suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
129 {
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Parses an ipv4/ipv6 address string and updates the result into the
393  * DetectAddress instance sent as the argument.
394  *
395  * \param dd Pointer to the DetectAddress instance which should be updated with
396  * the address range details from the parsed ip string.
397  * \param str Pointer to address string that has to be parsed.
398  *
399  * \retval 0 On successfully parsing the address string.
400  * \retval -1 On failure.
401  */
402 static int DetectAddressParseString(DetectAddress *dd, const char *str)
403 {
404  char *ip = NULL;
405  char *ip2 = NULL;
406  char *mask = NULL;
407  int r = 0;
408  char ipstr[256];
409 
410  /* shouldn't see 'any' here */
411  BUG_ON(strcasecmp(str, "any") == 0);
412 
413  strlcpy(ipstr, str, sizeof(ipstr));
414  SCLogDebug("str %s", str);
415 
416  /* we work with a copy so that we can put a
417  * nul-termination in it later */
418  ip = ipstr;
419 
420  /* handle the negation case */
421  if (ip[0] == '!') {
422  dd->flags |= ADDRESS_FLAG_NOT;
423  ip++;
424  }
425 
426  /* see if the address is an ipv4 or ipv6 address */
427  if ((strchr(str, ':')) == NULL) {
428  /* IPv4 Address */
429  struct in_addr in;
430 
431  dd->ip.family = AF_INET;
432 
433  if ((mask = strchr(ip, '/')) != NULL) {
434  /* 1.2.3.4/xxx format (either dotted or cidr notation */
435  ip[mask - ip] = '\0';
436  mask++;
437  uint32_t ip4addr = 0;
438  uint32_t netmask = 0;
439 
440  if ((strchr (mask, '.')) == NULL) {
441  /* 1.2.3.4/24 format */
442 
443  for (size_t u = 0; u < strlen(mask); u++) {
444  if(!isdigit((unsigned char)mask[u]))
445  goto error;
446  }
447 
448  int cidr;
449  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
450  goto error;
451  netmask = CIDRGet(cidr);
452  } else {
453  /* 1.2.3.4/255.255.255.0 format */
454  r = inet_pton(AF_INET, mask, &in);
455  if (r <= 0)
456  goto error;
457 
458  netmask = in.s_addr;
459 
460  /* validate netmask */
461  int cidr = CIDRFromMask(netmask);
462  if (cidr < 0) {
463  SCLogError(
464  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
465  "CIDR notation are supported. See ticket #5168.",
466  mask);
467  goto error;
468  }
469  }
470 
471  r = inet_pton(AF_INET, ip, &in);
472  if (r <= 0)
473  goto error;
474 
475  ip4addr = in.s_addr;
476 
477  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
478  dd->ip2.addr_data32[0] |=~ netmask;
479  } else if ((ip2 = strchr(ip, '-')) != NULL) {
480  /* 1.2.3.4-1.2.3.6 range format */
481  ip[ip2 - ip] = '\0';
482  ip2++;
483 
484  r = inet_pton(AF_INET, ip, &in);
485  if (r <= 0)
486  goto error;
487  dd->ip.addr_data32[0] = in.s_addr;
488 
489  r = inet_pton(AF_INET, ip2, &in);
490  if (r <= 0)
491  goto error;
492  dd->ip2.addr_data32[0] = in.s_addr;
493 
494  /* a > b is illegal, a = b is ok */
495  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
496  goto error;
497  } else {
498  /* 1.2.3.4 format */
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502  /* single host */
503  dd->ip.addr_data32[0] = in.s_addr;
504  dd->ip2.addr_data32[0] = in.s_addr;
505  }
506  } else {
507  /* IPv6 Address */
508  struct in6_addr in6, mask6;
509  uint32_t ip6addr[4], netmask[4];
510 
511  dd->ip.family = AF_INET6;
512 
513  if ((mask = strchr(ip, '/')) != NULL) {
514  ip[mask - ip] = '\0';
515  mask++;
516 
517  int cidr;
518  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
519  goto error;
520 
521  r = inet_pton(AF_INET6, ip, &in6);
522  if (r <= 0)
523  goto error;
524  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
525 
526  CIDRGetIPv6(cidr, &mask6);
527  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
528 
529  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
530  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
531  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
532  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
533 
534  dd->ip2.addr_data32[0] |=~ netmask[0];
535  dd->ip2.addr_data32[1] |=~ netmask[1];
536  dd->ip2.addr_data32[2] |=~ netmask[2];
537  dd->ip2.addr_data32[3] |=~ netmask[3];
538  } else if ((ip2 = strchr(ip, '-')) != NULL) {
539  /* 2001::1-2001::4 range format */
540  ip[ip2 - ip] = '\0';
541  ip2++;
542 
543  r = inet_pton(AF_INET6, ip, &in6);
544  if (r <= 0)
545  goto error;
546  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
547 
548  r = inet_pton(AF_INET6, ip2, &in6);
549  if (r <= 0)
550  goto error;
551  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
552 
553  /* a > b is illegal, a=b is ok */
554  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
555  goto error;
556  } else {
557  r = inet_pton(AF_INET6, ip, &in6);
558  if (r <= 0)
559  goto error;
560 
561  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
562  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
563  }
564 
565  }
566 
567  BUG_ON(dd->ip.family == 0);
568 
569  return 0;
570 
571 error:
572  return -1;
573 }
574 
575 /**
576  * \internal
577  * \brief Simply parse an address and return a DetectAddress instance containing
578  * the address ranges of the parsed ip addressstring
579  *
580  * \param str Pointer to a character string containing the ip address
581  *
582  * \retval dd Pointer to the DetectAddress instance containing the address
583  * range details from the parsed ip string
584  */
585 static DetectAddress *DetectAddressParseSingle(const char *str)
586 {
587  SCLogDebug("str %s", str);
588 
590  if (dd == NULL)
591  return NULL;
592 
593  if (DetectAddressParseString(dd, str) < 0) {
594  SCLogDebug("AddressParse failed");
595  DetectAddressFree(dd);
596  return NULL;
597  }
598 
599  return dd;
600 }
601 
602 /**
603  * \brief Setup a single address string, parse it and add the resulting
604  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
605  *
606  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
607  * resulting Address-Range(s) from the parsed ip string has to
608  * be added.
609  * \param s Pointer to the ip address string to be parsed.
610  *
611  * \retval 0 On success.
612  * \retval -1 On failure.
613  */
614 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
615 {
616  SCLogDebug("gh %p, s %s", gh, s);
617 
618  while (*s != '\0' && isspace(*s))
619  s++;
620 
621  if (strcasecmp(s, "any") == 0) {
622  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
623 
624  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
625  if (ad == NULL)
626  return -1;
627 
628  BUG_ON(ad->ip.family == 0);
629 
630  if (DetectAddressInsert(NULL, gh, ad) < 0) {
631  SCLogDebug("DetectAddressInsert failed");
632  DetectAddressFree(ad);
633  return -1;
634  }
635 
636  ad = DetectAddressParseSingle("::/0");
637  if (ad == NULL)
638  return -1;
639 
640  BUG_ON(ad->ip.family == 0);
641 
642  if (DetectAddressInsert(NULL, gh, ad) < 0) {
643  SCLogDebug("DetectAddressInsert failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647  return 0;
648  }
649 
650  /* parse the address */
651  DetectAddress *ad = DetectAddressParseSingle(s);
652  if (ad == NULL) {
653  SCLogError("failed to parse address \"%s\"", s);
654  return -1;
655  }
656 
657  /* handle the not case, we apply the negation then insert the part(s) */
658  if (ad->flags & ADDRESS_FLAG_NOT) {
659  DetectAddress *ad2 = NULL;
660 
661  if (DetectAddressCutNot(ad, &ad2) < 0) {
662  SCLogDebug("DetectAddressCutNot failed");
663  DetectAddressFree(ad);
664  return -1;
665  }
666 
667  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
668  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
669  if (ad2 != NULL) {
670  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
671  SCLogDebug("DetectAddressInsert failed");
672  DetectAddressFree(ad);
673  DetectAddressFree(ad2);
674  return -1;
675  }
676  }
677  }
678 
679  int r = DetectAddressInsert(NULL, gh, ad);
680  if (r < 0) {
681  SCLogDebug("DetectAddressInsert failed");
682  DetectAddressFree(ad);
683  return -1;
684  }
685  SCLogDebug("r %d",r);
686  return 0;
687 }
688 
689 /**
690  * \brief Parses an address string and updates the 2 address heads with the
691  * address data.
692  *
693  * Note that this function should only be called by the wrapping function
694  * DetectAddressParse2. The wrapping function provides long address handling
695  * when the address size exceeds a threshold value.
696  *
697  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
698  * since we pass around negate without keeping a count of ! with depth.
699  * Can solve this by keeping a count of the negations with depth, so that
700  * an even no of negations would count as no negation and an odd no of
701  * negations would count as a negation.
702  *
703  * \param gh Pointer to the address head that should hold address ranges
704  * that are not negated.
705  * \param ghn Pointer to the address head that should hold address ranges
706  * that are negated.
707  * \param s Pointer to the character string holding the address to be
708  * parsed.
709  * \param negate Flag that indicates if the received address string is negated
710  * or not. 0 if it is not, 1 it it is.
711  *
712  * \retval 0 On successfully parsing.
713  * \retval -1 On failure.
714  */
715 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
716  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
717  int recur, char *address, size_t address_length)
718 {
719  size_t x = 0;
720  size_t u = 0;
721  int o_set = 0, n_set = 0, d_set = 0;
722  int depth = 0;
723  const char *rule_var_address = NULL;
724  char *temp_rule_var_address = NULL;
725 
726  if (++recur > 64) {
727  SCLogError("address block recursion "
728  "limit reached (max 64)");
729  goto error;
730  }
731 
732  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
733 
734  size_t size = strlen(s);
735  for (u = 0, x = 0; u < size && x < address_length; u++) {
736  if (x == (address_length - 1)) {
737  SCLogError("Hit the address buffer"
738  " limit for the supplied address. Invalidating sig. "
739  "Please file a bug report on this.");
740  goto error;
741  }
742  address[x] = s[u];
743  x++;
744 
745  if (!o_set && s[u] == '!') {
746  n_set = 1;
747  x--;
748  } else if (s[u] == '[') {
749  if (!o_set) {
750  o_set = 1;
751  x = 0;
752  }
753  depth++;
754  } else if (s[u] == ']') {
755  if (depth == 1) {
756  address[x - 1] = '\0';
757  x = 0;
758  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
759  if (((negate + n_set) % 2) == 0) {
760  /* normal block */
761  SCLogDebug("normal block");
762 
763  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
764  goto error;
765  } else {
766  /* negated block
767  *
768  * Extra steps are necessary. First consider it as a normal
769  * (non-negated) range. Merge the + and - ranges if
770  * applicable. Then insert the result into the ghn list. */
771  SCLogDebug("negated block");
772 
773  DetectAddressHead tmp_gh = { NULL, NULL };
774  DetectAddressHead tmp_ghn = { NULL, NULL };
775 
776  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
777  DetectAddressHeadCleanup(&tmp_gh);
778  DetectAddressHeadCleanup(&tmp_ghn);
779  goto error;
780  }
781 
782  DetectAddress *tmp_ad;
783  DetectAddress *tmp_ad2;
784 #ifdef DEBUG
785  SCLogDebug("tmp_gh: IPv4");
786  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
787  DetectAddressPrint(tmp_ad);
788  }
789  SCLogDebug("tmp_ghn: IPv4");
790  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
791  DetectAddressPrint(tmp_ad);
792  }
793  SCLogDebug("tmp_gh: IPv6");
794  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
795  DetectAddressPrint(tmp_ad);
796  }
797  SCLogDebug("tmp_ghn: IPv6");
798  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
799  DetectAddressPrint(tmp_ad);
800  }
801 #endif
802  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
803  DetectAddressHeadCleanup(&tmp_ghn);
804  DetectAddressHeadCleanup(&tmp_gh);
805  goto error;
806  }
807  DetectAddressHeadCleanup(&tmp_ghn);
808 
809  SCLogDebug("merged successfully");
810 
811  /* insert the IPv4 addresses into the negated list */
812  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
813  /* work with a copy of the address group */
814  tmp_ad2 = DetectAddressCopy(tmp_ad);
815  if (tmp_ad2 == NULL) {
816  SCLogDebug("DetectAddressCopy failed");
817  DetectAddressHeadCleanup(&tmp_gh);
818  goto error;
819  }
820  DetectAddressPrint(tmp_ad2);
821  DetectAddressInsert(NULL, ghn, tmp_ad2);
822  }
823 
824  /* insert the IPv6 addresses into the negated list */
825  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
826  /* work with a copy of the address group */
827  tmp_ad2 = DetectAddressCopy(tmp_ad);
828  if (tmp_ad2 == NULL) {
829  SCLogDebug("DetectAddressCopy failed");
830  DetectAddressHeadCleanup(&tmp_gh);
831  goto error;
832  }
833  DetectAddressPrint(tmp_ad2);
834  DetectAddressInsert(NULL, ghn, tmp_ad2);
835  }
836 
837  DetectAddressHeadCleanup(&tmp_gh);
838  }
839  n_set = 0;
840  }
841  depth--;
842  } else if (depth == 0 && s[u] == ',') {
843  if (o_set == 1) {
844  o_set = 0;
845  } else if (d_set == 1) {
846  address[x - 1] = '\0';
847 
848  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
850  if (rule_var_address == NULL)
851  goto error;
852 
853  if (strlen(rule_var_address) == 0) {
854  SCLogError("variable %s resolved "
855  "to nothing. This is likely a misconfiguration. "
856  "Note that a negated address needs to be quoted, "
857  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
858  s);
859  goto error;
860  }
861 
862  SCLogDebug("rule_var_address %s", rule_var_address);
863  if ((negate + n_set) % 2) {
864  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
865  if (unlikely(temp_rule_var_address == NULL))
866  goto error;
867  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
868  "[%s]", rule_var_address);
869  } else {
870  temp_rule_var_address = SCStrdup(rule_var_address);
871  if (unlikely(temp_rule_var_address == NULL))
872  goto error;
873  }
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
876  (negate + n_set) % 2, var_list, recur) < 0) {
877  if (temp_rule_var_address != rule_var_address)
878  SCFree(temp_rule_var_address);
879  goto error;
880  }
881  d_set = 0;
882  n_set = 0;
883  SCFree(temp_rule_var_address);
884  } else {
885  address[x - 1] = '\0';
886 
887  if (!((negate + n_set) % 2)) {
888  SCLogDebug("DetectAddressSetup into gh, %s", address);
889  if (DetectAddressSetup(gh, address) < 0)
890  goto error;
891  } else {
892  SCLogDebug("DetectAddressSetup into ghn, %s", address);
893  if (DetectAddressSetup(ghn, address) < 0)
894  goto error;
895  }
896  n_set = 0;
897  }
898  x = 0;
899  } else if (depth == 0 && s[u] == '$') {
900  d_set = 1;
901  } else if (depth == 0 && u == size - 1) {
902  if (x == address_length) {
903  address[x - 1] = '\0';
904  } else {
905  address[x] = '\0';
906  }
907  x = 0;
908 
909  if (AddVariableToResolveList(var_list, address) == -1) {
910  SCLogError("Found a loop in a address "
911  "groups declaration. This is likely a misconfiguration.");
912  goto error;
913  }
914 
915  if (d_set == 1) {
916  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
918  if (rule_var_address == NULL)
919  goto error;
920 
921  if (strlen(rule_var_address) == 0) {
922  SCLogError("variable %s resolved "
923  "to nothing. This is likely a misconfiguration. "
924  "Note that a negated address needs to be quoted, "
925  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
926  s);
927  goto error;
928  }
929 
930  SCLogDebug("rule_var_address %s", rule_var_address);
931  if ((negate + n_set) % 2) {
932  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
933  if (unlikely(temp_rule_var_address == NULL))
934  goto error;
935  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
936  "[%s]", rule_var_address);
937  } else {
938  temp_rule_var_address = SCStrdup(rule_var_address);
939  if (unlikely(temp_rule_var_address == NULL))
940  goto error;
941  }
942 
943  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
944  (negate + n_set) % 2, var_list, recur) < 0) {
945  SCLogDebug("DetectAddressParse2 hates us");
946  if (temp_rule_var_address != rule_var_address)
947  SCFree(temp_rule_var_address);
948  goto error;
949  }
950  d_set = 0;
951  SCFree(temp_rule_var_address);
952  } else {
953  if (!((negate + n_set) % 2)) {
954  SCLogDebug("DetectAddressSetup into gh, %s", address);
955  if (DetectAddressSetup(gh, address) < 0) {
956  SCLogDebug("DetectAddressSetup gh fail");
957  goto error;
958  }
959  } else {
960  SCLogDebug("DetectAddressSetup into ghn, %s", address);
961  if (DetectAddressSetup(ghn, address) < 0) {
962  SCLogDebug("DetectAddressSetup ghn fail");
963  goto error;
964  }
965  }
966  }
967  n_set = 0;
968  }
969  }
970  if (depth > 0) {
971  SCLogError("not every address block was "
972  "properly closed in \"%s\", %d missing closing brackets (]). "
973  "Note: problem might be in a variable.",
974  s, depth);
975  goto error;
976  } else if (depth < 0) {
977  SCLogError("not every address block was "
978  "properly opened in \"%s\", %d missing opening brackets ([). "
979  "Note: problem might be in a variable.",
980  s, depth * -1);
981  goto error;
982  }
983 
984  return 0;
985 
986 error:
987 
988  return -1;
989 }
990 
991 /**
992  * \internal
993  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
994  *
995  * \retval Return value from DetectAddressParseInternal
996  */
997 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
998  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
999  int recur)
1000 {
1001  int rc;
1002 #define MAX_ADDRESS_LENGTH 8192
1003 
1004  size_t address_length = strlen(s);
1005  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1006  char *address = SCCalloc(1, address_length);
1007  if (address == NULL) {
1008  SCLogError("Unable to allocate"
1009  " memory for address parsing.");
1010  return -1;
1011  }
1012  rc = DetectAddressParseInternal(
1013  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1014  SCFree(address);
1015  } else {
1016  char address[MAX_ADDRESS_LENGTH] = "";
1017  rc = DetectAddressParseInternal(
1018  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1019  }
1020  return rc;
1021 }
1022 
1023 /**
1024  * \internal
1025  * \brief See if the addresses and ranges in an address head cover the
1026  * entire ip space.
