suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
128 {
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 /**
140  * \internal
141  * \brief Frees a list of DetectAddress instances.
142  *
143  * \param head Pointer to a list of DetectAddress instances to be freed.
144  */
145 static void DetectAddressCleanupList(DetectAddress *head)
146 {
147  for (DetectAddress *cur = head; cur != NULL; ) {
148  DetectAddress *next = cur->next;
149  cur->next = NULL;
150  DetectAddressFree(cur);
151  cur = next;
152  }
153 }
154 
155 /**
156  * \internal
157  * \brief Helper function for DetectAddressInsert. Sets one of the
158  * DetectAddressHead head pointers, to the DetectAddress argument
159  * based on its address family.
160  *
161  * \param gh Pointer to the DetectAddressHead.
162  * \param newhead Pointer to the DetectAddress.
163  *
164  * \retval 0 On success.
165  * \retval -1 On failure.
166  */
167 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
168 {
169  if (newhead->ip.family == AF_INET) {
170  gh->ipv4_head = newhead;
171  } else if (newhead->ip.family == AF_INET6) {
172  gh->ipv6_head = newhead;
173  } else {
174  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
175  return -1;
176  }
177 
178  return 0;
179 }
180 
181 /**
182  * \internal
183  * \brief Returns the DetectAddress head from the DetectAddressHeads,
184  * based on the address family of the incoming DetectAddress arg.
185  *
186  * \param gh Pointer to the DetectAddressHead.
187  * \param new Pointer to the DetectAddress.
188  *
189  * \retval head Pointer to the DetectAddress(the head from
190  * DetectAddressHead).
191  */
192 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
193 {
194  DetectAddress *head = NULL;
195 
196  if (new->ip.family == AF_INET)
197  head = gh->ipv4_head;
198  else if (new->ip.family == AF_INET6)
199  head = gh->ipv6_head;
200 
201  return head;
202 }
203 
204 /**
205  * \internal
206  * \brief insert DetectAddress into a DetectAddressHead
207  *
208  * \param de_ctx Pointer to the detection engine context.
209  * \param gh Pointer to the DetectAddressHead list to which it has to
210  * be inserted.
211  * \param new Pointer to the DetectAddress, that has to be inserted.
212  *
213  * \retval 1 On successfully inserting it.
214  * \retval -1 On error.
215  * \retval 0 Not inserted, memory of new is freed.
216  */
217 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
218  DetectAddress *new)
219 {
220  DetectAddress *head = NULL;
221  DetectAddress *cur = NULL;
222  DetectAddress *c = NULL;
223  int r = 0;
224 
225  if (new == NULL)
226  return 0;
227 
228  /* get our head ptr based on the address we want to insert */
229  head = GetHeadPtr(gh, new);
230 
231  /* see if it already exists or overlaps with existing ag's */
232  if (head != NULL) {
233  cur = NULL;
234 
235  for (cur = head; cur != NULL; cur = cur->next) {
236  r = DetectAddressCmp(new, cur);
237  BUG_ON(r == ADDRESS_ER);
238 
239  /* if so, handle that */
240  if (r == ADDRESS_EQ) {
241  /* exact overlap/match */
242  if (cur != new) {
243  DetectAddressFree(new);
244  return 0;
245  }
246 
247  return 1;
248  } else if (r == ADDRESS_GT) {
249  /* only add it now if we are bigger than the last group.
250  * Otherwise we'll handle it later. */
251  if (cur->next == NULL) {
252  /* put in the list */
253  new->prev = cur;
254  cur->next = new;
255 
256  return 1;
257  }
258  } else if (r == ADDRESS_LT) {
259  /* see if we need to insert the ag anywhere put in the list */
260  if (cur->prev != NULL)
261  cur->prev->next = new;
262  new->prev = cur->prev;
263  new->next = cur;
264  cur->prev = new;
265 
266  /* update head if required */
267  if (head == cur) {
268  head = new;
269 
270  if (SetHeadPtr(gh, head) < 0)
271  goto error;
272  }
273 
274  return 1;
275  /* alright, those were the simple cases, lets handle the more
276  * complex ones now */
277  } else if (r == ADDRESS_ES) {
278  c = NULL;
279  r = DetectAddressCut(de_ctx, cur, new, &c);
280  if (r == -1)
281  goto error;
282 
283  DetectAddressInsert(de_ctx, gh, new);
284  if (c != NULL)
285  DetectAddressInsert(de_ctx, gh, c);
286 
287  return 1;
288  } else if (r == ADDRESS_EB) {
289  c = NULL;
290  r = DetectAddressCut(de_ctx, cur, new, &c);
291  if (r == -1)
292  goto error;
293 
294  DetectAddressInsert(de_ctx, gh, new);
295  if (c != NULL)
296  DetectAddressInsert(de_ctx, gh, c);
297 
298  return 1;
299  } else if (r == ADDRESS_LE) {
300  c = NULL;
301  r = DetectAddressCut(de_ctx, cur, new, &c);
302  if (r == -1)
303  goto error;
304 
305  DetectAddressInsert(de_ctx, gh, new);
306  if (c != NULL)
307  DetectAddressInsert(de_ctx, gh, c);
308 
309  return 1;
310  } else if (r == ADDRESS_GE) {
311  c = NULL;
312  r = DetectAddressCut(de_ctx, cur,new,&c);
313  if (r == -1)
314  goto error;
315 
316  DetectAddressInsert(de_ctx, gh, new);
317  if (c != NULL)
318  DetectAddressInsert(de_ctx, gh, c);
319 
320  return 1;
321  }
322  }
323 
324  /* head is NULL, so get a group and set head to it */
325  } else {
326  head = new;
327  if (SetHeadPtr(gh, head) < 0) {
328  SCLogDebug("SetHeadPtr failed");
329  goto error;
330  }
331  }
332 
333  return 1;
334 
335 error:
336  /* XXX */
337  return -1;
338 }
339 
340 /**
341  * \brief Checks if two address group lists are equal.
342  *
343  * \param list1 Pointer to the first address group list.
344  * \param list2 Pointer to the second address group list.
345  *
346  * \retval true On success.
347  * \retval false On failure.
348  */
350 {
351  DetectAddress *item = list1;
352  DetectAddress *it = list2;
353 
354  // First, compare items one by one.
355  while (item != NULL && it != NULL) {
356  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
357  return false;
358  }
359 
360  item = item->next;
361  it = it->next;
362  }
363 
364  // Are the lists of the same size?
365  if (!(item == NULL && it == NULL)) {
366  return false;
367  }
368 
369  return true;
370 }
371 
372 /**
373  * \internal
374  * \brief Parses an ipv4/ipv6 address string and updates the result into the
375  * DetectAddress instance sent as the argument.
376  *
377  * \param dd Pointer to the DetectAddress instance which should be updated with
378  * the address range details from the parsed ip string.
379  * \param str Pointer to address string that has to be parsed.
380  *
381  * \retval 0 On successfully parsing the address string.
382  * \retval -1 On failure.
383  */
384 static int DetectAddressParseString(DetectAddress *dd, const char *str)
385 {
386  char *ip = NULL;
387  char *ip2 = NULL;
388  char *mask = NULL;
389  int r = 0;
390  char ipstr[256];
391 
392  /* shouldn't see 'any' here */
393  BUG_ON(strcasecmp(str, "any") == 0);
394 
395  strlcpy(ipstr, str, sizeof(ipstr));
396  SCLogDebug("str %s", str);
397 
398  /* we work with a copy so that we can put a
399  * nul-termination in it later */
400  ip = ipstr;
401 
402  /* handle the negation case */
403  if (ip[0] == '!') {
404  dd->flags |= ADDRESS_FLAG_NOT;
405  ip++;
406  }
407 
408  /* see if the address is an ipv4 or ipv6 address */
409  if ((strchr(str, ':')) == NULL) {
410  /* IPv4 Address */
411  struct in_addr in;
412 
413  dd->ip.family = AF_INET;
414 
415  if ((mask = strchr(ip, '/')) != NULL) {
416  /* 1.2.3.4/xxx format (either dotted or cidr notation */
417  ip[mask - ip] = '\0';
418  mask++;
419  uint32_t ip4addr = 0;
420  uint32_t netmask = 0;
421 
422  if ((strchr (mask, '.')) == NULL) {
423  /* 1.2.3.4/24 format */
424 
425  for (size_t u = 0; u < strlen(mask); u++) {
426  if(!isdigit((unsigned char)mask[u]))
427  goto error;
428  }
429 
430  int cidr;
431  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
432  goto error;
433  netmask = CIDRGet(cidr);
434  } else {
435  /* 1.2.3.4/255.255.255.0 format */
436  r = inet_pton(AF_INET, mask, &in);
437  if (r <= 0)
438  goto error;
439 
440  netmask = in.s_addr;
441 
442  /* validate netmask */
443  int cidr = CIDRFromMask(netmask);
444  if (cidr < 0) {
445  SCLogError(
446  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
447  "CIDR notation are supported. See ticket #5168.",
448  mask);
449  goto error;
450  }
451  }
452 
453  r = inet_pton(AF_INET, ip, &in);
454  if (r <= 0)
455  goto error;
456 
457  ip4addr = in.s_addr;
458 
459  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
460  dd->ip2.addr_data32[0] |=~ netmask;
461  } else if ((ip2 = strchr(ip, '-')) != NULL) {
462  /* 1.2.3.4-1.2.3.6 range format */
463  ip[ip2 - ip] = '\0';
464  ip2++;
465 
466  r = inet_pton(AF_INET, ip, &in);
467  if (r <= 0)
468  goto error;
469  dd->ip.addr_data32[0] = in.s_addr;
470 
471  r = inet_pton(AF_INET, ip2, &in);
472  if (r <= 0)
473  goto error;
474  dd->ip2.addr_data32[0] = in.s_addr;
475 
476  /* a > b is illegal, a = b is ok */
477  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
478  goto error;
479  } else {
480  /* 1.2.3.4 format */
481  r = inet_pton(AF_INET, ip, &in);
482  if (r <= 0)
483  goto error;
484  /* single host */
485  dd->ip.addr_data32[0] = in.s_addr;
486  dd->ip2.addr_data32[0] = in.s_addr;
487  }
488  } else {
489  /* IPv6 Address */
490  struct in6_addr in6, mask6;
491  uint32_t ip6addr[4], netmask[4];
492 
493  dd->ip.family = AF_INET6;
494 
495  if ((mask = strchr(ip, '/')) != NULL) {
496  ip[mask - ip] = '\0';
497  mask++;
498 
499  int cidr;
500  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
501  goto error;
502 
503  r = inet_pton(AF_INET6, ip, &in6);
504  if (r <= 0)
505  goto error;
506  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
507 
508  CIDRGetIPv6(cidr, &mask6);
509  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
510 
511  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
512  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
513  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
514  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
515 
516  dd->ip2.addr_data32[0] |=~ netmask[0];
517  dd->ip2.addr_data32[1] |=~ netmask[1];
518  dd->ip2.addr_data32[2] |=~ netmask[2];
519  dd->ip2.addr_data32[3] |=~ netmask[3];
520  } else if ((ip2 = strchr(ip, '-')) != NULL) {
521  /* 2001::1-2001::4 range format */
522  ip[ip2 - ip] = '\0';
523  ip2++;
524 
525  r = inet_pton(AF_INET6, ip, &in6);
526  if (r <= 0)
527  goto error;
528  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
529 
530  r = inet_pton(AF_INET6, ip2, &in6);
531  if (r <= 0)
532  goto error;
533  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
534 
535  /* a > b is illegal, a=b is ok */
536  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
537  goto error;
538  } else {
539  r = inet_pton(AF_INET6, ip, &in6);
540  if (r <= 0)
541  goto error;
542 
543  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
544  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
545  }
546 
547  }
548 
549  BUG_ON(dd->ip.family == 0);
550 
551  return 0;
552 
553 error:
554  return -1;
555 }
556 
557 /**
558  * \internal
559  * \brief Simply parse an address and return a DetectAddress instance containing
560  * the address ranges of the parsed ip addressstring
561  *
562  * \param str Pointer to a character string containing the ip address
563  *
564  * \retval dd Pointer to the DetectAddress instance containing the address
565  * range details from the parsed ip string
566  */
567 static DetectAddress *DetectAddressParseSingle(const char *str)
568 {
569  SCLogDebug("str %s", str);
570 
572  if (dd == NULL)
573  return NULL;
574 
575  if (DetectAddressParseString(dd, str) < 0) {
576  SCLogDebug("AddressParse failed");
577  DetectAddressFree(dd);
578  return NULL;
579  }
580 
581  return dd;
582 }
583 
584 /**
585  * \brief Setup a single address string, parse it and add the resulting
586  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
587  *
588  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
589  * resulting Address-Range(s) from the parsed ip string has to
590  * be added.
591  * \param s Pointer to the ip address string to be parsed.
592  *
593  * \retval 0 On success.
594  * \retval -1 On failure.
595  */
596 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
597 {
598  SCLogDebug("gh %p, s %s", gh, s);
599 
600  while (*s != '\0' && isspace(*s))
601  s++;
602 
603  if (strcasecmp(s, "any") == 0) {
604  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
605 
606  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
607  if (ad == NULL)
608  return -1;
609 
610  BUG_ON(ad->ip.family == 0);
611 
612  if (DetectAddressInsert(NULL, gh, ad) < 0) {
613  SCLogDebug("DetectAddressInsert failed");
614  DetectAddressFree(ad);
615  return -1;
616  }
617 
618  ad = DetectAddressParseSingle("::/0");
619  if (ad == NULL)
620  return -1;
621 
622  BUG_ON(ad->ip.family == 0);
623 
624  if (DetectAddressInsert(NULL, gh, ad) < 0) {
625  SCLogDebug("DetectAddressInsert failed");
626  DetectAddressFree(ad);
627  return -1;
628  }
629  return 0;
630  }
631 
632  /* parse the address */
633  DetectAddress *ad = DetectAddressParseSingle(s);
634  if (ad == NULL) {
635  SCLogError("failed to parse address \"%s\"", s);
636  return -1;
637  }
638 
639  /* handle the not case, we apply the negation then insert the part(s) */
640  if (ad->flags & ADDRESS_FLAG_NOT) {
641  DetectAddress *ad2 = NULL;
642 
643  if (DetectAddressCutNot(ad, &ad2) < 0) {
644  SCLogDebug("DetectAddressCutNot failed");
645  DetectAddressFree(ad);
646  return -1;
647  }
648 
649  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
650  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
651  if (ad2 != NULL) {
652  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
653  SCLogDebug("DetectAddressInsert failed");
654  DetectAddressFree(ad);
655  DetectAddressFree(ad2);
656  return -1;
657  }
658  }
659  }
660 
661  int r = DetectAddressInsert(NULL, gh, ad);
662  if (r < 0) {
663  SCLogDebug("DetectAddressInsert failed");
664  DetectAddressFree(ad);
665  return -1;
666  }
667  SCLogDebug("r %d",r);
668  return 0;
669 }
670 
671 /**
672  * \brief Parses an address string and updates the 2 address heads with the
673  * address data.
674  *
675  * Note that this function should only be called by the wrapping function
676  * DetectAddressParse2. The wrapping function provides long address handling
677  * when the address size exceeds a threshold value.
678  *
679  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
680  * since we pass around negate without keeping a count of ! with depth.
681  * Can solve this by keeping a count of the negations with depth, so that
682  * an even no of negations would count as no negation and an odd no of
683  * negations would count as a negation.
684  *
685  * \param gh Pointer to the address head that should hold address ranges
686  * that are not negated.
687  * \param ghn Pointer to the address head that should hold address ranges
688  * that are negated.
689  * \param s Pointer to the character string holding the address to be
690  * parsed.
691  * \param negate Flag that indicates if the received address string is negated
692  * or not. 0 if it is not, 1 it it is.
693  *
694  * \retval 0 On successfully parsing.
695  * \retval -1 On failure.
