suricata
Functions
detect-engine-address-ipv4.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int DetectAddressCutNotIPv4 (DetectAddress *, DetectAddress **)
 Cuts and returns an address range, which is the complement of the address range that is supplied as the argument. More...
 
int DetectAddressCmpIPv4 (DetectAddress *a, DetectAddress *b)
 Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses. More...
 
int DetectAddressCutIPv4 (DetectEngineCtx *, DetectAddress *, DetectAddress *, DetectAddress **)
 Cut groups and merge sigs. More...
 
int DetectAddressIsCompleteIPSpaceIPv4 (DetectAddress *)
 Check if the address group list covers the complete IPv4 IP space. More...
 
void DetectAddressIPv4Tests (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-address-ipv4.h.

Function Documentation

◆ DetectAddressCmpIPv4()

int DetectAddressCmpIPv4 ( DetectAddress a,
DetectAddress b 
)

Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.

Parameters
aPointer to the first address instance to be compared.
bPointer to the second address instance to be compared.
Return values
ADDRESS_EQIf the 2 address ranges a and b, are equal.
ADDRESS_ESb encapsulates a. b_ip1[...a_ip1...a_ip2...]b_ip2.
ADDRESS_EBa encapsulates b. a_ip1[...b_ip1....b_ip2...]a_ip2.
ADDRESS_LEa_ip1(...b_ip1==a_ip2...)b_ip2
ADDRESS_LTa_ip1(...b_ip1...a_ip2...)b_ip2
ADDRESS_GEb_ip1(...a_ip1==b_ip2...)a_ip2
ADDRESS_GTa_ip1 > b_ip2, i.e. the address range for 'a' starts only after the end of the address range for 'b'

Definition at line 59 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ER, ADDRESS_ES, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Referenced by DetectAddressCmp(), and DetectAddressCutIPv4().

Here is the caller graph for this function:

◆ DetectAddressCutIPv4()

int DetectAddressCutIPv4 ( DetectEngineCtx de_ctx,
DetectAddress a,
DetectAddress b,
DetectAddress **  c 
)

Cut groups and merge sigs. 

  a = 1.2.3.4, b = 1.2.3.4-1.2.3.5
  must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL

  a = 1.2.3.4, b = 1.2.3.3-1.2.3.5
  must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5

  a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10
  must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL

  a = 1.2.3.4, b = 1.2.3.0/24
  must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
Return values
0On success.
-1On failure.

Definition at line 113 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_ES, ADDRESS_GE, ADDRESS_LE, DetectAddressCmpIPv4(), DetectAddressFree(), DetectAddressInit(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Here is the call graph for this function:

◆ DetectAddressCutNotIPv4()

int DetectAddressCutNotIPv4 ( DetectAddress a,
DetectAddress **  b 
)

Cuts and returns an address range, which is the complement of the address range that is supplied as the argument.

For example:

If a = 0.0.0.0-1.2.3.4, then a = 1.2.3.4-255.255.255.255 and b = NULL If a = 1.2.3.4-255.255.255.255, then a = 0.0.0.0-1.2.3.4 and b = NULL If a = 1.2.3.4-192.168.1.1, then a = 0.0.0.0-1.2.3.3 and b = 192.168.1.2-255.255.255.255

Parameters
aPointer to an address range (DetectAddress) instance whose complement has to be returned in a and b.
bPointer to DetectAddress pointer, that will be supplied back with a new DetectAddress instance, if the complement demands so.
Return values
0On success.
-1On failure.

Definition at line 368 of file detect-engine-address-ipv4.c.

References DetectAddressInit(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, and SCNtohl.

Here is the call graph for this function:

◆ DetectAddressIPv4Tests()

void DetectAddressIPv4Tests ( void  )

Definition at line 1008 of file detect-engine-address-ipv4.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DetectAddressIsCompleteIPSpaceIPv4()

int DetectAddressIsCompleteIPSpaceIPv4 ( DetectAddress ag)

Check if the address group list covers the complete IPv4 IP space.

Parameters
agPointer to a DetectAddress list head, which has to be checked to see if the address ranges in it, cover the entire IPv4 IP space.
Return values
1Yes, it covers the entire IPv4 address range.
0No, it doesn't cover the entire IPv4 address range.

Definition at line 314 of file detect-engine-address-ipv4.c.

References DetectAddress_::ip, DetectAddress_::ip2, DetectAddress_::next, and SCNtohl.