suricata
util-ip.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Duarte Silva <duarte.silva@serializing.me>
23  *
24  * IP addresses related utility functions
25  */
26 
27 #include "suricata-common.h"
28 #include "util-ip.h"
29 
30 /** \brief determine if a string is a valid ipv4 address
31  * \retval bool is addr valid?
32  */
33 bool IPv4AddressStringIsValid(const char *str)
34 {
35  int alen = 0;
36  char addr[4][4];
37  int dots = 0;
38 
39  memset(&addr, 0, sizeof(addr));
40 
41  uint32_t len = strlen(str);
42  uint32_t i = 0;
43  for (i = 0; i < len; i++) {
44  if (!(str[i] == '.' || isdigit(str[i]))) {
45  return false;
46  }
47  if (str[i] == '.') {
48  if (dots == 3) {
49  SCLogDebug("too many dots");
50  return false;
51  }
52  addr[dots][alen] = '\0';
53  dots++;
54  alen = 0;
55  } else {
56  if (alen >= 3) {
57  SCLogDebug("too long");
58  return false;
59  }
60  addr[dots][alen++] = str[i];
61  }
62  }
63  if (dots != 3)
64  return false;
65 
66  addr[dots][alen] = '\0';
67  for (int x = 0; x < 4; x++) {
68  int a = atoi(addr[x]);
69  if (a < 0 || a >= 256) {
70  SCLogDebug("out of range");
71  return false;
72  }
73  }
74  return true;
75 }
76 
77 /** \brief determine if a string is a valid ipv6 address
78  * \retval bool is addr valid?
79  */
80 bool IPv6AddressStringIsValid(const char *str)
81 {
82  int block_size = 0;
83  int sep = 0;
84  bool colon_seen = false;
85 
86  uint32_t len = strlen(str);
87  uint32_t i = 0;
88  for (i = 0; i < len && str[i] != 0; i++) {
89  if (!(str[i] == '.' || str[i] == ':' ||
90  isxdigit(str[i])))
91  return false;
92 
93  if (str[i] == ':') {
94  block_size = 0;
95  colon_seen = true;
96  sep++;
97  } else if (str[i] == '.') {
98  block_size = false;
99  sep++;
100  } else {
101  if (block_size == 4)
102  return false;
103  block_size++;
104  }
105  }
106 
107  if (!colon_seen)
108  return false;
109  if (sep > 7) {
110  SCLogDebug("too many seps %d", sep);
111  return false;
112  }
113  return true;
114 }
115 
116 /**
117  * \brief Validates an IPV4 address and returns the network endian arranged
118  * version of the IPV4 address
119  *
120  * \param addr Pointer to a character string containing an IPV4 address. A
121  * valid IPV4 address is a character string containing a dotted
122  * format of "ddd.ddd.ddd.ddd"
123  *
124  * \retval Pointer to an in_addr instance containing the network endian format
125  * of the IPV4 address
126  * \retval NULL if the IPV4 address is invalid
127  */
128 struct in_addr *ValidateIPV4Address(const char *addr_str)
129 {
130  struct in_addr *addr = NULL;
131 
132  if (!IPv4AddressStringIsValid(addr_str))
133  return NULL;
134 
135  if ( (addr = SCMalloc(sizeof(struct in_addr))) == NULL) {
136  SCLogError(SC_ERR_FATAL, "Fatal error encountered in ValidateIPV4Address. Exiting...");
137  exit(EXIT_FAILURE);
138  }
139 
140  if (inet_pton(AF_INET, addr_str, addr) <= 0) {
141  SCFree(addr);
142  return NULL;
143  }
144 
145  return addr;
146 }
147 
148 /**
149  * \brief Validates an IPV6 address and returns the network endian arranged
150  * version of the IPV6 addresss
151  *
152  * \param addr Pointer to a character string containing an IPV6 address
153  *
154  * \retval Pointer to a in6_addr instance containing the network endian format
155  * of the IPV6 address
156  * \retval NULL if the IPV6 address is invalid
157  */
158 struct in6_addr *ValidateIPV6Address(const char *addr_str)
159 {
160  struct in6_addr *addr = NULL;
161 
162  if (!IPv6AddressStringIsValid(addr_str))
163  return NULL;
164 
165  if ( (addr = SCMalloc(sizeof(struct in6_addr))) == NULL) {
166  SCLogError(SC_ERR_FATAL, "Fatal error encountered in ValidateIPV6Address. Exiting...");
167  exit(EXIT_FAILURE);
168  }
169 
170  if (inet_pton(AF_INET6, addr_str, addr) <= 0) {
171  SCFree(addr);
172  return NULL;
173  }
174 
175  return addr;
176 }
177 
178 /**
179  * \brief Culls the non-netmask portion of the IP address. For example an IP
180  * address 192.168.240.1 would be chopped to 192.168.224.0 against a
181  * netmask value of 19.
182  *
183  * \param stream Pointer the IP address that has to be masked
184  * \param netmask The netmask value (cidr) to which the IP address has to be culled
185  * \param key_bitlen The bitlen of the stream
186  */
187 void MaskIPNetblock(uint8_t *stream, int netmask, int key_bitlen)
188 {
189  uint32_t mask = 0;
190  int i = 0;
191  int bytes = key_bitlen / 8;
192 
193  for (i = 0; i < bytes; i++) {
194  mask = UINT_MAX;
195  if ( ((i + 1) * 8) > netmask) {
196  if ( ((i + 1) * 8 - netmask) < 8)
197  mask = UINT_MAX << ((i + 1) * 8 - netmask);
198  else
199  mask = 0;
200  }
201  stream[i] &= mask;
202  }
203 
204  return;
205 }
#define SCLogDebug(...)
Definition: util-debug.h:335
void MaskIPNetblock(uint8_t *stream, int netmask, int key_bitlen)
Culls the non-netmask portion of the IP address. For example an IP address 192.168.240.1 would be chopped to 192.168.224.0 against a netmask value of 19.
Definition: util-ip.c:187
bool IPv4AddressStringIsValid(const char *str)
determine if a string is a valid ipv4 address
Definition: util-ip.c:33
#define str(s)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
struct in_addr * ValidateIPV4Address(const char *addr_str)
Validates an IPV4 address and returns the network endian arranged version of the IPV4 address...
Definition: util-ip.c:128
bool IPv6AddressStringIsValid(const char *str)
determine if a string is a valid ipv6 address
Definition: util-ip.c:80
#define SCMalloc(a)
Definition: util-mem.h:166
#define SCFree(a)
Definition: util-mem.h:228
struct in6_addr * ValidateIPV6Address(const char *addr_str)
Validates an IPV6 address and returns the network endian arranged version of the IPV6 addresss...
Definition: util-ip.c:158
uint8_t len