tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
*c = tmp_c;
- if (de_ctx != NULL) {
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- }
-
/* we have 3 parts: [bbb[baba]aaa]
* part a: b_ip1 <-> a_ip1 - 1
* part b: a_ip1 <-> b_ip2
tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
*c = tmp_c;
- if (de_ctx != NULL) {
- /* 'a' gets clean and then 'b' sigs
- * 'b' gets clean, then 'a' then 'b' sigs
- * 'c' gets 'a' sigs */
- /* store old a list */
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
- /* clean a list */
- SigGroupHeadClearSigs(a->sh);
- /* copy old b to c */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh);
- /* copy old b to a */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
- /* prepend old a before b */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
- /* clean tmp list */
- SigGroupHeadClearSigs(tmp->sh);
- }
-
/* we have 2 or three parts:
*
* 2 part: [[abab]bbb] or [bbb[baba]]
b->ip.addr_data32[0] = htonl(a_ip2 + 1);
b->ip2.addr_data32[0] = htonl(b_ip2);
- if (de_ctx != NULL) {
- /* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
- }
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
b->ip.addr_data32[0] = htonl(a_ip1);
b->ip2.addr_data32[0] = htonl(a_ip2);
- if (de_ctx != NULL) {
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadClearSigs(a->sh);
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
- SigGroupHeadClearSigs(tmp->sh);
- }
} else {
SCLogDebug("3");
tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
*c = tmp_c;
-
- if (de_ctx != NULL) {
- /* 'a' gets clean and then 'b' sigs
- * 'b' gets clean, then 'a' then 'b' sigs
- * 'c' gets 'b' sigs */
- /* store old a list */
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
- /* clean a list */
- SigGroupHeadClearSigs(a->sh);
- /* copy old b to c */
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
- /* copy old b to a */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
- /* prepend old a before b */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
- /* clean tmp list */
- SigGroupHeadClearSigs(tmp->sh);
- }
}
/* we have 2 or three parts:
*
b->ip.addr_data32[0] = htonl(b_ip2 + 1);
b->ip2.addr_data32[0] = htonl(a_ip2);
-
- if (de_ctx != NULL) {
- /* 'b' overlaps 'a' so a needs the 'b' sigs */
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
- SigGroupHeadClearSigs(b->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
- SigGroupHeadClearSigs(tmp->sh);
- }
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
b->ip.addr_data32[0] = htonl(b_ip1);
b->ip2.addr_data32[0] = htonl(b_ip2);
-
- if (de_ctx != NULL) {
- /* 'a' overlaps 'b' so a needs the 'a' sigs */
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- }
} else {
SCLogDebug("DetectAddressCutIPv4: 3");
tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
*c = tmp_c;
-
- if (de_ctx != NULL) {
- /* 'a' stays the same wrt sigs
- * 'b' keeps it's own sigs and gets a's sigs prepended
- * 'c' gets 'a' sigs */
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
- }
}
}
*c = tmp_c;
- /* copy old b to c */
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
- /* copy old b to a */
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
-
/* we have 3 parts: [bbb[baba]aaa]
* part a: b_ip1 <-> a_ip1 - 1
* part b: a_ip1 <-> b_ip2
AddressCutIPv6Copy(a_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
- /* 'a' gets clean and then 'b' sigs
- * 'b' gets clean, then 'a' then 'b' sigs
- * 'c' gets 'a' sigs */
- /* store old a list */
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
- /* clean a list */
- SigGroupHeadClearSigs(a->sh);
- /* copy old b to c */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh);
- /* copy old b to a */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
- /* prepend old a before b */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
-
- /* clean tmp list */
- SigGroupHeadClearSigs(tmp->sh);
-
/* we have 2 or three parts:
*
* 2 part: [[abab]bbb] or [bbb[baba]]
AddressCutIPv6CopyAddOne(a_ip2, b->ip.addr_data32);
AddressCutIPv6Copy(b_ip2, b->ip2.addr_data32);
- /* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
-
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
AddressCutIPv6Copy(a_ip1, b->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, b->ip2.addr_data32);
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadClearSigs(a->sh);
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
