (db) DetectAddressFree(db);
3016  return 0;
3017 }
3018 
3019 static int AddressTestCmp08(void)
3020 {
3021  DetectAddress *da = NULL, *db = NULL;
3022  int result = 1;
3023 
3024  da = DetectAddressParseSingle("2001::/3");
3025  if (da == NULL) goto error;
3026  db = DetectAddressParseSingle("2001::/8");
3027  if (db == NULL) goto error;
3028 
3029  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3030  result = 0;
3031 
3032  DetectAddressFree(da);
3033  DetectAddressFree(db);
3034  return result;
3035 
3036 error:
3037  if (da) DetectAddressFree(da);
3038  if (db) DetectAddressFree(db);
3039  return 0;
3040 }
3041 
3042 static int AddressTestCmp09(void)
3043 {
3044  DetectAddress *da = NULL, *db = NULL;
3045  int result = 1;
3046 
3047  da = DetectAddressParseSingle("2001::/8");
3048  if (da == NULL) goto error;
3049  db = DetectAddressParseSingle("2001::/3");
3050  if (db == NULL) goto error;
3051 
3052  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3053  result = 0;
3054 
3055  DetectAddressFree(da);
3056  DetectAddressFree(db);
3057  return result;
3058 
3059 error:
3060  if (da) DetectAddressFree(da);
3061  if (db) DetectAddressFree(db);
3062  return 0;
3063 }
3064 
3065 static int AddressTestCmp10(void)
3066 {
3067  DetectAddress *da = NULL, *db = NULL;
3068  int result = 1;
3069 
3070  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3071  if (da == NULL) goto error;
3072  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3073  if (db == NULL) goto error;
3074 
3075  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3076  result = 0;
3077 
3078  DetectAddressFree(da);
3079  DetectAddressFree(db);
3080  return result;
3081 
3082 error:
3083  if (da) DetectAddressFree(da);
3084  if (db) DetectAddressFree(db);
3085  return 0;
3086 }
3087 
3088 static int AddressTestCmp11(void)
3089 {
3090  DetectAddress *da = NULL, *db = NULL;
3091  int result = 1;
3092 
3093  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3094  if (da == NULL) goto error;
3095  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3096  if (db == NULL) goto error;
3097 
3098  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3099  result = 0;
3100 
3101  DetectAddressFree(da);
3102  DetectAddressFree(db);
3103  return result;
3104 
3105 error:
3106  if (da) DetectAddressFree(da);
3107  if (db) DetectAddressFree(db);
3108  return 0;
3109 }
3110 
3111 static int AddressTestCmp12(void)
3112 {
3113  DetectAddress *da = NULL, *db = NULL;
3114  int result = 1;
3115 
3116  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3117  if (da == NULL) goto error;
3118  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3119  if (db == NULL) goto error;
3120 
3121  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3122  result = 0;
3123 
3124  DetectAddressFree(da);
3125  DetectAddressFree(db);
3126  return result;
3127 
3128 error:
3129  if (da) DetectAddressFree(da);
3130  if (db) DetectAddressFree(db);
3131  return 0;
3132 }
3133 
3134 static int AddressTestAddressGroupSetup01(void)
3135 {
3136  int result = 0;
3137  DetectAddressHead *gh = DetectAddressHeadInit();
3138 
3139  if (gh != NULL) {
3140  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3141  if (r == 0)
3142  result = 1;
3143 
3144  DetectAddressHeadFree(gh);
3145  }
3146  return result;
3147 }
3148 
3149 static int AddressTestAddressGroupSetup02(void)
3150 {
3151  int result = 0;
3152  DetectAddressHead *gh = DetectAddressHeadInit();
3153 
3154  if (gh != NULL) {
3155  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3156  if (r == 0 && gh->ipv4_head != NULL)
3157  result = 1;
3158 
3159  DetectAddressHeadFree(gh);
3160  }
3161  return result;
3162 }
3163 
3164 static int AddressTestAddressGroupSetup03(void)
3165 {
3166  int result = 0;
3167  DetectAddressHead *gh = DetectAddressHeadInit();
3168 
3169  if (gh != NULL) {
3170  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3171  if (r == 0 && gh->ipv4_head != NULL) {
3172  DetectAddress *prev_head = gh->ipv4_head;
3173 
3174  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3175  if (r == 0 && gh->ipv4_head != prev_head &&
3176  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3177  result = 1;
3178  }
3179  }
3180 
3181  DetectAddressHeadFree(gh);
3182  }
3183  return result;
3184 }
3185 
3186 static int AddressTestAddressGroupSetup04(void)
3187 {
3188  int result = 0;
3189  DetectAddressHead *gh = DetectAddressHeadInit();
3190 
3191  if (gh != NULL) {
3192  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3193  if (r == 0 && gh->ipv4_head != NULL) {
3194  DetectAddress *prev_head = gh->ipv4_head;
3195 
3196  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3197  if (r == 0 && gh->ipv4_head != prev_head &&
3198  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3199  DetectAddress *ph = gh->ipv4_head;
3200 
3201  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3202  if (r == 0 && gh->ipv4_head != ph &&
3203  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3204  result = 1;
3205  }
3206  }
3207  }
3208 
3209  DetectAddressHeadFree(gh);
3210  }
3211  return result;
3212 }
3213 
3214 static int AddressTestAddressGroupSetup05(void)
3215 {
3216  int result = 0;
3217  DetectAddressHead *gh = DetectAddressHeadInit();
3218 
3219  if (gh != NULL) {
3220  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3221  if (r == 0 && gh->ipv4_head != NULL) {
3222  DetectAddress *prev_head = gh->ipv4_head;
3223 
3224  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3225  if (r == 0 && gh->ipv4_head == prev_head &&
3226  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3227  DetectAddress *ph = gh->ipv4_head;
3228 
3229  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3230  if (r == 0 && gh->ipv4_head == ph &&
3231  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3232  result = 1;
3233  }
3234  }
3235  }
3236 
3237  DetectAddressHeadFree(gh);
3238  }
3239  return result;
3240 }
3241 
3242 static int AddressTestAddressGroupSetup06(void)
3243 {
3244  int result = 0;
3245  DetectAddressHead *gh = DetectAddressHeadInit();
3246 
3247  if (gh != NULL) {
3248  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3249  if (r == 0 && gh->ipv4_head != NULL) {
3250  DetectAddress *prev_head = gh->ipv4_head;
3251 
3252  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3253  if (r == 0 && gh->ipv4_head == prev_head &&
3254  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3255  result = 1;
3256  }
3257  }
3258 
3259  DetectAddressHeadFree(gh);
3260  }
3261  return result;
3262 }
3263 
3264 static int AddressTestAddressGroupSetup07(void)
3265 {
3266  int result = 0;
3267  DetectAddressHead *gh = DetectAddressHeadInit();
3268 
3269  if (gh != NULL) {
3270  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3271  if (r == 0 && gh->ipv4_head != NULL) {
3272  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3273  if (r == 0 && gh->ipv4_head != NULL &&
3274  gh->ipv4_head->next != NULL &&
3275  gh->ipv4_head->next->next != NULL) {
3276  result = 1;
3277  }
3278  }
3279 
3280  DetectAddressHeadFree(gh);
3281  }
3282  return result;
3283 }
3284 
3285 static int AddressTestAddressGroupSetup08(void)
3286 {
3287  int result = 0;
3288  DetectAddressHead *gh = DetectAddressHeadInit();
3289 
3290  if (gh != NULL) {
3291  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3292  if (r == 0 && gh->ipv4_head != NULL) {
3293  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3294  if (r == 0 && gh->ipv4_head != NULL &&
3295  gh->ipv4_head->next != NULL &&
3296  gh->ipv4_head->next->next != NULL) {
3297  result = 1;
3298  }
3299  }
3300 
3301  DetectAddressHeadFree(gh);
3302  }
3303  return result;
3304 }
3305 
3306 static int AddressTestAddressGroupSetup09(void)
3307 {
3308  int result = 0;
3309  DetectAddressHead *gh = DetectAddressHeadInit();
3310 
3311  if (gh != NULL) {
3312  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3313  if (r == 0 && gh->ipv4_head != NULL) {
