suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
52 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
53 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
54  DetectAddress **);
56 
57 /**
58  * \brief Creates and returns a new instance of a DetectAddress.
59  *
60  * \retval ag Pointer to the newly created DetectAddress on success;
61  * NULL on failure.
62  */
64 {
65  DetectAddress *ag = SCMalloc(sizeof(DetectAddress));
66  if (unlikely(ag == NULL))
67  return NULL;
68  memset(ag, 0, sizeof(DetectAddress));
69 
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84 
85  return;
86 }
87 
88 /**
89  * \brief Copies the contents of one Address group in DetectAddress and returns
90  * a new instance of the DetectAddress that contains the copied address.
91  *
92  * \param orig Pointer to the instance of DetectAddress that contains the
93  * address data to be copied to the new instance.
94  *
95  * \retval ag Pointer to the new instance of DetectAddress that contains the
96  * copied address.
97  */
99 {
101  if (ag == NULL)
102  return NULL;
103 
104  ag->flags = orig->flags;
105 
106  COPY_ADDRESS(&orig->ip, &ag->ip);
107  COPY_ADDRESS(&orig->ip2, &ag->ip2);
108 
109  return ag;
110 }
111 
112 /**
113  * \brief Used to check if a DetectAddress list contains an instance with
114  * a similar DetectAddress. The comparison done is not the one that
115  * checks the memory for the same instance, but one that checks that the
116  * two instances hold the same content.
117  *
118  * \param head Pointer to the DetectAddress list.
119  * \param ad Pointer to the DetectAddress that has to be checked for in
120  * the DetectAddress list.
121  *
122  * \retval cur Returns a pointer to the DetectAddress on a match; NULL if
123  * no match.
124  */
126 {
127  DetectAddress *cur;
128 
129  if (head != NULL) {
130  for (cur = head; cur != NULL; cur = cur->next) {
131  if (DetectAddressCmp(cur, gr) == ADDRESS_EQ)
132  return cur;
133  }
134  }
135 
136  return NULL;
137 }
138 
139 /**
140  * \brief Prints the address data information for all the DetectAddress
141  * instances in the DetectAddress list sent as the argument.
142  *
143  * \param head Pointer to a list of DetectAddress instances.
144  */
146 {
147  DetectAddress *cur;
148 
149  SCLogInfo("list:");
150  if (head != NULL) {
151  for (cur = head; cur != NULL; cur = cur->next) {
152  DetectAddressPrint(cur);
153  }
154  }
155  SCLogInfo("endlist");
156 
157  return;
158 }
159 
160 /**
161  * \brief Frees a list of DetectAddress instances.
162  *
163  * \param head Pointer to a list of DetectAddress instances to be freed.
164  */
166 {
167  DetectAddress *cur, *next;
168 
169  if (head == NULL)
170  return;
171 
172  for (cur = head; cur != NULL; ) {
173  next = cur->next;
174  cur->next = NULL;
175  DetectAddressFree(cur);
176  cur = next;
177  }
178 
179  return;
180 }
181 
182 /**
183  * \brief Do a sorted insert, where the top of the list should be the biggest
184  * network/range.
185  *
186  * XXX current sorting only works for overlapping nets
187  *
188  * \param head Pointer to the list of DetectAddress.
189  * \param ag Pointer to the DetectAddress that has to be added to the
190  * above list.
191  *
192  * \retval 0 On successfully inserting the DetectAddress.
193  * \retval -1 On failure.
194  */
195 
197 {
198  DetectAddress *cur, *prev_cur = NULL;
199  int r = 0;
200 
201  if (*head != NULL) {
202  for (cur = *head; cur != NULL; cur = cur->next) {
203  prev_cur = cur;
204  r = DetectAddressCmp(ag, cur);
205  if (r == ADDRESS_EB) {
206  /* insert here */
207  ag->prev = cur->prev;
208  ag->next = cur;
209 
210  cur->prev = ag;
211  if (*head == cur)
212  *head = ag;
213  else
214  ag->prev->next = ag;
215 
216  return 0;
217  }
218  }
219  ag->prev = prev_cur;
220  if (prev_cur != NULL)
221  prev_cur->next = ag;
222  } else {
223  *head = ag;
224  }
225 
226  return 0;
227 }
228 
229 /**
230  * \internal
231  * \brief Helper function for DetectAddressInsert. Sets one of the
232  * DetectAddressHead head pointers, to the DetectAddress argument
233  * based on its address family.
234  *
235  * \param gh Pointer to the DetectAddressHead.
236  * \param newhead Pointer to the DetectAddress.
237  *
238  * \retval 0 On success.
239  * \retval -1 On failure.
240  */
241 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
242 {
243  if (newhead->ip.family == AF_INET) {
244  gh->ipv4_head = newhead;
245  } else if (newhead->ip.family == AF_INET6) {
246  gh->ipv6_head = newhead;
247  } else {
248  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
249  return -1;
250  }
251 
252  return 0;
253 }
254 
255 /**
256  * \internal
257  * \brief Returns the DetectAddress head from the DetectAddressHeads,
258  * based on the address family of the incoming DetectAddress arg.
259  *
260  * \param gh Pointer to the DetectAddressHead.
261  * \param new Pointer to the DetectAddress.
262  *
263  * \retval head Pointer to the DetectAddress(the head from
264  * DetectAddressHead).
265  */
266 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
267 {
268  DetectAddress *head = NULL;
269 
270  if (new->ip.family == AF_INET)
271  head = gh->ipv4_head;
272  else if (new->ip.family == AF_INET6)
273  head = gh->ipv6_head;
274 
275  return head;
276 }
277 
278 /**
279  * \brief Same as DetectAddressInsert, but then for inserting a address group
280  * object. This also makes sure SigGroupContainer lists are handled
281  * correctly.
282  *
283  * \param de_ctx Pointer to the detection engine context.
284  * \param gh Pointer to the DetectAddressHead list to which it has to
285  * be inserted.
286  * \param new Pointer to the DetectAddress, that has to be inserted.
287  *
288  * \retval 1 On successfully inserting it.
289  * \retval -1 On error.
290  * \retval 0 Not inserted, memory of new is freed.
291  */
293  DetectAddress *new)
294 {
295  DetectAddress *head = NULL;
296  DetectAddress *cur = NULL;
297  DetectAddress *c = NULL;
298  int r = 0;
299 
300  if (new == NULL)
301  return 0;
302 
303  /* get our head ptr based on the address we want to insert */
304  head = GetHeadPtr(gh, new);
305 
306  /* see if it already exists or overlaps with existing ag's */
307  if (head != NULL) {
308  cur = NULL;
309 
310  for (cur = head; cur != NULL; cur = cur->next) {
311  r = DetectAddressCmp(new, cur);
312  BUG_ON(r == ADDRESS_ER);
313 
314  /* if so, handle that */
315  if (r == ADDRESS_EQ) {
316  /* exact overlap/match */
317  if (cur != new) {
318  DetectAddressFree(new);
319  return 0;
320  }
321 
322  return 1;
323  } else if (r == ADDRESS_GT) {
324  /* only add it now if we are bigger than the last group.
325  * Otherwise we'll handle it later. */
326  if (cur->next == NULL) {
327  /* put in the list */
328  new->prev = cur;
329  cur->next = new;
330 
331  return 1;
332  }
333  } else if (r == ADDRESS_LT) {
334  /* see if we need to insert the ag anywhere put in the list */
335  if (cur->prev != NULL)
336  cur->prev->next = new;
337  new->prev = cur->prev;
338  new->next = cur;
339  cur->prev = new;
340 
341  /* update head if required */
342  if (head == cur) {
343  head = new;
344 
345  if (SetHeadPtr(gh, head) < 0)
346  goto error;
347  }
348 
349  return 1;
350  /* alright, those were the simple cases, lets handle the more
351  * complex ones now */
352  } else if (r == ADDRESS_ES) {
353  c = NULL;
354  r = DetectAddressCut(de_ctx, cur, new, &c);
355  if (r == -1)
356  goto error;
357 
358  DetectAddressInsert(de_ctx, gh, new);
359  if (c != NULL)
360  DetectAddressInsert(de_ctx, gh, c);
361 
362  return 1;
363  } else if (r == ADDRESS_EB) {
364  c = NULL;
365  r = DetectAddressCut(de_ctx, cur, new, &c);
366  if (r == -1)
367  goto error;
368 
369  DetectAddressInsert(de_ctx, gh, new);
370  if (c != NULL)
371  DetectAddressInsert(de_ctx, gh, c);
372 
373  return 1;
374  } else if (r == ADDRESS_LE) {
375  c = NULL;
376  r = DetectAddressCut(de_ctx, cur, new, &c);
377  if (r == -1)
378  goto error;
379 
380  DetectAddressInsert(de_ctx, gh, new);
381  if (c != NULL)
382  DetectAddressInsert(de_ctx, gh, c);
383 
384  return 1;
385  } else if (r == ADDRESS_GE) {
386  c = NULL;
387  r = DetectAddressCut(de_ctx, cur,new,&c);
388  if (r == -1)
389  goto error;
390 
391  DetectAddressInsert(de_ctx, gh, new);
392  if (c != NULL)
393  DetectAddressInsert(de_ctx, gh, c);
394 
395  return 1;
396  }
397  }
398 
399  /* head is NULL, so get a group and set head to it */
400  } else {
401  head = new;
402  if (SetHeadPtr(gh, head) < 0) {
403  SCLogDebug("SetHeadPtr failed");
404  goto error;
405  }
406  }
407 
408  return 1;
409 
410 error:
411  /* XXX */
412  return -1;
413 }
414 
415 /**
416  * \brief Join two addresses groups together.
417  *
418  * \param de_ctx Pointer to the detection engine context.
419  * \param target Pointer to the target address group.
420  * \param source Pointer to the source address group.
421  *
422  * \retval 0 On success.
423  * \retval -1 On failure.
424  */
426  DetectAddress *source)
427 {
428  if (target == NULL || source == NULL)
429  return -1;
430 
431  if (target->ip.family != source->ip.family)
432  return -1;
433 
434  if (target->ip.family == AF_INET)
435  return DetectAddressJoinIPv4(de_ctx, target, source);
436  else if (target->ip.family == AF_INET6)
437  return DetectAddressJoinIPv6(de_ctx, target, source);
438 
439  return -1;
440 }
441 
442 /**
443  * \brief Checks if two address group lists are equal.
444  *
445  * \param list1 Pointer to the first address group list.
446  * \param list2 Pointer to the second address group list.
447  *
448  * \retval true On success.
449  * \retval false On failure.
450  */
452 {
453  DetectAddress *item = list1;
454  DetectAddress *it = list2;
455 
456  // First, compare items one by one.
457  while (item != NULL && it != NULL) {
458  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
459  return false;
460  }
461 
462  item = item->next;
463  it = it->next;
464  }
465 
466  // Are the lists of the same size?
467  if (!(item == NULL && it == NULL)) {
468  return false;
469  }
470 
471  return true;
472 }
473 
474 /**
475  * \internal
476  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
477  *
478  * For example if we send a cidr of 7 as argument, an ipv6 address
479  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
480  * in the argument struct in6_addr *in6.
481  *
482  * \todo I think for the final section: while (cidr > 0), we can simply
483  * replace it with a
484  * if (cidr > 0) {
485  * in6->s6_addr[i] = -1 << (8 - cidr);
486  *
487  * \param cidr The value of the cidr.
488  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
489  * hold the cidr netblock result.
490  */
491 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
492 {
493  int i = 0;
494 
495  memset(in6, 0, sizeof(struct in6_addr));
496 
497  while (cidr > 8) {
498  in6->s6_addr[i] = 0xff;
499  cidr -= 8;
500  i++;
501  }
502 
503  while (cidr > 0) {
504  in6->s6_addr[i] |= 0x80;
505  if (--cidr > 0)
506  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
507  }
508 
509  return;
510 }
511 
512 /**
513  * \internal
514  * \brief Parses an ipv4/ipv6 address string and updates the result into the
515  * DetectAddress instance sent as the argument.
516  *
517  * \param dd Pointer to the DetectAddress instance which should be updated with
518  * the address range details from the parsed ip string.
519  * \param str Pointer to address string that has to be parsed.
520  *
521  * \retval 0 On successfully parsing the address string.
522  * \retval -1 On failure.
523  */
525 {
526  char *ip = NULL;
527  char *ip2 = NULL;
528  char *mask = NULL;
529  int r = 0;
530  char ipstr[256];
531 
532  while (*str != '\0' && *str == ' ')
533  str++;
534 
535  /* shouldn't see 'any' here */
536  BUG_ON(strcasecmp(str, "any") == 0);
537 
538  strlcpy(ipstr, str, sizeof(ipstr));
539  SCLogDebug("str %s", str);
540 
541  /* we work with a copy so that we can put a
542  * nul-termination in it later */
543  ip = ipstr;
544 
545  /* handle the negation case */
546  if (ip[0] == '!') {
547  dd->flags |= ADDRESS_FLAG_NOT;
548  ip++;
549  }
550 
551  /* see if the address is an ipv4 or ipv6 address */
552  if ((strchr(str, ':')) == NULL) {
553  /* IPv4 Address */
554  struct in_addr in;
555 
556  dd->ip.family = AF_INET;
557 
558  if ((mask = strchr(ip, '/')) != NULL) {
559  /* 1.2.3.4/xxx format (either dotted or cidr notation */
560  ip[mask - ip] = '\0';
561  mask++;
562  uint32_t ip4addr = 0;
563  uint32_t netmask = 0;
564  size_t u = 0;
565 
566  if ((strchr (mask, '.')) == NULL) {
567  /* 1.2.3.4/24 format */
568 
569  for (u = 0; u < strlen(mask); u++) {
570  if(!isdigit((unsigned char)mask[u]))
571  goto error;
572  }
573 
574  int cidr = atoi(mask);
575  if (cidr < 0 || cidr > 32)
576  goto error;
577 
578  netmask = CIDRGet(cidr);
579  } else {
580  /* 1.2.3.4/255.255.255.0 format */
581  r = inet_pton(AF_INET, mask, &in);
582  if (r <= 0)
583  goto error;
584 
585  netmask = in.s_addr;
586  }
587 
588  r = inet_pton(AF_INET, ip, &in);
589  if (r <= 0)
590  goto error;
591 
592  ip4addr = in.s_addr;
593 
594  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
595  dd->ip2.addr_data32[0] |=~ netmask;
596  } else if ((ip2 = strchr(ip, '-')) != NULL) {
597  /* 1.2.3.4-1.2.3.6 range format */
598  ip[ip2 - ip] = '\0';
599  ip2++;
600 
601  r = inet_pton(AF_INET, ip, &in);
602  if (r <= 0)
603  goto error;
604  dd->ip.addr_data32[0] = in.s_addr;
605 
606  r = inet_pton(AF_INET, ip2, &in);
607  if (r <= 0)
608  goto error;
609  dd->ip2.addr_data32[0] = in.s_addr;
610 
611  /* a > b is illegal, a = b is ok */
612  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
613  goto error;
614  } else {
615  /* 1.2.3.4 format */
616  r = inet_pton(AF_INET, ip, &in);
617  if (r <= 0)
618  goto error;
619  /* single host */
620  dd->ip.addr_data32[0] = in.s_addr;
621  dd->ip2.addr_data32[0] = in.s_addr;
622  }
623  } else {
624  /* IPv6 Address */
625  struct in6_addr in6, mask6;
626  uint32_t ip6addr[4], netmask[4];
627 
628  dd->ip.family = AF_INET6;
629 
630  if ((mask = strchr(ip, '/')) != NULL) {
631  ip[mask - ip] = '\0';
632  mask++;
633 
634  int cidr = atoi(mask);
635  if (cidr < 0 || cidr > 128)
636  goto error;
637 
638  r = inet_pton(AF_INET6, ip, &in6);
639  if (r <= 0)
640  goto error;
641  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
642 
643  DetectAddressParseIPv6CIDR(cidr, &mask6);
644  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
645 
646  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
647  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
648  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
649  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
650 
651  dd->ip2.addr_data32[0] |=~ netmask[0];
652  dd->ip2.addr_data32[1] |=~ netmask[1];
653  dd->ip2.addr_data32[2] |=~ netmask[2];
654  dd->ip2.addr_data32[3] |=~ netmask[3];
655  } else if ((ip2 = strchr(ip, '-')) != NULL) {
656  /* 2001::1-2001::4 range format */
657  ip[ip2 - ip] = '\0';
658  ip2++;
659 
660  r = inet_pton(AF_INET6, ip, &in6);
661  if (r <= 0)
662  goto error;
663  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
664 
665  r = inet_pton(AF_INET6, ip2, &in6);
666  if (r <= 0)
667  goto error;
668  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
669 
670  /* a > b is illegal, a=b is ok */
671  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
672  goto error;
673  } else {
674  r = inet_pton(AF_INET6, ip, &in6);
675  if (r <= 0)
676  goto error;
677 
678  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
679  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
680  }
681 
682  }
683 
684  BUG_ON(dd->ip.family == 0);
685 
686  return 0;
687 
688 error:
689  return -1;
690 }
691 
692 /**
693  * \internal
694  * \brief Simply parse an address and return a DetectAddress instance containing
695  * the address ranges of the parsed ip addressstring
696  *
697  * \param str Pointer to a character string containing the ip address
698  *
699  * \retval dd Pointer to the DetectAddress instance containing the address
700  * range details from the parsed ip string
701  */
702 static DetectAddress *DetectAddressParseSingle(const char *str)
703 {
704  DetectAddress *dd;
705 
706  SCLogDebug("str %s", str);
707 
708  dd = DetectAddressInit();
709  if (dd == NULL)
710  goto error;
711 
712  if (DetectAddressParseString(dd, str) < 0) {
713  SCLogDebug("AddressParse failed");
714  goto error;
715  }
716 
717  return dd;
718 
719 error:
720  if (dd != NULL)
721  DetectAddressFree(dd);
722  return NULL;
723 }
724 
725 /**
726  * \brief Setup a single address string, parse it and add the resulting
727  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
728  *
729  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
730  * resulting Address-Range(s) from the parsed ip string has to
731  * be added.
