1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 // Copyright (C) 2009-2013 Sourcefire, Inc.
4 //
5 // This program is free software; you can redistribute it and/or modify it
6 // under the terms of the GNU General Public License Version 2 as published
7 // by the Free Software Foundation. You may not use, modify or distribute
8 // this program under any other version of the GNU General Public License.
9 //
10 // This program is distributed in the hope that it will be useful, but
11 // WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 // General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License along
16 // with this program; if not, write to the Free Software Foundation, Inc.,
17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 //--------------------------------------------------------------------------
19 // sfrf_test.cc author Russ Combs <rcombs@sourcefire.com>
20
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "catch/snort_catch.h"
26 #include "main/snort_config.h"
27 #include "parser/parse_ip.h"
28 #include "sfip/sf_ip.h"
29
30 #include "rate_filter.h"
31 #include "sfrf.h"
32
33 using namespace snort;
34
35 //---------------------------------------------------------------
36
37 #define IP_ANY nullptr // used to get "unset"
38
39 #define IP4_SRC "1.2.3.4"
40 #define IP4_DST "1.2.3.5"
41 #define IP4_EXT "2.2.3.6" // doesn't match either src|dst
42
43 #define IP4_NET "1.2.0.0/16"
44 #define IP6_SRC "1:2::8"
45 #define IP6_DST "1:2::9"
46 #define IP6_NET "1:2::/32"
47 #define IP6_EXT "2:2::8"
48
49 #define IP4_SET1 "[1.2.3.4,1.2.3.5]"
50 #define IP4_SET2 "[1.2.0.0/16,![1.2.3.4,1.2.3.5]]"
51
52 #define RULE_ORIG (-1) // original action applies
53 #define RULE_NEW 0 // new_action when not orig
54
55 #define MEM_DEFAULT (1024*1024) // default if not re"config"ed
56 #define MEM_MINIMUM 0 // forces use of minimum
57
58 typedef struct
59 {
60 int gid;
61 int sid;
62 SFRF_TRACK track;
63 int count;
64 int seconds;
65 int timeout;
66 const char* ip;
67 int expect;
68 int create;
69 } RateData;
70
71 typedef struct
72 {
73 unsigned int seq;
74 unsigned int gid;
75 unsigned int sid;
76 const char* sip;
77 const char* dip;
78 float now;
79 int expect;
80 } EventData;
81
82 static RateFilterConfig* rfc = nullptr;
83
84 //---------------------------------------------------------------
85
86 #define TRK_DST SFRF_TRACK_BY_DST
87 #define TRK_SRC SFRF_TRACK_BY_SRC
88 #define TRK_RUL SFRF_TRACK_BY_RULE
89
90 static RateData rfData[] =
91 {
92 // illegal gid, sid checks
93 { -1, -1, TRK_DST, 1, 1, 0, IP_ANY, -1, 0 }
94 ,{ 0, 0, TRK_DST, 1, 1, 0, IP_ANY, -1, 0 }
95 ,{ 0, 2100, TRK_DST, 1, 1, 0, IP_ANY, -1, 0 }
96 ,{ 100, 0, TRK_DST, 1, 1, 0, IP_ANY, -1, 0 }
97 ,{ 100, 8129, TRK_DST, 1, 1, 0, IP_ANY, 0, 0 }
98 ,{ 8129, 2100, TRK_DST, 1, 1, 0, IP_ANY, -1, 0 }
99
100 // duplicate gid, sid checks
101 ,{ 100, 1110, TRK_SRC, 1, 1, 0, IP_ANY, 0, 0 }
102 ,{ 100, 2110, TRK_DST, 1, 1, 0, IP_ANY, 0, 0 }
103 ,{ 100, 3110, TRK_RUL, 1, 1, 0, IP_ANY, 0, 0 }
104
105 // count checks
106 ,{ 100, 1000, TRK_SRC, 0, 0, 0, IP_ANY, -1, 0 }
107 ,{ 100, 2000, TRK_DST, 0, 0, 0, IP_ANY, -1, 0 }
108 ,{ 100, 3000, TRK_RUL, 0, 0, 0, IP_ANY, -1, 0 }
109
110 // rate tests w/o apply ...
111 ,{ 200, 1110, TRK_SRC, 1, 1, 0, IP_ANY, 0, 0 }
112 ,{ 200, 1111, TRK_SRC, 1, 1, 1, IP_ANY, 0, 0 }
113 ,{ 200, 1121, TRK_SRC, 1, 2, 1, IP_ANY, 0, 0 }
114 ,{ 200, 1311, TRK_SRC, 3, 1, 1, IP_ANY, 0, 0 }
115 ,{ 200, 1321, TRK_SRC, 3, 2, 1, IP_ANY, 0, 0 }
116 ,{ 200, 1312, TRK_SRC, 3, 1, 2, IP_ANY, 0, 0 }
117 ,{ 200, 2110, TRK_DST, 1, 1, 0, IP_ANY, 0, 0 }
118 ,{ 200, 2111, TRK_DST, 1, 1, 1, IP_ANY, 0, 0 }
119 ,{ 200, 3110, TRK_RUL, 1, 1, 0, IP_ANY, 0, 0 }
120 ,{ 200, 3111, TRK_RUL, 1, 1, 1, IP_ANY, 0, 0 }
121
122 ,{ 210, 3311, TRK_RUL, 3, 1, 1, IP_ANY, 0, 0 }
123 ,{ 210, 3315, TRK_RUL, 3, 1, 5, IP_ANY, 0, 0 }
124 ,{ 210, 3319, TRK_RUL, 3, 1, 9, IP_ANY, 0, 0 }
125 ,{ 210, 3351, TRK_RUL, 3, 5, 1, IP_ANY, 0, 0 }
126 ,{ 210, 3355, TRK_RUL, 3, 5, 5, IP_ANY, 0, 0 }
127 ,{ 210, 3359, TRK_RUL, 3, 5, 9, IP_ANY, 0, 0 }
128 ,{ 210, 3391, TRK_RUL, 3, 9, 1, IP_ANY, 0, 0 }
129 ,{ 210, 3395, TRK_RUL, 3, 9, 5, IP_ANY, 0, 0 }
130 ,{ 210, 3399, TRK_RUL, 3, 9, 9, IP_ANY, 0, 0 }
131
132 // rate tests w/apply ...
133 ,{ 300, 1110, TRK_SRC, 1, 1, 0, IP4_NET, 0, 0 }
134 ,{ 300, 2110, TRK_DST, 1, 1, 0, IP4_NET, 0, 0 }
135 ,{ 310, 1110, TRK_SRC, 1, 1, 0, "!" IP4_NET, 0, 0 }
136 ,{ 310, 2110, TRK_DST, 1, 1, 0, "!" IP4_NET, 0, 0 }
137
138 // ipv6 rate tests w/apply ...
