|
suricata
|
|
suricata
|
Go to the source code of this file.
Functions | |
| void | DetectAddressRegister (void) |
| DetectAddressHead * | DetectAddressHeadInit (void) |
| Returns a new instance of DetectAddressHead. More... | |
| void | DetectAddressHeadFree (DetectAddressHead *) |
| Frees a DetectAddressHead instance. More... | |
| void | DetectAddressHeadCleanup (DetectAddressHead *) |
| Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the DetectAddressHead instance. More... | |
| int | DetectAddressParseString (DetectAddress *, const char *) |
| int | DetectAddressParse (const DetectEngineCtx *, DetectAddressHead *, const char *) |
| Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string. More... | |
| DetectAddress * | DetectAddressInit (void) |
| Creates and returns a new instance of a DetectAddress. More... | |
| void | DetectAddressFree (DetectAddress *) |
| Frees a DetectAddress instance. More... | |
| void | DetectAddressCleanupList (DetectAddress *) |
| Frees a list of DetectAddress instances. More... | |
| int | DetectAddressAdd (DetectAddress **, DetectAddress *) |
| Do a sorted insert, where the top of the list should be the biggest network/range. More... | |
| void | DetectAddressPrintList (DetectAddress *) |
| Prints the address data information for all the DetectAddress instances in the DetectAddress list sent as the argument. More... | |
| int | DetectAddressInsert (DetectEngineCtx *, DetectAddressHead *, DetectAddress *) |
| Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigGroupContainer lists are handled correctly. More... | |
| int | DetectAddressJoin (DetectEngineCtx *, DetectAddress *, DetectAddress *) |
| Join two addresses groups together. More... | |
| bool | DetectAddressListsAreEqual (DetectAddress *list1, DetectAddress *list2) |
| Checks if two address group lists are equal. More... | |
| DetectAddress * | DetectAddressLookupInHead (const DetectAddressHead *, Address *) |
| Find the group matching address in a group head. More... | |
| DetectAddress * | DetectAddressLookupInList (DetectAddress *, DetectAddress *) |
| Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content. More... | |
| int | DetectAddressMatch (DetectAddress *, Address *) |
| Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance. More... | |
| DetectAddress * | DetectAddressCopy (DetectAddress *) |
| Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAddress that contains the copied address. More... | |
| void | DetectAddressPrint (DetectAddress *) |
| Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask. More... | |
| int | DetectAddressCmp (DetectAddress *, DetectAddress *) |
| Used to compare 2 address ranges. More... | |
| int | DetectAddressMatchIPv4 (const DetectMatchAddressIPv4 *, uint16_t, const Address *) |
| Match a packets address against a signatures addrs array. More... | |
| int | DetectAddressMatchIPv6 (const DetectMatchAddressIPv6 *, uint16_t, const Address *) |
| Match a packets address against a signatures addrs array. More... | |
| int | DetectAddressTestConfVars (void) |
| void | DetectAddressTests (void) |
| int | DetectAddressMapInit (DetectEngineCtx *de_ctx) |
| void | DetectAddressMapFree (DetectEngineCtx *de_ctx) |
| const DetectAddressHead * | DetectParseAddress (DetectEngineCtx *de_ctx, const char *string, bool *contains_negation) |
Definition in file detect-engine-address.h.
| int DetectAddressAdd | ( | DetectAddress ** | head, |
| DetectAddress * | ag | ||
| ) |
Do a sorted insert, where the top of the list should be the biggest network/range.
XXX current sorting only works for overlapping nets
| head | Pointer to the list of DetectAddress. |
| ag | Pointer to the DetectAddress that has to be added to the above list. |
| 0 | On successfully inserting the DetectAddress. |
| -1 | On failure. |
Definition at line 196 of file detect-engine-address.c.
References ADDRESS_EB, DetectAddressCmp(), Address_::family, head, DetectAddress_::ip, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, DetectAddress_::prev, and SCLogDebug.
| void DetectAddressCleanupList | ( | DetectAddress * | head | ) |
Frees a list of DetectAddress instances.
| head | Pointer to a list of DetectAddress instances to be freed. |
Definition at line 165 of file detect-engine-address.c.
References DetectAddressFree(), DetectAddress_::next, and next.
