struct in6_addr in6;
char ip[66], mask[66];
- memcpy(&in6, &gr->ip, sizeof(in6));
+ memcpy(&in6, &gr->ip.addr_data32, sizeof(in6));
PrintInet(AF_INET6, &in6, ip, sizeof(ip));
- memcpy(&in6, &gr->ip2, sizeof(in6));
+ memcpy(&in6, &gr->ip2.addr_data32, sizeof(in6));
PrintInet(AF_INET6, &in6, mask, sizeof(mask));
SCLogDebug("%s/%s", ip, mask);
return 0;
}
+int AddressTestParse36(void)
+{
+ int result = 1;
+ DetectAddress *dd = DetectAddressParseSingle("ffff::/16");
+
+ if (dd) {
+ if (dd->ip.addr_data32[0] != 0x0000FFFF || dd->ip.addr_data32[1] != 0x00000000 ||
+ dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
+
+ dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
+ dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
+
+ DetectAddressPrint(dd);
+ result = 0;
+ }
+ DetectAddressPrint(dd);
+
+ DetectAddressFree(dd);
+ return result;
+ }
+
+ return 0;
+}
+
+int AddressTestParse37(void)
+{
+ int result = 1;
+ DetectAddress *dd = DetectAddressParseSingle("::/0");
+
+ if (dd) {
+ if (dd->ip.addr_data32[0] != 0x00000000 || dd->ip.addr_data32[1] != 0x00000000 ||
+ dd->ip.addr_data32[2] != 0x00000000 || dd->ip.addr_data32[3] != 0x00000000 ||
+
+ dd->ip2.addr_data32[0] != 0xFFFFFFFF || dd->ip2.addr_data32[1] != 0xFFFFFFFF ||
+ dd->ip2.addr_data32[2] != 0xFFFFFFFF || dd->ip2.addr_data32[3] != 0xFFFFFFFF) {
+ DetectAddressPrint(dd);
+ result = 0;
+ }
+ DetectAddressPrint(dd);
+
+ DetectAddressFree(dd);
+ return result;
+ }
+
+ return 0;
+}
+
int AddressTestMatch01(void)
{
DetectAddress *dd = NULL;
return result;
}
+#include "detect-engine.h"
+
+/**
+ * \test Test sig distribution over address groups
+ */
+static int AddressTestFunctions01(void) {
+ DetectAddress *a1 = NULL;
+ DetectAddress *a2 = NULL;
+ DetectAddressHead *h = NULL;
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ a1 = DetectAddressParseSingle("255.0.0.0/8");
+ if (a1 == NULL) {
+ printf("a1 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
+
+ a2 = DetectAddressParseSingle("0.0.0.0/0");
+ if (a2 == NULL) {
+ printf("a2 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
+
+ SCLogDebug("a1");
+ DetectAddressPrint(a1);
+ SCLogDebug("a2");
+ DetectAddressPrint(a2);
+
+ h = DetectAddressHeadInit();
+ if (h == NULL)
+ goto end;
+ DetectAddressInsert(de_ctx, h, a1);
+ DetectAddressInsert(de_ctx, h, a2);
+
+ if (h == NULL)
+ goto end;
+
+ DetectAddress *x = h->ipv4_head;
+ for ( ; x != NULL; x = x->next) {
+ SCLogDebug("x %p next %p", x, x->next);
+ DetectAddressPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectAddress *one = h->ipv4_head;
+ DetectAddress *two = one->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (h != NULL)
+ DetectAddressHeadFree(h);
+ return result;
+}
+
+/**
+ * \test Test sig distribution over address groups
+ */
+static int AddressTestFunctions02(void) {
+ DetectAddress *a1 = NULL;
+ DetectAddress *a2 = NULL;
+ DetectAddressHead *h = NULL;
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ a1 = DetectAddressParseSingle("255.0.0.0/8");
+ if (a1 == NULL) {
+ printf("a1 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
+
+ a2 = DetectAddressParseSingle("0.0.0.0/0");
+ if (a2 == NULL) {
+ printf("a2 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
+
+ SCLogDebug("a1");
+ DetectAddressPrint(a1);
+ SCLogDebug("a2");
+ DetectAddressPrint(a2);
+
+ h = DetectAddressHeadInit();
+ if (h == NULL)
+ goto end;
+ DetectAddressInsert(de_ctx, h, a2);
+ DetectAddressInsert(de_ctx, h, a1);
+
+ BUG_ON(h == NULL);
+
+ SCLogDebug("dp3");
+
+ DetectAddress *x = h->ipv4_head;
+ for ( ; x != NULL; x = x->next) {
+ DetectAddressPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectAddress *one = h->ipv4_head;