139 ,{ 400, 1110, TRK_SRC, 1, 1, 0, IP6_NET, 0, 0 }
140 ,{ 400, 2110, TRK_DST, 1, 1, 0, IP6_NET, 0, 0 }
141 ,{ 410, 1110, TRK_SRC, 1, 1, 0, "!" IP6_NET, 0, 0 }
142 ,{ 410, 2110, TRK_DST, 1, 1, 0, "!" IP6_NET, 0, 0 }
143 };
144
145 #define NUM_NODES (sizeof(rfData)/sizeof(rfData[0]))
146
147 //---------------------------------------------------------------
148 // the seq field is only used to easily identify any failed tests
149
150 static EventData evData[] =
151 {
152 #ifndef SFRF_OVER_RATE
153 { 0, 200, 1110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
154 ,{ 1, 200, 1110, IP4_SRC, IP4_DST, 0.1, RULE_NEW }
155 ,{ 2, 200, 1110, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
156 ,{ 3, 200, 1110, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
157 ,{ 4, 200, 1110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
158
159 ,{ 0, 200, 1111, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
160 ,{ 1, 200, 1111, IP4_EXT, IP4_DST, 0.1, RULE_ORIG }
161 ,{ 2, 200, 1111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
162 ,{ 3, 200, 1111, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
163 ,{ 4, 200, 1111, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
164 ,{ 5, 200, 1111, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
165 ,{ 6, 200, 1111, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
166 ,{ 7, 200, 1111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
167
168 ,{ 0, 200, 1121, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
169 ,{ 1, 200, 1121, IP4_SRC, IP4_DST, 0.1, RULE_NEW }
170 ,{ 2, 200, 1121, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
171 ,{ 3, 200, 1121, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
172 ,{ 4, 200, 1121, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
173 ,{ 5, 200, 1121, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
174 ,{ 6, 200, 1121, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
175 ,{ 7, 200, 1121, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
176 ,{ 8, 200, 1121, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
177 ,{ 9, 200, 1121, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
178 ,{ 10, 200, 1121, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
179 ,{ 11, 200, 1121, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
180 ,{ 12, 200, 1121, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
181 ,{ 13, 200, 1121, IP4_SRC, IP4_DST, 4.0, RULE_ORIG }
182 ,{ 14, 200, 1121, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
183 ,{ 15, 200, 1121, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
184 ,{ 16, 200, 1121, IP4_SRC, IP4_DST, 6.0, RULE_ORIG }
185 ,{ 17, 200, 1121, IP4_SRC, IP4_DST, 8.0, RULE_ORIG }
186 ,{ 18, 200, 1121, IP4_SRC, IP4_DST,10.0, RULE_ORIG }
187
188 ,{ 0, 200, 1311, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
189 ,{ 1, 200, 1311, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
190 ,{ 2, 200, 1311, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
191 ,{ 3, 200, 1311, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
192 ,{ 4, 200, 1311, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
193 ,{ 5, 200, 1311, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
194 ,{ 6, 200, 1311, IP4_SRC, IP4_DST, 1.1, RULE_ORIG }
195 ,{ 7, 200, 1311, IP4_SRC, IP4_DST, 1.2, RULE_ORIG }
196 ,{ 8, 200, 1311, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
197 ,{ 9, 200, 1311, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
198 ,{ 10, 200, 1311, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
199 ,{ 11, 200, 1311, IP4_SRC, IP4_DST, 2.1, RULE_ORIG }
200 ,{ 12, 200, 1311, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
201
202 ,{ 0, 200, 1321, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
203 ,{ 1, 200, 1321, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
204 ,{ 2, 200, 1321, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
205 ,{ 3, 200, 1321, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
206 ,{ 4, 200, 1321, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
207 ,{ 5, 200, 1321, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
208 ,{ 6, 200, 1321, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
209 ,{ 7, 200, 1321, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
210 ,{ 8, 200, 1321, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
211 ,{ 9, 200, 1321, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
212 ,{ 10, 200, 1321, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
213 ,{ 11, 200, 1321, IP4_SRC, IP4_DST, 2.1, RULE_ORIG }
214 ,{ 12, 200, 1321, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
215 ,{ 13, 200, 1321, IP4_SRC, IP4_DST, 4.0, RULE_ORIG }
216 ,{ 14, 200, 1321, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
217
218 ,{ 0, 200, 1312, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
219 ,{ 1, 200, 1312, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
220 ,{ 2, 200, 1312, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
221 ,{ 3, 200, 1312, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
222 ,{ 4, 200, 1312, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
223 ,{ 5, 200, 1312, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
224 ,{ 6, 200, 1312, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
225 ,{ 7, 200, 1312, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
226 ,{ 8, 200, 1312, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
227 ,{ 9, 200, 1312, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
228 ,{ 10, 200, 1312, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
229 ,{ 11, 200, 1312, IP4_SRC, IP4_DST, 2.1, RULE_ORIG }
230 ,{ 12, 200, 1312, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
231 ,{ 13, 200, 1312, IP4_SRC, IP4_DST, 4.0, RULE_ORIG }
232 ,{ 14, 200, 1312, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
233
234 ,{ 0, 200, 2111, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
235 ,{ 1, 200, 2111, IP4_SRC, IP4_EXT, 0.1, RULE_ORIG }
236 ,{ 2, 200, 2111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
237 ,{ 3, 200, 2111, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
238 ,{ 4, 200, 2111, IP4_SRC, IP4_EXT, 1.1, RULE_ORIG }
239 ,{ 5, 200, 2111, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
240 ,{ 6, 200, 2111, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
241 ,{ 7, 200, 2111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
242
243 ,{ 0, 200, 3111, IP4_EXT, IP4_DST, 0.0, RULE_ORIG }
244 ,{ 1, 200, 3111, IP4_SRC, IP4_EXT, 0.1, RULE_NEW }
245 ,{ 2, 200, 3111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
246 ,{ 3, 200, 3111, IP4_EXT, IP4_DST, 1.0, RULE_ORIG }
247 ,{ 4, 200, 3111, IP4_EXT, IP4_DST, 1.1, RULE_NEW }
248 ,{ 5, 200, 3111, IP4_SRC, IP4_EXT, 1.2, RULE_NEW }
249 ,{ 6, 200, 3111, IP4_SRC, IP4_EXT, 2.0, RULE_ORIG }
250 ,{ 7, 200, 3111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
251
252 ,{ 0, 210, 3311, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
253 ,{ 1, 210, 3311, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
254 ,{ 2, 210, 3311, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
