suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
99  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
114  DetectAddressHeadCleanup(gh);
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
128 DetectAddress *DetectAddressCopy(DetectAddress *orig)
129 {
130  DetectAddress *ag = DetectAddressInit();
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
367 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Parses an ipv4/ipv6 address string and updates the result into the
393  * DetectAddress instance sent as the argument.
394  *
395  * \param dd Pointer to the DetectAddress instance which should be updated with
396  * the address range details from the parsed ip string.
397  * \param str Pointer to address string that has to be parsed.
398  *
399  * \retval 0 On successfully parsing the address string.
400  * \retval -1 On failure.
401  */
402 static int DetectAddressParseString(DetectAddress *dd, const char *str)
403 {
404  char *ip = NULL;
405  char *ip2 = NULL;
406  char *mask = NULL;
407  int r = 0;
408  char ipstr[256];
409 
410  /* shouldn't see 'any' here */
411  BUG_ON(strcasecmp(str, "any") == 0);
412 
413  strlcpy(ipstr, str, sizeof(ipstr));
414  SCLogDebug("str %s", str);
415 
416  /* we work with a copy so that we can put a
417  * nul-termination in it later */
418  ip = ipstr;
419 
420  /* handle the negation case */
421  if (ip[0] == '!') {
422  dd->flags |= ADDRESS_FLAG_NOT;
423  ip++;
424  }
425 
426  /* see if the address is an ipv4 or ipv6 address */
427  if ((strchr(str, ':')) == NULL) {
428  /* IPv4 Address */
429  struct in_addr in;
430 
431  dd->ip.family = AF_INET;
432 
433  if ((mask = strchr(ip, '/')) != NULL) {
434  /* 1.2.3.4/xxx format (either dotted or cidr notation */
435  ip[mask - ip] = '\0';
436  mask++;
437  uint32_t ip4addr = 0;
438  uint32_t netmask = 0;
439 
440  if ((strchr (mask, '.')) == NULL) {
441  /* 1.2.3.4/24 format */
442 
443  for (size_t u = 0; u < strlen(mask); u++) {
444  if(!isdigit((unsigned char)mask[u]))
445  goto error;
446  }
447 
448  int cidr;
449  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
450  goto error;
451  netmask = CIDRGet(cidr);
452  } else {
453  /* 1.2.3.4/255.255.255.0 format */
454  r = inet_pton(AF_INET, mask, &in);
455  if (r <= 0)
456  goto error;
457 
458  netmask = in.s_addr;
459 
460  /* validate netmask */
461  int cidr = CIDRFromMask(netmask);
462  if (cidr < 0) {
463  SCLogError(
464  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
465  "CIDR notation are supported. See ticket #5168.",
466  mask);
467  goto error;
468  }
469  }
470 
471  r = inet_pton(AF_INET, ip, &in);
472  if (r <= 0)
473  goto error;
474 
475  ip4addr = in.s_addr;
476 
477  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
478  dd->ip2.addr_data32[0] |=~ netmask;
479  } else if ((ip2 = strchr(ip, '-')) != NULL) {
480  /* 1.2.3.4-1.2.3.6 range format */
481  ip[ip2 - ip] = '\0';
482  ip2++;
483 
484  r = inet_pton(AF_INET, ip, &in);
485  if (r <= 0)
486  goto error;
487  dd->ip.addr_data32[0] = in.s_addr;
488 
489  r = inet_pton(AF_INET, ip2, &in);
490  if (r <= 0)
491  goto error;
492  dd->ip2.addr_data32[0] = in.s_addr;
493 
494  /* a > b is illegal, a = b is ok */
495  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
496  goto error;
497  } else {
498  /* 1.2.3.4 format */
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502  /* single host */
503  dd->ip.addr_data32[0] = in.s_addr;
504  dd->ip2.addr_data32[0] = in.s_addr;
505  }
506  } else {
507  /* IPv6 Address */
508  struct in6_addr in6, mask6;
509  uint32_t ip6addr[4], netmask[4];
510 
511  dd->ip.family = AF_INET6;
512 
513  if ((mask = strchr(ip, '/')) != NULL) {
514  ip[mask - ip] = '\0';
515  mask++;
516 
517  int cidr;
518  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
519  goto error;
520 
521  r = inet_pton(AF_INET6, ip, &in6);
522  if (r <= 0)
523  goto error;
524  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
525 
526  CIDRGetIPv6(cidr, &mask6);
527  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
528 
529  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
530  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
531  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
532  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
533 
534  dd->ip2.addr_data32[0] |=~ netmask[0];
535  dd->ip2.addr_data32[1] |=~ netmask[1];
536  dd->ip2.addr_data32[2] |=~ netmask[2];
537  dd->ip2.addr_data32[3] |=~ netmask[3];
538  } else if ((ip2 = strchr(ip, '-')) != NULL) {
539  /* 2001::1-2001::4 range format */
540  ip[ip2 - ip] = '\0';
541  ip2++;
542 
543  r = inet_pton(AF_INET6, ip, &in6);
544  if (r <= 0)
545  goto error;
546  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
547 
548  r = inet_pton(AF_INET6, ip2, &in6);
549  if (r <= 0)
550  goto error;
551  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
552 
553  /* a > b is illegal, a=b is ok */
554  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
555  goto error;
556  } else {
557  r = inet_pton(AF_INET6, ip, &in6);
558  if (r <= 0)
559  goto error;
560 
561  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
562  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
563  }
564 
565  }
566 
567  BUG_ON(dd->ip.family == 0);
568 
569  return 0;
570 
571 error:
572  return -1;
573 }
574 
575 /**
576  * \internal
577  * \brief Simply parse an address and return a DetectAddress instance containing
578  * the address ranges of the parsed ip addressstring
579  *
580  * \param str Pointer to a character string containing the ip address
581  *
582  * \retval dd Pointer to the DetectAddress instance containing the address
583  * range details from the parsed ip string
584  */
585 static DetectAddress *DetectAddressParseSingle(const char *str)
586 {
587  SCLogDebug("str %s", str);
588 
589  DetectAddress *dd = DetectAddressInit();
590  if (dd == NULL)
591  return NULL;
592 
593  if (DetectAddressParseString(dd, str) < 0) {
594  SCLogDebug("AddressParse failed");
595  DetectAddressFree(dd);
596  return NULL;
597  }
598 
599  return dd;
600 }
601 
602 /**
603  * \brief Setup a single address string, parse it and add the resulting
604  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
605  *
606  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
607  * resulting Address-Range(s) from the parsed ip string has to
608  * be added.
609  * \param s Pointer to the ip address string to be parsed.
610  *
611  * \retval 0 On success.
612  * \retval -1 On failure.
613  */
614 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
615 {
616  SCLogDebug("gh %p, s %s", gh, s);
617 
618  while (*s != '\0' && isspace(*s))
619  s++;
620 
621  if (strcasecmp(s, "any") == 0) {
622  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
623 
624  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
625  if (ad == NULL)
626  return -1;
627 
628  BUG_ON(ad->ip.family == 0);
629 
630  if (DetectAddressInsert(NULL, gh, ad) < 0) {
631  SCLogDebug("DetectAddressInsert failed");
632  DetectAddressFree(ad);
633  return -1;
634  }
635 
636  ad = DetectAddressParseSingle("::/0");
637  if (ad == NULL)
638  return -1;
639 
640  BUG_ON(ad->ip.family == 0);
641 
642  if (DetectAddressInsert(NULL, gh, ad) < 0) {
643  SCLogDebug("DetectAddressInsert failed");
644  DetectAddressFree(ad);
645  return -1;
646  }
647  return 0;
648  }
649 
650  /* parse the address */
651  DetectAddress *ad = DetectAddressParseSingle(s);
652  if (ad == NULL) {
653  SCLogError("failed to parse address \"%s\"", s);
654  return -1;
655  }
656 
657  /* handle the not case, we apply the negation then insert the part(s) */
658  if (ad->flags & ADDRESS_FLAG_NOT) {
659  DetectAddress *ad2 = NULL;
660 
661  if (DetectAddressCutNot(ad, &ad2) < 0) {
662  SCLogDebug("DetectAddressCutNot failed");
663  DetectAddressFree(ad);
664  return -1;
665  }
666 
667  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
668  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
669  if (ad2 != NULL) {
670  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
671  SCLogDebug("DetectAddressInsert failed");
672  DetectAddressFree(ad);
673  DetectAddressFree(ad2);
674  return -1;
675  }
676  }
677  }
678 
679  int r = DetectAddressInsert(NULL, gh, ad);
680  if (r < 0) {
681  SCLogDebug("DetectAddressInsert failed");
682  DetectAddressFree(ad);
683  return -1;
684  }
685  SCLogDebug("r %d",r);
686  return 0;
687 }
688 
689 /**
690  * \brief Parses an address string and updates the 2 address heads with the
691  * address data.
692  *
693  * Note that this function should only be called by the wrapping function
694  * DetectAddressParse2. The wrapping function provides long address handling
695  * when the address size exceeds a threshold value.
696  *
697  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
698  * since we pass around negate without keeping a count of ! with depth.
699  * Can solve this by keeping a count of the negations with depth, so that
700  * an even no of negations would count as no negation and an odd no of
701  * negations would count as a negation.
702  *
703  * \param gh Pointer to the address head that should hold address ranges
704  * that are not negated.
705  * \param ghn Pointer to the address head that should hold address ranges
706  * that are negated.
707  * \param s Pointer to the character string holding the address to be
708  * parsed.
709  * \param negate Flag that indicates if the received address string is negated
710  * or not. 0 if it is not, 1 it it is.
711  *
712  * \retval 0 On successfully parsing.
713  * \retval -1 On failure.
714  */
715 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
716  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
717  int recur, char *address, size_t address_length)
718 {
719  size_t x = 0;
720  size_t u = 0;
721  int o_set = 0, n_set = 0, d_set = 0;
722  int depth = 0;
723  const char *rule_var_address = NULL;
724  char *temp_rule_var_address = NULL;
725 
726  if (++recur > 64) {
727  SCLogError("address block recursion "
728  "limit reached (max 64)");
729  goto error;
730  }
731 
732  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
733 
734  size_t size = strlen(s);
735  for (u = 0, x = 0; u < size && x < address_length; u++) {
736  if (x == (address_length - 1)) {
737  SCLogError("Hit the address buffer"
738  " limit for the supplied address. Invalidating sig. "
739  "Please file a bug report on this.");
740  goto error;
741  }
742  address[x] = s[u];
743  x++;
744 
745  if (!o_set && s[u] == '!') {
746  n_set = 1;
747  x--;
748  } else if (s[u] == '[') {
749  if (!o_set) {
750  o_set = 1;
751  x = 0;
752  }
753  depth++;
754  } else if (s[u] == ']') {
755  if (depth == 1) {
756  address[x - 1] = '\0';
757  x = 0;
758  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
759  if (((negate + n_set) % 2) == 0) {
760  /* normal block */
761  SCLogDebug("normal block");
762 
763  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
764  goto error;
765  } else {
766  /* negated block
767  *
768  * Extra steps are necessary. First consider it as a normal
769  * (non-negated) range. Merge the + and - ranges if
770  * applicable. Then insert the result into the ghn list. */
771  SCLogDebug("negated block");
772 
773  DetectAddressHead tmp_gh = { NULL, NULL };
774  DetectAddressHead tmp_ghn = { NULL, NULL };
775 
776  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
777  DetectAddressHeadCleanup(&tmp_gh);
778  DetectAddressHeadCleanup(&tmp_ghn);
779  goto error;
780  }
781 
782  DetectAddress *tmp_ad;
783  DetectAddress *tmp_ad2;
784 #ifdef DEBUG
785  SCLogDebug("tmp_gh: IPv4");
786  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
787  DetectAddressPrint(tmp_ad);
788  }
789  SCLogDebug("tmp_ghn: IPv4");
790  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
791  DetectAddressPrint(tmp_ad);
792  }
793  SCLogDebug("tmp_gh: IPv6");
794  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
795  DetectAddressPrint(tmp_ad);
796  }
797  SCLogDebug("tmp_ghn: IPv6");
798  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
799  DetectAddressPrint(tmp_ad);
800  }
801 #endif
802  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
803  DetectAddressHeadCleanup(&tmp_ghn);
804  DetectAddressHeadCleanup(&tmp_gh);
805  goto error;
806  }
807  DetectAddressHeadCleanup(&tmp_ghn);
808 
809  SCLogDebug("merged successfully");
810 
811  /* insert the IPv4 addresses into the negated list */
812  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
813  /* work with a copy of the address group */
814  tmp_ad2 = DetectAddressCopy(tmp_ad);
815  if (tmp_ad2 == NULL) {
816  SCLogDebug("DetectAddressCopy failed");
817  DetectAddressHeadCleanup(&tmp_gh);
818  goto error;
819  }
820  DetectAddressPrint(tmp_ad2);
821  DetectAddressInsert(NULL, ghn, tmp_ad2);
822  }
823 
824  /* insert the IPv6 addresses into the negated list */
825  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
826  /* work with a copy of the address group */
827  tmp_ad2 = DetectAddressCopy(tmp_ad);
828  if (tmp_ad2 == NULL) {
829  SCLogDebug("DetectAddressCopy failed");
830  DetectAddressHeadCleanup(&tmp_gh);
831  goto error;
832  }
833  DetectAddressPrint(tmp_ad2);
834  DetectAddressInsert(NULL, ghn, tmp_ad2);
835  }
836 
837  DetectAddressHeadCleanup(&tmp_gh);
838  }
839  n_set = 0;
840  }
841  depth--;
842  } else if (depth == 0 && s[u] == ',') {
843  if (o_set == 1) {
844  o_set = 0;
845  } else if (d_set == 1) {
846  address[x - 1] = '\0';
847 
848  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
849  SC_RULE_VARS_ADDRESS_GROUPS);
850  if (rule_var_address == NULL)
851  goto error;
852 
853  if (strlen(rule_var_address) == 0) {
854  SCLogError("variable %s resolved "
855  "to nothing. This is likely a misconfiguration. "
856  "Note that a negated address needs to be quoted, "
857  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
858  s);
859  goto error;
860  }
861 
862  SCLogDebug("rule_var_address %s", rule_var_address);
863  if ((negate + n_set) % 2) {
864  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
865  if (unlikely(temp_rule_var_address == NULL))
866  goto error;
867  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
868  "[%s]", rule_var_address);
869  } else {
870  temp_rule_var_address = SCStrdup(rule_var_address);
871  if (unlikely(temp_rule_var_address == NULL))
872  goto error;
873  }
874 
875  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
876  (negate + n_set) % 2, var_list, recur) < 0) {
877  if (temp_rule_var_address != rule_var_address)
878  SCFree(temp_rule_var_address);
879  goto error;
880  }
881  d_set = 0;
882  n_set = 0;
883  SCFree(temp_rule_var_address);
884  } else {
885  address[x - 1] = '\0';
886 
887  if (!((negate + n_set) % 2)) {
888  SCLogDebug("DetectAddressSetup into gh, %s", address);
889  if (DetectAddressSetup(gh, address) < 0)
890  goto error;
891  } else {
892  SCLogDebug("DetectAddressSetup into ghn, %s", address);
893  if (DetectAddressSetup(ghn, address) < 0)
894  goto error;
895  }
896  n_set = 0;
897  }
898  x = 0;
899  } else if (depth == 0 && s[u] == '$') {
900  d_set = 1;
901  } else if (depth == 0 && u == size - 1) {
902  if (x == address_length) {
903  address[x - 1] = '\0';
904  } else {
905  address[x] = '\0';
906  }
907  x = 0;
908 
909  if (AddVariableToResolveList(var_list, address) == -1) {
910  SCLogError("Found a loop in a address "
911  "groups declaration. This is likely a misconfiguration.");
912  goto error;
913  }
914 
915  if (d_set == 1) {
916  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
917  SC_RULE_VARS_ADDRESS_GROUPS);
918  if (rule_var_address == NULL)
919  goto error;
920 
921  if (strlen(rule_var_address) == 0) {
922  SCLogError("variable %s resolved "
923  "to nothing. This is likely a misconfiguration. "
924  "Note that a negated address needs to be quoted, "
925  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
926  s);
927  goto error;
928  }
929 
930  SCLogDebug("rule_var_address %s", rule_var_address);
931  if ((negate + n_set) % 2) {
932  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
933  if (unlikely(temp_rule_var_address == NULL))
934  goto error;
935  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
936  "[%s]", rule_var_address);
937  } else {
938  temp_rule_var_address = SCStrdup(rule_var_address);
939  if (unlikely(temp_rule_var_address == NULL))
940  goto error;
941  }
942 
943  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
944  (negate + n_set) % 2, var_list, recur) < 0) {
945  SCLogDebug("DetectAddressParse2 hates us");
946  if (temp_rule_var_address != rule_var_address)
947  SCFree(temp_rule_var_address);
948  goto error;
949  }
950  d_set = 0;
951  SCFree(temp_rule_var_address);
952  } else {
953  if (!((negate + n_set) % 2)) {
954  SCLogDebug("DetectAddressSetup into gh, %s", address);
955  if (DetectAddressSetup(gh, address) < 0) {
956  SCLogDebug("DetectAddressSetup gh fail");
957  goto error;
958  }
959  } else {
960  SCLogDebug("DetectAddressSetup into ghn, %s", address);
961  if (DetectAddressSetup(ghn, address) < 0) {
962  SCLogDebug("DetectAddressSetup ghn fail");
963  goto error;
964  }
965  }
966  }
967  n_set = 0;
968  }
969  }
970  if (depth > 0) {
971  SCLogError("not every address block was "
972  "properly closed in \"%s\", %d missing closing brackets (]). "
973  "Note: problem might be in a variable.",
974  s, depth);
975  goto error;
976  } else if (depth < 0) {
977  SCLogError("not every address block was "
978  "properly opened in \"%s\", %d missing opening brackets ([). "
979  "Note: problem might be in a variable.",
980  s, depth * -1);
981  goto error;
982  }
983 
984  return 0;
985 
986 error:
987 
988  return -1;
989 }
990 
991 /**
992  * \internal
993  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
994  *
995  * \retval Return value from DetectAddressParseInternal
996  */
997 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
998  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
999  int recur)
1000 {
1001  int rc;
1002 #define MAX_ADDRESS_LENGTH 8192
1003 
1004  size_t address_length = strlen(s);
1005  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1006  char *address = SCCalloc(1, address_length);
1007  if (address == NULL) {
1008  SCLogError("Unable to allocate"
1009  " memory for address parsing.");
1010  return -1;
1011  }
1012  rc = DetectAddressParseInternal(
1013  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1014  SCFree(address);
1015  } else {
1016  char address[MAX_ADDRESS_LENGTH] = "";
1017  rc = DetectAddressParseInternal(
1018  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1019  }
1020  return rc;
1021 }
1022 
1023 /**
1024  * \internal
1025  * \brief See if the addresses and ranges in an address head cover the
1026  * entire ip space.