3314  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3315  if (r == 0 && gh->ipv4_head != NULL &&
3316  gh->ipv4_head->next != NULL &&
3317  gh->ipv4_head->next->next != NULL) {
3318  result = 1;
3319  }
3320  }
3321 
3322  DetectAddressHeadFree(gh);
3323  }
3324  return result;
3325 }
3326 
3327 static int AddressTestAddressGroupSetup10(void)
3328 {
3329  int result = 0;
3330  DetectAddressHead *gh = DetectAddressHeadInit();
3331 
3332  if (gh != NULL) {
3333  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3334  if (r == 0 && gh->ipv4_head != NULL) {
3335  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3336  if (r == 0 && gh->ipv4_head != NULL &&
3337  gh->ipv4_head->next != NULL &&
3338  gh->ipv4_head->next->next != NULL) {
3339  result = 1;
3340  }
3341  }
3342 
3343  DetectAddressHeadFree(gh);
3344  }
3345  return result;
3346 }
3347 
3348 static int AddressTestAddressGroupSetup11(void)
3349 {
3350  int result = 0;
3351  DetectAddressHead *gh = DetectAddressHeadInit();
3352 
3353  if (gh != NULL) {
3354  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3355  if (r == 0) {
3356  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3357  if (r == 0) {
3358  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3359  if (r == 0) {
3360  DetectAddress *one = gh->ipv4_head, *two = one->next,
3361  *three = two->next, *four = three->next,
3362  *five = four->next;
3363 
3364  /* result should be:
3365  * 0.0.0.0/10.10.9.255
3366  * 10.10.10.0/10.10.10.9
3367  * 10.10.10.10/10.10.10.255
3368  * 10.10.11.0/10.10.11.1
3369  * 10.10.11.2/255.255.255.255
3370  */
3371  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3372  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3373  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3374  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3375  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3376  result = 1;
3377  }
3378  }
3379  }
3380  }
3381 
3382  DetectAddressHeadFree(gh);
3383  }
3384  return result;
3385 }
3386 
3387 static int AddressTestAddressGroupSetup12 (void)
3388 {
3389  int result = 0;
3390  DetectAddressHead *gh = DetectAddressHeadInit();
3391 
3392  if (gh != NULL) {
3393  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3394  if (r == 0) {
3395  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3396  if (r == 0) {
3397  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3398  if (r == 0) {
3399  DetectAddress *one = gh->ipv4_head, *two = one->next,
3400  *three = two->next, *four = three->next,
3401  *five = four->next;
3402 
3403  /* result should be:
3404  * 0.0.0.0/10.10.9.255
3405  * 10.10.10.0/10.10.10.9
3406  * 10.10.10.10/10.10.10.255
3407  * 10.10.11.0/10.10.11.1
3408  * 10.10.11.2/255.255.255.255
3409  */
3410  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3411  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3412  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3413  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3414  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3415  result = 1;
3416  }
3417  }
3418  }
3419  }
3420 
3421  DetectAddressHeadFree(gh);
3422  }
3423  return result;
3424 }
3425 
3426 static int AddressTestAddressGroupSetup13(void)
3427 {
3428  int result = 0;
3429  DetectAddressHead *gh = DetectAddressHeadInit();
3430 
3431  if (gh != NULL) {
3432  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3433  if (r == 0) {
3434  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3435  if (r == 0) {
3436  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3437  if (r == 0) {
3438  DetectAddress *one = gh->ipv4_head, *two = one->next,
3439  *three = two->next, *four = three->next,
3440  *five = four->next;
3441 
3442  /* result should be:
3443  * 0.0.0.0/10.10.9.255
3444  * 10.10.10.0/10.10.10.9
3445  * 10.10.10.10/10.10.10.255
3446  * 10.10.11.0/10.10.11.1
3447  * 10.10.11.2/255.255.255.255
3448  */
3449  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3450  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3451  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3452  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3453  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3454  result = 1;
3455  }
3456  }
3457  }
3458  }
3459 
3460  DetectAddressHeadFree(gh);
3461  }
3462  return result;
3463 }
3464 
3465 static int AddressTestAddressGroupSetupIPv414(void)
3466 {
3467  DetectAddressHead *gh = DetectAddressHeadInit();
3468  FAIL_IF_NULL(gh);
3469 
3470  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3471  FAIL_IF_NOT(r == 1);
3472 
3473  DetectAddress *one = gh->ipv4_head;
3474  FAIL_IF_NULL(one);
3475  DetectAddress *two = one->next;
3476  FAIL_IF_NULL(two);
3477 
3478  /* result should be:
3479  * 0.0.0.0/1.2.3.3
3480  * 1.2.3.5/255.255.255.255
3481  */
3482  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3483  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3484  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3485  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3486  DetectAddressHeadFree(gh);
3487 
3488  PASS;
3489 }
3490 
3491 static int AddressTestAddressGroupSetupIPv415(void)
3492 {
3493  DetectAddressHead *gh = DetectAddressHeadInit();
3494  FAIL_IF_NULL(gh);
3495 
3496  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3497  FAIL_IF_NOT(r == 1);
3498 
3499  DetectAddress *one = gh->ipv4_head;
3500  FAIL_IF_NULL(one);
3501  FAIL_IF_NOT_NULL(one->next);
3502 
3503  /* result should be:
3504  * 0.0.0.1/255.255.255.255
3505  */
3506  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3507  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3508 
3509  DetectAddressHeadFree(gh);
3510  PASS;
3511 }
3512 
3513 static int AddressTestAddressGroupSetupIPv416(void)
3514 {
3515  DetectAddressHead *gh = DetectAddressHeadInit();
3516  FAIL_IF_NULL(gh);
3517 
3518  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3519  FAIL_IF_NOT(r == 1);
3520 
3521  DetectAddress *one = gh->ipv4_head;
3522  FAIL_IF_NULL(one);
3523  FAIL_IF_NOT_NULL(one->next);
3524 
3525  /* result should be:
3526  * 0.0.0.0/255.255.255.254
3527  */
3528  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3529  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3530 
3531  DetectAddressHeadFree(gh);
3532  PASS;
3533 }
3534 
3535 static int AddressTestAddressGroupSetup14(void)
3536 {
3537  int result = 0;
3538  DetectAddressHead *gh = DetectAddressHeadInit();
3539 
3540  if (gh != NULL) {
3541  int r = DetectAddressParse(NULL, gh, "2001::1");
3542  if (r == 0)
3543  result = 1;
3544 
3545  DetectAddressHeadFree(gh);
3546  }
3547  return result;
3548 }
3549 
3550 static int AddressTestAddressGroupSetup15(void)
3551 {
3552  int result = 0;
3553  DetectAddressHead *gh = DetectAddressHeadInit();
3554 
3555  if (gh != NULL) {
3556  int r = DetectAddressParse(NULL, gh, "2001::1");
3557  if (r == 0 && gh->ipv6_head != NULL)
3558  result = 1;
3559 
3560  DetectAddressHeadFree(gh);
3561  }
3562  return result;
3563 }
3564 
3565 static int AddressTestAddressGroupSetup16(void)
3566 {
3567  int result = 0;
3568  DetectAddressHead *gh = DetectAddressHeadInit();
3569 
3570  if (gh != NULL) {
3571  int r = DetectAddressParse(NULL, gh, "2001::4");
3572  if (r == 0 && gh->ipv6_head != NULL) {
3573  DetectAddress *prev_head = gh->ipv6_head;
3574 
3575  r = DetectAddressParse(NULL, gh, "2001::3");
3576  if (r == 0 && gh->ipv6_head != prev_head &&
3577  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3578  result = 1;
3579  }
3580  }
3581 
3582  DetectAddressHeadFree(gh);
3583  }
3584  return result;
3585 }
3586 
3587 static int AddressTestAddressGroupSetup17(void)
3588 {
3589  int result = 0;
3590  DetectAddressHead *gh = DetectAddressHeadInit();
3591 
3592  if (gh != NULL) {
3593  int r = DetectAddressParse(NULL, gh, "2001::4");
3594  if (r == 0 && gh->ipv6_head != NULL) {
3595  DetectAddress *prev_head = gh->ipv6_head;
3596 
3597  r = DetectAddressParse(NULL, gh, "2001::3");
3598  if (r == 0 && gh->ipv6_head != prev_head &&