732  * \param s Pointer to the ip address string to be parsed.
733  *
734  * \retval 0 On success.
735  * \retval -1 On failure.
736  */
737 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
738 {
739  SCLogDebug("gh %p, s %s", gh, s);
740 
741  if (strcasecmp(s, "any") == 0) {
742  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
743 
744  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
745  if (ad == NULL)
746  return -1;
747 
748  BUG_ON(ad->ip.family == 0);
749 
750  if (DetectAddressInsert(NULL, gh, ad) < 0) {
751  SCLogDebug("DetectAddressInsert failed");
752  DetectAddressFree(ad);
753  return -1;
754  }
755 
756  ad = DetectAddressParseSingle("::/0");
757  if (ad == NULL)
758  return -1;
759 
760  BUG_ON(ad->ip.family == 0);
761 
762  if (DetectAddressInsert(NULL, gh, ad) < 0) {
763  SCLogDebug("DetectAddressInsert failed");
764  DetectAddressFree(ad);
765  return -1;
766  }
767  return 0;
768  }
769 
770  /* parse the address */
771  DetectAddress *ad = DetectAddressParseSingle(s);
772  if (ad == NULL) {
774  "failed to parse address \"%s\"", s);
775  return -1;
776  }
777 
778  /* handle the not case, we apply the negation then insert the part(s) */
779  if (ad->flags & ADDRESS_FLAG_NOT) {
780  DetectAddress *ad2 = NULL;
781 
782  if (DetectAddressCutNot(ad, &ad2) < 0) {
783  SCLogDebug("DetectAddressCutNot failed");
784  DetectAddressFree(ad);
785  return -1;
786  }
787 
788  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
789  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
790  if (ad2 != NULL) {
791  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
792  SCLogDebug("DetectAddressInsert failed");
793  DetectAddressFree(ad);
794  DetectAddressFree(ad2);
795  return -1;
796  }
797  }
798  }
799 
800  int r = DetectAddressInsert(NULL, gh, ad);
801  if (r < 0) {
802  SCLogDebug("DetectAddressInsert failed");
803  DetectAddressFree(ad);
804  return -1;
805  }
806  SCLogDebug("r %d",r);
807  return 0;
808 }
809 
810 /**
811  * \brief Parses an address string and updates the 2 address heads with the
812  * address data.
813  *
814  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
815  * since we pass around negate without keeping a count of ! with depth.
816  * Can solve this by keeping a count of the negations with depth, so that
817  * an even no of negations would count as no negation and an odd no of
818  * negations would count as a negation.
819  *
820  * \param gh Pointer to the address head that should hold address ranges
821  * that are not negated.
822  * \param ghn Pointer to the address head that should hold address ranges
823  * that are negated.
824  * \param s Pointer to the character string holding the address to be
825  * parsed.
826  * \param negate Flag that indicates if the received address string is negated
827  * or not. 0 if it is not, 1 it it is.
828  *
829  * \retval 0 On successfully parsing.
830  * \retval -1 On failure.
831  */
832 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
834  const char *s, int negate, ResolvedVariablesList *var_list)
835 {
836  size_t x = 0;
837  size_t u = 0;
838  int o_set = 0, n_set = 0, d_set = 0;
839  int depth = 0;
840  size_t size = strlen(s);
841  char address[8196] = "";
842  const char *rule_var_address = NULL;
843  char *temp_rule_var_address = NULL;
844 
845  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
846 
847  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
848  if (x == (sizeof(address) - 1)) {
849  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
850  " limit for the supplied address. Invalidating sig. "
851  "Please file a bug report on this.");
852  goto error;
853  }
854  address[x] = s[u];
855  x++;
856 
857  if (!o_set && s[u] == '!') {
858  n_set = 1;
859  x--;
860  } else if (s[u] == '[') {
861  if (!o_set) {
862  o_set = 1;
863  x = 0;
864  }
865  depth++;
866  } else if (s[u] == ']') {
867  if (depth == 1) {
868  address[x - 1] = '\0';
869  x = 0;
870  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
871  if (((negate + n_set) % 2) == 0) {
872  /* normal block */
873  SCLogDebug("normal block");
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
876  goto error;
877  } else {
878  /* negated block
879  *
880  * Extra steps are necessary. First consider it as a normal
881  * (non-negated) range. Merge the + and - ranges if
882  * applicable. Then insert the result into the ghn list. */
883  SCLogDebug("negated block");
884 
885  DetectAddressHead tmp_gh = { NULL, NULL };
886  DetectAddressHead tmp_ghn = { NULL, NULL };
887 
888  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0) {
889  DetectAddressHeadCleanup(&tmp_gh);
890  DetectAddressHeadCleanup(&tmp_ghn);
891  goto error;
892  }
893 
894  DetectAddress *tmp_ad;
895  DetectAddress *tmp_ad2;
896 #ifdef DEBUG
897  SCLogDebug("tmp_gh: IPv4");
898  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
899  DetectAddressPrint(tmp_ad);
900  }
901  SCLogDebug("tmp_ghn: IPv4");
902  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
903  DetectAddressPrint(tmp_ad);
904  }
905  SCLogDebug("tmp_gh: IPv6");
906  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
907  DetectAddressPrint(tmp_ad);
908  }
909  SCLogDebug("tmp_ghn: IPv6");
910  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
911  DetectAddressPrint(tmp_ad);
912  }
913 #endif
914  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
915  DetectAddressHeadCleanup(&tmp_ghn);
916  DetectAddressHeadCleanup(&tmp_gh);
917  goto error;
918  }
919  DetectAddressHeadCleanup(&tmp_ghn);
920 
921  SCLogDebug("merged succesfully");
922 
923  /* insert the IPv4 addresses into the negated list */
924  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
925  /* work with a copy of the address group */
926  tmp_ad2 = DetectAddressCopy(tmp_ad);
927  if (tmp_ad2 == NULL) {
928  SCLogDebug("DetectAddressCopy failed");
929  DetectAddressHeadCleanup(&tmp_gh);
930  goto error;
931  }
932  DetectAddressPrint(tmp_ad2);
933  DetectAddressInsert(NULL, ghn, tmp_ad2);
934  }
935 
936  /* insert the IPv6 addresses into the negated list */
937  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
938  /* work with a copy of the address group */
939  tmp_ad2 = DetectAddressCopy(tmp_ad);
940  if (tmp_ad2 == NULL) {
941  SCLogDebug("DetectAddressCopy failed");
942  DetectAddressHeadCleanup(&tmp_gh);
943  goto error;
944  }
945  DetectAddressPrint(tmp_ad2);
946  DetectAddressInsert(NULL, ghn, tmp_ad2);
947  }
948 
949  DetectAddressHeadCleanup(&tmp_gh);
950  }
951  n_set = 0;
952  }
953  depth--;
954  } else if (depth == 0 && s[u] == ',') {
955  if (o_set == 1) {
956  o_set = 0;
957  } else if (d_set == 1) {
958  address[x - 1] = '\0';
959 
960  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
962  if (rule_var_address == NULL)
963  goto error;
964 
965  if (strlen(rule_var_address) == 0) {
966  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
967  "to nothing. This is likely a misconfiguration. "
968  "Note that a negated address needs to be quoted, "
969  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
970  goto error;
971  }
972 
973  SCLogDebug("rule_var_address %s", rule_var_address);
974  if ((negate + n_set) % 2) {
975  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
976  if (unlikely(temp_rule_var_address == NULL))
977  goto error;
978  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
979  "[%s]", rule_var_address);
980  } else {
981  temp_rule_var_address = SCStrdup(rule_var_address);
982  if (unlikely(temp_rule_var_address == NULL))
983  goto error;
984  }
985 
986 
987  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
988  (negate + n_set) % 2, var_list) < 0)
989  {
990  if (temp_rule_var_address != rule_var_address)
991  SCFree(temp_rule_var_address);
992  goto error;
993  }
994  d_set = 0;
995  n_set = 0;
996  SCFree(temp_rule_var_address);
997  } else {
998  address[x - 1] = '\0';
999 
1000  if (!((negate + n_set) % 2)) {
1001  SCLogDebug("DetectAddressSetup into gh, %s", address);
1002  if (DetectAddressSetup(gh, address) < 0)
1003  goto error;
1004  } else {
1005  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1006  if (DetectAddressSetup(ghn, address) < 0)
1007  goto error;
1008  }
1009  n_set = 0;
1010  }
1011  x = 0;
1012  } else if (depth == 0 && s[u] == '$') {
1013  d_set = 1;
1014  } else if (depth == 0 && u == size - 1) {
1015  if (x == sizeof(address)) {
1016  address[x - 1] = '\0';
1017  } else {
1018  address[x] = '\0';
1019  }
1020  x = 0;
1021 
1022  if (AddVariableToResolveList(var_list, address) == -1) {
1023  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
1024  "groups declaration. This is likely a misconfiguration.");
1025  goto error;
1026  }
1027 
1028  if (d_set == 1) {
1029  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
1031  if (rule_var_address == NULL)
1032  goto error;
1033 
1034  if (strlen(rule_var_address) == 0) {
1035  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
1036  "to nothing. This is likely a misconfiguration. "
1037  "Note that a negated address needs to be quoted, "
1038  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
1039  goto error;
1040  }
1041 
1042  SCLogDebug("rule_var_address %s", rule_var_address);
1043  if ((negate + n_set) % 2) {
1044  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
1045  if (unlikely(temp_rule_var_address == NULL))
1046  goto error;
1047  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
1048  "[%s]", rule_var_address);
1049  } else {
1050  temp_rule_var_address = SCStrdup(rule_var_address);
1051  if (unlikely(temp_rule_var_address == NULL))
1052  goto error;
1053  }
1054 
1055  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
1056  (negate + n_set) % 2, var_list) < 0) {
1057  SCLogDebug("DetectAddressParse2 hates us");
1058  if (temp_rule_var_address != rule_var_address)
1059  SCFree(temp_rule_var_address);
1060  goto error;
1061  }
1062  d_set = 0;
1063  SCFree(temp_rule_var_address);
1064  } else {
1065  if (!((negate + n_set) % 2)) {
1066  SCLogDebug("DetectAddressSetup into gh, %s", address);
1067  if (DetectAddressSetup(gh, address) < 0) {
1068  SCLogDebug("DetectAddressSetup gh fail");
1069  goto error;
1070  }
1071  } else {
1072  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1073  if (DetectAddressSetup(ghn, address) < 0) {
1074  SCLogDebug("DetectAddressSetup ghn fail");
1075  goto error;
1076  }
1077  }
1078  }
1079  n_set = 0;
1080  }
1081  }
1082  if (depth > 0) {
1083  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1084  "properly closed in \"%s\", %d missing closing brackets (]). "
1085  "Note: problem might be in a variable.", s, depth);
1086  goto error;
1087  } else if (depth < 0) {
1088  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1089  "properly opened in \"%s\", %d missing opening brackets ([). "
1090  "Note: problem might be in a variable.", s, depth*-1);
1091  goto error;
1092  }
1093 
1094  return 0;
1095 
1096 error:
1097 
1098  return -1;
1099 }
1100 
1101 /**
1102  * \internal
1103  * \brief See if the addresses and ranges in an address head cover the
1104  * entire ip space.
1105  *
1106  * \param gh Pointer to the DetectAddressHead to check.
1107  *
1108  * \retval 0 No.
1109  * \retval 1 Yes.
1110  *
1111  * \todo do the same for IPv6
1112  */
1113 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1114 {
1116  if (r == 1)
1117  return 1;
1118 
1119  return 0;
1120 }
1121 
1122 /**
1123  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1124  *
1125  * \param gh Pointer to the address head containing the non-NOT groups.
1126  * \param ghn Pointer to the address head containing the NOT groups.
1127  *
1128  * \retval 0 On success.
1129  * \retval -1 On failure.
