diff options
Diffstat (limited to 'framework/src/suricata/src/detect-engine-address.c')
| -rw-r--r-- | framework/src/suricata/src/detect-engine-address.c | 5419 |
1 files changed, 0 insertions, 5419 deletions
diff --git a/framework/src/suricata/src/detect-engine-address.c b/framework/src/suricata/src/detect-engine-address.c deleted file mode 100644 index 31e6a7ab..00000000 --- a/framework/src/suricata/src/detect-engine-address.c +++ /dev/null @@ -1,5419 +0,0 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien <victor@inliniac.net> - * - * Address part of the detection engine. - * - * \todo Move this out of the detection plugin structure - * rename to detect-engine-address.c - */ - -#include "suricata-common.h" -#include "decode.h" -#include "detect.h" -#include "flow-var.h" - -#include "util-cidr.h" -#include "util-unittest.h" -#include "util-rule-vars.h" -#include "conf.h" -#include "conf-yaml-loader.h" - -#include "detect-engine-siggroup.h" -#include "detect-engine-address.h" -#include "detect-engine-address-ipv4.h" -#include "detect-engine-address-ipv6.h" -#include "detect-engine-port.h" - -#include "util-debug.h" -#include "util-print.h" - -/* prototypes */ -void DetectAddressPrint(DetectAddress *); -static int DetectAddressCutNot(DetectAddress *, DetectAddress **); -static int DetectAddressCut(DetectEngineCtx *, DetectAddress *, DetectAddress *, - DetectAddress **); -int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn); - -/** memory usage counters - * \todo not MT safe */ -#ifdef DEBUG -static uint32_t detect_address_group_memory = 0; -static uint32_t detect_address_group_init_cnt = 0; -static uint32_t detect_address_group_free_cnt = 0; - -static uint32_t detect_address_group_head_memory = 0; -static uint32_t detect_address_group_head_init_cnt = 0; -static uint32_t detect_address_group_head_free_cnt = 0; -#endif - -/** - * \brief Creates and returns a new instance of a DetectAddress. - * - * \retval ag Pointer to the newly created DetectAddress on success; - * NULL on failure. - */ -DetectAddress *DetectAddressInit(void) -{ - DetectAddress *ag = SCMalloc(sizeof(DetectAddress)); - if (unlikely(ag == NULL)) - return NULL; - memset(ag, 0, sizeof(DetectAddress)); - -#ifdef DEBUG - detect_address_group_memory += sizeof(DetectAddress); - detect_address_group_init_cnt++; -#endif - - return ag; -} - -/** - * \brief Frees a DetectAddress instance. - * - * \param ag Pointer to the DetectAddress instance to be freed. - */ -void DetectAddressFree(DetectAddress *ag) -{ - if (ag == NULL) - return; - - SCLogDebug("ag %p, sh %p", ag, ag->sh); - - /* only free the head if we have the original */ - if (ag->sh != NULL && !(ag->flags & ADDRESS_SIGGROUPHEAD_COPY)) { - SCLogDebug("- ag %p, sh %p not a copy, so call SigGroupHeadFree", ag, - ag->sh); - SigGroupHeadFree(ag->sh); - } - ag->sh = NULL; - - if (!(ag->flags & ADDRESS_HAVEPORT)) { - SCLogDebug("- ag %p dst_gh %p", ag, ag->dst_gh); - - if (ag->dst_gh != NULL) - DetectAddressHeadFree(ag->dst_gh); - ag->dst_gh = NULL; - } else { - SCLogDebug("- ag %p port %p", ag, ag->port); - - if (ag->port != NULL && !(ag->flags & ADDRESS_PORTS_COPY)) { - SCLogDebug("- ag %p port %p, not a copy so call DetectPortCleanupList", - ag, ag->port); - DetectPortCleanupList(ag->port); - } - ag->port = NULL; - } -#ifdef DEBUG - detect_address_group_memory -= sizeof(DetectAddress); - detect_address_group_free_cnt++; -#endif - SCFree(ag); - - return; -} - -/** - * \brief Copies the contents of one Address group in DetectAddress and returns - * a new instance of the DetectAddress that contains the copied address. - * - * \param orig Pointer to the instance of DetectAddress that contains the - * address data to be copied to the new instance. - * - * \retval ag Pointer to the new instance of DetectAddress that contains the - * copied address. - */ -DetectAddress *DetectAddressCopy(DetectAddress *orig) -{ - DetectAddress *ag = DetectAddressInit(); - if (ag == NULL) - return NULL; - - ag->flags = orig->flags; - - COPY_ADDRESS(&orig->ip, &ag->ip); - COPY_ADDRESS(&orig->ip2, &ag->ip2); - - ag->cnt = 1; - - return ag; -} - -/** - * \brief Prints the memory statistics for the detection-engine-address section. - */ -void DetectAddressPrintMemory(void) -{ -#ifdef DEBUG - SCLogDebug(" * Address group memory stats (DetectAddress %" PRIuMAX "):", - (uintmax_t)sizeof(DetectAddress)); - SCLogDebug(" - detect_address_group_memory %" PRIu32, - detect_address_group_memory); - SCLogDebug(" - detect_address_group_init_cnt %" PRIu32, - detect_address_group_init_cnt); - SCLogDebug(" - detect_address_group_free_cnt %" PRIu32, - detect_address_group_free_cnt); - SCLogDebug(" - outstanding groups %" PRIu32, - detect_address_group_init_cnt - detect_address_group_free_cnt); - SCLogDebug(" * Address group memory stats done"); - SCLogDebug(" * Address group head memory stats (DetectAddressHead %" PRIuMAX "):", - (uintmax_t)sizeof(DetectAddressHead)); - SCLogDebug(" - detect_address_group_head_memory %" PRIu32, - detect_address_group_head_memory); - SCLogDebug(" - detect_address_group_head_init_cnt %" PRIu32, - detect_address_group_head_init_cnt); - SCLogDebug(" - detect_address_group_head_free_cnt %" PRIu32, - detect_address_group_head_free_cnt); - SCLogDebug(" - outstanding groups %" PRIu32, - (detect_address_group_head_init_cnt - - detect_address_group_head_free_cnt)); - SCLogDebug(" * Address group head memory stats done"); - SCLogDebug(" X Total %" PRIu32 "\n", (detect_address_group_memory + - detect_address_group_head_memory)); -#endif - - return; -} - -/** - * \brief Used to check if a DetectAddress list contains an instance with - * a similar DetectAddress. The comparison done is not the one that - * checks the memory for the same instance, but one that checks that the - * two instances hold the same content. - * - * \param head Pointer to the DetectAddress list. - * \param ad Pointer to the DetectAddress that has to be checked for in - * the DetectAddress list. - * - * \retval cur Returns a pointer to the DetectAddress on a match; NULL if - * no match. - */ -DetectAddress *DetectAddressLookupInList(DetectAddress *head, DetectAddress *gr) -{ - DetectAddress *cur; - - if (head != NULL) { - for (cur = head; cur != NULL; cur = cur->next) { - if (DetectAddressCmp(cur, gr) == ADDRESS_EQ) - return cur; - } - } - - return NULL; -} - -/** - * \brief Prints the address data information for all the DetectAddress - * instances in the DetectAddress list sent as the argument. - * - * \param head Pointer to a list of DetectAddress instances. - */ -void DetectAddressPrintList(DetectAddress *head) -{ - DetectAddress *cur; - - SCLogInfo("list:"); - if (head != NULL) { - for (cur = head; cur != NULL; cur = cur->next) { - SCLogInfo("SIGS %6u ", cur->sh ? cur->sh->sig_cnt : 0); - DetectAddressPrint(cur); - } - } - SCLogInfo("endlist"); - - return; -} - -/** - * \brief Frees a list of DetectAddress instances. - * - * \param head Pointer to a list of DetectAddress instances to be freed. - */ -void DetectAddressCleanupList(DetectAddress *head) -{ - DetectAddress *cur, *next; - - if (head == NULL) - return; - - for (cur = head; cur != NULL; ) { - next = cur->next; - cur->next = NULL; - DetectAddressFree(cur); - cur = next; - } - - return; -} - -/** - * \brief Do a sorted insert, where the top of the list should be the biggest - * network/range. - * - * XXX current sorting only works for overlapping nets - * - * \param head Pointer to the list of DetectAddress. - * \param ag Pointer to the DetectAddress that has to be added to the - * above list. - * - * \retval 0 On successfully inserting the DetectAddress. - * \retval -1 On failure. - */ - -int DetectAddressAdd(DetectAddress **head, DetectAddress *ag) -{ - DetectAddress *cur, *prev_cur = NULL; - int r = 0; - - if (*head != NULL) { - for (cur = *head; cur != NULL; cur = cur->next) { - prev_cur = cur; - r = DetectAddressCmp(ag, cur); - if (r == ADDRESS_EB) { - /* insert here */ - ag->prev = cur->prev; - ag->next = cur; - - cur->prev = ag; - if (*head == cur) - *head = ag; - else - ag->prev->next = ag; - - return 0; - } - } - ag->prev = prev_cur; - if (prev_cur != NULL) - prev_cur->next = ag; - } else { - *head = ag; - } - - return 0; -} - -/** - * \internal - * \brief Helper function for DetectAddressInsert. Sets one of the - * DetectAddressHead head pointers, to the DetectAddress argument - * based on its address family. - * - * \param gh Pointer to the DetectAddressHead. - * \param newhead Pointer to the DetectAddress. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -static int SetHeadPtr(DetectAddressHead *gh, DetectAddress *newhead) -{ - if (newhead->flags & ADDRESS_FLAG_ANY) { - gh->any_head = newhead; - } else if (newhead->ip.family == AF_INET) { - gh->ipv4_head = newhead; - } else if (newhead->ip.family == AF_INET6) { - gh->ipv6_head = newhead; - } else { - SCLogDebug("newhead->family %u not supported", newhead->ip.family); - return -1; - } - - return 0; -} - -/** - * \internal - * \brief Returns the DetectAddress head from the DetectAddressHeads, - * based on the address family of the incoming DetectAddress arg. - * - * \param gh Pointer to the DetectAddressHead. - * \param new Pointer to the DetectAddress. - * - * \retval head Pointer to the DetectAddress(the head from - * DetectAddressHead). - */ -static DetectAddress *GetHeadPtr(DetectAddressHead *gh, DetectAddress *new) -{ - DetectAddress *head = NULL; - - if (new->flags & ADDRESS_FLAG_ANY) - head = gh->any_head; - else if (new->ip.family == AF_INET) - head = gh->ipv4_head; - else if (new->ip.family == AF_INET6) - head = gh->ipv6_head; - - return head; -} - -/** - * \brief Same as DetectAddressInsert, but then for inserting a address group - * object. This also makes sure SigGroupContainer lists are handled - * correctly. - * - * \param de_ctx Pointer to the detection engine context. - * \param gh Pointer to the DetectAddressHead list to which it has to - * be inserted. - * \param new Pointer to the DetectAddress, that has to be inserted. - * - * \retval 1 On successfully inserting it. - * \retval -1 On error. - * \retval 0 Not inserted, memory of new is freed. - */ -int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, - DetectAddress *new) -{ - DetectAddress *head = NULL; - DetectAddress *cur = NULL; - DetectAddress *c = NULL; - int r = 0; - - if (new == NULL) - return 0; - - BUG_ON(new->ip.family == 0 && !(new->flags & ADDRESS_FLAG_ANY)); - - /* get our head ptr based on the address we want to insert */ - head = GetHeadPtr(gh, new); - - /* see if it already exists or overlaps with existing ag's */ - if (head != NULL) { - cur = NULL; - - for (cur = head; cur != NULL; cur = cur->next) { - r = DetectAddressCmp(new, cur); - BUG_ON(r == ADDRESS_ER); - - /* if so, handle that */ - if (r == ADDRESS_EQ) { - /* exact overlap/match */ - if (cur != new) { - DetectPort *port = new->port; - for ( ; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &cur->port, port); - SigGroupHeadCopySigs(de_ctx, new->sh, &cur->sh); - cur->cnt += new->cnt; - DetectAddressFree(new); - - return 0; - } - - return 1; - } else if (r == ADDRESS_GT) { - /* only add it now if we are bigger than the last group. - * Otherwise we'll handle it later. */ - if (cur->next == NULL) { - /* put in the list */ - new->prev = cur; - cur->next = new; - - return 1; - } - } else if (r == ADDRESS_LT) { - /* see if we need to insert the ag anywhere put in the list */ - if (cur->prev != NULL) - cur->prev->next = new; - new->prev = cur->prev; - new->next = cur; - cur->prev = new; - - /* update head if required */ - if (head == cur) { - head = new; - - if (SetHeadPtr(gh, head) < 0) - goto error; - } - - return 1; - /* alright, those were the simple cases, lets handle the more - * complex ones now */ - } else if (r == ADDRESS_ES) { - c = NULL; - r = DetectAddressCut(de_ctx, cur, new, &c); - if (r == -1) - goto error; - - DetectAddressInsert(de_ctx, gh, new); - if (c != NULL) - DetectAddressInsert(de_ctx, gh, c); - - return 1; - } else if (r == ADDRESS_EB) { - c = NULL; - r = DetectAddressCut(de_ctx, cur, new, &c); - if (r == -1) - goto error; - - DetectAddressInsert(de_ctx, gh, new); - if (c != NULL) - DetectAddressInsert(de_ctx, gh, c); - - return 1; - } else if (r == ADDRESS_LE) { - c = NULL; - r = DetectAddressCut(de_ctx, cur, new, &c); - if (r == -1) - goto error; - - DetectAddressInsert(de_ctx, gh, new); - if (c != NULL) - DetectAddressInsert(de_ctx, gh, c); - - return 1; - } else if (r == ADDRESS_GE) { - c = NULL; - r = DetectAddressCut(de_ctx, cur,new,&c); - if (r == -1) - goto error; - - DetectAddressInsert(de_ctx, gh, new); - if (c != NULL) - DetectAddressInsert(de_ctx, gh, c); - - return 1; - } - } - - /* head is NULL, so get a group and set head to it */ - } else { - head = new; - if (SetHeadPtr(gh, head) < 0) { - SCLogDebug("SetHeadPtr failed"); - goto error; - } - } - - return 1; - -error: - /* XXX */ - return -1; -} - -/** - * \brief Join two addresses groups together. - * - * \param de_ctx Pointer to the detection engine context. - * \param target Pointer to the target address group. - * \param source Pointer to the source address group. