From fdc666f73295d3f368268540bed070fdf51fe4e1 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Sun, 21 Oct 2012 12:14:25 +0530
Subject: [PATCH] unittest to show failure for bug #599.

---
 src/detect-engine-iponly.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c
index 093c954827..842f84ab64 100644
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -2170,6 +2170,37 @@ int IPOnlyTestSig15(void)
     return result;
 }
 
+/**
+ * \brief Unittest to show #599.  We fail to match if we have negated addresses.
+ */
+int IPOnlyTestSig16(void)
+{
+    int result = 0;
+    uint8_t *buf = (uint8_t *)"Hi all!";
+    uint16_t buflen = strlen((char *)buf);
+
+    uint8_t numpkts = 1;
+    uint8_t numsigs = 2;
+
+    Packet *p[1];
+
+    p[0] = UTHBuildPacketSrcDst((uint8_t *)buf, buflen, IPPROTO_TCP, "100.100.0.0", "50.0.0.0");
+
+    char *sigs[numsigs];
+    sigs[0]= "alert tcp !100.100.0.1 any -> any any (msg:\"Testing src ip (sid 1)\"; sid:1;)";
+    sigs[1]= "alert tcp any any -> !50.0.0.1 any (msg:\"Testing dst ip (sid 2)\"; sid:2;)";
+
+    /* Sid numbers (we could extract them from the sig) */
+    uint32_t sid[2] = { 1, 2};
+    uint32_t results[2] = { 1, 1};
+
+    result = UTHGenericTest(p, numpkts, sigs, sid, (uint32_t *) results, numsigs);
+
+    UTHFreePackets(p, numpkts);
+
+    return result;
+}
+
 #endif /* UNITTESTS */
 
 void IPOnlyRegisterTests(void) {
@@ -2191,6 +2222,7 @@ void IPOnlyRegisterTests(void) {
     UtRegisterTest("IPOnlyTestSig13", IPOnlyTestSig13, 1);
     UtRegisterTest("IPOnlyTestSig14", IPOnlyTestSig14, 1);
     UtRegisterTest("IPOnlyTestSig15", IPOnlyTestSig15, 1);
+    UtRegisterTest("IPOnlyTestSig16", IPOnlyTestSig16, 1);
 #endif
 
     return;