suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "decode.h"
28 #include "detect.h"
29 #include "flow-var.h"
30 
31 #include "util-cidr.h"
32 #include "util-unittest.h"
33 #include "util-rule-vars.h"
34 #include "conf.h"
35 #include "conf-yaml-loader.h"
36 
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-address-ipv4.h"
40 #include "detect-engine-address-ipv6.h"
41 #include "detect-engine-port.h"
42 
43 #include "util-debug.h"
44 #include "util-byte.h"
45 #include "util-print.h"
46 #include "util-var.h"
47 
48 /* prototypes */
49 #ifdef DEBUG
50 static void DetectAddressPrint(DetectAddress *);
51 #else
52 #define DetectAddressPrint(...)
53 #endif
54 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56  DetectAddress **);
57 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59  int recur);
60 
61 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn);
62 
63 /**
64  * \brief Creates and returns a new instance of a DetectAddress.
65  *
66  * \retval ag Pointer to the newly created DetectAddress on success;
67  * NULL on failure.
68  */
69 DetectAddress *DetectAddressInit(void)
70 {
71  DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72  if (unlikely(ag == NULL))
73  return NULL;
74  return ag;
75 }
76 
77 /**
78  * \brief Frees a DetectAddress instance.
79  *
80  * \param ag Pointer to the DetectAddress instance to be freed.
81  */
82 void DetectAddressFree(DetectAddress *ag)
83 {
84  if (ag == NULL)
85  return;
86 
87  SCFree(ag);
88 }
89 
90 /**
91  * \internal
92  * \brief Returns a new instance of DetectAddressHead.
93  *
94  * \retval gh Pointer to the new instance of DetectAddressHead.
95  */
96 static DetectAddressHead *DetectAddressHeadInit(void)
97 {
98  DetectAddressHead *gh = SCCalloc(1, sizeof(DetectAddressHead));
99  if (unlikely(gh == NULL))
100  return NULL;
101  return gh;
102 }
103 
104 /**
105  * \internal
106  * \brief Frees a DetectAddressHead instance.
107  *
108  * \param gh Pointer to the DetectAddressHead instance to be freed.
109  */
110 static void DetectAddressHeadFree(DetectAddressHead *gh)
111 {
112  if (gh != NULL) {
113  DetectAddressHeadCleanup(gh);
114  SCFree(gh);
115  }
116 }
117 
118 /**
119  * \brief copy a DetectAddress
120  *
121  * \param orig Pointer to the instance of DetectAddress that contains the
122  * address data to be copied to the new instance.
123  *
124  * \retval ag Pointer to the new instance of DetectAddress that contains the
125  * copied address.
126  */
127 DetectAddress *DetectAddressCopy(DetectAddress *orig)
128 {
129  DetectAddress *ag = DetectAddressInit();
130  if (ag == NULL)
131  return NULL;
132 
133  ag->flags = orig->flags;
134  COPY_ADDRESS(&orig->ip, &ag->ip);
135  COPY_ADDRESS(&orig->ip2, &ag->ip2);
136  return ag;
137 }
138 
139 /**
140  * \brief Frees a list of DetectAddress instances.
141  *
142  * \param head Pointer to a list of DetectAddress instances to be freed.
143  */
144 void DetectAddressCleanupList(DetectAddress *head)
145 {
146  for (DetectAddress *cur = head; cur != NULL; ) {
147  DetectAddress *next = cur->next;
148  cur->next = NULL;
149  DetectAddressFree(cur);
150  cur = next;
151  }
152 }
153 
154 /**
155  * \internal
156  * \brief Helper function for DetectAddressInsert. Sets one of the
157  * DetectAddressHead head pointers, to the DetectAddress argument
158  * based on its address family.
159  *
160  * \param gh Pointer to the DetectAddressHead.
161  * \param newhead Pointer to the DetectAddress.
162  *
163  * \retval 0 On success.
164  * \retval -1 On failure.
165  */
166 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
167 {
168  if (newhead->ip.family == AF_INET) {
169  gh->ipv4_head = newhead;
170  } else if (newhead->ip.family == AF_INET6) {
171  gh->ipv6_head = newhead;
172  } else {
173  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
174  return -1;
175  }
176 
177  return 0;
178 }
179 
180 /**
181  * \internal
182  * \brief Returns the DetectAddress head from the DetectAddressHeads,
183  * based on the address family of the incoming DetectAddress arg.
184  *
185  * \param gh Pointer to the DetectAddressHead.
186  * \param new Pointer to the DetectAddress.
187  *
188  * \retval head Pointer to the DetectAddress(the head from
189  * DetectAddressHead).
190  */
191 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
192 {
193  DetectAddress *head = NULL;
194 
195  if (new->ip.family == AF_INET)
196  head = gh->ipv4_head;
197  else if (new->ip.family == AF_INET6)
198  head = gh->ipv6_head;
199 
200  return head;
201 }
202 
203 /**
204  * \internal
205  * \brief insert DetectAddress into a DetectAddressHead
206  *
207  * \param de_ctx Pointer to the detection engine context.
208  * \param gh Pointer to the DetectAddressHead list to which it has to
209  * be inserted.
210  * \param new Pointer to the DetectAddress, that has to be inserted.
211  *
212  * \retval 1 On successfully inserting it.
213  * \retval -1 On error.
214  * \retval 0 Not inserted, memory of new is freed.
215  */
216 static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
217  DetectAddress *new)
218 {
219  DetectAddress *head = NULL;
220  DetectAddress *cur = NULL;
221  DetectAddress *c = NULL;
222  int r = 0;
223 
224  if (new == NULL)
225  return 0;
226 
227  /* get our head ptr based on the address we want to insert */
228  head = GetHeadPtr(gh, new);
229 
230  /* see if it already exists or overlaps with existing ag's */
231  if (head != NULL) {
232  cur = NULL;
233 
234  for (cur = head; cur != NULL; cur = cur->next) {
235  r = DetectAddressCmp(new, cur);
236  BUG_ON(r == ADDRESS_ER);
237 
238  /* if so, handle that */
239  if (r == ADDRESS_EQ) {
240  /* exact overlap/match */
241  if (cur != new) {
242  DetectAddressFree(new);
243  return 0;
244  }
245 
246  return 1;
247  } else if (r == ADDRESS_GT) {
248  /* only add it now if we are bigger than the last group.
249  * Otherwise we'll handle it later. */
250  if (cur->next == NULL) {
251  /* put in the list */
252  new->prev = cur;
253  cur->next = new;
254 
255  return 1;
256  }
257  } else if (r == ADDRESS_LT) {
258  /* see if we need to insert the ag anywhere put in the list */
259  if (cur->prev != NULL)
260  cur->prev->next = new;
261  new->prev = cur->prev;
262  new->next = cur;
263  cur->prev = new;
264 
265  /* update head if required */
266  if (head == cur) {
267  head = new;
268 
269  if (SetHeadPtr(gh, head) < 0)
270  goto error;
271  }
272 
273  return 1;
274  /* alright, those were the simple cases, lets handle the more
275  * complex ones now */
276  } else if (r == ADDRESS_ES) {
277  c = NULL;
278  r = DetectAddressCut(de_ctx, cur, new, &c);
279  if (r == -1)
280  goto error;
281 
282  DetectAddressInsert(de_ctx, gh, new);
283  if (c != NULL)
284  DetectAddressInsert(de_ctx, gh, c);
285 
286  return 1;
287  } else if (r == ADDRESS_EB) {
288  c = NULL;
289  r = DetectAddressCut(de_ctx, cur, new, &c);
290  if (r == -1)
291  goto error;
292 
293  DetectAddressInsert(de_ctx, gh, new);
294  if (c != NULL)
295  DetectAddressInsert(de_ctx, gh, c);
296 
297  return 1;
298  } else if (r == ADDRESS_LE) {
299  c = NULL;
300  r = DetectAddressCut(de_ctx, cur, new, &c);
301  if (r == -1)
302  goto error;
303 
304  DetectAddressInsert(de_ctx, gh, new);
305  if (c != NULL)
306  DetectAddressInsert(de_ctx, gh, c);
307 
308  return 1;
309  } else if (r == ADDRESS_GE) {
310  c = NULL;
311  r = DetectAddressCut(de_ctx, cur,new,&c);
312  if (r == -1)
313  goto error;
314 
315  DetectAddressInsert(de_ctx, gh, new);
316  if (c != NULL)
317  DetectAddressInsert(de_ctx, gh, c);
318 
319  return 1;
320  }
321  }
322 
323  /* head is NULL, so get a group and set head to it */
324  } else {
325  head = new;
326  if (SetHeadPtr(gh, head) < 0) {
327  SCLogDebug("SetHeadPtr failed");
328  goto error;
329  }
330  }
331 
332  return 1;
333 
334 error:
335  /* XXX */
336  return -1;
337 }
338 
339 /**
340  * \brief Checks if two address group lists are equal.
341  *
342  * \param list1 Pointer to the first address group list.
343  * \param list2 Pointer to the second address group list.
344  *
345  * \retval true On success.
346  * \retval false On failure.
347  */
348 bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
349 {
350  DetectAddress *item = list1;
351  DetectAddress *it = list2;
352 
353  // First, compare items one by one.
354  while (item != NULL && it != NULL) {
355  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
356  return false;
357  }
358 
359  item = item->next;
360  it = it->next;
361  }
362 
363  // Are the lists of the same size?
364  return item == NULL && it == NULL;
365 }
366 
367 /**
368  * \internal
369  * \brief Parses an ipv4/ipv6 address string and updates the result into the
370  * DetectAddress instance sent as the argument.
371  *
372  * \param dd Pointer to the DetectAddress instance which should be updated with
373  * the address range details from the parsed ip string.
374  * \param str Pointer to address string that has to be parsed.
375  *
376  * \retval 0 On successfully parsing the address string.
377  * \retval -1 On failure.
378  */
379 static int DetectAddressParseString(DetectAddress *dd, const char *str)
380 {
381  char *ip = NULL;
382  char *ip2 = NULL;
383  char *mask = NULL;
384  int r = 0;
385  char ipstr[256];
386 
387  /* shouldn't see 'any' here */
388  BUG_ON(strcasecmp(str, "any") == 0);
389 
390  strlcpy(ipstr, str, sizeof(ipstr));
391  SCLogDebug("str %s", str);
392 
393  /* we work with a copy so that we can put a
394  * nul-termination in it later */
395  ip = ipstr;
396 
397  /* handle the negation case */
398  if (ip[0] == '!') {
399  dd->flags |= ADDRESS_FLAG_NOT;
400  ip++;
401  }
402 
403  /* see if the address is an ipv4 or ipv6 address */
404  if ((strchr(str, ':')) == NULL) {
405  /* IPv4 Address */
406  struct in_addr in;
407 
408  dd->ip.family = AF_INET;
409 
410  if ((mask = strchr(ip, '/')) != NULL) {
411  /* 1.2.3.4/xxx format (either dotted or cidr notation */
412  ip[mask - ip] = '\0';
413  mask++;
414  uint32_t ip4addr = 0;
415  uint32_t netmask = 0;
416 
417  if ((strchr (mask, '.')) == NULL) {
418  /* 1.2.3.4/24 format */
419 
420  for (size_t u = 0; u < strlen(mask); u++) {
421  if(!isdigit((unsigned char)mask[u]))
422  goto error;
423  }
424 
425  int cidr;
426  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
427  goto error;
428  netmask = CIDRGet(cidr);
429  } else {
430  /* 1.2.3.4/255.255.255.0 format */
431  r = inet_pton(AF_INET, mask, &in);
432  if (r <= 0)
433  goto error;
434 
435  netmask = in.s_addr;
436 
437  /* validate netmask */
438  int cidr = CIDRFromMask(netmask);
439  if (cidr < 0) {
440  SCLogError(
441  "netmask \"%s\" is not usable. Only netmasks that are compatible with "
442  "CIDR notation are supported. See ticket #5168.",
443  mask);
444  goto error;
445  }
446  }
447 
448  r = inet_pton(AF_INET, ip, &in);
449  if (r <= 0)
450  goto error;
451 
452  ip4addr = in.s_addr;
453 
454  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
455  dd->ip2.addr_data32[0] |=~ netmask;
456  } else if ((ip2 = strchr(ip, '-')) != NULL) {
457  /* 1.2.3.4-1.2.3.6 range format */
458  ip[ip2 - ip] = '\0';
459  ip2++;
460 
461  r = inet_pton(AF_INET, ip, &in);
462  if (r <= 0)
463  goto error;
464  dd->ip.addr_data32[0] = in.s_addr;
465 
466  r = inet_pton(AF_INET, ip2, &in);
467  if (r <= 0)
468  goto error;
469  dd->ip2.addr_data32[0] = in.s_addr;
470 
471  /* a > b is illegal, a = b is ok */
472  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
473  goto error;
474  } else {
475  /* 1.2.3.4 format */
476  r = inet_pton(AF_INET, ip, &in);
477  if (r <= 0)
478  goto error;
479  /* single host */
480  dd->ip.addr_data32[0] = in.s_addr;
481  dd->ip2.addr_data32[0] = in.s_addr;
482  }
483  } else {
484  /* IPv6 Address */
485  struct in6_addr in6, mask6;
486  uint32_t ip6addr[4], netmask[4];
487 
488  dd->ip.family = AF_INET6;
489 
490  if ((mask = strchr(ip, '/')) != NULL) {
491  ip[mask - ip] = '\0';
492  mask++;
493 
494  int cidr;
495  if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
496  goto error;
497 
498  r = inet_pton(AF_INET6, ip, &in6);
499  if (r <= 0)
500  goto error;
501  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
502 
503  CIDRGetIPv6(cidr, &mask6);
504  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
505 
506  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
507  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
508  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
509  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
510 
511  dd->ip2.addr_data32[0] |=~ netmask[0];
512  dd->ip2.addr_data32[1] |=~ netmask[1];
513  dd->ip2.addr_data32[2] |=~ netmask[2];
514  dd->ip2.addr_data32[3] |=~ netmask[3];
515  } else if ((ip2 = strchr(ip, '-')) != NULL) {
516  /* 2001::1-2001::4 range format */
517  ip[ip2 - ip] = '\0';
518  ip2++;
519 
520  r = inet_pton(AF_INET6, ip, &in6);
521  if (r <= 0)
522  goto error;
523  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
524 
525  r = inet_pton(AF_INET6, ip2, &in6);
526  if (r <= 0)
527  goto error;
528  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
529 
530  /* a > b is illegal, a=b is ok */
531  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
532  goto error;
533  } else {
534  r = inet_pton(AF_INET6, ip, &in6);
535  if (r <= 0)
536  goto error;
537 
538  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
539  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
540  }
541 
542  }
543 
544  BUG_ON(dd->ip.family == 0);
545 
546  return 0;
547 
548 error:
549  return -1;
550 }
551 
552 /**
553  * \internal
554  * \brief Simply parse an address and return a DetectAddress instance containing
555  * the address ranges of the parsed ip addressstring
556  *
557  * \param str Pointer to a character string containing the ip address
558  *
559  * \retval dd Pointer to the DetectAddress instance containing the address
560  * range details from the parsed ip string
561  */
562 static DetectAddress *DetectAddressParseSingle(const char *str)
563 {
564  SCLogDebug("str %s", str);
565 
566  DetectAddress *dd = DetectAddressInit();
567  if (dd == NULL)
568  return NULL;
569 
570  if (DetectAddressParseString(dd, str) < 0) {
571  SCLogDebug("AddressParse failed");
572  DetectAddressFree(dd);
573  return NULL;
574  }
575 
576  return dd;
577 }
578 
579 /**
580  * \brief Setup a single address string, parse it and add the resulting
581  * Address-Range(s) to the AddressHead(DetectAddressHead instance).
582  *
583  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
584  * resulting Address-Range(s) from the parsed ip string has to
585  * be added.
586  * \param s Pointer to the ip address string to be parsed.
587  *
588  * \retval 0 On success.
589  * \retval -1 On failure.
590  */
591 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
592 {
593  SCLogDebug("gh %p, s %s", gh, s);
594 
595  while (*s != '\0' && isspace(*s))
596  s++;
597 
598  if (strcasecmp(s, "any") == 0) {
599  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
600 
601  DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
602  if (ad == NULL)
603  return -1;
604 
605  BUG_ON(ad->ip.family == 0);
606 
607  if (DetectAddressInsert(NULL, gh, ad) < 0) {
608  SCLogDebug("DetectAddressInsert failed");
609  DetectAddressFree(ad);
610  return -1;
611  }
612 
613  ad = DetectAddressParseSingle("::/0");
614  if (ad == NULL)
615  return -1;
616 
617  BUG_ON(ad->ip.family == 0);
618 
619  if (DetectAddressInsert(NULL, gh, ad) < 0) {
620  SCLogDebug("DetectAddressInsert failed");
621  DetectAddressFree(ad);
622  return -1;
623  }
624  return 0;
625  }
626 
627  /* parse the address */
628  DetectAddress *ad = DetectAddressParseSingle(s);
629  if (ad == NULL) {
630  SCLogError("failed to parse address \"%s\"", s);
631  return -1;
632  }
633 
634  /* handle the not case, we apply the negation then insert the part(s) */
635  if (ad->flags & ADDRESS_FLAG_NOT) {
636  DetectAddress *ad2 = NULL;
637 
638  if (DetectAddressCutNot(ad, &ad2) < 0) {
639  SCLogDebug("DetectAddressCutNot failed");
640  DetectAddressFree(ad);
641  return -1;
642  }
643 
644  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
645  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
646  if (ad2 != NULL) {
647  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
648  SCLogDebug("DetectAddressInsert failed");
649  DetectAddressFree(ad);
650  DetectAddressFree(ad2);
651  return -1;
652  }
653  }
654  }
655 
656  int r = DetectAddressInsert(NULL, gh, ad);
657  if (r < 0) {
658  SCLogDebug("DetectAddressInsert failed");
659  DetectAddressFree(ad);
660  return -1;
661  }
662  SCLogDebug("r %d",r);
663  return 0;
664 }
665 
666 /**
667  * \brief Parses an address string and updates the 2 address heads with the
668  * address data.
669  *
670  * Note that this function should only be called by the wrapping function
671  * DetectAddressParse2. The wrapping function provides long address handling
672  * when the address size exceeds a threshold value.
673  *
674  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
675  * since we pass around negate without keeping a count of ! with depth.
