detect-engine-address-ipv4.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	DetectAddressCutNotIPv4 (DetectAddress *, DetectAddress **)
	Cuts and returns an address range, which is the complement of the address range that is supplied as the argument. More...
int	DetectAddressCmpIPv4 (DetectAddress *a, DetectAddress *b)
	Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses. More...
int	DetectAddressCutIPv4 (DetectEngineCtx *, DetectAddress *, DetectAddress *, DetectAddress **)
	Cut groups and merge sigs. More...
int	DetectAddressJoinIPv4 (DetectEngineCtx *, DetectAddress *target, DetectAddress *source)
	Extends a target address range if the the source address range is wider than the target address range on either sides. More...
int	DetectAddressIsCompleteIPSpaceIPv4 (DetectAddress *)
	Check if the address group list covers the complete IPv4 IP space. More...
void	DetectAddressIPv4Tests (void)

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-address-ipv4.h.

Function Documentation

int DetectAddressCmpIPv4	(	DetectAddress *	a,
		DetectAddress *	b
	)

Compares 2 addresses(address ranges) and returns the relationship between the 2 addresses.

Parameters

a	Pointer to the first address instance to be compared.
b	Pointer to the second address instance to be compared.

Return values

ADDRESS_EQ	If the 2 address ranges a and b, are equal.
ADDRESS_ES	b encapsulates a. b_ip1[...a_ip1...a_ip2...]b_ip2.
ADDRESS_EB	a encapsulates b. a_ip1[...b_ip1....b_ip2...]a_ip2.
ADDRESS_LE	a_ip1(...b_ip1==a_ip2...)b_ip2
ADDRESS_LT	a_ip1(...b_ip1...a_ip2...)b_ip2
ADDRESS_GE	b_ip1(...a_ip1==b_ip2...)a_ip2
ADDRESS_GT	a_ip1 > b_ip2, i.e. the address range for 'a' starts only after the end of the address range for 'b'

Definition at line 59 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ER, ADDRESS_ES, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Referenced by DetectAddressCmp(), DetectAddressCutIPv4(), and DetectAddressJoinIPv4().

Here is the caller graph for this function:

int DetectAddressCutIPv4	(	DetectEngineCtx *	de_ctx,
		DetectAddress *	a,
		DetectAddress *	b,
		DetectAddress **	c
	)

Cut groups and merge sigs.

a = 1.2.3.4, b = 1.2.3.4-1.2.3.5 must result in: a == 1.2.3.4, b == 1.2.3.5, c == NULL

a = 1.2.3.4, b = 1.2.3.3-1.2.3.5 must result in: a == 1.2.3.3, b == 1.2.3.4, c == 1.2.3.5

a = 1.2.3.0/24 b = 1.2.3.128-1.2.4.10 must result in: a == 1.2.3.0/24, b == 1.2.4.0-1.2.4.10, c == NULL

a = 1.2.3.4, b = 1.2.3.0/24 must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255

Return values

0	On success.
-1	On failure.

Definition at line 113 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_ES, ADDRESS_GE, ADDRESS_LE, DetectAddressCmpIPv4(), DetectAddressFree(), DetectAddressInit(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, SCLogDebug, and SCNtohl.

Referenced by DetectAddressHeadFree().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressCutNotIPv4	(	DetectAddress *	a,
		DetectAddress **	b
	)

Cuts and returns an address range, which is the complement of the address range that is supplied as the argument.

For example:

If a = 0.0.0.0-1.2.3.4, then a = 1.2.3.4-255.255.255.255 and b = NULL If a = 1.2.3.4-255.255.255.255, then a = 0.0.0.0-1.2.3.4 and b = NULL If a = 1.2.3.4-192.168.1.1, then a = 0.0.0.0-1.2.3.3 and b = 192.168.1.2-255.255.255.255

Parameters

a	Pointer to an address range (DetectAddress) instance whose complement has to be returned in a and b.
b	Pointer to DetectAddress pointer, that will be supplied back with a new DetectAddress instance, if the complement demands so.

Return values

0	On success.
-1	On failure.

Definition at line 368 of file detect-engine-address-ipv4.c.

References DetectAddressInit(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, and SCNtohl.

Referenced by DetectAddressHeadFree(), and DetectAddressJoinIPv4().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressIPv4Tests

(

void

)

Definition at line 1438 of file detect-engine-address-ipv4.c.

References UtRegisterTest().

Referenced by DetectAddressTests().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressIsCompleteIPSpaceIPv4

(

DetectAddress *

ag

)

Check if the address group list covers the complete IPv4 IP space.

Parameters

ag	Pointer to a DetectAddress list head, which has to be checked to see if the address ranges in it, cover the entire IPv4 IP space.

Return values

1	Yes, it covers the entire IPv4 address range.
0	No, it doesn't cover the entire IPv4 address range.

Definition at line 314 of file detect-engine-address-ipv4.c.

References DetectAddress_::ip, DetectAddress_::ip2, DetectAddress_::next, and SCNtohl.

Referenced by DetectAddressJoinIPv4(), and DetectAddressParseString().

Here is the caller graph for this function:

int DetectAddressJoinIPv4	(	DetectEngineCtx *	de_ctx,
		DetectAddress *	target,
		DetectAddress *	source
	)

Extends a target address range if the the source address range is wider than the target address range on either sides.

Every address is a range, i.e. address->ip1....address->ip2. For example 1.2.3.4 to 192.168.1.1. if source->ip1 is smaller than target->ip1, it indicates that the source's left address limit is greater(range wise) than the target's left address limit, and hence we reassign the target's left address limit to source's left address limit. Similary if source->ip2 is greater than target->ip2, it indicates that the source's right address limit is greater(range wise) than the target's right address limit, and hence we reassign the target's right address limit to source's right address limit.

Parameters

de_ctx	Pointer to the detection engine context.
target	Pointer to the target DetectAddress instance that has to be updated.
source	Pointer to the source DetectAddress instance that is used to decided whether we extend the target's address range.

Return values

0	On success.
-1	On failure.

Definition at line 429 of file detect-engine-address-ipv4.c.

References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ES, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, DetectAddressCmpIPv4(), DetectAddressCutNotIPv4(), DetectAddressFree(), DetectAddressInit(), DetectAddressIsCompleteIPSpaceIPv4(), DetectAddressJoinIPv4(), DetectAddress_::ip, DetectAddress_::ip2, DetectAddress_::next, and SCNtohl.

Referenced by DetectAddressJoin(), and DetectAddressJoinIPv4().

Here is the call graph for this function:

Here is the caller graph for this function: