suricata
Data Structures | Macros | Typedefs | Functions
detect-engine-address.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-rule-vars.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-address.h"
#include "detect-engine-address-ipv4.h"
#include "detect-engine-address-ipv6.h"
#include "detect-engine-port.h"
#include "util-debug.h"
#include "util-byte.h"
#include "util-print.h"
#include "util-var.h"
#include "util-hash-lookup3.h"
Include dependency graph for detect-engine-address.c:

Go to the source code of this file.

Data Structures

struct  DetectAddressMap_
 
struct  UTHValidateDetectAddressHeadRange_
 

Macros

#define DetectAddressPrint(...)
 
#define MAX_ADDRESS_LENGTH   8192
 

Typedefs

typedef struct DetectAddressMap_ DetectAddressMap
 
typedef struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange
 

Functions

int DetectAddressMergeNot (DetectAddressHead *gh, DetectAddressHead *ghn)
 Merge the + and the - list (+ positive match, - 'not' match) More...
 
DetectAddressDetectAddressInit (void)
 Creates and returns a new instance of a DetectAddress. More...
 
void DetectAddressFree (DetectAddress *ag)
 Frees a DetectAddress instance. More...
 
DetectAddressDetectAddressCopy (DetectAddress *orig)
 copy a DetectAddress More...
 
bool DetectAddressListsAreEqual (DetectAddress *list1, DetectAddress *list2)
 Checks if two address group lists are equal. More...
 
int DetectAddressTestConfVars (void)
 
int DetectAddressMapInit (DetectEngineCtx *de_ctx)
 
void DetectAddressMapFree (DetectEngineCtx *de_ctx)
 
int DetectAddressParse (const DetectEngineCtx *de_ctx, DetectAddressHead *gh, const char *str)
 Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string. More...
 
const DetectAddressHeadDetectParseAddress (DetectEngineCtx *de_ctx, const char *string, bool *contains_negation)
 
void DetectAddressHeadCleanup (DetectAddressHead *gh)
 Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the DetectAddressHead instance. More...
 
int DetectAddressCmp (DetectAddress *a, DetectAddress *b)
 Used to compare 2 address ranges. More...
 
int DetectAddressMatchIPv4 (const DetectMatchAddressIPv4 *addrs, uint16_t addrs_cnt, const Address *a)
 Match a packets address against a signatures addrs array. More...
 
int DetectAddressMatchIPv6 (const DetectMatchAddressIPv6 *addrs, uint16_t addrs_cnt, const Address *a)
 Match a packets address against a signatures addrs array. More...
 
DetectAddressDetectAddressLookupInHead (const DetectAddressHead *gh, Address *a)
 Find the group matching address in a group head. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Address part of the detection engine.

Definition in file detect-engine-address.c.

Macro Definition Documentation

◆ DetectAddressPrint

#define DetectAddressPrint (   ...)

Definition at line 53 of file detect-engine-address.c.

◆ MAX_ADDRESS_LENGTH

#define MAX_ADDRESS_LENGTH   8192

Typedef Documentation

◆ DetectAddressMap

typedef struct DetectAddressMap_ DetectAddressMap

◆ UTHValidateDetectAddressHeadRange

typedef struct UTHValidateDetectAddressHeadRange_ UTHValidateDetectAddressHeadRange

Function Documentation

◆ DetectAddressCmp()

int DetectAddressCmp ( DetectAddress a,
DetectAddress b 
)

Used to compare 2 address ranges.

Parameters
aPointer to the first DetectAddressData to be compared.
bPointer to the second DetectAddressData to be compared.

Definition at line 1566 of file detect-engine-address.c.

References ADDRESS_ER, DetectAddressCmpIPv4(), DetectAddressCmpIPv6(), Address_::family, and DetectAddress_::ip.

Referenced by DetectAddressListsAreEqual().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectAddressCopy()

DetectAddress* DetectAddressCopy ( DetectAddress orig)

copy a DetectAddress

Parameters
origPointer to the instance of DetectAddress that contains the address data to be copied to the new instance.
Return values
agPointer to the new instance of DetectAddress that contains the copied address.

Definition at line 128 of file detect-engine-address.c.

References COPY_ADDRESS, DetectAddressInit(), DetectAddress_::flags, DetectAddress_::ip, and DetectAddress_::ip2.

Referenced by DetectThresholdDataCopy().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectAddressFree()

void DetectAddressFree ( DetectAddress ag)

Frees a DetectAddress instance.

Parameters
agPointer to the DetectAddress instance to be freed.

Definition at line 82 of file detect-engine-address.c.

References SCFree.

Referenced by DetectAddressCutIPv4().

Here is the caller graph for this function:

◆ DetectAddressHeadCleanup()

void DetectAddressHeadCleanup ( DetectAddressHead gh)

Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the DetectAddressHead instance.

Parameters
ghPointer to the DetectAddressHead instance that has to be cleaned.