1130  */
1132 {
1133  DetectAddress *ad;
1134  DetectAddress *ag, *ag2;
1135  int r = 0;
1136 
1137  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1138  ghn->ipv4_head);
1139 
1140  /* check if the negated list covers the entire ip space. If so
1141  * the user screwed up the rules/vars. */
1142  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1143  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1144  "Rule address range is NIL. Probably have a !any or "
1145  "an address range that supplies a NULL address range");
1146  goto error;
1147  }
1148 
1149  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1150  * not thingy. In that case we add a 0.0.0.0/0 first. */
1151  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1152  r = DetectAddressSetup(gh, "0.0.0.0/0");
1153  if (r < 0) {
1154  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1155  goto error;
1156  }
1157  }
1158  /* ... or ::/0 for ipv6 */
1159  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1160  r = DetectAddressSetup(gh, "::/0");
1161  if (r < 0) {
1162  SCLogDebug("DetectAddressSetup for ::/0 failed");
1163  goto error;
1164  }
1165  }
1166 
1167  /* step 1: insert our ghn members into the gh list */
1168  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1169  /* work with a copy of the ad so we can easily clean up the ghn group
1170  * later. */
1171  ad = DetectAddressCopy(ag);
1172  if (ad == NULL) {
1173  SCLogDebug("DetectAddressCopy failed");
1174  goto error;
1175  }
1176 
1177  r = DetectAddressInsert(NULL, gh, ad);
1178  if (r < 0) {
1179  SCLogDebug("DetectAddressInsert failed");
1180  goto error;
1181  }
1182  }
1183  /* ... and the same for ipv6 */
1184  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1185  /* work with a copy of the ad so we can easily clean up the ghn group
1186  * later. */
1187  ad = DetectAddressCopy(ag);
1188  if (ad == NULL) {
1189  SCLogDebug("DetectAddressCopy failed");
1190  goto error;
1191  }
1192 
1193  r = DetectAddressInsert(NULL, gh, ad);
1194  if (r < 0) {
1195  SCLogDebug("DetectAddressInsert failed");
1196  goto error;
1197  }
1198  }
1199 #ifdef DEBUG
1200  DetectAddress *tmp_ad;
1201  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1202  DetectAddressPrint(tmp_ad);
1203  }
1204 #endif
1205  int ipv4_applied = 0;
1206  int ipv6_applied = 0;
1207 
1208  /* step 2: pull the address blocks that match our 'not' blocks */
1209  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1210  SCLogDebug("ag %p", ag);
1211  DetectAddressPrint(ag);
1212 
1213  int applied = 0;
1214  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1215  SCLogDebug("ag2 %p", ag2);
1216  DetectAddressPrint(ag2);
1217 
1218  r = DetectAddressCmp(ag, ag2);
1219  /* XXX more ??? */
1220  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1221  if (ag2->prev == NULL)
1222  gh->ipv4_head = ag2->next;
1223  else
1224  ag2->prev->next = ag2->next;
1225 
1226  if (ag2->next != NULL)
1227  ag2->next->prev = ag2->prev;
1228 
1229  /* store the next ptr and remove the group */
1230  DetectAddress *next_ag2 = ag2->next;
1231  DetectAddressFree(ag2);
1232  ag2 = next_ag2;
1233  applied = 1;
1234  } else {
1235  ag2 = ag2->next;
1236  }
1237  }
1238 
1239  if (applied) {
1240  ipv4_applied++;
1241  }
1242  }
1243  /* ... and the same for ipv6 */
1244  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1245  int applied = 0;
1246  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1247  r = DetectAddressCmp(ag, ag2);
1248  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1249  if (ag2->prev == NULL)
1250  gh->ipv6_head = ag2->next;
1251  else
1252  ag2->prev->next = ag2->next;
1253 
1254  if (ag2->next != NULL)
1255  ag2->next->prev = ag2->prev;
1256 
1257  /* store the next ptr and remove the group */
1258  DetectAddress *next_ag2 = ag2->next;
1259  DetectAddressFree(ag2);
1260  ag2 = next_ag2;
1261 
1262  SCLogDebug("applied");
1263  applied = 1;
1264  } else {
1265  ag2 = ag2->next;
1266  }
1267  }
1268  if (applied) {
1269  ipv6_applied++;
1270  }
1271  }
1272 #ifdef DEBUG
1273  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1274  DetectAddressPrint(tmp_ad);
1275  }
1276  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1277  DetectAddressPrint(tmp_ad);
1278  }
1279 #endif
1280  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1281  int cnt = 0;
1282  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1283  cnt++;
1284 
1285  if (ipv4_applied != cnt) {
1286  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1287  "could be applied: %d != %d", cnt, ipv4_applied);
1288  goto error;
1289  }
1290 
1291  cnt = 0;
1292  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1293  cnt++;
1294 
1295  if (ipv6_applied != cnt) {
1296  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1297  "could be applied: %d != %d", cnt, ipv6_applied);
1298  goto error;
1299  }
1300  }
1301 
1302  /* if the result is that we have no addresses we return error */
1303  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1304  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1305  "merging addresses and negated addresses");
1306  goto error;
1307  }
1308 
1309  return 0;
1310 
1311 error:
1312  return -1;
1313 }
1314 
1316 {
1317  SCLogDebug("Testing address conf vars for any misconfigured values");
1318 
1319  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1320 
1321  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1322  if (address_vars_node == NULL) {
1323  return 0;
1324  }
1325 
1326  DetectAddressHead *gh = NULL;
1327  DetectAddressHead *ghn = NULL;
1328 
1329  ConfNode *seq_node;
1330  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1331  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1332 
1333  gh = DetectAddressHeadInit();
1334  if (gh == NULL) {
1335  goto error;
1336  }
1337  ghn = DetectAddressHeadInit();
1338  if (ghn == NULL) {
1339  goto error;
1340  }
1341 
1342  if (seq_node->val == NULL) {
1344  "Address var \"%s\" probably has a sequence(something "
1345  "in brackets) value set without any quotes. Please "
1346  "quote it using \"..\".", seq_node->name);
1347  goto error;
1348  }
1349 
1350  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1351 
1352  CleanVariableResolveList(&var_list);
1353 
1354  if (r < 0) {
1356  "failed to parse address var \"%s\" with value \"%s\". "
1357  "Please check it's syntax", seq_node->name, seq_node->val);
1358  goto error;
1359  }
1360 
1361  if (DetectAddressIsCompleteIPSpace(ghn)) {
1363  "address var - \"%s\" has the complete IP space negated "
1364  "with it's value \"%s\". Rule address range is NIL. "
1365  "Probably have a !any or an address range that supplies "
1366  "a NULL address range", seq_node->name, seq_node->val);
1367  goto error;
1368  }
1369 
1370  if (gh != NULL) {
1372  gh = NULL;
1373  }
1374  if (ghn != NULL) {
1375  DetectAddressHeadFree(ghn);
1376  ghn = NULL;
1377  }
1378  }
1379 
1380  return 0;
1381  error:
1382  if (gh != NULL)
1384  if (ghn != NULL)
1385  DetectAddressHeadFree(ghn);
1386  return -1;
1387 }
1388 
1389 #include "util-hash-lookup3.h"
1390 
1391 typedef struct DetectAddressMap_ {
1392  char *string;
1395 
1396 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1397 {
1398  const DetectAddressMap *map = (DetectAddressMap *)data;
1399  uint32_t hash = 0;
1400 
1401  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1402  hash %= ht->array_size;
1403 
1404  return hash;
1405 }
1406 
1407 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1408  uint16_t len2)
1409 {
1410  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1411  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1412 
1413 
1414  int r = (strcmp(map1->string, map2->string) == 0);
1415  return r;
1416 }
1417 
1418 static void DetectAddressMapFreeFunc(void *data)
1419 {
1420  DetectAddressMap *map = (DetectAddressMap *)data;
1421  if (map != NULL) {
1423  SCFree(map->string);
1424  }
1425  SCFree(map);
1426 }
1427 
1429 {
1430  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1431  DetectAddressMapCompareFunc,
1432  DetectAddressMapFreeFunc);
1433  if (de_ctx->address_table == NULL)
1434  return -1;
1435 
1436  return 0;
1437 }
1438 
1440 {
1441  if (de_ctx->address_table == NULL)
1442  return;
1443 
1445  de_ctx->address_table = NULL;
1446  return;
1447 }
1448 
1449 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1451 {
1452  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1453  if (map == NULL)
1454  return -1;
1455 
1456  map->string = SCStrdup(string);
1457  if (map->string == NULL) {
1458  SCFree(map);
1459  return -1;
1460  }
1461  map->address = address;
1462 
1463  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1464  return 0;
1465 }
1466 
1467 static const DetectAddressHead *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1468  const char *string)
1469 {
1470  DetectAddressMap map = { (char *)string, NULL };
1471 
1473  &map, 0);
1474  if (res == NULL)
1475  return NULL;
1476  else {
1477  return (const DetectAddressHead *)res->address;
1478  }
1479 }
1480 
1481 /**
1482  * \brief Parses an address group sent as a character string and updates the
1483  * DetectAddressHead sent as the argument with the relevant address
1484  * ranges from the parsed string.
1485  *
1486  * \param gh Pointer to the DetectAddressHead.
1487  * \param str Pointer to the character string containing the address group
1488  * that has to be parsed.
1489  *
1490  * \retval 0 On success.
1491  * \retval -1 On failure.
1492  */
1494  DetectAddressHead *gh, const char *str)
1495 {
1496  int r;
1497  DetectAddressHead *ghn = NULL;
1498 
1499  SCLogDebug("gh %p, str %s", gh, str);
1500 
1501  if (str == NULL) {
1502  SCLogDebug("DetectAddressParse can not be run with NULL address");
1503  goto error;
1504  }
1505 
1506  ghn = DetectAddressHeadInit();
1507  if (ghn == NULL) {
1508  SCLogDebug("DetectAddressHeadInit for ghn failed");
1509  goto error;
1510  }
1511 
1512  r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1513  if (r < 0) {
1514  SCLogDebug("DetectAddressParse2 returned %d", r);
1515  goto error;
1516  }
1517 
1518  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1519  ghn->ipv4_head);
1520 
1521  /* merge the 'not' address groups */
1522  if (DetectAddressMergeNot(gh, ghn) < 0) {
1523  SCLogDebug("DetectAddressMergeNot failed");
1524  goto error;
1525  }
1526 
1527  /* free the temp negate head */
1528  DetectAddressHeadFree(ghn);
1529  return 0;
1530 
1531 error:
1532  if (ghn != NULL)
1533  DetectAddressHeadFree(ghn);
1534  return -1;
1535 }
1536 
1538  const char *string)
1539 {
1540  const DetectAddressHead *h = DetectAddressMapLookup(de_ctx, string);
1541  if (h != NULL) {
1542  SCLogDebug("found: %s :: %p", string, h);
1543  return h;
1544  }
1545 
1546  SCLogDebug("%s not found", string);
1547 
1549  if (head == NULL)
1550  return NULL;
1551 
1552  if (DetectAddressParse(de_ctx, head, string) == -1)
1553  {
1554  DetectAddressHeadFree(head);
1555  return NULL;
1556  }
1557 
1558  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head);
1559  return head;
1560 }
1561 
1562 /**
1563  * \brief Returns a new instance of DetectAddressHead.
1564  *
1565  * \retval gh Pointer to the new instance of DetectAddressHead.
1566  */
1568 {
1570  if (unlikely(gh == NULL))
1571  return NULL;
1572  memset(gh, 0, sizeof(DetectAddressHead));
1573 
1574  return gh;
1575 }
1576 
1577 /**
1578  * \brief Cleans a DetectAddressHead. The functions frees the address
1579  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1580  * instance.
1581  *
1582  * \param gh Pointer to the DetectAddressHead instance that has to be
1583  * cleaned.
1584  */
1586 {
1587  if (gh != NULL) {
1588  if (gh->ipv4_head != NULL) {
1590  gh->ipv4_head = NULL;
1591  }
1592  if (gh->ipv6_head != NULL) {
1594  gh->ipv6_head = NULL;
1595  }
1596  }
1597 
1598  return;
1599 }
1600 
1601 /**
1602  * \brief Frees a DetectAddressHead instance.
1603  *
1604  * \param gh Pointer to the DetectAddressHead instance to be freed.
1605  */
1607 {
1608  if (gh != NULL) {
1610  SCFree(gh);
1611  }
1612 
1613  return;
1614 }
1615 
1616 /**
1617  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1618  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1619  * explanations on what these functions do.
1620  *
1621  * \param de_ctx Pointer to the DetectEngineCtx.
1622  * \param a Pointer the the first address to be cut.
1623  * \param b Pointer to the second address to be cut.
1624  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1625  * ranges from a and b, demand a third address range.
1626  *
1627  * \retval 0 On success.
1628  * \retval -1 On failure.
1629  */
1630 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1631  DetectAddress *b, DetectAddress **c)
1632 {
1633  if (a->ip.family == AF_INET)
1634  return DetectAddressCutIPv4(de_ctx, a, b, c);
1635  else if (a->ip.family == AF_INET6)
1636  return DetectAddressCutIPv6(de_ctx, a, b, c);
1637 
1638  return -1;
1639 }
1640 
1641 /**
1642  * \brief Cuts a negated address range with respect to the entire ip range, and
1643  * supplies with the address range that doesn't belong to the negated
1644  * address range.
1645  *
1646  * There are 2 cases here -
1647  *
1648  * The first case includes the address being located at the extreme ends
1649  * of the ip space, in which we get a single range.
1650  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1651  *
1652  * The second case includes the address not present at either of the
1653  * ip space extremes, in which case we get 2 ranges. The second range
1654  * would be supplied back with the argument "b" supplied to this function.
1655  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1656  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1657  *
1658  * The above negation cases can similarly be extended to ranges, i.e.
1659  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1660  * ![10.20.30.40 - 10.20.30.50].
1661  *
1662  *
1663  * \param a Pointer to the DetectAddressData instance, that contains the negated
1664  * address range that has to be cut.
1665  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1666  * filled with the address range, if the argument "a", doesn't fall at
1667  * the extreme ends of the ip address space.
1668  *
1669  * \retval 0 On success.
1670  * \retval -1 On failure.
1671  */
1672 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1673 {
1674  if (a->ip.family == AF_INET)
1675  return DetectAddressCutNotIPv4(a, b);
1676  else if (a->ip.family == AF_INET6)
1677  return DetectAddressCutNotIPv6(a, b);
1678 
1679  return -1;
1680 }
1681 
1682 /**
1683  * \brief Used to compare 2 address ranges.
1684  *
1685  * \param a Pointer to the first DetectAddressData to be compared.
1686  * \param b Pointer to the second DetectAddressData to be compared.
1687  */
1689 {
1690  if (a->ip.family != b->ip.family)
1691  return ADDRESS_ER;
1692 
1693  if (a->ip.family == AF_INET)
1694  return DetectAddressCmpIPv4(a, b);
1695  else if (a->ip.family == AF_INET6)
1696  return DetectAddressCmpIPv6(a, b);
1697 
1698  return ADDRESS_ER;
1699 }
1700 
1701 /**
1702  * \brief Match a packets address against a signatures addrs array
1703  *
1704  * \param addrs array of DetectMatchAddressIPv4's
1705  * \param addrs_cnt array size in members
1706  * \param a packets address
1707  *
1708  * \retval 0 no match
1709  * \retval 1 match
1710  *
1711  * \note addresses in addrs are in host order
1712  *
1713  * \todo array should be ordered, so we can break out of the loop
1714  */
1716  uint16_t addrs_cnt, const Address *a)
1717 {
1718  SCEnter();
1719 
1720  if (addrs == NULL || addrs_cnt == 0) {
1721  SCReturnInt(0);
1722  }
1723 
1724  uint16_t idx;
1725  for (idx = 0; idx < addrs_cnt; idx++) {
1726  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1727  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1728  {
1729  SCReturnInt(1);
1730  }
1731  }
1732 
1733  SCReturnInt(0);
1734 }
1735 
1736 /**
1737  * \brief Match a packets address against a signatures addrs array
1738  *
1739  * \param addrs array of DetectMatchAddressIPv6's
1740  * \param addrs_cnt array size in members
1741  * \param a packets address
1742  *
1743  * \retval 0 no match
1744  * \retval 1 match
1745  *
1746  * \note addresses in addrs are in host order
1747  *
1748  * \todo array should be ordered, so we can break out of the loop
1749  */
1751  uint16_t addrs_cnt, const Address *a)
1752 {
1753  SCEnter();
1754 
1755  if (addrs == NULL || addrs_cnt == 0) {
1756  SCReturnInt(0);
1757  }
1758 
1759  uint16_t idx;
1760  int i = 0;
1761  uint16_t result1, result2;
1762 
1763  /* See if the packet address is within the range of any entry in the
1764  * signature's address match array.
1765  */
1766  for (idx = 0; idx < addrs_cnt; idx++) {
1767  result1 = result2 = 0;
1768 
1769  /* See if packet address equals either limit. Return 1 if true. */
1770  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1771  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1772  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1773  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1774  {
1775  SCReturnInt(1);
1776  }
1777  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1778  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1779  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1780  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1781  {
1782  SCReturnInt(1);
1783  }
1784 
1785  /* See if packet address is greater than lower limit
1786  * of the current signature address match pair.
1787  */
1788  for (i = 0; i < 4; i++) {
1789  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1790  result1 = 1;
1791  break;
1792  }
1793  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1794  result1 = 0;
1795  break;
1796  }
1797  }
1798 
1799  /* If not greater than lower limit, try next address match entry */
1800  if (result1 == 0)
1801  continue;
1802 
1803  /* See if packet address is less than upper limit
1804  * of the current signature address match pair.
1805  */
1806  for (i = 0; i < 4; i++) {
1807  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1808  result2 = 1;
1809  break;
1810  }
1811  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1812  result2 = 0;
1813  break;
1814  }
1815  }
1816 
1817  /* Return a match if packet address is between the two
1818  * signature address match limits.
1819  */
1820  if (result1 == 1 && result2 == 1)
1821  SCReturnInt(1);
1822  }
1823 
1824  SCReturnInt(0);
1825 }
1826 
1827 /**
1828  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1829  * range in the DetectAddress instance.
1830  *
1831  * We basically check that the address falls inbetween the address
1832  * range in DetectAddress.
1833  *
1834  * \param dd Pointer to the DetectAddress instance.
1835  * \param a Pointer to an Address instance.
1836  *
1837  * \param 1 On a match.
1838  * \param 0 On no match.
1839  */
1841 {
1842  SCEnter();
1843 
1844  if (dd->ip.family != a->family) {
1845  SCReturnInt(0);
1846  }
1847 
1848  //DetectAddressPrint(dd);
1849  //AddressDebugPrint(a);
1850 
1851  switch (a->family) {
1852  case AF_INET:
1853 
1854  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1855  * Address inside DetectAddressData we can do uint8_t checks */
1856  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1857  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1858  {
1859  SCReturnInt(1);
1860  } else {
1861  SCReturnInt(0);
1862  }
1863 
1864  break;
1865  case AF_INET6:
1866  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1867  AddressIPv6Le(a, &dd->ip2) == 1)
1868  {
1869  SCReturnInt(1);
1870  } else {
1871  SCReturnInt(0);
1872  }
1873 
1874  break;
1875  default:
1876  SCLogDebug("What other address type can we have :-/");
1877  break;
1878  }
1879 
1880  SCReturnInt(0);
1881 }
1882 
1883 /**
1884  * \brief Prints the address data held by the DetectAddress. If the address
1885  * data family is IPv4, we print the the ipv4 address and mask, and
1886  * if the address data family is IPv6, we print the ipv6 address and
1887  * mask.
1888  *
1889  * \param ad Pointer to the DetectAddress instance to be printed.