1027  *
1028  * \param gh Pointer to the DetectAddressHead to check.
1029  *
1030  * \retval 0 No.
1031  * \retval 1 Yes.
1032  *
1033  * \todo do the same for IPv6
1034  */
1035 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1036 {
1038  if (r == 1)
1039  return 1;
1040 
1041  return 0;
1042 }
1043 
1044 /**
1045  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1046  *
1047  * \param gh Pointer to the address head containing the non-NOT groups.
1048  * \param ghn Pointer to the address head containing the NOT groups.
1049  *
1050  * \retval 0 On success.
1051  * \retval -1 On failure.
1052  */
1054 {
1055  DetectAddress *ad;
1056  DetectAddress *ag, *ag2;
1057  int r = 0;
1058 
1059  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1060  ghn->ipv4_head);
1061 
1062  /* check if the negated list covers the entire ip space. If so
1063  * the user screwed up the rules/vars. */
1064  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1065  SCLogError("Complete IP space negated. "
1066  "Rule address range is NIL. Probably have a !any or "
1067  "an address range that supplies a NULL address range");
1068  goto error;
1069  }
1070 
1071  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1072  * not thingy. In that case we add a 0.0.0.0/0 first. */
1073  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1074  r = DetectAddressSetup(gh, "0.0.0.0/0");
1075  if (r < 0) {
1076  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1077  goto error;
1078  }
1079  }
1080  /* ... or ::/0 for ipv6 */
1081  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1082  r = DetectAddressSetup(gh, "::/0");
1083  if (r < 0) {
1084  SCLogDebug("DetectAddressSetup for ::/0 failed");
1085  goto error;
1086  }
1087  }
1088 
1089  /* step 1: insert our ghn members into the gh list */
1090  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1091  /* work with a copy of the ad so we can easily clean up the ghn group
1092  * later. */
1093  ad = DetectAddressCopy(ag);
1094  if (ad == NULL) {
1095  SCLogDebug("DetectAddressCopy failed");
1096  goto error;
1097  }
1098 
1099  r = DetectAddressInsert(NULL, gh, ad);
1100  if (r < 0) {
1101  SCLogDebug("DetectAddressInsert failed");
1102  goto error;
1103  }
1104  }
1105  /* ... and the same for ipv6 */
1106  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1107  /* work with a copy of the ad so we can easily clean up the ghn group
1108  * later. */
1109  ad = DetectAddressCopy(ag);
1110  if (ad == NULL) {
1111  SCLogDebug("DetectAddressCopy failed");
1112  goto error;
1113  }
1114 
1115  r = DetectAddressInsert(NULL, gh, ad);
1116  if (r < 0) {
1117  SCLogDebug("DetectAddressInsert failed");
1118  goto error;
1119  }
1120  }
1121 #ifdef DEBUG
1122  DetectAddress *tmp_ad;
1123  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1124  DetectAddressPrint(tmp_ad);
1125  }
1126 #endif
1127  int ipv4_applied = 0;
1128  int ipv6_applied = 0;
1129 
1130  /* step 2: pull the address blocks that match our 'not' blocks */
1131  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1132  SCLogDebug("ag %p", ag);
1133  DetectAddressPrint(ag);
1134 
1135  int applied = 0;
1136  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1137  SCLogDebug("ag2 %p", ag2);
1138  DetectAddressPrint(ag2);
1139 
1140  r = DetectAddressCmp(ag, ag2);
1141  /* XXX more ??? */
1142  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1143  if (ag2->prev != NULL)
1144  ag2->prev->next = ag2->next;
1145  if (ag2->next != NULL)
1146  ag2->next->prev = ag2->prev;
1147  if (gh->ipv4_head == ag2)
1148  gh->ipv4_head = ag2->next;
1149  /* store the next ptr and remove the group */
1150  DetectAddress *next_ag2 = ag2->next;
1151  DetectAddressFree(ag2);
1152  ag2 = next_ag2;
1153  applied = 1;
1154  } else {
1155  ag2 = ag2->next;
1156  }
1157  }
1158 
1159  if (applied) {
1160  ipv4_applied++;
1161  }
1162  }
1163  /* ... and the same for ipv6 */
1164  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1165  int applied = 0;
1166  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1167  r = DetectAddressCmp(ag, ag2);
1168  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1169  if (ag2->prev != NULL)
1170  ag2->prev->next = ag2->next;
1171  if (ag2->next != NULL)
1172  ag2->next->prev = ag2->prev;
1173  if (gh->ipv6_head == ag2)
1174  gh->ipv6_head = ag2->next;
1175  /* store the next ptr and remove the group */
1176  DetectAddress *next_ag2 = ag2->next;
1177  DetectAddressFree(ag2);
1178  ag2 = next_ag2;
1179 
1180  SCLogDebug("applied");
1181  applied = 1;
1182  } else {
1183  ag2 = ag2->next;
1184  }
1185  }
1186  if (applied) {
1187  ipv6_applied++;
1188  }
1189  }
1190 #ifdef DEBUG
1191  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1192  DetectAddressPrint(tmp_ad);
1193  }
1194  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1195  DetectAddressPrint(tmp_ad);
1196  }
1197 #endif
1198  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1199  int cnt = 0;
1200  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1201  cnt++;
1202 
1203  if (ipv4_applied != cnt) {
1204  SCLogError("not all IPv4 negations "
1205  "could be applied: %d != %d",
1206  cnt, ipv4_applied);
1207  goto error;
1208  }
1209 
1210  cnt = 0;
1211  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1212  cnt++;
1213 
1214  if (ipv6_applied != cnt) {
1215  SCLogError("not all IPv6 negations "
1216  "could be applied: %d != %d",
1217  cnt, ipv6_applied);
1218  goto error;
1219  }
1220  }
1221 
1222  /* if the result is that we have no addresses we return error */
1223  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1224  SCLogError("no addresses left after "
1225  "merging addresses and negated addresses");
1226  goto error;
1227  }
1228 
1229  return 0;
1230 
1231 error:
1232  return -1;
1233 }
1234 
1236 {
1237  SCLogDebug("Testing address conf vars for any misconfigured values");
1238 
1239  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1240 
1241  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1242  if (address_vars_node == NULL) {
1243  return 0;
1244  }
1245 
1246  DetectAddressHead *gh = NULL;
1247  DetectAddressHead *ghn = NULL;
1248 
1249  ConfNode *seq_node;
1250  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1251  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1252 
1253  gh = DetectAddressHeadInit();
1254  if (gh == NULL) {
1255  goto error;
1256  }
1257  ghn = DetectAddressHeadInit();
1258  if (ghn == NULL) {
1259  goto error;
1260  }
1261 
1262  if (seq_node->val == NULL) {
1263  SCLogError("Address var \"%s\" probably has a sequence(something "
1264  "in brackets) value set without any quotes. Please "
1265  "quote it using \"..\".",
1266  seq_node->name);
1267  goto error;
1268  }
1269 
1270  int r = DetectAddressParse2(
1271  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1272 
1273  CleanVariableResolveList(&var_list);
1274 
1275  if (r < 0) {
1276  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1277  "Please check its syntax",
1278  seq_node->name, seq_node->val);
1279  goto error;
1280  }
1281 
1282  if (DetectAddressIsCompleteIPSpace(ghn)) {
1283  SCLogError("address var - \"%s\" has the complete IP space negated "
1284  "with its value \"%s\". Rule address range is NIL. "
1285  "Probably have a !any or an address range that supplies "
1286  "a NULL address range",
1287  seq_node->name, seq_node->val);
1288  goto error;
1289  }
1290 
1291  DetectAddressHeadFree(gh);
1292  DetectAddressHeadFree(ghn);
1293  ghn = NULL;
1294  }
1295 
1296  return 0;
1297  error:
1298  if (gh != NULL)
1299  DetectAddressHeadFree(gh);
1300  if (ghn != NULL)
1301  DetectAddressHeadFree(ghn);
1302  return -1;
1303 }
1304 
1305 #include "util-hash-lookup3.h"
1306 
1307 typedef struct DetectAddressMap_ {
1308  char *string;
1312 
1313 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1314 {
1315  const DetectAddressMap *map = (DetectAddressMap *)data;
1316  uint32_t hash = 0;
1317 
1318  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1319  hash %= ht->array_size;
1320 
1321  return hash;
1322 }
1323 
1324 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1325  uint16_t len2)
1326 {
1327  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1328  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1329 
1330  char r = (strcmp(map1->string, map2->string) == 0);
1331  return r;
1332 }
1333 
1334 static void DetectAddressMapFreeFunc(void *data)
1335 {
1336  DetectAddressMap *map = (DetectAddressMap *)data;
1337  if (map != NULL) {
1338  DetectAddressHeadFree(map->address);
1339  SCFree(map->string);
1340  }
1341  SCFree(map);
1342 }
1343 
1345 {
1346  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1347  DetectAddressMapCompareFunc,
1348  DetectAddressMapFreeFunc);
1349  if (de_ctx->address_table == NULL)
1350  return -1;
1351 
1352  return 0;
1353 }
1354 
1356 {
1357  if (de_ctx->address_table == NULL)
1358  return;
1359 
1361  de_ctx->address_table = NULL;
1362  return;
1363 }
1364 
1365 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1366  DetectAddressHead *address, bool contains_negation)
1367 {
1368  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1369  if (map == NULL)
1370  return false;
1371 
1372  map->string = SCStrdup(string);
1373  if (map->string == NULL) {
1374  SCFree(map);
1375  return false;
1376  }
1377  map->address = address;
1378  map->contains_negation = contains_negation;
1379 
1380  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1381  SCFree(map->string);
1382  SCFree(map);
1383  return false;
1384  }
1385 
1386  return true;
1387 }
1388 
1389 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1390  const char *string)
1391 {
1392  DetectAddressMap map = { (char *)string, NULL, false };
1393 
1395  &map, 0);
1396  return res;
1397 }
1398 
1399 /**
1400  * \brief Parses an address group sent as a character string and updates the
1401  * DetectAddressHead sent as the argument with the relevant address
1402  * ranges from the parsed string.
1403  *
1404  * \param de_ctx Pointer to the detection engine context
1405  * \param gh Pointer to the DetectAddressHead.
1406  * \param str Pointer to the character string containing the address group
1407  * that has to be parsed.
1408  *
1409  * \retval 1 On success. Contained negation.
1410  * \retval 0 On success. Did not contain negation.
1411  * \retval -1 On failure.
1412  */
1414  DetectAddressHead *gh, const char *str)
1415 {
1416  SCLogDebug("gh %p, str %s", gh, str);
1417 
1418  if (str == NULL) {
1419  SCLogDebug("DetectAddressParse can not be run with NULL address");
1420  return -1;
1421  }
1422 
1423  DetectAddressHead *ghn = DetectAddressHeadInit();
1424  if (ghn == NULL) {
1425  SCLogDebug("DetectAddressHeadInit for ghn failed");
1426  return -1;
1427  }
1428 
1429  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1430  if (r < 0) {
1431  SCLogDebug("DetectAddressParse2 returned %d", r);
1432  DetectAddressHeadFree(ghn);
1433  return -1;
1434  }
1435 
1436  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1437  ghn->ipv4_head);
1438 
1439  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1440 
1441  /* merge the 'not' address groups */
1442  if (DetectAddressMergeNot(gh, ghn) < 0) {
1443  SCLogDebug("DetectAddressMergeNot failed");
1444  DetectAddressHeadFree(ghn);
1445  return -1;
1446  }
1447 
1448  /* free the temp negate head */
1449  DetectAddressHeadFree(ghn);
1450  return contains_negation ? 1 : 0;
1451 }
1452 
1454  const char *string, bool *contains_negation)
1455 {
1456  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1457  if (res != NULL) {
1458  SCLogDebug("found: %s :: %p", string, res);
1459  *contains_negation = res->contains_negation;
1460  return res->address;
1461  }
1462 
1463  SCLogDebug("%s not found", string);
1464 
1465  DetectAddressHead *head = DetectAddressHeadInit();
1466  if (head == NULL)
1467  return NULL;
1468 
1469  const int r = DetectAddressParse(de_ctx, head, string);
1470  if (r < 0) {
1471  DetectAddressHeadFree(head);
1472  return NULL;
1473  } else if (r == 1) {
1474  *contains_negation = true;
1475  } else {
1476  *contains_negation = false;
1477  }
1478 
1479  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1480  DetectAddressHeadFree(head);
1481  return NULL;
1482  }
1483 
1484  return head;
1485 }
1486 
1487 /**
1488  * \brief Cleans a DetectAddressHead. The functions frees the address
1489  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1490  * instance.
1491  *
1492  * \param gh Pointer to the DetectAddressHead instance that has to be
1493  * cleaned.
1494  */
1496 {
1497  if (gh != NULL) {
1498  if (gh->ipv4_head != NULL) {
1499  DetectAddressCleanupList(gh->ipv4_head);
1500  gh->ipv4_head = NULL;
1501  }
1502  if (gh->ipv6_head != NULL) {
1503  DetectAddressCleanupList(gh->ipv6_head);
1504  gh->ipv6_head = NULL;
1505  }
1506  }
1507 
1508  return;
1509 }
1510 
1511 /**
1512  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1513  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1514  * explanations on what these functions do.
1515  *
1516  * \param de_ctx Pointer to the DetectEngineCtx.
1517  * \param a Pointer to the first address to be cut.
1518  * \param b Pointer to the second address to be cut.
1519  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1520  * ranges from a and b, demand a third address range.