255 ,{ 3, 210, 3311, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
256 ,{ 4, 210, 3311, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
257 ,{ 5, 210, 3311, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
258 ,{ 6, 210, 3311, IP4_SRC, IP4_DST, 1.1, RULE_ORIG }
259 ,{ 7, 210, 3311, IP4_SRC, IP4_DST, 1.2, RULE_ORIG }
260 ,{ 8, 210, 3311, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
261 ,{ 9, 210, 3311, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
262 ,{ 10, 210, 3311, IP4_SRC, IP4_DST, 2.0, RULE_ORIG }
263 ,{ 11, 210, 3311, IP4_SRC, IP4_DST, 2.1, RULE_ORIG }
264 ,{ 12, 210, 3311, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
265 ,{ 13, 210, 3311, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
266 ,{ 14, 210, 3311, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
267 ,{ 15, 210, 3311, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
268 ,{ 16, 210, 3311, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
269 ,{ 17, 210, 3311, IP4_SRC, IP4_DST, 9.8, RULE_ORIG }
270 ,{ 18, 210, 3311, IP4_SRC, IP4_DST, 9.9, RULE_ORIG }
271 ,{ 19, 210, 3311, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
272 ,{ 20, 210, 3311, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
273
274 ,{ 0, 210, 3315, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
275 ,{ 1, 210, 3315, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
276 ,{ 2, 210, 3315, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
277 ,{ 3, 210, 3315, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
278 ,{ 4, 210, 3315, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
279 ,{ 5, 210, 3315, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
280 ,{ 6, 210, 3315, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
281 ,{ 7, 210, 3315, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
282 ,{ 8, 210, 3315, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
283 ,{ 9, 210, 3315, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
284 ,{ 10, 210, 3315, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
285 ,{ 11, 210, 3315, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
286 ,{ 12, 210, 3315, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
287 ,{ 13, 210, 3315, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
288 ,{ 14, 210, 3315, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
289 ,{ 15, 210, 3315, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
290 ,{ 16, 210, 3315, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
291 ,{ 17, 210, 3315, IP4_SRC, IP4_DST, 9.8, RULE_NEW }
292 ,{ 18, 210, 3315, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
293 ,{ 19, 210, 3315, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
294 ,{ 20, 210, 3315, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
295
296 ,{ 0, 210, 3319, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
297 ,{ 1, 210, 3319, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
298 ,{ 2, 210, 3319, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
299 ,{ 3, 210, 3319, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
300 ,{ 4, 210, 3319, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
301 ,{ 5, 210, 3319, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
302 ,{ 6, 210, 3319, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
303 ,{ 7, 210, 3319, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
304 ,{ 8, 210, 3319, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
305 ,{ 9, 210, 3319, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
306 ,{ 10, 210, 3319, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
307 ,{ 11, 210, 3319, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
308 ,{ 12, 210, 3319, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
309 ,{ 13, 210, 3319, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
310 ,{ 14, 210, 3319, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
311 ,{ 15, 210, 3319, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
312 ,{ 16, 210, 3319, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
313 ,{ 17, 210, 3319, IP4_SRC, IP4_DST, 9.8, RULE_ORIG }
314 ,{ 18, 210, 3319, IP4_SRC, IP4_DST, 9.9, RULE_ORIG }
315 ,{ 19, 210, 3319, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
316 ,{ 20, 210, 3319, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
317
318 ,{ 0, 210, 3351, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
319 ,{ 1, 210, 3351, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
320 ,{ 2, 210, 3351, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
321 ,{ 3, 210, 3351, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
322 ,{ 4, 210, 3351, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
323 ,{ 5, 210, 3351, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
324 ,{ 6, 210, 3351, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
325 ,{ 7, 210, 3351, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
326 ,{ 8, 210, 3351, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
327 ,{ 9, 210, 3351, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
328 ,{ 10, 210, 3351, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
329 ,{ 11, 210, 3351, IP4_SRC, IP4_DST, 10.1, RULE_ORIG }
330 ,{ 12, 210, 3351, IP4_SRC, IP4_DST, 15.0, RULE_ORIG }
331 ,{ 13, 210, 3351, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
332 ,{ 14, 210, 3351, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
333 ,{ 15, 210, 3351, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
334 ,{ 16, 210, 3351, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
335 ,{ 17, 210, 3351, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
336 ,{ 18, 210, 3351, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
337 ,{ 19, 210, 3351, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
338 ,{ 20, 210, 3351, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
339 ,{ 21, 210, 3351, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
340
341 ,{ 0, 210, 3355, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
342 ,{ 1, 210, 3355, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
343 ,{ 2, 210, 3355, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
344 ,{ 3, 210, 3355, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
345 ,{ 4, 210, 3355, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
346 ,{ 5, 210, 3355, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
347 ,{ 6, 210, 3355, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
348 ,{ 7, 210, 3355, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
349 ,{ 8, 210, 3355, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
350 ,{ 9, 210, 3355, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
351 ,{ 10, 210, 3355, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
352 ,{ 11, 210, 3355, IP4_SRC, IP4_DST, 10.1, RULE_ORIG }
353 ,{ 12, 210, 3355, IP4_SRC, IP4_DST, 15.0, RULE_ORIG }
354 ,{ 13, 210, 3355, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
355 ,{ 14, 210, 3355, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
356 ,{ 15, 210, 3355, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
357 ,{ 16, 210, 3355, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