1890  */
1892 {
1893  if (gr == NULL)
1894  return;
1895 
1896  if (gr->ip.family == AF_INET) {
1897  struct in_addr in;
1898  char ip[16], mask[16];
1899 
1900  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1901  PrintInet(AF_INET, &in, ip, sizeof(ip));
1902  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1903  PrintInet(AF_INET, &in, mask, sizeof(mask));
1904 
1905  SCLogDebug("%s/%s", ip, mask);
1906 // printf("%s/%s", ip, mask);
1907  } else if (gr->ip.family == AF_INET6) {
1908  struct in6_addr in6;
1909  char ip[66], mask[66];
1910 
1911  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1912  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1913  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1914  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1915 
1916  SCLogDebug("%s/%s", ip, mask);
1917 // printf("%s/%s", ip, mask);
1918  }
1919 
1920  return;
1921 }
1922 
1923 /**
1924  * \brief Find the group matching address in a group head.
1925  *
1926  * \param gh Pointer to the address group head(DetectAddressHead instance).
1927  * \param a Pointer to an Address instance.
1928  *
1929  * \retval g On success pointer to an DetectAddress if we find a match
1930  * for the Address "a", in the DetectAddressHead "gh".
1931  */
1933 {
1934  SCEnter();
1935 
1936  DetectAddress *g = NULL;
1937 
1938  if (gh == NULL) {
1939  SCReturnPtr(NULL, "DetectAddress");
1940  }
1941 
1942  /* XXX should we really do this check every time we run this function? */
1943  if (a->family == AF_INET) {
1944  SCLogDebug("IPv4");
1945  g = gh->ipv4_head;
1946  } else if (a->family == AF_INET6) {
1947  SCLogDebug("IPv6");
1948  g = gh->ipv6_head;
1949  }
1950 
1951  for ( ; g != NULL; g = g->next) {
1952  if (DetectAddressMatch(g,a) == 1) {
1953  SCReturnPtr(g, "DetectAddress");
1954  }
1955  }
1956 
1957  SCReturnPtr(NULL, "DetectAddress");
1958 }
1959 
1960 /********************************Unittests*************************************/
1961 
1962 #ifdef UNITTESTS
1963 
1964 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1965 {
1966  char str1[46] = "", str2[46] = "";
1967 
1968  if (ad == NULL)
1969  return FALSE;
1970 
1971  switch(ad->ip.family) {
1972  case AF_INET:
1973  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1974  SCLogDebug("%s", str1);
1975  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1976  SCLogDebug("%s", str2);
1977 
1978  if (strcmp(str1, one) != 0) {
1979  SCLogInfo("%s != %s", str1, one);
1980  return FALSE;
1981  }
1982 
1983  if (strcmp(str2, two) != 0) {
1984  SCLogInfo("%s != %s", str2, two);
1985  return FALSE;
1986  }
1987 
1988  return TRUE;
1989  break;
1990 
1991  case AF_INET6:
1992  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1993  SCLogDebug("%s", str1);
1994  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1995  SCLogDebug("%s", str2);
1996 
1997  if (strcmp(str1, one) != 0) {
1998  SCLogInfo("%s != %s", str1, one);
1999  return FALSE;
2000  }
2001 
2002  if (strcmp(str2, two) != 0) {
2003  SCLogInfo("%s != %s", str2, two);
2004  return FALSE;
2005  }
2006 
2007  return TRUE;
2008  break;
2009  }
2010 
2011  return FALSE;
2012 }
2013 
2015  const char *one;
2016  const char *two;
2018 
2019 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
2020 {
2021  int expect = nranges;
2022  int have = 0;
2023 
2024  if (gh == NULL)
2025  return FALSE;
2026 
2027  DetectAddress *ad = NULL;
2028  ad = gh->ipv4_head;
2029  if (ad == NULL)
2030  ad = gh->ipv6_head;
2031  while (have < expect) {
2032  if (ad == NULL) {
2033  printf("bad head: have %d ranges, expected %d: ", have, expect);
2034  return FALSE;
2035  }
2036 
2037  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
2038  return FALSE;
2039 
2040  ad = ad->next;
2041  have++;
2042  }
2043 
2044  return TRUE;
2045 }
2046 
2047 static int AddressTestParse01(void)
2048 {
2049  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2050 
2051  if (dd) {
2052  DetectAddressFree(dd);
2053  return 1;
2054  }
2055 
2056  return 0;
2057 }
2058 
2059 static int AddressTestParse02(void)
2060 {
2061  int result = 1;
2062  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2063 
2064  if (dd) {
2065  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
2066  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2067  result = 0;
2068  }
2069 
2070  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
2071  DetectAddressFree(dd);
2072  return result;
2073  }
2074 
2075  return 0;
2076 }
2077 
2078 static int AddressTestParse03(void)
2079 {
2080  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2081 
2082  if (dd) {
2083  DetectAddressFree(dd);
2084  return 1;
2085  }
2086 
2087  return 0;
2088 }
2089 
2090 static int AddressTestParse04(void)
2091 {
2092  int result = 1;
2093  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2094 
2095  if (dd) {
2096  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2097  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2098  result = 0;
2099  }
2100 
2101  DetectAddressFree(dd);
2102  return result;
2103  }
2104 
2105  return 0;
2106 }
2107 
2108 static int AddressTestParse05(void)
2109 {
2110  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2111 
2112  if (dd) {
2113  DetectAddressFree(dd);
2114  return 1;
2115  }
2116 
2117  return 0;
2118 }
2119 
2120 static int AddressTestParse06(void)
2121 {
2122  int result = 1;
2123  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2124 
2125  if (dd) {
2126  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2127  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2128  result = 0;
2129  }
2130 
2131  DetectAddressFree(dd);
2132  return result;
2133  }
2134 
2135  return 0;
2136 }
2137 
2138 static int AddressTestParse07(void)
2139 {
2140  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2141 
2142  if (dd) {
2143  DetectAddressFree(dd);
2144  return 1;
2145  }
2146 
2147  return 0;
2148 }
2149 
2150 static int AddressTestParse08(void)
2151 {
2152  int result = 1;
2153  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2154 
2155  if (dd) {
2156  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2157  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2158 
2159  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2160  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2161  DetectAddressPrint(dd);
2162  result = 0;
2163  }
2164 
2165  DetectAddressFree(dd);
2166  return result;
2167  }
2168 
2169  return 0;
2170 }
2171 
2172 static int AddressTestParse09(void)
2173 {
2174  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2175 
2176  if (dd) {
2177  DetectAddressFree(dd);
2178  return 1;
2179  }
2180 
2181  return 0;
2182 }
2183 
2184 static int AddressTestParse10(void)
2185 {
2186  int result = 1;
2187  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2188 
2189  if (dd) {
2190  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2191  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2192 
2193  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2194  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2195  DetectAddressPrint(dd);
2196  result = 0;
2197  }
2198 
2199  DetectAddressFree(dd);
2200  return result;
2201  }
2202 
2203  return 0;
2204 }
2205 
2206 static int AddressTestParse11(void)
2207 {
2208  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2209 
2210  if (dd) {
2211  DetectAddressFree(dd);
2212  return 1;
2213  }
2214 
2215  return 0;
2216 }
2217 
2218 static int AddressTestParse12(void)
2219 {
2220  int result = 1;
2221  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2222 
2223  if (dd) {
2224  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2225  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2226 
2227  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2228  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2229  DetectAddressPrint(dd);
2230  result = 0;
2231  }
2232 
2233  DetectAddressFree(dd);
2234  return result;
2235  }
2236 
2237  return 0;
2238 }
2239 static int AddressTestParse13(void)
2240 {
2241  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2242 
2243  if (dd) {
2244  DetectAddressFree(dd);
2245  return 1;
2246  }
2247 
2248  return 0;
2249 }
2250 
2251 static int AddressTestParse14(void)
2252 {
2253  int result = 1;
2254  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2255 
2256  if (dd) {
2257  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2258  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2259 
2260  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2261  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2262  result = 0;
2263  }
2264 
2265  DetectAddressFree(dd);
2266  return result;
2267  }
2268 
2269  return 0;
2270 }
2271 
2272 static int AddressTestParse15(void)
2273 {
2274  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2275 
2276  if (dd) {
2277  DetectAddressFree(dd);
2278  return 1;
2279  }
2280 
2281  return 0;
2282 }
2283 
2284 static int AddressTestParse16(void)
2285 {
2286  int result = 1;
2287  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2288 
2289  if (dd) {
2290  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2291  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2292 
2293  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2294  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2295  result = 0;
2296  }
2297 
2298  DetectAddressFree(dd);
2299  return result;
2300  }
2301 
2302  return 0;
2303 }
2304 
2305 static int AddressTestParse17(void)
2306 {
2307  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2308 
2309  if (dd) {
2310  DetectAddressFree(dd);
2311  return 1;
2312  }
2313 
2314  return 0;
2315 }
2316 
2317 static int AddressTestParse18(void)
2318 {
2319  int result = 1;
2320  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2321 
2322  if (dd) {
2323  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2324  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2325  result = 0;
2326  }
2327 
2328  DetectAddressFree(dd);
2329  return result;
2330  }
2331 
2332  return 0;
2333 }
2334 
2335 static int AddressTestParse19(void)
2336 {
2337  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2338 
2339  if (dd) {
2340  DetectAddressFree(dd);
2341  return 0;
2342  }
2343 
2344  return 1;
2345 }
2346 
2347 static int AddressTestParse20(void)
2348 {
2349  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2350 
2351  if (dd) {
2352  DetectAddressFree(dd);
2353  return 1;
2354  }
2355 
2356  return 0;
2357 }
2358 
2359 static int AddressTestParse21(void)
2360 {
2361  int result = 1;
2362  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2363 
2364  if (dd) {
2365  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2366  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2367 
2368  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2369  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2370  result = 0;
2371  }
2372 
2373  DetectAddressFree(dd);
2374  return result;
2375  }
2376 
2377  return 0;
2378 }
2379 
2380 static int AddressTestParse22(void)
2381 {
2382  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2383 
2384  if (dd) {
2385  DetectAddressFree(dd);
2386  return 0;
2387  }
2388 
2389  return 1;
2390 }
2391 
2392 static int AddressTestParse23(void)
2393 {
2395  FAIL_IF_NULL(gh);
2396  int r = DetectAddressParse(NULL, gh, "any");
2397  FAIL_IF_NOT(r == 0);
2399  PASS;
2400 }
2401 
2402 static int AddressTestParse24(void)
2403 {
2405  FAIL_IF_NULL(gh);
2406  int r = DetectAddressParse(NULL, gh, "Any");
2407  FAIL_IF_NOT(r == 0);
2409  PASS;
2410 }
2411 
2412 static int AddressTestParse25(void)
2413 {
2415  FAIL_IF_NULL(gh);
2416  int r = DetectAddressParse(NULL, gh, "ANY");
2417  FAIL_IF_NOT(r == 0);
2419  PASS;
2420 }
2421 
2422 static int AddressTestParse27(void)
2423 {
2424  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2425 
2426  if (dd) {
2427  DetectAddressFree(dd);
2428  return 1;
2429  }
2430 
2431  return 0;
2432 }
2433 
2434 static int AddressTestParse28(void)
2435 {
2436  int result = 0;
2437  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2438 
2439  if (dd) {
2440  if (dd->flags & ADDRESS_FLAG_NOT &&
2441  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2442  result = 1;
2443  }
2444 
2445  DetectAddressFree(dd);
2446  return result;
2447  }
2448 
2449  return 0;
2450 }
2451 
2452 static int AddressTestParse29(void)
2453 {
2454  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2455 
2456  if (dd) {
2457  DetectAddressFree(dd);
2458  return 1;
2459  }
2460 
2461  return 0;
2462 }
2463 
2464 static int AddressTestParse30(void)
2465 {
2466  int result = 0;
2467  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2468 
2469  if (dd) {
2470  if (dd->flags & ADDRESS_FLAG_NOT &&
2471  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2472  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2473  result = 1;
2474  }
2475 
2476  DetectAddressFree(dd);
2477  return result;
2478  }
2479 
2480  return 0;
2481 }
2482 
2483 /**
2484  * \test make sure !any is rejected
2485  */
2486 static int AddressTestParse31(void)
2487 {
2488  DetectAddress *dd = DetectAddressParseSingle("!any");
2489 
2490  if (dd) {
2491  DetectAddressFree(dd);
2492  return 0;
2493  }
2494 
2495  return 1;
2496 }
2497 
2498 static int AddressTestParse32(void)
2499 {
2500  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2501 
2502  if (dd) {
2503  DetectAddressFree(dd);
2504  return 1;
2505  }
2506 
2507  return 0;
2508 }
2509 
2510 static int AddressTestParse33(void)
2511 {
2512  int result = 0;
2513  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2514 
2515  if (dd) {
2516  if (dd->flags & ADDRESS_FLAG_NOT &&
2517  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2518  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2519  result = 1;
2520  }
2521 
2522  DetectAddressFree(dd);
2523  return result;
2524  }
2525 
2526  return 0;
2527 }
2528 
2529 static int AddressTestParse34(void)
2530 {
2531  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2532 
2533  if (dd) {
2534  DetectAddressFree(dd);
2535  return 1;
2536  }
2537 
2538  return 0;
2539 }
2540 
2541 static int AddressTestParse35(void)
2542 {
2543  int result = 0;
2544  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2545 
2546  if (dd) {
2547  if (dd->flags & ADDRESS_FLAG_NOT &&
2548  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2549  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2550 
2551  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2552  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2553  result = 1;
2554  }
2555 
2556  DetectAddressFree(dd);
2557  return result;
2558  }
2559 
2560  return 0;
2561 }
2562 
2563 static int AddressTestParse36(void)
2564 {
2565  int result = 1;
2566  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2567 
2568  if (dd) {
2569  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2570  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2571 
2572  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2573  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2574 
2575  DetectAddressPrint(dd);
2576  result = 0;
2577  }
2578  DetectAddressPrint(dd);
2579 
2580  DetectAddressFree(dd);
2581  return result;
2582  }
2583 
2584  return 0;
2585 }
2586 
2587 static int AddressTestParse37(void)
2588 {
2589  int result = 1;
2590  DetectAddress *dd = DetectAddressParseSingle("::/0");
2591 
2592  if (dd) {
2593  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2594  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2595 
2596  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2597  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2598  DetectAddressPrint(dd);
2599  result = 0;
2600  }
2601  DetectAddressPrint(dd);
2602 
2603  DetectAddressFree(dd);
2604  return result;
2605  }
2606 
2607  return 0;
2608 }
2609 
2610 static int AddressTestMatch01(void)
2611 {
2612  DetectAddress *dd = NULL;
2613  int result = 1;
2614  struct in_addr in;
2615  Address a;
2616 
2617  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2618  return 0;
2619  memset(&a, 0, sizeof(Address));
2620  a.family = AF_INET;
2621  a.addr_data32[0] = in.s_addr;
2622 
2623  dd = DetectAddressParseSingle("1.2.3.4/24");
2624  if (dd) {
2625  if (DetectAddressMatch(dd, &a) == 0)
2626  result = 0;
2627 
2628  DetectAddressFree(dd);
2629  return result;
2630  }
2631 
2632  return 0;
2633 }
2634 
2635 static int AddressTestMatch02(void)
2636 {
2637  DetectAddress *dd = NULL;
2638  int result = 1;
2639  struct in_addr in;
2640  Address a;
2641 
2642  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2643  return 0;
2644  memset(&a, 0, sizeof(Address));
2645  a.family = AF_INET;
2646  a.addr_data32[0] = in.s_addr;
2647 
2648  dd = DetectAddressParseSingle("1.2.3.4/25");
2649  if (dd) {
2650  if (DetectAddressMatch(dd, &a) == 0)
2651  result = 0;
2652 
2653  DetectAddressFree(dd);
2654  return result;
2655  }
2656 
2657  return 0;
2658 }
2659 
2660 static int AddressTestMatch03(void)
2661 {
2662  DetectAddress *dd = NULL;
2663  int result = 1;
2664  struct in_addr in;
2665  Address a;
2666 
2667  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2668  return 0;
2669  memset(&a, 0, sizeof(Address));
2670  a.family = AF_INET;
2671  a.addr_data32[0] = in.s_addr;
2672 
2673  dd = DetectAddressParseSingle("1.2.3.4/25");
2674  if (dd) {