676  * Can solve this by keeping a count of the negations with depth, so that
677  * an even no of negations would count as no negation and an odd no of
678  * negations would count as a negation.
679  *
680  * \param gh Pointer to the address head that should hold address ranges
681  * that are not negated.
682  * \param ghn Pointer to the address head that should hold address ranges
683  * that are negated.
684  * \param s Pointer to the character string holding the address to be
685  * parsed.
686  * \param negate Flag that indicates if the received address string is negated
687  * or not. 0 if it is not, 1 it it is.
688  *
689  * \retval 0 On successfully parsing.
690  * \retval -1 On failure.
691  */
692 static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
693  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
694  int recur, char *address, size_t address_length)
695 {
696  size_t x = 0;
697  size_t u = 0;
698  int o_set = 0, n_set = 0, d_set = 0;
699  int depth = 0;
700  const char *rule_var_address = NULL;
701  char *temp_rule_var_address = NULL;
702 
703  if (++recur > 64) {
704  SCLogError("address block recursion "
705  "limit reached (max 64)");
706  goto error;
707  }
708 
709  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
710 
711  size_t size = strlen(s);
712  for (u = 0, x = 0; u < size && x < address_length; u++) {
713  if (x == (address_length - 1)) {
714  SCLogError("Hit the address buffer"
715  " limit for the supplied address. Invalidating sig. "
716  "Please file a bug report on this.");
717  goto error;
718  }
719  address[x] = s[u];
720  x++;
721 
722  if (!o_set && s[u] == '!') {
723  n_set = 1;
724  x--;
725  } else if (s[u] == '[') {
726  if (!o_set) {
727  o_set = 1;
728  x = 0;
729  }
730  depth++;
731  } else if (s[u] == ']') {
732  if (depth == 1) {
733  address[x - 1] = '\0';
734  x = 0;
735  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
736  if (((negate + n_set) % 2) == 0) {
737  /* normal block */
738  SCLogDebug("normal block");
739 
740  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
741  goto error;
742  } else {
743  /* negated block
744  *
745  * Extra steps are necessary. First consider it as a normal
746  * (non-negated) range. Merge the + and - ranges if
747  * applicable. Then insert the result into the ghn list. */
748  SCLogDebug("negated block");
749 
750  DetectAddressHead tmp_gh = { NULL, NULL };
751  DetectAddressHead tmp_ghn = { NULL, NULL };
752 
753  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
754  DetectAddressHeadCleanup(&tmp_gh);
755  DetectAddressHeadCleanup(&tmp_ghn);
756  goto error;
757  }
758 
759  DetectAddress *tmp_ad;
760  DetectAddress *tmp_ad2;
761 #ifdef DEBUG
762  SCLogDebug("tmp_gh: IPv4");
763  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
764  DetectAddressPrint(tmp_ad);
765  }
766  SCLogDebug("tmp_ghn: IPv4");
767  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
768  DetectAddressPrint(tmp_ad);
769  }
770  SCLogDebug("tmp_gh: IPv6");
771  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
772  DetectAddressPrint(tmp_ad);
773  }
774  SCLogDebug("tmp_ghn: IPv6");
775  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
776  DetectAddressPrint(tmp_ad);
777  }
778 #endif
779  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
780  DetectAddressHeadCleanup(&tmp_ghn);
781  DetectAddressHeadCleanup(&tmp_gh);
782  goto error;
783  }
784  DetectAddressHeadCleanup(&tmp_ghn);
785 
786  SCLogDebug("merged successfully");
787 
788  /* insert the IPv4 addresses into the negated list */
789  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
790  /* work with a copy of the address group */
791  tmp_ad2 = DetectAddressCopy(tmp_ad);
792  if (tmp_ad2 == NULL) {
793  SCLogDebug("DetectAddressCopy failed");
794  DetectAddressHeadCleanup(&tmp_gh);
795  goto error;
796  }
797  DetectAddressPrint(tmp_ad2);
798  DetectAddressInsert(NULL, ghn, tmp_ad2);
799  }
800 
801  /* insert the IPv6 addresses into the negated list */
802  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
803  /* work with a copy of the address group */
804  tmp_ad2 = DetectAddressCopy(tmp_ad);
805  if (tmp_ad2 == NULL) {
806  SCLogDebug("DetectAddressCopy failed");
807  DetectAddressHeadCleanup(&tmp_gh);
808  goto error;
809  }
810  DetectAddressPrint(tmp_ad2);
811  DetectAddressInsert(NULL, ghn, tmp_ad2);
812  }
813 
814  DetectAddressHeadCleanup(&tmp_gh);
815  }
816  n_set = 0;
817  }
818  depth--;
819  } else if (depth == 0 && s[u] == ',') {
820  if (o_set == 1) {
821  o_set = 0;
822  } else if (d_set == 1) {
823  address[x - 1] = '\0';
824 
825  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
826  SC_RULE_VARS_ADDRESS_GROUPS);
827  if (rule_var_address == NULL)
828  goto error;
829 
830  if (strlen(rule_var_address) == 0) {
831  SCLogError("variable %s resolved "
832  "to nothing. This is likely a misconfiguration. "
833  "Note that a negated address needs to be quoted, "
834  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
835  s);
836  goto error;
837  }
838 
839  SCLogDebug("rule_var_address %s", rule_var_address);
840  if ((negate + n_set) % 2) {
841  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
842  const size_t str_size = strlen(rule_var_address) + 3 + 1;
843  temp_rule_var_address = SCMalloc(str_size);
844  if (unlikely(temp_rule_var_address == NULL))
845  goto error;
846  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
847  } else {
848  temp_rule_var_address = SCStrdup(rule_var_address);
849  if (unlikely(temp_rule_var_address == NULL))
850  goto error;
851  }
852 
853  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
854  (negate + n_set) % 2, var_list, recur) < 0) {
855  if (temp_rule_var_address != rule_var_address)
856  SCFree(temp_rule_var_address);
857  goto error;
858  }
859  d_set = 0;
860  n_set = 0;
861  SCFree(temp_rule_var_address);
862  } else {
863  address[x - 1] = '\0';
864 
865  if (!((negate + n_set) % 2)) {
866  SCLogDebug("DetectAddressSetup into gh, %s", address);
867  if (DetectAddressSetup(gh, address) < 0)
868  goto error;
869  } else {
870  SCLogDebug("DetectAddressSetup into ghn, %s", address);
871  if (DetectAddressSetup(ghn, address) < 0)
872  goto error;
873  }
874  n_set = 0;
875  }
876  x = 0;
877  } else if (depth == 0 && s[u] == '$') {
878  d_set = 1;
879  } else if (depth == 0 && u == size - 1) {
880  if (x == address_length) {
881  address[x - 1] = '\0';
882  } else {
883  address[x] = '\0';
884  }
885  x = 0;
886 
887  if (AddVariableToResolveList(var_list, address) == -1) {
888  SCLogError("Found a loop in a address "
889  "groups declaration. This is likely a misconfiguration.");
890  goto error;
891  }
892 
893  if (d_set == 1) {
894  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
895  SC_RULE_VARS_ADDRESS_GROUPS);
896  if (rule_var_address == NULL)
897  goto error;
898 
899  if (strlen(rule_var_address) == 0) {
900  SCLogError("variable %s resolved "
901  "to nothing. This is likely a misconfiguration. "
902  "Note that a negated address needs to be quoted, "
903  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
904  s);
905  goto error;
906  }
907 
908  SCLogDebug("rule_var_address %s", rule_var_address);
909  if ((negate + n_set) % 2) {
910  /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
911  const size_t str_size = strlen(rule_var_address) + 3 + 1;
912  temp_rule_var_address = SCMalloc(str_size);
913  if (unlikely(temp_rule_var_address == NULL))
914  goto error;
915  snprintf(temp_rule_var_address, str_size, "[%s]", rule_var_address);
916  } else {
917  temp_rule_var_address = SCStrdup(rule_var_address);
918  if (unlikely(temp_rule_var_address == NULL))
919  goto error;
920  }
921 
922  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
923  (negate + n_set) % 2, var_list, recur) < 0) {
924  SCLogDebug("DetectAddressParse2 hates us");
925  if (temp_rule_var_address != rule_var_address)
926  SCFree(temp_rule_var_address);
927  goto error;
928  }
929  d_set = 0;
930  SCFree(temp_rule_var_address);
931  } else {
932  if (!((negate + n_set) % 2)) {
933  SCLogDebug("DetectAddressSetup into gh, %s", address);
934  if (DetectAddressSetup(gh, address) < 0) {
935  SCLogDebug("DetectAddressSetup gh fail");
936  goto error;
937  }
938  } else {
939  SCLogDebug("DetectAddressSetup into ghn, %s", address);
940  if (DetectAddressSetup(ghn, address) < 0) {
941  SCLogDebug("DetectAddressSetup ghn fail");
942  goto error;
943  }
944  }
945  }
946  n_set = 0;
947  }
948  }
949  if (depth > 0) {
950  SCLogError("not every address block was "
951  "properly closed in \"%s\", %d missing closing brackets (]). "
952  "Note: problem might be in a variable.",
953  s, depth);
954  goto error;
955  } else if (depth < 0) {
956  SCLogError("not every address block was "
957  "properly opened in \"%s\", %d missing opening brackets ([). "
958  "Note: problem might be in a variable.",
959  s, depth * -1);
960  goto error;
961  }
962 
963  return 0;
964 
965 error:
966 
967  return -1;
968 }
969 
970 /**
971  * \internal
972  * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
973  *
974  * \retval Return value from DetectAddressParseInternal
975  */
976 static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
977  DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
978  int recur)
979 {
980  int rc;
981 #define MAX_ADDRESS_LENGTH 8192
982 
983  size_t address_length = strlen(s);
984  if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
985  char *address = SCCalloc(1, address_length);
986  if (address == NULL) {
987  SCLogError("Unable to allocate"
988  " memory for address parsing.");
989  return -1;
990  }
991  rc = DetectAddressParseInternal(
992  de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
993  SCFree(address);
994  } else {
995  char address[MAX_ADDRESS_LENGTH] = "";
996  rc = DetectAddressParseInternal(
997  de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
998  }
999  return rc;
1000 }
1001 
1002 /**
1003  * \internal
1004  * \brief See if the addresses and ranges in an address head cover the
1005  * entire ip space.
1006  *
1007  * \param gh Pointer to the DetectAddressHead to check.
1008  *
1009  * \retval 0 No.
1010  * \retval 1 Yes.
1011  *
1012  * \todo do the same for IPv6
1013  */
1014 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1015 {
1016  int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head);
1017  if (r == 1)
1018  return 1;
1019 
1020  return 0;
1021 }
1022 
1023 /**
1024  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1025  *
1026  * \param gh Pointer to the address head containing the non-NOT groups.
1027  * \param ghn Pointer to the address head containing the NOT groups.
1028  *
1029  * \retval 0 On success.
1030  * \retval -1 On failure.
1031  */
1032 int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
1033 {
1034  DetectAddress *ad;
1035  DetectAddress *ag, *ag2;
1036  int r = 0;
1037 
1038  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1039  ghn->ipv4_head);
1040 
1041  /* check if the negated list covers the entire ip space. If so
1042  * the user screwed up the rules/vars. */
1043  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1044  SCLogError("Complete IP space negated. "
1045  "Rule address range is NIL. Probably have a !any or "
1046  "an address range that supplies a NULL address range");
1047  goto error;
1048  }
1049 
1050  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1051  * not thingy. In that case we add a 0.0.0.0/0 first. */
1052  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1053  r = DetectAddressSetup(gh, "0.0.0.0/0");
1054  if (r < 0) {
1055  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1056  goto error;
1057  }
1058  }
1059  /* ... or ::/0 for ipv6 */
1060  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1061  r = DetectAddressSetup(gh, "::/0");
1062  if (r < 0) {
1063  SCLogDebug("DetectAddressSetup for ::/0 failed");
1064  goto error;
1065  }
1066  }
1067 
1068  /* step 1: insert our ghn members into the gh list */
1069  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1070  /* work with a copy of the ad so we can easily clean up the ghn group
1071  * later. */
1072  ad = DetectAddressCopy(ag);
1073  if (ad == NULL) {
1074  SCLogDebug("DetectAddressCopy failed");
1075  goto error;
1076  }
1077 
1078  r = DetectAddressInsert(NULL, gh, ad);
1079  if (r < 0) {
1080  SCLogDebug("DetectAddressInsert failed");
1081  goto error;
1082  }
1083  }
1084  /* ... and the same for ipv6 */
1085  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1086  /* work with a copy of the ad so we can easily clean up the ghn group
1087  * later. */
1088  ad = DetectAddressCopy(ag);
1089  if (ad == NULL) {
1090  SCLogDebug("DetectAddressCopy failed");
1091  goto error;
1092  }
1093 
1094  r = DetectAddressInsert(NULL, gh, ad);
1095  if (r < 0) {
1096  SCLogDebug("DetectAddressInsert failed");
1097  goto error;
1098  }
1099  }
1100 #ifdef DEBUG
1101  DetectAddress *tmp_ad;
1102  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1103  DetectAddressPrint(tmp_ad);
1104  }
1105 #endif
1106  int ipv4_applied = 0;
1107  int ipv6_applied = 0;
1108 
1109  /* step 2: pull the address blocks that match our 'not' blocks */
1110  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1111  SCLogDebug("ag %p", ag);
1112  DetectAddressPrint(ag);
1113 
1114  int applied = 0;
1115  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1116  SCLogDebug("ag2 %p", ag2);
1117  DetectAddressPrint(ag2);
1118 
1119  r = DetectAddressCmp(ag, ag2);
1120  /* XXX more ??? */
1121  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1122  if (ag2->prev != NULL)
1123  ag2->prev->next = ag2->next;
1124  if (ag2->next != NULL)
1125  ag2->next->prev = ag2->prev;
1126  if (gh->ipv4_head == ag2)
1127  gh->ipv4_head = ag2->next;
1128  /* store the next ptr and remove the group */
1129  DetectAddress *next_ag2 = ag2->next;
1130  DetectAddressFree(ag2);
1131  ag2 = next_ag2;
1132  applied = 1;
1133  } else {
1134  ag2 = ag2->next;
1135  }
1136  }
1137 
1138  if (applied) {
1139  ipv4_applied++;
1140  }
1141  }
1142  /* ... and the same for ipv6 */
1143  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1144  int applied = 0;
1145  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1146  r = DetectAddressCmp(ag, ag2);
1147  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1148  if (ag2->prev != NULL)
1149  ag2->prev->next = ag2->next;
1150  if (ag2->next != NULL)
1151  ag2->next->prev = ag2->prev;
1152  if (gh->ipv6_head == ag2)
1153  gh->ipv6_head = ag2->next;
1154  /* store the next ptr and remove the group */
1155  DetectAddress *next_ag2 = ag2->next;
1156  DetectAddressFree(ag2);
1157  ag2 = next_ag2;
1158 
1159  SCLogDebug("applied");
1160  applied = 1;
1161  } else {
1162  ag2 = ag2->next;
1163  }
1164  }
1165  if (applied) {
1166  ipv6_applied++;
1167  }
1168  }
1169 #ifdef DEBUG
1170  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1171  DetectAddressPrint(tmp_ad);
1172  }
1173  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1174  DetectAddressPrint(tmp_ad);
1175  }
1176 #endif
1177  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1178  int cnt = 0;
1179  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1180  cnt++;
1181 
1182  if (ipv4_applied != cnt) {
1183  SCLogError("not all IPv4 negations "
1184  "could be applied: %d != %d",
1185  cnt, ipv4_applied);
1186  goto error;
1187  }
1188 
1189  cnt = 0;
1190  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1191  cnt++;
1192 
1193  if (ipv6_applied != cnt) {
1194  SCLogError("not all IPv6 negations "
1195  "could be applied: %d != %d",
1196  cnt, ipv6_applied);
1197  goto error;
1198  }
1199  }
1200 
1201  /* if the result is that we have no addresses we return error */
1202  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1203  SCLogError("no addresses left after "
1204  "merging addresses and negated addresses");
1205  goto error;
1206  }
1207 
1208  return 0;
1209 
1210 error:
1211  return -1;
1212 }
1213 
1214 int DetectAddressTestConfVars(void)
1215 {
1216  SCLogDebug("Testing address conf vars for any misconfigured values");
1217 
1218  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1219 
1220  SCConfNode *address_vars_node = SCConfGetNode("vars.address-groups");
1221  if (address_vars_node == NULL) {
1222  return 0;
1223  }
1224 
1225  DetectAddressHead *gh = NULL;
1226  DetectAddressHead *ghn = NULL;
1227 
1228  SCConfNode *seq_node;
1229  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1230  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1231 
1232  gh = DetectAddressHeadInit();
1233  if (gh == NULL) {
1234  goto error;
1235  }
1236  ghn = DetectAddressHeadInit();
1237  if (ghn == NULL) {
1238  goto error;
1239  }
1240 
1241  if (seq_node->val == NULL) {
1242  SCLogError("Address var \"%s\" probably has a sequence(something "
1243  "in brackets) value set without any quotes. Please "
1244  "quote it using \"..\".",
1245  seq_node->name);
1246  goto error;
1247  }
1248 
1249  int r = DetectAddressParse2(
1250  NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1251 
1252  CleanVariableResolveList(&var_list);
1253 
1254  if (r < 0) {
1255  SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1256  "Please check its syntax",
1257  seq_node->name, seq_node->val);
1258  goto error;
1259  }
1260 
1261  if (DetectAddressIsCompleteIPSpace(ghn)) {
1262  SCLogError("address var - \"%s\" has the complete IP space negated "
1263  "with its value \"%s\". Rule address range is NIL. "
1264  "Probably have a !any or an address range that supplies "
1265  "a NULL address range",
1266  seq_node->name, seq_node->val);
1267  goto error;
1268  }
1269 
1270  DetectAddressHeadFree(gh);
1271  DetectAddressHeadFree(ghn);
1272  ghn = NULL;
1273  }
1274 
1275  return 0;
1276  error:
1277  if (gh != NULL)
1278  DetectAddressHeadFree(gh);
1279  if (ghn != NULL)
1280  DetectAddressHeadFree(ghn);
1281  return -1;
1282 }
1283 
1284 #include "util-hash-lookup3.h"
1285 
1286 typedef struct DetectAddressMap_ {
1287  char *string;
1288  DetectAddressHead *address;
1289  bool contains_negation;
1290 } DetectAddressMap;
1291 
1292 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1293 {
1294  const DetectAddressMap *map = (DetectAddressMap *)data;
1295  uint32_t hash = 0;
1296 
1297  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1298  hash %= ht->array_size;
1299 
1300  return hash;
1301 }
1302 
1303 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1304  uint16_t len2)
1305 {
1306  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1307  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1308 
1309  char r = (strcmp(map1->string, map2->string) == 0);
1310  return r;
1311 }
1312 
1313 static void DetectAddressMapFreeFunc(void *data)
1314 {
1315  DetectAddressMap *map = (DetectAddressMap *)data;
1316  if (map != NULL) {
1317  DetectAddressHeadFree(map->address);
1318  SCFree(map->string);
1319  }
1320  SCFree(map);
1321 }
1322 
1323 int DetectAddressMapInit(DetectEngineCtx *de_ctx)
1324 {
1325  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1326  DetectAddressMapCompareFunc,
1327  DetectAddressMapFreeFunc);
1328  if (de_ctx->address_table == NULL)
1329  return -1;
1330 
1331  return 0;
1332 }
1333 
1334 void DetectAddressMapFree(DetectEngineCtx *de_ctx)
1335 {
1336  if (de_ctx->address_table == NULL)
1337  return;
1338 
1339  HashListTableFree(de_ctx->address_table);
1340  de_ctx->address_table = NULL;
1341 }
1342 
1343 static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1344  DetectAddressHead *address, bool contains_negation)
1345 {
1346  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1347  if (map == NULL)
1348  return false;
1349 
1350  map->string = SCStrdup(string);
1351  if (map->string == NULL) {
1352  SCFree(map);
1353  return false;
1354  }
1355  map->address = address;
1356  map->contains_negation = contains_negation;
1357 
1358  if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1359  SCFree(map->string);
1360  SCFree(map);
1361  return false;
1362  }
1363 
1364  return true;
1365 }
1366 
1367 static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1368  const char *string)
1369 {
1370  DetectAddressMap map = { (char *)string, NULL, false };
1371 
1372  const DetectAddressMap *res = HashListTableLookup(de_ctx->address_table,
1373  &map, 0);
1374  return res;
1375 }
1376 
1377 /**
1378  * \brief Parses an address group sent as a character string and updates the
1379  * DetectAddressHead sent as the argument with the relevant address
1380  * ranges from the parsed string.
