suppress: use DetectAddress instead of DetectAddressHead

src/detect-engine-threshold.c

@@ -534,13 +534,13 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
         }
         case TYPE_SUPPRESS:
         {
-            DetectAddress *res = NULL;
+            int res = 0;
             switch (td->track) {
                 case TRACK_DST:
-                    res = DetectAddressLookupInHead(&td->addr, &p->dst);
+                    res = DetectAddressMatch(td->addr, &p->dst);
                     break;
                 case TRACK_SRC:
-                    res = DetectAddressLookupInHead(&td->addr, &p->src);
+                    res = DetectAddressMatch(td->addr, &p->src);
                     break;
                 case TRACK_RULE:
                 default:
@@ -548,7 +548,7 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
                                "track mode %d is not supported", td->track);
                     break;
             }
-            if (res == NULL)
+            if (res == 0)
                 ret = 1;
             break;
         }

src/detect-threshold.c

@@ -44,6 +44,7 @@
 
 #include "detect-threshold.h"
 #include "detect-parse.h"
+#include "detect-engine-address.h"
 
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -276,7 +277,10 @@ error:
  */
 static void DetectThresholdFree(void *de_ptr) {
     DetectThresholdData *de = (DetectThresholdData *)de_ptr;
-    if (de) SCFree(de);
+    if (de) {
+        DetectAddressFree(de->addr);
+        SCFree(de);
+    }
 }
 
 /*

src/detect-threshold.h

@@ -62,8 +62,7 @@ typedef struct DetectThresholdData_ {
     uint8_t new_action; /**< new_action alert|drop|pass|log|sdrop|reject */
     uint32_t timeout;   /**< timeout */
     uint32_t flags;     /**< flags used to set option */
-    /* TODO take care of free of allocated */
-    DetectAddressHead addr; /**< address group used by suppress keyword */
+    DetectAddress* addr; /**< address group used by suppress keyword */
 } DetectThresholdData;
 
 typedef struct DetectThresholdEntry_ {

src/util-threshold-config.c

@@ -535,9 +535,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
             de->seconds = parsed_seconds;
             de->new_action = parsed_new_action;
             de->timeout = parsed_timeout;
+            de->addr = NULL;
 
             if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
-                if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) {
+                de->addr = DetectAddressInit();
+                if (de->addr == NULL) {
+                    SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
+                    goto error;
+                }
+                if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
                     SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
                     goto error;
                 }
@@ -598,9 +604,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
                 de->seconds = parsed_seconds;
                 de->new_action = parsed_new_action;
                 de->timeout = parsed_timeout;
+                de->addr = NULL;
 
                 if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
-                    if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) {
+                    de->addr = DetectAddressInit();
+                    if (de->addr == NULL) {
+                        SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
+                        goto error;
+                    }
+                    if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
                         SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
                         goto error;
                     }
@@ -663,9 +675,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
             de->seconds = parsed_seconds;
             de->new_action = parsed_new_action;
             de->timeout = parsed_timeout;
+            de->addr = NULL;
 
             if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
-                if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) {
+                de->addr = DetectAddressInit();
+                if (de->addr == NULL) {
+                    SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
+                    goto error;
+                }
+                if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
                     SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
                     goto error;
                 }
@@ -703,7 +721,10 @@ end:
     fret = 0;
 error:
     if (fret == -1) {
-        if(de != NULL) SCFree(de);
+        if (de != NULL) {
+            if (de->addr != NULL) DetectAddressFree(de->addr);
+            SCFree(de);
+        }
     }
     if(th_rule_type != NULL) SCFree((char *)th_rule_type);
     if(th_sid != NULL) SCFree((char *)th_sid);