suricata
detect-engine-address.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 *
23 * Address part of the detection engine.
24 */
25
26#include "suricata-common.h"
27#include "decode.h"
28#include "detect.h"
29#include "flow-var.h"
30
31#include "util-cidr.h"
32#include "util-unittest.h"
33#include "util-rule-vars.h"
34#include "conf.h"
35#include "conf-yaml-loader.h"
36
41#include "detect-engine-port.h"
42
43#include "util-debug.h"
44#include "util-byte.h"
45#include "util-print.h"
46#include "util-var.h"
47
48/* prototypes */
49#ifdef DEBUG
51#else
52#define DetectAddressPrint(...)
53#endif
54static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
55static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *,
56 DetectAddress **);
57static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
58 DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
59 int recur);
60
62
63/**
64 * \brief Creates and returns a new instance of a DetectAddress.
65 *
66 * \retval ag Pointer to the newly created DetectAddress on success;
67 * NULL on failure.
68 */
70{
71 DetectAddress *ag = SCCalloc(1, sizeof(DetectAddress));
72 if (unlikely(ag == NULL))
73 return NULL;
74 return ag;
75}
76
77/**
78 * \brief Frees a DetectAddress instance.
79 *
80 * \param ag Pointer to the DetectAddress instance to be freed.
81 */
83{
84 if (ag == NULL)
85 return;
86
87 SCFree(ag);
88}
89
90/**
91 * \internal
92 * \brief Returns a new instance of DetectAddressHead.
93 *
94 * \retval gh Pointer to the new instance of DetectAddressHead.
95 */
96static DetectAddressHead *DetectAddressHeadInit(void)
97{
99 if (unlikely(gh == NULL))
100 return NULL;
101 return gh;
102}
103
104/**
105 * \internal
106 * \brief Frees a DetectAddressHead instance.
107 *
108 * \param gh Pointer to the DetectAddressHead instance to be freed.
109 */
110static void DetectAddressHeadFree(DetectAddressHead *gh)
111{
112 if (gh != NULL) {
114 SCFree(gh);
115 }
116}
117
118/**
119 * \brief copy a DetectAddress
120 *
121 * \param orig Pointer to the instance of DetectAddress that contains the
122 * address data to be copied to the new instance.
123 *
124 * \retval ag Pointer to the new instance of DetectAddress that contains the
125 * copied address.
126 */
128{
130 if (ag == NULL)
131 return NULL;
132
133 ag->flags = orig->flags;
134 COPY_ADDRESS(&orig->ip, &ag->ip);
135 COPY_ADDRESS(&orig->ip2, &ag->ip2);
136 return ag;
137}
138
139/**
140 * \internal
141 * \brief Frees a list of DetectAddress instances.
142 *
143 * \param head Pointer to a list of DetectAddress instances to be freed.
144 */
145static void DetectAddressCleanupList(DetectAddress *head)
146{
147 for (DetectAddress *cur = head; cur != NULL; ) {
148 DetectAddress *next = cur->next;
149 cur->next = NULL;
151 cur = next;
152 }
153}
154
155/**
156 * \internal
157 * \brief Helper function for DetectAddressInsert. Sets one of the
158 * DetectAddressHead head pointers, to the DetectAddress argument
159 * based on its address family.
160 *
161 * \param gh Pointer to the DetectAddressHead.
162 * \param newhead Pointer to the DetectAddress.
163 *
164 * \retval 0 On success.
165 * \retval -1 On failure.
166 */
167static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead)
168{
169 if (newhead->ip.family == AF_INET) {
170 gh->ipv4_head = newhead;
171 } else if (newhead->ip.family == AF_INET6) {
172 gh->ipv6_head = newhead;
173 } else {
174 SCLogDebug("newhead->family %u not supported", newhead->ip.family);
175 return -1;
176 }
177
178 return 0;
179}
180
181/**
182 * \internal
183 * \brief Returns the DetectAddress head from the DetectAddressHeads,
184 * based on the address family of the incoming DetectAddress arg.
185 *
186 * \param gh Pointer to the DetectAddressHead.
187 * \param new Pointer to the DetectAddress.
188 *
189 * \retval head Pointer to the DetectAddress(the head from
190 * DetectAddressHead).
191 */
192static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new)
193{
194 DetectAddress *head = NULL;
195
196 if (new->ip.family == AF_INET)
197 head = gh->ipv4_head;
198 else if (new->ip.family == AF_INET6)
199 head = gh->ipv6_head;
200
201 return head;
202}
203
204/**
205 * \internal
206 * \brief insert DetectAddress into a DetectAddressHead
207 *
208 * \param de_ctx Pointer to the detection engine context.
209 * \param gh Pointer to the DetectAddressHead list to which it has to
210 * be inserted.
211 * \param new Pointer to the DetectAddress, that has to be inserted.
212 *
213 * \retval 1 On successfully inserting it.
214 * \retval -1 On error.
215 * \retval 0 Not inserted, memory of new is freed.
216 */
217static int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
218 DetectAddress *new)
219{
220 DetectAddress *head = NULL;
221 DetectAddress *cur = NULL;
222 DetectAddress *c = NULL;
223 int r = 0;
224
225 if (new == NULL)
226 return 0;
227
228 /* get our head ptr based on the address we want to insert */
229 head = GetHeadPtr(gh, new);
230
231 /* see if it already exists or overlaps with existing ag's */
232 if (head != NULL) {
233 cur = NULL;
234
235 for (cur = head; cur != NULL; cur = cur->next) {
236 r = DetectAddressCmp(new, cur);
237 BUG_ON(r == ADDRESS_ER);
238
239 /* if so, handle that */
240 if (r == ADDRESS_EQ) {
241 /* exact overlap/match */
242 if (cur != new) {
244 return 0;
245 }
246
247 return 1;
248 } else if (r == ADDRESS_GT) {
249 /* only add it now if we are bigger than the last group.
250 * Otherwise we'll handle it later. */
251 if (cur->next == NULL) {
252 /* put in the list */
253 new->prev = cur;
254 cur->next = new;
255
256 return 1;
257 }
258 } else if (r == ADDRESS_LT) {
259 /* see if we need to insert the ag anywhere put in the list */
260 if (cur->prev != NULL)
261 cur->prev->next = new;
262 new->prev = cur->prev;
263 new->next = cur;
264 cur->prev = new;
265
266 /* update head if required */
267 if (head == cur) {
268 head = new;
269
270 if (SetHeadPtr(gh, head) < 0)
271 goto error;
272 }
273
274 return 1;
275 /* alright, those were the simple cases, lets handle the more
276 * complex ones now */
277 } else if (r == ADDRESS_ES) {
278 c = NULL;
279 r = DetectAddressCut(de_ctx, cur, new, &c);
280 if (r == -1)
281 goto error;
282
283 DetectAddressInsert(de_ctx, gh, new);
284 if (c != NULL)
285 DetectAddressInsert(de_ctx, gh, c);
286
287 return 1;
288 } else if (r == ADDRESS_EB) {
289 c = NULL;
290 r = DetectAddressCut(de_ctx, cur, new, &c);
291 if (r == -1)
292 goto error;
293
294 DetectAddressInsert(de_ctx, gh, new);
295 if (c != NULL)
296 DetectAddressInsert(de_ctx, gh, c);
297
298 return 1;
299 } else if (r == ADDRESS_LE) {
300 c = NULL;
301 r = DetectAddressCut(de_ctx, cur, new, &c);
302 if (r == -1)
303 goto error;
304
305 DetectAddressInsert(de_ctx, gh, new);
306 if (c != NULL)
307 DetectAddressInsert(de_ctx, gh, c);
308
309 return 1;
310 } else if (r == ADDRESS_GE) {
311 c = NULL;
312 r = DetectAddressCut(de_ctx, cur,new,&c);
313 if (r == -1)
314 goto error;
315
316 DetectAddressInsert(de_ctx, gh, new);
317 if (c != NULL)
318 DetectAddressInsert(de_ctx, gh, c);
319
320 return 1;
321 }
322 }
323
324 /* head is NULL, so get a group and set head to it */
325 } else {
326 head = new;
327 if (SetHeadPtr(gh, head) < 0) {
328 SCLogDebug("SetHeadPtr failed");
329 goto error;
330 }
331 }
332
333 return 1;
334
335error:
336 /* XXX */
337 return -1;
338}
339
340/**
341 * \brief Checks if two address group lists are equal.
342 *
343 * \param list1 Pointer to the first address group list.
344 * \param list2 Pointer to the second address group list.
345 *
346 * \retval true On success.
347 * \retval false On failure.
348 */
350{
351 DetectAddress *item = list1;
352 DetectAddress *it = list2;
353
354 // First, compare items one by one.
355 while (item != NULL && it != NULL) {
356 if (DetectAddressCmp(item, it) != ADDRESS_EQ) {
357 return false;
358 }
359
360 item = item->next;
361 it = it->next;
362 }
363
364 // Are the lists of the same size?
365 if (!(item == NULL && it == NULL)) {
366 return false;
367 }
368
369 return true;
370}
371
372/**
373 * \internal
374 * \brief Parses an ipv4/ipv6 address string and updates the result into the
375 * DetectAddress instance sent as the argument.
376 *
377 * \param dd Pointer to the DetectAddress instance which should be updated with
378 * the address range details from the parsed ip string.
379 * \param str Pointer to address string that has to be parsed.
380 *
381 * \retval 0 On successfully parsing the address string.
382 * \retval -1 On failure.
383 */
384static int DetectAddressParseString(DetectAddress *dd, const char *str)
385{
386 char *ip = NULL;
387 char *ip2 = NULL;
388 char *mask = NULL;
389 int r = 0;
390 char ipstr[256];
391
392 /* shouldn't see 'any' here */
393 BUG_ON(strcasecmp(str, "any") == 0);
394
395 strlcpy(ipstr, str, sizeof(ipstr));
396 SCLogDebug("str %s", str);
397
398 /* we work with a copy so that we can put a
399 * nul-termination in it later */
400 ip = ipstr;
401
402 /* handle the negation case */
403 if (ip[0] == '!') {
404 dd->flags |= ADDRESS_FLAG_NOT;
405 ip++;
406 }
407
408 /* see if the address is an ipv4 or ipv6 address */
409 if ((strchr(str, ':')) == NULL) {
410 /* IPv4 Address */
411 struct in_addr in;
412
413 dd->ip.family = AF_INET;
414
415 if ((mask = strchr(ip, '/')) != NULL) {
416 /* 1.2.3.4/xxx format (either dotted or cidr notation */
417 ip[mask - ip] = '\0';
418 mask++;
419 uint32_t ip4addr = 0;
420 uint32_t netmask = 0;
421
422 if ((strchr (mask, '.')) == NULL) {
423 /* 1.2.3.4/24 format */
424
425 for (size_t u = 0; u < strlen(mask); u++) {
426 if(!isdigit((unsigned char)mask[u]))
427 goto error;
428 }
429
430 int cidr;
431 if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
432 goto error;
433 netmask = CIDRGet(cidr);
434 } else {
435 /* 1.2.3.4/255.255.255.0 format */
436 r = inet_pton(AF_INET, mask, &in);
437 if (r <= 0)
438 goto error;
439
440 netmask = in.s_addr;
441
442 /* validate netmask */
443 int cidr = CIDRFromMask(netmask);
444 if (cidr < 0) {
446 "netmask \"%s\" is not usable. Only netmasks that are compatible with "
447 "CIDR notation are supported. See ticket #5168.",
448 mask);
449 goto error;
450 }
451 }
452
453 r = inet_pton(AF_INET, ip, &in);
454 if (r <= 0)
455 goto error;
456
457 ip4addr = in.s_addr;
458
459 dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask;
460 dd->ip2.addr_data32[0] |=~ netmask;
461 } else if ((ip2 = strchr(ip, '-')) != NULL) {
462 /* 1.2.3.4-1.2.3.6 range format */
463 ip[ip2 - ip] = '\0';
464 ip2++;
465
466 r = inet_pton(AF_INET, ip, &in);
467 if (r <= 0)
468 goto error;
469 dd->ip.addr_data32[0] = in.s_addr;
470
471 r = inet_pton(AF_INET, ip2, &in);
472 if (r <= 0)
473 goto error;
474 dd->ip2.addr_data32[0] = in.s_addr;
475
476 /* a > b is illegal, a = b is ok */
477 if (SCNtohl(dd->ip.addr_data32[0]) > SCNtohl(dd->ip2.addr_data32[0]))
478 goto error;
479 } else {
480 /* 1.2.3.4 format */
481 r = inet_pton(AF_INET, ip, &in);
482 if (r <= 0)
483 goto error;
484 /* single host */
485 dd->ip.addr_data32[0] = in.s_addr;
486 dd->ip2.addr_data32[0] = in.s_addr;
487 }
488 } else {
489 /* IPv6 Address */
490 struct in6_addr in6, mask6;
491 uint32_t ip6addr[4], netmask[4];
492
493 dd->ip.family = AF_INET6;
494
495 if ((mask = strchr(ip, '/')) != NULL) {
496 ip[mask - ip] = '\0';
497 mask++;
498
499 int cidr;
500 if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
501 goto error;
502
503 r = inet_pton(AF_INET6, ip, &in6);
504 if (r <= 0)
505 goto error;
506 memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
507
508 CIDRGetIPv6(cidr, &mask6);
509 memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
510
511 dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
512 dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1];
513 dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2];
514 dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3];
515
516 dd->ip2.addr_data32[0] |=~ netmask[0];
517 dd->ip2.addr_data32[1] |=~ netmask[1];
518 dd->ip2.addr_data32[2] |=~ netmask[2];
519 dd->ip2.addr_data32[3] |=~ netmask[3];
520 } else if ((ip2 = strchr(ip, '-')) != NULL) {
521 /* 2001::1-2001::4 range format */
522 ip[ip2 - ip] = '\0';
523 ip2++;
524
525 r = inet_pton(AF_INET6, ip, &in6);
526 if (r <= 0)
527 goto error;
528 memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr));
529
530 r = inet_pton(AF_INET6, ip2, &in6);
531 if (r <= 0)
532 goto error;
533 memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr));
534
535 /* a > b is illegal, a=b is ok */
536 if (AddressIPv6Gt(&dd->ip, &dd->ip2))
537 goto error;
538 } else {
539 r = inet_pton(AF_INET6, ip, &in6);
540 if (r <= 0)
541 goto error;
542
543 memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address));
544 memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address));
545 }
546
547 }
548
549 BUG_ON(dd->ip.family == 0);
550
551 return 0;
552
553error:
554 return -1;
555}
556
557/**
558 * \internal
559 * \brief Simply parse an address and return a DetectAddress instance containing
560 * the address ranges of the parsed ip addressstring
561 *
562 * \param str Pointer to a character string containing the ip address
563 *
564 * \retval dd Pointer to the DetectAddress instance containing the address
565 * range details from the parsed ip string
566 */
567static DetectAddress *DetectAddressParseSingle(const char *str)
568{
569 SCLogDebug("str %s", str);
570
572 if (dd == NULL)
573 return NULL;
574
575 if (DetectAddressParseString(dd, str) < 0) {
576 SCLogDebug("AddressParse failed");
578 return NULL;
579 }
580
581 return dd;
582}
583
584/**
585 * \brief Setup a single address string, parse it and add the resulting
586 * Address-Range(s) to the AddressHead(DetectAddressHead instance).
587 *
588 * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
589 * resulting Address-Range(s) from the parsed ip string has to
590 * be added.
591 * \param s Pointer to the ip address string to be parsed.
592 *
593 * \retval 0 On success.
594 * \retval -1 On failure.
595 */
596static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
597{
598 SCLogDebug("gh %p, s %s", gh, s);
599
600 while (*s != '\0' && isspace(*s))
601 s++;
602
603 if (strcasecmp(s, "any") == 0) {
604 SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'");
605
606 DetectAddress *ad = DetectAddressParseSingle("0.0.0.0/0");
607 if (ad == NULL)
608 return -1;
609
610 BUG_ON(ad->ip.family == 0);
611
612 if (DetectAddressInsert(NULL, gh, ad) < 0) {
613 SCLogDebug("DetectAddressInsert failed");
615 return -1;
616 }
617
618 ad = DetectAddressParseSingle("::/0");
619 if (ad == NULL)
620 return -1;
621
622 BUG_ON(ad->ip.family == 0);
623
624 if (DetectAddressInsert(NULL, gh, ad) < 0) {
625 SCLogDebug("DetectAddressInsert failed");
627 return -1;
628 }
629 return 0;
630 }
631
632 /* parse the address */
633 DetectAddress *ad = DetectAddressParseSingle(s);
634 if (ad == NULL) {
635 SCLogError("failed to parse address \"%s\"", s);
636 return -1;
637 }
638
639 /* handle the not case, we apply the negation then insert the part(s) */
640 if (ad->flags & ADDRESS_FLAG_NOT) {
641 DetectAddress *ad2 = NULL;
642
643 if (DetectAddressCutNot(ad, &ad2) < 0) {
644 SCLogDebug("DetectAddressCutNot failed");
646 return -1;
647 }
648
649 /* normally a 'not' will result in two ad's unless the 'not' is on the start or end
650 * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */
651 if (ad2 != NULL) {
652 if (DetectAddressInsert(NULL, gh, ad2) < 0) {
653 SCLogDebug("DetectAddressInsert failed");
656 return -1;
657 }
658 }
659 }
660
661 int r = DetectAddressInsert(NULL, gh, ad);
662 if (r < 0) {
663 SCLogDebug("DetectAddressInsert failed");
665 return -1;
666 }
667 SCLogDebug("r %d",r);
668 return 0;
669}
670
671/**
672 * \brief Parses an address string and updates the 2 address heads with the
673 * address data.
674 *
675 * Note that this function should only be called by the wrapping function
676 * DetectAddressParse2. The wrapping function provides long address handling
677 * when the address size exceeds a threshold value.
678 *
679 * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]],
680 * since we pass around negate without keeping a count of ! with depth.
681 * Can solve this by keeping a count of the negations with depth, so that
682 * an even no of negations would count as no negation and an odd no of
683 * negations would count as a negation.
684 *
685 * \param gh Pointer to the address head that should hold address ranges
686 * that are not negated.
687 * \param ghn Pointer to the address head that should hold address ranges
688 * that are negated.
689 * \param s Pointer to the character string holding the address to be
690 * parsed.
691 * \param negate Flag that indicates if the received address string is negated
692 * or not. 0 if it is not, 1 it it is.
693 *
694 * \retval 0 On successfully parsing.
695 * \retval -1 On failure.
