suricata
detect-engine-address.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Address part of the detection engine.
24  *
25  * \todo Move this out of the detection plugin structure
26  * rename to detect-engine-address.c
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "detect.h"
32 #include "flow-var.h"
33 
34 #include "util-cidr.h"
35 #include "util-unittest.h"
36 #include "util-rule-vars.h"
37 #include "conf.h"
38 #include "conf-yaml-loader.h"
39 
40 #include "detect-engine-siggroup.h"
41 #include "detect-engine-address.h"
44 #include "detect-engine-port.h"
45 
46 #include "util-debug.h"
47 #include "util-print.h"
48 #include "util-var.h"
49 
50 /* prototypes */
52 static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
53 static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
54  DetectAddress **);
56 
57 /**
58  * \brief Creates and returns a new instance of a DetectAddress.
59  *
60  * \retval ag Pointer to the newly created DetectAddress on success;
61  * NULL on failure.
62  */
64 {
65  DetectAddress *ag = SCMalloc(sizeof(DetectAddress));
66  if (unlikely(ag == NULL))
67  return NULL;
68  memset(ag, 0, sizeof(DetectAddress));
69 
70  return ag;
71 }
72 
73 /**
74  * \brief Frees a DetectAddress instance.
75  *
76  * \param ag Pointer to the DetectAddress instance to be freed.
77  */
79 {
80  if (ag == NULL)
81  return;
82 
83  SCFree(ag);
84 
85  return;
86 }
87 
88 /**
89  * \brief Copies the contents of one Address group in DetectAddress and returns
90  * a new instance of the DetectAddress that contains the copied address.
91  *
92  * \param orig Pointer to the instance of DetectAddress that contains the
93  * address data to be copied to the new instance.
94  *
95  * \retval ag Pointer to the new instance of DetectAddress that contains the
96  * copied address.
97  */
99 {
101  if (ag == NULL)
102  return NULL;
103 
104  ag->flags = orig->flags;
105 
106  COPY_ADDRESS(&orig->ip, &ag->ip);
107  COPY_ADDRESS(&orig->ip2, &ag->ip2);
108 
109  return ag;
110 }
111 
112 /**
113  * \brief Used to check if a DetectAddress list contains an instance with
114  * a similar DetectAddress. The comparison done is not the one that
115  * checks the memory for the same instance, but one that checks that the
116  * two instances hold the same content.
117  *
118  * \param head Pointer to the DetectAddress list.
119  * \param ad Pointer to the DetectAddress that has to be checked for in
120  * the DetectAddress list.
121  *
122  * \retval cur Returns a pointer to the DetectAddress on a match; NULL if
123  * no match.
124  */
126 {
127  DetectAddress *cur;
128 
129  if (head != NULL) {
130  for (cur = head; cur != NULL; cur = cur->next) {
131  if (DetectAddressCmp(cur, gr) == ADDRESS_EQ)
132  return cur;
133  }
134  }
135 
136  return NULL;
137 }
138 
139 /**
140  * \brief Prints the address data information for all the DetectAddress
141  * instances in the DetectAddress list sent as the argument.
142  *
143  * \param head Pointer to a list of DetectAddress instances.
144  */
146 {
147  DetectAddress *cur;
148 
149  SCLogInfo("list:");
150  if (head != NULL) {
151  for (cur = head; cur != NULL; cur = cur->next) {
152  DetectAddressPrint(cur);
153  }
154  }
155  SCLogInfo("endlist");
156 
157  return;
158 }
159 
160 /**
161  * \brief Frees a list of DetectAddress instances.
162  *
163  * \param head Pointer to a list of DetectAddress instances to be freed.
164  */
166 {
167  DetectAddress *cur, *next;
168 
169  if (head == NULL)
170  return;
171 
172  for (cur = head; cur != NULL; ) {
173  next = cur->next;
174  cur->next = NULL;
175  DetectAddressFree(cur);
176  cur = next;
177  }
178 
179  return;
180 }
181 
182 /**
183  * \brief Do a sorted insert, where the top of the list should be the biggest
184  * network/range.
185  *
186  * XXX current sorting only works for overlapping nets
187  *
188  * \param head Pointer to the list of DetectAddress.
189  * \param ag Pointer to the DetectAddress that has to be added to the
190  * above list.
191  *
192  * \retval 0 On successfully inserting the DetectAddress.
193  * \retval -1 On failure.
194  */
195 
197 {
198  DetectAddress *cur, *prev_cur = NULL;
199  int r = 0;
200 
201  if (*head != NULL) {
202  for (cur = *head; cur != NULL; cur = cur->next) {
203  prev_cur = cur;
204  r = DetectAddressCmp(ag, cur);
205  if (r == ADDRESS_EB) {
206  /* insert here */
207  ag->prev = cur->prev;
208  ag->next = cur;
209 
210  cur->prev = ag;
211  if (*head == cur)
212  *head = ag;
213  else
214  ag->prev->next = ag;
215 
216  return 0;
217  }
218  }
219  ag->prev = prev_cur;
220  if (prev_cur != NULL)
221  prev_cur->next = ag;
222  } else {
223  *head = ag;
224  }
225 
226  return 0;
227 }
228 
229 /**
230  * \internal
231  * \brief Helper function for DetectAddressInsert. Sets one of the
232  * DetectAddressHead head pointers, to the DetectAddress argument
233  * based on its address family.
234  *
235  * \param gh Pointer to the DetectAddressHead.
236  * \param newhead Pointer to the DetectAddress.
237  *
238  * \retval 0 On success.
239  * \retval -1 On failure.
240  */
241 static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
242 {
243  if (newhead->flags & ADDRESS_FLAG_ANY) {
244  gh->any_head = newhead;
245  } else if (newhead->ip.family == AF_INET) {
246  gh->ipv4_head = newhead;
247  } else if (newhead->ip.family == AF_INET6) {
248  gh->ipv6_head = newhead;
249  } else {
250  SCLogDebug("newhead->family %u not supported", newhead->ip.family);
251  return -1;
252  }
253 
254  return 0;
255 }
256 
257 /**
258  * \internal
259  * \brief Returns the DetectAddress head from the DetectAddressHeads,
260  * based on the address family of the incoming DetectAddress arg.
261  *
262  * \param gh Pointer to the DetectAddressHead.
263  * \param new Pointer to the DetectAddress.
264  *
265  * \retval head Pointer to the DetectAddress(the head from
266  * DetectAddressHead).
267  */
268 static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
269 {
270  DetectAddress *head = NULL;
271 
272  if (new->flags & ADDRESS_FLAG_ANY)
273  head = gh->any_head;
274  else if (new->ip.family == AF_INET)
275  head = gh->ipv4_head;
276  else if (new->ip.family == AF_INET6)
277  head = gh->ipv6_head;
278 
279  return head;
280 }
281 
282 /**
283  * \brief Same as DetectAddressInsert, but then for inserting a address group
284  * object. This also makes sure SigGroupContainer lists are handled
285  * correctly.
286  *
287  * \param de_ctx Pointer to the detection engine context.
288  * \param gh Pointer to the DetectAddressHead list to which it has to
289  * be inserted.
290  * \param new Pointer to the DetectAddress, that has to be inserted.
291  *
292  * \retval 1 On successfully inserting it.
293  * \retval -1 On error.
294  * \retval 0 Not inserted, memory of new is freed.
295  */
297  DetectAddress *new)
298 {
299  DetectAddress *head = NULL;
300  DetectAddress *cur = NULL;
301  DetectAddress *c = NULL;
302  int r = 0;
303 
304  if (new == NULL)
305  return 0;
306 
307  BUG_ON(new->ip.family == 0 && !(new->flags & ADDRESS_FLAG_ANY));
308 
309  /* get our head ptr based on the address we want to insert */
310  head = GetHeadPtr(gh, new);
311 
312  /* see if it already exists or overlaps with existing ag's */
313  if (head != NULL) {
314  cur = NULL;
315 
316  for (cur = head; cur != NULL; cur = cur->next) {
317  r = DetectAddressCmp(new, cur);
318  BUG_ON(r == ADDRESS_ER);
319 
320  /* if so, handle that */
321  if (r == ADDRESS_EQ) {
322  /* exact overlap/match */
323  if (cur != new) {
324  DetectAddressFree(new);
325  return 0;
326  }
327 
328  return 1;
329  } else if (r == ADDRESS_GT) {
330  /* only add it now if we are bigger than the last group.
331  * Otherwise we'll handle it later. */
332  if (cur->next == NULL) {
333  /* put in the list */
334  new->prev = cur;
335  cur->next = new;
336 
337  return 1;
338  }
339  } else if (r == ADDRESS_LT) {
340  /* see if we need to insert the ag anywhere put in the list */
341  if (cur->prev != NULL)
342  cur->prev->next = new;
343  new->prev = cur->prev;
344  new->next = cur;
345  cur->prev = new;
346 
347  /* update head if required */
348  if (head == cur) {
349  head = new;
350 
351  if (SetHeadPtr(gh, head) < 0)
352  goto error;
353  }
354 
355  return 1;
356  /* alright, those were the simple cases, lets handle the more
357  * complex ones now */
358  } else if (r == ADDRESS_ES) {
359  c = NULL;
360  r = DetectAddressCut(de_ctx, cur, new, &c);
361  if (r == -1)
362  goto error;
363 
364  DetectAddressInsert(de_ctx, gh, new);
365  if (c != NULL)
366  DetectAddressInsert(de_ctx, gh, c);
367 
368  return 1;
369  } else if (r == ADDRESS_EB) {
370  c = NULL;
371  r = DetectAddressCut(de_ctx, cur, new, &c);
372  if (r == -1)
373  goto error;
374 
375  DetectAddressInsert(de_ctx, gh, new);
376  if (c != NULL)
377  DetectAddressInsert(de_ctx, gh, c);
378 
379  return 1;
380  } else if (r == ADDRESS_LE) {
381  c = NULL;
382  r = DetectAddressCut(de_ctx, cur, new, &c);
383  if (r == -1)
384  goto error;
385 
386  DetectAddressInsert(de_ctx, gh, new);
387  if (c != NULL)
388  DetectAddressInsert(de_ctx, gh, c);
389 
390  return 1;
391  } else if (r == ADDRESS_GE) {
392  c = NULL;
393  r = DetectAddressCut(de_ctx, cur,new,&c);
394  if (r == -1)
395  goto error;
396 
397  DetectAddressInsert(de_ctx, gh, new);
398  if (c != NULL)
399  DetectAddressInsert(de_ctx, gh, c);
400 
401  return 1;
402  }
403  }
404 
405  /* head is NULL, so get a group and set head to it */
406  } else {
407  head = new;
408  if (SetHeadPtr(gh, head) < 0) {
409  SCLogDebug("SetHeadPtr failed");
410  goto error;
411  }
412  }
413 
414  return 1;
415 
416 error:
417  /* XXX */
418  return -1;
419 }
420 
421 /**
422  * \brief Join two addresses groups together.
423  *
424  * \param de_ctx Pointer to the detection engine context.
425  * \param target Pointer to the target address group.
426  * \param source Pointer to the source address group.
427  *
428  * \retval 0 On success.
429  * \retval -1 On failure.
430  */
432  DetectAddress *source)
433 {
434  if (target == NULL || source == NULL)
435  return -1;
436 
437  if (target->ip.family != source->ip.family)
438  return -1;
439 
440  if (target->ip.family == AF_INET)
441  return DetectAddressJoinIPv4(de_ctx, target, source);
442  else if (target->ip.family == AF_INET6)
443  return DetectAddressJoinIPv6(de_ctx, target, source);
444 
445  return -1;
446 }
447 
448 /**
449  * \brief Checks if two address group lists are equal.
450  *
451  * \param list1 Pointer to the first address group list.
452  * \param list2 Pointer to the second address group list.
453  *
454  * \retval true On success.
455  * \retval false On failure.
456  */
458 {
459  DetectAddress *item = list1;
460  DetectAddress *it = list2;
461 
462  // First, compare items one by one.
463  while (item != NULL && it != NULL) {
464  if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
465  return false;
466  }
467 
468  item = item->next;
469  it = it->next;
470  }
471 
472  // Are the lists of the same size?
473  if (!(item == NULL && it == NULL)) {
474  return false;
475  }
476 
477  return true;
478 }
479 
480 /**
481  * \internal
482  * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
483  *
484  * For example if we send a cidr of 7 as argument, an ipv6 address
485  * mask of the value FE:00:00:00:00:00:00:00 is created and updated
486  * in the argument struct in6_addr *in6.
487  *
488  * \todo I think for the final section: while (cidr > 0), we can simply
489  * replace it with a
490  * if (cidr > 0) {
491  * in6->s6_addr[i] = -1 << (8 - cidr);
492  *
493  * \param cidr The value of the cidr.
494  * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
495  * hold the cidr netblock result.
496  */
497 static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6)
498 {
499  int i = 0;
500 
501  memset(in6, 0, sizeof(struct in6_addr));
502 
503  while (cidr > 8) {
504  in6->s6_addr[i] = 0xff;
505  cidr -= 8;
506  i++;
507  }
508 
509  while (cidr > 0) {
510  in6->s6_addr[i] |= 0x80;
511  if (--cidr > 0)
512  in6->s6_addr[i] = in6->s6_addr[i] >> 1;
513  }
514 
515  return;
516 }
517 
518 /**
519  * \internal
520  * \brief Parses an ipv4/ipv6 address string and updates the result into the
521  * DetectAddress instance sent as the argument.
522  *
523  * \param dd Pointer to the DetectAddress instance which should be updated with
524  * the address range details from the parsed ip string.
525  * \param str Pointer to address string that has to be parsed.
526  *
527  * \retval 0 On successfully parsing the address string.
528  * \retval -1 On failure.
529  */
531 {
532  char *ip = NULL;
533  char *ip2 = NULL;
534  char *mask = NULL;
535  int r = 0;
536  char ipstr[256];
537 
538  while (*str != '\0' && *str == ' ')
539  str++;
540 
541  /* first handle 'any' */
542  if (strcasecmp(str, "any") == 0) {
543  dd->flags |= ADDRESS_FLAG_ANY;
544  SCLogDebug("address is \'any\'");
545  return 0;
546  }
547 
548  strlcpy(ipstr, str, sizeof(ipstr));
549  SCLogDebug("str %s", str);
550 
551  /* we work with a copy so that we can put a
552  * nul-termination in it later */
553  ip = ipstr;
554 
555  /* handle the negation case */
556  if (ip[0] == '!') {
557  dd->flags |= ADDRESS_FLAG_NOT;
558  ip++;
559  }
560 
561  /* see if the address is an ipv4 or ipv6 address */
562  if ((strchr(str, ':')) == NULL) {
563  /* IPv4 Address */
564  struct in_addr in;
565 
566  dd->ip.family = AF_INET;
567 
568  if ((mask = strchr(ip, '/')) != NULL) {
569  /* 1.2.3.4/xxx format (either dotted or cidr notation */
570  ip[mask - ip] = '\0';
571  mask++;
572  uint32_t ip4addr = 0;
573  uint32_t netmask = 0;
574  size_t u = 0;
575 
576  if ((strchr (mask, '.')) == NULL) {
577  /* 1.2.3.4/24 format */
578 
579  for (u = 0; u < strlen(mask); u++) {
580  if(!isdigit((unsigned char)mask[u]))
581  goto error;
582  }
583 
584  int cidr = atoi(mask);
585  if (cidr < 0 || cidr > 32)
586  goto error;
587 
588  netmask = CIDRGet(cidr);
589  } else {
590  /* 1.2.3.4/255.255.255.0 format */
591  r = inet_pton(AF_INET, mask, &in);
592  if (r <= 0)
593  goto error;
594 
595  netmask = in.s_addr;
596  }
597 
598  r = inet_pton(AF_INET, ip, &in);
599  if (r <= 0)
600  goto error;
601 
602  ip4addr = in.s_addr;
603 
604  dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
605  dd->ip2.addr_data32[0] |=~ netmask;
606  } else if ((ip2 = strchr(ip, '-')) != NULL) {
607  /* 1.2.3.4-1.2.3.6 range format */
608  ip[ip2 - ip] = '\0';
609  ip2++;
610 
611  r = inet_pton(AF_INET, ip, &in);
612  if (r <= 0)
613  goto error;
614  dd->ip.addr_data32[0] = in.s_addr;
615 
616  r = inet_pton(AF_INET, ip2, &in);
617  if (r <= 0)
618  goto error;
619  dd->ip2.addr_data32[0] = in.s_addr;
620 
621  /* a > b is illegal, a = b is ok */
622  if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
623  goto error;
624  } else {
625  /* 1.2.3.4 format */
626  r = inet_pton(AF_INET, ip, &in);
627  if (r <= 0)
628  goto error;
629  /* single host */
630  dd->ip.addr_data32[0] = in.s_addr;
631  dd->ip2.addr_data32[0] = in.s_addr;
632  }
633  } else {
634  /* IPv6 Address */
635  struct in6_addr in6, mask6;
636  uint32_t ip6addr[4], netmask[4];
637 
638  dd->ip.family = AF_INET6;
639 
640  if ((mask = strchr(ip, '/')) != NULL) {
641  ip[mask - ip] = '\0';
642  mask++;
643 
644  int cidr = atoi(mask);
645  if (cidr < 0 || cidr > 128)
646  goto error;
647 
648  r = inet_pton(AF_INET6, ip, &in6);
649  if (r <= 0)
650  goto error;
651  memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
652 
653  DetectAddressParseIPv6CIDR(cidr, &mask6);
654  memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
655 
656  dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
657  dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
658  dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
659  dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
660 
661  dd->ip2.addr_data32[0] |=~ netmask[0];
662  dd->ip2.addr_data32[1] |=~ netmask[1];
663  dd->ip2.addr_data32[2] |=~ netmask[2];
664  dd->ip2.addr_data32[3] |=~ netmask[3];
665  } else if ((ip2 = strchr(ip, '-')) != NULL) {
666  /* 2001::1-2001::4 range format */
667  ip[ip2 - ip] = '\0';
668  ip2++;
669 
670  r = inet_pton(AF_INET6, ip, &in6);
671  if (r <= 0)
672  goto error;
673  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
674 
675  r = inet_pton(AF_INET6, ip2, &in6);
676  if (r <= 0)
677  goto error;
678  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
679 
680  /* a > b is illegal, a=b is ok */
681  if (AddressIPv6Gt(&dd->ip, &dd->ip2))
682  goto error;
683  } else {
684  r = inet_pton(AF_INET6, ip, &in6);
685  if (r <= 0)
686  goto error;
687 
688  memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
689  memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
690  }
691 
692  }
693 
694  BUG_ON(dd->ip.family == 0);
695 
696  return 0;
697 
698 error:
699  return -1;
700 }
701 
702 /**
703  * \internal
704  * \brief Simply parse an address and return a DetectAddress instance containing
705  * the address ranges of the parsed ip addressstring
706  *
707  * \param str Pointer to a character string containing the ip address
708  *
709  * \retval dd Pointer to the DetectAddress instance containing the address
710  * range details from the parsed ip string
711  */
712 static DetectAddress *DetectAddressParseSingle(const char *str)
713 {
714  DetectAddress *dd;
715 
716  SCLogDebug("str %s", str);
717 
718  dd = DetectAddressInit();
719  if (dd == NULL)
720  goto error;
721 
722  if (DetectAddressParseString(dd, str) < 0) {
723  SCLogDebug("AddressParse failed");
724  goto error;
725  }
726 
727  return dd;
728 
729 error:
730  if (dd != NULL)
731  DetectAddressFree(dd);
732  return NULL;
733 }
734 
735 /**
736  * \brief Setup a single address string, parse it and add the resulting
737  * Address-Range(s) to the AddessHead(DetectAddressHead instance).