3599  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3600  DetectAddress *ph = gh->ipv6_head;
3601 
3602  r = DetectAddressParse(NULL, gh, "2001::2");
3603  if (r == 0 && gh->ipv6_head != ph &&
3604  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3605  result = 1;
3606  }
3607  }
3608  }
3609 
3610  DetectAddressHeadFree(gh);
3611  }
3612  return result;
3613 }
3614 
3615 static int AddressTestAddressGroupSetup18(void)
3616 {
3617  int result = 0;
3618  DetectAddressHead *gh = DetectAddressHeadInit();
3619 
3620  if (gh != NULL) {
3621  int r = DetectAddressParse(NULL, gh, "2001::2");
3622  if (r == 0 && gh->ipv6_head != NULL) {
3623  DetectAddress *prev_head = gh->ipv6_head;
3624 
3625  r = DetectAddressParse(NULL, gh, "2001::3");
3626  if (r == 0 && gh->ipv6_head == prev_head &&
3627  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3628  DetectAddress *ph = gh->ipv6_head;
3629 
3630  r = DetectAddressParse(NULL, gh, "2001::4");
3631  if (r == 0 && gh->ipv6_head == ph &&
3632  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3633  result = 1;
3634  }
3635  }
3636  }
3637 
3638  DetectAddressHeadFree(gh);
3639  }
3640  return result;
3641 }
3642 
3643 static int AddressTestAddressGroupSetup19(void)
3644 {
3645  int result = 0;
3646  DetectAddressHead *gh = DetectAddressHeadInit();
3647 
3648  if (gh != NULL) {
3649  int r = DetectAddressParse(NULL, gh, "2001::2");
3650  if (r == 0 && gh->ipv6_head != NULL) {
3651  DetectAddress *prev_head = gh->ipv6_head;
3652 
3653  r = DetectAddressParse(NULL, gh, "2001::2");
3654  if (r == 0 && gh->ipv6_head == prev_head &&
3655  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3656  result = 1;
3657  }
3658  }
3659 
3660  DetectAddressHeadFree(gh);
3661  }
3662  return result;
3663 }
3664 
3665 static int AddressTestAddressGroupSetup20(void)
3666 {
3667  int result = 0;
3668  DetectAddressHead *gh = DetectAddressHeadInit();
3669 
3670  if (gh != NULL) {
3671  int r = DetectAddressParse(NULL, gh, "2000::/3");
3672  if (r == 0 && gh->ipv6_head != NULL) {
3673  r = DetectAddressParse(NULL, gh, "2001::4");
3674  if (r == 0 && gh->ipv6_head != NULL &&
3675  gh->ipv6_head->next != NULL &&
3676  gh->ipv6_head->next->next != NULL) {
3677  result = 1;
3678  }
3679  }
3680 
3681  DetectAddressHeadFree(gh);
3682  }
3683  return result;
3684 }
3685 
3686 static int AddressTestAddressGroupSetup21(void)
3687 {
3688  int result = 0;
3689  DetectAddressHead *gh = DetectAddressHeadInit();
3690 
3691  if (gh != NULL) {
3692  int r = DetectAddressParse(NULL, gh, "2001::4");
3693  if (r == 0 && gh->ipv6_head != NULL) {
3694  r = DetectAddressParse(NULL, gh, "2000::/3");
3695  if (r == 0 && gh->ipv6_head != NULL &&
3696  gh->ipv6_head->next != NULL &&
3697  gh->ipv6_head->next->next != NULL) {
3698  result = 1;
3699  }
3700  }
3701 
3702  DetectAddressHeadFree(gh);
3703  }
3704  return result;
3705 }
3706 
3707 static int AddressTestAddressGroupSetup22(void)
3708 {
3709  int result = 0;
3710  DetectAddressHead *gh = DetectAddressHeadInit();
3711 
3712  if (gh != NULL) {
3713  int r = DetectAddressParse(NULL, gh, "2000::/3");
3714  if (r == 0 && gh->ipv6_head != NULL) {
3715  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3716  if (r == 0 && gh->ipv6_head != NULL &&
3717  gh->ipv6_head->next != NULL &&
3718  gh->ipv6_head->next->next != NULL) {
3719  result = 1;
3720  }
3721  }
3722 
3723  DetectAddressHeadFree(gh);
3724  }
3725  return result;
3726 }
3727 
3728 static int AddressTestAddressGroupSetup23(void)
3729 {
3730  int result = 0;
3731  DetectAddressHead *gh = DetectAddressHeadInit();
3732 
3733  if (gh != NULL) {
3734  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3735  if (r == 0 && gh->ipv6_head != NULL) {
3736  r = DetectAddressParse(NULL, gh, "2000::/3");
3737  if (r == 0 && gh->ipv6_head != NULL &&
3738  gh->ipv6_head->next != NULL &&
3739  gh->ipv6_head->next->next != NULL) {
3740  result = 1;
3741  }
3742  }
3743 
3744  DetectAddressHeadFree(gh);
3745  }
3746  return result;
3747 }
3748 
3749 static int AddressTestAddressGroupSetup24(void)
3750 {
3751  int result = 0;
3752  DetectAddressHead *gh = DetectAddressHeadInit();
3753 
3754  if (gh != NULL) {
3755  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3756  if (r == 0) {
3757  r = DetectAddressParse(NULL, gh, "2001::/3");
3758  if (r == 0) {
3759  r = DetectAddressParse(NULL, gh, "::/0");
3760  if (r == 0) {
3761  DetectAddress *one = gh->ipv6_head, *two = one->next,
3762  *three = two->next, *four = three->next,
3763  *five = four->next;
3764  if (one->ip.addr_data32[0] == 0x00000000 &&
3765  one->ip.addr_data32[1] == 0x00000000 &&
3766  one->ip.addr_data32[2] == 0x00000000 &&
3767  one->ip.addr_data32[3] == 0x00000000 &&
3768  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3769  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3770  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3771  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3772 
3773  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3774  two->ip.addr_data32[1] == 0x00000000 &&
3775  two->ip.addr_data32[2] == 0x00000000 &&
3776  two->ip.addr_data32[3] == 0x00000000 &&
3777  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3778  two->ip2.addr_data32[1] == 0x00000000 &&
3779  two->ip2.addr_data32[2] == 0x00000000 &&
3780  two->ip2.addr_data32[3] == SCNtohl(3) &&
3781 
3782  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3783  three->ip.addr_data32[1] == 0x00000000 &&
3784  three->ip.addr_data32[2] == 0x00000000 &&
3785  three->ip.addr_data32[3] == SCNtohl(4) &&
3786  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3787  three->ip2.addr_data32[1] == 0x00000000 &&
3788  three->ip2.addr_data32[2] == 0x00000000 &&
3789  three->ip2.addr_data32[3] == SCNtohl(6) &&
3790 
3791  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3792  four->ip.addr_data32[1] == 0x00000000 &&
3793  four->ip.addr_data32[2] == 0x00000000 &&
3794  four->ip.addr_data32[3] == SCNtohl(7) &&
3795  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3796  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3797  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3798  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3799 
3800  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3801  five->ip.addr_data32[1] == 0x00000000 &&
3802  five->ip.addr_data32[2] == 0x00000000 &&
3803  five->ip.addr_data32[3] == 0x00000000 &&
3804  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3805  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3806  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3807  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3808  result = 1;
3809  }
3810  }
3811  }
3812  }
3813 
3814  DetectAddressHeadFree(gh);
3815  }
3816  return result;
3817 }
3818 
3819 static int AddressTestAddressGroupSetup25(void)
3820 {
3821  int result = 0;
3822  DetectAddressHead *gh = DetectAddressHeadInit();
3823 
3824  if (gh != NULL) {
3825  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3826  if (r == 0) {
3827  r = DetectAddressParse(NULL, gh, "::/0");
3828  if (r == 0) {
3829  r = DetectAddressParse(NULL, gh, "2001::/3");
3830  if (r == 0) {
3831  DetectAddress *one = gh->ipv6_head, *two = one->next,
3832  *three = two->next, *four = three->next,
3833  *five = four->next;
3834  if (one->ip.addr_data32[0] == 0x00000000 &&
3835  one->ip.addr_data32[1] == 0x00000000 &&
3836  one->ip.addr_data32[2] == 0x00000000 &&
3837  one->ip.addr_data32[3] == 0x00000000 &&
3838  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3839  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3840  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3841  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3842 
3843  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3844  two->ip.addr_data32[1] == 0x00000000 &&
3845  two->ip.addr_data32[2] == 0x00000000 &&
3846  two->ip.addr_data32[3] == 0x00000000 &&