358 ,{ 17, 210, 3355, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
359 ,{ 18, 210, 3355, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
360 ,{ 19, 210, 3355, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
361 ,{ 20, 210, 3355, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
362 ,{ 21, 210, 3355, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
363
364 ,{ 0, 210, 3359, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
365 ,{ 1, 210, 3359, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
366 ,{ 2, 210, 3359, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
367 ,{ 3, 210, 3359, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
368 ,{ 4, 210, 3359, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
369 ,{ 5, 210, 3359, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
370 ,{ 6, 210, 3359, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
371 ,{ 7, 210, 3359, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
372 ,{ 8, 210, 3359, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
373 ,{ 9, 210, 3359, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
374 ,{ 10, 210, 3359, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
375 ,{ 11, 210, 3359, IP4_SRC, IP4_DST, 10.1, RULE_ORIG }
376 ,{ 12, 210, 3359, IP4_SRC, IP4_DST, 15.0, RULE_ORIG }
377 ,{ 13, 210, 3359, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
378 ,{ 14, 210, 3359, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
379 ,{ 15, 210, 3359, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
380 ,{ 16, 210, 3359, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
381 ,{ 17, 210, 3359, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
382 ,{ 18, 210, 3359, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
383 ,{ 19, 210, 3359, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
384 ,{ 20, 210, 3359, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
385 ,{ 21, 210, 3359, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
386
387 ,{ 0, 210, 3391, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
388 ,{ 1, 210, 3391, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
389 ,{ 2, 210, 3391, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
390 ,{ 3, 210, 3391, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
391 ,{ 4, 210, 3391, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
392 ,{ 5, 210, 3391, IP4_SRC, IP4_DST, 9.0, RULE_ORIG }
393 ,{ 6, 210, 3391, IP4_SRC, IP4_DST, 9.1, RULE_ORIG }
394 ,{ 7, 210, 3391, IP4_SRC, IP4_DST, 9.2, RULE_ORIG }
395 ,{ 8, 210, 3391, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
396 ,{ 9, 210, 3391, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
397 ,{ 10, 210, 3391, IP4_SRC, IP4_DST, 18.0, RULE_ORIG }
398 ,{ 11, 210, 3391, IP4_SRC, IP4_DST, 18.1, RULE_ORIG }
399 ,{ 12, 210, 3391, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
400 ,{ 13, 210, 3391, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
401 ,{ 14, 210, 3391, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
402 ,{ 15, 210, 3391, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
403 ,{ 16, 210, 3391, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
404 ,{ 17, 210, 3391, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
405 ,{ 18, 210, 3391, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
406 ,{ 19, 210, 3391, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
407 ,{ 20, 210, 3391, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
408 ,{ 21, 210, 3391, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
409
410 ,{ 0, 210, 3395, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
411 ,{ 1, 210, 3395, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
412 ,{ 2, 210, 3395, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
413 ,{ 3, 210, 3395, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
414 ,{ 4, 210, 3395, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
415 ,{ 5, 210, 3395, IP4_SRC, IP4_DST, 9.0, RULE_ORIG }
416 ,{ 6, 210, 3395, IP4_SRC, IP4_DST, 9.1, RULE_ORIG }
417 ,{ 7, 210, 3395, IP4_SRC, IP4_DST, 9.2, RULE_ORIG }
418 ,{ 8, 210, 3395, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
419 ,{ 9, 210, 3395, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
420 ,{ 10, 210, 3395, IP4_SRC, IP4_DST, 18.0, RULE_ORIG }
421 ,{ 11, 210, 3395, IP4_SRC, IP4_DST, 18.1, RULE_ORIG }
422 ,{ 12, 210, 3395, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
423 ,{ 13, 210, 3395, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
424 ,{ 14, 210, 3395, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
425 ,{ 15, 210, 3395, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
426 ,{ 16, 210, 3395, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
427 ,{ 17, 210, 3395, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
428 ,{ 18, 210, 3395, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
429 ,{ 19, 210, 3395, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
430 ,{ 20, 210, 3395, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
431 ,{ 21, 210, 3395, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
432
433 ,{ 0, 210, 3399, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
434 ,{ 1, 210, 3399, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
435 ,{ 2, 210, 3399, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
436 ,{ 3, 210, 3399, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
437 ,{ 4, 210, 3399, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
438 ,{ 5, 210, 3399, IP4_SRC, IP4_DST, 9.0, RULE_ORIG }
439 ,{ 6, 210, 3399, IP4_SRC, IP4_DST, 9.1, RULE_ORIG }
440 ,{ 7, 210, 3399, IP4_SRC, IP4_DST, 9.2, RULE_ORIG }
441 ,{ 8, 210, 3399, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
442 ,{ 9, 210, 3399, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
443 ,{ 10, 210, 3399, IP4_SRC, IP4_DST, 18.0, RULE_ORIG }
444 ,{ 11, 210, 3399, IP4_SRC, IP4_DST, 18.1, RULE_ORIG }
445 ,{ 12, 210, 3399, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
446 ,{ 13, 210, 3399, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
447 ,{ 14, 210, 3399, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
448 ,{ 15, 210, 3399, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
449 ,{ 16, 210, 3399, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
450 ,{ 17, 210, 3399, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
451 ,{ 18, 210, 3399, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
452 ,{ 19, 210, 3399, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
453 ,{ 20, 210, 3399, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
454 ,{ 21, 210, 3399, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
455
456 ,{ 0, 300, 1110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
457 ,{ 1, 300, 1110, IP4_EXT, IP4_DST, 0.1, RULE_ORIG }
458 ,{ 2, 300, 1110, IP4_EXT, IP4_DST, 0.2, RULE_ORIG }
459 ,{ 3, 300, 1110, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
460 ,{ 4, 300, 1110, IP4_SRC, IP4_DST, 1.9, RULE_NEW }
461 ,{ 5, 300, 1110, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
462 ,{ 6, 300, 1110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