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, - DetectAddress *source) -{ - DetectPort *port = NULL; - - if (target == NULL || source == NULL) - return -1; - - if (target->ip.family != source->ip.family) - return -1; - - target->cnt += source->cnt; - SigGroupHeadCopySigs(de_ctx, source->sh, &target->sh); - - port = source->port; - for ( ; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &target->port, port); - - if (target->ip.family == AF_INET) - return DetectAddressJoinIPv4(de_ctx, target, source); - else if (target->ip.family == AF_INET6) - return DetectAddressJoinIPv6(de_ctx, target, source); - - return -1; -} - -/** - * \internal - * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value. - * - * For example if we send a cidr of 7 as argument, an ipv6 address - * mask of the value FE:00:00:00:00:00:00:00 is created and updated - * in the argument struct in6_addr *in6. - * - * \todo I think for the final section: while (cidr > 0), we can simply - * replace it with a - * if (cidr > 0) { - * in6->s6_addr[i] = -1 << (8 - cidr); - * - * \param cidr The value of the cidr. - * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will - * hold the cidr netblock result. - */ -static void DetectAddressParseIPv6CIDR(int cidr, struct in6_addr *in6) -{ - int i = 0; - - memset(in6, 0, sizeof(struct in6_addr)); - - while (cidr > 8) { - in6->s6_addr[i] = 0xff; - cidr -= 8; - i++; - } - - while (cidr > 0) { - in6->s6_addr[i] |= 0x80; - if (--cidr > 0) - in6->s6_addr[i] = in6->s6_addr[i] >> 1; - } - - return; -} - -/** - * \internal - * \brief Parses an ipv4/ipv6 address string and updates the result into the - * DetectAddress instance sent as the argument. - * - * \param dd Pointer to the DetectAddress instance which should be updated with - * the address range details from the parsed ip string. - * \param str Pointer to address string that has to be parsed. - * - * \retval 0 On successfully parsing the address string. - * \retval -1 On failure. - */ -int DetectAddressParseString(DetectAddress *dd, char *str) -{ - char *ip = NULL; - char *ip2 = NULL; - char *mask = NULL; - int r = 0; - char ipstr[256]; - - while (*str != '\0' && *str == ' ') - str++; - - /* first handle 'any' */ - if (strcasecmp(str, "any") == 0) { - dd->flags |= ADDRESS_FLAG_ANY; - SCLogDebug("address is \'any\'"); - return 0; - } - - strlcpy(ipstr, str, sizeof(ipstr)); - SCLogDebug("str %s", str); - - /* we work with a copy so that we can put a - * nul-termination in it later */ - ip = ipstr; - - /* handle the negation case */ - if (ip[0] == '!') { - dd->flags |= ADDRESS_FLAG_NOT; - ip++; - } - - /* see if the address is an ipv4 or ipv6 address */ - if ((strchr(str, ':')) == NULL) { - /* IPv4 Address */ - struct in_addr in; - - dd->ip.family = AF_INET; - - if ((mask = strchr(ip, '/')) != NULL) { - /* 1.2.3.4/xxx format (either dotted or cidr notation */ - ip[mask - ip] = '\0'; - mask++; - uint32_t ip4addr = 0; - uint32_t netmask = 0; - size_t u = 0; - - if ((strchr (mask, '.')) == NULL) { - /* 1.2.3.4/24 format */ - - for (u = 0; u < strlen(mask); u++) { - if(!isdigit((unsigned char)mask[u])) - goto error; - } - - int cidr = atoi(mask); - if (cidr < 0 || cidr > 32) - goto error; - - netmask = CIDRGet(cidr); - } else { - /* 1.2.3.4/255.255.255.0 format */ - r = inet_pton(AF_INET, mask, &in); - if (r <= 0) - goto error; - - netmask = in.s_addr; - } - - r = inet_pton(AF_INET, ip, &in); - if (r <= 0) - goto error; - - ip4addr = in.s_addr; - - dd->ip.addr_data32[0] = dd->ip2.addr_data32[0] = ip4addr & netmask; - dd->ip2.addr_data32[0] |=~ netmask; - } else if ((ip2 = strchr(ip, '-')) != NULL) { - /* 1.2.3.4-1.2.3.6 range format */ - ip[ip2 - ip] = '\0'; - ip2++; - - r = inet_pton(AF_INET, ip, &in); - if (r <= 0) - goto error; - dd->ip.addr_data32[0] = in.s_addr; - - r = inet_pton(AF_INET, ip2, &in); - if (r <= 0) - goto error; - dd->ip2.addr_data32[0] = in.s_addr; - - /* a > b is illegal, a = b is ok */ - if (ntohl(dd->ip.addr_data32[0]) > ntohl(dd->ip2.addr_data32[0])) - goto error; - } else { - /* 1.2.3.4 format */ - r = inet_pton(AF_INET, ip, &in); - if (r <= 0) - goto error; - /* single host */ - dd->ip.addr_data32[0] = in.s_addr; - dd->ip2.addr_data32[0] = in.s_addr; - } - } else { - /* IPv6 Address */ - struct in6_addr in6, mask6; - uint32_t ip6addr[4], netmask[4]; - - dd->ip.family = AF_INET6; - - if ((mask = strchr(ip, '/')) != NULL) { - ip[mask - ip] = '\0'; - mask++; - - int cidr = atoi(mask); - if (cidr < 0 || cidr > 128) - goto error; - - r = inet_pton(AF_INET6, ip, &in6); - if (r <= 0) - goto error; - memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr)); - - DetectAddressParseIPv6CIDR(cidr, &mask6); - memcpy(&netmask, &mask6.s6_addr, sizeof(netmask)); - - dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0]; - dd->ip2.addr_data32[1] = dd->ip.addr_data32[1] = ip6addr[1] & netmask[1]; - dd->ip2.addr_data32[2] = dd->ip.addr_data32[2] = ip6addr[2] & netmask[2]; - dd->ip2.addr_data32[3] = dd->ip.addr_data32[3] = ip6addr[3] & netmask[3]; - - dd->ip2.addr_data32[0] |=~ netmask[0]; - dd->ip2.addr_data32[1] |=~ netmask[1]; - dd->ip2.addr_data32[2] |=~ netmask[2]; - dd->ip2.addr_data32[3] |=~ netmask[3]; - } else if ((ip2 = strchr(ip, '-')) != NULL) { - /* 2001::1-2001::4 range format */ - ip[ip2 - ip] = '\0'; - ip2++; - - r = inet_pton(AF_INET6, ip, &in6); - if (r <= 0) - goto error; - memcpy(&dd->ip.address, &in6.s6_addr, sizeof(ip6addr)); - - r = inet_pton(AF_INET6, ip2, &in6); - if (r <= 0) - goto error; - memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(ip6addr)); - - /* a > b is illegal, a=b is ok */ - if (AddressIPv6Gt(&dd->ip, &dd->ip2)) - goto error; - } else { - r = inet_pton(AF_INET6, ip, &in6); - if (r <= 0) - goto error; - - memcpy(&dd->ip.address, &in6.s6_addr, sizeof(dd->ip.address)); - memcpy(&dd->ip2.address, &in6.s6_addr, sizeof(dd->ip2.address)); - } - - } - - BUG_ON(dd->ip.family == 0); - - return 0; - -error: - return -1; -} - -/** - * \internal - * \brief Simply parse an address and return a DetectAddress instance containing - * the address ranges of the parsed ip addressstring - * - * \param str Pointer to a character string containing the ip address - * - * \retval dd Pointer to the DetectAddress instance containing the address - * range details from the parsed ip string - */ -static DetectAddress *DetectAddressParseSingle(char *str) -{ - DetectAddress *dd; - - SCLogDebug("str %s", str); - - dd = DetectAddressInit(); - if (dd == NULL) - goto error; - - if (DetectAddressParseString(dd, str) < 0) { - SCLogDebug("AddressParse failed"); - goto error; - } - - return dd; - -error: - if (dd != NULL) - DetectAddressFree(dd); - return NULL; -} - -/** - * \brief Setup a single address string, parse it and add the resulting - * Address-Range(s) to the AddessHead(DetectAddressHead instance). - * - * \param gh Pointer to the Address-Head(DetectAddressHead) to which the - * resulting Address-Range(s) from the parsed ip string has to - * be added. - * \param s Pointer to the ip address string to be parsed. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressSetup(DetectAddressHead *gh, char *s) -{ - DetectAddress *ad = NULL; - DetectAddress *ad2 = NULL; - int r = 0; - char any = FALSE; - - SCLogDebug("gh %p, s %s", gh, s); - - /* parse the address */ - ad = DetectAddressParseSingle(s); - if (ad == NULL) { - SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, - "failed to parse address \"%s\"", s); - return -1; - } - - if (ad->flags & ADDRESS_FLAG_ANY) - any = TRUE; - - /* handle the not case, we apply the negation then insert the part(s) */ - if (ad->flags & ADDRESS_FLAG_NOT) { - ad2 = NULL; - - if (DetectAddressCutNot(ad, &ad2) < 0) { - SCLogDebug("DetectAddressCutNot failed"); - goto error; - } - - /* normally a 'not' will result in two ad's unless the 'not' is on the start or end - * of the address space (e.g. 0.0.0.0 or 255.255.255.255). */ - if (ad2 != NULL) { - if (DetectAddressInsert(NULL, gh, ad2) < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - } - } - - r = DetectAddressInsert(NULL, gh, ad); - if (r < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - SCLogDebug("r %d",r); - - /* if any, insert 0.0.0.0/0 and ::/0 as well */ - if (r == 1 && any == TRUE) { - SCLogDebug("adding 0.0.0.0/0 and ::/0 as we\'re handling \'any\'"); - - ad = DetectAddressParseSingle("0.0.0.0/0"); - if (ad == NULL) - goto error; - - BUG_ON(ad->ip.family == 0); - - if (DetectAddressInsert(NULL, gh, ad) < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - ad = DetectAddressParseSingle("::/0"); - if (ad == NULL) - goto error; - - BUG_ON(ad->ip.family == 0); - - if (DetectAddressInsert(NULL, gh, ad) < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - } - return 0; - -error: - SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "DetectAddressSetup error"); - /* XXX cleanup */ - return -1; -} - -/** - * \brief Parses an address string and updates the 2 address heads with the - * address data. - * - * \todo We don't seem to be handling negated cases, like [addr,![!addr,addr]], - * since we pass around negate without keeping a count of ! with depth. - * Can solve this by keeping a count of the negations with depth, so that - * an even no of negations would count as no negation and an odd no of - * negations would count as a negation. - * - * \param gh Pointer to the address head that should hold address ranges - * that are not negated. - * \param ghn Pointer to the address head that should hold address ranges - * that are negated. - * \param s Pointer to the character string holding the address to be - * parsed. - * \param negate Flag that indicates if the receieved address string is negated - * or not. 0 if it is not, 1 it it is. - * - * \retval 0 On successfully parsing. - * \retval -1 On failure. - */ -static int DetectAddressParse2(const DetectEngineCtx *de_ctx, - DetectAddressHead *gh, DetectAddressHead *ghn, - char *s, int negate) -{ - size_t x = 0; - size_t u = 0; - int o_set = 0, n_set = 0, d_set = 0; - int depth = 0; - size_t size = strlen(s); - char address[8196] = ""; - char *rule_var_address = NULL; - char *temp_rule_var_address = NULL; - - SCLogDebug("s %s negate %s", s, negate ? "true" : "false"); - - for (u = 0, x = 0; u < size && x < sizeof(address); u++) { - if (x == (sizeof(address) - 1)) { - SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Hit the address buffer" - " limit for the supplied address. Invalidating sig. " - "Please file a bug report on this."); - goto error; - } - address[x] = s[u]; - x++; - - if (!o_set && s[u] == '!') { - n_set = 1; - x--; - } else if (s[u] == '[') { - if (!o_set) { - o_set = 1; - x = 0; - } - depth++; - } else if (s[u] == ']') { - if (depth == 1) { - address[x - 1] = '\0'; - x = 0; - SCLogDebug("address %s negate %d, n_set %d", address, negate, n_set); - if (((negate + n_set) % 2) == 0) { - /* normal block */ - SCLogDebug("normal block"); - - if (DetectAddressParse2(de_ctx, gh, ghn, address, (negate + n_set) % 2) < 0) - goto error; - } else { - /* negated block - * - * Extra steps are necessary. First consider it as a normal - * (non-negated) range. Merge the + and - ranges if - * applicable. Then insert the result into the ghn list. */ - SCLogDebug("negated block"); - - DetectAddressHead tmp_gh = { NULL, NULL, NULL }; - DetectAddressHead tmp_ghn = { NULL, NULL, NULL }; - - if (DetectAddressParse2(de_ctx, &tmp_gh, &tmp_ghn, address, 0) < 0) - goto error; - - DetectAddress *tmp_ad; - DetectAddress *tmp_ad2; -#ifdef DEBUG - SCLogDebug("tmp_gh: IPv4"); - for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } - SCLogDebug("tmp_ghn: IPv4"); - for (tmp_ad = tmp_ghn.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } - SCLogDebug("tmp_gh: IPv6"); - for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } - SCLogDebug("tmp_ghn: IPv6"); - for (tmp_ad = tmp_ghn.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } -#endif - if (DetectAddressMergeNot(&tmp_gh, &tmp_ghn) < 0) - goto error; - - SCLogDebug("merged succesfully"); - - /* insert the IPv4 addresses into the negated list */ - for (tmp_ad = tmp_gh.ipv4_head; tmp_ad; tmp_ad = tmp_ad->next) { - /* work with a copy of the address group */ - tmp_ad2 = DetectAddressCopy(tmp_ad); - if (tmp_ad2 == NULL) { - SCLogDebug("DetectAddressCopy failed"); - goto error; - } - DetectAddressPrint(tmp_ad2); - DetectAddressInsert(NULL, ghn, tmp_ad2); - } - - /* insert the IPv6 addresses into the negated list */ - for (tmp_ad = tmp_gh.ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - /* work with a copy of the address group */ - tmp_ad2 = DetectAddressCopy(tmp_ad); - if (tmp_ad2 == NULL) { - SCLogDebug("DetectAddressCopy failed"); - goto error; - } - DetectAddressPrint(tmp_ad2); - DetectAddressInsert(NULL, ghn, tmp_ad2); - } - - DetectAddressHeadCleanup(&tmp_gh); - DetectAddressHeadCleanup(&tmp_ghn); - } - n_set = 0; - } - depth--; - } else if (depth == 0 && s[u] == ',') { - if (o_set == 1) { - o_set = 0; - } else if (d_set == 1) { - address[x - 1] = '\0'; - - rule_var_address = SCRuleVarsGetConfVar(de_ctx, address, - SC_RULE_VARS_ADDRESS_GROUPS); - if (rule_var_address == NULL) - goto error; - if (strlen(rule_var_address) == 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " - "to nothing. This is likely a misconfiguration. " - "Note that a negated address needs to be quoted, " - "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s); - goto error; - } - SCLogDebug("rule_var_address %s", rule_var_address); - temp_rule_var_address = rule_var_address; - if ((negate + n_set) % 2) { - temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3); - if (unlikely(temp_rule_var_address == NULL)) - goto error; - snprintf(temp_rule_var_address, strlen(rule_var_address) + 3, - "[%s]", rule_var_address); - } - DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address, - (negate + n_set) % 2); - d_set = 0; - n_set = 0; - if (temp_rule_var_address != rule_var_address) - SCFree(temp_rule_var_address); - } else { - address[x - 1] = '\0'; - - if (!