1027  *
1028  * \param gh Pointer to the DetectAddressHead to check.
1029  *
1030  * \retval 0 No.
1031  * \retval 1 Yes.
1032  *
1033  * \todo do the same for IPv6
1034  */
1035 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1036 {
1037  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1038  if (r == 1)
1039  return 1;
1040 
1041  return 0;
1042 }
1043 
1044 /**
1045  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1046  *
1047  * \param gh Pointer to the address head containing the non-NOT groups.
1048  * \param ghn Pointer to the address head containing the NOT groups.
1049  *
1050  * \retval 0 On success.
1051  * \retval -1 On failure.
1052  */
1053 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1054 {
1055  DetectAddress *ad;
1056  DetectAddress *ag, *ag2;
1057  int r = 0;
1058 
1059  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1060  ghn->ipv4_head);
1061 
1062  /* check if the negated list covers the entire ip space. If so
1063  * the user screwed up the rules/vars. */
1064  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1065  SCLogError("Complete IP space negated. "
1066  "Rule address range is NIL. Probably have a !any or "
1067  "an address range that supplies a NULL address range");
1068  goto error;
1069  }
1070 
1071  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1072  * not thingy. In that case we add a 0.0.0.0/0 first. */
1073  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1074  r = DetectAddressSetup(gh, "0.0.0.0/0");
1075  if (r < 0) {
1076  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1077  goto error;
1078  }
1079  }
1080  /* ... or ::/0 for ipv6 */
1081  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1082  r = DetectAddressSetup(gh, "::/0");
1083  if (r < 0) {
1084  SCLogDebug("DetectAddressSetup for ::/0 failed");
1085  goto error;
1086  }
1087  }
1088 
1089  /* step 1: insert our ghn members into the gh list */
1090  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1091  /* work with a copy of the ad so we can easily clean up the ghn group
1092  * later. */
1093  ad = DetectAddressCopy(ag);
1094  if (ad == NULL) {
1095  SCLogDebug("DetectAddressCopy failed");
1096  goto error;
1097  }
1098 
1099  r = DetectAddressInsert(NULL, gh, ad);
1100  if (r < 0) {
1101  SCLogDebug("DetectAddressInsert failed");
1102  goto error;
1103  }
1104  }
1105  /* ... and the same for ipv6 */
1106  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1107  /* work with a copy of the ad so we can easily clean up the ghn group
1108  * later. */
1109  ad = DetectAddressCopy(ag);
1110  if (ad == NULL) {
1111  SCLogDebug("DetectAddressCopy failed");
1112  goto error;
1113  }
1114 
1115  r = DetectAddressInsert(NULL, gh, ad);
1116  if (r < 0) {
1117  SCLogDebug("DetectAddressInsert failed");
1118  goto error;
1119  }
1120  }
1121 #ifdef DEBUG
1122  DetectAddress *tmp_ad;
1123  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1124  DetectAddressPrint(tmp_ad);
1125  }
1126 #endif
1127  int ipv4_applied = 0;
1128  int ipv6_applied = 0;
1129 
1130  /* step 2: pull the address blocks that match our 'not' blocks */
1131  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1132  SCLogDebug("ag %p", ag);
1133  DetectAddressPrint(ag);
1134 
1135  int applied = 0;
1136  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1137  SCLogDebug("ag2 %p", ag2);
1138  DetectAddressPrint(ag2);
1139 
1140  r = DetectAddressCmp(ag, ag2);
1141  /* XXX more ??? */
1142  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1143  if (ag2->prev != NULL)
1144  ag2->prev->next = ag2->next;
1145  if (ag2->next != NULL)
1146  ag2->next->prev = ag2->prev;
1147  if (gh->ipv4_head == ag2)
1148  gh->ipv4_head = ag2->next;
1149  /* store the next ptr and remove the group */
1150  DetectAddress *next_ag2 = ag2->next;
1151  DetectAddressFree(ag2);
1152  ag2 = next_ag2;
1153  applied = 1;
1154  } else {
1155  ag2 = ag2->next;
1156  }
1157  }
1158 
1159  if (applied) {
1160  ipv4_applied++;
1161  }
1162  }
1163  /* ... and the same for ipv6 */
1164  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1165  int applied = 0;
1166  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1167  r = DetectAddressCmp(ag, ag2);
1168  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1169  if (ag2->prev != NULL)
1170  ag2->prev->next = ag2->next;
1171  if (ag2->next != NULL)
1172  ag2->next->prev = ag2->prev;
1173  if (gh->ipv6_head == ag2)
1174  gh->ipv6_head = ag2->next;
1175  /* store the next ptr and remove the group */
1176  DetectAddress *next_ag2 = ag2->next;
1177  DetectAddressFree(ag2);
1178  ag2 = next_ag2;
1179 
1180  SCLogDebug("applied");
1181  applied = 1;
1182  } else {
1183  ag2 = ag2->next;
1184  }
1185  }
1186  if (applied) {
1187  ipv6_applied++;
1188  }
1189  }
1190 #ifdef DEBUG
1191  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1192  DetectAddressPrint(tmp_ad);
1193  }
1194  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1195  DetectAddressPrint(tmp_ad);
1196  }
1197 #endif
1198  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1199  int cnt = 0;
1200  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1201  cnt++;
1202 
1203  if (ipv4_applied != cnt) {
1204  SCLogError("not all IPv4 negations "
1205  "could be applied: %d != %d",
1206  cnt, ipv4_applied);
1207  goto error;
1208  }
1209 
1210  cnt = 0;
1211  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1212  cnt++;
1213 
1214  if (ipv6_applied != cnt) {
1215  SCLogError("not all IPv6 negations "
1216  "could be applied: %d != %d",
1217  cnt, ipv6_applied);
1218  goto error;
1219  }
1220  }
1221 
1222  /* if the result is that we have no addresses we return error */
1223  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1224  SCLogError("no addresses left after "
1225  "merging addresses and negated addresses");
1226  goto error;
1227  }
1228 
1229  return 0;
1230 
1231 error:
1232  return -1;
1233 }
1234 
1235 int DetectAddressTestConfVars(void)
1236 {
1237  SCLogDebug("Testing address conf vars for any misconfigured values");
1238 
1239  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1240 
1241  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1242  if (address_vars_node == NULL) {
1243  return 0;
1244  }
1245 
1246  DetectAddressHead *gh = NULL;
1247  DetectAddressHead *ghn = NULL;
1248 
1249  ConfNode *seq_node;
1250  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1251  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1252 
1253  gh = DetectAddressHeadInit();
1254  if (gh == NULL) {
1255  goto error;
1256  }
1257  ghn = DetectAddressHeadInit();
1258  if (ghn == NULL) {
1259  goto error;
1260  }
1261 
1262  if (seq_node->val == NULL) {
1263  SCLogError("Address var \"%s\" probably has a sequence(something "
1264  "in brackets) value set without any quotes. Please "
1265  "quote it using \"..\".",
1266  seq_node->name);
1267  goto error;
1268  }
1269 
1270  int r = DetectAddressParse2(
1271  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1272 
1273  CleanVariableResolveList(&var_list);
1274 
1275  if (r < 0) {
1276  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1277  "Please check its syntax",
1278  seq_node->name, seq_node->val);
1279  goto error;
1280  }
1281 
1282  if (DetectAddressIsCompleteIPSpace(ghn)) {
1283  SCLogError("address var - \"%s\" has the complete IP space negated "
1284  "with its value \"%s\". Rule address range is NIL. "
1285  "Probably have a !any or an address range that supplies "
1286  "a NULL address range",
1287  seq_node->name, seq_node->val);
1288  goto error;
1289  }
1290 
1291  DetectAddressHeadFree(gh);
1292  gh = NULL;
1293  DetectAddressHeadFree(ghn);
1294  ghn = NULL;
1295  }
1296 
1297  return 0;
1298  error:
1299  if (gh != NULL)
1300  DetectAddressHeadFree(gh);
1301  if (ghn != NULL)
1302  DetectAddressHeadFree(ghn);
1303  return -1;
1304 }
1305 
1306 #include "util-hash-lookup3.h"
1307 
1308 typedef struct DetectAddressMap_ {
1309  char *string;
1310  DetectAddressHead *address;
1311  bool contains_negation;
1312 } DetectAddressMap;
1313 
1314 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1315 {
1316  const DetectAddressMap *map = (DetectAddressMap *)data;
1317  uint32_t hash = 0;
1318 
1319  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1320  hash %= ht->array_size;
1321 
1322  return hash;
1323 }
1324 
1325 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1326  uint16_t len2)
1327 {
1328  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1329  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1330 
1331  char r = (strcmp(map1->string, map2->string) == 0);
1332  return r;
1333 }
1334 
1335 static void DetectAddressMapFreeFunc(void *data)
1336 {
1337  DetectAddressMap *map = (DetectAddressMap *)data;
1338  if (map != NULL) {
1339  DetectAddressHeadFree(map->address);
1340  SCFree(map->string);
1341  }
1342  SCFree(map);
1343 }
1344 
1345 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1346 {
1347  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1348  DetectAddressMapCompareFunc,
1349  DetectAddressMapFreeFunc);
1350  if (de_ctx->address_table == NULL)
1351  return -1;
1352 
1353  return 0;
1354 }
1355 
1356 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1357 {
1358  if (de_ctx->address_table == NULL)
1359  return;
1360 
1361  HashListTableFree(de_ctx->address_table);
1362  de_ctx->address_table = NULL;
1363  return;
1364 }
1365 
1366 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1367  DetectAddressHead *address, bool contains_negation)
1368 {
1369  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1370  if (map == NULL)
1371  return -1;
1372 
1373  map->string = SCStrdup(string);
1374  if (map->string == NULL) {
1375  SCFree(map);
1376  return -1;
1377  }
1378  map->address = address;
1379  map->contains_negation = contains_negation;
1380 
1381  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1382  return 0;
1383 }
1384 
1385 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1386  const char *string)
1387 {
1388  DetectAddressMap map = { (char *)string, NULL, false };
1389 
1390  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1391  &map, 0);
1392  return res;
1393 }
1394 
1395 /**
1396  * \brief Parses an address group sent as a character string and updates the
1397  * DetectAddressHead sent as the argument with the relevant address
1398  * ranges from the parsed string.
1399  *
1400  * \param de_ctx Pointer to the detection engine context
1401  * \param gh Pointer to the DetectAddressHead.
1402  * \param str Pointer to the character string containing the address group
1403  * that has to be parsed.
1404  *
1405  * \retval 1 On success. Contained negation.
1406  * \retval 0 On success. Did not contain negation.
1407  * \retval -1 On failure.
1408  */
1409 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1410  DetectAddressHead *gh, const char *str)
1411 {
1412  SCLogDebug("gh %p, str %s", gh, str);
1413 
1414  if (str == NULL) {
1415  SCLogDebug("DetectAddressParse can not be run with NULL address");
1416  return -1;
1417  }
1418 
1419  DetectAddressHead *ghn = DetectAddressHeadInit();
1420  if (ghn == NULL) {
1421  SCLogDebug("DetectAddressHeadInit for ghn failed");
1422  return -1;
1423  }
1424 
1425  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1426  if (r < 0) {
1427  SCLogDebug("DetectAddressParse2 returned %d", r);
1428  DetectAddressHeadFree(ghn);
1429  return -1;
1430  }
1431 
1432  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1433  ghn->ipv4_head);
1434 
1435  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1436 
1437  /* merge the 'not' address groups */
1438  if (DetectAddressMergeNot(gh, ghn) < 0) {
1439  SCLogDebug("DetectAddressMergeNot failed");
1440  DetectAddressHeadFree(ghn);
1441  return -1;
1442  }
1443 
1444  /* free the temp negate head */
1445  DetectAddressHeadFree(ghn);
1446  return contains_negation ? 1 : 0;
1447 }
1448 
1449 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1450  const char *string, bool *contains_negation)
1451 {
1452  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1453  if (res != NULL) {
1454  SCLogDebug("found: %s :: %p", string, res);
1455  *contains_negation = res->contains_negation;
1456  return res->address;
1457  }
1458 
1459  SCLogDebug("%s not found", string);
1460 
1461  DetectAddressHead *head = DetectAddressHeadInit();
1462  if (head == NULL)
1463  return NULL;
1464 
1465  const int r = DetectAddressParse(de_ctx, head, string);
1466  if (r < 0) {
1467  DetectAddressHeadFree(head);
1468  return NULL;
1469  } else if (r == 1) {
1470  *contains_negation = true;
1471  } else {
1472  *contains_negation = false;
1473  }
1474 
1475  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1476  *contains_negation);
1477  return head;
1478 }
1479 
1480 /**
1481  * \brief Cleans a DetectAddressHead. The functions frees the address
1482  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1483  * instance.
1484  *
1485  * \param gh Pointer to the DetectAddressHead instance that has to be
1486  * cleaned.
1487  */
1488 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1489 {
1490  if (gh != NULL) {
1491  if (gh->ipv4_head != NULL) {
1492  DetectAddressCleanupList(gh->ipv4_head);
1493  gh->ipv4_head = NULL;
1494  }
1495  if (gh->ipv6_head != NULL) {
1496  DetectAddressCleanupList(gh->ipv6_head);
1497  gh->ipv6_head = NULL;
1498  }
1499  }
1500 
1501  return;
1502 }
1503 
1504 /**
1505  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1506  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1507  * explanations on what these functions do.