738  *
739  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
740  * resulting Address-Range(s) from the parsed ip string has to
741  * be added.
742  * \param s Pointer to the ip address string to be parsed.
743  *
744  * \retval 0 On success.
745  * \retval -1 On failure.
746  */
747 static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
748 {
749  SCLogDebug("gh %p, s %s", gh, s);
750 
751  /* parse the address */
752  DetectAddress *ad = DetectAddressParseSingle(s);
753  if (ad == NULL) {
755  "failed to parse address \"%s\"", s);
756  return -1;
757  }
758 
759  char any = (ad->flags & ADDRESS_FLAG_ANY);
760 
761  /* handle the not case, we apply the negation then insert the part(s) */
762  if (ad->flags & ADDRESS_FLAG_NOT) {
763  DetectAddress *ad2 = NULL;
764 
765  if (DetectAddressCutNot(ad, &ad2) < 0) {
766  SCLogDebug("DetectAddressCutNot failed");
767  DetectAddressFree(ad);
768  return -1;
769  }
770 
771  /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
772  * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
773  if (ad2 != NULL) {
774  if (DetectAddressInsert(NULL, gh, ad2) < 0) {
775  SCLogDebug("DetectAddressInsert failed");
776  DetectAddressFree(ad);
777  DetectAddressFree(ad2);
778  return -1;
779  }
780  }
781  }
782 
783  int r = DetectAddressInsert(NULL, gh, ad);
784  if (r < 0) {
785  SCLogDebug("DetectAddressInsert failed");
786  DetectAddressFree(ad);
787  return -1;
788  }
789  SCLogDebug("r %d",r);
790 
791  /* if any, insert 0.0.0.0/0 and ::/0 as well */
792  if (r == 1 && any == TRUE) {
793  SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
794 
795  ad = DetectAddressParseSingle("0.0.0.0/0");
796  if (ad == NULL)
797  goto error;
798 
799  BUG_ON(ad->ip.family == 0);
800 
801  if (DetectAddressInsert(NULL, gh, ad) < 0) {
802  SCLogDebug("DetectAddressInsert failed");
803  goto error;
804  }
805  ad = DetectAddressParseSingle("::/0");
806  if (ad == NULL)
807  goto error;
808 
809  BUG_ON(ad->ip.family == 0);
810 
811  if (DetectAddressInsert(NULL, gh, ad) < 0) {
812  SCLogDebug("DetectAddressInsert failed");
813  goto error;
814  }
815  }
816  return 0;
817 
818 error:
819  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "DetectAddressSetup error");
820  /* XXX cleanup */
821  return -1;
822 }
823 
824 /**
825  * \brief Parses an address string and updates the 2 address heads with the
826  * address data.
827  *
828  * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
829  * since we pass around negate without keeping a count of ! with depth.
830  * Can solve this by keeping a count of the negations with depth, so that
831  * an even no of negations would count as no negation and an odd no of
832  * negations would count as a negation.
833  *
834  * \param gh Pointer to the address head that should hold address ranges
835  * that are not negated.
836  * \param ghn Pointer to the address head that should hold address ranges
837  * that are negated.
838  * \param s Pointer to the character string holding the address to be
839  * parsed.
840  * \param negate Flag that indicates if the received address string is negated
841  * or not. 0 if it is not, 1 it it is.
842  *
843  * \retval 0 On successfully parsing.
844  * \retval -1 On failure.
845  */
846 static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
848  const char *s, int negate, ResolvedVariablesList *var_list)
849 {
850  size_t x = 0;
851  size_t u = 0;
852  int o_set = 0, n_set = 0, d_set = 0;
853  int depth = 0;
854  size_t size = strlen(s);
855  char address[8196] = "";
856  const char *rule_var_address = NULL;
857  char *temp_rule_var_address = NULL;
858 
859  SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
860 
861  for (u = 0, x = 0; u < size && x < sizeof(address); u++) {
862  if (x == (sizeof(address) - 1)) {
863  SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer"
864  " limit for the supplied address. Invalidating sig. "
865  "Please file a bug report on this.");
866  goto error;
867  }
868  address[x] = s[u];
869  x++;
870 
871  if (!o_set && s[u] == '!') {
872  n_set = 1;
873  x--;
874  } else if (s[u] == '[') {
875  if (!o_set) {
876  o_set = 1;
877  x = 0;
878  }
879  depth++;
880  } else if (s[u] == ']') {
881  if (depth == 1) {
882  address[x - 1] = '\0';
883  x = 0;
884  SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
885  if (((negate + n_set) % 2) == 0) {
886  /* normal block */
887  SCLogDebug("normal block");
888 
889  if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list) < 0)
890  goto error;
891  } else {
892  /* negated block
893  *
894  * Extra steps are necessary. First consider it as a normal
895  * (non-negated) range. Merge the + and - ranges if
896  * applicable. Then insert the result into the ghn list. */
897  SCLogDebug("negated block");
898 
899  DetectAddressHead tmp_gh = { NULL, NULL, NULL };
900  DetectAddressHead tmp_ghn = { NULL, NULL, NULL };
901 
902  if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list) < 0)
903  goto error;
904 
905  DetectAddress *tmp_ad;
906  DetectAddress *tmp_ad2;
907 #ifdef DEBUG
908  SCLogDebug("tmp_gh: IPv4");
909  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
910  DetectAddressPrint(tmp_ad);
911  }
912  SCLogDebug("tmp_ghn: IPv4");
913  for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
914  DetectAddressPrint(tmp_ad);
915  }
916  SCLogDebug("tmp_gh: IPv6");
917  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
918  DetectAddressPrint(tmp_ad);
919  }
920  SCLogDebug("tmp_ghn: IPv6");
921  for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
922  DetectAddressPrint(tmp_ad);
923  }
924 #endif
925  if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0)
926  goto error;
927 
928  SCLogDebug("merged succesfully");
929 
930  /* insert the IPv4 addresses into the negated list */
931  for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
932  /* work with a copy of the address group */
933  tmp_ad2 = DetectAddressCopy(tmp_ad);
934  if (tmp_ad2 == NULL) {
935  SCLogDebug("DetectAddressCopy failed");
936  goto error;
937  }
938  DetectAddressPrint(tmp_ad2);
939  DetectAddressInsert(NULL, ghn, tmp_ad2);
940  }
941 
942  /* insert the IPv6 addresses into the negated list */
943  for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
944  /* work with a copy of the address group */
945  tmp_ad2 = DetectAddressCopy(tmp_ad);
946  if (tmp_ad2 == NULL) {
947  SCLogDebug("DetectAddressCopy failed");
948  goto error;
949  }
950  DetectAddressPrint(tmp_ad2);
951  DetectAddressInsert(NULL, ghn, tmp_ad2);
952  }
953 
954  DetectAddressHeadCleanup(&tmp_gh);
955  DetectAddressHeadCleanup(&tmp_ghn);
956  }
957  n_set = 0;
958  }
959  depth--;
960  } else if (depth == 0 && s[u] == ',') {
961  if (o_set == 1) {
962  o_set = 0;
963  } else if (d_set == 1) {
964  address[x - 1] = '\0';
965 
966  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
968  if (rule_var_address == NULL)
969  goto error;
970 
971  if (strlen(rule_var_address) == 0) {
972  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
973  "to nothing. This is likely a misconfiguration. "
974  "Note that a negated address needs to be quoted, "
975  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
976  goto error;
977  }
978 
979  SCLogDebug("rule_var_address %s", rule_var_address);
980  if ((negate + n_set) % 2) {
981  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
982  if (unlikely(temp_rule_var_address == NULL))
983  goto error;
984  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
985  "[%s]", rule_var_address);
986  } else {
987  temp_rule_var_address = SCStrdup(rule_var_address);
988  if (unlikely(temp_rule_var_address == NULL))
989  goto error;
990  }
991 
992 
993  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
994  (negate + n_set) % 2, var_list) < 0)
995  {
996  if (temp_rule_var_address != rule_var_address)
997  SCFree(temp_rule_var_address);
998  goto error;
999  }
1000  d_set = 0;
1001  n_set = 0;
1002  SCFree(temp_rule_var_address);
1003  } else {
1004  address[x - 1] = '\0';
1005 
1006  if (!((negate + n_set) % 2)) {
1007  SCLogDebug("DetectAddressSetup into gh, %s", address);
1008  if (DetectAddressSetup(gh, address) < 0)
1009  goto error;
1010  } else {
1011  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1012  if (DetectAddressSetup(ghn, address) < 0)
1013  goto error;
1014  }
1015  n_set = 0;
1016  }
1017  x = 0;
1018  } else if (depth == 0 && s[u] == '$') {
1019  d_set = 1;
1020  } else if (depth == 0 && u == size - 1) {
1021  if (x == sizeof(address)) {
1022  address[x - 1] = '\0';
1023  } else {
1024  address[x] = '\0';
1025  }
1026  x = 0;
1027 
1028  if (AddVariableToResolveList(var_list, address) == -1) {
1029  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
1030  "groups declaration. This is likely a misconfiguration.");
1031  goto error;
1032  }
1033 
1034  if (d_set == 1) {
1035  rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
1037  if (rule_var_address == NULL)
1038  goto error;
1039 
1040  if (strlen(rule_var_address) == 0) {
1041  SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
1042  "to nothing. This is likely a misconfiguration. "
1043  "Note that a negated address needs to be quoted, "
1044  "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
1045  goto error;
1046  }
1047 
1048  SCLogDebug("rule_var_address %s", rule_var_address);
1049  if ((negate + n_set) % 2) {
1050  temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
1051  if (unlikely(temp_rule_var_address == NULL))
1052  goto error;
1053  snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
1054  "[%s]", rule_var_address);
1055  } else {
1056  temp_rule_var_address = SCStrdup(rule_var_address);
1057  if (unlikely(temp_rule_var_address == NULL))
1058  goto error;
1059  }
1060 
1061  if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
1062  (negate + n_set) % 2, var_list) < 0) {
1063  SCLogDebug("DetectAddressParse2 hates us");
1064  if (temp_rule_var_address != rule_var_address)
1065  SCFree(temp_rule_var_address);
1066  goto error;
1067  }
1068  d_set = 0;
1069  SCFree(temp_rule_var_address);
1070  } else {
1071  if (!((negate + n_set) % 2)) {
1072  SCLogDebug("DetectAddressSetup into gh, %s", address);
1073  if (DetectAddressSetup(gh, address) < 0) {
1074  SCLogDebug("DetectAddressSetup gh fail");
1075  goto error;
1076  }
1077  } else {
1078  SCLogDebug("DetectAddressSetup into ghn, %s", address);
1079  if (DetectAddressSetup(ghn, address) < 0) {
1080  SCLogDebug("DetectAddressSetup ghn fail");
1081  goto error;
1082  }
1083  }
1084  }
1085  n_set = 0;
1086  }
1087  }
1088  if (depth > 0) {
1089  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1090  "properly closed in \"%s\", %d missing closing brackets (]). "
1091  "Note: problem might be in a variable.", s, depth);
1092  goto error;
1093  } else if (depth < 0) {
1094  SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
1095  "properly opened in \"%s\", %d missing opening brackets ([). "
1096  "Note: problem might be in a variable.", s, depth*-1);
1097  goto error;
1098  }
1099 
1100  return 0;
1101 
1102 error:
1103 
1104  return -1;
1105 }
1106 
1107 /**
1108  * \internal
1109  * \brief See if the addresses and ranges in an address head cover the
1110  * entire ip space.
1111  *
1112  * \param gh Pointer to the DetectAddressHead to check.
1113  *
1114  * \retval 0 No.
1115  * \retval 1 Yes.
1116  *
1117  * \todo do the same for IPv6
1118  */
1119 static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1120 {
1122  if (r == 1)
1123  return 1;
1124 
1125  return 0;
1126 }
1127 
1128 /**
1129  * \brief Merge the + and the - list (+ positive match, - 'not' match)
1130  *
1131  * \param gh Pointer to the address head containing the non-NOT groups.
1132  * \param ghn Pointer to the address head containing the NOT groups.
1133  *
1134  * \retval 0 On success.
1135  * \retval -1 On failure.