Referenced by DetectAddressHeadCleanup().
| int DetectAddressCmp | ( | DetectAddress * | a, |
| DetectAddress * | b | ||
| ) |
Used to compare 2 address ranges.
| a | Pointer to the first DetectAddressData to be compared. |
| b | Pointer to the second DetectAddressData to be compared. |
Definition at line 1695 of file detect-engine-address.c.
References ADDRESS_ER, DetectAddressCmpIPv4(), DetectAddressCmpIPv6(), Address_::family, and DetectAddress_::ip.
Referenced by DetectAddressAdd(), DetectAddressInsert(), DetectAddressListsAreEqual(), DetectAddressLookupInList(), and DetectAddressMergeNot().
| DetectAddress* DetectAddressCopy | ( | DetectAddress * | orig | ) |
Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAddress that contains the copied address.
| orig | Pointer to the instance of DetectAddress that contains the address data to be copied to the new instance. |
| ag | Pointer to the new instance of DetectAddress that contains the copied address. |
Definition at line 98 of file detect-engine-address.c.
References COPY_ADDRESS, DetectAddressInit(), DetectAddress_::flags, DetectAddress_::ip, and DetectAddress_::ip2.
Referenced by DetectAddressMergeNot(), and DetectAddressParseString().
| void DetectAddressFree | ( | DetectAddress * | ag | ) |
Frees a DetectAddress instance.
| ag | Pointer to the DetectAddress instance to be freed. |
Definition at line 78 of file detect-engine-address.c.
References SCFree.
Referenced by DetectAddressCleanupList(), DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressInsert(), DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), DetectAddressMergeNot(), and DetectAddressParseString().
| void DetectAddressHeadCleanup | ( | DetectAddressHead * | gh | ) |
Cleans a DetectAddressHead. The functions frees the address group heads(ipv4 and ipv6) inside the DetectAddressHead instance.
| gh | Pointer to the DetectAddressHead instance that has to be cleaned. |
Definition at line 1592 of file detect-engine-address.c.
References DetectAddressCleanupList(), DetectAddressHead_::ipv4_head, and DetectAddressHead_::ipv6_head.
Referenced by DetectAddressHeadFree(), DetectAddressParseString(), DetectThresholdRegister(), and SCThresholdConfInitContext().
| void DetectAddressHeadFree | ( | DetectAddressHead * | gh | ) |
Frees a DetectAddressHead instance.
| gh | Pointer to the DetectAddressHead instance to be freed. |
Definition at line 1613 of file detect-engine-address.c.
References DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressCutNotIPv4(), DetectAddressCutNotIPv6(), DetectAddressHeadCleanup(), Address_::family, DetectAddress_::ip, and SCFree.
Referenced by DetectAddressParse(), DetectAddressTestConfVars(), and DetectParseAddress().
| DetectAddressHead* DetectAddressHeadInit | ( | void | ) |
Returns a new instance of DetectAddressHead.
| gh | Pointer to the new instance of DetectAddressHead. |
Definition at line 1574 of file detect-engine-address.c.
References SCMalloc, and unlikely.
Referenced by DetectAddressParse(), DetectAddressTestConfVars(), and DetectParseAddress().
| DetectAddress* DetectAddressInit | ( | void | ) |
Creates and returns a new instance of a DetectAddress.
| ag | Pointer to the newly created DetectAddress on success; NULL on failure. |
Definition at line 63 of file detect-engine-address.c.
References SCMalloc, and unlikely.
Referenced by DetectAddressCopy(), DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressCutNotIPv4(), DetectAddressCutNotIPv6(), DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), and DetectAddressParseString().
| int DetectAddressInsert | ( | DetectEngineCtx * | de_ctx, |
| DetectAddressHead * | gh, | ||
| DetectAddress * | new | ||
| ) |
Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigGroupContainer lists are handled correctly.
| de_ctx | Pointer to the detection engine context. |
| gh | Pointer to the DetectAddressHead list to which it has to be inserted. |
| new | Pointer to the DetectAddress, that has to be inserted. |
| 1 | On successfully inserting it. |
| -1 | On error. |
| 0 | Not inserted, memory of new is freed. |
Definition at line 292 of file detect-engine-address.c.
References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ER, ADDRESS_ES, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, BUG_ON, DetectAddressCmp(), DetectAddressFree(), DetectAddressInsert(), head, DetectAddress_::next, DetectAddress_::prev, and SCLogDebug.