463
464 ,{ 0, 300, 2110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
465 ,{ 1, 300, 2110, IP4_SRC, IP4_EXT, 0.1, RULE_ORIG }
466 ,{ 2, 300, 2110, IP4_SRC, IP4_EXT, 0.2, RULE_ORIG }
467 ,{ 3, 300, 2110, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
468 ,{ 4, 300, 2110, IP4_SRC, IP4_DST, 1.9, RULE_NEW }
469 ,{ 5, 300, 2110, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
470 ,{ 6, 300, 2110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
471
472 ,{ 0, 310, 1110, IP4_EXT, IP4_DST, 0.0, RULE_ORIG }
473 ,{ 1, 310, 1110, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
474 ,{ 2, 310, 1110, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
475 ,{ 3, 310, 1110, IP4_EXT, IP4_DST, 1.0, RULE_ORIG }
476 ,{ 4, 310, 1110, IP4_EXT, IP4_DST, 1.9, RULE_NEW }
477 ,{ 5, 310, 1110, IP4_EXT, IP4_DST, 2.0, RULE_NEW }
478 ,{ 6, 310, 1110, IP4_EXT, IP4_DST, 9.9, RULE_NEW }
479
480 ,{ 0, 310, 2110, IP4_SRC, IP4_EXT, 0.0, RULE_ORIG }
481 ,{ 1, 310, 2110, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
482 ,{ 2, 310, 2110, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
483 ,{ 3, 310, 2110, IP4_SRC, IP4_EXT, 1.0, RULE_ORIG }
484 ,{ 4, 310, 2110, IP4_SRC, IP4_EXT, 1.9, RULE_NEW }
485 ,{ 5, 310, 2110, IP4_SRC, IP4_EXT, 2.0, RULE_NEW }
486 ,{ 6, 310, 2110, IP4_SRC, IP4_EXT, 9.9, RULE_NEW }
487
488 ,{ 0, 410, 1110, IP6_EXT, IP6_DST, 0.0, RULE_ORIG }
489 ,{ 1, 410, 1110, IP6_SRC, IP6_DST, 0.1, RULE_ORIG }
490 ,{ 2, 410, 1110, IP6_SRC, IP6_DST, 0.2, RULE_ORIG }
491 ,{ 3, 410, 1110, IP6_EXT, IP6_DST, 1.0, RULE_ORIG }
492 ,{ 4, 410, 1110, IP6_EXT, IP6_DST, 1.9, RULE_NEW }
493 ,{ 5, 410, 1110, IP6_EXT, IP6_DST, 2.0, RULE_NEW }
494 ,{ 6, 410, 1110, IP6_EXT, IP6_DST, 9.9, RULE_NEW }
495
496 ,{ 0, 410, 2110, IP6_SRC, IP6_EXT, 0.0, RULE_ORIG }
497 ,{ 1, 410, 2110, IP6_SRC, IP6_DST, 0.1, RULE_ORIG }
498 ,{ 2, 410, 2110, IP6_SRC, IP6_DST, 0.2, RULE_ORIG }
499 ,{ 3, 410, 2110, IP6_SRC, IP6_EXT, 1.0, RULE_ORIG }
500 ,{ 4, 410, 2110, IP6_SRC, IP6_EXT, 1.9, RULE_NEW }
501 ,{ 5, 410, 2110, IP6_SRC, IP6_EXT, 2.0, RULE_NEW }
502 ,{ 6, 410, 2110, IP6_SRC, IP6_EXT, 9.9, RULE_NEW }
503 #else
504 { 0, 200, 1110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
505 ,{ 1, 200, 1110, IP4_SRC, IP4_DST, 0.1, RULE_NEW }
506 ,{ 2, 200, 1110, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
507 ,{ 3, 200, 1110, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
508 ,{ 4, 200, 1110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
509
510 ,{ 0, 200, 1111, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
511 ,{ 1, 200, 1111, IP4_EXT, IP4_DST, 0.1, RULE_ORIG }
512 ,{ 2, 200, 1111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
513 ,{ 3, 200, 1111, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
514 ,{ 4, 200, 1111, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
515 ,{ 5, 200, 1111, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
516 ,{ 6, 200, 1111, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
517 ,{ 7, 200, 1111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
518
519 ,{ 0, 200, 1121, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
520 ,{ 1, 200, 1121, IP4_SRC, IP4_DST, 0.1, RULE_NEW }
521 ,{ 2, 200, 1121, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
522 ,{ 3, 200, 1121, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
523 ,{ 4, 200, 1121, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
524 ,{ 5, 200, 1121, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
525 ,{ 6, 200, 1121, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
526 ,{ 7, 200, 1121, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
527 ,{ 8, 200, 1121, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
528 ,{ 9, 200, 1121, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
529 ,{ 10, 200, 1121, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
530 ,{ 11, 200, 1121, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
531 ,{ 12, 200, 1121, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
532 ,{ 13, 200, 1121, IP4_SRC, IP4_DST, 4.0, RULE_NEW }
533 ,{ 14, 200, 1121, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
534 ,{ 15, 200, 1121, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
535 ,{ 16, 200, 1121, IP4_SRC, IP4_DST, 6.0, RULE_NEW }
536 ,{ 17, 200, 1121, IP4_SRC, IP4_DST, 8.0, RULE_ORIG }
537 ,{ 18, 200, 1121, IP4_SRC, IP4_DST,10.0, RULE_ORIG }
538
539 ,{ 0, 200, 1311, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
540 ,{ 1, 200, 1311, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
541 ,{ 2, 200, 1311, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
542 ,{ 3, 200, 1311, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
543 ,{ 4, 200, 1311, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
544 ,{ 5, 200, 1311, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
545 ,{ 6, 200, 1311, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
546 ,{ 7, 200, 1311, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
547 ,{ 8, 200, 1311, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
548 ,{ 9, 200, 1311, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
549 ,{ 10, 200, 1311, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
550 ,{ 11, 200, 1311, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
551 ,{ 12, 200, 1311, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
552
553 ,{ 0, 200, 1321, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
554 ,{ 1, 200, 1321, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
555 ,{ 2, 200, 1321, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
556 ,{ 3, 200, 1321, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
557 ,{ 4, 200, 1321, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
558 ,{ 5, 200, 1321, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
559 ,{ 6, 200, 1321, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
560 ,{ 7, 200, 1321, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
561 ,{ 8, 200, 1321, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
562 ,{ 9, 200, 1321, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
563 ,{ 10, 200, 1321, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
564 ,{ 11, 200, 1321, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
565 ,{ 12, 200, 1321, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
566 ,{ 13, 200, 1321, IP4_SRC, IP4_DST, 4.0, RULE_ORIG }
567 ,{ 14, 200, 1321, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
568
569 ,{ 0, 200, 1312, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
570 ,{ 1, 200, 1312, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
571 ,{ 2, 200, 1312, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
572 ,{ 3, 200, 1312, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
573 ,{ 4, 200, 1312, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
574 ,{ 5, 200, 1312, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
575 ,{ 6, 200, 1312, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
576 ,{ 7, 200, 1312, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
577 ,{ 8, 200, 1312, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