1508  *
1509  * \param de_ctx Pointer to the DetectEngineCtx.
1510  * \param a Pointer to the first address to be cut.
1511  * \param b Pointer to the second address to be cut.
1512  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1513  * ranges from a and b, demand a third address range.
1514  *
1515  * \retval 0 On success.
1516  * \retval -1 On failure.
1517  */
1518 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1519  DetectAddress *b, DetectAddress **c)
1520 {
1521  if (a->ip.family == AF_INET)
1522  return DetectAddressCutIPv4(de_ctx, a, b, c);
1523  else if (a->ip.family == AF_INET6)
1524  return DetectAddressCutIPv6(de_ctx, a, b, c);
1525 
1526  return -1;
1527 }
1528 
1529 /**
1530  * \brief Cuts a negated address range with respect to the entire ip range, and
1531  * supplies with the address range that doesn't belong to the negated
1532  * address range.
1533  *
1534  * There are 2 cases here -
1535  *
1536  * The first case includes the address being located at the extreme ends
1537  * of the ip space, in which we get a single range.
1538  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1539  *
1540  * The second case includes the address not present at either of the
1541  * ip space extremes, in which case we get 2 ranges. The second range
1542  * would be supplied back with the argument "b" supplied to this function.
1543  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1544  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1545  *
1546  * The above negation cases can similarly be extended to ranges, i.e.
1547  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1548  * ![10.20.30.40 - 10.20.30.50].
1549  *
1550  *
1551  * \param a Pointer to the DetectAddressData instance, that contains the negated
1552  * address range that has to be cut.
1553  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1554  * filled with the address range, if the argument "a", doesn't fall at
1555  * the extreme ends of the ip address space.
1556  *
1557  * \retval 0 On success.
1558  * \retval -1 On failure.
1559  */
1560 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1561 {
1562  if (a->ip.family == AF_INET)
1563  return DetectAddressCutNotIPv4(a, b);
1564  else if (a->ip.family == AF_INET6)
1565  return DetectAddressCutNotIPv6(a, b);
1566 
1567  return -1;
1568 }
1569 
1570 /**
1571  * \brief Used to compare 2 address ranges.
1572  *
1573  * \param a Pointer to the first DetectAddressData to be compared.
1574  * \param b Pointer to the second DetectAddressData to be compared.
1575  */
1576 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1577 {
1578  if (a->ip.family != b->ip.family)
1579  return ADDRESS_ER;
1580 
1581  if (a->ip.family == AF_INET)
1582  return DetectAddressCmpIPv4(a, b);
1583  else if (a->ip.family == AF_INET6)
1584  return DetectAddressCmpIPv6(a, b);
1585 
1586  return ADDRESS_ER;
1587 }
1588 
1589 /**
1590  * \brief Match a packets address against a signatures addrs array
1591  *
1592  * \param addrs array of DetectMatchAddressIPv4's
1593  * \param addrs_cnt array size in members
1594  * \param a packets address
1595  *
1596  * \retval 0 no match
1597  * \retval 1 match
1598  *
1599  * \note addresses in addrs are in host order
1600  *
1601  * \todo array should be ordered, so we can break out of the loop
1602  */
1603 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1604  uint16_t addrs_cnt, const Address *a)
1605 {
1606  SCEnter();
1607 
1608  if (addrs == NULL || addrs_cnt == 0) {
1609  SCReturnInt(0);
1610  }
1611 
1612  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1613  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1614  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1615  SCReturnInt(1);
1616  }
1617  }
1618 
1619  SCReturnInt(0);
1620 }
1621 
1622 /**
1623  * \brief Match a packets address against a signatures addrs array
1624  *
1625  * \param addrs array of DetectMatchAddressIPv6's
1626  * \param addrs_cnt array size in members
1627  * \param a packets address
1628  *
1629  * \retval 0 no match
1630  * \retval 1 match
1631  *
1632  * \note addresses in addrs are in host order
1633  *
1634  * \todo array should be ordered, so we can break out of the loop
1635  */
1636 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1637  uint16_t addrs_cnt, const Address *a)
1638 {
1639  SCEnter();
1640 
1641  if (addrs == NULL || addrs_cnt == 0) {
1642  SCReturnInt(0);
1643  }
1644 
1645  uint32_t match_addr[4];
1646  match_addr[0] = SCNtohl(a->addr_data32[0]);
1647  match_addr[1] = SCNtohl(a->addr_data32[1]);
1648  match_addr[2] = SCNtohl(a->addr_data32[2]);
1649  match_addr[3] = SCNtohl(a->addr_data32[3]);
1650 
1651  /* See if the packet address is within the range of any entry in the
1652  * signature's address match array.
1653  */
1654  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1655  uint16_t result1 = 0, result2 = 0;
1656 
1657  /* See if packet address equals either limit. Return 1 if true. */
1658  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1659  SCReturnInt(1);
1660  }
1661  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1662  SCReturnInt(1);
1663  }
1664 
1665  /* See if packet address is greater than lower limit
1666  * of the current signature address match pair.
1667  */
1668  for (int i = 0; i < 4; i++) {
1669  if (match_addr[i] > addrs[idx].ip[i]) {
1670  result1 = 1;
1671  break;
1672  }
1673  if (match_addr[i] < addrs[idx].ip[i]) {
1674  result1 = 0;
1675  break;
1676  }
1677  }
1678 
1679  /* If not greater than lower limit, try next address match entry */
1680  if (result1 == 0)
1681  continue;
1682 
1683  /* See if packet address is less than upper limit
1684  * of the current signature address match pair.
1685  */
1686  for (int i = 0; i < 4; i++) {
1687  if (match_addr[i] < addrs[idx].ip2[i]) {
1688  result2 = 1;
1689  break;
1690  }
1691  if (match_addr[i] > addrs[idx].ip2[i]) {
1692  result2 = 0;
1693  break;
1694  }
1695  }
1696 
1697  /* Return a match if packet address is between the two
1698  * signature address match limits.
1699  */
1700  if (result1 == 1 && result2 == 1)
1701  SCReturnInt(1);
1702  }
1703 
1704  SCReturnInt(0);
1705 }
1706 
1707 /**
1708  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1709  * range in the DetectAddress instance.
1710  *
1711  * We basically check that the address falls in between the address
1712  * range in DetectAddress.
1713  *
1714  * \param dd Pointer to the DetectAddress instance.
1715  * \param a Pointer to an Address instance.
1716  *
1717  * \param 1 On a match.
1718  * \param 0 On no match.
1719  */
1720 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1721 {
1722  SCEnter();
1723 
1724  if (dd->ip.family != a->family) {
1725  SCReturnInt(0);
1726  }
1727 
1728  //DetectAddressPrint(dd);
1729  //AddressDebugPrint(a);
1730 
1731  switch (a->family) {
1732  case AF_INET:
1733 
1734  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1735  * Address inside DetectAddressData we can do uint8_t checks */
1736  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1737  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1738  {
1739  SCReturnInt(1);
1740  } else {
1741  SCReturnInt(0);
1742  }
1743 
1744  break;
1745  case AF_INET6:
1746  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1747  AddressIPv6Le(a, &dd->ip2) == 1)
1748  {
1749  SCReturnInt(1);
1750  } else {
1751  SCReturnInt(0);
1752  }
1753 
1754  break;
1755  default:
1756  SCLogDebug("What other address type can we have :-/");
1757  break;
1758  }
1759 
1760  SCReturnInt(0);
1761 }
1762 
1763 #ifdef DEBUG
1764 /**
1765  * \brief Prints the address data held by the DetectAddress. If the address
1766  * data family is IPv4, we print the ipv4 address and mask, and
1767  * if the address data family is IPv6, we print the ipv6 address and
1768  * mask.
1769  *
1770  * \param ad Pointer to the DetectAddress instance to be printed.
1771  */
1772 static void DetectAddressPrint(DetectAddress *gr)
1773 {
1774  if (gr == NULL)
1775  return;
1776 
1777  if (gr->ip.family == AF_INET) {
1778  struct in_addr in;
1779  char ip[16], mask[16];
1780 
1781  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1782  PrintInet(AF_INET, &in, ip, sizeof(ip));
1783  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1784  PrintInet(AF_INET, &in, mask, sizeof(mask));
1785 
1786  SCLogDebug("%s/%s", ip, mask);
1787 // printf("%s/%s", ip, mask);
1788  } else if (gr->ip.family == AF_INET6) {
1789  struct in6_addr in6;
1790  char ip[66], mask[66];
1791 
1792  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1793  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1794  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1795  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1796 
1797  SCLogDebug("%s/%s", ip, mask);
1798 // printf("%s/%s", ip, mask);
1799  }
1800 
1801  return;
1802 }
1803 #endif
1804 
1805 /**
1806  * \brief Find the group matching address in a group head.
1807  *
1808  * \param gh Pointer to the address group head(DetectAddressHead instance).
1809  * \param a Pointer to an Address instance.
1810  *
1811  * \retval g On success pointer to an DetectAddress if we find a match
1812  * for the Address "a", in the DetectAddressHead "gh".
1813  */
1814 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1815 {
1816  SCEnter();
1817 
1818  DetectAddress *g = NULL;
1819 
1820  if (gh == NULL) {
1821  SCReturnPtr(NULL, "DetectAddress");
1822  }
1823 
1824  /* XXX should we really do this check every time we run this function? */
1825  if (a->family == AF_INET) {
1826  SCLogDebug("IPv4");
1827  g = gh->ipv4_head;
1828  } else if (a->family == AF_INET6) {
1829  SCLogDebug("IPv6");
1830  g = gh->ipv6_head;
1831  }
1832 
1833  for ( ; g != NULL; g = g->next) {
1834  if (DetectAddressMatch(g,a) == 1) {
1835  SCReturnPtr(g, "DetectAddress");
1836  }
1837  }
1838 
1839  SCReturnPtr(NULL, "DetectAddress");
1840 }
1841 
1842 /********************************Unittests*************************************/
1843 
1844 #ifdef UNITTESTS
1845 
1846 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1847 {
1848  char str1[46] = "", str2[46] = "";
1849 
1850  if (ad == NULL)
1851  return FALSE;
1852 
1853  switch(ad->ip.family) {
1854  case AF_INET:
1855  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1856  SCLogDebug("%s", str1);
1857  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1858  SCLogDebug("%s", str2);
1859 
1860  if (strcmp(str1, one) != 0) {
1861  SCLogInfo("%s != %s", str1, one);
1862  return FALSE;
1863  }
1864 
1865  if (strcmp(str2, two) != 0) {
1866  SCLogInfo("%s != %s", str2, two);
1867  return FALSE;
1868  }
1869 
1870  return TRUE;
1871  break;
1872 
1873  case AF_INET6:
1874  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1875  SCLogDebug("%s", str1);
1876  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1877  SCLogDebug("%s", str2);
1878 
1879  if (strcmp(str1, one) != 0) {
1880  SCLogInfo("%s != %s", str1, one);
1881  return FALSE;
1882  }
1883 
1884  if (strcmp(str2, two) != 0) {
1885  SCLogInfo("%s != %s", str2, two);
1886  return FALSE;
1887  }
1888 
1889  return TRUE;
1890  break;
1891  }
1892 
1893  return FALSE;
1894 }
1895 
1896 typedef struct UTHValidateDetectAddressHeadRange_ {
1897  const char *one;
1898  const char *two;
1899 } UTHValidateDetectAddressHeadRange;
1900 
1901 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1902 {
1903  int expect = nranges;
1904  int have = 0;
1905 
1906  if (gh == NULL)
1907  return FALSE;
1908 
1909  DetectAddress *ad = NULL;
1910  ad = gh->ipv4_head;
1911  if (ad == NULL)
1912  ad = gh->ipv6_head;
1913  while (have < expect) {
1914  if (ad == NULL) {
1915  printf("bad head: have %d ranges, expected %d: ", have, expect);
1916  return FALSE;
1917  }
1918 
1919  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1920  return FALSE;
1921 
1922  ad = ad->next;
1923  have++;
1924  }
1925 
1926  return TRUE;
1927 }
1928 
1929 static int AddressTestParse01(void)
1930 {
1931  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1932 
1933  if (dd) {
1934  DetectAddressFree(dd);
1935  return 1;
1936  }
1937 
1938  return 0;
1939 }
1940 
1941 static int AddressTestParse02(void)
1942 {
1943  int result = 1;
1944  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1945 
1946  if (dd) {
1947  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1948  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1949  result = 0;
1950  }
1951 
1952  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1953  DetectAddressFree(dd);
1954  return result;
1955  }
1956 
1957  return 0;
1958 }
1959 
1960 static int AddressTestParse03(void)
1961 {
1962  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1963 
1964  if (dd) {
1965  DetectAddressFree(dd);
1966  return 1;
1967  }
1968 
1969  return 0;
1970 }
1971 
1972 static int AddressTestParse04(void)
1973 {
1974  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1975  FAIL_IF_NULL(dd);
1976 
1977  char left[16], right[16];
1978  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1979  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1980  SCLogDebug("left %s right %s", left, right);
1981  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1982  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1983  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1984  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1985 
1986  DetectAddressFree(dd);
1987  PASS;
1988 }
1989 
1990 /** \test that address range sets proper start address */
1991 static int AddressTestParse04bug5081(void)
1992 {
1993  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1994  FAIL_IF_NULL(dd);
1995 
1996  char left[16], right[16];
1997  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1998  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1999  SCLogDebug("left %s right %s", left, right);
2000  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
2001  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
2002 
2003  DetectAddressFree(dd);
2004  PASS;
2005 }
2006 
2007 static int AddressTestParse05(void)
2008 {
2009  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2010 
2011  if (dd) {
2012  DetectAddressFree(dd);
2013  return 1;
2014  }
2015 
2016  return 0;
2017 }
2018 
2019 static int AddressTestParse06(void)
2020 {
2021  int result = 1;
2022  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2023 
2024  if (dd) {
2025  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2026  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2027  result = 0;
2028  }
2029 
2030  DetectAddressFree(dd);
2031  return result;
2032  }
2033 
2034  return 0;
2035 }
2036 
2037 static int AddressTestParse07(void)
2038 {
2039  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2040 
2041  if (dd) {
2042  DetectAddressFree(dd);
2043  return 1;
2044  }
2045 
2046  return 0;
2047 }
2048 
2049 static int AddressTestParse08(void)
2050 {
2051  int result = 1;
2052  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2053 
2054  if (dd) {
2055  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2056  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2057 
2058  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2059  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2060  DetectAddressPrint(dd);
2061  result = 0;
2062  }
2063 
2064  DetectAddressFree(dd);
2065  return result;
2066  }
2067 
2068  return 0;
2069 }
2070 
2071 static int AddressTestParse09(void)
2072 {
2073  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2074 
2075  if (dd) {
2076  DetectAddressFree(dd);
2077  return 1;
2078  }
2079 
2080  return 0;
2081 }
2082 
2083 static int AddressTestParse10(void)
2084 {
2085  int result = 1;
2086  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2087 
2088  if (dd) {
2089  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2090  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2091 
2092  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2093  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2094  DetectAddressPrint(dd);
2095  result = 0;
2096  }
2097 
2098  DetectAddressFree(dd);
2099  return result;
2100  }
2101 
2102  return 0;
2103 }
2104 
2105 static int AddressTestParse11(void)
2106 {
2107  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2108 
2109  if (dd) {
2110  DetectAddressFree(dd);
2111  return 1;
2112  }
2113 
2114  return 0;
2115 }
2116 
2117 static int AddressTestParse12(void)
2118 {
2119  int result = 1;
2120  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2121 
2122  if (dd) {
2123  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2124  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2125 
2126  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2127  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2128  DetectAddressPrint(dd);
2129  result = 0;
2130  }
2131 
2132  DetectAddressFree(dd);
2133  return result;
2134  }
2135 
2136  return 0;
2137 }
2138 static int AddressTestParse13(void)