696  */
697 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
698  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
699  int recur, char *address, size_t address_length)
700 {
701  size_t x = 0;
702  size_t u = 0;
703  int o_set = 0, n_set = 0, d_set = 0;
704  int depth = 0;
705  const char *rule_var_address = NULL;
706  char *temp_rule_var_address = NULL;
707 
708  if (++recur > 64) {
709  SCLogError("address block recursion "
710  "limit reached (max 64)");
711  goto error;
712  }
713 
714  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
715 
716  size_t size = strlen(s);
717  for (u = 0, x = 0; u < size && x < address_length; u++) {
718  if (x == (address_length - 1)) {
719  SCLogError("Hit the address buffer"
720  " limit for the supplied address. Invalidating sig. "
721  "Please file a bug report on this.");
722  goto error;
723  }
724  address[x] = s[u];
725  x++;
726 
727  if (!o_set && s[u] == '!') {
728  n_set = 1;
729  x--;
730  } else if (s[u] == '[') {
731  if (!o_set) {
732  o_set = 1;
733  x = 0;
734  }
735  depth++;
736  } else if (s[u] == ']') {
737  if (depth == 1) {
738  address[x - 1] = '\0';
739  x = 0;
740  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
741  if (((negate + n_set) % 2) == 0) {
742  /* normal block */
743  SCLogDebug("normal block");
744 
745  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
746  goto error;
747  } else {
748  /* negated block
749  *
750  * Extra steps are necessary. First consider it as a normal
751  * (non-negated) range. Merge the + and - ranges if
752  * applicable. Then insert the result into the ghn list. */
753  SCLogDebug("negated block");
754 
755  DetectAddressHead tmp_gh = { NULL, NULL };
756  DetectAddressHead tmp_ghn = { NULL, NULL };
757 
758  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
759  DetectAddressHeadCleanup(&tmp_gh);
760  DetectAddressHeadCleanup(&tmp_ghn);
761  goto error;
762  }
763 
764  DetectAddress *tmp_ad;
765  DetectAddress *tmp_ad2;
766 #ifdef DEBUG
767  SCLogDebug("tmp_gh: IPv4");
768  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
769  DetectAddressPrint(tmp_ad);
770  }
771  SCLogDebug("tmp_ghn: IPv4");
772  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
773  DetectAddressPrint(tmp_ad);
774  }
775  SCLogDebug("tmp_gh: IPv6");
776  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
777  DetectAddressPrint(tmp_ad);
778  }
779  SCLogDebug("tmp_ghn: IPv6");
780  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
781  DetectAddressPrint(tmp_ad);
782  }
783 #endif
784  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
785  DetectAddressHeadCleanup(&tmp_ghn);
786  DetectAddressHeadCleanup(&tmp_gh);
787  goto error;
788  }
789  DetectAddressHeadCleanup(&tmp_ghn);
790 
791  SCLogDebug("merged successfully");
792 
793  /* insert the IPv4 addresses into the negated list */
794  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
795  /* work with a copy of the address group */
796  tmp_ad2 = DetectAddressCopy(tmp_ad);
797  if (tmp_ad2 == NULL) {
798  SCLogDebug("DetectAddressCopy failed");
799  DetectAddressHeadCleanup(&tmp_gh);
800  goto error;
801  }
802  DetectAddressPrint(tmp_ad2);
803  DetectAddressInsert(NULL, ghn, tmp_ad2);
804  }
805 
806  /* insert the IPv6 addresses into the negated list */
807  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
808  /* work with a copy of the address group */
809  tmp_ad2 = DetectAddressCopy(tmp_ad);
810  if (tmp_ad2 == NULL) {
811  SCLogDebug("DetectAddressCopy failed");
812  DetectAddressHeadCleanup(&tmp_gh);
813  goto error;
814  }
815  DetectAddressPrint(tmp_ad2);
816  DetectAddressInsert(NULL, ghn, tmp_ad2);
817  }
818 
819  DetectAddressHeadCleanup(&tmp_gh);
820  }
821  n_set = 0;
822  }
823  depth--;
824  } else if (depth == 0 && s[u] == ',') {
825  if (o_set == 1) {
826  o_set = 0;
827  } else if (d_set == 1) {
828  address[x - 1] = '\0';
829 
830  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
832  if (rule_var_address == NULL)
833  goto error;
834 
835  if (strlen(rule_var_address) == 0) {
836  SCLogError("variable %s resolved "
837  "to nothing. This is likely a misconfiguration. "
838  "Note that a negated address needs to be quoted, "
839  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
840  s);
841  goto error;
842  }
843 
844  SCLogDebug("rule_var_address %s", rule_var_address);
845  if ((negate + n_set) % 2) {
846  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
847  const size_t str_size = strlen(rule_var_address) + 3 + 1;
848  temp_rule_var_address = SCMalloc(str_size);
849  if (unlikely(temp_rule_var_address == NULL))
850  goto error;
851  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
852  } else {
853  temp_rule_var_address = SCStrdup(rule_var_address);
854  if (unlikely(temp_rule_var_address == NULL))
855  goto error;
856  }
857 
858  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
859  (negate + n_set) % 2, var_list, recur) < 0) {
860  if (temp_rule_var_address != rule_var_address)
861  SCFree(temp_rule_var_address);
862  goto error;
863  }
864  d_set = 0;
865  n_set = 0;
866  SCFree(temp_rule_var_address);
867  } else {
868  address[x - 1] = '\0';
869 
870  if (!((negate + n_set) % 2)) {
871  SCLogDebug("DetectAddressSetup into gh, %s", address);
872  if (DetectAddressSetup(gh, address) < 0)
873  goto error;
874  } else {
875  SCLogDebug("DetectAddressSetup into ghn, %s", address);
876  if (DetectAddressSetup(ghn, address) < 0)
877  goto error;
878  }
879  n_set = 0;
880  }
881  x = 0;
882  } else if (depth == 0 && s[u] == '$') {
883  d_set = 1;
884  } else if (depth == 0 && u == size - 1) {
885  if (x == address_length) {
886  address[x - 1] = '\0';
887  } else {
888  address[x] = '\0';
889  }
890  x = 0;
891 
892  if (AddVariableToResolveList(var_list, address) == -1) {
893  SCLogError("Found a loop in a address "
894  "groups declaration. This is likely a misconfiguration.");
895  goto error;
896  }
897 
898  if (d_set == 1) {
899  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
901  if (rule_var_address == NULL)
902  goto error;
903 
904  if (strlen(rule_var_address) == 0) {
905  SCLogError("variable %s resolved "
906  "to nothing. This is likely a misconfiguration. "
907  "Note that a negated address needs to be quoted, "
908  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
909  s);
910  goto error;
911  }
912 
913  SCLogDebug("rule_var_address %s", rule_var_address);
914  if ((negate + n_set) % 2) {
915  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
916  const size_t str_size = strlen(rule_var_address) + 3 + 1;
917  temp_rule_var_address = SCMalloc(str_size);
918  if (unlikely(temp_rule_var_address == NULL))
919  goto error;
920  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
921  } else {
922  temp_rule_var_address = SCStrdup(rule_var_address);
923  if (unlikely(temp_rule_var_address == NULL))
924  goto error;
925  }
926 
927  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
928  (negate + n_set) % 2, var_list, recur) < 0) {
929  SCLogDebug("DetectAddressParse2 hates us");
930  if (temp_rule_var_address != rule_var_address)
931  SCFree(temp_rule_var_address);
932  goto error;
933  }
934  d_set = 0;
935  SCFree(temp_rule_var_address);
936  } else {
937  if (!((negate + n_set) % 2)) {
938  SCLogDebug("DetectAddressSetup into gh, %s", address);
939  if (DetectAddressSetup(gh, address) < 0) {
940  SCLogDebug("DetectAddressSetup gh fail");
941  goto error;
942  }
943  } else {
944  SCLogDebug("DetectAddressSetup into ghn, %s", address);
945  if (DetectAddressSetup(ghn, address) < 0) {
946  SCLogDebug("DetectAddressSetup ghn fail");
947  goto error;
948  }
949  }
950  }
951  n_set = 0;
952  }
953  }
954  if (depth > 0) {
955  SCLogError("not every address block was "
956  "properly closed in \"%s\", %d missing closing brackets (]). "
957  "Note: problem might be in a variable.",
958  s, depth);
959  goto error;
960  } else if (depth < 0) {
961  SCLogError("not every address block was "
962  "properly opened in \"%s\", %d missing opening brackets ([). "
963  "Note: problem might be in a variable.",
964  s, depth * -1);
965  goto error;
966  }
967 
968  return 0;
969 
970 error:
971 
972  return -1;
973 }
974 
975 /**
976  * \internal
977  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
978  *
979  * \retval Return value from DetectAddressParseInternal
980  */
981 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
982  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
983  int recur)
984 {
985  int rc;
986 #define MAX_ADDRESS_LENGTH 8192
987 
988  size_t address_length = strlen(s);
989  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
990  char *address = SCCalloc(1, address_length);
991  if (address == NULL) {
992  SCLogError("Unable to allocate"
993  " memory for address parsing.");
994  return -1;
995  }
996  rc = DetectAddressParseInternal(
997  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
998  SCFree(address);
999  } else {
1000  char address[MAX_ADDRESS_LENGTH] = "";
1001  rc = DetectAddressParseInternal(
1002  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1003  }
1004  return rc;
1005 }
1006 
1007 /**
1008  * \internal
1009  * \brief See if the addresses and ranges in an address head cover the
1010  * entire ip space.
1011  *
1012  * \param gh Pointer to the DetectAddressHead to check.
1013  *
1014  * \retval 0 No.
1015  * \retval 1 Yes.
1016  *
1017  * \todo do the same for IPv6
1018  */
1019 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1020 {
1022  if (r == 1)
1023  return 1;
1024 
1025  return 0;
1026 }
1027 
1028 /**
1029  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1030  *
1031  * \param gh Pointer to the address head containing the non-NOT groups.
1032  * \param ghn Pointer to the address head containing the NOT groups.
1033  *
1034  * \retval 0 On success.
1035  * \retval -1 On failure.
1036  */
1038 {
1039  DetectAddress *ad;
1040  DetectAddress *ag, *ag2;
1041  int r = 0;
1042 
1043  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1044  ghn->ipv4_head);
1045 
1046  /* check if the negated list covers the entire ip space. If so
1047  * the user screwed up the rules/vars. */
1048  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1049  SCLogError("Complete IP space negated. "
1050  "Rule address range is NIL. Probably have a !any or "
1051  "an address range that supplies a NULL address range");
1052  goto error;
1053  }
1054 
1055  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1056  * not thingy. In that case we add a 0.0.0.0/0 first. */
1057  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1058  r = DetectAddressSetup(gh, "0.0.0.0/0");
1059  if (r < 0) {
1060  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1061  goto error;
1062  }
1063  }
1064  /* ... or ::/0 for ipv6 */
1065  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1066  r = DetectAddressSetup(gh, "::/0");
1067  if (r < 0) {
1068  SCLogDebug("DetectAddressSetup for ::/0 failed");
1069  goto error;
1070  }
1071  }
1072 
1073  /* step 1: insert our ghn members into the gh list */
1074  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1075  /* work with a copy of the ad so we can easily clean up the ghn group
1076  * later. */
1077  ad = DetectAddressCopy(ag);
1078  if (ad == NULL) {
1079  SCLogDebug("DetectAddressCopy failed");
1080  goto error;
1081  }
1082 
1083  r = DetectAddressInsert(NULL, gh, ad);
1084  if (r < 0) {
1085  SCLogDebug("DetectAddressInsert failed");
1086  goto error;
1087  }
1088  }
1089  /* ... and the same for ipv6 */
1090  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1091  /* work with a copy of the ad so we can easily clean up the ghn group
1092  * later. */
1093  ad = DetectAddressCopy(ag);
1094  if (ad == NULL) {
1095  SCLogDebug("DetectAddressCopy failed");
1096  goto error;
1097  }
1098 
1099  r = DetectAddressInsert(NULL, gh, ad);
1100  if (r < 0) {
1101  SCLogDebug("DetectAddressInsert failed");
1102  goto error;
1103  }
1104  }
1105 #ifdef DEBUG
1106  DetectAddress *tmp_ad;
1107  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1108  DetectAddressPrint(tmp_ad);
1109  }
1110 #endif
1111  int ipv4_applied = 0;
1112  int ipv6_applied = 0;
1113 
1114  /* step 2: pull the address blocks that match our 'not' blocks */
1115  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1116  SCLogDebug("ag %p", ag);
1117  DetectAddressPrint(ag);
1118 
1119  int applied = 0;
1120  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1121  SCLogDebug("ag2 %p", ag2);
1122  DetectAddressPrint(ag2);
1123 
1124  r = DetectAddressCmp(ag, ag2);
1125  /* XXX more ??? */
1126  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1127  if (ag2->prev != NULL)
1128  ag2->prev->next = ag2->next;
1129  if (ag2->next != NULL)
1130  ag2->next->prev = ag2->prev;
1131  if (gh->ipv4_head == ag2)
1132  gh->ipv4_head = ag2->next;
1133  /* store the next ptr and remove the group */
1134  DetectAddress *next_ag2 = ag2->next;
1135  DetectAddressFree(ag2);
1136  ag2 = next_ag2;
1137  applied = 1;
1138  } else {
1139  ag2 = ag2->next;
1140  }
1141  }
1142 
1143  if (applied) {
1144  ipv4_applied++;
1145  }
1146  }
1147  /* ... and the same for ipv6 */
1148  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1149  int applied = 0;
1150  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1151  r = DetectAddressCmp(ag, ag2);
1152  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1153  if (ag2->prev != NULL)
1154  ag2->prev->next = ag2->next;
1155  if (ag2->next != NULL)
1156  ag2->next->prev = ag2->prev;
1157  if (gh->ipv6_head == ag2)
1158  gh->ipv6_head = ag2->next;
1159  /* store the next ptr and remove the group */
1160  DetectAddress *next_ag2 = ag2->next;
1161  DetectAddressFree(ag2);
1162  ag2 = next_ag2;
1163 
1164  SCLogDebug("applied");
1165  applied = 1;
1166  } else {
1167  ag2 = ag2->next;
1168  }
1169  }
1170  if (applied) {
1171  ipv6_applied++;
1172  }
1173  }
1174 #ifdef DEBUG
1175  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1176  DetectAddressPrint(tmp_ad);
1177  }
1178  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1179  DetectAddressPrint(tmp_ad);
1180  }
1181 #endif
1182  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1183  int cnt = 0;
1184  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1185  cnt++;
1186 
1187  if (ipv4_applied != cnt) {
1188  SCLogError("not all IPv4 negations "
1189  "could be applied: %d != %d",
1190  cnt, ipv4_applied);
1191  goto error;
1192  }
1193 
1194  cnt = 0;
1195  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1196  cnt++;
1197 
1198  if (ipv6_applied != cnt) {
1199  SCLogError("not all IPv6 negations "
1200  "could be applied: %d != %d",
1201  cnt, ipv6_applied);
1202  goto error;
1203  }
1204  }
1205 
1206  /* if the result is that we have no addresses we return error */
1207  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1208  SCLogError("no addresses left after "
1209  "merging addresses and negated addresses");
1210  goto error;
1211  }
1212 
1213  return 0;
1214 
1215 error:
1216  return -1;
1217 }
1218 
1220 {
1221  SCLogDebug("Testing address conf vars for any misconfigured values");
1222 
1223  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1224 
1225  SCConfNode *address_vars_node = SCConfGetNode("vars.address-groups");
1226  if (address_vars_node == NULL) {
1227  return 0;
1228  }
1229 
1230  DetectAddressHead *gh = NULL;
1231  DetectAddressHead *ghn = NULL;
1232 
1233  SCConfNode *seq_node;
1234  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1235  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1236 
1237  gh = DetectAddressHeadInit();
1238  if (gh == NULL) {
1239  goto error;
1240  }
1241  ghn = DetectAddressHeadInit();
1242  if (ghn == NULL) {
1243  goto error;
1244  }
1245 
1246  if (seq_node->val == NULL) {
1247  SCLogError("Address var \"%s\" probably has a sequence(something "
1248  "in brackets) value set without any quotes. Please "
1249  "quote it using \"..\".",
1250  seq_node->name);
1251  goto error;
1252  }
1253 
1254  int r = DetectAddressParse2(
1255  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1256 
1257  CleanVariableResolveList(&var_list);
1258 
1259  if (r < 0) {
1260  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1261  "Please check its syntax",
1262  seq_node->name, seq_node->val);
1263  goto error;
1264  }
1265 
1266  if (DetectAddressIsCompleteIPSpace(ghn)) {
1267  SCLogError("address var - \"%s\" has the complete IP space negated "
1268  "with its value \"%s\". Rule address range is NIL. "
1269  "Probably have a !any or an address range that supplies "
1270  "a NULL address range",
1271  seq_node->name, seq_node->val);
1272  goto error;
1273  }
1274 
1275  DetectAddressHeadFree(gh);
1276  DetectAddressHeadFree(ghn);
1277  ghn = NULL;
1278  }
1279 
1280  return 0;
1281  error:
1282  if (gh != NULL)
1283  DetectAddressHeadFree(gh);
1284  if (ghn != NULL)
1285  DetectAddressHeadFree(ghn);
1286  return -1;
1287 }
1288 
1289 #include "util-hash-lookup3.h"
1290 
1291 typedef struct DetectAddressMap_ {
1292  char *string;
1296 
1297 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1298 {
1299  const DetectAddressMap *map = (DetectAddressMap *)data;
1300  uint32_t hash = 0;
1301 
1302  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1303  hash %= ht->array_size;
1304 
1305  return hash;
1306 }
1307 
1308 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1309  uint16_t len2)
1310 {
1311  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1312  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1313 
1314  char r = (strcmp(map1->string, map2->string) == 0);
1315  return r;
1316 }
1317 
1318 static void DetectAddressMapFreeFunc(void *data)
1319 {
1320  DetectAddressMap *map = (DetectAddressMap *)data;
1321  if (map != NULL) {
1322  DetectAddressHeadFree(map->address);
1323  SCFree(map->string);
1324  }
1325  SCFree(map);
1326 }
1327 
1329 {
1330  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1331  DetectAddressMapCompareFunc,
1332  DetectAddressMapFreeFunc);
1333  if (de_ctx->address_table == NULL)
1334  return -1;
1335 
1336  return 0;
1337 }
1338 
1340 {
1341  if (de_ctx->address_table == NULL)
1342  return;
1343 
1345  de_ctx->address_table = NULL;
1346 }
1347 
1348 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1349  DetectAddressHead *address, bool contains_negation)
1350 {
1351  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1352  if (map == NULL)
1353  return false;
1354 
1355  map->string = SCStrdup(string);
1356  if (map->string == NULL) {
1357  SCFree(map);
1358  return false;
1359  }
1360  map->address = address;
1361  map->contains_negation = contains_negation;
1362 
1363  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1364  SCFree(map->string);
1365  SCFree(map);
1366  return false;
1367  }
1368 
1369  return true;
1370 }
1371 
1372 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1373  const char *string)
1374 {
1375  DetectAddressMap map = { (char *)string, NULL, false };
1376 
1378  &map, 0);
1379  return res;
1380 }
1381 
1382 /**
1383  * \brief Parses an address group sent as a character string and updates the
1384  * DetectAddressHead sent as the argument with the relevant address
1385  * ranges from the parsed string.