1521  *
1522  * \retval 0 On success.
1523  * \retval -1 On failure.
1524  */
1525 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1526  DetectAddress *b, DetectAddress **c)
1527 {
1528  if (a->ip.family == AF_INET)
1529  return DetectAddressCutIPv4(de_ctx, a, b, c);
1530  else if (a->ip.family == AF_INET6)
1531  return DetectAddressCutIPv6(de_ctx, a, b, c);
1532 
1533  return -1;
1534 }
1535 
1536 /**
1537  * \brief Cuts a negated address range with respect to the entire ip range, and
1538  * supplies with the address range that doesn't belong to the negated
1539  * address range.
1540  *
1541  * There are 2 cases here -
1542  *
1543  * The first case includes the address being located at the extreme ends
1544  * of the ip space, in which we get a single range.
1545  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1546  *
1547  * The second case includes the address not present at either of the
1548  * ip space extremes, in which case we get 2 ranges. The second range
1549  * would be supplied back with the argument "b" supplied to this function.
1550  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1551  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1552  *
1553  * The above negation cases can similarly be extended to ranges, i.e.
1554  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1555  * ![10.20.30.40 - 10.20.30.50].
1556  *
1557  *
1558  * \param a Pointer to the DetectAddressData instance, that contains the negated
1559  * address range that has to be cut.
1560  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1561  * filled with the address range, if the argument "a", doesn't fall at
1562  * the extreme ends of the ip address space.
1563  *
1564  * \retval 0 On success.
1565  * \retval -1 On failure.
1566  */
1567 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1568 {
1569  if (a->ip.family == AF_INET)
1570  return DetectAddressCutNotIPv4(a, b);
1571  else if (a->ip.family == AF_INET6)
1572  return DetectAddressCutNotIPv6(a, b);
1573 
1574  return -1;
1575 }
1576 
1577 /**
1578  * \brief Used to compare 2 address ranges.
1579  *
1580  * \param a Pointer to the first DetectAddressData to be compared.
1581  * \param b Pointer to the second DetectAddressData to be compared.
1582  */
1584 {
1585  if (a->ip.family != b->ip.family)
1586  return ADDRESS_ER;
1587 
1588  if (a->ip.family == AF_INET)
1589  return DetectAddressCmpIPv4(a, b);
1590  else if (a->ip.family == AF_INET6)
1591  return DetectAddressCmpIPv6(a, b);
1592 
1593  return ADDRESS_ER;
1594 }
1595 
1596 /**
1597  * \brief Match a packets address against a signatures addrs array
1598  *
1599  * \param addrs array of DetectMatchAddressIPv4's
1600  * \param addrs_cnt array size in members
1601  * \param a packets address
1602  *
1603  * \retval 0 no match
1604  * \retval 1 match
1605  *
1606  * \note addresses in addrs are in host order
1607  *
1608  * \todo array should be ordered, so we can break out of the loop
1609  */
1611  uint16_t addrs_cnt, const Address *a)
1612 {
1613  SCEnter();
1614 
1615  if (addrs == NULL || addrs_cnt == 0) {
1616  SCReturnInt(0);
1617  }
1618 
1619  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1620  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1621  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1622  SCReturnInt(1);
1623  }
1624  }
1625 
1626  SCReturnInt(0);
1627 }
1628 
1629 /**
1630  * \brief Match a packets address against a signatures addrs array
1631  *
1632  * \param addrs array of DetectMatchAddressIPv6's
1633  * \param addrs_cnt array size in members
1634  * \param a packets address
1635  *
1636  * \retval 0 no match
1637  * \retval 1 match
1638  *
1639  * \note addresses in addrs are in host order
1640  *
1641  * \todo array should be ordered, so we can break out of the loop
1642  */
1644  uint16_t addrs_cnt, const Address *a)
1645 {
1646  SCEnter();
1647 
1648  if (addrs == NULL || addrs_cnt == 0) {
1649  SCReturnInt(0);
1650  }
1651 
1652  uint32_t match_addr[4];
1653  match_addr[0] = SCNtohl(a->addr_data32[0]);
1654  match_addr[1] = SCNtohl(a->addr_data32[1]);
1655  match_addr[2] = SCNtohl(a->addr_data32[2]);
1656  match_addr[3] = SCNtohl(a->addr_data32[3]);
1657 
1658  /* See if the packet address is within the range of any entry in the
1659  * signature's address match array.
1660  */
1661  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1662  uint16_t result1 = 0, result2 = 0;
1663 
1664  /* See if packet address equals either limit. Return 1 if true. */
1665  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1666  SCReturnInt(1);
1667  }
1668  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1669  SCReturnInt(1);
1670  }
1671 
1672  /* See if packet address is greater than lower limit
1673  * of the current signature address match pair.
1674  */
1675  for (int i = 0; i < 4; i++) {
1676  if (match_addr[i] > addrs[idx].ip[i]) {
1677  result1 = 1;
1678  break;
1679  }
1680  if (match_addr[i] < addrs[idx].ip[i]) {
1681  result1 = 0;
1682  break;
1683  }
1684  }
1685 
1686  /* If not greater than lower limit, try next address match entry */
1687  if (result1 == 0)
1688  continue;
1689 
1690  /* See if packet address is less than upper limit
1691  * of the current signature address match pair.
1692  */
1693  for (int i = 0; i < 4; i++) {
1694  if (match_addr[i] < addrs[idx].ip2[i]) {
1695  result2 = 1;
1696  break;
1697  }
1698  if (match_addr[i] > addrs[idx].ip2[i]) {
1699  result2 = 0;
1700  break;
1701  }
1702  }
1703 
1704  /* Return a match if packet address is between the two
1705  * signature address match limits.
1706  */
1707  if (result1 == 1 && result2 == 1)
1708  SCReturnInt(1);
1709  }
1710 
1711  SCReturnInt(0);
1712 }
1713 
1714 /**
1715  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1716  * range in the DetectAddress instance.
1717  *
1718  * We basically check that the address falls in between the address
1719  * range in DetectAddress.
1720  *
1721  * \param dd Pointer to the DetectAddress instance.
1722  * \param a Pointer to an Address instance.
1723  *
1724  * \param 1 On a match.
1725  * \param 0 On no match.
1726  */
1727 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1728 {
1729  SCEnter();
1730 
1731  if (dd->ip.family != a->family) {
1732  SCReturnInt(0);
1733  }
1734 
1735  //DetectAddressPrint(dd);
1736  //AddressDebugPrint(a);
1737 
1738  switch (a->family) {
1739  case AF_INET:
1740 
1741  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1742  * Address inside DetectAddressData we can do uint8_t checks */
1743  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1744  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1745  {
1746  SCReturnInt(1);
1747  } else {
1748  SCReturnInt(0);
1749  }
1750 
1751  break;
1752  case AF_INET6:
1753  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1754  AddressIPv6Le(a, &dd->ip2) == 1)
1755  {
1756  SCReturnInt(1);
1757  } else {
1758  SCReturnInt(0);
1759  }
1760 
1761  break;
1762  default:
1763  SCLogDebug("What other address type can we have :-/");
1764  break;
1765  }
1766 
1767  SCReturnInt(0);
1768 }
1769 
1770 #ifdef DEBUG
1771 /**
1772  * \brief Prints the address data held by the DetectAddress. If the address
1773  * data family is IPv4, we print the ipv4 address and mask, and
1774  * if the address data family is IPv6, we print the ipv6 address and
1775  * mask.
1776  *
1777  * \param ad Pointer to the DetectAddress instance to be printed.
1778  */
1779 static void DetectAddressPrint(DetectAddress *gr)
1780 {
1781  if (gr == NULL)
1782  return;
1783 
1784  if (gr->ip.family == AF_INET) {
1785  struct in_addr in;
1786  char ip[16], mask[16];
1787 
1788  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1789  PrintInet(AF_INET, &in, ip, sizeof(ip));
1790  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1791  PrintInet(AF_INET, &in, mask, sizeof(mask));
1792 
1793  SCLogDebug("%s/%s", ip, mask);
1794 // printf("%s/%s", ip, mask);
1795  } else if (gr->ip.family == AF_INET6) {
1796  struct in6_addr in6;
1797  char ip[66], mask[66];
1798 
1799  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1800  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1801  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1802  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1803 
1804  SCLogDebug("%s/%s", ip, mask);
1805 // printf("%s/%s", ip, mask);
1806  }
1807 
1808  return;
1809 }
1810 #endif
1811 
1812 /**
1813  * \brief Find the group matching address in a group head.
1814  *
1815  * \param gh Pointer to the address group head(DetectAddressHead instance).
1816  * \param a Pointer to an Address instance.
1817  *
1818  * \retval g On success pointer to an DetectAddress if we find a match
1819  * for the Address "a", in the DetectAddressHead "gh".
1820  */
1822 {
1823  SCEnter();
1824 
1825  DetectAddress *g = NULL;
1826 
1827  if (gh == NULL) {
1828  SCReturnPtr(NULL, "DetectAddress");
1829  }
1830 
1831  /* XXX should we really do this check every time we run this function? */
1832  if (a->family == AF_INET) {
1833  SCLogDebug("IPv4");
1834  g = gh->ipv4_head;
1835  } else if (a->family == AF_INET6) {
1836  SCLogDebug("IPv6");
1837  g = gh->ipv6_head;
1838  }
1839 
1840  for ( ; g != NULL; g = g->next) {
1841  if (DetectAddressMatch(g,a) == 1) {
1842  SCReturnPtr(g, "DetectAddress");
1843  }
1844  }
1845 
1846  SCReturnPtr(NULL, "DetectAddress");
1847 }
1848 
1849 /********************************Unittests*************************************/
1850 
1851 #ifdef UNITTESTS
1852 
1853 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1854 {
1855  char str1[46] = "", str2[46] = "";
1856 
1857  if (ad == NULL)
1858  return false;
1859 
1860  switch(ad->ip.family) {
1861  case AF_INET:
1862  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1863  SCLogDebug("%s", str1);
1864  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1865  SCLogDebug("%s", str2);
1866 
1867  if (strcmp(str1, one) != 0) {
1868  SCLogInfo("%s != %s", str1, one);
1869  return false;
1870  }
1871 
1872  if (strcmp(str2, two) != 0) {
1873  SCLogInfo("%s != %s", str2, two);
1874  return false;
1875  }
1876 
1877  return true;
1878  break;
1879 
1880  case AF_INET6:
1881  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1882  SCLogDebug("%s", str1);
1883  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1884  SCLogDebug("%s", str2);
1885 
1886  if (strcmp(str1, one) != 0) {
1887  SCLogInfo("%s != %s", str1, one);
1888  return false;
1889  }
1890 
1891  if (strcmp(str2, two) != 0) {
1892  SCLogInfo("%s != %s", str2, two);
1893  return false;
1894  }
1895 
1896  return true;
1897  break;
1898  }
1899 
1900  return false;
1901 }
1902 
1904  const char *one;
1905  const char *two;
1907 
1908 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1909 {
1910  int expect = nranges;
1911  int have = 0;
1912 
1913  if (gh == NULL)
1914  return false;
1915 
1916  DetectAddress *ad = NULL;
1917  ad = gh->ipv4_head;
1918  if (ad == NULL)
1919  ad = gh->ipv6_head;
1920  while (have < expect) {
1921  if (ad == NULL) {
1922  printf("bad head: have %d ranges, expected %d: ", have, expect);
1923  return false;
1924  }
1925 
1926  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1927  return false;
1928 
1929  ad = ad->next;
1930  have++;
1931  }
1932 
1933  return true;
1934 }
1935 
1936 static int AddressTestParse01(void)
1937 {
1938  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1939 
1940  if (dd) {
1941  DetectAddressFree(dd);
1942  return 1;
1943  }
1944 
1945  return 0;
1946 }
1947 
1948 static int AddressTestParse02(void)
1949 {
1950  int result = 1;
1951  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1952 
1953  if (dd) {
1954  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1955  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1956  result = 0;
1957  }
1958 
1959  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1960  DetectAddressFree(dd);
1961  return result;
1962  }
1963 
1964  return 0;
1965 }
1966 
1967 static int AddressTestParse03(void)
1968 {
1969  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1970 
1971  if (dd) {
1972  DetectAddressFree(dd);
1973  return 1;
1974  }
1975 
1976  return 0;
1977 }
1978 
1979 static int AddressTestParse04(void)
1980 {
1981  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1982  FAIL_IF_NULL(dd);
1983 
1984  char left[16], right[16];
1985  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1986  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1987  SCLogDebug("left %s right %s", left, right);
1988  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1989  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1990  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1991  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1992 
1993  DetectAddressFree(dd);
1994  PASS;
1995 }
1996 
1997 /** \test that address range sets proper start address */
1998 static int AddressTestParse04bug5081(void)
1999 {
2000  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
2001  FAIL_IF_NULL(dd);
2002 
2003  char left[16], right[16];
2004  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
2005  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
2006  SCLogDebug("left %s right %s", left, right);
2007  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
2008  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
2009 
2010  DetectAddressFree(dd);
2011  PASS;
2012 }
2013 
2014 static int AddressTestParse05(void)
2015 {
2016  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2017 
2018  if (dd) {
2019  DetectAddressFree(dd);
2020  return 1;
2021  }
2022 
2023  return 0;
2024 }
2025 
2026 static int AddressTestParse06(void)
2027 {
2028  int result = 1;
2029  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2030 
2031  if (dd) {
2032  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2033  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2034  result = 0;
2035  }
2036 
2037  DetectAddressFree(dd);
2038  return result;
2039  }
2040 
2041  return 0;
2042 }
2043 
2044 static int AddressTestParse07(void)
2045 {
2046  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2047 
2048  if (dd) {
2049  DetectAddressFree(dd);
2050  return 1;
2051  }
2052 
2053  return 0;
2054 }
2055 
2056 static int AddressTestParse08(void)
2057 {
2058  int result = 1;
2059  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2060 
2061  if (dd) {
2062  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2063  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2064 
2065  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2066  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2067  DetectAddressPrint(dd);
2068  result = 0;
2069  }
2070 
2071  DetectAddressFree(dd);
2072  return result;
2073  }
2074 
2075  return 0;
2076 }
2077 
2078 static int AddressTestParse09(void)
2079 {
2080  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2081 
2082  if (dd) {
2083  DetectAddressFree(dd);
2084  return 1;
2085  }
2086 
2087  return 0;
2088 }
2089 
2090 static int AddressTestParse10(void)
2091 {
2092  int result = 1;
2093  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2094 
2095  if (dd) {
2096  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2097  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2098 
2099  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2100  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2101  DetectAddressPrint(dd);
2102  result = 0;
2103  }
2104 
2105  DetectAddressFree(dd);
2106  return result;
2107  }
2108 
2109  return 0;
2110 }
2111 
2112 static int AddressTestParse11(void)
2113 {
2114  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2115 
2116  if (dd) {
2117  DetectAddressFree(dd);
2118  return 1;
2119  }
2120 
2121  return 0;
2122 }
2123 
2124 static int AddressTestParse12(void)
2125 {
2126  int result = 1;
2127  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2128 
2129  if (dd) {
2130  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2131  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2132 
2133  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2134  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2135  DetectAddressPrint(dd);
2136  result = 0;
2137  }
2138 
2139  DetectAddressFree(dd);
2140  return result;
2141  }
2142 
2143  return 0;
2144 }
2145 static int AddressTestParse13(void)
2146 {
2147  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2148 
2149  if (dd) {
2150  DetectAddressFree(dd);
2151  return 1;
2152  }
2153 
2154  return 0;
2155 }
2156 
2157 static int AddressTestParse14(void)
2158 {
2159  int result = 1;
2160  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2161 
2162  if (dd) {
2163  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2164  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2165 