2139 {
2140  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2141 
2142  if (dd) {
2143  DetectAddressFree(dd);
2144  return 1;
2145  }
2146 
2147  return 0;
2148 }
2149 
2150 static int AddressTestParse14(void)
2151 {
2152  int result = 1;
2153  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2154 
2155  if (dd) {
2156  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2157  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2158 
2159  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2160  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2161  result = 0;
2162  }
2163 
2164  DetectAddressFree(dd);
2165  return result;
2166  }
2167 
2168  return 0;
2169 }
2170 
2171 static int AddressTestParse15(void)
2172 {
2173  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2174 
2175  if (dd) {
2176  DetectAddressFree(dd);
2177  return 1;
2178  }
2179 
2180  return 0;
2181 }
2182 
2183 static int AddressTestParse16(void)
2184 {
2185  int result = 1;
2186  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2187 
2188  if (dd) {
2189  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2190  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2191 
2192  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2193  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2194  result = 0;
2195  }
2196 
2197  DetectAddressFree(dd);
2198  return result;
2199  }
2200 
2201  return 0;
2202 }
2203 
2204 static int AddressTestParse17(void)
2205 {
2206  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2207 
2208  if (dd) {
2209  DetectAddressFree(dd);
2210  return 1;
2211  }
2212 
2213  return 0;
2214 }
2215 
2216 static int AddressTestParse18(void)
2217 {
2218  int result = 1;
2219  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2220 
2221  if (dd) {
2222  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2223  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2224  result = 0;
2225  }
2226 
2227  DetectAddressFree(dd);
2228  return result;
2229  }
2230 
2231  return 0;
2232 }
2233 
2234 static int AddressTestParse19(void)
2235 {
2236  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2237 
2238  if (dd) {
2239  DetectAddressFree(dd);
2240  return 0;
2241  }
2242 
2243  return 1;
2244 }
2245 
2246 static int AddressTestParse20(void)
2247 {
2248  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2249 
2250  if (dd) {
2251  DetectAddressFree(dd);
2252  return 1;
2253  }
2254 
2255  return 0;
2256 }
2257 
2258 static int AddressTestParse21(void)
2259 {
2260  int result = 1;
2261  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2262 
2263  if (dd) {
2264  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2265  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2266 
2267  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2268  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2269  result = 0;
2270  }
2271 
2272  DetectAddressFree(dd);
2273  return result;
2274  }
2275 
2276  return 0;
2277 }
2278 
2279 static int AddressTestParse22(void)
2280 {
2281  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2282 
2283  if (dd) {
2284  DetectAddressFree(dd);
2285  return 0;
2286  }
2287 
2288  return 1;
2289 }
2290 
2291 static int AddressTestParse23(void)
2292 {
2293  DetectAddressHead *gh = DetectAddressHeadInit();
2294  FAIL_IF_NULL(gh);
2295  int r = DetectAddressParse(NULL, gh, "any");
2296  FAIL_IF_NOT(r == 0);
2297  DetectAddressHeadFree(gh);
2298  PASS;
2299 }
2300 
2301 static int AddressTestParse24(void)
2302 {
2303  DetectAddressHead *gh = DetectAddressHeadInit();
2304  FAIL_IF_NULL(gh);
2305  int r = DetectAddressParse(NULL, gh, "Any");
2306  FAIL_IF_NOT(r == 0);
2307  DetectAddressHeadFree(gh);
2308  PASS;
2309 }
2310 
2311 static int AddressTestParse25(void)
2312 {
2313  DetectAddressHead *gh = DetectAddressHeadInit();
2314  FAIL_IF_NULL(gh);
2315  int r = DetectAddressParse(NULL, gh, "ANY");
2316  FAIL_IF_NOT(r == 0);
2317  DetectAddressHeadFree(gh);
2318  PASS;
2319 }
2320 
2321 /** \test recursion limit */
2322 static int AddressTestParse26(void)
2323 {
2324  DetectAddressHead *gh = DetectAddressHeadInit();
2325  FAIL_IF_NULL(gh);
2326  /* exactly 64: should pass */
2327  int r = DetectAddressParse(NULL, gh,
2328  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2329  "1.2.3.4"
2330  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2331  );
2332  FAIL_IF_NOT(r == 0);
2333  DetectAddressHeadFree(gh);
2334  gh = DetectAddressHeadInit();
2335  FAIL_IF_NULL(gh);
2336  /* exactly 65: should fail */
2337  r = DetectAddressParse(NULL, gh,
2338  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2339  "1.2.3.4"
2340  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2341  );
2342  FAIL_IF(r == 0);
2343  DetectAddressHeadFree(gh);
2344  PASS;
2345 }
2346 
2347 static int AddressTestParse27(void)
2348 {
2349  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2350 
2351  if (dd) {
2352  DetectAddressFree(dd);
2353  return 1;
2354  }
2355 
2356  return 0;
2357 }
2358 
2359 static int AddressTestParse28(void)
2360 {
2361  int result = 0;
2362  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2363 
2364  if (dd) {
2365  if (dd->flags & ADDRESS_FLAG_NOT &&
2366  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2367  result = 1;
2368  }
2369 
2370  DetectAddressFree(dd);
2371  return result;
2372  }
2373 
2374  return 0;
2375 }
2376 
2377 static int AddressTestParse29(void)
2378 {
2379  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2380 
2381  if (dd) {
2382  DetectAddressFree(dd);
2383  return 1;
2384  }
2385 
2386  return 0;
2387 }
2388 
2389 static int AddressTestParse30(void)
2390 {
2391  int result = 0;
2392  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2393 
2394  if (dd) {
2395  if (dd->flags & ADDRESS_FLAG_NOT &&
2396  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2397  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2398  result = 1;
2399  }
2400 
2401  DetectAddressFree(dd);
2402  return result;
2403  }
2404 
2405  return 0;
2406 }
2407 
2408 /**
2409  * \test make sure !any is rejected
2410  */
2411 static int AddressTestParse31(void)
2412 {
2413  DetectAddress *dd = DetectAddressParseSingle("!any");
2414 
2415  if (dd) {
2416  DetectAddressFree(dd);
2417  return 0;
2418  }
2419 
2420  return 1;
2421 }
2422 
2423 static int AddressTestParse32(void)
2424 {
2425  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2426 
2427  if (dd) {
2428  DetectAddressFree(dd);
2429  return 1;
2430  }
2431 
2432  return 0;
2433 }
2434 
2435 static int AddressTestParse33(void)
2436 {
2437  int result = 0;
2438  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2439 
2440  if (dd) {
2441  if (dd->flags & ADDRESS_FLAG_NOT &&
2442  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2443  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2444  result = 1;
2445  }
2446 
2447  DetectAddressFree(dd);
2448  return result;
2449  }
2450 
2451  return 0;
2452 }
2453 
2454 static int AddressTestParse34(void)
2455 {
2456  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2457 
2458  if (dd) {
2459  DetectAddressFree(dd);
2460  return 1;
2461  }
2462 
2463  return 0;
2464 }
2465 
2466 static int AddressTestParse35(void)
2467 {
2468  int result = 0;
2469  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2470 
2471  if (dd) {
2472  if (dd->flags & ADDRESS_FLAG_NOT &&
2473  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2474  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2475 
2476  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2477  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2478  result = 1;
2479  }
2480 
2481  DetectAddressFree(dd);
2482  return result;
2483  }
2484 
2485  return 0;
2486 }
2487 
2488 static int AddressTestParse36(void)
2489 {
2490  int result = 1;
2491  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2492 
2493  if (dd) {
2494  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2495  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2496 
2497  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2498  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2499 
2500  DetectAddressPrint(dd);
2501  result = 0;
2502  }
2503  DetectAddressPrint(dd);
2504 
2505  DetectAddressFree(dd);
2506  return result;
2507  }
2508 
2509  return 0;
2510 }
2511 
2512 static int AddressTestParse37(void)
2513 {
2514  int result = 1;
2515  DetectAddress *dd = DetectAddressParseSingle("::/0");
2516 
2517  if (dd) {
2518  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2519  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2520 
2521  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2522  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2523  DetectAddressPrint(dd);
2524  result = 0;
2525  }
2526  DetectAddressPrint(dd);
2527 
2528  DetectAddressFree(dd);
2529  return result;
2530  }
2531 
2532  return 0;
2533 }
2534 
2535 static int AddressTestMatch01(void)
2536 {
2537  DetectAddress *dd = NULL;
2538  int result = 1;
2539  struct in_addr in;
2540  Address a;
2541 
2542  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2543  return 0;
2544  memset(&a, 0, sizeof(Address));
2545  a.family = AF_INET;
2546  a.addr_data32[0] = in.s_addr;
2547 
2548  dd = DetectAddressParseSingle("1.2.3.4/24");
2549  if (dd) {
2550  if (DetectAddressMatch(dd, &a) == 0)
2551  result = 0;
2552 
2553  DetectAddressFree(dd);
2554  return result;
2555  }
2556 
2557  return 0;
2558 }
2559 
2560 static int AddressTestMatch02(void)
2561 {
2562  DetectAddress *dd = NULL;
2563  int result = 1;
2564  struct in_addr in;
2565  Address a;
2566 
2567  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2568  return 0;
2569  memset(&a, 0, sizeof(Address));
2570  a.family = AF_INET;
2571  a.addr_data32[0] = in.s_addr;
2572 
2573  dd = DetectAddressParseSingle("1.2.3.4/25");
2574  if (dd) {
2575  if (DetectAddressMatch(dd, &a) == 0)
2576  result = 0;
2577 
2578  DetectAddressFree(dd);
2579  return result;
2580  }
2581 
2582  return 0;
2583 }
2584 
2585 static int AddressTestMatch03(void)
2586 {
2587  DetectAddress *dd = NULL;
2588  int result = 1;
2589  struct in_addr in;
2590  Address a;
2591 
2592  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2593  return 0;
2594  memset(&a, 0, sizeof(Address));
2595  a.family = AF_INET;
2596  a.addr_data32[0] = in.s_addr;
2597 
2598  dd = DetectAddressParseSingle("1.2.3.4/25");
2599  if (dd) {
2600  if (DetectAddressMatch(dd, &a) == 1)
2601  result = 0;
2602 
2603  DetectAddressFree(dd);
2604  return result;
2605  }
2606 
2607  return 0;
2608 }
2609 
2610 static int AddressTestMatch04(void)
2611 {
2612  DetectAddress *dd = NULL;
2613  int result = 1;
2614  struct in_addr in;
2615  Address a;
2616 
2617  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2618  return 0;
2619  memset(&a, 0, sizeof(Address));
2620  a.family = AF_INET;
2621  a.addr_data32[0] = in.s_addr;
2622 
2623  dd = DetectAddressParseSingle("1.2.3.4/25");
2624  if (dd) {
2625  if (DetectAddressMatch(dd, &a) == 1)
2626  result = 0;
2627 
2628  DetectAddressFree(dd);
2629  return result;
2630  }
2631 
2632  return 0;
2633 }
2634 
2635 static int AddressTestMatch05(void)
2636 {
2637  DetectAddress *dd = NULL;
2638  int result = 1;
2639  struct in_addr in;
2640  Address a;
2641 
2642  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2643  return 0;
2644  memset(&a, 0, sizeof(Address));
2645  a.family = AF_INET;
2646  a.addr_data32[0] = in.s_addr;
2647 
2648  dd = DetectAddressParseSingle("1.2.3.4/32");
2649  if (dd) {
2650  if (DetectAddressMatch(dd, &a) == 0)
2651  result = 0;
2652 
2653  DetectAddressFree(dd);
2654  return result;
2655  }
2656 
2657  return 0;
2658 }
2659 
2660 static int AddressTestMatch06(void)
2661 {
2662  DetectAddress *dd = NULL;
2663  int result = 1;
2664  struct in_addr in;
2665  Address a;
2666 
2667  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2668  return 0;
2669  memset(&a, 0, sizeof(Address));
2670  a.family = AF_INET;
2671  a.addr_data32[0] = in.s_addr;
2672 
2673  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2674  if (dd) {
2675  if (DetectAddressMatch(dd, &a) == 0)
2676  result = 0;
2677 
2678  DetectAddressFree(dd);
2679  return result;
2680  }
2681 
2682  return 0;
2683 }
2684 
2685 static int AddressTestMatch07(void)
2686 {
2687  DetectAddress *dd = NULL;
2688  int result = 1;
2689  struct in6_addr in6;
2690  Address a;
2691 
2692  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2693  return 0;
2694  memset(&a, 0, sizeof(Address));
2695  a.family = AF_INET6;
2696  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2697 
2698  dd = DetectAddressParseSingle("2001::/3");
2699  if (dd) {
2700  if (DetectAddressMatch(dd, &a) == 0)
2701  result = 0;
2702 
2703  DetectAddressFree(dd);
2704  return result;
2705  }
2706 
2707  return 0;
2708 }
2709 
2710 static int AddressTestMatch08(void)
2711 {
2712  DetectAddress *dd = NULL;
2713  int result = 1;
2714  struct in6_addr in6;
2715  Address a;
2716 
2717  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2718  return 0;
2719  memset(&a, 0, sizeof(Address));
2720  a.family = AF_INET6;
2721  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2722 
2723  dd = DetectAddressParseSingle("2001::/3");
2724  if (dd) {
2725  if (DetectAddressMatch(dd, &a) == 1)
2726  result = 0;
2727 
2728  DetectAddressFree(dd);
2729  return result;
2730  }
2731 
2732  return 0;
2733 }
2734 
2735 static int AddressTestMatch09(void)
2736 {
2737  DetectAddress *dd = NULL;
2738  int result = 1;
2739  struct in6_addr in6;
2740  Address a;
2741 
2742  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2743  return 0;
2744  memset(&a, 0, sizeof(Address));
2745  a.family = AF_INET6;
2746  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2747 
2748  dd = DetectAddressParseSingle("2001::1/128");
2749  if (dd) {
2750  if (DetectAddressMatch(dd, &a) == 1)
2751  result = 0;
2752 
2753  DetectAddressFree(dd);
2754  return result;
2755  }
2756 
2757  return 0;
2758 }
2759 
2760 static int AddressTestMatch10(void)
2761 {
2762  DetectAddress *dd = NULL;
2763  int result = 1;
2764  struct in6_addr in6;
2765  Address a;
2766 
2767  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2768  return 0;
2769  memset(&a, 0, sizeof(Address));
2770  a.family = AF_INET6;
2771  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2772 
2773  dd = DetectAddressParseSingle("2001::1/126");
2774  if (dd) {
2775  if (DetectAddressMatch(dd, &a) == 0)
2776  result = 0;
2777 
2778  DetectAddressFree(dd);
2779  return result;
2780  }
2781 
2782  return 0;
2783 }
2784 
2785 static int AddressTestMatch11(void)
2786 {
2787  DetectAddress *dd = NULL;
2788  int result = 1;
2789  struct in6_addr in6;
2790  Address a;
2791 
2792  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2793  return 0;
2794  memset(&a, 0, sizeof(Address));
2795  a.family = AF_INET6;
2796  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2797 
2798  dd = DetectAddressParseSingle("2001::1/127");
2799  if (dd) {
2800  if (DetectAddressMatch(dd, &a) == 1)
2801  result = 0;
2802 
2803  DetectAddressFree(dd);
2804  return result;
2805  }
2806 
2807  return 0;
2808 }
2809 
2810 static int AddressTestCmp01(void)
2811 {
2812  DetectAddress *da = NULL, *db = NULL;
2813  int result = 1;
2814 
2815  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2816  if (da == NULL) goto error;
2817  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2818  if (db == NULL) goto error;
2819 
2820  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2821  result = 0;
2822 
2823  DetectAddressFree(da);
2824  DetectAddressFree(db);
2825  return result;
2826 
2827 error:
2828  if (da) DetectAddressFree(da);
2829  if (db) DetectAddressFree(db);
2830  return 0;
2831 }
2832 
2833 static int AddressTestCmp02(void)
2834 {
2835  DetectAddress *da = NULL, *db = NULL;
2836  int result = 1;
2837 
2838  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2839  if (da == NULL) goto error;
2840  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2841  if (db == NULL) goto error;
2842 
2843  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2844  result = 0;
2845 
2846  DetectAddressFree(da);
2847  DetectAddressFree(db);
2848  return result;
2849 
2850 error:
2851  if (da) DetectAddressFree(da);
2852  if (db) DetectAddressFree(db);
2853  return 0;
2854 }
2855 
2856 static int AddressTestCmp03(void)
2857 {
2858  DetectAddress *da = NULL, *db = NULL;
2859  int result = 1;
2860 
2861  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2862  if (da == NULL) goto error;
2863  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2864  if (db == NULL) goto error;
2865 
2866  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2867  result = 0;
2868 
2869  DetectAddressFree(da);
2870  DetectAddressFree(db);
2871  return result;
2872 
2873 error:
2874  if (da) DetectAddressFree(da);
2875  if (db) DetectAddressFree(db);
2876  return 0;
2877 }
2878 
2879 static int AddressTestCmp04(void)
2880 {
