aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/detect-engine-address-ipv4.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/detect-engine-address-ipv4.c')
-rw-r--r--framework/src/suricata/src/detect-engine-address-ipv4.c1614
1 files changed, 1614 insertions, 0 deletions
diff --git a/framework/src/suricata/src/detect-engine-address-ipv4.c b/framework/src/suricata/src/detect-engine-address-ipv4.c
new file mode 100644
index 00000000..20e9e57e
--- /dev/null
+++ b/framework/src/suricata/src/detect-engine-address-ipv4.c
@@ -0,0 +1,1614 @@
+/* Copyright (C) 2007-2010 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * IPV4 Address part of the detection engine.
+ */
+
+#include "suricata-common.h"
+
+#include "decode.h"
+#include "detect.h"
+#include "flow-var.h"
+
+#include "util-cidr.h"
+#include "util-unittest.h"
+
+#include "detect-engine-address.h"
+#include "detect-engine-siggroup.h"
+#include "detect-engine-port.h"
+
+#include "util-error.h"
+#include "util-debug.h"
+#include "util-unittest.h"
+
+/**
+ * \brief Compares 2 addresses(address ranges) and returns the relationship
+ * between the 2 addresses.
+ *
+ * \param a Pointer to the first address instance to be compared.
+ * \param b Pointer to the second address instance to be compared.
+ *
+ * \retval ADDRESS_EQ If the 2 address ranges a and b, are equal.
+ * \retval ADDRESS_ES b encapsulates a. b_ip1[...a_ip1...a_ip2...]b_ip2.
+ * \retval ADDRESS_EB a encapsulates b. a_ip1[...b_ip1....b_ip2...]a_ip2.
+ * \retval ADDRESS_LE a_ip1(...b_ip1==a_ip2...)b_ip2
+ * \retval ADDRESS_LT a_ip1(...b_ip1...a_ip2...)b_ip2
+ * \retval ADDRESS_GE b_ip1(...a_ip1==b_ip2...)a_ip2
+ * \retval ADDRESS_GT a_ip1 > b_ip2, i.e. the address range for 'a' starts only
+ * after the end of the address range for 'b'
+ */
+int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b)
+{
+ uint32_t a_ip1 = ntohl(a->ip.addr_data32[0]);
+ uint32_t a_ip2 = ntohl(a->ip2.addr_data32[0]);
+ uint32_t b_ip1 = ntohl(b->ip.addr_data32[0]);
+ uint32_t b_ip2 = ntohl(b->ip2.addr_data32[0]);
+
+ if (a_ip1 == b_ip1 && a_ip2 == b_ip2) {
+ SCLogDebug("ADDRESS_EQ");
+ return ADDRESS_EQ;
+ } else if (a_ip1 >= b_ip1 && a_ip1 <= b_ip2 && a_ip2 <= b_ip2) {
+ SCLogDebug("ADDRESS_ES");
+ return ADDRESS_ES;
+ } else if (a_ip1 <= b_ip1 && a_ip2 >= b_ip2) {
+ SCLogDebug("ADDRESS_EB");
+ return ADDRESS_EB;
+ } else if (a_ip1 < b_ip1 && a_ip2 < b_ip2 && a_ip2 >= b_ip1) {
+ SCLogDebug("ADDRESS_LE");
+ return ADDRESS_LE;
+ } else if (a_ip1 < b_ip1 && a_ip2 < b_ip2) {
+ SCLogDebug("ADDRESS_LT");
+ return ADDRESS_LT;
+ } else if (a_ip1 > b_ip1 && a_ip1 <= b_ip2 && a_ip2 > b_ip2) {
+ SCLogDebug("ADDRESS_GE");
+ return ADDRESS_GE;
+ } else if (a_ip1 > b_ip2) {
+ SCLogDebug("ADDRESS_GT");
+ return ADDRESS_GT;
+ } else {
+ /* should be unreachable */
+ SCLogDebug("Internal Error: should be unreachable");
+ }
+
+ return ADDRESS_ER;
+}
+
+/**
+ * \brief Cut groups and merge sigs
+ *
+ * a = 1.2.3.4, b = 1.2.3.4-1.2.3.5
+ * must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL
+ *
+ * a = 1.2.3.4, b = 1.2.3.3-1.2.3.5
+ * must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5
+ *
+ * a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10
+ * must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL
+ *
+ * a = 1.2.3.4, b = 1.2.3.0/24
+ * must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
+ *
+ * \retval 0 On success.
