#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "detect-engine-address.h"
#include "detect-engine-address-ipv4.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
#include "util-error.h"
#include "util-debug.h"

Include dependency graph for detect-engine-address-ipv4.c:

Functions
int	DetectAddressCmpIPv4 (DetectAddress a, DetectAddress b)
	Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses. More...

int	DetectAddressCutIPv4 (DetectEngineCtx de_ctx, DetectAddress a, DetectAddress b, DetectAddress *c)
	Cut groups and merge sigs. More...

int	DetectAddressIsCompleteIPSpaceIPv4 (DetectAddress *ag)
	Check if the address group list covers the complete IPv4 IP space. More...

int	DetectAddressCutNotIPv4 (DetectAddress a, DetectAddress *b)
	Cuts and returns an address range, which is the complement of the address range that is supplied as the argument. More...

void	DetectAddressIPv4Tests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

IPV4 Address part of the detection engine.

Definition in file detect-engine-address-ipv4.c.

Function Documentation

◆ DetectAddressCmpIPv4()

int DetectAddressCmpIPv4	(	DetectAddress *	a,
		DetectAddress *	b
	)

Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.

Parameters

a	Pointer to the first address instance to be compared.
b	Pointer to the second address instance to be compared.

Return values

ADDRESS_EQ	If the 2 address ranges a and b, are equal.
ADDRESS_ES	b encapsulates a. b_ip1[...a_ip1...a_ip2...]b_ip2.
ADDRESS_EB	a encapsulates b. a_ip1[...b_ip1....b_ip2...]a_ip2.
ADDRESS_LE	a_ip1(...b_ip1==a_ip2...)b_ip2
ADDRESS_LT	a_ip1(...b_ip1...a_ip2...)b_ip2
ADDRESS_GE	b_ip1(...a_ip1==b_ip2...)a_ip2
ADDRESS_GT	a_ip1 > b_ip2, i.e. the address range for 'a' starts only after the end of the address range for 'b'

Definition at line 59 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ER, ADDRESS_ES, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Referenced by DetectAddressCmp(), and DetectAddressCutIPv4().

Here is the caller graph for this function:

◆ DetectAddressCutIPv4()

int DetectAddressCutIPv4	(	DetectEngineCtx *	de_ctx,
		DetectAddress *	a,
		DetectAddress *	b,
		DetectAddress **	c
	)

Cut groups and merge sigs.

  a = 1.2.3.4, b = 1.2.3.4-1.2.3.5
  must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL

  a = 1.2.3.4, b = 1.2.3.3-1.2.3.5
  must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5

  a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10
  must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL

  a = 1.2.3.4, b = 1.2.3.0/24
  must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255

Return values

0	On success.
-1	On failure.

Definition at line 113 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_ES, ADDRESS_GE, ADDRESS_LE, DetectAddressCmpIPv4(), DetectAddressFree(), DetectAddressInit(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Here is the call graph for this function:

◆ DetectAddressCutNotIPv4()

int DetectAddressCutNotIPv4	(	DetectAddress *	a,
		DetectAddress **	b
	)

Cuts and returns an address range, which is the complement of the address range that is supplied as the argument.

For example:

If a = 0.0.0.0-1.2.3.4, then a = 1.2.3.4-255.255.255.255 and b = NULL If a = 1.2.3.4-255.255.255.255, then a = 0.0.0.0-1.2.3.4 and b = NULL If a = 1.2.3.4-192.168.1.1, then a = 0.0.0.0-1.2.3.3 and b = 192.168.1.2-255.255.255.255

Parameters

a	Pointer to an address range (DetectAddress) instance whose complement has to be returned in a and b.
b	Pointer to DetectAddress pointer, that will be supplied back with a new DetectAddress instance, if the complement demands so.

Return values