2881  DetectAddress *da = NULL, *db = NULL;
2882  int result = 1;
2883 
2884  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2885  if (da == NULL) goto error;
2886  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2887  if (db == NULL) goto error;
2888 
2889  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2890  result = 0;
2891 
2892  DetectAddressFree(da);
2893  DetectAddressFree(db);
2894  return result;
2895 
2896 error:
2897  if (da) DetectAddressFree(da);
2898  if (db) DetectAddressFree(db);
2899  return 0;
2900 }
2901 
2902 static int AddressTestCmp05(void)
2903 {
2904  DetectAddress *da = NULL, *db = NULL;
2905  int result = 1;
2906 
2907  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2908  if (da == NULL) goto error;
2909  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2910  if (db == NULL) goto error;
2911 
2912  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2913  result = 0;
2914 
2915  DetectAddressFree(da);
2916  DetectAddressFree(db);
2917  return result;
2918 
2919 error:
2920  if (da) DetectAddressFree(da);
2921  if (db) DetectAddressFree(db);
2922  return 0;
2923 }
2924 
2925 static int AddressTestCmp06(void)
2926 {
2927  DetectAddress *da = NULL, *db = NULL;
2928  int result = 1;
2929 
2930  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2931  if (da == NULL) goto error;
2932  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2933  if (db == NULL) goto error;
2934 
2935  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2936  result = 0;
2937 
2938  DetectAddressFree(da);
2939  DetectAddressFree(db);
2940  return result;
2941 
2942 error:
2943  if (da) DetectAddressFree(da);
2944  if (db) DetectAddressFree(db);
2945  return 0;
2946 }
2947 
2948 static int AddressTestCmpIPv407(void)
2949 {
2950  DetectAddress *da = NULL, *db = NULL;
2951  int result = 1;
2952 
2953  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2954  if (da == NULL) goto error;
2955  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2956  if (db == NULL) goto error;
2957 
2958  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2959  result = 0;
2960 
2961  DetectAddressFree(da);
2962  DetectAddressFree(db);
2963  return result;
2964 
2965 error:
2966  if (da) DetectAddressFree(da);
2967  if (db) DetectAddressFree(db);
2968  return 0;
2969 }
2970 
2971 static int AddressTestCmpIPv408(void)
2972 {
2973  DetectAddress *da = NULL, *db = NULL;
2974  int result = 1;
2975 
2976  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2977  if (da == NULL) goto error;
2978  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2979  if (db == NULL) goto error;
2980 
2981  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2982  result = 0;
2983 
2984  DetectAddressFree(da);
2985  DetectAddressFree(db);
2986  return result;
2987 
2988 error:
2989  if (da) DetectAddressFree(da);
2990  if (db) DetectAddressFree(db);
2991  return 0;
2992 }
2993 
2994 static int AddressTestCmp07(void)
2995 {
2996  DetectAddress *da = NULL, *db = NULL;
2997  int result = 1;
2998 
2999  da = DetectAddressParseSingle("2001::/3");
3000  if (da == NULL) goto error;
3001  db = DetectAddressParseSingle("2001::1/3");
3002  if (db == NULL) goto error;
3003 
3004  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3005  result = 0;
3006 
3007  DetectAddressFree(da);
3008  DetectAddressFree(db);
3009  return result;
3010 
3011 error:
3012  if (da) DetectAddressFree(da);
3013  if (db) DetectAddressFree(db);
3014  return 0;
3015 }
3016 
3017 static int AddressTestCmp08(void)
3018 {
3019  DetectAddress *da = NULL, *db = NULL;
3020  int result = 1;
3021 
3022  da = DetectAddressParseSingle("2001::/3");
3023  if (da == NULL) goto error;
3024  db = DetectAddressParseSingle("2001::/8");
3025  if (db == NULL) goto error;
3026 
3027  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3028  result = 0;
3029 
3030  DetectAddressFree(da);
3031  DetectAddressFree(db);
3032  return result;
3033 
3034 error:
3035  if (da) DetectAddressFree(da);
3036  if (db) DetectAddressFree(db);
3037  return 0;
3038 }
3039 
3040 static int AddressTestCmp09(void)
3041 {
3042  DetectAddress *da = NULL, *db = NULL;
3043  int result = 1;
3044 
3045  da = DetectAddressParseSingle("2001::/8");
3046  if (da == NULL) goto error;
3047  db = DetectAddressParseSingle("2001::/3");
3048  if (db == NULL) goto error;
3049 
3050  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3051  result = 0;
3052 
3053  DetectAddressFree(da);
3054  DetectAddressFree(db);
3055  return result;
3056 
3057 error:
3058  if (da) DetectAddressFree(da);
3059  if (db) DetectAddressFree(db);
3060  return 0;
3061 }
3062 
3063 static int AddressTestCmp10(void)
3064 {
3065  DetectAddress *da = NULL, *db = NULL;
3066  int result = 1;
3067 
3068  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3069  if (da == NULL) goto error;
3070  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3071  if (db == NULL) goto error;
3072 
3073  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3074  result = 0;
3075 
3076  DetectAddressFree(da);
3077  DetectAddressFree(db);
3078  return result;
3079 
3080 error:
3081  if (da) DetectAddressFree(da);
3082  if (db) DetectAddressFree(db);
3083  return 0;
3084 }
3085 
3086 static int AddressTestCmp11(void)
3087 {
3088  DetectAddress *da = NULL, *db = NULL;
3089  int result = 1;
3090 
3091  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3092  if (da == NULL) goto error;
3093  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3094  if (db == NULL) goto error;
3095 
3096  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3097  result = 0;
3098 
3099  DetectAddressFree(da);
3100  DetectAddressFree(db);
3101  return result;
3102 
3103 error:
3104  if (da) DetectAddressFree(da);
3105  if (db) DetectAddressFree(db);
3106  return 0;
3107 }
3108 
3109 static int AddressTestCmp12(void)
3110 {
3111  DetectAddress *da = NULL, *db = NULL;
3112  int result = 1;
3113 
3114  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3115  if (da == NULL) goto error;
3116  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3117  if (db == NULL) goto error;
3118 
3119  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3120  result = 0;
3121 
3122  DetectAddressFree(da);
3123  DetectAddressFree(db);
3124  return result;
3125 
3126 error:
3127  if (da) DetectAddressFree(da);
3128  if (db) DetectAddressFree(db);
3129  return 0;
3130 }
3131 
3132 static int AddressTestAddressGroupSetup01(void)
3133 {
3134  int result = 0;
3135  DetectAddressHead *gh = DetectAddressHeadInit();
3136 
3137  if (gh != NULL) {
3138  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3139  if (r == 0)
3140  result = 1;
3141 
3142  DetectAddressHeadFree(gh);
3143  }
3144  return result;
3145 }
3146 
3147 static int AddressTestAddressGroupSetup02(void)
3148 {
3149  int result = 0;
3150  DetectAddressHead *gh = DetectAddressHeadInit();
3151 
3152  if (gh != NULL) {
3153  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3154  if (r == 0 && gh->ipv4_head != NULL)
3155  result = 1;
3156 
3157  DetectAddressHeadFree(gh);
3158  }
3159  return result;
3160 }
3161 
3162 static int AddressTestAddressGroupSetup03(void)
3163 {
3164  int result = 0;
3165  DetectAddressHead *gh = DetectAddressHeadInit();
3166 
3167  if (gh != NULL) {
3168  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3169  if (r == 0 && gh->ipv4_head != NULL) {
3170  DetectAddress *prev_head = gh->ipv4_head;
3171 
3172  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3173  if (r == 0 && gh->ipv4_head != prev_head &&
3174  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3175  result = 1;
3176  }
3177  }
3178 
3179  DetectAddressHeadFree(gh);
3180  }
3181  return result;
3182 }
3183 
3184 static int AddressTestAddressGroupSetup04(void)
3185 {
3186  int result = 0;
3187  DetectAddressHead *gh = DetectAddressHeadInit();
3188 
3189  if (gh != NULL) {
3190  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3191  if (r == 0 && gh->ipv4_head != NULL) {
3192  DetectAddress *prev_head = gh->ipv4_head;
3193 
3194  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3195  if (r == 0 && gh->ipv4_head != prev_head &&
3196  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3197  DetectAddress *ph = gh->ipv4_head;
3198 
3199  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3200  if (r == 0 && gh->ipv4_head != ph &&
3201  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3202  result = 1;
3203  }
3204  }
3205  }
3206 
3207  DetectAddressHeadFree(gh);
3208  }
3209  return result;
3210 }
3211 
3212 static int AddressTestAddressGroupSetup05(void)
3213 {
3214  int result = 0;
3215  DetectAddressHead *gh = DetectAddressHeadInit();
3216 
3217  if (gh != NULL) {
3218  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3219  if (r == 0 && gh->ipv4_head != NULL) {
3220  DetectAddress *prev_head = gh->ipv4_head;
3221 
3222  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3223  if (r == 0 && gh->ipv4_head == prev_head &&
3224  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3225  DetectAddress *ph = gh->ipv4_head;
3226 
3227  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3228  if (r == 0 && gh->ipv4_head == ph &&
3229  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3230  result = 1;
3231  }
3232  }
3233  }
3234 
3235  DetectAddressHeadFree(gh);
3236  }
3237  return result;
3238 }
3239 
3240 static int AddressTestAddressGroupSetup06(void)
3241 {
3242  int result = 0;
3243  DetectAddressHead *gh = DetectAddressHeadInit();
3244 
3245  if (gh != NULL) {
3246  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3247  if (r == 0 && gh->ipv4_head != NULL) {
3248  DetectAddress *prev_head = gh->ipv4_head;
3249 
3250  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3251  if (r == 0 && gh->ipv4_head == prev_head &&
3252  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3253  result = 1;
3254  }
3255  }
3256 
3257  DetectAddressHeadFree(gh);
3258  }
3259  return result;
3260 }
3261 
3262 static int AddressTestAddressGroupSetup07(void)
3263 {
3264  int result = 0;
3265  DetectAddressHead *gh = DetectAddressHeadInit();
3266 
3267  if (gh != NULL) {
3268  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3269  if (r == 0 && gh->ipv4_head != NULL) {
3270  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3271  if (r == 0 && gh->ipv4_head != NULL &&
3272  gh->ipv4_head->next != NULL &&
3273  gh->ipv4_head->next->next != NULL) {
3274  result = 1;
3275  }
3276  }
3277 
3278  DetectAddressHeadFree(gh);
3279  }
3280  return result;
3281 }
3282 
3283 static int AddressTestAddressGroupSetup08(void)
3284 {
3285  int result = 0;
3286  DetectAddressHead *gh = DetectAddressHeadInit();
3287 
3288  if (gh != NULL) {
3289  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3290  if (r == 0 && gh->ipv4_head != NULL) {
3291  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3292  if (r == 0 && gh->ipv4_head != NULL &&
3293  gh->ipv4_head->next != NULL &&
3294  gh->ipv4_head->next->next != NULL) {
3295  result = 1;
3296  }
3297  }
3298 
3299  DetectAddressHeadFree(gh);
3300  }
3301  return result;
3302 }
3303 
3304 static int AddressTestAddressGroupSetup09(void)
3305 {
3306  int result = 0;
3307  DetectAddressHead *gh = DetectAddressHeadInit();
3308 
3309  if (gh != NULL) {
3310  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3311  if (r == 0 && gh->ipv4_head != NULL) {
3312  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3313  if (r == 0 && gh->ipv4_head != NULL &&
3314  gh->ipv4_head->next != NULL &&
3315  gh->ipv4_head->next->next != NULL) {
3316  result = 1;
3317  }
3318  }
3319 
3320  DetectAddressHeadFree(gh);
3321  }
3322  return result;
3323 }
3324 
3325 static int AddressTestAddressGroupSetup10(void)
3326 {
3327  int result = 0;
3328  DetectAddressHead *gh = DetectAddressHeadInit();
3329 
3330  if (gh != NULL) {
3331  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3332  if (r == 0 && gh->ipv4_head != NULL) {
3333  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3334  if (r == 0 && gh->ipv4_head != NULL &&
3335  gh->ipv4_head->next != NULL &&
3336  gh->ipv4_head->next->next != NULL) {
3337  result = 1;
3338  }
3339  }
3340 
3341  DetectAddressHeadFree(gh);
3342  }
3343  return result;
3344 }
3345 
3346 static int AddressTestAddressGroupSetup11(void)
3347 {
3348  int result = 0;
3349  DetectAddressHead *gh = DetectAddressHeadInit();
3350 
3351  if (gh != NULL) {
3352  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3353  if (r == 0) {
3354  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3355  if (r == 0) {
3356  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3357  if (r == 0) {
3358  DetectAddress *one = gh->ipv4_head, *two = one->next,
3359  *three = two->next, *four = three->next,
3360  *five = four->next;
3361 
3362  /* result should be:
3363  * 0.0.0.0/10.10.9.255
3364  * 10.10.10.0/10.10.10.9
3365  * 10.10.10.10/10.10.10.255
3366  * 10.10.11.0/10.10.11.1
3367  * 10.10.11.2/255.255.255.255
3368  */
3369  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3370  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3371  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3372  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3373  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3374  result = 1;
3375  }
3376  }
3377  }
3378  }
3379 
3380  DetectAddressHeadFree(gh);
3381  }
3382  return result;
3383 }
3384 
3385 static int AddressTestAddressGroupSetup12 (void)
3386 {
3387  int result = 0;
3388  DetectAddressHead *gh = DetectAddressHeadInit();
3389 
3390  if (gh != NULL) {
3391  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3392  if (r == 0) {
3393  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3394  if (r == 0) {
3395  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3396  if (r == 0) {
3397  DetectAddress *one = gh->ipv4_head, *two = one->next,
3398  *three = two->next, *four = three->next,
3399  *five = four->next;
3400 
3401  /* result should be:
3402  * 0.0.0.0/10.10.9.255
3403  * 10.10.10.0/10.10.10.9
3404  * 10.10.10.10/10.10.10.255
3405  * 10.10.11.0/10.10.11.1
3406  * 10.10.11.2/255.255.255.255
3407  */
3408  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3409  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3410  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3411  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3412  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3413  result = 1;
3414  }
3415  }
3416  }
3417  }
3418 
3419  DetectAddressHeadFree(gh);
3420  }
3421  return result;
3422 }
3423 
3424 static int AddressTestAddressGroupSetup13(void)
3425 {
3426  int result = 0;
3427  DetectAddressHead *gh = DetectAddressHeadInit();
3428 
3429  if (gh != NULL) {
3430  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3431  if (r == 0) {
3432  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3433  if (r == 0) {
3434  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3435  if (r == 0) {
3436  DetectAddress *one = gh->ipv4_head, *two = one->next,
3437  *three = two->next, *four = three->next,
3438  *five = four->next;
3439 
3440  /* result should be:
3441  * 0.0.0.0/10.10.9.255
3442  * 10.10.10.0/10.10.10.9
3443  * 10.10.10.10/10.10.10.255
3444  * 10.10.11.0/10.10.11.1
3445  * 10.10.11.2/255.255.255.255
3446  */
3447  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3448  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3449  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3450  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3451  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3452  result = 1;
3453  }
3454  }
3455  }
3456  }
3457 
3458  DetectAddressHeadFree(gh);
3459  }
3460  return result;
3461 }
3462 
3463 static int AddressTestAddressGroupSetupIPv414(void)
3464 {
3465  DetectAddressHead *gh = DetectAddressHeadInit();
3466  FAIL_IF_NULL(gh);
3467 
3468  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3469  FAIL_IF_NOT(r == 1);
3470 
3471  DetectAddress *one = gh->ipv4_head;
3472  FAIL_IF_NULL(one);
3473  DetectAddress *two = one->next;
3474  FAIL_IF_NULL(two);
3475 
3476  /* result should be:
3477  * 0.0.0.0/1.2.3.3
3478  * 1.2.3.5/255.255.255.255
3479  */
3480  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3481  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3482  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3483  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3484  DetectAddressHeadFree(gh);
3485 
3486  PASS;
3487 }
3488 
3489 static int AddressTestAddressGroupSetupIPv415(void)
3490 {
3491  DetectAddressHead *gh = DetectAddressHeadInit();
3492  FAIL_IF_NULL(gh);
3493 
3494  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3495  FAIL_IF_NOT(r == 1);
3496 
3497  DetectAddress *one = gh->ipv4_head;
3498  FAIL_IF_NULL(one);
3499  FAIL_IF_NOT_NULL(one->next);
3500 
3501  /* result should be:
3502  * 0.0.0.1/255.255.255.255
3503  */
3504  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3505  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3506 