1381  *
1382  * \param de_ctx Pointer to the detection engine context
1383  * \param gh Pointer to the DetectAddressHead.
1384  * \param str Pointer to the character string containing the address group
1385  * that has to be parsed.
1386  *
1387  * \retval 1 On success. Contained negation.
1388  * \retval 0 On success. Did not contain negation.
1389  * \retval -1 On failure.
1390  */
1391 int DetectAddressParse(const DetectEngineCtx *de_ctx,
1392  DetectAddressHead *gh, const char *str)
1393 {
1394  SCLogDebug("gh %p, str %s", gh, str);
1395 
1396  if (str == NULL) {
1397  SCLogDebug("DetectAddressParse can not be run with NULL address");
1398  return -1;
1399  }
1400 
1401  DetectAddressHead *ghn = DetectAddressHeadInit();
1402  if (ghn == NULL) {
1403  SCLogDebug("DetectAddressHeadInit for ghn failed");
1404  return -1;
1405  }
1406 
1407  int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1408  if (r < 0) {
1409  SCLogDebug("DetectAddressParse2 returned %d", r);
1410  DetectAddressHeadFree(ghn);
1411  return -1;
1412  }
1413 
1414  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1415  ghn->ipv4_head);
1416 
1417  bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1418 
1419  /* merge the 'not' address groups */
1420  if (DetectAddressMergeNot(gh, ghn) < 0) {
1421  SCLogDebug("DetectAddressMergeNot failed");
1422  DetectAddressHeadFree(ghn);
1423  return -1;
1424  }
1425 
1426  /* free the temp negate head */
1427  DetectAddressHeadFree(ghn);
1428  return contains_negation ? 1 : 0;
1429 }
1430 
1431 const DetectAddressHead *DetectParseAddress(DetectEngineCtx *de_ctx,
1432  const char *string, bool *contains_negation)
1433 {
1434  const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1435  if (res != NULL) {
1436  SCLogDebug("found: %s :: %p", string, res);
1437  *contains_negation = res->contains_negation;
1438  return res->address;
1439  }
1440 
1441  SCLogDebug("%s not found", string);
1442 
1443  DetectAddressHead *head = DetectAddressHeadInit();
1444  if (head == NULL)
1445  return NULL;
1446 
1447  const int r = DetectAddressParse(de_ctx, head, string);
1448  if (r < 0) {
1449  DetectAddressHeadFree(head);
1450  return NULL;
1451  } else if (r == 1) {
1452  *contains_negation = true;
1453  } else {
1454  *contains_negation = false;
1455  }
1456 
1457  if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1458  DetectAddressHeadFree(head);
1459  return NULL;
1460  }
1461 
1462  return head;
1463 }
1464 
1465 /**
1466  * \brief Cleans a DetectAddressHead. The functions frees the address
1467  * group heads(ipv4 and ipv6) inside the DetectAddressHead
1468  * instance.
1469  *
1470  * \param gh Pointer to the DetectAddressHead instance that has to be
1471  * cleaned.
1472  */
1473 void DetectAddressHeadCleanup(DetectAddressHead *gh)
1474 {
1475  if (gh != NULL) {
1476  if (gh->ipv4_head != NULL) {
1477  DetectAddressCleanupList(gh->ipv4_head);
1478  gh->ipv4_head = NULL;
1479  }
1480  if (gh->ipv6_head != NULL) {
1481  DetectAddressCleanupList(gh->ipv6_head);
1482  gh->ipv6_head = NULL;
1483  }
1484  }
1485 }
1486 
1487 /**
1488  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1489  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1490  * explanations on what these functions do.
1491  *
1492  * \param de_ctx Pointer to the DetectEngineCtx.
1493  * \param a Pointer to the first address to be cut.
1494  * \param b Pointer to the second address to be cut.
1495  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1496  * ranges from a and b, demand a third address range.
1497  *
1498  * \retval 0 On success.
1499  * \retval -1 On failure.
1500  */
1501 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1502  DetectAddress *b, DetectAddress **c)
1503 {
1504  if (a->ip.family == AF_INET)
1505  return DetectAddressCutIPv4(de_ctx, a, b, c);
1506  else if (a->ip.family == AF_INET6)
1507  return DetectAddressCutIPv6(de_ctx, a, b, c);
1508 
1509  return -1;
1510 }
1511 
1512 /**
1513  * \brief Cuts a negated address range with respect to the entire ip range, and
1514  * supplies with the address range that doesn't belong to the negated
1515  * address range.
1516  *
1517  * There are 2 cases here -
1518  *
1519  * The first case includes the address being located at the extreme ends
1520  * of the ip space, in which we get a single range.
1521  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1522  *
1523  * The second case includes the address not present at either of the
1524  * ip space extremes, in which case we get 2 ranges. The second range
1525  * would be supplied back with the argument "b" supplied to this function.
1526  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1527  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1528  *
1529  * The above negation cases can similarly be extended to ranges, i.e.
1530  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1531  * ![10.20.30.40 - 10.20.30.50].
1532  *
1533  *
1534  * \param a Pointer to the DetectAddressData instance, that contains the negated
1535  * address range that has to be cut.
1536  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1537  * filled with the address range, if the argument "a", doesn't fall at
1538  * the extreme ends of the ip address space.
1539  *
1540  * \retval 0 On success.
1541  * \retval -1 On failure.
1542  */
1543 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1544 {
1545  if (a->ip.family == AF_INET)
1546  return DetectAddressCutNotIPv4(a, b);
1547  else if (a->ip.family == AF_INET6)
1548  return DetectAddressCutNotIPv6(a, b);
1549 
1550  return -1;
1551 }
1552 
1553 /**
1554  * \brief Used to compare 2 address ranges.
1555  *
1556  * \param a Pointer to the first DetectAddressData to be compared.
1557  * \param b Pointer to the second DetectAddressData to be compared.
1558  */
1559 int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
1560 {
1561  if (a->ip.family != b->ip.family)
1562  return ADDRESS_ER;
1563 
1564  if (a->ip.family == AF_INET)
1565  return DetectAddressCmpIPv4(a, b);
1566  else if (a->ip.family == AF_INET6)
1567  return DetectAddressCmpIPv6(a, b);
1568 
1569  return ADDRESS_ER;
1570 }
1571 
1572 /**
1573  * \brief Match a packets address against a signatures addrs array
1574  *
1575  * \param addrs array of DetectMatchAddressIPv4's
1576  * \param addrs_cnt array size in members
1577  * \param a packets address
1578  *
1579  * \retval 0 no match
1580  * \retval 1 match
1581  *
1582  * \note addresses in addrs are in host order
1583  *
1584  * \todo array should be ordered, so we can break out of the loop
1585  */
1586 int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs,
1587  uint16_t addrs_cnt, const Address *a)
1588 {
1589  SCEnter();
1590 
1591  if (addrs == NULL || addrs_cnt == 0) {
1592  SCReturnInt(0);
1593  }
1594 
1595  uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1596  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1597  if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1598  SCReturnInt(1);
1599  }
1600  }
1601 
1602  SCReturnInt(0);
1603 }
1604 
1605 /**
1606  * \brief Match a packets address against a signatures addrs array
1607  *
1608  * \param addrs array of DetectMatchAddressIPv6's
1609  * \param addrs_cnt array size in members
1610  * \param a packets address
1611  *
1612  * \retval 0 no match
1613  * \retval 1 match
1614  *
1615  * \note addresses in addrs are in host order
1616  *
1617  * \todo array should be ordered, so we can break out of the loop
1618  */
1619 int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs,
1620  uint16_t addrs_cnt, const Address *a)
1621 {
1622  SCEnter();
1623 
1624  if (addrs == NULL || addrs_cnt == 0) {
1625  SCReturnInt(0);
1626  }
1627 
1628  uint32_t match_addr[4];
1629  match_addr[0] = SCNtohl(a->addr_data32[0]);
1630  match_addr[1] = SCNtohl(a->addr_data32[1]);
1631  match_addr[2] = SCNtohl(a->addr_data32[2]);
1632  match_addr[3] = SCNtohl(a->addr_data32[3]);
1633 
1634  /* See if the packet address is within the range of any entry in the
1635  * signature's address match array.
1636  */
1637  for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1638  uint16_t result1 = 0, result2 = 0;
1639 
1640  /* See if packet address equals either limit. Return 1 if true. */
1641  if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1642  SCReturnInt(1);
1643  }
1644  if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1645  SCReturnInt(1);
1646  }
1647 
1648  /* See if packet address is greater than lower limit
1649  * of the current signature address match pair.
1650  */
1651  for (int i = 0; i < 4; i++) {
1652  if (match_addr[i] > addrs[idx].ip[i]) {
1653  result1 = 1;
1654  break;
1655  }
1656  if (match_addr[i] < addrs[idx].ip[i]) {
1657  result1 = 0;
1658  break;
1659  }
1660  }
1661 
1662  /* If not greater than lower limit, try next address match entry */
1663  if (result1 == 0)
1664  continue;
1665 
1666  /* See if packet address is less than upper limit
1667  * of the current signature address match pair.
1668  */
1669  for (int i = 0; i < 4; i++) {
1670  if (match_addr[i] < addrs[idx].ip2[i]) {
1671  result2 = 1;
1672  break;
1673  }
1674  if (match_addr[i] > addrs[idx].ip2[i]) {
1675  result2 = 0;
1676  break;
1677  }
1678  }
1679 
1680  /* Return a match if packet address is between the two
1681  * signature address match limits.
1682  */
1683  if (result1 == 1 && result2 == 1)
1684  SCReturnInt(1);
1685  }
1686 
1687  SCReturnInt(0);
1688 }
1689 
1690 /**
1691  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1692  * range in the DetectAddress instance.
1693  *
1694  * We basically check that the address falls in between the address
1695  * range in DetectAddress.
1696  *
1697  * \param dd Pointer to the DetectAddress instance.
1698  * \param a Pointer to an Address instance.
1699  *
1700  * \param 1 On a match.
1701  * \param 0 On no match.
1702  */
1703 static int DetectAddressMatch(DetectAddress *dd, Address *a)
1704 {
1705  SCEnter();
1706 
1707  if (dd->ip.family != a->family) {
1708  SCReturnInt(0);
1709  }
1710 
1711  //DetectAddressPrint(dd);
1712  //AddressDebugPrint(a);
1713 
1714  switch (a->family) {
1715  case AF_INET:
1716 
1717  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1718  * Address inside DetectAddressData we can do uint8_t checks */
1719  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1720  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1721  {
1722  SCReturnInt(1);
1723  } else {
1724  SCReturnInt(0);
1725  }
1726 
1727  break;
1728  case AF_INET6:
1729  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1730  AddressIPv6Le(a, &dd->ip2) == 1)
1731  {
1732  SCReturnInt(1);
1733  } else {
1734  SCReturnInt(0);
1735  }
1736 
1737  break;
1738  default:
1739  SCLogDebug("What other address type can we have :-/");
1740  break;
1741  }
1742 
1743  SCReturnInt(0);
1744 }
1745 
1746 #ifdef DEBUG
1747 /**
1748  * \brief Prints the address data held by the DetectAddress. If the address
1749  * data family is IPv4, we print the ipv4 address and mask, and
1750  * if the address data family is IPv6, we print the ipv6 address and
1751  * mask.
1752  *
1753  * \param ad Pointer to the DetectAddress instance to be printed.
1754  */
1755 static void DetectAddressPrint(DetectAddress *gr)
1756 {
1757  if (gr == NULL)
1758  return;
1759 
1760  if (gr->ip.family == AF_INET) {
1761  struct in_addr in;
1762  char ip[16], mask[16];
1763 
1764  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1765  PrintInet(AF_INET, &in, ip, sizeof(ip));
1766  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1767  PrintInet(AF_INET, &in, mask, sizeof(mask));
1768 
1769  SCLogDebug("%s/%s", ip, mask);
1770 // printf("%s/%s", ip, mask);
1771  } else if (gr->ip.family == AF_INET6) {
1772  struct in6_addr in6;
1773  char ip[66], mask[66];
1774 
1775  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1776  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1777  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1778  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1779 
1780  SCLogDebug("%s/%s", ip, mask);
1781 // printf("%s/%s", ip, mask);
1782  }
1783 }
1784 #endif
1785 
1786 /**
1787  * \brief Find the group matching address in a group head.
1788  *
1789  * \param gh Pointer to the address group head(DetectAddressHead instance).
1790  * \param a Pointer to an Address instance.
1791  *
1792  * \retval g On success pointer to an DetectAddress if we find a match
1793  * for the Address "a", in the DetectAddressHead "gh".
