suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88  return;
89 }
90 
91 /**
92  * \internal
93  * \brief Returns a new instance of DetectAddressHead.
94  *
95  * \retval gh Pointer to the new instance of DetectAddressHead.
96  */
97 static DetectAddressHead *DetectAddressHeadInit(void)
98 {
99  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
100  if (unlikely(gh == NULL))
101  return NULL;
102  return gh;
103 }
104 
105 /**
106  * \internal
107  * \brief Frees a DetectAddressHead instance.
108  *
109  * \param gh Pointer to the DetectAddressHead instance to be freed.
110  */
111 static void DetectAddressHeadFree(DetectAddressHead *gh)
112 {
113  if (gh != NULL) {
114  DetectAddressHeadCleanup(gh);
115  SCFree(gh);
116  }
117 }
118 
119 /**
120  * \brief copy a DetectAddress
121  *
122  * \param orig Pointer to the instance of DetectAddress that contains the
123  * address data to be copied to the new instance.
124  *
125  * \retval ag Pointer to the new instance of DetectAddress that contains the
126  * copied address.
127  */
128 DetectAddress *DetectAddressCopy(DetectAddress *orig)
129 {
130  DetectAddress *ag = DetectAddressInit();
131  if (ag == NULL)
132  return NULL;
133 
134  ag->flags = orig->flags;
135  COPY_ADDRESS(&orig->ip, &ag->ip);
136  COPY_ADDRESS(&orig->ip2, &ag->ip2);
137  return ag;
138 }
139 
140 #ifdef DEBUG
141 /**
142  * \brief Prints the address data information for all the DetectAddress
143  * instances in the DetectAddress list sent as the argument.
144  *
145  * \param head Pointer to a list of DetectAddress instances.
146  */
147 void DetectAddressPrintList(DetectAddress *head)
148 {
149  SCLogInfo("list:");
150  for (DetectAddress *cur = head; cur != NULL; cur = cur->next) {
151  DetectAddressPrint(cur);
152  }
153  SCLogInfo("endlist");
154 }
155 #endif
156 
157 /**
158  * \internal
159  * \brief Frees a list of DetectAddress instances.
160  *
161  * \param head Pointer to a list of DetectAddress instances to be freed.
162  */
163 static void DetectAddressCleanupList(DetectAddress *head)
164 {
165  for (DetectAddress *cur = head; cur != NULL; ) {
166  DetectAddress *next = cur->next;
167  cur->next = NULL;
168  DetectAddressFree(cur);
169  cur = next;
170  }
171 }
172 
173 /**
174  * \internal
175  * \brief Helper function for DetectAddressInsert. Sets one of the
176  * DetectAddressHead head pointers, to the DetectAddress argument
177  * based on its address family.
178  *
179  * \param gh Pointer to the DetectAddressHead.
180  * \param newhead Pointer to the DetectAddress.
181  *
182  * \retval 0 On success.
183  * \retval -1 On failure.
184  */
185 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
186 {
187  if (newhead->ip.family == AF_INET) {
188  gh->ipv4_head = newhead;
189  } else if (newhead->ip.family == AF_INET6) {
190  gh->ipv6_head = newhead;
191  } else {
192  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
193  return -1;
194  }
195 
196  return 0;
197 }
198 
199 /**
200  * \internal
201  * \brief Returns the DetectAddress head from the DetectAddressHeads,
202  * based on the address family of the incoming DetectAddress arg.
203  *
204  * \param gh Pointer to the DetectAddressHead.
205  * \param new Pointer to the DetectAddress.
206  *
207  * \retval head Pointer to the DetectAddress(the head from
208  * DetectAddressHead).
209  */
210 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
211 {
212  DetectAddress *head = NULL;
213 
214  if (new->ip.family == AF_INET)
215  head = gh->ipv4_head;
216  else if (new->ip.family == AF_INET6)
217  head = gh->ipv6_head;
218 
219  return head;
220 }
221 
222 /**
223  * \internal
224  * \brief insert DetectAddress into a DetectAddressHead
225  *
226  * \param de_ctx Pointer to the detection engine context.
227  * \param gh Pointer to the DetectAddressHead list to which it has to
228  * be inserted.
229  * \param new Pointer to the DetectAddress, that has to be inserted.
230  *
231  * \retval 1 On successfully inserting it.
232  * \retval -1 On error.
233  * \retval 0 Not inserted, memory of new is freed.
234  */
235 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
236  DetectAddress *new)
237 {
238  DetectAddress *head = NULL;
239  DetectAddress *cur = NULL;
240  DetectAddress *c = NULL;
241  int r = 0;
242 
243  if (new == NULL)
244  return 0;
245 
246  /* get our head ptr based on the address we want to insert */
247  head = GetHeadPtr(gh, new);
248 
249  /* see if it already exists or overlaps with existing ag's */
250  if (head != NULL) {
251  cur = NULL;
252 
253  for (cur = head; cur != NULL; cur = cur->next) {
254  r = DetectAddressCmp(new, cur);
255  BUG_ON(r == ADDRESS_ER);
256 
257  /* if so, handle that */
258  if (r == ADDRESS_EQ) {
259  /* exact overlap/match */
260  if (cur != new) {
261  DetectAddressFree(new);
262  return 0;
263  }
264 
265  return 1;
266  } else if (r == ADDRESS_GT) {
267  /* only add it now if we are bigger than the last group.
268  * Otherwise we'll handle it later. */
269  if (cur->next == NULL) {
270  /* put in the list */
271  new->prev = cur;
272  cur->next = new;
273 
274  return 1;
275  }
276  } else if (r == ADDRESS_LT) {
277  /* see if we need to insert the ag anywhere put in the list */
278  if (cur->prev != NULL)
279  cur->prev->next = new;
280  new->prev = cur->prev;
281  new->next = cur;
282  cur->prev = new;
283 
284  /* update head if required */
285  if (head == cur) {
286  head = new;
287 
288  if (SetHeadPtr(gh, head) < 0)
289  goto error;
290  }
291 
292  return 1;
293  /* alright, those were the simple cases, lets handle the more
294  * complex ones now */
295  } else if (r == ADDRESS_ES) {
296  c = NULL;
297  r = DetectAddressCut(de_ctx, cur, new, &c);
298  if (r == -1)
299  goto error;
300 
301  DetectAddressInsert(de_ctx, gh, new);
302  if (c != NULL)
303  DetectAddressInsert(de_ctx, gh, c);
304 
305  return 1;
306  } else if (r == ADDRESS_EB) {
307  c = NULL;
308  r = DetectAddressCut(de_ctx, cur, new, &c);
309  if (r == -1)
310  goto error;
311 
312  DetectAddressInsert(de_ctx, gh, new);
313  if (c != NULL)
314  DetectAddressInsert(de_ctx, gh, c);
315 
316  return 1;
317  } else if (r == ADDRESS_LE) {
318  c = NULL;
319  r = DetectAddressCut(de_ctx, cur, new, &c);
320  if (r == -1)
321  goto error;
322 
323  DetectAddressInsert(de_ctx, gh, new);
324  if (c != NULL)
325  DetectAddressInsert(de_ctx, gh, c);
326 
327  return 1;
328  } else if (r == ADDRESS_GE) {
329  c = NULL;
330  r = DetectAddressCut(de_ctx, cur,new,&c);
331  if (r == -1)
332  goto error;
333 
334  DetectAddressInsert(de_ctx, gh, new);
335  if (c != NULL)
336  DetectAddressInsert(de_ctx, gh, c);
337 
338  return 1;
339  }
340  }
341 
342  /* head is NULL, so get a group and set head to it */
343  } else {
344  head = new;
345  if (SetHeadPtr(gh, head) < 0) {
346  SCLogDebug("SetHeadPtr failed");
347  goto error;
348  }
349  }
350 
351  return 1;
352 
353 error:
354  /* XXX */
355  return -1;
356 }
357 
358 /**
359  * \brief Checks if two address group lists are equal.
360  *
361  * \param list1 Pointer to the first address group list.
362  * \param list2 Pointer to the second address group list.
363  *
364  * \retval true On success.
365  * \retval false On failure.
366  */
367 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
368 {
369  DetectAddress *item = list1;
370  DetectAddress *it = list2;
371 
372  // First, compare items one by one.
373  while (item != NULL && it != NULL) {
374  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
375  return false;
376  }
377 
378  item = item->next;
379  it = it->next;
380  }
381 
382  // Are the lists of the same size?
383  if (!(item == NULL && it == NULL)) {
384  return false;
385  }
386 
387  return true;
388 }
389 
390 /**
391  * \internal
392  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
393  *
394  * For example if we send a cidr of 7 as argument, an ipv6 address
395  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
396  * in the argument struct in6_addr *in6.
397  *
398  * \todo I think for the final section: while (cidr > 0), we can simply
399  * replace it with a
400  * if (cidr > 0) {
401  * in6->s6_addr[i] = -1 << (8 - cidr);
402  *
403  * \param cidr The value of the cidr.
404  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
405  * hold the cidr netblock result.
406  */
407 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
408 {
409  int i = 0;
410 
411  memset(in6, 0, sizeof(struct in6_addr));
412 
413  while (cidr > 8) {
414  in6->s6_addr[i] = 0xff;
415  cidr -= 8;
416  i++;
417  }
418 
419  while (cidr > 0) {
420  in6->s6_addr[i] |= 0x80;
421  if (--cidr > 0)
422  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
423  }
424 
425  return;
426 }
427 
428 /**
429  * \internal
430  * \brief Parses an ipv4/ipv6 address string and updates the result into the
431  * DetectAddress instance sent as the argument.
432  *
433  * \param dd Pointer to the DetectAddress instance which should be updated with
434  * the address range details from the parsed ip string.
435  * \param str Pointer to address string that has to be parsed.
436  *
437  * \retval 0 On successfully parsing the address string.
438  * \retval -1 On failure.
439  */
440 static int DetectAddressParseString(DetectAddress *dd, const char *str)
441 {
442  char *ip = NULL;
443  char *ip2 = NULL;
444  char *mask = NULL;
445  int r = 0;
446  char ipstr[256];
447 
448  /* shouldn't see 'any' here */
449  BUG_ON(strcasecmp(str, "any") == 0);
450 
451  strlcpy(ipstr, str, sizeof(ipstr));
452  SCLogDebug("str %s", str);
453 
454  /* we work with a copy so that we can put a
455  * nul-termination in it later */
456  ip = ipstr;
457 
458  /* handle the negation case */
459  if (ip[0] == '!') {
460  dd->flags |= ADDRESS_FLAG_NOT;
461  ip++;
462  }
463 
464  /* see if the address is an ipv4 or ipv6 address */
465  if ((strchr(str, ':')) == NULL) {
466  /* IPv4 Address */
467  struct in_addr in;
468 
469  dd->ip.family = AF_INET;
470 
471  if ((mask = strchr(ip, '/')) != NULL) {
472  /* 1.2.3.4/xxx format (either dotted or cidr notation */
473  ip[mask - ip] = '\0';
474  mask++;
475  uint32_t ip4addr = 0;
476  uint32_t netmask = 0;
477 
478  if ((strchr (mask, '.')) == NULL) {
479  /* 1.2.3.4/24 format */
480 
481  for (size_t u = 0; u < strlen(mask); u++) {
482  if(!isdigit((unsigned char)mask[u]))
483  goto error;
484  }
485 
486  int cidr;
487  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
488  goto error;
489  netmask = CIDRGet(cidr);
490  } else {
491  /* 1.2.3.4/255.255.255.0 format */
492  r = inet_pton(AF_INET, mask, &in);
493  if (r <= 0)
494  goto error;
495 
496  netmask = in.s_addr;
497  }
498 
499  r = inet_pton(AF_INET, ip, &in);
500  if (r <= 0)
501  goto error;
502 
503  ip4addr = in.s_addr;
504 
505  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
506  dd->ip2.addr_data32[0] |=~ netmask;
507  } else if ((ip2 = strchr(ip, '-')) != NULL) {
508  /* 1.2.3.4-1.2.3.6 range format */
509  ip[ip2 - ip] = '\0';
510  ip2++;
511 
512  r = inet_pton(AF_INET, ip, &in);
513  if (r <= 0)
514  goto error;
515  dd->ip.addr_data32[0] = in.s_addr;
516 
517  r = inet_pton(AF_INET, ip2, &in);
518  if (r <= 0)
519  goto error;
520  dd->ip2.addr_data32[0] = in.s_addr;
521 
522  /* a > b is illegal, a = b is ok */
523  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
524  goto error;
525  } else {
526  /* 1.2.3.4 format */
527  r = inet_pton(AF_INET, ip, &in);
528  if (r <= 0)
529  goto error;
530  /* single host */
531  dd->ip.addr_data32[0] = in.s_addr;
532  dd->ip2.addr_data32[0] = in.s_addr;
533  }
534  } else {
535  /* IPv6 Address */
536  struct in6_addr in6, mask6;
537  uint32_t ip6addr[4], netmask[4];
538 
539  dd->ip.family = AF_INET6;
540 
541  if ((mask = strchr(ip, '/')) != NULL) {
542  ip[mask - ip] = '\0';
543  mask++;
544 
545  int cidr;
546  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
547  goto error;
548 
549  r = inet_pton(AF_INET6, ip, &in6);
550  if (r <= 0)
551  goto error;
552  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
553 
554  DetectAddressParseIPv6CIDR(cidr, &mask6);
555  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
556 
557  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
558  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
559  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
560  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
561 
562  dd->ip2.addr_data32[0] |=~ netmask[0];
563  dd->ip2.addr_data32[1] |=~ netmask[1];
564  dd->ip2.addr_data32[2] |=~ netmask[2];
565  dd->ip2.addr_data32[3] |=~ netmask[3];
566  } else if ((ip2 = strchr(ip, '-')) != NULL) {
567  /* 2001::1-2001::4 range format */
568  ip[ip2 - ip] = '\0';
569  ip2++;
570 
571  r = inet_pton(AF_INET6, ip, &in6);
572  if (r <= 0)
573  goto error;
574  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
575 
576  r = inet_pton(AF_INET6, ip2, &in6);
577  if (r <= 0)
578  goto error;
579  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
580 
581  /* a > b is illegal, a=b is ok */
582  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
583  goto error;
584  } else {
585  r = inet_pton(AF_INET6, ip, &in6);
586  if (r <= 0)
587  goto error;
588 
589  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
590  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
591  }
592 
593  }
594 
595  BUG_ON(dd->ip.family == 0);
596 
597  return 0;
598 
599 error:
600  return -1;
601 }
602 
603 /**
604  * \internal
605  * \brief Simply parse an address and return a DetectAddress instance containing
606  * the address ranges of the parsed ip addressstring
607  *
608  * \param str Pointer to a character string containing the ip address
609  *
610  * \retval dd Pointer to the DetectAddress instance containing the address
611  * range details from the parsed ip string
612  */
613 static DetectAddress *DetectAddressParseSingle(const char *str)
614 {
615  SCLogDebug("str %s", str);
616 
617  DetectAddress *dd = DetectAddressInit();
618  if (dd == NULL)
619  return NULL;
620 
621  if (DetectAddressParseString(dd, str) < 0) {
622  SCLogDebug("AddressParse failed");
623  DetectAddressFree(dd);
624  return NULL;
625  }
626 
627  return dd;
628 }
629 
630 /**
631  * \brief Setup a single address string, parse it and add the resulting
632  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
633  *
634  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
635  * resulting Address-Range(s) from the parsed ip string has to
636  * be added.
637  * \param s Pointer to the ip address string to be parsed.
638  *
639  * \retval 0 On success.
640  * \retval -1 On failure.
641  */
642 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
643 {
644  SCLogDebug("gh %p, s %s", gh, s);
645 
646  while (*s != '\0' && isspace(*s))
647  s++;
648 
649  if (strcasecmp(s, "any") == 0) {
650  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
651 
652  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
653  if (ad == NULL)
654  return -1;
655 
656  BUG_ON(ad->ip.family == 0);
657 
658  if (DetectAddressInsert(NULL, gh, ad) < 0) {
659  SCLogDebug("DetectAddressInsert failed");
660  DetectAddressFree(ad);
661  return -1;
662  }
663 
664  ad = DetectAddressParseSingle("::/0");
665  if (ad == NULL)
666  return -1;
667 
668  BUG_ON(ad->ip.family == 0);
669 
670  if (DetectAddressInsert(NULL, gh, ad) < 0) {
671  SCLogDebug("DetectAddressInsert failed");
672  DetectAddressFree(ad);
673  return -1;
674  }
675  return 0;
676  }
677 
678  /* parse the address */
679  DetectAddress *ad = DetectAddressParseSingle(s);
680  if (ad == NULL) {
681  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
682  "failed to parse address \"%s\"", s);
683  return -1;
684  }
685 
686  /* handle the not case, we apply the negation then insert the part(s) */
687  if (ad->flags & ADDRESS_FLAG_NOT) {
688  DetectAddress *ad2 = NULL;
689 
690  if (DetectAddressCutNot(ad, &ad2) < 0) {
691  SCLogDebug("DetectAddressCutNot failed");
692  DetectAddressFree(ad);
693  return -1;
694  }
695 
696  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
697  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
698  if (ad2 != NULL) {
699  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
700  SCLogDebug("DetectAddressInsert failed");
701  DetectAddressFree(ad);
702  DetectAddressFree(ad2);
703  return -1;
704  }
705  }
706  }
707 
708  int r = DetectAddressInsert(NULL, gh, ad);
709  if (r < 0) {
710  SCLogDebug("DetectAddressInsert failed");
711  DetectAddressFree(ad);
712  return -1;
713  }
714  SCLogDebug("r %d",r);
715  return 0;
716 }
717 
718 /**
719  * \brief Parses an address string and updates the 2 address heads with the
720  * address data.