+ * \retval -1 On failure.
+ */
+int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
+ DetectAddress *b, DetectAddress **c)
+{
+ uint32_t a_ip1 = ntohl(a->ip.addr_data32[0]);
+ uint32_t a_ip2 = ntohl(a->ip2.addr_data32[0]);
+ uint32_t b_ip1 = ntohl(b->ip.addr_data32[0]);
+ uint32_t b_ip2 = ntohl(b->ip2.addr_data32[0]);
+ DetectPort *port = NULL;
+ DetectAddress *tmp = NULL;
+ DetectAddress *tmp_c = NULL;
+ int r = 0;
+
+ /* default to NULL */
+ *c = NULL;
+
+ r = DetectAddressCmpIPv4(a, b);
+ if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
+ SCLogDebug("we shouldn't be here");
+ goto error;
+ }
+
+ /* get a place to temporary put sigs lists */
+ tmp = DetectAddressInit();
+ if (tmp == NULL)
+ goto error;
+
+ /* we have 3 parts: [aaa[abab)bbb]
+ * part a: a_ip1 <-> b_ip1 - 1
+ * part b: b_ip1 <-> a_ip2
+ * part c: a_ip2 + 1 <-> b_ip2
+ */
+ if (r == ADDRESS_LE) {
+ SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_LE");
+
+ a->ip.addr_data32[0] = htonl(a_ip1);
+ a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(b_ip1);
+ b->ip2.addr_data32[0] = htonl(a_ip2);
+
+ tmp_c = DetectAddressInit();
+ if (tmp_c == NULL)
+ goto error;
+
+ tmp_c->ip.family = AF_INET;
+ tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
+ tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
+ *c = tmp_c;
+
+ if (de_ctx != NULL) {
+ SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
+ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
+
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+
+ tmp_c->cnt += b->cnt;
+ b->cnt += a->cnt;
+ }
+
+ /* we have 3 parts: [bbb[baba]aaa]
+ * part a: b_ip1 <-> a_ip1 - 1
+ * part b: a_ip1 <-> b_ip2
+ * part c: b_ip2 + 1 <-> a_ip2
+ */
+ } else if (r == ADDRESS_GE) {
+ SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_GE");
+
+ a->ip.addr_data32[0] = htonl(b_ip1);
+ a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(a_ip1);
+ b->ip2.addr_data32[0] = htonl(b_ip2);
+
+ tmp_c = DetectAddressInit();
+ if (tmp_c == NULL)
+ goto error;
+
+ tmp_c->ip.family = AF_INET;
+ tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
+ tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
+ *c = tmp_c;
+
+ if (de_ctx != NULL) {
+ /* 'a' gets clean and then 'b' sigs
+ * 'b' gets clean, then 'a' then 'b' sigs
+ * 'c' gets 'a' sigs */
+ /* store old a list */
+ SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
+ /* clean a list */
+ SigGroupHeadClearSigs(a->sh);
+ /* copy old b to c */
+ SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh);
+ /* copy old b to a */
+ SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
+ /* prepend old a before b */
+ SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
+ /* clean tmp list */
+ SigGroupHeadClearSigs(tmp->sh);
+
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp->port, port);
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &a->port, port);
+ for (port = tmp->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+ for (port = tmp->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
+
+ tmp->cnt += a->cnt;
+ a->cnt = 0;
+ tmp_c->cnt += tmp->cnt;
+ a->cnt += b->cnt;
+ b->cnt += tmp->cnt;
+ tmp->cnt = 0;
+ }
+
+ /* we have 2 or three parts:
+ *
+ * 2 part: [[abab]bbb] or [bbb[baba]]
+ * part a: a_ip1 <-> a_ip2
+ * part b: a_ip2 + 1 <-> b_ip2
+ *
+ * part a: b_ip1 <-> a_ip1 - 1
+ * part b: a_ip1 <-> a_ip2
+ *
+ * 3 part [bbb[aaa]bbb]
+ * becomes[aaa[bbb]ccc]
+ *
+ * part a: b_ip1 <-> a_ip1 - 1
+ * part b: a_ip1 <-> a_ip2
+ * part c: a_ip2 + 1 <-> b_ip2
+ */
+ } else if (r == ADDRESS_ES) {
+ SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_ES");
+
+ if (a_ip1 == b_ip1) {
+ SCLogDebug("DetectAddressCutIPv4: 1");
+
+ a->ip.addr_data32[0] = htonl(a_ip1);
+ a->ip2.addr_data32[0] = htonl(a_ip2);
+
+ b->ip.addr_data32[0] = htonl(a_ip2 + 1);
+ b->ip2.addr_data32[0] = htonl(b_ip2);
+
+ if (de_ctx != NULL) {
+ /* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
+ SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
+
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &a->port, port);
+ a->cnt += b->cnt;
+ }
+ } else if (a_ip2 == b_ip2) {
+ SCLogDebug("DetectAddressCutIPv4: 2");
+
+ a->ip.addr_data32[0] = htonl(b_ip1);
+ a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(a_ip1);
+ b->ip2.addr_data32[0] = htonl(a_ip2);
+
+ if (de_ctx != NULL) {
+ SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
+ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
+ SigGroupHeadClearSigs(a->sh);
+ SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
+ SigGroupHeadClearSigs(tmp->sh);
+
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp->port, a->port);
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &a->port, port);
+ for (port = tmp->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+
+ tmp->cnt += a->cnt;
+ a->cnt = 0;
+ a->cnt += b->cnt;
+ b->cnt += tmp->cnt;
+ tmp->cnt = 0;
+ }
+ } else {
+ SCLogDebug("3");
+
+ a->ip.addr_data32[0] = htonl(b_ip1);
+ a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(a_ip1);
+ b->ip2.addr_data32[0] = htonl(a_ip2);
+
+ tmp_c = DetectAddressInit();
+ if (tmp_c == NULL)
+ goto error;
+
+ tmp_c->ip.family = AF_INET;
+ tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
+ tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
+ *c = tmp_c;
+
+ if (de_ctx != NULL) {
+ /* 'a' gets clean and then 'b' sigs
+ * 'b' gets clean, then 'a' then 'b' sigs
+ * 'c' gets 'b' sigs */
+ /* store old a list */
+ SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
+ /* clean a list */
+ SigGroupHeadClearSigs(a->sh);
+ /* copy old b to c */
+ SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
+ /* copy old b to a */
+ SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
+ /* prepend old a before b */
+ SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
+ /* clean tmp list */
+ SigGroupHeadClearSigs(tmp->sh);
+
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp->port, port);
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &a->port, port);
+ for (port = tmp->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+
+ tmp->cnt += a->cnt;
+ a->cnt = 0;
+ tmp_c->cnt += b->cnt;
+ a->cnt += b->cnt;
+ b->cnt += tmp->cnt;
+ tmp->cnt = 0;
+ }
+ }
+ /* we have 2 or three parts:
+ *
+ * 2 part: [[baba]aaa] or [aaa[abab]]
+ * part a: b_ip1 <-> b_ip2
+ * part b: b_ip2 + 1 <-> a_ip2
+ *
+ * part a: a_ip1 <-> b_ip1 - 1
+ * part b: b_ip1 <-> b_ip2
+ *
+ * 3 part [aaa[bbb]aaa]
+ * becomes[aaa[bbb]ccc]
+ *
+ * part a: a_ip1 <-> b_ip2 - 1
+ * part b: b_ip1 <-> b_ip2
+ * part c: b_ip2 + 1 <-> a_ip2
+ */
+ } else if (r == ADDRESS_EB) {
+ SCLogDebug("DetectAddressCutIPv4: r == ADDRESS_EB");
+
+ if (a_ip1 == b_ip1) {
+ SCLogDebug("DetectAddressCutIPv4: 1");
+
+ a->ip.addr_data32[0] = htonl(b_ip1);
+ a->ip2.addr_data32[0] = htonl(b_ip2);
+
+ b->ip.addr_data32[0] = htonl(b_ip2 + 1);
+ b->ip2.addr_data32[0] = htonl(a_ip2);
+
+ if (de_ctx != NULL) {
+ /* 'b' overlaps 'a' so a needs the 'b' sigs */
+ SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
+ SigGroupHeadClearSigs(b->sh);
+ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
+ SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
+ SigGroupHeadClearSigs(tmp->sh);
+
+ for (port = b->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp->port, b->port);
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+ for (port = tmp->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &a->port, port);
+
+ tmp->cnt += b->cnt;
+ b->cnt = 0;
+ b->cnt += a->cnt;
+ a->cnt += tmp->cnt;
+ tmp->cnt = 0;
+ }
+ } else if (a_ip2 == b_ip2) {
+ SCLogDebug("DetectAddressCutIPv4: 2");
+
+ a->ip.addr_data32[0] = htonl(a_ip1);
+ a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(b_ip1);
+ b->ip2.addr_data32[0] = htonl(b_ip2);
+
+ if (de_ctx != NULL) {
+ /* 'a' overlaps 'b' so a needs the 'a' sigs */
+ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
+
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+
+ b->cnt += a->cnt;
+ }
+ } else {
+ SCLogDebug("DetectAddressCutIPv4: 3");
+
+ a->ip.addr_data32[0] = htonl(a_ip1);
+ a->ip2.addr_data32[0] = htonl(b_ip1 - 1);
+
+ b->ip.addr_data32[0] = htonl(b_ip1);
+ b->ip2.addr_data32[0] = htonl(b_ip2);
+
+ tmp_c = DetectAddressInit();
+ if (tmp_c == NULL)
+ goto error;
+
+ tmp_c->ip.family = AF_INET;
+ tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
+ tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
+ *c = tmp_c;
+
+ if (de_ctx != NULL) {
+ /* 'a' stays the same wrt sigs
+ * 'b' keeps it's own sigs and gets a's sigs prepended
+ * 'c' gets 'a' sigs */
+ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
+ SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
+
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &b->port, port);
+ for (port = a->port; port != NULL; port = port->next)
+ DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
+
+ b->cnt += a->cnt;
+ tmp_c->cnt += a->cnt;
+ }
+ }
+ }
+
+ if (tmp != NULL)
+ DetectAddressFree(tmp);
+
+ return 0;
+
+error:
+ if (tmp != NULL)
+ DetectAddressFree(tmp);
+ return -1;
+}
+
+/**
+ * \brief Check if the address group list covers the complete IPv4 IP space.
+ *
+ * \param ag Pointer to a DetectAddress list head, which has to be checked to
+ * see if the address ranges in it, cover the entire IPv4 IP space.
+ *
+ * \retval 1 Yes, it covers the entire IPv4 address range.
+ * \retval 0 No, it doesn't cover the entire IPv4 address range.
+ */
+int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag)
+{
+ uint32_t next_ip = 0;
+
+ if (ag == NULL)
+ return 0;
+
+ /* if we don't start with 0.0.0.0 we know we're good */
+ if (ntohl(ag->ip.addr_data32[0]) != 0x00000000)
+ return 0;
+
+ /* if we're ending with 255.255.255.255 while we know we started with
+ * 0.0.0.0 it's the complete space */
+ if (ntohl(ag->ip2.addr_data32[0]) == 0xFFFFFFFF)
+ return 1;
+
+ next_ip = htonl(ntohl(ag->ip2.addr_data32[0]) + 1);
+ ag = ag->next;
+
+ for ( ; ag != NULL; ag = ag->next) {
+
+ if (ag->ip.addr_data32[0] != next_ip)
+ return 0;
+
+ if (ntohl(ag->ip2.addr_data32[0]) == 0xFFFFFFFF)
+ return 1;
+
+ next_ip = htonl(ntohl(ag->ip2.addr_data32[0]) + 1);
+ }
+
+ return 0;
+}
+
+/**
+ * \brief Cuts and returns an address range, which is the complement of the
+ * address range that is supplied as the argument.
+ *
+ * For example:
+ *
+ * If a = 0.0.0.0-1.2.3.4,
+ * then a = 1.2.3.4-255.255.255.255 and b = NULL
+ * If a = 1.2.3.4-255.255.255.255,
+ * then a = 0.0.0.0-1.2.3.4 and b = NULL
+ * If a = 1.2.3.4-192.168.1.1,
+ * then a = 0.0.0.0-1.2.3.3 and b = 192.168.1.2-255.255.255.255
+ *
+ * \param a Pointer to an address range (DetectAddress) instance whose complement
+ * has to be returned in a and b.