2166  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2167  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2168  result = 0;
2169  }
2170 
2171  DetectAddressFree(dd);
2172  return result;
2173  }
2174 
2175  return 0;
2176 }
2177 
2178 static int AddressTestParse15(void)
2179 {
2180  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2181 
2182  if (dd) {
2183  DetectAddressFree(dd);
2184  return 1;
2185  }
2186 
2187  return 0;
2188 }
2189 
2190 static int AddressTestParse16(void)
2191 {
2192  int result = 1;
2193  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2194 
2195  if (dd) {
2196  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2197  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2198 
2199  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2200  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2201  result = 0;
2202  }
2203 
2204  DetectAddressFree(dd);
2205  return result;
2206  }
2207 
2208  return 0;
2209 }
2210 
2211 static int AddressTestParse17(void)
2212 {
2213  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2214 
2215  if (dd) {
2216  DetectAddressFree(dd);
2217  return 1;
2218  }
2219 
2220  return 0;
2221 }
2222 
2223 static int AddressTestParse18(void)
2224 {
2225  int result = 1;
2226  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2227 
2228  if (dd) {
2229  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2230  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2231  result = 0;
2232  }
2233 
2234  DetectAddressFree(dd);
2235  return result;
2236  }
2237 
2238  return 0;
2239 }
2240 
2241 static int AddressTestParse19(void)
2242 {
2243  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2244 
2245  if (dd) {
2246  DetectAddressFree(dd);
2247  return 0;
2248  }
2249 
2250  return 1;
2251 }
2252 
2253 static int AddressTestParse20(void)
2254 {
2255  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2256 
2257  if (dd) {
2258  DetectAddressFree(dd);
2259  return 1;
2260  }
2261 
2262  return 0;
2263 }
2264 
2265 static int AddressTestParse21(void)
2266 {
2267  int result = 1;
2268  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2269 
2270  if (dd) {
2271  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2272  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2273 
2274  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2275  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2276  result = 0;
2277  }
2278 
2279  DetectAddressFree(dd);
2280  return result;
2281  }
2282 
2283  return 0;
2284 }
2285 
2286 static int AddressTestParse22(void)
2287 {
2288  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2289 
2290  if (dd) {
2291  DetectAddressFree(dd);
2292  return 0;
2293  }
2294 
2295  return 1;
2296 }
2297 
2298 static int AddressTestParse23(void)
2299 {
2300  DetectAddressHead *gh = DetectAddressHeadInit();
2301  FAIL_IF_NULL(gh);
2302  int r = DetectAddressParse(NULL, gh, "any");
2303  FAIL_IF_NOT(r == 0);
2304  DetectAddressHeadFree(gh);
2305  PASS;
2306 }
2307 
2308 static int AddressTestParse24(void)
2309 {
2310  DetectAddressHead *gh = DetectAddressHeadInit();
2311  FAIL_IF_NULL(gh);
2312  int r = DetectAddressParse(NULL, gh, "Any");
2313  FAIL_IF_NOT(r == 0);
2314  DetectAddressHeadFree(gh);
2315  PASS;
2316 }
2317 
2318 static int AddressTestParse25(void)
2319 {
2320  DetectAddressHead *gh = DetectAddressHeadInit();
2321  FAIL_IF_NULL(gh);
2322  int r = DetectAddressParse(NULL, gh, "ANY");
2323  FAIL_IF_NOT(r == 0);
2324  DetectAddressHeadFree(gh);
2325  PASS;
2326 }
2327 
2328 /** \test recursion limit */
2329 static int AddressTestParse26(void)
2330 {
2331  DetectAddressHead *gh = DetectAddressHeadInit();
2332  FAIL_IF_NULL(gh);
2333  /* exactly 64: should pass */
2334  int r = DetectAddressParse(NULL, gh,
2335  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2336  "1.2.3.4"
2337  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2338  );
2339  FAIL_IF_NOT(r == 0);
2340  DetectAddressHeadFree(gh);
2341  gh = DetectAddressHeadInit();
2342  FAIL_IF_NULL(gh);
2343  /* exactly 65: should fail */
2344  r = DetectAddressParse(NULL, gh,
2345  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2346  "1.2.3.4"
2347  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2348  );
2349  FAIL_IF(r == 0);
2350  DetectAddressHeadFree(gh);
2351  PASS;
2352 }
2353 
2354 static int AddressTestParse27(void)
2355 {
2356  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2357 
2358  if (dd) {
2359  DetectAddressFree(dd);
2360  return 1;
2361  }
2362 
2363  return 0;
2364 }
2365 
2366 static int AddressTestParse28(void)
2367 {
2368  int result = 0;
2369  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2370 
2371  if (dd) {
2372  if (dd->flags & ADDRESS_FLAG_NOT &&
2373  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2374  result = 1;
2375  }
2376 
2377  DetectAddressFree(dd);
2378  return result;
2379  }
2380 
2381  return 0;
2382 }
2383 
2384 static int AddressTestParse29(void)
2385 {
2386  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2387 
2388  if (dd) {
2389  DetectAddressFree(dd);
2390  return 1;
2391  }
2392 
2393  return 0;
2394 }
2395 
2396 static int AddressTestParse30(void)
2397 {
2398  int result = 0;
2399  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2400 
2401  if (dd) {
2402  if (dd->flags & ADDRESS_FLAG_NOT &&
2403  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2404  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2405  result = 1;
2406  }
2407 
2408  DetectAddressFree(dd);
2409  return result;
2410  }
2411 
2412  return 0;
2413 }
2414 
2415 /**
2416  * \test make sure !any is rejected
2417  */
2418 static int AddressTestParse31(void)
2419 {
2420  DetectAddress *dd = DetectAddressParseSingle("!any");
2421 
2422  if (dd) {
2423  DetectAddressFree(dd);
2424  return 0;
2425  }
2426 
2427  return 1;
2428 }
2429 
2430 static int AddressTestParse32(void)
2431 {
2432  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2433 
2434  if (dd) {
2435  DetectAddressFree(dd);
2436  return 1;
2437  }
2438 
2439  return 0;
2440 }
2441 
2442 static int AddressTestParse33(void)
2443 {
2444  int result = 0;
2445  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2446 
2447  if (dd) {
2448  if (dd->flags & ADDRESS_FLAG_NOT &&
2449  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2450  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2451  result = 1;
2452  }
2453 
2454  DetectAddressFree(dd);
2455  return result;
2456  }
2457 
2458  return 0;
2459 }
2460 
2461 static int AddressTestParse34(void)
2462 {
2463  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2464 
2465  if (dd) {
2466  DetectAddressFree(dd);
2467  return 1;
2468  }
2469 
2470  return 0;
2471 }
2472 
2473 static int AddressTestParse35(void)
2474 {
2475  int result = 0;
2476  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2477 
2478  if (dd) {
2479  if (dd->flags & ADDRESS_FLAG_NOT &&
2480  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2481  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2482 
2483  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2484  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2485  result = 1;
2486  }
2487 
2488  DetectAddressFree(dd);
2489  return result;
2490  }
2491 
2492  return 0;
2493 }
2494 
2495 static int AddressTestParse36(void)
2496 {
2497  int result = 1;
2498  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2499 
2500  if (dd) {
2501  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2502  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2503 
2504  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2505  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2506 
2507  DetectAddressPrint(dd);
2508  result = 0;
2509  }
2510  DetectAddressPrint(dd);
2511 
2512  DetectAddressFree(dd);
2513  return result;
2514  }
2515 
2516  return 0;
2517 }
2518 
2519 static int AddressTestParse37(void)
2520 {
2521  int result = 1;
2522  DetectAddress *dd = DetectAddressParseSingle("::/0");
2523 
2524  if (dd) {
2525  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2526  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2527 
2528  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2529  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2530  DetectAddressPrint(dd);
2531  result = 0;
2532  }
2533  DetectAddressPrint(dd);
2534 
2535  DetectAddressFree(dd);
2536  return result;
2537  }
2538 
2539  return 0;
2540 }
2541 
2542 static int AddressTestMatch01(void)
2543 {
2544  DetectAddress *dd = NULL;
2545  int result = 1;
2546  struct in_addr in;
2547  Address a;
2548 
2549  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2550  return 0;
2551  memset(&a, 0, sizeof(Address));
2552  a.family = AF_INET;
2553  a.addr_data32[0] = in.s_addr;
2554 
2555  dd = DetectAddressParseSingle("1.2.3.4/24");
2556  if (dd) {
2557  if (DetectAddressMatch(dd, &a) == 0)
2558  result = 0;
2559 
2560  DetectAddressFree(dd);
2561  return result;
2562  }
2563 
2564  return 0;
2565 }
2566 
2567 static int AddressTestMatch02(void)
2568 {
2569  DetectAddress *dd = NULL;
2570  int result = 1;
2571  struct in_addr in;
2572  Address a;
2573 
2574  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2575  return 0;
2576  memset(&a, 0, sizeof(Address));
2577  a.family = AF_INET;
2578  a.addr_data32[0] = in.s_addr;
2579 
2580  dd = DetectAddressParseSingle("1.2.3.4/25");
2581  if (dd) {
2582  if (DetectAddressMatch(dd, &a) == 0)
2583  result = 0;
2584 
2585  DetectAddressFree(dd);
2586  return result;
2587  }
2588 
2589  return 0;
2590 }
2591 
2592 static int AddressTestMatch03(void)
2593 {
2594  DetectAddress *dd = NULL;
2595  int result = 1;
2596  struct in_addr in;
2597  Address a;
2598 
2599  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2600  return 0;
2601  memset(&a, 0, sizeof(Address));
2602  a.family = AF_INET;
2603  a.addr_data32[0] = in.s_addr;
2604 
2605  dd = DetectAddressParseSingle("1.2.3.4/25");
2606  if (dd) {
2607  if (DetectAddressMatch(dd, &a) == 1)
2608  result = 0;
2609 
2610  DetectAddressFree(dd);
2611  return result;
2612  }
2613 
2614  return 0;
2615 }
2616 
2617 static int AddressTestMatch04(void)
2618 {
2619  DetectAddress *dd = NULL;
2620  int result = 1;
2621  struct in_addr in;
2622  Address a;
2623 
2624  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2625  return 0;
2626  memset(&a, 0, sizeof(Address));
2627  a.family = AF_INET;
2628  a.addr_data32[0] = in.s_addr;
2629 
2630  dd = DetectAddressParseSingle("1.2.3.4/25");
2631  if (dd) {
2632  if (DetectAddressMatch(dd, &a) == 1)
2633  result = 0;
2634 
2635  DetectAddressFree(dd);
2636  return result;
2637  }
2638 
2639  return 0;
2640 }
2641 
2642 static int AddressTestMatch05(void)
2643 {
2644  DetectAddress *dd = NULL;
2645  int result = 1;
2646  struct in_addr in;
2647  Address a;
2648 
2649  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2650  return 0;
2651  memset(&a, 0, sizeof(Address));
2652  a.family = AF_INET;
2653  a.addr_data32[0] = in.s_addr;
2654 
2655  dd = DetectAddressParseSingle("1.2.3.4/32");
2656  if (dd) {
2657  if (DetectAddressMatch(dd, &a) == 0)
2658  result = 0;
2659 
2660  DetectAddressFree(dd);
2661  return result;
2662  }
2663 
2664  return 0;
2665 }
2666 
2667 static int AddressTestMatch06(void)
2668 {
2669  DetectAddress *dd = NULL;
2670  int result = 1;
2671  struct in_addr in;
2672  Address a;
2673 
2674  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2675  return 0;
2676  memset(&a, 0, sizeof(Address));
2677  a.family = AF_INET;
2678  a.addr_data32[0] = in.s_addr;
2679 
2680  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2681  if (dd) {
2682  if (DetectAddressMatch(dd, &a) == 0)
2683  result = 0;
2684 
2685  DetectAddressFree(dd);
2686  return result;
2687  }
2688 
2689  return 0;
2690 }
2691 
2692 static int AddressTestMatch07(void)
2693 {
2694  DetectAddress *dd = NULL;
2695  int result = 1;
2696  struct in6_addr in6;
2697  Address a;
2698 
2699  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2700  return 0;
2701  memset(&a, 0, sizeof(Address));
2702  a.family = AF_INET6;
2703  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2704 
2705  dd = DetectAddressParseSingle("2001::/3");
2706  if (dd) {
2707  if (DetectAddressMatch(dd, &a) == 0)
2708  result = 0;
2709 
2710  DetectAddressFree(dd);
2711  return result;
2712  }
2713 
2714  return 0;
2715 }
2716 
2717 static int AddressTestMatch08(void)
2718 {
2719  DetectAddress *dd = NULL;
2720  int result = 1;
2721  struct in6_addr in6;
2722  Address a;
2723 
2724  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2725  return 0;
2726  memset(&a, 0, sizeof(Address));
2727  a.family = AF_INET6;
2728  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2729 
2730  dd = DetectAddressParseSingle("2001::/3");
2731  if (dd) {
2732  if (DetectAddressMatch(dd, &a) == 1)
2733  result = 0;
2734 
2735  DetectAddressFree(dd);
2736  return result;
2737  }
2738 
2739  return 0;
2740 }
2741 
2742 static int AddressTestMatch09(void)
2743 {
2744  DetectAddress *dd = NULL;
2745  int result = 1;
2746  struct in6_addr in6;
2747  Address a;
2748 
2749  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2750  return 0;
2751  memset(&a, 0, sizeof(Address));
2752  a.family = AF_INET6;
2753  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2754 
2755  dd = DetectAddressParseSingle("2001::1/128");
2756  if (dd) {
2757  if (DetectAddressMatch(dd, &a) == 1)
2758  result = 0;
2759 
2760  DetectAddressFree(dd);
2761  return result;
2762  }
2763 
2764  return 0;
2765 }
2766 
2767 static int AddressTestMatch10(void)
2768 {
2769  DetectAddress *dd = NULL;
2770  int result = 1;
2771  struct in6_addr in6;
2772  Address a;
2773 
2774  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2775  return 0;
2776  memset(&a, 0, sizeof(Address));
2777  a.family = AF_INET6;
2778  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2779 
2780  dd = DetectAddressParseSingle("2001::1/126");
2781  if (dd) {
2782  if (DetectAddressMatch(dd, &a) == 0)
2783  result = 0;
2784 
2785  DetectAddressFree(dd);
2786  return result;
2787  }
2788 
2789  return 0;
2790 }
2791 
2792 static int AddressTestMatch11(void)
2793 {
2794  DetectAddress *dd = NULL;
2795  int result = 1;
2796  struct in6_addr in6;
2797  Address a;
2798 
2799  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2800  return 0;
2801  memset(&a, 0, sizeof(Address));
2802  a.family = AF_INET6;
2803  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2804 
2805  dd = DetectAddressParseSingle("2001::1/127");
2806  if (dd) {
2807  if (DetectAddressMatch(dd, &a) == 1)
2808  result = 0;
2809 
2810  DetectAddressFree(dd);
2811  return result;
2812  }
2813 
2814  return 0;
2815 }
2816 
2817 static int AddressTestCmp01(void)
2818 {
2819  DetectAddress *da = NULL, *db = NULL;
2820  int result = 1;
2821 
2822  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2823  if (da == NULL) goto error;
2824  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2825  if (db == NULL) goto error;
2826 
2827  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2828  result = 0;
2829 
2830  DetectAddressFree(da);
2831  DetectAddressFree(db);
2832  return result;
2833 
2834 error:
2835  if (da) DetectAddressFree(da);
2836  if (db) DetectAddressFree(db);
2837  return 0;
2838 }
2839 
2840 static int AddressTestCmp02(void)
2841 {
2842  DetectAddress *da = NULL, *db = NULL;
2843  int result = 1;
2844 
2845  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2846  if (da == NULL) goto error;
2847  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2848  if (db == NULL) goto error;
2849 
2850  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2851  result = 0;
2852 
2853  DetectAddressFree(da);
2854  DetectAddressFree(db);
2855  return result;
2856 
2857 error:
2858  if (da) DetectAddressFree(da);
2859  if (db) DetectAddressFree(db);
2860  return 0;
2861 }
2862 
2863 static int AddressTestCmp03(void)
2864 {
2865  DetectAddress *da = NULL, *db = NULL;
2866  int result = 1;
2867 
2868  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2869  if (da == NULL) goto error;
2870  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2871  if (db == NULL) goto error;
2872 
2873  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2874  result = 0;
2875 
2876  DetectAddressFree(da);
2877  DetectAddressFree(db);
2878  return result;
2879 
2880 error:
2881  if (da) DetectAddressFree(da);
2882  if (db) DetectAddressFree(db);
2883  return 0;
2884 }
2885 
2886 static int AddressTestCmp04(void)
2887 {
2888  DetectAddress *da = NULL, *db = NULL;
2889  int result = 1;
2890 
2891  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2892  if (da == NULL) goto error;
2893  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2894  if (db == NULL) goto error;
2895 