1136  */
1138 {
1139  DetectAddress *ad;
1140  DetectAddress *ag, *ag2;
1141  int r = 0;
1142 
1143  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1144  ghn->ipv4_head);
1145 
1146  /* check if the negated list covers the entire ip space. If so
1147  * the user screwed up the rules/vars. */
1148  if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1149  SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
1150  "Rule address range is NIL. Probably have a !any or "
1151  "an address range that supplies a NULL address range");
1152  goto error;
1153  }
1154 
1155  /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1156  * not thingy. In that case we add a 0.0.0.0/0 first. */
1157  if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1158  r = DetectAddressSetup(gh, "0.0.0.0/0");
1159  if (r < 0) {
1160  SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1161  goto error;
1162  }
1163  }
1164  /* ... or ::/0 for ipv6 */
1165  if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1166  r = DetectAddressSetup(gh, "::/0");
1167  if (r < 0) {
1168  SCLogDebug("DetectAddressSetup for ::/0 failed");
1169  goto error;
1170  }
1171  }
1172 
1173  /* step 1: insert our ghn members into the gh list */
1174  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1175  /* work with a copy of the ad so we can easily clean up the ghn group
1176  * later. */
1177  ad = DetectAddressCopy(ag);
1178  if (ad == NULL) {
1179  SCLogDebug("DetectAddressCopy failed");
1180  goto error;
1181  }
1182 
1183  r = DetectAddressInsert(NULL, gh, ad);
1184  if (r < 0) {
1185  SCLogDebug("DetectAddressInsert failed");
1186  goto error;
1187  }
1188  }
1189  /* ... and the same for ipv6 */
1190  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1191  /* work with a copy of the ad so we can easily clean up the ghn group
1192  * later. */
1193  ad = DetectAddressCopy(ag);
1194  if (ad == NULL) {
1195  SCLogDebug("DetectAddressCopy failed");
1196  goto error;
1197  }
1198 
1199  r = DetectAddressInsert(NULL, gh, ad);
1200  if (r < 0) {
1201  SCLogDebug("DetectAddressInsert failed");
1202  goto error;
1203  }
1204  }
1205 #ifdef DEBUG
1206  DetectAddress *tmp_ad;
1207  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1208  DetectAddressPrint(tmp_ad);
1209  }
1210 #endif
1211  int ipv4_applied = 0;
1212  int ipv6_applied = 0;
1213 
1214  /* step 2: pull the address blocks that match our 'not' blocks */
1215  for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1216  SCLogDebug("ag %p", ag);
1217  DetectAddressPrint(ag);
1218 
1219  int applied = 0;
1220  for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1221  SCLogDebug("ag2 %p", ag2);
1222  DetectAddressPrint(ag2);
1223 
1224  r = DetectAddressCmp(ag, ag2);
1225  /* XXX more ??? */
1226  if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1227  if (ag2->prev == NULL)
1228  gh->ipv4_head = ag2->next;
1229  else
1230  ag2->prev->next = ag2->next;
1231 
1232  if (ag2->next != NULL)
1233  ag2->next->prev = ag2->prev;
1234 
1235  /* store the next ptr and remove the group */
1236  DetectAddress *next_ag2 = ag2->next;
1237  DetectAddressFree(ag2);
1238  ag2 = next_ag2;
1239  applied = 1;
1240  } else {
1241  ag2 = ag2->next;
1242  }
1243  }
1244 
1245  if (applied) {
1246  ipv4_applied++;
1247  }
1248  }
1249  /* ... and the same for ipv6 */
1250  for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1251  int applied = 0;
1252  for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1253  r = DetectAddressCmp(ag, ag2);
1254  if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1255  if (ag2->prev == NULL)
1256  gh->ipv6_head = ag2->next;
1257  else
1258  ag2->prev->next = ag2->next;
1259 
1260  if (ag2->next != NULL)
1261  ag2->next->prev = ag2->prev;
1262 
1263  /* store the next ptr and remove the group */
1264  DetectAddress *next_ag2 = ag2->next;
1265  DetectAddressFree(ag2);
1266  ag2 = next_ag2;
1267 
1268  SCLogDebug("applied");
1269  applied = 1;
1270  } else {
1271  ag2 = ag2->next;
1272  }
1273  }
1274  if (applied) {
1275  ipv6_applied++;
1276  }
1277  }
1278 #ifdef DEBUG
1279  for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1280  DetectAddressPrint(tmp_ad);
1281  }
1282  for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1283  DetectAddressPrint(tmp_ad);
1284  }
1285 #endif
1286  if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1287  int cnt = 0;
1288  for (ad = ghn->ipv4_head; ad; ad = ad->next)
1289  cnt++;
1290 
1291  if (ipv4_applied != cnt) {
1292  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
1293  "could be applied: %d != %d", cnt, ipv4_applied);
1294  goto error;
1295  }
1296 
1297  cnt = 0;
1298  for (ad = ghn->ipv6_head; ad; ad = ad->next)
1299  cnt++;
1300 
1301  if (ipv6_applied != cnt) {
1302  SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
1303  "could be applied: %d != %d", cnt, ipv6_applied);
1304  goto error;
1305  }
1306  }
1307 
1308  /* if the result is that we have no addresses we return error */
1309  if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1310  SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
1311  "merging addresses and negated addresses");
1312  goto error;
1313  }
1314 
1315  return 0;
1316 
1317 error:
1318  return -1;
1319 }
1320 
1322 {
1323  SCLogDebug("Testing address conf vars for any misconfigured values");
1324 
1325  ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1326 
1327  ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
1328  if (address_vars_node == NULL) {
1329  return 0;
1330  }
1331 
1332  DetectAddressHead *gh = NULL;
1333  DetectAddressHead *ghn = NULL;
1334 
1335  ConfNode *seq_node;
1336  TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1337  SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1338 
1339  gh = DetectAddressHeadInit();
1340  if (gh == NULL) {
1341  goto error;
1342  }
1343  ghn = DetectAddressHeadInit();
1344  if (ghn == NULL) {
1345  goto error;
1346  }
1347 
1348  if (seq_node->val == NULL) {
1350  "Address var \"%s\" probably has a sequence(something "
1351  "in brackets) value set without any quotes. Please "
1352  "quote it using \"..\".", seq_node->name);
1353  goto error;
1354  }
1355 
1356  int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0, &var_list);
1357 
1358  CleanVariableResolveList(&var_list);
1359 
1360  if (r < 0) {
1362  "failed to parse address var \"%s\" with value \"%s\". "
1363  "Please check it's syntax", seq_node->name, seq_node->val);
1364  goto error;
1365  }
1366 
1367  if (DetectAddressIsCompleteIPSpace(ghn)) {
1369  "address var - \"%s\" has the complete IP space negated "
1370  "with it's value \"%s\". Rule address range is NIL. "
1371  "Probably have a !any or an address range that supplies "
1372  "a NULL address range", seq_node->name, seq_node->val);
1373  goto error;
1374  }
1375 
1376  if (gh != NULL) {
1378  gh = NULL;
1379  }
1380  if (ghn != NULL) {
1381  DetectAddressHeadFree(ghn);
1382  ghn = NULL;
1383  }
1384  }
1385 
1386  return 0;
1387  error:
1388  if (gh != NULL)
1390  if (ghn != NULL)
1391  DetectAddressHeadFree(ghn);
1392  return -1;
1393 }
1394 
1395 #include "util-hash-lookup3.h"
1396 
1397 typedef struct DetectAddressMap_ {
1398  char *string;
1401 
1402 static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1403 {
1404  const DetectAddressMap *map = (DetectAddressMap *)data;
1405  uint32_t hash = 0;
1406 
1407  hash = hashlittle_safe(map->string, strlen(map->string), 0);
1408  hash %= ht->array_size;
1409 
1410  return hash;
1411 }
1412 
1413 static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1414  uint16_t len2)
1415 {
1416  DetectAddressMap *map1 = (DetectAddressMap *)data1;
1417  DetectAddressMap *map2 = (DetectAddressMap *)data2;
1418 
1419 
1420  int r = (strcmp(map1->string, map2->string) == 0);
1421  return r;
1422 }
1423 
1424 static void DetectAddressMapFreeFunc(void *data)
1425 {
1426  DetectAddressMap *map = (DetectAddressMap *)data;
1427  if (map != NULL) {
1429  SCFree(map->string);
1430  }
1431  SCFree(map);
1432 }
1433 
1435 {
1436  de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1437  DetectAddressMapCompareFunc,
1438  DetectAddressMapFreeFunc);
1439  if (de_ctx->address_table == NULL)
1440  return -1;
1441 
1442  return 0;
1443 }
1444 
1446 {
1447  if (de_ctx->address_table == NULL)
1448  return;
1449 
1451  de_ctx->address_table = NULL;
1452  return;
1453 }
1454 
1455 static int DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1457 {
1458  DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1459  if (map == NULL)
1460  return -1;
1461 
1462  map->string = SCStrdup(string);
1463  if (map->string == NULL) {
1464  SCFree(map);
1465  return -1;
1466  }
1467  map->address = address;
1468 
1469  BUG_ON(HashListTableAdd(de_ctx->address_table, (void *)map, 0) != 0);
1470  return 0;
1471 }
1472 
1473 static const DetectAddressHead *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1474  const char *string)
1475 {
1476  DetectAddressMap map = { (char *)string, NULL };
1477 
1479  &map, 0);
1480  if (res == NULL)
1481  return NULL;
1482  else {
1483  return (const DetectAddressHead *)res->address;
1484  }
1485 }
1486 
1487 /**
1488  * \brief Parses an address group sent as a character string and updates the
1489  * DetectAddressHead sent as the argument with the relevant address
1490  * ranges from the parsed string.
1491  *
1492  * \param gh Pointer to the DetectAddressHead.
1493  * \param str Pointer to the character string containing the address group
1494  * that has to be parsed.
1495  *
1496  * \retval 0 On success.
1497  * \retval -1 On failure.
1498  */
1500  DetectAddressHead *gh, const char *str)
1501 {
1502  int r;
1503  DetectAddressHead *ghn = NULL;
1504 
1505  SCLogDebug("gh %p, str %s", gh, str);
1506 
1507  if (str == NULL) {
1508  SCLogDebug("DetectAddressParse can not be run with NULL address");
1509  goto error;
1510  }
1511 
1512  ghn = DetectAddressHeadInit();
1513  if (ghn == NULL) {
1514  SCLogDebug("DetectAddressHeadInit for ghn failed");
1515  goto error;
1516  }
1517 
1518  r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0, NULL);
1519  if (r < 0) {
1520  SCLogDebug("DetectAddressParse2 returned %d", r);
1521  goto error;
1522  }
1523 
1524  SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1525  ghn->ipv4_head);
1526 
1527  /* merge the 'not' address groups */
1528  if (DetectAddressMergeNot(gh, ghn) < 0) {
1529  SCLogDebug("DetectAddressMergeNot failed");
1530  goto error;
1531  }
1532 
1533  /* free the temp negate head */
1534  DetectAddressHeadFree(ghn);
1535  return 0;
1536 
1537 error:
1538  if (ghn != NULL)
1539  DetectAddressHeadFree(ghn);
1540  return -1;
1541 }
1542 
1544  const char *string)
1545 {
1546  const DetectAddressHead *h = DetectAddressMapLookup(de_ctx, string);
1547  if (h != NULL) {
1548  SCLogDebug("found: %s :: %p", string, h);
1549  return h;
1550  }
1551 
1552  SCLogDebug("%s not found", string);
1553 
1555  if (head == NULL)
1556  return NULL;
1557 
1558  if (DetectAddressParse(de_ctx, head, string) == -1)
1559  {
1560  DetectAddressHeadFree(head);
1561  return NULL;
1562  }
1563 
1564  DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head);
1565  return head;
1566 }
1567 
1568 /**
1569  * \brief Returns a new instance of DetectAddressHead.
1570  *
1571  * \retval gh Pointer to the new instance of DetectAddressHead.
1572  */
1574 {
1576  if (unlikely(gh == NULL))
1577  return NULL;
1578  memset(gh, 0, sizeof(DetectAddressHead));
1579 
1580  return gh;
1581 }
1582 
1583 /**
1584  * \brief Cleans a DetectAddressHead. The functions frees the 3 address
1585  * group heads(any, ipv4 and ipv6) inside the DetectAddressHead
1586  * instance.
1587  *
1588  * \param gh Pointer to the DetectAddressHead instance that has to be
1589  * cleaned.
1590  */
1592 {
1593  if (gh != NULL) {
1594  if (gh->any_head != NULL) {
1596  gh->any_head = NULL;
1597  }
1598  if (gh->ipv4_head != NULL) {
1600  gh->ipv4_head = NULL;
1601  }
1602  if (gh->ipv6_head != NULL) {
1604  gh->ipv6_head = NULL;
1605  }
1606  }
1607 
1608  return;
1609 }
1610 
1611 /**
1612  * \brief Frees a DetectAddressHead instance.
1613  *
1614  * \param gh Pointer to the DetectAddressHead instance to be freed.
1615  */
1617 {
1618  if (gh != NULL) {
1620  SCFree(gh);
1621  }
1622 
1623  return;
1624 }
1625 
1626 /**
1627  * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1628  * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1629  * explanations on what these functions do.
1630  *
1631  * \param de_ctx Pointer to the DetectEngineCtx.
1632  * \param a Pointer the the first address to be cut.
1633  * \param b Pointer to the second address to be cut.
1634  * \param c Pointer to a pointer to a third DetectAddressData, in case the
1635  * ranges from a and b, demand a third address range.
1636  *
1637  * \retval 0 On success.
1638  * \retval -1 On failure.
1639  */
1640 int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1641  DetectAddress *b, DetectAddress **c)
1642 {
1643  if (a->ip.family == AF_INET)
1644  return DetectAddressCutIPv4(de_ctx, a, b, c);
1645  else if (a->ip.family == AF_INET6)
1646  return DetectAddressCutIPv6(de_ctx, a, b, c);
1647 
1648  return -1;
1649 }
1650 
1651 /**
1652  * \brief Cuts a negated address range with respect to the entire ip range, and
1653  * supplies with the address range that doesn't belong to the negated
1654  * address range.
1655  *
1656  * There are 2 cases here -
1657  *
1658  * The first case includes the address being located at the extreme ends
1659  * of the ip space, in which we get a single range.
1660  * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1661  *
1662  * The second case includes the address not present at either of the
1663  * ip space extremes, in which case we get 2 ranges. The second range
1664  * would be supplied back with the argument "b" supplied to this function.
1665  * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1666  * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1667  *
1668  * The above negation cases can similarly be extended to ranges, i.e.
1669  * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1670  * ![10.20.30.40 - 10.20.30.50].
1671  *
1672  *
1673  * \param a Pointer to the DetectAddressData instance, that contains the negated
1674  * address range that has to be cut.
1675  * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1676  * filled with the address range, if the argument "a", doesn't fall at
1677  * the extreme ends of the ip address space.
1678  *
1679  * \retval 0 On success.
1680  * \retval -1 On failure.
1681  */
1682 int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1683 {
1684  if (a->ip.family == AF_INET)
1685  return DetectAddressCutNotIPv4(a, b);
1686  else if (a->ip.family == AF_INET6)
1687  return DetectAddressCutNotIPv6(a, b);
1688 
1689  return -1;
1690 }
1691 
1692 /**
1693  * \brief Used to compare 2 address ranges.
1694  *
1695  * \param a Pointer to the first DetectAddressData to be compared.
1696  * \param b Pointer to the second DetectAddressData to be compared.
1697  */
1699 {
1700  if (a->ip.family != b->ip.family)
1701  return ADDRESS_ER;
1702 
1703  /* check any */
1704  if ((a->flags & ADDRESS_FLAG_ANY) && (b->flags & ADDRESS_FLAG_ANY))
1705  return ADDRESS_EQ;
1706  else if (a->ip.family == AF_INET)
1707  return DetectAddressCmpIPv4(a, b);
1708  else if (a->ip.family == AF_INET6)
1709  return DetectAddressCmpIPv6(a, b);
1710 
1711  return ADDRESS_ER;
1712 }
1713 
1714 /**
1715  * \brief Match a packets address against a signatures addrs array
1716  *
1717  * \param addrs array of DetectMatchAddressIPv4's
1718  * \param addrs_cnt array size in members
1719  * \param a packets address
1720  *
1721  * \retval 0 no match
1722  * \retval 1 match
1723  *
1724  * \note addresses in addrs are in host order
1725  *
1726  * \todo array should be ordered, so we can break out of the loop
1727  */
1729  uint16_t addrs_cnt, const Address *a)
1730 {
1731  SCEnter();
1732 
1733  if (addrs == NULL || addrs_cnt == 0) {
1734  SCReturnInt(0);
1735  }
1736 
1737  uint16_t idx;
1738  for (idx = 0; idx < addrs_cnt; idx++) {
1739  if (SCNtohl(a->addr_data32[0]) >= addrs[idx].ip &&
1740  SCNtohl(a->addr_data32[0]) <= addrs[idx].ip2)
1741  {
1742  SCReturnInt(1);
1743  }
1744  }
1745 
1746  SCReturnInt(0);
1747 }
1748 
1749 /**
1750  * \brief Match a packets address against a signatures addrs array
1751  *
1752  * \param addrs array of DetectMatchAddressIPv6's
1753  * \param addrs_cnt array size in members
1754  * \param a packets address
1755  *
1756  * \retval 0 no match
1757  * \retval 1 match
1758  *
1759  * \note addresses in addrs are in host order
1760  *
1761  * \todo array should be ordered, so we can break out of the loop
1762  */
1764  uint16_t addrs_cnt, const Address *a)
1765 {
1766  SCEnter();
1767 
1768  if (addrs == NULL || addrs_cnt == 0) {
1769  SCReturnInt(0);
1770  }
1771 
1772  uint16_t idx;
1773  int i = 0;
1774  uint16_t result1, result2;
1775 
1776  /* See if the packet address is within the range of any entry in the
1777  * signature's address match array.
1778  */
1779  for (idx = 0; idx < addrs_cnt; idx++) {
1780  result1 = result2 = 0;
1781 
1782  /* See if packet address equals either limit. Return 1 if true. */
1783  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip[0] &&
1784  SCNtohl(a->addr_data32[1]) == addrs[idx].ip[1] &&
1785  SCNtohl(a->addr_data32[2]) == addrs[idx].ip[2] &&
1786  SCNtohl(a->addr_data32[3]) == addrs[idx].ip[3])
1787  {
1788  SCReturnInt(1);
1789  }
1790  if (SCNtohl(a->addr_data32[0]) == addrs[idx].ip2[0] &&
1791  SCNtohl(a->addr_data32[1]) == addrs[idx].ip2[1] &&
1792  SCNtohl(a->addr_data32[2]) == addrs[idx].ip2[2] &&
1793  SCNtohl(a->addr_data32[3]) == addrs[idx].ip2[3])
1794  {
1795  SCReturnInt(1);
1796  }
1797 
1798  /* See if packet address is greater than lower limit
1799  * of the current signature address match pair.
1800  */
1801  for (i = 0; i < 4; i++) {
1802  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip[i]) {
1803  result1 = 1;
1804  break;
1805  }
1806  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip[i]) {
1807  result1 = 0;
1808  break;
1809  }
1810  }
1811 
1812  /* If not greater than lower limit, try next address match entry */
1813  if (result1 == 0)
1814  continue;
1815 
1816  /* See if packet address is less than upper limit
1817  * of the current signature address match pair.
1818  */
1819  for (i = 0; i < 4; i++) {
1820  if (SCNtohl(a->addr_data32[i]) < addrs[idx].ip2[i]) {
1821  result2 = 1;
1822  break;
1823  }
1824  if (SCNtohl(a->addr_data32[i]) > addrs[idx].ip2[i]) {
1825  result2 = 0;
1826  break;
1827  }
1828  }
1829 
1830  /* Return a match if packet address is between the two
1831  * signature address match limits.
1832  */
1833  if (result1 == 1 && result2 == 1)
1834  SCReturnInt(1);
1835  }
1836 
1837  SCReturnInt(0);
1838 }
1839 
1840 /**
1841  * \brief Check if a particular address(ipv4 or ipv6) matches the address
1842  * range in the DetectAddress instance.
1843  *
1844  * We basically check that the address falls inbetween the address
1845  * range in DetectAddress.
1846  *
1847  * \param dd Pointer to the DetectAddress instance.
1848  * \param a Pointer to an Address instance.
1849  *
1850  * \param 1 On a match.
1851  * \param 0 On no match.
1852  */
1854 {
1855  SCEnter();
1856 
1857  if (dd->ip.family != a->family) {
1858  SCReturnInt(0);
1859  }
1860 
1861  //DetectAddressPrint(dd);
1862  //AddressDebugPrint(a);
1863 
1864  switch (a->family) {
1865  case AF_INET:
1866 
1867  /* XXX figure out a way to not need to do this SCNtohl if we switch to
1868  * Address inside DetectAddressData we can do uint8_t checks */
1869  if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1870  SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1871  {
1872  SCReturnInt(1);
1873  } else {
1874  SCReturnInt(0);
1875  }
1876 
1877  break;
1878  case AF_INET6:
1879  if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1880  AddressIPv6Le(a, &dd->ip2) == 1)
1881  {
1882  SCReturnInt(1);
1883  } else {
1884  SCReturnInt(0);
1885  }
1886 
1887  break;
1888  default:
1889  SCLogDebug("What other address type can we have :-/");
1890  break;
1891  }
1892 
1893  SCReturnInt(0);
1894 }
1895 
1896 /**
1897  * \brief Prints the address data held by the DetectAddress. If the
1898  * address data family is any, we print "ANY". If the address data
1899  * family is IPv4, we print the the ipv4 address and mask, and if the
1900  * address data family is IPv6, we print the ipv6 address and mask.