3847  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3848  two->ip2.addr_data32[1] == 0x00000000 &&
3849  two->ip2.addr_data32[2] == 0x00000000 &&
3850  two->ip2.addr_data32[3] == SCNtohl(3) &&
3851 
3852  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3853  three->ip.addr_data32[1] == 0x00000000 &&
3854  three->ip.addr_data32[2] == 0x00000000 &&
3855  three->ip.addr_data32[3] == SCNtohl(4) &&
3856  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3857  three->ip2.addr_data32[1] == 0x00000000 &&
3858  three->ip2.addr_data32[2] == 0x00000000 &&
3859  three->ip2.addr_data32[3] == SCNtohl(6) &&
3860 
3861  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3862  four->ip.addr_data32[1] == 0x00000000 &&
3863  four->ip.addr_data32[2] == 0x00000000 &&
3864  four->ip.addr_data32[3] == SCNtohl(7) &&
3865  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3866  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3867  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3868  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3869 
3870  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3871  five->ip.addr_data32[1] == 0x00000000 &&
3872  five->ip.addr_data32[2] == 0x00000000 &&
3873  five->ip.addr_data32[3] == 0x00000000 &&
3874  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3875  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3876  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3877  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3878  result = 1;
3879  }
3880  }
3881  }
3882  }
3883 
3884  DetectAddressHeadFree(gh);
3885  }
3886  return result;
3887 }
3888 
3889 static int AddressTestAddressGroupSetup26(void)
3890 {
3891  int result = 0;
3892  DetectAddressHead *gh = DetectAddressHeadInit();
3893 
3894  if (gh != NULL) {
3895  int r = DetectAddressParse(NULL, gh, "::/0");
3896  if (r == 0) {
3897  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3898  if (r == 0) {
3899  r = DetectAddressParse(NULL, gh, "2001::/3");
3900  if (r == 0) {
3901  DetectAddress *one = gh->ipv6_head, *two = one->next,
3902  *three = two->next, *four = three->next,
3903  *five = four->next;
3904  if (one->ip.addr_data32[0] == 0x00000000 &&
3905  one->ip.addr_data32[1] == 0x00000000 &&
3906  one->ip.addr_data32[2] == 0x00000000 &&
3907  one->ip.addr_data32[3] == 0x00000000 &&
3908  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3909  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3910  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3911  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3912 
3913  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3914  two->ip.addr_data32[1] == 0x00000000 &&
3915  two->ip.addr_data32[2] == 0x00000000 &&
3916  two->ip.addr_data32[3] == 0x00000000 &&
3917  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3918  two->ip2.addr_data32[1] == 0x00000000 &&
3919  two->ip2.addr_data32[2] == 0x00000000 &&
3920  two->ip2.addr_data32[3] == SCNtohl(3) &&
3921 
3922  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3923  three->ip.addr_data32[1] == 0x00000000 &&
3924  three->ip.addr_data32[2] == 0x00000000 &&
3925  three->ip.addr_data32[3] == SCNtohl(4) &&
3926  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3927  three->ip2.addr_data32[1] == 0x00000000 &&
3928  three->ip2.addr_data32[2] == 0x00000000 &&
3929  three->ip2.addr_data32[3] == SCNtohl(6) &&
3930 
3931  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3932  four->ip.addr_data32[1] == 0x00000000 &&
3933  four->ip.addr_data32[2] == 0x00000000 &&
3934  four->ip.addr_data32[3] == SCNtohl(7) &&
3935  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3936  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3937  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3938  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3939 
3940  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3941  five->ip.addr_data32[1] == 0x00000000 &&
3942  five->ip.addr_data32[2] == 0x00000000 &&
3943  five->ip.addr_data32[3] == 0x00000000 &&
3944  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3945  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3946  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3947  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3948  result = 1;
3949  }
3950  }
3951  }
3952  }
3953 
3954  DetectAddressHeadFree(gh);
3955  }
3956  return result;
3957 }
3958 
3959 static int AddressTestAddressGroupSetup27(void)
3960 {
3961  int result = 0;
3962  DetectAddressHead *gh = DetectAddressHeadInit();
3963 
3964  if (gh != NULL) {
3965  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3966  if (r == 0)
3967  result = 1;
3968 
3969  DetectAddressHeadFree(gh);
3970  }
3971  return result;
3972 }
3973 
3974 static int AddressTestAddressGroupSetup28(void)
3975 {
3976  int result = 0;
3977  DetectAddressHead *gh = DetectAddressHeadInit();
3978 
3979  if (gh != NULL) {
3980  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3981  if (r == 0)
3982  result = 1;
3983 
3984  DetectAddressHeadFree(gh);
3985  }
3986  return result;
3987 }
3988 
3989 static int AddressTestAddressGroupSetup29(void)
3990 {
3991  int result = 0;
3992  DetectAddressHead *gh = DetectAddressHeadInit();
3993 
3994  if (gh != NULL) {
3995  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3996  if (r == 0)
3997  result = 1;
3998 
3999  DetectAddressHeadFree(gh);
4000  }
4001  return result;
4002 }
4003 
4004 static int AddressTestAddressGroupSetup30(void)
4005 {
4006  int result = 0;
4007  DetectAddressHead *gh = DetectAddressHeadInit();
4008 
4009  if (gh != NULL) {
4010  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4011  if (r == 0)
4012  result = 1;
4013 
4014  DetectAddressHeadFree(gh);
4015  }
4016  return result;
4017 }
4018 
4019 static int AddressTestAddressGroupSetup31(void)
4020 {
4021  int result = 0;
4022  DetectAddressHead *gh = DetectAddressHeadInit();
4023 
4024  if (gh != NULL) {
4025  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4026  if (r == 0)
4027  result = 1;
4028 
4029  DetectAddressHeadFree(gh);
4030  }
4031  return result;
4032 }
4033 
4034 static int AddressTestAddressGroupSetup32(void)
4035 {
4036  int result = 0;
4037  DetectAddressHead *gh = DetectAddressHeadInit();
4038 
4039  if (gh != NULL) {
4040  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4041  if (r == 0)
4042  result = 1;
4043 
4044  DetectAddressHeadFree(gh);
4045  }
4046  return result;
4047 }
4048 
4049 static int AddressTestAddressGroupSetup33(void)
4050 {
4051  int result = 0;
4052  DetectAddressHead *gh = DetectAddressHeadInit();
4053 
4054  if (gh != NULL) {
4055  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4056  if (r == 1)
4057  result = 1;
4058 
4059  DetectAddressHeadFree(gh);
4060  }
4061  return result;
4062 }
4063 
4064 static int AddressTestAddressGroupSetup34(void)
4065 {
4066  int result = 0;
4067  DetectAddressHead *gh = DetectAddressHeadInit();
4068 
4069  if (gh != NULL) {
4070  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4071  if (r == 1)
4072  result = 1;
4073 
4074  DetectAddressHeadFree(gh);
4075  }
4076  return result;
4077 }
4078 
4079 static int AddressTestAddressGroupSetup35(void)
4080 {
4081  int result = 0;
4082  DetectAddressHead *gh = DetectAddressHeadInit();
4083 
4084  if (gh != NULL) {
4085  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4086  if (r == 1)
4087  result = 1;
4088 
4089  DetectAddressHeadFree(gh);
4090  }
4091  return result;
4092 }
4093 
4094 static int AddressTestAddressGroupSetup36 (void)
4095 {
4096  int result = 0;
4097 
4098  DetectAddressHead *gh = DetectAddressHeadInit();
4099  if (gh != NULL) {
4100  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4101  if (r == 1)
4102  result = 1;
4103 
4104  DetectAddressHeadFree(gh);
4105  }
4106  return result;
4107 }
4108 
4109 static int AddressTestAddressGroupSetup37(void)
4110 {
4111  int result = 0;
4112  DetectAddressHead *gh = DetectAddressHeadInit();
4113 
4114  if (gh != NULL) {