578 ,{ 9, 200, 1312, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
579 ,{ 10, 200, 1312, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
580 ,{ 11, 200, 1312, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
581 ,{ 12, 200, 1312, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
582 ,{ 13, 200, 1312, IP4_SRC, IP4_DST, 4.0, RULE_ORIG }
583 ,{ 14, 200, 1312, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
584
585 ,{ 0, 200, 2111, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
586 ,{ 1, 200, 2111, IP4_SRC, IP4_EXT, 0.1, RULE_ORIG }
587 ,{ 2, 200, 2111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
588 ,{ 3, 200, 2111, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
589 ,{ 4, 200, 2111, IP4_SRC, IP4_EXT, 1.1, RULE_ORIG }
590 ,{ 5, 200, 2111, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
591 ,{ 6, 200, 2111, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
592 ,{ 7, 200, 2111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
593
594 ,{ 0, 200, 3111, IP4_EXT, IP4_DST, 0.0, RULE_ORIG }
595 ,{ 1, 200, 3111, IP4_SRC, IP4_EXT, 0.1, RULE_NEW }
596 ,{ 2, 200, 3111, IP4_SRC, IP4_DST, 0.2, RULE_NEW }
597 ,{ 3, 200, 3111, IP4_EXT, IP4_DST, 1.0, RULE_NEW }
598 ,{ 4, 200, 3111, IP4_EXT, IP4_DST, 1.1, RULE_NEW }
599 ,{ 5, 200, 3111, IP4_SRC, IP4_EXT, 1.2, RULE_NEW }
600 ,{ 6, 200, 3111, IP4_SRC, IP4_EXT, 2.0, RULE_NEW }
601 ,{ 7, 200, 3111, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
602
603 ,{ 0, 210, 3311, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
604 ,{ 1, 210, 3311, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
605 ,{ 2, 210, 3311, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
606 ,{ 3, 210, 3311, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
607 ,{ 4, 210, 3311, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
608 ,{ 5, 210, 3311, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
609 ,{ 6, 210, 3311, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
610 ,{ 7, 210, 3311, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
611 ,{ 8, 210, 3311, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
612 ,{ 9, 210, 3311, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
613 ,{ 10, 210, 3311, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
614 ,{ 11, 210, 3311, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
615 ,{ 12, 210, 3311, IP4_SRC, IP4_DST, 3.0, RULE_ORIG }
616 ,{ 13, 210, 3311, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
617 ,{ 14, 210, 3311, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
618 ,{ 15, 210, 3311, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
619 ,{ 16, 210, 3311, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
620 ,{ 17, 210, 3311, IP4_SRC, IP4_DST, 9.8, RULE_ORIG }
621 ,{ 18, 210, 3311, IP4_SRC, IP4_DST, 9.9, RULE_ORIG }
622 ,{ 19, 210, 3311, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
623 ,{ 20, 210, 3311, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
624
625 ,{ 0, 210, 3315, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
626 ,{ 1, 210, 3315, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
627 ,{ 2, 210, 3315, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
628 ,{ 3, 210, 3315, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
629 ,{ 4, 210, 3315, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
630 ,{ 5, 210, 3315, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
631 ,{ 6, 210, 3315, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
632 ,{ 7, 210, 3315, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
633 ,{ 8, 210, 3315, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
634 ,{ 9, 210, 3315, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
635 ,{ 10, 210, 3315, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
636 ,{ 11, 210, 3315, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
637 ,{ 12, 210, 3315, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
638 ,{ 13, 210, 3315, IP4_SRC, IP4_DST, 5.0, RULE_ORIG }
639 ,{ 14, 210, 3315, IP4_SRC, IP4_DST, 5.1, RULE_ORIG }
640 ,{ 15, 210, 3315, IP4_SRC, IP4_DST, 5.2, RULE_ORIG }
641 ,{ 16, 210, 3315, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
642 ,{ 17, 210, 3315, IP4_SRC, IP4_DST, 9.8, RULE_NEW }
643 ,{ 18, 210, 3315, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
644 ,{ 19, 210, 3315, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
645 ,{ 20, 210, 3315, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
646
647 ,{ 0, 210, 3319, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
648 ,{ 1, 210, 3319, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
649 ,{ 2, 210, 3319, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
650 ,{ 3, 210, 3319, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
651 ,{ 4, 210, 3319, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
652 ,{ 5, 210, 3319, IP4_SRC, IP4_DST, 1.0, RULE_NEW }
653 ,{ 6, 210, 3319, IP4_SRC, IP4_DST, 1.1, RULE_NEW }
654 ,{ 7, 210, 3319, IP4_SRC, IP4_DST, 1.2, RULE_NEW }
655 ,{ 8, 210, 3319, IP4_SRC, IP4_DST, 1.3, RULE_NEW }
656 ,{ 9, 210, 3319, IP4_SRC, IP4_DST, 1.4, RULE_NEW }
657 ,{ 10, 210, 3319, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
658 ,{ 11, 210, 3319, IP4_SRC, IP4_DST, 2.1, RULE_NEW }
659 ,{ 12, 210, 3319, IP4_SRC, IP4_DST, 3.0, RULE_NEW }
660 ,{ 13, 210, 3319, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
661 ,{ 14, 210, 3319, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
662 ,{ 15, 210, 3319, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
663 ,{ 16, 210, 3319, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
664 ,{ 17, 210, 3319, IP4_SRC, IP4_DST, 9.8, RULE_ORIG }
665 ,{ 18, 210, 3319, IP4_SRC, IP4_DST, 9.9, RULE_ORIG }
666 ,{ 19, 210, 3319, IP4_SRC, IP4_DST, 10.0, RULE_ORIG }
667 ,{ 20, 210, 3319, IP4_SRC, IP4_DST, 11.0, RULE_ORIG }
668
669 ,{ 0, 210, 3351, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
670 ,{ 1, 210, 3351, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
671 ,{ 2, 210, 3351, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
672 ,{ 3, 210, 3351, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
673 ,{ 4, 210, 3351, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
674 ,{ 5, 210, 3351, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
675 ,{ 6, 210, 3351, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
676 ,{ 7, 210, 3351, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
677 ,{ 8, 210, 3351, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
678 ,{ 9, 210, 3351, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
679 ,{ 10, 210, 3351, IP4_SRC, IP4_DST, 10.0, RULE_NEW }
680 ,{ 11, 210, 3351, IP4_SRC, IP4_DST, 10.1, RULE_NEW }
681 ,{ 12, 210, 3351, IP4_SRC, IP4_DST, 15.0, RULE_ORIG }
682 ,{ 13, 210, 3351, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
683 ,{ 14, 210, 3351, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
684 ,{ 15, 210, 3351, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
685 ,{ 16, 210, 3351, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
686 ,{ 17, 210, 3351, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