1386  *
1387  * \param de_ctx Pointer to the detection engine context
1388  * \param gh Pointer to the DetectAddressHead.
1389  * \param str Pointer to the character string containing the address group
1390  * that has to be parsed.
1391  *
1392  * \retval 1 On success. Contained negation.
1393  * \retval 0 On success. Did not contain negation.
1394  * \retval -1 On failure.
1395  */
1397  DetectAddressHead *gh, const char *str)
1398 {
1399  SCLogDebug("gh %p, str %s", gh, str);
1400 
1401  if (str == NULL) {
1402  SCLogDebug("DetectAddressParse can not be run with NULL address");
1403  return -1;
1404  }
1405 
1406  DetectAddressHead *ghn = DetectAddressHeadInit();
1407  if (ghn == NULL) {
1408  SCLogDebug("DetectAddressHeadInit for ghn failed");
1409  return -1;
1410  }
1411 
1412  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1413  if (r < 0) {
1414  SCLogDebug("DetectAddressParse2 returned %d", r);
1415  DetectAddressHeadFree(ghn);
1416  return -1;
1417  }
1418 
1419  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1420  ghn->ipv4_head);
1421 
1422  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1423 
1424  /* merge the 'not' address groups */
1425  if (DetectAddressMergeNot(gh, ghn) < 0) {
1426  SCLogDebug("DetectAddressMergeNot failed");
1427  DetectAddressHeadFree(ghn);
1428  return -1;
1429  }
1430 
1431  /* free the temp negate head */
1432  DetectAddressHeadFree(ghn);
1433  return contains_negation ? 1 : 0;
1434 }
1435 
1437  const char *string, bool *contains_negation)
1438 {
1439  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1440  if (res != NULL) {
1441  SCLogDebug("found: %s :: %p", string, res);
1442  *contains_negation = res->contains_negation;
1443  return res->address;
1444  }
1445 
1446  SCLogDebug("%s not found", string);
1447 
1448  DetectAddressHead *head = DetectAddressHeadInit();
1449  if (head == NULL)
1450  return NULL;
1451 
1452  const int r = DetectAddressParse(de_ctx, head, string);
1453  if (r < 0) {
1454  DetectAddressHeadFree(head);
1455  return NULL;
1456  } else if (r == 1) {
1457  *contains_negation = true;
1458  } else {
1459  *contains_negation = false;
1460  }
1461 
1462  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1463  DetectAddressHeadFree(head);
1464  return NULL;
1465  }
1466 
1467  return head;
1468 }
1469 
1470 /**
1471  * \brief Cleans a DetectAddressHead. The functions frees the address
1472  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1473  * instance.
1474  *
1475  * \param gh Pointer to the DetectAddressHead instance that has to be
1476  * cleaned.
1477  */
1479 {
1480  if (gh != NULL) {
1481  if (gh->ipv4_head != NULL) {
1482  DetectAddressCleanupList(gh->ipv4_head);
1483  gh->ipv4_head = NULL;
1484  }
1485  if (gh->ipv6_head != NULL) {
1486  DetectAddressCleanupList(gh->ipv6_head);
1487  gh->ipv6_head = NULL;
1488  }
1489  }
1490 }
1491 
1492 /**
1493  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1494  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1495  * explanations on what these functions do.
1496  *
1497  * \param de_ctx Pointer to the DetectEngineCtx.
1498  * \param a Pointer to the first address to be cut.
1499  * \param b Pointer to the second address to be cut.
1500  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1501  * ranges from a and b, demand a third address range.
1502  *
1503  * \retval 0 On success.
1504  * \retval -1 On failure.
1505  */
1506 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1507  DetectAddress *b, DetectAddress **c)
1508 {
1509  if (a->ip.family == AF_INET)
1510  return DetectAddressCutIPv4(de_ctx, a, b, c);
1511  else if (a->ip.family == AF_INET6)
1512  return DetectAddressCutIPv6(de_ctx, a, b, c);
1513 
1514  return -1;
1515 }
1516 
1517 /**
1518  * \brief Cuts a negated address range with respect to the entire ip range, and
1519  * supplies with the address range that doesn't belong to the negated
1520  * address range.
1521  *
1522  * There are 2 cases here -
1523  *
1524  * The first case includes the address being located at the extreme ends
1525  * of the ip space, in which we get a single range.
1526  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1527  *
1528  * The second case includes the address not present at either of the
1529  * ip space extremes, in which case we get 2 ranges. The second range
1530  * would be supplied back with the argument "b" supplied to this function.
1531  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1532  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1533  *
1534  * The above negation cases can similarly be extended to ranges, i.e.
1535  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1536  * ![10.20.30.40 - 10.20.30.50].
1537  *
1538  *
1539  * \param a Pointer to the DetectAddressData instance, that contains the negated
1540  * address range that has to be cut.
1541  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1542  * filled with the address range, if the argument "a", doesn't fall at
1543  * the extreme ends of the ip address space.
1544  *
1545  * \retval 0 On success.
1546  * \retval -1 On failure.
1547  */
1548 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1549 {
1550  if (a->ip.family == AF_INET)
1551  return DetectAddressCutNotIPv4(a, b);
1552  else if (a->ip.family == AF_INET6)
1553  return DetectAddressCutNotIPv6(a, b);
1554 
1555  return -1;
1556 }
1557 
1558 /**
1559  * \brief Used to compare 2 address ranges.
1560  *
1561  * \param a Pointer to the first DetectAddressData to be compared.
1562  * \param b Pointer to the second DetectAddressData to be compared.
1563  */
1565 {
1566  if (a->ip.family != b->ip.family)
1567  return ADDRESS_ER;
1568 
1569  if (a->ip.family == AF_INET)
1570  return DetectAddressCmpIPv4(a, b);
1571  else if (a->ip.family == AF_INET6)
1572  return DetectAddressCmpIPv6(a, b);
1573 
1574  return ADDRESS_ER;
1575 }
1576 
1577 /**
1578  * \brief Match a packets address against a signatures addrs array
1579  *
1580  * \param addrs array of DetectMatchAddressIPv4's
1581  * \param addrs_cnt array size in members
1582  * \param a packets address
1583  *
1584  * \retval 0 no match
1585  * \retval 1 match
1586  *
1587  * \note addresses in addrs are in host order
1588  *
1589  * \todo array should be ordered, so we can break out of the loop
1590  */
1592  uint16_t addrs_cnt, const Address *a)
1593 {
1594  SCEnter();
1595 
1596  if (addrs == NULL || addrs_cnt == 0) {
1597  SCReturnInt(0);
1598  }
1599 
1600  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1601  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1602  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1603  SCReturnInt(1);
1604  }
1605  }
1606 
1607  SCReturnInt(0);
1608 }
1609 
1610 /**
1611  * \brief Match a packets address against a signatures addrs array
1612  *
1613  * \param addrs array of DetectMatchAddressIPv6's
1614  * \param addrs_cnt array size in members
1615  * \param a packets address
1616  *
1617  * \retval 0 no match
1618  * \retval 1 match
1619  *
1620  * \note addresses in addrs are in host order
1621  *
1622  * \todo array should be ordered, so we can break out of the loop
1623  */
1625  uint16_t addrs_cnt, const Address *a)
1626 {
1627  SCEnter();
1628 
1629  if (addrs == NULL || addrs_cnt == 0) {
1630  SCReturnInt(0);
1631  }
1632 
1633  uint32_t match_addr[4];
1634  match_addr[0] = SCNtohl(a->addr_data32[0]);
1635  match_addr[1] = SCNtohl(a->addr_data32[1]);
1636  match_addr[2] = SCNtohl(a->addr_data32[2]);
1637  match_addr[3] = SCNtohl(a->addr_data32[3]);
1638 
1639  /* See if the packet address is within the range of any entry in the
1640  * signature's address match array.
1641  */
1642  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1643  uint16_t result1 = 0, result2 = 0;
1644 
1645  /* See if packet address equals either limit. Return 1 if true. */
1646  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1647  SCReturnInt(1);
1648  }
1649  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1650  SCReturnInt(1);
1651  }
1652 
1653  /* See if packet address is greater than lower limit
1654  * of the current signature address match pair.
1655  */
1656  for (int i = 0; i < 4; i++) {
1657  if (match_addr[i] > addrs[idx].ip[i]) {
1658  result1 = 1;
1659  break;
1660  }
1661  if (match_addr[i] < addrs[idx].ip[i]) {
1662  result1 = 0;
1663  break;
1664  }
1665  }
1666 
1667  /* If not greater than lower limit, try next address match entry */
1668  if (result1 == 0)
1669  continue;
1670 
1671  /* See if packet address is less than upper limit
1672  * of the current signature address match pair.
1673  */
1674  for (int i = 0; i < 4; i++) {
1675  if (match_addr[i] < addrs[idx].ip2[i]) {
1676  result2 = 1;
1677  break;
1678  }
1679  if (match_addr[i] > addrs[idx].ip2[i]) {
1680  result2 = 0;
1681  break;
1682  }
1683  }
1684 
1685  /* Return a match if packet address is between the two
1686  * signature address match limits.
1687  */
1688  if (result1 == 1 && result2 == 1)
1689  SCReturnInt(1);
1690  }
1691 
1692  SCReturnInt(0);
1693 }
1694 
1695 /**
1696  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1697  * range in the DetectAddress instance.
1698  *
1699  * We basically check that the address falls in between the address
1700  * range in DetectAddress.
1701  *
1702  * \param dd Pointer to the DetectAddress instance.
1703  * \param a Pointer to an Address instance.
1704  *
1705  * \param 1 On a match.
1706  * \param 0 On no match.
1707  */
1708 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1709 {
1710  SCEnter();
1711 
1712  if (dd->ip.family != a->family) {
1713  SCReturnInt(0);
1714  }
1715 
1716  //DetectAddressPrint(dd);
1717  //AddressDebugPrint(a);
1718 
1719  switch (a->family) {
1720  case AF_INET:
1721 
1722  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1723  * Address inside DetectAddressData we can do uint8_t checks */
1724  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1725  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1726  {
1727  SCReturnInt(1);
1728  } else {
1729  SCReturnInt(0);
1730  }
1731 
1732  break;
1733  case AF_INET6:
1734  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1735  AddressIPv6Le(a, &dd->ip2) == 1)
1736  {
1737  SCReturnInt(1);
1738  } else {
1739  SCReturnInt(0);
1740  }
1741 
1742  break;
1743  default:
1744  SCLogDebug("What other address type can we have :-/");
1745  break;
1746  }
1747 
1748  SCReturnInt(0);
1749 }
1750 
1751 #ifdef DEBUG
1752 /**
1753  * \brief Prints the address data held by the DetectAddress. If the address
1754  * data family is IPv4, we print the ipv4 address and mask, and
1755  * if the address data family is IPv6, we print the ipv6 address and
1756  * mask.
1757  *
1758  * \param ad Pointer to the DetectAddress instance to be printed.
1759  */
1760 static void DetectAddressPrint(DetectAddress *gr)
1761 {
1762  if (gr == NULL)
1763  return;
1764 
1765  if (gr->ip.family == AF_INET) {
1766  struct in_addr in;
1767  char ip[16], mask[16];
1768 
1769  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1770  PrintInet(AF_INET, &in, ip, sizeof(ip));
1771  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1772  PrintInet(AF_INET, &in, mask, sizeof(mask));
1773 
1774  SCLogDebug("%s/%s", ip, mask);
1775 // printf("%s/%s", ip, mask);
1776  } else if (gr->ip.family == AF_INET6) {
1777  struct in6_addr in6;
1778  char ip[66], mask[66];
1779 
1780  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1781  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1782  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1783  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1784 
1785  SCLogDebug("%s/%s", ip, mask);
1786 // printf("%s/%s", ip, mask);
1787  }
1788 }
1789 #endif
1790 
1791 /**
1792  * \brief Find the group matching address in a group head.
1793  *
1794  * \param gh Pointer to the address group head(DetectAddressHead instance).
1795  * \param a Pointer to an Address instance.
1796  *
1797  * \retval g On success pointer to an DetectAddress if we find a match
1798  * for the Address "a", in the DetectAddressHead "gh".