2896  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2897  result = 0;
2898 
2899  DetectAddressFree(da);
2900  DetectAddressFree(db);
2901  return result;
2902 
2903 error:
2904  if (da) DetectAddressFree(da);
2905  if (db) DetectAddressFree(db);
2906  return 0;
2907 }
2908 
2909 static int AddressTestCmp05(void)
2910 {
2911  DetectAddress *da = NULL, *db = NULL;
2912  int result = 1;
2913 
2914  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2915  if (da == NULL) goto error;
2916  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2917  if (db == NULL) goto error;
2918 
2919  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2920  result = 0;
2921 
2922  DetectAddressFree(da);
2923  DetectAddressFree(db);
2924  return result;
2925 
2926 error:
2927  if (da) DetectAddressFree(da);
2928  if (db) DetectAddressFree(db);
2929  return 0;
2930 }
2931 
2932 static int AddressTestCmp06(void)
2933 {
2934  DetectAddress *da = NULL, *db = NULL;
2935  int result = 1;
2936 
2937  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2938  if (da == NULL) goto error;
2939  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2940  if (db == NULL) goto error;
2941 
2942  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2943  result = 0;
2944 
2945  DetectAddressFree(da);
2946  DetectAddressFree(db);
2947  return result;
2948 
2949 error:
2950  if (da) DetectAddressFree(da);
2951  if (db) DetectAddressFree(db);
2952  return 0;
2953 }
2954 
2955 static int AddressTestCmpIPv407(void)
2956 {
2957  DetectAddress *da = NULL, *db = NULL;
2958  int result = 1;
2959 
2960  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2961  if (da == NULL) goto error;
2962  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2963  if (db == NULL) goto error;
2964 
2965  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2966  result = 0;
2967 
2968  DetectAddressFree(da);
2969  DetectAddressFree(db);
2970  return result;
2971 
2972 error:
2973  if (da) DetectAddressFree(da);
2974  if (db) DetectAddressFree(db);
2975  return 0;
2976 }
2977 
2978 static int AddressTestCmpIPv408(void)
2979 {
2980  DetectAddress *da = NULL, *db = NULL;
2981  int result = 1;
2982 
2983  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2984  if (da == NULL) goto error;
2985  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2986  if (db == NULL) goto error;
2987 
2988  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2989  result = 0;
2990 
2991  DetectAddressFree(da);
2992  DetectAddressFree(db);
2993  return result;
2994 
2995 error:
2996  if (da) DetectAddressFree(da);
2997  if (db) DetectAddressFree(db);
2998  return 0;
2999 }
3000 
3001 static int AddressTestCmp07(void)
3002 {
3003  DetectAddress *da = NULL, *db = NULL;
3004  int result = 1;
3005 
3006  da = DetectAddressParseSingle("2001::/3");
3007  if (da == NULL) goto error;
3008  db = DetectAddressParseSingle("2001::1/3");
3009  if (db == NULL) goto error;
3010 
3011  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3012  result = 0;
3013 
3014  DetectAddressFree(da);
3015  DetectAddressFree(db);
3016  return result;
3017 
3018 error:
3019  if (da) DetectAddressFree(da);
3020  if (db) DetectAddressFree(db);
3021  return 0;
3022 }
3023 
3024 static int AddressTestCmp08(void)
3025 {
3026  DetectAddress *da = NULL, *db = NULL;
3027  int result = 1;
3028 
3029  da = DetectAddressParseSingle("2001::/3");
3030  if (da == NULL) goto error;
3031  db = DetectAddressParseSingle("2001::/8");
3032  if (db == NULL) goto error;
3033 
3034  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3035  result = 0;
3036 
3037  DetectAddressFree(da);
3038  DetectAddressFree(db);
3039  return result;
3040 
3041 error:
3042  if (da) DetectAddressFree(da);
3043  if (db) DetectAddressFree(db);
3044  return 0;
3045 }
3046 
3047 static int AddressTestCmp09(void)
3048 {
3049  DetectAddress *da = NULL, *db = NULL;
3050  int result = 1;
3051 
3052  da = DetectAddressParseSingle("2001::/8");
3053  if (da == NULL) goto error;
3054  db = DetectAddressParseSingle("2001::/3");
3055  if (db == NULL) goto error;
3056 
3057  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3058  result = 0;
3059 
3060  DetectAddressFree(da);
3061  DetectAddressFree(db);
3062  return result;
3063 
3064 error:
3065  if (da) DetectAddressFree(da);
3066  if (db) DetectAddressFree(db);
3067  return 0;
3068 }
3069 
3070 static int AddressTestCmp10(void)
3071 {
3072  DetectAddress *da = NULL, *db = NULL;
3073  int result = 1;
3074 
3075  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3076  if (da == NULL) goto error;
3077  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3078  if (db == NULL) goto error;
3079 
3080  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3081  result = 0;
3082 
3083  DetectAddressFree(da);
3084  DetectAddressFree(db);
3085  return result;
3086 
3087 error:
3088  if (da) DetectAddressFree(da);
3089  if (db) DetectAddressFree(db);
3090  return 0;
3091 }
3092 
3093 static int AddressTestCmp11(void)
3094 {
3095  DetectAddress *da = NULL, *db = NULL;
3096  int result = 1;
3097 
3098  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3099  if (da == NULL) goto error;
3100  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3101  if (db == NULL) goto error;
3102 
3103  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3104  result = 0;
3105 
3106  DetectAddressFree(da);
3107  DetectAddressFree(db);
3108  return result;
3109 
3110 error:
3111  if (da) DetectAddressFree(da);
3112  if (db) DetectAddressFree(db);
3113  return 0;
3114 }
3115 
3116 static int AddressTestCmp12(void)
3117 {
3118  DetectAddress *da = NULL, *db = NULL;
3119  int result = 1;
3120 
3121  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3122  if (da == NULL) goto error;
3123  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3124  if (db == NULL) goto error;
3125 
3126  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3127  result = 0;
3128 
3129  DetectAddressFree(da);
3130  DetectAddressFree(db);
3131  return result;
3132 
3133 error:
3134  if (da) DetectAddressFree(da);
3135  if (db) DetectAddressFree(db);
3136  return 0;
3137 }
3138 
3139 static int AddressTestAddressGroupSetup01(void)
3140 {
3141  int result = 0;
3142  DetectAddressHead *gh = DetectAddressHeadInit();
3143 
3144  if (gh != NULL) {
3145  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3146  if (r == 0)
3147  result = 1;
3148 
3149  DetectAddressHeadFree(gh);
3150  }
3151  return result;
3152 }
3153 
3154 static int AddressTestAddressGroupSetup02(void)
3155 {
3156  int result = 0;
3157  DetectAddressHead *gh = DetectAddressHeadInit();
3158 
3159  if (gh != NULL) {
3160  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3161  if (r == 0 && gh->ipv4_head != NULL)
3162  result = 1;
3163 
3164  DetectAddressHeadFree(gh);
3165  }
3166  return result;
3167 }
3168 
3169 static int AddressTestAddressGroupSetup03(void)
3170 {
3171  int result = 0;
3172  DetectAddressHead *gh = DetectAddressHeadInit();
3173 
3174  if (gh != NULL) {
3175  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3176  if (r == 0 && gh->ipv4_head != NULL) {
3177  DetectAddress *prev_head = gh->ipv4_head;
3178 
3179  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3180  if (r == 0 && gh->ipv4_head != prev_head &&
3181  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3182  result = 1;
3183  }
3184  }
3185 
3186  DetectAddressHeadFree(gh);
3187  }
3188  return result;
3189 }
3190 
3191 static int AddressTestAddressGroupSetup04(void)
3192 {
3193  int result = 0;
3194  DetectAddressHead *gh = DetectAddressHeadInit();
3195 
3196  if (gh != NULL) {
3197  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3198  if (r == 0 && gh->ipv4_head != NULL) {
3199  DetectAddress *prev_head = gh->ipv4_head;
3200 
3201  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3202  if (r == 0 && gh->ipv4_head != prev_head &&
3203  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3204  DetectAddress *ph = gh->ipv4_head;
3205 
3206  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3207  if (r == 0 && gh->ipv4_head != ph &&
3208  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3209  result = 1;
3210  }
3211  }
3212  }
3213 
3214  DetectAddressHeadFree(gh);
3215  }
3216  return result;
3217 }
3218 
3219 static int AddressTestAddressGroupSetup05(void)
3220 {
3221  int result = 0;
3222  DetectAddressHead *gh = DetectAddressHeadInit();
3223 
3224  if (gh != NULL) {
3225  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3226  if (r == 0 && gh->ipv4_head != NULL) {
3227  DetectAddress *prev_head = gh->ipv4_head;
3228 
3229  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3230  if (r == 0 && gh->ipv4_head == prev_head &&
3231  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3232  DetectAddress *ph = gh->ipv4_head;
3233 
3234  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3235  if (r == 0 && gh->ipv4_head == ph &&
3236  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3237  result = 1;
3238  }
3239  }
3240  }
3241 
3242  DetectAddressHeadFree(gh);
3243  }
3244  return result;
3245 }
3246 
3247 static int AddressTestAddressGroupSetup06(void)
3248 {
3249  int result = 0;
3250  DetectAddressHead *gh = DetectAddressHeadInit();
3251 
3252  if (gh != NULL) {
3253  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3254  if (r == 0 && gh->ipv4_head != NULL) {
3255  DetectAddress *prev_head = gh->ipv4_head;
3256 
3257  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3258  if (r == 0 && gh->ipv4_head == prev_head &&
3259  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3260  result = 1;
3261  }
3262  }
3263 
3264  DetectAddressHeadFree(gh);
3265  }
3266  return result;
3267 }
3268 
3269 static int AddressTestAddressGroupSetup07(void)
3270 {
3271  int result = 0;
3272  DetectAddressHead *gh = DetectAddressHeadInit();
3273 
3274  if (gh != NULL) {
3275  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3276  if (r == 0 && gh->ipv4_head != NULL) {
3277  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3278  if (r == 0 && gh->ipv4_head != NULL &&
3279  gh->ipv4_head->next != NULL &&
3280  gh->ipv4_head->next->next != NULL) {
3281  result = 1;
3282  }
3283  }
3284 
3285  DetectAddressHeadFree(gh);
3286  }
3287  return result;
3288 }
3289 
3290 static int AddressTestAddressGroupSetup08(void)
3291 {
3292  int result = 0;
3293  DetectAddressHead *gh = DetectAddressHeadInit();
3294 
3295  if (gh != NULL) {
3296  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3297  if (r == 0 && gh->ipv4_head != NULL) {
3298  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3299  if (r == 0 && gh->ipv4_head != NULL &&
3300  gh->ipv4_head->next != NULL &&
3301  gh->ipv4_head->next->next != NULL) {
3302  result = 1;
3303  }
3304  }
3305 
3306  DetectAddressHeadFree(gh);
3307  }
3308  return result;
3309 }
3310 
3311 static int AddressTestAddressGroupSetup09(void)
3312 {
3313  int result = 0;
3314  DetectAddressHead *gh = DetectAddressHeadInit();
3315 
3316  if (gh != NULL) {
3317  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3318  if (r == 0 && gh->ipv4_head != NULL) {
3319  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3320  if (r == 0 && gh->ipv4_head != NULL &&
3321  gh->ipv4_head->next != NULL &&
3322  gh->ipv4_head->next->next != NULL) {
3323  result = 1;
3324  }
3325  }
3326 
3327  DetectAddressHeadFree(gh);
3328  }
3329  return result;
3330 }
3331 
3332 static int AddressTestAddressGroupSetup10(void)
3333 {
3334  int result = 0;
3335  DetectAddressHead *gh = DetectAddressHeadInit();
3336 
3337  if (gh != NULL) {
3338  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3339  if (r == 0 && gh->ipv4_head != NULL) {
3340  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3341  if (r == 0 && gh->ipv4_head != NULL &&
3342  gh->ipv4_head->next != NULL &&
3343  gh->ipv4_head->next->next != NULL) {
3344  result = 1;
3345  }
3346  }
3347 
3348  DetectAddressHeadFree(gh);
3349  }
3350  return result;
3351 }
3352 
3353 static int AddressTestAddressGroupSetup11(void)
3354 {
3355  int result = 0;
3356  DetectAddressHead *gh = DetectAddressHeadInit();
3357 
3358  if (gh != NULL) {
3359  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3360  if (r == 0) {
3361  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3362  if (r == 0) {
3363  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3364  if (r == 0) {
3365  DetectAddress *one = gh->ipv4_head, *two = one->next,
3366  *three = two->next, *four = three->next,
3367  *five = four->next;
3368 
3369  /* result should be:
3370  * 0.0.0.0/10.10.9.255
3371  * 10.10.10.0/10.10.10.9
3372  * 10.10.10.10/10.10.10.255
3373  * 10.10.11.0/10.10.11.1
3374  * 10.10.11.2/255.255.255.255
3375  */
3376  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3377  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3378  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3379  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3380  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3381  result = 1;
3382  }
3383  }
3384  }
3385  }
3386 
3387  DetectAddressHeadFree(gh);
3388  }
3389  return result;
3390 }
3391 
3392 static int AddressTestAddressGroupSetup12 (void)
3393 {
3394  int result = 0;
3395  DetectAddressHead *gh = DetectAddressHeadInit();
3396 
3397  if (gh != NULL) {
3398  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3399  if (r == 0) {
3400  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3401  if (r == 0) {
3402  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3403  if (r == 0) {
3404  DetectAddress *one = gh->ipv4_head, *two = one->next,
3405  *three = two->next, *four = three->next,
3406  *five = four->next;
3407 
3408  /* result should be:
3409  * 0.0.0.0/10.10.9.255
3410  * 10.10.10.0/10.10.10.9
3411  * 10.10.10.10/10.10.10.255
3412  * 10.10.11.0/10.10.11.1
3413  * 10.10.11.2/255.255.255.255
3414  */
3415  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3416  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3417  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3418  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3419  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3420  result = 1;
3421  }
3422  }
3423  }
3424  }
3425 
3426  DetectAddressHeadFree(gh);
3427  }
3428  return result;
3429 }
3430 
3431 static int AddressTestAddressGroupSetup13(void)
3432 {
3433  int result = 0;
3434  DetectAddressHead *gh = DetectAddressHeadInit();
3435 
3436  if (gh != NULL) {
3437  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3438  if (r == 0) {
3439  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3440  if (r == 0) {
3441  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3442  if (r == 0) {
3443  DetectAddress *one = gh->ipv4_head, *two = one->next,
3444  *three = two->next, *four = three->next,
3445  *five = four->next;
3446 
3447  /* result should be:
3448  * 0.0.0.0/10.10.9.255
3449  * 10.10.10.0/10.10.10.9
3450  * 10.10.10.10/10.10.10.255
3451  * 10.10.11.0/10.10.11.1
3452  * 10.10.11.2/255.255.255.255
3453  */
3454  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3455  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3456  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3457  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3458  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3459  result = 1;
3460  }
3461  }
3462  }
3463  }
3464 
3465  DetectAddressHeadFree(gh);
3466  }
3467  return result;
3468 }
3469 
3470 static int AddressTestAddressGroupSetupIPv414(void)
3471 {
3472  DetectAddressHead *gh = DetectAddressHeadInit();
3473  FAIL_IF_NULL(gh);
3474 
3475  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3476  FAIL_IF_NOT(r == 1);
3477 
3478  DetectAddress *one = gh->ipv4_head;
3479  FAIL_IF_NULL(one);
3480  DetectAddress *two = one->next;
3481  FAIL_IF_NULL(two);
3482 
3483  /* result should be:
3484  * 0.0.0.0/1.2.3.3
3485  * 1.2.3.5/255.255.255.255
3486  */
3487  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3488  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3489  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3490  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3491  DetectAddressHeadFree(gh);
3492 
3493  PASS;
3494 }
3495 
3496 static int AddressTestAddressGroupSetupIPv415(void)
3497 {
3498  DetectAddressHead *gh = DetectAddressHeadInit();
3499  FAIL_IF_NULL(gh);
3500 
3501  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3502  FAIL_IF_NOT(r == 1);
3503 
3504  DetectAddress *one = gh->ipv4_head;
3505  FAIL_IF_NULL(one);
3506  FAIL_IF_NOT_NULL(one->next);
3507 
3508  /* result should be:
3509  * 0.0.0.1/255.255.255.255
3510  */
3511  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3512  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3513 
3514  DetectAddressHeadFree(gh);