721  *
722  * Note that this function should only be called by the wrapping function
723  * DetectAddressParse2. The wrapping function provides long address handling
724  * when the address size exceeds a threshold value.
725  *
726  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
727  * since we pass around negate without keeping a count of ! with depth.
728  * Can solve this by keeping a count of the negations with depth, so that
729  * an even no of negations would count as no negation and an odd no of
730  * negations would count as a negation.
731  *
732  * \param gh Pointer to the address head that should hold address ranges
733  * that are not negated.
734  * \param ghn Pointer to the address head that should hold address ranges
735  * that are negated.
736  * \param s Pointer to the character string holding the address to be
737  * parsed.
738  * \param negate Flag that indicates if the received address string is negated
739  * or not. 0 if it is not, 1 it it is.
740  *
741  * \retval 0 On successfully parsing.
742  * \retval -1 On failure.
743  */
744 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
745  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
746  int recur, char *address, size_t address_length)
747 {
748  size_t x = 0;
749  size_t u = 0;
750  int o_set = 0, n_set = 0, d_set = 0;
751  int depth = 0;
752  const char *rule_var_address = NULL;
753  char *temp_rule_var_address = NULL;
754 
755  if (++recur > 64) {
756  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
757  "limit reached (max 64)");
758  goto error;
759  }
760 
761  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
762 
763  size_t size = strlen(s);
764  for (u = 0, x = 0; u < size && x < address_length; u++) {
765  if (x == (address_length - 1)) {
766  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
767  "Hit the address buffer"
768  " limit for the supplied address. Invalidating sig. "
769  "Please file a bug report on this.");
770  goto error;
771  }
772  address[x] = s[u];
773  x++;
774 
775  if (!o_set && s[u] == '!') {
776  n_set = 1;
777  x--;
778  } else if (s[u] == '[') {
779  if (!o_set) {
780  o_set = 1;
781  x = 0;
782  }
783  depth++;
784  } else if (s[u] == ']') {
785  if (depth == 1) {
786  address[x - 1] = '\0';
787  x = 0;
788  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
789  if (((negate + n_set) % 2) == 0) {
790  /* normal block */
791  SCLogDebug("normal block");
792 
793  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
794  goto error;
795  } else {
796  /* negated block
797  *
798  * Extra steps are necessary. First consider it as a normal
799  * (non-negated) range. Merge the + and - ranges if
800  * applicable. Then insert the result into the ghn list. */
801  SCLogDebug("negated block");
802 
803  DetectAddressHead tmp_gh = { NULL, NULL };
804  DetectAddressHead tmp_ghn = { NULL, NULL };
805 
806  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
807  DetectAddressHeadCleanup(&tmp_gh);
808  DetectAddressHeadCleanup(&tmp_ghn);
809  goto error;
810  }
811 
812  DetectAddress *tmp_ad;
813  DetectAddress *tmp_ad2;
814 #ifdef DEBUG
815  SCLogDebug("tmp_gh: IPv4");
816  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
817  DetectAddressPrint(tmp_ad);
818  }
819  SCLogDebug("tmp_ghn: IPv4");
820  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
821  DetectAddressPrint(tmp_ad);
822  }
823  SCLogDebug("tmp_gh: IPv6");
824  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
825  DetectAddressPrint(tmp_ad);
826  }
827  SCLogDebug("tmp_ghn: IPv6");
828  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
829  DetectAddressPrint(tmp_ad);
830  }
831 #endif
832  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
833  DetectAddressHeadCleanup(&tmp_ghn);
834  DetectAddressHeadCleanup(&tmp_gh);
835  goto error;
836  }
837  DetectAddressHeadCleanup(&tmp_ghn);
838 
839  SCLogDebug("merged successfully");
840 
841  /* insert the IPv4 addresses into the negated list */
842  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
843  /* work with a copy of the address group */
844  tmp_ad2 = DetectAddressCopy(tmp_ad);
845  if (tmp_ad2 == NULL) {
846  SCLogDebug("DetectAddressCopy failed");
847  DetectAddressHeadCleanup(&tmp_gh);
848  goto error;
849  }
850  DetectAddressPrint(tmp_ad2);
851  DetectAddressInsert(NULL, ghn, tmp_ad2);
852  }
853 
854  /* insert the IPv6 addresses into the negated list */
855  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
856  /* work with a copy of the address group */
857  tmp_ad2 = DetectAddressCopy(tmp_ad);
858  if (tmp_ad2 == NULL) {
859  SCLogDebug("DetectAddressCopy failed");
860  DetectAddressHeadCleanup(&tmp_gh);
861  goto error;
862  }
863  DetectAddressPrint(tmp_ad2);
864  DetectAddressInsert(NULL, ghn, tmp_ad2);
865  }
866 
867  DetectAddressHeadCleanup(&tmp_gh);
868  }
869  n_set = 0;
870  }
871  depth--;
872  } else if (depth == 0 && s[u] == ',') {
873  if (o_set == 1) {
874  o_set = 0;
875  } else if (d_set == 1) {
876  address[x - 1] = '\0';
877 
878  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
879  SC_RULE_VARS_ADDRESS_GROUPS);
880  if (rule_var_address == NULL)
881  goto error;
882 
883  if (strlen(rule_var_address) == 0) {
884  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
885  "to nothing. This is likely a misconfiguration. "
886  "Note that a negated address needs to be quoted, "
887  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
888  goto error;
889  }
890 
891  SCLogDebug("rule_var_address %s", rule_var_address);
892  if ((negate + n_set) % 2) {
893  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
894  if (unlikely(temp_rule_var_address == NULL))
895  goto error;
896  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
897  "[%s]", rule_var_address);
898  } else {
899  temp_rule_var_address = SCStrdup(rule_var_address);
900  if (unlikely(temp_rule_var_address == NULL))
901  goto error;
902  }
903 
904  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
905  (negate + n_set) % 2, var_list, recur) < 0) {
906  if (temp_rule_var_address != rule_var_address)
907  SCFree(temp_rule_var_address);
908  goto error;
909  }
910  d_set = 0;
911  n_set = 0;
912  SCFree(temp_rule_var_address);
913  } else {
914  address[x - 1] = '\0';
915 
916  if (!((negate + n_set) % 2)) {
917  SCLogDebug("DetectAddressSetup into gh, %s", address);
918  if (DetectAddressSetup(gh, address) < 0)
919  goto error;
920  } else {
921  SCLogDebug("DetectAddressSetup into ghn, %s", address);
922  if (DetectAddressSetup(ghn, address) < 0)
923  goto error;
924  }
925  n_set = 0;
926  }
927  x = 0;
928  } else if (depth == 0 && s[u] == '$') {
929  d_set = 1;
930  } else if (depth == 0 && u == size - 1) {
931  if (x == address_length) {
932  address[x - 1] = '\0';
933  } else {
934  address[x] = '\0';
935  }
936  x = 0;
937 
938  if (AddVariableToResolveList(var_list, address) == -1) {
939  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
940  "groups declaration. This is likely a misconfiguration.");
941  goto error;
942  }
943 
944  if (d_set == 1) {
945  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
946  SC_RULE_VARS_ADDRESS_GROUPS);
947  if (rule_var_address == NULL)
948  goto error;
949 
950  if (strlen(rule_var_address) == 0) {
951  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
952  "to nothing. This is likely a misconfiguration. "
953  "Note that a negated address needs to be quoted, "
954  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
955  goto error;
956  }
957 
958  SCLogDebug("rule_var_address %s", rule_var_address);
959  if ((negate + n_set) % 2) {
960  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
961  if (unlikely(temp_rule_var_address == NULL))
962  goto error;
963  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
964  "[%s]", rule_var_address);
965  } else {
966  temp_rule_var_address = SCStrdup(rule_var_address);
967  if (unlikely(temp_rule_var_address == NULL))
968  goto error;
969  }
970 
971  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
972  (negate + n_set) % 2, var_list, recur) < 0) {
973  SCLogDebug("DetectAddressParse2 hates us");
974  if (temp_rule_var_address != rule_var_address)
975  SCFree(temp_rule_var_address);
976  goto error;
977  }
978  d_set = 0;
979  SCFree(temp_rule_var_address);
980  } else {
981  if (!((negate + n_set) % 2)) {
982  SCLogDebug("DetectAddressSetup into gh, %s", address);
983  if (DetectAddressSetup(gh, address) < 0) {
984  SCLogDebug("DetectAddressSetup gh fail");
985  goto error;
986  }
987  } else {
988  SCLogDebug("DetectAddressSetup into ghn, %s", address);
989  if (DetectAddressSetup(ghn, address) < 0) {
990  SCLogDebug("DetectAddressSetup ghn fail");
991  goto error;
992  }
993  }
994  }
995  n_set = 0;
996  }
997  }
998  if (depth > 0) {
999  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1000  "properly closed in \"%s\", %d missing closing brackets (]). "
1001  "Note: problem might be in a variable.", s, depth);
1002  goto error;
1003  } else if (depth < 0) {
1004  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1005  "properly opened in \"%s\", %d missing opening brackets ([). "
1006  "Note: problem might be in a variable.", s, depth*-1);
1007  goto error;
1008  }
1009 
1010  return 0;
1011 
1012 error:
1013 
1014  return -1;
1015 }
1016 
1017 /**
1018  * \internal
1019  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
1020  *
1021  * \retval Return value from DetectAddressParseInternal
1022  */
1023 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
1024  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
1025  int recur)
1026 {
1027  int rc;
1028 #define MAX_ADDRESS_LENGTH 8192
1029 
1030  size_t address_length = strlen(s);
1031  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
1032  char *address = SCCalloc(1, address_length);
1033  if (address == NULL) {
1034  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Unable to allocate"
1035  " memory for address parsing.");
1036  return -1;
1037  }
1038  rc = DetectAddressParseInternal(
1039  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
1040  SCFree(address);
1041  } else {
1042  char address[MAX_ADDRESS_LENGTH] = "";
1043  rc = DetectAddressParseInternal(
1044  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1045  }
1046  return rc;
1047 }
1048 
1049 /**
1050  * \internal
1051  * \brief See if the addresses and ranges in an address head cover the
1052  * entire ip space.
1053  *
1054  * \param gh Pointer to the DetectAddressHead to check.
1055  *
1056  * \retval 0 No.
1057  * \retval 1 Yes.
1058  *
1059  * \todo do the same for IPv6
1060  */
1061 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1062 {
1063  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1064  if (r == 1)
1065  return 1;
1066 
1067  return 0;
1068 }
1069 
1070 /**
1071  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1072  *
1073  * \param gh Pointer to the address head containing the non-NOT groups.
1074  * \param ghn Pointer to the address head containing the NOT groups.
1075  *
1076  * \retval 0 On success.
1077  * \retval -1 On failure.
1078  */
1079 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1080 {
1081  DetectAddress *ad;
1082  DetectAddress *ag, *ag2;
1083  int r = 0;
1084 
1085  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1086  ghn->ipv4_head);
1087 
1088  /* check if the negated list covers the entire ip space. If so
1089  * the user screwed up the rules/vars. */
1090  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1091  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1092  "Rule address range is NIL. Probably have a !any or "
1093  "an address range that supplies a NULL address range");
1094  goto error;
1095  }
1096 
1097  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1098  * not thingy. In that case we add a 0.0.0.0/0 first. */
1099  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1100  r = DetectAddressSetup(gh, "0.0.0.0/0");
1101  if (r < 0) {
1102  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1103  goto error;
1104  }
1105  }
1106  /* ... or ::/0 for ipv6 */
1107  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1108  r = DetectAddressSetup(gh, "::/0");
1109  if (r < 0) {
1110  SCLogDebug("DetectAddressSetup for ::/0 failed");
1111  goto error;
1112  }
1113  }
1114 
1115  /* step 1: insert our ghn members into the gh list */
1116  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1117  /* work with a copy of the ad so we can easily clean up the ghn group
1118  * later. */
1119  ad = DetectAddressCopy(ag);
1120  if (ad == NULL) {
1121  SCLogDebug("DetectAddressCopy failed");
1122  goto error;
1123  }
1124 
1125  r = DetectAddressInsert(NULL, gh, ad);
1126  if (r < 0) {
1127  SCLogDebug("DetectAddressInsert failed");
1128  goto error;
1129  }
1130  }
1131  /* ... and the same for ipv6 */
1132  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1133  /* work with a copy of the ad so we can easily clean up the ghn group
1134  * later. */
1135  ad = DetectAddressCopy(ag);
1136  if (ad == NULL) {
1137  SCLogDebug("DetectAddressCopy failed");
1138  goto error;
1139  }
1140 
1141  r = DetectAddressInsert(NULL, gh, ad);
1142  if (r < 0) {
1143  SCLogDebug("DetectAddressInsert failed");
1144  goto error;
1145  }
1146  }
1147 #ifdef DEBUG
1148  DetectAddress *tmp_ad;
1149  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1150  DetectAddressPrint(tmp_ad);
1151  }
1152 #endif
1153  int ipv4_applied = 0;
1154  int ipv6_applied = 0;
1155 
1156  /* step 2: pull the address blocks that match our 'not' blocks */
1157  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1158  SCLogDebug("ag %p", ag);
1159  DetectAddressPrint(ag);
1160 
1161  int applied = 0;
1162  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1163  SCLogDebug("ag2 %p", ag2);
1164  DetectAddressPrint(ag2);
1165 
1166  r = DetectAddressCmp(ag, ag2);
1167  /* XXX more ??? */
1168  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1169  if (ag2->prev == NULL)
1170  gh->ipv4_head = ag2->next;
1171  else
1172  ag2->prev->next = ag2->next;
1173 
1174  if (ag2->next != NULL)
1175  ag2->next->prev = ag2->prev;
1176 
1177  /* store the next ptr and remove the group */
1178  DetectAddress *next_ag2 = ag2->next;
1179  DetectAddressFree(ag2);
1180  ag2 = next_ag2;
1181  applied = 1;
1182  } else {
1183  ag2 = ag2->next;
1184  }
1185  }
1186 
1187  if (applied) {
1188  ipv4_applied++;
1189  }
1190  }
1191  /* ... and the same for ipv6 */
1192  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1193  int applied = 0;
1194  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1195  r = DetectAddressCmp(ag, ag2);
1196  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1197  if (ag2->prev == NULL)
1198  gh->ipv6_head = ag2->next;
1199  else
1200  ag2->prev->next = ag2->next;
1201 
1202  if (ag2->next != NULL)
1203  ag2->next->prev = ag2->prev;
1204 
1205  /* store the next ptr and remove the group */
1206  DetectAddress *next_ag2 = ag2->next;
1207  DetectAddressFree(ag2);
1208  ag2 = next_ag2;
1209 
1210  SCLogDebug("applied");
1211  applied = 1;
1212  } else {
1213  ag2 = ag2->next;
1214  }
1215  }
1216  if (applied) {
1217  ipv6_applied++;
1218  }
1219  }
1220 #ifdef DEBUG
1221  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1222  DetectAddressPrint(tmp_ad);
1223  }
1224  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1225  DetectAddressPrint(tmp_ad);
1226  }
1227 #endif
1228  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1229  int cnt = 0;
1230  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1231  cnt++;
1232 
1233  if (ipv4_applied != cnt) {
1234  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1235  "could be applied: %d != %d", cnt, ipv4_applied);
1236  goto error;
1237  }
1238 
1239  cnt = 0;
1240  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1241  cnt++;
1242 
1243  if (ipv6_applied != cnt) {
1244  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1245  "could be applied: %d != %d", cnt, ipv6_applied);
1246  goto error;
1247  }
1248  }
1249 
1250  /* if the result is that we have no addresses we return error */
1251  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1252  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1253  "merging addresses and negated addresses");
1254  goto error;
1255  }
1256 
1257  return 0;
1258 
1259 error:
1260  return -1;
1261 }
1262 
1263 int DetectAddressTestConfVars(void)
1264 {
1265  SCLogDebug("Testing address conf vars for any misconfigured values");
1266 
1267  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1268 
1269  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1270  if (address_vars_node == NULL) {
1271  return 0;
1272  }
1273 
1274  DetectAddressHead *gh = NULL;
1275  DetectAddressHead *ghn = NULL;
1276 
1277  ConfNode *seq_node;
1278  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1279  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1280 
1281  gh = DetectAddressHeadInit();
1282  if (gh == NULL) {
1283  goto error;
1284  }
1285  ghn = DetectAddressHeadInit();
1286  if (ghn == NULL) {
1287  goto error;
1288  }
1289 
1290  if (seq_node->val == NULL) {
1291  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1292  "Address var \"%s\" probably has a sequence(something "
1293  "in brackets) value set without any quotes. Please "
1294  "quote it using \"..\".", seq_node->name);
1295  goto error;
1296  }
1297 
1298  int r = DetectAddressParse2(
1299  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1300 
1301  CleanVariableResolveList(&var_list);
1302 
1303  if (r < 0) {
1304  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1305  "failed to parse address var \"%s\" with value \"%s\". "
1306  "Please check its syntax",
1307  seq_node->name, seq_node->val);
1308  goto error;
1309  }
1310 
1311  if (DetectAddressIsCompleteIPSpace(ghn)) {
1312  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
1313  "address var - \"%s\" has the complete IP space negated "
1314  "with its value \"%s\". Rule address range is NIL. "
1315  "Probably have a !any or an address range that supplies "
1316  "a NULL address range",
1317  seq_node->name, seq_node->val);
1318  goto error;
1319  }
1320 
1321  if (gh != NULL) {
1322  DetectAddressHeadFree(gh);
1323  gh = NULL;
1324  }
1325  if (ghn != NULL) {
1326  DetectAddressHeadFree(ghn);
1327  ghn = NULL;
1328  }
1329  }
1330 
1331  return 0;
1332  error:
1333  if (gh != NULL)
1334  DetectAddressHeadFree(gh);
1335  if (ghn != NULL)
1336  DetectAddressHeadFree(ghn);
1337  return -1;
1338 }
1339 
1340 #include "util-hash-lookup3.h"
1341 
1342 typedef struct DetectAddressMap_ {
1343  char *string;
1344  DetectAddressHead *address;
1345  bool contains_negation;
1346 } DetectAddressMap;
1347 
1348 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1349 {
1350  const DetectAddressMap *map = (DetectAddressMap *)data;
1351  uint32_t hash = 0;
1352 
1353  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1354  hash %= ht->array_size;
1355 
1356  return hash;
1357 }
1358 
1359 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1360  uint16_t len2)
1361 {
1362  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1363  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1364 
1365 
1366  int r = (strcmp(map1->string, map2->string) == 0);
1367  return r;
1368 }
1369 
1370 static void DetectAddressMapFreeFunc(void *data)
1371 {
1372  DetectAddressMap *map = (DetectAddressMap *)data;
1373  if (map != NULL) {
1374  DetectAddressHeadFree(map->address);
1375  SCFree(map->string);
1376  }
1377  SCFree(map);
1378 }
1379 
1380 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1381 {
1382  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1383  DetectAddressMapCompareFunc,
1384  DetectAddressMapFreeFunc);
1385  if (de_ctx->address_table == NULL)
1386  return -1;
1387 
1388  return 0;
1389 }
1390 
1391 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1392 {
1393  if (de_ctx->address_table == NULL)
1394  return;
1395 
1396  HashListTableFree(de_ctx->address_table);
1397  de_ctx->address_table = NULL;
1398  return;
1399 }
1400 
1401 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1402  DetectAddressHead *address, bool contains_negation)
1403 {
1404  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1405  if (map == NULL)
1406  return -1;
1407 
1408  map->string = SCStrdup(string);
1409  if (map->string == NULL) {
1410  SCFree(map);
1411  return -1;
1412  }
1413  map->address = address;
1414  map->contains_negation = contains_negation;
1415 
1416  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1417  return 0;
1418 }
1419 
1420 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1421  const char *string)
1422 {
1423  DetectAddressMap map = { (char *)string, NULL, false };
1424 
1425  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1426  &map, 0);
1427  return res;
1428 }
1429 
1430 /**
1431  * \brief Parses an address group sent as a character string and updates the
1432  * DetectAddressHead sent as the argument with the relevant address
1433  * ranges from the parsed string.