1799  */
1801 {
1802  SCEnter();
1803 
1804  DetectAddress *g = NULL;
1805 
1806  if (gh == NULL) {
1807  SCReturnPtr(NULL, "DetectAddress");
1808  }
1809 
1810  /* XXX should we really do this check every time we run this function? */
1811  if (a->family == AF_INET) {
1812  SCLogDebug("IPv4");
1813  g = gh->ipv4_head;
1814  } else if (a->family == AF_INET6) {
1815  SCLogDebug("IPv6");
1816  g = gh->ipv6_head;
1817  }
1818 
1819  for ( ; g != NULL; g = g->next) {
1820  if (DetectAddressMatch(g,a) == 1) {
1821  SCReturnPtr(g, "DetectAddress");
1822  }
1823  }
1824 
1825  SCReturnPtr(NULL, "DetectAddress");
1826 }
1827 
1828 /********************************Unittests*************************************/
1829 
1830 #ifdef UNITTESTS
1831 
1832 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1833 {
1834  char str1[46] = "", str2[46] = "";
1835 
1836  if (ad == NULL)
1837  return false;
1838 
1839  switch(ad->ip.family) {
1840  case AF_INET:
1841  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1842  SCLogDebug("%s", str1);
1843  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1844  SCLogDebug("%s", str2);
1845 
1846  if (strcmp(str1, one) != 0) {
1847  SCLogInfo("%s != %s", str1, one);
1848  return false;
1849  }
1850 
1851  if (strcmp(str2, two) != 0) {
1852  SCLogInfo("%s != %s", str2, two);
1853  return false;
1854  }
1855 
1856  return true;
1857  break;
1858 
1859  case AF_INET6:
1860  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1861  SCLogDebug("%s", str1);
1862  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1863  SCLogDebug("%s", str2);
1864 
1865  if (strcmp(str1, one) != 0) {
1866  SCLogInfo("%s != %s", str1, one);
1867  return false;
1868  }
1869 
1870  if (strcmp(str2, two) != 0) {
1871  SCLogInfo("%s != %s", str2, two);
1872  return false;
1873  }
1874 
1875  return true;
1876  break;
1877  }
1878 
1879  return false;
1880 }
1881 
1883  const char *one;
1884  const char *two;
1886 
1887 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1888 {
1889  int expect = nranges;
1890  int have = 0;
1891 
1892  if (gh == NULL)
1893  return false;
1894 
1895  DetectAddress *ad = NULL;
1896  ad = gh->ipv4_head;
1897  if (ad == NULL)
1898  ad = gh->ipv6_head;
1899  while (have < expect) {
1900  if (ad == NULL) {
1901  printf("bad head: have %d ranges, expected %d: ", have, expect);
1902  return false;
1903  }
1904 
1905  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1906  return false;
1907 
1908  ad = ad->next;
1909  have++;
1910  }
1911 
1912  return true;
1913 }
1914 
1915 static int AddressTestParse01(void)
1916 {
1917  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1918 
1919  if (dd) {
1920  DetectAddressFree(dd);
1921  return 1;
1922  }
1923 
1924  return 0;
1925 }
1926 
1927 static int AddressTestParse02(void)
1928 {
1929  int result = 1;
1930  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1931 
1932  if (dd) {
1933  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1934  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1935  result = 0;
1936  }
1937 
1938  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1939  DetectAddressFree(dd);
1940  return result;
1941  }
1942 
1943  return 0;
1944 }
1945 
1946 static int AddressTestParse03(void)
1947 {
1948  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1949 
1950  if (dd) {
1951  DetectAddressFree(dd);
1952  return 1;
1953  }
1954 
1955  return 0;
1956 }
1957 
1958 static int AddressTestParse04(void)
1959 {
1960  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1961  FAIL_IF_NULL(dd);
1962 
1963  char left[16], right[16];
1964  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1965  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1966  SCLogDebug("left %s right %s", left, right);
1967  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1968  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1969  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1970  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1971 
1972  DetectAddressFree(dd);
1973  PASS;
1974 }
1975 
1976 /** \test that address range sets proper start address */
1977 static int AddressTestParse04bug5081(void)
1978 {
1979  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1980  FAIL_IF_NULL(dd);
1981 
1982  char left[16], right[16];
1983  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1984  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1985  SCLogDebug("left %s right %s", left, right);
1986  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1987  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1988 
1989  DetectAddressFree(dd);
1990  PASS;
1991 }
1992 
1993 static int AddressTestParse05(void)
1994 {
1995  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1996 
1997  if (dd) {
1998  DetectAddressFree(dd);
1999  return 1;
2000  }
2001 
2002  return 0;
2003 }
2004 
2005 static int AddressTestParse06(void)
2006 {
2007  int result = 1;
2008  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2009 
2010  if (dd) {
2011  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2012  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2013  result = 0;
2014  }
2015 
2016  DetectAddressFree(dd);
2017  return result;
2018  }
2019 
2020  return 0;
2021 }
2022 
2023 static int AddressTestParse07(void)
2024 {
2025  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2026 
2027  if (dd) {
2028  DetectAddressFree(dd);
2029  return 1;
2030  }
2031 
2032  return 0;
2033 }
2034 
2035 static int AddressTestParse08(void)
2036 {
2037  int result = 1;
2038  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2039 
2040  if (dd) {
2041  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2042  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2043 
2044  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2045  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2046  DetectAddressPrint(dd);
2047  result = 0;
2048  }
2049 
2050  DetectAddressFree(dd);
2051  return result;
2052  }
2053 
2054  return 0;
2055 }
2056 
2057 static int AddressTestParse09(void)
2058 {
2059  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2060 
2061  if (dd) {
2062  DetectAddressFree(dd);
2063  return 1;
2064  }
2065 
2066  return 0;
2067 }
2068 
2069 static int AddressTestParse10(void)
2070 {
2071  int result = 1;
2072  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2073 
2074  if (dd) {
2075  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2076  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2077 
2078  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2079  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2080  DetectAddressPrint(dd);
2081  result = 0;
2082  }
2083 
2084  DetectAddressFree(dd);
2085  return result;
2086  }
2087 
2088  return 0;
2089 }
2090 
2091 static int AddressTestParse11(void)
2092 {
2093  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2094 
2095  if (dd) {
2096  DetectAddressFree(dd);
2097  return 1;
2098  }
2099 
2100  return 0;
2101 }
2102 
2103 static int AddressTestParse12(void)
2104 {
2105  int result = 1;
2106  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2107 
2108  if (dd) {
2109  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2110  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2111 
2112  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2113  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2114  DetectAddressPrint(dd);
2115  result = 0;
2116  }
2117 
2118  DetectAddressFree(dd);
2119  return result;
2120  }
2121 
2122  return 0;
2123 }
2124 static int AddressTestParse13(void)
2125 {
2126  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2127 
2128  if (dd) {
2129  DetectAddressFree(dd);
2130  return 1;
2131  }
2132 
2133  return 0;
2134 }
2135 
2136 static int AddressTestParse14(void)
2137 {
2138  int result = 1;
2139  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2140 
2141  if (dd) {
2142  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2143  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2144 
2145  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2146  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2147  result = 0;
2148  }
2149 
2150  DetectAddressFree(dd);
2151  return result;
2152  }
2153 
2154  return 0;
2155 }
2156 
2157 static int AddressTestParse15(void)
2158 {
2159  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2160 
2161  if (dd) {
2162  DetectAddressFree(dd);
2163  return 1;
2164  }
2165 
2166  return 0;
2167 }
2168 
2169 static int AddressTestParse16(void)
2170 {
2171  int result = 1;
2172  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2173 
2174  if (dd) {
2175  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2176  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2177 
2178  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2179  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2180  result = 0;
2181  }
2182 
2183  DetectAddressFree(dd);
2184  return result;
2185  }
2186 
2187  return 0;
2188 }
2189 
2190 static int AddressTestParse17(void)
2191 {
2192  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2193 
2194  if (dd) {
2195  DetectAddressFree(dd);
2196  return 1;
2197  }
2198 
2199  return 0;
2200 }
2201 
2202 static int AddressTestParse18(void)
2203 {
2204  int result = 1;
2205  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2206 
2207  if (dd) {
2208  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2209  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2210  result = 0;
2211  }
2212 
2213  DetectAddressFree(dd);
2214  return result;
2215  }
2216 
2217  return 0;
2218 }
2219 
2220 static int AddressTestParse19(void)
2221 {
2222  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2223 
2224  if (dd) {
2225  DetectAddressFree(dd);
2226  return 0;
2227  }
2228 
2229  return 1;
2230 }
2231 
2232 static int AddressTestParse20(void)
2233 {
2234  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2235 
2236  if (dd) {
2237  DetectAddressFree(dd);
2238  return 1;
2239  }
2240 
2241  return 0;
2242 }
2243 
2244 static int AddressTestParse21(void)
2245 {
2246  int result = 1;
2247  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2248 
2249  if (dd) {
2250  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2251  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2252 
2253  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2254  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2255  result = 0;
2256  }
2257 
2258  DetectAddressFree(dd);
2259  return result;
2260  }
2261 
2262  return 0;
2263 }
2264 
2265 static int AddressTestParse22(void)
2266 {
2267  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2268 
2269  if (dd) {
2270  DetectAddressFree(dd);
2271  return 0;
2272  }
2273 
2274  return 1;
2275 }
2276 
2277 static int AddressTestParse23(void)
2278 {
2279  DetectAddressHead *gh = DetectAddressHeadInit();
2280  FAIL_IF_NULL(gh);
2281  int r = DetectAddressParse(NULL, gh, "any");
2282  FAIL_IF_NOT(r == 0);
2283  DetectAddressHeadFree(gh);
2284  PASS;
2285 }
2286 
2287 static int AddressTestParse24(void)
2288 {
2289  DetectAddressHead *gh = DetectAddressHeadInit();
2290  FAIL_IF_NULL(gh);
2291  int r = DetectAddressParse(NULL, gh, "Any");
2292  FAIL_IF_NOT(r == 0);
2293  DetectAddressHeadFree(gh);
2294  PASS;
2295 }
2296 
2297 static int AddressTestParse25(void)
2298 {
2299  DetectAddressHead *gh = DetectAddressHeadInit();
2300  FAIL_IF_NULL(gh);
2301  int r = DetectAddressParse(NULL, gh, "ANY");
2302  FAIL_IF_NOT(r == 0);
2303  DetectAddressHeadFree(gh);
2304  PASS;
2305 }
2306 
2307 /** \test recursion limit */
2308 static int AddressTestParse26(void)
2309 {
2310  DetectAddressHead *gh = DetectAddressHeadInit();
2311  FAIL_IF_NULL(gh);
2312  /* exactly 64: should pass */
2313  int r = DetectAddressParse(NULL, gh,
2314  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2315  "1.2.3.4"
2316  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2317  );
2318  FAIL_IF_NOT(r == 0);
2319  DetectAddressHeadFree(gh);
2320  gh = DetectAddressHeadInit();
2321  FAIL_IF_NULL(gh);
2322  /* exactly 65: should fail */
2323  r = DetectAddressParse(NULL, gh,
2324  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2325  "1.2.3.4"
2326  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2327  );
2328  FAIL_IF(r == 0);
2329  DetectAddressHeadFree(gh);
2330  PASS;
2331 }
2332 
2333 static int AddressTestParse27(void)
2334 {
2335  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2336 
2337  if (dd) {
2338  DetectAddressFree(dd);
2339  return 1;
2340  }
2341 
2342  return 0;
2343 }
2344 
2345 static int AddressTestParse28(void)
2346 {
2347  int result = 0;
2348  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2349 
2350  if (dd) {
2351  if (dd->flags & ADDRESS_FLAG_NOT &&
2352  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2353  result = 1;
2354  }
2355 
2356  DetectAddressFree(dd);
2357  return result;
2358  }
2359 
2360  return 0;
2361 }
2362 
2363 static int AddressTestParse29(void)
2364 {
2365  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2366 
2367  if (dd) {
2368  DetectAddressFree(dd);
2369  return 1;
2370  }
2371 
2372  return 0;
2373 }
2374 
2375 static int AddressTestParse30(void)
2376 {
2377  int result = 0;
2378  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2379 
2380  if (dd) {
2381  if (dd->flags & ADDRESS_FLAG_NOT &&
2382  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2383  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2384  result = 1;
2385  }
2386 
2387  DetectAddressFree(dd);
2388  return result;
2389  }
2390 
2391  return 0;
2392 }
2393 
2394 /**
2395  * \test make sure !any is rejected
2396  */
2397 static int AddressTestParse31(void)
2398 {
2399  DetectAddress *dd = DetectAddressParseSingle("!any");
2400 
2401  if (dd) {
2402  DetectAddressFree(dd);
2403  return 0;
2404  }
2405 
2406  return 1;
2407 }
2408 
2409 static int AddressTestParse32(void)
2410 {
2411  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2412 
2413  if (dd) {
2414  DetectAddressFree(dd);
2415  return 1;
2416  }
2417 
2418  return 0;
2419 }
2420 
2421 static int AddressTestParse33(void)
2422 {
2423  int result = 0;
2424  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2425 
2426  if (dd) {
2427  if (dd->flags & ADDRESS_FLAG_NOT &&
2428  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2429  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2430  result = 1;
2431  }
2432 
2433  DetectAddressFree(dd);
2434  return result;
2435  }
2436 
2437  return 0;
2438 }
2439 
2440 static int AddressTestParse34(void)
2441 {
2442  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2443 
2444  if (dd) {
2445  DetectAddressFree(dd);
2446  return 1;
2447  }
2448 
2449  return 0;
2450 }
2451 
2452 static int AddressTestParse35(void)
2453 {
2454  int result = 0;
2455  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2456 
2457  if (dd) {
2458  if (dd->flags & ADDRESS_FLAG_NOT &&
2459  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2460  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2461 
2462  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2463  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2464  result = 1;
2465  }
2466 
2467  DetectAddressFree(dd);
2468  return result;
2469  }
2470 
2471  return 0;
2472 }
2473 
2474 static int AddressTestParse36(void)
2475 {
2476  int result = 1;
2477  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2478 
2479  if (dd) {
2480  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2481  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2482 
2483  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2484  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2485 
2486  DetectAddressPrint(dd);
2487  result = 0;
2488  }
2489  DetectAddressPrint(dd);
2490 
2491  DetectAddressFree(dd);
2492  return result;
2493  }
2494 
2495  return 0;
2496 }
2497 
2498 static int AddressTestParse37(void)
2499 {
2500  int result = 1;
2501  DetectAddress *dd = DetectAddressParseSingle("::/0");
2502 
2503  if (dd) {
2504  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2505  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2506 
2507  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2508  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2509  DetectAddressPrint(dd);
2510  result = 0;
2511  }
2512  DetectAddressPrint(dd);
2513 
2514  DetectAddressFree(dd);
2515  return result;
2516  }
2517 
2518  return 0;
2519 }
2520 
2521 static int AddressTestMatch01(void)
2522 {
2523  DetectAddress *dd = NULL;
2524  int result = 1;
2525  struct in_addr in;
2526  Address a;
2527 
2528  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2529  return 0;
2530  memset(&a, 0, sizeof(Address));
2531  a.family = AF_INET;
2532  a.addr_data32[0] = in.s_addr;
2533 
2534  dd = DetectAddressParseSingle("1.2.3.4/24");
2535  if (dd) {
2536  if (DetectAddressMatch(dd, &a) == 0)
2537  result = 0;
2538 
2539  DetectAddressFree(dd);
2540  return result;
2541  }
2542 
2543  return 0;
2544 }
2545 
2546 static int AddressTestMatch02(void)
2547 {
2548  DetectAddress *dd = NULL;
2549  int result = 1;
2550  struct in_addr in;
2551  Address a;
2552 
2553  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2554  return 0;
2555  memset(&a, 0, sizeof(Address));
2556  a.family = AF_INET;
2557  a.addr_data32[0] = in.s_addr;
2558 
2559  dd = DetectAddressParseSingle("1.2.3.4/25");
2560  if (dd) {
2561  if (DetectAddressMatch(dd, &a) == 0)
2562  result = 0;
2563 
2564  DetectAddressFree(dd);
2565  return result;
2566  }
2567 
2568  return 0;
2569 }
2570 
2571 static int AddressTestMatch03(void)
2572 {
2573  DetectAddress *dd = NULL;
2574  int result = 1;
2575  struct in_addr in;
2576  Address a;
2577 
2578  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2579  return 0;
2580  memset(&a, 0, sizeof(Address));
2581  a.family = AF_INET;
2582  a.addr_data32[0] = in.s_addr;
2583 
2584  dd = DetectAddressParseSingle("1.2.3.4/25");
2585  if (dd) {
2586  if (DetectAddressMatch(dd, &a) == 1)
2587  result = 0;
2588 
2589  DetectAddressFree(dd);
2590  return result;
2591  }
2592 
2593  return 0;
2594 }
2595 
2596 static int AddressTestMatch04(void)
2597 {
2598  DetectAddress *dd = NULL;
2599  int result = 1;
2600  struct in_addr in;
2601  Address a;
2602 
2603  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2604  return 0;
2605  memset(&a, 0, sizeof(Address));
2606  a.family = AF_INET;
2607  a.addr_data32[0] = in.s_addr;
2608 
2609  dd = DetectAddressParseSingle("1.2.3.4/25");
2610  if (dd) {