((negate + n_set) % 2)) { - SCLogDebug("DetectAddressSetup into gh, %s", address); - if (DetectAddressSetup(gh, address) < 0) - goto error; - } else { - SCLogDebug("DetectAddressSetup into ghn, %s", address); - if (DetectAddressSetup(ghn, address) < 0) - goto error; - } - n_set = 0; - } - x = 0; - } else if (depth == 0 && s[u] == '$') { - d_set = 1; - } else if (depth == 0 && u == size - 1) { - if (x == sizeof(address)) { - address[x - 1] = '\0'; - } else { - address[x] = '\0'; - } - x = 0; - - if (d_set == 1) { - rule_var_address = SCRuleVarsGetConfVar(de_ctx, address, - SC_RULE_VARS_ADDRESS_GROUPS); - if (rule_var_address == NULL) - goto error; - if (strlen(rule_var_address) == 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved " - "to nothing. This is likely a misconfiguration. " - "Note that a negated address needs to be quoted, " - "\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s); - goto error; - } - SCLogDebug("rule_var_address %s", rule_var_address); - temp_rule_var_address = rule_var_address; - if ((negate + n_set) % 2) { - temp_rule_var_address = SCMalloc(strlen(rule_var_address) + 3); - if (unlikely(temp_rule_var_address == NULL)) - goto error; - snprintf(temp_rule_var_address, strlen(rule_var_address) + 3, - "[%s]", rule_var_address); - } - if (DetectAddressParse2(de_ctx, gh, ghn, temp_rule_var_address, - (negate + n_set) % 2) < 0) { - SCLogDebug("DetectAddressParse2 hates us"); - goto error; - } - d_set = 0; - if (temp_rule_var_address != rule_var_address) - SCFree(temp_rule_var_address); - } else { - if (!((negate + n_set) % 2)) { - SCLogDebug("DetectAddressSetup into gh, %s", address); - if (DetectAddressSetup(gh, address) < 0) { - SCLogDebug("DetectAddressSetup gh fail"); - goto error; - } - } else { - SCLogDebug("DetectAddressSetup into ghn, %s", address); - if (DetectAddressSetup(ghn, address) < 0) { - SCLogDebug("DetectAddressSetup ghn fail"); - goto error; - } - } - } - n_set = 0; - } - } - if (depth > 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was " - "properly closed in \"%s\", %d missing closing brackets (]). " - "Note: problem might be in a variable.", s, depth); - goto error; - } else if (depth < 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was " - "properly opened in \"%s\", %d missing opening brackets ([). " - "Note: problem might be in a variable.", s, depth*-1); - goto error; - } - - return 0; - -error: - return -1; -} - -/** - * \internal - * \brief See if the addresses and ranges in an address head cover the - * entire ip space. - * - * \param gh Pointer to the DetectAddressHead to check. - * - * \retval 0 No. - * \retval 1 Yes. - * - * \todo do the same for IPv6 - */ -static int DetectAddressIsCompleteIPSpace(DetectAddressHead *gh) -{ - int r = DetectAddressIsCompleteIPSpaceIPv4(gh->ipv4_head); - if (r == 1) - return 1; - - return 0; -} - -/** - * \brief Merge the + and the - list (+ positive match, - 'not' match) - * - * \param gh Pointer to the address head containing the non-NOT groups. - * \param ghn Pointer to the address head containing the NOT groups. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn) -{ - DetectAddress *ad; - DetectAddress *ag, *ag2; - int r = 0; - - SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head, - ghn->ipv4_head); - - /* check if the negated list covers the entire ip space. If so - * the user screwed up the rules/vars. */ - if (DetectAddressIsCompleteIPSpace(ghn) == 1) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. " - "Rule address range is NIL. Probably have a !any or " - "an address range that supplies a NULL address range"); - goto error; - } - - /* step 0: if the gh list is empty, but the ghn list isn't we have a pure - * not thingy. In that case we add a 0.0.0.0/0 first. */ - if (gh->ipv4_head == NULL && ghn->ipv4_head != NULL) { - r = DetectAddressSetup(gh, "0.0.0.0/0"); - if (r < 0) { - SCLogDebug("DetectAddressSetup for 0.0.0.0/0 failed"); - goto error; - } - } - /* ... or ::/0 for ipv6 */ - if (gh->ipv6_head == NULL && ghn->ipv6_head != NULL) { - r = DetectAddressSetup(gh, "::/0"); - if (r < 0) { - SCLogDebug("DetectAddressSetup for ::/0 failed"); - goto error; - } - } - - /* step 1: insert our ghn members into the gh list */ - for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) { - /* work with a copy of the ad so we can easily clean up the ghn group - * later. */ - ad = DetectAddressCopy(ag); - if (ad == NULL) { - SCLogDebug("DetectAddressCopy failed"); - goto error; - } - - r = DetectAddressInsert(NULL, gh, ad); - if (r < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - } - /* ... and the same for ipv6 */ - for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) { - /* work with a copy of the ad so we can easily clean up the ghn group - * later. */ - ad = DetectAddressCopy(ag); - if (ad == NULL) { - SCLogDebug("DetectAddressCopy failed"); - goto error; - } - - r = DetectAddressInsert(NULL, gh, ad); - if (r < 0) { - SCLogDebug("DetectAddressInsert failed"); - goto error; - } - } -#ifdef DEBUG - DetectAddress *tmp_ad; - for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } -#endif - int ipv4_applied = 0; - int ipv6_applied = 0; - - /* step 2: pull the address blocks that match our 'not' blocks */ - for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) { - SCLogDebug("ag %p", ag); - DetectAddressPrint(ag); - - int applied = 0; - for (ag2 = gh->ipv4_head; ag2 != NULL; ) { - SCLogDebug("ag2 %p", ag2); - DetectAddressPrint(ag2); - - r = DetectAddressCmp(ag, ag2); - /* XXX more ??? */ - if (r == ADDRESS_EQ || r == ADDRESS_EB) { - if (ag2->prev == NULL) - gh->ipv4_head = ag2->next; - else - ag2->prev->next = ag2->next; - - if (ag2->next != NULL) - ag2->next->prev = ag2->prev; - - /* store the next ptr and remove the group */ - DetectAddress *next_ag2 = ag2->next; - DetectAddressFree(ag2); - ag2 = next_ag2; - applied = 1; - } else { - ag2 = ag2->next; - } - } - - if (applied) { - ipv4_applied++; - } - } - /* ... and the same for ipv6 */ - for (ag = ghn->ipv6_head; ag != NULL; ag = ag->next) { - int applied = 0; - for (ag2 = gh->ipv6_head; ag2 != NULL; ) { - r = DetectAddressCmp(ag, ag2); - if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */ - if (ag2->prev == NULL) - gh->ipv6_head = ag2->next; - else - ag2->prev->next = ag2->next; - - if (ag2->next != NULL) - ag2->next->prev = ag2->prev; - - /* store the next ptr and remove the group */ - DetectAddress *next_ag2 = ag2->next; - DetectAddressFree(ag2); - ag2 = next_ag2; - - SCLogDebug("applied"); - applied = 1; - } else { - ag2 = ag2->next; - } - } - if (applied) { - ipv6_applied++; - } - } -#ifdef DEBUG - for (tmp_ad = gh->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } - for (tmp_ad = ghn->ipv6_head; tmp_ad; tmp_ad = tmp_ad->next) { - DetectAddressPrint(tmp_ad); - } -#endif - if (ghn->ipv4_head != NULL || ghn->ipv6_head != NULL) { - int cnt = 0; - DetectAddress *ad; - for (ad = ghn->ipv4_head; ad; ad = ad->next) - cnt++; - - if (ipv4_applied != cnt) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations " - "could be applied: %d != %d", cnt, ipv4_applied); - goto error; - } - - cnt = 0; - for (ad = ghn->ipv6_head; ad; ad = ad->next) - cnt++; - - if (ipv6_applied != cnt) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations " - "could be applied: %d != %d", cnt, ipv6_applied); - goto error; - } - } - - /* if the result is that we have no addresses we return error */ - if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after " - "merging addresses and negated addresses"); - goto error; - } - - return 0; - -error: - return -1; -} - -int DetectAddressTestConfVars(void) -{ - SCLogDebug("Testing address conf vars for any misconfigured values"); - - ConfNode *address_vars_node = ConfGetNode("vars.address-groups"); - if (address_vars_node == NULL) { - return 0; - } - - ConfNode *seq_node; - TAILQ_FOREACH(seq_node, &address_vars_node->head, next) { - SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val); - - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh == NULL) { - goto error; - } - DetectAddressHead *ghn = DetectAddressHeadInit(); - if (ghn == NULL) { - goto error; - } - - if (seq_node->val == NULL) { - SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, - "Address var \"%s\" probably has a sequence(something " - "in brackets) value set without any quotes. Please " - "quote it using \"..\".", seq_node->name); - goto error; - } - - int r = DetectAddressParse2(NULL, gh, ghn, seq_node->val, /* start with negate no */0); - if (r < 0) { - SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, - "failed to parse address var \"%s\" with value \"%s\". " - "Please check it's syntax", seq_node->name, seq_node->val); - goto error; - } - - if (DetectAddressIsCompleteIPSpace(ghn)) { - SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, - "address var - \"%s\" has the complete IP space negated " - "with it's value \"%s\". Rule address range is NIL. " - "Probably have a !any or an address range that supplies " - "a NULL address range", seq_node->name, seq_node->val); - goto error; - } - - if (gh != NULL) - DetectAddressHeadFree(gh); - if (ghn != NULL) - DetectAddressHeadFree(ghn); - } - - return 0; - error: - return -1; -} - -/** - * \brief Parses an address group sent as a character string and updates the - * DetectAddressHead sent as the argument with the relevant address - * ranges from the parsed string. - * - * \param gh Pointer to the DetectAddressHead. - * \param str Pointer to the character string containing the address group - * that has to be parsed. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressParse(const DetectEngineCtx *de_ctx, - DetectAddressHead *gh, char *str) -{ - int r; - DetectAddressHead *ghn = NULL; - - SCLogDebug("gh %p, str %s", gh, str); - - if (str == NULL) { - SCLogDebug("DetectAddressParse can not be run with NULL address"); - goto error; - } - - ghn = DetectAddressHeadInit(); - if (ghn == NULL) { - SCLogDebug("DetectAddressHeadInit for ghn failed"); - goto error; - } - - r = DetectAddressParse2(de_ctx, gh, ghn, str, /* start with negate no */0); - if (r < 0) { - SCLogDebug("DetectAddressParse2 returned %d", r); - goto error; - } - - SCLogDebug("gh->ipv4_head %p, ghn->ipv4_head %p", gh->ipv4_head, - ghn->ipv4_head); - - /* merge the 'not' address groups */ - if (DetectAddressMergeNot(gh, ghn) < 0) { - SCLogDebug("DetectAddressMergeNot failed"); - goto error; - } - - /* free the temp negate head */ - DetectAddressHeadFree(ghn); - return 0; - -error: - if (ghn != NULL) - DetectAddressHeadFree(ghn); - return -1; -} - -/** - * \brief Returns a new instance of DetectAddressHead. - * - * \retval gh Pointer to the new instance of DetectAddressHead. - */ -DetectAddressHead *DetectAddressHeadInit(void) -{ - DetectAddressHead *gh = SCMalloc(sizeof(DetectAddressHead)); - if (unlikely(gh == NULL)) - return NULL; - memset(gh, 0, sizeof(DetectAddressHead)); - -#ifdef DEBUG - detect_address_group_head_init_cnt++; - detect_address_group_head_memory += sizeof(DetectAddressHead); -#endif - - return gh; -} - -/** - * \brief Cleans a DetectAddressHead. The functions frees the 3 address - * group heads(any, ipv4 and ipv6) inside the DetectAddressHead - * instance. - * - * \param gh Pointer to the DetectAddressHead instance that has to be - * cleaned. - */ -void DetectAddressHeadCleanup(DetectAddressHead *gh) -{ - if (gh != NULL) { - if (gh->any_head != NULL) { - DetectAddressCleanupList(gh->any_head); - gh->any_head = NULL; - } - if (gh->ipv4_head != NULL) { - DetectAddressCleanupList(gh->ipv4_head); - gh->ipv4_head = NULL; - } - if (gh->ipv6_head != NULL) { - DetectAddressCleanupList(gh->ipv6_head); - gh->ipv6_head = NULL; - } - } - - return; -} - -/** - * \brief Frees a DetectAddressHead instance. - * - * \param gh Pointer to the DetectAddressHead instance to be freed. - */ -void DetectAddressHeadFree(DetectAddressHead *gh) -{ - if (gh != NULL) { - DetectAddressHeadCleanup(gh); - SCFree(gh); -#ifdef DEBUG - detect_address_group_head_free_cnt++; - detect_address_group_head_memory -= sizeof(DetectAddressHead); -#endif - } - - return; -} - -/** - * \brief Dispatcher function that calls the ipv4 and ipv6 address cut functions. - * Have a look at DetectAddressCutIPv4() and DetectAddressCutIPv6() for - * explanations on what these functions do. - * - * \param de_ctx Pointer to the DetectEngineCtx. - * \param a Pointer the the first address to be cut. - * \param b Pointer to the second address to be cut. - * \param c Pointer to a pointer to a third DetectAddressData, in case the - * ranges from a and b, demand a third address range. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressCut(DetectEngineCtx *de_ctx, DetectAddress *a, - DetectAddress *b, DetectAddress **c) -{ - if (a->ip.family == AF_INET) - return DetectAddressCutIPv4(de_ctx, a, b, c); - else if (a->ip.family == AF_INET6) - return DetectAddressCutIPv6(de_ctx, a, b, c); - - return -1; -} - -/** - * \brief Cuts a negated address range with respect to the entire ip range, and - * supplies with the address range that doesn't belong to the negated - * address range. - * - * There are 2 cases here - - * - * The first case includes the address being located at the extreme ends - * of the ip space, in which we get a single range. - * For example: !0.0.0.0, in which case we get 0.0.0.1 to 255.255.255.255. - * - * The second case includes the address not present at either of the - * ip space extremes, in which case we get 2 ranges. The second range - * would be supplied back with the argument "b" supplied to this function. - * For example: !10.20.30.40, in which case we the 2 ranges, 0.0.0.0 - - * 10.20.30.39 and 10.20.30.41 - 255.255.255.255. - * - * The above negation cases can similarly be extended to ranges, i.e. - * ![0.0.0.0 - 10.20.30.40], ![255.255.240.240 - 255.255.255.255] and - * ![10.20.30.40 - 10.20.30.50]. - * - * - * \param a Pointer to the DetectAddressData instance, that contains the negated - * address range that has to be cut. - * \param b Pointer to a pointer to a DetectAddressData instance, that should be - * filled with the address range, if the argument "a", doesn't fall at - * the extreme ends of the ip address space. - * - * \retval 0 On success. - * \retval -1 On failure. - */ -int DetectAddressCutNot(DetectAddress *a, DetectAddress **b) -{ - if (a->ip.family == AF_INET) - return DetectAddressCutNotIPv4(a, b); - else if (a->ip.family == AF_INET6) - return DetectAddressCutNotIPv6(a, b); - - return -1; -} - -/** - * \brief Used to compare 2 address ranges. - * - * \param a Pointer to the first DetectAddressData to be compared. - * \param b Pointer to the second DetectAddressData to be compared. - */ -int DetectAddressCmp(DetectAddress *a, DetectAddress *b) -{ - if (a->ip.family != b->ip.family) - return ADDRESS_ER; - - /* check any */ - if ((a->flags & ADDRESS_FLAG_ANY) && (b->flags & ADDRESS_FLAG_ANY)) - return ADDRESS_EQ; - else if (a->ip.family == AF_INET) - return DetectAddressCmpIPv4(a, b); - else if (a->ip.family == AF_INET6) - return DetectAddressCmpIPv6(a, b); - - return ADDRESS_ER; -} - -/** - * \brief Match a packets address against a signatures addrs array - * - * \param addrs array of DetectMatchAddressIPv4's - * \param addrs_cnt array size in members - * \param a packets address - * - * \retval 0 no match - * \retval 1 match - * - * \note addresses in addrs are in host order - * - * \todo array should be ordered, so we can break out of the loop - */ -int DetectAddressMatchIPv4(DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, Address *a) -{ - SCEnter(); - - if (addrs == NULL || addrs_cnt == 0) { - SCReturnInt(0); - } - - uint16_t idx; - for (idx = 0; idx < addrs_cnt; idx++) { - if (ntohl(a->addr_data32[0]) >= addrs[idx].ip && - ntohl(a->addr_data32[0]) <= addrs[idx].ip2) - { - SCReturnInt(1); - } - } - - SCReturnInt(0); -} - -/** - * \brief Match a packets address against a signatures addrs array - * - * \param addrs array of DetectMatchAddressIPv6's - * \param addrs_cnt array size in members - * \param a packets address - * - * \retval 0 no match - * \retval 1 match - * - * \note addresses in addrs are in host order - * - * \todo array should be ordered, so we can break out of the loop - */ -int DetectAddressMatchIPv6(DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, Address *a) -{ - SCEnter(); - - if (addrs == NULL || addrs_cnt == 0) { - SCReturnInt(0); - } - - uint16_t idx; - int i = 0; - uint16_t result1, result2; - - /* See if the packet address is within the range of any entry in the - * signature's address match array. - */ - for (idx = 0; idx < addrs_cnt; idx++) { - result1 = result2 = 0; - - /* See if packet address equals either limit. Return 1 if true. */ - if (ntohl(a->addr_data32[0]) == addrs[idx].ip[0] && - ntohl(a->addr_data32[1]) == addrs[idx].ip[1] && - ntohl(a->addr_data32[2]) == addrs[idx].ip[2] && - ntohl(a->addr_data32[3]) == addrs[idx].ip[3]) - { - SCReturnInt(1); - } - if (ntohl(a->addr_data32[0]) == addrs[idx].ip2[0] && - ntohl(a->addr_data32[1]) == addrs[idx].ip2[1] && - ntohl(a->addr_data32[2]) == addrs[idx].ip2[2] && - ntohl(a->addr_data32[3]) == addrs[idx].ip2[3]) - { - SCReturnInt(1); - } - - /* See if packet address is greater than lower limit - * of the current signature address match pair. - */ - for (i = 0; i < 4; i++) { - if (ntohl(a->addr_data32[i]) > addrs[idx].ip[i]) { - result1 = 1; - break; - } - if (ntohl(a->addr_data32[i]) < addrs[idx].ip[i]) { - result1 = 0; - break; - } - } - - /* If not greater than lower limit, try next address match entry */ - if (result1 == 0) - continue; - - /* See if packet address is less than upper limit - * of the current signature address match pair. - */ - for (i = 0; i < 4; i++) { - if (ntohl(a->addr_data32[i]) < addrs[idx].ip2[i]) { - result2 = 1; - break; - } - if (ntohl(a->addr_data32[i]) > addrs[idx].ip2[i]) { - result2 = 0; - break; - } - } - - /* Return a match if packet address is between the two - * signature address match limits. - */ - if (result1 == 1 && result2 == 1) - SCReturnInt(1); - } - - SCReturnInt(0); -} - -/** - * \brief Check if a particular address(ipv4 or ipv6) matches the address - * range in the DetectAddress instance. - * - * We basically check that the address falls inbetween the address - * range in DetectAddress. - * - * \param dd Pointer to the DetectAddress instance. - * \param a Pointer to an Address instance. - * - * \param 1 On a match. - * \param 0 On no match. - */ -int DetectAddressMatch(DetectAddress *dd, Address *a) -{ - SCEnter(); - - if (dd->ip.family != a->family) { - SCReturnInt(0); - } - - //DetectAddressPrint(dd); - //AddressDebugPrint(a); - - switch (a->family) { - case AF_INET: - - /* XXX figure out a way to not need to do this ntohl if we switch to - * Address inside DetectAddressData we can do uint8_t checks */ - if (ntohl(a->addr_data32[0]) >= ntohl(dd->ip.addr_data32[0]) && - ntohl(a->addr_data32[0]) <= ntohl(dd->ip2.addr_data32[0])) - { - SCReturnInt(1); - } else { - SCReturnInt(0); - } - - break; - case AF_INET6: - if (AddressIPv6Ge(a, &dd->ip) == 1 && - AddressIPv6Le(a, &dd->ip2) == 1) - { - SCReturnInt(1); - } else { - SCReturnInt(0); - } - - break; - default: - SCLogDebug("What other address type can we have :-/"); - break; - } - - SCReturnInt(0); -} - -/** - * \brief Prints the address data held by the DetectAddress. If the - * address data family is any, we print "ANY". If the address data - * family is IPv4, we print the the ipv4 address and mask, and if the - * address data family is IPv6, we print the ipv6 address and mask. - * - * \param ad Pointer to the DetectAddress instance to be printed. - */ -void DetectAddressPrint(DetectAddress *gr) -{ - if (gr == NULL) - return; - - if (gr->flags & ADDRESS_FLAG_ANY) { - SCLogDebug("ANY"); - } else if (gr->ip.family == AF_INET) { - struct in_addr in; - char ip[16], mask[16]; - - memcpy(&in, &gr->ip.addr_data32[0], sizeof(in)); - PrintInet(AF_INET, &in, ip, sizeof(ip)); - memcpy(&in, &gr->ip2.addr_data32[0], sizeof(in)); - PrintInet(AF_INET, &in, mask, sizeof(mask)); - - SCLogDebug("%s/%s", ip, mask); -// printf("%s/%s", ip, mask); - } else if (gr->ip.family == AF_INET6) { - struct in6_addr in6; - char ip[66], mask[66]; - - memcpy(&in6, &gr->ip.addr_data32, sizeof(in6)); - PrintInet(AF_INET6, &in6, ip, sizeof(ip)); - memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6)); - PrintInet(AF_INET6, &in6, mask, sizeof(mask)); - - SCLogDebug("%s/%s", ip, mask); -// printf("%s/%s", ip, mask); - } - - return; -} - -/** - * \brief Find the group matching address in a group head. - * - * \param gh Pointer to the address group head(DetectAddressHead instance). - * \param a Pointer to an Address instance. - * - * \retval g On success pointer to an DetectAddress if we find a match - * for the Address "a", in the DetectAddressHead "gh". - */ -DetectAddress *DetectAddressLookupInHead(DetectAddressHead *gh, Address *a) -{ - SCEnter(); - - DetectAddress *g; - - if (gh == NULL) { - SCReturnPtr(NULL, "DetectAddress"); - } - - /* XXX should we really do this check every time we run this function? */ - if (a->family == AF_INET) { - SCLogDebug("IPv4"); - g = gh->ipv4_head; - } else if (a->family == AF_INET6) { - SCLogDebug("IPv6"); - g = gh->ipv6_head; - } else { - SCLogDebug("ANY"); - g = gh->any_head; - } - - for ( ; g != NULL; g = g->next) { - if (DetectAddressMatch(g,a) == 1) { - SCReturnPtr(g, "DetectAddress"); - } - } - - SCReturnPtr(NULL, "DetectAddress"); -} - -/********************************Unittests*************************************/ - -#ifdef UNITTESTS - -static int UTHValidateDetectAddress(DetectAddress *ad, const char *one, const char *two) -{ - char str1[46] = "", str2[46] = ""; - - if (ad == NULL) - return FALSE; - - switch(ad->ip.family) { - case AF_INET: - PrintInet(AF_INET, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1)); - SCLogDebug("%s", str1); - PrintInet(AF_INET, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2)); - SCLogDebug("%s", str2); - - if (strcmp(str1, one) != 0) { - SCLogInfo("%s != %s", str1, one); - return FALSE; - } - - if (strcmp(str2, two) != 0) { - SCLogInfo("%s != %s", str2, two); - return FALSE; - } - - return TRUE; - break; - - case AF_INET6: - PrintInet(AF_INET6, (const void *)&ad->ip.addr_data32[0], str1, sizeof(str1)); - SCLogDebug("%s", str1); - PrintInet(AF_INET6, (const void *)&ad->ip2.addr_data32[0], str2, sizeof(str2)); - SCLogDebug("%s", str2); - - if (strcmp(str1, one) != 0) { - SCLogInfo("%s != %s", str1, one); - return FALSE; - } - - if (strcmp(str2, two) != 0) { - SCLogInfo("%s != %s", str2, two); - return FALSE; - } - - return TRUE; - break; - } - - return FALSE; -} - -typedef struct UTHValidateDetectAddressHeadRange_ { - const char *one; - const char *two; -} UTHValidateDetectAddressHeadRange; - -int UTHValidateDetectAddressHead(DetectAddressHead *gh, int nranges, UTHValidateDetectAddressHeadRange *expectations) -{ - int expect = nranges; - int have = 0; - - if (gh == NULL) - return FALSE; - - DetectAddress *ad = NULL; - ad = gh->ipv4_head; - if (ad == NULL) - ad = gh->ipv6_head; - while (have < expect) { - if (ad == NULL) { - printf("bad head: have %d ranges, expected %d: ", have, expect); - return FALSE; - } - - if (UTHValidateDetectAddress(ad, expectations[have].one, expectations[have].two) == FALSE) - return FALSE; - - ad = ad->next; - have++; - } - - return TRUE; -} - -int AddressTestParse01(void) -{ - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse02(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4"); - - if (dd) { - if (dd->ip2.addr_data32[0] != ntohl(16909060) || - dd->ip.addr_data32[0] != ntohl(16909060)) { - result = 0; - } - - printf("ip %"PRIu32", ip2 %"PRIu32"\n", dd->ip.addr_data32[0], dd->ip2.addr_data32[0]); - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse03(void) -{ - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse04(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/255.255.255.0"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(16909056)|| - dd->ip2.addr_data32[0] != ntohl(16909311)) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse05(void) -{ - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse06(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4/24"); - - if (dd) { - if (dd->ip2.addr_data32[0] != ntohl(16909311) || - dd->ip.addr_data32[0] != ntohl(16909056)) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse07(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::/3"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse08(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::/3"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(536870912) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != ntohl(1073741823) || dd->ip2.addr_data32[1] != 0xFFFFFFFF || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - DetectAddressPrint(dd); - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse09(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::1/128"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse10(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::/128"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != ntohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 || - dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != 0x00000000) { - DetectAddressPrint(dd); - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse11(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::/48"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse12(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::/48"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != ntohl(536936448) || dd->ip2.addr_data32[1] != ntohl(65535) || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - DetectAddressPrint(dd); - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} -int AddressTestParse13(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::/16"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse14(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::/16"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != ntohl(537001983) || dd->ip2.addr_data32[1] != 0xFFFFFFFF || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse15(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::/0"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse16(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::/0"); - - if (dd) { - if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse17(void) -{ - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse18(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("1.2.3.4-1.2.3.6"); - - if (dd) { - if (dd->ip2.addr_data32[0] != ntohl(16909062) || - dd->ip.addr_data32[0] != ntohl(16909060)) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse19(void) -{ - DetectAddress *dd = DetectAddressParseSingle("1.2.3.6-1.2.3.4"); - - if (dd) { - DetectAddressFree(dd); - return 0; - } - - return 1; -} - -int AddressTestParse20(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse21(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("2001::1-2001::4"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(536936448) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != ntohl(1) || - - dd->ip2.addr_data32[0] != ntohl(536936448) || dd->ip2.addr_data32[1] != 0x00000000 || - dd->ip2.addr_data32[2] != 0x00000000 || dd->ip2.addr_data32[3] != ntohl(4)) { - result = 0; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse22(void) -{ - DetectAddress *dd = DetectAddressParseSingle("2001::4-2001::1"); - - if (dd) { - DetectAddressFree(dd); - return 0; - } - - return 1; -} - -int AddressTestParse23(void) -{ - DetectAddress *dd = DetectAddressParseSingle("any"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse24(void) -{ - DetectAddress *dd = DetectAddressParseSingle("Any"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse25(void) -{ - DetectAddress *dd = DetectAddressParseSingle("ANY"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse26(void) -{ - int result = 0; - DetectAddress *dd = DetectAddressParseSingle("any"); - - if (dd) { - if (dd->flags & ADDRESS_FLAG_ANY) - result = 1; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse27(void) -{ - DetectAddress *dd = DetectAddressParseSingle("!192.168.0.1"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse28(void) -{ - int result = 0; - DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4"); - - if (dd) { - if (dd->flags & ADDRESS_FLAG_NOT && - dd->ip.addr_data32[0] == ntohl(16909060)) { - result = 1; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse29(void) -{ - DetectAddress *dd = DetectAddressParseSingle("!1.2.3.0/24"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse30(void) -{ - int result = 0; - DetectAddress *dd = DetectAddressParseSingle("!1.2.3.4/24"); - - if (dd) { - if (dd->flags & ADDRESS_FLAG_NOT && - dd->ip.addr_data32[0] == ntohl(16909056) && - dd->ip2.addr_data32[0] == ntohl(16909311)) { - result = 1; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -/** - * \test make sure !any is rejected - */ -int AddressTestParse31(void) -{ - DetectAddress *dd = DetectAddressParseSingle("!any"); - - if (dd) { - DetectAddressFree(dd); - return 0; - } - - return 1; -} - -int AddressTestParse32(void) -{ - DetectAddress *dd = DetectAddressParseSingle("!2001::1"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse33(void) -{ - int result = 0; - DetectAddress *dd = DetectAddressParseSingle("!2001::1"); - - if (dd) { - if (dd->flags & ADDRESS_FLAG_NOT && - dd->ip.addr_data32[0] == ntohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 && - dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == ntohl(1)) { - result = 1; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse34(void) -{ - DetectAddress *dd = DetectAddressParseSingle("!2001::/16"); - - if (dd) { - DetectAddressFree(dd); - return 1; - } - - return 0; -} - -int AddressTestParse35(void) -{ - int result = 0; - DetectAddress *dd = DetectAddressParseSingle("!2001::/16"); - - if (dd) { - if (dd->flags & ADDRESS_FLAG_NOT && - dd->ip.addr_data32[0] == ntohl(536936448) && dd->ip.addr_data32[1] == 0x00000000 && - dd->ip.addr_data32[2] == 0x00000000 && dd->ip.addr_data32[3] == 0x00000000 && - - dd->ip2.addr_data32[0] == ntohl(537001983) && dd->ip2.addr_data32[1] == 0xFFFFFFFF && - dd->ip2.addr_data32[2] == 0xFFFFFFFF && dd->ip2.addr_data32[3] == 0xFFFFFFFF) { - result = 1; - } - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse36(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("ffff::/16"); - - if (dd) { - if (dd->ip.addr_data32[0] != ntohl(0xFFFF0000) || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - - DetectAddressPrint(dd); - result = 0; - } - DetectAddressPrint(dd); - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestParse37(void) -{ - int result = 1; - DetectAddress *dd = DetectAddressParseSingle("::/0"); - - if (dd) { - if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 || - dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 || - - dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF || - dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) { - DetectAddressPrint(dd); - result = 0; - } - DetectAddressPrint(dd); - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch01(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.3.4", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("1.2.3.4/24"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch02(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.3.127", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("1.2.3.4/25"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch03(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.3.128", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("1.2.3.4/25"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 1) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch04(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.2.255", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("1.2.3.4/25"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 1) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch05(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.3.4", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("1.2.3.4/32"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch06(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in_addr in; - Address a; - - if (inet_pton(AF_INET, "1.2.3.4", &in) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET; - a.addr_data32[0] = in.s_addr; - - dd = DetectAddressParseSingle("0.0.0.0/0.0.0.0"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch07(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in6_addr in6; - Address a; - - if (inet_pton(AF_INET6, "2001::1", &in6) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET6; - memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr)); - - dd = DetectAddressParseSingle("2001::/3"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch08(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in6_addr in6; - Address a; - - if (inet_pton(AF_INET6, "1999:ffff:ffff:ffff:ffff:ffff:ffff:ffff", &in6) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET6; - memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr)); - - dd = DetectAddressParseSingle("2001::/3"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 1) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch09(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in6_addr in6; - Address a; - - if (inet_pton(AF_INET6, "2001::2", &in6) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET6; - memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr)); - - dd = DetectAddressParseSingle("2001::1/128"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 1) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch10(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in6_addr in6; - Address a; - - if (inet_pton(AF_INET6, "2001::2", &in6) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET6; - memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr)); - - dd = DetectAddressParseSingle("2001::1/126"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 0) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestMatch11(void) -{ - DetectAddress *dd = NULL; - int result = 1; - struct in6_addr in6; - Address a; - - if (inet_pton(AF_INET6, "2001::3", &in6) != 1) - return 0; - memset(&a, 0, sizeof(Address)); - a.family = AF_INET6; - memcpy(&a.addr_data32, &in6.s6_addr, sizeof(in6.s6_addr)); - - dd = DetectAddressParseSingle("2001::1/127"); - if (dd) { - if (DetectAddressMatch(dd, &a) == 1) - result = 0; - - DetectAddressFree(dd); - return result; - } - - return 0; -} - -int AddressTestCmp01(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EQ) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp02(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.0.0/255.255.0.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EB) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp03(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.0.0/255.255.0.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_ES) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp04(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.1.0/255.255.255.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_LT) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp05(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.1.0/255.255.255.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.0.0/255.255.255.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_GT) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp06(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.1.0/255.255.0.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.0.0/255.255.0.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EQ) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmpIPv407(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.1.0/255.255.255.0"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.1.128-192.168.2.128"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_LE) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmpIPv408(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("192.168.1.128-192.168.2.128"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("192.168.1.0/255.255.255.0"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_GE) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp07(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001::/3"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001::1/3"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EQ) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp08(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001::/3"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001::/8"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EB) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp09(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001::/8"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001::/3"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_ES) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp10(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_LT) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp11(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001:1:2:4:0:0:0:0/64"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001:1:2:3:0:0:0:0/64"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_GT) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestCmp12(void) -{ - DetectAddress *da = NULL, *db = NULL; - int result = 1; - - da = DetectAddressParseSingle("2001:1:2:3:1:0:0:0/64"); - if (da == NULL) goto error; - db = DetectAddressParseSingle("2001:1:2:3:2:0:0:0/64"); - if (db == NULL) goto error; - - if (DetectAddressCmp(da, db) != ADDRESS_EQ) - result = 0; - - DetectAddressFree(da); - DetectAddressFree(db); - return result; - -error: - if (da) DetectAddressFree(da); - if (db) DetectAddressFree(db); - return 0; -} - -int AddressTestAddressGroupSetup01(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.4"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup02(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.4"); - if (r == 0 && gh->ipv4_head != NULL) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup03(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.4"); - if (r == 0 && gh->ipv4_head != NULL) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.3"); - if (r == 0 && gh->ipv4_head != prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup04(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.4"); - if (r == 0 && gh->ipv4_head != NULL) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.3"); - if (r == 0 && gh->ipv4_head != prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.2"); - if (r == 0 && gh->ipv4_head != prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next == prev_head) { - result = 1; - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup05(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.2"); - if (r == 0 && gh->ipv4_head != NULL) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.3"); - if (r == 0 && gh->ipv4_head == prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.4"); - if (r == 0 && gh->ipv4_head == prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next != prev_head) { - result = 1; - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup06(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "1.2.3.2"); - if (r == 0 && gh->ipv4_head != NULL) { - DetectAddress *prev_head = gh->ipv4_head; - - r = DetectAddressParse(NULL, gh, "1.2.3.2"); - if (r == 0 && gh->ipv4_head == prev_head && - gh->ipv4_head != NULL && gh->ipv4_head->next == NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup07(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.0.0.0/8"); - if (r == 0 && gh->ipv4_head != NULL) { - r = DetectAddressParse(NULL, gh, "10.10.10.10"); - if (r == 0 && gh->ipv4_head != NULL && - gh->ipv4_head->next != NULL && - gh->ipv4_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup08(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.10.10.10"); - if (r == 0 && gh->ipv4_head != NULL) { - r = DetectAddressParse(NULL, gh, "10.0.0.0/8"); - if (r == 0 && gh->ipv4_head != NULL && - gh->ipv4_head->next != NULL && - gh->ipv4_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup09(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.10.10.0/24"); - if (r == 0 && gh->ipv4_head != NULL) { - r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1"); - if (r == 0 && gh->ipv4_head != NULL && - gh->ipv4_head->next != NULL && - gh->ipv4_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup10(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1"); - if (r == 0 && gh->ipv4_head != NULL) { - r = DetectAddressParse(NULL, gh, "10.10.10.0/24"); - if (r == 0 && gh->ipv4_head != NULL && - gh->ipv4_head->next != NULL && - gh->ipv4_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup11(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "10.10.10.0/24"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "0.0.0.0/0"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - - /* result should be: - * 0.0.0.0/10.10.9.255 - * 10.10.10.0/10.10.10.9 - * 10.10.10.10/10.10.10.255 - * 10.10.11.0/10.10.11.1 - * 10.10.11.2/255.255.255.255 - */ - if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == ntohl(168430079) && - two->ip.addr_data32[0] == ntohl(168430080) && two->ip2.addr_data32[0] == ntohl(168430089) && - three->ip.addr_data32[0] == ntohl(168430090) && three->ip2.addr_data32[0] == ntohl(168430335) && - four->ip.addr_data32[0] == ntohl(168430336) && four->ip2.addr_data32[0] == ntohl(168430337) && - five->ip.addr_data32[0] == ntohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup12 (void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "0.0.0.0/0"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "10.10.10.0/24"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - - /* result