3507  DetectAddressHeadFree(gh);
3508  PASS;
3509 }
3510 
3511 static int AddressTestAddressGroupSetupIPv416(void)
3512 {
3513  DetectAddressHead *gh = DetectAddressHeadInit();
3514  FAIL_IF_NULL(gh);
3515 
3516  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3517  FAIL_IF_NOT(r == 1);
3518 
3519  DetectAddress *one = gh->ipv4_head;
3520  FAIL_IF_NULL(one);
3521  FAIL_IF_NOT_NULL(one->next);
3522 
3523  /* result should be:
3524  * 0.0.0.0/255.255.255.254
3525  */
3526  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3527  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3528 
3529  DetectAddressHeadFree(gh);
3530  PASS;
3531 }
3532 
3533 static int AddressTestAddressGroupSetup14(void)
3534 {
3535  int result = 0;
3536  DetectAddressHead *gh = DetectAddressHeadInit();
3537 
3538  if (gh != NULL) {
3539  int r = DetectAddressParse(NULL, gh, "2001::1");
3540  if (r == 0)
3541  result = 1;
3542 
3543  DetectAddressHeadFree(gh);
3544  }
3545  return result;
3546 }
3547 
3548 static int AddressTestAddressGroupSetup15(void)
3549 {
3550  int result = 0;
3551  DetectAddressHead *gh = DetectAddressHeadInit();
3552 
3553  if (gh != NULL) {
3554  int r = DetectAddressParse(NULL, gh, "2001::1");
3555  if (r == 0 && gh->ipv6_head != NULL)
3556  result = 1;
3557 
3558  DetectAddressHeadFree(gh);
3559  }
3560  return result;
3561 }
3562 
3563 static int AddressTestAddressGroupSetup16(void)
3564 {
3565  int result = 0;
3566  DetectAddressHead *gh = DetectAddressHeadInit();
3567 
3568  if (gh != NULL) {
3569  int r = DetectAddressParse(NULL, gh, "2001::4");
3570  if (r == 0 && gh->ipv6_head != NULL) {
3571  DetectAddress *prev_head = gh->ipv6_head;
3572 
3573  r = DetectAddressParse(NULL, gh, "2001::3");
3574  if (r == 0 && gh->ipv6_head != prev_head &&
3575  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3576  result = 1;
3577  }
3578  }
3579 
3580  DetectAddressHeadFree(gh);
3581  }
3582  return result;
3583 }
3584 
3585 static int AddressTestAddressGroupSetup17(void)
3586 {
3587  int result = 0;
3588  DetectAddressHead *gh = DetectAddressHeadInit();
3589 
3590  if (gh != NULL) {
3591  int r = DetectAddressParse(NULL, gh, "2001::4");
3592  if (r == 0 && gh->ipv6_head != NULL) {
3593  DetectAddress *prev_head = gh->ipv6_head;
3594 
3595  r = DetectAddressParse(NULL, gh, "2001::3");
3596  if (r == 0 && gh->ipv6_head != prev_head &&
3597  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3598  DetectAddress *ph = gh->ipv6_head;
3599 
3600  r = DetectAddressParse(NULL, gh, "2001::2");
3601  if (r == 0 && gh->ipv6_head != ph &&
3602  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3603  result = 1;
3604  }
3605  }
3606  }
3607 
3608  DetectAddressHeadFree(gh);
3609  }
3610  return result;
3611 }
3612 
3613 static int AddressTestAddressGroupSetup18(void)
3614 {
3615  int result = 0;
3616  DetectAddressHead *gh = DetectAddressHeadInit();
3617 
3618  if (gh != NULL) {
3619  int r = DetectAddressParse(NULL, gh, "2001::2");
3620  if (r == 0 && gh->ipv6_head != NULL) {
3621  DetectAddress *prev_head = gh->ipv6_head;
3622 
3623  r = DetectAddressParse(NULL, gh, "2001::3");
3624  if (r == 0 && gh->ipv6_head == prev_head &&
3625  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3626  DetectAddress *ph = gh->ipv6_head;
3627 
3628  r = DetectAddressParse(NULL, gh, "2001::4");
3629  if (r == 0 && gh->ipv6_head == ph &&
3630  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3631  result = 1;
3632  }
3633  }
3634  }
3635 
3636  DetectAddressHeadFree(gh);
3637  }
3638  return result;
3639 }
3640 
3641 static int AddressTestAddressGroupSetup19(void)
3642 {
3643  int result = 0;
3644  DetectAddressHead *gh = DetectAddressHeadInit();
3645 
3646  if (gh != NULL) {
3647  int r = DetectAddressParse(NULL, gh, "2001::2");
3648  if (r == 0 && gh->ipv6_head != NULL) {
3649  DetectAddress *prev_head = gh->ipv6_head;
3650 
3651  r = DetectAddressParse(NULL, gh, "2001::2");
3652  if (r == 0 && gh->ipv6_head == prev_head &&
3653  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3654  result = 1;
3655  }
3656  }
3657 
3658  DetectAddressHeadFree(gh);
3659  }
3660  return result;
3661 }
3662 
3663 static int AddressTestAddressGroupSetup20(void)
3664 {
3665  int result = 0;
3666  DetectAddressHead *gh = DetectAddressHeadInit();
3667 
3668  if (gh != NULL) {
3669  int r = DetectAddressParse(NULL, gh, "2000::/3");
3670  if (r == 0 && gh->ipv6_head != NULL) {
3671  r = DetectAddressParse(NULL, gh, "2001::4");
3672  if (r == 0 && gh->ipv6_head != NULL &&
3673  gh->ipv6_head->next != NULL &&
3674  gh->ipv6_head->next->next != NULL) {
3675  result = 1;
3676  }
3677  }
3678 
3679  DetectAddressHeadFree(gh);
3680  }
3681  return result;
3682 }
3683 
3684 static int AddressTestAddressGroupSetup21(void)
3685 {
3686  int result = 0;
3687  DetectAddressHead *gh = DetectAddressHeadInit();
3688 
3689  if (gh != NULL) {
3690  int r = DetectAddressParse(NULL, gh, "2001::4");
3691  if (r == 0 && gh->ipv6_head != NULL) {
3692  r = DetectAddressParse(NULL, gh, "2000::/3");
3693  if (r == 0 && gh->ipv6_head != NULL &&
3694  gh->ipv6_head->next != NULL &&
3695  gh->ipv6_head->next->next != NULL) {
3696  result = 1;
3697  }
3698  }
3699 
3700  DetectAddressHeadFree(gh);
3701  }
3702  return result;
3703 }
3704 
3705 static int AddressTestAddressGroupSetup22(void)
3706 {
3707  int result = 0;
3708  DetectAddressHead *gh = DetectAddressHeadInit();
3709 
3710  if (gh != NULL) {
3711  int r = DetectAddressParse(NULL, gh, "2000::/3");
3712  if (r == 0 && gh->ipv6_head != NULL) {
3713  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3714  if (r == 0 && gh->ipv6_head != NULL &&
3715  gh->ipv6_head->next != NULL &&
3716  gh->ipv6_head->next->next != NULL) {
3717  result = 1;
3718  }
3719  }
3720 
3721  DetectAddressHeadFree(gh);
3722  }
3723  return result;
3724 }
3725 
3726 static int AddressTestAddressGroupSetup23(void)
3727 {
3728  int result = 0;
3729  DetectAddressHead *gh = DetectAddressHeadInit();
3730 
3731  if (gh != NULL) {
3732  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3733  if (r == 0 && gh->ipv6_head != NULL) {
3734  r = DetectAddressParse(NULL, gh, "2000::/3");
3735  if (r == 0 && gh->ipv6_head != NULL &&
3736  gh->ipv6_head->next != NULL &&
3737  gh->ipv6_head->next->next != NULL) {
3738  result = 1;
3739  }
3740  }
3741 
3742  DetectAddressHeadFree(gh);
3743  }
3744  return result;
3745 }
3746 
3747 static int AddressTestAddressGroupSetup24(void)
3748 {
3749  int result = 0;
3750  DetectAddressHead *gh = DetectAddressHeadInit();
3751 
3752  if (gh != NULL) {
3753  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3754  if (r == 0) {
3755  r = DetectAddressParse(NULL, gh, "2001::/3");
3756  if (r == 0) {
3757  r = DetectAddressParse(NULL, gh, "::/0");
3758  if (r == 0) {
3759  DetectAddress *one = gh->ipv6_head, *two = one->next,
3760  *three = two->next, *four = three->next,
3761  *five = four->next;
3762  if (one->ip.addr_data32[0] == 0x00000000 &&
3763  one->ip.addr_data32[1] == 0x00000000 &&
3764  one->ip.addr_data32[2] == 0x00000000 &&
3765  one->ip.addr_data32[3] == 0x00000000 &&
3766  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3767  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3768  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3769  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3770 
3771  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3772  two->ip.addr_data32[1] == 0x00000000 &&
3773  two->ip.addr_data32[2] == 0x00000000 &&
3774  two->ip.addr_data32[3] == 0x00000000 &&
3775  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3776  two->ip2.addr_data32[1] == 0x00000000 &&
3777  two->ip2.addr_data32[2] == 0x00000000 &&
3778  two->ip2.addr_data32[3] == SCNtohl(3) &&
3779 
3780  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3781  three->ip.addr_data32[1] == 0x00000000 &&
3782  three->ip.addr_data32[2] == 0x00000000 &&
3783  three->ip.addr_data32[3] == SCNtohl(4) &&
3784  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3785  three->ip2.addr_data32[1] == 0x00000000 &&
3786  three->ip2.addr_data32[2] == 0x00000000 &&
3787  three->ip2.addr_data32[3] == SCNtohl(6) &&
3788 
3789  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3790  four->ip.addr_data32[1] == 0x00000000 &&
3791  four->ip.addr_data32[2] == 0x00000000 &&
3792  four->ip.addr_data32[3] == SCNtohl(7) &&
3793  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3794  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3795  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3796  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3797 
3798  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3799  five->ip.addr_data32[1] == 0x00000000 &&
3800  five->ip.addr_data32[2] == 0x00000000 &&
3801  five->ip.addr_data32[3] == 0x00000000 &&
3802  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3803  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3804  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3805  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3806  result = 1;
3807  }
3808  }
3809  }
3810  }
3811 
3812  DetectAddressHeadFree(gh);
3813  }
3814  return result;
3815 }
3816 
3817 static int AddressTestAddressGroupSetup25(void)
3818 {
3819  int result = 0;
3820  DetectAddressHead *gh = DetectAddressHeadInit();
3821 
3822  if (gh != NULL) {
3823  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3824  if (r == 0) {
3825  r = DetectAddressParse(NULL, gh, "::/0");
3826  if (r == 0) {
3827  r = DetectAddressParse(NULL, gh, "2001::/3");
3828  if (r == 0) {
3829  DetectAddress *one = gh->ipv6_head, *two = one->next,
3830  *three = two->next, *four = three->next,
3831  *five = four->next;
3832  if (one->ip.addr_data32[0] == 0x00000000 &&
3833  one->ip.addr_data32[1] == 0x00000000 &&
3834  one->ip.addr_data32[2] == 0x00000000 &&
3835  one->ip.addr_data32[3] == 0x00000000 &&
3836  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3837  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3838  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3839  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3840 
3841  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3842  two->ip.addr_data32[1] == 0x00000000 &&
3843  two->ip.addr_data32[2] == 0x00000000 &&
3844  two->ip.addr_data32[3] == 0x00000000 &&
3845  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3846  two->ip2.addr_data32[1] == 0x00000000 &&
3847  two->ip2.addr_data32[2] == 0x00000000 &&
3848  two->ip2.addr_data32[3] == SCNtohl(3) &&
3849 
3850  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3851  three->ip.addr_data32[1] == 0x00000000 &&
3852  three->ip.addr_data32[2] == 0x00000000 &&
3853  three->ip.addr_data32[3] == SCNtohl(4) &&
3854  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3855  three->ip2.addr_data32[1] == 0x00000000 &&
3856  three->ip2.addr_data32[2] == 0x00000000 &&
3857  three->ip2.addr_data32[3] == SCNtohl(6) &&
3858 
3859  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3860  four->ip.addr_data32[1] == 0x00000000 &&
3861  four->ip.addr_data32[2] == 0x00000000 &&
3862  four->ip.addr_data32[3] == SCNtohl(7) &&
3863  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3864  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3865  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3866  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3867 
3868  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3869  five->ip.addr_data32[1] == 0x00000000 &&
3870  five->ip.addr_data32[2] == 0x00000000 &&
3871  five->ip.addr_data32[3] == 0x00000000 &&
3872  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3873  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3874  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3875  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3876  result = 1;
3877  }
3878  }
3879  }
3880  }
3881 
3882  DetectAddressHeadFree(gh);
3883  }
3884  return result;
3885 }
3886 
3887 static int AddressTestAddressGroupSetup26(void)
3888 {
3889  int result = 0;
3890  DetectAddressHead *gh = DetectAddressHeadInit();
3891 
3892  if (gh != NULL) {
3893  int r = DetectAddressParse(NULL, gh, "::/0");
3894  if (r == 0) {
3895  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3896  if (r == 0) {
3897  r = DetectAddressParse(NULL, gh, "2001::/3");
3898  if (r == 0) {
3899  DetectAddress *one = gh->ipv6_head, *two = one->next,
3900  *three = two->next, *four = three->next,
3901  *five = four->next;
3902  if (one->ip.addr_data32[0] == 0x00000000 &&
3903  one->ip.addr_data32[1] == 0x00000000 &&
3904  one->ip.addr_data32[2] == 0x00000000 &&
3905  one->ip.addr_data32[3] == 0x00000000 &&
3906  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3907  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3908  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3909  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3910 
3911  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3912  two->ip.addr_data32[1] == 0x00000000 &&
3913  two->ip.addr_data32[2] == 0x00000000 &&
3914  two->ip.addr_data32[3] == 0x00000000 &&
3915  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3916  two->ip2.addr_data32[1] == 0x00000000 &&
3917  two->ip2.addr_data32[2] == 0x00000000 &&
3918  two->ip2.addr_data32[3] == SCNtohl(3) &&
3919 
3920  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3921  three->ip.addr_data32[1] == 0x00000000 &&
3922  three->ip.addr_data32[2] == 0x00000000 &&
3923  three->ip.addr_data32[3] == SCNtohl(4) &&
3924  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3925  three->ip2.addr_data32[1] == 0x00000000 &&
3926  three->ip2.addr_data32[2] == 0x00000000 &&
3927  three->ip2.addr_data32[3] == SCNtohl(6) &&
3928 
3929  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3930  four->ip.addr_data32[1] == 0x00000000 &&
3931  four->ip.addr_data32[2] == 0x00000000 &&
3932  four->ip.addr_data32[3] == SCNtohl(7) &&
3933  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3934  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3935  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3936  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3937 
3938  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3939  five->ip.addr_data32[1] == 0x00000000 &&
3940  five->ip.addr_data32[2] == 0x00000000 &&
3941  five->ip.addr_data32[3] == 0x00000000 &&
3942  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3943  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3944  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3945  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3946  result = 1;
3947  }
3948  }
3949  }
3950  }
3951 
3952  DetectAddressHeadFree(gh);
3953  }
3954  return result;
3955 }
3956 
3957 static int AddressTestAddressGroupSetup27(void)
3958 {
3959  int result = 0;
3960  DetectAddressHead *gh = DetectAddressHeadInit();
3961 
3962  if (gh != NULL) {
3963  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3964  if (r == 0)
3965  result = 1;
3966 
3967  DetectAddressHeadFree(gh);
3968  }
3969  return result;
3970 }
3971 
3972 static int AddressTestAddressGroupSetup28(void)
3973 {
3974  int result = 0;
3975  DetectAddressHead *gh = DetectAddressHeadInit();
3976 
3977  if (gh != NULL) {
3978  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3979  if (r == 0)
3980  result = 1;
3981 
3982  DetectAddressHeadFree(gh);
3983  }
3984  return result;
3985 }
3986 
3987 static int AddressTestAddressGroupSetup29(void)
3988 {
3989  int result = 0;
3990  DetectAddressHead *gh = DetectAddressHeadInit();
3991 
3992  if (gh != NULL) {
3993  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3994  if (r == 0)
3995  result = 1;
3996 
3997  DetectAddressHeadFree(gh);
3998  }
3999  return result;
4000 }
4001 
4002 static int AddressTestAddressGroupSetup30(void)
4003 {
4004  int result = 0;
4005  DetectAddressHead *gh = DetectAddressHeadInit();
4006 
4007  if (gh != NULL) {
4008  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4009  if (r == 0)
4010  result = 1;
4011 
4012  DetectAddressHeadFree(gh);
4013  }
4014  return result;
4015 }
4016 
4017 static int AddressTestAddressGroupSetup31(void)
4018 {
4019  int result = 0;
4020  DetectAddressHead *gh = DetectAddressHeadInit();
4021 
4022  if (gh != NULL) {
4023  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4024  if (r == 0)
4025  result = 1;
4026 
4027  DetectAddressHeadFree(gh);
4028  }
4029  return result;
4030 }
4031 
4032 static int AddressTestAddressGroupSetup32(void)
4033 {
4034  int result = 0;
4035  DetectAddressHead *gh = DetectAddressHeadInit();
4036 
4037  if (gh != NULL) {
4038  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4039  if (r == 0)
4040  result = 1;
4041 
4042  DetectAddressHeadFree(gh);
4043  }
4044  return result;
4045 }
4046 
4047 static int AddressTestAddressGroupSetup33(void)
4048 {
4049  int result = 0;
4050  DetectAddressHead *gh = DetectAddressHeadInit();
4051 
4052  if (gh != NULL) {