3515  PASS;
3516 }
3517 
3518 static int AddressTestAddressGroupSetupIPv416(void)
3519 {
3520  DetectAddressHead *gh = DetectAddressHeadInit();
3521  FAIL_IF_NULL(gh);
3522 
3523  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3524  FAIL_IF_NOT(r == 1);
3525 
3526  DetectAddress *one = gh->ipv4_head;
3527  FAIL_IF_NULL(one);
3528  FAIL_IF_NOT_NULL(one->next);
3529 
3530  /* result should be:
3531  * 0.0.0.0/255.255.255.254
3532  */
3533  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3534  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3535 
3536  DetectAddressHeadFree(gh);
3537  PASS;
3538 }
3539 
3540 static int AddressTestAddressGroupSetup14(void)
3541 {
3542  int result = 0;
3543  DetectAddressHead *gh = DetectAddressHeadInit();
3544 
3545  if (gh != NULL) {
3546  int r = DetectAddressParse(NULL, gh, "2001::1");
3547  if (r == 0)
3548  result = 1;
3549 
3550  DetectAddressHeadFree(gh);
3551  }
3552  return result;
3553 }
3554 
3555 static int AddressTestAddressGroupSetup15(void)
3556 {
3557  int result = 0;
3558  DetectAddressHead *gh = DetectAddressHeadInit();
3559 
3560  if (gh != NULL) {
3561  int r = DetectAddressParse(NULL, gh, "2001::1");
3562  if (r == 0 && gh->ipv6_head != NULL)
3563  result = 1;
3564 
3565  DetectAddressHeadFree(gh);
3566  }
3567  return result;
3568 }
3569 
3570 static int AddressTestAddressGroupSetup16(void)
3571 {
3572  int result = 0;
3573  DetectAddressHead *gh = DetectAddressHeadInit();
3574 
3575  if (gh != NULL) {
3576  int r = DetectAddressParse(NULL, gh, "2001::4");
3577  if (r == 0 && gh->ipv6_head != NULL) {
3578  DetectAddress *prev_head = gh->ipv6_head;
3579 
3580  r = DetectAddressParse(NULL, gh, "2001::3");
3581  if (r == 0 && gh->ipv6_head != prev_head &&
3582  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3583  result = 1;
3584  }
3585  }
3586 
3587  DetectAddressHeadFree(gh);
3588  }
3589  return result;
3590 }
3591 
3592 static int AddressTestAddressGroupSetup17(void)
3593 {
3594  int result = 0;
3595  DetectAddressHead *gh = DetectAddressHeadInit();
3596 
3597  if (gh != NULL) {
3598  int r = DetectAddressParse(NULL, gh, "2001::4");
3599  if (r == 0 && gh->ipv6_head != NULL) {
3600  DetectAddress *prev_head = gh->ipv6_head;
3601 
3602  r = DetectAddressParse(NULL, gh, "2001::3");
3603  if (r == 0 && gh->ipv6_head != prev_head &&
3604  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3605  DetectAddress *ph = gh->ipv6_head;
3606 
3607  r = DetectAddressParse(NULL, gh, "2001::2");
3608  if (r == 0 && gh->ipv6_head != ph &&
3609  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3610  result = 1;
3611  }
3612  }
3613  }
3614 
3615  DetectAddressHeadFree(gh);
3616  }
3617  return result;
3618 }
3619 
3620 static int AddressTestAddressGroupSetup18(void)
3621 {
3622  int result = 0;
3623  DetectAddressHead *gh = DetectAddressHeadInit();
3624 
3625  if (gh != NULL) {
3626  int r = DetectAddressParse(NULL, gh, "2001::2");
3627  if (r == 0 && gh->ipv6_head != NULL) {
3628  DetectAddress *prev_head = gh->ipv6_head;
3629 
3630  r = DetectAddressParse(NULL, gh, "2001::3");
3631  if (r == 0 && gh->ipv6_head == prev_head &&
3632  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3633  DetectAddress *ph = gh->ipv6_head;
3634 
3635  r = DetectAddressParse(NULL, gh, "2001::4");
3636  if (r == 0 && gh->ipv6_head == ph &&
3637  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3638  result = 1;
3639  }
3640  }
3641  }
3642 
3643  DetectAddressHeadFree(gh);
3644  }
3645  return result;
3646 }
3647 
3648 static int AddressTestAddressGroupSetup19(void)
3649 {
3650  int result = 0;
3651  DetectAddressHead *gh = DetectAddressHeadInit();
3652 
3653  if (gh != NULL) {
3654  int r = DetectAddressParse(NULL, gh, "2001::2");
3655  if (r == 0 && gh->ipv6_head != NULL) {
3656  DetectAddress *prev_head = gh->ipv6_head;
3657 
3658  r = DetectAddressParse(NULL, gh, "2001::2");
3659  if (r == 0 && gh->ipv6_head == prev_head &&
3660  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3661  result = 1;
3662  }
3663  }
3664 
3665  DetectAddressHeadFree(gh);
3666  }
3667  return result;
3668 }
3669 
3670 static int AddressTestAddressGroupSetup20(void)
3671 {
3672  int result = 0;
3673  DetectAddressHead *gh = DetectAddressHeadInit();
3674 
3675  if (gh != NULL) {
3676  int r = DetectAddressParse(NULL, gh, "2000::/3");
3677  if (r == 0 && gh->ipv6_head != NULL) {
3678  r = DetectAddressParse(NULL, gh, "2001::4");
3679  if (r == 0 && gh->ipv6_head != NULL &&
3680  gh->ipv6_head->next != NULL &&
3681  gh->ipv6_head->next->next != NULL) {
3682  result = 1;
3683  }
3684  }
3685 
3686  DetectAddressHeadFree(gh);
3687  }
3688  return result;
3689 }
3690 
3691 static int AddressTestAddressGroupSetup21(void)
3692 {
3693  int result = 0;
3694  DetectAddressHead *gh = DetectAddressHeadInit();
3695 
3696  if (gh != NULL) {
3697  int r = DetectAddressParse(NULL, gh, "2001::4");
3698  if (r == 0 && gh->ipv6_head != NULL) {
3699  r = DetectAddressParse(NULL, gh, "2000::/3");
3700  if (r == 0 && gh->ipv6_head != NULL &&
3701  gh->ipv6_head->next != NULL &&
3702  gh->ipv6_head->next->next != NULL) {
3703  result = 1;
3704  }
3705  }
3706 
3707  DetectAddressHeadFree(gh);
3708  }
3709  return result;
3710 }
3711 
3712 static int AddressTestAddressGroupSetup22(void)
3713 {
3714  int result = 0;
3715  DetectAddressHead *gh = DetectAddressHeadInit();
3716 
3717  if (gh != NULL) {
3718  int r = DetectAddressParse(NULL, gh, "2000::/3");
3719  if (r == 0 && gh->ipv6_head != NULL) {
3720  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3721  if (r == 0 && gh->ipv6_head != NULL &&
3722  gh->ipv6_head->next != NULL &&
3723  gh->ipv6_head->next->next != NULL) {
3724  result = 1;
3725  }
3726  }
3727 
3728  DetectAddressHeadFree(gh);
3729  }
3730  return result;
3731 }
3732 
3733 static int AddressTestAddressGroupSetup23(void)
3734 {
3735  int result = 0;
3736  DetectAddressHead *gh = DetectAddressHeadInit();
3737 
3738  if (gh != NULL) {
3739  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3740  if (r == 0 && gh->ipv6_head != NULL) {
3741  r = DetectAddressParse(NULL, gh, "2000::/3");
3742  if (r == 0 && gh->ipv6_head != NULL &&
3743  gh->ipv6_head->next != NULL &&
3744  gh->ipv6_head->next->next != NULL) {
3745  result = 1;
3746  }
3747  }
3748 
3749  DetectAddressHeadFree(gh);
3750  }
3751  return result;
3752 }
3753 
3754 static int AddressTestAddressGroupSetup24(void)
3755 {
3756  int result = 0;
3757  DetectAddressHead *gh = DetectAddressHeadInit();
3758 
3759  if (gh != NULL) {
3760  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3761  if (r == 0) {
3762  r = DetectAddressParse(NULL, gh, "2001::/3");
3763  if (r == 0) {
3764  r = DetectAddressParse(NULL, gh, "::/0");
3765  if (r == 0) {
3766  DetectAddress *one = gh->ipv6_head, *two = one->next,
3767  *three = two->next, *four = three->next,
3768  *five = four->next;
3769  if (one->ip.addr_data32[0] == 0x00000000 &&
3770  one->ip.addr_data32[1] == 0x00000000 &&
3771  one->ip.addr_data32[2] == 0x00000000 &&
3772  one->ip.addr_data32[3] == 0x00000000 &&
3773  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3774  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3775  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3776  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3777 
3778  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3779  two->ip.addr_data32[1] == 0x00000000 &&
3780  two->ip.addr_data32[2] == 0x00000000 &&
3781  two->ip.addr_data32[3] == 0x00000000 &&
3782  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3783  two->ip2.addr_data32[1] == 0x00000000 &&
3784  two->ip2.addr_data32[2] == 0x00000000 &&
3785  two->ip2.addr_data32[3] == SCNtohl(3) &&
3786 
3787  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3788  three->ip.addr_data32[1] == 0x00000000 &&
3789  three->ip.addr_data32[2] == 0x00000000 &&
3790  three->ip.addr_data32[3] == SCNtohl(4) &&
3791  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3792  three->ip2.addr_data32[1] == 0x00000000 &&
3793  three->ip2.addr_data32[2] == 0x00000000 &&
3794  three->ip2.addr_data32[3] == SCNtohl(6) &&
3795 
3796  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3797  four->ip.addr_data32[1] == 0x00000000 &&
3798  four->ip.addr_data32[2] == 0x00000000 &&
3799  four->ip.addr_data32[3] == SCNtohl(7) &&
3800  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3801  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3802  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3803  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3804 
3805  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3806  five->ip.addr_data32[1] == 0x00000000 &&
3807  five->ip.addr_data32[2] == 0x00000000 &&
3808  five->ip.addr_data32[3] == 0x00000000 &&
3809  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3810  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3811  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3812  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3813  result = 1;
3814  }
3815  }
3816  }
3817  }
3818 
3819  DetectAddressHeadFree(gh);
3820  }
3821  return result;
3822 }
3823 
3824 static int AddressTestAddressGroupSetup25(void)
3825 {
3826  int result = 0;
3827  DetectAddressHead *gh = DetectAddressHeadInit();
3828 
3829  if (gh != NULL) {
3830  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3831  if (r == 0) {
3832  r = DetectAddressParse(NULL, gh, "::/0");
3833  if (r == 0) {
3834  r = DetectAddressParse(NULL, gh, "2001::/3");
3835  if (r == 0) {
3836  DetectAddress *one = gh->ipv6_head, *two = one->next,
3837  *three = two->next, *four = three->next,
3838  *five = four->next;
3839  if (one->ip.addr_data32[0] == 0x00000000 &&
3840  one->ip.addr_data32[1] == 0x00000000 &&
3841  one->ip.addr_data32[2] == 0x00000000 &&
3842  one->ip.addr_data32[3] == 0x00000000 &&
3843  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3844  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3845  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3846  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3847 
3848  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3849  two->ip.addr_data32[1] == 0x00000000 &&
3850  two->ip.addr_data32[2] == 0x00000000 &&
3851  two->ip.addr_data32[3] == 0x00000000 &&
3852  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3853  two->ip2.addr_data32[1] == 0x00000000 &&
3854  two->ip2.addr_data32[2] == 0x00000000 &&
3855  two->ip2.addr_data32[3] == SCNtohl(3) &&
3856 
3857  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3858  three->ip.addr_data32[1] == 0x00000000 &&
3859  three->ip.addr_data32[2] == 0x00000000 &&
3860  three->ip.addr_data32[3] == SCNtohl(4) &&
3861  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3862  three->ip2.addr_data32[1] == 0x00000000 &&
3863  three->ip2.addr_data32[2] == 0x00000000 &&
3864  three->ip2.addr_data32[3] == SCNtohl(6) &&
3865 
3866  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3867  four->ip.addr_data32[1] == 0x00000000 &&
3868  four->ip.addr_data32[2] == 0x00000000 &&
3869  four->ip.addr_data32[3] == SCNtohl(7) &&
3870  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3871  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3872  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3873  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3874 
3875  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3876  five->ip.addr_data32[1] == 0x00000000 &&
3877  five->ip.addr_data32[2] == 0x00000000 &&
3878  five->ip.addr_data32[3] == 0x00000000 &&
3879  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3880  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3881  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3882  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3883  result = 1;
3884  }
3885  }
3886  }
3887  }
3888 
3889  DetectAddressHeadFree(gh);
3890  }
3891  return result;
3892 }
3893 
3894 static int AddressTestAddressGroupSetup26(void)
3895 {
3896  int result = 0;
3897  DetectAddressHead *gh = DetectAddressHeadInit();
3898 
3899  if (gh != NULL) {
3900  int r = DetectAddressParse(NULL, gh, "::/0");
3901  if (r == 0) {
3902  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3903  if (r == 0) {
3904  r = DetectAddressParse(NULL, gh, "2001::/3");
3905  if (r == 0) {
3906  DetectAddress *one = gh->ipv6_head, *two = one->next,
3907  *three = two->next, *four = three->next,
3908  *five = four->next;
3909  if (one->ip.addr_data32[0] == 0x00000000 &&
3910  one->ip.addr_data32[1] == 0x00000000 &&
3911  one->ip.addr_data32[2] == 0x00000000 &&
3912  one->ip.addr_data32[3] == 0x00000000 &&
3913  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3914  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3915  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3916  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3917 
3918  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3919  two->ip.addr_data32[1] == 0x00000000 &&
3920  two->ip.addr_data32[2] == 0x00000000 &&
3921  two->ip.addr_data32[3] == 0x00000000 &&
3922  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3923  two->ip2.addr_data32[1] == 0x00000000 &&
3924  two->ip2.addr_data32[2] == 0x00000000 &&
3925  two->ip2.addr_data32[3] == SCNtohl(3) &&
3926 
3927  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3928  three->ip.addr_data32[1] == 0x00000000 &&
3929  three->ip.addr_data32[2] == 0x00000000 &&
3930  three->ip.addr_data32[3] == SCNtohl(4) &&
3931  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3932  three->ip2.addr_data32[1] == 0x00000000 &&
3933  three->ip2.addr_data32[2] == 0x00000000 &&
3934  three->ip2.addr_data32[3] == SCNtohl(6) &&
3935 
3936  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3937  four->ip.addr_data32[1] == 0x00000000 &&
3938  four->ip.addr_data32[2] == 0x00000000 &&
3939  four->ip.addr_data32[3] == SCNtohl(7) &&
3940  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3941  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3942  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3943  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3944 
3945  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3946  five->ip.addr_data32[1] == 0x00000000 &&
3947  five->ip.addr_data32[2] == 0x00000000 &&
3948  five->ip.addr_data32[3] == 0x00000000 &&
3949  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3950  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3951  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3952  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3953  result = 1;
3954  }
3955  }
3956  }
3957  }
3958 
3959  DetectAddressHeadFree(gh);
3960  }
3961  return result;
3962 }
3963 
3964 static int AddressTestAddressGroupSetup27(void)
3965 {
3966  int result = 0;
3967  DetectAddressHead *gh = DetectAddressHeadInit();
3968 
3969  if (gh != NULL) {
3970  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3971  if (r == 0)
3972  result = 1;
3973 
3974  DetectAddressHeadFree(gh);
3975  }
3976  return result;
3977 }
3978 
3979 static int AddressTestAddressGroupSetup28(void)
3980 {
3981  int result = 0;
3982  DetectAddressHead *gh = DetectAddressHeadInit();
3983 
3984  if (gh != NULL) {
3985  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3986  if (r == 0)
3987  result = 1;
3988 
3989  DetectAddressHeadFree(gh);
3990  }
3991  return result;
3992 }
3993 
3994 static int AddressTestAddressGroupSetup29(void)
3995 {
3996  int result = 0;
3997  DetectAddressHead *gh = DetectAddressHeadInit();
3998 
3999  if (gh != NULL) {
4000  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4001  if (r == 0)
4002  result = 1;
4003 
4004  DetectAddressHeadFree(gh);
4005  }
4006  return result;
4007 }
4008 
4009 static int AddressTestAddressGroupSetup30(void)
4010 {
4011  int result = 0;
4012  DetectAddressHead *gh = DetectAddressHeadInit();
4013 
4014  if (gh != NULL) {
4015  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4016  if (r == 0)
4017  result = 1;
4018 
4019  DetectAddressHeadFree(gh);
4020  }
4021  return result;
4022 }
4023 
4024 static int AddressTestAddressGroupSetup31(void)
4025 {
4026  int result = 0;
4027  DetectAddressHead *gh = DetectAddressHeadInit();
4028 
4029  if (gh != NULL) {
4030  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4031  if (r == 0)
4032  result = 1;
4033 
4034  DetectAddressHeadFree(gh);
4035  }
4036  return result;
4037 }
4038 
4039 static int AddressTestAddressGroupSetup32(void)
4040 {
4041  int result = 0;
4042  DetectAddressHead *gh = DetectAddressHeadInit();
4043 
4044  if (gh != NULL) {
4045  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4046  if (r == 0)
4047  result = 1;
4048 
4049  DetectAddressHeadFree(gh);
4050  }
4051  return result;
4052 }
4053 
4054 static int AddressTestAddressGroupSetup33(void)
4055 {
4056  int result = 0;
