|
|
|
@ -18,7 +18,7 @@
|
|
|
|
|
#include "detect-engine-siggroup.h"
|
|
|
|
|
#include "detect-engine-port.h"
|
|
|
|
|
|
|
|
|
|
int DetectAddressCmpIPv4(DetectAddressData *a, DetectAddressData *b) {
|
|
|
|
|
int DetectAddressGroupCmpIPv4(DetectAddressGroup *a, DetectAddressGroup *b) {
|
|
|
|
|
uint32_t a_ip1 = ntohl(a->ip[0]);
|
|
|
|
|
uint32_t a_ip2 = ntohl(a->ip2[0]);
|
|
|
|
|
uint32_t b_ip1 = ntohl(b->ip[0]);
|
|
|
|
@ -72,17 +72,17 @@ int DetectAddressCmpIPv4(DetectAddressData *a, DetectAddressData *b) {
|
|
|
|
|
* must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
|
|
|
|
|
*/
|
|
|
|
|
int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
|
|
|
|
|
uint32_t a_ip1 = ntohl(a->ad->ip[0]);
|
|
|
|
|
uint32_t a_ip2 = ntohl(a->ad->ip2[0]);
|
|
|
|
|
uint32_t b_ip1 = ntohl(b->ad->ip[0]);
|
|
|
|
|
uint32_t b_ip2 = ntohl(b->ad->ip2[0]);
|
|
|
|
|
uint32_t a_ip1 = ntohl(a->ip[0]);
|
|
|
|
|
uint32_t a_ip2 = ntohl(a->ip2[0]);
|
|
|
|
|
uint32_t b_ip1 = ntohl(b->ip[0]);
|
|
|
|
|
uint32_t b_ip2 = ntohl(b->ip2[0]);
|
|
|
|
|
DetectPort *port = NULL;
|
|
|
|
|
DetectAddressGroup *tmp = NULL;
|
|
|
|
|
|
|
|
|
|
/* default to NULL */
|
|
|
|
|
*c = NULL;
|
|
|
|
|
|
|
|
|
|
int r = DetectAddressCmpIPv4(a->ad,b->ad);
|
|
|
|
|
int r = DetectAddressGroupCmpIPv4(a,b);
|
|
|
|
|
if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
|
|
|
|
|
printf("we shouldn't be here\n");
|
|
|
|
|
goto error;
|
|
|
|
@ -93,7 +93,6 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
|
|
|
|
|
if (tmp == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
memset(tmp,0,sizeof(DetectAddressGroup));
|
|
|
|
|
|
|
|
|
|
/* we have 3 parts: [aaa[abab]bbb]
|
|
|
|
|
* part a: a_ip1 <-> b_ip1 - 1
|
|
|
|
@ -104,39 +103,37 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_LE\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
a->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
b->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->ad = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c->ad == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->ad->family = AF_INET;
|
|
|
|
|
tmp_c->ad->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
tmp_c->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(b_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh,&tmp_c->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh,&b->sh);
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh,&tmp_c->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh,&b->sh);
|
|
|
|
|
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->cnt += b->cnt;
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
tmp_c->cnt += b->cnt;
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* we have 3 parts: [bbb[baba]aaa]
|
|
|
|
|
* part a: b_ip1 <-> a_ip1 - 1
|
|
|
|
@ -147,162 +144,30 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_GE\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
a->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
b->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->ad = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c->ad == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->ad->family = AF_INET;
|
|
|
|
|
tmp_c->ad->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
tmp_c->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(a_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
/* 'a' gets clean and then 'b' sigs
|
|
|
|
|
* 'b' gets clean, then 'a' then 'b' sigs
|
|
|
|
|
* 'c' gets 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
|
|
|
|
|
SigGroupHeadClearSigs(a->sh); /* clean a list */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh); /* copy old b to c */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp->cnt += a->cnt;
|
|
|
|
|
a->cnt = 0;
|
|
|
|
|
tmp_c->cnt += tmp->cnt;
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
b->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
|
|
|
|
|
/* we have 2 or three parts:
|
|
|
|
|
*
|
|
|
|
|
* 2 part: [[abab]bbb] or [bbb[baba]]