4053  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4054  if (r == 1)
4055  result = 1;
4056 
4057  DetectAddressHeadFree(gh);
4058  }
4059  return result;
4060 }
4061 
4062 static int AddressTestAddressGroupSetup34(void)
4063 {
4064  int result = 0;
4065  DetectAddressHead *gh = DetectAddressHeadInit();
4066 
4067  if (gh != NULL) {
4068  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4069  if (r == 1)
4070  result = 1;
4071 
4072  DetectAddressHeadFree(gh);
4073  }
4074  return result;
4075 }
4076 
4077 static int AddressTestAddressGroupSetup35(void)
4078 {
4079  int result = 0;
4080  DetectAddressHead *gh = DetectAddressHeadInit();
4081 
4082  if (gh != NULL) {
4083  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4084  if (r == 1)
4085  result = 1;
4086 
4087  DetectAddressHeadFree(gh);
4088  }
4089  return result;
4090 }
4091 
4092 static int AddressTestAddressGroupSetup36 (void)
4093 {
4094  int result = 0;
4095 
4096  DetectAddressHead *gh = DetectAddressHeadInit();
4097  if (gh != NULL) {
4098  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4099  if (r == 1)
4100  result = 1;
4101 
4102  DetectAddressHeadFree(gh);
4103  }
4104  return result;
4105 }
4106 
4107 static int AddressTestAddressGroupSetup37(void)
4108 {
4109  int result = 0;
4110  DetectAddressHead *gh = DetectAddressHeadInit();
4111 
4112  if (gh != NULL) {
4113  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4114  if (r == 0)
4115  result = 1;
4116 
4117  DetectAddressHeadFree(gh);
4118  }
4119  return result;
4120 }
4121 
4122 static int AddressTestAddressGroupSetup38(void)
4123 {
4124  UTHValidateDetectAddressHeadRange expectations[3] = {
4125  { "0.0.0.0", "192.167.255.255" },
4126  { "192.168.14.0", "192.168.14.255" },
4127  { "192.169.0.0", "255.255.255.255" } };
4128  int result = 0;
4129  DetectAddressHead *gh = DetectAddressHeadInit();
4130 
4131  if (gh != NULL) {
4132  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4133  if (r == 1) {
4134  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4135  result = 1;
4136  }
4137 
4138  DetectAddressHeadFree(gh);
4139  }
4140  return result;
4141 }
4142 
4143 static int AddressTestAddressGroupSetup39(void)
4144 {
4145  UTHValidateDetectAddressHeadRange expectations[3] = {
4146  { "0.0.0.0", "192.167.255.255" },
4147  { "192.168.14.0", "192.168.14.255" },
4148  { "192.169.0.0", "255.255.255.255" } };
4149  int result = 0;
4150  DetectAddressHead *gh = DetectAddressHeadInit();
4151 
4152  if (gh != NULL) {
4153  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4154  if (r == 1) {
4155  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4156  result = 1;
4157  }
4158 
4159  DetectAddressHeadFree(gh);
4160  }
4161  return result;
4162 }
4163 
4164 static int AddressTestAddressGroupSetup40(void)
4165 {
4166  UTHValidateDetectAddressHeadRange expectations[3] = {
4167  { "0.0.0.0", "192.167.255.255" },
4168  { "192.168.14.0", "192.168.14.255" },
4169  { "192.169.0.0", "255.255.255.255" } };
4170  int result = 0;
4171  DetectAddressHead *gh = DetectAddressHeadInit();
4172  if (gh != NULL) {
4173  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4174  if (r == 1) {
4175  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4176  result = 1;
4177  }
4178 
4179  DetectAddressHeadFree(gh);
4180  }
4181  return result;
4182 }
4183 
4184 static int AddressTestAddressGroupSetup41(void)
4185 {
4186  UTHValidateDetectAddressHeadRange expectations[3] = {
4187  { "0.0.0.0", "192.167.255.255" },
4188  { "192.168.14.0", "192.168.14.255" },
4189  { "192.169.0.0", "255.255.255.255" } };
4190  int result = 0;
4191  DetectAddressHead *gh = DetectAddressHeadInit();
4192  if (gh != NULL) {
4193  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4194  if (r == 1) {
4195  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4196  result = 1;
4197  }
4198 
4199  DetectAddressHeadFree(gh);
4200  }
4201  return result;
4202 }
4203 
4204 static int AddressTestAddressGroupSetup42(void)
4205 {
4206  UTHValidateDetectAddressHeadRange expectations[1] = {
4207  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4208  int result = 0;
4209  DetectAddressHead *gh = DetectAddressHeadInit();
4210  if (gh != NULL) {
4211  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4212  if (r == 0) {
4213  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4214  result = 1;
4215  }
4216 
4217  DetectAddressHeadFree(gh);
4218  }
4219  return result;
4220 }
4221 
4222 static int AddressTestAddressGroupSetup43(void)
4223 {
4224  UTHValidateDetectAddressHeadRange expectations[2] = {
4225  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4226  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4227  int result = 0;
4228  DetectAddressHead *gh = DetectAddressHeadInit();
4229  if (gh != NULL) {
4230  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4231  if (r == 1) {
4232  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4233  result = 1;
4234  }
4235 
4236  DetectAddressHeadFree(gh);
4237  }
4238  return result;
4239 }
4240 
4241 static int AddressTestAddressGroupSetup44(void)
4242 {
4243  UTHValidateDetectAddressHeadRange expectations[2] = {
4244  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4245  int result = 0;
4246  DetectAddressHead *gh = DetectAddressHeadInit();
4247  if (gh != NULL) {
4248  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4249  if (r == 0) {
4250  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4251  result = 1;
4252  }
4253 
4254  DetectAddressHeadFree(gh);
4255  }
4256  return result;
4257 }
4258 
4259 static int AddressTestAddressGroupSetup45(void)
4260 {
4261  int result = 0;
4262  DetectAddressHead *gh = DetectAddressHeadInit();
4263  if (gh != NULL) {
4264  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4265  if (r != 0) {
4266  result = 1;
4267  }
4268 
4269  DetectAddressHeadFree(gh);
4270  }
4271  return result;
4272 }
4273 
4274 static int AddressTestAddressGroupSetup46(void)
4275 {
4276  UTHValidateDetectAddressHeadRange expectations[4] = {
4277  { "0.0.0.0", "192.167.255.255" },
4278  { "192.168.1.0", "192.168.1.255" },
4279  { "192.168.3.0", "192.168.3.255" },
4280  { "192.169.0.0", "255.255.255.255" } };
4281  int result = 0;
4282  DetectAddressHead *gh = DetectAddressHeadInit();
4283  if (gh != NULL) {
4284  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4285  if (r == 1) {
4286  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4287  result = 1;
4288  }
4289 
4290  DetectAddressHeadFree(gh);
4291  }
4292  return result;
4293 }
4294 
4295 /** \test net with some negations, then all negated */
4296 static int AddressTestAddressGroupSetup47(void)
4297 {
4298  UTHValidateDetectAddressHeadRange expectations[5] = {
4299  { "0.0.0.0", "192.167.255.255" },
4300  { "192.168.1.0", "192.168.1.255" },
4301  { "192.168.3.0", "192.168.3.255" },
4302  { "192.168.5.0", "192.168.5.255" },
4303  { "192.169.0.0", "255.255.255.255" } };
4304  int result = 0;
4305  DetectAddressHead *gh = DetectAddressHeadInit();
4306  if (gh != NULL) {
4307  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4308  if (r == 1) {
4309  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4310  result = 1;
4311  }
4312 
4313  DetectAddressHeadFree(gh);
4314  }
4315  return result;
4316 }
4317 
4318 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4319 static int AddressTestAddressGroupSetup48(void)
4320 {
4321  UTHValidateDetectAddressHeadRange expectations[4] = {
4322  { "192.168.0.0", "192.168.0.255" },
4323  { "192.168.2.0", "192.168.2.255" },
4324  { "192.168.4.0", "192.168.4.255" },
4325  { "192.168.6.0", "192.168.255.255" } };
4326  int result = 0;
4327  DetectAddressHead *gh = DetectAddressHeadInit();
4328  if (gh != NULL) {
4329  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4330  if (r == 1) {
4331  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4332  result = 1;
4333  }
4334 
4335  DetectAddressHeadFree(gh);
4336  }
4337  return result;
4338 }
4339 
4340 static int AddressTestCutIPv401(void)
4341 {
4342  DetectAddress *c;
4343  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4344  FAIL_IF_NULL(a);
4345  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4346  FAIL_IF_NULL(b);
4347 
4348  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4349 
4350  DetectAddressFree(a);
4351  DetectAddressFree(b);
4352  DetectAddressFree(c);
4353  PASS;
4354 }
4355 
4356 static int AddressTestCutIPv402(void)
4357 {
4358  DetectAddress *a, *b, *c;
4359  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4360  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4361 
4362  if (DetectAddressCut(NULL, a, b, &c) == -1)
4363  goto error;
4364 
4365  if (c == NULL)
4366  goto error;
4367 
4368  DetectAddressFree(a);
4369  DetectAddressFree(b);
4370  DetectAddressFree(c);
4371  return 1;
4372 
4373 error:
4374  DetectAddressFree(a);
4375  DetectAddressFree(b);
4376  DetectAddressFree(c);
4377  return 0;
4378 }
4379 
4380 static int AddressTestCutIPv403(void)
4381 {
4382  DetectAddress *a, *b, *c;
4383  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4384  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4385 
4386  if (DetectAddressCut(NULL, a, b, &c) == -1)
4387  goto error;
4388 
4389  if (c == NULL)
4390  goto error;
4391 
4392  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4393  goto error;
4394  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4395  goto error;
4396  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4397  goto error;
4398 
4399  DetectAddressFree(a);
4400  DetectAddressFree(b);
4401  DetectAddressFree(c);
4402  return 1;
4403 
4404 error:
4405  DetectAddressFree(a);
4406  DetectAddressFree(b);
4407  DetectAddressFree(c);
4408  return 0;
4409 }
4410 
4411 static int AddressTestCutIPv404(void)
4412 {
4413  DetectAddress *a, *b, *c;
4414  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4415  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4416 
4417  if (DetectAddressCut(NULL, a, b, &c) == -1)
4418  goto error;
4419 
4420  if (c == NULL)
4421  goto error;
4422 
4423  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4424  goto error;
4425  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4426  goto error;
4427  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4428  goto error;
4429 
4430 
4431  DetectAddressFree(a);
4432  DetectAddressFree(b);
4433  DetectAddressFree(c);
4434  return 1;
4435 
4436 error:
4437  DetectAddressFree(a);
4438  DetectAddressFree(b);
4439  DetectAddressFree(c);
4440  return 0;
4441 }
4442 
4443 static int AddressTestCutIPv405(void)
4444 {
4445  DetectAddress *a, *b, *c;
4446  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4447  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4448 
4449  if (DetectAddressCut(NULL, a, b, &c) == -1)
4450  goto error;
4451 
4452  if (c == NULL)
4453  goto error;
4454 
4455  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4456  goto error;
4457  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4458  goto error;
4459  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4460  goto error;
4461 
4462  DetectAddressFree(a);
4463  DetectAddressFree(b);
4464  DetectAddressFree(c);
4465  return 1;
4466 
4467 error:
4468  DetectAddressFree(a);
4469  DetectAddressFree(b);
4470  DetectAddressFree(c);
4471  return 0;
4472 }
4473 
4474 static int AddressTestCutIPv406(void)
4475 {
4476  DetectAddress *a, *b, *c;
4477  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4478  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4479 
4480  if (DetectAddressCut(NULL, a, b, &c) == -1)
4481  goto error;
4482 
4483  if (c == NULL)
4484  goto error;
4485 
4486  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4487  goto error;
4488  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4489  goto error;
4490  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4491  goto error;
4492 
4493  DetectAddressFree(a);
4494  DetectAddressFree(b);
4495  DetectAddressFree(c);
4496  return 1;
4497 
4498 error:
4499  DetectAddressFree(a);
4500  DetectAddressFree(b);
4501  DetectAddressFree(c);
4502  return 0;
4503 }
4504 
4505 static int AddressTestCutIPv407(void)
4506 {
4507  DetectAddress *a, *b, *c;
4508  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4509  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4510 
4511  if (DetectAddressCut(NULL, a, b, &c) == -1)
4512  goto error;
4513 
4514  if (c != NULL)
4515  goto error;
4516 
4517  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4518  goto error;
4519  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4520  goto error;
4521 
4522  DetectAddressFree(a);
4523  DetectAddressFree(b);
4524  DetectAddressFree(c);
4525  return 1;
4526 
4527 error:
4528  DetectAddressFree(a);
4529  DetectAddressFree(b);
4530  DetectAddressFree(c);
4531  return 0;
4532 }
4533 
4534 static int AddressTestCutIPv408(void)
4535 {
4536  DetectAddress *a, *b, *c;
4537  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4538  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4539 
4540  if (DetectAddressCut(NULL, a, b, &c) == -1)
4541  goto error;
4542 
4543  if (c != NULL)
4544  goto error;
4545 
4546  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4547  goto error;
4548  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4549  goto error;
4550 
4551  DetectAddressFree(a);
4552  DetectAddressFree(b);
4553  DetectAddressFree(c);
4554  return 1;
4555 
4556 error:
4557  DetectAddressFree(a);
4558  DetectAddressFree(b);
4559  DetectAddressFree(c);
4560  return 0;
4561 }
4562 
4563 static int AddressTestCutIPv409(void)
4564 {
4565  DetectAddress *a, *b, *c;
4566  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4567  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4568 
4569  if (DetectAddressCut(NULL, a, b, &c) == -1)
4570  goto error;
4571 
4572  if (c != NULL)
4573  goto error;
4574 
4575  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4576  goto error;
4577  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4578  goto error;
4579 
4580  DetectAddressFree(a);
4581  DetectAddressFree(b);
4582  DetectAddressFree(c);
4583  return 1;
4584 
4585 error:
4586  DetectAddressFree(a);
4587  DetectAddressFree(b);
4588  DetectAddressFree(c);
4589  return 0;
4590 }
4591 
4592 static int AddressTestCutIPv410(void)
4593 {
4594  DetectAddress *a, *b, *c;
4595  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4596  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4597 
4598  if (DetectAddressCut(NULL, a, b, &c) == -1)
4599  goto error;
4600 
4601  if (c != NULL)
4602  goto error;
4603 
4604  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4605  goto error;
4606  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4607  goto error;
4608 
4609  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4610 
4611  DetectAddressFree(a);
4612  DetectAddressFree(b);
4613  DetectAddressFree(c);
4614  return 1;
4615 
4616 error:
4617  DetectAddressFree(a);
4618  DetectAddressFree(b);
4619  DetectAddressFree(c);
4620  return 0;
4621 }
4622 
4623 static int AddressTestParseInvalidMask01(void)
4624 {
4625  int result = 1;
4626  DetectAddress *dd = NULL;
4627 
4628  dd = DetectAddressParseSingle("192.168.2.0/33");
4629  if (dd != NULL) {
4630  DetectAddressFree(dd);
4631  result = 0;
4632  }
4633  return result;
4634 }
4635 
4636 static int AddressTestParseInvalidMask02(void)
4637 {
4638  int result = 1;
4639  DetectAddress *dd = NULL;
4640 
4641  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4642  if (dd != NULL) {
4643  DetectAddressFree(dd);
4644  result = 0;
4645  }
4646  return result;
4647 }
4648 
4649 static int AddressTestParseInvalidMask03(void)
4650 {
4651  int result = 1;
4652  DetectAddress *dd = NULL;
4653 
4654  dd = DetectAddressParseSingle("192.168.2.0/blue");
4655  if (dd != NULL) {
4656  DetectAddressFree(dd);
4657  result = 0;
4658  }
4659  return result;
4660 }
4661 
4662 static int AddressConfVarsTest01(void)
4663 {
4664  static const char *dummy_conf_string =
4665  "%YAML 1.1\n"
4666  "---\n"
4667  "\n"
4668  "vars:\n"
4669  "\n"
4670  " address-groups:\n"
4671  "\n"
4672  " HOME_NET: \"any\"\n"
4673  "\n"
4674  " EXTERNAL_NET: \"!any\"\n"
4675  "\n"
4676  " port-groups:\n"
4677  "\n"
4678  " HTTP_PORTS: \"any\"\n"
4679  "\n"
4680  " SHELLCODE_PORTS: \"!any\"\n"
4681  "\n";
4682 
4683  int result = 0;
4684 
4685  ConfCreateContextBackup();
4686  ConfInit();
4687  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4688 
4689  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4690  result = 1;
4691 
4692  ConfDeInit();
4693  ConfRestoreContextBackup();
4694 
4695  return result;
4696 }
4697 
4698 static int AddressConfVarsTest02(void)
4699 {
4700  static const char *dummy_conf_string =
4701  "%YAML 1.1\n"
4702  "---\n"
4703  "\n"
4704  "vars:\n"
4705  "\n"
4706  " address-groups:\n"
4707  "\n"
4708  " HOME_NET: \"any\"\n"
4709  "\n"
4710  " EXTERNAL_NET: \"any\"\n"
4711  "\n"
4712  " port-groups:\n"
4713  "\n"