4057  DetectAddressHead *gh = DetectAddressHeadInit();
4058 
4059  if (gh != NULL) {
4060  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4061  if (r == 1)
4062  result = 1;
4063 
4064  DetectAddressHeadFree(gh);
4065  }
4066  return result;
4067 }
4068 
4069 static int AddressTestAddressGroupSetup34(void)
4070 {
4071  int result = 0;
4072  DetectAddressHead *gh = DetectAddressHeadInit();
4073 
4074  if (gh != NULL) {
4075  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4076  if (r == 1)
4077  result = 1;
4078 
4079  DetectAddressHeadFree(gh);
4080  }
4081  return result;
4082 }
4083 
4084 static int AddressTestAddressGroupSetup35(void)
4085 {
4086  int result = 0;
4087  DetectAddressHead *gh = DetectAddressHeadInit();
4088 
4089  if (gh != NULL) {
4090  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4091  if (r == 1)
4092  result = 1;
4093 
4094  DetectAddressHeadFree(gh);
4095  }
4096  return result;
4097 }
4098 
4099 static int AddressTestAddressGroupSetup36 (void)
4100 {
4101  int result = 0;
4102 
4103  DetectAddressHead *gh = DetectAddressHeadInit();
4104  if (gh != NULL) {
4105  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4106  if (r == 1)
4107  result = 1;
4108 
4109  DetectAddressHeadFree(gh);
4110  }
4111  return result;
4112 }
4113 
4114 static int AddressTestAddressGroupSetup37(void)
4115 {
4116  int result = 0;
4117  DetectAddressHead *gh = DetectAddressHeadInit();
4118 
4119  if (gh != NULL) {
4120  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4121  if (r == 0)
4122  result = 1;
4123 
4124  DetectAddressHeadFree(gh);
4125  }
4126  return result;
4127 }
4128 
4129 static int AddressTestAddressGroupSetup38(void)
4130 {
4131  UTHValidateDetectAddressHeadRange expectations[3] = {
4132  { "0.0.0.0", "192.167.255.255" },
4133  { "192.168.14.0", "192.168.14.255" },
4134  { "192.169.0.0", "255.255.255.255" } };
4135  int result = 0;
4136  DetectAddressHead *gh = DetectAddressHeadInit();
4137 
4138  if (gh != NULL) {
4139  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4140  if (r == 1) {
4141  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4142  result = 1;
4143  }
4144 
4145  DetectAddressHeadFree(gh);
4146  }
4147  return result;
4148 }
4149 
4150 static int AddressTestAddressGroupSetup39(void)
4151 {
4152  UTHValidateDetectAddressHeadRange expectations[3] = {
4153  { "0.0.0.0", "192.167.255.255" },
4154  { "192.168.14.0", "192.168.14.255" },
4155  { "192.169.0.0", "255.255.255.255" } };
4156  int result = 0;
4157  DetectAddressHead *gh = DetectAddressHeadInit();
4158 
4159  if (gh != NULL) {
4160  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4161  if (r == 1) {
4162  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4163  result = 1;
4164  }
4165 
4166  DetectAddressHeadFree(gh);
4167  }
4168  return result;
4169 }
4170 
4171 static int AddressTestAddressGroupSetup40(void)
4172 {
4173  UTHValidateDetectAddressHeadRange expectations[3] = {
4174  { "0.0.0.0", "192.167.255.255" },
4175  { "192.168.14.0", "192.168.14.255" },
4176  { "192.169.0.0", "255.255.255.255" } };
4177  int result = 0;
4178  DetectAddressHead *gh = DetectAddressHeadInit();
4179  if (gh != NULL) {
4180  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4181  if (r == 1) {
4182  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4183  result = 1;
4184  }
4185 
4186  DetectAddressHeadFree(gh);
4187  }
4188  return result;
4189 }
4190 
4191 static int AddressTestAddressGroupSetup41(void)
4192 {
4193  UTHValidateDetectAddressHeadRange expectations[3] = {
4194  { "0.0.0.0", "192.167.255.255" },
4195  { "192.168.14.0", "192.168.14.255" },
4196  { "192.169.0.0", "255.255.255.255" } };
4197  int result = 0;
4198  DetectAddressHead *gh = DetectAddressHeadInit();
4199  if (gh != NULL) {
4200  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4201  if (r == 1) {
4202  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4203  result = 1;
4204  }
4205 
4206  DetectAddressHeadFree(gh);
4207  }
4208  return result;
4209 }
4210 
4211 static int AddressTestAddressGroupSetup42(void)
4212 {
4213  UTHValidateDetectAddressHeadRange expectations[1] = {
4214  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4215  int result = 0;
4216  DetectAddressHead *gh = DetectAddressHeadInit();
4217  if (gh != NULL) {
4218  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4219  if (r == 0) {
4220  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4221  result = 1;
4222  }
4223 
4224  DetectAddressHeadFree(gh);
4225  }
4226  return result;
4227 }
4228 
4229 static int AddressTestAddressGroupSetup43(void)
4230 {
4231  UTHValidateDetectAddressHeadRange expectations[2] = {
4232  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4233  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4234  int result = 0;
4235  DetectAddressHead *gh = DetectAddressHeadInit();
4236  if (gh != NULL) {
4237  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4238  if (r == 1) {
4239  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4240  result = 1;
4241  }
4242 
4243  DetectAddressHeadFree(gh);
4244  }
4245  return result;
4246 }
4247 
4248 static int AddressTestAddressGroupSetup44(void)
4249 {
4250  UTHValidateDetectAddressHeadRange expectations[2] = {
4251  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4252  int result = 0;
4253  DetectAddressHead *gh = DetectAddressHeadInit();
4254  if (gh != NULL) {
4255  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4256  if (r == 0) {
4257  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4258  result = 1;
4259  }
4260 
4261  DetectAddressHeadFree(gh);
4262  }
4263  return result;
4264 }
4265 
4266 static int AddressTestAddressGroupSetup45(void)
4267 {
4268  int result = 0;
4269  DetectAddressHead *gh = DetectAddressHeadInit();
4270  if (gh != NULL) {
4271  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4272  if (r != 0) {
4273  result = 1;
4274  }
4275 
4276  DetectAddressHeadFree(gh);
4277  }
4278  return result;
4279 }
4280 
4281 static int AddressTestAddressGroupSetup46(void)
4282 {
4283  UTHValidateDetectAddressHeadRange expectations[4] = {
4284  { "0.0.0.0", "192.167.255.255" },
4285  { "192.168.1.0", "192.168.1.255" },
4286  { "192.168.3.0", "192.168.3.255" },
4287  { "192.169.0.0", "255.255.255.255" } };
4288  int result = 0;
4289  DetectAddressHead *gh = DetectAddressHeadInit();
4290  if (gh != NULL) {
4291  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4292  if (r == 1) {
4293  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4294  result = 1;
4295  }
4296 
4297  DetectAddressHeadFree(gh);
4298  }
4299  return result;
4300 }
4301 
4302 /** \test net with some negations, then all negated */
4303 static int AddressTestAddressGroupSetup47(void)
4304 {
4305  UTHValidateDetectAddressHeadRange expectations[5] = {
4306  { "0.0.0.0", "192.167.255.255" },
4307  { "192.168.1.0", "192.168.1.255" },
4308  { "192.168.3.0", "192.168.3.255" },
4309  { "192.168.5.0", "192.168.5.255" },
4310  { "192.169.0.0", "255.255.255.255" } };
4311  int result = 0;
4312  DetectAddressHead *gh = DetectAddressHeadInit();
4313  if (gh != NULL) {
4314  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4315  if (r == 1) {
4316  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4317  result = 1;
4318  }
4319 
4320  DetectAddressHeadFree(gh);
4321  }
4322  return result;
4323 }
4324 
4325 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4326 static int AddressTestAddressGroupSetup48(void)
4327 {
4328  UTHValidateDetectAddressHeadRange expectations[4] = {
4329  { "192.168.0.0", "192.168.0.255" },
4330  { "192.168.2.0", "192.168.2.255" },
4331  { "192.168.4.0", "192.168.4.255" },
4332  { "192.168.6.0", "192.168.255.255" } };
4333  int result = 0;
4334  DetectAddressHead *gh = DetectAddressHeadInit();
4335  if (gh != NULL) {
4336  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4337  if (r == 1) {
4338  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4339  result = 1;
4340  }
4341 
4342  DetectAddressHeadFree(gh);
4343  }
4344  return result;
4345 }
4346 
4347 static int AddressTestCutIPv401(void)
4348 {
4349  DetectAddress *c;
4350  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4351  FAIL_IF_NULL(a);
4352  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4353  FAIL_IF_NULL(b);
4354 
4355  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4356 
4357  DetectAddressFree(a);
4358  DetectAddressFree(b);
4359  DetectAddressFree(c);
4360  PASS;
4361 }
4362 
4363 static int AddressTestCutIPv402(void)
4364 {
4365  DetectAddress *a, *b, *c;
4366  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4367  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4368 
4369  if (DetectAddressCut(NULL, a, b, &c) == -1)
4370  goto error;
4371 
4372  if (c == NULL)
4373  goto error;
4374 
4375  DetectAddressFree(a);
4376  DetectAddressFree(b);
4377  DetectAddressFree(c);
4378  return 1;
4379 
4380 error:
4381  DetectAddressFree(a);
4382  DetectAddressFree(b);
4383  DetectAddressFree(c);
4384  return 0;
4385 }
4386 
4387 static int AddressTestCutIPv403(void)
4388 {
4389  DetectAddress *a, *b, *c;
4390  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4391  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4392 
4393  if (DetectAddressCut(NULL, a, b, &c) == -1)
4394  goto error;
4395 
4396  if (c == NULL)
4397  goto error;
4398 
4399  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4400  goto error;
4401  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4402  goto error;
4403  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4404  goto error;
4405 
4406  DetectAddressFree(a);
4407  DetectAddressFree(b);
4408  DetectAddressFree(c);
4409  return 1;
4410 
4411 error:
4412  DetectAddressFree(a);
4413  DetectAddressFree(b);
4414  DetectAddressFree(c);
4415  return 0;
4416 }
4417 
4418 static int AddressTestCutIPv404(void)
4419 {
4420  DetectAddress *a, *b, *c;
4421  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4422  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4423 
4424  if (DetectAddressCut(NULL, a, b, &c) == -1)
4425  goto error;
4426 
4427  if (c == NULL)
4428  goto error;
4429 
4430  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4431  goto error;
4432  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4433  goto error;
4434  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4435  goto error;
4436 
4437 
4438  DetectAddressFree(a);
4439  DetectAddressFree(b);
4440  DetectAddressFree(c);
4441  return 1;
4442 
4443 error:
4444  DetectAddressFree(a);
4445  DetectAddressFree(b);
4446  DetectAddressFree(c);
4447  return 0;
4448 }
4449 
4450 static int AddressTestCutIPv405(void)
4451 {
4452  DetectAddress *a, *b, *c;
4453  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4454  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4455 
4456  if (DetectAddressCut(NULL, a, b, &c) == -1)
4457  goto error;
4458 
4459  if (c == NULL)
4460  goto error;
4461 
4462  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4463  goto error;
4464  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4465  goto error;
4466  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4467  goto error;
4468 
4469  DetectAddressFree(a);
4470  DetectAddressFree(b);
4471  DetectAddressFree(c);
4472  return 1;
4473 
4474 error:
4475  DetectAddressFree(a);
4476  DetectAddressFree(b);
4477  DetectAddressFree(c);
4478  return 0;
4479 }
4480 
4481 static int AddressTestCutIPv406(void)
4482 {
4483  DetectAddress *a, *b, *c;
4484  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4485  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4486 
4487  if (DetectAddressCut(NULL, a, b, &c) == -1)
4488  goto error;
4489 
4490  if (c == NULL)
4491  goto error;
4492 
4493  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4494  goto error;
4495  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4496  goto error;
4497  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4498  goto error;
4499 
4500  DetectAddressFree(a);
4501  DetectAddressFree(b);
4502  DetectAddressFree(c);
4503  return 1;
4504 
4505 error:
4506  DetectAddressFree(a);
4507  DetectAddressFree(b);
4508  DetectAddressFree(c);
4509  return 0;
4510 }
4511 
4512 static int AddressTestCutIPv407(void)
4513 {
4514  DetectAddress *a, *b, *c;
4515  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4516  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4517 
4518  if (DetectAddressCut(NULL, a, b, &c) == -1)
4519  goto error;
4520 
4521  if (c != NULL)
4522  goto error;
4523 
4524  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4525  goto error;
4526  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4527  goto error;
4528 
4529  DetectAddressFree(a);
4530  DetectAddressFree(b);
4531  DetectAddressFree(c);
4532  return 1;
4533 
4534 error:
4535  DetectAddressFree(a);
4536  DetectAddressFree(b);
4537  DetectAddressFree(c);
4538  return 0;
4539 }
4540 
4541 static int AddressTestCutIPv408(void)
4542 {
4543  DetectAddress *a, *b, *c;
4544  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4545  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4546 
4547  if (DetectAddressCut(NULL, a, b, &c) == -1)
4548  goto error;
4549 
4550  if (c != NULL)
4551  goto error;
4552 
4553  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4554  goto error;
4555  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4556  goto error;
4557 
4558  DetectAddressFree(a);
4559  DetectAddressFree(b);
4560  DetectAddressFree(c);
4561  return 1;
4562 
4563 error:
4564  DetectAddressFree(a);
4565  DetectAddressFree(b);
4566  DetectAddressFree(c);
4567  return 0;
4568 }
4569 
4570 static int AddressTestCutIPv409(void)
4571 {
4572  DetectAddress *a, *b, *c;
4573  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4574  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4575 
4576  if (DetectAddressCut(NULL, a, b, &c) == -1)
4577  goto error;
4578 
4579  if (c != NULL)
4580  goto error;
4581 
4582  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4583  goto error;
4584  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4585  goto error;
4586 
4587  DetectAddressFree(a);
4588  DetectAddressFree(b);
4589  DetectAddressFree(c);
4590  return 1;
4591 
4592 error:
4593  DetectAddressFree(a);
4594  DetectAddressFree(b);
4595  DetectAddressFree(c);
4596  return 0;
4597 }
4598 
4599 static int AddressTestCutIPv410(void)
4600 {
4601  DetectAddress *a, *b, *c;
4602  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4603  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4604 
4605  if (DetectAddressCut(NULL, a, b, &c) == -1)
4606  goto error;
4607 
4608  if (c != NULL)
4609  goto error;
4610 
4611  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4612  goto error;
4613  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4614  goto error;
4615 
4616  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4617 
4618  DetectAddressFree(a);
4619  DetectAddressFree(b);
4620  DetectAddressFree(c);
4621  return 1;
4622 
4623 error:
4624  DetectAddressFree(a);
4625  DetectAddressFree(b);
4626  DetectAddressFree(c);
4627  return 0;
4628 }
4629 
4630 static int AddressTestParseInvalidMask01(void)
4631 {
4632  int result = 1;
4633  DetectAddress *dd = NULL;
4634 
4635  dd = DetectAddressParseSingle("192.168.2.0/33");
4636  if (dd != NULL) {
4637  DetectAddressFree(dd);
4638  result = 0;
4639  }
4640  return result;
4641 }
4642 
4643 static int AddressTestParseInvalidMask02(void)
4644 {
4645  int result = 1;
4646  DetectAddress *dd = NULL;
4647 
4648  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4649  if (dd != NULL) {
4650  DetectAddressFree(dd);
4651  result = 0;
4652  }
4653  return result;
4654 }
4655 
4656 static int AddressTestParseInvalidMask03(void)
4657 {
4658  int result = 1;
4659  DetectAddress *dd = NULL;
4660 
4661  dd = DetectAddressParseSingle("192.168.2.0/blue");
4662  if (dd != NULL) {
4663  DetectAddressFree(dd);
4664  result = 0;
4665  }
4666  return result;
4667 }
4668 
4669 static int AddressConfVarsTest01(void)
4670 {
4671  static const char *dummy_conf_string =
4672  "%YAML 1.1\n"
4673  "---\n"
4674  "\n"
4675  "vars:\n"
4676  "\n"
4677  " address-groups:\n"
4678  "\n"
4679  " HOME_NET: \"any\"\n"
4680  "\n"
4681  " EXTERNAL_NET: \"!any\"\n"
4682  "\n"
4683  " port-groups:\n"
4684  "\n"
4685  " HTTP_PORTS: \"any\"\n"
4686  "\n"
4687  " SHELLCODE_PORTS: \"!any\"\n"
4688  "\n";
4689 
4690  int result = 0;
4691 
4693  ConfInit();
4694  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4695 
4697  result = 1;
4698 
4699  ConfDeInit();
4701 
4702  return result;
4703 }
4704 
4705 static int AddressConfVarsTest02(void)
4706 {
4707  static const char *dummy_conf_string =
4708  "%YAML 1.1\n"
4709  "---\n"
4710  "\n"
4711  "vars:\n"
4712  "\n"
4713  " address-groups:\n"