|
|
|
|
|
* part a: a_ip1 <-> a_ip2
|
|
|
|
|
* part b: a_ip2 + 1 <-> b_ip2
|
|
|
|
|
*
|
|
|
|
|
* part a: b_ip1 <-> a_ip1 - 1
|
|
|
|
|
* part b: a_ip1 <-> a_ip2
|
|
|
|
|
*
|
|
|
|
|
* 3 part [bbb[aaa]bbb]
|
|
|
|
|
* becomes[aaa[bbb]ccc]
|
|
|
|
|
*
|
|
|
|
|
* part a: b_ip1 <-> a_ip1 - 1
|
|
|
|
|
* part b: a_ip1 <-> a_ip2
|
|
|
|
|
* part c: a_ip2 + 1 <-> b_ip2
|
|
|
|
|
*/
|
|
|
|
|
} else if (r == ADDRESS_ES) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_ES\n");
|
|
|
|
|
#endif
|
|
|
|
|
if (a_ip1 == b_ip1) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 1\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
b->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
|
|
|
|
|
|
|
|
|
|
//printf("a: "); DetectAddressDataPrint(a->ad); printf(": "); DbgPrintSigs2(a->sh);
|
|
|
|
|
//printf("b: "); DetectAddressDataPrint(b->ad); printf(": "); DbgPrintSigs2(b->sh);
|
|
|
|
|
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
|
|
|
|
|
} else if (a_ip2 == b_ip2) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 2\n");
|
|
|
|
|
#endif
|
|
|
|
|
//printf("1a: "); DetectAddressDataPrint(a->ad); printf(": "); DbgPrintSigs2(a->sh);
|
|
|
|
|
//printf("1b: "); DetectAddressDataPrint(b->ad); printf(": "); DbgPrintSigs2(b->sh);
|
|
|
|
|
a->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
|
|
|
|
|
SigGroupHeadClearSigs(a->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, a->port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
tmp->cnt += a->cnt;
|
|
|
|
|
a->cnt = 0;
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
b->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
} else {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("3\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->ad = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c->ad == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->ad->family = AF_INET;
|
|
|
|
|
tmp_c->ad->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
tmp_c->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'a' gets clean and then 'b' sigs
|
|
|
|
|
* 'b' gets clean, then 'a' then 'b' sigs
|
|
|
|
|
* 'c' gets 'b' sigs */
|
|
|
|
|
* 'c' gets 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
|
|
|
|
|
SigGroupHeadClearSigs(a->sh); /* clean a list */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); /* copy old b to c */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh); /* copy old b to c */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
|
|
|
|
@ -310,213 +175,23 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp->cnt += a->cnt;
|
|
|
|
|
a->cnt = 0;
|
|
|
|
|
tmp_c->cnt += b->cnt;
|
|
|
|
|
tmp_c->cnt += tmp->cnt;
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
b->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
}
|
|
|
|
|
/* we have 2 or three parts:
|
|
|
|
|
*
|
|
|
|
|
* 2 part: [[baba]aaa] or [aaa[abab]]
|
|
|
|
|
* part a: b_ip1 <-> b_ip2
|
|
|
|
|
* part b: b_ip2 + 1 <-> a_ip2
|
|
|
|
|
*
|
|
|
|
|
* part a: a_ip1 <-> b_ip1 - 1
|
|
|
|
|
* part b: b_ip1 <-> b_ip2
|
|
|
|
|
*
|
|
|
|
|
* 3 part [aaa[bbb]aaa]
|
|
|
|
|
* becomes[aaa[bbb]ccc]
|
|
|
|
|
*
|
|
|
|
|
* part a: a_ip1 <-> b_ip2 - 1
|
|
|
|
|
* part b: b_ip1 <-> b_ip2
|
|
|
|
|
* part c: b_ip2 + 1 <-> a_ip2
|
|
|
|
|
*/
|
|
|
|
|
} else if (r == ADDRESS_EB) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_EB\n");
|
|
|
|
|
#endif
|
|
|
|
|
if (a_ip1 == b_ip1) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 1\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
b->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
/* 'b' overlaps 'a' so a needs the 'b' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
|
|
|
|
|
SigGroupHeadClearSigs(b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh);
|
|
|
|
|
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, b->port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
tmp->cnt += b->cnt;
|
|
|
|
|
b->cnt = 0;
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