1434  *
1435  * \param de_ctx Pointer to the detection engine context
1436  * \param gh Pointer to the DetectAddressHead.
1437  * \param str Pointer to the character string containing the address group
1438  * that has to be parsed.
1439  *
1440  * \retval 1 On success. Contained negation.
1441  * \retval 0 On success. Did not contain negation.
1442  * \retval -1 On failure.
1443  */
1444 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1445  DetectAddressHead *gh, const char *str)
1446 {
1447  SCLogDebug("gh %p, str %s", gh, str);
1448 
1449  if (str == NULL) {
1450  SCLogDebug("DetectAddressParse can not be run with NULL address");
1451  return -1;
1452  }
1453 
1454  DetectAddressHead *ghn = DetectAddressHeadInit();
1455  if (ghn == NULL) {
1456  SCLogDebug("DetectAddressHeadInit for ghn failed");
1457  return -1;
1458  }
1459 
1460  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1461  if (r < 0) {
1462  SCLogDebug("DetectAddressParse2 returned %d", r);
1463  DetectAddressHeadFree(ghn);
1464  return -1;
1465  }
1466 
1467  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1468  ghn->ipv4_head);
1469 
1470  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1471 
1472  /* merge the 'not' address groups */
1473  if (DetectAddressMergeNot(gh, ghn) < 0) {
1474  SCLogDebug("DetectAddressMergeNot failed");
1475  DetectAddressHeadFree(ghn);
1476  return -1;
1477  }
1478 
1479  /* free the temp negate head */
1480  DetectAddressHeadFree(ghn);
1481  return contains_negation ? 1 : 0;
1482 }
1483 
1484 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1485  const char *string, bool *contains_negation)
1486 {
1487  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1488  if (res != NULL) {
1489  SCLogDebug("found: %s :: %p", string, res);
1490  *contains_negation = res->contains_negation;
1491  return res->address;
1492  }
1493 
1494  SCLogDebug("%s not found", string);
1495 
1496  DetectAddressHead *head = DetectAddressHeadInit();
1497  if (head == NULL)
1498  return NULL;
1499 
1500  const int r = DetectAddressParse(de_ctx, head, string);
1501  if (r < 0) {
1502  DetectAddressHeadFree(head);
1503  return NULL;
1504  } else if (r == 1) {
1505  *contains_negation = true;
1506  } else {
1507  *contains_negation = false;
1508  }
1509 
1510  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head,
1511  *contains_negation);
1512  return head;
1513 }
1514 
1515 /**
1516  * \brief Cleans a DetectAddressHead. The functions frees the address
1517  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1518  * instance.
1519  *
1520  * \param gh Pointer to the DetectAddressHead instance that has to be
1521  * cleaned.
1522  */
1523 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1524 {
1525  if (gh != NULL) {
1526  if (gh->ipv4_head != NULL) {
1527  DetectAddressCleanupList(gh->ipv4_head);
1528  gh->ipv4_head = NULL;
1529  }
1530  if (gh->ipv6_head != NULL) {
1531  DetectAddressCleanupList(gh->ipv6_head);
1532  gh->ipv6_head = NULL;
1533  }
1534  }
1535 
1536  return;
1537 }
1538 
1539 /**
1540  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1541  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1542  * explanations on what these functions do.
1543  *
1544  * \param de_ctx Pointer to the DetectEngineCtx.
1545  * \param a Pointer to the first address to be cut.
1546  * \param b Pointer to the second address to be cut.
1547  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1548  * ranges from a and b, demand a third address range.
1549  *
1550  * \retval 0 On success.
1551  * \retval -1 On failure.
1552  */
1553 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1554  DetectAddress *b, DetectAddress **c)
1555 {
1556  if (a->ip.family == AF_INET)
1557  return DetectAddressCutIPv4(de_ctx, a, b, c);
1558  else if (a->ip.family == AF_INET6)
1559  return DetectAddressCutIPv6(de_ctx, a, b, c);
1560 
1561  return -1;
1562 }
1563 
1564 /**
1565  * \brief Cuts a negated address range with respect to the entire ip range, and
1566  * supplies with the address range that doesn't belong to the negated
1567  * address range.
1568  *
1569  * There are 2 cases here -
1570  *
1571  * The first case includes the address being located at the extreme ends
1572  * of the ip space, in which we get a single range.
1573  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1574  *
1575  * The second case includes the address not present at either of the
1576  * ip space extremes, in which case we get 2 ranges. The second range
1577  * would be supplied back with the argument "b" supplied to this function.
1578  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1579  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1580  *
1581  * The above negation cases can similarly be extended to ranges, i.e.
1582  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1583  * ![10.20.30.40 - 10.20.30.50].
1584  *
1585  *
1586  * \param a Pointer to the DetectAddressData instance, that contains the negated
1587  * address range that has to be cut.
1588  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1589  * filled with the address range, if the argument "a", doesn't fall at
1590  * the extreme ends of the ip address space.
1591  *
1592  * \retval 0 On success.
1593  * \retval -1 On failure.
1594  */
1595 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1596 {
1597  if (a->ip.family == AF_INET)
1598  return DetectAddressCutNotIPv4(a, b);
1599  else if (a->ip.family == AF_INET6)
1600  return DetectAddressCutNotIPv6(a, b);
1601 
1602  return -1;
1603 }
1604 
1605 /**
1606  * \brief Used to compare 2 address ranges.
1607  *
1608  * \param a Pointer to the first DetectAddressData to be compared.
1609  * \param b Pointer to the second DetectAddressData to be compared.
1610  */
1611 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1612 {
1613  if (a->ip.family != b->ip.family)
1614  return ADDRESS_ER;
1615 
1616  if (a->ip.family == AF_INET)
1617  return DetectAddressCmpIPv4(a, b);
1618  else if (a->ip.family == AF_INET6)
1619  return DetectAddressCmpIPv6(a, b);
1620 
1621  return ADDRESS_ER;
1622 }
1623 
1624 /**
1625  * \brief Match a packets address against a signatures addrs array
1626  *
1627  * \param addrs array of DetectMatchAddressIPv4's
1628  * \param addrs_cnt array size in members
1629  * \param a packets address
1630  *
1631  * \retval 0 no match
1632  * \retval 1 match
1633  *
1634  * \note addresses in addrs are in host order
1635  *
1636  * \todo array should be ordered, so we can break out of the loop
1637  */
1638 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1639  uint16_t addrs_cnt, const Address *a)
1640 {
1641  SCEnter();
1642 
1643  if (addrs == NULL || addrs_cnt == 0) {
1644  SCReturnInt(0);
1645  }
1646 
1647  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1648  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1649  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1650  {
1651  SCReturnInt(1);
1652  }
1653  }
1654 
1655  SCReturnInt(0);
1656 }
1657 
1658 /**
1659  * \brief Match a packets address against a signatures addrs array
1660  *
1661  * \param addrs array of DetectMatchAddressIPv6's
1662  * \param addrs_cnt array size in members
1663  * \param a packets address
1664  *
1665  * \retval 0 no match
1666  * \retval 1 match
1667  *
1668  * \note addresses in addrs are in host order
1669  *
1670  * \todo array should be ordered, so we can break out of the loop
1671  */
1672 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1673  uint16_t addrs_cnt, const Address *a)
1674 {
1675  SCEnter();
1676 
1677  if (addrs == NULL || addrs_cnt == 0) {
1678  SCReturnInt(0);
1679  }
1680 
1681  /* See if the packet address is within the range of any entry in the
1682  * signature's address match array.
1683  */
1684  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1685  uint16_t result1 = 0, result2 = 0;
1686 
1687  /* See if packet address equals either limit. Return 1 if true. */
1688  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1689  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1690  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1691  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1692  {
1693  SCReturnInt(1);
1694  }
1695  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1696  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1697  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1698  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1699  {
1700  SCReturnInt(1);
1701  }
1702 
1703  /* See if packet address is greater than lower limit
1704  * of the current signature address match pair.
1705  */
1706  for (int i = 0; i < 4; i++) {
1707  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1708  result1 = 1;
1709  break;
1710  }
1711  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1712  result1 = 0;
1713  break;
1714  }
1715  }
1716 
1717  /* If not greater than lower limit, try next address match entry */
1718  if (result1 == 0)
1719  continue;
1720 
1721  /* See if packet address is less than upper limit
1722  * of the current signature address match pair.
1723  */
1724  for (int i = 0; i < 4; i++) {
1725  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1726  result2 = 1;
1727  break;
1728  }
1729  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1730  result2 = 0;
1731  break;
1732  }
1733  }
1734 
1735  /* Return a match if packet address is between the two
1736  * signature address match limits.
1737  */
1738  if (result1 == 1 && result2 == 1)
1739  SCReturnInt(1);
1740  }
1741 
1742  SCReturnInt(0);
1743 }
1744 
1745 /**
1746  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1747  * range in the DetectAddress instance.
1748  *
1749  * We basically check that the address falls in between the address
1750  * range in DetectAddress.
1751  *
1752  * \param dd Pointer to the DetectAddress instance.
1753  * \param a Pointer to an Address instance.
1754  *
1755  * \param 1 On a match.
1756  * \param 0 On no match.
1757  */
1758 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1759 {
1760  SCEnter();
1761 
1762  if (dd->ip.family != a->family) {
1763  SCReturnInt(0);
1764  }
1765 
1766  //DetectAddressPrint(dd);
1767  //AddressDebugPrint(a);
1768 
1769  switch (a->family) {
1770  case AF_INET:
1771 
1772  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1773  * Address inside DetectAddressData we can do uint8_t checks */
1774  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1775  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1776  {
1777  SCReturnInt(1);
1778  } else {
1779  SCReturnInt(0);
1780  }
1781 
1782  break;
1783  case AF_INET6:
1784  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1785  AddressIPv6Le(a, &dd->ip2) == 1)
1786  {
1787  SCReturnInt(1);
1788  } else {
1789  SCReturnInt(0);
1790  }
1791 
1792  break;
1793  default:
1794  SCLogDebug("What other address type can we have :-/");
1795  break;
1796  }
1797 
1798  SCReturnInt(0);
1799 }
1800 
1801 #ifdef DEBUG
1802 /**
1803  * \brief Prints the address data held by the DetectAddress. If the address
1804  * data family is IPv4, we print the the ipv4 address and mask, and
1805  * if the address data family is IPv6, we print the ipv6 address and
1806  * mask.
1807  *
1808  * \param ad Pointer to the DetectAddress instance to be printed.
1809  */
1810 static void DetectAddressPrint(DetectAddress *gr)
1811 {
1812  if (gr == NULL)
1813  return;
1814 
1815  if (gr->ip.family == AF_INET) {
1816  struct in_addr in;
1817  char ip[16], mask[16];
1818 
1819  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1820  PrintInet(AF_INET, &in, ip, sizeof(ip));
1821  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1822  PrintInet(AF_INET, &in, mask, sizeof(mask));
1823 
1824  SCLogDebug("%s/%s", ip, mask);
1825 // printf("%s/%s", ip, mask);
1826  } else if (gr->ip.family == AF_INET6) {
1827  struct in6_addr in6;
1828  char ip[66], mask[66];
1829 
1830  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1831  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1832  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1833  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1834 
1835  SCLogDebug("%s/%s", ip, mask);
1836 // printf("%s/%s", ip, mask);
1837  }
1838 
1839  return;
1840 }
1841 #endif
1842 
1843 /**
1844  * \brief Find the group matching address in a group head.
1845  *
1846  * \param gh Pointer to the address group head(DetectAddressHead instance).
1847  * \param a Pointer to an Address instance.
1848  *
1849  * \retval g On success pointer to an DetectAddress if we find a match
1850  * for the Address "a", in the DetectAddressHead "gh".