+ * \param b Pointer to DetectAddress pointer, that will be supplied back with a
+ * new DetectAddress instance, if the complement demands so.
+ *
+ * \retval 0 On success.
+ * \retval -1 On failure.
+ */
+int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b)
+{
+ uint32_t a_ip1 = ntohl(a->ip.addr_data32[0]);
+ uint32_t a_ip2 = ntohl(a->ip2.addr_data32[0]);
+ DetectAddress *tmp_b = NULL;
+
+ /* default to NULL */
+ *b = NULL;
+
+ if (a_ip1 != 0x00000000 && a_ip2 != 0xFFFFFFFF) {
+ a->ip.addr_data32[0] = htonl(0x00000000);
+ a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
+
+ tmp_b = DetectAddressInit();
+ if (tmp_b == NULL)
+ goto error;
+
+ tmp_b->ip.family = AF_INET;
+ tmp_b->ip.addr_data32[0] = htonl(a_ip2 + 1);
+ tmp_b->ip2.addr_data32[0] = htonl(0xFFFFFFFF);
+ *b = tmp_b;
+ } else if (a_ip1 == 0x00000000 && a_ip2 != 0xFFFFFFFF) {
+ a->ip.addr_data32[0] = htonl(a_ip2 + 1);
+ a->ip2.addr_data32[0] = htonl(0xFFFFFFFF);
+ } else if (a_ip1 != 0x00000000 && a_ip2 == 0xFFFFFFFF) {
+ a->ip.addr_data32[0] = htonl(0x00000000);
+ a->ip2.addr_data32[0] = htonl(a_ip1 - 1);
+ } else {
+ goto error;
+ }
+
+ return 0;
+
+error:
+ return -1;
+}
+
+/**
+ * \brief Extends a target address range if the the source address range is
+ * wider than the target address range on either sides.
+ *
+ * Every address is a range, i.e. address->ip1....address->ip2. For
+ * example 1.2.3.4 to 192.168.1.1.
+ * if source->ip1 is smaller than target->ip1, it indicates that the
+ * source's left address limit is greater(range wise) than the target's
+ * left address limit, and hence we reassign the target's left address
+ * limit to source's left address limit.
+ * Similary if source->ip2 is greater than target->ip2, it indicates that
+ * the source's right address limit is greater(range wise) than the
+ * target's right address limit, and hence we reassign the target's right
+ * address limit to source's right address limit.
+ *
+ * \param de_ctx Pointer to the detection engine context.
+ * \param target Pointer to the target DetectAddress instance that has to be
+ * updated.
+ * \param source Pointer to the source DetectAddress instance that is used
+ * to decided whether we extend the target's address range.
+ *
+ * \retval 0 On success.
+ * \retval -1 On failure.
+ */
+int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target,
+ DetectAddress *source)
+{
+ if (source == NULL || target == NULL)
+ return -1;
+
+ if (ntohl(source->ip.addr_data32[0]) < ntohl(target->ip.addr_data32[0]))
+ target->ip.addr_data32[0] = source->ip.addr_data32[0];
+
+ if (ntohl(source->ip2.addr_data32[0]) > ntohl(target->ip2.addr_data32[0]))
+ target->ip2.addr_data32[0] = source->ip2.addr_data32[0];
+
+ return 0;
+}
+
+/********************************Unittests*************************************/
+
+#ifdef UNITTESTS
+
+static int DetectAddressIPv4TestAddressCmp01(void)
+{
+ struct in_addr in;
+ int result = 1;
+
+ DetectAddress *a = DetectAddressInit();
+ if (a == NULL)
+ return 0;
+
+ DetectAddress *b = DetectAddressInit();
+ if (b == NULL) {
+ DetectAddressFree(a);
+ return 0;
+ }
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_EQ);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_ES);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_ES);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
+
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
+
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_EB);
+
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_EB);
+
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
+
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
+
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LE);
+
+ if (inet_pton(AF_INET, "170.170.170.169", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_LE);
+
+ if (inet_pton(AF_INET, "170.170.170.169", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LE);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "185.185.185.185", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ /* we could get a LE */
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ /* we could get a LE */
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_LT);
+
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "128.128.128.128", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.169", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "180.180.180.180", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "170.170.170.169", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.169.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_GE);
+
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "200.200.200.200", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "185.185.185.185", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) == ADDRESS_GT);
+
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "200.200.200.200", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_GT);
+