a->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
} else if (a_ip2 == b_ip2) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 2\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
/* 'a' overlaps 'b' so a needs the 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
} else {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 3\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ad->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ad->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ad->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ad->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->ad = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c->ad == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->ad->family = AF_INET;
|
|
|
|
|
tmp_c->ad->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
tmp_c->ad->ip2[0] = htonl(a_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
/* 'a' stays the same wrt sigs
|
|
|
|
|
* 'b' keeps it's own sigs and gets a's sigs prepended
|
|
|
|
|
* 'c' gets 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
tmp_c->cnt += a->cnt;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tmp != NULL)
|
|
|
|
|
DetectAddressGroupFree(tmp);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
if (tmp != NULL)
|
|
|
|
|
DetectAddressGroupFree(tmp);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* a = 1.2.3.4, b = 1.2.3.4-1.2.3.5
|
|
|
|
|
* must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL
|
|
|
|
|
*
|
|
|
|
|
* a = 1.2.3.4, b = 1.2.3.3-1.2.3.5
|
|
|
|
|
* must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5
|
|
|
|
|
*
|
|
|
|
|
* a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10
|
|
|
|
|
* must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL
|
|
|
|
|
*
|
|
|
|
|
* a = 1.2.3.4, b = 1.2.3.0/24
|
|
|
|
|
* must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
|
|
|
|
|
*/
|
|
|
|
|
int DetectAddressCutIPv4(DetectAddressData *a, DetectAddressData *b, DetectAddressData **c) {
|
|
|
|
|
uint32_t a_ip1 = ntohl(a->ip[0]);
|
|
|
|
|
uint32_t a_ip2 = ntohl(a->ip2[0]);
|
|
|
|
|
uint32_t b_ip1 = ntohl(b->ip[0]);
|
|
|
|
|
uint32_t b_ip2 = ntohl(b->ip2[0]);
|
|
|
|
|
|
|
|
|
|
/* default to NULL */
|
|
|
|
|
*c = NULL;
|
|
|
|
|
|
|
|
|
|
int r = DetectAddressCmpIPv4(a,b);
|
|
|
|
|
if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* we have 3 parts: [aaa[abab]bbb]
|
|
|
|
|
* part a: a_ip1 <-> b_ip1 - 1
|
|
|
|
|
* part b: b_ip1 <-> a_ip2
|
|
|
|
|
* part c: a_ip2 + 1 <-> b_ip2
|
|
|
|
|
*/
|
|
|
|
|
if (r == ADDRESS_LE) {
|
|
|
|
|
a->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressData *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(b_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
/* we have 3 parts: [bbb[baba]aaa]
|
|
|
|
|
* part a: b_ip1 <-> a_ip1 - 1
|
|
|
|
|
* part b: a_ip1 <-> b_ip2
|
|
|
|
|
* part c: b_ip2 + 1 <-> a_ip2
|
|
|
|
|
*/
|
|
|
|
|
} else if (r == ADDRESS_GE) {
|
|
|
|
|
a->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressData *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressDataInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(a_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
/* we have 2 or three parts:
|
|
|
|
|
*
|
|
|
|
@ -528,39 +203,119 @@ int DetectAddressCutIPv4(DetectAddressData *a, DetectAddressData *b, DetectAddre
|
|
|
|
|
* part b: a_ip1 <-> a_ip2
|
|
|
|
|
*
|
|
|
|
|
* 3 part [bbb[aaa]bbb]
|
|
|
|
|
* becomes[aaa[bbb]ccc]
|
|
|
|
|
*
|
|
|
|
|
* part a: b_ip1 <-> a_ip1 - 1
|
|
|
|
|
* part b: a_ip1 <-> a_ip2
|
|
|
|
|
* part c: a_ip2 + 1 <-> b_ip2
|
|
|
|
|
*/
|
|
|
|
|
} else if (r == ADDRESS_ES) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_ES\n");
|
|
|
|
|
#endif
|
|
|
|
|
if (a_ip1 == b_ip1) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 1\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
b->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
|
|
|
|
|
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
}
|
|
|
|
|