2675  if (DetectAddressMatch(dd, &a) == 1)
2676  result = 0;
2677 
2678  DetectAddressFree(dd);
2679  return result;
2680  }
2681 
2682  return 0;
2683 }
2684 
2685 static int AddressTestMatch04(void)
2686 {
2687  DetectAddress *dd = NULL;
2688  int result = 1;
2689  struct in_addr in;
2690  Address a;
2691 
2692  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2693  return 0;
2694  memset(&a, 0, sizeof(Address));
2695  a.family = AF_INET;
2696  a.addr_data32[0] = in.s_addr;
2697 
2698  dd = DetectAddressParseSingle("1.2.3.4/25");
2699  if (dd) {
2700  if (DetectAddressMatch(dd, &a) == 1)
2701  result = 0;
2702 
2703  DetectAddressFree(dd);
2704  return result;
2705  }
2706 
2707  return 0;
2708 }
2709 
2710 static int AddressTestMatch05(void)
2711 {
2712  DetectAddress *dd = NULL;
2713  int result = 1;
2714  struct in_addr in;
2715  Address a;
2716 
2717  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2718  return 0;
2719  memset(&a, 0, sizeof(Address));
2720  a.family = AF_INET;
2721  a.addr_data32[0] = in.s_addr;
2722 
2723  dd = DetectAddressParseSingle("1.2.3.4/32");
2724  if (dd) {
2725  if (DetectAddressMatch(dd, &a) == 0)
2726  result = 0;
2727 
2728  DetectAddressFree(dd);
2729  return result;
2730  }
2731 
2732  return 0;
2733 }
2734 
2735 static int AddressTestMatch06(void)
2736 {
2737  DetectAddress *dd = NULL;
2738  int result = 1;
2739  struct in_addr in;
2740  Address a;
2741 
2742  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2743  return 0;
2744  memset(&a, 0, sizeof(Address));
2745  a.family = AF_INET;
2746  a.addr_data32[0] = in.s_addr;
2747 
2748  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2749  if (dd) {
2750  if (DetectAddressMatch(dd, &a) == 0)
2751  result = 0;
2752 
2753  DetectAddressFree(dd);
2754  return result;
2755  }
2756 
2757  return 0;
2758 }
2759 
2760 static int AddressTestMatch07(void)
2761 {
2762  DetectAddress *dd = NULL;
2763  int result = 1;
2764  struct in6_addr in6;
2765  Address a;
2766 
2767  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2768  return 0;
2769  memset(&a, 0, sizeof(Address));
2770  a.family = AF_INET6;
2771  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2772 
2773  dd = DetectAddressParseSingle("2001::/3");
2774  if (dd) {
2775  if (DetectAddressMatch(dd, &a) == 0)
2776  result = 0;
2777 
2778  DetectAddressFree(dd);
2779  return result;
2780  }
2781 
2782  return 0;
2783 }
2784 
2785 static int AddressTestMatch08(void)
2786 {
2787  DetectAddress *dd = NULL;
2788  int result = 1;
2789  struct in6_addr in6;
2790  Address a;
2791 
2792  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2793  return 0;
2794  memset(&a, 0, sizeof(Address));
2795  a.family = AF_INET6;
2796  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2797 
2798  dd = DetectAddressParseSingle("2001::/3");
2799  if (dd) {
2800  if (DetectAddressMatch(dd, &a) == 1)
2801  result = 0;
2802 
2803  DetectAddressFree(dd);
2804  return result;
2805  }
2806 
2807  return 0;
2808 }
2809 
2810 static int AddressTestMatch09(void)
2811 {
2812  DetectAddress *dd = NULL;
2813  int result = 1;
2814  struct in6_addr in6;
2815  Address a;
2816 
2817  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2818  return 0;
2819  memset(&a, 0, sizeof(Address));
2820  a.family = AF_INET6;
2821  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2822 
2823  dd = DetectAddressParseSingle("2001::1/128");
2824  if (dd) {
2825  if (DetectAddressMatch(dd, &a) == 1)
2826  result = 0;
2827 
2828  DetectAddressFree(dd);
2829  return result;
2830  }
2831 
2832  return 0;
2833 }
2834 
2835 static int AddressTestMatch10(void)
2836 {
2837  DetectAddress *dd = NULL;
2838  int result = 1;
2839  struct in6_addr in6;
2840  Address a;
2841 
2842  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2843  return 0;
2844  memset(&a, 0, sizeof(Address));
2845  a.family = AF_INET6;
2846  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2847 
2848  dd = DetectAddressParseSingle("2001::1/126");
2849  if (dd) {
2850  if (DetectAddressMatch(dd, &a) == 0)
2851  result = 0;
2852 
2853  DetectAddressFree(dd);
2854  return result;
2855  }
2856 
2857  return 0;
2858 }
2859 
2860 static int AddressTestMatch11(void)
2861 {
2862  DetectAddress *dd = NULL;
2863  int result = 1;
2864  struct in6_addr in6;
2865  Address a;
2866 
2867  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2868  return 0;
2869  memset(&a, 0, sizeof(Address));
2870  a.family = AF_INET6;
2871  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2872 
2873  dd = DetectAddressParseSingle("2001::1/127");
2874  if (dd) {
2875  if (DetectAddressMatch(dd, &a) == 1)
2876  result = 0;
2877 
2878  DetectAddressFree(dd);
2879  return result;
2880  }
2881 
2882  return 0;
2883 }
2884 
2885 static int AddressTestCmp01(void)
2886 {
2887  DetectAddress *da = NULL, *db = NULL;
2888  int result = 1;
2889 
2890  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2891  if (da == NULL) goto error;
2892  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2893  if (db == NULL) goto error;
2894 
2895  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2896  result = 0;
2897 
2898  DetectAddressFree(da);
2899  DetectAddressFree(db);
2900  return result;
2901 
2902 error:
2903  if (da) DetectAddressFree(da);
2904  if (db) DetectAddressFree(db);
2905  return 0;
2906 }
2907 
2908 static int AddressTestCmp02(void)
2909 {
2910  DetectAddress *da = NULL, *db = NULL;
2911  int result = 1;
2912 
2913  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2914  if (da == NULL) goto error;
2915  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2916  if (db == NULL) goto error;
2917 
2918  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2919  result = 0;
2920 
2921  DetectAddressFree(da);
2922  DetectAddressFree(db);
2923  return result;
2924 
2925 error:
2926  if (da) DetectAddressFree(da);
2927  if (db) DetectAddressFree(db);
2928  return 0;
2929 }
2930 
2931 static int AddressTestCmp03(void)
2932 {
2933  DetectAddress *da = NULL, *db = NULL;
2934  int result = 1;
2935 
2936  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2937  if (da == NULL) goto error;
2938  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2939  if (db == NULL) goto error;
2940 
2941  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2942  result = 0;
2943 
2944  DetectAddressFree(da);
2945  DetectAddressFree(db);
2946  return result;
2947 
2948 error:
2949  if (da) DetectAddressFree(da);
2950  if (db) DetectAddressFree(db);
2951  return 0;
2952 }
2953 
2954 static int AddressTestCmp04(void)
2955 {
2956  DetectAddress *da = NULL, *db = NULL;
2957  int result = 1;
2958 
2959  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2960  if (da == NULL) goto error;
2961  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2962  if (db == NULL) goto error;
2963 
2964  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2965  result = 0;
2966 
2967  DetectAddressFree(da);
2968  DetectAddressFree(db);
2969  return result;
2970 
2971 error:
2972  if (da) DetectAddressFree(da);
2973  if (db) DetectAddressFree(db);
2974  return 0;
2975 }
2976 
2977 static int AddressTestCmp05(void)
2978 {
2979  DetectAddress *da = NULL, *db = NULL;
2980  int result = 1;
2981 
2982  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2983  if (da == NULL) goto error;
2984  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2985  if (db == NULL) goto error;
2986 
2987  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2988  result = 0;
2989 
2990  DetectAddressFree(da);
2991  DetectAddressFree(db);
2992  return result;
2993 
2994 error:
2995  if (da) DetectAddressFree(da);
2996  if (db) DetectAddressFree(db);
2997  return 0;
2998 }
2999 
3000 static int AddressTestCmp06(void)
3001 {
3002  DetectAddress *da = NULL, *db = NULL;
3003  int result = 1;
3004 
3005  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
3006  if (da == NULL) goto error;
3007  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
3008  if (db == NULL) goto error;
3009 
3010  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3011  result = 0;
3012 
3013  DetectAddressFree(da);
3014  DetectAddressFree(db);
3015  return result;
3016 
3017 error:
3018  if (da) DetectAddressFree(da);
3019  if (db) DetectAddressFree(db);
3020  return 0;
3021 }
3022 
3023 static int AddressTestCmpIPv407(void)
3024 {
3025  DetectAddress *da = NULL, *db = NULL;
3026  int result = 1;
3027 
3028  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3029  if (da == NULL) goto error;
3030  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3031  if (db == NULL) goto error;
3032 
3033  if (DetectAddressCmp(da, db) != ADDRESS_LE)
3034  result = 0;
3035 
3036  DetectAddressFree(da);
3037  DetectAddressFree(db);
3038  return result;
3039 
3040 error:
3041  if (da) DetectAddressFree(da);
3042  if (db) DetectAddressFree(db);
3043  return 0;
3044 }
3045 
3046 static int AddressTestCmpIPv408(void)
3047 {
3048  DetectAddress *da = NULL, *db = NULL;
3049  int result = 1;
3050 
3051  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3052  if (da == NULL) goto error;
3053  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3054  if (db == NULL) goto error;
3055 
3056  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3057  result = 0;
3058 
3059  DetectAddressFree(da);
3060  DetectAddressFree(db);
3061  return result;
3062 
3063 error:
3064  if (da) DetectAddressFree(da);
3065  if (db) DetectAddressFree(db);
3066  return 0;
3067 }
3068 
3069 static int AddressTestCmp07(void)
3070 {
3071  DetectAddress *da = NULL, *db = NULL;
3072  int result = 1;
3073 
3074  da = DetectAddressParseSingle("2001::/3");
3075  if (da == NULL) goto error;
3076  db = DetectAddressParseSingle("2001::1/3");
3077  if (db == NULL) goto error;
3078 
3079  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3080  result = 0;
3081 
3082  DetectAddressFree(da);
3083  DetectAddressFree(db);
3084  return result;
3085 
3086 error:
3087  if (da) DetectAddressFree(da);
3088  if (db) DetectAddressFree(db);
3089  return 0;
3090 }
3091 
3092 static int AddressTestCmp08(void)
3093 {
3094  DetectAddress *da = NULL, *db = NULL;
3095  int result = 1;
3096 
3097  da = DetectAddressParseSingle("2001::/3");
3098  if (da == NULL) goto error;
3099  db = DetectAddressParseSingle("2001::/8");
3100  if (db == NULL) goto error;
3101 
3102  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3103  result = 0;
3104 
3105  DetectAddressFree(da);
3106  DetectAddressFree(db);
3107  return result;
3108 
3109 error:
3110  if (da) DetectAddressFree(da);
3111  if (db) DetectAddressFree(db);
3112  return 0;
3113 }
3114 
3115 static int AddressTestCmp09(void)
3116 {
3117  DetectAddress *da = NULL, *db = NULL;
3118  int result = 1;
3119 
3120  da = DetectAddressParseSingle("2001::/8");
3121  if (da == NULL) goto error;
3122  db = DetectAddressParseSingle("2001::/3");
3123  if (db == NULL) goto error;
3124 
3125  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3126  result = 0;
3127 
3128  DetectAddressFree(da);
3129  DetectAddressFree(db);
3130  return result;
3131 
3132 error:
3133  if (da) DetectAddressFree(da);
3134  if (db) DetectAddressFree(db);
3135  return 0;
3136 }
3137 
3138 static int AddressTestCmp10(void)
3139 {
3140  DetectAddress *da = NULL, *db = NULL;
3141  int result = 1;
3142 
3143  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3144  if (da == NULL) goto error;
3145  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3146  if (db == NULL) goto error;
3147 
3148  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3149  result = 0;
3150 
3151  DetectAddressFree(da);
3152  DetectAddressFree(db);
3153  return result;
3154 
3155 error:
3156  if (da) DetectAddressFree(da);
3157  if (db) DetectAddressFree(db);
3158  return 0;
3159 }
3160 
3161 static int AddressTestCmp11(void)
3162 {
3163  DetectAddress *da = NULL, *db = NULL;
3164  int result = 1;
3165 
3166  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3167  if (da == NULL) goto error;
3168  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3169  if (db == NULL) goto error;
3170 
3171  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3172  result = 0;
3173 
3174  DetectAddressFree(da);
3175  DetectAddressFree(db);
3176  return result;
3177 
3178 error:
3179  if (da) DetectAddressFree(da);
3180  if (db) DetectAddressFree(db);
3181  return 0;
3182 }
3183 
3184 static int AddressTestCmp12(void)
3185 {
3186  DetectAddress *da = NULL, *db = NULL;
3187  int result = 1;
3188 
3189  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3190  if (da == NULL) goto error;
3191  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3192  if (db == NULL) goto error;
3193 
3194  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3195  result = 0;
3196 
3197  DetectAddressFree(da);
3198  DetectAddressFree(db);
3199  return result;
3200 
3201 error:
3202  if (da) DetectAddressFree(da);
3203  if (db) DetectAddressFree(db);
3204  return 0;
3205 }
3206 
3207 static int AddressTestAddressGroupSetup01(void)
3208 {
3209  int result = 0;
3211 
3212  if (gh != NULL) {
3213  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3214  if (r == 0)
3215  result = 1;
3216 
3218  }
3219  return result;
3220 }
3221 
3222 static int AddressTestAddressGroupSetup02(void)
3223 {
3224  int result = 0;
3226 
3227  if (gh != NULL) {
3228  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3229  if (r == 0 && gh->ipv4_head != NULL)
3230  result = 1;
3231 
3233  }
3234  return result;
3235 }
3236 
3237 static int AddressTestAddressGroupSetup03(void)
3238 {
3239  int result = 0;
3241 
3242  if (gh != NULL) {
3243  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3244  if (r == 0 && gh->ipv4_head != NULL) {
3245  DetectAddress *prev_head = gh->ipv4_head;
3246 
3247  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3248  if (r == 0 && gh->ipv4_head != prev_head &&
3249  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3250  result = 1;
3251  }
3252  }
3253 
3255  }
3256  return result;
3257 }
3258 
3259 static int AddressTestAddressGroupSetup04(void)
3260 {
3261  int result = 0;
3263 
3264  if (gh != NULL) {
3265  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3266  if (r == 0 && gh->ipv4_head != NULL) {
3267  DetectAddress *prev_head = gh->ipv4_head;
3268 
3269  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3270  if (r == 0 && gh->ipv4_head != prev_head &&
3271  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3272  DetectAddress *ph = gh->ipv4_head;
3273 
3274  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3275  if (r == 0 && gh->ipv4_head != ph &&
3276  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3277  result = 1;
3278  }
3279  }
3280  }
3281 
3283  }
3284  return result;
3285 }
3286 
3287 static int AddressTestAddressGroupSetup05(void)
3288 {
3289  int result = 0;
3291 
3292  if (gh != NULL) {
3293  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3294  if (r == 0 && gh->ipv4_head != NULL) {
3295  DetectAddress *prev_head = gh->ipv4_head;
3296 
3297  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3298  if (r == 0 && gh->ipv4_head == prev_head &&
3299  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3300  DetectAddress *ph = gh->ipv4_head;
3301 
3302  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3303  if (r == 0 && gh->ipv4_head == ph &&
3304  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3305  result = 1;
3306  }
3307  }
3308  }
3309 
3311  }
3312  return result;
3313 }
3314 
3315 static int AddressTestAddressGroupSetup06(void)
3316 {
3317  int result = 0;
3319 
3320  if (gh != NULL) {
3321  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3322  if (r == 0 && gh->ipv4_head != NULL) {
3323  DetectAddress *prev_head = gh->ipv4_head;
3324 
3325  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3326  if (r == 0 && gh->ipv4_head == prev_head &&
3327  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3328  result = 1;
3329  }
3330  }
3331 
3333  }
3334  return result;
3335 }
3336 
3337 static int AddressTestAddressGroupSetup07(void)
3338 {
3339  int result = 0;
3341 
3342  if (gh != NULL) {
3343  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3344  if (r == 0 && gh->ipv4_head != NULL) {
3345  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3346  if (r == 0 && gh->ipv4_head != NULL &&
3347  gh->ipv4_head->next != NULL &&
3348  gh->ipv4_head->next->next != NULL) {
3349  result = 1;
3350  }
3351  }
3352 
3354  }
3355  return result;
3356 }
3357 
3358 static int AddressTestAddressGroupSetup08(void)
3359 {
3360  int result = 0;
3362 
3363  if (gh != NULL) {
3364  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3365  if (r == 0 && gh->ipv4_head != NULL) {
3366  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3367  if (r == 0 && gh->ipv4_head != NULL &&
3368  gh->ipv4_head->next != NULL &&
3369  gh->ipv4_head->next->next != NULL) {
3370  result = 1;
3371  }
3372  }
3373 
3375  }
3376  return result;
3377 }
3378 
3379 static int AddressTestAddressGroupSetup09(void)
3380 {
3381  int result = 0;
3383 
3384  if (gh != NULL) {
3385  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3386  if (r == 0 && gh->ipv4_head != NULL) {
3387  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3388  if (r == 0 && gh->ipv4_head != NULL &&
3389  gh->ipv4_head->next != NULL &&
3390  gh->ipv4_head->next->next != NULL) {