4115  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4116  if (r == 0)
4117  result = 1;
4118 
4119  DetectAddressHeadFree(gh);
4120  }
4121  return result;
4122 }
4123 
4124 static int AddressTestAddressGroupSetup38(void)
4125 {
4126  UTHValidateDetectAddressHeadRange expectations[3] = {
4127  { "0.0.0.0", "192.167.255.255" },
4128  { "192.168.14.0", "192.168.14.255" },
4129  { "192.169.0.0", "255.255.255.255" } };
4130  int result = 0;
4131  DetectAddressHead *gh = DetectAddressHeadInit();
4132 
4133  if (gh != NULL) {
4134  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4135  if (r == 1) {
4136  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4137  result = 1;
4138  }
4139 
4140  DetectAddressHeadFree(gh);
4141  }
4142  return result;
4143 }
4144 
4145 static int AddressTestAddressGroupSetup39(void)
4146 {
4147  UTHValidateDetectAddressHeadRange expectations[3] = {
4148  { "0.0.0.0", "192.167.255.255" },
4149  { "192.168.14.0", "192.168.14.255" },
4150  { "192.169.0.0", "255.255.255.255" } };
4151  int result = 0;
4152  DetectAddressHead *gh = DetectAddressHeadInit();
4153 
4154  if (gh != NULL) {
4155  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4156  if (r == 1) {
4157  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4158  result = 1;
4159  }
4160 
4161  DetectAddressHeadFree(gh);
4162  }
4163  return result;
4164 }
4165 
4166 static int AddressTestAddressGroupSetup40(void)
4167 {
4168  UTHValidateDetectAddressHeadRange expectations[3] = {
4169  { "0.0.0.0", "192.167.255.255" },
4170  { "192.168.14.0", "192.168.14.255" },
4171  { "192.169.0.0", "255.255.255.255" } };
4172  int result = 0;
4173  DetectAddressHead *gh = DetectAddressHeadInit();
4174  if (gh != NULL) {
4175  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4176  if (r == 1) {
4177  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4178  result = 1;
4179  }
4180 
4181  DetectAddressHeadFree(gh);
4182  }
4183  return result;
4184 }
4185 
4186 static int AddressTestAddressGroupSetup41(void)
4187 {
4188  UTHValidateDetectAddressHeadRange expectations[3] = {
4189  { "0.0.0.0", "192.167.255.255" },
4190  { "192.168.14.0", "192.168.14.255" },
4191  { "192.169.0.0", "255.255.255.255" } };
4192  int result = 0;
4193  DetectAddressHead *gh = DetectAddressHeadInit();
4194  if (gh != NULL) {
4195  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4196  if (r == 1) {
4197  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4198  result = 1;
4199  }
4200 
4201  DetectAddressHeadFree(gh);
4202  }
4203  return result;
4204 }
4205 
4206 static int AddressTestAddressGroupSetup42(void)
4207 {
4208  UTHValidateDetectAddressHeadRange expectations[1] = {
4209  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4210  int result = 0;
4211  DetectAddressHead *gh = DetectAddressHeadInit();
4212  if (gh != NULL) {
4213  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4214  if (r == 0) {
4215  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4216  result = 1;
4217  }
4218 
4219  DetectAddressHeadFree(gh);
4220  }
4221  return result;
4222 }
4223 
4224 static int AddressTestAddressGroupSetup43(void)
4225 {
4226  UTHValidateDetectAddressHeadRange expectations[2] = {
4227  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4228  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4229  int result = 0;
4230  DetectAddressHead *gh = DetectAddressHeadInit();
4231  if (gh != NULL) {
4232  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4233  if (r == 1) {
4234  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4235  result = 1;
4236  }
4237 
4238  DetectAddressHeadFree(gh);
4239  }
4240  return result;
4241 }
4242 
4243 static int AddressTestAddressGroupSetup44(void)
4244 {
4245  UTHValidateDetectAddressHeadRange expectations[2] = {
4246  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4247  int result = 0;
4248  DetectAddressHead *gh = DetectAddressHeadInit();
4249  if (gh != NULL) {
4250  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4251  if (r == 0) {
4252  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4253  result = 1;
4254  }
4255 
4256  DetectAddressHeadFree(gh);
4257  }
4258  return result;
4259 }
4260 
4261 static int AddressTestAddressGroupSetup45(void)
4262 {
4263  int result = 0;
4264  DetectAddressHead *gh = DetectAddressHeadInit();
4265  if (gh != NULL) {
4266  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4267  if (r != 0) {
4268  result = 1;
4269  }
4270 
4271  DetectAddressHeadFree(gh);
4272  }
4273  return result;
4274 }
4275 
4276 static int AddressTestAddressGroupSetup46(void)
4277 {
4278  UTHValidateDetectAddressHeadRange expectations[4] = {
4279  { "0.0.0.0", "192.167.255.255" },
4280  { "192.168.1.0", "192.168.1.255" },
4281  { "192.168.3.0", "192.168.3.255" },
4282  { "192.169.0.0", "255.255.255.255" } };
4283  int result = 0;
4284  DetectAddressHead *gh = DetectAddressHeadInit();
4285  if (gh != NULL) {
4286  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4287  if (r == 1) {
4288  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4289  result = 1;
4290  }
4291 
4292  DetectAddressHeadFree(gh);
4293  }
4294  return result;
4295 }
4296 
4297 /** \test net with some negations, then all negated */
4298 static int AddressTestAddressGroupSetup47(void)
4299 {
4300  UTHValidateDetectAddressHeadRange expectations[5] = {
4301  { "0.0.0.0", "192.167.255.255" },
4302  { "192.168.1.0", "192.168.1.255" },
4303  { "192.168.3.0", "192.168.3.255" },
4304  { "192.168.5.0", "192.168.5.255" },
4305  { "192.169.0.0", "255.255.255.255" } };
4306  int result = 0;
4307  DetectAddressHead *gh = DetectAddressHeadInit();
4308  if (gh != NULL) {
4309  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4310  if (r == 1) {
4311  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4312  result = 1;
4313  }
4314 
4315  DetectAddressHeadFree(gh);
4316  }
4317  return result;
4318 }
4319 
4320 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4321 static int AddressTestAddressGroupSetup48(void)
4322 {
4323  UTHValidateDetectAddressHeadRange expectations[4] = {
4324  { "192.168.0.0", "192.168.0.255" },
4325  { "192.168.2.0", "192.168.2.255" },
4326  { "192.168.4.0", "192.168.4.255" },
4327  { "192.168.6.0", "192.168.255.255" } };
4328  int result = 0;
4329  DetectAddressHead *gh = DetectAddressHeadInit();
4330  if (gh != NULL) {
4331  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4332  if (r == 1) {
4333  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4334  result = 1;
4335  }
4336 
4337  DetectAddressHeadFree(gh);
4338  }
4339  return result;
4340 }
4341 
4342 static int AddressTestCutIPv401(void)
4343 {
4344  DetectAddress *c;
4345  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4346  FAIL_IF_NULL(a);
4347  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4348  FAIL_IF_NULL(b);
4349 
4350  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4351 
4352  DetectAddressFree(a);
4353  DetectAddressFree(b);
4354  DetectAddressFree(c);
4355  PASS;
4356 }
4357 
4358 static int AddressTestCutIPv402(void)
4359 {
4360  DetectAddress *a, *b, *c;
4361  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4362  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4363 
4364  if (DetectAddressCut(NULL, a, b, &c) == -1)
4365  goto error;
4366 
4367  if (c == NULL)
4368  goto error;
4369 
4370  DetectAddressFree(a);
4371  DetectAddressFree(b);
4372  DetectAddressFree(c);
4373  return 1;
4374 
4375 error:
4376  DetectAddressFree(a);
4377  DetectAddressFree(b);
4378  DetectAddressFree(c);
4379  return 0;
4380 }
4381 
4382 static int AddressTestCutIPv403(void)
4383 {
4384  DetectAddress *a, *b, *c;
4385  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4386  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4387 
4388  if (DetectAddressCut(NULL, a, b, &c) == -1)
4389  goto error;
4390 
4391  if (c == NULL)
4392  goto error;
4393 
4394  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4395  goto error;