1794  */
1795 DetectAddress *DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
1796 {
1797  SCEnter();
1798 
1799  DetectAddress *g = NULL;
1800 
1801  if (gh == NULL) {
1802  SCReturnPtr(NULL, "DetectAddress");
1803  }
1804 
1805  /* XXX should we really do this check every time we run this function? */
1806  if (a->family == AF_INET) {
1807  SCLogDebug("IPv4");
1808  g = gh->ipv4_head;
1809  } else if (a->family == AF_INET6) {
1810  SCLogDebug("IPv6");
1811  g = gh->ipv6_head;
1812  }
1813 
1814  for ( ; g != NULL; g = g->next) {
1815  if (DetectAddressMatch(g,a) == 1) {
1816  SCReturnPtr(g, "DetectAddress");
1817  }
1818  }
1819 
1820  SCReturnPtr(NULL, "DetectAddress");
1821 }
1822 
1823 /********************************Unittests*************************************/
1824 
1825 #ifdef UNITTESTS
1826 
1827 static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1828 {
1829  char str1[46] = "", str2[46] = "";
1830 
1831  if (ad == NULL)
1832  return false;
1833 
1834  switch(ad->ip.family) {
1835  case AF_INET:
1836  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1837  SCLogDebug("%s", str1);
1838  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1839  SCLogDebug("%s", str2);
1840 
1841  if (strcmp(str1, one) != 0) {
1842  SCLogInfo("%s != %s", str1, one);
1843  return false;
1844  }
1845 
1846  if (strcmp(str2, two) != 0) {
1847  SCLogInfo("%s != %s", str2, two);
1848  return false;
1849  }
1850 
1851  return true;
1852  break;
1853 
1854  case AF_INET6:
1855  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1856  SCLogDebug("%s", str1);
1857  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1858  SCLogDebug("%s", str2);
1859 
1860  if (strcmp(str1, one) != 0) {
1861  SCLogInfo("%s != %s", str1, one);
1862  return false;
1863  }
1864 
1865  if (strcmp(str2, two) != 0) {
1866  SCLogInfo("%s != %s", str2, two);
1867  return false;
1868  }
1869 
1870  return true;
1871  break;
1872  }
1873 
1874  return false;
1875 }
1876 
1877 typedef struct UTHValidateDetectAddressHeadRange_ {
1878  const char *one;
1879  const char *two;
1880 } UTHValidateDetectAddressHeadRange;
1881 
1882 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1883 {
1884  int expect = nranges;
1885  int have = 0;
1886 
1887  if (gh == NULL)
1888  return false;
1889 
1890  DetectAddress *ad = NULL;
1891  ad = gh->ipv4_head;
1892  if (ad == NULL)
1893  ad = gh->ipv6_head;
1894  while (have < expect) {
1895  if (ad == NULL) {
1896  printf("bad head: have %d ranges, expected %d: ", have, expect);
1897  return false;
1898  }
1899 
1900  if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1901  return false;
1902 
1903  ad = ad->next;
1904  have++;
1905  }
1906 
1907  return true;
1908 }
1909 
1910 static int AddressTestParse01(void)
1911 {
1912  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1913 
1914  if (dd) {
1915  DetectAddressFree(dd);
1916  return 1;
1917  }
1918 
1919  return 0;
1920 }
1921 
1922 static int AddressTestParse02(void)
1923 {
1924  int result = 1;
1925  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1926 
1927  if (dd) {
1928  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1929  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1930  result = 0;
1931  }
1932 
1933  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1934  DetectAddressFree(dd);
1935  return result;
1936  }
1937 
1938  return 0;
1939 }
1940 
1941 static int AddressTestParse03(void)
1942 {
1943  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1944 
1945  if (dd) {
1946  DetectAddressFree(dd);
1947  return 1;
1948  }
1949 
1950  return 0;
1951 }
1952 
1953 static int AddressTestParse04(void)
1954 {
1955  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1956  FAIL_IF_NULL(dd);
1957 
1958  char left[16], right[16];
1959  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1960  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1961  SCLogDebug("left %s right %s", left, right);
1962  FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1963  FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1964  FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1965  FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1966 
1967  DetectAddressFree(dd);
1968  PASS;
1969 }
1970 
1971 /** \test that address range sets proper start address */
1972 static int AddressTestParse04bug5081(void)
1973 {
1974  DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1975  FAIL_IF_NULL(dd);
1976 
1977  char left[16], right[16];
1978  PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1979  PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1980  SCLogDebug("left %s right %s", left, right);
1981  FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1982  FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1983 
1984  DetectAddressFree(dd);
1985  PASS;
1986 }
1987 
1988 static int AddressTestParse05(void)
1989 {
1990  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1991 
1992  if (dd) {
1993  DetectAddressFree(dd);
1994  return 1;
1995  }
1996 
1997  return 0;
1998 }
1999 
2000 static int AddressTestParse06(void)
2001 {
2002  int result = 1;
2003  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2004 
2005  if (dd) {
2006  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2007  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2008  result = 0;
2009  }
2010 
2011  DetectAddressFree(dd);
2012  return result;
2013  }
2014 
2015  return 0;
2016 }
2017 
2018 static int AddressTestParse07(void)
2019 {
2020  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2021 
2022  if (dd) {
2023  DetectAddressFree(dd);
2024  return 1;
2025  }
2026 
2027  return 0;
2028 }
2029 
2030 static int AddressTestParse08(void)
2031 {
2032  int result = 1;
2033  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2034 
2035  if (dd) {
2036  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2037  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2038 
2039  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2040  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2041  DetectAddressPrint(dd);
2042  result = 0;
2043  }
2044 
2045  DetectAddressFree(dd);
2046  return result;
2047  }
2048 
2049  return 0;
2050 }
2051 
2052 static int AddressTestParse09(void)
2053 {
2054  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2055 
2056  if (dd) {
2057  DetectAddressFree(dd);
2058  return 1;
2059  }
2060 
2061  return 0;
2062 }
2063 
2064 static int AddressTestParse10(void)
2065 {
2066  int result = 1;
2067  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2068 
2069  if (dd) {
2070  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2071  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2072 
2073  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2074  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2075  DetectAddressPrint(dd);
2076  result = 0;
2077  }
2078 
2079  DetectAddressFree(dd);
2080  return result;
2081  }
2082 
2083  return 0;
2084 }
2085 
2086 static int AddressTestParse11(void)
2087 {
2088  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2089 
2090  if (dd) {
2091  DetectAddressFree(dd);
2092  return 1;
2093  }
2094 
2095  return 0;
2096 }
2097 
2098 static int AddressTestParse12(void)
2099 {
2100  int result = 1;
2101  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2102 
2103  if (dd) {
2104  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2105  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2106 
2107  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2108  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2109  DetectAddressPrint(dd);
2110  result = 0;
2111  }
2112 
2113  DetectAddressFree(dd);
2114  return result;
2115  }
2116 
2117  return 0;
2118 }
2119 static int AddressTestParse13(void)
2120 {
2121  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2122 
2123  if (dd) {
2124  DetectAddressFree(dd);
2125  return 1;
2126  }
2127 
2128  return 0;
2129 }
2130 
2131 static int AddressTestParse14(void)
2132 {
2133  int result = 1;
2134  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2135 
2136  if (dd) {
2137  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2138  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2139 
2140  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2141  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2142  result = 0;
2143  }
2144 
2145  DetectAddressFree(dd);
2146  return result;
2147  }
2148 
2149  return 0;
2150 }
2151 
2152 static int AddressTestParse15(void)
2153 {
2154  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2155 
2156  if (dd) {
2157  DetectAddressFree(dd);
2158  return 1;
2159  }
2160 
2161  return 0;
2162 }
2163 
2164 static int AddressTestParse16(void)
2165 {
2166  int result = 1;
2167  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2168 
2169  if (dd) {
2170  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2171  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2172 
2173  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2174  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2175  result = 0;
2176  }
2177 
2178  DetectAddressFree(dd);
2179  return result;
2180  }
2181 
2182  return 0;
2183 }
2184 
2185 static int AddressTestParse17(void)
2186 {
2187  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2188 
2189  if (dd) {
2190  DetectAddressFree(dd);
2191  return 1;
2192  }
2193 
2194  return 0;
2195 }
2196 
2197 static int AddressTestParse18(void)
2198 {
2199  int result = 1;
2200  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2201 
2202  if (dd) {
2203  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2204  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2205  result = 0;
2206  }
2207 
2208  DetectAddressFree(dd);
2209  return result;
2210  }
2211 
2212  return 0;
2213 }
2214 
2215 static int AddressTestParse19(void)
2216 {
2217  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2218 
2219  if (dd) {
2220  DetectAddressFree(dd);
2221  return 0;
2222  }
2223 
2224  return 1;
2225 }
2226 
2227 static int AddressTestParse20(void)
2228 {
2229  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2230 
2231  if (dd) {
2232  DetectAddressFree(dd);
2233  return 1;
2234  }
2235 
2236  return 0;
2237 }
2238 
2239 static int AddressTestParse21(void)
2240 {
2241  int result = 1;
2242  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2243 
2244  if (dd) {
2245  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2246  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2247 
2248  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2249  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2250  result = 0;
2251  }
2252 
2253  DetectAddressFree(dd);
2254  return result;
2255  }
2256 
2257  return 0;
2258 }
2259 
2260 static int AddressTestParse22(void)
2261 {
2262  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2263 
2264  if (dd) {
2265  DetectAddressFree(dd);
2266  return 0;
2267  }
2268 
2269  return 1;
2270 }
2271 
2272 static int AddressTestParse23(void)
2273 {
2274  DetectAddressHead *gh = DetectAddressHeadInit();
2275  FAIL_IF_NULL(gh);
2276  int r = DetectAddressParse(NULL, gh, "any");
2277  FAIL_IF_NOT(r == 0);
2278  DetectAddressHeadFree(gh);
2279  PASS;
2280 }
2281 
2282 static int AddressTestParse24(void)
2283 {
2284  DetectAddressHead *gh = DetectAddressHeadInit();
2285  FAIL_IF_NULL(gh);
2286  int r = DetectAddressParse(NULL, gh, "Any");
2287  FAIL_IF_NOT(r == 0);
2288  DetectAddressHeadFree(gh);
2289  PASS;
2290 }
2291 
2292 static int AddressTestParse25(void)
2293 {
2294  DetectAddressHead *gh = DetectAddressHeadInit();
2295  FAIL_IF_NULL(gh);
2296  int r = DetectAddressParse(NULL, gh, "ANY");
2297  FAIL_IF_NOT(r == 0);
2298  DetectAddressHeadFree(gh);
2299  PASS;
2300 }
2301 
2302 /** \test recursion limit */
2303 static int AddressTestParse26(void)
2304 {
2305  DetectAddressHead *gh = DetectAddressHeadInit();
2306  FAIL_IF_NULL(gh);
2307  /* exactly 64: should pass */
2308  int r = DetectAddressParse(NULL, gh,
2309  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2310  "1.2.3.4"
2311  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2312  );
2313  FAIL_IF_NOT(r == 0);
2314  DetectAddressHeadFree(gh);
2315  gh = DetectAddressHeadInit();
2316  FAIL_IF_NULL(gh);
2317  /* exactly 65: should fail */
2318  r = DetectAddressParse(NULL, gh,
2319  "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2320  "1.2.3.4"
2321  "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2322  );
2323  FAIL_IF(r == 0);
2324  DetectAddressHeadFree(gh);
2325  PASS;
2326 }
2327 
2328 static int AddressTestParse27(void)
2329 {
2330  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2331 
2332  if (dd) {
2333  DetectAddressFree(dd);
2334  return 1;
2335  }
2336 
2337  return 0;
2338 }
2339 
2340 static int AddressTestParse28(void)
2341 {
2342  int result = 0;
2343  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2344 
2345  if (dd) {
2346  if (dd->flags & ADDRESS_FLAG_NOT &&
2347  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2348  result = 1;
2349  }
2350 
2351  DetectAddressFree(dd);
2352  return result;
2353  }
2354 
2355  return 0;
2356 }
2357 
2358 static int AddressTestParse29(void)
2359 {
2360  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2361 
2362  if (dd) {
2363  DetectAddressFree(dd);
2364  return 1;
2365  }
2366 
2367  return 0;
2368 }
2369 
2370 static int AddressTestParse30(void)
2371 {
2372  int result = 0;
2373  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2374 
2375  if (dd) {
2376  if (dd->flags & ADDRESS_FLAG_NOT &&
2377  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2378  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2379  result = 1;
2380  }
2381 
2382  DetectAddressFree(dd);
2383  return result;
2384  }
2385 
2386  return 0;
2387 }
2388 
2389 /**
2390  * \test make sure !any is rejected
2391  */
2392 static int AddressTestParse31(void)
2393 {
2394  DetectAddress *dd = DetectAddressParseSingle("!any");
2395 
2396  if (dd) {
2397  DetectAddressFree(dd);
2398  return 0;
2399  }
2400 
2401  return 1;
2402 }
2403 
2404 static int AddressTestParse32(void)
2405 {
2406  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2407 
2408  if (dd) {
2409  DetectAddressFree(dd);
2410  return 1;
2411  }
2412 
2413  return 0;
2414 }
2415 
2416 static int AddressTestParse33(void)
2417 {
2418  int result = 0;
2419  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2420 
2421  if (dd) {
2422  if (dd->flags & ADDRESS_FLAG_NOT &&
2423  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2424  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2425  result = 1;
2426  }
2427 
2428  DetectAddressFree(dd);
2429  return result;
2430  }
2431 
2432  return 0;
2433 }
2434 
2435 static int AddressTestParse34(void)
2436 {
2437  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2438 
2439  if (dd) {
2440  DetectAddressFree(dd);
2441  return 1;
2442  }
2443 
2444  return 0;
2445 }
2446 
2447 static int AddressTestParse35(void)
2448 {
2449  int result = 0;
2450  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2451 
2452  if (dd) {
2453  if (dd->flags & ADDRESS_FLAG_NOT &&
2454  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2455  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2456 
2457  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2458  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2459  result = 1;
2460  }
2461 
2462  DetectAddressFree(dd);
2463  return result;
2464  }
2465 
2466  return 0;
2467 }
2468 
2469 static int AddressTestParse36(void)
2470 {
2471  int result = 1;
2472  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2473 
2474  if (dd) {
2475  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2476  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2477 
2478  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2479  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2480 
2481  DetectAddressPrint(dd);
2482  result = 0;
2483  }
2484  DetectAddressPrint(dd);
2485 
2486  DetectAddressFree(dd);
2487  return result;
2488  }
2489 
2490  return 0;
2491 }
2492 
2493 static int AddressTestParse37(void)
2494 {
2495  int result = 1;
2496  DetectAddress *dd = DetectAddressParseSingle("::/0");
2497 
2498  if (dd) {
2499  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2500  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2501 
2502  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2503  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2504  DetectAddressPrint(dd);
2505  result = 0;
2506  }
2507  DetectAddressPrint(dd);
2508 
2509  DetectAddressFree(dd);
2510  return result;
2511  }
2512 
2513  return 0;
2514 }
2515 
2516 static int AddressTestMatch01(void)
2517 {
2518  DetectAddress *dd = NULL;
2519  int result = 1;
2520  struct in_addr in;
2521  Address a;
2522 
2523  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2524  return 0;
2525  memset(&a, 0, sizeof(Address));
2526  a.family = AF_INET;
2527  a.addr_data32[0] = in.s_addr;
2528 
2529  dd = DetectAddressParseSingle("1.2.3.4/24");
2530  if (dd) {
2531  if (DetectAddressMatch(dd, &a) == 0)
2532  result = 0;
2533 
2534  DetectAddressFree(dd);
2535  return result;
2536  }
2537 
2538  return 0;
2539 }
2540 
2541 static int AddressTestMatch02(void)
2542 {
2543  DetectAddress *dd = NULL;
2544  int result = 1;
2545  struct in_addr in;
2546  Address a;
2547 
2548  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2549  return 0;
2550  memset(&a, 0, sizeof(Address));
2551  a.family = AF_INET;
2552  a.addr_data32[0] = in.s_addr;
2553 
2554  dd = DetectAddressParseSingle("1.2.3.4/25");
2555  if (dd) {
2556  if (DetectAddressMatch(dd, &a) == 0)
2557  result = 0;
2558 
2559  DetectAddressFree(dd);
2560  return result;
2561  }
2562 
2563  return 0;
2564 }
2565 
2566 static int AddressTestMatch03(void)
2567 {
2568  DetectAddress *dd = NULL;
2569  int result = 1;
2570  struct in_addr in;
2571  Address a;
2572 
2573  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2574  return 0;
2575  memset(&a, 0, sizeof(Address));
2576  a.family = AF_INET;
2577  a.addr_data32[0] = in.s_addr;
2578 
2579  dd = DetectAddressParseSingle("1.2.3.4/25");
2580  if (dd) {
2581  if (DetectAddressMatch(dd, &a) == 1)
2582  result = 0;
2583 
2584  DetectAddressFree(dd);
2585  return result;
2586  }
2587 
2588  return 0;
2589 }
2590 
2591 static int AddressTestMatch04(void)
2592 {
2593  DetectAddress *dd = NULL;
2594  int result = 1;
2595  struct in_addr in;
2596  Address a;
2597 
2598  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2599  return 0;
2600  memset(&a, 0, sizeof(Address));
2601  a.family = AF_INET;
2602  a.addr_data32[0] = in.s_addr;
2603 
2604  dd = DetectAddressParseSingle("1.2.3.4/25");
2605  if (dd) {
2606  if (DetectAddressMatch(dd, &a) == 1)
2607  result = 0;
2608 
2609  DetectAddressFree(dd);
2610  return result;
2611  }
2612 
2613  return 0;
2614 }
2615 
2616 static int AddressTestMatch05(void)
2617 {
2618  DetectAddress *dd = NULL;
2619  int result = 1;
2620  struct in_addr in;
2621  Address a;
2622 
2623  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2624  return 0;
2625  memset(&a, 0, sizeof(Address));
2626  a.family = AF_INET;
2627  a.addr_data32[0] = in.s_addr;
2628 
2629  dd = DetectAddressParseSingle("1.2.3.4/32");
2630  if (dd) {
2631  if (DetectAddressMatch(dd, &a) == 0)
2632  result = 0;
2633 
2634  DetectAddressFree(dd);
2635  return result;
2636  }
2637 
2638  return 0;
2639 }
2640 
2641 static int AddressTestMatch06(void)
2642 {
2643  DetectAddress *dd = NULL;
2644  int result = 1;
2645  struct in_addr in;
2646  Address a;
2647 
2648  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2649  return 0;
2650  memset(&a, 0, sizeof(Address));
2651  a.family = AF_INET;