Referenced by DetectAddressInsert(), DetectAddressMergeNot(), and DetectAddressParseString().
| int DetectAddressJoin | ( | DetectEngineCtx * | de_ctx, |
| DetectAddress * | target, | ||
| DetectAddress * | source | ||
| ) |
Join two addresses groups together.
| de_ctx | Pointer to the detection engine context. |
| target | Pointer to the target address group. |
| source | Pointer to the source address group. |
| 0 | On success. |
| -1 | On failure. |
Definition at line 425 of file detect-engine-address.c.
References DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), Address_::family, and DetectAddress_::ip.
| bool DetectAddressListsAreEqual | ( | DetectAddress * | list1, |
| DetectAddress * | list2 | ||
| ) |
Checks if two address group lists are equal.
| list1 | Pointer to the first address group list. |
| list2 | Pointer to the second address group list. |
| true | On success. |
| false | On failure. |
Definition at line 451 of file detect-engine-address.c.
References ADDRESS_EQ, DetectAddressCmp(), and DetectAddress_::next.
Referenced by SigMatchList2DataArray().
| DetectAddress* DetectAddressLookupInHead | ( | const DetectAddressHead * | gh, |
| Address * | a | ||
| ) |
Find the group matching address in a group head.
| gh | Pointer to the address group head(DetectAddressHead instance). |
| a | Pointer to an Address instance. |
| g | On success pointer to an DetectAddress if we find a match for the Address "a", in the DetectAddressHead "gh". |
Definition at line 1939 of file detect-engine-address.c.
References DetectAddressMatch(), FALSE, Address_::family, DetectAddress_::ip, DetectAddress_::ip2, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, PrintInet(), SCEnter, SCLogDebug, SCLogInfo, SCReturnPtr, and TRUE.
Referenced by ThresholdIPPairTimeoutCheck().
| DetectAddress* DetectAddressLookupInList | ( | DetectAddress * | head, |
| DetectAddress * | gr | ||
| ) |
Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.
| head | Pointer to the DetectAddress list. |
| ad | Pointer to the DetectAddress that has to be checked for in the DetectAddress list. |
| cur | Returns a pointer to the DetectAddress on a match; NULL if no match. |
Definition at line 125 of file detect-engine-address.c.
References ADDRESS_EQ, DetectAddressCmp(), and DetectAddress_::next.
| void DetectAddressMapFree | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1440 of file detect-engine-address.c.
References DetectAddressMap_::address, DetectEngineCtx_::address_table, BUG_ON, DetectAddressMap_::contains_negation, HashListTableAdd(), HashListTableFree(), HashListTableLookup(), res, SCCalloc, SCFree, SCStrdup, and DetectAddressMap_::string.
Referenced by DetectEngineCtxFree().
| int DetectAddressMapInit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1429 of file detect-engine-address.c.
References DetectEngineCtx_::address_table, and HashListTableInit().
Referenced by DetectEngineInspectPktBufferGeneric().
| int DetectAddressMatch | ( | DetectAddress * | dd, |
| Address * | a | ||
| ) |
Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance.
We basically check that the address falls inbetween the address range in DetectAddress.
| dd | Pointer to the DetectAddress instance. |
| a | Pointer to an Address instance. |
| 1 | On a match. |
| 0 | On no match. |
Definition at line 1847 of file detect-engine-address.c.
References AddressIPv6Ge(), AddressIPv6Le(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, SCEnter, SCLogDebug, SCNtohl, and SCReturnInt.
Referenced by DetectAddressLookupInHead().
| int DetectAddressMatchIPv4 | ( | const DetectMatchAddressIPv4 * | addrs, |
| uint16_t | addrs_cnt, | ||
| const Address * | a | ||
| ) |
Match a packets address against a signatures addrs array.
| addrs | array of DetectMatchAddressIPv4's |
| addrs_cnt | array size in members |
| a | packets address |
| 0 | no match |
| 1 | match |
Definition at line 1722 of file detect-engine-address.c.
References DetectMatchAddressIPv4_::ip, DetectMatchAddressIPv4_::ip2, SCEnter, SCNtohl, and SCReturnInt.