2611  if (DetectAddressMatch(dd, &a) == 1)
2612  result = 0;
2613 
2614  DetectAddressFree(dd);
2615  return result;
2616  }
2617 
2618  return 0;
2619 }
2620 
2621 static int AddressTestMatch05(void)
2622 {
2623  DetectAddress *dd = NULL;
2624  int result = 1;
2625  struct in_addr in;
2626  Address a;
2627 
2628  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2629  return 0;
2630  memset(&a, 0, sizeof(Address));
2631  a.family = AF_INET;
2632  a.addr_data32[0] = in.s_addr;
2633 
2634  dd = DetectAddressParseSingle("1.2.3.4/32");
2635  if (dd) {
2636  if (DetectAddressMatch(dd, &a) == 0)
2637  result = 0;
2638 
2639  DetectAddressFree(dd);
2640  return result;
2641  }
2642 
2643  return 0;
2644 }
2645 
2646 static int AddressTestMatch06(void)
2647 {
2648  DetectAddress *dd = NULL;
2649  int result = 1;
2650  struct in_addr in;
2651  Address a;
2652 
2653  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2654  return 0;
2655  memset(&a, 0, sizeof(Address));
2656  a.family = AF_INET;
2657  a.addr_data32[0] = in.s_addr;
2658 
2659  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2660  if (dd) {
2661  if (DetectAddressMatch(dd, &a) == 0)
2662  result = 0;
2663 
2664  DetectAddressFree(dd);
2665  return result;
2666  }
2667 
2668  return 0;
2669 }
2670 
2671 static int AddressTestMatch07(void)
2672 {
2673  DetectAddress *dd = NULL;
2674  int result = 1;
2675  struct in6_addr in6;
2676  Address a;
2677 
2678  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2679  return 0;
2680  memset(&a, 0, sizeof(Address));
2681  a.family = AF_INET6;
2682  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2683 
2684  dd = DetectAddressParseSingle("2001::/3");
2685  if (dd) {
2686  if (DetectAddressMatch(dd, &a) == 0)
2687  result = 0;
2688 
2689  DetectAddressFree(dd);
2690  return result;
2691  }
2692 
2693  return 0;
2694 }
2695 
2696 static int AddressTestMatch08(void)
2697 {
2698  DetectAddress *dd = NULL;
2699  int result = 1;
2700  struct in6_addr in6;
2701  Address a;
2702 
2703  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2704  return 0;
2705  memset(&a, 0, sizeof(Address));
2706  a.family = AF_INET6;
2707  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2708 
2709  dd = DetectAddressParseSingle("2001::/3");
2710  if (dd) {
2711  if (DetectAddressMatch(dd, &a) == 1)
2712  result = 0;
2713 
2714  DetectAddressFree(dd);
2715  return result;
2716  }
2717 
2718  return 0;
2719 }
2720 
2721 static int AddressTestMatch09(void)
2722 {
2723  DetectAddress *dd = NULL;
2724  int result = 1;
2725  struct in6_addr in6;
2726  Address a;
2727 
2728  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2729  return 0;
2730  memset(&a, 0, sizeof(Address));
2731  a.family = AF_INET6;
2732  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2733 
2734  dd = DetectAddressParseSingle("2001::1/128");
2735  if (dd) {
2736  if (DetectAddressMatch(dd, &a) == 1)
2737  result = 0;
2738 
2739  DetectAddressFree(dd);
2740  return result;
2741  }
2742 
2743  return 0;
2744 }
2745 
2746 static int AddressTestMatch10(void)
2747 {
2748  DetectAddress *dd = NULL;
2749  int result = 1;
2750  struct in6_addr in6;
2751  Address a;
2752 
2753  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2754  return 0;
2755  memset(&a, 0, sizeof(Address));
2756  a.family = AF_INET6;
2757  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2758 
2759  dd = DetectAddressParseSingle("2001::1/126");
2760  if (dd) {
2761  if (DetectAddressMatch(dd, &a) == 0)
2762  result = 0;
2763 
2764  DetectAddressFree(dd);
2765  return result;
2766  }
2767 
2768  return 0;
2769 }
2770 
2771 static int AddressTestMatch11(void)
2772 {
2773  DetectAddress *dd = NULL;
2774  int result = 1;
2775  struct in6_addr in6;
2776  Address a;
2777 
2778  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2779  return 0;
2780  memset(&a, 0, sizeof(Address));
2781  a.family = AF_INET6;
2782  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2783 
2784  dd = DetectAddressParseSingle("2001::1/127");
2785  if (dd) {
2786  if (DetectAddressMatch(dd, &a) == 1)
2787  result = 0;
2788 
2789  DetectAddressFree(dd);
2790  return result;
2791  }
2792 
2793  return 0;
2794 }
2795 
2796 static int AddressTestCmp01(void)
2797 {
2798  DetectAddress *da = NULL, *db = NULL;
2799  int result = 1;
2800 
2801  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2802  if (da == NULL) goto error;
2803  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2804  if (db == NULL) goto error;
2805 
2806  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2807  result = 0;
2808 
2809  DetectAddressFree(da);
2810  DetectAddressFree(db);
2811  return result;
2812 
2813 error:
2814  if (da) DetectAddressFree(da);
2815  if (db) DetectAddressFree(db);
2816  return 0;
2817 }
2818 
2819 static int AddressTestCmp02(void)
2820 {
2821  DetectAddress *da = NULL, *db = NULL;
2822  int result = 1;
2823 
2824  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2825  if (da == NULL) goto error;
2826  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2827  if (db == NULL) goto error;
2828 
2829  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2830  result = 0;
2831 
2832  DetectAddressFree(da);
2833  DetectAddressFree(db);
2834  return result;
2835 
2836 error:
2837  if (da) DetectAddressFree(da);
2838  if (db) DetectAddressFree(db);
2839  return 0;
2840 }
2841 
2842 static int AddressTestCmp03(void)
2843 {
2844  DetectAddress *da = NULL, *db = NULL;
2845  int result = 1;
2846 
2847  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2848  if (da == NULL) goto error;
2849  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2850  if (db == NULL) goto error;
2851 
2852  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2853  result = 0;
2854 
2855  DetectAddressFree(da);
2856  DetectAddressFree(db);
2857  return result;
2858 
2859 error:
2860  if (da) DetectAddressFree(da);
2861  if (db) DetectAddressFree(db);
2862  return 0;
2863 }
2864 
2865 static int AddressTestCmp04(void)
2866 {
2867  DetectAddress *da = NULL, *db = NULL;
2868  int result = 1;
2869 
2870  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2871  if (da == NULL) goto error;
2872  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2873  if (db == NULL) goto error;
2874 
2875  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2876  result = 0;
2877 
2878  DetectAddressFree(da);
2879  DetectAddressFree(db);
2880  return result;
2881 
2882 error:
2883  if (da) DetectAddressFree(da);
2884  if (db) DetectAddressFree(db);
2885  return 0;
2886 }
2887 
2888 static int AddressTestCmp05(void)
2889 {
2890  DetectAddress *da = NULL, *db = NULL;
2891  int result = 1;
2892 
2893  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2894  if (da == NULL) goto error;
2895  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2896  if (db == NULL) goto error;
2897 
2898  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2899  result = 0;
2900 
2901  DetectAddressFree(da);
2902  DetectAddressFree(db);
2903  return result;
2904 
2905 error:
2906  if (da) DetectAddressFree(da);
2907  if (db) DetectAddressFree(db);
2908  return 0;
2909 }
2910 
2911 static int AddressTestCmp06(void)
2912 {
2913  DetectAddress *da = NULL, *db = NULL;
2914  int result = 1;
2915 
2916  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2917  if (da == NULL) goto error;
2918  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2919  if (db == NULL) goto error;
2920 
2921  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2922  result = 0;
2923 
2924  DetectAddressFree(da);
2925  DetectAddressFree(db);
2926  return result;
2927 
2928 error:
2929  if (da) DetectAddressFree(da);
2930  if (db) DetectAddressFree(db);
2931  return 0;
2932 }
2933 
2934 static int AddressTestCmpIPv407(void)
2935 {
2936  DetectAddress *da = NULL, *db = NULL;
2937  int result = 1;
2938 
2939  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2940  if (da == NULL) goto error;
2941  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2942  if (db == NULL) goto error;
2943 
2944  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2945  result = 0;
2946 
2947  DetectAddressFree(da);
2948  DetectAddressFree(db);
2949  return result;
2950 
2951 error:
2952  if (da) DetectAddressFree(da);
2953  if (db) DetectAddressFree(db);
2954  return 0;
2955 }
2956 
2957 static int AddressTestCmpIPv408(void)
2958 {
2959  DetectAddress *da = NULL, *db = NULL;
2960  int result = 1;
2961 
2962  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2963  if (da == NULL) goto error;
2964  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2965  if (db == NULL) goto error;
2966 
2967  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2968  result = 0;
2969 
2970  DetectAddressFree(da);
2971  DetectAddressFree(db);
2972  return result;
2973 
2974 error:
2975  if (da) DetectAddressFree(da);
2976  if (db) DetectAddressFree(db);
2977  return 0;
2978 }
2979 
2980 static int AddressTestCmp07(void)
2981 {
2982  DetectAddress *da = NULL, *db = NULL;
2983  int result = 1;
2984 
2985  da = DetectAddressParseSingle("2001::/3");
2986  if (da == NULL) goto error;
2987  db = DetectAddressParseSingle("2001::1/3");
2988  if (db == NULL) goto error;
2989 
2990  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2991  result = 0;
2992 
2993  DetectAddressFree(da);
2994  DetectAddressFree(db);
2995  return result;
2996 
2997 error:
2998  if (da) DetectAddressFree(da);
2999  if (db) DetectAddressFree(db);
3000  return 0;
3001 }
3002 
3003 static int AddressTestCmp08(void)
3004 {
3005  DetectAddress *da = NULL, *db = NULL;
3006  int result = 1;
3007 
3008  da = DetectAddressParseSingle("2001::/3");
3009  if (da == NULL) goto error;
3010  db = DetectAddressParseSingle("2001::/8");
3011  if (db == NULL) goto error;
3012 
3013  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3014  result = 0;
3015 
3016  DetectAddressFree(da);
3017  DetectAddressFree(db);
3018  return result;
3019 
3020 error:
3021  if (da) DetectAddressFree(da);
3022  if (db) DetectAddressFree(db);
3023  return 0;
3024 }
3025 
3026 static int AddressTestCmp09(void)
3027 {
3028  DetectAddress *da = NULL, *db = NULL;
3029  int result = 1;
3030 
3031  da = DetectAddressParseSingle("2001::/8");
3032  if (da == NULL) goto error;
3033  db = DetectAddressParseSingle("2001::/3");
3034  if (db == NULL) goto error;
3035 
3036  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3037  result = 0;
3038 
3039  DetectAddressFree(da);
3040  DetectAddressFree(db);
3041  return result;
3042 
3043 error:
3044  if (da) DetectAddressFree(da);
3045  if (db) DetectAddressFree(db);
3046  return 0;
3047 }
3048 
3049 static int AddressTestCmp10(void)
3050 {
3051  DetectAddress *da = NULL, *db = NULL;
3052  int result = 1;
3053 
3054  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3055  if (da == NULL) goto error;
3056  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3057  if (db == NULL) goto error;
3058 
3059  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3060  result = 0;
3061 
3062  DetectAddressFree(da);
3063  DetectAddressFree(db);
3064  return result;
3065 
3066 error:
3067  if (da) DetectAddressFree(da);
3068  if (db) DetectAddressFree(db);
3069  return 0;
3070 }
3071 
3072 static int AddressTestCmp11(void)
3073 {
3074  DetectAddress *da = NULL, *db = NULL;
3075  int result = 1;
3076 
3077  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3078  if (da == NULL) goto error;
3079  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3080  if (db == NULL) goto error;
3081 
3082  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3083  result = 0;
3084 
3085  DetectAddressFree(da);
3086  DetectAddressFree(db);
3087  return result;
3088 
3089 error:
3090  if (da) DetectAddressFree(da);
3091  if (db) DetectAddressFree(db);
3092  return 0;
3093 }
3094 
3095 static int AddressTestCmp12(void)
3096 {
3097  DetectAddress *da = NULL, *db = NULL;
3098  int result = 1;
3099 
3100  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3101  if (da == NULL) goto error;
3102  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3103  if (db == NULL) goto error;
3104 
3105  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3106  result = 0;
3107 
3108  DetectAddressFree(da);
3109  DetectAddressFree(db);
3110  return result;
3111 
3112 error:
3113  if (da) DetectAddressFree(da);
3114  if (db) DetectAddressFree(db);
3115  return 0;
3116 }
3117 
3118 static int AddressTestAddressGroupSetup01(void)
3119 {
3120  int result = 0;
3121  DetectAddressHead *gh = DetectAddressHeadInit();
3122 
3123  if (gh != NULL) {
3124  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3125  if (r == 0)
3126  result = 1;
3127 
3128  DetectAddressHeadFree(gh);
3129  }
3130  return result;
3131 }
3132 
3133 static int AddressTestAddressGroupSetup02(void)
3134 {
3135  int result = 0;
3136  DetectAddressHead *gh = DetectAddressHeadInit();
3137 
3138  if (gh != NULL) {
3139  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3140  if (r == 0 && gh->ipv4_head != NULL)
3141  result = 1;
3142 
3143  DetectAddressHeadFree(gh);
3144  }
3145  return result;
3146 }
3147 
3148 static int AddressTestAddressGroupSetup03(void)
3149 {
3150  int result = 0;
3151  DetectAddressHead *gh = DetectAddressHeadInit();
3152 
3153  if (gh != NULL) {
3154  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3155  if (r == 0 && gh->ipv4_head != NULL) {
3156  DetectAddress *prev_head = gh->ipv4_head;
3157 
3158  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3159  if (r == 0 && gh->ipv4_head != prev_head &&
3160  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3161  result = 1;
3162  }
3163  }
3164 
3165  DetectAddressHeadFree(gh);
3166  }
3167  return result;
3168 }
3169 
3170 static int AddressTestAddressGroupSetup04(void)
3171 {
3172  int result = 0;
3173  DetectAddressHead *gh = DetectAddressHeadInit();
3174 
3175  if (gh != NULL) {
3176  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3177  if (r == 0 && gh->ipv4_head != NULL) {
3178  DetectAddress *prev_head = gh->ipv4_head;
3179 
3180  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3181  if (r == 0 && gh->ipv4_head != prev_head &&
3182  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3183  DetectAddress *ph = gh->ipv4_head;
3184 
3185  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3186  if (r == 0 && gh->ipv4_head != ph &&
3187  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3188  result = 1;
3189  }
3190  }
3191  }
3192 
3193  DetectAddressHeadFree(gh);
3194  }
3195  return result;
3196 }
3197 
3198 static int AddressTestAddressGroupSetup05(void)
3199 {
3200  int result = 0;
3201  DetectAddressHead *gh = DetectAddressHeadInit();
3202 
3203  if (gh != NULL) {
3204  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3205  if (r == 0 && gh->ipv4_head != NULL) {
3206  DetectAddress *prev_head = gh->ipv4_head;
3207 
3208  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3209  if (r == 0 && gh->ipv4_head == prev_head &&
3210  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3211  DetectAddress *ph = gh->ipv4_head;
3212 
3213  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3214  if (r == 0 && gh->ipv4_head == ph &&
3215  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3216  result = 1;
3217  }
3218  }
3219  }
3220 
3221  DetectAddressHeadFree(gh);
3222  }
3223  return result;
3224 }
3225 
3226 static int AddressTestAddressGroupSetup06(void)
3227 {
3228  int result = 0;
3229  DetectAddressHead *gh = DetectAddressHeadInit();
3230 
3231  if (gh != NULL) {
3232  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3233  if (r == 0 && gh->ipv4_head != NULL) {
3234  DetectAddress *prev_head = gh->ipv4_head;
3235 
3236  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3237  if (r == 0 && gh->ipv4_head == prev_head &&
3238  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3239  result = 1;
3240  }
3241  }
3242 
3243  DetectAddressHeadFree(gh);
3244  }
3245  return result;
3246 }
3247 
3248 static int AddressTestAddressGroupSetup07(void)
3249 {
3250  int result = 0;
3251  DetectAddressHead *gh = DetectAddressHeadInit();
3252 
3253  if (gh != NULL) {
3254  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3255  if (r == 0 && gh->ipv4_head != NULL) {
3256  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3257  if (r == 0 && gh->ipv4_head != NULL &&
3258  gh->ipv4_head->next != NULL &&
3259  gh->ipv4_head->next->next != NULL) {
3260  result = 1;
3261  }
3262  }
3263 
3264  DetectAddressHeadFree(gh);
3265  }
3266  return result;
3267 }
3268 
3269 static int AddressTestAddressGroupSetup08(void)
3270 {
3271  int result = 0;
3272  DetectAddressHead *gh = DetectAddressHeadInit();
3273 
3274  if (gh != NULL) {
3275  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3276  if (r == 0 && gh->ipv4_head != NULL) {
3277  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3278  if (r == 0 && gh->ipv4_head != NULL &&
3279  gh->ipv4_head->next != NULL &&
3280  gh->ipv4_head->next->next != NULL) {
3281  result = 1;
3282  }
3283  }
3284 
3285  DetectAddressHeadFree(gh);
3286  }
3287  return result;
3288 }
3289 
3290 static int AddressTestAddressGroupSetup09(void)
3291 {
3292  int result = 0;
3293  DetectAddressHead *gh = DetectAddressHeadInit();
3294 
3295  if (gh != NULL) {
3296  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3297  if (r == 0 && gh->ipv4_head != NULL) {
3298  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3299  if (r == 0 && gh->ipv4_head != NULL &&
3300  gh->ipv4_head->next != NULL &&
3301  gh->ipv4_head->next->next != NULL) {
3302  result = 1;
3303  }
3304  }
3305 
3306  DetectAddressHeadFree(gh);
3307  }
3308  return result;
3309 }
3310 
3311 static int AddressTestAddressGroupSetup10(void)
3312 {
3313  int result = 0;
3314  DetectAddressHead *gh = DetectAddressHeadInit();
3315 
3316  if (gh != NULL) {
3317  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3318  if (r == 0 && gh->ipv4_head != NULL) {
3319  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3320  if (r == 0 && gh->ipv4_head != NULL &&
3321  gh->ipv4_head->next != NULL &&
3322  gh->ipv4_head->next->next != NULL) {
3323  result = 1;
3324  }
3325  }
3326 
3327  DetectAddressHeadFree(gh);
3328  }
3329  return result;
3330 }
3331 
3332 static int AddressTestAddressGroupSetup11(void)
3333 {
3334  int result = 0;
3335  DetectAddressHead *gh = DetectAddressHeadInit();
3336 
3337  if (gh != NULL) {
3338  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3339  if (r == 0) {
3340  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3341  if (r == 0) {
