/* TMATCH list can be ignored, it contains TAGs and
* tags are compatible to IP-only. */
- IPOnlyCIDRItem *cidr_item;
- cidr_item = s->CidrSrc;
- while (cidr_item != NULL) {
- if (cidr_item->negated)
- return 0;
-
- cidr_item = cidr_item->next;
- }
- cidr_item = s->CidrDst;
- while (cidr_item != NULL) {
- if (cidr_item->negated)
- return 0;
-
- cidr_item = cidr_item->next;
- }
+ /* if any of the addresses uses negation, we don't support
+ * it in ip-only */
+ if (s->init_data->src_contains_negation)
+ return 0;
+ if (s->init_data->dst_contains_negation)
+ return 0;
SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
if (sm == NULL)
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_SRC_ANY;
+ s->init_data->src_contains_negation =
+ (strchr(addrstr, '!') != NULL);
+
s->init_data->src = DetectParseAddress(de_ctx, addrstr);
if (s->init_data->src == NULL)
goto error;
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_DST_ANY;
+ s->init_data->dst_contains_negation =
+ (strchr(addrstr, '!') != NULL);
+
s->init_data->dst = DetectParseAddress(de_ctx, addrstr);
if (s->init_data->dst == NULL)
goto error;
* have the SIGMATCH_HANDLE_NEGATION flag set. */
bool negated;
+ /* track if we saw any negation in the addresses. If so, we
+ * skip it for ip-only */
+ bool src_contains_negation;
+ bool dst_contains_negation;
+
/* used to hold flags that are used during init */
uint32_t init_flags;
/* coccinelle: SignatureInitData:init_flags:SIG_FLAG_INIT_ */
projects / thirdparty / suricata.git / commitdiff
