aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

util/cidr: simplify IPv4 CIDR handling; add IPv6

Browse Source 
Instead of building a table at init just calculate it on demand.

Callsites are all during init, so its not performance critical.

Add similar function for IPv6.
pull/7018/head
Victor Julien 3 years ago
parent e04fcfcf2f
commit e04d378e58
4 changed files with 38 additions and 20 deletions
Show Stats Download Patch File Download Diff File

2
src/runmode-unittests.c
Unescape Escape View File

@ -237,8 +237,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
SigTableSetup(); /* load the rule keywords */ SigTableSetup(); /* load the rule keywords */
TmqhSetup(); TmqhSetup();
CIDRInit();
TagInitCtx(); TagInitCtx();
SCReferenceConfInit(); SCReferenceConfInit();
SCClassConfInit(); SCClassConfInit();

2
src/suricata.c
Unescape Escape View File

@ -2664,8 +2664,6 @@ int PostConfLoadedSetup(SCInstance *suri)
SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string); SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
TmqhSetup(); TmqhSetup();
CIDRInit();
TagInitCtx(); TagInitCtx();
PacketAlertTagInit(); PacketAlertTagInit();
ThresholdInit(); ThresholdInit();

52
src/util-cidr.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2022 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -26,24 +26,46 @@
#include "suricata-common.h" #include "suricata-common.h"
#include "util-cidr.h" #include "util-cidr.h"
static uint32_t cidrs[33]; uint32_t CIDRGet(int cidr)
{
if (cidr <= 0 || cidr > 32)
return 0;
uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr));
SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask);
return netmask;
}
void CIDRInit(void) /**
* \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
*
* For example if we send a cidr of 7 as argument, an ipv6 address
* mask of the value FE:00:00:00:00:00:00:00 is created and updated
* in the argument struct in6_addr *in6.
*
* \todo I think for the final section: while (cidr > 0), we can simply
* replace it with a
* if (cidr > 0) {
* in6->s6_addr[i] = -1 << (8 - cidr);
*
* \param cidr The value of the cidr.
* \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
* hold the cidr netblock result.
*/
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
{ {
int i = 0; int i = 0;
/* skip 0 as it will result in 0xffffffff */ memset(in6, 0, sizeof(struct in6_addr));
cidrs[0] = 0;
for (i = 1; i < 33; i++) {
cidrs[i] = htonl(0xFFFFFFFF << (32 - i));
//printf("CIDRInit: cidrs[%02d] = 0x%08X\n", i, cidrs[i]);
}
}
uint32_t CIDRGet(int cidr) while (cidr > 8) {
{ in6->s6_addr[i] = 0xff;
if (cidr < 0 || cidr > 32) cidr -= 8;
return 0; i++;
return cidrs[cidr];
} }
while (cidr > 0) {
in6->s6_addr[i] |= 0x80;
if (--cidr > 0)
in6->s6_addr[i] = in6->s6_addr[i] >> 1;
}
}

2
src/util-cidr.h
Unescape Escape View File

@ -24,8 +24,8 @@
#ifndef __UTIL_NETMASK_H__ #ifndef __UTIL_NETMASK_H__
#define __UTIL_NETMASK_H__ #define __UTIL_NETMASK_H__
void CIDRInit(void);
uint32_t CIDRGet(int); uint32_t CIDRGet(int);
void CIDRGetIPv6(int cidr, struct in6_addr *in6);
#endif /* __UTIL_NETMASK_H__ */ #endif /* __UTIL_NETMASK_H__ */

Write Preview
Loading…
Cancel
Save