696 */
697static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
698 DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
699 int recur, char *address, size_t address_length)
700{
701 size_t x = 0;
702 size_t u = 0;
703 int o_set = 0, n_set = 0, d_set = 0;
704 int depth = 0;
705 const char *rule_var_address = NULL;
706 char *temp_rule_var_address = NULL;
707
708 if (++recur > 64) {
709 SCLogError("address block recursion "
710 "limit reached (max 64)");
711 goto error;
712 }
713
714 SCLogDebug("s %s negate %s", s, negate ? "true" : "false");
715
716 size_t size = strlen(s);
717 for (u = 0, x = 0; u < size && x < address_length; u++) {
718 if (x == (address_length - 1)) {
719 SCLogError("Hit the address buffer"
720 " limit for the supplied address. Invalidating sig. "
721 "Please file a bug report on this.");
722 goto error;
723 }
724 address[x] = s[u];
725 x++;
726
727 if (!o_set && s[u] == '!') {
728 n_set = 1;
729 x--;
730 } else if (s[u] == '[') {
731 if (!o_set) {
732 o_set = 1;
733 x = 0;
734 }
735 depth++;
736 } else if (s[u] == ']') {
737 if (depth == 1) {
738 address[x - 1] = '\0';
739 x = 0;
740 SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set);
741 if (((negate + n_set) % 2) == 0) {
742 /* normal block */
743 SCLogDebug("normal block");
744
745 if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2, var_list, recur) < 0)
746 goto error;
747 } else {
748 /* negated block
749 *
750 * Extra steps are necessary. First consider it as a normal
751 * (non-negated) range. Merge the + and - ranges if
752 * applicable. Then insert the result into the ghn list. */
753 SCLogDebug("negated block");
754
755 DetectAddressHead tmp_gh = { NULL, NULL };
756 DetectAddressHead tmp_ghn = { NULL, NULL };
757
758 if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0, var_list, recur) < 0) {
760 DetectAddressHeadCleanup(&tmp_ghn);
761 goto error;
762 }
763
764 DetectAddress *tmp_ad;
765 DetectAddress *tmp_ad2;
766#ifdef DEBUG
767 SCLogDebug("tmp_gh: IPv4");
768 for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
769 DetectAddressPrint(tmp_ad);
770 }
771 SCLogDebug("tmp_ghn: IPv4");
772 for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
773 DetectAddressPrint(tmp_ad);
774 }
775 SCLogDebug("tmp_gh: IPv6");
776 for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
777 DetectAddressPrint(tmp_ad);
778 }
779 SCLogDebug("tmp_ghn: IPv6");
780 for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
781 DetectAddressPrint(tmp_ad);
782 }
783#endif
784 if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) {
785 DetectAddressHeadCleanup(&tmp_ghn);
787 goto error;
788 }
789 DetectAddressHeadCleanup(&tmp_ghn);
790
791 SCLogDebug("merged successfully");
792
793 /* insert the IPv4 addresses into the negated list */
794 for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) {
795 /* work with a copy of the address group */
796 tmp_ad2 = DetectAddressCopy(tmp_ad);
797 if (tmp_ad2 == NULL) {
798 SCLogDebug("DetectAddressCopy failed");
800 goto error;
801 }
802 DetectAddressPrint(tmp_ad2);
803 DetectAddressInsert(NULL, ghn, tmp_ad2);
804 }
805
806 /* insert the IPv6 addresses into the negated list */
807 for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
808 /* work with a copy of the address group */
809 tmp_ad2 = DetectAddressCopy(tmp_ad);
810 if (tmp_ad2 == NULL) {
811 SCLogDebug("DetectAddressCopy failed");
813 goto error;
814 }
815 DetectAddressPrint(tmp_ad2);
816 DetectAddressInsert(NULL, ghn, tmp_ad2);
817 }
818
820 }
821 n_set = 0;
822 }
823 depth--;
824 } else if (depth == 0 && s[u] == ',') {
825 if (o_set == 1) {
826 o_set = 0;
827 } else if (d_set == 1) {
828 address[x - 1] = '\0';
829
830 rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
832 if (rule_var_address == NULL)
833 goto error;
834
835 if (strlen(rule_var_address) == 0) {
836 SCLogError("variable %s resolved "
837 "to nothing. This is likely a misconfiguration. "
838 "Note that a negated address needs to be quoted, "
839 "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
840 s);
841 goto error;
842 }
843
844 SCLogDebug("rule_var_address %s", rule_var_address);
845 if ((negate + n_set) % 2) {
846 temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
847 if (unlikely(temp_rule_var_address == NULL))
848 goto error;
849 snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
850 "[%s]", rule_var_address);
851 } else {
852 temp_rule_var_address = SCStrdup(rule_var_address);
853 if (unlikely(temp_rule_var_address == NULL))
854 goto error;
855 }
856
857 if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
858 (negate + n_set) % 2, var_list, recur) < 0) {
859 if (temp_rule_var_address != rule_var_address)
860 SCFree(temp_rule_var_address);
861 goto error;
862 }
863 d_set = 0;
864 n_set = 0;
865 SCFree(temp_rule_var_address);
866 } else {
867 address[x - 1] = '\0';
868
869 if (!((negate + n_set) % 2)) {
870 SCLogDebug("DetectAddressSetup into gh, %s", address);
871 if (DetectAddressSetup(gh, address) < 0)
872 goto error;
873 } else {
874 SCLogDebug("DetectAddressSetup into ghn, %s", address);
875 if (DetectAddressSetup(ghn, address) < 0)
876 goto error;
877 }
878 n_set = 0;
879 }
880 x = 0;
881 } else if (depth == 0 && s[u] == '$') {
882 d_set = 1;
883 } else if (depth == 0 && u == size - 1) {
884 if (x == address_length) {
885 address[x - 1] = '\0';
886 } else {
887 address[x] = '\0';
888 }
889 x = 0;
890
891 if (AddVariableToResolveList(var_list, address) == -1) {
892 SCLogError("Found a loop in a address "
893 "groups declaration. This is likely a misconfiguration.");
894 goto error;
895 }
896
897 if (d_set == 1) {
898 rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
900 if (rule_var_address == NULL)
901 goto error;
902
903 if (strlen(rule_var_address) == 0) {
904 SCLogError("variable %s resolved "
905 "to nothing. This is likely a misconfiguration. "
906 "Note that a negated address needs to be quoted, "
907 "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
908 s);
909 goto error;
910 }
911
912 SCLogDebug("rule_var_address %s", rule_var_address);
913 if ((negate + n_set) % 2) {
914 temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3);
915 if (unlikely(temp_rule_var_address == NULL))
916 goto error;
917 snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
918 "[%s]", rule_var_address);
919 } else {
920 temp_rule_var_address = SCStrdup(rule_var_address);
921 if (unlikely(temp_rule_var_address == NULL))
922 goto error;
923 }
924
925 if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address,
926 (negate + n_set) % 2, var_list, recur) < 0) {
927 SCLogDebug("DetectAddressParse2 hates us");
928 if (temp_rule_var_address != rule_var_address)
929 SCFree(temp_rule_var_address);
930 goto error;
931 }
932 d_set = 0;
933 SCFree(temp_rule_var_address);
934 } else {
935 if (!((negate + n_set) % 2)) {
936 SCLogDebug("DetectAddressSetup into gh, %s", address);
937 if (DetectAddressSetup(gh, address) < 0) {
938 SCLogDebug("DetectAddressSetup gh fail");
939 goto error;
940 }
941 } else {
942 SCLogDebug("DetectAddressSetup into ghn, %s", address);
943 if (DetectAddressSetup(ghn, address) < 0) {
944 SCLogDebug("DetectAddressSetup ghn fail");
945 goto error;
946 }
947 }
948 }
949 n_set = 0;
950 }
951 }
952 if (depth > 0) {
953 SCLogError("not every address block was "
954 "properly closed in \"%s\", %d missing closing brackets (]). "
955 "Note: problem might be in a variable.",
956 s, depth);
957 goto error;
958 } else if (depth < 0) {
959 SCLogError("not every address block was "
960 "properly opened in \"%s\", %d missing opening brackets ([). "
961 "Note: problem might be in a variable.",
962 s, depth * -1);
963 goto error;
964 }
965
966 return 0;
967
968error:
969
970 return -1;
971}
972
973/**
974 * \internal
975 * \brief Wrapper function for address parsing to minimize heap allocs during address parsing.
976 *
977 * \retval Return value from DetectAddressParseInternal
978 */
979static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead *gh,
980 DetectAddressHead *ghn, const char *s, int negate, ResolvedVariablesList *var_list,
981 int recur)
982{
983 int rc;
984#define MAX_ADDRESS_LENGTH 8192
985
986 size_t address_length = strlen(s);
987 if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
988 char *address = SCCalloc(1, address_length);
989 if (address == NULL) {
990 SCLogError("Unable to allocate"
991 " memory for address parsing.");
992 return -1;
993 }
994 rc = DetectAddressParseInternal(
995 de_ctx, gh, ghn, s, negate, var_list, recur, address, address_length);
997 } else {
998 char address[MAX_ADDRESS_LENGTH] = "";
999 rc = DetectAddressParseInternal(
1000 de_ctx, gh, ghn, s, negate, var_list, recur, address, MAX_ADDRESS_LENGTH);
1001 }
1002 return rc;
1003}
1004
1005/**
1006 * \internal
1007 * \brief See if the addresses and ranges in an address head cover the
1008 * entire ip space.
1009 *
1010 * \param gh Pointer to the DetectAddressHead to check.
1011 *
1012 * \retval 0 No.
1013 * \retval 1 Yes.
1014 *
1015 * \todo do the same for IPv6
1016 */
1017static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh)
1018{
1020 if (r == 1)
1021 return 1;
1022
1023 return 0;
1024}
1025
1026/**
1027 * \brief Merge the + and the - list (+ positive match, - 'not' match)
1028 *
1029 * \param gh Pointer to the address head containing the non-NOT groups.
1030 * \param ghn Pointer to the address head containing the NOT groups.
1031 *
1032 * \retval 0 On success.
1033 * \retval -1 On failure.
1034 */
1036{
1037 DetectAddress *ad;
1038 DetectAddress *ag, *ag2;
1039 int r = 0;
1040
1041 SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1042 ghn->ipv4_head);
1043
1044 /* check if the negated list covers the entire ip space. If so
1045 * the user screwed up the rules/vars. */
1046 if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
1047 SCLogError("Complete IP space negated. "
1048 "Rule address range is NIL. Probably have a !any or "
1049 "an address range that supplies a NULL address range");
1050 goto error;
1051 }
1052
1053 /* step 0: if the gh list is empty, but the ghn list isn't we have a pure
1054 * not thingy. In that case we add a 0.0.0.0/0 first. */
1055 if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) {
1056 r = DetectAddressSetup(gh, "0.0.0.0/0");
1057 if (r < 0) {
1058 SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed");
1059 goto error;
1060 }
1061 }
1062 /* ... or ::/0 for ipv6 */
1063 if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) {
1064 r = DetectAddressSetup(gh, "::/0");
1065 if (r < 0) {
1066 SCLogDebug("DetectAddressSetup for ::/0 failed");
1067 goto error;
1068 }
1069 }
1070
1071 /* step 1: insert our ghn members into the gh list */
1072 for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1073 /* work with a copy of the ad so we can easily clean up the ghn group
1074 * later. */
1075 ad = DetectAddressCopy(ag);
1076 if (ad == NULL) {
1077 SCLogDebug("DetectAddressCopy failed");
1078 goto error;
1079 }
1080
1081 r = DetectAddressInsert(NULL, gh, ad);
1082 if (r < 0) {
1083 SCLogDebug("DetectAddressInsert failed");
1084 goto error;
1085 }
1086 }
1087 /* ... and the same for ipv6 */
1088 for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1089 /* work with a copy of the ad so we can easily clean up the ghn group
1090 * later. */
1091 ad = DetectAddressCopy(ag);
1092 if (ad == NULL) {
1093 SCLogDebug("DetectAddressCopy failed");
1094 goto error;
1095 }
1096
1097 r = DetectAddressInsert(NULL, gh, ad);
1098 if (r < 0) {
1099 SCLogDebug("DetectAddressInsert failed");
1100 goto error;
1101 }
1102 }
1103#ifdef DEBUG
1104 DetectAddress *tmp_ad;
1105 for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1106 DetectAddressPrint(tmp_ad);
1107 }
1108#endif
1109 int ipv4_applied = 0;
1110 int ipv6_applied = 0;
1111
1112 /* step 2: pull the address blocks that match our 'not' blocks */
1113 for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
1114 SCLogDebug("ag %p", ag);
1116
1117 int applied = 0;
1118 for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
1119 SCLogDebug("ag2 %p", ag2);
1120 DetectAddressPrint(ag2);
1121
1122 r = DetectAddressCmp(ag, ag2);
1123 /* XXX more ??? */
1124 if (r == ADDRESS_EQ || r == ADDRESS_EB) {
1125 if (ag2->prev != NULL)
1126 ag2->prev->next = ag2->next;
1127 if (ag2->next != NULL)
1128 ag2->next->prev = ag2->prev;
1129 if (gh->ipv4_head == ag2)
1130 gh->ipv4_head = ag2->next;
1131 /* store the next ptr and remove the group */
1132 DetectAddress *next_ag2 = ag2->next;
1133 DetectAddressFree(ag2);
1134 ag2 = next_ag2;
1135 applied = 1;
1136 } else {
1137 ag2 = ag2->next;
1138 }
1139 }
1140
1141 if (applied) {
1142 ipv4_applied++;
1143 }
1144 }
1145 /* ... and the same for ipv6 */
1146 for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) {
1147 int applied = 0;
1148 for (ag2 = gh->ipv6_head; ag2 != NULL; ) {
1149 r = DetectAddressCmp(ag, ag2);
1150 if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
1151 if (ag2->prev != NULL)
1152 ag2->prev->next = ag2->next;
1153 if (ag2->next != NULL)
1154 ag2->next->prev = ag2->prev;
1155 if (gh->ipv6_head == ag2)
1156 gh->ipv6_head = ag2->next;
1157 /* store the next ptr and remove the group */
1158 DetectAddress *next_ag2 = ag2->next;
1159 DetectAddressFree(ag2);
1160 ag2 = next_ag2;
1161
1162 SCLogDebug("applied");
1163 applied = 1;
1164 } else {
1165 ag2 = ag2->next;
1166 }
1167 }
1168 if (applied) {
1169 ipv6_applied++;
1170 }
1171 }
1172#ifdef DEBUG
1173 for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1174 DetectAddressPrint(tmp_ad);
1175 }
1176 for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) {
1177 DetectAddressPrint(tmp_ad);
1178 }
1179#endif
1180 if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) {
1181 int cnt = 0;
1182 for (ad = ghn->ipv4_head; ad; ad = ad->next)
1183 cnt++;
1184
1185 if (ipv4_applied != cnt) {
1186 SCLogError("not all IPv4 negations "
1187 "could be applied: %d != %d",
1188 cnt, ipv4_applied);
1189 goto error;
1190 }
1191
1192 cnt = 0;
1193 for (ad = ghn->ipv6_head; ad; ad = ad->next)
1194 cnt++;
1195
1196 if (ipv6_applied != cnt) {
1197 SCLogError("not all IPv6 negations "
1198 "could be applied: %d != %d",
1199 cnt, ipv6_applied);
1200 goto error;
1201 }
1202 }
1203
1204 /* if the result is that we have no addresses we return error */
1205 if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
1206 SCLogError("no addresses left after "
1207 "merging addresses and negated addresses");
1208 goto error;
1209 }
1210
1211 return 0;
1212
1213error:
1214 return -1;
1215}
1216
1218{
1219 SCLogDebug("Testing address conf vars for any misconfigured values");
1220
1221 ResolvedVariablesList var_list = TAILQ_HEAD_INITIALIZER(var_list);
1222
1223 SCConfNode *address_vars_node = SCConfGetNode("vars.address-groups");
1224 if (address_vars_node == NULL) {
1225 return 0;
1226 }
1227
1228 DetectAddressHead *gh = NULL;
1229 DetectAddressHead *ghn = NULL;
1230
1231 SCConfNode *seq_node;
1232 TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
1233 SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
1234
1235 gh = DetectAddressHeadInit();
1236 if (gh == NULL) {
1237 goto error;
1238 }
1239 ghn = DetectAddressHeadInit();
1240 if (ghn == NULL) {
1241 goto error;
1242 }
1243
1244 if (seq_node->val == NULL) {
1245 SCLogError("Address var \"%s\" probably has a sequence(something "
1246 "in brackets) value set without any quotes. Please "
1247 "quote it using \"..\".",
1248 seq_node->name);
1249 goto error;
1250 }
1251
1252 int r = DetectAddressParse2(
1253 NULL, gh, ghn, seq_node->val, /* start with negate no */ 0, &var_list, 0);
1254
1255 CleanVariableResolveList(&var_list);
1256
1257 if (r < 0) {
1258 SCLogError("failed to parse address var \"%s\" with value \"%s\". "
1259 "Please check its syntax",
1260 seq_node->name, seq_node->val);
1261 goto error;
1262 }
1263
1264 if (DetectAddressIsCompleteIPSpace(ghn)) {
1265 SCLogError("address var - \"%s\" has the complete IP space negated "
1266 "with its value \"%s\". Rule address range is NIL. "
1267 "Probably have a !any or an address range that supplies "
1268 "a NULL address range",
1269 seq_node->name, seq_node->val);
1270 goto error;
1271 }
1272
1273 DetectAddressHeadFree(gh);
1274 DetectAddressHeadFree(ghn);
1275 ghn = NULL;
1276 }
1277
1278 return 0;
1279 error:
1280 if (gh != NULL)
1281 DetectAddressHeadFree(gh);
1282 if (ghn != NULL)
1283 DetectAddressHeadFree(ghn);
1284 return -1;
1285}
1286
1287#include "util-hash-lookup3.h"
1288
1294
1295static uint32_t DetectAddressMapHashFunc(HashListTable *ht, void *data, uint16_t datalen)
1296{
1297 const DetectAddressMap *map = (DetectAddressMap *)data;
1298 uint32_t hash = 0;
1299
1300 hash = hashlittle_safe(map->string, strlen(map->string), 0);
1301 hash %= ht->array_size;
1302
1303 return hash;
1304}
1305
1306static char DetectAddressMapCompareFunc(void *data1, uint16_t len1, void *data2,
1307 uint16_t len2)
1308{
1309 DetectAddressMap *map1 = (DetectAddressMap *)data1;
1310 DetectAddressMap *map2 = (DetectAddressMap *)data2;
1311
1312 char r = (strcmp(map1->string, map2->string) == 0);
1313 return r;
1314}
1315
1316static void DetectAddressMapFreeFunc(void *data)
1317{
1318 DetectAddressMap *map = (DetectAddressMap *)data;
1319 if (map != NULL) {
1320 DetectAddressHeadFree(map->address);
1321 SCFree(map->string);
1322 }
1323 SCFree(map);
1324}
1325
1327{
1328 de_ctx->address_table = HashListTableInit(4096, DetectAddressMapHashFunc,
1329 DetectAddressMapCompareFunc,
1330 DetectAddressMapFreeFunc);
1331 if (de_ctx->address_table == NULL)
1332 return -1;
1333
1334 return 0;
1335}
1336
1338{
1339 if (de_ctx->address_table == NULL)
1340 return;
1341
1343 de_ctx->address_table = NULL;
1344}
1345
1346static bool DetectAddressMapAdd(DetectEngineCtx *de_ctx, const char *string,
1347 DetectAddressHead *address, bool contains_negation)
1348{
1349 DetectAddressMap *map = SCCalloc(1, sizeof(*map));
1350 if (map == NULL)
1351 return false;
1352
1353 map->string = SCStrdup(string);
1354 if (map->string == NULL) {
1355 SCFree(map);
1356 return false;
1357 }
1358 map->address = address;
1359 map->contains_negation = contains_negation;
1360
1361 if (HashListTableAdd(de_ctx->address_table, map, 0) != 0) {
1362 SCFree(map->string);
1363 SCFree(map);
1364 return false;
1365 }
1366
1367 return true;
1368}
1369
1370static const DetectAddressMap *DetectAddressMapLookup(DetectEngineCtx *de_ctx,
1371 const char *string)
1372{
1373 DetectAddressMap map = { (char *)string, NULL, false };
1374
1376 &map, 0);
1377 return res;
1378}
1379
1380/**
1381 * \brief Parses an address group sent as a character string and updates the
1382 * DetectAddressHead sent as the argument with the relevant address
1383 * ranges from the parsed string.