} else if (a_ip2 == b_ip2) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 2\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
|
|
|
|
|
SigGroupHeadClearSigs(a->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, a->port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
tmp->cnt += a->cnt;
|
|
|
|
|
a->cnt = 0;
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
b->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("3\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(a_ip1);
|
|
|
|
|
b->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressData *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressDataInit();
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(b_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'a' gets clean and then 'b' sigs
|
|
|
|
|
* 'b' gets clean, then 'a' then 'b' sigs
|
|
|
|
|
* 'c' gets 'b' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
|
|
|
|
|
SigGroupHeadClearSigs(a->sh); /* clean a list */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); /* copy old b to c */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
tmp->cnt += a->cnt;
|
|
|
|
|
a->cnt = 0;
|
|
|
|
|
tmp_c->cnt += b->cnt;
|
|
|
|
|
a->cnt += b->cnt;
|
|
|
|
|
b->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* we have 2 or three parts:
|
|
|
|
|
*
|
|
|
|
@ -572,45 +327,117 @@ int DetectAddressCutIPv4(DetectAddressData *a, DetectAddressData *b, DetectAddre
|
|
|
|
|
* part b: b_ip1 <-> b_ip2
|
|
|
|
|
*
|
|
|
|
|
* 3 part [aaa[bbb]aaa]
|
|
|
|
|
* becomes[aaa[bbb]ccc]
|
|
|
|
|
*
|
|
|
|
|
* part a: a_ip1 <-> b_ip2 - 1
|
|
|
|
|
* part b: b_ip1 <-> b_ip2
|
|
|
|
|
* part c: b_ip2 + 1 <-> a_ip2
|
|
|
|
|
*/
|
|
|
|
|
} else if (r == ADDRESS_EB) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: r == ADDRESS_EB\n");
|
|
|
|
|
#endif
|
|
|
|
|
if (a_ip1 == b_ip1) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 1\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(b_ip1);
|
|
|
|
|
a->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
b->ip2[0] = htonl(a_ip2);
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'b' overlaps 'a' so a needs the 'b' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
|
|
|
|
|
SigGroupHeadClearSigs(b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
|
|
|
|
|
SigGroupHeadClearSigs(tmp->sh);
|
|
|
|
|
|
|
|
|
|
for (port = b->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp->port, b->port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = tmp->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &a->port, port);
|
|
|
|
|
}
|
|
|
|
|
tmp->cnt += b->cnt;
|
|
|
|
|
b->cnt = 0;
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
a->cnt += tmp->cnt;
|
|
|
|
|
tmp->cnt = 0;
|
|
|
|
|
}
|
|
|
|
|
} else if (a_ip2 == b_ip2) {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 2\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'a' overlaps 'b' so a needs the 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
#ifdef DBG
|
|
|
|
|
printf("DetectAddressGroupCutIPv4: 3\n");
|
|
|
|
|
#endif
|
|
|
|
|
a->ip[0] = htonl(a_ip1);
|
|
|
|
|
a->ip2[0] = htonl(b_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
b->ip[0] = htonl(b_ip1);
|
|
|
|
|
b->ip2[0] = htonl(b_ip2);
|
|
|
|
|
|
|
|
|
|
DetectAddressData *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressDataInit();
|
|
|
|
|
DetectAddressGroup *tmp_c;
|
|
|
|
|
tmp_c = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_c == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmp_c->family = AF_INET;
|
|
|
|
|
tmp_c->ip[0] = htonl(b_ip2 + 1);
|
|
|
|
|
tmp_c->ip2[0] = htonl(a_ip2);
|
|
|
|
|
*c = tmp_c;
|
|
|
|
|
|
|
|
|
|
if (de_ctx != NULL) {
|
|
|
|
|
/* 'a' stays the same wrt sigs
|
|
|
|
|
* 'b' keeps it's own sigs and gets a's sigs prepended
|
|
|
|
|
* 'c' gets 'a' sigs */
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
|
|
|
|
|
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
|
|
|
|
|
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &b->port, port);
|
|
|
|
|