3342  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3343  if (r == 0) {
3344  DetectAddress *one = gh->ipv4_head, *two = one->next,
3345  *three = two->next, *four = three->next,
3346  *five = four->next;
3347 
3348  /* result should be:
3349  * 0.0.0.0/10.10.9.255
3350  * 10.10.10.0/10.10.10.9
3351  * 10.10.10.10/10.10.10.255
3352  * 10.10.11.0/10.10.11.1
3353  * 10.10.11.2/255.255.255.255
3354  */
3355  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3356  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3357  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3358  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3359  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3360  result = 1;
3361  }
3362  }
3363  }
3364  }
3365 
3366  DetectAddressHeadFree(gh);
3367  }
3368  return result;
3369 }
3370 
3371 static int AddressTestAddressGroupSetup12 (void)
3372 {
3373  int result = 0;
3374  DetectAddressHead *gh = DetectAddressHeadInit();
3375 
3376  if (gh != NULL) {
3377  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3378  if (r == 0) {
3379  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3380  if (r == 0) {
3381  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3382  if (r == 0) {
3383  DetectAddress *one = gh->ipv4_head, *two = one->next,
3384  *three = two->next, *four = three->next,
3385  *five = four->next;
3386 
3387  /* result should be:
3388  * 0.0.0.0/10.10.9.255
3389  * 10.10.10.0/10.10.10.9
3390  * 10.10.10.10/10.10.10.255
3391  * 10.10.11.0/10.10.11.1
3392  * 10.10.11.2/255.255.255.255
3393  */
3394  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3395  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3396  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3397  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3398  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3399  result = 1;
3400  }
3401  }
3402  }
3403  }
3404 
3405  DetectAddressHeadFree(gh);
3406  }
3407  return result;
3408 }
3409 
3410 static int AddressTestAddressGroupSetup13(void)
3411 {
3412  int result = 0;
3413  DetectAddressHead *gh = DetectAddressHeadInit();
3414 
3415  if (gh != NULL) {
3416  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3417  if (r == 0) {
3418  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3419  if (r == 0) {
3420  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3421  if (r == 0) {
3422  DetectAddress *one = gh->ipv4_head, *two = one->next,
3423  *three = two->next, *four = three->next,
3424  *five = four->next;
3425 
3426  /* result should be:
3427  * 0.0.0.0/10.10.9.255
3428  * 10.10.10.0/10.10.10.9
3429  * 10.10.10.10/10.10.10.255
3430  * 10.10.11.0/10.10.11.1
3431  * 10.10.11.2/255.255.255.255
3432  */
3433  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3434  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3435  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3436  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3437  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3438  result = 1;
3439  }
3440  }
3441  }
3442  }
3443 
3444  DetectAddressHeadFree(gh);
3445  }
3446  return result;
3447 }
3448 
3449 static int AddressTestAddressGroupSetupIPv414(void)
3450 {
3451  DetectAddressHead *gh = DetectAddressHeadInit();
3452  FAIL_IF_NULL(gh);
3453 
3454  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3455  FAIL_IF_NOT(r == 1);
3456 
3457  DetectAddress *one = gh->ipv4_head;
3458  FAIL_IF_NULL(one);
3459  DetectAddress *two = one->next;
3460  FAIL_IF_NULL(two);
3461 
3462  /* result should be:
3463  * 0.0.0.0/1.2.3.3
3464  * 1.2.3.5/255.255.255.255
3465  */
3466  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3467  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3468  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3469  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3470  DetectAddressHeadFree(gh);
3471 
3472  PASS;
3473 }
3474 
3475 static int AddressTestAddressGroupSetupIPv415(void)
3476 {
3477  DetectAddressHead *gh = DetectAddressHeadInit();
3478  FAIL_IF_NULL(gh);
3479 
3480  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3481  FAIL_IF_NOT(r == 1);
3482 
3483  DetectAddress *one = gh->ipv4_head;
3484  FAIL_IF_NULL(one);
3485  FAIL_IF_NOT_NULL(one->next);
3486 
3487  /* result should be:
3488  * 0.0.0.1/255.255.255.255
3489  */
3490  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3491  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3492 
3493  DetectAddressHeadFree(gh);
3494  PASS;
3495 }
3496 
3497 static int AddressTestAddressGroupSetupIPv416(void)
3498 {
3499  DetectAddressHead *gh = DetectAddressHeadInit();
3500  FAIL_IF_NULL(gh);
3501 
3502  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3503  FAIL_IF_NOT(r == 1);
3504 
3505  DetectAddress *one = gh->ipv4_head;
3506  FAIL_IF_NULL(one);
3507  FAIL_IF_NOT_NULL(one->next);
3508 
3509  /* result should be:
3510  * 0.0.0.0/255.255.255.254
3511  */
3512  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3513  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3514 
3515  DetectAddressHeadFree(gh);
3516  PASS;
3517 }
3518 
3519 static int AddressTestAddressGroupSetup14(void)
3520 {
3521  int result = 0;
3522  DetectAddressHead *gh = DetectAddressHeadInit();
3523 
3524  if (gh != NULL) {
3525  int r = DetectAddressParse(NULL, gh, "2001::1");
3526  if (r == 0)
3527  result = 1;
3528 
3529  DetectAddressHeadFree(gh);
3530  }
3531  return result;
3532 }
3533 
3534 static int AddressTestAddressGroupSetup15(void)
3535 {
3536  int result = 0;
3537  DetectAddressHead *gh = DetectAddressHeadInit();
3538 
3539  if (gh != NULL) {
3540  int r = DetectAddressParse(NULL, gh, "2001::1");
3541  if (r == 0 && gh->ipv6_head != NULL)
3542  result = 1;
3543 
3544  DetectAddressHeadFree(gh);
3545  }
3546  return result;
3547 }
3548 
3549 static int AddressTestAddressGroupSetup16(void)
3550 {
3551  int result = 0;
3552  DetectAddressHead *gh = DetectAddressHeadInit();
3553 
3554  if (gh != NULL) {
3555  int r = DetectAddressParse(NULL, gh, "2001::4");
3556  if (r == 0 && gh->ipv6_head != NULL) {
3557  DetectAddress *prev_head = gh->ipv6_head;
3558 
3559  r = DetectAddressParse(NULL, gh, "2001::3");
3560  if (r == 0 && gh->ipv6_head != prev_head &&
3561  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3562  result = 1;
3563  }
3564  }
3565 
3566  DetectAddressHeadFree(gh);
3567  }
3568  return result;
3569 }
3570 
3571 static int AddressTestAddressGroupSetup17(void)
3572 {
3573  int result = 0;
3574  DetectAddressHead *gh = DetectAddressHeadInit();
3575 
3576  if (gh != NULL) {
3577  int r = DetectAddressParse(NULL, gh, "2001::4");
3578  if (r == 0 && gh->ipv6_head != NULL) {
3579  DetectAddress *prev_head = gh->ipv6_head;
3580 
3581  r = DetectAddressParse(NULL, gh, "2001::3");
3582  if (r == 0 && gh->ipv6_head != prev_head &&
3583  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3584  DetectAddress *ph = gh->ipv6_head;
3585 
3586  r = DetectAddressParse(NULL, gh, "2001::2");
3587  if (r == 0 && gh->ipv6_head != ph &&
3588  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3589  result = 1;
3590  }
3591  }
3592  }
3593 
3594  DetectAddressHeadFree(gh);
3595  }
3596  return result;
3597 }
3598 
3599 static int AddressTestAddressGroupSetup18(void)
3600 {
3601  int result = 0;
3602  DetectAddressHead *gh = DetectAddressHeadInit();
3603 
3604  if (gh != NULL) {
3605  int r = DetectAddressParse(NULL, gh, "2001::2");
3606  if (r == 0 && gh->ipv6_head != NULL) {
3607  DetectAddress *prev_head = gh->ipv6_head;
3608 
3609  r = DetectAddressParse(NULL, gh, "2001::3");
3610  if (r == 0 && gh->ipv6_head == prev_head &&
3611  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3612  DetectAddress *ph = gh->ipv6_head;
3613 
3614  r = DetectAddressParse(NULL, gh, "2001::4");
3615  if (r == 0 && gh->ipv6_head == ph &&
3616  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3617  result = 1;
3618  }
3619  }
3620  }
3621 
3622  DetectAddressHeadFree(gh);
3623  }
3624  return result;
3625 }
3626 
3627 static int AddressTestAddressGroupSetup19(void)
3628 {
3629  int result = 0;
3630  DetectAddressHead *gh = DetectAddressHeadInit();
3631 
3632  if (gh != NULL) {
3633  int r = DetectAddressParse(NULL, gh, "2001::2");
3634  if (r == 0 && gh->ipv6_head != NULL) {
3635  DetectAddress *prev_head = gh->ipv6_head;
3636 
3637  r = DetectAddressParse(NULL, gh, "2001::2");
3638  if (r == 0 && gh->ipv6_head == prev_head &&
3639  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3640  result = 1;
3641  }
3642  }
3643 
3644  DetectAddressHeadFree(gh);
3645  }
3646  return result;
3647 }
3648 
3649 static int AddressTestAddressGroupSetup20(void)
3650 {
3651  int result = 0;
3652  DetectAddressHead *gh = DetectAddressHeadInit();
3653 
3654  if (gh != NULL) {
3655  int r = DetectAddressParse(NULL, gh, "2000::/3");
3656  if (r == 0 && gh->ipv6_head != NULL) {
3657  r = DetectAddressParse(NULL, gh, "2001::4");
3658  if (r == 0 && gh->ipv6_head != NULL &&
3659  gh->ipv6_head->next != NULL &&
3660  gh->ipv6_head->next->next != NULL) {
3661  result = 1;
3662  }
3663  }
3664 
3665  DetectAddressHeadFree(gh);
3666  }
3667  return result;
3668 }
3669 
3670 static int AddressTestAddressGroupSetup21(void)
3671 {
3672  int result = 0;
3673  DetectAddressHead *gh = DetectAddressHeadInit();
3674 
3675  if (gh != NULL) {
3676  int r = DetectAddressParse(NULL, gh, "2001::4");
3677  if (r == 0 && gh->ipv6_head != NULL) {
3678  r = DetectAddressParse(NULL, gh, "2000::/3");
3679  if (r == 0 && gh->ipv6_head != NULL &&
3680  gh->ipv6_head->next != NULL &&
3681  gh->ipv6_head->next->next != NULL) {
3682  result = 1;
3683  }
3684  }
3685 
3686  DetectAddressHeadFree(gh);
3687  }
3688  return result;
3689 }
3690 
3691 static int AddressTestAddressGroupSetup22(void)
3692 {
3693  int result = 0;
3694  DetectAddressHead *gh = DetectAddressHeadInit();
3695 
3696  if (gh != NULL) {
3697  int r = DetectAddressParse(NULL, gh, "2000::/3");
3698  if (r == 0 && gh->ipv6_head != NULL) {
3699  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3700  if (r == 0 && gh->ipv6_head != NULL &&
3701  gh->ipv6_head->next != NULL &&
3702  gh->ipv6_head->next->next != NULL) {
3703  result = 1;
3704  }
3705  }
3706 
3707  DetectAddressHeadFree(gh);
3708  }
3709  return result;
3710 }
3711 
3712 static int AddressTestAddressGroupSetup23(void)
3713 {
3714  int result = 0;
3715  DetectAddressHead *gh = DetectAddressHeadInit();
3716 
3717  if (gh != NULL) {
3718  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3719  if (r == 0 && gh->ipv6_head != NULL) {
3720  r = DetectAddressParse(NULL, gh, "2000::/3");
3721  if (r == 0 && gh->ipv6_head != NULL &&
3722  gh->ipv6_head->next != NULL &&
3723  gh->ipv6_head->next->next != NULL) {
3724  result = 1;
3725  }
3726  }
3727 
3728  DetectAddressHeadFree(gh);
3729  }
3730  return result;
3731 }
3732 
3733 static int AddressTestAddressGroupSetup24(void)
3734 {
3735  int result = 0;
3736  DetectAddressHead *gh = DetectAddressHeadInit();
3737 
3738  if (gh != NULL) {
3739  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3740  if (r == 0) {
3741  r = DetectAddressParse(NULL, gh, "2001::/3");
3742  if (r == 0) {
3743  r = DetectAddressParse(NULL, gh, "::/0");
3744  if (r == 0) {
3745  DetectAddress *one = gh->ipv6_head, *two = one->next,
3746  *three = two->next, *four = three->next,
3747  *five = four->next;
3748  if (one->ip.addr_data32[0] == 0x00000000 &&
3749  one->ip.addr_data32[1] == 0x00000000 &&
3750  one->ip.addr_data32[2] == 0x00000000 &&
3751  one->ip.addr_data32[3] == 0x00000000 &&
3752  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3753  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3754  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3755  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3756 
3757  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3758  two->ip.addr_data32[1] == 0x00000000 &&
3759  two->ip.addr_data32[2] == 0x00000000 &&
3760  two->ip.addr_data32[3] == 0x00000000 &&
3761  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3762  two->ip2.addr_data32[1] == 0x00000000 &&
3763  two->ip2.addr_data32[2] == 0x00000000 &&
3764  two->ip2.addr_data32[3] == SCNtohl(3) &&
3765 
3766  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3767  three->ip.addr_data32[1] == 0x00000000 &&
3768  three->ip.addr_data32[2] == 0x00000000 &&
3769  three->ip.addr_data32[3] == SCNtohl(4) &&
3770  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3771  three->ip2.addr_data32[1] == 0x00000000 &&
3772  three->ip2.addr_data32[2] == 0x00000000 &&
3773  three->ip2.addr_data32[3] == SCNtohl(6) &&
3774 
3775  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3776  four->ip.addr_data32[1] == 0x00000000 &&
3777  four->ip.addr_data32[2] == 0x00000000 &&
3778  four->ip.addr_data32[3] == SCNtohl(7) &&
3779  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3780  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3781  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3782  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3783 
3784  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3785  five->ip.addr_data32[1] == 0x00000000 &&
3786  five->ip.addr_data32[2] == 0x00000000 &&
3787  five->ip.addr_data32[3] == 0x00000000 &&
3788  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3789  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3790  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3791  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3792  result = 1;
3793  }
3794  }
3795  }
3796  }
3797 
3798  DetectAddressHeadFree(gh);
3799  }
3800  return result;
3801 }
3802 
3803 static int AddressTestAddressGroupSetup25(void)
3804 {
3805  int result = 0;
3806  DetectAddressHead *gh = DetectAddressHeadInit();
3807 
3808  if (gh != NULL) {
3809  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3810  if (r == 0) {
3811  r = DetectAddressParse(NULL, gh, "::/0");
3812  if (r == 0) {
3813  r = DetectAddressParse(NULL, gh, "2001::/3");
3814  if (r == 0) {
3815  DetectAddress *one = gh->ipv6_head, *two = one->next,
3816  *three = two->next, *four = three->next,
3817  *five = four->next;
3818  if (one->ip.addr_data32[0] == 0x00000000 &&
3819  one->ip.addr_data32[1] == 0x00000000 &&
3820  one->ip.addr_data32[2] == 0x00000000 &&
3821  one->ip.addr_data32[3] == 0x00000000 &&
3822  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3823  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3824  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3825  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3826 
3827  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3828  two->ip.addr_data32[1] == 0x00000000 &&
3829  two->ip.addr_data32[2] == 0x00000000 &&
3830  two->ip.addr_data32[3] == 0x00000000 &&
3831  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3832  two->ip2.addr_data32[1] == 0x00000000 &&
3833  two->ip2.addr_data32[2] == 0x00000000 &&
3834  two->ip2.addr_data32[3] == SCNtohl(3) &&
3835 
3836  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3837  three->ip.addr_data32[1] == 0x00000000 &&
3838  three->ip.addr_data32[2] == 0x00000000 &&
3839  three->ip.addr_data32[3] == SCNtohl(4) &&
3840  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3841  three->ip2.addr_data32[1] == 0x00000000 &&
3842  three->ip2.addr_data32[2] == 0x00000000 &&
3843  three->ip2.addr_data32[3] == SCNtohl(6) &&
3844 
3845  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3846  four->ip.addr_data32[1] == 0x00000000 &&
3847  four->ip.addr_data32[2] == 0x00000000 &&
3848  four->ip.addr_data32[3] == SCNtohl(7) &&
3849  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3850  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3851  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3852  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3853 
3854  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3855  five->ip.addr_data32[1] == 0x00000000 &&
3856  five->ip.addr_data32[2] == 0x00000000 &&
3857  five->ip.addr_data32[3] == 0x00000000 &&
3858  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3859  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3860  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3861  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3862  result = 1;
3863  }
3864  }
3865  }
3866  }
3867 
3868  DetectAddressHeadFree(gh);
3869  }
3870  return result;
3871 }
3872 
3873 static int AddressTestAddressGroupSetup26(void)
3874 {
3875  int result = 0;
3876  DetectAddressHead *gh = DetectAddressHeadInit();
3877 
3878  if (gh != NULL) {
3879  int r = DetectAddressParse(NULL, gh, "::/0");
3880  if (r == 0) {
3881  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3882  if (r == 0) {
3883  r = DetectAddressParse(NULL, gh, "2001::/3");
3884  if (r == 0) {
3885  DetectAddress *one = gh->ipv6_head, *two = one->next,
3886  *three = two->next, *four = three->next,
3887  *five = four->next;
3888  if (one->ip.addr_data32[0] == 0x00000000 &&
3889  one->ip.addr_data32[1] == 0x00000000 &&
3890  one->ip.addr_data32[2] == 0x00000000 &&
3891  one->ip.addr_data32[3] == 0x00000000 &&
3892  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3893  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3894  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3895  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3896 
3897  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3898  two->ip.addr_data32[1] == 0x00000000 &&
3899  two->ip.addr_data32[2] == 0x00000000 &&
3900  two->ip.addr_data32[3] == 0x00000000 &&
3901  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3902  two->ip2.addr_data32[1] == 0x00000000 &&
3903  two->ip2.addr_data32[2] == 0x00000000 &&
3904  two->ip2.addr_data32[3] == SCNtohl(3) &&
3905 
3906  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3907  three->ip.addr_data32[1] == 0x00000000 &&
3908  three->ip.addr_data32[2] == 0x00000000 &&
3909  three->ip.addr_data32[3] == SCNtohl(4) &&
3910  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3911  three->ip2.addr_data32[1] == 0x00000000 &&
3912  three->ip2.addr_data32[2] == 0x00000000 &&
3913  three->ip2.addr_data32[3] == SCNtohl(6) &&
3914 
3915  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3916  four->ip.addr_data32[1] == 0x00000000 &&
3917  four->ip.addr_data32[2] == 0x00000000 &&
3918  four->ip.addr_data32[3] == SCNtohl(7) &&
3919  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3920  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3921  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3922  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3923 