1384 *
1385 * \param de_ctx Pointer to the detection engine context
1386 * \param gh Pointer to the DetectAddressHead.
1387 * \param str Pointer to the character string containing the address group
1388 * that has to be parsed.
1389 *
1390 * \retval 1 On success. Contained negation.
1391 * \retval 0 On success. Did not contain negation.
1392 * \retval -1 On failure.
1393 */
1395 DetectAddressHead *gh, const char *str)
1396{
1397 SCLogDebug("gh %p, str %s", gh, str);
1398
1399 if (str == NULL) {
1400 SCLogDebug("DetectAddressParse can not be run with NULL address");
1401 return -1;
1402 }
1403
1404 DetectAddressHead *ghn = DetectAddressHeadInit();
1405 if (ghn == NULL) {
1406 SCLogDebug("DetectAddressHeadInit for ghn failed");
1407 return -1;
1408 }
1409
1410 int r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */ 0, NULL, 0);
1411 if (r < 0) {
1412 SCLogDebug("DetectAddressParse2 returned %d", r);
1413 DetectAddressHeadFree(ghn);
1414 return -1;
1415 }
1416
1417 SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head,
1418 ghn->ipv4_head);
1419
1420 bool contains_negation = (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL);
1421
1422 /* merge the 'not' address groups */
1423 if (DetectAddressMergeNot(gh, ghn) < 0) {
1424 SCLogDebug("DetectAddressMergeNot failed");
1425 DetectAddressHeadFree(ghn);
1426 return -1;
1427 }
1428
1429 /* free the temp negate head */
1430 DetectAddressHeadFree(ghn);
1431 return contains_negation ? 1 : 0;
1432}
1433
1435 const char *string, bool *contains_negation)
1436{
1437 const DetectAddressMap *res = DetectAddressMapLookup(de_ctx, string);
1438 if (res != NULL) {
1439 SCLogDebug("found: %s :: %p", string, res);
1440 *contains_negation = res->contains_negation;
1441 return res->address;
1442 }
1443
1444 SCLogDebug("%s not found", string);
1445
1446 DetectAddressHead *head = DetectAddressHeadInit();
1447 if (head == NULL)
1448 return NULL;
1449
1450 const int r = DetectAddressParse(de_ctx, head, string);
1451 if (r < 0) {
1452 DetectAddressHeadFree(head);
1453 return NULL;
1454 } else if (r == 1) {
1455 *contains_negation = true;
1456 } else {
1457 *contains_negation = false;
1458 }
1459
1460 if (!DetectAddressMapAdd((DetectEngineCtx *)de_ctx, string, head, *contains_negation)) {
1461 DetectAddressHeadFree(head);
1462 return NULL;
1463 }
1464
1465 return head;
1466}
1467
1468/**
1469 * \brief Cleans a DetectAddressHead. The functions frees the address
1470 * group heads(ipv4 and ipv6) inside the DetectAddressHead
1471 * instance.
1472 *
1473 * \param gh Pointer to the DetectAddressHead instance that has to be
1474 * cleaned.
1475 */
1477{
1478 if (gh != NULL) {
1479 if (gh->ipv4_head != NULL) {
1480 DetectAddressCleanupList(gh->ipv4_head);
1481 gh->ipv4_head = NULL;
1482 }
1483 if (gh->ipv6_head != NULL) {
1484 DetectAddressCleanupList(gh->ipv6_head);
1485 gh->ipv6_head = NULL;
1486 }
1487 }
1488}
1489
1490/**
1491 * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions.
1492 * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for
1493 * explanations on what these functions do.
1494 *
1495 * \param de_ctx Pointer to the DetectEngineCtx.
1496 * \param a Pointer to the first address to be cut.
1497 * \param b Pointer to the second address to be cut.
1498 * \param c Pointer to a pointer to a third DetectAddressData, in case the
1499 * ranges from a and b, demand a third address range.
1500 *
1501 * \retval 0 On success.
1502 * \retval -1 On failure.
1503 */
1504int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a,
1506{
1507 if (a->ip.family == AF_INET)
1508 return DetectAddressCutIPv4(de_ctx, a, b, c);
1509 else if (a->ip.family == AF_INET6)
1510 return DetectAddressCutIPv6(de_ctx, a, b, c);
1511
1512 return -1;
1513}
1514
1515/**
1516 * \brief Cuts a negated address range with respect to the entire ip range, and
1517 * supplies with the address range that doesn't belong to the negated
1518 * address range.
1519 *
1520 * There are 2 cases here -
1521 *
1522 * The first case includes the address being located at the extreme ends
1523 * of the ip space, in which we get a single range.
1524 * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255.
1525 *
1526 * The second case includes the address not present at either of the
1527 * ip space extremes, in which case we get 2 ranges. The second range
1528 * would be supplied back with the argument "b" supplied to this function.
1529 * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 -
1530 * 10.20.30.39 and 10.20.30.41 - 255.255.255.255.
1531 *
1532 * The above negation cases can similarly be extended to ranges, i.e.
1533 * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and
1534 * ![10.20.30.40 - 10.20.30.50].
1535 *
1536 *
1537 * \param a Pointer to the DetectAddressData instance, that contains the negated
1538 * address range that has to be cut.
1539 * \param b Pointer to a pointer to a DetectAddressData instance, that should be
1540 * filled with the address range, if the argument "a", doesn't fall at
1541 * the extreme ends of the ip address space.
1542 *
1543 * \retval 0 On success.
1544 * \retval -1 On failure.
1545 */
1546int DetectAddressCutNot(DetectAddress *a, DetectAddress **b)
1547{
1548 if (a->ip.family == AF_INET)
1549 return DetectAddressCutNotIPv4(a, b);
1550 else if (a->ip.family == AF_INET6)
1551 return DetectAddressCutNotIPv6(a, b);
1552
1553 return -1;
1554}
1555
1556/**
1557 * \brief Used to compare 2 address ranges.
1558 *
1559 * \param a Pointer to the first DetectAddressData to be compared.
1560 * \param b Pointer to the second DetectAddressData to be compared.
1561 */
1563{
1564 if (a->ip.family != b->ip.family)
1565 return ADDRESS_ER;
1566
1567 if (a->ip.family == AF_INET)
1568 return DetectAddressCmpIPv4(a, b);
1569 else if (a->ip.family == AF_INET6)
1570 return DetectAddressCmpIPv6(a, b);
1571
1572 return ADDRESS_ER;
1573}
1574
1575/**
1576 * \brief Match a packets address against a signatures addrs array
1577 *
1578 * \param addrs array of DetectMatchAddressIPv4's
1579 * \param addrs_cnt array size in members
1580 * \param a packets address
1581 *
1582 * \retval 0 no match
1583 * \retval 1 match
1584 *
1585 * \note addresses in addrs are in host order
1586 *
1587 * \todo array should be ordered, so we can break out of the loop
1588 */
1590 uint16_t addrs_cnt, const Address *a)
1591{
1592 SCEnter();
1593
1594 if (addrs == NULL || addrs_cnt == 0) {
1595 SCReturnInt(0);
1596 }
1597
1598 uint32_t match_addr = SCNtohl(a->addr_data32[0]);
1599 for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1600 if (match_addr >= addrs[idx].ip && match_addr <= addrs[idx].ip2) {
1601 SCReturnInt(1);
1602 }
1603 }
1604
1605 SCReturnInt(0);
1606}
1607
1608/**
1609 * \brief Match a packets address against a signatures addrs array
1610 *
1611 * \param addrs array of DetectMatchAddressIPv6's
1612 * \param addrs_cnt array size in members
1613 * \param a packets address
1614 *
1615 * \retval 0 no match
1616 * \retval 1 match
1617 *
1618 * \note addresses in addrs are in host order
1619 *
1620 * \todo array should be ordered, so we can break out of the loop
1621 */
1623 uint16_t addrs_cnt, const Address *a)
1624{
1625 SCEnter();
1626
1627 if (addrs == NULL || addrs_cnt == 0) {
1628 SCReturnInt(0);
1629 }
1630
1631 uint32_t match_addr[4];
1632 match_addr[0] = SCNtohl(a->addr_data32[0]);
1633 match_addr[1] = SCNtohl(a->addr_data32[1]);
1634 match_addr[2] = SCNtohl(a->addr_data32[2]);
1635 match_addr[3] = SCNtohl(a->addr_data32[3]);
1636
1637 /* See if the packet address is within the range of any entry in the
1638 * signature's address match array.
1639 */
1640 for (uint16_t idx = 0; idx < addrs_cnt; idx++) {
1641 uint16_t result1 = 0, result2 = 0;
1642
1643 /* See if packet address equals either limit. Return 1 if true. */
1644 if (0 == memcmp(match_addr, addrs[idx].ip, sizeof(match_addr))) {
1645 SCReturnInt(1);
1646 }
1647 if (0 == memcmp(match_addr, addrs[idx].ip2, sizeof(match_addr))) {
1648 SCReturnInt(1);
1649 }
1650
1651 /* See if packet address is greater than lower limit
1652 * of the current signature address match pair.
1653 */
1654 for (int i = 0; i < 4; i++) {
1655 if (match_addr[i] > addrs[idx].ip[i]) {
1656 result1 = 1;
1657 break;
1658 }
1659 if (match_addr[i] < addrs[idx].ip[i]) {
1660 result1 = 0;
1661 break;
1662 }
1663 }
1664
1665 /* If not greater than lower limit, try next address match entry */
1666 if (result1 == 0)
1667 continue;
1668
1669 /* See if packet address is less than upper limit
1670 * of the current signature address match pair.
1671 */
1672 for (int i = 0; i < 4; i++) {
1673 if (match_addr[i] < addrs[idx].ip2[i]) {
1674 result2 = 1;
1675 break;
1676 }
1677 if (match_addr[i] > addrs[idx].ip2[i]) {
1678 result2 = 0;
1679 break;
1680 }
1681 }
1682
1683 /* Return a match if packet address is between the two
1684 * signature address match limits.
1685 */
1686 if (result1 == 1 && result2 == 1)
1687 SCReturnInt(1);
1688 }
1689
1690 SCReturnInt(0);
1691}
1692
1693/**
1694 * \brief Check if a particular address(ipv4 or ipv6) matches the address
1695 * range in the DetectAddress instance.
1696 *
1697 * We basically check that the address falls in between the address
1698 * range in DetectAddress.
1699 *
1700 * \param dd Pointer to the DetectAddress instance.
1701 * \param a Pointer to an Address instance.
1702 *
1703 * \param 1 On a match.
1704 * \param 0 On no match.
1705 */
1706static int DetectAddressMatch(DetectAddress *dd, Address *a)
1707{
1708 SCEnter();
1709
1710 if (dd->ip.family != a->family) {
1711 SCReturnInt(0);
1712 }
1713
1714 //DetectAddressPrint(dd);
1715 //AddressDebugPrint(a);
1716
1717 switch (a->family) {
1718 case AF_INET:
1719
1720 /* XXX figure out a way to not need to do this SCNtohl if we switch to
1721 * Address inside DetectAddressData we can do uint8_t checks */
1722 if (SCNtohl(a->addr_data32[0]) >= SCNtohl(dd->ip.addr_data32[0]) &&
1723 SCNtohl(a->addr_data32[0]) <= SCNtohl(dd->ip2.addr_data32[0]))
1724 {
1725 SCReturnInt(1);
1726 } else {
1727 SCReturnInt(0);
1728 }
1729
1730 break;
1731 case AF_INET6:
1732 if (AddressIPv6Ge(a, &dd->ip) == 1 &&
1733 AddressIPv6Le(a, &dd->ip2) == 1)
1734 {
1735 SCReturnInt(1);
1736 } else {
1737 SCReturnInt(0);
1738 }
1739
1740 break;
1741 default:
1742 SCLogDebug("What other address type can we have :-/");
1743 break;
1744 }
1745
1746 SCReturnInt(0);
1747}
1748
1749#ifdef DEBUG
1750/**
1751 * \brief Prints the address data held by the DetectAddress. If the address
1752 * data family is IPv4, we print the ipv4 address and mask, and
1753 * if the address data family is IPv6, we print the ipv6 address and
1754 * mask.
1755 *
1756 * \param ad Pointer to the DetectAddress instance to be printed.
1757 */
1758static void DetectAddressPrint(DetectAddress *gr)
1759{
1760 if (gr == NULL)
1761 return;
1762
1763 if (gr->ip.family == AF_INET) {
1764 struct in_addr in;
1765 char ip[16], mask[16];
1766
1767 memcpy(&in, &gr->ip.addr_data32[0], sizeof(in));
1768 PrintInet(AF_INET, &in, ip, sizeof(ip));
1769 memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in));
1770 PrintInet(AF_INET, &in, mask, sizeof(mask));
1771
1772 SCLogDebug("%s/%s", ip, mask);
1773// printf("%s/%s", ip, mask);
1774 } else if (gr->ip.family == AF_INET6) {
1775 struct in6_addr in6;
1776 char ip[66], mask[66];
1777
1778 memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
1779 PrintInet(AF_INET6, &in6, ip, sizeof(ip));
1780 memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
1781 PrintInet(AF_INET6, &in6, mask, sizeof(mask));
1782
1783 SCLogDebug("%s/%s", ip, mask);
1784// printf("%s/%s", ip, mask);
1785 }
1786}
1787#endif
1788
1789/**
1790 * \brief Find the group matching address in a group head.
1791 *
1792 * \param gh Pointer to the address group head(DetectAddressHead instance).
1793 * \param a Pointer to an Address instance.
1794 *
1795 * \retval g On success pointer to an DetectAddress if we find a match
1796 * for the Address "a", in the DetectAddressHead "gh".