3391  result = 1;
3392  }
3393  }
3394 
3396  }
3397  return result;
3398 }
3399 
3400 static int AddressTestAddressGroupSetup10(void)
3401 {
3402  int result = 0;
3404 
3405  if (gh != NULL) {
3406  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3407  if (r == 0 && gh->ipv4_head != NULL) {
3408  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3409  if (r == 0 && gh->ipv4_head != NULL &&
3410  gh->ipv4_head->next != NULL &&
3411  gh->ipv4_head->next->next != NULL) {
3412  result = 1;
3413  }
3414  }
3415 
3417  }
3418  return result;
3419 }
3420 
3421 static int AddressTestAddressGroupSetup11(void)
3422 {
3423  int result = 0;
3425 
3426  if (gh != NULL) {
3427  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3428  if (r == 0) {
3429  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3430  if (r == 0) {
3431  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3432  if (r == 0) {
3433  DetectAddress *one = gh->ipv4_head, *two = one->next,
3434  *three = two->next, *four = three->next,
3435  *five = four->next;
3436 
3437  /* result should be:
3438  * 0.0.0.0/10.10.9.255
3439  * 10.10.10.0/10.10.10.9
3440  * 10.10.10.10/10.10.10.255
3441  * 10.10.11.0/10.10.11.1
3442  * 10.10.11.2/255.255.255.255
3443  */
3444  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3445  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3446  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3447  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3448  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3449  result = 1;
3450  }
3451  }
3452  }
3453  }
3454 
3456  }
3457  return result;
3458 }
3459 
3460 static int AddressTestAddressGroupSetup12 (void)
3461 {
3462  int result = 0;
3464 
3465  if (gh != NULL) {
3466  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3467  if (r == 0) {
3468  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3469  if (r == 0) {
3470  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3471  if (r == 0) {
3472  DetectAddress *one = gh->ipv4_head, *two = one->next,
3473  *three = two->next, *four = three->next,
3474  *five = four->next;
3475 
3476  /* result should be:
3477  * 0.0.0.0/10.10.9.255
3478  * 10.10.10.0/10.10.10.9
3479  * 10.10.10.10/10.10.10.255
3480  * 10.10.11.0/10.10.11.1
3481  * 10.10.11.2/255.255.255.255
3482  */
3483  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3484  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3485  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3486  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3487  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3488  result = 1;
3489  }
3490  }
3491  }
3492  }
3493 
3495  }
3496  return result;
3497 }
3498 
3499 static int AddressTestAddressGroupSetup13(void)
3500 {
3501  int result = 0;
3503 
3504  if (gh != NULL) {
3505  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3506  if (r == 0) {
3507  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3508  if (r == 0) {
3509  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3510  if (r == 0) {
3511  DetectAddress *one = gh->ipv4_head, *two = one->next,
3512  *three = two->next, *four = three->next,
3513  *five = four->next;
3514 
3515  /* result should be:
3516  * 0.0.0.0/10.10.9.255
3517  * 10.10.10.0/10.10.10.9
3518  * 10.10.10.10/10.10.10.255
3519  * 10.10.11.0/10.10.11.1
3520  * 10.10.11.2/255.255.255.255
3521  */
3522  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3523  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3524  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3525  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3526  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3527  result = 1;
3528  }
3529  }
3530  }
3531  }
3532 
3534  }
3535  return result;
3536 }
3537 
3538 static int AddressTestAddressGroupSetupIPv414(void)
3539 {
3540  int result = 0;
3542 
3543  if (gh != NULL) {
3544  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3545  if (r == 0) {
3546  DetectAddress *one = gh->ipv4_head;
3547  DetectAddress *two = one ? one->next : NULL;
3548 
3549  if (one && two) {
3550  /* result should be:
3551  * 0.0.0.0/1.2.3.3
3552  * 1.2.3.5/255.255.255.255
3553  */
3554  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(16909059) &&
3555  two->ip.addr_data32[0] == SCNtohl(16909061) && two->ip2.addr_data32[0] == 0xFFFFFFFF) {
3556  result = 1;
3557  } else {
3558  printf("unexpected addresses: ");
3559  }
3560  } else {
3561  printf("one %p two %p: ", one, two);
3562  }
3563  } else {
3564  printf("DetectAddressParse returned %d, expected 0: ", r);
3565  }
3566 
3568  }
3569  return result;
3570 }
3571 
3572 static int AddressTestAddressGroupSetupIPv415(void)
3573 {
3574  int result = 0;
3576 
3577  if (gh != NULL) {
3578  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3579  if (r == 0) {
3580  DetectAddress *one = gh->ipv4_head;
3581 
3582  if (one && one->next == NULL) {
3583  /* result should be:
3584  * 0.0.0.1/255.255.255.255
3585  */
3586  if (one->ip.addr_data32[0] == SCNtohl(1) && one->ip2.addr_data32[0] == 0xFFFFFFFF)
3587  result = 1;
3588  }
3589  }
3590 
3592  }
3593  return result;
3594 }
3595 
3596 static int AddressTestAddressGroupSetupIPv416(void)
3597 {
3598  int result = 0;
3600 
3601  if (gh != NULL) {
3602  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3603  if (r == 0) {
3604  DetectAddress *one = gh->ipv4_head;
3605 
3606  if (one && one->next == NULL) {
3607  /* result should be:
3608  * 0.0.0.0/255.255.255.254
3609  */
3610  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(4294967294))
3611  result = 1;
3612  }
3613  }
3614 
3616  }
3617  return result;
3618 }
3619 
3620 static int AddressTestAddressGroupSetup14(void)
3621 {
3622  int result = 0;
3624 
3625  if (gh != NULL) {
3626  int r = DetectAddressParse(NULL, gh, "2001::1");
3627  if (r == 0)
3628  result = 1;
3629 
3631  }
3632  return result;
3633 }
3634 
3635 static int AddressTestAddressGroupSetup15(void)
3636 {
3637  int result = 0;
3639 
3640  if (gh != NULL) {
3641  int r = DetectAddressParse(NULL, gh, "2001::1");
3642  if (r == 0 && gh->ipv6_head != NULL)
3643  result = 1;
3644 
3646  }
3647  return result;
3648 }
3649 
3650 static int AddressTestAddressGroupSetup16(void)
3651 {
3652  int result = 0;
3654 
3655  if (gh != NULL) {
3656  int r = DetectAddressParse(NULL, gh, "2001::4");
3657  if (r == 0 && gh->ipv6_head != NULL) {
3658  DetectAddress *prev_head = gh->ipv6_head;
3659 
3660  r = DetectAddressParse(NULL, gh, "2001::3");
3661  if (r == 0 && gh->ipv6_head != prev_head &&
3662  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3663  result = 1;
3664  }
3665  }
3666 
3668  }
3669  return result;
3670 }
3671 
3672 static int AddressTestAddressGroupSetup17(void)
3673 {
3674  int result = 0;
3676 
3677  if (gh != NULL) {
3678  int r = DetectAddressParse(NULL, gh, "2001::4");
3679  if (r == 0 && gh->ipv6_head != NULL) {
3680  DetectAddress *prev_head = gh->ipv6_head;
3681 
3682  r = DetectAddressParse(NULL, gh, "2001::3");
3683  if (r == 0 && gh->ipv6_head != prev_head &&
3684  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3685  DetectAddress *ph = gh->ipv6_head;
3686 
3687  r = DetectAddressParse(NULL, gh, "2001::2");
3688  if (r == 0 && gh->ipv6_head != ph &&
3689  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3690  result = 1;
3691  }
3692  }
3693  }
3694 
3696  }
3697  return result;
3698 }
3699 
3700 static int AddressTestAddressGroupSetup18(void)
3701 {
3702  int result = 0;
3704 
3705  if (gh != NULL) {
3706  int r = DetectAddressParse(NULL, gh, "2001::2");
3707  if (r == 0 && gh->ipv6_head != NULL) {
3708  DetectAddress *prev_head = gh->ipv6_head;
3709 
3710  r = DetectAddressParse(NULL, gh, "2001::3");
3711  if (r == 0 && gh->ipv6_head == prev_head &&
3712  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3713  DetectAddress *ph = gh->ipv6_head;
3714 
3715  r = DetectAddressParse(NULL, gh, "2001::4");
3716  if (r == 0 && gh->ipv6_head == ph &&
3717  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3718  result = 1;
3719  }
3720  }
3721  }
3722 
3724  }
3725  return result;
3726 }
3727 
3728 static int AddressTestAddressGroupSetup19(void)
3729 {
3730  int result = 0;
3732 
3733  if (gh != NULL) {
3734  int r = DetectAddressParse(NULL, gh, "2001::2");
3735  if (r == 0 && gh->ipv6_head != NULL) {
3736  DetectAddress *prev_head = gh->ipv6_head;
3737 
3738  r = DetectAddressParse(NULL, gh, "2001::2");
3739  if (r == 0 && gh->ipv6_head == prev_head &&
3740  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3741  result = 1;
3742  }
3743  }
3744 
3746  }
3747  return result;
3748 }
3749 
3750 static int AddressTestAddressGroupSetup20(void)
3751 {
3752  int result = 0;
3754 
3755  if (gh != NULL) {
3756  int r = DetectAddressParse(NULL, gh, "2000::/3");
3757  if (r == 0 && gh->ipv6_head != NULL) {
3758  r = DetectAddressParse(NULL, gh, "2001::4");
3759  if (r == 0 && gh->ipv6_head != NULL &&
3760  gh->ipv6_head->next != NULL &&
3761  gh->ipv6_head->next->next != NULL) {
3762  result = 1;
3763  }
3764  }
3765 
3767  }
3768  return result;
3769 }
3770 
3771 static int AddressTestAddressGroupSetup21(void)
3772 {
3773  int result = 0;
3775 
3776  if (gh != NULL) {
3777  int r = DetectAddressParse(NULL, gh, "2001::4");
3778  if (r == 0 && gh->ipv6_head != NULL) {
3779  r = DetectAddressParse(NULL, gh, "2000::/3");
3780  if (r == 0 && gh->ipv6_head != NULL &&
3781  gh->ipv6_head->next != NULL &&
3782  gh->ipv6_head->next->next != NULL) {
3783  result = 1;
3784  }
3785  }
3786 
3788  }
3789  return result;
3790 }
3791 
3792 static int AddressTestAddressGroupSetup22(void)
3793 {
3794  int result = 0;
3796 
3797  if (gh != NULL) {
3798  int r = DetectAddressParse(NULL, gh, "2000::/3");
3799  if (r == 0 && gh->ipv6_head != NULL) {
3800  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3801  if (r == 0 && gh->ipv6_head != NULL &&
3802  gh->ipv6_head->next != NULL &&
3803  gh->ipv6_head->next->next != NULL) {
3804  result = 1;
3805  }
3806  }
3807 
3809  }
3810  return result;
3811 }
3812 
3813 static int AddressTestAddressGroupSetup23(void)
3814 {
3815  int result = 0;
3817 
3818  if (gh != NULL) {
3819  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3820  if (r == 0 && gh->ipv6_head != NULL) {
3821  r = DetectAddressParse(NULL, gh, "2000::/3");
3822  if (r == 0 && gh->ipv6_head != NULL &&
3823  gh->ipv6_head->next != NULL &&
3824  gh->ipv6_head->next->next != NULL) {
3825  result = 1;
3826  }
3827  }
3828 
3830  }
3831  return result;
3832 }
3833 
3834 static int AddressTestAddressGroupSetup24(void)
3835 {
3836  int result = 0;
3838 
3839  if (gh != NULL) {
3840  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3841  if (r == 0) {
3842  r = DetectAddressParse(NULL, gh, "2001::/3");
3843  if (r == 0) {
3844  r = DetectAddressParse(NULL, gh, "::/0");
3845  if (r == 0) {
3846  DetectAddress *one = gh->ipv6_head, *two = one->next,
3847  *three = two->next, *four = three->next,
3848  *five = four->next;
3849  if (one->ip.addr_data32[0] == 0x00000000 &&
3850  one->ip.addr_data32[1] == 0x00000000 &&
3851  one->ip.addr_data32[2] == 0x00000000 &&
3852  one->ip.addr_data32[3] == 0x00000000 &&
3853  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3854  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3855  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3856  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3857 
3858  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3859  two->ip.addr_data32[1] == 0x00000000 &&
3860  two->ip.addr_data32[2] == 0x00000000 &&
3861  two->ip.addr_data32[3] == 0x00000000 &&
3862  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3863  two->ip2.addr_data32[1] == 0x00000000 &&
3864  two->ip2.addr_data32[2] == 0x00000000 &&
3865  two->ip2.addr_data32[3] == SCNtohl(3) &&
3866 
3867  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3868  three->ip.addr_data32[1] == 0x00000000 &&
3869  three->ip.addr_data32[2] == 0x00000000 &&
3870  three->ip.addr_data32[3] == SCNtohl(4) &&
3871  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3872  three->ip2.addr_data32[1] == 0x00000000 &&
3873  three->ip2.addr_data32[2] == 0x00000000 &&
3874  three->ip2.addr_data32[3] == SCNtohl(6) &&
3875 
3876  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3877  four->ip.addr_data32[1] == 0x00000000 &&
3878  four->ip.addr_data32[2] == 0x00000000 &&
3879  four->ip.addr_data32[3] == SCNtohl(7) &&
3880  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3881  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3882  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3883  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3884 
3885  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3886  five->ip.addr_data32[1] == 0x00000000 &&
3887  five->ip.addr_data32[2] == 0x00000000 &&
3888  five->ip.addr_data32[3] == 0x00000000 &&
3889  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3890  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3891  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3892  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3893  result = 1;
3894  }
3895  }
3896  }
3897  }
3898 
3900  }
3901  return result;
3902 }
3903 
3904 static int AddressTestAddressGroupSetup25(void)
3905 {
3906  int result = 0;
3908 
3909  if (gh != NULL) {
3910  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3911  if (r == 0) {
3912  r = DetectAddressParse(NULL, gh, "::/0");
3913  if (r == 0) {
3914  r = DetectAddressParse(NULL, gh, "2001::/3");
3915  if (r == 0) {
3916  DetectAddress *one = gh->ipv6_head, *two = one->next,
3917  *three = two->next, *four = three->next,
3918  *five = four->next;
3919  if (one->ip.addr_data32[0] == 0x00000000 &&
3920  one->ip.addr_data32[1] == 0x00000000 &&
3921  one->ip.addr_data32[2] == 0x00000000 &&
3922  one->ip.addr_data32[3] == 0x00000000 &&
3923  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3924  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3925  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3926  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3927 
3928  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3929  two->ip.addr_data32[1] == 0x00000000 &&
3930  two->ip.addr_data32[2] == 0x00000000 &&
3931  two->ip.addr_data32[3] == 0x00000000 &&
3932  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3933  two->ip2.addr_data32[1] == 0x00000000 &&
3934  two->ip2.addr_data32[2] == 0x00000000 &&
3935  two->ip2.addr_data32[3] == SCNtohl(3) &&
3936 
3937  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3938  three->ip.addr_data32[1] == 0x00000000 &&
3939  three->ip.addr_data32[2] == 0x00000000 &&
3940  three->ip.addr_data32[3] == SCNtohl(4) &&
3941  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3942  three->ip2.addr_data32[1] == 0x00000000 &&
3943  three->ip2.addr_data32[2] == 0x00000000 &&
3944  three->ip2.addr_data32[3] == SCNtohl(6) &&
3945 
3946  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3947  four->ip.addr_data32[1] == 0x00000000 &&
3948  four->ip.addr_data32[2] == 0x00000000 &&
3949  four->ip.addr_data32[3] == SCNtohl(7) &&
3950  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3951  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3952  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3953  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3954 
3955  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3956  five->ip.addr_data32[1] == 0x00000000 &&
3957  five->ip.addr_data32[2] == 0x00000000 &&
3958  five->ip.addr_data32[3] == 0x00000000 &&
3959  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3960  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3961  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3962  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3963  result = 1;
3964  }
3965  }
3966  }
3967  }
3968 
3970  }
3971  return result;
3972 }
3973 
3974 static int AddressTestAddressGroupSetup26(void)
3975 {
3976  int result = 0;
3978 
3979  if (gh != NULL) {
3980  int r = DetectAddressParse(NULL, gh, "::/0");
3981  if (r == 0) {
3982  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3983  if (r == 0) {
3984  r = DetectAddressParse(NULL, gh, "2001::/3");
3985  if (r == 0) {
3986  DetectAddress *one = gh->ipv6_head, *two = one->next,
3987  *three = two->next, *four = three->next,
3988  *five = four->next;
3989  if (one->ip.addr_data32[0] == 0x00000000 &&
3990  one->ip.addr_data32[1] == 0x00000000 &&
3991  one->ip.addr_data32[2] == 0x00000000 &&
3992  one->ip.addr_data32[3] == 0x00000000 &&
3993  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3994  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3995  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3996  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3997 
3998  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3999  two->ip.addr_data32[1] == 0x00000000 &&
4000  two->ip.addr_data32[2] == 0x00000000 &&
4001  two->ip.addr_data32[3] == 0x00000000 &&
4002  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
4003  two->ip2.addr_data32[1] == 0x00000000 &&
4004  two->ip2.addr_data32[2] == 0x00000000 &&
4005  two->ip2.addr_data32[3] == SCNtohl(3) &&
4006 
4007  three->ip.addr_data32[0] == SCNtohl(536936448) &&
4008  three->ip.addr_data32[1] == 0x00000000 &&
4009  three->ip.addr_data32[2] == 0x00000000 &&