should be: - * 0.0.0.0/10.10.9.255 - * 10.10.10.0/10.10.10.9 - * 10.10.10.10/10.10.10.255 - * 10.10.11.0/10.10.11.1 - * 10.10.11.2/255.255.255.255 - */ - if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == ntohl(168430079) && - two->ip.addr_data32[0] == ntohl(168430080) && two->ip2.addr_data32[0] == ntohl(168430089) && - three->ip.addr_data32[0] == ntohl(168430090) && three->ip2.addr_data32[0] == ntohl(168430335) && - four->ip.addr_data32[0] == ntohl(168430336) && four->ip2.addr_data32[0] == ntohl(168430337) && - five->ip.addr_data32[0] == ntohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup13(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "0.0.0.0/0"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "10.10.10.10-10.10.11.1"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "10.10.10.0/24"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - - /* result should be: - * 0.0.0.0/10.10.9.255 - * 10.10.10.0/10.10.10.9 - * 10.10.10.10/10.10.10.255 - * 10.10.11.0/10.10.11.1 - * 10.10.11.2/255.255.255.255 - */ - if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == ntohl(168430079) && - two->ip.addr_data32[0] == ntohl(168430080) && two->ip2.addr_data32[0] == ntohl(168430089) && - three->ip.addr_data32[0] == ntohl(168430090) && three->ip2.addr_data32[0] == ntohl(168430335) && - four->ip.addr_data32[0] == ntohl(168430336) && four->ip2.addr_data32[0] == ntohl(168430337) && - five->ip.addr_data32[0] == ntohl(168430338) && five->ip2.addr_data32[0] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetupIPv414(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "!1.2.3.4"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head; - DetectAddress *two = one ? one->next : NULL; - - if (one && two) { - /* result should be: - * 0.0.0.0/1.2.3.3 - * 1.2.3.5/255.255.255.255 - */ - if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == ntohl(16909059) && - two->ip.addr_data32[0] == ntohl(16909061) && two->ip2.addr_data32[0] == 0xFFFFFFFF) { - result = 1; - } else { - printf("unexpected addresses: "); - } - } else { - printf("one %p two %p: ", one, two); - } - } else { - printf("DetectAddressParse returned %d, expected 0: ", r); - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetupIPv415(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "!0.0.0.0"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head; - - if (one && one->next == NULL) { - /* result should be: - * 0.0.0.1/255.255.255.255 - */ - if (one->ip.addr_data32[0] == ntohl(1) && one->ip2.addr_data32[0] == 0xFFFFFFFF) - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetupIPv416(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "!255.255.255.255"); - if (r == 0) { - DetectAddress *one = gh->ipv4_head; - - if (one && one->next == NULL) { - /* result should be: - * 0.0.0.0/255.255.255.254 - */ - if (one->ip.addr_data32[0] == 0x00000000 && one->ip2.addr_data32[0] == ntohl(4294967294)) - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup14(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::1"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup15(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::1"); - if (r == 0 && gh->ipv6_head != NULL) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup16(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4"); - if (r == 0 && gh->ipv6_head != NULL) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::3"); - if (r == 0 && gh->ipv6_head != prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup17(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4"); - if (r == 0 && gh->ipv6_head != NULL) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::3"); - if (r == 0 && gh->ipv6_head != prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::2"); - if (r == 0 && gh->ipv6_head != prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next == prev_head) { - result = 1; - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup18(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::2"); - if (r == 0 && gh->ipv6_head != NULL) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::3"); - if (r == 0 && gh->ipv6_head == prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::4"); - if (r == 0 && gh->ipv6_head == prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next != prev_head) { - result = 1; - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup19(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::2"); - if (r == 0 && gh->ipv6_head != NULL) { - DetectAddress *prev_head = gh->ipv6_head; - - r = DetectAddressParse(NULL, gh, "2001::2"); - if (r == 0 && gh->ipv6_head == prev_head && - gh->ipv6_head != NULL && gh->ipv6_head->next == NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup20(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2000::/3"); - if (r == 0 && gh->ipv6_head != NULL) { - r = DetectAddressParse(NULL, gh, "2001::4"); - if (r == 0 && gh->ipv6_head != NULL && - gh->ipv6_head->next != NULL && - gh->ipv6_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup21(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4"); - if (r == 0 && gh->ipv6_head != NULL) { - r = DetectAddressParse(NULL, gh, "2000::/3"); - if (r == 0 && gh->ipv6_head != NULL && - gh->ipv6_head->next != NULL && - gh->ipv6_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup22(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2000::/3"); - if (r == 0 && gh->ipv6_head != NULL) { - r = DetectAddressParse(NULL, gh, "2001::4-2001::6"); - if (r == 0 && gh->ipv6_head != NULL && - gh->ipv6_head->next != NULL && - gh->ipv6_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup23(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4-2001::6"); - if (r == 0 && gh->ipv6_head != NULL) { - r = DetectAddressParse(NULL, gh, "2000::/3"); - if (r == 0 && gh->ipv6_head != NULL && - gh->ipv6_head->next != NULL && - gh->ipv6_head->next->next != NULL) { - result = 1; - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup24(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4-2001::6"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "2001::/3"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "::/0"); - if (r == 0) { - DetectAddress *one = gh->ipv6_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - if (one->ip.addr_data32[0] == 0x00000000 && - one->ip.addr_data32[1] == 0x00000000 && - one->ip.addr_data32[2] == 0x00000000 && - one->ip.addr_data32[3] == 0x00000000 && - one->ip2.addr_data32[0] == ntohl(536870911) && - one->ip2.addr_data32[1] == 0xFFFFFFFF && - one->ip2.addr_data32[2] == 0xFFFFFFFF && - one->ip2.addr_data32[3] == 0xFFFFFFFF && - - two->ip.addr_data32[0] == ntohl(536870912) && - two->ip.addr_data32[1] == 0x00000000 && - two->ip.addr_data32[2] == 0x00000000 && - two->ip.addr_data32[3] == 0x00000000 && - two->ip2.addr_data32[0] == ntohl(536936448) && - two->ip2.addr_data32[1] == 0x00000000 && - two->ip2.addr_data32[2] == 0x00000000 && - two->ip2.addr_data32[3] == ntohl(3) && - - three->ip.addr_data32[0] == ntohl(536936448) && - three->ip.addr_data32[1] == 0x00000000 && - three->ip.addr_data32[2] == 0x00000000 && - three->ip.addr_data32[3] == ntohl(4) && - three->ip2.addr_data32[0] == ntohl(536936448) && - three->ip2.addr_data32[1] == 0x00000000 && - three->ip2.addr_data32[2] == 0x00000000 && - three->ip2.addr_data32[3] == ntohl(6) && - - four->ip.addr_data32[0] == ntohl(536936448) && - four->ip.addr_data32[1] == 0x00000000 && - four->ip.addr_data32[2] == 0x00000000 && - four->ip.addr_data32[3] == ntohl(7) && - four->ip2.addr_data32[0] == ntohl(1073741823) && - four->ip2.addr_data32[1] == 0xFFFFFFFF && - four->ip2.addr_data32[2] == 0xFFFFFFFF && - four->ip2.addr_data32[3] == 0xFFFFFFFF && - - five->ip.addr_data32[0] == ntohl(1073741824) && - five->ip.addr_data32[1] == 0x00000000 && - five->ip.addr_data32[2] == 0x00000000 && - five->ip.addr_data32[3] == 0x00000000 && - five->ip2.addr_data32[0] == 0xFFFFFFFF && - five->ip2.addr_data32[1] == 0xFFFFFFFF && - five->ip2.addr_data32[2] == 0xFFFFFFFF && - five->ip2.addr_data32[3] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup25(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "2001::4-2001::6"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "::/0"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "2001::/3"); - if (r == 0) { - DetectAddress *one = gh->ipv6_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - if (one->ip.addr_data32[0] == 0x00000000 && - one->ip.addr_data32[1] == 0x00000000 && - one->ip.addr_data32[2] == 0x00000000 && - one->ip.addr_data32[3] == 0x00000000 && - one->ip2.addr_data32[0] == ntohl(536870911) && - one->ip2.addr_data32[1] == 0xFFFFFFFF && - one->ip2.addr_data32[2] == 0xFFFFFFFF && - one->ip2.addr_data32[3] == 0xFFFFFFFF && - - two->ip.addr_data32[0] == ntohl(536870912) && - two->ip.addr_data32[1] == 0x00000000 && - two->ip.addr_data32[2] == 0x00000000 && - two->ip.addr_data32[3] == 0x00000000 && - two->ip2.addr_data32[0] == ntohl(536936448) && - two->ip2.addr_data32[1] == 0x00000000 && - two->ip2.addr_data32[2] == 0x00000000 && - two->ip2.addr_data32[3] == ntohl(3) && - - three->ip.addr_data32[0] == ntohl(536936448) && - three->ip.addr_data32[1] == 0x00000000 && - three->ip.addr_data32[2] == 0x00000000 && - three->ip.addr_data32[3] == ntohl(4) && - three->ip2.addr_data32[0] == ntohl(536936448) && - three->ip2.addr_data32[1] == 0x00000000 && - three->ip2.addr_data32[2] == 0x00000000 && - three->ip2.addr_data32[3] == ntohl(6) && - - four->ip.addr_data32[0] == ntohl(536936448) && - four->ip.addr_data32[1] == 0x00000000 && - four->ip.addr_data32[2] == 0x00000000 && - four->ip.addr_data32[3] == ntohl(7) && - four->ip2.addr_data32[0] == ntohl(1073741823) && - four->ip2.addr_data32[1] == 0xFFFFFFFF && - four->ip2.addr_data32[2] == 0xFFFFFFFF && - four->ip2.addr_data32[3] == 0xFFFFFFFF && - - five->ip.addr_data32[0] == ntohl(1073741824) && - five->ip.addr_data32[1] == 0x00000000 && - five->ip.addr_data32[2] == 0x00000000 && - five->ip.addr_data32[3] == 0x00000000 && - five->ip2.addr_data32[0] == 0xFFFFFFFF && - five->ip2.addr_data32[1] == 0xFFFFFFFF && - five->ip2.addr_data32[2] == 0xFFFFFFFF && - five->ip2.addr_data32[3] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup26(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "::/0"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "2001::4-2001::6"); - if (r == 0) { - r = DetectAddressParse(NULL, gh, "2001::/3"); - if (r == 0) { - DetectAddress *one = gh->ipv6_head, *two = one->next, - *three = two->next, *four = three->next, - *five = four->next; - if (one->ip.addr_data32[0] == 0x00000000 && - one->ip.addr_data32[1] == 0x00000000 && - one->ip.addr_data32[2] == 0x00000000 && - one->ip.addr_data32[3] == 0x00000000 && - one->ip2.addr_data32[0] == ntohl(536870911) && - one->ip2.addr_data32[1] == 0xFFFFFFFF && - one->ip2.addr_data32[2] == 0xFFFFFFFF && - one->ip2.addr_data32[3] == 0xFFFFFFFF && - - two->ip.addr_data32[0] == ntohl(536870912) && - two->ip.addr_data32[1] == 0x00000000 && - two->ip.addr_data32[2] == 0x00000000 && - two->ip.addr_data32[3] == 0x00000000 && - two->ip2.addr_data32[0] == ntohl(536936448) && - two->ip2.addr_data32[1] == 0x00000000 && - two->ip2.addr_data32[2] == 0x00000000 && - two->ip2.addr_data32[3] == ntohl(3) && - - three->ip.addr_data32[0] == ntohl(536936448) && - three->ip.addr_data32[1] == 0x00000000 && - three->ip.addr_data32[2] == 0x00000000 && - three->ip.addr_data32[3] == ntohl(4) && - three->ip2.addr_data32[0] == ntohl(536936448) && - three->ip2.addr_data32[1] == 0x00000000 && - three->ip2.addr_data32[2] == 0x00000000 && - three->ip2.addr_data32[3] == ntohl(6) && - - four->ip.addr_data32[0] == ntohl(536936448) && - four->ip.addr_data32[1] == 0x00000000 && - four->ip.addr_data32[2] == 0x00000000 && - four->ip.addr_data32[3] == ntohl(7) && - four->ip2.addr_data32[0] == ntohl(1073741823) && - four->ip2.addr_data32[1] == 0xFFFFFFFF && - four->ip2.addr_data32[2] == 0xFFFFFFFF && - four->ip2.addr_data32[3] == 0xFFFFFFFF && - - five->ip.addr_data32[0] == ntohl(1073741824) && - five->ip.addr_data32[1] == 0x00000000 && - five->ip.addr_data32[2] == 0x00000000 && - five->ip.addr_data32[3] == 0x00000000 && - five->ip2.addr_data32[0] == 0xFFFFFFFF && - five->ip2.addr_data32[1] == 0xFFFFFFFF && - five->ip2.addr_data32[2] == 0xFFFFFFFF && - five->ip2.addr_data32[3] == 0xFFFFFFFF) { - result = 1; - } - } - } - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup27(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.2.3.4]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup28(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup29(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.2.3.4,4.3.2.1,10.10.10.10]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup30(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,2.3.4.5],4.3.2.1,[10.10.10.10,11.11.11.11]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup31(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,3.4.5.6]],4.3.2.1,[10.10.10.10,[11.11.11.11,12.12.12.12]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup32(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[[1.2.3.4,[2.3.4.5,[3.4.5.6,4.5.6.7]]],4.3.2.1,[10.10.10.10,[11.11.11.11,[12.12.12.12,13.13.13.13]]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup33(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "![1.1.1.1,[2.2.2.2,[3.3.3.3,4.4.4.4]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup34(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,![1.1.1.1,[1.2.1.1,1.3.1.1]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup35(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,![1.1.1.1,2.2.2.2]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup36 (void) -{ - int result = 0; - - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[1.0.0.0/8,[2.0.0.0/8,[3.0.0.0/8,!1.1.1.1]]]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestAddressGroupSetup37(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[0.0.0.0/0,::/0]"); - if (r == 0) - result = 1; - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup38(void) -{ - UTHValidateDetectAddressHeadRange expectations[3] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.14.0", "192.168.14.