1797 */
1799{
1800 SCEnter();
1801
1802 DetectAddress *g = NULL;
1803
1804 if (gh == NULL) {
1805 SCReturnPtr(NULL, "DetectAddress");
1806 }
1807
1808 /* XXX should we really do this check every time we run this function? */
1809 if (a->family == AF_INET) {
1810 SCLogDebug("IPv4");
1811 g = gh->ipv4_head;
1812 } else if (a->family == AF_INET6) {
1813 SCLogDebug("IPv6");
1814 g = gh->ipv6_head;
1815 }
1816
1817 for ( ; g != NULL; g = g->next) {
1818 if (DetectAddressMatch(g,a) == 1) {
1819 SCReturnPtr(g, "DetectAddress");
1820 }
1821 }
1822
1823 SCReturnPtr(NULL, "DetectAddress");
1824}
1825
1826/********************************Unittests*************************************/
1827
1828#ifdef UNITTESTS
1829
1830static bool UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two)
1831{
1832 char str1[46] = "", str2[46] = "";
1833
1834 if (ad == NULL)
1835 return false;
1836
1837 switch(ad->ip.family) {
1838 case AF_INET:
1839 PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1840 SCLogDebug("%s", str1);
1841 PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1842 SCLogDebug("%s", str2);
1843
1844 if (strcmp(str1, one) != 0) {
1845 SCLogInfo("%s != %s", str1, one);
1846 return false;
1847 }
1848
1849 if (strcmp(str2, two) != 0) {
1850 SCLogInfo("%s != %s", str2, two);
1851 return false;
1852 }
1853
1854 return true;
1855 break;
1856
1857 case AF_INET6:
1858 PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1));
1859 SCLogDebug("%s", str1);
1860 PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2));
1861 SCLogDebug("%s", str2);
1862
1863 if (strcmp(str1, one) != 0) {
1864 SCLogInfo("%s != %s", str1, one);
1865 return false;
1866 }
1867
1868 if (strcmp(str2, two) != 0) {
1869 SCLogInfo("%s != %s", str2, two);
1870 return false;
1871 }
1872
1873 return true;
1874 break;
1875 }
1876
1877 return false;
1878}
1879
1884
1885static int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations)
1886{
1887 int expect = nranges;
1888 int have = 0;
1889
1890 if (gh == NULL)
1891 return false;
1892
1893 DetectAddress *ad = NULL;
1894 ad = gh->ipv4_head;
1895 if (ad == NULL)
1896 ad = gh->ipv6_head;
1897 while (have < expect) {
1898 if (ad == NULL) {
1899 printf("bad head: have %d ranges, expected %d: ", have, expect);
1900 return false;
1901 }
1902
1903 if (!UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two))
1904 return false;
1905
1906 ad = ad->next;
1907 have++;
1908 }
1909
1910 return true;
1911}
1912
1913static int AddressTestParse01(void)
1914{
1915 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1916
1917 if (dd) {
1919 return 1;
1920 }
1921
1922 return 0;
1923}
1924
1925static int AddressTestParse02(void)
1926{
1927 int result = 1;
1928 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4");
1929
1930 if (dd) {
1931 if (dd->ip2.addr_data32[0] != SCNtohl(16909060) ||
1932 dd->ip.addr_data32[0] != SCNtohl(16909060)) {
1933 result = 0;
1934 }
1935
1936 printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]);
1938 return result;
1939 }
1940
1941 return 0;
1942}
1943
1944static int AddressTestParse03(void)
1945{
1946 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1947
1948 if (dd) {
1950 return 1;
1951 }
1952
1953 return 0;
1954}
1955
1956static int AddressTestParse04(void)
1957{
1958 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0");
1959 FAIL_IF_NULL(dd);
1960
1961 char left[16], right[16];
1962 PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1963 PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1964 SCLogDebug("left %s right %s", left, right);
1965 FAIL_IF_NOT(dd->ip.addr_data32[0] == SCNtohl(16909056));
1966 FAIL_IF_NOT(dd->ip2.addr_data32[0] == SCNtohl(16909311));
1967 FAIL_IF_NOT(strcmp(left, "1.2.3.0") == 0);
1968 FAIL_IF_NOT(strcmp(right, "1.2.3.255") == 0);
1969
1971 PASS;
1972}
1973
1974/** \test that address range sets proper start address */
1975static int AddressTestParse04bug5081(void)
1976{
1977 DetectAddress *dd = DetectAddressParseSingle("1.2.3.64/26");
1978 FAIL_IF_NULL(dd);
1979
1980 char left[16], right[16];
1981 PrintInet(AF_INET, (const void *)&dd->ip.addr_data32[0], left, sizeof(left));
1982 PrintInet(AF_INET, (const void *)&dd->ip2.addr_data32[0], right, sizeof(right));
1983 SCLogDebug("left %s right %s", left, right);
1984 FAIL_IF_NOT(strcmp(left, "1.2.3.64") == 0);
1985 FAIL_IF_NOT(strcmp(right, "1.2.3.127") == 0);
1986
1988 PASS;
1989}
1990
1991static int AddressTestParse05(void)
1992{
1993 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
1994
1995 if (dd) {
1997 return 1;
1998 }
1999
2000 return 0;
2001}
2002
2003static int AddressTestParse06(void)
2004{
2005 int result = 1;
2006 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24");
2007
2008 if (dd) {
2009 if (dd->ip2.addr_data32[0] != SCNtohl(16909311) ||
2010 dd->ip.addr_data32[0] != SCNtohl(16909056)) {
2011 result = 0;
2012 }
2013
2015 return result;
2016 }
2017
2018 return 0;
2019}
2020
2021static int AddressTestParse07(void)
2022{
2023 DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2024
2025 if (dd) {
2027 return 1;
2028 }
2029
2030 return 0;
2031}
2032
2033static int AddressTestParse08(void)
2034{
2035 int result = 1;
2036 DetectAddress *dd = DetectAddressParseSingle("2001::/3");
2037
2038 if (dd) {
2039 if (dd->ip.addr_data32[0] != SCNtohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 ||
2040 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2041
2042 dd->ip2.addr_data32[0] != SCNtohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2043 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2045 result = 0;
2046 }
2047
2049 return result;
2050 }
2051
2052 return 0;
2053}
2054
2055static int AddressTestParse09(void)
2056{
2057 DetectAddress *dd = DetectAddressParseSingle("2001::1/128");
2058
2059 if (dd) {
2061 return 1;
2062 }
2063
2064 return 0;
2065}
2066
2067static int AddressTestParse10(void)
2068{
2069 int result = 1;
2070 DetectAddress *dd = DetectAddressParseSingle("2001::/128");
2071
2072 if (dd) {
2073 if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2074 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2075
2076 dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2077 dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) {
2079 result = 0;
2080 }
2081
2083 return result;
2084 }
2085
2086 return 0;
2087}
2088
2089static int AddressTestParse11(void)
2090{
2091 DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2092
2093 if (dd) {
2095 return 1;
2096 }
2097
2098 return 0;
2099}
2100
2101static int AddressTestParse12(void)
2102{
2103 int result = 1;
2104 DetectAddress *dd = DetectAddressParseSingle("2001::/48");
2105
2106 if (dd) {
2107 if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2108 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2109
2110 dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != SCNtohl(65535) ||
2111 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2113 result = 0;
2114 }
2115
2117 return result;
2118 }
2119
2120 return 0;
2121}
2122static int AddressTestParse13(void)
2123{
2124 DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2125
2126 if (dd) {
2128 return 1;
2129 }
2130
2131 return 0;
2132}
2133
2134static int AddressTestParse14(void)
2135{
2136 int result = 1;
2137 DetectAddress *dd = DetectAddressParseSingle("2001::/16");
2138
2139 if (dd) {
2140 if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2141 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2142
2143 dd->ip2.addr_data32[0] != SCNtohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2144 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2145 result = 0;
2146 }
2147
2149 return result;
2150 }
2151
2152 return 0;
2153}
2154
2155static int AddressTestParse15(void)
2156{
2157 DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2158
2159 if (dd) {
2161 return 1;
2162 }
2163
2164 return 0;
2165}
2166
2167static int AddressTestParse16(void)
2168{
2169 int result = 1;
2170 DetectAddress *dd = DetectAddressParseSingle("2001::/0");
2171
2172 if (dd) {
2173 if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2174 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2175
2176 dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2177 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2178 result = 0;
2179 }
2180
2182 return result;
2183 }
2184
2185 return 0;
2186}
2187
2188static int AddressTestParse17(void)
2189{
2190 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2191
2192 if (dd) {
2194 return 1;
2195 }
2196
2197 return 0;
2198}
2199
2200static int AddressTestParse18(void)
2201{
2202 int result = 1;
2203 DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6");
2204
2205 if (dd) {
2206 if (dd->ip2.addr_data32[0] != SCNtohl(16909062) ||
2207 dd->ip.addr_data32[0] != SCNtohl(16909060)) {
2208 result = 0;
2209 }
2210
2212 return result;
2213 }
2214
2215 return 0;
2216}
2217
2218static int AddressTestParse19(void)
2219{
2220 DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4");
2221
2222 if (dd) {
2224 return 0;
2225 }
2226
2227 return 1;
2228}
2229
2230static int AddressTestParse20(void)
2231{
2232 DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2233
2234 if (dd) {
2236 return 1;
2237 }
2238
2239 return 0;
2240}
2241
2242static int AddressTestParse21(void)
2243{
2244 int result = 1;
2245 DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4");
2246
2247 if (dd) {
2248 if (dd->ip.addr_data32[0] != SCNtohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 ||
2249 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != SCNtohl(1) ||
2250
2251 dd->ip2.addr_data32[0] != SCNtohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 ||
2252 dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != SCNtohl(4)) {
2253 result = 0;
2254 }
2255
2257 return result;
2258 }
2259
2260 return 0;
2261}
2262
2263static int AddressTestParse22(void)
2264{
2265 DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1");
2266
2267 if (dd) {
2269 return 0;
2270 }
2271
2272 return 1;
2273}
2274
2275static int AddressTestParse23(void)
2276{
2277 DetectAddressHead *gh = DetectAddressHeadInit();
2278 FAIL_IF_NULL(gh);
2279 int r = DetectAddressParse(NULL, gh, "any");
2280 FAIL_IF_NOT(r == 0);
2281 DetectAddressHeadFree(gh);
2282 PASS;
2283}
2284
2285static int AddressTestParse24(void)
2286{
2287 DetectAddressHead *gh = DetectAddressHeadInit();
2288 FAIL_IF_NULL(gh);
2289 int r = DetectAddressParse(NULL, gh, "Any");
2290 FAIL_IF_NOT(r == 0);
2291 DetectAddressHeadFree(gh);
2292 PASS;
2293}
2294
2295static int AddressTestParse25(void)
2296{
2297 DetectAddressHead *gh = DetectAddressHeadInit();
2298 FAIL_IF_NULL(gh);
2299 int r = DetectAddressParse(NULL, gh, "ANY");
2300 FAIL_IF_NOT(r == 0);
2301 DetectAddressHeadFree(gh);
2302 PASS;
2303}
2304
2305/** \test recursion limit */
2306static int AddressTestParse26(void)
2307{
2308 DetectAddressHead *gh = DetectAddressHeadInit();
2309 FAIL_IF_NULL(gh);
2310 /* exactly 64: should pass */
2311 int r = DetectAddressParse(NULL, gh,
2312 "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2313 "1.2.3.4"
2314 "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2315 );
2316 FAIL_IF_NOT(r == 0);
2317 DetectAddressHeadFree(gh);
2318 gh = DetectAddressHeadInit();
2319 FAIL_IF_NULL(gh);
2320 /* exactly 65: should fail */
2321 r = DetectAddressParse(NULL, gh,
2322 "[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
2323 "1.2.3.4"
2324 "]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
2325 );
2326 FAIL_IF(r == 0);
2327 DetectAddressHeadFree(gh);
2328 PASS;
2329}
2330
2331static int AddressTestParse27(void)
2332{
2333 DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1");
2334
2335 if (dd) {
2337 return 1;
2338 }
2339
2340 return 0;
2341}
2342
2343static int AddressTestParse28(void)
2344{
2345 int result = 0;
2346 DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4");
2347
2348 if (dd) {
2349 if (dd->flags & ADDRESS_FLAG_NOT &&
2350 dd->ip.addr_data32[0] == SCNtohl(16909060)) {
2351 result = 1;
2352 }
2353
2355 return result;
2356 }
2357
2358 return 0;
2359}
2360
2361static int AddressTestParse29(void)
2362{
2363 DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24");
2364
2365 if (dd) {
2367 return 1;
2368 }
2369
2370 return 0;
2371}
2372
2373static int AddressTestParse30(void)
2374{
2375 int result = 0;
2376 DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24");
2377
2378 if (dd) {
2379 if (dd->flags & ADDRESS_FLAG_NOT &&
2380 dd->ip.addr_data32[0] == SCNtohl(16909056) &&
2381 dd->ip2.addr_data32[0] == SCNtohl(16909311)) {
2382 result = 1;
2383 }
2384
2386 return result;
2387 }
2388
2389 return 0;
2390}
2391
2392/**
2393 * \test make sure !any is rejected
2394 */
2395static int AddressTestParse31(void)
2396{
2397 DetectAddress *dd = DetectAddressParseSingle("!any");
2398
2399 if (dd) {
2401 return 0;
2402 }
2403
2404 return 1;
2405}
2406
2407static int AddressTestParse32(void)
2408{
2409 DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2410
2411 if (dd) {
2413 return 1;
2414 }
2415
2416 return 0;
2417}
2418
2419static int AddressTestParse33(void)
2420{
2421 int result = 0;
2422 DetectAddress *dd = DetectAddressParseSingle("!2001::1");
2423
2424 if (dd) {
2425 if (dd->flags & ADDRESS_FLAG_NOT &&
2426 dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2427 dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == SCNtohl(1)) {
2428 result = 1;
2429 }
2430
2432 return result;
2433 }
2434
2435 return 0;
2436}
2437
2438static int AddressTestParse34(void)
2439{
2440 DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2441
2442 if (dd) {
2444 return 1;
2445 }
2446
2447 return 0;
2448}
2449
2450static int AddressTestParse35(void)
2451{
2452 int result = 0;
2453 DetectAddress *dd = DetectAddressParseSingle("!2001::/16");
2454
2455 if (dd) {
2456 if (dd->flags & ADDRESS_FLAG_NOT &&
2457 dd->ip.addr_data32[0] == SCNtohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 &&
2458 dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 &&
2459
2460 dd->ip2.addr_data32[0] == SCNtohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF &&
2461 dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) {
2462 result = 1;
2463 }
2464
2466 return result;
2467 }
2468
2469 return 0;
2470}
2471
2472static int AddressTestParse36(void)
2473{
2474 int result = 1;
2475 DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
2476
2477 if (dd) {
2478 if (dd->ip.addr_data32[0] != SCNtohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 ||
2479 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2480
2481 dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2482 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2483
2485 result = 0;
2486 }
2488
2490 return result;
2491 }
2492
2493 return 0;
2494}
2495
2496static int AddressTestParse37(void)
2497{
2498 int result = 1;
2499 DetectAddress *dd = DetectAddressParseSingle("::/0");
2500
2501 if (dd) {
2502 if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
2503 dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
2504
2505 dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
2506 dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
2508 result = 0;
2509 }
2511
2513 return result;
2514 }
2515
2516 return 0;
2517}
2518
2519static int AddressTestMatch01(void)
2520{
2521 DetectAddress *dd = NULL;
2522 int result = 1;
2523 struct in_addr in;
2524 Address a;
2525
2526 if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2527 return 0;
2528 memset(&a, 0, sizeof(Address));
2529 a.family = AF_INET;
2530 a.addr_data32[0] = in.s_addr;
2531
2532 dd = DetectAddressParseSingle("1.2.3.4/24");
2533 if (dd) {
2534 if (DetectAddressMatch(dd, &a) == 0)
2535 result = 0;
2536
2538 return result;
2539 }
2540
2541 return 0;
2542}
2543
2544static int AddressTestMatch02(void)
2545{
2546 DetectAddress *dd = NULL;
2547 int result = 1;
2548 struct in_addr in;
2549 Address a;
2550
2551 if (inet_pton(AF_INET, "1.2.3.127", &in) != 1)
2552 return 0;
2553 memset(&a, 0, sizeof(Address));
2554 a.family = AF_INET;
2555 a.addr_data32[0] = in.s_addr;
2556
2557 dd = DetectAddressParseSingle("1.2.3.4/25");
2558 if (dd) {
2559 if (DetectAddressMatch(dd, &a) == 0)
2560 result = 0;
2561
2563 return result;
2564 }
2565
2566 return 0;
2567}
2568
2569static int AddressTestMatch03(void)
2570{
2571 DetectAddress *dd = NULL;
2572 int result = 1;
2573 struct in_addr in;
2574 Address a;
2575
2576 if (inet_pton(AF_INET, "1.2.3.128", &in) != 1)
2577 return 0;
2578 memset(&a, 0, sizeof(Address));
2579 a.family = AF_INET;
2580 a.addr_data32[0] = in.s_addr;
2581
2582 dd = DetectAddressParseSingle("1.2.3.4/25");
2583 if (dd) {
2584 if (DetectAddressMatch(dd, &a) == 1)
2585 result = 0;
2586
2588 return result;
2589 }
2590
2591 return 0;
2592}
2593
2594static int AddressTestMatch04(void)
2595{
2596 DetectAddress *dd = NULL;
2597 int result = 1;
2598 struct in_addr in;
2599 Address a;
2600
2601 if (inet_pton(AF_INET, "1.2.2.255", &in) != 1)
2602 return 0;
2603 memset(&a, 0, sizeof(Address));
2604 a.family = AF_INET;
2605 a.addr_data32[0] = in.s_addr;
2606
2607 dd = DetectAddressParseSingle("1.2.3.4/25");
2608 if (dd) {
2609 if (DetectAddressMatch(dd, &a) == 1)
2610 result = 0;
2611
2613 return result;
2614 }
2615
2616 return 0;
2617}
2618
2619static int AddressTestMatch05(void)
2620{
2621 DetectAddress *dd = NULL;
2622 int result = 1;
2623 struct in_addr in;
2624 Address a;
2625
2626 if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2627 return 0;
2628 memset(&a, 0, sizeof(Address));
2629 a.family = AF_INET;
2630 a.addr_data32[0] = in.s_addr;
2631
2632 dd = DetectAddressParseSingle("1.2.3.4/32");
2633 if (dd) {
2634 if (DetectAddressMatch(dd, &a) == 0)
2635 result = 0;
2636
2638 return result;
2639 }
2640
2641 return 0;
2642}
2643
2644static int AddressTestMatch06(void)
2645{
2646 DetectAddress *dd = NULL;
2647 int result = 1;
2648 struct in_addr in;
2649 Address a;
2650
2651 if (inet_pton(AF_INET, "1.2.3.4", &in) != 1)
2652 return 0;
2653 memset(&a, 0, sizeof(Address));
2654 a.family = AF_INET;
2655 a.addr_data32[0] = in.s_addr;
2656
2657 dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0");
2658 if (dd) {
2659 if (DetectAddressMatch(dd, &a) == 0)
2660 result = 0;
2661
2663 return result;
2664 }
2665
2666 return 0;
2667}
2668
2669static int AddressTestMatch07(void)
2670{
2671 DetectAddress *dd = NULL;
2672 int result = 1;
2673 struct in6_addr in6;
2674 Address a;
2675
2676 if (inet_pton(AF_INET6, "2001::1", &in6) != 1)
2677 return 0;
2678 memset(&a, 0, sizeof(Address));
2679 a.family = AF_INET6;
2680 memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2681
2682 dd = DetectAddressParseSingle("2001::/3");
2683 if (dd) {
2684 if (DetectAddressMatch(dd, &a) == 0)
2685 result = 0;
2686
2688 return result;
2689 }
2690
2691 return 0;
2692}
2693
2694static int AddressTestMatch08(void)
2695{
2696 DetectAddress *dd = NULL;
2697 int result = 1;
2698 struct in6_addr in6;
2699 Address a;
2700
2701 if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1)
2702 return 0;
2703 memset(&a, 0, sizeof(Address));
2704 a.family = AF_INET6;
2705 memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2706
2707 dd = DetectAddressParseSingle("2001::/3");
2708 if (dd) {
2709 if (DetectAddressMatch(dd, &a) == 1)
2710 result = 0;
2711
2713 return result;
2714 }
2715
2716 return 0;
2717}
2718
2719static int AddressTestMatch09(void)
2720{
2721 DetectAddress *dd = NULL;
2722 int result = 1;
2723 struct in6_addr in6;