1851  */
1852 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1853 {
1854  SCEnter();
1855 
1856  DetectAddress *g = NULL;
1857 
1858  if (gh == NULL) {
1859  SCReturnPtr(NULL, "DetectAddress");
1860  }
1861 
1862  /* XXX should we really do this check every time we run this function? */
1863  if (a->family == AF_INET) {
1864  SCLogDebug("IPv4");
1865  g = gh->ipv4_head;
1866  } else if (a->family == AF_INET6) {
1867  SCLogDebug("IPv6");
1868  g = gh->ipv6_head;
1869  }
1870 
1871  for ( ; g != NULL; g = g->next) {
1872  if (DetectAddressMatch(g,a) == 1) {
1873  SCReturnPtr(g, "DetectAddress");
1874  }
1875  }
1876 
1877  SCReturnPtr(NULL, "DetectAddress");
1878 }
1879 
1880 /********************************Unittests*************************************/
1881 
1882 #ifdef UNITTESTS
1883 
1884 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1885 {
1886  char str1[46] = "", str2[46] = "";
1887 
1888  if (ad == NULL)
1889  return FALSE;
1890 
1891  switch(ad->ip.family) {
1892  case AF_INET:
1893  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1894  SCLogDebug("%s", str1);
1895  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1896  SCLogDebug("%s", str2);
1897 
1898  if (strcmp(str1, one) != 0) {
1899  SCLogInfo("%s != %s", str1, one);
1900  return FALSE;
1901  }
1902 
1903  if (strcmp(str2, two) != 0) {
1904  SCLogInfo("%s != %s", str2, two);
1905  return FALSE;
1906  }
1907 
1908  return TRUE;
1909  break;
1910 
1911  case AF_INET6:
1912  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1913  SCLogDebug("%s", str1);
1914  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1915  SCLogDebug("%s", str2);
1916 
1917  if (strcmp(str1, one) != 0) {
1918  SCLogInfo("%s != %s", str1, one);
1919  return FALSE;
1920  }
1921 
1922  if (strcmp(str2, two) != 0) {
1923  SCLogInfo("%s != %s", str2, two);
1924  return FALSE;
1925  }
1926 
1927  return TRUE;
1928  break;
1929  }
1930 
1931  return FALSE;
1932 }
1933 
1934 typedef struct UTHValidateDetectAddressHeadRange_ {
1935  const char *one;
1936  const char *two;
1937 } UTHValidateDetectAddressHeadRange;
1938 
1939 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1940 {
1941  int expect = nranges;
1942  int have = 0;
1943 
1944  if (gh == NULL)
1945  return FALSE;
1946 
1947  DetectAddress *ad = NULL;
1948  ad = gh->ipv4_head;
1949  if (ad == NULL)
1950  ad = gh->ipv6_head;
1951  while (have < expect) {
1952  if (ad == NULL) {
1953  printf("bad head: have %d ranges, expected %d: ", have, expect);
1954  return FALSE;
1955  }
1956 
1957  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
1958  return FALSE;
1959 
1960  ad = ad->next;
1961  have++;
1962  }
1963 
1964  return TRUE;
1965 }
1966 
1967 static int AddressTestParse01(void)
1968 {
1969  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1970 
1971  if (dd) {
1972  DetectAddressFree(dd);
1973  return 1;
1974  }
1975 
1976  return 0;
1977 }
1978 
1979 static int AddressTestParse02(void)
1980 {
1981  int result = 1;
1982  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1983 
1984  if (dd) {
1985  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1986  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1987  result = 0;
1988  }
1989 
1990  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1991  DetectAddressFree(dd);
1992  return result;
1993  }
1994 
1995  return 0;
1996 }
1997 
1998 static int AddressTestParse03(void)
1999 {
2000  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2001 
2002  if (dd) {
2003  DetectAddressFree(dd);
2004  return 1;
2005  }
2006 
2007  return 0;
2008 }
2009 
2010 static int AddressTestParse04(void)
2011 {
2012  int result = 1;
2013  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2014 
2015  if (dd) {
2016  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2017  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2018  result = 0;
2019  }
2020 
2021  DetectAddressFree(dd);
2022  return result;
2023  }
2024 
2025  return 0;
2026 }
2027 
2028 static int AddressTestParse05(void)
2029 {
2030  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2031 
2032  if (dd) {
2033  DetectAddressFree(dd);
2034  return 1;
2035  }
2036 
2037  return 0;
2038 }
2039 
2040 static int AddressTestParse06(void)
2041 {
2042  int result = 1;
2043  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2044 
2045  if (dd) {
2046  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2047  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2048  result = 0;
2049  }
2050 
2051  DetectAddressFree(dd);
2052  return result;
2053  }
2054 
2055  return 0;
2056 }
2057 
2058 static int AddressTestParse07(void)
2059 {
2060  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2061 
2062  if (dd) {
2063  DetectAddressFree(dd);
2064  return 1;
2065  }
2066 
2067  return 0;
2068 }
2069 
2070 static int AddressTestParse08(void)
2071 {
2072  int result = 1;
2073  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2074 
2075  if (dd) {
2076  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2077  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2078 
2079  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2080  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2081  DetectAddressPrint(dd);
2082  result = 0;
2083  }
2084 
2085  DetectAddressFree(dd);
2086  return result;
2087  }
2088 
2089  return 0;
2090 }
2091 
2092 static int AddressTestParse09(void)
2093 {
2094  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2095 
2096  if (dd) {
2097  DetectAddressFree(dd);
2098  return 1;
2099  }
2100 
2101  return 0;
2102 }
2103 
2104 static int AddressTestParse10(void)
2105 {
2106  int result = 1;
2107  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2108 
2109  if (dd) {
2110  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2111  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2112 
2113  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2114  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2115  DetectAddressPrint(dd);
2116  result = 0;
2117  }
2118 
2119  DetectAddressFree(dd);
2120  return result;
2121  }
2122 
2123  return 0;
2124 }
2125 
2126 static int AddressTestParse11(void)
2127 {
2128  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2129 
2130  if (dd) {
2131  DetectAddressFree(dd);
2132  return 1;
2133  }
2134 
2135  return 0;
2136 }
2137 
2138 static int AddressTestParse12(void)
2139 {
2140  int result = 1;
2141  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2142 
2143  if (dd) {
2144  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2145  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2146 
2147  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2148  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2149  DetectAddressPrint(dd);
2150  result = 0;
2151  }
2152 
2153  DetectAddressFree(dd);
2154  return result;
2155  }
2156 
2157  return 0;
2158 }
2159 static int AddressTestParse13(void)
2160 {
2161  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2162 
2163  if (dd) {
2164  DetectAddressFree(dd);
2165  return 1;
2166  }
2167 
2168  return 0;
2169 }
2170 
2171 static int AddressTestParse14(void)
2172 {
2173  int result = 1;
2174  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2175 
2176  if (dd) {
2177  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2178  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2179 
2180  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2181  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2182  result = 0;
2183  }
2184 
2185  DetectAddressFree(dd);
2186  return result;
2187  }
2188 
2189  return 0;
2190 }
2191 
2192 static int AddressTestParse15(void)
2193 {
2194  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2195 
2196  if (dd) {
2197  DetectAddressFree(dd);
2198  return 1;
2199  }
2200 
2201  return 0;
2202 }
2203 
2204 static int AddressTestParse16(void)
2205 {
2206  int result = 1;
2207  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2208 
2209  if (dd) {
2210  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2211  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2212 
2213  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2214  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2215  result = 0;
2216  }
2217 
2218  DetectAddressFree(dd);
2219  return result;
2220  }
2221 
2222  return 0;
2223 }
2224 
2225 static int AddressTestParse17(void)
2226 {
2227  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2228 
2229  if (dd) {
2230  DetectAddressFree(dd);
2231  return 1;
2232  }
2233 
2234  return 0;
2235 }
2236 
2237 static int AddressTestParse18(void)
2238 {
2239  int result = 1;
2240  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2241 
2242  if (dd) {
2243  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2244  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2245  result = 0;
2246  }
2247 
2248  DetectAddressFree(dd);
2249  return result;
2250  }
2251 
2252  return 0;
2253 }
2254 
2255 static int AddressTestParse19(void)
2256 {
2257  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2258 
2259  if (dd) {
2260  DetectAddressFree(dd);
2261  return 0;
2262  }
2263 
2264  return 1;
2265 }
2266 
2267 static int AddressTestParse20(void)
2268 {
2269  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2270 
2271  if (dd) {
2272  DetectAddressFree(dd);
2273  return 1;
2274  }
2275 
2276  return 0;
2277 }
2278 
2279 static int AddressTestParse21(void)
2280 {
2281  int result = 1;
2282  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2283 
2284  if (dd) {
2285  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2286  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2287 
2288  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2289  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2290  result = 0;
2291  }
2292 
2293  DetectAddressFree(dd);
2294  return result;
2295  }
2296 
2297  return 0;
2298 }
2299 
2300 static int AddressTestParse22(void)
2301 {
2302  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2303 
2304  if (dd) {
2305  DetectAddressFree(dd);
2306  return 0;
2307  }
2308 
2309  return 1;
2310 }
2311 
2312 static int AddressTestParse23(void)
2313 {
2314  DetectAddressHead *gh = DetectAddressHeadInit();
2315  FAIL_IF_NULL(gh);
2316  int r = DetectAddressParse(NULL, gh, "any");
2317  FAIL_IF_NOT(r == 0);
2318  DetectAddressHeadFree(gh);
2319  PASS;
2320 }
2321 
2322 static int AddressTestParse24(void)
2323 {
2324  DetectAddressHead *gh = DetectAddressHeadInit();
2325  FAIL_IF_NULL(gh);
2326  int r = DetectAddressParse(NULL, gh, "Any");
2327  FAIL_IF_NOT(r == 0);
2328  DetectAddressHeadFree(gh);
2329  PASS;
2330 }
2331 
2332 static int AddressTestParse25(void)
2333 {
2334  DetectAddressHead *gh = DetectAddressHeadInit();
2335  FAIL_IF_NULL(gh);
2336  int r = DetectAddressParse(NULL, gh, "ANY");
2337  FAIL_IF_NOT(r == 0);
2338  DetectAddressHeadFree(gh);
2339  PASS;
2340 }
2341 
2342 /** \test recursion limit */
2343 static int AddressTestParse26(void)
2344 {
2345  DetectAddressHead *gh = DetectAddressHeadInit();
2346  FAIL_IF_NULL(gh);
2347  /* exactly 64: should pass */
2348  int r = DetectAddressParse(NULL, gh,
2349  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2350  "1.2.3.4"
2351  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2352  );
2353  FAIL_IF_NOT(r == 0);
2354  DetectAddressHeadFree(gh);
2355  gh = DetectAddressHeadInit();
2356  FAIL_IF_NULL(gh);
2357  /* exactly 65: should fail */
2358  r = DetectAddressParse(NULL, gh,
2359  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2360  "1.2.3.4"
2361  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2362  );
2363  FAIL_IF(r == 0);
2364  DetectAddressHeadFree(gh);
2365  PASS;
2366 }
2367 
2368 static int AddressTestParse27(void)
2369 {
2370  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2371 
2372  if (dd) {
2373  DetectAddressFree(dd);
2374  return 1;
2375  }
2376 
2377  return 0;
2378 }
2379 
2380 static int AddressTestParse28(void)
2381 {
2382  int result = 0;
2383  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2384 
2385  if (dd) {
2386  if (dd->flags & ADDRESS_FLAG_NOT &&
2387  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2388  result = 1;
2389  }
2390 
2391  DetectAddressFree(dd);
2392  return result;
2393  }
2394 
2395  return 0;
2396 }
2397 
2398 static int AddressTestParse29(void)
2399 {
2400  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2401 
2402  if (dd) {
2403  DetectAddressFree(dd);
2404  return 1;
2405  }
2406 
2407  return 0;
2408 }
2409 
2410 static int AddressTestParse30(void)
2411 {
2412  int result = 0;
2413  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2414 
2415  if (dd) {
2416  if (dd->flags & ADDRESS_FLAG_NOT &&
2417  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2418  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2419  result = 1;
2420  }
2421 
2422  DetectAddressFree(dd);
2423  return result;
2424  }
2425 
2426  return 0;
2427 }
2428 
2429 /**
2430  * \test make sure !any is rejected
2431  */
2432 static int AddressTestParse31(void)
2433 {
2434  DetectAddress *dd = DetectAddressParseSingle("!any");
2435 
2436  if (dd) {
2437  DetectAddressFree(dd);
2438  return 0;
2439  }
2440 
2441  return 1;
2442 }
2443 
2444 static int AddressTestParse32(void)
2445 {
2446  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2447 
2448  if (dd) {
2449  DetectAddressFree(dd);
2450  return 1;
2451  }
2452 
2453  return 0;
2454 }
2455 
2456 static int AddressTestParse33(void)
2457 {
2458  int result = 0;
2459  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2460 
2461  if (dd) {
2462  if (dd->flags & ADDRESS_FLAG_NOT &&
2463  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2464  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2465  result = 1;
2466  }
2467 
2468  DetectAddressFree(dd);
2469  return result;
2470  }
2471 
2472  return 0;
2473 }
2474 
2475 static int AddressTestParse34(void)
2476 {
2477  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2478 
2479  if (dd) {
2480  DetectAddressFree(dd);
2481  return 1;
2482  }
2483 
2484  return 0;
2485 }
2486 
2487 static int AddressTestParse35(void)
2488 {
2489  int result = 0;
2490  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2491 
2492  if (dd) {
2493  if (dd->flags & ADDRESS_FLAG_NOT &&
2494  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2495  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2496 
2497  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2498  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2499  result = 1;
2500  }
2501 
2502  DetectAddressFree(dd);
2503  return result;
2504  }
2505 
2506  return 0;
2507 }
2508 
2509 static int AddressTestParse36(void)
2510 {
2511  int result = 1;
2512  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2513 
2514  if (dd) {
2515  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2516  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2517 
2518  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2519  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2520 
2521  DetectAddressPrint(dd);
2522  result = 0;
2523  }
2524  DetectAddressPrint(dd);
2525 
2526  DetectAddressFree(dd);
2527  return result;
2528  }
2529 
2530  return 0;
2531 }
2532 
2533 static int AddressTestParse37(void)
2534 {
2535  int result = 1;
2536  DetectAddress *dd = DetectAddressParseSingle("::/0");
2537 
2538  if (dd) {
2539  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2540  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2541 
2542  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2543  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2544  DetectAddressPrint(dd);
2545  result = 0;
2546  }
2547  DetectAddressPrint(dd);
2548 
2549  DetectAddressFree(dd);
2550  return result;
2551  }
2552 
2553  return 0;
2554 }
2555 
2556 static int AddressTestMatch01(void)
2557 {
2558  DetectAddress *dd = NULL;
2559  int result = 1;
2560  struct in_addr in;
2561  Address a;
2562 
2563  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2564  return 0;
2565  memset(&a, 0, sizeof(Address));
2566  a.family = AF_INET;
2567  a.addr_data32[0] = in.s_addr;
2568 
2569  dd = DetectAddressParseSingle("1.2.3.4/24");
2570  if (dd) {
2571  if (DetectAddressMatch(dd, &a) == 0)
2572  result = 0;
2573 
2574  DetectAddressFree(dd);
2575  return result;
2576  }
2577 
2578  return 0;
2579 }
2580 
2581 static int AddressTestMatch02(void)
2582 {
2583  DetectAddress *dd = NULL;
2584  int result = 1;
2585  struct in_addr in;
2586  Address a;
2587 
2588  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2589  return 0;
2590  memset(&a, 0, sizeof(Address));
2591  a.family = AF_INET;
2592  a.addr_data32[0] = in.s_addr;
2593 
2594  dd = DetectAddressParseSingle("1.2.3.4/25");
2595  if (dd) {
2596  if (DetectAddressMatch(dd, &a) == 0)
2597  result = 0;
2598 
2599  DetectAddressFree(dd);
2600  return result;
2601  }
2602 
2603  return 0;
2604 }
2605 
2606 static int AddressTestMatch03(void)
2607 {
2608  DetectAddress *dd = NULL;
2609  int result = 1;
2610  struct in_addr in;
2611  Address a;
2612 
2613  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2614  return 0;
2615  memset(&a, 0, sizeof(Address));
2616  a.family = AF_INET;
2617  a.addr_data32[0] = in.s_addr;
2618 
2619  dd = DetectAddressParseSingle("1.2.3.4/25");
2620  if (dd) {
2621  if (DetectAddressMatch(dd, &a) == 1)
2622  result = 0;
2623 
2624  DetectAddressFree(dd);
2625  return result;
2626  }
2627 
2628  return 0;
2629 }
2630 
2631 static int AddressTestMatch04(void)
2632 {
2633  DetectAddress *dd = NULL;
2634  int result = 1;
2635  struct in_addr in;
2636  Address a;
2637 
2638  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2639  return 0;
2640  memset(&a, 0, sizeof(Address));
2641  a.family = AF_INET;
2642  a.addr_data32[0] = in.s_addr;
2643 
2644  dd = DetectAddressParseSingle("1.2.3.4/25");
2645  if (dd) {
2646  if (DetectAddressMatch(dd, &a) == 1)
2647  result = 0;
2648 
2649  DetectAddressFree(dd);
2650  return result;
2651  }
2652 
2653  return 0;
2654 }
2655 
2656 static int AddressTestMatch05(void)
2657 {
2658  DetectAddress *dd = NULL;
2659  int result = 1;
2660  struct in_addr in;
2661  Address a;
2662 
2663  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2664  return 0;
2665  memset(&a, 0, sizeof(Address));
2666  a.family = AF_INET;
2667  a.addr_data32[0] = in.s_addr;
2668 
2669  dd = DetectAddressParseSingle("1.2.3.4/32");
2670  if (dd) {
2671  if (DetectAddressMatch(dd, &a) == 0)
2672  result = 0;
2673 
2674  DetectAddressFree(dd);
2675  return result;
2676  }
2677 
2678  return 0;
2679 }
2680 
2681 static int AddressTestMatch06(void)
2682 {
2683  DetectAddress *dd = NULL;
2684  int result = 1;
2685  struct in_addr in;
2686  Address a;
2687 
2688  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2689  return 0;
2690  memset(&a, 0, sizeof(Address));
2691  a.family = AF_INET;
2692  a.addr_data32[0] = in.s_addr;
2693 
2694  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2695  if (dd) {
2696  if (DetectAddressMatch(dd, &a) == 0)
2697  result = 0;
2698 
2699  DetectAddressFree(dd);
2700  return result;
2701  }
2702 