1901  *
1902  * \param ad Pointer to the DetectAddress instance to be printed.
1903  */
1905 {
1906  if (gr == NULL)
1907  return;
1908 
1909  if (gr->flags & ADDRESS_FLAG_ANY) {
1910  SCLogDebug("ANY");
1911  } else if (gr->ip.family == AF_INET) {
1912  struct in_addr in;
1913  char ip[16], mask[16];
1914 
1915  memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1916  PrintInet(AF_INET, &in, ip, sizeof(ip));
1917  memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1918  PrintInet(AF_INET, &in, mask, sizeof(mask));
1919 
1920  SCLogDebug("%s/%s", ip, mask);
1921 // printf("%s/%s", ip, mask);
1922  } else if (gr->ip.family == AF_INET6) {
1923  struct in6_addr in6;
1924  char ip[66], mask[66];
1925 
1926  memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1927  PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1928  memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1929  PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1930 
1931  SCLogDebug("%s/%s", ip, mask);
1932 // printf("%s/%s", ip, mask);
1933  }
1934 
1935  return;
1936 }
1937 
1938 /**
1939  * \brief Find the group matching address in a group head.
1940  *
1941  * \param gh Pointer to the address group head(DetectAddressHead instance).
1942  * \param a Pointer to an Address instance.
1943  *
1944  * \retval g On success pointer to an DetectAddress if we find a match
1945  * for the Address "a", in the DetectAddressHead "gh".
1946  */
1948 {
1949  SCEnter();
1950 
1951  DetectAddress *g;
1952 
1953  if (gh == NULL) {
1954  SCReturnPtr(NULL, "DetectAddress");
1955  }
1956 
1957  /* XXX should we really do this check every time we run this function? */
1958  if (a->family == AF_INET) {
1959  SCLogDebug("IPv4");
1960  g = gh->ipv4_head;
1961  } else if (a->family == AF_INET6) {
1962  SCLogDebug("IPv6");
1963  g = gh->ipv6_head;
1964  } else {
1965  SCLogDebug("ANY");
1966  g = gh->any_head;
1967  }
1968 
1969  for ( ; g != NULL; g = g->next) {
1970  if (DetectAddressMatch(g,a) == 1) {
1971  SCReturnPtr(g, "DetectAddress");
1972  }
1973  }
1974 
1975  SCReturnPtr(NULL, "DetectAddress");
1976 }
1977 
1978 /********************************Unittests*************************************/
1979 
1980 #ifdef UNITTESTS
1981 
1982 static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1983 {
1984  char str1[46] = "", str2[46] = "";
1985 
1986  if (ad == NULL)
1987  return FALSE;
1988 
1989  switch(ad->ip.family) {
1990  case AF_INET:
1991  PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1992  SCLogDebug("%s", str1);
1993  PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1994  SCLogDebug("%s", str2);
1995 
1996  if (strcmp(str1, one) != 0) {
1997  SCLogInfo("%s != %s", str1, one);
1998  return FALSE;
1999  }
2000 
2001  if (strcmp(str2, two) != 0) {
2002  SCLogInfo("%s != %s", str2, two);
2003  return FALSE;
2004  }
2005 
2006  return TRUE;
2007  break;
2008 
2009  case AF_INET6:
2010  PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
2011  SCLogDebug("%s", str1);
2012  PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
2013  SCLogDebug("%s", str2);
2014 
2015  if (strcmp(str1, one) != 0) {
2016  SCLogInfo("%s != %s", str1, one);
2017  return FALSE;
2018  }
2019 
2020  if (strcmp(str2, two) != 0) {
2021  SCLogInfo("%s != %s", str2, two);
2022  return FALSE;
2023  }
2024 
2025  return TRUE;
2026  break;
2027  }
2028 
2029  return FALSE;
2030 }
2031 
2033  const char *one;
2034  const char *two;
2036 
2037 static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
2038 {
2039  int expect = nranges;
2040  int have = 0;
2041 
2042  if (gh == NULL)
2043  return FALSE;
2044 
2045  DetectAddress *ad = NULL;
2046  ad = gh->ipv4_head;
2047  if (ad == NULL)
2048  ad = gh->ipv6_head;
2049  while (have < expect) {
2050  if (ad == NULL) {
2051  printf("bad head: have %d ranges, expected %d: ", have, expect);
2052  return FALSE;
2053  }
2054 
2055  if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE)
2056  return FALSE;
2057 
2058  ad = ad->next;
2059  have++;
2060  }
2061 
2062  return TRUE;
2063 }
2064 
2065 static int AddressTestParse01(void)
2066 {
2067  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2068 
2069  if (dd) {
2070  DetectAddressFree(dd);
2071  return 1;
2072  }
2073 
2074  return 0;
2075 }
2076 
2077 static int AddressTestParse02(void)
2078 {
2079  int result = 1;
2080  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
2081 
2082  if (dd) {
2083  if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
2084  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2085  result = 0;
2086  }
2087 
2088  printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
2089  DetectAddressFree(dd);
2090  return result;
2091  }
2092 
2093  return 0;
2094 }
2095 
2096 static int AddressTestParse03(void)
2097 {
2098  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2099 
2100  if (dd) {
2101  DetectAddressFree(dd);
2102  return 1;
2103  }
2104 
2105  return 0;
2106 }
2107 
2108 static int AddressTestParse04(void)
2109 {
2110  int result = 1;
2111  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
2112 
2113  if (dd) {
2114  if (dd->ip.addr_data32[0] != SCNtohl(16909056)||
2115  dd->ip2.addr_data32[0] != SCNtohl(16909311)) {
2116  result = 0;
2117  }
2118 
2119  DetectAddressFree(dd);
2120  return result;
2121  }
2122 
2123  return 0;
2124 }
2125 
2126 static int AddressTestParse05(void)
2127 {
2128  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2129 
2130  if (dd) {
2131  DetectAddressFree(dd);
2132  return 1;
2133  }
2134 
2135  return 0;
2136 }
2137 
2138 static int AddressTestParse06(void)
2139 {
2140  int result = 1;
2141  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2142 
2143  if (dd) {
2144  if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2145  dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2146  result = 0;
2147  }
2148 
2149  DetectAddressFree(dd);
2150  return result;
2151  }
2152 
2153  return 0;
2154 }
2155 
2156 static int AddressTestParse07(void)
2157 {
2158  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2159 
2160  if (dd) {
2161  DetectAddressFree(dd);
2162  return 1;
2163  }
2164 
2165  return 0;
2166 }
2167 
2168 static int AddressTestParse08(void)
2169 {
2170  int result = 1;
2171  DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2172 
2173  if (dd) {
2174  if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2175  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2176 
2177  dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2178  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2179  DetectAddressPrint(dd);
2180  result = 0;
2181  }
2182 
2183  DetectAddressFree(dd);
2184  return result;
2185  }
2186 
2187  return 0;
2188 }
2189 
2190 static int AddressTestParse09(void)
2191 {
2192  DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2193 
2194  if (dd) {
2195  DetectAddressFree(dd);
2196  return 1;
2197  }
2198 
2199  return 0;
2200 }
2201 
2202 static int AddressTestParse10(void)
2203 {
2204  int result = 1;
2205  DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2206 
2207  if (dd) {
2208  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2209  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2210 
2211  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2212  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2213  DetectAddressPrint(dd);
2214  result = 0;
2215  }
2216 
2217  DetectAddressFree(dd);
2218  return result;
2219  }
2220 
2221  return 0;
2222 }
2223 
2224 static int AddressTestParse11(void)
2225 {
2226  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2227 
2228  if (dd) {
2229  DetectAddressFree(dd);
2230  return 1;
2231  }
2232 
2233  return 0;
2234 }
2235 
2236 static int AddressTestParse12(void)
2237 {
2238  int result = 1;
2239  DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2240 
2241  if (dd) {
2242  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2243  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2244 
2245  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2246  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2247  DetectAddressPrint(dd);
2248  result = 0;
2249  }
2250 
2251  DetectAddressFree(dd);
2252  return result;
2253  }
2254 
2255  return 0;
2256 }
2257 static int AddressTestParse13(void)
2258 {
2259  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2260 
2261  if (dd) {
2262  DetectAddressFree(dd);
2263  return 1;
2264  }
2265 
2266  return 0;
2267 }
2268 
2269 static int AddressTestParse14(void)
2270 {
2271  int result = 1;
2272  DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2273 
2274  if (dd) {
2275  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2276  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2277 
2278  dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2279  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2280  result = 0;
2281  }
2282 
2283  DetectAddressFree(dd);
2284  return result;
2285  }
2286 
2287  return 0;
2288 }
2289 
2290 static int AddressTestParse15(void)
2291 {
2292  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2293 
2294  if (dd) {
2295  DetectAddressFree(dd);
2296  return 1;
2297  }
2298 
2299  return 0;
2300 }
2301 
2302 static int AddressTestParse16(void)
2303 {
2304  int result = 1;
2305  DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2306 
2307  if (dd) {
2308  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2309  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2310 
2311  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2312  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2313  result = 0;
2314  }
2315 
2316  DetectAddressFree(dd);
2317  return result;
2318  }
2319 
2320  return 0;
2321 }
2322 
2323 static int AddressTestParse17(void)
2324 {
2325  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2326 
2327  if (dd) {
2328  DetectAddressFree(dd);
2329  return 1;
2330  }
2331 
2332  return 0;
2333 }
2334 
2335 static int AddressTestParse18(void)
2336 {
2337  int result = 1;
2338  DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2339 
2340  if (dd) {
2341  if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2342  dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2343  result = 0;
2344  }
2345 
2346  DetectAddressFree(dd);
2347  return result;
2348  }
2349 
2350  return 0;
2351 }
2352 
2353 static int AddressTestParse19(void)
2354 {
2355  DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2356 
2357  if (dd) {
2358  DetectAddressFree(dd);
2359  return 0;
2360  }
2361 
2362  return 1;
2363 }
2364 
2365 static int AddressTestParse20(void)
2366 {
2367  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2368 
2369  if (dd) {
2370  DetectAddressFree(dd);
2371  return 1;
2372  }
2373 
2374  return 0;
2375 }
2376 
2377 static int AddressTestParse21(void)
2378 {
2379  int result = 1;
2380  DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2381 
2382  if (dd) {
2383  if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2384  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2385 
2386  dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2387  dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2388  result = 0;
2389  }
2390 
2391  DetectAddressFree(dd);
2392  return result;
2393  }
2394 
2395  return 0;
2396 }
2397 
2398 static int AddressTestParse22(void)
2399 {
2400  DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2401 
2402  if (dd) {
2403  DetectAddressFree(dd);
2404  return 0;
2405  }
2406 
2407  return 1;
2408 }
2409 
2410 static int AddressTestParse23(void)
2411 {
2412  DetectAddress *dd = DetectAddressParseSingle("any");
2413 
2414  if (dd) {
2415  DetectAddressFree(dd);
2416  return 1;
2417  }
2418 
2419  return 0;
2420 }
2421 
2422 static int AddressTestParse24(void)
2423 {
2424  DetectAddress *dd = DetectAddressParseSingle("Any");
2425 
2426  if (dd) {
2427  DetectAddressFree(dd);
2428  return 1;
2429  }
2430 
2431  return 0;
2432 }
2433 
2434 static int AddressTestParse25(void)
2435 {
2436  DetectAddress *dd = DetectAddressParseSingle("ANY");
2437 
2438  if (dd) {
2439  DetectAddressFree(dd);
2440  return 1;
2441  }
2442 
2443  return 0;
2444 }
2445 
2446 static int AddressTestParse26(void)
2447 {
2448  int result = 0;
2449  DetectAddress *dd = DetectAddressParseSingle("any");
2450 
2451  if (dd) {
2452  if (dd->flags & ADDRESS_FLAG_ANY)
2453  result = 1;
2454 
2455  DetectAddressFree(dd);
2456  return result;
2457  }
2458 
2459  return 0;
2460 }
2461 
2462 static int AddressTestParse27(void)
2463 {
2464  DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2465 
2466  if (dd) {
2467  DetectAddressFree(dd);
2468  return 1;
2469  }
2470 
2471  return 0;
2472 }
2473 
2474 static int AddressTestParse28(void)
2475 {
2476  int result = 0;
2477  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2478 
2479  if (dd) {
2480  if (dd->flags & ADDRESS_FLAG_NOT &&
2481  dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2482  result = 1;
2483  }
2484 
2485  DetectAddressFree(dd);
2486  return result;
2487  }
2488 
2489  return 0;
2490 }
2491 
2492 static int AddressTestParse29(void)
2493 {
2494  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2495 
2496  if (dd) {
2497  DetectAddressFree(dd);
2498  return 1;
2499  }
2500 
2501  return 0;
2502 }
2503 
2504 static int AddressTestParse30(void)
2505 {
2506  int result = 0;
2507  DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2508 
2509  if (dd) {
2510  if (dd->flags & ADDRESS_FLAG_NOT &&
2511  dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2512  dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2513  result = 1;
2514  }
2515 
2516  DetectAddressFree(dd);
2517  return result;
2518  }
2519 
2520  return 0;
2521 }
2522 
2523 /**
2524  * \test make sure !any is rejected
2525  */
2526 static int AddressTestParse31(void)
2527 {
2528  DetectAddress *dd = DetectAddressParseSingle("!any");
2529 
2530  if (dd) {
2531  DetectAddressFree(dd);
2532  return 0;
2533  }
2534 
2535  return 1;
2536 }
2537 
2538 static int AddressTestParse32(void)
2539 {
2540  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2541 
2542  if (dd) {
2543  DetectAddressFree(dd);
2544  return 1;
2545  }
2546 
2547  return 0;
2548 }
2549 
2550 static int AddressTestParse33(void)
2551 {
2552  int result = 0;
2553  DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2554 
2555  if (dd) {
2556  if (dd->flags & ADDRESS_FLAG_NOT &&
2557  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2558  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2559  result = 1;
2560  }
2561 
2562  DetectAddressFree(dd);
2563  return result;
2564  }
2565 
2566  return 0;
2567 }
2568 
2569 static int AddressTestParse34(void)
2570 {
2571  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2572 
2573  if (dd) {
2574  DetectAddressFree(dd);
2575  return 1;
2576  }
2577 
2578  return 0;
2579 }
2580 
2581 static int AddressTestParse35(void)
2582 {
2583  int result = 0;
2584  DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2585 
2586  if (dd) {
2587  if (dd->flags & ADDRESS_FLAG_NOT &&
2588  dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2589  dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2590 
2591  dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2592  dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2593  result = 1;
2594  }
2595 
2596  DetectAddressFree(dd);
2597  return result;
2598  }
2599 
2600  return 0;
2601 }
2602 
2603 static int AddressTestParse36(void)
2604 {
2605  int result = 1;
2606  DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2607 
2608  if (dd) {
2609  if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2610  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2611 
2612  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2613  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2614 
2615  DetectAddressPrint(dd);
2616  result = 0;
2617  }
2618  DetectAddressPrint(dd);
2619 
2620  DetectAddressFree(dd);
2621  return result;
2622  }
2623 
2624  return 0;
2625 }
2626 
2627 static int AddressTestParse37(void)
2628 {
2629  int result = 1;
2630  DetectAddress *dd = DetectAddressParseSingle("::/0");
2631 
2632  if (dd) {
2633  if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2634  dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2635 
2636  dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2637  dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2638  DetectAddressPrint(dd);
2639  result = 0;
2640  }
2641  DetectAddressPrint(dd);
2642 
2643  DetectAddressFree(dd);
2644  return result;
2645  }
2646 
2647  return 0;
2648 }
2649 
2650 static int AddressTestMatch01(void)
2651 {
2652  DetectAddress *dd = NULL;
2653  int result = 1;
2654  struct in_addr in;
2655  Address a;
2656 
2657  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2658  return 0;
2659  memset(&a, 0, sizeof(Address));
2660  a.family = AF_INET;
2661  a.addr_data32[0] = in.s_addr;
2662 
2663  dd = DetectAddressParseSingle("1.2.3.4/24");
2664  if (dd) {
2665  if (DetectAddressMatch(dd, &a) == 0)
2666  result = 0;
2667 
2668  DetectAddressFree(dd);
2669  return result;
2670  }
2671 
2672  return 0;
2673 }
2674 
2675 static int AddressTestMatch02(void)
2676 {
2677  DetectAddress *dd = NULL;
2678  int result = 1;
2679  struct in_addr in;
2680  Address a;
2681 
2682  if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2683  return 0;
2684  memset(&a, 0, sizeof(Address));
2685  a.family = AF_INET;
2686  a.addr_data32[0] = in.s_addr;
2687 
2688  dd = DetectAddressParseSingle("1.2.3.4/25");
2689  if (dd) {
2690  if (DetectAddressMatch(dd, &a) == 0)
2691  result = 0;
2692 
2693  DetectAddressFree(dd);
2694  return result;
2695  }
2696 
2697  return 0;
2698 }
2699 
2700 static int AddressTestMatch03(void)
2701 {