2724 Address a;
2725
2726 if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2727 return 0;
2728 memset(&a, 0, sizeof(Address));
2729 a.family = AF_INET6;
2730 memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2731
2732 dd = DetectAddressParseSingle("2001::1/128");
2733 if (dd) {
2734 if (DetectAddressMatch(dd, &a) == 1)
2735 result = 0;
2736
2738 return result;
2739 }
2740
2741 return 0;
2742}
2743
2744static int AddressTestMatch10(void)
2745{
2746 DetectAddress *dd = NULL;
2747 int result = 1;
2748 struct in6_addr in6;
2749 Address a;
2750
2751 if (inet_pton(AF_INET6, "2001::2", &in6) != 1)
2752 return 0;
2753 memset(&a, 0, sizeof(Address));
2754 a.family = AF_INET6;
2755 memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2756
2757 dd = DetectAddressParseSingle("2001::1/126");
2758 if (dd) {
2759 if (DetectAddressMatch(dd, &a) == 0)
2760 result = 0;
2761
2763 return result;
2764 }
2765
2766 return 0;
2767}
2768
2769static int AddressTestMatch11(void)
2770{
2771 DetectAddress *dd = NULL;
2772 int result = 1;
2773 struct in6_addr in6;
2774 Address a;
2775
2776 if (inet_pton(AF_INET6, "2001::3", &in6) != 1)
2777 return 0;
2778 memset(&a, 0, sizeof(Address));
2779 a.family = AF_INET6;
2780 memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr));
2781
2782 dd = DetectAddressParseSingle("2001::1/127");
2783 if (dd) {
2784 if (DetectAddressMatch(dd, &a) == 1)
2785 result = 0;
2786
2788 return result;
2789 }
2790
2791 return 0;
2792}
2793
2794static int AddressTestCmp01(void)
2795{
2796 DetectAddress *da = NULL, *db = NULL;
2797 int result = 1;
2798
2799 da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2800 if (da == NULL) goto error;
2801 db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2802 if (db == NULL) goto error;
2803
2804 if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2805 result = 0;
2806
2809 return result;
2810
2811error:
2812 if (da) DetectAddressFree(da);
2813 if (db) DetectAddressFree(db);
2814 return 0;
2815}
2816
2817static int AddressTestCmp02(void)
2818{
2819 DetectAddress *da = NULL, *db = NULL;
2820 int result = 1;
2821
2822 da = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2823 if (da == NULL) goto error;
2824 db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2825 if (db == NULL) goto error;
2826
2827 if (DetectAddressCmp(da, db) != ADDRESS_EB)
2828 result = 0;
2829
2832 return result;
2833
2834error:
2835 if (da) DetectAddressFree(da);
2836 if (db) DetectAddressFree(db);
2837 return 0;
2838}
2839
2840static int AddressTestCmp03(void)
2841{
2842 DetectAddress *da = NULL, *db = NULL;
2843 int result = 1;
2844
2845 da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2846 if (da == NULL) goto error;
2847 db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2848 if (db == NULL) goto error;
2849
2850 if (DetectAddressCmp(da, db) != ADDRESS_ES)
2851 result = 0;
2852
2855 return result;
2856
2857error:
2858 if (da) DetectAddressFree(da);
2859 if (db) DetectAddressFree(db);
2860 return 0;
2861}
2862
2863static int AddressTestCmp04(void)
2864{
2865 DetectAddress *da = NULL, *db = NULL;
2866 int result = 1;
2867
2868 da = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2869 if (da == NULL) goto error;
2870 db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2871 if (db == NULL) goto error;
2872
2873 if (DetectAddressCmp(da, db) != ADDRESS_LT)
2874 result = 0;
2875
2878 return result;
2879
2880error:
2881 if (da) DetectAddressFree(da);
2882 if (db) DetectAddressFree(db);
2883 return 0;
2884}
2885
2886static int AddressTestCmp05(void)
2887{
2888 DetectAddress *da = NULL, *db = NULL;
2889 int result = 1;
2890
2891 da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2892 if (da == NULL) goto error;
2893 db = DetectAddressParseSingle("192.168.0.0/255.255.255.0");
2894 if (db == NULL) goto error;
2895
2896 if (DetectAddressCmp(da, db) != ADDRESS_GT)
2897 result = 0;
2898
2901 return result;
2902
2903error:
2904 if (da) DetectAddressFree(da);
2905 if (db) DetectAddressFree(db);
2906 return 0;
2907}
2908
2909static int AddressTestCmp06(void)
2910{
2911 DetectAddress *da = NULL, *db = NULL;
2912 int result = 1;
2913
2914 da = DetectAddressParseSingle("192.168.1.0/255.255.0.0");
2915 if (da == NULL) goto error;
2916 db = DetectAddressParseSingle("192.168.0.0/255.255.0.0");
2917 if (db == NULL) goto error;
2918
2919 if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2920 result = 0;
2921
2924 return result;
2925
2926error:
2927 if (da) DetectAddressFree(da);
2928 if (db) DetectAddressFree(db);
2929 return 0;
2930}
2931
2932static int AddressTestCmpIPv407(void)
2933{
2934 DetectAddress *da = NULL, *db = NULL;
2935 int result = 1;
2936
2937 da = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2938 if (da == NULL) goto error;
2939 db = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2940 if (db == NULL) goto error;
2941
2942 if (DetectAddressCmp(da, db) != ADDRESS_LE)
2943 result = 0;
2944
2947 return result;
2948
2949error:
2950 if (da) DetectAddressFree(da);
2951 if (db) DetectAddressFree(db);
2952 return 0;
2953}
2954
2955static int AddressTestCmpIPv408(void)
2956{
2957 DetectAddress *da = NULL, *db = NULL;
2958 int result = 1;
2959
2960 da = DetectAddressParseSingle("192.168.1.128-192.168.2.128");
2961 if (da == NULL) goto error;
2962 db = DetectAddressParseSingle("192.168.1.0/255.255.255.0");
2963 if (db == NULL) goto error;
2964
2965 if (DetectAddressCmp(da, db) != ADDRESS_GE)
2966 result = 0;
2967
2970 return result;
2971
2972error:
2973 if (da) DetectAddressFree(da);
2974 if (db) DetectAddressFree(db);
2975 return 0;
2976}
2977
2978static int AddressTestCmp07(void)
2979{
2980 DetectAddress *da = NULL, *db = NULL;
2981 int result = 1;
2982
2983 da = DetectAddressParseSingle("2001::/3");
2984 if (da == NULL) goto error;
2985 db = DetectAddressParseSingle("2001::1/3");
2986 if (db == NULL) goto error;
2987
2988 if (DetectAddressCmp(da, db) != ADDRESS_EQ)
2989 result = 0;
2990
2993 return result;
2994
2995error:
2996 if (da) DetectAddressFree(da);
2997 if (db) DetectAddressFree(db);
2998 return 0;
2999}
3000
3001static int AddressTestCmp08(void)
3002{
3003 DetectAddress *da = NULL, *db = NULL;
3004 int result = 1;
3005
3006 da = DetectAddressParseSingle("2001::/3");
3007 if (da == NULL) goto error;
3008 db = DetectAddressParseSingle("2001::/8");
3009 if (db == NULL) goto error;
3010
3011 if (DetectAddressCmp(da, db) != ADDRESS_EB)
3012 result = 0;
3013
3016 return result;
3017
3018error:
3019 if (da) DetectAddressFree(da);
3020 if (db) DetectAddressFree(db);
3021 return 0;
3022}
3023
3024static int AddressTestCmp09(void)
3025{
3026 DetectAddress *da = NULL, *db = NULL;
3027 int result = 1;
3028
3029 da = DetectAddressParseSingle("2001::/8");
3030 if (da == NULL) goto error;
3031 db = DetectAddressParseSingle("2001::/3");
3032 if (db == NULL) goto error;
3033
3034 if (DetectAddressCmp(da, db) != ADDRESS_ES)
3035 result = 0;
3036
3039 return result;
3040
3041error:
3042 if (da) DetectAddressFree(da);
3043 if (db) DetectAddressFree(db);
3044 return 0;
3045}
3046
3047static int AddressTestCmp10(void)
3048{
3049 DetectAddress *da = NULL, *db = NULL;
3050 int result = 1;
3051
3052 da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3053 if (da == NULL) goto error;
3054 db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3055 if (db == NULL) goto error;
3056
3057 if (DetectAddressCmp(da, db) != ADDRESS_LT)
3058 result = 0;
3059
3062 return result;
3063
3064error:
3065 if (da) DetectAddressFree(da);
3066 if (db) DetectAddressFree(db);
3067 return 0;
3068}
3069
3070static int AddressTestCmp11(void)
3071{
3072 DetectAddress *da = NULL, *db = NULL;
3073 int result = 1;
3074
3075 da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64");
3076 if (da == NULL) goto error;
3077 db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64");
3078 if (db == NULL) goto error;
3079
3080 if (DetectAddressCmp(da, db) != ADDRESS_GT)
3081 result = 0;
3082
3085 return result;
3086
3087error:
3088 if (da) DetectAddressFree(da);
3089 if (db) DetectAddressFree(db);
3090 return 0;
3091}
3092
3093static int AddressTestCmp12(void)
3094{
3095 DetectAddress *da = NULL, *db = NULL;
3096 int result = 1;
3097
3098 da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64");
3099 if (da == NULL) goto error;
3100 db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64");
3101 if (db == NULL) goto error;
3102
3103 if (DetectAddressCmp(da, db) != ADDRESS_EQ)
3104 result = 0;
3105
3108 return result;
3109
3110error:
3111 if (da) DetectAddressFree(da);
3112 if (db) DetectAddressFree(db);
3113 return 0;
3114}
3115
3116static int AddressTestAddressGroupSetup01(void)
3117{
3118 int result = 0;
3119 DetectAddressHead *gh = DetectAddressHeadInit();
3120
3121 if (gh != NULL) {
3122 int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3123 if (r == 0)
3124 result = 1;
3125
3126 DetectAddressHeadFree(gh);
3127 }
3128 return result;
3129}
3130
3131static int AddressTestAddressGroupSetup02(void)
3132{
3133 int result = 0;
3134 DetectAddressHead *gh = DetectAddressHeadInit();
3135
3136 if (gh != NULL) {
3137 int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3138 if (r == 0 && gh->ipv4_head != NULL)
3139 result = 1;
3140
3141 DetectAddressHeadFree(gh);
3142 }
3143 return result;
3144}
3145
3146static int AddressTestAddressGroupSetup03(void)
3147{
3148 int result = 0;
3149 DetectAddressHead *gh = DetectAddressHeadInit();
3150
3151 if (gh != NULL) {
3152 int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3153 if (r == 0 && gh->ipv4_head != NULL) {
3154 DetectAddress *prev_head = gh->ipv4_head;
3155
3156 r = DetectAddressParse(NULL, gh, "1.2.3.3");
3157 if (r == 0 && gh->ipv4_head != prev_head &&
3158 gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3159 result = 1;
3160 }
3161 }
3162
3163 DetectAddressHeadFree(gh);
3164 }
3165 return result;
3166}
3167
3168static int AddressTestAddressGroupSetup04(void)
3169{
3170 int result = 0;
3171 DetectAddressHead *gh = DetectAddressHeadInit();
3172
3173 if (gh != NULL) {
3174 int r = DetectAddressParse(NULL, gh, "1.2.3.4");
3175 if (r == 0 && gh->ipv4_head != NULL) {
3176 DetectAddress *prev_head = gh->ipv4_head;
3177
3178 r = DetectAddressParse(NULL, gh, "1.2.3.3");
3179 if (r == 0 && gh->ipv4_head != prev_head &&
3180 gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) {
3181 DetectAddress *ph = gh->ipv4_head;
3182
3183 r = DetectAddressParse(NULL, gh, "1.2.3.2");
3184 if (r == 0 && gh->ipv4_head != ph &&
3185 gh->ipv4_head != NULL && gh->ipv4_head->next == ph) {
3186 result = 1;
3187 }
3188 }
3189 }
3190
3191 DetectAddressHeadFree(gh);
3192 }
3193 return result;
3194}
3195
3196static int AddressTestAddressGroupSetup05(void)
3197{
3198 int result = 0;
3199 DetectAddressHead *gh = DetectAddressHeadInit();
3200
3201 if (gh != NULL) {
3202 int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3203 if (r == 0 && gh->ipv4_head != NULL) {
3204 DetectAddress *prev_head = gh->ipv4_head;
3205
3206 r = DetectAddressParse(NULL, gh, "1.2.3.3");
3207 if (r == 0 && gh->ipv4_head == prev_head &&
3208 gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) {
3209 DetectAddress *ph = gh->ipv4_head;
3210
3211 r = DetectAddressParse(NULL, gh, "1.2.3.4");
3212 if (r == 0 && gh->ipv4_head == ph &&
3213 gh->ipv4_head != NULL && gh->ipv4_head->next != ph) {
3214 result = 1;
3215 }
3216 }
3217 }
3218
3219 DetectAddressHeadFree(gh);
3220 }
3221 return result;
3222}
3223
3224static int AddressTestAddressGroupSetup06(void)
3225{
3226 int result = 0;
3227 DetectAddressHead *gh = DetectAddressHeadInit();
3228
3229 if (gh != NULL) {
3230 int r = DetectAddressParse(NULL, gh, "1.2.3.2");
3231 if (r == 0 && gh->ipv4_head != NULL) {
3232 DetectAddress *prev_head = gh->ipv4_head;
3233
3234 r = DetectAddressParse(NULL, gh, "1.2.3.2");
3235 if (r == 0 && gh->ipv4_head == prev_head &&
3236 gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) {
3237 result = 1;
3238 }
3239 }
3240
3241 DetectAddressHeadFree(gh);
3242 }
3243 return result;
3244}
3245
3246static int AddressTestAddressGroupSetup07(void)
3247{
3248 int result = 0;
3249 DetectAddressHead *gh = DetectAddressHeadInit();
3250
3251 if (gh != NULL) {
3252 int r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3253 if (r == 0 && gh->ipv4_head != NULL) {
3254 r = DetectAddressParse(NULL, gh, "10.10.10.10");
3255 if (r == 0 && gh->ipv4_head != NULL &&
3256 gh->ipv4_head->next != NULL &&
3257 gh->ipv4_head->next->next != NULL) {
3258 result = 1;
3259 }
3260 }
3261
3262 DetectAddressHeadFree(gh);
3263 }
3264 return result;
3265}
3266
3267static int AddressTestAddressGroupSetup08(void)
3268{
3269 int result = 0;
3270 DetectAddressHead *gh = DetectAddressHeadInit();
3271
3272 if (gh != NULL) {
3273 int r = DetectAddressParse(NULL, gh, "10.10.10.10");
3274 if (r == 0 && gh->ipv4_head != NULL) {
3275 r = DetectAddressParse(NULL, gh, "10.0.0.0/8");
3276 if (r == 0 && gh->ipv4_head != NULL &&
3277 gh->ipv4_head->next != NULL &&
3278 gh->ipv4_head->next->next != NULL) {
3279 result = 1;
3280 }
3281 }
3282
3283 DetectAddressHeadFree(gh);
3284 }
3285 return result;
3286}
3287
3288static int AddressTestAddressGroupSetup09(void)
3289{
3290 int result = 0;
3291 DetectAddressHead *gh = DetectAddressHeadInit();
3292
3293 if (gh != NULL) {
3294 int r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3295 if (r == 0 && gh->ipv4_head != NULL) {
3296 r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3297 if (r == 0 && gh->ipv4_head != NULL &&
3298 gh->ipv4_head->next != NULL &&
3299 gh->ipv4_head->next->next != NULL) {
3300 result = 1;
3301 }
3302 }
3303
3304 DetectAddressHeadFree(gh);
3305 }
3306 return result;
3307}
3308
3309static int AddressTestAddressGroupSetup10(void)
3310{
3311 int result = 0;
3312 DetectAddressHead *gh = DetectAddressHeadInit();
3313
3314 if (gh != NULL) {
3315 int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3316 if (r == 0 && gh->ipv4_head != NULL) {
3317 r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3318 if (r == 0 && gh->ipv4_head != NULL &&
3319 gh->ipv4_head->next != NULL &&
3320 gh->ipv4_head->next->next != NULL) {
3321 result = 1;
3322 }
3323 }
3324
3325 DetectAddressHeadFree(gh);
3326 }
3327 return result;
3328}
3329
3330static int AddressTestAddressGroupSetup11(void)
3331{
3332 int result = 0;
3333 DetectAddressHead *gh = DetectAddressHeadInit();
3334
3335 if (gh != NULL) {
3336 int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3337 if (r == 0) {
3338 r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3339 if (r == 0) {
3340 r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3341 if (r == 0) {
3342 DetectAddress *one = gh->ipv4_head, *two = one->next,
3343 *three = two->next, *four = three->next,
3344 *five = four->next;
3345
3346 /* result should be:
3347 * 0.0.0.0/10.10.9.255
3348 * 10.10.10.0/10.10.10.9
3349 * 10.10.10.10/10.10.10.255
3350 * 10.10.11.0/10.10.11.1
3351 * 10.10.11.2/255.255.255.255
3352 */
3353 if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3354 two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3355 three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3356 four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3357 five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3358 result = 1;
3359 }
3360 }
3361 }
3362 }
3363
3364 DetectAddressHeadFree(gh);
3365 }
3366 return result;
3367}
3368
3369static int AddressTestAddressGroupSetup12 (void)
3370{
3371 int result = 0;
3372 DetectAddressHead *gh = DetectAddressHeadInit();
3373
3374 if (gh != NULL) {
3375 int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3376 if (r == 0) {
3377 r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3378 if (r == 0) {
3379 r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3380 if (r == 0) {
3381 DetectAddress *one = gh->ipv4_head, *two = one->next,
3382 *three = two->next, *four = three->next,
3383 *five = four->next;
3384
3385 /* result should be:
3386 * 0.0.0.0/10.10.9.255
3387 * 10.10.10.0/10.10.10.9
3388 * 10.10.10.10/10.10.10.255
3389 * 10.10.11.0/10.10.11.1
3390 * 10.10.11.2/255.255.255.255
3391 */
3392 if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3393 two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3394 three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3395 four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3396 five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3397 result = 1;
3398 }
3399 }
3400 }
3401 }
3402
3403 DetectAddressHeadFree(gh);
3404 }
3405 return result;
3406}
3407
3408static int AddressTestAddressGroupSetup13(void)
3409{
3410 int result = 0;
3411 DetectAddressHead *gh = DetectAddressHeadInit();
3412
3413 if (gh != NULL) {
3414 int r = DetectAddressParse(NULL, gh, "0.0.0.0/0");
3415 if (r == 0) {
3416 r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1");
3417 if (r == 0) {
3418 r = DetectAddressParse(NULL, gh, "10.10.10.0/24");
3419 if (r == 0) {
3420 DetectAddress *one = gh->ipv4_head, *two = one->next,
3421 *three = two->next, *four = three->next,
3422 *five = four->next;
3423
3424 /* result should be:
3425 * 0.0.0.0/10.10.9.255
3426 * 10.10.10.0/10.10.10.9
3427 * 10.10.10.10/10.10.10.255
3428 * 10.10.11.0/10.10.11.1
3429 * 10.10.11.2/255.255.255.255
3430 */
3431 if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == SCNtohl(168430079) &&
3432 two->ip.addr_data32[0] == SCNtohl(168430080) && two->ip2.addr_data32[0] == SCNtohl(168430089) &&
3433 three->ip.addr_data32[0] == SCNtohl(168430090) && three->ip2.addr_data32[0] == SCNtohl(168430335) &&
3434 four->ip.addr_data32[0] == SCNtohl(168430336) && four->ip2.addr_data32[0] == SCNtohl(168430337) &&
3435 five->ip.addr_data32[0] == SCNtohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) {
3436 result = 1;
3437 }
3438 }
3439 }
3440 }
3441
3442 DetectAddressHeadFree(gh);
3443 }
3444 return result;
3445}
3446
3447static int AddressTestAddressGroupSetupIPv414(void)
3448{
3449 DetectAddressHead *gh = DetectAddressHeadInit();
3450 FAIL_IF_NULL(gh);
3451
3452 int r = DetectAddressParse(NULL, gh, "!1.2.3.4");
3453 FAIL_IF_NOT(r == 1);
3454
3455 DetectAddress *one = gh->ipv4_head;
3456 FAIL_IF_NULL(one);
3457 DetectAddress *two = one->next;
3458 FAIL_IF_NULL(two);
3459
3460 /* result should be:
3461 * 0.0.0.0/1.2.3.3
3462 * 1.2.3.5/255.255.255.255
3463 */
3464 FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3465 FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(16909059));
3466 FAIL_IF_NOT(two->ip.addr_data32[0] == SCNtohl(16909061));
3467 FAIL_IF_NOT(two->ip2.addr_data32[0] == 0xFFFFFFFF);
3468 DetectAddressHeadFree(gh);
3469
3470 PASS;
3471}
3472
3473static int AddressTestAddressGroupSetupIPv415(void)
3474{
3475 DetectAddressHead *gh = DetectAddressHeadInit();
3476 FAIL_IF_NULL(gh);
3477
3478 int r = DetectAddressParse(NULL, gh, "!0.0.0.0");
3479 FAIL_IF_NOT(r == 1);
3480
3481 DetectAddress *one = gh->ipv4_head;
3482 FAIL_IF_NULL(one);
3483 FAIL_IF_NOT_NULL(one->next);
3484
3485 /* result should be:
3486 * 0.0.0.1/255.255.255.255
3487 */
3488 FAIL_IF_NOT(one->ip.addr_data32[0] == SCNtohl(1));
3489 FAIL_IF_NOT(one->ip2.addr_data32[0] == 0xFFFFFFFF);
3490
3491 DetectAddressHeadFree(gh);
3492 PASS;
3493}
3494
3495static int AddressTestAddressGroupSetupIPv416(void)
3496{
3497 DetectAddressHead *gh = DetectAddressHeadInit();
3498 FAIL_IF_NULL(gh);
3499
3500 int r = DetectAddressParse(NULL, gh, "!255.255.255.255");
