detect-engine-address.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
void	DetectAddressRegister (void)
DetectAddressHead *	DetectAddressHeadInit (void)
	Returns a new instance of DetectAddressHead. More...
void	DetectAddressHeadFree (DetectAddressHead *)
	Frees a DetectAddressHead instance. More...
void	DetectAddressHeadCleanup (DetectAddressHead *)
	Cleans a DetectAddressHead. The functions frees the 3 address group heads(any, ipv4 and ipv6) inside the DetectAddressHead instance. More...
int	DetectAddressParseString (DetectAddress *, const char *)
int	DetectAddressParse (const DetectEngineCtx *, DetectAddressHead *, const char *)
	Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string. More...
DetectAddress *	DetectAddressInit (void)
	Creates and returns a new instance of a DetectAddress. More...
void	DetectAddressFree (DetectAddress *)
	Frees a DetectAddress instance. More...
void	DetectAddressCleanupList (DetectAddress *)
	Frees a list of DetectAddress instances. More...
int	DetectAddressAdd (DetectAddress **, DetectAddress *)
	Do a sorted insert, where the top of the list should be the biggest network/range. More...
void	DetectAddressPrintList (DetectAddress *)
	Prints the address data information for all the DetectAddress instances in the DetectAddress list sent as the argument. More...
int	DetectAddressInsert (DetectEngineCtx *, DetectAddressHead *, DetectAddress *)
	Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigGroupContainer lists are handled correctly. More...
int	DetectAddressJoin (DetectEngineCtx *, DetectAddress *, DetectAddress *)
	Join two addresses groups together. More...
bool	DetectAddressListsAreEqual (DetectAddress *list1, DetectAddress *list2)
	Checks if two address group lists are equal. More...
DetectAddress *	DetectAddressLookupInHead (const DetectAddressHead *, Address *)
	Find the group matching address in a group head. More...
DetectAddress *	DetectAddressLookupInList (DetectAddress *, DetectAddress *)
	Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content. More...
int	DetectAddressMatch (DetectAddress *, Address *)
	Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance. More...
DetectAddress *	DetectAddressCopy (DetectAddress *)
	Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAddress that contains the copied address. More...
void	DetectAddressPrint (DetectAddress *)
	Prints the address data held by the DetectAddress. If the address data family is any, we print "ANY". If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask. More...
int	DetectAddressCmp (DetectAddress *, DetectAddress *)
	Used to compare 2 address ranges. More...
int	DetectAddressMatchIPv4 (const DetectMatchAddressIPv4 *, uint16_t, const Address *)
	Match a packets address against a signatures addrs array. More...
int	DetectAddressMatchIPv6 (const DetectMatchAddressIPv6 *, uint16_t, const Address *)
	Match a packets address against a signatures addrs array. More...
int	DetectAddressTestConfVars (void)
void	DetectAddressTests (void)
int	DetectAddressMapInit (DetectEngineCtx *de_ctx)
void	DetectAddressMapFree (DetectEngineCtx *de_ctx)
const DetectAddressHead *	DetectParseAddress (DetectEngineCtx *de_ctx, const char *string)

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-address.h.

Function Documentation

int DetectAddressAdd	(	DetectAddress **	head,
		DetectAddress *	ag
	)

Do a sorted insert, where the top of the list should be the biggest network/range.

XXX current sorting only works for overlapping nets

Parameters

head	Pointer to the list of DetectAddress.
ag	Pointer to the DetectAddress that has to be added to the above list.

Return values

0	On successfully inserting the DetectAddress.
-1	On failure.

Definition at line 196 of file detect-engine-address.c.

References ADDRESS_EB, ADDRESS_FLAG_ANY, DetectAddressHead_::any_head, DetectAddressCmp(), Address_::family, DetectAddress_::flags, head, DetectAddress_::ip, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, DetectAddress_::prev, and SCLogDebug.

Here is the call graph for this function:

void DetectAddressCleanupList

(

DetectAddress *

head

)

Frees a list of DetectAddress instances.

Parameters

head	Pointer to a list of DetectAddress instances to be freed.

Definition at line 165 of file detect-engine-address.c.

References DetectAddressFree(), DetectAddress_::next, and next.

Referenced by DetectAddressHeadCleanup().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressCmp	(	DetectAddress *	a,
		DetectAddress *	b
	)

Used to compare 2 address ranges.

Parameters

a	Pointer to the first DetectAddressData to be compared.
b	Pointer to the second DetectAddressData to be compared.

Definition at line 1698 of file detect-engine-address.c.