2702  DetectAddress *dd = NULL;
2703  int result = 1;
2704  struct in_addr in;
2705  Address a;
2706 
2707  if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2708  return 0;
2709  memset(&a, 0, sizeof(Address));
2710  a.family = AF_INET;
2711  a.addr_data32[0] = in.s_addr;
2712 
2713  dd = DetectAddressParseSingle("1.2.3.4/25");
2714  if (dd) {
2715  if (DetectAddressMatch(dd, &a) == 1)
2716  result = 0;
2717 
2718  DetectAddressFree(dd);
2719  return result;
2720  }
2721 
2722  return 0;
2723 }
2724 
2725 static int AddressTestMatch04(void)
2726 {
2727  DetectAddress *dd = NULL;
2728  int result = 1;
2729  struct in_addr in;
2730  Address a;
2731 
2732  if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2733  return 0;
2734  memset(&a, 0, sizeof(Address));
2735  a.family = AF_INET;
2736  a.addr_data32[0] = in.s_addr;
2737 
2738  dd = DetectAddressParseSingle("1.2.3.4/25");
2739  if (dd) {
2740  if (DetectAddressMatch(dd, &a) == 1)
2741  result = 0;
2742 
2743  DetectAddressFree(dd);
2744  return result;
2745  }
2746 
2747  return 0;
2748 }
2749 
2750 static int AddressTestMatch05(void)
2751 {
2752  DetectAddress *dd = NULL;
2753  int result = 1;
2754  struct in_addr in;
2755  Address a;
2756 
2757  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2758  return 0;
2759  memset(&a, 0, sizeof(Address));
2760  a.family = AF_INET;
2761  a.addr_data32[0] = in.s_addr;
2762 
2763  dd = DetectAddressParseSingle("1.2.3.4/32");
2764  if (dd) {
2765  if (DetectAddressMatch(dd, &a) == 0)
2766  result = 0;
2767 
2768  DetectAddressFree(dd);
2769  return result;
2770  }
2771 
2772  return 0;
2773 }
2774 
2775 static int AddressTestMatch06(void)
2776 {
2777  DetectAddress *dd = NULL;
2778  int result = 1;
2779  struct in_addr in;
2780  Address a;
2781 
2782  if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2783  return 0;
2784  memset(&a, 0, sizeof(Address));
2785  a.family = AF_INET;
2786  a.addr_data32[0] = in.s_addr;
2787 
2788  dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2789  if (dd) {
2790  if (DetectAddressMatch(dd, &a) == 0)
2791  result = 0;
2792 
2793  DetectAddressFree(dd);
2794  return result;
2795  }
2796 
2797  return 0;
2798 }
2799 
2800 static int AddressTestMatch07(void)
2801 {
2802  DetectAddress *dd = NULL;
2803  int result = 1;
2804  struct in6_addr in6;
2805  Address a;
2806 
2807  if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2808  return 0;
2809  memset(&a, 0, sizeof(Address));
2810  a.family = AF_INET6;
2811  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2812 
2813  dd = DetectAddressParseSingle("2001::/3");
2814  if (dd) {
2815  if (DetectAddressMatch(dd, &a) == 0)
2816  result = 0;
2817 
2818  DetectAddressFree(dd);
2819  return result;
2820  }
2821 
2822  return 0;
2823 }
2824 
2825 static int AddressTestMatch08(void)
2826 {
2827  DetectAddress *dd = NULL;
2828  int result = 1;
2829  struct in6_addr in6;
2830  Address a;
2831 
2832  if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2833  return 0;
2834  memset(&a, 0, sizeof(Address));
2835  a.family = AF_INET6;
2836  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2837 
2838  dd = DetectAddressParseSingle("2001::/3");
2839  if (dd) {
2840  if (DetectAddressMatch(dd, &a) == 1)
2841  result = 0;
2842 
2843  DetectAddressFree(dd);
2844  return result;
2845  }
2846 
2847  return 0;
2848 }
2849 
2850 static int AddressTestMatch09(void)
2851 {
2852  DetectAddress *dd = NULL;
2853  int result = 1;
2854  struct in6_addr in6;
2855  Address a;
2856 
2857  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2858  return 0;
2859  memset(&a, 0, sizeof(Address));
2860  a.family = AF_INET6;
2861  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2862 
2863  dd = DetectAddressParseSingle("2001::1/128");
2864  if (dd) {
2865  if (DetectAddressMatch(dd, &a) == 1)
2866  result = 0;
2867 
2868  DetectAddressFree(dd);
2869  return result;
2870  }
2871 
2872  return 0;
2873 }
2874 
2875 static int AddressTestMatch10(void)
2876 {
2877  DetectAddress *dd = NULL;
2878  int result = 1;
2879  struct in6_addr in6;
2880  Address a;
2881 
2882  if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2883  return 0;
2884  memset(&a, 0, sizeof(Address));
2885  a.family = AF_INET6;
2886  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2887 
2888  dd = DetectAddressParseSingle("2001::1/126");
2889  if (dd) {
2890  if (DetectAddressMatch(dd, &a) == 0)
2891  result = 0;
2892 
2893  DetectAddressFree(dd);
2894  return result;
2895  }
2896 
2897  return 0;
2898 }
2899 
2900 static int AddressTestMatch11(void)
2901 {
2902  DetectAddress *dd = NULL;
2903  int result = 1;
2904  struct in6_addr in6;
2905  Address a;
2906 
2907  if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2908  return 0;
2909  memset(&a, 0, sizeof(Address));
2910  a.family = AF_INET6;
2911  memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2912 
2913  dd = DetectAddressParseSingle("2001::1/127");
2914  if (dd) {
2915  if (DetectAddressMatch(dd, &a) == 1)
2916  result = 0;
2917 
2918  DetectAddressFree(dd);
2919  return result;
2920  }
2921 
2922  return 0;
2923 }
2924 
2925 static int AddressTestCmp01(void)
2926 {
2927  DetectAddress *da = NULL, *db = NULL;
2928  int result = 1;
2929 
2930  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2931  if (da == NULL) goto error;
2932  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2933  if (db == NULL) goto error;
2934 
2935  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2936  result = 0;
2937 
2938  DetectAddressFree(da);
2939  DetectAddressFree(db);
2940  return result;
2941 
2942 error:
2943  if (da) DetectAddressFree(da);
2944  if (db) DetectAddressFree(db);
2945  return 0;
2946 }
2947 
2948 static int AddressTestCmp02(void)
2949 {
2950  DetectAddress *da = NULL, *db = NULL;
2951  int result = 1;
2952 
2953  da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2954  if (da == NULL) goto error;
2955  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2956  if (db == NULL) goto error;
2957 
2958  if (DetectAddressCmp(da, db) != ADDRESS_EB)
2959  result = 0;
2960 
2961  DetectAddressFree(da);
2962  DetectAddressFree(db);
2963  return result;
2964 
2965 error:
2966  if (da) DetectAddressFree(da);
2967  if (db) DetectAddressFree(db);
2968  return 0;
2969 }
2970 
2971 static int AddressTestCmp03(void)
2972 {
2973  DetectAddress *da = NULL, *db = NULL;
2974  int result = 1;
2975 
2976  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2977  if (da == NULL) goto error;
2978  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2979  if (db == NULL) goto error;
2980 
2981  if (DetectAddressCmp(da, db) != ADDRESS_ES)
2982  result = 0;
2983 
2984  DetectAddressFree(da);
2985  DetectAddressFree(db);
2986  return result;
2987 
2988 error:
2989  if (da) DetectAddressFree(da);
2990  if (db) DetectAddressFree(db);
2991  return 0;
2992 }
2993 
2994 static int AddressTestCmp04(void)
2995 {
2996  DetectAddress *da = NULL, *db = NULL;
2997  int result = 1;
2998 
2999  da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
3000  if (da == NULL) goto error;
3001  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3002  if (db == NULL) goto error;
3003 
3004  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3005  result = 0;
3006 
3007  DetectAddressFree(da);
3008  DetectAddressFree(db);
3009  return result;
3010 
3011 error:
3012  if (da) DetectAddressFree(da);
3013  if (db) DetectAddressFree(db);
3014  return 0;
3015 }
3016 
3017 static int AddressTestCmp05(void)
3018 {
3019  DetectAddress *da = NULL, *db = NULL;
3020  int result = 1;
3021 
3022  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3023  if (da == NULL) goto error;
3024  db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
3025  if (db == NULL) goto error;
3026 
3027  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3028  result = 0;
3029 
3030  DetectAddressFree(da);
3031  DetectAddressFree(db);
3032  return result;
3033 
3034 error:
3035  if (da) DetectAddressFree(da);
3036  if (db) DetectAddressFree(db);
3037  return 0;
3038 }
3039 
3040 static int AddressTestCmp06(void)
3041 {
3042  DetectAddress *da = NULL, *db = NULL;
3043  int result = 1;
3044 
3045  da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
3046  if (da == NULL) goto error;
3047  db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
3048  if (db == NULL) goto error;
3049 
3050  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3051  result = 0;
3052 
3053  DetectAddressFree(da);
3054  DetectAddressFree(db);
3055  return result;
3056 
3057 error:
3058  if (da) DetectAddressFree(da);
3059  if (db) DetectAddressFree(db);
3060  return 0;
3061 }
3062 
3063 static int AddressTestCmpIPv407(void)
3064 {
3065  DetectAddress *da = NULL, *db = NULL;
3066  int result = 1;
3067 
3068  da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3069  if (da == NULL) goto error;
3070  db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3071  if (db == NULL) goto error;
3072 
3073  if (DetectAddressCmp(da, db) != ADDRESS_LE)
3074  result = 0;
3075 
3076  DetectAddressFree(da);
3077  DetectAddressFree(db);
3078  return result;
3079 
3080 error:
3081  if (da) DetectAddressFree(da);
3082  if (db) DetectAddressFree(db);
3083  return 0;
3084 }
3085 
3086 static int AddressTestCmpIPv408(void)
3087 {
3088  DetectAddress *da = NULL, *db = NULL;
3089  int result = 1;
3090 
3091  da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
3092  if (da == NULL) goto error;
3093  db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
3094  if (db == NULL) goto error;
3095 
3096  if (DetectAddressCmp(da, db) != ADDRESS_GE)
3097  result = 0;
3098 
3099  DetectAddressFree(da);
3100  DetectAddressFree(db);
3101  return result;
3102 
3103 error:
3104  if (da) DetectAddressFree(da);
3105  if (db) DetectAddressFree(db);
3106  return 0;
3107 }
3108 
3109 static int AddressTestCmp07(void)
3110 {
3111  DetectAddress *da = NULL, *db = NULL;
3112  int result = 1;
3113 
3114  da = DetectAddressParseSingle("2001::/3");
3115  if (da == NULL) goto error;
3116  db = DetectAddressParseSingle("2001::1/3");
3117  if (db == NULL) goto error;
3118 
3119  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3120  result = 0;
3121 
3122  DetectAddressFree(da);
3123  DetectAddressFree(db);
3124  return result;
3125 
3126 error:
3127  if (da) DetectAddressFree(da);
3128  if (db) DetectAddressFree(db);
3129  return 0;
3130 }
3131 
3132 static int AddressTestCmp08(void)
3133 {
3134  DetectAddress *da = NULL, *db = NULL;
3135  int result = 1;
3136 
3137  da = DetectAddressParseSingle("2001::/3");
3138  if (da == NULL) goto error;
3139  db = DetectAddressParseSingle("2001::/8");
3140  if (db == NULL) goto error;
3141 
3142  if (DetectAddressCmp(da, db) != ADDRESS_EB)
3143  result = 0;
3144 
3145  DetectAddressFree(da);
3146  DetectAddressFree(db);
3147  return result;
3148 
3149 error:
3150  if (da) DetectAddressFree(da);
3151  if (db) DetectAddressFree(db);
3152  return 0;
3153 }
3154 
3155 static int AddressTestCmp09(void)
3156 {
3157  DetectAddress *da = NULL, *db = NULL;
3158  int result = 1;
3159 
3160  da = DetectAddressParseSingle("2001::/8");
3161  if (da == NULL) goto error;
3162  db = DetectAddressParseSingle("2001::/3");
3163  if (db == NULL) goto error;
3164 
3165  if (DetectAddressCmp(da, db) != ADDRESS_ES)
3166  result = 0;
3167 
3168  DetectAddressFree(da);
3169  DetectAddressFree(db);
3170  return result;
3171 
3172 error:
3173  if (da) DetectAddressFree(da);
3174  if (db) DetectAddressFree(db);
3175  return 0;
3176 }
3177 
3178 static int AddressTestCmp10(void)
3179 {
3180  DetectAddress *da = NULL, *db = NULL;
3181  int result = 1;
3182 
3183  da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3184  if (da == NULL) goto error;
3185  db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3186  if (db == NULL) goto error;
3187 
3188  if (DetectAddressCmp(da, db) != ADDRESS_LT)
3189  result = 0;
3190 
3191  DetectAddressFree(da);
3192  DetectAddressFree(db);
3193  return result;
3194 
3195 error:
3196  if (da) DetectAddressFree(da);
3197  if (db) DetectAddressFree(db);
3198  return 0;
3199 }
3200 
3201 static int AddressTestCmp11(void)
3202 {
3203  DetectAddress *da = NULL, *db = NULL;
3204  int result = 1;
3205 
3206  da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3207  if (da == NULL) goto error;
3208  db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3209  if (db == NULL) goto error;
3210 
3211  if (DetectAddressCmp(da, db) != ADDRESS_GT)
3212  result = 0;
3213 
3214  DetectAddressFree(da);
3215  DetectAddressFree(db);
3216  return result;
3217 
3218 error:
3219  if (da) DetectAddressFree(da);
3220  if (db) DetectAddressFree(db);
3221  return 0;
3222 }
3223 
3224 static int AddressTestCmp12(void)
3225 {
3226  DetectAddress *da = NULL, *db = NULL;
3227  int result = 1;
3228 
3229  da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3230  if (da == NULL) goto error;
3231  db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3232  if (db == NULL) goto error;
3233 
3234  if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3235  result = 0;
3236 
3237  DetectAddressFree(da);
3238  DetectAddressFree(db);
3239  return result;
3240 
3241 error:
3242  if (da) DetectAddressFree(da);
3243  if (db) DetectAddressFree(db);
3244  return 0;
3245 }
3246 
3247 static int AddressTestAddressGroupSetup01(void)
3248 {
3249  int result = 0;
3251 
3252  if (gh != NULL) {
3253  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3254  if (r == 0)
3255  result = 1;
3256 
3258  }
3259  return result;
3260 }
3261 
3262 static int AddressTestAddressGroupSetup02(void)
3263 {
3264  int result = 0;
3266 
3267  if (gh != NULL) {
3268  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3269  if (r == 0 && gh->ipv4_head != NULL)
3270  result = 1;
3271 
3273  }
3274  return result;
3275 }
3276 
3277 static int AddressTestAddressGroupSetup03(void)
3278 {
3279  int result = 0;
3281 
3282  if (gh != NULL) {
3283  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3284  if (r == 0 && gh->ipv4_head != NULL) {
3285  DetectAddress *prev_head = gh->ipv4_head;
3286 
3287  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3288  if (r == 0 && gh->ipv4_head != prev_head &&
3289  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3290  result = 1;
3291  }
3292  }
3293 
3295  }
3296  return result;
3297 }
3298 
3299 static int AddressTestAddressGroupSetup04(void)
3300 {
3301  int result = 0;
3303 
3304  if (gh != NULL) {
3305  int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3306  if (r == 0 && gh->ipv4_head != NULL) {
3307  DetectAddress *prev_head = gh->ipv4_head;
3308 
3309  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3310  if (r == 0 && gh->ipv4_head != prev_head &&
3311  gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3312  DetectAddress *ph = gh->ipv4_head;
3313 
3314  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3315  if (r == 0 && gh->ipv4_head != ph &&
3316  gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3317  result = 1;
3318  }
3319  }
3320  }
3321 
3323  }
3324  return result;
3325 }
3326 
3327 static int AddressTestAddressGroupSetup05(void)
3328 {
3329  int result = 0;
3331 
3332  if (gh != NULL) {
3333  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3334  if (r == 0 && gh->ipv4_head != NULL) {
3335  DetectAddress *prev_head = gh->ipv4_head;
3336 
3337  r = DetectAddressParse(NULL, gh, "1.2.3.3");
3338  if (r == 0 && gh->ipv4_head == prev_head &&
3339  gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3340  DetectAddress *ph = gh->ipv4_head;
3341 
3342  r = DetectAddressParse(NULL, gh, "1.2.3.4");
3343  if (r == 0 && gh->ipv4_head == ph &&
3344  gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3345  result = 1;
3346  }
3347  }
3348  }
3349 
3351  }
3352  return result;
3353 }
3354 
3355 static int AddressTestAddressGroupSetup06(void)
3356 {
3357  int result = 0;
3359 
3360  if (gh != NULL) {
3361  int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3362  if (r == 0 && gh->ipv4_head != NULL) {
3363  DetectAddress *prev_head = gh->ipv4_head;
3364 
3365  r = DetectAddressParse(NULL, gh, "1.2.3.2");
3366  if (r == 0 && gh->ipv4_head == prev_head &&
3367  gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3368  result = 1;
3369  }
3370  }
3371 
3373  }
3374  return result;
3375 }
3376 
3377 static int AddressTestAddressGroupSetup07(void)
3378 {
3379  int result = 0;
3381 
3382  if (gh != NULL) {
3383  int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3384  if (r == 0 && gh->ipv4_head != NULL) {
3385  r = DetectAddressParse(NULL, gh, "10.10.10.10");
3386  if (r == 0 && gh->ipv4_head != NULL &&
3387  gh->ipv4_head->next != NULL &&
3388  gh->ipv4_head->next->next != NULL) {
3389  result = 1;
3390  }
3391  }
3392 
3394  }
3395  return result;
3396 }
3397 
3398 static int AddressTestAddressGroupSetup08(void)
3399 {
3400  int result = 0;
3402 
3403  if (gh != NULL) {
3404  int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3405  if (r == 0 && gh->ipv4_head != NULL) {
3406  r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3407  if (r == 0 && gh->ipv4_head != NULL &&
3408  gh->ipv4_head->next != NULL &&
3409  gh->ipv4_head->next->next != NULL) {
3410  result = 1;
3411  }
3412  }
3413 
3415  }
3416  return result;
3417 }
3418 
3419 static int AddressTestAddressGroupSetup09(void)
3420 {
3421  int result = 0;
3423 
3424  if (gh != NULL) {
3425  int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3426  if (r == 0 && gh->ipv4_head != NULL) {
3427  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3428  if (r == 0 && gh->ipv4_head != NULL &&
3429  gh->ipv4_head->next != NULL &&
3430  gh->ipv4_head->next->next != NULL) {
3431  result = 1;
3432  }
