detect: refactoring parsing of ip range

author Philippe Antoine <pantoine@oisf.net>

Sat, 25 Apr 2020 09:38:53 +0000 (11:38 +0200)

committer Victor Julien <victor@inliniac.net>

Sun, 26 Apr 2020 15:13:49 +0000 (17:13 +0200)
author Philippe Antoine <pantoine@oisf.net>
Sat, 25 Apr 2020 09:38:53 +0000 (11:38 +0200)
committer Victor Julien <victor@inliniac.net>
Sun, 26 Apr 2020 15:13:49 +0000 (17:13 +0200)
diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c

index 9718086adcd248714455866352ec872a7fe34008..d8fbc5e66bba0a8b279493c50d518077f215c92e 100644 (file)
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -221,39 +221,39 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem **pdd, const char *str)
              if (first > last)
                  goto error;
  
+            SCLogDebug("Creating CIDR range for [%s - %s]", ip, ip2);
              dd->netmask = 32;
-            dd->ip[0] =htonl(first);
-
-            if (first < last) {
-                SCLogDebug("Creating CIDR range for [%s - %s]", ip, ip2);
-                while ( first <= last) {
-                    IPOnlyCIDRItem *new = IPOnlyCIDRItemNew();
-                    if (new == NULL)
-                        goto error;
-                    new->negated = dd->negated;
-                    new->family= dd->family;
-                    new->netmask = 32;
-                    /* Find the maximum netmask starting from current address first
-                     * and not crossing last.
-                     * To extend the mask, we need to start from a power of 2.
-                     * And we need to pay attention to unsigned overflow back to 0.0.0.0
-                     */
-                    while (new->netmask > 0 &&
-                           (first & (1UL << (32-new->netmask))) == 0 &&
-                           first + (1UL << (32-(new->netmask-1))) - 1 <= last) {
-                        new->netmask--;
-                    }
-                    new->ip[0] = htonl(first);
-                    dd = IPOnlyCIDRItemInsert(dd, new);
-                    first += 1UL << (32-new->netmask);
-                    if (first == 0) {
-                        //case whatever-255.255.255.255 looping to 0.0.0.0/0
-                        break;
-                    }
+            /* Find the maximum netmask starting from current address first
+             * and not crossing last.
+             * To extend the mask, we need to start from a power of 2.
+             * And we need to pay attention to unsigned overflow back to 0.0.0.0
+             */
+            while (dd->netmask > 0 &&
+                   (first & (1UL << (32-dd->netmask))) == 0 &&
+                   first + (1UL << (32-(dd->netmask-1))) - 1 <= last) {
+                dd->netmask--;
+            }
+            dd->ip[0] = htonl(first);
+            first += 1UL << (32-dd->netmask);
+            //case whatever-255.255.255.255 looping to 0.0.0.0/0
+            while ( first <= last && first != 0 ) {
+                IPOnlyCIDRItem *new = IPOnlyCIDRItemNew();
+                if (new == NULL)
+                    goto error;
+                new->negated = dd->negated;
+                new->family= dd->family;
+                new->netmask = 32;
+                while (new->netmask > 0 &&
+                       (first & (1UL << (32-new->netmask))) == 0 &&
+                       first + (1UL << (32-(new->netmask-1))) - 1 <= last) {
+                    new->netmask--;
                  }
-                //update head of list
-                *pdd = dd;
+                new->ip[0] = htonl(first);
+                first += 1UL << (32-new->netmask);
+                dd = IPOnlyCIDRItemInsert(dd, new);
              }
+            //update head of list
+            *pdd = dd;
  
          } else {
              /* 1.2.3.4 format */
author	Philippe Antoine <pantoine@oisf.net>
	Sat, 25 Apr 2020 09:38:53 +0000 (11:38 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sun, 26 Apr 2020 15:13:49 +0000 (17:13 +0200)