4396  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4397  goto error;
4398  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4399  goto error;
4400 
4401  DetectAddressFree(a);
4402  DetectAddressFree(b);
4403  DetectAddressFree(c);
4404  return 1;
4405 
4406 error:
4407  DetectAddressFree(a);
4408  DetectAddressFree(b);
4409  DetectAddressFree(c);
4410  return 0;
4411 }
4412 
4413 static int AddressTestCutIPv404(void)
4414 {
4415  DetectAddress *a, *b, *c;
4416  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4417  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4418 
4419  if (DetectAddressCut(NULL, a, b, &c) == -1)
4420  goto error;
4421 
4422  if (c == NULL)
4423  goto error;
4424 
4425  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4426  goto error;
4427  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4428  goto error;
4429  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4430  goto error;
4431 
4432 
4433  DetectAddressFree(a);
4434  DetectAddressFree(b);
4435  DetectAddressFree(c);
4436  return 1;
4437 
4438 error:
4439  DetectAddressFree(a);
4440  DetectAddressFree(b);
4441  DetectAddressFree(c);
4442  return 0;
4443 }
4444 
4445 static int AddressTestCutIPv405(void)
4446 {
4447  DetectAddress *a, *b, *c;
4448  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4449  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4450 
4451  if (DetectAddressCut(NULL, a, b, &c) == -1)
4452  goto error;
4453 
4454  if (c == NULL)
4455  goto error;
4456 
4457  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4458  goto error;
4459  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4460  goto error;
4461  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4462  goto error;
4463 
4464  DetectAddressFree(a);
4465  DetectAddressFree(b);
4466  DetectAddressFree(c);
4467  return 1;
4468 
4469 error:
4470  DetectAddressFree(a);
4471  DetectAddressFree(b);
4472  DetectAddressFree(c);
4473  return 0;
4474 }
4475 
4476 static int AddressTestCutIPv406(void)
4477 {
4478  DetectAddress *a, *b, *c;
4479  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4480  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4481 
4482  if (DetectAddressCut(NULL, a, b, &c) == -1)
4483  goto error;
4484 
4485  if (c == NULL)
4486  goto error;
4487 
4488  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4489  goto error;
4490  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4491  goto error;
4492  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4493  goto error;
4494 
4495  DetectAddressFree(a);
4496  DetectAddressFree(b);
4497  DetectAddressFree(c);
4498  return 1;
4499 
4500 error:
4501  DetectAddressFree(a);
4502  DetectAddressFree(b);
4503  DetectAddressFree(c);
4504  return 0;
4505 }
4506 
4507 static int AddressTestCutIPv407(void)
4508 {
4509  DetectAddress *a, *b, *c;
4510  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4511  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4512 
4513  if (DetectAddressCut(NULL, a, b, &c) == -1)
4514  goto error;
4515 
4516  if (c != NULL)
4517  goto error;
4518 
4519  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4520  goto error;
4521  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4522  goto error;
4523 
4524  DetectAddressFree(a);
4525  DetectAddressFree(b);
4526  DetectAddressFree(c);
4527  return 1;
4528 
4529 error:
4530  DetectAddressFree(a);
4531  DetectAddressFree(b);
4532  DetectAddressFree(c);
4533  return 0;
4534 }
4535 
4536 static int AddressTestCutIPv408(void)
4537 {
4538  DetectAddress *a, *b, *c;
4539  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4540  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4541 
4542  if (DetectAddressCut(NULL, a, b, &c) == -1)
4543  goto error;
4544 
4545  if (c != NULL)
4546  goto error;
4547 
4548  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4549  goto error;
4550  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4551  goto error;
4552 
4553  DetectAddressFree(a);
4554  DetectAddressFree(b);
4555  DetectAddressFree(c);
4556  return 1;
4557 
4558 error:
4559  DetectAddressFree(a);
4560  DetectAddressFree(b);
4561  DetectAddressFree(c);
4562  return 0;
4563 }
4564 
4565 static int AddressTestCutIPv409(void)
4566 {
4567  DetectAddress *a, *b, *c;
4568  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4569  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4570 
4571  if (DetectAddressCut(NULL, a, b, &c) == -1)
4572  goto error;
4573 
4574  if (c != NULL)
4575  goto error;
4576 
4577  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4578  goto error;
4579  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4580  goto error;
4581 
4582  DetectAddressFree(a);
4583  DetectAddressFree(b);
4584  DetectAddressFree(c);
4585  return 1;
4586 
4587 error:
4588  DetectAddressFree(a);
4589  DetectAddressFree(b);
4590  DetectAddressFree(c);
4591  return 0;
4592 }
4593 
4594 static int AddressTestCutIPv410(void)
4595 {
4596  DetectAddress *a, *b, *c;
4597  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4598  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4599 
4600  if (DetectAddressCut(NULL, a, b, &c) == -1)
4601  goto error;
4602 
4603  if (c != NULL)
4604  goto error;
4605 
4606  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4607  goto error;
4608  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4609  goto error;
4610 
4611  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4612 
4613  DetectAddressFree(a);
4614  DetectAddressFree(b);
4615  DetectAddressFree(c);
4616  return 1;
4617 
4618 error:
4619  DetectAddressFree(a);
4620  DetectAddressFree(b);
4621  DetectAddressFree(c);
4622  return 0;
4623 }
4624 
4625 static int AddressTestParseInvalidMask01(void)
4626 {
4627  int result = 1;
4628  DetectAddress *dd = NULL;
4629 
4630  dd = DetectAddressParseSingle("192.168.2.0/33");
4631  if (dd != NULL) {
4632  DetectAddressFree(dd);
4633  result = 0;
4634  }
4635  return result;
4636 }
4637 
4638 static int AddressTestParseInvalidMask02(void)
4639 {
4640  int result = 1;
4641  DetectAddress *dd = NULL;
4642 
4643  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4644  if (dd != NULL) {
4645  DetectAddressFree(dd);
4646  result = 0;
4647  }
4648  return result;
4649 }
4650 
4651 static int AddressTestParseInvalidMask03(void)
4652 {
4653  int result = 1;
4654  DetectAddress *dd = NULL;
4655 
4656  dd = DetectAddressParseSingle("192.168.2.0/blue");
4657  if (dd != NULL) {
4658  DetectAddressFree(dd);
4659  result = 0;
4660  }
4661  return result;
4662 }
4663 
4664 static int AddressConfVarsTest01(void)
4665 {
4666  static const char *dummy_conf_string =
4667  "%YAML 1.1\n"
4668  "---\n"
4669  "\n"
4670  "vars:\n"
4671  "\n"
4672  " address-groups:\n"
4673  "\n"
4674  " HOME_NET: \"any\"\n"
4675  "\n"
4676  " EXTERNAL_NET: \"!any\"\n"
4677  "\n"
4678  " port-groups:\n"
4679  "\n"
4680  " HTTP_PORTS: \"any\"\n"
4681  "\n"
4682  " SHELLCODE_PORTS: \"!any\"\n"
4683  "\n";
4684 
4685  int result = 0;
4686 
4688  ConfInit();
4689  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4690 
4692  result = 1;
4693 
4694  ConfDeInit();
4696 
4697  return result;
4698 }
4699 
4700 static int AddressConfVarsTest02(void)
4701 {
4702  static const char *dummy_conf_string =
4703  "%YAML 1.1\n"
4704  "---\n"
4705  "\n"
4706  "vars:\n"
4707  "\n"
4708  " address-groups:\n"
4709  "\n"
4710  " HOME_NET: \"any\"\n"
4711  "\n"
4712  " EXTERNAL_NET: \"any\"\n"
4713  "\n"
4714  " port-groups:\n"
4715  "\n"
4716  " HTTP_PORTS: \"any\"\n"
4717  "\n"
4718  " SHELLCODE_PORTS: \"!any\"\n"
4719  "\n";
4720 
4721  int result = 0;
4722 
4724  ConfInit();
4725  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4726 
4728  result = 1;
4729 
4730  ConfDeInit();
4732 
4733  return result;
4734 }
4735 
4736 static int AddressConfVarsTest03(void)
4737 {
4738  static const char *dummy_conf_string =
4739  "%YAML 1.1\n"
4740  "---\n"
4741  "\n"
4742  "vars:\n"
4743  "\n"
4744  " address-groups:\n"
4745  "\n"
4746  " HOME_NET: \"any\"\n"