2703  return 0;
2704 }
2705 
2706 static int AddressTestMatch07(void)
2707 {
2708  DetectAddress *dd = NULL;
2709  int result = 1;
2710  struct in6_addr in6;
2711  Address a;
2712 
2713  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2714  return 0;
2715  memset(&a, 0, sizeof(Address));
2716  a.family = AF_INET6;
2717  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2718 
2719  dd = DetectAddressParseSingle("2001::/3");
2720  if (dd) {
2721  if (DetectAddressMatch(dd, &a) == 0)
2722  result = 0;
2723 
2724  DetectAddressFree(dd);
2725  return result;
2726  }
2727 
2728  return 0;
2729 }
2730 
2731 static int AddressTestMatch08(void)
2732 {
2733  DetectAddress *dd = NULL;
2734  int result = 1;
2735  struct in6_addr in6;
2736  Address a;
2737 
2738  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2739  return 0;
2740  memset(&a, 0, sizeof(Address));
2741  a.family = AF_INET6;
2742  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2743 
2744  dd = DetectAddressParseSingle("2001::/3");
2745  if (dd) {
2746  if (DetectAddressMatch(dd, &a) == 1)
2747  result = 0;
2748 
2749  DetectAddressFree(dd);
2750  return result;
2751  }
2752 
2753  return 0;
2754 }
2755 
2756 static int AddressTestMatch09(void)
2757 {
2758  DetectAddress *dd = NULL;
2759  int result = 1;
2760  struct in6_addr in6;
2761  Address a;
2762 
2763  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2764  return 0;
2765  memset(&a, 0, sizeof(Address));
2766  a.family = AF_INET6;
2767  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2768 
2769  dd = DetectAddressParseSingle("2001::1/128");
2770  if (dd) {
2771  if (DetectAddressMatch(dd, &a) == 1)
2772  result = 0;
2773 
2774  DetectAddressFree(dd);
2775  return result;
2776  }
2777 
2778  return 0;
2779 }
2780 
2781 static int AddressTestMatch10(void)
2782 {
2783  DetectAddress *dd = NULL;
2784  int result = 1;
2785  struct in6_addr in6;
2786  Address a;
2787 
2788  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2789  return 0;
2790  memset(&a, 0, sizeof(Address));
2791  a.family = AF_INET6;
2792  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2793 
2794  dd = DetectAddressParseSingle("2001::1/126");
2795  if (dd) {
2796  if (DetectAddressMatch(dd, &a) == 0)
2797  result = 0;
2798 
2799  DetectAddressFree(dd);
2800  return result;
2801  }
2802 
2803  return 0;
2804 }
2805 
2806 static int AddressTestMatch11(void)
2807 {
2808  DetectAddress *dd = NULL;
2809  int result = 1;
2810  struct in6_addr in6;
2811  Address a;
2812 
2813  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2814  return 0;
2815  memset(&a, 0, sizeof(Address));
2816  a.family = AF_INET6;
2817  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2818 
2819  dd = DetectAddressParseSingle("2001::1/127");
2820  if (dd) {
2821  if (DetectAddressMatch(dd, &a) == 1)
2822  result = 0;
2823 
2824  DetectAddressFree(dd);
2825  return result;
2826  }
2827 
2828  return 0;
2829 }
2830 
2831 static int AddressTestCmp01(void)
2832 {
2833  DetectAddress *da = NULL, *db = NULL;
2834  int result = 1;
2835 
2836  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2837  if (da == NULL) goto error;
2838  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2839  if (db == NULL) goto error;
2840 
2841  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2842  result = 0;
2843 
2844  DetectAddressFree(da);
2845  DetectAddressFree(db);
2846  return result;
2847 
2848 error:
2849  if (da) DetectAddressFree(da);
2850  if (db) DetectAddressFree(db);
2851  return 0;
2852 }
2853 
2854 static int AddressTestCmp02(void)
2855 {
2856  DetectAddress *da = NULL, *db = NULL;
2857  int result = 1;
2858 
2859  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2860  if (da == NULL) goto error;
2861  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2862  if (db == NULL) goto error;
2863 
2864  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2865  result = 0;
2866 
2867  DetectAddressFree(da);
2868  DetectAddressFree(db);
2869  return result;
2870 
2871 error:
2872  if (da) DetectAddressFree(da);
2873  if (db) DetectAddressFree(db);
2874  return 0;
2875 }
2876 
2877 static int AddressTestCmp03(void)
2878 {
2879  DetectAddress *da = NULL, *db = NULL;
2880  int result = 1;
2881 
2882  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2883  if (da == NULL) goto error;
2884  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2885  if (db == NULL) goto error;
2886 
2887  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2888  result = 0;
2889 
2890  DetectAddressFree(da);
2891  DetectAddressFree(db);
2892  return result;
2893 
2894 error:
2895  if (da) DetectAddressFree(da);
2896  if (db) DetectAddressFree(db);
2897  return 0;
2898 }
2899 
2900 static int AddressTestCmp04(void)
2901 {
2902  DetectAddress *da = NULL, *db = NULL;
2903  int result = 1;
2904 
2905  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2906  if (da == NULL) goto error;
2907  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2908  if (db == NULL) goto error;
2909 
2910  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2911  result = 0;
2912 
2913  DetectAddressFree(da);
2914  DetectAddressFree(db);
2915  return result;
2916 
2917 error:
2918  if (da) DetectAddressFree(da);
2919  if (db) DetectAddressFree(db);
2920  return 0;
2921 }
2922 
2923 static int AddressTestCmp05(void)
2924 {
2925  DetectAddress *da = NULL, *db = NULL;
2926  int result = 1;
2927 
2928  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2929  if (da == NULL) goto error;
2930  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2931  if (db == NULL) goto error;
2932 
2933  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2934  result = 0;
2935 
2936  DetectAddressFree(da);
2937  DetectAddressFree(db);
2938  return result;
2939 
2940 error:
2941  if (da) DetectAddressFree(da);
2942  if (db) DetectAddressFree(db);
2943  return 0;
2944 }
2945 
2946 static int AddressTestCmp06(void)
2947 {
2948  DetectAddress *da = NULL, *db = NULL;
2949  int result = 1;
2950 
2951  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2952  if (da == NULL) goto error;
2953  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2954  if (db == NULL) goto error;
2955 
2956  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2957  result = 0;
2958 
2959  DetectAddressFree(da);
2960  DetectAddressFree(db);
2961  return result;
2962 
2963 error:
2964  if (da) DetectAddressFree(da);
2965  if (db) DetectAddressFree(db);
2966  return 0;
2967 }
2968 
2969 static int AddressTestCmpIPv407(void)
2970 {
2971  DetectAddress *da = NULL, *db = NULL;
2972  int result = 1;
2973 
2974  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2975  if (da == NULL) goto error;
2976  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2977  if (db == NULL) goto error;
2978 
2979  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2980  result = 0;
2981 
2982  DetectAddressFree(da);
2983  DetectAddressFree(db);
2984  return result;
2985 
2986 error:
2987  if (da) DetectAddressFree(da);
2988  if (db) DetectAddressFree(db);
2989  return 0;
2990 }
2991 
2992 static int AddressTestCmpIPv408(void)
2993 {
2994  DetectAddress *da = NULL, *db = NULL;
2995  int result = 1;
2996 
2997  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2998  if (da == NULL) goto error;
2999  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3000  if (db == NULL) goto error;
3001 
3002  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3003  result = 0;
3004 
3005  DetectAddressFree(da);
3006  DetectAddressFree(db);
3007  return result;
3008 
3009 error:
3010  if (da) DetectAddressFree(da);
3011  if (db) DetectAddressFree(db);
3012  return 0;
3013 }
3014 
3015 static int AddressTestCmp07(void)
3016 {
3017  DetectAddress *da = NULL, *db = NULL;
3018  int result = 1;
3019 
3020  da = DetectAddressParseSingle("2001::/3");
3021  if (da == NULL) goto error;
3022  db = DetectAddressParseSingle("2001::1/3");
3023  if (db == NULL) goto error;
3024 
3025  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3026  result = 0;
3027 
3028  DetectAddressFree(da);
3029  DetectAddressFree(db);
3030  return result;
3031 
3032 error:
3033  if (da) DetectAddressFree(da);
3034  if (db) DetectAddressFree(db);
3035  return 0;
3036 }
3037 
3038 static int AddressTestCmp08(void)
3039 {
3040  DetectAddress *da = NULL, *db = NULL;
3041  int result = 1;
3042 
3043  da = DetectAddressParseSingle("2001::/3");
3044  if (da == NULL) goto error;
3045  db = DetectAddressParseSingle("2001::/8");
3046  if (db == NULL) goto error;
3047 
3048  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3049  result = 0;
3050 
3051  DetectAddressFree(da);
3052  DetectAddressFree(db);
3053  return result;
3054 
3055 error:
3056  if (da) DetectAddressFree(da);
3057  if (db) DetectAddressFree(db);
3058  return 0;
3059 }
3060 
3061 static int AddressTestCmp09(void)
3062 {
3063  DetectAddress *da = NULL, *db = NULL;
3064  int result = 1;
3065 
3066  da = DetectAddressParseSingle("2001::/8");
3067  if (da == NULL) goto error;
3068  db = DetectAddressParseSingle("2001::/3");
3069  if (db == NULL) goto error;
3070 
3071  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3072  result = 0;
3073 
3074  DetectAddressFree(da);
3075  DetectAddressFree(db);
3076  return result;
3077 
3078 error:
3079  if (da) DetectAddressFree(da);
3080  if (db) DetectAddressFree(db);
3081  return 0;
3082 }
3083 
3084 static int AddressTestCmp10(void)
3085 {
3086  DetectAddress *da = NULL, *db = NULL;
3087  int result = 1;
3088 
3089  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3090  if (da == NULL) goto error;
3091  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3092  if (db == NULL) goto error;
3093 
3094  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3095  result = 0;
3096 
3097  DetectAddressFree(da);
3098  DetectAddressFree(db);
3099  return result;
3100 
3101 error:
3102  if (da) DetectAddressFree(da);
3103  if (db) DetectAddressFree(db);
3104  return 0;
3105 }
3106 
3107 static int AddressTestCmp11(void)
3108 {
3109  DetectAddress *da = NULL, *db = NULL;
3110  int result = 1;
3111 
3112  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3113  if (da == NULL) goto error;
3114  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3115  if (db == NULL) goto error;
3116 
3117  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3118  result = 0;
3119 
3120  DetectAddressFree(da);
3121  DetectAddressFree(db);
3122  return result;
3123 
3124 error:
3125  if (da) DetectAddressFree(da);
3126  if (db) DetectAddressFree(db);
3127  return 0;
3128 }
3129 
3130 static int AddressTestCmp12(void)
3131 {
3132  DetectAddress *da = NULL, *db = NULL;
3133  int result = 1;
3134 
3135  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3136  if (da == NULL) goto error;
3137  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3138  if (db == NULL) goto error;
3139 
3140  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3141  result = 0;
3142 
3143  DetectAddressFree(da);
3144  DetectAddressFree(db);
3145  return result;
3146 
3147 error:
3148  if (da) DetectAddressFree(da);
3149  if (db) DetectAddressFree(db);
3150  return 0;
3151 }
3152 
3153 static int AddressTestAddressGroupSetup01(void)
3154 {
3155  int result = 0;
3156  DetectAddressHead *gh = DetectAddressHeadInit();
3157 
3158  if (gh != NULL) {
3159  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3160  if (r == 0)
3161  result = 1;
3162 
3163  DetectAddressHeadFree(gh);
3164  }
3165  return result;
3166 }
3167 
3168 static int AddressTestAddressGroupSetup02(void)
3169 {
3170  int result = 0;
3171  DetectAddressHead *gh = DetectAddressHeadInit();
3172 
3173  if (gh != NULL) {
3174  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3175  if (r == 0 && gh->ipv4_head != NULL)
3176  result = 1;
3177 
3178  DetectAddressHeadFree(gh);
3179  }
3180  return result;
3181 }
3182 
3183 static int AddressTestAddressGroupSetup03(void)
3184 {
3185  int result = 0;
3186  DetectAddressHead *gh = DetectAddressHeadInit();
3187 
3188  if (gh != NULL) {
3189  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3190  if (r == 0 && gh->ipv4_head != NULL) {
3191  DetectAddress *prev_head = gh->ipv4_head;
3192 
3193  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3194  if (r == 0 && gh->ipv4_head != prev_head &&
3195  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3196  result = 1;
3197  }
3198  }
3199 
3200  DetectAddressHeadFree(gh);
3201  }
3202  return result;
3203 }
3204 
3205 static int AddressTestAddressGroupSetup04(void)
3206 {
3207  int result = 0;
3208  DetectAddressHead *gh = DetectAddressHeadInit();
3209 
3210  if (gh != NULL) {
3211  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3212  if (r == 0 && gh->ipv4_head != NULL) {
3213  DetectAddress *prev_head = gh->ipv4_head;
3214 
3215  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3216  if (r == 0 && gh->ipv4_head != prev_head &&
3217  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3218  DetectAddress *ph = gh->ipv4_head;
3219 
3220  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3221  if (r == 0 && gh->ipv4_head != ph &&
3222  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3223  result = 1;
3224  }
3225  }
3226  }
3227 
3228  DetectAddressHeadFree(gh);
3229  }
3230  return result;
3231 }
3232 
3233 static int AddressTestAddressGroupSetup05(void)
3234 {
3235  int result = 0;
3236  DetectAddressHead *gh = DetectAddressHeadInit();
3237 
3238  if (gh != NULL) {
3239  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3240  if (r == 0 && gh->ipv4_head != NULL) {
3241  DetectAddress *prev_head = gh->ipv4_head;
3242 
3243  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3244  if (r == 0 && gh->ipv4_head == prev_head &&
3245  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3246  DetectAddress *ph = gh->ipv4_head;
3247 
3248  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3249  if (r == 0 && gh->ipv4_head == ph &&
3250  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3251  result = 1;
3252  }
3253  }
3254  }
3255 
3256  DetectAddressHeadFree(gh);
3257  }
3258  return result;
3259 }
3260 
3261 static int AddressTestAddressGroupSetup06(void)
3262 {
3263  int result = 0;
3264  DetectAddressHead *gh = DetectAddressHeadInit();
3265 
3266  if (gh != NULL) {
3267  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3268  if (r == 0 && gh->ipv4_head != NULL) {
3269  DetectAddress *prev_head = gh->ipv4_head;
3270 
3271  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3272  if (r == 0 && gh->ipv4_head == prev_head &&
3273  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3274  result = 1;
3275  }
3276  }
3277 
3278  DetectAddressHeadFree(gh);
3279  }
3280  return result;
3281 }
3282 
3283 static int AddressTestAddressGroupSetup07(void)
3284 {
3285  int result = 0;
3286  DetectAddressHead *gh = DetectAddressHeadInit();
3287 
3288  if (gh != NULL) {
3289  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3290  if (r == 0 && gh->ipv4_head != NULL) {
3291  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3292  if (r == 0 && gh->ipv4_head != NULL &&
3293  gh->ipv4_head->next != NULL &&
3294  gh->ipv4_head->next->next != NULL) {
3295  result = 1;
3296  }
3297  }
3298 
3299  DetectAddressHeadFree(gh);
3300  }
3301  return result;
3302 }
3303 
3304 static int AddressTestAddressGroupSetup08(void)
3305 {
3306  int result = 0;
3307  DetectAddressHead *gh = DetectAddressHeadInit();
3308 
3309  if (gh != NULL) {
3310  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3311  if (r == 0 && gh->ipv4_head != NULL) {
3312  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3313  if (r == 0 && gh->ipv4_head != NULL &&
3314  gh->ipv4_head->next != NULL &&
3315  gh->ipv4_head->next->next != NULL) {
3316  result = 1;
3317  }
3318  }
3319 
3320  DetectAddressHeadFree(gh);
3321  }
3322  return result;
3323 }
3324 
3325 static int AddressTestAddressGroupSetup09(void)
3326 {
3327  int result = 0;
3328  DetectAddressHead *gh = DetectAddressHeadInit();
3329 
3330  if (gh != NULL) {
3331  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3332  if (r == 0 && gh->ipv4_head != NULL) {
3333  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3334  if (r == 0 && gh->ipv4_head != NULL &&
3335  gh->ipv4_head->next != NULL &&
3336  gh->ipv4_head->next->next != NULL) {
3337  result = 1;
3338  }
3339  }
3340 
3341  DetectAddressHeadFree(gh);
3342  }
3343  return result;
3344 }
3345 
3346 static int AddressTestAddressGroupSetup10(void)
3347 {
3348  int result = 0;
3349  DetectAddressHead *gh = DetectAddressHeadInit();
3350 
3351  if (gh != NULL) {
3352  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3353  if (r == 0 && gh->ipv4_head != NULL) {
3354  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3355  if (r == 0 && gh->ipv4_head != NULL &&
3356  gh->ipv4_head->next != NULL &&
3357  gh->ipv4_head->next->next != NULL) {
3358  result = 1;
3359  }
3360  }
3361 
3362  DetectAddressHeadFree(gh);
3363  }
3364  return result;
3365 }
3366 
3367 static int AddressTestAddressGroupSetup11(void)
3368 {
3369  int result = 0;
3370  DetectAddressHead *gh = DetectAddressHeadInit();
3371 
3372  if (gh != NULL) {
3373  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3374  if (r == 0) {
3375  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3376  if (r == 0) {
3377  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3378  if (r == 0) {
3379  DetectAddress *one = gh->ipv4_head, *two = one->next,
3380  *three = two->next, *four = three->next,
3381  *five = four->next;
3382 
3383  /* result should be:
3384  * 0.0.0.0/10.10.9.255
3385  * 10.10.10.0/10.10.10.9
3386  * 10.10.10.10/10.10.10.255
3387  * 10.10.11.0/10.10.11.1
3388  * 10.10.11.2/255.255.255.255
3389  */
3390  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3391  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3392  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3393  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3394  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3395  result = 1;
3396  }
3397  }
3398  }
3399  }
3400 
3401  DetectAddressHeadFree(gh);
3402  }
3403  return result;
3404 }
3405 
3406 static int AddressTestAddressGroupSetup12 (void)
3407 {
3408  int result = 0;
3409  DetectAddressHead *gh = DetectAddressHeadInit();
3410 
3411  if (gh != NULL) {
3412  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3413  if (r == 0) {
3414  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3415  if (r == 0) {
3416  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3417  if (r == 0) {
3418  DetectAddress *one = gh->ipv4_head, *two = one->next,
3419  *three = two->next, *four = three->next,
3420  *five = four->next;
3421 
3422  /* result should be:
3423  * 0.0.0.0/10.10.9.255
3424  * 10.10.10.0/10.10.10.9
3425  * 10.10.10.10/10.10.10.255
3426  * 10.10.11.0/10.10.11.1
3427  * 10.10.11.2/255.255.255.255
3428  */
3429  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3430  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3431  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3432  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3433  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3434  result = 1;