4714  " HTTP_PORTS: \"any\"\n"
4715  "\n"
4716  " SHELLCODE_PORTS: \"!any\"\n"
4717  "\n";
4718 
4719  int result = 0;
4720 
4721  ConfCreateContextBackup();
4722  ConfInit();
4723  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4724 
4725  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4726  result = 1;
4727 
4728  ConfDeInit();
4729  ConfRestoreContextBackup();
4730 
4731  return result;
4732 }
4733 
4734 static int AddressConfVarsTest03(void)
4735 {
4736  static const char *dummy_conf_string =
4737  "%YAML 1.1\n"
4738  "---\n"
4739  "\n"
4740  "vars:\n"
4741  "\n"
4742  " address-groups:\n"
4743  "\n"
4744  " HOME_NET: \"any\"\n"
4745  "\n"
4746  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4747  "\n"
4748  " port-groups:\n"
4749  "\n"
4750  " HTTP_PORTS: \"any\"\n"
4751  "\n"
4752  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4753  "\n";
4754 
4755  int result = 0;
4756 
4757  ConfCreateContextBackup();
4758  ConfInit();
4759  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4760 
4761  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4762  result = 1;
4763 
4764  ConfDeInit();
4765  ConfRestoreContextBackup();
4766 
4767  return result;
4768 }
4769 
4770 static int AddressConfVarsTest04(void)
4771 {
4772  static const char *dummy_conf_string =
4773  "%YAML 1.1\n"
4774  "---\n"
4775  "\n"
4776  "vars:\n"
4777  "\n"
4778  " address-groups:\n"
4779  "\n"
4780  " HOME_NET: \"any\"\n"
4781  "\n"
4782  " EXTERNAL_NET: \"$HOME_NET\"\n"
4783  "\n"
4784  " port-groups:\n"
4785  "\n"
4786  " HTTP_PORTS: \"any\"\n"
4787  "\n"
4788  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4789  "\n";
4790 
4791  int result = 0;
4792 
4793  ConfCreateContextBackup();
4794  ConfInit();
4795  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4796 
4797  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4798  result = 1;
4799 
4800  ConfDeInit();
4801  ConfRestoreContextBackup();
4802 
4803  return result;
4804 }
4805 
4806 static int AddressConfVarsTest05(void)
4807 {
4808  static const char *dummy_conf_string =
4809  "%YAML 1.1\n"
4810  "---\n"
4811  "\n"
4812  "vars:\n"
4813  "\n"
4814  " address-groups:\n"
4815  "\n"
4816  " HOME_NET: \"any\"\n"
4817  "\n"
4818  " EXTERNAL_NET: [192.168.0.1]\n"
4819  "\n"
4820  " port-groups:\n"
4821  "\n"
4822  " HTTP_PORTS: \"any\"\n"
4823  "\n"
4824  " SHELLCODE_PORTS: [80]\n"
4825  "\n";
4826 
4827  int result = 0;
4828 
4829  ConfCreateContextBackup();
4830  ConfInit();
4831  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4832 
4833  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4834  goto end;
4835 
4836  result = 1;
4837 
4838  end:
4839  ConfDeInit();
4840  ConfRestoreContextBackup();
4841 
4842  return result;
4843 }
4844 
4845 static int AddressConfVarsTest06(void)
4846 {
4847  // HOME_NET value size = 10261 bytes
4848  static const char *dummy_conf_string =
4849  "%YAML 1.1\n"
4850  "---\n"
4851  "\n"
4852  "vars:\n"
4853  "\n"
4854  " address-groups:\n"
4855  "\n"
4856  " HOME_NET: "
4857  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4992  "\n"
4993  " EXTERNAL_NET: \"any\"\n"
4994  "\n";
4995 
4996  ConfCreateContextBackup();
4997  ConfInit();
4998  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4999 
5000  FAIL_IF(0 != DetectAddressTestConfVars());
5001 
5002  ConfDeInit();
5003  ConfRestoreContextBackup();
5004 
5005  PASS;
5006 }
5007 
5008 #endif /* UNITTESTS */
5009 
5010 void DetectAddressTests(void)
5011 {
5012 #ifdef UNITTESTS
5013  DetectAddressIPv4Tests();
5014  DetectAddressIPv6Tests();
5015 
5016  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5017  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5018  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5019  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5020  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5021  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5022  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5023  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5024  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5025  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5026  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5027  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5028  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5029  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5030  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5031  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5032  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5033  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5034  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5035  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5036  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5037  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5038  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5039  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5040  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5041  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5042  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5043  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5044  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5045  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5046  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5047  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5048  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5049  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5050  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5051  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5052  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5053  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5054 
5055  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5056  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5057  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5058  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5059  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5060  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5061  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5062  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5063  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5064  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5065  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5066 
5067  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5068  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5069  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5070  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5071  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5072  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5073  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5074  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5075 
5076  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5077  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5078  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5079  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5080  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5081  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5082 
5083  UtRegisterTest("AddressTestAddressGroupSetup01",
5084  AddressTestAddressGroupSetup01);
5085  UtRegisterTest("AddressTestAddressGroupSetup02",
5086  AddressTestAddressGroupSetup02);
5087  UtRegisterTest("AddressTestAddressGroupSetup03",
5088  AddressTestAddressGroupSetup03);
5089  UtRegisterTest("AddressTestAddressGroupSetup04",
5090  AddressTestAddressGroupSetup04);
5091  UtRegisterTest("AddressTestAddressGroupSetup05",
5092  AddressTestAddressGroupSetup05);
5093  UtRegisterTest("AddressTestAddressGroupSetup06",
5094  AddressTestAddressGroupSetup06);
5095  UtRegisterTest("AddressTestAddressGroupSetup07",
5096  AddressTestAddressGroupSetup07);
5097  UtRegisterTest("AddressTestAddressGroupSetup08",
5098  AddressTestAddressGroupSetup08);
5099  UtRegisterTest("AddressTestAddressGroupSetup09",
5100  AddressTestAddressGroupSetup09);
5101  UtRegisterTest("AddressTestAddressGroupSetup10",
5102  AddressTestAddressGroupSetup10);
5103  UtRegisterTest("AddressTestAddressGroupSetup11",
5104  AddressTestAddressGroupSetup11);
5105  UtRegisterTest("AddressTestAddressGroupSetup12",
5106  AddressTestAddressGroupSetup12);
5107  UtRegisterTest("AddressTestAddressGroupSetup13",
5108  AddressTestAddressGroupSetup13);
5109  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5110  AddressTestAddressGroupSetupIPv414);
5111  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5112  AddressTestAddressGroupSetupIPv415);
5113  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5114  AddressTestAddressGroupSetupIPv416);
5115 
5116  UtRegisterTest("AddressTestAddressGroupSetup14",
5117  AddressTestAddressGroupSetup14);
5118  UtRegisterTest("AddressTestAddressGroupSetup15",
5119  AddressTestAddressGroupSetup15);
5120  UtRegisterTest("AddressTestAddressGroupSetup16",
5121  AddressTestAddressGroupSetup16);
5122  UtRegisterTest("AddressTestAddressGroupSetup17",
5123  AddressTestAddressGroupSetup17);
5124  UtRegisterTest("AddressTestAddressGroupSetup18",
5125  AddressTestAddressGroupSetup18);
5126  UtRegisterTest("AddressTestAddressGroupSetup19",
5127  AddressTestAddressGroupSetup19);
5128  UtRegisterTest("AddressTestAddressGroupSetup20",
5129  AddressTestAddressGroupSetup20);
5130  UtRegisterTest("AddressTestAddressGroupSetup21",
5131  AddressTestAddressGroupSetup21);
5132  UtRegisterTest("AddressTestAddressGroupSetup22",
5133  AddressTestAddressGroupSetup22);
5134  UtRegisterTest("AddressTestAddressGroupSetup23",
5135  AddressTestAddressGroupSetup23);
5136  UtRegisterTest("AddressTestAddressGroupSetup24",
5137  AddressTestAddressGroupSetup24);
5138  UtRegisterTest("AddressTestAddressGroupSetup25",
5139  AddressTestAddressGroupSetup25);
5140  UtRegisterTest("AddressTestAddressGroupSetup26",
5141  AddressTestAddressGroupSetup26);
5142 
5143  UtRegisterTest("AddressTestAddressGroupSetup27",
5144  AddressTestAddressGroupSetup27);
5145  UtRegisterTest("AddressTestAddressGroupSetup28",
5146  AddressTestAddressGroupSetup28);
5147  UtRegisterTest("AddressTestAddressGroupSetup29",
5148  AddressTestAddressGroupSetup29);
5149  UtRegisterTest("AddressTestAddressGroupSetup30",
5150  AddressTestAddressGroupSetup30);
5151  UtRegisterTest("AddressTestAddressGroupSetup31",
5152  AddressTestAddressGroupSetup31);
5153  UtRegisterTest("AddressTestAddressGroupSetup32",
5154  AddressTestAddressGroupSetup32);
5155  UtRegisterTest("AddressTestAddressGroupSetup33",
5156  AddressTestAddressGroupSetup33);
5157  UtRegisterTest("AddressTestAddressGroupSetup34",
5158  AddressTestAddressGroupSetup34);
5159  UtRegisterTest("AddressTestAddressGroupSetup35",
5160  AddressTestAddressGroupSetup35);
5161  UtRegisterTest("AddressTestAddressGroupSetup36",
5162  AddressTestAddressGroupSetup36);
5163  UtRegisterTest("AddressTestAddressGroupSetup37",
5164  AddressTestAddressGroupSetup37);
5165  UtRegisterTest("AddressTestAddressGroupSetup38",
5166  AddressTestAddressGroupSetup38);
5167  UtRegisterTest("AddressTestAddressGroupSetup39",
5168  AddressTestAddressGroupSetup39);
5169  UtRegisterTest("AddressTestAddressGroupSetup40",
5170  AddressTestAddressGroupSetup40);
5171  UtRegisterTest("AddressTestAddressGroupSetup41",
5172  AddressTestAddressGroupSetup41);
5173  UtRegisterTest("AddressTestAddressGroupSetup42",
5174  AddressTestAddressGroupSetup42);
5175  UtRegisterTest("AddressTestAddressGroupSetup43",
5176  AddressTestAddressGroupSetup43);
5177  UtRegisterTest("AddressTestAddressGroupSetup44",
5178  AddressTestAddressGroupSetup44);
5179  UtRegisterTest("AddressTestAddressGroupSetup45",
5180  AddressTestAddressGroupSetup45);
5181  UtRegisterTest("AddressTestAddressGroupSetup46",
5182  AddressTestAddressGroupSetup46);
5183  UtRegisterTest("AddressTestAddressGroupSetup47",
5184  AddressTestAddressGroupSetup47);
5185  UtRegisterTest("AddressTestAddressGroupSetup48",
5186  AddressTestAddressGroupSetup48);
5187 
5188  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5189  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5190  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5191  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5192  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5193  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5194  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5195  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5196  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5197  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5198 
5199  UtRegisterTest("AddressTestParseInvalidMask01",
5200  AddressTestParseInvalidMask01);
5201  UtRegisterTest("AddressTestParseInvalidMask02",
5202  AddressTestParseInvalidMask02);
5203  UtRegisterTest("AddressTestParseInvalidMask03",
5204  AddressTestParseInvalidMask03);
5205 
5206  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5207  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5208  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5209  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5210  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5211  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5212 #endif /* UNITTESTS */
5213 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:146
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:161
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1409
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1311
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:150
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1603
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:159
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectAddressHead_
Definition: detect.h:174
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1488
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1356
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:826
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:147
Address_
Definition: decode.h:115
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:256
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1173
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1814
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:124
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:168
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:148
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1897
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:274
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:145
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:511
DetectAddress_::ip2
Address ip2
Definition: detect.h:162
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1053
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:295
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
Address_::address
union Address_::@30 address
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:670
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
Flow_::next
struct Flow_ * next
Definition: flow.h:392
DetectAddressMap_
Definition: detect-engine-address.c:1308
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:176
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1636
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:968
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:90
ConfNode_::name
char * name
Definition: conf.h:33
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:149
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:682
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1345
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:178
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:144
str
#define str(s)
Definition: suricata-common.h:286
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1896
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1310
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:408
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:710
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:170
DetectMatchAddressIPv6_
Definition: detect.h:185
DetectMatchAddressIPv4_
Definition: detect.h:180
Address_::family
char family
Definition: decode.h:116
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1449
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:693
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1880
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:153
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1898
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:130
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:165
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:143
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1576
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:175
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1309
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162