+ if (inet_pton(AF_INET, "182.168.1.2", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "200.200.200.200", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "170.170.170.170", &in) < 0)
+ goto error;
+ b->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ b->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCmpIPv4(a, b) != ADDRESS_GT);
+
+ DetectAddressFree(a);
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4IsCompleteIPSpace02(void)
+{
+ DetectAddress *a = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ goto error;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 1);
+
+ if (inet_pton(AF_INET, "0.0.0.1", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ DetectAddressFree(a);
+
+ if ( (a = DetectAddressInit()) == NULL)
+ goto error;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.254", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ DetectAddressFree(a);
+
+ return result;
+
+ error:
+ if (a != NULL)
+ DetectAddressFree(a);
+ return 0;
+}
+
+static int DetectAddressIPv4IsCompleteIPSpace03(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *temp = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ goto error;
+ temp = a;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "126.36.62.61", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "126.36.62.62", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "222.52.21.62", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "222.52.21.63", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.254", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 1);
+
+ DetectAddressFree(a);
+
+ return result;
+
+ error:
+ if (a != NULL)
+ DetectAddressFree(a);
+ return 0;
+}
+
+static int DetectAddressIPv4IsCompleteIPSpace04(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *temp = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ goto error;
+ temp = a;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "126.36.62.61", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "126.36.62.62", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "222.52.21.62", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "222.52.21.64", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.254", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ if ( (temp->next = DetectAddressInit()) == NULL)
+ goto error;
+ temp = temp->next;
+
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ temp->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ temp->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressIsCompleteIPSpaceIPv4(a) == 0);
+
+ DetectAddressFree(a);
+
+ return result;
+
+ error:
+ if (a != NULL)
+ DetectAddressFree(a);
+ return 0;
+}
+
+static int DetectAddressIPv4CutNot05(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *b = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ return 0;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCutNotIPv4(a, &b) == -1);
+
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4CutNot06(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *b = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ return 0;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCutNotIPv4(a, &b) == 0);
+
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ result = (a->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ result &= (a->ip2.addr_data32[0] = in.s_addr);
+
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4CutNot07(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *b = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ return 0;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCutNotIPv4(a, &b) == 0);
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ result = (a->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ result &= (a->ip2.addr_data32[0] = in.s_addr);
+
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4CutNot08(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *b = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ return 0;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCutNotIPv4(a, &b) == 0);
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ result &= (a->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ result &= (a->ip2.addr_data32[0] = in.s_addr);
+
+ if (b == NULL) {
+ result = 0;
+ goto error;
+ } else {
+ result &= 1;
+ }
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ result &= (b->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ result &= (b->ip2.addr_data32[0] = in.s_addr);
+
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4CutNot09(void)
+{
+ DetectAddress *a = NULL;
+ DetectAddress *b = NULL;
+ struct in_addr in;
+ int result = 1;
+
+ if ( (a = DetectAddressInit()) == NULL)
+ return 0;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ a->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ a->ip2.addr_data32[0] = in.s_addr;
+ result &= (DetectAddressCutNotIPv4(a, &b) == 0);
+
+ if (inet_pton(AF_INET, "0.0.0.0", &in) < 0)
+ goto error;
+ result &= (a->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "1.2.3.3", &in) < 0)