3924  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3925  five->ip.addr_data32[1] == 0x00000000 &&
3926  five->ip.addr_data32[2] == 0x00000000 &&
3927  five->ip.addr_data32[3] == 0x00000000 &&
3928  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3929  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3930  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3931  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3932  result = 1;
3933  }
3934  }
3935  }
3936  }
3937 
3938  DetectAddressHeadFree(gh);
3939  }
3940  return result;
3941 }
3942 
3943 static int AddressTestAddressGroupSetup27(void)
3944 {
3945  int result = 0;
3946  DetectAddressHead *gh = DetectAddressHeadInit();
3947 
3948  if (gh != NULL) {
3949  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3950  if (r == 0)
3951  result = 1;
3952 
3953  DetectAddressHeadFree(gh);
3954  }
3955  return result;
3956 }
3957 
3958 static int AddressTestAddressGroupSetup28(void)
3959 {
3960  int result = 0;
3961  DetectAddressHead *gh = DetectAddressHeadInit();
3962 
3963  if (gh != NULL) {
3964  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3965  if (r == 0)
3966  result = 1;
3967 
3968  DetectAddressHeadFree(gh);
3969  }
3970  return result;
3971 }
3972 
3973 static int AddressTestAddressGroupSetup29(void)
3974 {
3975  int result = 0;
3976  DetectAddressHead *gh = DetectAddressHeadInit();
3977 
3978  if (gh != NULL) {
3979  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3980  if (r == 0)
3981  result = 1;
3982 
3983  DetectAddressHeadFree(gh);
3984  }
3985  return result;
3986 }
3987 
3988 static int AddressTestAddressGroupSetup30(void)
3989 {
3990  int result = 0;
3991  DetectAddressHead *gh = DetectAddressHeadInit();
3992 
3993  if (gh != NULL) {
3994  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3995  if (r == 0)
3996  result = 1;
3997 
3998  DetectAddressHeadFree(gh);
3999  }
4000  return result;
4001 }
4002 
4003 static int AddressTestAddressGroupSetup31(void)
4004 {
4005  int result = 0;
4006  DetectAddressHead *gh = DetectAddressHeadInit();
4007 
4008  if (gh != NULL) {
4009  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4010  if (r == 0)
4011  result = 1;
4012 
4013  DetectAddressHeadFree(gh);
4014  }
4015  return result;
4016 }
4017 
4018 static int AddressTestAddressGroupSetup32(void)
4019 {
4020  int result = 0;
4021  DetectAddressHead *gh = DetectAddressHeadInit();
4022 
4023  if (gh != NULL) {
4024  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4025  if (r == 0)
4026  result = 1;
4027 
4028  DetectAddressHeadFree(gh);
4029  }
4030  return result;
4031 }
4032 
4033 static int AddressTestAddressGroupSetup33(void)
4034 {
4035  int result = 0;
4036  DetectAddressHead *gh = DetectAddressHeadInit();
4037 
4038  if (gh != NULL) {
4039  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4040  if (r == 1)
4041  result = 1;
4042 
4043  DetectAddressHeadFree(gh);
4044  }
4045  return result;
4046 }
4047 
4048 static int AddressTestAddressGroupSetup34(void)
4049 {
4050  int result = 0;
4051  DetectAddressHead *gh = DetectAddressHeadInit();
4052 
4053  if (gh != NULL) {
4054  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4055  if (r == 1)
4056  result = 1;
4057 
4058  DetectAddressHeadFree(gh);
4059  }
4060  return result;
4061 }
4062 
4063 static int AddressTestAddressGroupSetup35(void)
4064 {
4065  int result = 0;
4066  DetectAddressHead *gh = DetectAddressHeadInit();
4067 
4068  if (gh != NULL) {
4069  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4070  if (r == 1)
4071  result = 1;
4072 
4073  DetectAddressHeadFree(gh);
4074  }
4075  return result;
4076 }
4077 
4078 static int AddressTestAddressGroupSetup36 (void)
4079 {
4080  int result = 0;
4081 
4082  DetectAddressHead *gh = DetectAddressHeadInit();
4083  if (gh != NULL) {
4084  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4085  if (r == 1)
4086  result = 1;
4087 
4088  DetectAddressHeadFree(gh);
4089  }
4090  return result;
4091 }
4092 
4093 static int AddressTestAddressGroupSetup37(void)
4094 {
4095  int result = 0;
4096  DetectAddressHead *gh = DetectAddressHeadInit();
4097 
4098  if (gh != NULL) {
4099  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4100  if (r == 0)
4101  result = 1;
4102 
4103  DetectAddressHeadFree(gh);
4104  }
4105  return result;
4106 }
4107 
4108 static int AddressTestAddressGroupSetup38(void)
4109 {
4110  UTHValidateDetectAddressHeadRange expectations[3] = {
4111  { "0.0.0.0", "192.167.255.255" },
4112  { "192.168.14.0", "192.168.14.255" },
4113  { "192.169.0.0", "255.255.255.255" } };
4114  int result = 0;
4115  DetectAddressHead *gh = DetectAddressHeadInit();
4116 
4117  if (gh != NULL) {
4118  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4119  if (r == 1) {
4120  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4121  result = 1;
4122  }
4123 
4124  DetectAddressHeadFree(gh);
4125  }
4126  return result;
4127 }
4128 
4129 static int AddressTestAddressGroupSetup39(void)
4130 {
4131  UTHValidateDetectAddressHeadRange expectations[3] = {
4132  { "0.0.0.0", "192.167.255.255" },
4133  { "192.168.14.0", "192.168.14.255" },
4134  { "192.169.0.0", "255.255.255.255" } };
4135  int result = 0;
4136  DetectAddressHead *gh = DetectAddressHeadInit();
4137 
4138  if (gh != NULL) {
4139  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4140  if (r == 1) {
4141  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4142  result = 1;
4143  }
4144 
4145  DetectAddressHeadFree(gh);
4146  }
4147  return result;
4148 }
4149 
4150 static int AddressTestAddressGroupSetup40(void)
4151 {
4152  UTHValidateDetectAddressHeadRange expectations[3] = {
4153  { "0.0.0.0", "192.167.255.255" },
4154  { "192.168.14.0", "192.168.14.255" },
4155  { "192.169.0.0", "255.255.255.255" } };
4156  int result = 0;
4157  DetectAddressHead *gh = DetectAddressHeadInit();
4158  if (gh != NULL) {
4159  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4160  if (r == 1) {
4161  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4162  result = 1;
4163  }
4164 
4165  DetectAddressHeadFree(gh);
4166  }
4167  return result;
4168 }
4169 
4170 static int AddressTestAddressGroupSetup41(void)
4171 {
4172  UTHValidateDetectAddressHeadRange expectations[3] = {
4173  { "0.0.0.0", "192.167.255.255" },
4174  { "192.168.14.0", "192.168.14.255" },
4175  { "192.169.0.0", "255.255.255.255" } };
4176  int result = 0;
4177  DetectAddressHead *gh = DetectAddressHeadInit();
4178  if (gh != NULL) {
4179  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4180  if (r == 1) {
4181  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4182  result = 1;
4183  }
4184 
4185  DetectAddressHeadFree(gh);
4186  }
4187  return result;
4188 }
4189 
4190 static int AddressTestAddressGroupSetup42(void)
4191 {
4192  UTHValidateDetectAddressHeadRange expectations[1] = {
4193  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4194  int result = 0;
4195  DetectAddressHead *gh = DetectAddressHeadInit();
4196  if (gh != NULL) {
4197  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4198  if (r == 0) {
4199  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4200  result = 1;
4201  }
4202 
4203  DetectAddressHeadFree(gh);
4204  }
4205  return result;
4206 }
4207 
4208 static int AddressTestAddressGroupSetup43(void)
4209 {
4210  UTHValidateDetectAddressHeadRange expectations[2] = {
4211  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4212  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4213  int result = 0;
4214  DetectAddressHead *gh = DetectAddressHeadInit();
4215  if (gh != NULL) {
4216  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4217  if (r == 1) {
4218  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4219  result = 1;
4220  }
4221 
4222  DetectAddressHeadFree(gh);
4223  }
4224  return result;
4225 }
4226 
4227 static int AddressTestAddressGroupSetup44(void)
4228 {
4229  UTHValidateDetectAddressHeadRange expectations[2] = {
4230  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4231  int result = 0;
4232  DetectAddressHead *gh = DetectAddressHeadInit();
4233  if (gh != NULL) {
4234  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4235  if (r == 0) {
4236  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4237  result = 1;
4238  }
4239 
4240  DetectAddressHeadFree(gh);
4241  }
4242  return result;
4243 }
4244 
4245 static int AddressTestAddressGroupSetup45(void)
4246 {
4247  int result = 0;
4248  DetectAddressHead *gh = DetectAddressHeadInit();
4249  if (gh != NULL) {
4250  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4251  if (r != 0) {
4252  result = 1;
4253  }
4254 
4255  DetectAddressHeadFree(gh);
4256  }
4257  return result;
4258 }
4259 
4260 static int AddressTestAddressGroupSetup46(void)
4261 {
4262  UTHValidateDetectAddressHeadRange expectations[4] = {
4263  { "0.0.0.0", "192.167.255.255" },
4264  { "192.168.1.0", "192.168.1.255" },
4265  { "192.168.3.0", "192.168.3.255" },
4266  { "192.169.0.0", "255.255.255.255" } };
4267  int result = 0;
4268  DetectAddressHead *gh = DetectAddressHeadInit();
4269  if (gh != NULL) {
4270  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4271  if (r == 1) {
4272  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4273  result = 1;
4274  }
4275 
4276  DetectAddressHeadFree(gh);
4277  }
4278  return result;
4279 }
4280 
4281 /** \test net with some negations, then all negated */
4282 static int AddressTestAddressGroupSetup47(void)
4283 {
4284  UTHValidateDetectAddressHeadRange expectations[5] = {
4285  { "0.0.0.0", "192.167.255.255" },
4286  { "192.168.1.0", "192.168.1.255" },
4287  { "192.168.3.0", "192.168.3.255" },
4288  { "192.168.5.0", "192.168.5.255" },
4289  { "192.169.0.0", "255.255.255.255" } };
4290  int result = 0;
4291  DetectAddressHead *gh = DetectAddressHeadInit();
4292  if (gh != NULL) {
4293  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4294  if (r == 1) {
4295  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4296  result = 1;
4297  }
4298 
4299  DetectAddressHeadFree(gh);
4300  }
4301  return result;
4302 }
4303 
4304 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4305 static int AddressTestAddressGroupSetup48(void)
4306 {
4307  UTHValidateDetectAddressHeadRange expectations[4] = {
4308  { "192.168.0.0", "192.168.0.255" },
4309  { "192.168.2.0", "192.168.2.255" },
4310  { "192.168.4.0", "192.168.4.255" },
4311  { "192.168.6.0", "192.168.255.255" } };
4312  int result = 0;
4313  DetectAddressHead *gh = DetectAddressHeadInit();
4314  if (gh != NULL) {
4315  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4316  if (r == 1) {
4317  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4318  result = 1;
4319  }
4320 
4321  DetectAddressHeadFree(gh);
4322  }
4323  return result;
4324 }
4325 
4326 static int AddressTestCutIPv401(void)
4327 {
4328  DetectAddress *c;
4329  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4330  FAIL_IF_NULL(a);
4331  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4332  FAIL_IF_NULL(b);
4333 
4334  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4335 
4336  DetectAddressFree(a);
4337  DetectAddressFree(b);
4338  DetectAddressFree(c);
4339  PASS;
4340 }
4341 
4342 static int AddressTestCutIPv402(void)
4343 {
4344  DetectAddress *a, *b, *c = NULL;
4345  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4346  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4347 
4348  if (DetectAddressCut(NULL, a, b, &c) == -1)
4349  goto error;
4350 
4351  if (c == NULL)
4352  goto error;
4353 
4354  DetectAddressFree(a);
4355  DetectAddressFree(b);
4356  DetectAddressFree(c);
4357  return 1;
4358 
4359 error:
4360  DetectAddressFree(a);
4361  DetectAddressFree(b);
4362  DetectAddressFree(c);
4363  return 0;
4364 }
4365 
4366 static int AddressTestCutIPv403(void)
4367 {
4368  DetectAddress *a, *b, *c = NULL;
4369  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4370  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4371 
4372  if (DetectAddressCut(NULL, a, b, &c) == -1)
4373  goto error;
4374 
4375  if (c == NULL)
4376  goto error;
4377 
4378  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4379  goto error;
4380  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4381  goto error;
4382  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4383  goto error;
4384 
4385  DetectAddressFree(a);
4386  DetectAddressFree(b);
4387  DetectAddressFree(c);
4388  return 1;
4389 
4390 error:
4391  DetectAddressFree(a);
4392  DetectAddressFree(b);
4393  DetectAddressFree(c);
4394  return 0;
4395 }
4396 
4397 static int AddressTestCutIPv404(void)
4398 {
4399  DetectAddress *a, *b, *c = NULL;
4400  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4401  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4402 
4403  if (DetectAddressCut(NULL, a, b, &c) == -1)
4404  goto error;
4405 
4406  if (c == NULL)
4407  goto error;
4408 
4409  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4410  goto error;
4411  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4412  goto error;
4413  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4414  goto error;
4415 
4416 
4417  DetectAddressFree(a);
4418  DetectAddressFree(b);
4419  DetectAddressFree(c);
4420  return 1;
4421 
4422 error:
4423  DetectAddressFree(a);
4424  DetectAddressFree(b);
4425  DetectAddressFree(c);
4426  return 0;
4427 }
4428 
4429 static int AddressTestCutIPv405(void)
4430 {
4431  DetectAddress *a, *b, *c = NULL;
4432  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4433  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4434 
4435  if (DetectAddressCut(NULL, a, b, &c) == -1)
4436  goto error;
4437 
4438  if (c == NULL)
4439  goto error;
4440 
4441  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4442  goto error;
4443  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4444  goto error;
4445  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4446  goto error;
4447 
4448  DetectAddressFree(a);
4449  DetectAddressFree(b);
4450  DetectAddressFree(c);
4451  return 1;
4452 
4453 error:
4454  DetectAddressFree(a);
4455  DetectAddressFree(b);
4456  DetectAddressFree(c);
4457  return 0;
4458 }
4459 
4460 static int AddressTestCutIPv406(void)
4461 {
4462  DetectAddress *a, *b, *c = NULL;
4463  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4464  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4465 
4466  if (DetectAddressCut(NULL, a, b, &c) == -1)
4467  goto error;
4468 
4469  if (c == NULL)
4470  goto error;
4471 
4472  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4473  goto error;
4474  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4475  goto error;
4476  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4477  goto error;
4478 
4479  DetectAddressFree(a);
4480  DetectAddressFree(b);
4481  DetectAddressFree(c);
4482  return 1;
4483 
4484 error:
4485  DetectAddressFree(a);
4486  DetectAddressFree(b);
4487  DetectAddressFree(c);
4488  return 0;
4489 }
4490 
4491 static int AddressTestCutIPv407(void)
4492 {
4493  DetectAddress *a, *b, *c = NULL;
4494  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4495  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4496 
4497  if (DetectAddressCut(NULL, a, b, &c) == -1)
4498  goto error;
4499 
4500  if (c != NULL)
4501  goto error;
4502 
4503  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4504  goto error;
4505  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4506  goto error;
4507 
4508  DetectAddressFree(a);
4509  DetectAddressFree(b);
4510  DetectAddressFree(c);
4511  return 1;
4512 
4513 error:
4514  DetectAddressFree(a);
4515  DetectAddressFree(b);
4516  DetectAddressFree(c);
4517  return 0;
4518 }
4519 
4520 static int AddressTestCutIPv408(void)
4521 {
4522  DetectAddress *a, *b, *c = NULL;
4523  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4524  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4525 
4526  if (DetectAddressCut(NULL, a, b, &c) == -1)
4527  goto error;
4528 
4529  if (c != NULL)
4530  goto error;
4531 
4532  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4533  goto error;
4534  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4535  goto error;
4536 
4537  DetectAddressFree(a);
4538  DetectAddressFree(b);
4539  DetectAddressFree(c);
4540  return 1;
4541 
4542 error:
4543  DetectAddressFree(a);
4544  DetectAddressFree(b);
4545  DetectAddressFree(c);
4546  return 0;
4547 }
4548 
4549 static int AddressTestCutIPv409(void)
4550 {
4551  DetectAddress *a, *b, *c = NULL;
4552  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4553  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4554 
4555  if (DetectAddressCut(NULL, a, b, &c) == -1)
4556  goto error;
4557 
4558  if (c != NULL)
4559  goto error;
4560 
4561  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4562  goto error;
4563  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4564  goto error;
4565 
4566  DetectAddressFree(a);
4567  DetectAddressFree(b);
4568  DetectAddressFree(c);
4569  return 1;
4570 
4571 error:
4572  DetectAddressFree(a);
4573  DetectAddressFree(b);
4574  DetectAddressFree(c);
4575  return 0;
4576 }
4577 
4578 static int AddressTestCutIPv410(void)
4579 {
4580  DetectAddress *a, *b, *c = NULL;
4581  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4582  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4583 
4584  if (DetectAddressCut(NULL, a, b, &c) == -1)
4585  goto error;
4586 
4587  if (c != NULL)
4588  goto error;
4589 
4590  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4591  goto error;
4592  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4593  goto error;
4594 
4595  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4596 
4597  DetectAddressFree(a);
4598  DetectAddressFree(b);
4599  DetectAddressFree(c);
4600  return 1;
4601 
4602 error:
4603  DetectAddressFree(a);
4604  DetectAddressFree(b);
4605  DetectAddressFree(c);
4606  return 0;
4607 }
4608 
4609 static int AddressTestParseInvalidMask01(void)
4610 {
4611  int result = 1;
4612  DetectAddress *dd = NULL;
4613 
4614  dd = DetectAddressParseSingle("192.168.2.0/33");
4615  if (dd != NULL) {
4616  DetectAddressFree(dd);
4617  result = 0;
4618  }
4619  return result;
4620 }
4621 
4622 static int AddressTestParseInvalidMask02(void)
4623 {
4624  int result = 1;
4625  DetectAddress *dd = NULL;
4626 
4627  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4628  if (dd != NULL) {
4629  DetectAddressFree(dd);
4630  result = 0;
4631  }
4632  return result;
4633 }
4634 
4635 static int AddressTestParseInvalidMask03(void)