2652  a.addr_data32[0] = in.s_addr;
2653 
2654  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2655  if (dd) {
2656  if (DetectAddressMatch(dd, &a) == 0)
2657  result = 0;
2658 
2659  DetectAddressFree(dd);
2660  return result;
2661  }
2662 
2663  return 0;
2664 }
2665 
2666 static int AddressTestMatch07(void)
2667 {
2668  DetectAddress *dd = NULL;
2669  int result = 1;
2670  struct in6_addr in6;
2671  Address a;
2672 
2673  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2674  return 0;
2675  memset(&a, 0, sizeof(Address));
2676  a.family = AF_INET6;
2677  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2678 
2679  dd = DetectAddressParseSingle("2001::/3");
2680  if (dd) {
2681  if (DetectAddressMatch(dd, &a) == 0)
2682  result = 0;
2683 
2684  DetectAddressFree(dd);
2685  return result;
2686  }
2687 
2688  return 0;
2689 }
2690 
2691 static int AddressTestMatch08(void)
2692 {
2693  DetectAddress *dd = NULL;
2694  int result = 1;
2695  struct in6_addr in6;
2696  Address a;
2697 
2698  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2699  return 0;
2700  memset(&a, 0, sizeof(Address));
2701  a.family = AF_INET6;
2702  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2703 
2704  dd = DetectAddressParseSingle("2001::/3");
2705  if (dd) {
2706  if (DetectAddressMatch(dd, &a) == 1)
2707  result = 0;
2708 
2709  DetectAddressFree(dd);
2710  return result;
2711  }
2712 
2713  return 0;
2714 }
2715 
2716 static int AddressTestMatch09(void)
2717 {
2718  DetectAddress *dd = NULL;
2719  int result = 1;
2720  struct in6_addr in6;
2721  Address a;
2722 
2723  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2724  return 0;
2725  memset(&a, 0, sizeof(Address));
2726  a.family = AF_INET6;
2727  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2728 
2729  dd = DetectAddressParseSingle("2001::1/128");
2730  if (dd) {
2731  if (DetectAddressMatch(dd, &a) == 1)
2732  result = 0;
2733 
2734  DetectAddressFree(dd);
2735  return result;
2736  }
2737 
2738  return 0;
2739 }
2740 
2741 static int AddressTestMatch10(void)
2742 {
2743  DetectAddress *dd = NULL;
2744  int result = 1;
2745  struct in6_addr in6;
2746  Address a;
2747 
2748  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2749  return 0;
2750  memset(&a, 0, sizeof(Address));
2751  a.family = AF_INET6;
2752  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2753 
2754  dd = DetectAddressParseSingle("2001::1/126");
2755  if (dd) {
2756  if (DetectAddressMatch(dd, &a) == 0)
2757  result = 0;
2758 
2759  DetectAddressFree(dd);
2760  return result;
2761  }
2762 
2763  return 0;
2764 }
2765 
2766 static int AddressTestMatch11(void)
2767 {
2768  DetectAddress *dd = NULL;
2769  int result = 1;
2770  struct in6_addr in6;
2771  Address a;
2772 
2773  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2774  return 0;
2775  memset(&a, 0, sizeof(Address));
2776  a.family = AF_INET6;
2777  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2778 
2779  dd = DetectAddressParseSingle("2001::1/127");
2780  if (dd) {
2781  if (DetectAddressMatch(dd, &a) == 1)
2782  result = 0;
2783 
2784  DetectAddressFree(dd);
2785  return result;
2786  }
2787 
2788  return 0;
2789 }
2790 
2791 static int AddressTestCmp01(void)
2792 {
2793  DetectAddress *da = NULL, *db = NULL;
2794  int result = 1;
2795 
2796  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2797  if (da == NULL) goto error;
2798  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2799  if (db == NULL) goto error;
2800 
2801  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2802  result = 0;
2803 
2804  DetectAddressFree(da);
2805  DetectAddressFree(db);
2806  return result;
2807 
2808 error:
2809  if (da) DetectAddressFree(da);
2810  if (db) DetectAddressFree(db);
2811  return 0;
2812 }
2813 
2814 static int AddressTestCmp02(void)
2815 {
2816  DetectAddress *da = NULL, *db = NULL;
2817  int result = 1;
2818 
2819  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2820  if (da == NULL) goto error;
2821  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2822  if (db == NULL) goto error;
2823 
2824  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2825  result = 0;
2826 
2827  DetectAddressFree(da);
2828  DetectAddressFree(db);
2829  return result;
2830 
2831 error:
2832  if (da) DetectAddressFree(da);
2833  if (db) DetectAddressFree(db);
2834  return 0;
2835 }
2836 
2837 static int AddressTestCmp03(void)
2838 {
2839  DetectAddress *da = NULL, *db = NULL;
2840  int result = 1;
2841 
2842  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2843  if (da == NULL) goto error;
2844  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2845  if (db == NULL) goto error;
2846 
2847  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2848  result = 0;
2849 
2850  DetectAddressFree(da);
2851  DetectAddressFree(db);
2852  return result;
2853 
2854 error:
2855  if (da) DetectAddressFree(da);
2856  if (db) DetectAddressFree(db);
2857  return 0;
2858 }
2859 
2860 static int AddressTestCmp04(void)
2861 {
2862  DetectAddress *da = NULL, *db = NULL;
2863  int result = 1;
2864 
2865  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2866  if (da == NULL) goto error;
2867  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2868  if (db == NULL) goto error;
2869 
2870  if (DetectAddressCmp(da, db) != ADDRESS_LT)
2871  result = 0;
2872 
2873  DetectAddressFree(da);
2874  DetectAddressFree(db);
2875  return result;
2876 
2877 error:
2878  if (da) DetectAddressFree(da);
2879  if (db) DetectAddressFree(db);
2880  return 0;
2881 }
2882 
2883 static int AddressTestCmp05(void)
2884 {
2885  DetectAddress *da = NULL, *db = NULL;
2886  int result = 1;
2887 
2888  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2889  if (da == NULL) goto error;
2890  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2891  if (db == NULL) goto error;
2892 
2893  if (DetectAddressCmp(da, db) != ADDRESS_GT)
2894  result = 0;
2895 
2896  DetectAddressFree(da);
2897  DetectAddressFree(db);
2898  return result;
2899 
2900 error:
2901  if (da) DetectAddressFree(da);
2902  if (db) DetectAddressFree(db);
2903  return 0;
2904 }
2905 
2906 static int AddressTestCmp06(void)
2907 {
2908  DetectAddress *da = NULL, *db = NULL;
2909  int result = 1;
2910 
2911  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2912  if (da == NULL) goto error;
2913  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2914  if (db == NULL) goto error;
2915 
2916  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2917  result = 0;
2918 
2919  DetectAddressFree(da);
2920  DetectAddressFree(db);
2921  return result;
2922 
2923 error:
2924  if (da) DetectAddressFree(da);
2925  if (db) DetectAddressFree(db);
2926  return 0;
2927 }
2928 
2929 static int AddressTestCmpIPv407(void)
2930 {
2931  DetectAddress *da = NULL, *db = NULL;
2932  int result = 1;
2933 
2934  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2935  if (da == NULL) goto error;
2936  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2937  if (db == NULL) goto error;
2938 
2939  if (DetectAddressCmp(da, db) != ADDRESS_LE)
2940  result = 0;
2941 
2942  DetectAddressFree(da);
2943  DetectAddressFree(db);
2944  return result;
2945 
2946 error:
2947  if (da) DetectAddressFree(da);
2948  if (db) DetectAddressFree(db);
2949  return 0;
2950 }
2951 
2952 static int AddressTestCmpIPv408(void)
2953 {
2954  DetectAddress *da = NULL, *db = NULL;
2955  int result = 1;
2956 
2957  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2958  if (da == NULL) goto error;
2959  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2960  if (db == NULL) goto error;
2961 
2962  if (DetectAddressCmp(da, db) != ADDRESS_GE)
2963  result = 0;
2964 
2965  DetectAddressFree(da);
2966  DetectAddressFree(db);
2967  return result;
2968 
2969 error:
2970  if (da) DetectAddressFree(da);
2971  if (db) DetectAddressFree(db);
2972  return 0;
2973 }
2974 
2975 static int AddressTestCmp07(void)
2976 {
2977  DetectAddress *da = NULL, *db = NULL;
2978  int result = 1;
2979 
2980  da = DetectAddressParseSingle("2001::/3");
2981  if (da == NULL) goto error;
2982  db = DetectAddressParseSingle("2001::1/3");
2983  if (db == NULL) goto error;
2984 
2985  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2986  result = 0;
2987 
2988  DetectAddressFree(da);
2989  DetectAddressFree(db);
2990  return result;
2991 
2992 error:
2993  if (da) DetectAddressFree(da);
2994  if (db) DetectAddressFree(db);
2995  return 0;
2996 }
2997 
2998 static int AddressTestCmp08(void)
2999 {
3000  DetectAddress *da = NULL, *db = NULL;
3001  int result = 1;
3002 
3003  da = DetectAddressParseSingle("2001::/3");
3004  if (da == NULL) goto error;
3005  db = DetectAddressParseSingle("2001::/8");
3006  if (db == NULL) goto error;
3007 
3008  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3009  result = 0;
3010 
3011  DetectAddressFree(da);
3012  DetectAddressFree(db);
3013  return result;
3014 
3015 error:
3016  if (da) DetectAddressFree(da);
3017  if (db) DetectAddressFree(db);
3018  return 0;
3019 }
3020 
3021 static int AddressTestCmp09(void)
3022 {
3023  DetectAddress *da = NULL, *db = NULL;
3024  int result = 1;
3025 
3026  da = DetectAddressParseSingle("2001::/8");
3027  if (da == NULL) goto error;
3028  db = DetectAddressParseSingle("2001::/3");
3029  if (db == NULL) goto error;
3030 
3031  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3032  result = 0;
3033 
3034  DetectAddressFree(da);
3035  DetectAddressFree(db);
3036  return result;
3037 
3038 error:
3039  if (da) DetectAddressFree(da);
3040  if (db) DetectAddressFree(db);
3041  return 0;
3042 }
3043 
3044 static int AddressTestCmp10(void)
3045 {
3046  DetectAddress *da = NULL, *db = NULL;
3047  int result = 1;
3048 
3049  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3050  if (da == NULL) goto error;
3051  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3052  if (db == NULL) goto error;
3053 
3054  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3055  result = 0;
3056 
3057  DetectAddressFree(da);
3058  DetectAddressFree(db);
3059  return result;
3060 
3061 error:
3062  if (da) DetectAddressFree(da);
3063  if (db) DetectAddressFree(db);
3064  return 0;
3065 }
3066 
3067 static int AddressTestCmp11(void)
3068 {
3069  DetectAddress *da = NULL, *db = NULL;
3070  int result = 1;
3071 
3072  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3073  if (da == NULL) goto error;
3074  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3075  if (db == NULL) goto error;
3076 
3077  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3078  result = 0;
3079 
3080  DetectAddressFree(da);
3081  DetectAddressFree(db);
3082  return result;
3083 
3084 error:
3085  if (da) DetectAddressFree(da);
3086  if (db) DetectAddressFree(db);
3087  return 0;
3088 }
3089 
3090 static int AddressTestCmp12(void)
3091 {
3092  DetectAddress *da = NULL, *db = NULL;
3093  int result = 1;
3094 
3095  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3096  if (da == NULL) goto error;
3097  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3098  if (db == NULL) goto error;
3099 
3100  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3101  result = 0;
3102 
3103  DetectAddressFree(da);
3104  DetectAddressFree(db);
3105  return result;
3106 
3107 error:
3108  if (da) DetectAddressFree(da);
3109  if (db) DetectAddressFree(db);
3110  return 0;
3111 }
3112 
3113 static int AddressTestAddressGroupSetup01(void)
3114 {
3115  int result = 0;
3116  DetectAddressHead *gh = DetectAddressHeadInit();
3117 
3118  if (gh != NULL) {
3119  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3120  if (r == 0)
3121  result = 1;
3122 
3123  DetectAddressHeadFree(gh);
3124  }
3125  return result;
3126 }
3127 
3128 static int AddressTestAddressGroupSetup02(void)
3129 {
3130  int result = 0;
3131  DetectAddressHead *gh = DetectAddressHeadInit();
3132 
3133  if (gh != NULL) {
3134  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3135  if (r == 0 && gh->ipv4_head != NULL)
3136  result = 1;
3137 
3138  DetectAddressHeadFree(gh);
3139  }
3140  return result;
3141 }
3142 
3143 static int AddressTestAddressGroupSetup03(void)
3144 {
3145  int result = 0;
3146  DetectAddressHead *gh = DetectAddressHeadInit();
3147 
3148  if (gh != NULL) {
3149  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3150  if (r == 0 && gh->ipv4_head != NULL) {
3151  DetectAddress *prev_head = gh->ipv4_head;
3152 
3153  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3154  if (r == 0 && gh->ipv4_head != prev_head &&
3155  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3156  result = 1;
3157  }
3158  }
3159 
3160  DetectAddressHeadFree(gh);
3161  }
3162  return result;
3163 }
3164 
3165 static int AddressTestAddressGroupSetup04(void)
3166 {
3167  int result = 0;
3168  DetectAddressHead *gh = DetectAddressHeadInit();
3169 
3170  if (gh != NULL) {
3171  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3172  if (r == 0 && gh->ipv4_head != NULL) {
3173  DetectAddress *prev_head = gh->ipv4_head;
3174 
3175  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3176  if (r == 0 && gh->ipv4_head != prev_head &&
3177  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3178  DetectAddress *ph = gh->ipv4_head;
3179 
3180  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3181  if (r == 0 && gh->ipv4_head != ph &&
3182  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3183  result = 1;
3184  }
3185  }
3186  }
3187 
3188  DetectAddressHeadFree(gh);
3189  }
3190  return result;
3191 }
3192 
3193 static int AddressTestAddressGroupSetup05(void)
3194 {
3195  int result = 0;
3196  DetectAddressHead *gh = DetectAddressHeadInit();
3197 
3198  if (gh != NULL) {
3199  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3200  if (r == 0 && gh->ipv4_head != NULL) {
3201  DetectAddress *prev_head = gh->ipv4_head;
3202 
3203  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3204  if (r == 0 && gh->ipv4_head == prev_head &&
3205  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3206  DetectAddress *ph = gh->ipv4_head;
3207 
3208  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3209  if (r == 0 && gh->ipv4_head == ph &&
3210  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3211  result = 1;
3212  }
3213  }
3214  }
3215 
3216  DetectAddressHeadFree(gh);
3217  }
3218  return result;
3219 }
3220 
3221 static int AddressTestAddressGroupSetup06(void)
3222 {
3223  int result = 0;
3224  DetectAddressHead *gh = DetectAddressHeadInit();
3225 
3226  if (gh != NULL) {
3227  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3228  if (r == 0 && gh->ipv4_head != NULL) {
3229  DetectAddress *prev_head = gh->ipv4_head;
3230 
3231  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3232  if (r == 0 && gh->ipv4_head == prev_head &&
3233  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3234  result = 1;
3235  }
3236  }
3237 
3238  DetectAddressHeadFree(gh);
3239  }
3240  return result;
3241 }
3242 
3243 static int AddressTestAddressGroupSetup07(void)
3244 {
3245  int result = 0;
3246  DetectAddressHead *gh = DetectAddressHeadInit();
3247 
3248  if (gh != NULL) {
3249  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3250  if (r == 0 && gh->ipv4_head != NULL) {
3251  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3252  if (r == 0 && gh->ipv4_head != NULL &&
3253  gh->ipv4_head->next != NULL &&
3254  gh->ipv4_head->next->next != NULL) {
3255  result = 1;
3256  }
3257  }
3258 
3259  DetectAddressHeadFree(gh);
3260  }
3261  return result;
3262 }
3263 
3264 static int AddressTestAddressGroupSetup08(void)
3265 {
3266  int result = 0;
3267  DetectAddressHead *gh = DetectAddressHeadInit();
3268 
3269  if (gh != NULL) {
3270  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3271  if (r == 0 && gh->ipv4_head != NULL) {
3272  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3273  if (r == 0 && gh->ipv4_head != NULL &&
3274  gh->ipv4_head->next != NULL &&
3275  gh->ipv4_head->next->next != NULL) {
3276  result = 1;
3277  }
3278  }
3279 
3280  DetectAddressHeadFree(gh);
3281  }
3282  return result;
3283 }
3284 
3285 static int AddressTestAddressGroupSetup09(void)
3286 {
3287  int result = 0;
3288  DetectAddressHead *gh = DetectAddressHeadInit();
3289 
3290  if (gh != NULL) {
3291  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3292  if (r == 0 && gh->ipv4_head != NULL) {
3293  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3294  if (r == 0 && gh->ipv4_head != NULL &&
3295  gh->ipv4_head->next != NULL &&
3296  gh->ipv4_head->next->next != NULL) {
3297  result = 1;
3298  }
3299  }
3300 
3301  DetectAddressHeadFree(gh);
3302  }
3303  return result;
3304 }
3305 
3306 static int AddressTestAddressGroupSetup10(void)
3307 {
3308  int result = 0;
3309  DetectAddressHead *gh = DetectAddressHeadInit();
3310 
3311  if (gh != NULL) {
3312  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3313  if (r == 0 && gh->ipv4_head != NULL) {
3314  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3315  if (r == 0 && gh->ipv4_head != NULL &&
3316  gh->ipv4_head->next != NULL &&
3317  gh->ipv4_head->next->next != NULL) {
3318  result = 1;
3319  }
3320  }
3321 
3322  DetectAddressHeadFree(gh);
3323  }
3324  return result;
3325 }
3326 
3327 static int AddressTestAddressGroupSetup11(void)
3328 {
3329  int result = 0;
3330  DetectAddressHead *gh = DetectAddressHeadInit();
3331 
3332  if (gh != NULL) {
3333  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3334  if (r == 0) {
3335  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3336  if (r == 0) {
3337  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3338  if (r == 0) {
3339  DetectAddress *one = gh->ipv4_head, *two = one->next,
3340  *three = two->next, *four = three->next,
3341  *five = four->next;
3342 
3343  /* result should be:
3344  * 0.0.0.0/10.10.9.255
3345  * 10.10.10.0/10.10.10.9
3346  * 10.10.10.10/10.10.10.255
3347  * 10.10.11.0/10.10.11.1
3348  * 10.10.11.2/255.255.255.255
3349  */
3350  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3351  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3352  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3353  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3354  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3355  result = 1;
3356  }
3357  }
3358  }
3359  }
3360 
3361  DetectAddressHeadFree(gh);
3362  }
3363  return result;
3364 }
3365 
3366 static int AddressTestAddressGroupSetup12 (void)
3367 {
3368  int result = 0;
3369  DetectAddressHead *gh = DetectAddressHeadInit();
3370 
3371  if (gh != NULL) {
3372  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3373  if (r == 0) {
3374  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3375  if (r == 0) {
3376  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3377  if (r == 0) {
3378  DetectAddress *one = gh->ipv4_head, *two = one->next,
3379  *three = two->next, *four = three->next,
3380  *five = four->next;
3381 
3382  /* result should be:
3383  * 0.0.0.0/10.10.9.255
3384  * 10.10.10.0/10.10.10.9
3385  * 10.10.10.10/10.10.10.255
3386  * 10.10.11.0/10.10.11.1
3387  * 10.10.11.2/255.255.255.255
3388  */
3389  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3390  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3391  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3392  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3393  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3394  result = 1;
3395  }
3396  }
3397  }
3398  }
3399 
3400  DetectAddressHeadFree(gh);
3401  }
3402  return result;
3403 }
3404 
3405 static int AddressTestAddressGroupSetup13(void)
3406 {
3407  int result = 0;
3408  DetectAddressHead *gh = DetectAddressHeadInit();
3409 
3410  if (gh != NULL) {