687 ,{ 18, 210, 3351, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
688 ,{ 19, 210, 3351, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
689 ,{ 20, 210, 3351, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
690 ,{ 21, 210, 3351, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
691
692 ,{ 0, 210, 3355, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
693 ,{ 1, 210, 3355, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
694 ,{ 2, 210, 3355, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
695 ,{ 3, 210, 3355, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
696 ,{ 4, 210, 3355, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
697 ,{ 5, 210, 3355, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
698 ,{ 6, 210, 3355, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
699 ,{ 7, 210, 3355, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
700 ,{ 8, 210, 3355, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
701 ,{ 9, 210, 3355, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
702 ,{ 10, 210, 3355, IP4_SRC, IP4_DST, 10.0, RULE_NEW }
703 ,{ 11, 210, 3355, IP4_SRC, IP4_DST, 10.1, RULE_NEW }
704 ,{ 12, 210, 3355, IP4_SRC, IP4_DST, 15.0, RULE_ORIG }
705 ,{ 13, 210, 3355, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
706 ,{ 14, 210, 3355, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
707 ,{ 15, 210, 3355, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
708 ,{ 16, 210, 3355, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
709 ,{ 17, 210, 3355, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
710 ,{ 18, 210, 3355, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
711 ,{ 19, 210, 3355, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
712 ,{ 20, 210, 3355, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
713 ,{ 21, 210, 3355, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
714
715 ,{ 0, 210, 3359, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
716 ,{ 1, 210, 3359, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
717 ,{ 2, 210, 3359, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
718 ,{ 3, 210, 3359, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
719 ,{ 4, 210, 3359, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
720 ,{ 5, 210, 3359, IP4_SRC, IP4_DST, 5.0, RULE_NEW }
721 ,{ 6, 210, 3359, IP4_SRC, IP4_DST, 5.1, RULE_NEW }
722 ,{ 7, 210, 3359, IP4_SRC, IP4_DST, 5.2, RULE_NEW }
723 ,{ 8, 210, 3359, IP4_SRC, IP4_DST, 5.3, RULE_NEW }
724 ,{ 9, 210, 3359, IP4_SRC, IP4_DST, 5.4, RULE_NEW }
725 ,{ 10, 210, 3359, IP4_SRC, IP4_DST, 10.0, RULE_NEW }
726 ,{ 11, 210, 3359, IP4_SRC, IP4_DST, 10.1, RULE_NEW }
727 ,{ 12, 210, 3359, IP4_SRC, IP4_DST, 15.0, RULE_NEW }
728 ,{ 13, 210, 3359, IP4_SRC, IP4_DST, 19.0, RULE_ORIG }
729 ,{ 14, 210, 3359, IP4_SRC, IP4_DST, 25.0, RULE_ORIG }
730 ,{ 15, 210, 3359, IP4_SRC, IP4_DST, 25.1, RULE_ORIG }
731 ,{ 16, 210, 3359, IP4_SRC, IP4_DST, 25.2, RULE_ORIG }
732 ,{ 17, 210, 3359, IP4_SRC, IP4_DST, 25.3, RULE_NEW }
733 ,{ 18, 210, 3359, IP4_SRC, IP4_DST, 45.8, RULE_ORIG }
734 ,{ 19, 210, 3359, IP4_SRC, IP4_DST, 45.9, RULE_ORIG }
735 ,{ 20, 210, 3359, IP4_SRC, IP4_DST, 50.0, RULE_ORIG }
736 ,{ 21, 210, 3359, IP4_SRC, IP4_DST, 55.0, RULE_ORIG }
737
738 ,{ 0, 210, 3391, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
739 ,{ 1, 210, 3391, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
740 ,{ 2, 210, 3391, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
741 ,{ 3, 210, 3391, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
742 ,{ 4, 210, 3391, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
743 ,{ 5, 210, 3391, IP4_SRC, IP4_DST, 9.0, RULE_NEW }
744 ,{ 6, 210, 3391, IP4_SRC, IP4_DST, 9.1, RULE_NEW }
745 ,{ 7, 210, 3391, IP4_SRC, IP4_DST, 9.2, RULE_NEW }
746 ,{ 8, 210, 3391, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
747 ,{ 9, 210, 3391, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
748 ,{ 10, 210, 3391, IP4_SRC, IP4_DST, 18.0, RULE_NEW }
749 ,{ 11, 210, 3391, IP4_SRC, IP4_DST, 18.1, RULE_NEW }
750 ,{ 12, 210, 3391, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
751 ,{ 13, 210, 3391, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
752 ,{ 14, 210, 3391, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
753 ,{ 15, 210, 3391, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
754 ,{ 16, 210, 3391, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
755 ,{ 17, 210, 3391, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
756 ,{ 18, 210, 3391, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
757 ,{ 19, 210, 3391, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
758 ,{ 20, 210, 3391, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
759 ,{ 21, 210, 3391, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
760
761 ,{ 0, 210, 3395, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
762 ,{ 1, 210, 3395, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
763 ,{ 2, 210, 3395, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
764 ,{ 3, 210, 3395, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
765 ,{ 4, 210, 3395, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
766 ,{ 5, 210, 3395, IP4_SRC, IP4_DST, 9.0, RULE_NEW }
767 ,{ 6, 210, 3395, IP4_SRC, IP4_DST, 9.1, RULE_NEW }
768 ,{ 7, 210, 3395, IP4_SRC, IP4_DST, 9.2, RULE_NEW }
769 ,{ 8, 210, 3395, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
770 ,{ 9, 210, 3395, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
771 ,{ 10, 210, 3395, IP4_SRC, IP4_DST, 18.0, RULE_NEW }
772 ,{ 11, 210, 3395, IP4_SRC, IP4_DST, 18.1, RULE_NEW }
773 ,{ 12, 210, 3395, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
774 ,{ 13, 210, 3395, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
775 ,{ 14, 210, 3395, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
776 ,{ 15, 210, 3395, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
777 ,{ 16, 210, 3395, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
778 ,{ 17, 210, 3395, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
779 ,{ 18, 210, 3395, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
780 ,{ 19, 210, 3395, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
781 ,{ 20, 210, 3395, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
782 ,{ 21, 210, 3395, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
783
784 ,{ 0, 210, 3399, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
785 ,{ 1, 210, 3399, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
786 ,{ 2, 210, 3399, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
787 ,{ 3, 210, 3399, IP4_SRC, IP4_DST, 0.3, RULE_NEW }
788 ,{ 4, 210, 3399, IP4_SRC, IP4_DST, 0.4, RULE_NEW }
789 ,{ 5, 210, 3399, IP4_SRC, IP4_DST, 9.0, RULE_NEW }
790 ,{ 6, 210, 3399, IP4_SRC, IP4_DST, 9.1, RULE_NEW }
791 ,{ 7, 210, 3399, IP4_SRC, IP4_DST, 9.2, RULE_NEW }
792 ,{ 8, 210, 3399, IP4_SRC, IP4_DST, 9.3, RULE_NEW }
793 ,{ 9, 210, 3399, IP4_SRC, IP4_DST, 9.4, RULE_NEW }
794 ,{ 10, 210, 3399, IP4_SRC, IP4_DST, 18.0, RULE_NEW }
795 ,{ 11, 210, 3399, IP4_SRC, IP4_DST, 18.1, RULE_NEW }
796 ,{ 12, 210, 3399, IP4_SRC, IP4_DST, 27.0, RULE_ORIG }