4636 {
4637  int result = 1;
4638  DetectAddress *dd = NULL;
4639 
4640  dd = DetectAddressParseSingle("192.168.2.0/blue");
4641  if (dd != NULL) {
4642  DetectAddressFree(dd);
4643  result = 0;
4644  }
4645  return result;
4646 }
4647 
4648 static int AddressConfVarsTest01(void)
4649 {
4650  static const char *dummy_conf_string =
4651  "%YAML 1.1\n"
4652  "---\n"
4653  "\n"
4654  "vars:\n"
4655  "\n"
4656  " address-groups:\n"
4657  "\n"
4658  " HOME_NET: \"any\"\n"
4659  "\n"
4660  " EXTERNAL_NET: \"!any\"\n"
4661  "\n"
4662  " port-groups:\n"
4663  "\n"
4664  " HTTP_PORTS: \"any\"\n"
4665  "\n"
4666  " SHELLCODE_PORTS: \"!any\"\n"
4667  "\n";
4668 
4669  int result = 0;
4670 
4672  SCConfInit();
4673  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4674 
4676  result = 1;
4677 
4678  SCConfDeInit();
4680 
4681  return result;
4682 }
4683 
4684 static int AddressConfVarsTest02(void)
4685 {
4686  static const char *dummy_conf_string =
4687  "%YAML 1.1\n"
4688  "---\n"
4689  "\n"
4690  "vars:\n"
4691  "\n"
4692  " address-groups:\n"
4693  "\n"
4694  " HOME_NET: \"any\"\n"
4695  "\n"
4696  " EXTERNAL_NET: \"any\"\n"
4697  "\n"
4698  " port-groups:\n"
4699  "\n"
4700  " HTTP_PORTS: \"any\"\n"
4701  "\n"
4702  " SHELLCODE_PORTS: \"!any\"\n"
4703  "\n";
4704 
4705  int result = 0;
4706 
4708  SCConfInit();
4709  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4710 
4712  result = 1;
4713 
4714  SCConfDeInit();
4716 
4717  return result;
4718 }
4719 
4720 static int AddressConfVarsTest03(void)
4721 {
4722  static const char *dummy_conf_string =
4723  "%YAML 1.1\n"
4724  "---\n"
4725  "\n"
4726  "vars:\n"
4727  "\n"
4728  " address-groups:\n"
4729  "\n"
4730  " HOME_NET: \"any\"\n"
4731  "\n"
4732  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4733  "\n"
4734  " port-groups:\n"
4735  "\n"
4736  " HTTP_PORTS: \"any\"\n"
4737  "\n"
4738  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4739  "\n";
4740 
4741  int result = 0;
4742 
4744  SCConfInit();
4745  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4746 
4748  result = 1;
4749 
4750  SCConfDeInit();
4752 
4753  return result;
4754 }
4755 
4756 static int AddressConfVarsTest04(void)
4757 {
4758  static const char *dummy_conf_string =
4759  "%YAML 1.1\n"
4760  "---\n"
4761  "\n"
4762  "vars:\n"
4763  "\n"
4764  " address-groups:\n"
4765  "\n"
4766  " HOME_NET: \"any\"\n"
4767  "\n"
4768  " EXTERNAL_NET: \"$HOME_NET\"\n"
4769  "\n"
4770  " port-groups:\n"
4771  "\n"
4772  " HTTP_PORTS: \"any\"\n"
4773  "\n"
4774  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4775  "\n";
4776 
4777  int result = 0;
4778 
4780  SCConfInit();
4781  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4782 
4784  result = 1;
4785 
4786  SCConfDeInit();
4788 
4789  return result;
4790 }
4791 
4792 static int AddressConfVarsTest05(void)
4793 {
4794  static const char *dummy_conf_string =
4795  "%YAML 1.1\n"
4796  "---\n"
4797  "\n"
4798  "vars:\n"
4799  "\n"
4800  " address-groups:\n"
4801  "\n"
4802  " HOME_NET: \"any\"\n"
4803  "\n"
4804  " EXTERNAL_NET: [192.168.0.1]\n"
4805  "\n"
4806  " port-groups:\n"
4807  "\n"
4808  " HTTP_PORTS: \"any\"\n"
4809  "\n"
4810  " SHELLCODE_PORTS: [80]\n"
4811  "\n";
4812 
4813  int result = 0;
4814 
4816  SCConfInit();
4817  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4818 
4819  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4820  goto end;
4821 
4822  result = 1;
4823 
4824  end:
4825  SCConfDeInit();
4827 
4828  return result;
4829 }
4830 
4831 static int AddressConfVarsTest06(void)
4832 {
4833  // HOME_NET value size = 10261 bytes
4834  static const char *dummy_conf_string =
4835  "%YAML 1.1\n"
4836  "---\n"
4837  "\n"
4838  "vars:\n"
4839  "\n"
4840  " address-groups:\n"
4841  "\n"
4842  " HOME_NET: "
4843  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4844  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4845  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4846  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4847  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4978  "\n"
4979  " EXTERNAL_NET: \"any\"\n"
4980  "\n";
4981 
4983  SCConfInit();
4984  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4985 
4987 
4988  SCConfDeInit();
4990 
4991  PASS;
4992 }
4993 
4994 #endif /* UNITTESTS */
4995 
4996 void DetectAddressTests(void)
4997 {
4998 #ifdef UNITTESTS
5001 
5002  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5003  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5004  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5005  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5006  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5007  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5008  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5009  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5010  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5011  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5012  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5013  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5014  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5015  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5016  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5017  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5018  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5019  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5020  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5021  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5022  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5023  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5024  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5025  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5026  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5027  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5028  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5029  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5030  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5031  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5032  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5033  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5034  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5035  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5036  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5037  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5038  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5039  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5040 
5041  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5042  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5043  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5044  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5045  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5046  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5047  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5048  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5049  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5050  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5051  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5052 
5053  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5054  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5055  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5056  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5057  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5058  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5059  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5060  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5061 
5062  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5063  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5064  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5065  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5066  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5067  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5068 
5069  UtRegisterTest("AddressTestAddressGroupSetup01",
5070  AddressTestAddressGroupSetup01);
5071  UtRegisterTest("AddressTestAddressGroupSetup02",
5072  AddressTestAddressGroupSetup02);
5073  UtRegisterTest("AddressTestAddressGroupSetup03",
5074  AddressTestAddressGroupSetup03);
5075  UtRegisterTest("AddressTestAddressGroupSetup04",
5076  AddressTestAddressGroupSetup04);
5077  UtRegisterTest("AddressTestAddressGroupSetup05",
5078  AddressTestAddressGroupSetup05);
5079  UtRegisterTest("AddressTestAddressGroupSetup06",
5080  AddressTestAddressGroupSetup06);
5081  UtRegisterTest("AddressTestAddressGroupSetup07",
5082  AddressTestAddressGroupSetup07);
5083  UtRegisterTest("AddressTestAddressGroupSetup08",
5084  AddressTestAddressGroupSetup08);
5085  UtRegisterTest("AddressTestAddressGroupSetup09",
5086  AddressTestAddressGroupSetup09);
5087  UtRegisterTest("AddressTestAddressGroupSetup10",
5088  AddressTestAddressGroupSetup10);
5089  UtRegisterTest("AddressTestAddressGroupSetup11",
5090  AddressTestAddressGroupSetup11);
5091  UtRegisterTest("AddressTestAddressGroupSetup12",
5092  AddressTestAddressGroupSetup12);
5093  UtRegisterTest("AddressTestAddressGroupSetup13",
5094  AddressTestAddressGroupSetup13);
5095  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5096  AddressTestAddressGroupSetupIPv414);
5097  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5098  AddressTestAddressGroupSetupIPv415);
5099  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5100  AddressTestAddressGroupSetupIPv416);
5101 
5102  UtRegisterTest("AddressTestAddressGroupSetup14",
5103  AddressTestAddressGroupSetup14);
5104  UtRegisterTest("AddressTestAddressGroupSetup15",
5105  AddressTestAddressGroupSetup15);
5106  UtRegisterTest("AddressTestAddressGroupSetup16",
5107  AddressTestAddressGroupSetup16);
5108  UtRegisterTest("AddressTestAddressGroupSetup17",
5109  AddressTestAddressGroupSetup17);
5110  UtRegisterTest("AddressTestAddressGroupSetup18",
5111  AddressTestAddressGroupSetup18);
5112  UtRegisterTest("AddressTestAddressGroupSetup19",
5113  AddressTestAddressGroupSetup19);
5114  UtRegisterTest("AddressTestAddressGroupSetup20",
5115  AddressTestAddressGroupSetup20);
5116  UtRegisterTest("AddressTestAddressGroupSetup21",
5117  AddressTestAddressGroupSetup21);
5118  UtRegisterTest("AddressTestAddressGroupSetup22",
5119  AddressTestAddressGroupSetup22);
5120  UtRegisterTest("AddressTestAddressGroupSetup23",
5121  AddressTestAddressGroupSetup23);
5122  UtRegisterTest("AddressTestAddressGroupSetup24",
5123  AddressTestAddressGroupSetup24);
5124  UtRegisterTest("AddressTestAddressGroupSetup25",
5125  AddressTestAddressGroupSetup25);
5126  UtRegisterTest("AddressTestAddressGroupSetup26",
5127  AddressTestAddressGroupSetup26);
5128 
5129  UtRegisterTest("AddressTestAddressGroupSetup27",
5130  AddressTestAddressGroupSetup27);
5131  UtRegisterTest("AddressTestAddressGroupSetup28",
5132  AddressTestAddressGroupSetup28);
5133  UtRegisterTest("AddressTestAddressGroupSetup29",
5134  AddressTestAddressGroupSetup29);
5135  UtRegisterTest("AddressTestAddressGroupSetup30",
5136  AddressTestAddressGroupSetup30);
5137  UtRegisterTest("AddressTestAddressGroupSetup31",
5138  AddressTestAddressGroupSetup31);
5139  UtRegisterTest("AddressTestAddressGroupSetup32",
5140  AddressTestAddressGroupSetup32);
5141  UtRegisterTest("AddressTestAddressGroupSetup33",
5142  AddressTestAddressGroupSetup33);
5143  UtRegisterTest("AddressTestAddressGroupSetup34",
5144  AddressTestAddressGroupSetup34);
5145  UtRegisterTest("AddressTestAddressGroupSetup35",
5146  AddressTestAddressGroupSetup35);
5147  UtRegisterTest("AddressTestAddressGroupSetup36",
5148  AddressTestAddressGroupSetup36);
5149  UtRegisterTest("AddressTestAddressGroupSetup37",
5150  AddressTestAddressGroupSetup37);
5151  UtRegisterTest("AddressTestAddressGroupSetup38",
5152  AddressTestAddressGroupSetup38);
5153  UtRegisterTest("AddressTestAddressGroupSetup39",
5154  AddressTestAddressGroupSetup39);
5155  UtRegisterTest("AddressTestAddressGroupSetup40",
5156  AddressTestAddressGroupSetup40);
5157  UtRegisterTest("AddressTestAddressGroupSetup41",
5158  AddressTestAddressGroupSetup41);
5159  UtRegisterTest("AddressTestAddressGroupSetup42",
5160  AddressTestAddressGroupSetup42);
5161  UtRegisterTest("AddressTestAddressGroupSetup43",
5162  AddressTestAddressGroupSetup43);
5163  UtRegisterTest("AddressTestAddressGroupSetup44",
5164  AddressTestAddressGroupSetup44);
5165  UtRegisterTest("AddressTestAddressGroupSetup45",
5166  AddressTestAddressGroupSetup45);
5167  UtRegisterTest("AddressTestAddressGroupSetup46",
5168  AddressTestAddressGroupSetup46);
5169  UtRegisterTest("AddressTestAddressGroupSetup47",
5170  AddressTestAddressGroupSetup47);
5171  UtRegisterTest("AddressTestAddressGroupSetup48",
5172  AddressTestAddressGroupSetup48);
5173 
5174  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5175  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5176  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5177  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5178  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5179  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5180  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5181  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5182  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5183  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5184 
5185  UtRegisterTest("AddressTestParseInvalidMask01",
5186  AddressTestParseInvalidMask01);
5187  UtRegisterTest("AddressTestParseInvalidMask02",
5188  AddressTestParseInvalidMask02);
5189  UtRegisterTest("AddressTestParseInvalidMask03",
5190  AddressTestParseInvalidMask03);
5191 
5192  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5193  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5194  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5195  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5196  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5197  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5198 #endif /* UNITTESTS */
5199 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:349
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:170
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:523
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1396
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1294
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:353
detect-engine-siggroup.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AddressIPv6Le
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1591
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:168
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:279
DetectAddressHead_
Definition: detect.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1478
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1339
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
Address_
Definition: decode.h:112
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:168
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1109
util-var.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:159
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1800
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:156
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:177
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:158
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:728
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1883
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:281
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:154
detect-engine-port.h
DetectAddress_::ip2
Address ip2
Definition: detect.h:171
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1037
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:482
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:127
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
Address_::address
union Address_::@30 address
util-rule-vars.h
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:153
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:297
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
SCConfCreateContextBackup
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:684
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:229
DetectAddressMap_
Definition: detect-engine-address.c:1291
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:185
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:157
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1624
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:1072
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:152
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:703
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1328
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:123
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:155
str
#define str(s)
Definition: suricata-common.h:308
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:271
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1882
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1293
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:430
detect-engine-address-ipv4.h
SCConfRestoreContextBackup
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:694
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:704
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:139
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:179
DetectMatchAddressIPv6_
Definition: detect.h:194
DetectMatchAddressIPv4_
Definition: detect.h:189
Address_::family
char family
Definition: decode.h:113
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1436
SCConfNode_::name
char * name
Definition: conf.h:38
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1874
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:162
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1884
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:127
AddressIPv6Gt
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
AddressIPv6Ge
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:285
SCConfNode_
Definition: conf.h:37
flow-var.h
SCConfNode_::val
char * val
Definition: conf.h:39
DetectAddress_::flags
uint8_t flags
Definition: detect.h:174
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1564
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:184
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1292
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1219