3435  }
3436  }
3437  }
3438  }
3439 
3440  DetectAddressHeadFree(gh);
3441  }
3442  return result;
3443 }
3444 
3445 static int AddressTestAddressGroupSetup13(void)
3446 {
3447  int result = 0;
3448  DetectAddressHead *gh = DetectAddressHeadInit();
3449 
3450  if (gh != NULL) {
3451  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3452  if (r == 0) {
3453  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3454  if (r == 0) {
3455  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3456  if (r == 0) {
3457  DetectAddress *one = gh->ipv4_head, *two = one->next,
3458  *three = two->next, *four = three->next,
3459  *five = four->next;
3460 
3461  /* result should be:
3462  * 0.0.0.0/10.10.9.255
3463  * 10.10.10.0/10.10.10.9
3464  * 10.10.10.10/10.10.10.255
3465  * 10.10.11.0/10.10.11.1
3466  * 10.10.11.2/255.255.255.255
3467  */
3468  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3469  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3470  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3471  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3472  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3473  result = 1;
3474  }
3475  }
3476  }
3477  }
3478 
3479  DetectAddressHeadFree(gh);
3480  }
3481  return result;
3482 }
3483 
3484 static int AddressTestAddressGroupSetupIPv414(void)
3485 {
3486  DetectAddressHead *gh = DetectAddressHeadInit();
3487  FAIL_IF_NULL(gh);
3488 
3489  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3490  FAIL_IF_NOT(r == 1);
3491 
3492  DetectAddress *one = gh->ipv4_head;
3493  FAIL_IF_NULL(one);
3494  DetectAddress *two = one->next;
3495  FAIL_IF_NULL(two);
3496 
3497  /* result should be:
3498  * 0.0.0.0/1.2.3.3
3499  * 1.2.3.5/255.255.255.255
3500  */
3501  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3502  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3503  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3504  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3505  DetectAddressHeadFree(gh);
3506 
3507  PASS;
3508 }
3509 
3510 static int AddressTestAddressGroupSetupIPv415(void)
3511 {
3512  DetectAddressHead *gh = DetectAddressHeadInit();
3513  FAIL_IF_NULL(gh);
3514 
3515  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3516  FAIL_IF_NOT(r == 1);
3517 
3518  DetectAddress *one = gh->ipv4_head;
3519  FAIL_IF_NULL(one);
3520  FAIL_IF_NOT_NULL(one->next);
3521 
3522  /* result should be:
3523  * 0.0.0.1/255.255.255.255
3524  */
3525  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3526  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3527 
3528  DetectAddressHeadFree(gh);
3529  PASS;
3530 }
3531 
3532 static int AddressTestAddressGroupSetupIPv416(void)
3533 {
3534  DetectAddressHead *gh = DetectAddressHeadInit();
3535  FAIL_IF_NULL(gh);
3536 
3537  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3538  FAIL_IF_NOT(r == 1);
3539 
3540  DetectAddress *one = gh->ipv4_head;
3541  FAIL_IF_NULL(one);
3542  FAIL_IF_NOT_NULL(one->next);
3543 
3544  /* result should be:
3545  * 0.0.0.0/255.255.255.254
3546  */
3547  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3548  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3549 
3550  DetectAddressHeadFree(gh);
3551  PASS;
3552 }
3553 
3554 static int AddressTestAddressGroupSetup14(void)
3555 {
3556  int result = 0;
3557  DetectAddressHead *gh = DetectAddressHeadInit();
3558 
3559  if (gh != NULL) {
3560  int r = DetectAddressParse(NULL, gh, "2001::1");
3561  if (r == 0)
3562  result = 1;
3563 
3564  DetectAddressHeadFree(gh);
3565  }
3566  return result;
3567 }
3568 
3569 static int AddressTestAddressGroupSetup15(void)
3570 {
3571  int result = 0;
3572  DetectAddressHead *gh = DetectAddressHeadInit();
3573 
3574  if (gh != NULL) {
3575  int r = DetectAddressParse(NULL, gh, "2001::1");
3576  if (r == 0 && gh->ipv6_head != NULL)
3577  result = 1;
3578 
3579  DetectAddressHeadFree(gh);
3580  }
3581  return result;
3582 }
3583 
3584 static int AddressTestAddressGroupSetup16(void)
3585 {
3586  int result = 0;
3587  DetectAddressHead *gh = DetectAddressHeadInit();
3588 
3589  if (gh != NULL) {
3590  int r = DetectAddressParse(NULL, gh, "2001::4");
3591  if (r == 0 && gh->ipv6_head != NULL) {
3592  DetectAddress *prev_head = gh->ipv6_head;
3593 
3594  r = DetectAddressParse(NULL, gh, "2001::3");
3595  if (r == 0 && gh->ipv6_head != prev_head &&
3596  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3597  result = 1;
3598  }
3599  }
3600 
3601  DetectAddressHeadFree(gh);
3602  }
3603  return result;
3604 }
3605 
3606 static int AddressTestAddressGroupSetup17(void)
3607 {
3608  int result = 0;
3609  DetectAddressHead *gh = DetectAddressHeadInit();
3610 
3611  if (gh != NULL) {
3612  int r = DetectAddressParse(NULL, gh, "2001::4");
3613  if (r == 0 && gh->ipv6_head != NULL) {
3614  DetectAddress *prev_head = gh->ipv6_head;
3615 
3616  r = DetectAddressParse(NULL, gh, "2001::3");
3617  if (r == 0 && gh->ipv6_head != prev_head &&
3618  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3619  DetectAddress *ph = gh->ipv6_head;
3620 
3621  r = DetectAddressParse(NULL, gh, "2001::2");
3622  if (r == 0 && gh->ipv6_head != ph &&
3623  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3624  result = 1;
3625  }
3626  }
3627  }
3628 
3629  DetectAddressHeadFree(gh);
3630  }
3631  return result;
3632 }
3633 
3634 static int AddressTestAddressGroupSetup18(void)
3635 {
3636  int result = 0;
3637  DetectAddressHead *gh = DetectAddressHeadInit();
3638 
3639  if (gh != NULL) {
3640  int r = DetectAddressParse(NULL, gh, "2001::2");
3641  if (r == 0 && gh->ipv6_head != NULL) {
3642  DetectAddress *prev_head = gh->ipv6_head;
3643 
3644  r = DetectAddressParse(NULL, gh, "2001::3");
3645  if (r == 0 && gh->ipv6_head == prev_head &&
3646  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3647  DetectAddress *ph = gh->ipv6_head;
3648 
3649  r = DetectAddressParse(NULL, gh, "2001::4");
3650  if (r == 0 && gh->ipv6_head == ph &&
3651  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3652  result = 1;
3653  }
3654  }
3655  }
3656 
3657  DetectAddressHeadFree(gh);
3658  }
3659  return result;
3660 }
3661 
3662 static int AddressTestAddressGroupSetup19(void)
3663 {
3664  int result = 0;
3665  DetectAddressHead *gh = DetectAddressHeadInit();
3666 
3667  if (gh != NULL) {
3668  int r = DetectAddressParse(NULL, gh, "2001::2");
3669  if (r == 0 && gh->ipv6_head != NULL) {
3670  DetectAddress *prev_head = gh->ipv6_head;
3671 
3672  r = DetectAddressParse(NULL, gh, "2001::2");
3673  if (r == 0 && gh->ipv6_head == prev_head &&
3674  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3675  result = 1;
3676  }
3677  }
3678 
3679  DetectAddressHeadFree(gh);
3680  }
3681  return result;
3682 }
3683 
3684 static int AddressTestAddressGroupSetup20(void)
3685 {
3686  int result = 0;
3687  DetectAddressHead *gh = DetectAddressHeadInit();
3688 
3689  if (gh != NULL) {
3690  int r = DetectAddressParse(NULL, gh, "2000::/3");
3691  if (r == 0 && gh->ipv6_head != NULL) {
3692  r = DetectAddressParse(NULL, gh, "2001::4");
3693  if (r == 0 && gh->ipv6_head != NULL &&
3694  gh->ipv6_head->next != NULL &&
3695  gh->ipv6_head->next->next != NULL) {
3696  result = 1;
3697  }
3698  }
3699 
3700  DetectAddressHeadFree(gh);
3701  }
3702  return result;
3703 }
3704 
3705 static int AddressTestAddressGroupSetup21(void)
3706 {
3707  int result = 0;
3708  DetectAddressHead *gh = DetectAddressHeadInit();
3709 
3710  if (gh != NULL) {
3711  int r = DetectAddressParse(NULL, gh, "2001::4");
3712  if (r == 0 && gh->ipv6_head != NULL) {
3713  r = DetectAddressParse(NULL, gh, "2000::/3");
3714  if (r == 0 && gh->ipv6_head != NULL &&
3715  gh->ipv6_head->next != NULL &&
3716  gh->ipv6_head->next->next != NULL) {
3717  result = 1;
3718  }
3719  }
3720 
3721  DetectAddressHeadFree(gh);
3722  }
3723  return result;
3724 }
3725 
3726 static int AddressTestAddressGroupSetup22(void)
3727 {
3728  int result = 0;
3729  DetectAddressHead *gh = DetectAddressHeadInit();
3730 
3731  if (gh != NULL) {
3732  int r = DetectAddressParse(NULL, gh, "2000::/3");
3733  if (r == 0 && gh->ipv6_head != NULL) {
3734  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3735  if (r == 0 && gh->ipv6_head != NULL &&
3736  gh->ipv6_head->next != NULL &&
3737  gh->ipv6_head->next->next != NULL) {
3738  result = 1;
3739  }
3740  }
3741 
3742  DetectAddressHeadFree(gh);
3743  }
3744  return result;
3745 }
3746 
3747 static int AddressTestAddressGroupSetup23(void)
3748 {
3749  int result = 0;
3750  DetectAddressHead *gh = DetectAddressHeadInit();
3751 
3752  if (gh != NULL) {
3753  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3754  if (r == 0 && gh->ipv6_head != NULL) {
3755  r = DetectAddressParse(NULL, gh, "2000::/3");
3756  if (r == 0 && gh->ipv6_head != NULL &&
3757  gh->ipv6_head->next != NULL &&
3758  gh->ipv6_head->next->next != NULL) {
3759  result = 1;
3760  }
3761  }
3762 
3763  DetectAddressHeadFree(gh);
3764  }
3765  return result;
3766 }
3767 
3768 static int AddressTestAddressGroupSetup24(void)
3769 {
3770  int result = 0;
3771  DetectAddressHead *gh = DetectAddressHeadInit();
3772 
3773  if (gh != NULL) {
3774  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3775  if (r == 0) {
3776  r = DetectAddressParse(NULL, gh, "2001::/3");
3777  if (r == 0) {
3778  r = DetectAddressParse(NULL, gh, "::/0");
3779  if (r == 0) {
3780  DetectAddress *one = gh->ipv6_head, *two = one->next,
3781  *three = two->next, *four = three->next,
3782  *five = four->next;
3783  if (one->ip.addr_data32[0] == 0x00000000 &&
3784  one->ip.addr_data32[1] == 0x00000000 &&
3785  one->ip.addr_data32[2] == 0x00000000 &&
3786  one->ip.addr_data32[3] == 0x00000000 &&
3787  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3788  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3789  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3790  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3791 
3792  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3793  two->ip.addr_data32[1] == 0x00000000 &&
3794  two->ip.addr_data32[2] == 0x00000000 &&
3795  two->ip.addr_data32[3] == 0x00000000 &&
3796  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3797  two->ip2.addr_data32[1] == 0x00000000 &&
3798  two->ip2.addr_data32[2] == 0x00000000 &&
3799  two->ip2.addr_data32[3] == SCNtohl(3) &&
3800 
3801  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3802  three->ip.addr_data32[1] == 0x00000000 &&
3803  three->ip.addr_data32[2] == 0x00000000 &&
3804  three->ip.addr_data32[3] == SCNtohl(4) &&
3805  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3806  three->ip2.addr_data32[1] == 0x00000000 &&
3807  three->ip2.addr_data32[2] == 0x00000000 &&
3808  three->ip2.addr_data32[3] == SCNtohl(6) &&
3809 
3810  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3811  four->ip.addr_data32[1] == 0x00000000 &&
3812  four->ip.addr_data32[2] == 0x00000000 &&
3813  four->ip.addr_data32[3] == SCNtohl(7) &&
3814  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3815  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3816  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3817  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3818 
3819  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3820  five->ip.addr_data32[1] == 0x00000000 &&
3821  five->ip.addr_data32[2] == 0x00000000 &&
3822  five->ip.addr_data32[3] == 0x00000000 &&
3823  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3824  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3825  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3826  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3827  result = 1;
3828  }
3829  }
3830  }
3831  }
3832 
3833  DetectAddressHeadFree(gh);
3834  }
3835  return result;
3836 }
3837 
3838 static int AddressTestAddressGroupSetup25(void)
3839 {
3840  int result = 0;
3841  DetectAddressHead *gh = DetectAddressHeadInit();
3842 
3843  if (gh != NULL) {
3844  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3845  if (r == 0) {
3846  r = DetectAddressParse(NULL, gh, "::/0");
3847  if (r == 0) {
3848  r = DetectAddressParse(NULL, gh, "2001::/3");
3849  if (r == 0) {
3850  DetectAddress *one = gh->ipv6_head, *two = one->next,
3851  *three = two->next, *four = three->next,
3852  *five = four->next;
3853  if (one->ip.addr_data32[0] == 0x00000000 &&
3854  one->ip.addr_data32[1] == 0x00000000 &&
3855  one->ip.addr_data32[2] == 0x00000000 &&
3856  one->ip.addr_data32[3] == 0x00000000 &&
3857  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3858  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3859  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3860  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3861 
3862  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3863  two->ip.addr_data32[1] == 0x00000000 &&
3864  two->ip.addr_data32[2] == 0x00000000 &&
3865  two->ip.addr_data32[3] == 0x00000000 &&
3866  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3867  two->ip2.addr_data32[1] == 0x00000000 &&
3868  two->ip2.addr_data32[2] == 0x00000000 &&
3869  two->ip2.addr_data32[3] == SCNtohl(3) &&
3870 
3871  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3872  three->ip.addr_data32[1] == 0x00000000 &&
3873  three->ip.addr_data32[2] == 0x00000000 &&
3874  three->ip.addr_data32[3] == SCNtohl(4) &&
3875  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3876  three->ip2.addr_data32[1] == 0x00000000 &&
3877  three->ip2.addr_data32[2] == 0x00000000 &&
3878  three->ip2.addr_data32[3] == SCNtohl(6) &&
3879 
3880  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3881  four->ip.addr_data32[1] == 0x00000000 &&
3882  four->ip.addr_data32[2] == 0x00000000 &&
3883  four->ip.addr_data32[3] == SCNtohl(7) &&
3884  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3885  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3886  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3887  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3888 
3889  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3890  five->ip.addr_data32[1] == 0x00000000 &&
3891  five->ip.addr_data32[2] == 0x00000000 &&
3892  five->ip.addr_data32[3] == 0x00000000 &&
3893  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3894  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3895  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3896  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3897  result = 1;
3898  }
3899  }
3900  }
3901  }
3902 
3903  DetectAddressHeadFree(gh);
3904  }
3905  return result;
3906 }
3907 
3908 static int AddressTestAddressGroupSetup26(void)
3909 {
3910  int result = 0;
3911  DetectAddressHead *gh = DetectAddressHeadInit();
3912 
3913  if (gh != NULL) {
3914  int r = DetectAddressParse(NULL, gh, "::/0");
3915  if (r == 0) {
3916  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3917  if (r == 0) {
3918  r = DetectAddressParse(NULL, gh, "2001::/3");
3919  if (r == 0) {
3920  DetectAddress *one = gh->ipv6_head, *two = one->next,
3921  *three = two->next, *four = three->next,
3922  *five = four->next;
3923  if (one->ip.addr_data32[0] == 0x00000000 &&
3924  one->ip.addr_data32[1] == 0x00000000 &&
3925  one->ip.addr_data32[2] == 0x00000000 &&
3926  one->ip.addr_data32[3] == 0x00000000 &&
3927  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3928  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3929  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3930  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3931 
3932  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3933  two->ip.addr_data32[1] == 0x00000000 &&
3934  two->ip.addr_data32[2] == 0x00000000 &&
3935  two->ip.addr_data32[3] == 0x00000000 &&
3936  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3937  two->ip2.addr_data32[1] == 0x00000000 &&
3938  two->ip2.addr_data32[2] == 0x00000000 &&
3939  two->ip2.addr_data32[3] == SCNtohl(3) &&
3940 
3941  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3942  three->ip.addr_data32[1] == 0x00000000 &&
3943  three->ip.addr_data32[2] == 0x00000000 &&
3944  three->ip.addr_data32[3] == SCNtohl(4) &&
3945  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3946  three->ip2.addr_data32[1] == 0x00000000 &&
3947  three->ip2.addr_data32[2] == 0x00000000 &&
3948  three->ip2.addr_data32[3] == SCNtohl(6) &&
3949 
3950  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3951  four->ip.addr_data32[1] == 0x00000000 &&
3952  four->ip.addr_data32[2] == 0x00000000 &&
3953  four->ip.addr_data32[3] == SCNtohl(7) &&
3954  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3955  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3956  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3957  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3958 
3959  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3960  five->ip.addr_data32[1] == 0x00000000 &&
3961  five->ip.addr_data32[2] == 0x00000000 &&
3962  five->ip.addr_data32[3] == 0x00000000 &&
3963  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3964  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3965  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3966  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3967  result = 1;
3968  }
3969  }
3970  }
3971  }
3972 
3973  DetectAddressHeadFree(gh);
3974  }
3975  return result;
3976 }
3977 
3978 static int AddressTestAddressGroupSetup27(void)
3979 {
3980  int result = 0;
3981  DetectAddressHead *gh = DetectAddressHeadInit();
3982 
3983  if (gh != NULL) {
3984  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3985  if (r == 0)
3986  result = 1;
3987 
3988  DetectAddressHeadFree(gh);
3989  }
3990  return result;
3991 }
3992 
3993 static int AddressTestAddressGroupSetup28(void)
3994 {
3995  int result = 0;
3996  DetectAddressHead *gh = DetectAddressHeadInit();
3997 
3998  if (gh != NULL) {
3999  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4000  if (r == 0)
4001  result = 1;
4002 
4003  DetectAddressHeadFree(gh);
4004  }
4005  return result;
4006 }
4007 
4008 static int AddressTestAddressGroupSetup29(void)
4009 {
4010  int result = 0;
4011  DetectAddressHead *gh = DetectAddressHeadInit();
4012 
4013  if (gh != NULL) {
4014  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4015  if (r == 0)
4016  result = 1;
4017 
4018  DetectAddressHeadFree(gh);
4019  }
4020  return result;
4021 }
4022 
4023 static int AddressTestAddressGroupSetup30(void)
4024 {
4025  int result = 0;
4026  DetectAddressHead *gh = DetectAddressHeadInit();
4027 
4028  if (gh != NULL) {
4029  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4030  if (r == 0)
4031  result = 1;
4032 
4033  DetectAddressHeadFree(gh);
4034  }
4035  return result;
4036 }
4037 
4038 static int AddressTestAddressGroupSetup31(void)
4039 {
4040  int result = 0;
4041  DetectAddressHead *gh = DetectAddressHeadInit();
4042 
4043  if (gh != NULL) {
4044  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4045  if (r == 0)
4046  result = 1;
4047 
4048  DetectAddressHeadFree(gh);
4049  }
4050  return result;
4051 }
4052 
4053 static int AddressTestAddressGroupSetup32(void)
4054 {