3501 FAIL_IF_NOT(r == 1);
3502
3503 DetectAddress *one = gh->ipv4_head;
3504 FAIL_IF_NULL(one);
3505 FAIL_IF_NOT_NULL(one->next);
3506
3507 /* result should be:
3508 * 0.0.0.0/255.255.255.254
3509 */
3510 FAIL_IF_NOT(one->ip.addr_data32[0] == 0x00000000);
3511 FAIL_IF_NOT(one->ip2.addr_data32[0] == SCNtohl(4294967294));
3512
3513 DetectAddressHeadFree(gh);
3514 PASS;
3515}
3516
3517static int AddressTestAddressGroupSetup14(void)
3518{
3519 int result = 0;
3520 DetectAddressHead *gh = DetectAddressHeadInit();
3521
3522 if (gh != NULL) {
3523 int r = DetectAddressParse(NULL, gh, "2001::1");
3524 if (r == 0)
3525 result = 1;
3526
3527 DetectAddressHeadFree(gh);
3528 }
3529 return result;
3530}
3531
3532static int AddressTestAddressGroupSetup15(void)
3533{
3534 int result = 0;
3535 DetectAddressHead *gh = DetectAddressHeadInit();
3536
3537 if (gh != NULL) {
3538 int r = DetectAddressParse(NULL, gh, "2001::1");
3539 if (r == 0 && gh->ipv6_head != NULL)
3540 result = 1;
3541
3542 DetectAddressHeadFree(gh);
3543 }
3544 return result;
3545}
3546
3547static int AddressTestAddressGroupSetup16(void)
3548{
3549 int result = 0;
3550 DetectAddressHead *gh = DetectAddressHeadInit();
3551
3552 if (gh != NULL) {
3553 int r = DetectAddressParse(NULL, gh, "2001::4");
3554 if (r == 0 && gh->ipv6_head != NULL) {
3555 DetectAddress *prev_head = gh->ipv6_head;
3556
3557 r = DetectAddressParse(NULL, gh, "2001::3");
3558 if (r == 0 && gh->ipv6_head != prev_head &&
3559 gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3560 result = 1;
3561 }
3562 }
3563
3564 DetectAddressHeadFree(gh);
3565 }
3566 return result;
3567}
3568
3569static int AddressTestAddressGroupSetup17(void)
3570{
3571 int result = 0;
3572 DetectAddressHead *gh = DetectAddressHeadInit();
3573
3574 if (gh != NULL) {
3575 int r = DetectAddressParse(NULL, gh, "2001::4");
3576 if (r == 0 && gh->ipv6_head != NULL) {
3577 DetectAddress *prev_head = gh->ipv6_head;
3578
3579 r = DetectAddressParse(NULL, gh, "2001::3");
3580 if (r == 0 && gh->ipv6_head != prev_head &&
3581 gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) {
3582 DetectAddress *ph = gh->ipv6_head;
3583
3584 r = DetectAddressParse(NULL, gh, "2001::2");
3585 if (r == 0 && gh->ipv6_head != ph &&
3586 gh->ipv6_head != NULL && gh->ipv6_head->next == ph) {
3587 result = 1;
3588 }
3589 }
3590 }
3591
3592 DetectAddressHeadFree(gh);
3593 }
3594 return result;
3595}
3596
3597static int AddressTestAddressGroupSetup18(void)
3598{
3599 int result = 0;
3600 DetectAddressHead *gh = DetectAddressHeadInit();
3601
3602 if (gh != NULL) {
3603 int r = DetectAddressParse(NULL, gh, "2001::2");
3604 if (r == 0 && gh->ipv6_head != NULL) {
3605 DetectAddress *prev_head = gh->ipv6_head;
3606
3607 r = DetectAddressParse(NULL, gh, "2001::3");
3608 if (r == 0 && gh->ipv6_head == prev_head &&
3609 gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) {
3610 DetectAddress *ph = gh->ipv6_head;
3611
3612 r = DetectAddressParse(NULL, gh, "2001::4");
3613 if (r == 0 && gh->ipv6_head == ph &&
3614 gh->ipv6_head != NULL && gh->ipv6_head->next != ph) {
3615 result = 1;
3616 }
3617 }
3618 }
3619
3620 DetectAddressHeadFree(gh);
3621 }
3622 return result;
3623}
3624
3625static int AddressTestAddressGroupSetup19(void)
3626{
3627 int result = 0;
3628 DetectAddressHead *gh = DetectAddressHeadInit();
3629
3630 if (gh != NULL) {
3631 int r = DetectAddressParse(NULL, gh, "2001::2");
3632 if (r == 0 && gh->ipv6_head != NULL) {
3633 DetectAddress *prev_head = gh->ipv6_head;
3634
3635 r = DetectAddressParse(NULL, gh, "2001::2");
3636 if (r == 0 && gh->ipv6_head == prev_head &&
3637 gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) {
3638 result = 1;
3639 }
3640 }
3641
3642 DetectAddressHeadFree(gh);
3643 }
3644 return result;
3645}
3646
3647static int AddressTestAddressGroupSetup20(void)
3648{
3649 int result = 0;
3650 DetectAddressHead *gh = DetectAddressHeadInit();
3651
3652 if (gh != NULL) {
3653 int r = DetectAddressParse(NULL, gh, "2000::/3");
3654 if (r == 0 && gh->ipv6_head != NULL) {
3655 r = DetectAddressParse(NULL, gh, "2001::4");
3656 if (r == 0 && gh->ipv6_head != NULL &&
3657 gh->ipv6_head->next != NULL &&
3658 gh->ipv6_head->next->next != NULL) {
3659 result = 1;
3660 }
3661 }
3662
3663 DetectAddressHeadFree(gh);
3664 }
3665 return result;
3666}
3667
3668static int AddressTestAddressGroupSetup21(void)
3669{
3670 int result = 0;
3671 DetectAddressHead *gh = DetectAddressHeadInit();
3672
3673 if (gh != NULL) {
3674 int r = DetectAddressParse(NULL, gh, "2001::4");
3675 if (r == 0 && gh->ipv6_head != NULL) {
3676 r = DetectAddressParse(NULL, gh, "2000::/3");
3677 if (r == 0 && gh->ipv6_head != NULL &&
3678 gh->ipv6_head->next != NULL &&
3679 gh->ipv6_head->next->next != NULL) {
3680 result = 1;
3681 }
3682 }
3683
3684 DetectAddressHeadFree(gh);
3685 }
3686 return result;
3687}
3688
3689static int AddressTestAddressGroupSetup22(void)
3690{
3691 int result = 0;
3692 DetectAddressHead *gh = DetectAddressHeadInit();
3693
3694 if (gh != NULL) {
3695 int r = DetectAddressParse(NULL, gh, "2000::/3");
3696 if (r == 0 && gh->ipv6_head != NULL) {
3697 r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3698 if (r == 0 && gh->ipv6_head != NULL &&
3699 gh->ipv6_head->next != NULL &&
3700 gh->ipv6_head->next->next != NULL) {
3701 result = 1;
3702 }
3703 }
3704
3705 DetectAddressHeadFree(gh);
3706 }
3707 return result;
3708}
3709
3710static int AddressTestAddressGroupSetup23(void)
3711{
3712 int result = 0;
3713 DetectAddressHead *gh = DetectAddressHeadInit();
3714
3715 if (gh != NULL) {
3716 int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3717 if (r == 0 && gh->ipv6_head != NULL) {
3718 r = DetectAddressParse(NULL, gh, "2000::/3");
3719 if (r == 0 && gh->ipv6_head != NULL &&
3720 gh->ipv6_head->next != NULL &&
3721 gh->ipv6_head->next->next != NULL) {
3722 result = 1;
3723 }
3724 }
3725
3726 DetectAddressHeadFree(gh);
3727 }
3728 return result;
3729}
3730
3731static int AddressTestAddressGroupSetup24(void)
3732{
3733 int result = 0;
3734 DetectAddressHead *gh = DetectAddressHeadInit();
3735
3736 if (gh != NULL) {
3737 int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3738 if (r == 0) {
3739 r = DetectAddressParse(NULL, gh, "2001::/3");
3740 if (r == 0) {
3741 r = DetectAddressParse(NULL, gh, "::/0");
3742 if (r == 0) {
3743 DetectAddress *one = gh->ipv6_head, *two = one->next,
3744 *three = two->next, *four = three->next,
3745 *five = four->next;
3746 if (one->ip.addr_data32[0] == 0x00000000 &&
3747 one->ip.addr_data32[1] == 0x00000000 &&
3748 one->ip.addr_data32[2] == 0x00000000 &&
3749 one->ip.addr_data32[3] == 0x00000000 &&
3750 one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3751 one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3752 one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3753 one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3754
3755 two->ip.addr_data32[0] == SCNtohl(536870912) &&
3756 two->ip.addr_data32[1] == 0x00000000 &&
3757 two->ip.addr_data32[2] == 0x00000000 &&
3758 two->ip.addr_data32[3] == 0x00000000 &&
3759 two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3760 two->ip2.addr_data32[1] == 0x00000000 &&
3761 two->ip2.addr_data32[2] == 0x00000000 &&
3762 two->ip2.addr_data32[3] == SCNtohl(3) &&
3763
3764 three->ip.addr_data32[0] == SCNtohl(536936448) &&
3765 three->ip.addr_data32[1] == 0x00000000 &&
3766 three->ip.addr_data32[2] == 0x00000000 &&
3767 three->ip.addr_data32[3] == SCNtohl(4) &&
3768 three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3769 three->ip2.addr_data32[1] == 0x00000000 &&
3770 three->ip2.addr_data32[2] == 0x00000000 &&
3771 three->ip2.addr_data32[3] == SCNtohl(6) &&
3772
3773 four->ip.addr_data32[0] == SCNtohl(536936448) &&
3774 four->ip.addr_data32[1] == 0x00000000 &&
3775 four->ip.addr_data32[2] == 0x00000000 &&
3776 four->ip.addr_data32[3] == SCNtohl(7) &&
3777 four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3778 four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3779 four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3780 four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3781
3782 five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3783 five->ip.addr_data32[1] == 0x00000000 &&
3784 five->ip.addr_data32[2] == 0x00000000 &&
3785 five->ip.addr_data32[3] == 0x00000000 &&
3786 five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3787 five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3788 five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3789 five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3790 result = 1;
3791 }
3792 }
3793 }
3794 }
3795
3796 DetectAddressHeadFree(gh);
3797 }
3798 return result;
3799}
3800
3801static int AddressTestAddressGroupSetup25(void)
3802{
3803 int result = 0;
3804 DetectAddressHead *gh = DetectAddressHeadInit();
3805
3806 if (gh != NULL) {
3807 int r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3808 if (r == 0) {
3809 r = DetectAddressParse(NULL, gh, "::/0");
3810 if (r == 0) {
3811 r = DetectAddressParse(NULL, gh, "2001::/3");
3812 if (r == 0) {
3813 DetectAddress *one = gh->ipv6_head, *two = one->next,
3814 *three = two->next, *four = three->next,
3815 *five = four->next;
3816 if (one->ip.addr_data32[0] == 0x00000000 &&
3817 one->ip.addr_data32[1] == 0x00000000 &&
3818 one->ip.addr_data32[2] == 0x00000000 &&
3819 one->ip.addr_data32[3] == 0x00000000 &&
3820 one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3821 one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3822 one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3823 one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3824
3825 two->ip.addr_data32[0] == SCNtohl(536870912) &&
3826 two->ip.addr_data32[1] == 0x00000000 &&
3827 two->ip.addr_data32[2] == 0x00000000 &&
3828 two->ip.addr_data32[3] == 0x00000000 &&
3829 two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3830 two->ip2.addr_data32[1] == 0x00000000 &&
3831 two->ip2.addr_data32[2] == 0x00000000 &&
3832 two->ip2.addr_data32[3] == SCNtohl(3) &&
3833
3834 three->ip.addr_data32[0] == SCNtohl(536936448) &&
3835 three->ip.addr_data32[1] == 0x00000000 &&
3836 three->ip.addr_data32[2] == 0x00000000 &&
3837 three->ip.addr_data32[3] == SCNtohl(4) &&
3838 three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3839 three->ip2.addr_data32[1] == 0x00000000 &&
3840 three->ip2.addr_data32[2] == 0x00000000 &&
3841 three->ip2.addr_data32[3] == SCNtohl(6) &&
3842
3843 four->ip.addr_data32[0] == SCNtohl(536936448) &&
3844 four->ip.addr_data32[1] == 0x00000000 &&
3845 four->ip.addr_data32[2] == 0x00000000 &&
3846 four->ip.addr_data32[3] == SCNtohl(7) &&
3847 four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3848 four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3849 four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3850 four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3851
3852 five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3853 five->ip.addr_data32[1] == 0x00000000 &&
3854 five->ip.addr_data32[2] == 0x00000000 &&
3855 five->ip.addr_data32[3] == 0x00000000 &&
3856 five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3857 five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3858 five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3859 five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3860 result = 1;
3861 }
3862 }
3863 }
3864 }
3865
3866 DetectAddressHeadFree(gh);
3867 }
3868 return result;
3869}
3870
3871static int AddressTestAddressGroupSetup26(void)
3872{
3873 int result = 0;
3874 DetectAddressHead *gh = DetectAddressHeadInit();
3875
3876 if (gh != NULL) {
3877 int r = DetectAddressParse(NULL, gh, "::/0");
3878 if (r == 0) {
3879 r = DetectAddressParse(NULL, gh, "2001::4-2001::6");
3880 if (r == 0) {
3881 r = DetectAddressParse(NULL, gh, "2001::/3");
3882 if (r == 0) {
3883 DetectAddress *one = gh->ipv6_head, *two = one->next,
3884 *three = two->next, *four = three->next,
3885 *five = four->next;
3886 if (one->ip.addr_data32[0] == 0x00000000 &&
3887 one->ip.addr_data32[1] == 0x00000000 &&
3888 one->ip.addr_data32[2] == 0x00000000 &&
3889 one->ip.addr_data32[3] == 0x00000000 &&
3890 one->ip2.addr_data32[0] == SCNtohl(536870911) &&
3891 one->ip2.addr_data32[1] == 0xFFFFFFFF &&
3892 one->ip2.addr_data32[2] == 0xFFFFFFFF &&
3893 one->ip2.addr_data32[3] == 0xFFFFFFFF &&
3894
3895 two->ip.addr_data32[0] == SCNtohl(536870912) &&
3896 two->ip.addr_data32[1] == 0x00000000 &&
3897 two->ip.addr_data32[2] == 0x00000000 &&
3898 two->ip.addr_data32[3] == 0x00000000 &&
3899 two->ip2.addr_data32[0] == SCNtohl(536936448) &&
3900 two->ip2.addr_data32[1] == 0x00000000 &&
3901 two->ip2.addr_data32[2] == 0x00000000 &&
3902 two->ip2.addr_data32[3] == SCNtohl(3) &&
3903
3904 three->ip.addr_data32[0] == SCNtohl(536936448) &&
3905 three->ip.addr_data32[1] == 0x00000000 &&
3906 three->ip.addr_data32[2] == 0x00000000 &&
3907 three->ip.addr_data32[3] == SCNtohl(4) &&
3908 three->ip2.addr_data32[0] == SCNtohl(536936448) &&
3909 three->ip2.addr_data32[1] == 0x00000000 &&
3910 three->ip2.addr_data32[2] == 0x00000000 &&
3911 three->ip2.addr_data32[3] == SCNtohl(6) &&
3912
3913 four->ip.addr_data32[0] == SCNtohl(536936448) &&
3914 four->ip.addr_data32[1] == 0x00000000 &&
3915 four->ip.addr_data32[2] == 0x00000000 &&
3916 four->ip.addr_data32[3] == SCNtohl(7) &&
3917 four->ip2.addr_data32[0] == SCNtohl(1073741823) &&
3918 four->ip2.addr_data32[1] == 0xFFFFFFFF &&
3919 four->ip2.addr_data32[2] == 0xFFFFFFFF &&
3920 four->ip2.addr_data32[3] == 0xFFFFFFFF &&
3921
3922 five->ip.addr_data32[0] == SCNtohl(1073741824) &&
3923 five->ip.addr_data32[1] == 0x00000000 &&
3924 five->ip.addr_data32[2] == 0x00000000 &&
3925 five->ip.addr_data32[3] == 0x00000000 &&
3926 five->ip2.addr_data32[0] == 0xFFFFFFFF &&
3927 five->ip2.addr_data32[1] == 0xFFFFFFFF &&
3928 five->ip2.addr_data32[2] == 0xFFFFFFFF &&
3929 five->ip2.addr_data32[3] == 0xFFFFFFFF) {
3930 result = 1;
3931 }
3932 }
3933 }
3934 }
3935
3936 DetectAddressHeadFree(gh);
3937 }
3938 return result;
3939}
3940
3941static int AddressTestAddressGroupSetup27(void)
3942{
3943 int result = 0;
3944 DetectAddressHead *gh = DetectAddressHeadInit();
3945
3946 if (gh != NULL) {
3947 int r = DetectAddressParse(NULL, gh, "[1.2.3.4]");
3948 if (r == 0)
3949 result = 1;
3950
3951 DetectAddressHeadFree(gh);
3952 }
3953 return result;
3954}
3955
3956static int AddressTestAddressGroupSetup28(void)
3957{
3958 int result = 0;
3959 DetectAddressHead *gh = DetectAddressHeadInit();
3960
3961 if (gh != NULL) {
3962 int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]");
3963 if (r == 0)
3964 result = 1;
3965
3966 DetectAddressHeadFree(gh);
3967 }
3968 return result;
3969}
3970
3971static int AddressTestAddressGroupSetup29(void)
3972{
3973 int result = 0;
3974 DetectAddressHead *gh = DetectAddressHeadInit();
3975
3976 if (gh != NULL) {
3977 int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]");
3978 if (r == 0)
3979 result = 1;
3980
3981 DetectAddressHeadFree(gh);
3982 }
3983 return result;
3984}
3985
3986static int AddressTestAddressGroupSetup30(void)
3987{
3988 int result = 0;
3989 DetectAddressHead *gh = DetectAddressHeadInit();
3990
3991 if (gh != NULL) {
3992 int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]");
3993 if (r == 0)
3994 result = 1;
3995
3996 DetectAddressHeadFree(gh);
3997 }
3998 return result;
3999}
4000
4001static int AddressTestAddressGroupSetup31(void)
4002{
4003 int result = 0;
4004 DetectAddressHead *gh = DetectAddressHeadInit();
4005
4006 if (gh != NULL) {
4007 int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]");
4008 if (r == 0)
4009 result = 1;
4010
4011 DetectAddressHeadFree(gh);
4012 }
4013 return result;
4014}
4015
4016static int AddressTestAddressGroupSetup32(void)
4017{
4018 int result = 0;
4019 DetectAddressHead *gh = DetectAddressHeadInit();
4020
4021 if (gh != NULL) {
4022 int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]");
4023 if (r == 0)
4024 result = 1;
4025
4026 DetectAddressHeadFree(gh);
4027 }
4028 return result;
4029}
4030
4031static int AddressTestAddressGroupSetup33(void)
4032{
4033 int result = 0;
4034 DetectAddressHead *gh = DetectAddressHeadInit();
4035
4036 if (gh != NULL) {
4037 int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]");
4038 if (r == 1)
4039 result = 1;
4040
4041 DetectAddressHeadFree(gh);
4042 }
4043 return result;
4044}
4045
4046static int AddressTestAddressGroupSetup34(void)
4047{
4048 int result = 0;
4049 DetectAddressHead *gh = DetectAddressHeadInit();
4050
4051 if (gh != NULL) {
4052 int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]");
4053 if (r == 1)
4054 result = 1;
4055
4056 DetectAddressHeadFree(gh);
4057 }
4058 return result;
4059}
4060
4061static int AddressTestAddressGroupSetup35(void)
4062{
4063 int result = 0;
4064 DetectAddressHead *gh = DetectAddressHeadInit();
4065
4066 if (gh != NULL) {
4067 int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]");
4068 if (r == 1)
4069 result = 1;
4070
4071 DetectAddressHeadFree(gh);
4072 }
4073 return result;
4074}
4075
4076static int AddressTestAddressGroupSetup36 (void)
4077{
4078 int result = 0;
4079
4080 DetectAddressHead *gh = DetectAddressHeadInit();
4081 if (gh != NULL) {
4082 int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]");
4083 if (r == 1)
4084 result = 1;
4085
4086 DetectAddressHeadFree(gh);
4087 }
4088 return result;
4089}
4090
4091static int AddressTestAddressGroupSetup37(void)
4092{
4093 int result = 0;
4094 DetectAddressHead *gh = DetectAddressHeadInit();
4095
4096 if (gh != NULL) {
4097 int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]");
4098 if (r == 0)
4099 result = 1;
4100
4101 DetectAddressHeadFree(gh);
4102 }
4103 return result;
4104}
4105
4106static int AddressTestAddressGroupSetup38(void)
4107{
4108 UTHValidateDetectAddressHeadRange expectations[3] = {
4109 { "0.0.0.0", "192.167.255.255" },
4110 { "192.168.14.0", "192.168.14.255" },
4111 { "192.169.0.0", "255.255.255.255" } };
4112 int result = 0;
4113 DetectAddressHead *gh = DetectAddressHeadInit();
4114
4115 if (gh != NULL) {
4116 int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]");
4117 if (r == 1) {
4118 if (UTHValidateDetectAddressHead(gh, 3, expectations))
4119 result = 1;
4120 }
4121
4122 DetectAddressHeadFree(gh);
4123 }
4124 return result;
4125}
4126
4127static int AddressTestAddressGroupSetup39(void)
4128{
4129 UTHValidateDetectAddressHeadRange expectations[3] = {
4130 { "0.0.0.0", "192.167.255.255" },
4131 { "192.168.14.0", "192.168.14.255" },
4132 { "192.169.0.0", "255.255.255.255" } };
4133 int result = 0;
4134 DetectAddressHead *gh = DetectAddressHeadInit();
4135
4136 if (gh != NULL) {
4137 int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]");
4138 if (r == 1) {
4139 if (UTHValidateDetectAddressHead(gh, 3, expectations))
4140 result = 1;
4141 }
4142
4143 DetectAddressHeadFree(gh);
4144 }
4145 return result;
4146}
4147
4148static int AddressTestAddressGroupSetup40(void)
4149{
4150 UTHValidateDetectAddressHeadRange expectations[3] = {
4151 { "0.0.0.0", "192.167.255.255" },
4152 { "192.168.14.0", "192.168.14.255" },
4153 { "192.169.0.0", "255.255.255.255" } };
4154 int result = 0;
4155 DetectAddressHead *gh = DetectAddressHeadInit();
4156 if (gh != NULL) {
4157 int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]");
4158 if (r == 1) {
4159 if (UTHValidateDetectAddressHead(gh, 3, expectations))
4160 result = 1;