3433  }
3434 
3436  }
3437  return result;
3438 }
3439 
3440 static int AddressTestAddressGroupSetup10(void)
3441 {
3442  int result = 0;
3444 
3445  if (gh != NULL) {
3446  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3447  if (r == 0 && gh->ipv4_head != NULL) {
3448  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3449  if (r == 0 && gh->ipv4_head != NULL &&
3450  gh->ipv4_head->next != NULL &&
3451  gh->ipv4_head->next->next != NULL) {
3452  result = 1;
3453  }
3454  }
3455 
3457  }
3458  return result;
3459 }
3460 
3461 static int AddressTestAddressGroupSetup11(void)
3462 {
3463  int result = 0;
3465 
3466  if (gh != NULL) {
3467  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3468  if (r == 0) {
3469  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3470  if (r == 0) {
3471  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3472  if (r == 0) {
3473  DetectAddress *one = gh->ipv4_head, *two = one->next,
3474  *three = two->next, *four = three->next,
3475  *five = four->next;
3476 
3477  /* result should be:
3478  * 0.0.0.0/10.10.9.255
3479  * 10.10.10.0/10.10.10.9
3480  * 10.10.10.10/10.10.10.255
3481  * 10.10.11.0/10.10.11.1
3482  * 10.10.11.2/255.255.255.255
3483  */
3484  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3485  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3486  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3487  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3488  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3489  result = 1;
3490  }
3491  }
3492  }
3493  }
3494 
3496  }
3497  return result;
3498 }
3499 
3500 static int AddressTestAddressGroupSetup12 (void)
3501 {
3502  int result = 0;
3504 
3505  if (gh != NULL) {
3506  int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3507  if (r == 0) {
3508  r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3509  if (r == 0) {
3510  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3511  if (r == 0) {
3512  DetectAddress *one = gh->ipv4_head, *two = one->next,
3513  *three = two->next, *four = three->next,
3514  *five = four->next;
3515 
3516  /* result should be:
3517  * 0.0.0.0/10.10.9.255
3518  * 10.10.10.0/10.10.10.9
3519  * 10.10.10.10/10.10.10.255
3520  * 10.10.11.0/10.10.11.1
3521  * 10.10.11.2/255.255.255.255
3522  */
3523  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3524  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3525  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3526  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3527  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3528  result = 1;
3529  }
3530  }
3531  }
3532  }
3533 
3535  }
3536  return result;
3537 }
3538 
3539 static int AddressTestAddressGroupSetup13(void)
3540 {
3541  int result = 0;
3543 
3544  if (gh != NULL) {
3545  int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3546  if (r == 0) {
3547  r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3548  if (r == 0) {
3549  r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3550  if (r == 0) {
3551  DetectAddress *one = gh->ipv4_head, *two = one->next,
3552  *three = two->next, *four = three->next,
3553  *five = four->next;
3554 
3555  /* result should be:
3556  * 0.0.0.0/10.10.9.255
3557  * 10.10.10.0/10.10.10.9
3558  * 10.10.10.10/10.10.10.255
3559  * 10.10.11.0/10.10.11.1
3560  * 10.10.11.2/255.255.255.255
3561  */
3562  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3563  two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3564  three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3565  four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3566  five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3567  result = 1;
3568  }
3569  }
3570  }
3571  }
3572 
3574  }
3575  return result;
3576 }
3577 
3578 static int AddressTestAddressGroupSetupIPv414(void)
3579 {
3580  int result = 0;
3582 
3583  if (gh != NULL) {
3584  int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3585  if (r == 0) {
3586  DetectAddress *one = gh->ipv4_head;
3587  DetectAddress *two = one ? one->next : NULL;
3588 
3589  if (one && two) {
3590  /* result should be:
3591  * 0.0.0.0/1.2.3.3
3592  * 1.2.3.5/255.255.255.255
3593  */
3594  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(16909059) &&
3595  two->ip.addr_data32[0] == SCNtohl(16909061) && two->ip2.addr_data32[0] == 0xFFFFFFFF) {
3596  result = 1;
3597  } else {
3598  printf("unexpected addresses: ");
3599  }
3600  } else {
3601  printf("one %p two %p: ", one, two);
3602  }
3603  } else {
3604  printf("DetectAddressParse returned %d, expected 0: ", r);
3605  }
3606 
3608  }
3609  return result;
3610 }
3611 
3612 static int AddressTestAddressGroupSetupIPv415(void)
3613 {
3614  int result = 0;
3616 
3617  if (gh != NULL) {
3618  int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3619  if (r == 0) {
3620  DetectAddress *one = gh->ipv4_head;
3621 
3622  if (one && one->next == NULL) {
3623  /* result should be:
3624  * 0.0.0.1/255.255.255.255
3625  */
3626  if (one->ip.addr_data32[0] == SCNtohl(1) && one->ip2.addr_data32[0] == 0xFFFFFFFF)
3627  result = 1;
3628  }
3629  }
3630 
3632  }
3633  return result;
3634 }
3635 
3636 static int AddressTestAddressGroupSetupIPv416(void)
3637 {
3638  int result = 0;
3640 
3641  if (gh != NULL) {
3642  int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3643  if (r == 0) {
3644  DetectAddress *one = gh->ipv4_head;
3645 
3646  if (one && one->next == NULL) {
3647  /* result should be:
3648  * 0.0.0.0/255.255.255.254
3649  */
3650  if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(4294967294))
3651  result = 1;
3652  }
3653  }
3654 
3656  }
3657  return result;
3658 }
3659 
3660 static int AddressTestAddressGroupSetup14(void)
3661 {
3662  int result = 0;
3664 
3665  if (gh != NULL) {
3666  int r = DetectAddressParse(NULL, gh, "2001::1");
3667  if (r == 0)
3668  result = 1;
3669 
3671  }
3672  return result;
3673 }
3674 
3675 static int AddressTestAddressGroupSetup15(void)
3676 {
3677  int result = 0;
3679 
3680  if (gh != NULL) {
3681  int r = DetectAddressParse(NULL, gh, "2001::1");
3682  if (r == 0 && gh->ipv6_head != NULL)
3683  result = 1;
3684 
3686  }
3687  return result;
3688 }
3689 
3690 static int AddressTestAddressGroupSetup16(void)
3691 {
3692  int result = 0;
3694 
3695  if (gh != NULL) {
3696  int r = DetectAddressParse(NULL, gh, "2001::4");
3697  if (r == 0 && gh->ipv6_head != NULL) {
3698  DetectAddress *prev_head = gh->ipv6_head;
3699 
3700  r = DetectAddressParse(NULL, gh, "2001::3");
3701  if (r == 0 && gh->ipv6_head != prev_head &&
3702  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3703  result = 1;
3704  }
3705  }
3706 
3708  }
3709  return result;
3710 }
3711 
3712 static int AddressTestAddressGroupSetup17(void)
3713 {
3714  int result = 0;
3716 
3717  if (gh != NULL) {
3718  int r = DetectAddressParse(NULL, gh, "2001::4");
3719  if (r == 0 && gh->ipv6_head != NULL) {
3720  DetectAddress *prev_head = gh->ipv6_head;
3721 
3722  r = DetectAddressParse(NULL, gh, "2001::3");
3723  if (r == 0 && gh->ipv6_head != prev_head &&
3724  gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3725  DetectAddress *ph = gh->ipv6_head;
3726 
3727  r = DetectAddressParse(NULL, gh, "2001::2");
3728  if (r == 0 && gh->ipv6_head != ph &&
3729  gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3730  result = 1;
3731  }
3732  }
3733  }
3734 
3736  }
3737  return result;
3738 }
3739 
3740 static int AddressTestAddressGroupSetup18(void)
3741 {
3742  int result = 0;
3744 
3745  if (gh != NULL) {
3746  int r = DetectAddressParse(NULL, gh, "2001::2");
3747  if (r == 0 && gh->ipv6_head != NULL) {
3748  DetectAddress *prev_head = gh->ipv6_head;
3749 
3750  r = DetectAddressParse(NULL, gh, "2001::3");
3751  if (r == 0 && gh->ipv6_head == prev_head &&
3752  gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3753  DetectAddress *ph = gh->ipv6_head;
3754 
3755  r = DetectAddressParse(NULL, gh, "2001::4");
3756  if (r == 0 && gh->ipv6_head == ph &&
3757  gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3758  result = 1;
3759  }
3760  }
3761  }
3762 
3764  }
3765  return result;
3766 }
3767 
3768 static int AddressTestAddressGroupSetup19(void)
3769 {
3770  int result = 0;
3772 
3773  if (gh != NULL) {
3774  int r = DetectAddressParse(NULL, gh, "2001::2");
3775  if (r == 0 && gh->ipv6_head != NULL) {
3776  DetectAddress *prev_head = gh->ipv6_head;
3777 
3778  r = DetectAddressParse(NULL, gh, "2001::2");
3779  if (r == 0 && gh->ipv6_head == prev_head &&
3780  gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3781  result = 1;
3782  }
3783  }
3784 
3786  }
3787  return result;
3788 }
3789 
3790 static int AddressTestAddressGroupSetup20(void)
3791 {
3792  int result = 0;
3794 
3795  if (gh != NULL) {
3796  int r = DetectAddressParse(NULL, gh, "2000::/3");
3797  if (r == 0 && gh->ipv6_head != NULL) {
3798  r = DetectAddressParse(NULL, gh, "2001::4");
3799  if (r == 0 && gh->ipv6_head != NULL &&
3800  gh->ipv6_head->next != NULL &&
3801  gh->ipv6_head->next->next != NULL) {
3802  result = 1;
3803  }
3804  }
3805 
3807  }
3808  return result;
3809 }
3810 
3811 static int AddressTestAddressGroupSetup21(void)
3812 {
3813  int result = 0;
3815 
3816  if (gh != NULL) {
3817  int r = DetectAddressParse(NULL, gh, "2001::4");
3818  if (r == 0 && gh->ipv6_head != NULL) {
3819  r = DetectAddressParse(NULL, gh, "2000::/3");
3820  if (r == 0 && gh->ipv6_head != NULL &&
3821  gh->ipv6_head->next != NULL &&
3822  gh->ipv6_head->next->next != NULL) {
3823  result = 1;
3824  }
3825  }
3826 
3828  }
3829  return result;
3830 }
3831 
3832 static int AddressTestAddressGroupSetup22(void)
3833 {
3834  int result = 0;
3836 
3837  if (gh != NULL) {
3838  int r = DetectAddressParse(NULL, gh, "2000::/3");
3839  if (r == 0 && gh->ipv6_head != NULL) {
3840  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3841  if (r == 0 && gh->ipv6_head != NULL &&
3842  gh->ipv6_head->next != NULL &&
3843  gh->ipv6_head->next->next != NULL) {
3844  result = 1;
3845  }
3846  }
3847 
3849  }
3850  return result;
3851 }
3852 
3853 static int AddressTestAddressGroupSetup23(void)
3854 {
3855  int result = 0;
3857 
3858  if (gh != NULL) {
3859  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3860  if (r == 0 && gh->ipv6_head != NULL) {
3861  r = DetectAddressParse(NULL, gh, "2000::/3");
3862  if (r == 0 && gh->ipv6_head != NULL &&
3863  gh->ipv6_head->next != NULL &&
3864  gh->ipv6_head->next->next != NULL) {
3865  result = 1;
3866  }
3867  }
3868 
3870  }
3871  return result;
3872 }
3873 
3874 static int AddressTestAddressGroupSetup24(void)
3875 {
3876  int result = 0;
3878 
3879  if (gh != NULL) {
3880  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3881  if (r == 0) {
3882  r = DetectAddressParse(NULL, gh, "2001::/3");
3883  if (r == 0) {
3884  r = DetectAddressParse(NULL, gh, "::/0");
3885  if (r == 0) {
3886  DetectAddress *one = gh->ipv6_head, *two = one->next,
3887  *three = two->next, *four = three->next,
3888  *five = four->next;
3889  if (one->ip.addr_data32[0] == 0x00000000 &&
3890  one->ip.addr_data32[1] == 0x00000000 &&
3891  one->ip.addr_data32[2] == 0x00000000 &&
3892  one->ip.addr_data32[3] == 0x00000000 &&
3893  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3894  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3895  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3896  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3897 
3898  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3899  two->ip.addr_data32[1] == 0x00000000 &&
3900  two->ip.addr_data32[2] == 0x00000000 &&
3901  two->ip.addr_data32[3] == 0x00000000 &&
3902  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3903  two->ip2.addr_data32[1] == 0x00000000 &&
3904  two->ip2.addr_data32[2] == 0x00000000 &&
3905  two->ip2.addr_data32[3] == SCNtohl(3) &&
3906 
3907  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3908  three->ip.addr_data32[1] == 0x00000000 &&
3909  three->ip.addr_data32[2] == 0x00000000 &&
3910  three->ip.addr_data32[3] == SCNtohl(4) &&
3911  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3912  three->ip2.addr_data32[1] == 0x00000000 &&
3913  three->ip2.addr_data32[2] == 0x00000000 &&
3914  three->ip2.addr_data32[3] == SCNtohl(6) &&
3915 
3916  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3917  four->ip.addr_data32[1] == 0x00000000 &&
3918  four->ip.addr_data32[2] == 0x00000000 &&
3919  four->ip.addr_data32[3] == SCNtohl(7) &&
3920  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3921  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3922  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3923  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3924 
3925  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3926  five->ip.addr_data32[1] == 0x00000000 &&
3927  five->ip.addr_data32[2] == 0x00000000 &&
3928  five->ip.addr_data32[3] == 0x00000000 &&
3929  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3930  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3931  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3932  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3933  result = 1;
3934  }
3935  }
3936  }
3937  }
3938 
3940  }
3941  return result;
3942 }
3943 
3944 static int AddressTestAddressGroupSetup25(void)
3945 {
3946  int result = 0;
3948 
3949  if (gh != NULL) {
3950  int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3951  if (r == 0) {
3952  r = DetectAddressParse(NULL, gh, "::/0");
3953  if (r == 0) {
3954  r = DetectAddressParse(NULL, gh, "2001::/3");
3955  if (r == 0) {
3956  DetectAddress *one = gh->ipv6_head, *two = one->next,
3957  *three = two->next, *four = three->next,
3958  *five = four->next;
3959  if (one->ip.addr_data32[0] == 0x00000000 &&
3960  one->ip.addr_data32[1] == 0x00000000 &&
3961  one->ip.addr_data32[2] == 0x00000000 &&
3962  one->ip.addr_data32[3] == 0x00000000 &&
3963  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3964  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3965  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3966  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3967 
3968  two->ip.addr_data32[0] == SCNtohl(536870912) &&
3969  two->ip.addr_data32[1] == 0x00000000 &&
3970  two->ip.addr_data32[2] == 0x00000000 &&
3971  two->ip.addr_data32[3] == 0x00000000 &&
3972  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3973  two->ip2.addr_data32[1] == 0x00000000 &&
3974  two->ip2.addr_data32[2] == 0x00000000 &&
3975  two->ip2.addr_data32[3] == SCNtohl(3) &&
3976 
3977  three->ip.addr_data32[0] == SCNtohl(536936448) &&
3978  three->ip.addr_data32[1] == 0x00000000 &&
3979  three->ip.addr_data32[2] == 0x00000000 &&
3980  three->ip.addr_data32[3] == SCNtohl(4) &&
3981  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3982  three->ip2.addr_data32[1] == 0x00000000 &&
3983  three->ip2.addr_data32[2] == 0x00000000 &&
3984  three->ip2.addr_data32[3] == SCNtohl(6) &&
3985 
3986  four->ip.addr_data32[0] == SCNtohl(536936448) &&
3987  four->ip.addr_data32[1] == 0x00000000 &&
3988  four->ip.addr_data32[2] == 0x00000000 &&
3989  four->ip.addr_data32[3] == SCNtohl(7) &&
3990  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3991  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3992  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3993  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3994 
3995  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3996  five->ip.addr_data32[1] == 0x00000000 &&
3997  five->ip.addr_data32[2] == 0x00000000 &&
3998  five->ip.addr_data32[3] == 0x00000000 &&
3999  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4000  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4001  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4002  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4003  result = 1;
4004  }
4005  }
4006  }
4007  }
4008 
4010  }
4011  return result;
4012 }
4013 
4014 static int AddressTestAddressGroupSetup26(void)
4015 {
4016  int result = 0;
4018 
4019  if (gh != NULL) {
4020  int r = DetectAddressParse(NULL, gh, "::/0");
4021  if (r == 0) {
4022  r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
4023  if (r == 0) {
4024  r = DetectAddressParse(NULL, gh, "2001::/3");
4025  if (r == 0) {
4026  DetectAddress *one = gh->ipv6_head, *two = one->next,
4027  *three = two->next, *four = three->next,
4028  *five = four->next;
4029  if (one->ip.addr_data32[0] == 0x00000000 &&
4030  one->ip.addr_data32[1] == 0x00000000 &&
4031  one->ip.addr_data32[2] == 0x00000000 &&
4032  one->ip.addr_data32[3] == 0x00000000 &&
4033  one->ip2.addr_data32[0] == SCNtohl(536870911) &&
4034  one->ip2.addr_data32[1] == 0xFFFFFFFF &&
4035  one->ip2.addr_data32[2] == 0xFFFFFFFF &&
4036  one->ip2.addr_data32[3] == 0xFFFFFFFF &&
4037 
4038  two->ip.addr_data32[0] == SCNtohl(536870912) &&
4039  two->ip.addr_data32[1] == 0x00000000 &&
4040  two->ip.addr_data32[2] == 0x00000000 &&
4041  two->ip.addr_data32[3] == 0x00000000 &&
4042  two->ip2.addr_data32[0] == SCNtohl(536936448) &&
4043  two->ip2.addr_data32[1] == 0x00000000 &&
4044  two->ip2.addr_data32[2] == 0x00000000 &&
4045  two->ip2.addr_data32[3] == SCNtohl(3) &&
4046 
4047  three->ip.addr_data32[0] == SCNtohl(536936448) &&
4048  three->ip.addr_data32[1] == 0x00000000 &&
4049  three->ip.addr_data32[2] == 0x00000000 &&
4050  three->ip.addr_data32[3] == SCNtohl(4) &&
4051  three->ip2.addr_data32[0] == SCNtohl(536936448) &&
4052  three->ip2.addr_data32[1] == 0x00000000 &&
4053  three->ip2.addr_data32[2] == 0x00000000 &&
4054  three->ip2.addr_data32[3] == SCNtohl(6) &&
4055 
4056  four->ip.addr_data32[0] == SCNtohl(536936448) &&
4057  four->ip.addr_data32[1] == 0x00000000 &&
4058  four->ip.addr_data32[2] == 0x00000000 &&
4059  four->ip.addr_data32[3] == SCNtohl(7) &&