4714  "\n"
4715  " HOME_NET: \"any\"\n"
4716  "\n"
4717  " EXTERNAL_NET: \"any\"\n"
4718  "\n"
4719  " port-groups:\n"
4720  "\n"
4721  " HTTP_PORTS: \"any\"\n"
4722  "\n"
4723  " SHELLCODE_PORTS: \"!any\"\n"
4724  "\n";
4725 
4726  int result = 0;
4727 
4729  ConfInit();
4730  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4731 
4733  result = 1;
4734 
4735  ConfDeInit();
4737 
4738  return result;
4739 }
4740 
4741 static int AddressConfVarsTest03(void)
4742 {
4743  static const char *dummy_conf_string =
4744  "%YAML 1.1\n"
4745  "---\n"
4746  "\n"
4747  "vars:\n"
4748  "\n"
4749  " address-groups:\n"
4750  "\n"
4751  " HOME_NET: \"any\"\n"
4752  "\n"
4753  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4754  "\n"
4755  " port-groups:\n"
4756  "\n"
4757  " HTTP_PORTS: \"any\"\n"
4758  "\n"
4759  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4760  "\n";
4761 
4762  int result = 0;
4763 
4765  ConfInit();
4766  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4767 
4769  result = 1;
4770 
4771  ConfDeInit();
4773 
4774  return result;
4775 }
4776 
4777 static int AddressConfVarsTest04(void)
4778 {
4779  static const char *dummy_conf_string =
4780  "%YAML 1.1\n"
4781  "---\n"
4782  "\n"
4783  "vars:\n"
4784  "\n"
4785  " address-groups:\n"
4786  "\n"
4787  " HOME_NET: \"any\"\n"
4788  "\n"
4789  " EXTERNAL_NET: \"$HOME_NET\"\n"
4790  "\n"
4791  " port-groups:\n"
4792  "\n"
4793  " HTTP_PORTS: \"any\"\n"
4794  "\n"
4795  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4796  "\n";
4797 
4798  int result = 0;
4799 
4801  ConfInit();
4802  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4803 
4805  result = 1;
4806 
4807  ConfDeInit();
4809 
4810  return result;
4811 }
4812 
4813 static int AddressConfVarsTest05(void)
4814 {
4815  static const char *dummy_conf_string =
4816  "%YAML 1.1\n"
4817  "---\n"
4818  "\n"
4819  "vars:\n"
4820  "\n"
4821  " address-groups:\n"
4822  "\n"
4823  " HOME_NET: \"any\"\n"
4824  "\n"
4825  " EXTERNAL_NET: [192.168.0.1]\n"
4826  "\n"
4827  " port-groups:\n"
4828  "\n"
4829  " HTTP_PORTS: \"any\"\n"
4830  "\n"
4831  " SHELLCODE_PORTS: [80]\n"
4832  "\n";
4833 
4834  int result = 0;
4835 
4837  ConfInit();
4838  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4839 
4840  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4841  goto end;
4842 
4843  result = 1;
4844 
4845  end:
4846  ConfDeInit();
4848 
4849  return result;
4850 }
4851 
4852 static int AddressConfVarsTest06(void)
4853 {
4854  // HOME_NET value size = 10261 bytes
4855  static const char *dummy_conf_string =
4856  "%YAML 1.1\n"
4857  "---\n"
4858  "\n"
4859  "vars:\n"
4860  "\n"
4861  " address-groups:\n"
4862  "\n"
4863  " HOME_NET: "
4864  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4992  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4993  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4994  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4995  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4996  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4997  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4998  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4999  "\n"
5000  " EXTERNAL_NET: \"any\"\n"
5001  "\n";
5002 
5004  ConfInit();
5005  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
5006 
5008 
5009  ConfDeInit();
5011 
5012  PASS;
5013 }
5014 
5015 #endif /* UNITTESTS */
5016 
5017 void DetectAddressTests(void)
5018 {
5019 #ifdef UNITTESTS
5022 
5023  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5024  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5025  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5026  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5027  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5028  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5029  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5030  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5031  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5032  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5033  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5034  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5035  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5036  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5037  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5038  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5039  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5040  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5041  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5042  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5043  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5044  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5045  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5046  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5047  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5048  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5049  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5050  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5051  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5052  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5053  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5054  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5055  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5056  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5057  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5058  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5059  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5060  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5061 
5062  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5063  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5064  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5065  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5066  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5067  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5068  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5069  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5070  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5071  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5072  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5073 
5074  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5075  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5076  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5077  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5078  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5079  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5080  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5081  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5082 
5083  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5084  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5085  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5086  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5087  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5088  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5089 
5090  UtRegisterTest("AddressTestAddressGroupSetup01",
5091  AddressTestAddressGroupSetup01);
5092  UtRegisterTest("AddressTestAddressGroupSetup02",
5093  AddressTestAddressGroupSetup02);
5094  UtRegisterTest("AddressTestAddressGroupSetup03",
5095  AddressTestAddressGroupSetup03);
5096  UtRegisterTest("AddressTestAddressGroupSetup04",
5097  AddressTestAddressGroupSetup04);
5098  UtRegisterTest("AddressTestAddressGroupSetup05",
5099  AddressTestAddressGroupSetup05);
5100  UtRegisterTest("AddressTestAddressGroupSetup06",
5101  AddressTestAddressGroupSetup06);
5102  UtRegisterTest("AddressTestAddressGroupSetup07",
5103  AddressTestAddressGroupSetup07);
5104  UtRegisterTest("AddressTestAddressGroupSetup08",
5105  AddressTestAddressGroupSetup08);
5106  UtRegisterTest("AddressTestAddressGroupSetup09",
5107  AddressTestAddressGroupSetup09);
5108  UtRegisterTest("AddressTestAddressGroupSetup10",
5109  AddressTestAddressGroupSetup10);
5110  UtRegisterTest("AddressTestAddressGroupSetup11",
5111  AddressTestAddressGroupSetup11);
5112  UtRegisterTest("AddressTestAddressGroupSetup12",
5113  AddressTestAddressGroupSetup12);
5114  UtRegisterTest("AddressTestAddressGroupSetup13",
5115  AddressTestAddressGroupSetup13);
5116  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5117  AddressTestAddressGroupSetupIPv414);
5118  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5119  AddressTestAddressGroupSetupIPv415);
5120  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5121  AddressTestAddressGroupSetupIPv416);
5122 
5123  UtRegisterTest("AddressTestAddressGroupSetup14",
5124  AddressTestAddressGroupSetup14);
5125  UtRegisterTest("AddressTestAddressGroupSetup15",
5126  AddressTestAddressGroupSetup15);
5127  UtRegisterTest("AddressTestAddressGroupSetup16",
5128  AddressTestAddressGroupSetup16);
5129  UtRegisterTest("AddressTestAddressGroupSetup17",
5130  AddressTestAddressGroupSetup17);
5131  UtRegisterTest("AddressTestAddressGroupSetup18",
5132  AddressTestAddressGroupSetup18);
5133  UtRegisterTest("AddressTestAddressGroupSetup19",
5134  AddressTestAddressGroupSetup19);
5135  UtRegisterTest("AddressTestAddressGroupSetup20",
5136  AddressTestAddressGroupSetup20);
5137  UtRegisterTest("AddressTestAddressGroupSetup21",
5138  AddressTestAddressGroupSetup21);
5139  UtRegisterTest("AddressTestAddressGroupSetup22",
5140  AddressTestAddressGroupSetup22);
5141  UtRegisterTest("AddressTestAddressGroupSetup23",
5142  AddressTestAddressGroupSetup23);
5143  UtRegisterTest("AddressTestAddressGroupSetup24",
5144  AddressTestAddressGroupSetup24);
5145  UtRegisterTest("AddressTestAddressGroupSetup25",
5146  AddressTestAddressGroupSetup25);
5147  UtRegisterTest("AddressTestAddressGroupSetup26",
5148  AddressTestAddressGroupSetup26);
5149 
5150  UtRegisterTest("AddressTestAddressGroupSetup27",
5151  AddressTestAddressGroupSetup27);
5152  UtRegisterTest("AddressTestAddressGroupSetup28",
5153  AddressTestAddressGroupSetup28);
5154  UtRegisterTest("AddressTestAddressGroupSetup29",
5155  AddressTestAddressGroupSetup29);
5156  UtRegisterTest("AddressTestAddressGroupSetup30",
5157  AddressTestAddressGroupSetup30);
5158  UtRegisterTest("AddressTestAddressGroupSetup31",
5159  AddressTestAddressGroupSetup31);
5160  UtRegisterTest("AddressTestAddressGroupSetup32",
5161  AddressTestAddressGroupSetup32);
5162  UtRegisterTest("AddressTestAddressGroupSetup33",
5163  AddressTestAddressGroupSetup33);
5164  UtRegisterTest("AddressTestAddressGroupSetup34",
5165  AddressTestAddressGroupSetup34);
5166  UtRegisterTest("AddressTestAddressGroupSetup35",
5167  AddressTestAddressGroupSetup35);
5168  UtRegisterTest("AddressTestAddressGroupSetup36",
5169  AddressTestAddressGroupSetup36);
5170  UtRegisterTest("AddressTestAddressGroupSetup37",
5171  AddressTestAddressGroupSetup37);
5172  UtRegisterTest("AddressTestAddressGroupSetup38",
5173  AddressTestAddressGroupSetup38);
5174  UtRegisterTest("AddressTestAddressGroupSetup39",
5175  AddressTestAddressGroupSetup39);
5176  UtRegisterTest("AddressTestAddressGroupSetup40",
5177  AddressTestAddressGroupSetup40);
5178  UtRegisterTest("AddressTestAddressGroupSetup41",
5179  AddressTestAddressGroupSetup41);
5180  UtRegisterTest("AddressTestAddressGroupSetup42",
5181  AddressTestAddressGroupSetup42);
5182  UtRegisterTest("AddressTestAddressGroupSetup43",
5183  AddressTestAddressGroupSetup43);
5184  UtRegisterTest("AddressTestAddressGroupSetup44",
5185  AddressTestAddressGroupSetup44);
5186  UtRegisterTest("AddressTestAddressGroupSetup45",
5187  AddressTestAddressGroupSetup45);
5188  UtRegisterTest("AddressTestAddressGroupSetup46",
5189  AddressTestAddressGroupSetup46);
5190  UtRegisterTest("AddressTestAddressGroupSetup47",
5191  AddressTestAddressGroupSetup47);
5192  UtRegisterTest("AddressTestAddressGroupSetup48",
5193  AddressTestAddressGroupSetup48);
5194 
5195  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5196  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5197  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5198  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5199  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5200  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5201  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5202  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5203  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5204  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5205 
5206  UtRegisterTest("AddressTestParseInvalidMask01",
5207  AddressTestParseInvalidMask01);
5208  UtRegisterTest("AddressTestParseInvalidMask02",
5209  AddressTestParseInvalidMask02);
5210  UtRegisterTest("AddressTestParseInvalidMask03",
5211  AddressTestParseInvalidMask03);
5212 
5213  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5214  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5215  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5216  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5217  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5218  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5219 #endif /* UNITTESTS */
5220 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:164
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1413
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1310
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:146
detect-engine-siggroup.h
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1610
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:162
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectAddressHead_
Definition: detect.h:177
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1495
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1355
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:836
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
Address_
Definition: decode.h:116
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:147
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:253
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1106
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1821
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:122
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:171
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:151
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1904
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:262
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:511
DetectAddress_::ip2
Address ip2
Definition: detect.h:165
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1053
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
Address_::address
union Address_::@30 address
util-rule-vars.h
conf-yaml-loader.h
conf.h
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:149
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:670
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:152
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
Flow_::next
struct Flow_ * next
Definition: flow.h:396
DetectAddressMap_
Definition: detect-engine-address.c:1307
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:179
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1643
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:980
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:153
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
ConfNode_::name
char * name
Definition: conf.h:33
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:682
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:150
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1344
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:179
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1903
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1309
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:413
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:173
DetectMatchAddressIPv6_
Definition: detect.h:188
DetectMatchAddressIPv4_
Definition: detect.h:183
Address_::family
char family
Definition: decode.h:117
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:148
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1453
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:693
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:156
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1905
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:131
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:168
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1583
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:178
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1308
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162