4747  "\n"
4748  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4749  "\n"
4750  " port-groups:\n"
4751  "\n"
4752  " HTTP_PORTS: \"any\"\n"
4753  "\n"
4754  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4755  "\n";
4756 
4757  int result = 0;
4758 
4760  ConfInit();
4761  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4762 
4764  result = 1;
4765 
4766  ConfDeInit();
4768 
4769  return result;
4770 }
4771 
4772 static int AddressConfVarsTest04(void)
4773 {
4774  static const char *dummy_conf_string =
4775  "%YAML 1.1\n"
4776  "---\n"
4777  "\n"
4778  "vars:\n"
4779  "\n"
4780  " address-groups:\n"
4781  "\n"
4782  " HOME_NET: \"any\"\n"
4783  "\n"
4784  " EXTERNAL_NET: \"$HOME_NET\"\n"
4785  "\n"
4786  " port-groups:\n"
4787  "\n"
4788  " HTTP_PORTS: \"any\"\n"
4789  "\n"
4790  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4791  "\n";
4792 
4793  int result = 0;
4794 
4796  ConfInit();
4797  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4798 
4800  result = 1;
4801 
4802  ConfDeInit();
4804 
4805  return result;
4806 }
4807 
4808 static int AddressConfVarsTest05(void)
4809 {
4810  static const char *dummy_conf_string =
4811  "%YAML 1.1\n"
4812  "---\n"
4813  "\n"
4814  "vars:\n"
4815  "\n"
4816  " address-groups:\n"
4817  "\n"
4818  " HOME_NET: \"any\"\n"
4819  "\n"
4820  " EXTERNAL_NET: [192.168.0.1]\n"
4821  "\n"
4822  " port-groups:\n"
4823  "\n"
4824  " HTTP_PORTS: \"any\"\n"
4825  "\n"
4826  " SHELLCODE_PORTS: [80]\n"
4827  "\n";
4828 
4829  int result = 0;
4830 
4832  ConfInit();
4833  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4834 
4835  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4836  goto end;
4837 
4838  result = 1;
4839 
4840  end:
4841  ConfDeInit();
4843 
4844  return result;
4845 }
4846 
4847 static int AddressConfVarsTest06(void)
4848 {
4849  // HOME_NET value size = 10261 bytes
4850  static const char *dummy_conf_string =
4851  "%YAML 1.1\n"
4852  "---\n"
4853  "\n"
4854  "vars:\n"
4855  "\n"
4856  " address-groups:\n"
4857  "\n"
4858  " HOME_NET: "
4859  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4992  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4993  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4994  "\n"
4995  " EXTERNAL_NET: \"any\"\n"
4996  "\n";
4997 
4999  ConfInit();
5000  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
5001 
5003 
5004  ConfDeInit();
5006 
5007  PASS;
5008 }
5009 
5010 #endif /* UNITTESTS */
5011 
5012 void DetectAddressTests(void)
5013 {
5014 #ifdef UNITTESTS
5017 
5018  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5019  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5020  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5021  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5022  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5023  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5024  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5025  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5026  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5027  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5028  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5029  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5030  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5031  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5032  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5033  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5034  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5035  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5036  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5037  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5038  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5039  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5040  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5041  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5042  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5043  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5044  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5045  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5046  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5047  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5048  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5049  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5050  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5051  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5052  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5053  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5054  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5055  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5056 
5057  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5058  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5059  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5060  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5061  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5062  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5063  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5064  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5065  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5066  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5067  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5068 
5069  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5070  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5071  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5072  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5073  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5074  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5075  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5076  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5077 
5078  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5079  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5080  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5081  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5082  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5083  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5084 
5085  UtRegisterTest("AddressTestAddressGroupSetup01",
5086  AddressTestAddressGroupSetup01);
5087  UtRegisterTest("AddressTestAddressGroupSetup02",
5088  AddressTestAddressGroupSetup02);
5089  UtRegisterTest("AddressTestAddressGroupSetup03",
5090  AddressTestAddressGroupSetup03);
5091  UtRegisterTest("AddressTestAddressGroupSetup04",
5092  AddressTestAddressGroupSetup04);
5093  UtRegisterTest("AddressTestAddressGroupSetup05",
5094  AddressTestAddressGroupSetup05);
5095  UtRegisterTest("AddressTestAddressGroupSetup06",
5096  AddressTestAddressGroupSetup06);
5097  UtRegisterTest("AddressTestAddressGroupSetup07",
5098  AddressTestAddressGroupSetup07);
5099  UtRegisterTest("AddressTestAddressGroupSetup08",
5100  AddressTestAddressGroupSetup08);
5101  UtRegisterTest("AddressTestAddressGroupSetup09",
5102  AddressTestAddressGroupSetup09);
5103  UtRegisterTest("AddressTestAddressGroupSetup10",
5104  AddressTestAddressGroupSetup10);
5105  UtRegisterTest("AddressTestAddressGroupSetup11",
5106  AddressTestAddressGroupSetup11);
5107  UtRegisterTest("AddressTestAddressGroupSetup12",
5108  AddressTestAddressGroupSetup12);
5109  UtRegisterTest("AddressTestAddressGroupSetup13",
5110  AddressTestAddressGroupSetup13);
5111  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5112  AddressTestAddressGroupSetupIPv414);
5113  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5114  AddressTestAddressGroupSetupIPv415);
5115  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5116  AddressTestAddressGroupSetupIPv416);
5117 
5118  UtRegisterTest("AddressTestAddressGroupSetup14",
5119  AddressTestAddressGroupSetup14);
5120  UtRegisterTest("AddressTestAddressGroupSetup15",
5121  AddressTestAddressGroupSetup15);