4060  four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
4061  four->ip2.addr_data32[1] == 0xFFFFFFFF &&
4062  four->ip2.addr_data32[2] == 0xFFFFFFFF &&
4063  four->ip2.addr_data32[3] == 0xFFFFFFFF &&
4064 
4065  five->ip.addr_data32[0] == SCNtohl(1073741824) &&
4066  five->ip.addr_data32[1] == 0x00000000 &&
4067  five->ip.addr_data32[2] == 0x00000000 &&
4068  five->ip.addr_data32[3] == 0x00000000 &&
4069  five->ip2.addr_data32[0] == 0xFFFFFFFF &&
4070  five->ip2.addr_data32[1] == 0xFFFFFFFF &&
4071  five->ip2.addr_data32[2] == 0xFFFFFFFF &&
4072  five->ip2.addr_data32[3] == 0xFFFFFFFF) {
4073  result = 1;
4074  }
4075  }
4076  }
4077  }
4078 
4080  }
4081  return result;
4082 }
4083 
4084 static int AddressTestAddressGroupSetup27(void)
4085 {
4086  int result = 0;
4088 
4089  if (gh != NULL) {
4090  int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
4091  if (r == 0)
4092  result = 1;
4093 
4095  }
4096  return result;
4097 }
4098 
4099 static int AddressTestAddressGroupSetup28(void)
4100 {
4101  int result = 0;
4103 
4104  if (gh != NULL) {
4105  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
4106  if (r == 0)
4107  result = 1;
4108 
4110  }
4111  return result;
4112 }
4113 
4114 static int AddressTestAddressGroupSetup29(void)
4115 {
4116  int result = 0;
4118 
4119  if (gh != NULL) {
4120  int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
4121  if (r == 0)
4122  result = 1;
4123 
4125  }
4126  return result;
4127 }
4128 
4129 static int AddressTestAddressGroupSetup30(void)
4130 {
4131  int result = 0;
4133 
4134  if (gh != NULL) {
4135  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
4136  if (r == 0)
4137  result = 1;
4138 
4140  }
4141  return result;
4142 }
4143 
4144 static int AddressTestAddressGroupSetup31(void)
4145 {
4146  int result = 0;
4148 
4149  if (gh != NULL) {
4150  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4151  if (r == 0)
4152  result = 1;
4153 
4155  }
4156  return result;
4157 }
4158 
4159 static int AddressTestAddressGroupSetup32(void)
4160 {
4161  int result = 0;
4163 
4164  if (gh != NULL) {
4165  int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4166  if (r == 0)
4167  result = 1;
4168 
4170  }
4171  return result;
4172 }
4173 
4174 static int AddressTestAddressGroupSetup33(void)
4175 {
4176  int result = 0;
4178 
4179  if (gh != NULL) {
4180  int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4181  if (r == 0)
4182  result = 1;
4183 
4185  }
4186  return result;
4187 }
4188 
4189 static int AddressTestAddressGroupSetup34(void)
4190 {
4191  int result = 0;
4193 
4194  if (gh != NULL) {
4195  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4196  if (r == 0)
4197  result = 1;
4198 
4200  }
4201  return result;
4202 }
4203 
4204 static int AddressTestAddressGroupSetup35(void)
4205 {
4206  int result = 0;
4208 
4209  if (gh != NULL) {
4210  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4211  if (r == 0)
4212  result = 1;
4213 
4215  }
4216  return result;
4217 }
4218 
4219 static int AddressTestAddressGroupSetup36 (void)
4220 {
4221  int result = 0;
4222 
4224  if (gh != NULL) {
4225  int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4226  if (r == 0)
4227  result = 1;
4228 
4230  }
4231  return result;
4232 }
4233 
4234 static int AddressTestAddressGroupSetup37(void)
4235 {
4236  int result = 0;
4238 
4239  if (gh != NULL) {
4240  int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4241  if (r == 0)
4242  result = 1;
4243 
4245  }
4246  return result;
4247 }
4248 
4249 static int AddressTestAddressGroupSetup38(void)
4250 {
4251  UTHValidateDetectAddressHeadRange expectations[3] = {
4252  { "0.0.0.0", "192.167.255.255" },
4253  { "192.168.14.0", "192.168.14.255" },
4254  { "192.169.0.0", "255.255.255.255" } };
4255  int result = 0;
4257 
4258  if (gh != NULL) {
4259  int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4260  if (r == 0) {
4261  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4262  result = 1;
4263  }
4264 
4266  }
4267  return result;
4268 }
4269 
4270 static int AddressTestAddressGroupSetup39(void)
4271 {
4272  UTHValidateDetectAddressHeadRange expectations[3] = {
4273  { "0.0.0.0", "192.167.255.255" },
4274  { "192.168.14.0", "192.168.14.255" },
4275  { "192.169.0.0", "255.255.255.255" } };
4276  int result = 0;
4278 
4279  if (gh != NULL) {
4280  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4281  if (r == 0) {
4282  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4283  result = 1;
4284  }
4285 
4287  }
4288  return result;
4289 }
4290 
4291 static int AddressTestAddressGroupSetup40(void)
4292 {
4293  UTHValidateDetectAddressHeadRange expectations[3] = {
4294  { "0.0.0.0", "192.167.255.255" },
4295  { "192.168.14.0", "192.168.14.255" },
4296  { "192.169.0.0", "255.255.255.255" } };
4297  int result = 0;
4299  if (gh != NULL) {
4300  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4301  if (r == 0) {
4302  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4303  result = 1;
4304  }
4305 
4307  }
4308  return result;
4309 }
4310 
4311 static int AddressTestAddressGroupSetup41(void)
4312 {
4313  UTHValidateDetectAddressHeadRange expectations[3] = {
4314  { "0.0.0.0", "192.167.255.255" },
4315  { "192.168.14.0", "192.168.14.255" },
4316  { "192.169.0.0", "255.255.255.255" } };
4317  int result = 0;
4319  if (gh != NULL) {
4320  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4321  if (r == 0) {
4322  if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE)
4323  result = 1;
4324  }
4325 
4327  }
4328  return result;
4329 }
4330 
4331 static int AddressTestAddressGroupSetup42(void)
4332 {
4333  UTHValidateDetectAddressHeadRange expectations[1] = {
4334  { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4335  int result = 0;
4337  if (gh != NULL) {
4338  int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4339  if (r == 0) {
4340  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4341  result = 1;
4342  }
4343 
4345  }
4346  return result;
4347 }
4348 
4349 static int AddressTestAddressGroupSetup43(void)
4350 {
4351  UTHValidateDetectAddressHeadRange expectations[2] = {
4352  { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4353  { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4354  int result = 0;
4356  if (gh != NULL) {
4357  int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4358  if (r == 0) {
4359  if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE)
4360  result = 1;
4361  }
4362 
4364  }
4365  return result;
4366 }
4367 
4368 static int AddressTestAddressGroupSetup44(void)
4369 {
4370  UTHValidateDetectAddressHeadRange expectations[2] = {
4371  { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4372  int result = 0;
4374  if (gh != NULL) {
4375  int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4376  if (r == 0) {
4377  if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE)
4378  result = 1;
4379  }
4380 
4382  }
4383  return result;
4384 }
4385 
4386 static int AddressTestAddressGroupSetup45(void)
4387 {
4388  int result = 0;
4390  if (gh != NULL) {
4391  int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4392  if (r != 0) {
4393  result = 1;
4394  }
4395 
4397  }
4398  return result;
4399 }
4400 
4401 static int AddressTestAddressGroupSetup46(void)
4402 {
4403  UTHValidateDetectAddressHeadRange expectations[4] = {
4404  { "0.0.0.0", "192.167.255.255" },
4405  { "192.168.1.0", "192.168.1.255" },
4406  { "192.168.3.0", "192.168.3.255" },
4407  { "192.169.0.0", "255.255.255.255" } };
4408  int result = 0;
4410  if (gh != NULL) {
4411  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4412  if (r == 0) {
4413  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4414  result = 1;
4415  }
4416 
4418  }
4419  return result;
4420 }
4421 
4422 /** \test net with some negations, then all negated */
4423 static int AddressTestAddressGroupSetup47(void)
4424 {
4425  UTHValidateDetectAddressHeadRange expectations[5] = {
4426  { "0.0.0.0", "192.167.255.255" },
4427  { "192.168.1.0", "192.168.1.255" },
4428  { "192.168.3.0", "192.168.3.255" },
4429  { "192.168.5.0", "192.168.5.255" },
4430  { "192.169.0.0", "255.255.255.255" } };
4431  int result = 0;
4433  if (gh != NULL) {
4434  int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4435  if (r == 0) {
4436  if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE)
4437  result = 1;
4438  }
4439 
4441  }
4442  return result;
4443 }
4444 
4445 /** \test same as AddressTestAddressGroupSetup47, but not negated */
4446 static int AddressTestAddressGroupSetup48(void)
4447 {
4448  UTHValidateDetectAddressHeadRange expectations[4] = {
4449  { "192.168.0.0", "192.168.0.255" },
4450  { "192.168.2.0", "192.168.2.255" },
4451  { "192.168.4.0", "192.168.4.255" },
4452  { "192.168.6.0", "192.168.255.255" } };
4453  int result = 0;
4455  if (gh != NULL) {
4456  int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4457  if (r == 0) {
4458  if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE)
4459  result = 1;
4460  }
4461 
4463  }
4464  return result;
4465 }
4466 
4467 static int AddressTestCutIPv401(void)
4468 {
4469  DetectAddress *a, *b, *c;
4470  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4471  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4472 
4473  if (DetectAddressCut(NULL, a, b, &c) == -1)
4474  goto error;
4475 
4476  DetectAddressFree(a);
4477  DetectAddressFree(b);
4478  DetectAddressFree(c);
4479  return 1;
4480 
4481 error:
4482  DetectAddressFree(a);
4483  DetectAddressFree(b);
4484  DetectAddressFree(c);
4485  return 0;
4486 }
4487 
4488 static int AddressTestCutIPv402(void)
4489 {
4490  DetectAddress *a, *b, *c;
4491  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4492  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4493 
4494  if (DetectAddressCut(NULL, a, b, &c) == -1)
4495  goto error;
4496 
4497  if (c == NULL)
4498  goto error;
4499 
4500  DetectAddressFree(a);
4501  DetectAddressFree(b);
4502  DetectAddressFree(c);
4503  return 1;
4504 
4505 error:
4506  DetectAddressFree(a);
4507  DetectAddressFree(b);
4508  DetectAddressFree(c);
4509  return 0;
4510 }
4511 
4512 static int AddressTestCutIPv403(void)
4513 {
4514  DetectAddress *a, *b, *c;
4515  a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4516  b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4517 
4518  if (DetectAddressCut(NULL, a, b, &c) == -1)
4519  goto error;
4520 
4521  if (c == NULL)
4522  goto error;
4523 
4524  if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4525  goto error;
4526  if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4527  goto error;
4528  if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4529  goto error;
4530 
4531  DetectAddressFree(a);
4532  DetectAddressFree(b);
4533  DetectAddressFree(c);
4534  return 1;
4535 
4536 error:
4537  DetectAddressFree(a);
4538  DetectAddressFree(b);
4539  DetectAddressFree(c);
4540  return 0;
4541 }
4542 
4543 static int AddressTestCutIPv404(void)
4544 {
4545  DetectAddress *a, *b, *c;
4546  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4547  b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4548 
4549  if (DetectAddressCut(NULL, a, b, &c) == -1)
4550  goto error;
4551 
4552  if (c == NULL)
4553  goto error;
4554 
4555  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4556  goto error;
4557  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4558  goto error;
4559  if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4560  goto error;
4561 
4562 
4563  DetectAddressFree(a);
4564  DetectAddressFree(b);
4565  DetectAddressFree(c);
4566  return 1;
4567 
4568 error:
4569  DetectAddressFree(a);
4570  DetectAddressFree(b);
4571  DetectAddressFree(c);
4572  return 0;
4573 }
4574 
4575 static int AddressTestCutIPv405(void)
4576 {
4577  DetectAddress *a, *b, *c;
4578  a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4579  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4580 
4581  if (DetectAddressCut(NULL, a, b, &c) == -1)
4582  goto error;
4583 
4584  if (c == NULL)
4585  goto error;
4586 
4587  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4588  goto error;
4589  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4590  goto error;
4591  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4592  goto error;
4593 
4594  DetectAddressFree(a);
4595  DetectAddressFree(b);
4596  DetectAddressFree(c);
4597  return 1;
4598 
4599 error:
4600  DetectAddressFree(a);
4601  DetectAddressFree(b);
4602  DetectAddressFree(c);
4603  return 0;
4604 }
4605 
4606 static int AddressTestCutIPv406(void)
4607 {
4608  DetectAddress *a, *b, *c;
4609  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4610  b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4611 
4612  if (DetectAddressCut(NULL, a, b, &c) == -1)
4613  goto error;
4614 
4615  if (c == NULL)
4616  goto error;
4617 
4618  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4619  goto error;
4620  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4621  goto error;
4622  if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4623  goto error;
4624 
4625  DetectAddressFree(a);
4626  DetectAddressFree(b);
4627  DetectAddressFree(c);
4628  return 1;
4629 
4630 error:
4631  DetectAddressFree(a);
4632  DetectAddressFree(b);
4633  DetectAddressFree(c);
4634  return 0;
4635 }
4636 
4637 static int AddressTestCutIPv407(void)
4638 {
4639  DetectAddress *a, *b, *c;
4640  a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4641  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4642 
4643  if (DetectAddressCut(NULL, a, b, &c) == -1)
4644  goto error;
4645 
4646  if (c != NULL)
4647  goto error;
4648 
4649  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4650  goto error;
4651  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4652  goto error;
4653 
4654  DetectAddressFree(a);
4655  DetectAddressFree(b);
4656  DetectAddressFree(c);
4657  return 1;
4658 
4659 error:
4660  DetectAddressFree(a);
4661  DetectAddressFree(b);
4662  DetectAddressFree(c);
4663  return 0;
4664 }
4665 
4666 static int AddressTestCutIPv408(void)
4667 {
4668  DetectAddress *a, *b, *c;
4669  a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4670  b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4671 
4672  if (DetectAddressCut(NULL, a, b, &c) == -1)
4673  goto error;
4674 
4675  if (c != NULL)
4676  goto error;
4677 
4678  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4679  goto error;
4680  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4681  goto error;
4682 
4683  DetectAddressFree(a);
4684  DetectAddressFree(b);
4685  DetectAddressFree(c);
4686  return 1;
4687 
4688 error:
4689  DetectAddressFree(a);
4690  DetectAddressFree(b);
4691  DetectAddressFree(c);
4692  return 0;
4693 }
4694 
4695 static int AddressTestCutIPv409(void)
4696 {
4697  DetectAddress *a, *b, *c;
4698  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4699  b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4700 
4701  if (DetectAddressCut(NULL, a, b, &c) == -1)
4702  goto error;
4703 
4704  if (c != NULL)
4705  goto error;
4706 
4707  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4708  goto error;
4709  if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4710  goto error;
4711 
4712  DetectAddressFree(a);
4713  DetectAddressFree(b);
4714  DetectAddressFree(c);
4715  return 1;
4716 
4717 error:
4718  DetectAddressFree(a);
4719  DetectAddressFree(b);
4720  DetectAddressFree(c);
4721  return 0;
4722 }
4723 
4724 static int AddressTestCutIPv410(void)
4725 {
4726  DetectAddress *a, *b, *c;
4727  a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4728  b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4729 
4730  if (DetectAddressCut(NULL, a, b, &c) == -1)
4731  goto error;
4732 
4733  if (c != NULL)
4734  goto error;
4735 
4736  if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4737  goto error;
4738  if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4739  goto error;
4740 
4741  printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4742 
4743  DetectAddressFree(a);
4744  DetectAddressFree(b);
4745  DetectAddressFree(c);
4746  return 1;
4747 
4748 error:
4749  DetectAddressFree(a);
4750  DetectAddressFree(b);
4751  DetectAddressFree(c);
4752  return 0;
4753 }
4754 
4755 static int AddressTestParseInvalidMask01(void)
4756 {
4757  int result = 1;
4758  DetectAddress *dd = NULL;
4759 
4760  dd = DetectAddressParseSingle("192.168.2.0/33");
4761  if (dd != NULL) {
4762  DetectAddressFree(dd);
4763  result = 0;
4764  }
4765  return result;
4766 }
4767 
4768 static int AddressTestParseInvalidMask02(void)
4769 {
4770  int result = 1;
4771  DetectAddress *dd = NULL;
4772 
4773  dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4774  if (dd != NULL) {
4775  DetectAddressFree(dd);
4776  result = 0;
4777  }
4778  return result;
4779 }
4780 
4781 static int AddressTestParseInvalidMask03(void)
4782 {
4783  int result = 1;
4784  DetectAddress *dd = NULL;
4785 
4786  dd = DetectAddressParseSingle("192.168.2.0/blue");
4787  if (dd != NULL) {
4788  DetectAddressFree(dd);
4789  result = 0;
4790  }
4791  return result;
4792 }
4793 
4794 static int AddressConfVarsTest01(void)
4795 {
4796  static const char *dummy_conf_string =
4797  "%YAML 1.1\n"
4798  "---\n"
4799  "\n"
4800  "vars:\n"
4801  "\n"
4802  " address-groups:\n"
4803  "\n"
4804  " HOME_NET: \"any\"\n"
4805  "\n"
4806  " EXTERNAL_NET: \"!any\"\n"
4807  "\n"
4808  " port-groups:\n"
4809  "\n"
4810  " HTTP_PORTS: \"any\"\n"
4811  "\n"
4812  " SHELLCODE_PORTS: \"!any\"\n"
4813  "\n";
4814 
4815  int result = 0;
4816 
4818  ConfInit();
4819  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4820 
4822  result = 1;
4823 
4824  ConfDeInit();
4826 
4827  return result;
4828 }
4829 