}
|
|
|
|
|
for (port = a->port; port != NULL; port = port->next) {
|
|
|
|
|
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b->cnt += a->cnt;
|
|
|
|
|
tmp_c->cnt += a->cnt;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tmp != NULL)
|
|
|
|
|
DetectAddressGroupFree(tmp);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
if (tmp != NULL)
|
|
|
|
|
DetectAddressGroupFree(tmp);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -622,32 +449,32 @@ error:
|
|
|
|
|
int DetectAddressGroupIsCompleteIPSpaceIPv4(DetectAddressGroup *ag) {
|
|
|
|
|
uint32_t next_ip = 0;
|
|
|
|
|
|
|
|
|
|
if (ag == NULL || ag->ad == NULL)
|
|
|
|
|
if (ag == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* if we don't start with 0.0.0.0 we know we're good */
|
|
|
|
|
if (ntohl(ag->ad->ip[0]) != 0x00000000)
|
|
|
|
|
if (ntohl(ag->ip[0]) != 0x00000000)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* if we're ending with 255.255.255.255 while we know
|
|
|
|
|
we started with 0.0.0.0 it's the complete space */
|
|
|
|
|
if (ntohl(ag->ad->ip2[0]) == 0xFFFFFFFF)
|
|
|
|
|
if (ntohl(ag->ip2[0]) == 0xFFFFFFFF)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
next_ip = htonl(ntohl(ag->ad->ip2[0]) + 1);
|
|
|
|
|
next_ip = htonl(ntohl(ag->ip2[0]) + 1);
|
|
|
|
|
ag = ag->next;
|
|
|
|
|
|
|
|
|
|
for ( ; ag != NULL; ag = ag->next) {
|
|
|
|
|
if (ag == NULL || ag->ad == NULL)
|
|
|
|
|
if (ag == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (ag->ad->ip[0] != next_ip)
|
|
|
|
|
if (ag->ip[0] != next_ip)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (ntohl(ag->ad->ip2[0]) == 0xFFFFFFFF)
|
|
|
|
|
if (ntohl(ag->ip2[0]) == 0xFFFFFFFF)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
next_ip = htonl(ntohl(ag->ad->ip2[0]) + 1);
|
|
|
|
|
next_ip = htonl(ntohl(ag->ip2[0]) + 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
@ -663,7 +490,7 @@ int DetectAddressGroupIsCompleteIPSpaceIPv4(DetectAddressGroup *ag) {
|
|
|
|
|
* must result in: a == 0.0.0.0-255.255.255.254, b == NULL
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
int DetectAddressCutNotIPv4(DetectAddressData *a, DetectAddressData **b) {
|
|
|
|
|
int DetectAddressGroupCutNotIPv4(DetectAddressGroup *a, DetectAddressGroup **b) {
|
|
|
|
|
uint32_t a_ip1 = ntohl(a->ip[0]);
|
|
|
|
|
uint32_t a_ip2 = ntohl(a->ip2[0]);
|
|
|
|
|
|
|
|
|
@ -674,8 +501,7 @@ int DetectAddressCutNotIPv4(DetectAddressData *a, DetectAddressData **b) {
|
|
|
|
|
a->ip[0] = htonl(0x00000000);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
|
|
|
|
|
DetectAddressData *tmp_b;
|
|
|
|
|
tmp_b = DetectAddressDataInit();
|
|
|
|
|
DetectAddressGroup *tmp_b = DetectAddressGroupInit();
|
|
|
|
|
if (tmp_b == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
@ -685,11 +511,11 @@ int DetectAddressCutNotIPv4(DetectAddressData *a, DetectAddressData **b) {
|
|
|
|
|
*b = tmp_b;
|
|
|
|
|
|
|
|
|
|
} else if (a_ip1 == 0x00000000 && a_ip2 != 0xFFFFFFFF) {
|
|
|
|
|
a->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
a->ip[0] = htonl(a_ip2 + 1);
|
|
|
|
|
a->ip2[0] = htonl(0xFFFFFFFF);
|
|
|
|
|
|
|
|
|
|
} else if (a_ip1 != 0x00000000 && a_ip2 == 0xFFFFFFFF) {
|
|
|
|
|
a->ip[0] = htonl(0x00000000);
|
|
|
|
|
a->ip[0] = htonl(0x00000000);
|
|
|
|
|
a->ip2[0] = htonl(a_ip1 - 1);
|
|
|
|
|
} else {
|
|
|
|
|
goto error;
|
|
|
|
@ -702,11 +528,11 @@ error:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int DetectAddressGroupJoinIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
|
|
|
|
|
if (ntohl(source->ad->ip[0]) < ntohl(target->ad->ip[0]))
|
|
|
|
|
target->ad->ip[0] = source->ad->ip[0];
|
|
|
|
|
if (ntohl(source->ip[0]) < ntohl(target->ip[0]))
|
|
|
|
|
target->ip[0] = source->ip[0];
|
|
|
|
|
|
|
|
|
|
if (ntohl(source->ad->ip2[0]) > ntohl(target->ad->ip2[0]))
|
|
|
|
|
target->ad->ip2[0] = source->ad->ip2[0];
|
|
|
|
|
if (ntohl(source->ip2[0]) > ntohl(target->ip2[0]))
|
|
|
|
|
target->ip2[0] = source->ip2[0];
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|