+ goto error;
+ result &= (a->ip2.addr_data32[0] = in.s_addr);
+
+ if (b == NULL) {
+ result = 0;
+ goto error;
+ } else {
+ result &= 1;
+ }
+ if (inet_pton(AF_INET, "192.168.1.3", &in) < 0)
+ goto error;
+ result &= (b->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "255.255.255.255", &in) < 0)
+ goto error;
+ result &= (b->ip2.addr_data32[0] = in.s_addr);
+
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return result;
+
+ error:
+ DetectAddressFree(a);
+ if (b != NULL)
+ DetectAddressFree(b);
+ return 0;
+}
+
+static int DetectAddressIPv4Join10(void)
+{
+ struct in_addr in;
+ int result = 1;
+
+ DetectAddress *source = DetectAddressInit();
+ if (source == NULL)
+ return 0;
+
+ DetectAddress *target = DetectAddressInit();
+ if (target == NULL) {
+ DetectAddressFree(source);
+ return 0;
+ }
+
+ if (inet_pton(AF_INET, "128.51.61.124", &in) < 0)
+ goto error;
+ target->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ target->ip2.addr_data32[0] = in.s_addr;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ source->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ source->ip2.addr_data32[0] = in.s_addr;
+
+ result &= (DetectAddressJoinIPv4(NULL, target, source) == 0);
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ result &= (target->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ result &= (target->ip2.addr_data32[0] == in.s_addr);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ target->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ target->ip2.addr_data32[0] = in.s_addr;
+
+ if (inet_pton(AF_INET, "1.2.3.5", &in) < 0)
+ goto error;
+ source->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.1", &in) < 0)
+ goto error;
+ source->ip2.addr_data32[0] = in.s_addr;
+
+ result &= (DetectAddressJoinIPv4(NULL, target, source) == 0);
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ result &= (target->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ result &= (target->ip2.addr_data32[0] == in.s_addr);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ target->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ target->ip2.addr_data32[0] = in.s_addr;
+
+ if (inet_pton(AF_INET, "128.1.5.15", &in) < 0)
+ goto error;
+ source->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "200.202.200.200", &in) < 0)
+ goto error;
+ source->ip2.addr_data32[0] = in.s_addr;
+
+ result &= (DetectAddressJoinIPv4(NULL, target, source) == 0);
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ result &= (target->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "200.202.200.200", &in) < 0)
+ goto error;
+ result &= (target->ip2.addr_data32[0] == in.s_addr);
+
+ if (inet_pton(AF_INET, "128.51.61.124", &in) < 0)
+ goto error;
+ target->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ target->ip2.addr_data32[0] = in.s_addr;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ source->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ source->ip2.addr_data32[0] = in.s_addr;
+
+ result &= (DetectAddressJoinIPv4(NULL, target, source) == 0);
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ result &= (target->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ result &= (target->ip2.addr_data32[0] == in.s_addr);
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ target->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ target->ip2.addr_data32[0] = in.s_addr;
+
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ source->ip.addr_data32[0] = in.s_addr;
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ source->ip2.addr_data32[0] = in.s_addr;
+
+ result &= (DetectAddressJoinIPv4(NULL, target, source) == 0);
+ if (inet_pton(AF_INET, "1.2.3.4", &in) < 0)
+ goto error;
+ result &= (target->ip.addr_data32[0] == in.s_addr);
+ if (inet_pton(AF_INET, "192.168.1.2", &in) < 0)
+ goto error;
+ result &= (target->ip2.addr_data32[0] == in.s_addr);
+
+ DetectAddressFree(source);
+ DetectAddressFree(target);
+ return result;
+
+ error:
+ DetectAddressFree(source);
+ DetectAddressFree(target);
+ return 0;
+}
+
+#endif
+
+void DetectAddressIPv4Tests(void)
+{
+#ifdef UNITTESTS
+ UtRegisterTest("DetectAddressIPv4TestAddressCmp01",
+ DetectAddressIPv4TestAddressCmp01, 1);
+ UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace02",
+ DetectAddressIPv4IsCompleteIPSpace02, 1);
+ UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace03",
+ DetectAddressIPv4IsCompleteIPSpace03, 1);
+ UtRegisterTest("DetectAddressIPv4IsCompleteIPSpace04",
+ DetectAddressIPv4IsCompleteIPSpace04, 1);
+ UtRegisterTest("DetectAddressIPv4CutNot05", DetectAddressIPv4CutNot05, 1);
+ UtRegisterTest("DetectAddressIPv4CutNot06", DetectAddressIPv4CutNot06, 1);
+ UtRegisterTest("DetectAddressIPv4CutNot07", DetectAddressIPv4CutNot07, 1);
+ UtRegisterTest("DetectAddressIPv4CutNot08", DetectAddressIPv4CutNot08, 1);
+ UtRegisterTest("DetectAddressIPv4CutNot09", DetectAddressIPv4CutNot09, 1);
+ UtRegisterTest("DetectAddressIPv4Join10", DetectAddressIPv4Join10, 1);
+#endif
+}