3411  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3412  if (r == 0) {
3413  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3414  if (r == 0) {
3415  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3416  if (r == 0) {
3417  DetectAddress *one = gh->ipv4_head, *two = one->next,
3418  *three = two->next, *four = three->next,
3419  *five = four->next;
3420 
3421  /* result should be:
3422  * 0.0.0.0/10.10.9.255
3423  * 10.10.10.0/10.10.10.9
3424  * 10.10.10.10/10.10.10.255
3425  * 10.10.11.0/10.10.11.1
3426  * 10.10.11.2/255.255.255.255
3427  */
3428  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3429  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3430  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3431  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3432  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3433  result = 1;
3434  }
3435  }
3436  }
3437  }
3438 
3439  DetectAddressHeadFree(gh);
3440  }
3441  return result;
3442 }
3443 
3444 static int AddressTestAddressGroupSetupIPv414(void)
3445 {
3446  DetectAddressHead *gh = DetectAddressHeadInit();
3447  FAIL_IF_NULL(gh);
3448 
3449  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3450  FAIL_IF_NOT(r == 1);
3451 
3452  DetectAddress *one = gh->ipv4_head;
3453  FAIL_IF_NULL(one);
3454  DetectAddress *two = one->next;
3455  FAIL_IF_NULL(two);
3456 
3457  /* result should be:
3458  * 0.0.0.0/1.2.3.3
3459  * 1.2.3.5/255.255.255.255
3460  */
3461  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3462  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3463  FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3464  FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3465  DetectAddressHeadFree(gh);
3466 
3467  PASS;
3468 }
3469 
3470 static int AddressTestAddressGroupSetupIPv415(void)
3471 {
3472  DetectAddressHead *gh = DetectAddressHeadInit();
3473  FAIL_IF_NULL(gh);
3474 
3475  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3476  FAIL_IF_NOT(r == 1);
3477 
3478  DetectAddress *one = gh->ipv4_head;
3479  FAIL_IF_NULL(one);
3480  FAIL_IF_NOT_NULL(one->next);
3481 
3482  /* result should be:
3483  * 0.0.0.1/255.255.255.255
3484  */
3485  FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3486  FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3487 
3488  DetectAddressHeadFree(gh);
3489  PASS;
3490 }
3491 
3492 static int AddressTestAddressGroupSetupIPv416(void)
3493 {
3494  DetectAddressHead *gh = DetectAddressHeadInit();
3495  FAIL_IF_NULL(gh);
3496 
3497  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3498  FAIL_IF_NOT(r == 1);
3499 
3500  DetectAddress *one = gh->ipv4_head;
3501  FAIL_IF_NULL(one);
3502  FAIL_IF_NOT_NULL(one->next);
3503 
3504  /* result should be:
3505  * 0.0.0.0/255.255.255.254
3506  */
3507  FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3508  FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3509 
3510  DetectAddressHeadFree(gh);
3511  PASS;
3512 }
3513 
3514 static int AddressTestAddressGroupSetup14(void)
3515 {
3516  int result = 0;
3517  DetectAddressHead *gh = DetectAddressHeadInit();
3518 
3519  if (gh != NULL) {
3520  int r = DetectAddressParse(NULL, gh, "2001::1");
3521  if (r == 0)
3522  result = 1;
3523 
3524  DetectAddressHeadFree(gh);
3525  }
3526  return result;
3527 }
3528 
3529 static int AddressTestAddressGroupSetup15(void)
3530 {
3531  int result = 0;
3532  DetectAddressHead *gh = DetectAddressHeadInit();
3533 
3534  if (gh != NULL) {
3535  int r = DetectAddressParse(NULL, gh, "2001::1");
3536  if (r == 0 && gh->ipv6_head != NULL)
3537  result = 1;
3538 
3539  DetectAddressHeadFree(gh);
3540  }
3541  return result;
3542 }
3543 
3544 static int AddressTestAddressGroupSetup16(void)
3545 {
3546  int result = 0;
3547  DetectAddressHead *gh = DetectAddressHeadInit();
3548 
3549  if (gh != NULL) {
3550  int r = DetectAddressParse(NULL, gh, "2001::4");
3551  if (r == 0 && gh->ipv6_head != NULL) {
3552  DetectAddress *prev_head = gh->ipv6_head;
3553 
3554  r = DetectAddressParse(NULL, gh, "2001::3");
3555  if (r == 0 && gh->ipv6_head != prev_head &&
3556  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3557  result = 1;
3558  }
3559  }
3560 
3561  DetectAddressHeadFree(gh);
3562  }
3563  return result;
3564 }
3565 
3566 static int AddressTestAddressGroupSetup17(void)
3567 {
3568  int result = 0;
3569  DetectAddressHead *gh = DetectAddressHeadInit();
3570 
3571  if (gh != NULL) {
3572  int r = DetectAddressParse(NULL, gh, "2001::4");
3573  if (r == 0 && gh->ipv6_head != NULL) {
3574  DetectAddress *prev_head = gh->ipv6_head;
3575 
3576  r = DetectAddressParse(NULL, gh, "2001::3");
3577  if (r == 0 && gh->ipv6_head != prev_head &&
3578  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3579  DetectAddress *ph = gh->ipv6_head;
3580 
3581  r = DetectAddressParse(NULL, gh, "2001::2");
3582  if (r == 0 && gh->ipv6_head != ph &&
3583  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3584  result = 1;
3585  }
3586  }
3587  }
3588 
3589  DetectAddressHeadFree(gh);
3590  }
3591  return result;
3592 }
3593 
3594 static int AddressTestAddressGroupSetup18(void)
3595 {
3596  int result = 0;
3597  DetectAddressHead *gh = DetectAddressHeadInit();
3598 
3599  if (gh != NULL) {
3600  int r = DetectAddressParse(NULL, gh, "2001::2");
3601  if (r == 0 && gh->ipv6_head != NULL) {
3602  DetectAddress *prev_head = gh->ipv6_head;
3603 
3604  r = DetectAddressParse(NULL, gh, "2001::3");
3605  if (r == 0 && gh->ipv6_head == prev_head &&
3606  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3607  DetectAddress *ph = gh->ipv6_head;
3608 
3609  r = DetectAddressParse(NULL, gh, "2001::4");
3610  if (r == 0 && gh->ipv6_head == ph &&
3611  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3612  result = 1;
3613  }
3614  }
3615  }
3616 
3617  DetectAddressHeadFree(gh);
3618  }
3619  return result;
3620 }
3621 
3622 static int AddressTestAddressGroupSetup19(void)
3623 {
3624  int result = 0;
3625  DetectAddressHead *gh = DetectAddressHeadInit();
3626 
3627  if (gh != NULL) {
3628  int r = DetectAddressParse(NULL, gh, "2001::2");
3629  if (r == 0 && gh->ipv6_head != NULL) {
3630  DetectAddress *prev_head = gh->ipv6_head;
3631 
3632  r = DetectAddressParse(NULL, gh, "2001::2");
3633  if (r == 0 && gh->ipv6_head == prev_head &&
3634  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3635  result = 1;
3636  }
3637  }
3638 
3639  DetectAddressHeadFree(gh);
3640  }
3641  return result;
3642 }
3643 
3644 static int AddressTestAddressGroupSetup20(void)
3645 {
3646  int result = 0;
3647  DetectAddressHead *gh = DetectAddressHeadInit();
3648 
3649  if (gh != NULL) {
3650  int r = DetectAddressParse(NULL, gh, "2000::/3");
3651  if (r == 0 && gh->ipv6_head != NULL) {
3652  r = DetectAddressParse(NULL, gh, "2001::4");
3653  if (r == 0 && gh->ipv6_head != NULL &&
3654  gh->ipv6_head->next != NULL &&
3655  gh->ipv6_head->next->next != NULL) {
3656  result = 1;
3657  }
3658  }
3659 
3660  DetectAddressHeadFree(gh);
3661  }
3662  return result;
3663 }
3664 
3665 static int AddressTestAddressGroupSetup21(void)
3666 {
3667  int result = 0;
3668  DetectAddressHead *gh = DetectAddressHeadInit();
3669 
3670  if (gh != NULL) {
3671  int r = DetectAddressParse(NULL, gh, "2001::4");
3672  if (r == 0 && gh->ipv6_head != NULL) {
3673  r = DetectAddressParse(NULL, gh, "2000::/3");
3674  if (r == 0 && gh->ipv6_head != NULL &&
3675  gh->ipv6_head->next != NULL &&
3676  gh->ipv6_head->next->next != NULL) {
3677  result = 1;
3678  }
3679  }
3680 
3681  DetectAddressHeadFree(gh);
3682  }
3683  return result;
3684 }
3685 
3686 static int AddressTestAddressGroupSetup22(void)
3687 {
3688  int result = 0;
3689  DetectAddressHead *gh = DetectAddressHeadInit();
3690 
3691  if (gh != NULL) {
3692  int r = DetectAddressParse(NULL, gh, "2000::/3");
3693  if (r == 0 && gh->ipv6_head != NULL) {
3694  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3695  if (r == 0 && gh->ipv6_head != NULL &&
3696  gh->ipv6_head->next != NULL &&
3697  gh->ipv6_head->next->next != NULL) {
3698  result = 1;
3699  }
3700  }
3701 
3702  DetectAddressHeadFree(gh);
3703  }
3704  return result;
3705 }
3706 
3707 static int AddressTestAddressGroupSetup23(void)
3708 {
3709  int result = 0;
3710  DetectAddressHead *gh = DetectAddressHeadInit();
3711 
3712  if (gh != NULL) {
3713  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3714  if (r == 0 && gh->ipv6_head != NULL) {
3715  r = DetectAddressParse(NULL, gh, "2000::/3");
3716  if (r == 0 && gh->ipv6_head != NULL &&
3717  gh->ipv6_head->next != NULL &&
3718  gh->ipv6_head->next->next != NULL) {
3719  result = 1;
3720  }
3721  }
3722 
3723  DetectAddressHeadFree(gh);
3724  }
3725  return result;
3726 }
3727 
3728 static int AddressTestAddressGroupSetup24(void)
3729 {
3730  int result = 0;
3731  DetectAddressHead *gh = DetectAddressHeadInit();
3732 
3733  if (gh != NULL) {
3734  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3735  if (r == 0) {
3736  r = DetectAddressParse(NULL, gh, "2001::/3");
3737  if (r == 0) {
3738  r = DetectAddressParse(NULL, gh, "::/0");
3739  if (r == 0) {
3740  DetectAddress *one = gh->ipv6_head, *two = one->next,
3741  *three = two->next, *four = three->next,
3742  *five = four->next;
3743  if (one->ip.addr_data32[0] == 0x00000000 &&
3744  one->ip.addr_data32[1] == 0x00000000 &&
3745  one->ip.addr_data32[2] == 0x00000000 &&
3746  one->ip.addr_data32[3] == 0x00000000 &&
3747  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3748  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3749  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3750  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3751 
3752  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3753  two->ip.addr_data32[1] == 0x00000000 &&
3754  two->ip.addr_data32[2] == 0x00000000 &&
3755  two->ip.addr_data32[3] == 0x00000000 &&
3756  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3757  two->ip2.addr_data32[1] == 0x00000000 &&
3758  two->ip2.addr_data32[2] == 0x00000000 &&
3759  two->ip2.addr_data32[3] == SCNtohl(3) &&
3760 
3761  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3762  three->ip.addr_data32[1] == 0x00000000 &&
3763  three->ip.addr_data32[2] == 0x00000000 &&
3764  three->ip.addr_data32[3] == SCNtohl(4) &&
3765  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3766  three->ip2.addr_data32[1] == 0x00000000 &&
3767  three->ip2.addr_data32[2] == 0x00000000 &&
3768  three->ip2.addr_data32[3] == SCNtohl(6) &&
3769 
3770  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3771  four->ip.addr_data32[1] == 0x00000000 &&
3772  four->ip.addr_data32[2] == 0x00000000 &&
3773  four->ip.addr_data32[3] == SCNtohl(7) &&
3774  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3775  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3776  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3777  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3778 
3779  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3780  five->ip.addr_data32[1] == 0x00000000 &&
3781  five->ip.addr_data32[2] == 0x00000000 &&
3782  five->ip.addr_data32[3] == 0x00000000 &&
3783  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3784  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3785  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3786  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3787  result = 1;
3788  }
3789  }
3790  }
3791  }
3792 
3793  DetectAddressHeadFree(gh);
3794  }
3795  return result;
3796 }
3797 
3798 static int AddressTestAddressGroupSetup25(void)
3799 {
3800  int result = 0;
3801  DetectAddressHead *gh = DetectAddressHeadInit();
3802 
3803  if (gh != NULL) {
3804  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3805  if (r == 0) {
3806  r = DetectAddressParse(NULL, gh, "::/0");
3807  if (r == 0) {
3808  r = DetectAddressParse(NULL, gh, "2001::/3");
3809  if (r == 0) {
3810  DetectAddress *one = gh->ipv6_head, *two = one->next,
3811  *three = two->next, *four = three->next,
3812  *five = four->next;
3813  if (one->ip.addr_data32[0] == 0x00000000 &&
3814  one->ip.addr_data32[1] == 0x00000000 &&
3815  one->ip.addr_data32[2] == 0x00000000 &&
3816  one->ip.addr_data32[3] == 0x00000000 &&
3817  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3818  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3819  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3820  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3821 
3822  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3823  two->ip.addr_data32[1] == 0x00000000 &&
3824  two->ip.addr_data32[2] == 0x00000000 &&
3825  two->ip.addr_data32[3] == 0x00000000 &&
3826  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3827  two->ip2.addr_data32[1] == 0x00000000 &&
3828  two->ip2.addr_data32[2] == 0x00000000 &&
3829  two->ip2.addr_data32[3] == SCNtohl(3) &&
3830 
3831  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3832  three->ip.addr_data32[1] == 0x00000000 &&
3833  three->ip.addr_data32[2] == 0x00000000 &&
3834  three->ip.addr_data32[3] == SCNtohl(4) &&
3835  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3836  three->ip2.addr_data32[1] == 0x00000000 &&
3837  three->ip2.addr_data32[2] == 0x00000000 &&
3838  three->ip2.addr_data32[3] == SCNtohl(6) &&
3839 
3840  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3841  four->ip.addr_data32[1] == 0x00000000 &&
3842  four->ip.addr_data32[2] == 0x00000000 &&
3843  four->ip.addr_data32[3] == SCNtohl(7) &&
3844  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3845  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3846  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3847  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3848 
3849  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3850  five->ip.addr_data32[1] == 0x00000000 &&
3851  five->ip.addr_data32[2] == 0x00000000 &&
3852  five->ip.addr_data32[3] == 0x00000000 &&
3853  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3854  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3855  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3856  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3857  result = 1;
3858  }
3859  }
3860  }
3861  }
3862 
3863  DetectAddressHeadFree(gh);
3864  }
3865  return result;
3866 }
3867 
3868 static int AddressTestAddressGroupSetup26(void)
3869 {
3870  int result = 0;
3871  DetectAddressHead *gh = DetectAddressHeadInit();
3872 
3873  if (gh != NULL) {
3874  int r = DetectAddressParse(NULL, gh, "::/0");
3875  if (r == 0) {
3876  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3877  if (r == 0) {
3878  r = DetectAddressParse(NULL, gh, "2001::/3");
3879  if (r == 0) {
3880  DetectAddress *one = gh->ipv6_head, *two = one->next,
3881  *three = two->next, *four = three->next,
3882  *five = four->next;
3883  if (one->ip.addr_data32[0] == 0x00000000 &&
3884  one->ip.addr_data32[1] == 0x00000000 &&
3885  one->ip.addr_data32[2] == 0x00000000 &&
3886  one->ip.addr_data32[3] == 0x00000000 &&
3887  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3888  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3889  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3890  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3891 
3892  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3893  two->ip.addr_data32[1] == 0x00000000 &&
3894  two->ip.addr_data32[2] == 0x00000000 &&
3895  two->ip.addr_data32[3] == 0x00000000 &&
3896  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3897  two->ip2.addr_data32[1] == 0x00000000 &&
3898  two->ip2.addr_data32[2] == 0x00000000 &&
3899  two->ip2.addr_data32[3] == SCNtohl(3) &&
3900 
3901  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3902  three->ip.addr_data32[1] == 0x00000000 &&
3903  three->ip.addr_data32[2] == 0x00000000 &&
3904  three->ip.addr_data32[3] == SCNtohl(4) &&
3905  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3906  three->ip2.addr_data32[1] == 0x00000000 &&
3907  three->ip2.addr_data32[2] == 0x00000000 &&
3908  three->ip2.addr_data32[3] == SCNtohl(6) &&
3909 
3910  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3911  four->ip.addr_data32[1] == 0x00000000 &&
3912  four->ip.addr_data32[2] == 0x00000000 &&
3913  four->ip.addr_data32[3] == SCNtohl(7) &&
3914  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3915  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3916  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3917  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3918 
3919  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3920  five->ip.addr_data32[1] == 0x00000000 &&
3921  five->ip.addr_data32[2] == 0x00000000 &&
3922  five->ip.addr_data32[3] == 0x00000000 &&
3923  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3924  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3925  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3926  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3927  result = 1;
3928  }
3929  }
3930  }
3931  }
3932 
3933  DetectAddressHeadFree(gh);
3934  }
3935  return result;
3936 }
3937 
3938 static int AddressTestAddressGroupSetup27(void)
3939 {
3940  int result = 0;
3941  DetectAddressHead *gh = DetectAddressHeadInit();
3942 
3943  if (gh != NULL) {
3944  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3945  if (r == 0)
3946  result = 1;
3947 
3948  DetectAddressHeadFree(gh);
3949  }
3950  return result;
3951 }
3952 
3953 static int AddressTestAddressGroupSetup28(void)
3954 {
3955  int result = 0;
3956  DetectAddressHead *gh = DetectAddressHeadInit();
3957 
3958  if (gh != NULL) {
3959  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3960  if (r == 0)
3961  result = 1;
3962 
3963  DetectAddressHeadFree(gh);
3964  }
3965  return result;
3966 }
3967 
3968 static int AddressTestAddressGroupSetup29(void)
3969 {
3970  int result = 0;
3971  DetectAddressHead *gh = DetectAddressHeadInit();
3972 
3973  if (gh != NULL) {
3974  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3975  if (r == 0)
3976  result = 1;
3977 
3978  DetectAddressHeadFree(gh);
3979  }
3980  return result;
3981 }
3982 
3983 static int AddressTestAddressGroupSetup30(void)
3984 {
3985  int result = 0;
3986  DetectAddressHead *gh = DetectAddressHeadInit();
3987 
3988  if (gh != NULL) {
3989  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3990  if (r == 0)
3991  result = 1;
3992 
3993  DetectAddressHeadFree(gh);
3994  }
3995  return result;
3996 }
3997 
3998 static int AddressTestAddressGroupSetup31(void)
3999 {
4000  int result = 0;
4001  DetectAddressHead *gh = DetectAddressHeadInit();
4002 
4003  if (gh != NULL) {
4004  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4005  if (r == 0)
4006  result = 1;
4007 
4008  DetectAddressHeadFree(gh);
4009  }
4010  return result;
4011 }
4012 
4013 static int AddressTestAddressGroupSetup32(void)
4014 {
4015  int result = 0;
4016  DetectAddressHead *gh = DetectAddressHeadInit();
4017 
4018  if (gh != NULL) {
4019  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4020  if (r == 0)
4021  result = 1;
4022 
4023  DetectAddressHeadFree(gh);
4024  }
4025  return result;
4026 }
4027 
4028 static int AddressTestAddressGroupSetup33(void)
4029 {
4030  int result = 0;
4031  DetectAddressHead *gh = DetectAddressHeadInit();
4032 
4033  if (gh != NULL) {
4034  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4035  if (r == 1)
4036  result = 1;
4037 
4038  DetectAddressHeadFree(gh);
4039  }
4040  return result;
4041 }
4042 
4043 static int AddressTestAddressGroupSetup34(void)
4044 {
4045  int result = 0;
4046  DetectAddressHead *gh = DetectAddressHeadInit();
4047 
4048  if (gh != NULL) {
4049  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4050  if (r == 1)
4051  result = 1;
4052 
4053  DetectAddressHeadFree(gh);
4054  }
4055  return result;
4056 }
4057 