4010  three->ip.addr_data32[3] == SCNtohl(4) &&
4011  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
4012  three->ip2.addr_data32[1] == 0x00000000 &&
4013  three->ip2.addr_data32[2] == 0x00000000 &&
4014  three->ip2.addr_data32[3] == SCNtohl(6) &&
4015 
4016  four->ip.addr_data32[0] == SCNtohl(536936448) &&
4017  four->ip.addr_data32[1] == 0x00000000 &&
4018  four->ip.addr_data32[2] == 0x00000000 &&
4019  four->ip.addr_data32[3] == SCNtohl(7) &&
4020  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
4021  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
4022  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
4023  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
4024 
4025  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
4026  five->ip.addr_data32[1] == 0x00000000 &&
4027  five->ip.addr_data32[2] == 0x00000000 &&
4028  five->ip.addr_data32[3] == 0x00000000 &&
4029  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4030  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4031  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4032  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4033  result = 1;
4034  }
4035  }
4036  }
4037  }
4038 
4040  }
4041  return result;
4042 }
4043 
4044 static int AddressTestAddressGroupSetup27(void)
4045 {
4046  int result = 0;
4048 
4049  if (gh != NULL) {
4050  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
4051  if (r == 0)
4052  result = 1;
4053 
4055  }
4056  return result;
4057 }
4058 
4059 static int AddressTestAddressGroupSetup28(void)
4060 {
4061  int result = 0;
4063 
4064  if (gh != NULL) {
4065  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4066  if (r == 0)
4067  result = 1;
4068 
4070  }
4071  return result;
4072 }
4073 
4074 static int AddressTestAddressGroupSetup29(void)
4075 {
4076  int result = 0;
4078 
4079  if (gh != NULL) {
4080  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4081  if (r == 0)
4082  result = 1;
4083 
4085  }
4086  return result;
4087 }
4088 
4089 static int AddressTestAddressGroupSetup30(void)
4090 {
4091  int result = 0;
4093 
4094  if (gh != NULL) {
4095  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4096  if (r == 0)
4097  result = 1;
4098 
4100  }
4101  return result;
4102 }
4103 
4104 static int AddressTestAddressGroupSetup31(void)
4105 {
4106  int result = 0;
4108 
4109  if (gh != NULL) {
4110  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4111  if (r == 0)
4112  result = 1;
4113 
4115  }
4116  return result;
4117 }
4118 
4119 static int AddressTestAddressGroupSetup32(void)
4120 {
4121  int result = 0;
4123 
4124  if (gh != NULL) {
4125  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4126  if (r == 0)
4127  result = 1;
4128 
4130  }
4131  return result;
4132 }
4133 
4134 static int AddressTestAddressGroupSetup33(void)
4135 {
4136  int result = 0;
4138 
4139  if (gh != NULL) {
4140  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4141  if (r == 0)
4142  result = 1;
4143 
4145  }
4146  return result;
4147 }
4148 
4149 static int AddressTestAddressGroupSetup34(void)
4150 {
4151  int result = 0;
4153 
4154  if (gh != NULL) {
4155  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4156  if (r == 0)
4157  result = 1;
4158 
4160  }
4161  return result;
4162 }
4163 
4164 static int AddressTestAddressGroupSetup35(void)
4165 {
4166  int result = 0;
4168 
4169  if (gh != NULL) {
4170  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4171  if (r == 0)
4172  result = 1;
4173 
4175  }
4176  return result;
4177 }
4178 
4179 static int AddressTestAddressGroupSetup36 (void)
4180 {
4181  int result = 0;
4182 
4184  if (gh != NULL) {
4185  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4186  if (r == 0)
4187  result = 1;
4188 
4190  }
4191  return result;
4192 }
4193 
4194 static int AddressTestAddressGroupSetup37(void)
4195 {
4196  int result = 0;
4198 
4199  if (gh != NULL) {
4200  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4201  if (r == 0)
4202  result = 1;
4203 
4205  }
4206  return result;
4207 }
4208 
4209 static int AddressTestAddressGroupSetup38(void)
4210 {
4211  UTHValidateDetectAddressHeadRange expectations[3] = {
4212  { "0.0.0.0", "192.167.255.255" },
4213  { "192.168.14.0", "192.168.14.255" },
4214  { "192.169.0.0", "255.255.255.255" } };
4215  int result = 0;
4217 
4218  if (gh != NULL) {
4219  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4220  if (r == 0) {
4221  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4222  result = 1;
4223  }
4224 
4226  }
4227  return result;
4228 }
4229 
4230 static int AddressTestAddressGroupSetup39(void)
4231 {
4232  UTHValidateDetectAddressHeadRange expectations[3] = {
4233  { "0.0.0.0", "192.167.255.255" },
4234  { "192.168.14.0", "192.168.14.255" },
4235  { "192.169.0.0", "255.255.255.255" } };
4236  int result = 0;
4238 
4239  if (gh != NULL) {
4240  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4241  if (r == 0) {
4242  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4243  result = 1;
4244  }
4245 
4247  }
4248  return result;
4249 }
4250 
4251 static int AddressTestAddressGroupSetup40(void)
4252 {
4253  UTHValidateDetectAddressHeadRange expectations[3] = {
4254  { "0.0.0.0", "192.167.255.255" },
4255  { "192.168.14.0", "192.168.14.255" },
4256  { "192.169.0.0", "255.255.255.255" } };
4257  int result = 0;
4259  if (gh != NULL) {
4260  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4261  if (r == 0) {
4262  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4263  result = 1;
4264  }
4265 
4267  }
4268  return result;
4269 }
4270 
4271 static int AddressTestAddressGroupSetup41(void)
4272 {
4273  UTHValidateDetectAddressHeadRange expectations[3] = {
4274  { "0.0.0.0", "192.167.255.255" },
4275  { "192.168.14.0", "192.168.14.255" },
4276  { "192.169.0.0", "255.255.255.255" } };
4277  int result = 0;
4279  if (gh != NULL) {
4280  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4281  if (r == 0) {
4282  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4283  result = 1;
4284  }
4285 
4287  }
4288  return result;
4289 }
4290 
4291 static int AddressTestAddressGroupSetup42(void)
4292 {
4293  UTHValidateDetectAddressHeadRange expectations[1] = {
4294  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4295  int result = 0;
4297  if (gh != NULL) {
4298  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4299  if (r == 0) {
4300  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4301  result = 1;
4302  }
4303 
4305  }
4306  return result;
4307 }
4308 
4309 static int AddressTestAddressGroupSetup43(void)
4310 {
4311  UTHValidateDetectAddressHeadRange expectations[2] = {
4312  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4313  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4314  int result = 0;
4316  if (gh != NULL) {
4317  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4318  if (r == 0) {
4319  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4320  result = 1;
4321  }
4322 
4324  }
4325  return result;
4326 }
4327 
4328 static int AddressTestAddressGroupSetup44(void)
4329 {
4330  UTHValidateDetectAddressHeadRange expectations[2] = {
4331  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4332  int result = 0;
4334  if (gh != NULL) {
4335  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4336  if (r == 0) {
4337  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4338  result = 1;
4339  }
4340 
4342  }
4343  return result;
4344 }
4345 
4346 static int AddressTestAddressGroupSetup45(void)
4347 {
4348  int result = 0;
4350  if (gh != NULL) {
4351  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4352  if (r != 0) {
4353  result = 1;
4354  }
4355 
4357  }
4358  return result;
4359 }
4360 
4361 static int AddressTestAddressGroupSetup46(void)
4362 {
4363  UTHValidateDetectAddressHeadRange expectations[4] = {
4364  { "0.0.0.0", "192.167.255.255" },
4365  { "192.168.1.0", "192.168.1.255" },
4366  { "192.168.3.0", "192.168.3.255" },
4367  { "192.169.0.0", "255.255.255.255" } };
4368  int result = 0;
4370  if (gh != NULL) {
4371  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4372  if (r == 0) {
4373  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4374  result = 1;
4375  }
4376 
4378  }
4379  return result;
4380 }
4381 
4382 /** \test net with some negations, then all negated */
4383 static int AddressTestAddressGroupSetup47(void)
4384 {
4385  UTHValidateDetectAddressHeadRange expectations[5] = {
4386  { "0.0.0.0", "192.167.255.255" },
4387  { "192.168.1.0", "192.168.1.255" },
4388  { "192.168.3.0", "192.168.3.255" },
4389  { "192.168.5.0", "192.168.5.255" },
4390  { "192.169.0.0", "255.255.255.255" } };
4391  int result = 0;
4393  if (gh != NULL) {
4394  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4395  if (r == 0) {
4396  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4397  result = 1;
4398  }
4399 
4401  }
4402  return result;
4403 }
4404 
4405 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4406 static int AddressTestAddressGroupSetup48(void)
4407 {
4408  UTHValidateDetectAddressHeadRange expectations[4] = {
4409  { "192.168.0.0", "192.168.0.255" },
4410  { "192.168.2.0", "192.168.2.255" },
4411  { "192.168.4.0", "192.168.4.255" },
4412  { "192.168.6.0", "192.168.255.255" } };
4413  int result = 0;
4415  if (gh != NULL) {
4416  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4417  if (r == 0) {
4418  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4419  result = 1;
4420  }
4421 
4423  }
4424  return result;
4425 }
4426 
4427 static int AddressTestCutIPv401(void)
4428 {
4429  DetectAddress *a, *b, *c;
4430  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4431  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4432 
4433  if (DetectAddressCut(NULL, a, b, &c) == -1)
4434  goto error;
4435 
4436  DetectAddressFree(a);
4437  DetectAddressFree(b);
4438  DetectAddressFree(c);
4439  return 1;
4440 
4441 error:
4442  DetectAddressFree(a);
4443  DetectAddressFree(b);
4444  DetectAddressFree(c);
4445  return 0;
4446 }
4447 
4448 static int AddressTestCutIPv402(void)
4449 {
4450  DetectAddress *a, *b, *c;
4451  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4452  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4453 
4454  if (DetectAddressCut(NULL, a, b, &c) == -1)
4455  goto error;
4456 
4457  if (c == NULL)
4458  goto error;
4459 
4460  DetectAddressFree(a);
4461  DetectAddressFree(b);
4462  DetectAddressFree(c);
4463  return 1;
4464 
4465 error:
4466  DetectAddressFree(a);
4467  DetectAddressFree(b);
4468  DetectAddressFree(c);
4469  return 0;
4470 }
4471 
4472 static int AddressTestCutIPv403(void)
4473 {
4474  DetectAddress *a, *b, *c;
4475  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4476  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4477 
4478  if (DetectAddressCut(NULL, a, b, &c) == -1)
4479  goto error;
4480 
4481  if (c == NULL)
4482  goto error;
4483 
4484  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4485  goto error;
4486  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4487  goto error;
4488  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4489  goto error;
4490 
4491  DetectAddressFree(a);
4492  DetectAddressFree(b);
4493  DetectAddressFree(c);
4494  return 1;
4495 
4496 error:
4497  DetectAddressFree(a);
4498  DetectAddressFree(b);
4499  DetectAddressFree(c);
4500  return 0;
4501 }
4502 
4503 static int AddressTestCutIPv404(void)
4504 {
4505  DetectAddress *a, *b, *c;
4506  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4507  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4508 
4509  if (DetectAddressCut(NULL, a, b, &c) == -1)
4510  goto error;
4511 
4512  if (c == NULL)
4513  goto error;
4514 
4515  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4516  goto error;
4517  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4518  goto error;
4519  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4520  goto error;
4521 
4522 
4523  DetectAddressFree(a);
4524  DetectAddressFree(b);
4525  DetectAddressFree(c);
4526  return 1;
4527 
4528 error:
4529  DetectAddressFree(a);
4530  DetectAddressFree(b);
4531  DetectAddressFree(c);
4532  return 0;
4533 }
4534 
4535 static int AddressTestCutIPv405(void)
4536 {
4537  DetectAddress *a, *b, *c;
4538  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4539  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4540 
4541  if (DetectAddressCut(NULL, a, b, &c) == -1)
4542  goto error;
4543 
4544  if (c == NULL)
4545  goto error;
4546 
4547  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4548  goto error;
4549  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4550  goto error;
4551  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4552  goto error;
4553 
4554  DetectAddressFree(a);
4555  DetectAddressFree(b);
4556  DetectAddressFree(c);
4557  return 1;
4558 
4559 error:
4560  DetectAddressFree(a);
4561  DetectAddressFree(b);
4562  DetectAddressFree(c);
4563  return 0;
4564 }
4565 
4566 static int AddressTestCutIPv406(void)
4567 {
4568  DetectAddress *a, *b, *c;
4569  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4570  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4571 
4572  if (DetectAddressCut(NULL, a, b, &c) == -1)
4573  goto error;
4574 
4575  if (c == NULL)
4576  goto error;
4577 
4578  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4579  goto error;
4580  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4581  goto error;
4582  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4583  goto error;
4584 
4585  DetectAddressFree(a);
4586  DetectAddressFree(b);
4587  DetectAddressFree(c);
4588  return 1;
4589 
4590 error:
4591  DetectAddressFree(a);
4592  DetectAddressFree(b);
4593  DetectAddressFree(c);
4594  return 0;
4595 }
4596 
4597 static int AddressTestCutIPv407(void)
4598 {
4599  DetectAddress *a, *b, *c;
4600  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4601  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4602 
4603  if (DetectAddressCut(NULL, a, b, &c) == -1)
4604  goto error;
4605 
4606  if (c != NULL)
4607  goto error;
4608 
4609  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4610  goto error;
4611  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4612  goto error;
4613 
4614  DetectAddressFree(a);
4615  DetectAddressFree(b);
4616  DetectAddressFree(c);
4617  return 1;
4618 
4619 error:
4620  DetectAddressFree(a);
4621  DetectAddressFree(b);
4622  DetectAddressFree(c);
4623  return 0;
4624 }
4625 
4626 static int AddressTestCutIPv408(void)
4627 {
4628  DetectAddress *a, *b, *c;
4629  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4630  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4631 
4632  if (DetectAddressCut(NULL, a, b, &c) == -1)
4633  goto error;
4634 
4635  if (c != NULL)
4636  goto error;
4637 
4638  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4639  goto error;
4640  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4641  goto error;
4642 
4643  DetectAddressFree(a);
4644  DetectAddressFree(b);
4645  DetectAddressFree(c);
4646  return 1;
4647 
4648 error:
4649  DetectAddressFree(a);
4650  DetectAddressFree(b);
4651  DetectAddressFree(c);
4652  return 0;
4653 }
4654 
4655 static int AddressTestCutIPv409(void)
4656 {
4657  DetectAddress *a, *b, *c;
4658  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4659  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4660 
4661  if (DetectAddressCut(NULL, a, b, &c) == -1)
4662  goto error;
4663 
4664  if (c != NULL)
4665  goto error;
4666 
4667  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4668  goto error;
4669  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4670  goto error;
4671 
4672  DetectAddressFree(a);
4673  DetectAddressFree(b);
4674  DetectAddressFree(c);
4675  return 1;
4676 
4677 error:
4678  DetectAddressFree(a);
4679  DetectAddressFree(b);
4680  DetectAddressFree(c);
4681  return 0;
4682 }
4683 
4684 static int AddressTestCutIPv410(void)
4685 {
4686  DetectAddress *a, *b, *c;
4687  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4688  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4689 
4690  if (DetectAddressCut(NULL, a, b, &c) == -1)
4691  goto error;
4692 
4693  if (c != NULL)
4694  goto error;
4695 
4696  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4697  goto error;
4698  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4699  goto error;
4700 
4701  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4702 
4703  DetectAddressFree(a);
4704  DetectAddressFree(b);
4705  DetectAddressFree(c);
4706  return 1;
4707 
4708 error:
4709  DetectAddressFree(a);
4710  DetectAddressFree(b);
4711  DetectAddressFree(c);
4712  return 0;
4713 }
4714 
4715 static int AddressTestParseInvalidMask01(void)
4716 {
4717  int result = 1;
4718  DetectAddress *dd = NULL;
4719 
4720  dd = DetectAddressParseSingle("192.168.2.0/33");
4721  if (dd != NULL) {
4722  DetectAddressFree(dd);
4723  result = 0;
4724  }
4725  return result;
4726 }
4727 
4728 static int AddressTestParseInvalidMask02(void)
4729 {
4730  int result = 1;
4731  DetectAddress *dd = NULL;
4732 
4733  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4734  if (dd != NULL) {
4735  DetectAddressFree(dd);
4736  result = 0;
4737  }
4738  return result;
4739 }
4740 
4741 static int AddressTestParseInvalidMask03(void)
4742 {
4743  int result = 1;
4744  DetectAddress *dd = NULL;
4745 
4746  dd = DetectAddressParseSingle("192.168.2.0/blue");