Referenced by SigMatchSignaturesGetSgh().
| int DetectAddressMatchIPv6 | ( | const DetectMatchAddressIPv6 * | addrs, |
| uint16_t | addrs_cnt, | ||
| const Address * | a | ||
| ) |
Match a packets address against a signatures addrs array.
| addrs | array of DetectMatchAddressIPv6's |
| addrs_cnt | array size in members |
| a | packets address |
| 0 | no match |
| 1 | match |
Definition at line 1757 of file detect-engine-address.c.
References DetectMatchAddressIPv6_::ip, DetectMatchAddressIPv6_::ip2, SCEnter, SCNtohl, and SCReturnInt.
Referenced by SigMatchSignaturesGetSgh().
| int DetectAddressParse | ( | const DetectEngineCtx * | de_ctx, |
| DetectAddressHead * | gh, | ||
| const char * | str | ||
| ) |
Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string.
| gh | Pointer to the DetectAddressHead. |
| str | Pointer to the character string containing the address group that has to be parsed. |
| 1 | On success. Contained negation. |
| 0 | On success. Did not contain negation. |
| -1 | On failure. |
Definition at line 1492 of file detect-engine-address.c.
References DetectAddressMap_::contains_negation, DetectAddressHeadFree(), DetectAddressHeadInit(), DetectAddressMergeNot(), DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, and SCLogDebug.
Referenced by DetectParseAddress(), and SCThresholdConfInitContext().
| int DetectAddressParseString | ( | DetectAddress * | , |
| const char * | |||
| ) |
Definition at line 524 of file detect-engine-address.c.
References Address_::address, address, ADDRESS_FLAG_NOT, AddressIPv6Gt(), AddVariableToResolveList(), BUG_ON, CIDRGet(), DetectAddressCopy(), DetectAddressFree(), DetectAddressHeadCleanup(), DetectAddressInit(), DetectAddressInsert(), DetectAddressIsCompleteIPSpaceIPv4(), DetectAddressMergeNot(), DetectAddressParseString(), DetectAddressPrint(), Address_::family, DetectAddress_::flags, DetectAddress_::ip, DetectAddress_::ip2, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, SC_ERR_ADDRESS_ENGINE_GENERIC, SC_ERR_INVALID_SIGNATURE, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_RULE_VARS_ADDRESS_GROUPS, SCFree, SCLogDebug, SCLogError, SCMalloc, SCNtohl, SCRuleVarsGetConfVar(), SCStrdup, str, strlcpy(), and unlikely.
Referenced by DetectAddressParseString().
| void DetectAddressPrint | ( | DetectAddress * | gr | ) |
Prints the address data held by the DetectAddress. If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.
| ad | Pointer to the DetectAddress instance to be printed. |
Definition at line 1898 of file detect-engine-address.c.
References Address_::family, DetectAddress_::ip, DetectAddress_::ip2, PrintInet(), and SCLogDebug.
Referenced by DetectAddressMergeNot(), DetectAddressParseString(), and DetectAddressPrintList().
| void DetectAddressPrintList | ( | DetectAddress * | head | ) |
Prints the address data information for all the DetectAddress instances in the DetectAddress list sent as the argument.
| head | Pointer to a list of DetectAddress instances. |
Definition at line 145 of file detect-engine-address.c.
References DetectAddressPrint(), DetectAddress_::next, and SCLogInfo.
| void DetectAddressRegister | ( | void | ) |
| int DetectAddressTestConfVars | ( | void | ) |
Definition at line 1315 of file detect-engine-address.c.
References CleanVariableResolveList(), ConfGetNode(), DetectAddressHeadFree(), DetectAddressHeadInit(), ConfNode_::name, next, SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogDebug, SCLogError, TAILQ_FOREACH, TAILQ_HEAD_INITIALIZER, and ConfNode_::val.
Referenced by PostRunDeinit().
| void DetectAddressTests | ( | void | ) |
Definition at line 4934 of file detect-engine-address.c.
References DetectAddressIPv4Tests(), DetectAddressIPv6Tests(), and UtRegisterTest().
| const DetectAddressHead* DetectParseAddress | ( | DetectEngineCtx * | de_ctx, |
| const char * | string, | ||
| bool * | contains_negation | ||
| ) |
Definition at line 1538 of file detect-engine-address.c.
References DetectAddressMap_::address, DetectAddressMap_::contains_negation, DetectAddressHeadFree(), DetectAddressHeadInit(), DetectAddressParse(), head, res, and SCLogDebug.
Referenced by SigMatchListSMBelongsTo().
1.8.11 