+ DetectAddress *two = one->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (h != NULL)
+ DetectAddressHeadFree(h);
+ return result;
+}
+
+/**
+ * \test Test sig distribution over address groups
+ */
+static int AddressTestFunctions03(void) {
+ DetectAddress *a1 = NULL;
+ DetectAddress *a2 = NULL;
+ DetectAddressHead *h = NULL;
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ a1 = DetectAddressParseSingle("ffff::/16");
+ if (a1 == NULL) {
+ printf("a1 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
+
+ a2 = DetectAddressParseSingle("::/0");
+ if (a2 == NULL) {
+ printf("a2 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
+
+ SCLogDebug("a1");
+ DetectAddressPrint(a1);
+ SCLogDebug("a2");
+ DetectAddressPrint(a2);
+
+ h = DetectAddressHeadInit();
+ if (h == NULL)
+ goto end;
+ DetectAddressInsert(de_ctx, h, a1);
+ DetectAddressInsert(de_ctx, h, a2);
+
+ if (h == NULL)
+ goto end;
+
+ DetectAddress *x = h->ipv6_head;
+ for ( ; x != NULL; x = x->next) {
+ SCLogDebug("x %p next %p", x, x->next);
+ DetectAddressPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectAddress *one = h->ipv6_head;
+ DetectAddress *two = one->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (h != NULL)
+ DetectAddressHeadFree(h);
+ return result;
+}
+
+/**
+ * \test Test sig distribution over address groups
+ */
+static int AddressTestFunctions04(void) {
+ DetectAddress *a1 = NULL;
+ DetectAddress *a2 = NULL;
+ DetectAddressHead *h = NULL;
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ a1 = DetectAddressParseSingle("ffff::/16");
+ if (a1 == NULL) {
+ printf("a1 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
+
+ a2 = DetectAddressParseSingle("::/0");
+ if (a2 == NULL) {
+ printf("a2 == NULL: ");
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
+
+ SCLogDebug("a1");
+ DetectAddressPrint(a1);
+ SCLogDebug("a2");
+ DetectAddressPrint(a2);
+
+ h = DetectAddressHeadInit();
+ if (h == NULL)
+ goto end;
+ DetectAddressInsert(de_ctx, h, a2);
+ DetectAddressInsert(de_ctx, h, a1);
+
+ BUG_ON(h == NULL);
+
+ SCLogDebug("dp3");
+
+ DetectAddress *x = h->ipv6_head;
+ for ( ; x != NULL; x = x->next) {
+ DetectAddressPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectAddress *one = h->ipv6_head;
+ DetectAddress *two = one->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (h != NULL)
+ DetectAddressHeadFree(h);
+ return result;
+}
+
#endif /* UNITTESTS */
void DetectAddressTests(void)
UtRegisterTest("AddressTestParse33", AddressTestParse33, 1);
UtRegisterTest("AddressTestParse34", AddressTestParse34, 1);
UtRegisterTest("AddressTestParse35", AddressTestParse35, 1);
+ UtRegisterTest("AddressTestParse36", AddressTestParse36, 1);
+ UtRegisterTest("AddressTestParse37", AddressTestParse37, 1);
UtRegisterTest("AddressTestMatch01", AddressTestMatch01, 1);
UtRegisterTest("AddressTestMatch02", AddressTestMatch02, 1);
UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04, 1);
UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05, 1);
+ UtRegisterTest("AddressTestFunctions01", AddressTestFunctions01, 1);
+ UtRegisterTest("AddressTestFunctions02", AddressTestFunctions02, 1);
+ UtRegisterTest("AddressTestFunctions03", AddressTestFunctions03, 1);
+ UtRegisterTest("AddressTestFunctions04", AddressTestFunctions04, 1);
#endif /* UNITTESTS */
}
b->port = a_port1;
b->port2 = a_port2;
- /** 'a' overlaps 'b' so 'b' needs the 'a' sigs */
+ /* [bbb[baba]] will be transformed into
+ * [aaa][bbb]
+ * steps: copy b sigs to tmp
+ * a overlaps b, so copy a to b
+ * clear a
+ * copy tmp to a */
+ SigGroupHeadCopySigs(de_ctx,b->sh,&tmp->sh); /* store old a list */