4747  if (dd != NULL) {
4748  DetectAddressFree(dd);
4749  result = 0;
4750  }
4751  return result;
4752 }
4753 
4754 static int AddressConfVarsTest01(void)
4755 {
4756  static const char *dummy_conf_string =
4757  "%YAML 1.1\n"
4758  "---\n"
4759  "\n"
4760  "vars:\n"
4761  "\n"
4762  " address-groups:\n"
4763  "\n"
4764  " HOME_NET: \"any\"\n"
4765  "\n"
4766  " EXTERNAL_NET: \"!any\"\n"
4767  "\n"
4768  " port-groups:\n"
4769  "\n"
4770  " HTTP_PORTS: \"any\"\n"
4771  "\n"
4772  " SHELLCODE_PORTS: \"!any\"\n"
4773  "\n";
4774 
4775  int result = 0;
4776 
4778  ConfInit();
4779  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4780 
4782  result = 1;
4783 
4784  ConfDeInit();
4786 
4787  return result;
4788 }
4789 
4790 static int AddressConfVarsTest02(void)
4791 {
4792  static const char *dummy_conf_string =
4793  "%YAML 1.1\n"
4794  "---\n"
4795  "\n"
4796  "vars:\n"
4797  "\n"
4798  " address-groups:\n"
4799  "\n"
4800  " HOME_NET: \"any\"\n"
4801  "\n"
4802  " EXTERNAL_NET: \"any\"\n"
4803  "\n"
4804  " port-groups:\n"
4805  "\n"
4806  " HTTP_PORTS: \"any\"\n"
4807  "\n"
4808  " SHELLCODE_PORTS: \"!any\"\n"
4809  "\n";
4810 
4811  int result = 0;
4812 
4814  ConfInit();
4815  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4816 
4818  result = 1;
4819 
4820  ConfDeInit();
4822 
4823  return result;
4824 }
4825 
4826 static int AddressConfVarsTest03(void)
4827 {
4828  static const char *dummy_conf_string =
4829  "%YAML 1.1\n"
4830  "---\n"
4831  "\n"
4832  "vars:\n"
4833  "\n"
4834  " address-groups:\n"
4835  "\n"
4836  " HOME_NET: \"any\"\n"
4837  "\n"
4838  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4839  "\n"
4840  " port-groups:\n"
4841  "\n"
4842  " HTTP_PORTS: \"any\"\n"
4843  "\n"
4844  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4845  "\n";
4846 
4847  int result = 0;
4848 
4850  ConfInit();
4851  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4852 
4854  result = 1;
4855 
4856  ConfDeInit();
4858 
4859  return result;
4860 }
4861 
4862 static int AddressConfVarsTest04(void)
4863 {
4864  static const char *dummy_conf_string =
4865  "%YAML 1.1\n"
4866  "---\n"
4867  "\n"
4868  "vars:\n"
4869  "\n"
4870  " address-groups:\n"
4871  "\n"
4872  " HOME_NET: \"any\"\n"
4873  "\n"
4874  " EXTERNAL_NET: \"$HOME_NET\"\n"
4875  "\n"
4876  " port-groups:\n"
4877  "\n"
4878  " HTTP_PORTS: \"any\"\n"
4879  "\n"
4880  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4881  "\n";
4882 
4883  int result = 0;
4884 
4886  ConfInit();
4887  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4888 
4890  result = 1;
4891 
4892  ConfDeInit();
4894 
4895  return result;
4896 }
4897 
4898 static int AddressConfVarsTest05(void)
4899 {
4900  static const char *dummy_conf_string =
4901  "%YAML 1.1\n"
4902  "---\n"
4903  "\n"
4904  "vars:\n"
4905  "\n"
4906  " address-groups:\n"
4907  "\n"
4908  " HOME_NET: \"any\"\n"
4909  "\n"
4910  " EXTERNAL_NET: [192.168.0.1]\n"
4911  "\n"
4912  " port-groups:\n"
4913  "\n"
4914  " HTTP_PORTS: \"any\"\n"
4915  "\n"
4916  " SHELLCODE_PORTS: [80]\n"
4917  "\n";
4918 
4919  int result = 0;
4920 
4922  ConfInit();
4923  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4924 
4925  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4926  goto end;
4927 
4928  result = 1;
4929 
4930  end:
4931  ConfDeInit();
4933 
4934  return result;
4935 }
4936 
4937 #endif /* UNITTESTS */
4938 
4940 {
4941 #ifdef UNITTESTS
4944 
4945  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4946  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4947  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4948  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4949  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4950  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4951  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4952  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4953  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4954  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4955  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4956  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4957  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4958  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4959  UtRegisterTest("AddressTestParse15", AddressTestParse15);
4960  UtRegisterTest("AddressTestParse16", AddressTestParse16);
4961  UtRegisterTest("AddressTestParse17", AddressTestParse17);
4962  UtRegisterTest("AddressTestParse18", AddressTestParse18);
4963  UtRegisterTest("AddressTestParse19", AddressTestParse19);
4964  UtRegisterTest("AddressTestParse20", AddressTestParse20);
4965  UtRegisterTest("AddressTestParse21", AddressTestParse21);
4966  UtRegisterTest("AddressTestParse22", AddressTestParse22);
4967  UtRegisterTest("AddressTestParse23", AddressTestParse23);
4968  UtRegisterTest("AddressTestParse24", AddressTestParse24);
4969  UtRegisterTest("AddressTestParse25", AddressTestParse25);
4970  UtRegisterTest("AddressTestParse27", AddressTestParse27);
4971  UtRegisterTest("AddressTestParse28", AddressTestParse28);
4972  UtRegisterTest("AddressTestParse29", AddressTestParse29);
4973  UtRegisterTest("AddressTestParse30", AddressTestParse30);
4974  UtRegisterTest("AddressTestParse31", AddressTestParse31);
4975  UtRegisterTest("AddressTestParse32", AddressTestParse32);
4976  UtRegisterTest("AddressTestParse33", AddressTestParse33);
4977  UtRegisterTest("AddressTestParse34", AddressTestParse34);
4978  UtRegisterTest("AddressTestParse35", AddressTestParse35);
4979  UtRegisterTest("AddressTestParse36", AddressTestParse36);
4980  UtRegisterTest("AddressTestParse37", AddressTestParse37);
4981 
4982  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
4983  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
4984  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
4985  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
4986  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
4987  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
4988  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
4989  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
4990  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
4991  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
4992  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
4993 
4994  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
4995  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
4996  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
4997  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
4998  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
4999  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5000  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5001  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5002 
5003  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5004  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5005  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5006  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5007  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5008  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5009 
5010  UtRegisterTest("AddressTestAddressGroupSetup01",
5011  AddressTestAddressGroupSetup01);
5012  UtRegisterTest("AddressTestAddressGroupSetup02",
5013  AddressTestAddressGroupSetup02);
5014  UtRegisterTest("AddressTestAddressGroupSetup03",
5015  AddressTestAddressGroupSetup03);
5016  UtRegisterTest("AddressTestAddressGroupSetup04",
5017  AddressTestAddressGroupSetup04);
5018  UtRegisterTest("AddressTestAddressGroupSetup05",
5019  AddressTestAddressGroupSetup05);
5020  UtRegisterTest("AddressTestAddressGroupSetup06",
5021  AddressTestAddressGroupSetup06);
5022  UtRegisterTest("AddressTestAddressGroupSetup07",
5023  AddressTestAddressGroupSetup07);
5024  UtRegisterTest("AddressTestAddressGroupSetup08",
5025  AddressTestAddressGroupSetup08);
5026  UtRegisterTest("AddressTestAddressGroupSetup09",
5027  AddressTestAddressGroupSetup09);
5028  UtRegisterTest("AddressTestAddressGroupSetup10",
5029  AddressTestAddressGroupSetup10);
5030  UtRegisterTest("AddressTestAddressGroupSetup11",
5031  AddressTestAddressGroupSetup11);
5032  UtRegisterTest("AddressTestAddressGroupSetup12",
5033  AddressTestAddressGroupSetup12);
5034  UtRegisterTest("AddressTestAddressGroupSetup13",
5035  AddressTestAddressGroupSetup13);
5036  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5037  AddressTestAddressGroupSetupIPv414);
5038  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5039  AddressTestAddressGroupSetupIPv415);
5040  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5041  AddressTestAddressGroupSetupIPv416);
5042 
5043  UtRegisterTest("AddressTestAddressGroupSetup14",
5044  AddressTestAddressGroupSetup14);
5045  UtRegisterTest("AddressTestAddressGroupSetup15",
5046  AddressTestAddressGroupSetup15);
5047  UtRegisterTest("AddressTestAddressGroupSetup16",
5048  AddressTestAddressGroupSetup16);
5049  UtRegisterTest("AddressTestAddressGroupSetup17",
5050  AddressTestAddressGroupSetup17);
5051  UtRegisterTest("AddressTestAddressGroupSetup18",
5052  AddressTestAddressGroupSetup18);
5053  UtRegisterTest("AddressTestAddressGroupSetup19",
5054  AddressTestAddressGroupSetup19);
5055  UtRegisterTest("AddressTestAddressGroupSetup20",
5056  AddressTestAddressGroupSetup20);
5057  UtRegisterTest("AddressTestAddressGroupSetup21",
5058  AddressTestAddressGroupSetup21);
5059  UtRegisterTest("AddressTestAddressGroupSetup22",
5060  AddressTestAddressGroupSetup22);
5061  UtRegisterTest("AddressTestAddressGroupSetup23",
5062  AddressTestAddressGroupSetup23);
5063  UtRegisterTest("AddressTestAddressGroupSetup24",
5064  AddressTestAddressGroupSetup24);
5065  UtRegisterTest("AddressTestAddressGroupSetup25",
5066  AddressTestAddressGroupSetup25);
5067  UtRegisterTest("AddressTestAddressGroupSetup26",
5068  AddressTestAddressGroupSetup26);
5069 
5070  UtRegisterTest("AddressTestAddressGroupSetup27",
5071  AddressTestAddressGroupSetup27);
5072  UtRegisterTest("AddressTestAddressGroupSetup28",
5073  AddressTestAddressGroupSetup28);
5074  UtRegisterTest("AddressTestAddressGroupSetup29",
5075  AddressTestAddressGroupSetup29);
5076  UtRegisterTest("AddressTestAddressGroupSetup30",
5077  AddressTestAddressGroupSetup30);
5078  UtRegisterTest("AddressTestAddressGroupSetup31",
5079  AddressTestAddressGroupSetup31);
5080  UtRegisterTest("AddressTestAddressGroupSetup32",
5081  AddressTestAddressGroupSetup32);
5082  UtRegisterTest("AddressTestAddressGroupSetup33",
5083  AddressTestAddressGroupSetup33);
5084  UtRegisterTest("AddressTestAddressGroupSetup34",
5085  AddressTestAddressGroupSetup34);
5086  UtRegisterTest("AddressTestAddressGroupSetup35",
5087  AddressTestAddressGroupSetup35);
5088  UtRegisterTest("AddressTestAddressGroupSetup36",
5089  AddressTestAddressGroupSetup36);
5090  UtRegisterTest("AddressTestAddressGroupSetup37",
5091  AddressTestAddressGroupSetup37);
5092  UtRegisterTest("AddressTestAddressGroupSetup38",
5093  AddressTestAddressGroupSetup38);
5094  UtRegisterTest("AddressTestAddressGroupSetup39",
5095  AddressTestAddressGroupSetup39);
5096  UtRegisterTest("AddressTestAddressGroupSetup40",
5097  AddressTestAddressGroupSetup40);
5098  UtRegisterTest("AddressTestAddressGroupSetup41",
5099  AddressTestAddressGroupSetup41);
5100  UtRegisterTest("AddressTestAddressGroupSetup42",
5101  AddressTestAddressGroupSetup42);
5102  UtRegisterTest("AddressTestAddressGroupSetup43",
5103  AddressTestAddressGroupSetup43);
5104  UtRegisterTest("AddressTestAddressGroupSetup44",
5105  AddressTestAddressGroupSetup44);
5106  UtRegisterTest("AddressTestAddressGroupSetup45",
5107  AddressTestAddressGroupSetup45);
5108  UtRegisterTest("AddressTestAddressGroupSetup46",
5109  AddressTestAddressGroupSetup46);
5110  UtRegisterTest("AddressTestAddressGroupSetup47",
5111  AddressTestAddressGroupSetup47);
5112  UtRegisterTest("AddressTestAddressGroupSetup48",
5113  AddressTestAddressGroupSetup48);
5114 
5115  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5116  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5117  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5118  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5119  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5120  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5121  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5122  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5123  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5124  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5125 
5126  UtRegisterTest("AddressTestParseInvalidMask01",
5127  AddressTestParseInvalidMask01);
5128  UtRegisterTest("AddressTestParseInvalidMask02",
5129  AddressTestParseInvalidMask02);
5130  UtRegisterTest("AddressTestParseInvalidMask03",
5131  AddressTestParseInvalidMask03);
5132 
5133  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5134  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5135  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5136  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5137  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5138 #endif /* UNITTESTS */
5139 }
int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, DetectAddress *new)
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigG...
#define COPY_ADDRESS(a, b)
Definition: decode.h:125
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t ip2[4]
Definition: detect.h:167
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
int DetectAddressParseString(DetectAddress *dd, const char *str)
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
struct DetectAddress_ * prev
Definition: detect.h:148
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
#define BUG_ON(x)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string)
#define FALSE
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Address ip
Definition: detect.h:141
address structure for use in the detection engine.
Definition: detect.h:139
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
void DetectAddressHeadFree(DetectAddressHead *gh)
Frees a DetectAddressHead instance.
DetectAddress * DetectAddressCopy(DetectAddress *orig)
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAdd...
int DetectAddressMatch(DetectAddress *dd, Address *a)
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance...
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
uint32_t ip[4]
Definition: detect.h:166
struct DetectAddressMap_ DetectAddressMap
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
char * val
Definition: conf.h:34
Flow * head
Definition: flow-hash.h:102
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
DetectAddress * DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr)
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
#define TRUE
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
main detection engine ctx
Definition: detect.h:761
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
struct DetectAddress_ * next
Definition: detect.h:150
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:253
HashListTable * address_table
Definition: detect.h:912
uint8_t flags
Definition: detect.h:145
char family
Definition: decode.h:111
void DetectAddressPrintList(DetectAddress *head)
Prints the address data information for all the DetectAddress instances in the DetectAddress list sen...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
int DetectAddressTestConfVars(void)
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
Address ip2
Definition: detect.h:142
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * ipv4_head
Definition: detect.h:155
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
#define SCReturnInt(x)
Definition: util-debug.h:341
#define SCNtohl(x)
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: conf.h:32
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
#define SCMalloc(a)
Definition: util-mem.h:222
void DetectAddressIPv6Tests(void)
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
#define SCFree(a)
Definition: util-mem.h:322
PoolThreadReserved res
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
uint8_t address
Definition: decode-ppp.h:312
void DetectAddressPrint(DetectAddress *)
Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectPortTestConfVars(void)
char * name
Definition: conf.h:33
void DetectAddressTests(void)
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Join two addresses groups together.
uint32_t array_size
Definition: util-hashlist.h:41
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - &#39;not&#39; match)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:268
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressHead * DetectAddressHeadInit(void)
Returns a new instance of DetectAddressHead.
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressAdd(DetectAddress **head, DetectAddress *ag)
Do a sorted insert, where the top of the list should be the biggest network/range.
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
DetectAddressHead * address
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
void DetectAddressIPv4Tests(void)
DetectAddress * ipv6_head
Definition: detect.h:156
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
union Address_::@42 address
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133