References ADDRESS_EQ, ADDRESS_ER, ADDRESS_FLAG_ANY, DetectAddressCmpIPv4(), DetectAddressCmpIPv6(), Address_::family, DetectAddress_::flags, and DetectAddress_::ip.

Referenced by DetectAddressAdd(), DetectAddressInsert(), DetectAddressListsAreEqual(), DetectAddressLookupInList(), and DetectAddressMergeNot().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectAddress* DetectAddressCopy

(

DetectAddress *

orig

)

Copies the contents of one Address group in DetectAddress and returns a new instance of the DetectAddress that contains the copied address.

Parameters

orig	Pointer to the instance of DetectAddress that contains the address data to be copied to the new instance.

Return values

ag	Pointer to the new instance of DetectAddress that contains the copied address.

Definition at line 98 of file detect-engine-address.c.

References COPY_ADDRESS, DetectAddressInit(), DetectAddress_::flags, DetectAddress_::ip, and DetectAddress_::ip2.

Referenced by DetectAddressMergeNot(), and DetectAddressParseString().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressFree

(

DetectAddress *

ag

)

Frees a DetectAddress instance.

Parameters

ag	Pointer to the DetectAddress instance to be freed.

Definition at line 78 of file detect-engine-address.c.

References SCFree.

Referenced by DetectAddressCleanupList(), DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressInsert(), DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), DetectAddressMergeNot(), and DetectAddressParseString().

Here is the caller graph for this function:

void DetectAddressHeadCleanup

(

DetectAddressHead *

gh

)

Cleans a DetectAddressHead. The functions frees the 3 address group heads(any, ipv4 and ipv6) inside the DetectAddressHead instance.

Parameters

gh	Pointer to the DetectAddressHead instance that has to be cleaned.

Definition at line 1591 of file detect-engine-address.c.

References DetectAddressHead_::any_head, DetectAddressCleanupList(), DetectAddressHead_::ipv4_head, and DetectAddressHead_::ipv6_head.

Referenced by DetectAddressHeadFree(), DetectAddressParseString(), DetectThresholdRegister(), and SCThresholdConfInitContext().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressHeadFree

(

DetectAddressHead *

gh

)

Frees a DetectAddressHead instance.

Parameters

gh	Pointer to the DetectAddressHead instance to be freed.

Definition at line 1616 of file detect-engine-address.c.

References DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressCutNotIPv4(), DetectAddressCutNotIPv6(), DetectAddressHeadCleanup(), Address_::family, DetectAddress_::ip, and SCFree.

Referenced by DetectAddressParse(), DetectAddressTestConfVars(), and DetectParseAddress().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectAddressHead* DetectAddressHeadInit

(

void

)

Returns a new instance of DetectAddressHead.

Return values

gh	Pointer to the new instance of DetectAddressHead.

Definition at line 1573 of file detect-engine-address.c.

References SCMalloc, and unlikely.

Referenced by DetectAddressParse(), DetectAddressTestConfVars(), and DetectParseAddress().

Here is the caller graph for this function:

DetectAddress* DetectAddressInit

(

void

)

Creates and returns a new instance of a DetectAddress.

Return values

ag	Pointer to the newly created DetectAddress on success; NULL on failure.

Definition at line 63 of file detect-engine-address.c.

References SCMalloc, and unlikely.

Referenced by DetectAddressCopy(), DetectAddressCutIPv4(), DetectAddressCutIPv6(), DetectAddressCutNotIPv4(), DetectAddressCutNotIPv6(), DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), and DetectAddressParseString().

Here is the caller graph for this function:

int DetectAddressInsert	(	DetectEngineCtx *	de_ctx,
		DetectAddressHead *	gh,
		DetectAddress *	new
	)

Same as DetectAddressInsert, but then for inserting a address group object. This also makes sure SigGroupContainer lists are handled correctly.

Parameters

de_ctx	Pointer to the detection engine context.
gh	Pointer to the DetectAddressHead list to which it has to be inserted.
new	Pointer to the DetectAddress, that has to be inserted.

Return values

1	On successfully inserting it.
-1	On error.
0	Not inserted, memory of new is freed.

Definition at line 296 of file detect-engine-address.c.

References ADDRESS_EB, ADDRESS_EQ, ADDRESS_ER, ADDRESS_ES, ADDRESS_FLAG_ANY, ADDRESS_GE, ADDRESS_GT, ADDRESS_LE, ADDRESS_LT, BUG_ON, DetectAddressCmp(), DetectAddressFree(), DetectAddressInsert(), head, DetectAddress_::next, DetectAddress_::prev, and SCLogDebug.