+ tmp->cnt = b->cnt;
SigGroupHeadCopySigs(de_ctx,a->sh,&b->sh);
b->cnt += a->cnt;
-
+ SigGroupHeadClearSigs(a->sh); /* clean a list */
+ SigGroupHeadCopySigs(de_ctx,tmp->sh,&a->sh);/* merge old a with b */
+ a->cnt = tmp->cnt;
+ SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
} else {
SCLogDebug("3");
a->port = b_port1;
} else if (a_port2 == b_port2) {
SCLogDebug("2");
+
a->port = a_port1;
a->port2 = b_port1 - 1;
return result;
}
+/**
+ * \test Test general functions
+ */
+static int PortTestFunctions05(void) {
+ DetectPort *dp1 = NULL;
+ DetectPort *dp2 = NULL;
+ DetectPort *dp3 = NULL;
+ int result = 0;
+ int r = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ r = DetectPortParse(&dp1, "1024:65535");
+ if (r != 0) {
+ printf("r != 0 but %d: ", r);
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &dp1->sh, &s[0]);
+
+ r = DetectPortParse(&dp2, "any");
+ if (r != 0) {
+ printf("r != 0 but %d: ", r);
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &dp2->sh, &s[1]);
+
+ SCLogDebug("dp1");
+ DetectPortPrint(dp1);
+ SCLogDebug("dp2");
+ DetectPortPrint(dp2);
+
+ DetectPortInsert(de_ctx, &dp3, dp1);
+ DetectPortInsert(de_ctx, &dp3, dp2);
+
+ if (dp3 == NULL)
+ goto end;
+
+ SCLogDebug("dp3");
+ DetectPort *x = dp3;
+ for ( ; x != NULL; x = x->next) {
+ DetectPortPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectPort *one = dp3;
+ DetectPort *two = dp3->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (dp1 != NULL)
+ DetectPortFree(dp1);
+ if (dp2 != NULL)
+ DetectPortFree(dp2);
+ return result;
+}
+
+/**
+ * \test Test general functions
+ */
+static int PortTestFunctions06(void) {
+ DetectPort *dp1 = NULL;
+ DetectPort *dp2 = NULL;
+ DetectPort *dp3 = NULL;
+ int result = 0;
+ int r = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ Signature s[2];
+ memset(s,0x00,sizeof(s));
+
+ s[0].num = 0;
+ s[1].num = 1;
+
+ r = DetectPortParse(&dp1, "1024:65535");
+ if (r != 0) {
+ printf("r != 0 but %d: ", r);
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &dp1->sh, &s[0]);
+
+ r = DetectPortParse(&dp2, "any");
+ if (r != 0) {
+ printf("r != 0 but %d: ", r);
+ goto end;
+ }
+ SigGroupHeadAppendSig(de_ctx, &dp2->sh, &s[1]);
+
+ SCLogDebug("dp1");
+ DetectPortPrint(dp1);
+ SCLogDebug("dp2");
+ DetectPortPrint(dp2);
+
+ DetectPortInsert(de_ctx, &dp3, dp2);
+ DetectPortInsert(de_ctx, &dp3, dp1);
+
+ if (dp3 == NULL)
+ goto end;
+
+ SCLogDebug("dp3");
+ DetectPort *x = dp3;
+ for ( ; x != NULL; x = x->next) {
+ DetectPortPrint(x);
+ //SigGroupHeadPrintSigs(de_ctx, x->sh);
+ }
+
+ DetectPort *one = dp3;
+ DetectPort *two = dp3->next;
+
+ int sig = 0;
+ if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'one', but it shouldn't: ", sig);
+ goto end;
+ }
+ sig = 1;
+ if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
+ printf("sig %d part of 'two', but it shouldn't: ", sig);
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (dp1 != NULL)
+ DetectPortFree(dp1);
+ if (dp2 != NULL)
+ DetectPortFree(dp2);
+ return result;
+}
+
/**
* \test Test packet Matches
* \param raw_eth_pkt pointer to the ethernet packet
UtRegisterTest("PortTestFunctions02", PortTestFunctions02, 1);
UtRegisterTest("PortTestFunctions03", PortTestFunctions03, 1);
UtRegisterTest("PortTestFunctions04", PortTestFunctions04, 1);
+ UtRegisterTest("PortTestFunctions05", PortTestFunctions05, 1);
+ UtRegisterTest("PortTestFunctions06", PortTestFunctions06, 1);
UtRegisterTest("PortTestMatchReal01", PortTestMatchReal01, 1);
UtRegisterTest("PortTestMatchReal02", PortTestMatchReal02, 1);
UtRegisterTest("PortTestMatchReal03", PortTestMatchReal03, 1);
projects / thirdparty / suricata.git / commitdiff