- SigGroupHeadClearSigs(tmp->sh);
-
} else {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
AddressCutIPv6Copy(b_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
- /* 'a' gets clean and then 'b' sigs
- * 'b' gets clean, then 'a' then 'b' sigs
- * 'c' gets 'b' sigs */
- /* store old a list */
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
- /* clean a list */
- SigGroupHeadClearSigs(a->sh);
- /* copy old b to c */
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
- /* copy old b to a */
- SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
- /* prepend old a before b */
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
-
- /* clean tmp list */
- SigGroupHeadClearSigs(tmp->sh);
-
}
/* we have 2 or three parts:
*
AddressCutIPv6CopyAddOne(b_ip2, b->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, b->ip2.addr_data32);
-
- /* 'b' overlaps 'a' so a needs the 'b' sigs */
- SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
- SigGroupHeadClearSigs(b->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
- SigGroupHeadClearSigs(tmp->sh);
-
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
AddressCutIPv6Copy(b_ip1, b->ip.addr_data32);
AddressCutIPv6Copy(b_ip2, b->ip2.addr_data32);
-
- /* 'a' overlaps 'b' so a needs the 'a' sigs */
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
-
} else {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
AddressCutIPv6CopyAddOne(b_ip2, tmp_c->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
-
- /* 'a' stays the same wrt sigs
- * 'b' keeps it's own sigs and gets a's sigs prepended
- * 'c' gets 'a' sigs */
- SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
- SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
-
}
}
if (ag == NULL)
return;
- SCLogDebug("ag %p, sh %p", ag, ag->sh);
-
- /* only free the head if we have the original */
- if (ag->sh != NULL && !(ag->flags & ADDRESS_SIGGROUPHEAD_COPY)) {
- SCLogDebug("- ag %p, sh %p not a copy, so call SigGroupHeadFree", ag,
- ag->sh);
- SigGroupHeadFree(ag->sh);
- }
- ag->sh = NULL;
-
SCFree(ag);
return;
SCLogInfo("list:");
if (head != NULL) {
for (cur = head; cur != NULL; cur = cur->next) {
- SCLogInfo("SIGS %6u ", cur->sh ? cur->sh->sig_cnt : 0);
DetectAddressPrint(cur);
}
}
if (r == ADDRESS_EQ) {
/* exact overlap/match */
if (cur != new) {
- SigGroupHeadCopySigs(de_ctx, new->sh, &cur->sh);
DetectAddressFree(new);
-
return 0;
}
if (target->ip.family != source->ip.family)
return -1;
- SigGroupHeadCopySigs(de_ctx, source->sh, &target->sh);
-
if (target->ip.family == AF_INET)
return DetectAddressJoinIPv4(de_ctx, target, source);
else if (target->ip.family == AF_INET6)
return result;
}
-#include "detect-engine.h"
-
-/**
- * \test Test sig distribution over address groups
- */
-static int AddressTestFunctions01(void)
-{
- DetectAddress *a1 = NULL;
- DetectAddress *a2 = NULL;
- DetectAddressHead *h = NULL;
- int result = 0;
-
- DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- Signature s[2];
- memset(s,0x00,sizeof(s));
-
- s[0].num = 0;
- s[1].num = 1;
-
- a1 = DetectAddressParseSingle("255.0.0.0/8");
- if (a1 == NULL) {
- printf("a1 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
-
- a2 = DetectAddressParseSingle("0.0.0.0/0");
- if (a2 == NULL) {
- printf("a2 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
-
- SCLogDebug("a1");
- DetectAddressPrint(a1);
- SCLogDebug("a2");
- DetectAddressPrint(a2);
-
- h = DetectAddressHeadInit();
- if (h == NULL)
- goto end;
- DetectAddressInsert(de_ctx, h, a1);
- DetectAddressInsert(de_ctx, h, a2);
-
- if (h == NULL)
- goto end;
-
- DetectAddress *x = h->ipv4_head;
- for ( ; x != NULL; x = x->next) {
- SCLogDebug("x %p next %p", x, x->next);
- DetectAddressPrint(x);
- //SigGroupHeadPrintSigs(de_ctx, x->sh);
- }
-
- DetectAddress *one = h->ipv4_head;
- DetectAddress *two = one->next;
-
- int sig = 0;
- if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'two', but it shouldn't: ", sig);
- goto end;
- }
-
- result = 1;
-end:
- if (h != NULL)
- DetectAddressHeadFree(h);
- return result;
-}
-
-/**
- * \test Test sig distribution over address groups
- */
-static int AddressTestFunctions02(void)
-{
- DetectAddress *a1 = NULL;
- DetectAddress *a2 = NULL;
- DetectAddressHead *h = NULL;
- int result = 0;
-
- DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- Signature s[2];
- memset(s,0x00,sizeof(s));
-
- s[0].num = 0;
- s[1].num = 1;
-