4058 static int AddressTestAddressGroupSetup35(void)
4059 {
4060  int result = 0;
4061  DetectAddressHead *gh = DetectAddressHeadInit();
4062 
4063  if (gh != NULL) {
4064  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4065  if (r == 1)
4066  result = 1;
4067 
4068  DetectAddressHeadFree(gh);
4069  }
4070  return result;
4071 }
4072 
4073 static int AddressTestAddressGroupSetup36 (void)
4074 {
4075  int result = 0;
4076 
4077  DetectAddressHead *gh = DetectAddressHeadInit();
4078  if (gh != NULL) {
4079  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4080  if (r == 1)
4081  result = 1;
4082 
4083  DetectAddressHeadFree(gh);
4084  }
4085  return result;
4086 }
4087 
4088 static int AddressTestAddressGroupSetup37(void)
4089 {
4090  int result = 0;
4091  DetectAddressHead *gh = DetectAddressHeadInit();
4092 
4093  if (gh != NULL) {
4094  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4095  if (r == 0)
4096  result = 1;
4097 
4098  DetectAddressHeadFree(gh);
4099  }
4100  return result;
4101 }
4102 
4103 static int AddressTestAddressGroupSetup38(void)
4104 {
4105  UTHValidateDetectAddressHeadRange expectations[3] = {
4106  { "0.0.0.0", "192.167.255.255" },
4107  { "192.168.14.0", "192.168.14.255" },
4108  { "192.169.0.0", "255.255.255.255" } };
4109  int result = 0;
4110  DetectAddressHead *gh = DetectAddressHeadInit();
4111 
4112  if (gh != NULL) {
4113  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4114  if (r == 1) {
4115  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4116  result = 1;
4117  }
4118 
4119  DetectAddressHeadFree(gh);
4120  }
4121  return result;
4122 }
4123 
4124 static int AddressTestAddressGroupSetup39(void)
4125 {
4126  UTHValidateDetectAddressHeadRange expectations[3] = {
4127  { "0.0.0.0", "192.167.255.255" },
4128  { "192.168.14.0", "192.168.14.255" },
4129  { "192.169.0.0", "255.255.255.255" } };
4130  int result = 0;
4131  DetectAddressHead *gh = DetectAddressHeadInit();
4132 
4133  if (gh != NULL) {
4134  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4135  if (r == 1) {
4136  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4137  result = 1;
4138  }
4139 
4140  DetectAddressHeadFree(gh);
4141  }
4142  return result;
4143 }
4144 
4145 static int AddressTestAddressGroupSetup40(void)
4146 {
4147  UTHValidateDetectAddressHeadRange expectations[3] = {
4148  { "0.0.0.0", "192.167.255.255" },
4149  { "192.168.14.0", "192.168.14.255" },
4150  { "192.169.0.0", "255.255.255.255" } };
4151  int result = 0;
4152  DetectAddressHead *gh = DetectAddressHeadInit();
4153  if (gh != NULL) {
4154  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4155  if (r == 1) {
4156  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4157  result = 1;
4158  }
4159 
4160  DetectAddressHeadFree(gh);
4161  }
4162  return result;
4163 }
4164 
4165 static int AddressTestAddressGroupSetup41(void)
4166 {
4167  UTHValidateDetectAddressHeadRange expectations[3] = {
4168  { "0.0.0.0", "192.167.255.255" },
4169  { "192.168.14.0", "192.168.14.255" },
4170  { "192.169.0.0", "255.255.255.255" } };
4171  int result = 0;
4172  DetectAddressHead *gh = DetectAddressHeadInit();
4173  if (gh != NULL) {
4174  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4175  if (r == 1) {
4176  if (UTHValidateDetectAddressHead(gh, 3, expectations))
4177  result = 1;
4178  }
4179 
4180  DetectAddressHeadFree(gh);
4181  }
4182  return result;
4183 }
4184 
4185 static int AddressTestAddressGroupSetup42(void)
4186 {
4187  UTHValidateDetectAddressHeadRange expectations[1] = {
4188  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4189  int result = 0;
4190  DetectAddressHead *gh = DetectAddressHeadInit();
4191  if (gh != NULL) {
4192  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4193  if (r == 0) {
4194  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4195  result = 1;
4196  }
4197 
4198  DetectAddressHeadFree(gh);
4199  }
4200  return result;
4201 }
4202 
4203 static int AddressTestAddressGroupSetup43(void)
4204 {
4205  UTHValidateDetectAddressHeadRange expectations[2] = {
4206  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4207  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4208  int result = 0;
4209  DetectAddressHead *gh = DetectAddressHeadInit();
4210  if (gh != NULL) {
4211  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4212  if (r == 1) {
4213  if (UTHValidateDetectAddressHead(gh, 2, expectations))
4214  result = 1;
4215  }
4216 
4217  DetectAddressHeadFree(gh);
4218  }
4219  return result;
4220 }
4221 
4222 static int AddressTestAddressGroupSetup44(void)
4223 {
4224  UTHValidateDetectAddressHeadRange expectations[2] = {
4225  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4226  int result = 0;
4227  DetectAddressHead *gh = DetectAddressHeadInit();
4228  if (gh != NULL) {
4229  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4230  if (r == 0) {
4231  if (UTHValidateDetectAddressHead(gh, 1, expectations))
4232  result = 1;
4233  }
4234 
4235  DetectAddressHeadFree(gh);
4236  }
4237  return result;
4238 }
4239 
4240 static int AddressTestAddressGroupSetup45(void)
4241 {
4242  int result = 0;
4243  DetectAddressHead *gh = DetectAddressHeadInit();
4244  if (gh != NULL) {
4245  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4246  if (r != 0) {
4247  result = 1;
4248  }
4249 
4250  DetectAddressHeadFree(gh);
4251  }
4252  return result;
4253 }
4254 
4255 static int AddressTestAddressGroupSetup46(void)
4256 {
4257  UTHValidateDetectAddressHeadRange expectations[4] = {
4258  { "0.0.0.0", "192.167.255.255" },
4259  { "192.168.1.0", "192.168.1.255" },
4260  { "192.168.3.0", "192.168.3.255" },
4261  { "192.169.0.0", "255.255.255.255" } };
4262  int result = 0;
4263  DetectAddressHead *gh = DetectAddressHeadInit();
4264  if (gh != NULL) {
4265  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4266  if (r == 1) {
4267  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4268  result = 1;
4269  }
4270 
4271  DetectAddressHeadFree(gh);
4272  }
4273  return result;
4274 }
4275 
4276 /** \test net with some negations, then all negated */
4277 static int AddressTestAddressGroupSetup47(void)
4278 {
4279  UTHValidateDetectAddressHeadRange expectations[5] = {
4280  { "0.0.0.0", "192.167.255.255" },
4281  { "192.168.1.0", "192.168.1.255" },
4282  { "192.168.3.0", "192.168.3.255" },
4283  { "192.168.5.0", "192.168.5.255" },
4284  { "192.169.0.0", "255.255.255.255" } };
4285  int result = 0;
4286  DetectAddressHead *gh = DetectAddressHeadInit();
4287  if (gh != NULL) {
4288  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4289  if (r == 1) {
4290  if (UTHValidateDetectAddressHead(gh, 5, expectations))
4291  result = 1;
4292  }
4293 
4294  DetectAddressHeadFree(gh);
4295  }
4296  return result;
4297 }
4298 
4299 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4300 static int AddressTestAddressGroupSetup48(void)
4301 {
4302  UTHValidateDetectAddressHeadRange expectations[4] = {
4303  { "192.168.0.0", "192.168.0.255" },
4304  { "192.168.2.0", "192.168.2.255" },
4305  { "192.168.4.0", "192.168.4.255" },
4306  { "192.168.6.0", "192.168.255.255" } };
4307  int result = 0;
4308  DetectAddressHead *gh = DetectAddressHeadInit();
4309  if (gh != NULL) {
4310  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4311  if (r == 1) {
4312  if (UTHValidateDetectAddressHead(gh, 4, expectations))
4313  result = 1;
4314  }
4315 
4316  DetectAddressHeadFree(gh);
4317  }
4318  return result;
4319 }
4320 
4321 static int AddressTestCutIPv401(void)
4322 {
4323  DetectAddress *c;
4324  DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4325  FAIL_IF_NULL(a);
4326  DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4327  FAIL_IF_NULL(b);
4328 
4329  FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4330 
4331  DetectAddressFree(a);
4332  DetectAddressFree(b);
4333  DetectAddressFree(c);
4334  PASS;
4335 }
4336 
4337 static int AddressTestCutIPv402(void)
4338 {
4339  DetectAddress *a, *b, *c = NULL;
4340  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4341  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4342 
4343  if (DetectAddressCut(NULL, a, b, &c) == -1)
4344  goto error;
4345 
4346  if (c == NULL)
4347  goto error;
4348 
4349  DetectAddressFree(a);
4350  DetectAddressFree(b);
4351  DetectAddressFree(c);
4352  return 1;
4353 
4354 error:
4355  DetectAddressFree(a);
4356  DetectAddressFree(b);
4357  DetectAddressFree(c);
4358  return 0;
4359 }
4360 
4361 static int AddressTestCutIPv403(void)
4362 {
4363  DetectAddress *a, *b, *c = NULL;
4364  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4365  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4366 
4367  if (DetectAddressCut(NULL, a, b, &c) == -1)
4368  goto error;
4369 
4370  if (c == NULL)
4371  goto error;
4372 
4373  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4374  goto error;
4375  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4376  goto error;
4377  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4378  goto error;
4379 
4380  DetectAddressFree(a);
4381  DetectAddressFree(b);
4382  DetectAddressFree(c);
4383  return 1;
4384 
4385 error:
4386  DetectAddressFree(a);
4387  DetectAddressFree(b);
4388  DetectAddressFree(c);
4389  return 0;
4390 }
4391 
4392 static int AddressTestCutIPv404(void)
4393 {
4394  DetectAddress *a, *b, *c = NULL;
4395  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4396  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4397 
4398  if (DetectAddressCut(NULL, a, b, &c) == -1)
4399  goto error;
4400 
4401  if (c == NULL)
4402  goto error;
4403 
4404  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4405  goto error;
4406  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4407  goto error;
4408  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4409  goto error;
4410 
4411 
4412  DetectAddressFree(a);
4413  DetectAddressFree(b);
4414  DetectAddressFree(c);
4415  return 1;
4416 
4417 error:
4418  DetectAddressFree(a);
4419  DetectAddressFree(b);
4420  DetectAddressFree(c);
4421  return 0;
4422 }
4423 
4424 static int AddressTestCutIPv405(void)
4425 {
4426  DetectAddress *a, *b, *c = NULL;
4427  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4428  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4429 
4430  if (DetectAddressCut(NULL, a, b, &c) == -1)
4431  goto error;
4432 
4433  if (c == NULL)
4434  goto error;
4435 
4436  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4437  goto error;
4438  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4439  goto error;
4440  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4441  goto error;
4442 
4443  DetectAddressFree(a);
4444  DetectAddressFree(b);
4445  DetectAddressFree(c);
4446  return 1;
4447 
4448 error:
4449  DetectAddressFree(a);
4450  DetectAddressFree(b);
4451  DetectAddressFree(c);
4452  return 0;
4453 }
4454 
4455 static int AddressTestCutIPv406(void)
4456 {
4457  DetectAddress *a, *b, *c = NULL;
4458  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4459  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4460 
4461  if (DetectAddressCut(NULL, a, b, &c) == -1)
4462  goto error;
4463 
4464  if (c == NULL)
4465  goto error;
4466 
4467  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4468  goto error;
4469  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4470  goto error;
4471  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4472  goto error;
4473 
4474  DetectAddressFree(a);
4475  DetectAddressFree(b);
4476  DetectAddressFree(c);
4477  return 1;
4478 
4479 error:
4480  DetectAddressFree(a);
4481  DetectAddressFree(b);
4482  DetectAddressFree(c);
4483  return 0;
4484 }
4485 
4486 static int AddressTestCutIPv407(void)
4487 {
4488  DetectAddress *a, *b, *c = NULL;
4489  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4490  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4491 
4492  if (DetectAddressCut(NULL, a, b, &c) == -1)
4493  goto error;
4494 
4495  if (c != NULL)
4496  goto error;
4497 
4498  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4499  goto error;
4500  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4501  goto error;
4502 
4503  DetectAddressFree(a);
4504  DetectAddressFree(b);
4505  DetectAddressFree(c);
4506  return 1;
4507 
4508 error:
4509  DetectAddressFree(a);
4510  DetectAddressFree(b);
4511  DetectAddressFree(c);
4512  return 0;
4513 }
4514 
4515 static int AddressTestCutIPv408(void)
4516 {
4517  DetectAddress *a, *b, *c = NULL;
4518  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4519  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4520 
4521  if (DetectAddressCut(NULL, a, b, &c) == -1)
4522  goto error;
4523 
4524  if (c != NULL)
4525  goto error;
4526 
4527  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4528  goto error;
4529  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4530  goto error;
4531 
4532  DetectAddressFree(a);
4533  DetectAddressFree(b);
4534  DetectAddressFree(c);
4535  return 1;
4536 
4537 error:
4538  DetectAddressFree(a);
4539  DetectAddressFree(b);
4540  DetectAddressFree(c);
4541  return 0;
4542 }
4543 
4544 static int AddressTestCutIPv409(void)
4545 {
4546  DetectAddress *a, *b, *c = NULL;
4547  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4548  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4549 
4550  if (DetectAddressCut(NULL, a, b, &c) == -1)
4551  goto error;
4552 
4553  if (c != NULL)
4554  goto error;
4555 
4556  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4557  goto error;
4558  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4559  goto error;
4560 
4561  DetectAddressFree(a);
4562  DetectAddressFree(b);
4563  DetectAddressFree(c);
4564  return 1;
4565 
4566 error:
4567  DetectAddressFree(a);
4568  DetectAddressFree(b);
4569  DetectAddressFree(c);
4570  return 0;
4571 }
4572 
4573 static int AddressTestCutIPv410(void)
4574 {
4575  DetectAddress *a, *b, *c = NULL;
4576  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4577  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4578 
4579  if (DetectAddressCut(NULL, a, b, &c) == -1)
4580  goto error;
4581 
4582  if (c != NULL)
4583  goto error;
4584 
4585  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4586  goto error;
4587  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4588  goto error;
4589 
4590  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4591 
4592  DetectAddressFree(a);
4593  DetectAddressFree(b);
4594  DetectAddressFree(c);
4595  return 1;
4596 
4597 error:
4598  DetectAddressFree(a);
4599  DetectAddressFree(b);
4600  DetectAddressFree(c);
4601  return 0;
4602 }
4603 
4604 static int AddressTestParseInvalidMask01(void)
4605 {
4606  int result = 1;
4607  DetectAddress *dd = NULL;
4608 
4609  dd = DetectAddressParseSingle("192.168.2.0/33");
4610  if (dd != NULL) {
4611  DetectAddressFree(dd);
4612  result = 0;
4613  }
4614  return result;
4615 }
4616 
4617 static int AddressTestParseInvalidMask02(void)
4618 {
4619  int result = 1;
4620  DetectAddress *dd = NULL;
4621 
4622  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4623  if (dd != NULL) {
4624  DetectAddressFree(dd);
4625  result = 0;
4626  }
4627  return result;
4628 }
4629 
4630 static int AddressTestParseInvalidMask03(void)
4631 {
4632  int result = 1;
4633  DetectAddress *dd = NULL;
4634 
4635  dd = DetectAddressParseSingle("192.168.2.0/blue");
4636  if (dd != NULL) {
4637  DetectAddressFree(dd);
4638  result = 0;
4639  }
4640  return result;
4641 }
4642 
4643 static int AddressConfVarsTest01(void)
4644 {
4645  static const char *dummy_conf_string =
4646  "%YAML 1.1\n"
4647  "---\n"
4648  "\n"
4649  "vars:\n"
4650  "\n"
4651  " address-groups:\n"
4652  "\n"
4653  " HOME_NET: \"any\"\n"
4654  "\n"
4655  " EXTERNAL_NET: \"!any\"\n"
4656  "\n"
4657  " port-groups:\n"
4658  "\n"
4659  " HTTP_PORTS: \"any\"\n"
4660  "\n"
4661  " SHELLCODE_PORTS: \"!any\"\n"
4662  "\n";
4663 
4664  int result = 0;
4665 
4666  SCConfCreateContextBackup();
4667  SCConfInit();
4668  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4669 
4670  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4671  result = 1;
4672 
4673  SCConfDeInit();
4674  SCConfRestoreContextBackup();
4675 
4676  return result;
4677 }
4678 
4679 static int AddressConfVarsTest02(void)
4680 {
4681  static const char *dummy_conf_string =
4682  "%YAML 1.1\n"
4683  "---\n"
4684  "\n"
4685  "vars:\n"
4686  "\n"
4687  " address-groups:\n"
4688  "\n"
4689  " HOME_NET: \"any\"\n"
4690  "\n"
4691  " EXTERNAL_NET: \"any\"\n"
4692  "\n"
4693  " port-groups:\n"
4694  "\n"
4695  " HTTP_PORTS: \"any\"\n"
4696  "\n"
4697  " SHELLCODE_PORTS: \"!any\"\n"
4698  "\n";
4699 
4700  int result = 0;
4701 
4702  SCConfCreateContextBackup();
4703  SCConfInit();
4704  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4705 
4706  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0)
4707  result = 1;
4708 
4709  SCConfDeInit();
4710  SCConfRestoreContextBackup();
4711 
4712  return result;
4713 }
4714 
4715 static int AddressConfVarsTest03(void)
4716 {
4717  static const char *dummy_conf_string =
4718  "%YAML 1.1\n"
4719  "---\n"
4720  "\n"
4721  "vars:\n"
4722  "\n"
4723  " address-groups:\n"
4724  "\n"
4725  " HOME_NET: \"any\"\n"
4726  "\n"
4727  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4728  "\n"
4729  " port-groups:\n"
4730  "\n"
4731  " HTTP_PORTS: \"any\"\n"
4732  "\n"
4733  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4734  "\n";
4735 
4736  int result = 0;
4737 
4738  SCConfCreateContextBackup();
4739  SCConfInit();
4740  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4741 
4742  if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0)
4743  result = 1;
4744 
4745  SCConfDeInit();
4746  SCConfRestoreContextBackup();
4747 
4748  return result;
4749 }
4750 
4751 static int AddressConfVarsTest04(void)
4752 {
4753  static const char *dummy_conf_string =
4754  "%YAML 1.1\n"
4755  "---\n"
4756  "\n"
4757  "vars:\n"
4758  "\n"
4759  " address-groups:\n"
4760  "\n"
4761  " HOME_NET: \"any\"\n"
4762  "\n"
4763  " EXTERNAL_NET: \"$HOME_NET\"\n"
4764  "\n"
4765  " port-groups:\n"
4766  "\n"
4767  " HTTP_PORTS: \"any\"\n"
4768  "\n"
4769  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4770  "\n";
4771 
4772  int result = 0;
4773 
4774  SCConfCreateContextBackup();
4775  SCConfInit();
4776  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4777 
4778  if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0)
4779  result = 1;
4780 
4781  SCConfDeInit();
4782  SCConfRestoreContextBackup();
4783 
4784  return result;
4785 }
4786 
4787 static int AddressConfVarsTest05(void)
4788 {
4789  static const char *dummy_conf_string =
4790  "%YAML 1.1\n"
4791  "---\n"
4792  "\n"
4793  "vars:\n"
4794  "\n"
4795  " address-groups:\n"
4796  "\n"
4797  " HOME_NET: \"any\"\n"
4798  "\n"
4799  " EXTERNAL_NET: [192.168.0.1]\n"
4800  "\n"
4801  " port-groups:\n"
4802  "\n"
4803  " HTTP_PORTS: \"any\"\n"
4804  "\n"
4805  " SHELLCODE_PORTS: [80]\n"
4806  "\n";
4807 
4808  int result = 0;
4809 
4810  SCConfCreateContextBackup();
4811  SCConfInit();
4812  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4813 
4814  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4815  goto end;
4816 
4817  result = 1;
4818 
4819  end:
4820  SCConfDeInit();
4821  SCConfRestoreContextBackup();
4822 
4823  return result;
4824 }
4825 
4826 static int AddressConfVarsTest06(void)
4827 {
4828  // HOME_NET value size = 10261 bytes
4829  static const char *dummy_conf_string =
4830  "%YAML 1.1\n"
4831  "---\n"
4832  "\n"
4833  "vars:\n"
4834  "\n"
4835  " address-groups:\n"
4836  "\n"
4837  " HOME_NET: "