4830 static int AddressConfVarsTest02(void)
4831 {
4832  static const char *dummy_conf_string =
4833  "%YAML 1.1\n"
4834  "---\n"
4835  "\n"
4836  "vars:\n"
4837  "\n"
4838  " address-groups:\n"
4839  "\n"
4840  " HOME_NET: \"any\"\n"
4841  "\n"
4842  " EXTERNAL_NET: \"any\"\n"
4843  "\n"
4844  " port-groups:\n"
4845  "\n"
4846  " HTTP_PORTS: \"any\"\n"
4847  "\n"
4848  " SHELLCODE_PORTS: \"!any\"\n"
4849  "\n";
4850 
4851  int result = 0;
4852 
4854  ConfInit();
4855  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4856 
4858  result = 1;
4859 
4860  ConfDeInit();
4862 
4863  return result;
4864 }
4865 
4866 static int AddressConfVarsTest03(void)
4867 {
4868  static const char *dummy_conf_string =
4869  "%YAML 1.1\n"
4870  "---\n"
4871  "\n"
4872  "vars:\n"
4873  "\n"
4874  " address-groups:\n"
4875  "\n"
4876  " HOME_NET: \"any\"\n"
4877  "\n"
4878  " EXTERNAL_NET: \"!$HOME_NET\"\n"
4879  "\n"
4880  " port-groups:\n"
4881  "\n"
4882  " HTTP_PORTS: \"any\"\n"
4883  "\n"
4884  " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4885  "\n";
4886 
4887  int result = 0;
4888 
4890  ConfInit();
4891  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4892 
4894  result = 1;
4895 
4896  ConfDeInit();
4898 
4899  return result;
4900 }
4901 
4902 static int AddressConfVarsTest04(void)
4903 {
4904  static const char *dummy_conf_string =
4905  "%YAML 1.1\n"
4906  "---\n"
4907  "\n"
4908  "vars:\n"
4909  "\n"
4910  " address-groups:\n"
4911  "\n"
4912  " HOME_NET: \"any\"\n"
4913  "\n"
4914  " EXTERNAL_NET: \"$HOME_NET\"\n"
4915  "\n"
4916  " port-groups:\n"
4917  "\n"
4918  " HTTP_PORTS: \"any\"\n"
4919  "\n"
4920  " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4921  "\n";
4922 
4923  int result = 0;
4924 
4926  ConfInit();
4927  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4928 
4930  result = 1;
4931 
4932  ConfDeInit();
4934 
4935  return result;
4936 }
4937 
4938 static int AddressConfVarsTest05(void)
4939 {
4940  static const char *dummy_conf_string =
4941  "%YAML 1.1\n"
4942  "---\n"
4943  "\n"
4944  "vars:\n"
4945  "\n"
4946  " address-groups:\n"
4947  "\n"
4948  " HOME_NET: \"any\"\n"
4949  "\n"
4950  " EXTERNAL_NET: [192.168.0.1]\n"
4951  "\n"
4952  " port-groups:\n"
4953  "\n"
4954  " HTTP_PORTS: \"any\"\n"
4955  "\n"
4956  " SHELLCODE_PORTS: [80]\n"
4957  "\n";
4958 
4959  int result = 0;
4960 
4962  ConfInit();
4963  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4964 
4965  if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1)
4966  goto end;
4967 
4968  result = 1;
4969 
4970  end:
4971  ConfDeInit();
4973 
4974  return result;
4975 }
4976 
4977 #endif /* UNITTESTS */
4978 
4980 {
4981 #ifdef UNITTESTS
4984 
4985  UtRegisterTest("AddressTestParse01", AddressTestParse01);
4986  UtRegisterTest("AddressTestParse02", AddressTestParse02);
4987  UtRegisterTest("AddressTestParse03", AddressTestParse03);
4988  UtRegisterTest("AddressTestParse04", AddressTestParse04);
4989  UtRegisterTest("AddressTestParse05", AddressTestParse05);
4990  UtRegisterTest("AddressTestParse06", AddressTestParse06);
4991  UtRegisterTest("AddressTestParse07", AddressTestParse07);
4992  UtRegisterTest("AddressTestParse08", AddressTestParse08);
4993  UtRegisterTest("AddressTestParse09", AddressTestParse09);
4994  UtRegisterTest("AddressTestParse10", AddressTestParse10);
4995  UtRegisterTest("AddressTestParse11", AddressTestParse11);
4996  UtRegisterTest("AddressTestParse12", AddressTestParse12);
4997  UtRegisterTest("AddressTestParse13", AddressTestParse13);
4998  UtRegisterTest("AddressTestParse14", AddressTestParse14);
4999  UtRegisterTest("AddressTestParse15", AddressTestParse15);
5000  UtRegisterTest("AddressTestParse16", AddressTestParse16);
5001  UtRegisterTest("AddressTestParse17", AddressTestParse17);
5002  UtRegisterTest("AddressTestParse18", AddressTestParse18);
5003  UtRegisterTest("AddressTestParse19", AddressTestParse19);
5004  UtRegisterTest("AddressTestParse20", AddressTestParse20);
5005  UtRegisterTest("AddressTestParse21", AddressTestParse21);
5006  UtRegisterTest("AddressTestParse22", AddressTestParse22);
5007  UtRegisterTest("AddressTestParse23", AddressTestParse23);
5008  UtRegisterTest("AddressTestParse24", AddressTestParse24);
5009  UtRegisterTest("AddressTestParse25", AddressTestParse25);
5010  UtRegisterTest("AddressTestParse26", AddressTestParse26);
5011  UtRegisterTest("AddressTestParse27", AddressTestParse27);
5012  UtRegisterTest("AddressTestParse28", AddressTestParse28);
5013  UtRegisterTest("AddressTestParse29", AddressTestParse29);
5014  UtRegisterTest("AddressTestParse30", AddressTestParse30);
5015  UtRegisterTest("AddressTestParse31", AddressTestParse31);
5016  UtRegisterTest("AddressTestParse32", AddressTestParse32);
5017  UtRegisterTest("AddressTestParse33", AddressTestParse33);
5018  UtRegisterTest("AddressTestParse34", AddressTestParse34);
5019  UtRegisterTest("AddressTestParse35", AddressTestParse35);
5020  UtRegisterTest("AddressTestParse36", AddressTestParse36);
5021  UtRegisterTest("AddressTestParse37", AddressTestParse37);
5022 
5023  UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5024  UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5025  UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5026  UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5027  UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5028  UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5029  UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5030  UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5031  UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5032  UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5033  UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5034 
5035  UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5036  UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5037  UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5038  UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5039  UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5040  UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5041  UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5042  UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5043 
5044  UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5045  UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5046  UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5047  UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5048  UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5049  UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5050 
5051  UtRegisterTest("AddressTestAddressGroupSetup01",
5052  AddressTestAddressGroupSetup01);
5053  UtRegisterTest("AddressTestAddressGroupSetup02",
5054  AddressTestAddressGroupSetup02);
5055  UtRegisterTest("AddressTestAddressGroupSetup03",
5056  AddressTestAddressGroupSetup03);
5057  UtRegisterTest("AddressTestAddressGroupSetup04",
5058  AddressTestAddressGroupSetup04);
5059  UtRegisterTest("AddressTestAddressGroupSetup05",
5060  AddressTestAddressGroupSetup05);
5061  UtRegisterTest("AddressTestAddressGroupSetup06",
5062  AddressTestAddressGroupSetup06);
5063  UtRegisterTest("AddressTestAddressGroupSetup07",
5064  AddressTestAddressGroupSetup07);
5065  UtRegisterTest("AddressTestAddressGroupSetup08",
5066  AddressTestAddressGroupSetup08);
5067  UtRegisterTest("AddressTestAddressGroupSetup09",
5068  AddressTestAddressGroupSetup09);
5069  UtRegisterTest("AddressTestAddressGroupSetup10",
5070  AddressTestAddressGroupSetup10);
5071  UtRegisterTest("AddressTestAddressGroupSetup11",
5072  AddressTestAddressGroupSetup11);
5073  UtRegisterTest("AddressTestAddressGroupSetup12",
5074  AddressTestAddressGroupSetup12);
5075  UtRegisterTest("AddressTestAddressGroupSetup13",
5076  AddressTestAddressGroupSetup13);
5077  UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5078  AddressTestAddressGroupSetupIPv414);
5079  UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5080  AddressTestAddressGroupSetupIPv415);
5081  UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5082  AddressTestAddressGroupSetupIPv416);
5083 
5084  UtRegisterTest("AddressTestAddressGroupSetup14",
5085  AddressTestAddressGroupSetup14);
5086  UtRegisterTest("AddressTestAddressGroupSetup15",
5087  AddressTestAddressGroupSetup15);
5088  UtRegisterTest("AddressTestAddressGroupSetup16",
5089  AddressTestAddressGroupSetup16);
5090  UtRegisterTest("AddressTestAddressGroupSetup17",
5091  AddressTestAddressGroupSetup17);
5092  UtRegisterTest("AddressTestAddressGroupSetup18",
5093  AddressTestAddressGroupSetup18);
5094  UtRegisterTest("AddressTestAddressGroupSetup19",
5095  AddressTestAddressGroupSetup19);
5096  UtRegisterTest("AddressTestAddressGroupSetup20",
5097  AddressTestAddressGroupSetup20);
5098  UtRegisterTest("AddressTestAddressGroupSetup21",
5099  AddressTestAddressGroupSetup21);
5100  UtRegisterTest("AddressTestAddressGroupSetup22",
5101  AddressTestAddressGroupSetup22);
5102  UtRegisterTest("AddressTestAddressGroupSetup23",
5103  AddressTestAddressGroupSetup23);
5104  UtRegisterTest("AddressTestAddressGroupSetup24",
5105  AddressTestAddressGroupSetup24);
5106  UtRegisterTest("AddressTestAddressGroupSetup25",
5107  AddressTestAddressGroupSetup25);
5108  UtRegisterTest("AddressTestAddressGroupSetup26",
5109  AddressTestAddressGroupSetup26);
5110 
5111  UtRegisterTest("AddressTestAddressGroupSetup27",
5112  AddressTestAddressGroupSetup27);
5113  UtRegisterTest("AddressTestAddressGroupSetup28",
5114  AddressTestAddressGroupSetup28);
5115  UtRegisterTest("AddressTestAddressGroupSetup29",
5116  AddressTestAddressGroupSetup29);
5117  UtRegisterTest("AddressTestAddressGroupSetup30",
5118  AddressTestAddressGroupSetup30);
5119  UtRegisterTest("AddressTestAddressGroupSetup31",
5120  AddressTestAddressGroupSetup31);
5121  UtRegisterTest("AddressTestAddressGroupSetup32",
5122  AddressTestAddressGroupSetup32);
5123  UtRegisterTest("AddressTestAddressGroupSetup33",
5124  AddressTestAddressGroupSetup33);
5125  UtRegisterTest("AddressTestAddressGroupSetup34",
5126  AddressTestAddressGroupSetup34);
5127  UtRegisterTest("AddressTestAddressGroupSetup35",
5128  AddressTestAddressGroupSetup35);
5129  UtRegisterTest("AddressTestAddressGroupSetup36",
5130  AddressTestAddressGroupSetup36);
5131  UtRegisterTest("AddressTestAddressGroupSetup37",
5132  AddressTestAddressGroupSetup37);
5133  UtRegisterTest("AddressTestAddressGroupSetup38",
5134  AddressTestAddressGroupSetup38);
5135  UtRegisterTest("AddressTestAddressGroupSetup39",
5136  AddressTestAddressGroupSetup39);
5137  UtRegisterTest("AddressTestAddressGroupSetup40",
5138  AddressTestAddressGroupSetup40);
5139  UtRegisterTest("AddressTestAddressGroupSetup41",
5140  AddressTestAddressGroupSetup41);
5141  UtRegisterTest("AddressTestAddressGroupSetup42",
5142  AddressTestAddressGroupSetup42);
5143  UtRegisterTest("AddressTestAddressGroupSetup43",
5144  AddressTestAddressGroupSetup43);
5145  UtRegisterTest("AddressTestAddressGroupSetup44",
5146  AddressTestAddressGroupSetup44);
5147  UtRegisterTest("AddressTestAddressGroupSetup45",
5148  AddressTestAddressGroupSetup45);
5149  UtRegisterTest("AddressTestAddressGroupSetup46",
5150  AddressTestAddressGroupSetup46);
5151  UtRegisterTest("AddressTestAddressGroupSetup47",
5152  AddressTestAddressGroupSetup47);
5153  UtRegisterTest("AddressTestAddressGroupSetup48",
5154  AddressTestAddressGroupSetup48);
5155 
5156  UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5157  UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5158  UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5159  UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5160  UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5161  UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5162  UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5163  UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5164  UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5165  UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5166 
5167  UtRegisterTest("AddressTestParseInvalidMask01",
5168  AddressTestParseInvalidMask01);
5169  UtRegisterTest("AddressTestParseInvalidMask02",
5170  AddressTestParseInvalidMask02);
5171  UtRegisterTest("AddressTestParseInvalidMask03",
5172  AddressTestParseInvalidMask03);
5173 
5174  UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5175  UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5176  UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5177  UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5178  UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5179 #endif /* UNITTESTS */
5180 }
int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, DetectAddress *new)
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigG...
#define COPY_ADDRESS(a, b)
Definition: decode.h:124
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t ip2[4]
Definition: detect.h:174
void DetectAddressCleanupList(DetectAddress *head)
Frees a list of DetectAddress instances.
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition: util-var.c:162
int DetectAddressParseString(DetectAddress *dd, const char *str)
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
struct DetectAddress_ * prev
Definition: detect.h:152
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
int AddressIPv6Ge(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
#define BUG_ON(x)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string)
#define FALSE
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
uint32_t CIDRGet(int cidr)
Definition: util-cidr.c:43
#define unlikely(expr)
Definition: util-optimize.h:35
Address ip
Definition: detect.h:145
address structure for use in the detection engine.
Definition: detect.h:143
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
void DetectAddressHeadFree(DetectAddressHead *gh)
Frees a DetectAddressHead instance.
union Address_::@48 address
DetectAddress * DetectAddressCopy(DetectAddress *orig)
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAdd...
int DetectAddressMatch(DetectAddress *dd, Address *a)
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance...
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
uint32_t ip[4]
Definition: detect.h:173
struct DetectAddressMap_ DetectAddressMap
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
char * val
Definition: conf.h:34
Flow * head
Definition: flow-hash.h:102
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
DetectAddress * DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr)
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
#define TRUE
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
main detection engine ctx
Definition: detect.h:720
DetectAddress * any_head
Definition: detect.h:159
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
struct DetectAddress_ * next
Definition: detect.h:154
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:205
HashListTable * address_table
Definition: detect.h:870
uint8_t flags
Definition: detect.h:149
char family
Definition: decode.h:110
void DetectAddressPrintList(DetectAddress *head)
Prints the address data information for all the DetectAddress instances in the DetectAddress list sen...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
int DetectAddressTestConfVars(void)
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
Address ip2
Definition: detect.h:146
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hashlist.c:35
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * ipv4_head
Definition: detect.h:160
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:267
#define SCReturnInt(x)
Definition: util-debug.h:341
#define SCNtohl(x)
#define ADDRESS_FLAG_ANY
Definition: detect.h:136
#define ADDRESS_FLAG_NOT
Definition: detect.h:137
int AddressIPv6Le(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the 3 address group heads(any, ipv4 and ipv6) inside ...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
Definition: conf.h:32
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
#define SCMalloc(a)
Definition: util-mem.h:174
void DetectAddressIPv6Tests(void)
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
#define SCFree(a)
Definition: util-mem.h:236
PoolThreadReserved res
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
uint8_t address
Definition: decode-ppp.h:311
void DetectAddressPrint(DetectAddress *)
Prints the address data held by the DetectAddress. If the address data family is any, we print "ANY". If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectPortTestConfVars(void)
char * name
Definition: conf.h:33
void DetectAddressTests(void)
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Extends a target address range if the the source address range is wider than the target address range...
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source)
Join two addresses groups together.
uint32_t array_size
Definition: util-hashlist.h:41
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - &#39;not&#39; match)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:220
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
DetectAddressHead * DetectAddressHeadInit(void)
Returns a new instance of DetectAddressHead.
void HashListTableFree(HashListTable *ht)
Definition: util-hashlist.c:82
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressAdd(DetectAddress **head, DetectAddress *ag)
Do a sorted insert, where the top of the list should be the biggest network/range.
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:327
DetectAddressHead * address
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
void DetectAddressIPv4Tests(void)
DetectAddress * ipv6_head
Definition: detect.h:161
int AddressIPv6Gt(Address *a, Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition: util-var.c:133