- a1 = DetectAddressParseSingle("255.0.0.0/8");
- if (a1 == NULL) {
- printf("a1 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
-
- a2 = DetectAddressParseSingle("0.0.0.0/0");
- if (a2 == NULL) {
- printf("a2 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
-
- SCLogDebug("a1");
- DetectAddressPrint(a1);
- SCLogDebug("a2");
- DetectAddressPrint(a2);
-
- h = DetectAddressHeadInit();
- if (h == NULL)
- goto end;
- DetectAddressInsert(de_ctx, h, a2);
- DetectAddressInsert(de_ctx, h, a1);
-
- BUG_ON(h == NULL);
-
- SCLogDebug("dp3");
-
- DetectAddress *x = h->ipv4_head;
- for ( ; x != NULL; x = x->next) {
- DetectAddressPrint(x);
- //SigGroupHeadPrintSigs(de_ctx, x->sh);
- }
-
- DetectAddress *one = h->ipv4_head;
- DetectAddress *two = one->next;
-
- int sig = 0;
- if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'two', but it shouldn't: ", sig);
- goto end;
- }
-
- result = 1;
-end:
- if (h != NULL)
- DetectAddressHeadFree(h);
- return result;
-}
-
-/**
- * \test Test sig distribution over address groups
- */
-static int AddressTestFunctions03(void)
-{
- DetectAddress *a1 = NULL;
- DetectAddress *a2 = NULL;
- DetectAddressHead *h = NULL;
- int result = 0;
-
- DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- Signature s[2];
- memset(s,0x00,sizeof(s));
-
- s[0].num = 0;
- s[1].num = 1;
-
- a1 = DetectAddressParseSingle("ffff::/16");
- if (a1 == NULL) {
- printf("a1 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
-
- a2 = DetectAddressParseSingle("::/0");
- if (a2 == NULL) {
- printf("a2 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
-
- SCLogDebug("a1");
- DetectAddressPrint(a1);
- SCLogDebug("a2");
- DetectAddressPrint(a2);
-
- h = DetectAddressHeadInit();
- if (h == NULL)
- goto end;
- DetectAddressInsert(de_ctx, h, a1);
- DetectAddressInsert(de_ctx, h, a2);
-
- if (h == NULL)
- goto end;
-
- DetectAddress *x = h->ipv6_head;
- for ( ; x != NULL; x = x->next) {
- SCLogDebug("x %p next %p", x, x->next);
- DetectAddressPrint(x);
- //SigGroupHeadPrintSigs(de_ctx, x->sh);
- }
-
- DetectAddress *one = h->ipv6_head;
- DetectAddress *two = one->next;
-
- int sig = 0;
- if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'two', but it shouldn't: ", sig);
- goto end;
- }
-
- result = 1;
-end:
- if (h != NULL)
- DetectAddressHeadFree(h);
- return result;
-}
-
-/**
- * \test Test sig distribution over address groups
- */
-static int AddressTestFunctions04(void)
-{
- DetectAddress *a1 = NULL;
- DetectAddress *a2 = NULL;
- DetectAddressHead *h = NULL;
- int result = 0;
-
- DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- Signature s[2];
- memset(s,0x00,sizeof(s));
-
- s[0].num = 0;
- s[1].num = 1;
-
- a1 = DetectAddressParseSingle("ffff::/16");
- if (a1 == NULL) {
- printf("a1 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
-
- a2 = DetectAddressParseSingle("::/0");
- if (a2 == NULL) {
- printf("a2 == NULL: ");
- goto end;
- }
- SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
-
- SCLogDebug("a1");
- DetectAddressPrint(a1);
- SCLogDebug("a2");
- DetectAddressPrint(a2);
-
- h = DetectAddressHeadInit();
- if (h == NULL)
- goto end;
- DetectAddressInsert(de_ctx, h, a2);
- DetectAddressInsert(de_ctx, h, a1);
-
- BUG_ON(h == NULL);
-
- SCLogDebug("dp3");
-
- DetectAddress *x = h->ipv6_head;
- for ( ; x != NULL; x = x->next) {
- DetectAddressPrint(x);
- //SigGroupHeadPrintSigs(de_ctx, x->sh);
- }
-
- DetectAddress *one = h->ipv6_head;
- DetectAddress *two = one->next;
-
- int sig = 0;
- if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'one', but it shouldn't: ", sig);
- goto end;
- }
- sig = 1;
- if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
- printf("sig %d part of 'two', but it shouldn't: ", sig);
- goto end;
- }
-
- result = 1;
-end:
- if (h != NULL)
- DetectAddressHeadFree(h);
- return result;
-}
-
#endif /* UNITTESTS */
void DetectAddressTests(void)
UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03, 1);
UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04, 1);
UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05, 1);
-
- UtRegisterTest("AddressTestFunctions01", AddressTestFunctions01, 1);
- UtRegisterTest("AddressTestFunctions02", AddressTestFunctions02, 1);
- UtRegisterTest("AddressTestFunctions03", AddressTestFunctions03, 1);
- UtRegisterTest("AddressTestFunctions04", AddressTestFunctions04, 1);
#endif /* UNITTESTS */
}
projects / thirdparty / suricata.git / commitdiff