4838  "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4839  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4840  "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4841  "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4842  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4843  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4844  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4845  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4846  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4847  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972  "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4973  "\n"
4974  " EXTERNAL_NET: \"any\"\n"
4975  "\n";
4976 
4977  SCConfCreateContextBackup();
4978  SCConfInit();
4979  SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4980 
4981  FAIL_IF(0 != DetectAddressTestConfVars());
4982 
4983  SCConfDeInit();
4984  SCConfRestoreContextBackup();
4985 
4986  PASS;
4987 }
4988 
4989 #endif /* UNITTESTS */
4990 
4991 void DetectAddressTests(void)
4992 {
4993 #ifdef UNITTESTS
4994  DetectAddressIPv4Tests();
4995  DetectAddressIPv6Tests();
4996 
4997  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4998  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4999  UtRegisterTest("AddressTestParse03", AddressTestParse03);
5000  UtRegisterTest("AddressTestParse04", AddressTestParse04);
5001  UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5002  UtRegisterTest("AddressTestParse05", AddressTestParse05);
5003  UtRegisterTest("AddressTestParse06", AddressTestParse06);
5004  UtRegisterTest("AddressTestParse07", AddressTestParse07);
5005  UtRegisterTest("AddressTestParse08", AddressTestParse08);
5006  UtRegisterTest("AddressTestParse09", AddressTestParse09);
5007  UtRegisterTest("AddressTestParse10", AddressTestParse10);
5008  UtRegisterTest("AddressTestParse11", AddressTestParse11);
5009  UtRegisterTest("AddressTestParse12", AddressTestParse12);
5010  UtRegisterTest("AddressTestParse13", AddressTestParse13);
5011  UtRegisterTest("AddressTestParse14", AddressTestParse14);
5012  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5013  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5014  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5015  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5016  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5017  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5018  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5019  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5020  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5021  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5022  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5023  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5024  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5025  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5026  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5027  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5028  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5029  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5030  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5031  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5032  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5033  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5034  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5035 
5036  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5037  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5038  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5039  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5040  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5041  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5042  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5043  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5044  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5045  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5046  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5047 
5048  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5049  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5050  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5051  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5052  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5053  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5054  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5055  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5056 
5057  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5058  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5059  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5060  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5061  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5062  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5063 
5064  UtRegisterTest("AddressTestAddressGroupSetup01",
5065  AddressTestAddressGroupSetup01);
5066  UtRegisterTest("AddressTestAddressGroupSetup02",
5067  AddressTestAddressGroupSetup02);
5068  UtRegisterTest("AddressTestAddressGroupSetup03",
5069  AddressTestAddressGroupSetup03);
5070  UtRegisterTest("AddressTestAddressGroupSetup04",
5071  AddressTestAddressGroupSetup04);
5072  UtRegisterTest("AddressTestAddressGroupSetup05",
5073  AddressTestAddressGroupSetup05);
5074  UtRegisterTest("AddressTestAddressGroupSetup06",
5075  AddressTestAddressGroupSetup06);
5076  UtRegisterTest("AddressTestAddressGroupSetup07",
5077  AddressTestAddressGroupSetup07);
5078  UtRegisterTest("AddressTestAddressGroupSetup08",
5079  AddressTestAddressGroupSetup08);
5080  UtRegisterTest("AddressTestAddressGroupSetup09",
5081  AddressTestAddressGroupSetup09);
5082  UtRegisterTest("AddressTestAddressGroupSetup10",
5083  AddressTestAddressGroupSetup10);
5084  UtRegisterTest("AddressTestAddressGroupSetup11",
5085  AddressTestAddressGroupSetup11);
5086  UtRegisterTest("AddressTestAddressGroupSetup12",
5087  AddressTestAddressGroupSetup12);
5088  UtRegisterTest("AddressTestAddressGroupSetup13",
5089  AddressTestAddressGroupSetup13);
5090  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5091  AddressTestAddressGroupSetupIPv414);
5092  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5093  AddressTestAddressGroupSetupIPv415);
5094  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5095  AddressTestAddressGroupSetupIPv416);
5096 
5097  UtRegisterTest("AddressTestAddressGroupSetup14",
5098  AddressTestAddressGroupSetup14);
5099  UtRegisterTest("AddressTestAddressGroupSetup15",
5100  AddressTestAddressGroupSetup15);
5101  UtRegisterTest("AddressTestAddressGroupSetup16",
5102  AddressTestAddressGroupSetup16);
5103  UtRegisterTest("AddressTestAddressGroupSetup17",
5104  AddressTestAddressGroupSetup17);
5105  UtRegisterTest("AddressTestAddressGroupSetup18",
5106  AddressTestAddressGroupSetup18);
5107  UtRegisterTest("AddressTestAddressGroupSetup19",
5108  AddressTestAddressGroupSetup19);
5109  UtRegisterTest("AddressTestAddressGroupSetup20",
5110  AddressTestAddressGroupSetup20);
5111  UtRegisterTest("AddressTestAddressGroupSetup21",
5112  AddressTestAddressGroupSetup21);
5113  UtRegisterTest("AddressTestAddressGroupSetup22",
5114  AddressTestAddressGroupSetup22);
5115  UtRegisterTest("AddressTestAddressGroupSetup23",
5116  AddressTestAddressGroupSetup23);
5117  UtRegisterTest("AddressTestAddressGroupSetup24",
5118  AddressTestAddressGroupSetup24);
5119  UtRegisterTest("AddressTestAddressGroupSetup25",
5120  AddressTestAddressGroupSetup25);
5121  UtRegisterTest("AddressTestAddressGroupSetup26",
5122  AddressTestAddressGroupSetup26);
5123 
5124  UtRegisterTest("AddressTestAddressGroupSetup27",
5125  AddressTestAddressGroupSetup27);
5126  UtRegisterTest("AddressTestAddressGroupSetup28",
5127  AddressTestAddressGroupSetup28);
5128  UtRegisterTest("AddressTestAddressGroupSetup29",
5129  AddressTestAddressGroupSetup29);
5130  UtRegisterTest("AddressTestAddressGroupSetup30",
5131  AddressTestAddressGroupSetup30);
5132  UtRegisterTest("AddressTestAddressGroupSetup31",
5133  AddressTestAddressGroupSetup31);
5134  UtRegisterTest("AddressTestAddressGroupSetup32",
5135  AddressTestAddressGroupSetup32);
5136  UtRegisterTest("AddressTestAddressGroupSetup33",
5137  AddressTestAddressGroupSetup33);
5138  UtRegisterTest("AddressTestAddressGroupSetup34",
5139  AddressTestAddressGroupSetup34);
5140  UtRegisterTest("AddressTestAddressGroupSetup35",
5141  AddressTestAddressGroupSetup35);
5142  UtRegisterTest("AddressTestAddressGroupSetup36",
5143  AddressTestAddressGroupSetup36);
5144  UtRegisterTest("AddressTestAddressGroupSetup37",
5145  AddressTestAddressGroupSetup37);
5146  UtRegisterTest("AddressTestAddressGroupSetup38",
5147  AddressTestAddressGroupSetup38);
5148  UtRegisterTest("AddressTestAddressGroupSetup39",
5149  AddressTestAddressGroupSetup39);
5150  UtRegisterTest("AddressTestAddressGroupSetup40",
5151  AddressTestAddressGroupSetup40);
5152  UtRegisterTest("AddressTestAddressGroupSetup41",
5153  AddressTestAddressGroupSetup41);
5154  UtRegisterTest("AddressTestAddressGroupSetup42",
5155  AddressTestAddressGroupSetup42);
5156  UtRegisterTest("AddressTestAddressGroupSetup43",
5157  AddressTestAddressGroupSetup43);
5158  UtRegisterTest("AddressTestAddressGroupSetup44",
5159  AddressTestAddressGroupSetup44);
5160  UtRegisterTest("AddressTestAddressGroupSetup45",
5161  AddressTestAddressGroupSetup45);
5162  UtRegisterTest("AddressTestAddressGroupSetup46",
5163  AddressTestAddressGroupSetup46);
5164  UtRegisterTest("AddressTestAddressGroupSetup47",
5165  AddressTestAddressGroupSetup47);
5166  UtRegisterTest("AddressTestAddressGroupSetup48",
5167  AddressTestAddressGroupSetup48);
5168 
5169  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5170  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5171  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5172  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5173  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5174  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5175  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5176  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5177  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5178  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5179 
5180  UtRegisterTest("AddressTestParseInvalidMask01",
5181  AddressTestParseInvalidMask01);
5182  UtRegisterTest("AddressTestParseInvalidMask02",
5183  AddressTestParseInvalidMask02);
5184  UtRegisterTest("AddressTestParseInvalidMask03",
5185  AddressTestParseInvalidMask03);
5186 
5187  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5188  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5189  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5190  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5191  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5192  UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5193 #endif /* UNITTESTS */
5194 }
DetectAddressListsAreEqual
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
Definition: detect-engine-address.c:348
DetectAddressCutNotIPv4
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv4.c:368
util-byte.h
DetectAddress_::ip
Address ip
Definition: detect.h:170
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:535
DetectAddressFree
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
Definition: detect-engine-address.c:82
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectAddressParse
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
Definition: detect-engine-address.c:1391
DetectAddressTests
void DetectAddressTests(void)
ADDRESS_EB
@ ADDRESS_EB
Definition: detect.h:157
ADDRESS_LE
@ ADDRESS_LE
Definition: detect.h:154
DetectAddressMap_::contains_negation
bool contains_negation
Definition: detect-engine-address.c:1289
DetectAddressCutIPv6
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Definition: detect-engine-address-ipv6.c:353
detect-engine-siggroup.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AddressIPv6Le
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
Definition: detect-engine-address-ipv6.c:162
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectAddressMatchIPv4
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1586
DetectAddress_
address structure for use in the detection engine.
Definition: detect.h:168
SC_RULE_VARS_ADDRESS_GROUPS
@ SC_RULE_VARS_ADDRESS_GROUPS
Definition: util-rule-vars.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:282
DetectAddressHead_
Definition: detect.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DetectAddressHeadCleanup
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
Definition: detect-engine-address.c:1473
ADDRESS_LT
@ ADDRESS_LT
Definition: detect.h:153
DetectAddressMap
struct DetectAddressMap_ DetectAddressMap
CIDRGet
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:57
DetectAddressMapFree
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1334
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:937
DetectAddressIPv4Tests
void DetectAddressIPv4Tests(void)
Definition: detect-engine-address-ipv4.c:1008
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
ADDRESS_EQ
@ ADDRESS_EQ
Definition: detect.h:155
Address_
Definition: decode.h:113
HashListTableLookup
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:245
CleanVariableResolveList
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:168
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1058
util-var.h
util-unittest.h
DetectAddressLookupInHead
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
Definition: detect-engine-address.c:1795
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
HashListTableAdd
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
Definition: util-hashlist.c:114
DetectAddress_::prev
struct DetectAddress_ * prev
Definition: detect.h:177
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
HashListTable_::array_size
uint32_t array_size
Definition: util-hashlist.h:41
DetectAddressCmpIPv4
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv4.c:59
Address_::address
union Address_::@29 address
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:121
util-cidr.h
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
HashListTableInit
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:19
DetectAddressIsCompleteIPSpaceIPv4
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
Definition: detect-engine-address-ipv4.c:314
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:681
DetectAddressCutIPv4
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
Definition: detect-engine-address-ipv4.c:113
ADDRESS_GE
@ ADDRESS_GE
Definition: detect.h:158
UTHValidateDetectAddressHeadRange_::one
const char * one
Definition: detect-engine-address.c:1878
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:284
detect.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:238
detect-engine-port.h
DetectAddress_::ip2
Address ip2
Definition: detect.h:171
DetectAddressMergeNot
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
Definition: detect-engine-address.c:1032
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
hashlittle_safe
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
Definition: util-hash-lookup3.c:482
DetectAddressCopy
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
Definition: detect-engine-address.c:127
CIDRFromMask
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition: util-cidr.c:35
util-rule-vars.h
conf-yaml-loader.h
conf.h
UTHValidateDetectAddressHeadRange
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
DetectAddressCleanupList
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
Definition: detect-engine-address.c:144
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:300
MAX_ADDRESS_LENGTH
#define MAX_ADDRESS_LENGTH
SCConfCreateContextBackup
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:715
HashListTable_
Definition: util-hashlist.h:37
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:232
DetectAddressMap_
Definition: detect-engine-address.c:1286
DetectAddressHead_::ipv6_head
DetectAddress * ipv6_head
Definition: detect.h:185
CIDRGetIPv6
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition: util-cidr.c:82
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7
DetectAddressMatchIPv6
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
Definition: detect-engine-address.c:1619
DetectEngineCtx_::address_table
HashListTable * address_table
Definition: detect.h:1080
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
HashListTableFree
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:88
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:734
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
util-hash-lookup3.h
detect-engine-address-ipv6.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
DetectAddressMapInit
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-address.c:1323
DetectAddressCmpIPv6
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
Definition: detect-engine-address-ipv6.c:232
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:124
str
#define str(s)
Definition: suricata-common.h:308
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:182
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
UTHValidateDetectAddressHeadRange_
Definition: detect-engine-address.c:1877
head
Flow * head
Definition: flow-hash.h:1
DetectAddressMap_::address
DetectAddressHead * address
Definition: detect-engine-address.c:1288
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:430
detect-engine-address-ipv4.h
SCConfRestoreContextBackup
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:725
DetectAddressCutNotIPv6
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
Definition: detect-engine-address-ipv6.c:704
AddVariableToResolveList
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:139
address
uint8_t address
Definition: decode-ppp.h:0
DetectAddress_::next
struct DetectAddress_ * next
Definition: detect.h:179
DetectMatchAddressIPv6_
Definition: detect.h:194
DetectMatchAddressIPv4_
Definition: detect.h:189
Address_::family
char family
Definition: decode.h:114
ADDRESS_ES
@ ADDRESS_ES
Definition: detect.h:156
DetectParseAddress
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
Definition: detect-engine-address.c:1431
SCConfNode_::name
char * name
Definition: conf.h:38
DetectAddressIPv6Tests
void DetectAddressIPv6Tests(void)
Definition: detect-engine-address-ipv6.c:1531
ADDRESS_FLAG_NOT
#define ADDRESS_FLAG_NOT
Definition: detect.h:162
UTHValidateDetectAddressHeadRange_::two
const char * two
Definition: detect-engine-address.c:1879
COPY_ADDRESS
#define COPY_ADDRESS(a, b)
Definition: decode.h:128
AddressIPv6Gt
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
Definition: detect-engine-address-ipv6.c:90
SCRuleVarsGetConfVar
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
Definition: util-rule-vars.c:65
AddressIPv6Ge
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
Definition: detect-engine-address-ipv6.c:194
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:288
SCConfNode_
Definition: conf.h:37
flow-var.h
SCConfNode_::val
char * val
Definition: conf.h:39
DetectAddress_::flags
uint8_t flags
Definition: detect.h:174
DetectAddressCmp
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: detect-engine-address.c:1559
DetectAddressHead_::ipv4_head
DetectAddress * ipv4_head
Definition: detect.h:184
DetectAddressPrint
#define DetectAddressPrint(...)
Definition: detect-engine-address.c:52
detect-engine-address.h
DetectAddressMap_::string
char * string
Definition: detect-engine-address.c:1287
DetectAddressInit
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
Definition: detect-engine-address.c:69
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1214
ADDRESS_ER
@ ADDRESS_ER
Definition: detect.h:152
ADDRESS_GT
@ ADDRESS_GT
Definition: detect.h:159