Definition at line 1478 of file detect-engine-address.c.

References DetectAddressHead_::ipv4_head.

◆ DetectAddressInit()

DetectAddress* DetectAddressInit ( void  )

Creates and returns a new instance of a DetectAddress.

Return values
agPointer to the newly created DetectAddress on success; NULL on failure.

Definition at line 69 of file detect-engine-address.c.

References SCCalloc, and unlikely.

Referenced by DetectAddressCopy(), DetectAddressCutIPv4(), and DetectAddressCutNotIPv4().

Here is the caller graph for this function:

◆ DetectAddressListsAreEqual()

bool DetectAddressListsAreEqual ( DetectAddress list1,
DetectAddress list2 
)

Checks if two address group lists are equal.

Parameters
list1Pointer to the first address group list.
list2Pointer to the second address group list.
Return values
trueOn success.
falseOn failure.

Definition at line 350 of file detect-engine-address.c.

References ADDRESS_EQ, DetectAddressCmp(), and DetectAddress_::next.

Here is the call graph for this function:

◆ DetectAddressLookupInHead()

DetectAddress* DetectAddressLookupInHead ( const DetectAddressHead gh,
Address a 
)

Find the group matching address in a group head.

Parameters
ghPointer to the address group head(DetectAddressHead instance).
aPointer to an Address instance.
Return values
gOn success pointer to an DetectAddress if we find a match for the Address "a", in the DetectAddressHead "gh".

Definition at line 1804 of file detect-engine-address.c.

References Address_::family, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, SCEnter, SCLogDebug, and SCReturnPtr.

◆ DetectAddressMapFree()

void DetectAddressMapFree ( DetectEngineCtx de_ctx)

Definition at line 1338 of file detect-engine-address.c.

References DetectEngineCtx_::address_table, de_ctx, and HashListTableFree().

Here is the call graph for this function:

◆ DetectAddressMapInit()

int DetectAddressMapInit ( DetectEngineCtx de_ctx)

Definition at line 1327 of file detect-engine-address.c.

References DetectEngineCtx_::address_table, de_ctx, and HashListTableInit().

Here is the call graph for this function:

◆ DetectAddressMatchIPv4()

int DetectAddressMatchIPv4 ( const DetectMatchAddressIPv4 addrs,
uint16_t  addrs_cnt,
const Address a 
)

Match a packets address against a signatures addrs array.

Parameters
addrsarray of DetectMatchAddressIPv4's
addrs_cntarray size in members
apackets address
Return values
0no match
1match
Note
addresses in addrs are in host order
Todo:
array should be ordered, so we can break out of the loop

Definition at line 1593 of file detect-engine-address.c.

References SCEnter, SCNtohl, and SCReturnInt.

◆ DetectAddressMatchIPv6()

int DetectAddressMatchIPv6 ( const DetectMatchAddressIPv6 addrs,
uint16_t  addrs_cnt,
const Address a 
)

Match a packets address against a signatures addrs array.

Parameters
addrsarray of DetectMatchAddressIPv6's
addrs_cntarray size in members
apackets address
Return values
0no match
1match
Note
addresses in addrs are in host order
Todo:
array should be ordered, so we can break out of the loop

Definition at line 1626 of file detect-engine-address.c.

References SCEnter, SCNtohl, and SCReturnInt.

◆ DetectAddressMergeNot()

int DetectAddressMergeNot ( DetectAddressHead gh,
DetectAddressHead ghn 
)

Merge the + and the - list (+ positive match, - 'not' match)

Parameters
ghPointer to the address head containing the non-NOT groups.
ghnPointer to the address head containing the NOT groups.
Return values
0On success.
-1On failure.

Definition at line 1036 of file detect-engine-address.c.

References DetectAddressHead_::ipv4_head, and SCLogDebug.

◆ DetectAddressParse()

int DetectAddressParse ( const DetectEngineCtx de_ctx,
DetectAddressHead gh,
const char *  str 
)

Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string.

Parameters
de_ctxPointer to the detection engine context
ghPointer to the DetectAddressHead.
strPointer to the character string containing the address group that has to be parsed.
Return values
1On success. Contained negation.
0On success. Did not contain negation.
-1On failure.

Definition at line 1396 of file detect-engine-address.c.

References SCLogDebug, and str.

◆ DetectAddressTestConfVars()

int DetectAddressTestConfVars ( void  )

Definition at line 1218 of file detect-engine-address.c.

References ConfGetNode(), ConfNode_::name, next, SCLogDebug, TAILQ_FOREACH, TAILQ_HEAD_INITIALIZER, and ConfNode_::val.

Here is the call graph for this function:

◆ DetectParseAddress()

const DetectAddressHead* DetectParseAddress ( DetectEngineCtx de_ctx,
const char *  string,
bool *  contains_negation 
)

Definition at line 1436 of file detect-engine-address.c.