4055  int result = 0;
4056  DetectAddressHead *gh = DetectAddressHeadInit();
4057 
4058  if (gh != NULL) {
4059  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4060  if (r == 0)
4061  result = 1;
4062 
4063  DetectAddressHeadFree(gh);
4064  }
4065  return result;
4066 }
4067 
4068 static int AddressTestAddressGroupSetup33(void)
4069 {
4070  int result = 0;
4071  DetectAddressHead *gh = DetectAddressHeadInit();
4072 
4073  if (gh != NULL) {
4074  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4075  if (r == 1)
4076  result = 1;
4077 
4078  DetectAddressHeadFree(gh);
4079  }
4080  return result;
4081 }
4082 
4083 static int AddressTestAddressGroupSetup34(void)
4084 {
4085  int result = 0;
4086  DetectAddressHead *gh = DetectAddressHeadInit();
4087 
4088  if (gh != NULL) {
4089  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4090  if (r == 1)
4091  result = 1;
4092 
4093  DetectAddressHeadFree(gh);
4094  }
4095  return result;
4096 }
4097 
4098 static int AddressTestAddressGroupSetup35(void)
4099 {
4100  int result = 0;
4101  DetectAddressHead *gh = DetectAddressHeadInit();
4102 
4103  if (gh != NULL) {
4104  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4105  if (r == 1)
4106  result = 1;
4107 
4108  DetectAddressHeadFree(gh);
4109  }
4110  return result;
4111 }
4112 
4113 static int AddressTestAddressGroupSetup36 (void)
4114 {
4115  int result = 0;
4116 
4117  DetectAddressHead *gh = DetectAddressHeadInit();
4118  if (gh != NULL) {
4119  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4120  if (r == 1)
4121  result = 1;
4122 
4123  DetectAddressHeadFree(gh);
4124  }
4125  return result;
4126 }
4127 
4128 static int AddressTestAddressGroupSetup37(void)
4129 {
4130  int result = 0;
4131  DetectAddressHead *gh = DetectAddressHeadInit();
4132 
4133  if (gh != NULL) {
4134  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4135  if (r == 0)
4136  result = 1;
4137 
4138  DetectAddressHeadFree(gh);
4139  }
4140  return result;
4141 }
4142 
4143 static int AddressTestAddressGroupSetup38(void)
4144 {
4145  UTHValidateDetectAddressHeadRange expectations[3] = {
4146  { "0.0.0.0", "192.167.255.255" },
4147  { "192.168.14.0", "192.168.14.255" },
4148  { "192.169.0.0", "255.255.255.255" } };
4149  int result = 0;
4150  DetectAddressHead *gh = DetectAddressHeadInit();
4151 
4152  if (gh != NULL) {
4153  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4154  if (r == 1) {
4155  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4156  result = 1;
4157  }
4158 
4159  DetectAddressHeadFree(gh);
4160  }
4161  return result;
4162 }
4163 
4164 static int AddressTestAddressGroupSetup39(void)
4165 {
4166  UTHValidateDetectAddressHeadRange expectations[3] = {
4167  { "0.0.0.0", "192.167.255.255" },
4168  { "192.168.14.0", "192.168.14.255" },
4169  { "192.169.0.0", "255.255.255.255" } };
4170  int result = 0;
4171  DetectAddressHead *gh = DetectAddressHeadInit();
4172 
4173  if (gh != NULL) {
4174  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4175  if (r == 1) {
4176  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4177  result = 1;
4178  }
4179 
4180  DetectAddressHeadFree(gh);
4181  }
4182  return result;
4183 }
4184 
4185 static int AddressTestAddressGroupSetup40(void)
4186 {
4187  UTHValidateDetectAddressHeadRange expectations[3] = {
4188  { "0.0.0.0", "192.167.255.255" },
4189  { "192.168.14.0", "192.168.14.255" },
4190  { "192.169.0.0", "255.255.255.255" } };
4191  int result = 0;
4192  DetectAddressHead *gh = DetectAddressHeadInit();
4193  if (gh != NULL) {
4194  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4195  if (r == 1) {
4196  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4197  result = 1;
4198  }
4199 
4200  DetectAddressHeadFree(gh);
4201  }
4202  return result;
4203 }
4204 
4205 static int AddressTestAddressGroupSetup41(void)
4206 {
4207  UTHValidateDetectAddressHeadRange expectations[3] = {
4208  { "0.0.0.0", "192.167.255.255" },
4209  { "192.168.14.0", "192.168.14.255" },
4210  { "192.169.0.0", "255.255.255.255" } };
4211  int result = 0;
4212  DetectAddressHead *gh = DetectAddressHeadInit();
4213  if (gh != NULL) {
4214  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4215  if (r == 1) {
4216  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4217  result = 1;
4218  }
4219 
4220  DetectAddressHeadFree(gh);
4221  }
4222  return result;
4223 }
4224 
4225 static int AddressTestAddressGroupSetup42(void)
4226 {
4227  UTHValidateDetectAddressHeadRange expectations[1] = {
4228  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4229  int result = 0;
4230  DetectAddressHead *gh = DetectAddressHeadInit();
4231  if (gh != NULL) {
4232  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4233  if (r == 0) {
4234  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4235  result = 1;
4236  }
4237 
4238  DetectAddressHeadFree(gh);
4239  }
4240  return result;
4241 }
4242 
4243 static int AddressTestAddressGroupSetup43(void)
4244 {
4245  UTHValidateDetectAddressHeadRange expectations[2] = {
4246  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4247  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4248  int result = 0;
4249  DetectAddressHead *gh = DetectAddressHeadInit();
4250  if (gh != NULL) {
4251  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4252  if (r == 1) {
4253  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4254  result = 1;
4255  }
4256 
4257  DetectAddressHeadFree(gh);
4258  }
4259  return result;
4260 }
4261 
4262 static int AddressTestAddressGroupSetup44(void)
4263 {
4264  UTHValidateDetectAddressHeadRange expectations[2] = {
4265  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4266  int result = 0;
4267  DetectAddressHead *gh = DetectAddressHeadInit();
4268  if (gh != NULL) {
4269  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4270  if (r == 0) {
4271  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4272  result = 1;
4273  }
4274 
4275  DetectAddressHeadFree(gh);
4276  }
4277  return result;
4278 }
4279 
4280 static int AddressTestAddressGroupSetup45(void)
4281 {
4282  int result = 0;
4283  DetectAddressHead *gh = DetectAddressHeadInit();
4284  if (gh != NULL) {
4285  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4286  if (r != 0) {
4287  result = 1;
4288  }
4289 
4290  DetectAddressHeadFree(gh);
4291  }
4292  return result;
4293 }
4294 
4295 static int AddressTestAddressGroupSetup46(void)
4296 {
4297  UTHValidateDetectAddressHeadRange expectations[4] = {
4298  { "0.0.0.0", "192.167.255.255" },
4299  { "192.168.1.0", "192.168.1.255" },
4300  { "192.168.3.0", "192.168.3.255" },
4301  { "192.169.0.0", "255.255.255.255" } };
4302  int result = 0;
4303  DetectAddressHead *gh = DetectAddressHeadInit();
4304  if (gh != NULL) {
4305  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4306  if (r == 1) {
4307  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4308  result = 1;
4309  }
4310 
4311  DetectAddressHeadFree(gh);
4312  }
4313  return result;
4314 }
4315 
4316 /** \test net with some negations, then all negated */
4317 static int AddressTestAddressGroupSetup47(void)
4318 {
4319  UTHValidateDetectAddressHeadRange expectations[5] = {
4320  { "0.0.0.0", "192.167.255.255" },
4321  { "192.168.1.0", "192.168.1.255" },
4322  { "192.168.3.0", "192.168.3.255" },
4323  { "192.168.5.0", "192.168.5.255" },
4324  { "192.169.0.0", "255.255.255.255" } };
4325  int result = 0;
4326  DetectAddressHead *gh = DetectAddressHeadInit();
4327  if (gh != NULL) {
4328  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4329  if (r == 1) {
4330  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4331  result = 1;
4332  }
4333 
4334  DetectAddressHeadFree(gh);
4335  }
4336  return result;
4337 }
4338 
4339 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4340 static int AddressTestAddressGroupSetup48(void)
4341 {
4342  UTHValidateDetectAddressHeadRange expectations[4] = {
4343  { "192.168.0.0", "192.168.0.255" },
4344  { "192.168.2.0", "192.168.2.255" },
4345  { "192.168.4.0", "192.168.4.255" },
4346  { "192.168.6.0", "192.168.255.255" } };
4347  int result = 0;
4348  DetectAddressHead *gh = DetectAddressHeadInit();
4349  if (gh != NULL) {
4350  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4351  if (r == 1) {
4352  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4353  result = 1;
4354  }
4355 
4356  DetectAddressHeadFree(gh);
4357  }
4358  return result;
4359 }
4360 
4361 static int AddressTestCutIPv401(void)
4362 {
4363  DetectAddress *a, *b, *c;
4364  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4365  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4366 
4367  if (DetectAddressCut(NULL, a, b, &c) == -1)
4368  goto error;
4369 
4370  DetectAddressFree(a);
4371  DetectAddressFree(b);
4372  DetectAddressFree(c);
4373  return 1;
4374 
4375 error:
4376  DetectAddressFree(a);
4377  DetectAddressFree(b);
4378  DetectAddressFree(c);
4379  return 0;
4380 }
4381 
4382 static int AddressTestCutIPv402(void)
4383 {
4384  DetectAddress *a, *b, *c;
4385  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4386  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4387 
4388  if (DetectAddressCut(NULL, a, b, &c) == -1)
4389  goto error;
4390 
4391  if (c == NULL)
4392  goto error;
4393 
4394  DetectAddressFree(a);
4395  DetectAddressFree(b);
4396  DetectAddressFree(c);
4397  return 1;
4398 
4399 error:
4400  DetectAddressFree(a);
4401  DetectAddressFree(b);
4402  DetectAddressFree(c);
4403  return 0;
4404 }
4405 
4406 static int AddressTestCutIPv403(void)
4407 {
4408  DetectAddress *a, *b, *c;
4409  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4410  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4411 
4412  if (DetectAddressCut(NULL, a, b, &c) == -1)
4413  goto error;
4414 
4415  if (c == NULL)
4416  goto error;
4417 
4418  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4419  goto error;
4420  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4421  goto error;
4422  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4423  goto error;
4424 
4425  DetectAddressFree(a);
4426  DetectAddressFree(b);
4427  DetectAddressFree(c);
4428  return 1;
4429 
4430 error:
4431  DetectAddressFree(a);
4432  DetectAddressFree(b);
4433  DetectAddressFree(c);
4434  return 0;
4435 }
4436 
4437 static int AddressTestCutIPv404(void)
4438 {
4439  DetectAddress *a, *b, *c;
4440  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4441  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4442 
4443  if (DetectAddressCut(NULL, a, b, &c) == -1)
4444  goto error;
4445 
4446  if (c == NULL)
4447  goto error;
4448 
4449  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4450  goto error;
4451  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4452  goto error;
4453  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4454  goto error;
4455 
4456 
4457  DetectAddressFree(a);
4458  DetectAddressFree(b);
4459  DetectAddressFree(c);
4460  return 1;
4461 
4462 error:
4463  DetectAddressFree(a);
4464  DetectAddressFree(b);
4465  DetectAddressFree(c);
4466  return 0;
4467 }
4468 
4469 static int AddressTestCutIPv405(void)
4470 {
4471  DetectAddress *a, *b, *c;
4472  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4473  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4474 
4475  if (DetectAddressCut(NULL, a, b, &c) == -1)
4476  goto error;
4477 
4478  if (c == NULL)
4479  goto error;
4480 
4481  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4482  goto error;
4483  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4484  goto error;
4485  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4486  goto error;
4487 
4488  DetectAddressFree(a);
4489  DetectAddressFree(b);
4490  DetectAddressFree(c);
4491  return 1;
4492 
4493 error:
4494  DetectAddressFree(a);
4495  DetectAddressFree(b);
4496  DetectAddressFree(c);
4497  return 0;
4498 }
4499 
4500 static int AddressTestCutIPv406(void)
4501 {
4502  DetectAddress *a, *b, *c;
4503  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4504  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4505 
4506  if (DetectAddressCut(NULL, a, b, &c) == -1)
4507  goto error;
4508 
4509  if (c == NULL)
4510  goto error;
4511 
4512  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4513  goto error;
4514  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4515  goto error;
4516  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4517  goto error;
4518 
4519  DetectAddressFree(a);
4520  DetectAddressFree(b);
4521  DetectAddressFree(c);
4522  return 1;
4523 
4524 error:
4525  DetectAddressFree(a);
4526  DetectAddressFree(b);
4527  DetectAddressFree(c);
4528  return 0;
4529 }
4530 
4531 static int AddressTestCutIPv407(void)
4532 {
4533  DetectAddress *a, *b, *c;
4534  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4535  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4536 
4537  if (DetectAddressCut(NULL, a, b, &c) == -1)
4538  goto error;
4539 
4540  if (c != NULL)
4541  goto error;
4542 
4543  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4544  goto error;
4545  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4546  goto error;
4547 
4548  DetectAddressFree(a);
4549  DetectAddressFree(b);
4550  DetectAddressFree(c);
4551  return 1;
4552 
4553 error:
4554  DetectAddressFree(a);
4555  DetectAddressFree(b);
4556  DetectAddressFree(c);
4557  return 0;
4558 }
4559 
4560 static int AddressTestCutIPv408(void)
4561 {
4562  DetectAddress *a, *b, *c;
4563  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4564  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4565 
4566  if (DetectAddressCut(NULL, a, b, &c) == -1)
4567  goto error;
4568 
4569  if (c != NULL)
4570  goto error;
4571 
4572  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4573  goto error;
4574  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4575  goto error;
4576 
4577  DetectAddressFree(a);
4578  DetectAddressFree(b);
4579  DetectAddressFree(c);
4580  return 1;
4581 
4582 error:
4583  DetectAddressFree(a);
4584  DetectAddressFree(b);
4585  DetectAddressFree(c);
4586  return 0;
4587 }
4588 
4589 static int AddressTestCutIPv409(void)
4590 {
4591  DetectAddress *a, *b, *c;
4592  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4593  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4594 
4595  if (DetectAddressCut(NULL, a, b, &c) == -1)
4596  goto error;
4597 
4598  if (c != NULL)
4599  goto error;
4600 
4601  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4602  goto error;
4603  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4604  goto error;
4605 
4606  DetectAddressFree(a);
4607  DetectAddressFree(b);
4608  DetectAddressFree(c);
4609  return 1;
4610 
4611 error:
4612  DetectAddressFree(a);
4613  DetectAddressFree(b);
4614  DetectAddressFree(c);
4615  return 0;
4616 }
4617 
4618 static int AddressTestCutIPv410(void)
4619 {
4620  DetectAddress *a, *b, *c;
4621  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4622  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4623 
4624  if (DetectAddressCut(NULL, a, b, &c) == -1)
4625  goto error;
4626 
4627  if (c != NULL)
4628  goto error;
4629 
4630  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4631  goto error;
4632  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4633  goto error;
4634 
4635  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4636 
4637  DetectAddressFree(a);
4638  DetectAddressFree(b);
4639  DetectAddressFree(c);
4640  return 1;
4641 
4642 error:
4643  DetectAddressFree(a);
4644  DetectAddressFree(b);
4645  DetectAddressFree(c);
4646  return 0;
4647 }
4648 
4649 static int AddressTestParseInvalidMask01(void)
4650 {
4651  int result = 1;
4652  DetectAddress *dd = NULL;
4653 
4654  dd = DetectAddressParseSingle("192.168.2.0/33");
4655  if (dd != NULL) {
4656  DetectAddressFree(dd);
4657  result = 0;
4658  }
4659  return result;
4660 }
4661 
4662 static int AddressTestParseInvalidMask02(void)
4663 {
4664  int result = 1;
4665  DetectAddress *dd = NULL;
4666 
4667  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4668  if (dd != NULL) {
4669  DetectAddressFree(dd);
4670  result = 0;
4671  }
4672  return result;
4673 }
4674 
4675 static int AddressTestParseInvalidMask03(void)
4676 {
4677  int result = 1;
4678  DetectAddress *dd = NULL;
4679 
4680  dd = DetectAddressParseSingle("192.168.2.0/blue");
4681  if (dd != NULL) {
4682  DetectAddressFree(dd);
4683  result = 0;
4684  }
4685  return result;
4686 }
4687 
4688 static int AddressConfVarsTest01(void)
4689 {
4690  static const char *dummy_conf_string =
4691  "%YAML 1.1\n"
4692  "---\n"
4693  "\n"
4694  "vars:\n"
4695  "\n"
4696  " address-groups:\n"
4697  "\n"
4698  " HOME_NET: \"any\"\n"
4699  "\n"
4700  " EXTERNAL_NET: \"!any\"\n"
4701  "\n"
4702  " port-groups:\n"
4703  "\n"
4704  " HTTP_PORTS: \"any\"\n"
4705  "\n"
4706  " SHELLCODE_PORTS: \"!any\"\n"
4707  "\n";
4708 
4709  int result = 0;
4710 
4711  ConfCreateContextBackup();
4712  ConfInit();
4713  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4714 
4715  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4716  result = 1;
4717 
4718  ConfDeInit();
4719  ConfRestoreContextBackup();
4720 
4721  return result;
4722 }
4723 
4724 static int AddressConfVarsTest02(void)
4725 {
4726  static const char *dummy_conf_string =
4727  "%YAML 1.1\n"
4728  "---\n"
4729  "\n"
4730  "vars:\n"
4731  "\n"
4732  " address-groups:\n"
4733  "\n"
4734  " HOME_NET: \"any\"\n"
4735  "\n"
4736  " EXTERNAL_NET: \"any\"\n"
4737  "\n"
4738  " port-groups:\n"
4739  "\n"
4740  " HTTP_PORTS: \"any\"\n"
4741  "\n"
4742  " SHELLCODE_PORTS: \"!any\"\n"
4743  "\n";
4744 
4745  int result = 0;
4746 
4747  ConfCreateContextBackup();
4748  ConfInit();
4749  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4750 
4751  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4752  result = 1;
4753 
4754  ConfDeInit();
4755  ConfRestoreContextBackup();
4756 
4757  return result;
4758 }
4759 
4760 static int AddressConfVarsTest03(void)
4761 {
4762  static const char *dummy_conf_string =
4763  "%YAML 1.1\n"
4764  "---\n"
4765  "\n"
4766  "vars:\n"
4767  "\n"
4768  " address-groups:\n"
4769  "\n"
4770  " HOME_NET: \"any\"\n"
4771  "\n"
4772  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4773  "\n"
4774  " port-groups:\n"
4775  "\n"
4776  " HTTP_PORTS: \"any\"\n"
4777  "\n"
4778  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4779  "\n";
4780 
4781  int result = 0;
4782 
4783  ConfCreateContextBackup();
4784  ConfInit();
4785  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4786 
4787  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4788  result = 1;
4789 
4790  ConfDeInit();
4791  ConfRestoreContextBackup();
4792 
4793  return result;
4794 }
4795 
4796 static int AddressConfVarsTest04(void)
4797 {
4798  static const char *dummy_conf_string =
4799  "%YAML 1.1\n"
4800  "---\n"
4801  "\n"
4802  "vars:\n"
4803  "\n"
4804  " address-groups:\n"
4805  "\n"
4806  " HOME_NET: \"any\"\n"
4807  "\n"
4808  " EXTERNAL_NET: \"$HOME_NET\"\n"
4809  "\n"
4810  " port-groups:\n"
4811  "\n"
4812  " HTTP_PORTS: \"any\"\n"
4813  "\n"
4814  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4815  "\n";
