util/cidr: simplify IPv4 CIDR handling; add IPv6

Instead of building a table at init just calculate it on demand.

Callsites are all during init, so its not performance critical.

Add similar function for IPv6.

(cherry picked from commit e04d378e587d99fa40e1b237c0ef4db5cfde1902)

diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index 55489a41cf589327931d62083e6b845a001331bf..d915a2a10fbb6c765615f1069e82b19d0ee5d543 100644 (file)
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -243,11 +243,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
     SigTableSetup(); /* load the rule keywords */
     TmqhSetup();
 
-    CIDRInit();
-
-#ifdef DBG_MEM_ALLOC
-    SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
-#endif
     SCProtoNameInit();
 
     TagInitCtx();

diff --git a/src/suricata.c b/src/suricata.c
index c3f7844fe9fdbabfc45268bdce440ad8cb00f61e..f2d005c5293a713321f2e1b4266ff548881f79c8 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2858,7 +2858,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
     SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
     TmqhSetup();
 
-    CIDRInit();
     SCProtoNameInit();
 
     TagInitCtx();

diff --git a/src/util-cidr.c b/src/util-cidr.c
index 7889a5ecf41b5be80c854f6cdd9271b7c31d5eb1..41d9b66536f5e1a427c7afc44acf4ca9f0abbc13 100644 (file)
--- a/src/util-cidr.c
+++ b/src/util-cidr.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -26,24 +26,46 @@
 #include "suricata-common.h"
 #include "util-cidr.h"
 
-static uint32_t cidrs[33];
+uint32_t CIDRGet(int cidr)
+{
+    if (cidr <= 0 || cidr > 32)
+        return 0;
+    uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr));
+    SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask);
+    return netmask;
+}
 
-void CIDRInit(void)
+/**
+ * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
+ *
+ *        For example if we send a cidr of 7 as argument, an ipv6 address
+ *        mask of the value FE:00:00:00:00:00:00:00 is created and updated
+ *        in the argument struct in6_addr *in6.
+ *
+ * \todo I think for the final section: while (cidr > 0), we can simply
+ *       replace it with a
+ *       if (cidr > 0) {
+ *           in6->s6_addr[i] = -1 << (8 - cidr);
+ *
+ * \param cidr The value of the cidr.
+ * \param in6  Pointer to an ipv6 address structure(struct in6_addr) which will
+ *             hold the cidr netblock result.
+ */
+void CIDRGetIPv6(int cidr, struct in6_addr *in6)
 {
     int i = 0;
 
-    /* skip 0 as it will result in 0xffffffff */
-    cidrs[0] = 0;
-    for (i = 1; i < 33; i++) {
-        cidrs[i] = htonl(0xFFFFFFFF << (32 - i));
-        //printf("CIDRInit: cidrs[%02d] = 0x%08X\n", i, cidrs[i]);
+    memset(in6, 0, sizeof(struct in6_addr));
+
+    while (cidr > 8) {
+        in6->s6_addr[i] = 0xff;
+        cidr -= 8;
+        i++;
     }
-}
 
-uint32_t CIDRGet(int cidr)
-{
-    if (cidr < 0 || cidr > 32)
-        return 0;
-    return cidrs[cidr];
+    while (cidr > 0) {
+        in6->s6_addr[i] |= 0x80;
+        if (--cidr > 0)
+            in6->s6_addr[i] = in6->s6_addr[i] >> 1;
+    }
 }
-

diff --git a/src/util-cidr.h b/src/util-cidr.h
index ee275b4cc3fe61ffed89eaf052f7a00c40c1c434..3653b8b95a972a7fdd9ad393f37145fca2871670 100644 (file)
--- a/src/util-cidr.h
+++ b/src/util-cidr.h
@@ -24,8 +24,8 @@
 #ifndef __UTIL_NETMASK_H__
 #define __UTIL_NETMASK_H__
 
-void CIDRInit(void);
 uint32_t CIDRGet(int);
+void CIDRGetIPv6(int cidr, struct in6_addr *in6);
 
 #endif /* __UTIL_NETMASK_H__ */