4161 }
4162
4163 DetectAddressHeadFree(gh);
4164 }
4165 return result;
4166}
4167
4168static int AddressTestAddressGroupSetup41(void)
4169{
4170 UTHValidateDetectAddressHeadRange expectations[3] = {
4171 { "0.0.0.0", "192.167.255.255" },
4172 { "192.168.14.0", "192.168.14.255" },
4173 { "192.169.0.0", "255.255.255.255" } };
4174 int result = 0;
4175 DetectAddressHead *gh = DetectAddressHeadInit();
4176 if (gh != NULL) {
4177 int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]");
4178 if (r == 1) {
4179 if (UTHValidateDetectAddressHead(gh, 3, expectations))
4180 result = 1;
4181 }
4182
4183 DetectAddressHeadFree(gh);
4184 }
4185 return result;
4186}
4187
4188static int AddressTestAddressGroupSetup42(void)
4189{
4190 UTHValidateDetectAddressHeadRange expectations[1] = {
4191 { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4192 int result = 0;
4193 DetectAddressHead *gh = DetectAddressHeadInit();
4194 if (gh != NULL) {
4195 int r = DetectAddressParse(NULL, gh, "[2001::/3]");
4196 if (r == 0) {
4197 if (UTHValidateDetectAddressHead(gh, 1, expectations))
4198 result = 1;
4199 }
4200
4201 DetectAddressHeadFree(gh);
4202 }
4203 return result;
4204}
4205
4206static int AddressTestAddressGroupSetup43(void)
4207{
4208 UTHValidateDetectAddressHeadRange expectations[2] = {
4209 { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" },
4210 { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } };
4211 int result = 0;
4212 DetectAddressHead *gh = DetectAddressHeadInit();
4213 if (gh != NULL) {
4214 int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]");
4215 if (r == 1) {
4216 if (UTHValidateDetectAddressHead(gh, 2, expectations))
4217 result = 1;
4218 }
4219
4220 DetectAddressHeadFree(gh);
4221 }
4222 return result;
4223}
4224
4225static int AddressTestAddressGroupSetup44(void)
4226{
4227 UTHValidateDetectAddressHeadRange expectations[2] = {
4228 { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }};
4229 int result = 0;
4230 DetectAddressHead *gh = DetectAddressHeadInit();
4231 if (gh != NULL) {
4232 int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96");
4233 if (r == 0) {
4234 if (UTHValidateDetectAddressHead(gh, 1, expectations))
4235 result = 1;
4236 }
4237
4238 DetectAddressHeadFree(gh);
4239 }
4240 return result;
4241}
4242
4243static int AddressTestAddressGroupSetup45(void)
4244{
4245 int result = 0;
4246 DetectAddressHead *gh = DetectAddressHeadInit();
4247 if (gh != NULL) {
4248 int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]");
4249 if (r != 0) {
4250 result = 1;
4251 }
4252
4253 DetectAddressHeadFree(gh);
4254 }
4255 return result;
4256}
4257
4258static int AddressTestAddressGroupSetup46(void)
4259{
4260 UTHValidateDetectAddressHeadRange expectations[4] = {
4261 { "0.0.0.0", "192.167.255.255" },
4262 { "192.168.1.0", "192.168.1.255" },
4263 { "192.168.3.0", "192.168.3.255" },
4264 { "192.169.0.0", "255.255.255.255" } };
4265 int result = 0;
4266 DetectAddressHead *gh = DetectAddressHeadInit();
4267 if (gh != NULL) {
4268 int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]");
4269 if (r == 1) {
4270 if (UTHValidateDetectAddressHead(gh, 4, expectations))
4271 result = 1;
4272 }
4273
4274 DetectAddressHeadFree(gh);
4275 }
4276 return result;
4277}
4278
4279/** \test net with some negations, then all negated */
4280static int AddressTestAddressGroupSetup47(void)
4281{
4282 UTHValidateDetectAddressHeadRange expectations[5] = {
4283 { "0.0.0.0", "192.167.255.255" },
4284 { "192.168.1.0", "192.168.1.255" },
4285 { "192.168.3.0", "192.168.3.255" },
4286 { "192.168.5.0", "192.168.5.255" },
4287 { "192.169.0.0", "255.255.255.255" } };
4288 int result = 0;
4289 DetectAddressHead *gh = DetectAddressHeadInit();
4290 if (gh != NULL) {
4291 int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]");
4292 if (r == 1) {
4293 if (UTHValidateDetectAddressHead(gh, 5, expectations))
4294 result = 1;
4295 }
4296
4297 DetectAddressHeadFree(gh);
4298 }
4299 return result;
4300}
4301
4302/** \test same as AddressTestAddressGroupSetup47, but not negated */
4303static int AddressTestAddressGroupSetup48(void)
4304{
4305 UTHValidateDetectAddressHeadRange expectations[4] = {
4306 { "192.168.0.0", "192.168.0.255" },
4307 { "192.168.2.0", "192.168.2.255" },
4308 { "192.168.4.0", "192.168.4.255" },
4309 { "192.168.6.0", "192.168.255.255" } };
4310 int result = 0;
4311 DetectAddressHead *gh = DetectAddressHeadInit();
4312 if (gh != NULL) {
4313 int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]");
4314 if (r == 1) {
4315 if (UTHValidateDetectAddressHead(gh, 4, expectations))
4316 result = 1;
4317 }
4318
4319 DetectAddressHeadFree(gh);
4320 }
4321 return result;
4322}
4323
4324static int AddressTestCutIPv401(void)
4325{
4326 DetectAddress *c;
4327 DetectAddress *a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4328 FAIL_IF_NULL(a);
4329 DetectAddress *b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4330 FAIL_IF_NULL(b);
4331
4332 FAIL_IF(DetectAddressCut(NULL, a, b, &c) == -1);
4333
4337 PASS;
4338}
4339
4340static int AddressTestCutIPv402(void)
4341{
4342 DetectAddress *a, *b, *c;
4343 a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4344 b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4345
4346 if (DetectAddressCut(NULL, a, b, &c) == -1)
4347 goto error;
4348
4349 if (c == NULL)
4350 goto error;
4351
4355 return 1;
4356
4357error:
4361 return 0;
4362}
4363
4364static int AddressTestCutIPv403(void)
4365{
4366 DetectAddress *a, *b, *c;
4367 a = DetectAddressParseSingle("1.2.3.0/255.255.255.0");
4368 b = DetectAddressParseSingle("1.2.2.0-1.2.3.4");
4369
4370 if (DetectAddressCut(NULL, a, b, &c) == -1)
4371 goto error;
4372
4373 if (c == NULL)
4374 goto error;
4375
4376 if (a->ip.addr_data32[0] != SCNtohl(16908800) || a->ip2.addr_data32[0] != SCNtohl(16909055))
4377 goto error;
4378 if (b->ip.addr_data32[0] != SCNtohl(16909056) || b->ip2.addr_data32[0] != SCNtohl(16909060))
4379 goto error;
4380 if (c->ip.addr_data32[0] != SCNtohl(16909061) || c->ip2.addr_data32[0] != SCNtohl(16909311))
4381 goto error;
4382
4386 return 1;
4387
4388error:
4392 return 0;
4393}
4394
4395static int AddressTestCutIPv404(void)
4396{
4397 DetectAddress *a, *b, *c;
4398 a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4399 b = DetectAddressParseSingle("1.2.3.0-1.2.3.5");
4400
4401 if (DetectAddressCut(NULL, a, b, &c) == -1)
4402 goto error;
4403
4404 if (c == NULL)
4405 goto error;
4406
4407 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4408 goto error;
4409 if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909061))
4410 goto error;
4411 if (c->ip.addr_data32[0] != SCNtohl(16909062) || c->ip2.addr_data32[0] != SCNtohl(16909062))
4412 goto error;
4413
4414
4418 return 1;
4419
4420error:
4424 return 0;
4425}
4426
4427static int AddressTestCutIPv405(void)
4428{
4429 DetectAddress *a, *b, *c;
4430 a = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4431 b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4432
4433 if (DetectAddressCut(NULL, a, b, &c) == -1)
4434 goto error;
4435
4436 if (c == NULL)
4437 goto error;
4438
4439 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4440 goto error;
4441 if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4442 goto error;
4443 if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4444 goto error;
4445
4449 return 1;
4450
4451error:
4455 return 0;
4456}
4457
4458static int AddressTestCutIPv406(void)
4459{
4460 DetectAddress *a, *b, *c;
4461 a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4462 b = DetectAddressParseSingle("1.2.3.3-1.2.3.6");
4463
4464 if (DetectAddressCut(NULL, a, b, &c) == -1)
4465 goto error;
4466
4467 if (c == NULL)
4468 goto error;
4469
4470 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4471 goto error;
4472 if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909062))
4473 goto error;
4474 if (c->ip.addr_data32[0] != SCNtohl(16909063) || c->ip2.addr_data32[0] != SCNtohl(16909065))
4475 goto error;
4476
4480 return 1;
4481
4482error:
4486 return 0;
4487}
4488
4489static int AddressTestCutIPv407(void)
4490{
4491 DetectAddress *a, *b, *c;
4492 a = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4493 b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4494
4495 if (DetectAddressCut(NULL, a, b, &c) == -1)
4496 goto error;
4497
4498 if (c != NULL)
4499 goto error;
4500
4501 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4502 goto error;
4503 if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4504 goto error;
4505
4509 return 1;
4510
4511error:
4515 return 0;
4516}
4517
4518static int AddressTestCutIPv408(void)
4519{
4520 DetectAddress *a, *b, *c;
4521 a = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4522 b = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4523
4524 if (DetectAddressCut(NULL, a, b, &c) == -1)
4525 goto error;
4526
4527 if (c != NULL)
4528 goto error;
4529
4530 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4531 goto error;
4532 if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4533 goto error;
4534
4538 return 1;
4539
4540error:
4544 return 0;
4545}
4546
4547static int AddressTestCutIPv409(void)
4548{
4549 DetectAddress *a, *b, *c;
4550 a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4551 b = DetectAddressParseSingle("1.2.3.0-1.2.3.6");
4552
4553 if (DetectAddressCut(NULL, a, b, &c) == -1)
4554 goto error;
4555
4556 if (c != NULL)
4557 goto error;
4558
4559 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909062))
4560 goto error;
4561 if (b->ip.addr_data32[0] != SCNtohl(16909063) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4562 goto error;
4563
4567 return 1;
4568
4569error:
4573 return 0;
4574}
4575
4576static int AddressTestCutIPv410(void)
4577{
4578 DetectAddress *a, *b, *c;
4579 a = DetectAddressParseSingle("1.2.3.0-1.2.3.9");
4580 b = DetectAddressParseSingle("1.2.3.3-1.2.3.9");
4581
4582 if (DetectAddressCut(NULL, a, b, &c) == -1)
4583 goto error;
4584
4585 if (c != NULL)
4586 goto error;
4587
4588 if (a->ip.addr_data32[0] != SCNtohl(16909056) || a->ip2.addr_data32[0] != SCNtohl(16909058))
4589 goto error;
4590 if (b->ip.addr_data32[0] != SCNtohl(16909059) || b->ip2.addr_data32[0] != SCNtohl(16909065))
4591 goto error;
4592
4593 printf("ip %u ip2 %u ", (uint32_t)htonl(a->ip.addr_data32[0]), (uint32_t)htonl(a->ip2.addr_data32[0]));
4594
4598 return 1;
4599
4600error:
4604 return 0;
4605}
4606
4607static int AddressTestParseInvalidMask01(void)
4608{
4609 int result = 1;
4610 DetectAddress *dd = NULL;
4611
4612 dd = DetectAddressParseSingle("192.168.2.0/33");
4613 if (dd != NULL) {
4615 result = 0;
4616 }
4617 return result;
4618}
4619
4620static int AddressTestParseInvalidMask02(void)
4621{
4622 int result = 1;
4623 DetectAddress *dd = NULL;
4624
4625 dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
4626 if (dd != NULL) {
4628 result = 0;
4629 }
4630 return result;
4631}
4632
4633static int AddressTestParseInvalidMask03(void)
4634{
4635 int result = 1;
4636 DetectAddress *dd = NULL;
4637
4638 dd = DetectAddressParseSingle("192.168.2.0/blue");
4639 if (dd != NULL) {
4641 result = 0;
4642 }
4643 return result;
4644}
4645
4646static int AddressConfVarsTest01(void)
4647{
4648 static const char *dummy_conf_string =
4649 "%YAML 1.1\n"
4650 "---\n"
4651 "\n"
4652 "vars:\n"
4653 "\n"
4654 " address-groups:\n"
4655 "\n"
4656 " HOME_NET: \"any\"\n"
4657 "\n"
4658 " EXTERNAL_NET: \"!any\"\n"
4659 "\n"
4660 " port-groups:\n"
4661 "\n"
4662 " HTTP_PORTS: \"any\"\n"
4663 "\n"
4664 " SHELLCODE_PORTS: \"!any\"\n"
4665 "\n";
4666
4667 int result = 0;
4668
4670 SCConfInit();
4671 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4672
4674 result = 1;
4675
4676 SCConfDeInit();
4678
4679 return result;
4680}
4681
4682static int AddressConfVarsTest02(void)
4683{
4684 static const char *dummy_conf_string =
4685 "%YAML 1.1\n"
4686 "---\n"
4687 "\n"
4688 "vars:\n"
4689 "\n"
4690 " address-groups:\n"
4691 "\n"
4692 " HOME_NET: \"any\"\n"
4693 "\n"
4694 " EXTERNAL_NET: \"any\"\n"
4695 "\n"
4696 " port-groups:\n"
4697 "\n"
4698 " HTTP_PORTS: \"any\"\n"
4699 "\n"
4700 " SHELLCODE_PORTS: \"!any\"\n"
4701 "\n";
4702
4703 int result = 0;
4704
4706 SCConfInit();
4707 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4708
4710 result = 1;
4711
4712 SCConfDeInit();
4714
4715 return result;
4716}
4717
4718static int AddressConfVarsTest03(void)
4719{
4720 static const char *dummy_conf_string =
4721 "%YAML 1.1\n"
4722 "---\n"
4723 "\n"
4724 "vars:\n"
4725 "\n"
4726 " address-groups:\n"
4727 "\n"
4728 " HOME_NET: \"any\"\n"
4729 "\n"
4730 " EXTERNAL_NET: \"!$HOME_NET\"\n"
4731 "\n"
4732 " port-groups:\n"
4733 "\n"
4734 " HTTP_PORTS: \"any\"\n"
4735 "\n"
4736 " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n"
4737 "\n";
4738
4739 int result = 0;
4740
4742 SCConfInit();
4743 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4744
4746 result = 1;
4747
4748 SCConfDeInit();
4750
4751 return result;
4752}
4753
4754static int AddressConfVarsTest04(void)
4755{
4756 static const char *dummy_conf_string =
4757 "%YAML 1.1\n"
4758 "---\n"
4759 "\n"
4760 "vars:\n"
4761 "\n"
4762 " address-groups:\n"
4763 "\n"
4764 " HOME_NET: \"any\"\n"
4765 "\n"
4766 " EXTERNAL_NET: \"$HOME_NET\"\n"
4767 "\n"
4768 " port-groups:\n"
4769 "\n"
4770 " HTTP_PORTS: \"any\"\n"
4771 "\n"
4772 " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n"
4773 "\n";
4774
4775 int result = 0;
4776
4778 SCConfInit();
4779 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4780
4782 result = 1;
4783
4784 SCConfDeInit();
4786
4787 return result;
4788}
4789
4790static int AddressConfVarsTest05(void)
4791{
4792 static const char *dummy_conf_string =
4793 "%YAML 1.1\n"
4794 "---\n"
4795 "\n"
4796 "vars:\n"
4797 "\n"
4798 " address-groups:\n"
4799 "\n"
4800 " HOME_NET: \"any\"\n"
4801 "\n"
4802 " EXTERNAL_NET: [192.168.0.1]\n"
4803 "\n"
4804 " port-groups:\n"
4805 "\n"
4806 " HTTP_PORTS: \"any\"\n"
4807 "\n"
4808 " SHELLCODE_PORTS: [80]\n"
4809 "\n";
4810
4811 int result = 0;
4812
4814 SCConfInit();
4815 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4816
4818 goto end;
4819
4820 result = 1;
4821
4822 end:
4823 SCConfDeInit();
4825
4826 return result;
4827}
4828
4829static int AddressConfVarsTest06(void)
4830{
4831 // HOME_NET value size = 10261 bytes
4832 static const char *dummy_conf_string =
4833 "%YAML 1.1\n"
4834 "---\n"
4835 "\n"
4836 "vars:\n"
4837 "\n"
4838 " address-groups:\n"
4839 "\n"
4840 " HOME_NET: "
4841 "\"[2002:0000:3238:DFE1:63:0000:0000:FEFB,2002:0000:3238:DFE1:63:0000:0000:FEFB,"
4842 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4843 "2004:0000:3238:DFE1:63:0000:0000:FEFB,2005:0000:3238:DFE1:63:0000:0000:FEFB,"
4844 "2006:0000:3238:DFE1:63:0000:0000:FEFB,2007:0000:3238:DFE1:63:0000:0000:FEFB,"
4845 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4846 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4847 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4848 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4849 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4850 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4851 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4852 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4853 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4854 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4855 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4856 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4857 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4858 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4859 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4860 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4861 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4862 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4863 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4864 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4865 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4866 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4867 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4868 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4869 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4870 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4871 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4872 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4873 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4874 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4875 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4876 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4877 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4878 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4879 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4880 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4881 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4882 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4883 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4884 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4885 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4886 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4887 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4888 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4889 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4890 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4891 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4892 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4893 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4894 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4895 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4896 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4897 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4898 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4899 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4900 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4901 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4902 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4903 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4904 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4905 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4906 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4907 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4908 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4909 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4910 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4911 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4912 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4913 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4914 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4915 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4916 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4917 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4918 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4919 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4920 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4921 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4922 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4923 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4924 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4925 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4926 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4927 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4928 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4929 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4930 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4931 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4932 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4933 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4934 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4935 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4936 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4937 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4938 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4939 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4940 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4941 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4942 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4943 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4944 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4945 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4946 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4947 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4948 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4949 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4950 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4951 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4952 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4953 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4954 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4955 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4956 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4957 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4958 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4959 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4960 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4961 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4962 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4963 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4964 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4965 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4966 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4967 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4968 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4969 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4970 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4971 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4972 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4973 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4974 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB,"