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "![192.168.0.0/16,!192.168.14.0/24]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup39(void) -{ - UTHValidateDetectAddressHeadRange expectations[3] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.14.0", "192.168.14.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,!192.168.14.0/24]]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup40(void) -{ - UTHValidateDetectAddressHeadRange expectations[3] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.14.0", "192.168.14.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,[!192.168.14.0/24]]]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup41(void) -{ - UTHValidateDetectAddressHeadRange expectations[3] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.14.0", "192.168.14.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.14.0/24]]]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 3, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup42(void) -{ - UTHValidateDetectAddressHeadRange expectations[1] = { - { "2000:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[2001::/3]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup43(void) -{ - UTHValidateDetectAddressHeadRange expectations[2] = { - { "2000:0000:0000:0000:0000:0000:0000:0000", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" }, - { "3800:0000:0000:0000:0000:0000:0000:0000", "3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[2001::/3,!3000::/5]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 2, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup44(void) -{ - UTHValidateDetectAddressHeadRange expectations[2] = { - { "3ffe:ffff:7654:feda:1245:ba98:0000:0000", "3ffe:ffff:7654:feda:1245:ba98:ffff:ffff" }}; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "3ffe:ffff:7654:feda:1245:ba98:3210:4562/96"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 1, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup45(void) -{ - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[192.168.1.3,!192.168.0.0/16]"); - if (r != 0) { - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -static int AddressTestAddressGroupSetup46(void) -{ - UTHValidateDetectAddressHeadRange expectations[4] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.1.0", "192.168.1.255" }, - { "192.168.3.0", "192.168.3.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24]]]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -/** \test net with some negations, then all negated */ -static int AddressTestAddressGroupSetup47(void) -{ - UTHValidateDetectAddressHeadRange expectations[5] = { - { "0.0.0.0", "192.167.255.255" }, - { "192.168.1.0", "192.168.1.255" }, - { "192.168.3.0", "192.168.3.255" }, - { "192.168.5.0", "192.168.5.255" }, - { "192.169.0.0", "255.255.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[![192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 5, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -/** \test same as AddressTestAddressGroupSetup47, but not negated */ -static int AddressTestAddressGroupSetup48(void) -{ - UTHValidateDetectAddressHeadRange expectations[4] = { - { "192.168.0.0", "192.168.0.255" }, - { "192.168.2.0", "192.168.2.255" }, - { "192.168.4.0", "192.168.4.255" }, - { "192.168.6.0", "192.168.255.255" } }; - int result = 0; - DetectAddressHead *gh = DetectAddressHeadInit(); - if (gh != NULL) { - int r = DetectAddressParse(NULL, gh, "[192.168.0.0/16,![192.168.1.0/24,192.168.3.0/24],!192.168.5.0/24]"); - if (r == 0) { - if (UTHValidateDetectAddressHead(gh, 4, expectations) == TRUE) - result = 1; - } - - DetectAddressHeadFree(gh); - } - return result; -} - -int AddressTestCutIPv401(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0/255.255.255.0"); - b = DetectAddressParseSingle("1.2.2.0-1.2.3.4"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv402(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0/255.255.255.0"); - b = DetectAddressParseSingle("1.2.2.0-1.2.3.4"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c == NULL) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv403(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0/255.255.255.0"); - b = DetectAddressParseSingle("1.2.2.0-1.2.3.4"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c == NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16908800) || a->ip2.addr_data32[0] != ntohl(16909055)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909056) || b->ip2.addr_data32[0] != ntohl(16909060)) - goto error; - if (c->ip.addr_data32[0] != ntohl(16909061) || c->ip2.addr_data32[0] != ntohl(16909311)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv404(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.3-1.2.3.6"); - b = DetectAddressParseSingle("1.2.3.0-1.2.3.5"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c == NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909058)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909059) || b->ip2.addr_data32[0] != ntohl(16909061)) - goto error; - if (c->ip.addr_data32[0] != ntohl(16909062) || c->ip2.addr_data32[0] != ntohl(16909062)) - goto error; - - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv405(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.3-1.2.3.6"); - b = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c == NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909058)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909059) || b->ip2.addr_data32[0] != ntohl(16909062)) - goto error; - if (c->ip.addr_data32[0] != ntohl(16909063) || c->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv406(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - b = DetectAddressParseSingle("1.2.3.3-1.2.3.6"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c == NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909058)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909059) || b->ip2.addr_data32[0] != ntohl(16909062)) - goto error; - if (c->ip.addr_data32[0] != ntohl(16909063) || c->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv407(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0-1.2.3.6"); - b = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c != NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909062)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909063) || b->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv408(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.3-1.2.3.9"); - b = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c != NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909058)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909059) || b->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv409(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - b = DetectAddressParseSingle("1.2.3.0-1.2.3.6"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c != NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909062)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909063) || b->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestCutIPv410(void) -{ - DetectAddress *a, *b, *c; - a = DetectAddressParseSingle("1.2.3.0-1.2.3.9"); - b = DetectAddressParseSingle("1.2.3.3-1.2.3.9"); - - if (DetectAddressCut(NULL, a, b, &c) == -1) - goto error; - - if (c != NULL) - goto error; - - if (a->ip.addr_data32[0] != ntohl(16909056) || a->ip2.addr_data32[0] != ntohl(16909058)) - goto error; - if (b->ip.addr_data32[0] != ntohl(16909059) || b->ip2.addr_data32[0] != ntohl(16909065)) - goto error; - - printf("ip %u ip2 %u ", htonl(a->ip.addr_data32[0]), htonl(a->ip2.addr_data32[0])); - - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 1; - -error: - DetectAddressFree(a); - DetectAddressFree(b); - DetectAddressFree(c); - return 0; -} - -int AddressTestParseInvalidMask01(void) -{ - int result = 1; - DetectAddress *dd = NULL; - - dd = DetectAddressParseSingle("192.168.2.0/33"); - if (dd != NULL) { - DetectAddressFree(dd); - result = 0; - } - return result; -} - -int AddressTestParseInvalidMask02(void) -{ - int result = 1; - DetectAddress *dd = NULL; - - dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0"); - if (dd != NULL) { - DetectAddressFree(dd); - result = 0; - } - return result; -} - -int AddressTestParseInvalidMask03(void) -{ - int result = 1; - DetectAddress *dd = NULL; - - dd = DetectAddressParseSingle("192.168.2.0/blue"); - if (dd != NULL) { - DetectAddressFree(dd); - result = 0; - } - return result; -} - -int AddressConfVarsTest01(void) -{ - static const char *dummy_conf_string = - "%YAML 1.1\n" - "---\n" - "\n" - "vars:\n" - "\n" - " address-groups:\n" - "\n" - " HOME_NET: \"any\"\n" - "\n" - " EXTERNAL_NET: \"!any\"\n" - "\n" - " port-groups:\n" - "\n" - " HTTP_PORTS: \"any\"\n" - "\n" - " SHELLCODE_PORTS: \"!any\"\n" - "\n"; - - int result = 0; - - ConfCreateContextBackup(); - ConfInit(); - ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); - - if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0) - result = 1; - - ConfDeInit(); - ConfRestoreContextBackup(); - - return result; -} - -int AddressConfVarsTest02(void) -{ - static const char *dummy_conf_string = - "%YAML 1.1\n" - "---\n" - "\n" - "vars:\n" - "\n" - " address-groups:\n" - "\n" - " HOME_NET: \"any\"\n" - "\n" - " EXTERNAL_NET: \"any\"\n" - "\n" - " port-groups:\n" - "\n" - " HTTP_PORTS: \"any\"\n" - "\n" - " SHELLCODE_PORTS: \"!any\"\n" - "\n"; - - int result = 0; - - ConfCreateContextBackup(); - ConfInit(); - ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); - - if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() < 0) - result = 1; - - ConfDeInit(); - ConfRestoreContextBackup(); - - return result; -} - -int AddressConfVarsTest03(void) -{ - static const char *dummy_conf_string = - "%YAML 1.1\n" - "---\n" - "\n" - "vars:\n" - "\n" - " address-groups:\n" - "\n" - " HOME_NET: \"any\"\n" - "\n" - " EXTERNAL_NET: \"!$HOME_NET\"\n" - "\n" - " port-groups:\n" - "\n" - " HTTP_PORTS: \"any\"\n" - "\n" - " SHELLCODE_PORTS: \"!$HTTP_PORTS\"\n" - "\n"; - - int result = 0; - - ConfCreateContextBackup(); - ConfInit(); - ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); - - if (DetectAddressTestConfVars() < 0 && DetectPortTestConfVars() < 0) - result = 1; - - ConfDeInit(); - ConfRestoreContextBackup(); - - return result; -} - -int AddressConfVarsTest04(void) -{ - static const char *dummy_conf_string = - "%YAML 1.1\n" - "---\n" - "\n" - "vars:\n" - "\n" - " address-groups:\n" - "\n" - " HOME_NET: \"any\"\n" - "\n" - " EXTERNAL_NET: \"$HOME_NET\"\n" - "\n" - " port-groups:\n" - "\n" - " HTTP_PORTS: \"any\"\n" - "\n" - " SHELLCODE_PORTS: \"$HTTP_PORTS\"\n" - "\n"; - - int result = 0; - - ConfCreateContextBackup(); - ConfInit(); - ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); - - if (DetectAddressTestConfVars() == 0 && DetectPortTestConfVars() == 0) - result = 1; - - ConfDeInit(); - ConfRestoreContextBackup(); - - return result; -} - -int AddressConfVarsTest05(void) -{ - static const char *dummy_conf_string = - "%YAML 1.1\n" - "---\n" - "\n" - "vars:\n" - "\n" - " address-groups:\n" - "\n" - " HOME_NET: \"any\"\n" - "\n" - " EXTERNAL_NET: [192.168.0.1]\n" - "\n" - " port-groups:\n" - "\n" - " HTTP_PORTS: \"any\"\n" - "\n" - " SHELLCODE_PORTS: [80]\n" - "\n"; - - int result = 0; - - ConfCreateContextBackup(); - ConfInit(); - ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); - - if (DetectAddressTestConfVars() != -1 && DetectPortTestConfVars() != -1) - goto end; - - result = 1; - - end: - ConfDeInit(); - ConfRestoreContextBackup(); - - return result; -} - -#include "detect-engine.h" - -/** - * \test Test sig distribution over address groups - */ -static int AddressTestFunctions01(void) -{ - DetectAddress *a1 = NULL; - DetectAddress *a2 = NULL; - DetectAddressHead *h = NULL; - int result = 0; - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - Signature s[2]; - memset(s,0x00,sizeof(s)); - - s[0].num = 0; - s[1].num = 1; - - a1 = DetectAddressParseSingle("255.0.0.0/8"); - if (a1 == NULL) { - printf("a1 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]); - - a2 = DetectAddressParseSingle("0.0.0.0/0"); - if (a2 == NULL) { - printf("a2 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]); - - SCLogDebug("a1"); - DetectAddressPrint(a1); - SCLogDebug("a2"); - DetectAddressPrint(a2); - - h = DetectAddressHeadInit(); - if (h == NULL) - goto end; - DetectAddressInsert(de_ctx, h, a1); - DetectAddressInsert(de_ctx, h, a2); - - if (h == NULL) - goto end; - - DetectAddress *x = h->ipv4_head; - for ( ; x != NULL; x = x->next) { - SCLogDebug("x %p next %p", x, x->next); - DetectAddressPrint(x); - //SigGroupHeadPrintSigs(de_ctx, x->sh); - } - - DetectAddress *one = h->ipv4_head; - DetectAddress *two = one->next; - - int sig = 0; - if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'two', but it shouldn't: ", sig); - goto end; - } - - result = 1; -end: - if (h != NULL) - DetectAddressHeadFree(h); - return result; -} - -/** - * \test Test sig distribution over address groups - */ -static int AddressTestFunctions02(void) -{ - DetectAddress *a1 = NULL; - DetectAddress *a2 = NULL; - DetectAddressHead *h = NULL; - int result = 0; - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - Signature s[2]; - memset(s,0x00,sizeof(s)); - - s[0].num = 0; - s[1].num = 1; - - a1 = DetectAddressParseSingle("255.0.0.0/8"); - if (a1 == NULL) { - printf("a1 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]); - - a2 = DetectAddressParseSingle("0.0.0.0/0"); - if (a2 == NULL) { - printf("a2 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]); - - SCLogDebug("a1"); - DetectAddressPrint(a1); - SCLogDebug("a2"); - DetectAddressPrint(a2); - - h = DetectAddressHeadInit(); - if (h == NULL) - goto end; - DetectAddressInsert(de_ctx, h, a2); - DetectAddressInsert(de_ctx, h, a1); - - BUG_ON(h == NULL); - - SCLogDebug("dp3"); - - DetectAddress *x = h->ipv4_head; - for ( ; x != NULL; x = x->next) { - DetectAddressPrint(x); - //SigGroupHeadPrintSigs(de_ctx, x->sh); - } - - DetectAddress *one = h->ipv4_head; - DetectAddress *two = one->next; - - int sig = 0; - if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'two', but it shouldn't: ", sig); - goto end; - } - - result = 1; -end: - if (h != NULL) - DetectAddressHeadFree(h); - return result; -} - -/** - * \test Test sig distribution over address groups - */ -static int AddressTestFunctions03(void) -{ - DetectAddress *a1 = NULL; - DetectAddress *a2 = NULL; - DetectAddressHead *h = NULL; - int result = 0; - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - Signature s[2]; - memset(s,0x00,sizeof(s)); - - s[0].num = 0; - s[1].num = 1; - - a1 = DetectAddressParseSingle("ffff::/16"); - if (a1 == NULL) { - printf("a1 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]); - - a2 = DetectAddressParseSingle("::/0"); - if (a2 == NULL) { - printf("a2 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]); - - SCLogDebug("a1"); - DetectAddressPrint(a1); - SCLogDebug("a2"); - DetectAddressPrint(a2); - - h = DetectAddressHeadInit(); - if (h == NULL) - goto end; - DetectAddressInsert(de_ctx, h, a1); - DetectAddressInsert(de_ctx, h, a2); - - if (h == NULL) - goto end; - - DetectAddress *x = h->ipv6_head; - for ( ; x != NULL; x = x->next) { - SCLogDebug("x %p next %p", x, x->next); - DetectAddressPrint(x); - //SigGroupHeadPrintSigs(de_ctx, x->sh); - } - - DetectAddress *one = h->ipv6_head; - DetectAddress *two = one->next; - - int sig = 0; - if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'two', but it shouldn't: ", sig); - goto end; - } - - result = 1; -end: - if (h != NULL) - DetectAddressHeadFree(h); - return result; -} - -/** - * \test Test sig distribution over address groups - */ -static int AddressTestFunctions04(void) -{ - DetectAddress *a1 = NULL; - DetectAddress *a2 = NULL; - DetectAddressHead *h = NULL; - int result = 0; - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - Signature s[2]; - memset(s,0x00,sizeof(s)); - - s[0].num = 0; - s[1].num = 1; - - a1 = DetectAddressParseSingle("ffff::/16"); - if (a1 == NULL) { - printf("a1 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]); - - a2 = DetectAddressParseSingle("::/0"); - if (a2 == NULL) { - printf("a2 == NULL: "); - goto end; - } - SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]); - - SCLogDebug("a1"); - DetectAddressPrint(a1); - SCLogDebug("a2"); - DetectAddressPrint(a2); - - h = DetectAddressHeadInit(); - if (h == NULL) - goto end; - DetectAddressInsert(de_ctx, h, a2); - DetectAddressInsert(de_ctx, h, a1); - - BUG_ON(h == NULL); - - SCLogDebug("dp3"); - - DetectAddress *x = h->ipv6_head; - for ( ; x != NULL; x = x->next) { - DetectAddressPrint(x); - //SigGroupHeadPrintSigs(de_ctx, x->sh); - } - - DetectAddress *one = h->ipv6_head; - DetectAddress *two = one->next; - - int sig = 0; - if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'one', but it shouldn't: ", sig); - goto end; - } - sig = 1; - if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) { - printf("sig %d part of 'two', but it shouldn't: ", sig); - goto end; - } - - result = 1; -end: - if (h != NULL) - DetectAddressHeadFree(h); - return result; -} - -#endif /* UNITTESTS */ - -void DetectAddressTests(void) -{ -#ifdef UNITTESTS - DetectAddressIPv4Tests(); - DetectAddressIPv6Tests(); - - UtRegisterTest("AddressTestParse01", AddressTestParse01, 1); - UtRegisterTest("AddressTestParse02", AddressTestParse02, 1); - UtRegisterTest("AddressTestParse03", AddressTestParse03, 1); - UtRegisterTest("AddressTestParse04", AddressTestParse04, 1); - UtRegisterTest("AddressTestParse05", AddressTestParse05, 1); - UtRegisterTest("AddressTestParse06", AddressTestParse06, 1); - UtRegisterTest("AddressTestParse07", AddressTestParse07, 1); - UtRegisterTest("AddressTestParse08", AddressTestParse08, 1); - UtRegisterTest("AddressTestParse09", AddressTestParse09, 1); - UtRegisterTest("AddressTestParse10", AddressTestParse10, 1); - UtRegisterTest("AddressTestParse11", AddressTestParse11, 1); - UtRegisterTest("AddressTestParse12", AddressTestParse12, 1); - UtRegisterTest("AddressTestParse13", AddressTestParse13, 1); - UtRegisterTest("AddressTestParse14", AddressTestParse14, 1); - UtRegisterTest("AddressTestParse15", AddressTestParse15, 1); - UtRegisterTest("AddressTestParse16", AddressTestParse16, 1); - UtRegisterTest("AddressTestParse17", AddressTestParse17, 1); - UtRegisterTest("AddressTestParse18", AddressTestParse18, 1); - UtRegisterTest("AddressTestParse19", AddressTestParse19, 1); - UtRegisterTest("AddressTestParse20", AddressTestParse20, 1); - UtRegisterTest("AddressTestParse21", AddressTestParse21, 1); - UtRegisterTest("AddressTestParse22", AddressTestParse22, 1); - UtRegisterTest("AddressTestParse23", AddressTestParse23, 1); - UtRegisterTest("AddressTestParse24", AddressTestParse24, 1); - UtRegisterTest("AddressTestParse25", AddressTestParse25, 1); - UtRegisterTest("AddressTestParse26", AddressTestParse26, 1); - UtRegisterTest("AddressTestParse27", AddressTestParse27, 1); - UtRegisterTest("AddressTestParse28", AddressTestParse28, 1); - UtRegisterTest("AddressTestParse29", AddressTestParse29, 1); - UtRegisterTest("AddressTestParse30", AddressTestParse30, 1); - UtRegisterTest("AddressTestParse31", AddressTestParse31, 1); - UtRegisterTest("AddressTestParse32", AddressTestParse32, 1); - UtRegisterTest("AddressTestParse33", AddressTestParse33, 1); - UtRegisterTest("AddressTestParse34", AddressTestParse34, 1); - UtRegisterTest("AddressTestParse35", AddressTestParse35, 1); - UtRegisterTest("AddressTestParse36", AddressTestParse36, 1); - UtRegisterTest("AddressTestParse37", AddressTestParse37, 1); - - UtRegisterTest("AddressTestMatch01", AddressTestMatch01, 1); - UtRegisterTest("AddressTestMatch02", AddressTestMatch02, 1); - UtRegisterTest("AddressTestMatch03", AddressTestMatch03, 1); - UtRegisterTest("AddressTestMatch04", AddressTestMatch04, 1); - UtRegisterTest("AddressTestMatch05", AddressTestMatch05, 1); - UtRegisterTest("AddressTestMatch06", AddressTestMatch06, 1); - UtRegisterTest("AddressTestMatch07", AddressTestMatch07, 1); - UtRegisterTest("AddressTestMatch08", AddressTestMatch08, 1); - UtRegisterTest("AddressTestMatch09", AddressTestMatch09, 1); - UtRegisterTest("AddressTestMatch10", AddressTestMatch10, 1); - UtRegisterTest("AddressTestMatch11", AddressTestMatch11, 1); - - UtRegisterTest("AddressTestCmp01", AddressTestCmp01, 1); - UtRegisterTest("AddressTestCmp02", AddressTestCmp02, 1); - UtRegisterTest("AddressTestCmp03", AddressTestCmp03, 1); - UtRegisterTest("AddressTestCmp04", AddressTestCmp04, 1); - UtRegisterTest("AddressTestCmp05", AddressTestCmp05, 1); - UtRegisterTest("AddressTestCmp06", AddressTestCmp06, 1); - UtRegisterTest("AddressTestCmpIPv407", AddressTestCmpIPv407, 1); - UtRegisterTest("AddressTestCmpIPv408", AddressTestCmpIPv408, 1); - - UtRegisterTest("AddressTestCmp07", AddressTestCmp07, 1); - UtRegisterTest("AddressTestCmp08", AddressTestCmp08, 1); - UtRegisterTest("AddressTestCmp09", AddressTestCmp09, 1); - UtRegisterTest("AddressTestCmp10", AddressTestCmp10, 1); - UtRegisterTest("AddressTestCmp11", AddressTestCmp11, 1); - UtRegisterTest("AddressTestCmp12", AddressTestCmp12, 1); - - UtRegisterTest("AddressTestAddressGroupSetup01", - AddressTestAddressGroupSetup01, 1); - UtRegisterTest("AddressTestAddressGroupSetup02", - AddressTestAddressGroupSetup02, 1); - UtRegisterTest("AddressTestAddressGroupSetup03", - AddressTestAddressGroupSetup03, 1); - UtRegisterTest("AddressTestAddressGroupSetup04", - AddressTestAddressGroupSetup04, 1); - UtRegisterTest("AddressTestAddressGroupSetup05", - AddressTestAddressGroupSetup05, 1); - UtRegisterTest("AddressTestAddressGroupSetup06", - AddressTestAddressGroupSetup06, 1); - UtRegisterTest("AddressTestAddressGroupSetup07", - AddressTestAddressGroupSetup07, 1); - UtRegisterTest("AddressTestAddressGroupSetup08", - AddressTestAddressGroupSetup08, 1); - UtRegisterTest("AddressTestAddressGroupSetup09", - AddressTestAddressGroupSetup09, 1); - UtRegisterTest("AddressTestAddressGroupSetup10", - AddressTestAddressGroupSetup10, 1); - UtRegisterTest("AddressTestAddressGroupSetup11", - AddressTestAddressGroupSetup11, 1); - UtRegisterTest("AddressTestAddressGroupSetup12", - AddressTestAddressGroupSetup12, 1); - UtRegisterTest("AddressTestAddressGroupSetup13", - AddressTestAddressGroupSetup13, 1); - UtRegisterTest("AddressTestAddressGroupSetupIPv414", - AddressTestAddressGroupSetupIPv414, 1); - UtRegisterTest("AddressTestAddressGroupSetupIPv415", - AddressTestAddressGroupSetupIPv415, 1); - UtRegisterTest("AddressTestAddressGroupSetupIPv416", - AddressTestAddressGroupSetupIPv416, 1); - - UtRegisterTest("AddressTestAddressGroupSetup14", - AddressTestAddressGroupSetup14, 1); - UtRegisterTest("AddressTestAddressGroupSetup15", - AddressTestAddressGroupSetup15, 1); - UtRegisterTest("AddressTestAddressGroupSetup16", - AddressTestAddressGroupSetup16, 1); - UtRegisterTest("AddressTestAddressGroupSetup17", - AddressTestAddressGroupSetup17, 1); - UtRegisterTest("AddressTestAddressGroupSetup18", - AddressTestAddressGroupSetup18, 1); - UtRegisterTest("AddressTestAddressGroupSetup19", - AddressTestAddressGroupSetup19, 1); - UtRegisterTest("AddressTestAddressGroupSetup20", - AddressTestAddressGroupSetup20, 1); - UtRegisterTest("AddressTestAddressGroupSetup21", - AddressTestAddressGroupSetup21, 1); - UtRegisterTest("AddressTestAddressGroupSetup22", - AddressTestAddressGroupSetup22, 1); - UtRegisterTest("AddressTestAddressGroupSetup23", - AddressTestAddressGroupSetup23, 1); - UtRegisterTest("AddressTestAddressGroupSetup24", - AddressTestAddressGroupSetup24, 1); - UtRegisterTest("AddressTestAddressGroupSetup25", - AddressTestAddressGroupSetup25, 1); - UtRegisterTest("AddressTestAddressGroupSetup26", - AddressTestAddressGroupSetup26, 1); - - UtRegisterTest("AddressTestAddressGroupSetup27", - AddressTestAddressGroupSetup27, 1); - UtRegisterTest("AddressTestAddressGroupSetup28", - AddressTestAddressGroupSetup28, 1); - UtRegisterTest("AddressTestAddressGroupSetup29", - AddressTestAddressGroupSetup29, 1); - UtRegisterTest("AddressTestAddressGroupSetup30", - AddressTestAddressGroupSetup30, 1); - UtRegisterTest("AddressTestAddressGroupSetup31", - AddressTestAddressGroupSetup31, 1); - UtRegisterTest("AddressTestAddressGroupSetup32", - AddressTestAddressGroupSetup32, 1); - UtRegisterTest("AddressTestAddressGroupSetup33", - AddressTestAddressGroupSetup33, 1); - UtRegisterTest("AddressTestAddressGroupSetup34", - AddressTestAddressGroupSetup34, 1); - UtRegisterTest("AddressTestAddressGroupSetup35", - AddressTestAddressGroupSetup35, 1); - UtRegisterTest("AddressTestAddressGroupSetup36", - AddressTestAddressGroupSetup36, 1); - UtRegisterTest("AddressTestAddressGroupSetup37", - AddressTestAddressGroupSetup37, 1); - UtRegisterTest("AddressTestAddressGroupSetup38", - AddressTestAddressGroupSetup38, 1); - UtRegisterTest("AddressTestAddressGroupSetup39", - AddressTestAddressGroupSetup39, 1); - UtRegisterTest("AddressTestAddressGroupSetup40", - AddressTestAddressGroupSetup40, 1); - UtRegisterTest("AddressTestAddressGroupSetup41", - AddressTestAddressGroupSetup41, 1); - UtRegisterTest("AddressTestAddressGroupSetup42", - AddressTestAddressGroupSetup42, 1); - UtRegisterTest("AddressTestAddressGroupSetup43", - AddressTestAddressGroupSetup43, 1); - UtRegisterTest("AddressTestAddressGroupSetup44", - AddressTestAddressGroupSetup44, 1); - UtRegisterTest("AddressTestAddressGroupSetup45", - AddressTestAddressGroupSetup45, 1); - UtRegisterTest("AddressTestAddressGroupSetup46", - AddressTestAddressGroupSetup46, 1); - UtRegisterTest("AddressTestAddressGroupSetup47", - AddressTestAddressGroupSetup47, 1); - UtRegisterTest("AddressTestAddressGroupSetup48", - AddressTestAddressGroupSetup48, 1); - - UtRegisterTest("AddressTestCutIPv401", AddressTestCutIPv401, 1); - UtRegisterTest("AddressTestCutIPv402", AddressTestCutIPv402, 1); - UtRegisterTest("AddressTestCutIPv403", AddressTestCutIPv403, 1); - UtRegisterTest("AddressTestCutIPv404", AddressTestCutIPv404, 1); - UtRegisterTest("AddressTestCutIPv405", AddressTestCutIPv405, 1); - UtRegisterTest("AddressTestCutIPv406", AddressTestCutIPv406, 1); - UtRegisterTest("AddressTestCutIPv407", AddressTestCutIPv407, 1); - UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408, 1); - UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409, 1); - UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410, 1); - - UtRegisterTest("AddressTestParseInvalidMask01", - AddressTestParseInvalidMask01, 1); - UtRegisterTest("AddressTestParseInvalidMask02", - AddressTestParseInvalidMask02, 1); - UtRegisterTest("AddressTestParseInvalidMask03", - AddressTestParseInvalidMask03, 1); - - UtRegisterTest("AddressConfVarsTest01 ", AddressConfVarsTest01, 1); - UtRegisterTest("AddressConfVarsTest02 ", AddressConfVarsTest02, 1); - UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03, 1); - UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04, 1); - UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05, 1); - - UtRegisterTest("AddressTestFunctions01", AddressTestFunctions01, 1); - UtRegisterTest("AddressTestFunctions02", AddressTestFunctions02, 1); - UtRegisterTest("AddressTestFunctions03", AddressTestFunctions03, 1); - UtRegisterTest("AddressTestFunctions04", AddressTestFunctions04, 1); -#endif /* UNITTESTS */ -} |