Referenced by DetectAddressInsert(), DetectAddressMergeNot(), and DetectAddressParseString().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressJoin	(	DetectEngineCtx *	de_ctx,
		DetectAddress *	target,
		DetectAddress *	source
	)

Join two addresses groups together.

Parameters

de_ctx	Pointer to the detection engine context.
target	Pointer to the target address group.
source	Pointer to the source address group.

Return values

0	On success.
-1	On failure.

Definition at line 431 of file detect-engine-address.c.

References DetectAddressJoinIPv4(), DetectAddressJoinIPv6(), Address_::family, and DetectAddress_::ip.

Here is the call graph for this function:

bool DetectAddressListsAreEqual	(	DetectAddress *	list1,
		DetectAddress *	list2
	)

Checks if two address group lists are equal.

Parameters

list1	Pointer to the first address group list.
list2	Pointer to the second address group list.

Return values

true	On success.
false	On failure.

Definition at line 457 of file detect-engine-address.c.

References ADDRESS_EQ, DetectAddressCmp(), and DetectAddress_::next.

Referenced by SigMatchList2DataArray().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectAddress* DetectAddressLookupInHead	(	const DetectAddressHead *	gh,
		Address *	a
	)

Find the group matching address in a group head.

Parameters

gh	Pointer to the address group head(DetectAddressHead instance).
a	Pointer to an Address instance.

Return values

g	On success pointer to an DetectAddress if we find a match for the Address "a", in the DetectAddressHead "gh".

Definition at line 1947 of file detect-engine-address.c.

References DetectAddressHead_::any_head, DetectAddressMatch(), FALSE, Address_::family, DetectAddress_::ip, DetectAddress_::ip2, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, PrintInet(), SCEnter, SCLogDebug, SCLogInfo, SCReturnPtr, and TRUE.

Referenced by ThresholdIPPairTimeoutCheck().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectAddress* DetectAddressLookupInList	(	DetectAddress *	head,
		DetectAddress *	gr
	)

Used to check if a DetectAddress list contains an instance with a similar DetectAddress. The comparison done is not the one that checks the memory for the same instance, but one that checks that the two instances hold the same content.

Parameters

head	Pointer to the DetectAddress list.
ad	Pointer to the DetectAddress that has to be checked for in the DetectAddress list.

Return values

cur	Returns a pointer to the DetectAddress on a match; NULL if no match.

Definition at line 125 of file detect-engine-address.c.

References ADDRESS_EQ, DetectAddressCmp(), and DetectAddress_::next.

Here is the call graph for this function:

void DetectAddressMapFree

(

DetectEngineCtx *

de_ctx

)

Definition at line 1445 of file detect-engine-address.c.

References DetectAddressMap_::address, DetectEngineCtx_::address_table, BUG_ON, HashListTableAdd(), HashListTableFree(), HashListTableLookup(), res, SCCalloc, SCFree, SCStrdup, and DetectAddressMap_::string.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressMapInit

(

DetectEngineCtx *

de_ctx

)

Definition at line 1434 of file detect-engine-address.c.

References DetectEngineCtx_::address_table, and HashListTableInit().

Referenced by DetectEngineInspectBufferGeneric().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressMatch	(	DetectAddress *	dd,
		Address *	a
	)

Check if a particular address(ipv4 or ipv6) matches the address range in the DetectAddress instance.

We basically check that the address falls inbetween the address range in DetectAddress.

Parameters

dd	Pointer to the DetectAddress instance.
a	Pointer to an Address instance.
1	On a match.
0	On no match.

Definition at line 1853 of file detect-engine-address.c.

References AddressIPv6Ge(), AddressIPv6Le(), Address_::family, DetectAddress_::ip, DetectAddress_::ip2, SCEnter, SCLogDebug, SCNtohl, and SCReturnInt.

Referenced by DetectAddressLookupInHead().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressMatchIPv4	(	const DetectMatchAddressIPv4 *	addrs,
		uint16_t	addrs_cnt,
		const Address *	a
	)

Match a packets address against a signatures addrs array.

Parameters

addrs	array of DetectMatchAddressIPv4's
addrs_cnt	array size in members
a	packets address

Return values

0	no match
1	match

Note

addresses in addrs are in host order

Todo:

array should be ordered, so we can break out of the loop

Definition at line 1728 of file detect-engine-address.c.

References DetectMatchAddressIPv4_::ip, DetectMatchAddressIPv4_::ip2, SCEnter, SCNtohl, and SCReturnInt.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

int DetectAddressMatchIPv6	(	const DetectMatchAddressIPv6 *	addrs,
		uint16_t	addrs_cnt,
		const Address *	a
	)

Match a packets address against a signatures addrs array.