5122  UtRegisterTest("AddressTestAddressGroupSetup16",
5123  AddressTestAddressGroupSetup16);
5124  UtRegisterTest("AddressTestAddressGroupSetup17",
5125  AddressTestAddressGroupSetup17);
5126  UtRegisterTest("AddressTestAddressGroupSetup18",
5127  AddressTestAddressGroupSetup18);
5128  UtRegisterTest("AddressTestAddressGroupSetup19",
5129  AddressTestAddressGroupSetup19);
5130  UtRegisterTest("AddressTestAddressGroupSetup20",
5131  AddressTestAddressGroupSetup20);
5132  UtRegisterTest("AddressTestAddressGroupSetup21",
5133  AddressTestAddressGroupSetup21);
5134  UtRegisterTest("AddressTestAddressGroupSetup22",
5135  AddressTestAddressGroupSetup22);
5136  UtRegisterTest("AddressTestAddressGroupSetup23",
5137  AddressTestAddressGroupSetup23);
5138  UtRegisterTest("AddressTestAddressGroupSetup24",
5139  AddressTestAddressGroupSetup24);
5140  UtRegisterTest("AddressTestAddressGroupSetup25",
5141  AddressTestAddressGroupSetup25);
5142  UtRegisterTest("AddressTestAddressGroupSetup26",
5143  AddressTestAddressGroupSetup26);
5144 
5145  UtRegisterTest("AddressTestAddressGroupSetup27",
5146  AddressTestAddressGroupSetup27);
5147  UtRegisterTest("AddressTestAddressGroupSetup28",
5148  AddressTestAddressGroupSetup28);
5149  UtRegisterTest("AddressTestAddressGroupSetup29",
5150  AddressTestAddressGroupSetup29);
5151  UtRegisterTest("AddressTestAddressGroupSetup30",
5152  AddressTestAddressGroupSetup30);
5153  UtRegisterTest("AddressTestAddressGroupSetup31",
5154  AddressTestAddressGroupSetup31);
5155  UtRegisterTest("AddressTestAddressGroupSetup32",
5156  AddressTestAddressGroupSetup32);
5157  UtRegisterTest("AddressTestAddressGroupSetup33",
5158  AddressTestAddressGroupSetup33);
5159  UtRegisterTest("AddressTestAddressGroupSetup34",
5160  AddressTestAddressGroupSetup34);
5161  UtRegisterTest("AddressTestAddressGroupSetup35",
5162  AddressTestAddressGroupSetup35);
5163  UtRegisterTest("AddressTestAddressGroupSetup36",
5164  AddressTestAddressGroupSetup36);
5165  UtRegisterTest("AddressTestAddressGroupSetup37",
5166  AddressTestAddressGroupSetup37);
5167  UtRegisterTest("AddressTestAddressGroupSetup38",
5168  AddressTestAddressGroupSetup38);
5169  UtRegisterTest("AddressTestAddressGroupSetup39",
5170  AddressTestAddressGroupSetup39);
5171  UtRegisterTest("AddressTestAddressGroupSetup40",
5172  AddressTestAddressGroupSetup40);
5173  UtRegisterTest("AddressTestAddressGroupSetup41",
5174  AddressTestAddressGroupSetup41);
5175  UtRegisterTest("AddressTestAddressGroupSetup42",
5176  AddressTestAddressGroupSetup42);
5177  UtRegisterTest("AddressTestAddressGroupSetup43",
5178  AddressTestAddressGroupSetup43);
5179  UtRegisterTest("AddressTestAddressGroupSetup44",
5180  AddressTestAddressGroupSetup44);
5181  UtRegisterTest("AddressTestAddressGroupSetup45",
5182  AddressTestAddressGroupSetup45);
5183  UtRegisterTest("AddressTestAddressGroupSetup46",
5184  AddressTestAddressGroupSetup46);
5185  UtRegisterTest("AddressTestAddressGroupSetup47",
5186  AddressTestAddressGroupSetup47);
5187  UtRegisterTest("AddressTestAddressGroupSetup48",
5188  AddressTestAddressGroupSetup48);
5189 
5190  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5191  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5192  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5193  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5194  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5195  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5196  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5197  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5198  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5199  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5200 
5201  UtRegisterTest("AddressTestParseInvalidMask01",
5202  AddressTestParseInvalidMask01);
5203  UtRegisterTest("AddressTestParseInvalidMask02",
5204  AddressTestParseInvalidMask02);
5205  UtRegisterTest("AddressTestParseInvalidMask03",
5206  AddressTestParseInvalidMask03);
5207 
5208  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5209  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5210  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5211  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5212  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5213  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5214 #endif /* UNITTESTS */
5215 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:132
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1411
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1313
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:115
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1605
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:130
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
DetectAddressHead_
Definition: detect.h:145
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:119
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1490
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:55
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:121
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1358
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:117
Address_
Definition: decode.h:113
Address_::address
union Address_::@32 address
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1169
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1816
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:139
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1899
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:298
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:274
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:487
DetectAddress_::ip2
Address ip2
Definition: detect.h:133
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1051
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
turn 32 bit mask into CIDR
Definition: util-cidr.c:33
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:118
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:314
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:114
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:654
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:120
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:215
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
Flow_::next
struct Flow_ * next
Definition: flow.h:404
DetectAddressMap_
Definition: detect-engine-address.c:1310
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:147
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:80
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:116
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1638
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:938
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:255
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:666
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1347
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:183
str
#define str(s)
Definition: suricata-common.h:272
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1898
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1312
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:394
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:141
DetectMatchAddressIPv6_
Definition: detect.h:156
DetectMatchAddressIPv4_
Definition: detect.h:151
Address_::family
char family
Definition: decode.h:114
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1451
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:677
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:124
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1900
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:128
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:302
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:136
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1578
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:146
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1311
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162