797 ,{ 13, 210, 3399, IP4_SRC, IP4_DST, 35.0, RULE_ORIG }
798 ,{ 14, 210, 3399, IP4_SRC, IP4_DST, 45.0, RULE_ORIG }
799 ,{ 15, 210, 3399, IP4_SRC, IP4_DST, 45.1, RULE_ORIG }
800 ,{ 16, 210, 3399, IP4_SRC, IP4_DST, 45.2, RULE_ORIG }
801 ,{ 17, 210, 3399, IP4_SRC, IP4_DST, 45.3, RULE_NEW }
802 ,{ 18, 210, 3399, IP4_SRC, IP4_DST, 81.8, RULE_ORIG }
803 ,{ 19, 210, 3399, IP4_SRC, IP4_DST, 81.9, RULE_ORIG }
804 ,{ 20, 210, 3399, IP4_SRC, IP4_DST, 90.0, RULE_ORIG }
805 ,{ 21, 210, 3399, IP4_SRC, IP4_DST, 99.0, RULE_ORIG }
806
807 ,{ 0, 300, 1110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
808 ,{ 1, 300, 1110, IP4_EXT, IP4_DST, 0.1, RULE_ORIG }
809 ,{ 2, 300, 1110, IP4_EXT, IP4_DST, 0.2, RULE_ORIG }
810 ,{ 3, 300, 1110, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
811 ,{ 4, 300, 1110, IP4_SRC, IP4_DST, 1.9, RULE_NEW }
812 ,{ 5, 300, 1110, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
813 ,{ 6, 300, 1110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
814
815 ,{ 0, 300, 2110, IP4_SRC, IP4_DST, 0.0, RULE_ORIG }
816 ,{ 1, 300, 2110, IP4_SRC, IP4_EXT, 0.1, RULE_ORIG }
817 ,{ 2, 300, 2110, IP4_SRC, IP4_EXT, 0.2, RULE_ORIG }
818 ,{ 3, 300, 2110, IP4_SRC, IP4_DST, 1.0, RULE_ORIG }
819 ,{ 4, 300, 2110, IP4_SRC, IP4_DST, 1.9, RULE_NEW }
820 ,{ 5, 300, 2110, IP4_SRC, IP4_DST, 2.0, RULE_NEW }
821 ,{ 6, 300, 2110, IP4_SRC, IP4_DST, 9.9, RULE_NEW }
822
823 ,{ 0, 310, 1110, IP4_EXT, IP4_DST, 0.0, RULE_ORIG }
824 ,{ 1, 310, 1110, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
825 ,{ 2, 310, 1110, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
826 ,{ 3, 310, 1110, IP4_EXT, IP4_DST, 1.0, RULE_ORIG }
827 ,{ 4, 310, 1110, IP4_EXT, IP4_DST, 1.9, RULE_NEW }
828 ,{ 5, 310, 1110, IP4_EXT, IP4_DST, 2.0, RULE_NEW }
829 ,{ 6, 310, 1110, IP4_EXT, IP4_DST, 9.9, RULE_NEW }
830
831 ,{ 0, 310, 2110, IP4_SRC, IP4_EXT, 0.0, RULE_ORIG }
832 ,{ 1, 310, 2110, IP4_SRC, IP4_DST, 0.1, RULE_ORIG }
833 ,{ 2, 310, 2110, IP4_SRC, IP4_DST, 0.2, RULE_ORIG }
834 ,{ 3, 310, 2110, IP4_SRC, IP4_EXT, 1.0, RULE_ORIG }
835 ,{ 4, 310, 2110, IP4_SRC, IP4_EXT, 1.9, RULE_NEW }
836 ,{ 5, 310, 2110, IP4_SRC, IP4_EXT, 2.0, RULE_NEW }
837 ,{ 6, 310, 2110, IP4_SRC, IP4_EXT, 9.9, RULE_NEW }
838
839 ,{ 0, 410, 1110, IP6_EXT, IP6_DST, 0.0, RULE_ORIG }
840 ,{ 1, 410, 1110, IP6_SRC, IP6_DST, 0.1, RULE_ORIG }
841 ,{ 2, 410, 1110, IP6_SRC, IP6_DST, 0.2, RULE_ORIG }
842 ,{ 3, 410, 1110, IP6_EXT, IP6_DST, 1.0, RULE_ORIG }
843 ,{ 4, 410, 1110, IP6_EXT, IP6_DST, 1.9, RULE_NEW }
844 ,{ 5, 410, 1110, IP6_EXT, IP6_DST, 2.0, RULE_NEW }
845 ,{ 6, 410, 1110, IP6_EXT, IP6_DST, 9.9, RULE_NEW }
846
847 ,{ 0, 410, 2110, IP6_SRC, IP6_EXT, 0.0, RULE_ORIG }
848 ,{ 1, 410, 2110, IP6_SRC, IP6_DST, 0.1, RULE_ORIG }
849 ,{ 2, 410, 2110, IP6_SRC, IP6_DST, 0.2, RULE_ORIG }
850 ,{ 3, 410, 2110, IP6_SRC, IP6_EXT, 1.0, RULE_ORIG }
851 ,{ 4, 410, 2110, IP6_SRC, IP6_EXT, 1.9, RULE_NEW }
852 ,{ 5, 410, 2110, IP6_SRC, IP6_EXT, 2.0, RULE_NEW }
853 ,{ 6, 410, 2110, IP6_SRC, IP6_EXT, 9.9, RULE_NEW }
854 #endif
855 };
856
857 #define NUM_EVENTS (sizeof(evData)/sizeof(evData[0]))
858
859 //---------------------------------------------------------------
860
861 #if 0
862 static void PrintTests()
863 {
864 unsigned i;
865 EventData* prev = nullptr;
866
867 for ( i = 0; i < NUM_EVENTS; i++ )
868 {
869 EventData* e = evData + i;
870
871 const char* act = (e->expect == RULE_ORIG) ? "-" : "+";
872 const char* net = "";
873
874 if ( !prev || prev->gid != e->gid || prev->sid != e->sid )
875 {
876 printf("\n%d,%d:", e->gid, e->sid);
877 }
878 if ( strcmp(e->sip, IP4_SRC) )
879 net = "s";
880 else if ( strcmp(e->dip, IP4_DST) )
881 net = "d";
882
883 printf(" %s%.1f%s", act, e->now, net);
884 prev = e;
885 }
886 exit(0);
887 }
888 #endif
889
890 //---------------------------------------------------------------
891
Init(const SnortConfig * sc,unsigned cap)892 static void Init(const SnortConfig* sc, unsigned cap)
893 {
894 // FIXIT-L must set policies because they may have been invalidated
895 // by prior tests with transient SnortConfigs. better to fix sfrf
896 // to use a SnortConfig parameter or make this a make check test
897 // with a separate executable.
898 set_default_policy(sc);
899 rfc = RateFilter_ConfigNew();
900 rfc->memcap = cap;
901
902 SFRF_Alloc(rfc->memcap);
903
904 for ( unsigned i = 0; i < NUM_NODES; i++ )
905 {
906 RateData* p = rfData + i;
907 tSFRFConfigNode cfg;
908
909 cfg.gid = p->gid;
910 cfg.sid = p->sid;
911 cfg.tracking = p->track;
912 cfg.count = p->count;
913 cfg.seconds = p->seconds;
914 cfg.newAction = (Actions::Type)RULE_NEW;
915 cfg.timeout = p->timeout;
916 cfg.applyTo = p->ip ? sfip_var_from_string(p->ip, "sfrf_test") : nullptr;
917
918 p->create = SFRF_ConfigAdd(nullptr, rfc, &cfg);
919 }
920 }
921
Term()922 static void Term()
923 {
924 SFRF_Delete();
925 RateFilter_ConfigFree(rfc);
926 rfc = nullptr;
927 }
928
SetupCheck(int i)929 static int SetupCheck(int i)
930 {
931 RateData* p = rfData + i;
932 if ( p->expect == p->create )
933 return 1;
934 printf("setup %d: exp %d, got %d\n", i, p->expect, p->create);
935 return 0;
936 }
937
EventTest(EventData * p)938 static int EventTest(EventData* p)
939 {
940 // now is a float to clarify the impact of
941 // just using truncated seconds on thresholds
942 long curtime = (long)p->now;
943 int status;
944
945 // this is the only acceptable public value for op
946 SFRF_COUNT_OPERATION op = SFRF_COUNT_INCREMENT;
947
948 SfIp sip, dip;
949 sip.set(p->sip);
950 dip.set(p->dip);
951
952 status = SFRF_TestThreshold(rfc, p->gid, p->sid, get_network_policy()->policy_id,
953 &sip, &dip, curtime, op);
954
955 if ( status >= Actions::get_max_types() )
956 status -= Actions::get_max_types();
957
958 return status;
959 }
960
EventCheck(int i)961 static int EventCheck(int i)
962 {
963 EventData* p = evData + i;
964 int status = EventTest(p);
965
966 if ( p->expect == status )
967 return 1;
968
969 printf("event[%u](%u,%u): exp %d, got %d\n",
970 p->seq, p->gid, p->sid, p->expect, status);
971 return 0;
972 }
973
CapCheck(int i)974 static int CapCheck(int i)
975 {
976 EventData* p = evData + i;
977 int status = EventTest(p);
978
979 if ( RULE_ORIG == status )
980 return 1;
981
982 printf("cap[%u](%u,%u): exp %d, got %d\n",
983 p->seq, p->gid, p->sid, RULE_ORIG, status);
984 return 0;
985 }
986
987 //---------------------------------------------------------------
988
989 TEST_CASE("sfrf default memcap", "[sfrf]")
990 {
991 SnortConfig sc;
992 Init(&sc, MEM_DEFAULT);
993
994 SECTION("setup")
995 {
996 for ( unsigned i = 0; i < NUM_NODES; ++i )
997 CHECK(SetupCheck(i) == 1);
998 }
999 SECTION("event")
1000 {
1001 for ( unsigned i = 0; i < NUM_NODES; ++i )
1002 CHECK(EventCheck(i) == 1);
1003 }
1004 Term();
1005 }
1006
1007 TEST_CASE("sfrf minimum memcap", "[sfrf]")
1008 {
1009 SnortConfig sc;
1010 Init(&sc, MEM_MINIMUM);
1011
1012 SECTION("setup")
1013 {
1014 for ( unsigned i = 0; i < NUM_NODES; ++i )
1015 CHECK(SetupCheck(i) == 1);
1016 }
1017 SECTION("cap")
1018 {
1019 for ( unsigned i = 0; i < NUM_NODES; ++i )
1020 CHECK(CapCheck(i) == 1);
1021 }
1022 Term();
1023 }
1024