4816 
4817  int result = 0;
4818 
4819  ConfCreateContextBackup();
4820  ConfInit();
4821  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4822 
4823  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4824  result = 1;
4825 
4826  ConfDeInit();
4827  ConfRestoreContextBackup();
4828 
4829  return result;
4830 }
4831 
4832 static int AddressConfVarsTest05(void)
4833 {
4834  static const char *dummy_conf_string =
4835  "%YAML 1.1\n"
4836  "---\n"
4837  "\n"
4838  "vars:\n"
4839  "\n"
4840  " address-groups:\n"
4841  "\n"
4842  " HOME_NET: \"any\"\n"
4843  "\n"
4844  " EXTERNAL_NET: [192.168.0.1]\n"
4845  "\n"
4846  " port-groups:\n"
4847  "\n"
4848  " HTTP_PORTS: \"any\"\n"
4849  "\n"
4850  " SHELLCODE_PORTS: [80]\n"
4851  "\n";
4852 
4853  int result = 0;
4854 
4855  ConfCreateContextBackup();
4856  ConfInit();
4857  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4858 
4859  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4860  goto end;
4861 
4862  result = 1;
4863 
4864  end:
4865  ConfDeInit();
4866  ConfRestoreContextBackup();
4867 
4868  return result;
4869 }
4870 
4871 static int AddressConfVarsTest06(void)
4872 {
4873  // HOME_NET value size = 10261 bytes
4874  static const char *dummy_conf_string =
4875  "%YAML 1.1\n"
4876  "---\n"
4877  "\n"
4878  "vars:\n"
4879  "\n"
4880  " address-groups:\n"
4881  "\n"
4882  " HOME_NET: "
4883  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4976  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4977  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4978  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4979  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4980  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4981  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4982  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4983  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4984  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4985  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4986  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4987  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4988  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4989  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4990  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4991  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4992  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4993  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4994  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4995  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4996  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4997  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4998  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4999  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5000  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5001  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5002  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5003  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5004  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5005  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5006  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5007  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5008  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5009  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5010  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5011  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5012  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5013  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5014  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5015  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5016  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
5017  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
5018  "\n"
5019  " EXTERNAL_NET: \"any\"\n"
5020  "\n";
5021 
5022  ConfCreateContextBackup();
5023  ConfInit();
5024  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
5025 
5026  FAIL_IF(0 != DetectAddressTestConfVars());
5027 
5028  ConfDeInit();
5029  ConfRestoreContextBackup();
5030 
5031  PASS;
5032 }
5033 
5034 #endif /* UNITTESTS */
5035 
5036 void DetectAddressTests(void)
5037 {
5038 #ifdef UNITTESTS
5039  DetectAddressIPv4Tests();
5040  DetectAddressIPv6Tests();
5041 
5042  UtRegisterTest("AddressTestParse01", AddressTestParse01);
5043  UtRegisterTest("AddressTestParse02", AddressTestParse02);
5044  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5045  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5046  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5047  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5048  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5049  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5050  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5051  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5052  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5053  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5054  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5055  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5056  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5057  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5058  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5059  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5060  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5061  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5062  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5063  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5064  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5065  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5066  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5067  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5068  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5069  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5070  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5071  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5072  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5073  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5074  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5075  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5076  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5077  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5078  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5079 
5080  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5081  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5082  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5083  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5084  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5085  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5086  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5087  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5088  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5089  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5090  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5091 
5092  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5093  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5094  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5095  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5096  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5097  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5098  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5099  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5100 
5101  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5102  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5103  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5104  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5105  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5106  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5107 
5108  UtRegisterTest("AddressTestAddressGroupSetup01",
5109  AddressTestAddressGroupSetup01);
5110  UtRegisterTest("AddressTestAddressGroupSetup02",
5111  AddressTestAddressGroupSetup02);
5112  UtRegisterTest("AddressTestAddressGroupSetup03",
5113  AddressTestAddressGroupSetup03);
5114  UtRegisterTest("AddressTestAddressGroupSetup04",
5115  AddressTestAddressGroupSetup04);
5116  UtRegisterTest("AddressTestAddressGroupSetup05",
5117  AddressTestAddressGroupSetup05);
5118  UtRegisterTest("AddressTestAddressGroupSetup06",
5119  AddressTestAddressGroupSetup06);
5120  UtRegisterTest("AddressTestAddressGroupSetup07",
5121  AddressTestAddressGroupSetup07);
5122  UtRegisterTest("AddressTestAddressGroupSetup08",
5123  AddressTestAddressGroupSetup08);
5124  UtRegisterTest("AddressTestAddressGroupSetup09",
5125  AddressTestAddressGroupSetup09);
5126  UtRegisterTest("AddressTestAddressGroupSetup10",
5127  AddressTestAddressGroupSetup10);
5128  UtRegisterTest("AddressTestAddressGroupSetup11",
5129  AddressTestAddressGroupSetup11);
5130  UtRegisterTest("AddressTestAddressGroupSetup12",
5131  AddressTestAddressGroupSetup12);
5132  UtRegisterTest("AddressTestAddressGroupSetup13",
5133  AddressTestAddressGroupSetup13);
5134  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5135  AddressTestAddressGroupSetupIPv414);
5136  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5137  AddressTestAddressGroupSetupIPv415);
5138  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5139  AddressTestAddressGroupSetupIPv416);
5140 
5141  UtRegisterTest("AddressTestAddressGroupSetup14",
5142  AddressTestAddressGroupSetup14);
5143  UtRegisterTest("AddressTestAddressGroupSetup15",
5144  AddressTestAddressGroupSetup15);
5145  UtRegisterTest("AddressTestAddressGroupSetup16",
5146  AddressTestAddressGroupSetup16);
5147  UtRegisterTest("AddressTestAddressGroupSetup17",
5148  AddressTestAddressGroupSetup17);
5149  UtRegisterTest("AddressTestAddressGroupSetup18",
5150  AddressTestAddressGroupSetup18);
5151  UtRegisterTest("AddressTestAddressGroupSetup19",
5152  AddressTestAddressGroupSetup19);
5153  UtRegisterTest("AddressTestAddressGroupSetup20",
5154  AddressTestAddressGroupSetup20);
5155  UtRegisterTest("AddressTestAddressGroupSetup21",
5156  AddressTestAddressGroupSetup21);
5157  UtRegisterTest("AddressTestAddressGroupSetup22",
5158  AddressTestAddressGroupSetup22);
5159  UtRegisterTest("AddressTestAddressGroupSetup23",
5160  AddressTestAddressGroupSetup23);
5161  UtRegisterTest("AddressTestAddressGroupSetup24",
5162  AddressTestAddressGroupSetup24);
5163  UtRegisterTest("AddressTestAddressGroupSetup25",
5164  AddressTestAddressGroupSetup25);
5165  UtRegisterTest("AddressTestAddressGroupSetup26",
5166  AddressTestAddressGroupSetup26);
5167 
5168  UtRegisterTest("AddressTestAddressGroupSetup27",
5169  AddressTestAddressGroupSetup27);
5170  UtRegisterTest("AddressTestAddressGroupSetup28",
5171  AddressTestAddressGroupSetup28);
5172  UtRegisterTest("AddressTestAddressGroupSetup29",
5173  AddressTestAddressGroupSetup29);
5174  UtRegisterTest("AddressTestAddressGroupSetup30",
5175  AddressTestAddressGroupSetup30);
5176  UtRegisterTest("AddressTestAddressGroupSetup31",
5177  AddressTestAddressGroupSetup31);
5178  UtRegisterTest("AddressTestAddressGroupSetup32",
5179  AddressTestAddressGroupSetup32);
5180  UtRegisterTest("AddressTestAddressGroupSetup33",
5181  AddressTestAddressGroupSetup33);
5182  UtRegisterTest("AddressTestAddressGroupSetup34",
5183  AddressTestAddressGroupSetup34);
5184  UtRegisterTest("AddressTestAddressGroupSetup35",
5185  AddressTestAddressGroupSetup35);
5186  UtRegisterTest("AddressTestAddressGroupSetup36",
5187  AddressTestAddressGroupSetup36);
5188  UtRegisterTest("AddressTestAddressGroupSetup37",
5189  AddressTestAddressGroupSetup37);
5190  UtRegisterTest("AddressTestAddressGroupSetup38",
5191  AddressTestAddressGroupSetup38);
5192  UtRegisterTest("AddressTestAddressGroupSetup39",
5193  AddressTestAddressGroupSetup39);
5194  UtRegisterTest("AddressTestAddressGroupSetup40",
5195  AddressTestAddressGroupSetup40);
5196  UtRegisterTest("AddressTestAddressGroupSetup41",
5197  AddressTestAddressGroupSetup41);
5198  UtRegisterTest("AddressTestAddressGroupSetup42",
5199  AddressTestAddressGroupSetup42);
5200  UtRegisterTest("AddressTestAddressGroupSetup43",
5201  AddressTestAddressGroupSetup43);
5202  UtRegisterTest("AddressTestAddressGroupSetup44",
5203  AddressTestAddressGroupSetup44);
5204  UtRegisterTest("AddressTestAddressGroupSetup45",
5205  AddressTestAddressGroupSetup45);
5206  UtRegisterTest("AddressTestAddressGroupSetup46",
5207  AddressTestAddressGroupSetup46);
5208  UtRegisterTest("AddressTestAddressGroupSetup47",
5209  AddressTestAddressGroupSetup47);
5210  UtRegisterTest("AddressTestAddressGroupSetup48",
5211  AddressTestAddressGroupSetup48);
5212 
5213  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5214  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5215  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5216  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5217  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5218  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5219  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5220  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5221  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5222  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5223 
5224  UtRegisterTest("AddressTestParseInvalidMask01",
5225  AddressTestParseInvalidMask01);
5226  UtRegisterTest("AddressTestParseInvalidMask02",
5227  AddressTestParseInvalidMask02);
5228  UtRegisterTest("AddressTestParseInvalidMask03",
5229  AddressTestParseInvalidMask03);
5230 
5231  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5232  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5233  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5234  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5235  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5236  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5237 #endif /* UNITTESTS */
5238 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:367
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:126
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:141
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1444
DetectAddressTests
void DetectAddressTests(void)
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1345
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:359
detect-engine-siggroup.h
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:130
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1638
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:139
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:29
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
DetectAddressHead_
Definition: detect.h:154
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1523
AddressIPv6Gt
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1391
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:758
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1264
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:127
Address_
Definition: decode.h:119
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:248
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1165
util-var.h
DetectMatchAddressIPv4_::ip
uint32_t ip
Definition: detect.h:161
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1852
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:116
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:148
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
DetectMatchAddressIPv6_::ip2
uint32_t ip2[4]
Definition: detect.h:167
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:128
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1935
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:271
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:125
detect-engine-port.h
ConfYamlLoadString
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:475
DetectAddress_::ip2
Address ip2
Definition: detect.h:142
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1079
TRUE
#define TRUE
Definition: suricata-common.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:277
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:484
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:128
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
SC_ERR_ADDRESS_ENGINE_GENERIC
@ SC_ERR_ADDRESS_ENGINE_GENERIC
Definition: util-error.h:119
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
ConfCreateContextBackup
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:698
HashListTable_
Definition: util-hashlist.h:37
Address_::address
union Address_::@31 address
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
Flow_::next
struct Flow_ * next
Definition: flow.h:404
DetectAddressMap_
Definition: detect-engine-address.c:1342
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:156
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1672
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:911
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
ConfNode_::name
char * name
Definition: conf.h:33
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:129
ConfRestoreContextBackup
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:710
DetectMatchAddressIPv4_::ip2
uint32_t ip2
Definition: detect.h:162
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
DetectMatchAddressIPv6_::ip
uint32_t ip[4]
Definition: detect.h:166
AddressIPv6Ge
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1380
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:180
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:124
str
#define str(s)
Definition: suricata-common.h:268
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1934
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1344
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:394
detect-engine-address-ipv4.h
ConfNode_
Definition: conf.h:32
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:723
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:150
DetectMatchAddressIPv6_
Definition: detect.h:165
DetectMatchAddressIPv4_
Definition: detect.h:160
Address_::family
char family
Definition: decode.h:120
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1484
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1893
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:133
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1936
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:134
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
flow-var.h
DetectAddress_::flags
uint8_t flags
Definition: detect.h:145
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:123
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1611
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:155
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, uint16_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1343
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1263
AddressIPv6Le
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162