4975 "2002:0000:3238:DFE1:63:0000:0000:FEFB,2003:0000:3238:DFE1:63:0000:0000:FEFB]\"\n"
4976 "\n"
4977 " EXTERNAL_NET: \"any\"\n"
4978 "\n";
4979
4981 SCConfInit();
4982 SCConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
4983
4985
4986 SCConfDeInit();
4988
4989 PASS;
4990}
4991
4992#endif /* UNITTESTS */
4993
4995{
4996#ifdef UNITTESTS
4999
5000 UtRegisterTest("AddressTestParse01", AddressTestParse01);
5001 UtRegisterTest("AddressTestParse02", AddressTestParse02);
5002 UtRegisterTest("AddressTestParse03", AddressTestParse03);
5003 UtRegisterTest("AddressTestParse04", AddressTestParse04);
5004 UtRegisterTest("AddressTestParse04bug5081", AddressTestParse04bug5081);
5005 UtRegisterTest("AddressTestParse05", AddressTestParse05);
5006 UtRegisterTest("AddressTestParse06", AddressTestParse06);
5007 UtRegisterTest("AddressTestParse07", AddressTestParse07);
5008 UtRegisterTest("AddressTestParse08", AddressTestParse08);
5009 UtRegisterTest("AddressTestParse09", AddressTestParse09);
5010 UtRegisterTest("AddressTestParse10", AddressTestParse10);
5011 UtRegisterTest("AddressTestParse11", AddressTestParse11);
5012 UtRegisterTest("AddressTestParse12", AddressTestParse12);
5013 UtRegisterTest("AddressTestParse13", AddressTestParse13);
5014 UtRegisterTest("AddressTestParse14", AddressTestParse14);
5015 UtRegisterTest("AddressTestParse15", AddressTestParse15);
5016 UtRegisterTest("AddressTestParse16", AddressTestParse16);
5017 UtRegisterTest("AddressTestParse17", AddressTestParse17);
5018 UtRegisterTest("AddressTestParse18", AddressTestParse18);
5019 UtRegisterTest("AddressTestParse19", AddressTestParse19);
5020 UtRegisterTest("AddressTestParse20", AddressTestParse20);
5021 UtRegisterTest("AddressTestParse21", AddressTestParse21);
5022 UtRegisterTest("AddressTestParse22", AddressTestParse22);
5023 UtRegisterTest("AddressTestParse23", AddressTestParse23);
5024 UtRegisterTest("AddressTestParse24", AddressTestParse24);
5025 UtRegisterTest("AddressTestParse25", AddressTestParse25);
5026 UtRegisterTest("AddressTestParse26", AddressTestParse26);
5027 UtRegisterTest("AddressTestParse27", AddressTestParse27);
5028 UtRegisterTest("AddressTestParse28", AddressTestParse28);
5029 UtRegisterTest("AddressTestParse29", AddressTestParse29);
5030 UtRegisterTest("AddressTestParse30", AddressTestParse30);
5031 UtRegisterTest("AddressTestParse31", AddressTestParse31);
5032 UtRegisterTest("AddressTestParse32", AddressTestParse32);
5033 UtRegisterTest("AddressTestParse33", AddressTestParse33);
5034 UtRegisterTest("AddressTestParse34", AddressTestParse34);
5035 UtRegisterTest("AddressTestParse35", AddressTestParse35);
5036 UtRegisterTest("AddressTestParse36", AddressTestParse36);
5037 UtRegisterTest("AddressTestParse37", AddressTestParse37);
5038
5039 UtRegisterTest("AddressTestMatch01", AddressTestMatch01);
5040 UtRegisterTest("AddressTestMatch02", AddressTestMatch02);
5041 UtRegisterTest("AddressTestMatch03", AddressTestMatch03);
5042 UtRegisterTest("AddressTestMatch04", AddressTestMatch04);
5043 UtRegisterTest("AddressTestMatch05", AddressTestMatch05);
5044 UtRegisterTest("AddressTestMatch06", AddressTestMatch06);
5045 UtRegisterTest("AddressTestMatch07", AddressTestMatch07);
5046 UtRegisterTest("AddressTestMatch08", AddressTestMatch08);
5047 UtRegisterTest("AddressTestMatch09", AddressTestMatch09);
5048 UtRegisterTest("AddressTestMatch10", AddressTestMatch10);
5049 UtRegisterTest("AddressTestMatch11", AddressTestMatch11);
5050
5051 UtRegisterTest("AddressTestCmp01", AddressTestCmp01);
5052 UtRegisterTest("AddressTestCmp02", AddressTestCmp02);
5053 UtRegisterTest("AddressTestCmp03", AddressTestCmp03);
5054 UtRegisterTest("AddressTestCmp04", AddressTestCmp04);
5055 UtRegisterTest("AddressTestCmp05", AddressTestCmp05);
5056 UtRegisterTest("AddressTestCmp06", AddressTestCmp06);
5057 UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407);
5058 UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408);
5059
5060 UtRegisterTest("AddressTestCmp07", AddressTestCmp07);
5061 UtRegisterTest("AddressTestCmp08", AddressTestCmp08);
5062 UtRegisterTest("AddressTestCmp09", AddressTestCmp09);
5063 UtRegisterTest("AddressTestCmp10", AddressTestCmp10);
5064 UtRegisterTest("AddressTestCmp11", AddressTestCmp11);
5065 UtRegisterTest("AddressTestCmp12", AddressTestCmp12);
5066
5067 UtRegisterTest("AddressTestAddressGroupSetup01",
5068 AddressTestAddressGroupSetup01);
5069 UtRegisterTest("AddressTestAddressGroupSetup02",
5070 AddressTestAddressGroupSetup02);
5071 UtRegisterTest("AddressTestAddressGroupSetup03",
5072 AddressTestAddressGroupSetup03);
5073 UtRegisterTest("AddressTestAddressGroupSetup04",
5074 AddressTestAddressGroupSetup04);
5075 UtRegisterTest("AddressTestAddressGroupSetup05",
5076 AddressTestAddressGroupSetup05);
5077 UtRegisterTest("AddressTestAddressGroupSetup06",
5078 AddressTestAddressGroupSetup06);
5079 UtRegisterTest("AddressTestAddressGroupSetup07",
5080 AddressTestAddressGroupSetup07);
5081 UtRegisterTest("AddressTestAddressGroupSetup08",
5082 AddressTestAddressGroupSetup08);
5083 UtRegisterTest("AddressTestAddressGroupSetup09",
5084 AddressTestAddressGroupSetup09);
5085 UtRegisterTest("AddressTestAddressGroupSetup10",
5086 AddressTestAddressGroupSetup10);
5087 UtRegisterTest("AddressTestAddressGroupSetup11",
5088 AddressTestAddressGroupSetup11);
5089 UtRegisterTest("AddressTestAddressGroupSetup12",
5090 AddressTestAddressGroupSetup12);
5091 UtRegisterTest("AddressTestAddressGroupSetup13",
5092 AddressTestAddressGroupSetup13);
5093 UtRegisterTest("AddressTestAddressGroupSetupIPv414",
5094 AddressTestAddressGroupSetupIPv414);
5095 UtRegisterTest("AddressTestAddressGroupSetupIPv415",
5096 AddressTestAddressGroupSetupIPv415);
5097 UtRegisterTest("AddressTestAddressGroupSetupIPv416",
5098 AddressTestAddressGroupSetupIPv416);
5099
5100 UtRegisterTest("AddressTestAddressGroupSetup14",
5101 AddressTestAddressGroupSetup14);
5102 UtRegisterTest("AddressTestAddressGroupSetup15",
5103 AddressTestAddressGroupSetup15);
5104 UtRegisterTest("AddressTestAddressGroupSetup16",
5105 AddressTestAddressGroupSetup16);
5106 UtRegisterTest("AddressTestAddressGroupSetup17",
5107 AddressTestAddressGroupSetup17);
5108 UtRegisterTest("AddressTestAddressGroupSetup18",
5109 AddressTestAddressGroupSetup18);
5110 UtRegisterTest("AddressTestAddressGroupSetup19",
5111 AddressTestAddressGroupSetup19);
5112 UtRegisterTest("AddressTestAddressGroupSetup20",
5113 AddressTestAddressGroupSetup20);
5114 UtRegisterTest("AddressTestAddressGroupSetup21",
5115 AddressTestAddressGroupSetup21);
5116 UtRegisterTest("AddressTestAddressGroupSetup22",
5117 AddressTestAddressGroupSetup22);
5118 UtRegisterTest("AddressTestAddressGroupSetup23",
5119 AddressTestAddressGroupSetup23);
5120 UtRegisterTest("AddressTestAddressGroupSetup24",
5121 AddressTestAddressGroupSetup24);
5122 UtRegisterTest("AddressTestAddressGroupSetup25",
5123 AddressTestAddressGroupSetup25);
5124 UtRegisterTest("AddressTestAddressGroupSetup26",
5125 AddressTestAddressGroupSetup26);
5126
5127 UtRegisterTest("AddressTestAddressGroupSetup27",
5128 AddressTestAddressGroupSetup27);
5129 UtRegisterTest("AddressTestAddressGroupSetup28",
5130 AddressTestAddressGroupSetup28);
5131 UtRegisterTest("AddressTestAddressGroupSetup29",
5132 AddressTestAddressGroupSetup29);
5133 UtRegisterTest("AddressTestAddressGroupSetup30",
5134 AddressTestAddressGroupSetup30);
5135 UtRegisterTest("AddressTestAddressGroupSetup31",
5136 AddressTestAddressGroupSetup31);
5137 UtRegisterTest("AddressTestAddressGroupSetup32",
5138 AddressTestAddressGroupSetup32);
5139 UtRegisterTest("AddressTestAddressGroupSetup33",
5140 AddressTestAddressGroupSetup33);
5141 UtRegisterTest("AddressTestAddressGroupSetup34",
5142 AddressTestAddressGroupSetup34);
5143 UtRegisterTest("AddressTestAddressGroupSetup35",
5144 AddressTestAddressGroupSetup35);
5145 UtRegisterTest("AddressTestAddressGroupSetup36",
5146 AddressTestAddressGroupSetup36);
5147 UtRegisterTest("AddressTestAddressGroupSetup37",
5148 AddressTestAddressGroupSetup37);
5149 UtRegisterTest("AddressTestAddressGroupSetup38",
5150 AddressTestAddressGroupSetup38);
5151 UtRegisterTest("AddressTestAddressGroupSetup39",
5152 AddressTestAddressGroupSetup39);
5153 UtRegisterTest("AddressTestAddressGroupSetup40",
5154 AddressTestAddressGroupSetup40);
5155 UtRegisterTest("AddressTestAddressGroupSetup41",
5156 AddressTestAddressGroupSetup41);
5157 UtRegisterTest("AddressTestAddressGroupSetup42",
5158 AddressTestAddressGroupSetup42);
5159 UtRegisterTest("AddressTestAddressGroupSetup43",
5160 AddressTestAddressGroupSetup43);
5161 UtRegisterTest("AddressTestAddressGroupSetup44",
5162 AddressTestAddressGroupSetup44);
5163 UtRegisterTest("AddressTestAddressGroupSetup45",
5164 AddressTestAddressGroupSetup45);
5165 UtRegisterTest("AddressTestAddressGroupSetup46",
5166 AddressTestAddressGroupSetup46);
5167 UtRegisterTest("AddressTestAddressGroupSetup47",
5168 AddressTestAddressGroupSetup47);
5169 UtRegisterTest("AddressTestAddressGroupSetup48",
5170 AddressTestAddressGroupSetup48);
5171
5172 UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401);
5173 UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402);
5174 UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403);
5175 UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404);
5176 UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405);
5177 UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406);
5178 UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407);
5179 UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408);
5180 UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409);
5181 UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410);
5182
5183 UtRegisterTest("AddressTestParseInvalidMask01",
5184 AddressTestParseInvalidMask01);
5185 UtRegisterTest("AddressTestParseInvalidMask02",
5186 AddressTestParseInvalidMask02);
5187 UtRegisterTest("AddressTestParseInvalidMask03",
5188 AddressTestParseInvalidMask03);
5189
5190 UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01);
5191 UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02);
5192 UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03);
5193 UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04);
5194 UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05);
5195 UtRegisterTest("AddressConfVarsTest06 ", AddressConfVarsTest06);
5196#endif /* UNITTESTS */
5197}
struct HtpBodyChunk_ * next
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
void SCConfInit(void)
Initialize the configuration system.
Definition conf.c:120
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition conf.c:181
void SCConfDeInit(void)
De-initializes the configuration system.
Definition conf.c:703
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition conf.c:684
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition conf.c:694
uint8_t address
Definition decode-ppp.h:0
#define COPY_ADDRESS(a, b)
Definition decode.h:127
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
Cut groups and merge sigs.
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
Check if the address group list covers the complete IPv4 IP space.
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void DetectAddressIPv4Tests(void)
int AddressIPv6Gt(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than the second address(b) o...
int AddressIPv6Le(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is less than or equal to the second add...
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c)
int AddressIPv6Ge(const Address *a, const Address *b)
Compares 2 ipv6 addresses and returns if the first address(a) is greater than or equal to the second ...
void DetectAddressIPv6Tests(void)
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b)
Cuts and returns an address range, which is the complement of the address range that is supplied as t...
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b)
Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.
void DetectAddressTests(void)
int DetectAddressMatchIPv4(const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
int DetectAddressMatchIPv6(const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
Match a packets address against a signatures addrs array.
#define MAX_ADDRESS_LENGTH
#define DetectAddressPrint(...)
int DetectAddressParse(const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argu...
int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
Used to compare 2 address ranges.
DetectAddress * DetectAddressInit(void)
Creates and returns a new instance of a DetectAddress.
int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
Merge the + and the - list (+ positive match, - 'not' match)
int DetectAddressTestConfVars(void)
struct DetectAddressMap_ DetectAddressMap
void DetectAddressFree(DetectAddress *ag)
Frees a DetectAddress instance.
DetectAddress * DetectAddressLookupInHead(const DetectAddressHead *gh, Address *a)
Find the group matching address in a group head.
int DetectAddressMapInit(DetectEngineCtx *de_ctx)
void DetectAddressMapFree(DetectEngineCtx *de_ctx)
const DetectAddressHead * DetectParseAddress(DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
bool DetectAddressListsAreEqual(DetectAddress *list1, DetectAddress *list2)
Checks if two address group lists are equal.
struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
void DetectAddressHeadCleanup(DetectAddressHead *gh)
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the Det...
DetectAddress * DetectAddressCopy(DetectAddress *orig)
copy a DetectAddress
int DetectPortTestConfVars(void)
@ ADDRESS_ER
Definition detect.h:152
@ ADDRESS_GT
Definition detect.h:159
@ ADDRESS_EB
Definition detect.h:157
@ ADDRESS_EQ
Definition detect.h:155
@ ADDRESS_ES
Definition detect.h:156
@ ADDRESS_GE
Definition detect.h:158
@ ADDRESS_LE
Definition detect.h:154
@ ADDRESS_LT
Definition detect.h:153
#define ADDRESS_FLAG_NOT
Definition detect.h:162
Flow * head
Definition flow-hash.h:1
DetectEngineCtx * de_ctx
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
#define PASS
Pass the test.
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define TAILQ_FOREACH(var, head, field)
Definition queue.h:252
#define TAILQ_HEAD_INITIALIZER(head)
Definition queue.h:236
union Address_::@30 address
char family
Definition decode.h:113
DetectAddress * ipv6_head
Definition detect.h:185
DetectAddress * ipv4_head
Definition detect.h:184
DetectAddressHead * address
address structure for use in the detection engine.
Definition detect.h:168
Address ip2
Definition detect.h:171
struct DetectAddress_ * next
Definition detect.h:179
Address ip
Definition detect.h:170
uint8_t flags
Definition detect.h:174
struct DetectAddress_ * prev
Definition detect.h:177
main detection engine ctx
Definition detect.h:932
HashListTable * address_table
Definition detect.h:1072
uint32_t array_size
struct HtpBodyChunk_ * next
char * name
Definition conf.h:38
char * val
Definition conf.h:39
#define BUG_ON(x)
#define str(s)
#define SCNtohl(x)
size_t strlcpy(char *dst, const char *src, size_t siz)
uint32_t cnt
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition util-byte.c:716
int CIDRFromMask(uint32_t netmask)
Turn 32 bit mask into CIDR.
Definition util-cidr.c:35
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
Creates a cidr ipv6 netblock, based on the cidr netblock value.
Definition util-cidr.c:82
uint32_t CIDRGet(int cidr)
Definition util-cidr.c:57
#define SCEnter(...)
Definition util-debug.h:277
#define SCLogDebug(...)
Definition util-debug.h:275
#define SCReturnInt(x)
Definition util-debug.h:281
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition util-debug.h:225
#define SCReturnPtr(x, type)
Definition util-debug.h:293
#define SCLogError(...)
Macro used to log ERROR messages.
Definition util-debug.h:267
uint32_t hashlittle_safe(const void *key, size_t length, uint32_t initval)
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
void HashListTableFree(HashListTable *ht)
#define SCMalloc(sz)
Definition util-mem.h:47
#define SCFree(p)
Definition util-mem.h:61
#define SCCalloc(nm, sz)
Definition util-mem.h:53
#define SCStrdup(s)
Definition util-mem.h:56
#define unlikely(expr)
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition util-print.c:231
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
@ SC_RULE_VARS_ADDRESS_GROUPS
void CleanVariableResolveList(ResolvedVariablesList *var_list)
Definition util-var.c:168
int AddVariableToResolveList(ResolvedVariablesList *list, const char *var)
Definition util-var.c:139