Parameters

addrs	array of DetectMatchAddressIPv6's
addrs_cnt	array size in members
a	packets address

Return values

0	no match
1	match

Note

addresses in addrs are in host order

Todo:

array should be ordered, so we can break out of the loop

Definition at line 1763 of file detect-engine-address.c.

References DetectMatchAddressIPv6_::ip, DetectMatchAddressIPv6_::ip2, SCEnter, SCNtohl, and SCReturnInt.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

int DetectAddressParse	(	const DetectEngineCtx *	de_ctx,
		DetectAddressHead *	gh,
		const char *	str
	)

Parses an address group sent as a character string and updates the DetectAddressHead sent as the argument with the relevant address ranges from the parsed string.

Parameters

gh	Pointer to the DetectAddressHead.
str	Pointer to the character string containing the address group that has to be parsed.

Return values

0	On success.
-1	On failure.

Definition at line 1499 of file detect-engine-address.c.

References DetectAddressHeadFree(), DetectAddressHeadInit(), DetectAddressMergeNot(), DetectAddressHead_::ipv4_head, and SCLogDebug.

Referenced by DetectParseAddress(), and SCThresholdConfInitContext().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectAddressParseString	(	DetectAddress *	,
		const char *
	)

Definition at line 530 of file detect-engine-address.c.

References Address_::address, address, ADDRESS_FLAG_ANY, ADDRESS_FLAG_NOT, AddressIPv6Gt(), AddVariableToResolveList(), BUG_ON, CIDRGet(), DetectAddressCopy(), DetectAddressFree(), DetectAddressHeadCleanup(), DetectAddressInit(), DetectAddressInsert(), DetectAddressIsCompleteIPSpaceIPv4(), DetectAddressMergeNot(), DetectAddressParseString(), DetectAddressPrint(), Address_::family, DetectAddress_::flags, DetectAddress_::ip, DetectAddress_::ip2, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, SC_ERR_ADDRESS_ENGINE_GENERIC, SC_ERR_INVALID_SIGNATURE, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_RULE_VARS_ADDRESS_GROUPS, SCFree, SCLogDebug, SCLogError, SCMalloc, SCNtohl, SCRuleVarsGetConfVar(), SCStrdup, str, strlcpy(), TRUE, and unlikely.

Referenced by DetectAddressParseString().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressPrint

(

DetectAddress *

gr

)

Prints the address data held by the DetectAddress. If the address data family is any, we print "ANY". If the address data family is IPv4, we print the the ipv4 address and mask, and if the address data family is IPv6, we print the ipv6 address and mask.

Parameters

ad	Pointer to the DetectAddress instance to be printed.

Definition at line 1904 of file detect-engine-address.c.

References ADDRESS_FLAG_ANY, Address_::family, DetectAddress_::flags, DetectAddress_::ip, DetectAddress_::ip2, PrintInet(), and SCLogDebug.

Referenced by DetectAddressMergeNot(), DetectAddressParseString(), and DetectAddressPrintList().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressPrintList

(

DetectAddress *

head

)

Prints the address data information for all the DetectAddress instances in the DetectAddress list sent as the argument.

Parameters

head	Pointer to a list of DetectAddress instances.

Definition at line 145 of file detect-engine-address.c.

References DetectAddressPrint(), DetectAddress_::next, and SCLogInfo.

Here is the call graph for this function:

void DetectAddressRegister

(

void

)

int DetectAddressTestConfVars

(

void

)

Definition at line 1321 of file detect-engine-address.c.

References CleanVariableResolveList(), ConfGetNode(), DetectAddressHeadFree(), DetectAddressHeadInit(), ConfNode_::name, next, SC_ERR_INVALID_YAML_CONF_ENTRY, SCLogDebug, SCLogError, TAILQ_FOREACH, TAILQ_HEAD_INITIALIZER, and ConfNode_::val.

Referenced by PostRunDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAddressTests

(

void

)

Definition at line 4979 of file detect-engine-address.c.

References DetectAddressIPv4Tests(), DetectAddressIPv6Tests(), and UtRegisterTest().

Here is the call graph for this function:

const DetectAddressHead* DetectParseAddress	(	DetectEngineCtx *	de_ctx,
		const char *	string
	)

Definition at line 1543 of file detect-engine-address.c.

References DetectAddressHeadFree(), DetectAddressHeadInit(), DetectAddressParse(), head, and SCLogDebug.

Referenced by SigMatchListSMBelongsTo().

Here is the call graph for this function:

Here is the caller graph for this function: