From: Victor Julien Date: Thu, 17 Feb 2022 09:56:53 +0000 (+0100) Subject: util/cidr: simplify IPv4 CIDR handling; add IPv6 X-Git-Tag: suricata-5.0.9~85 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e29061d23c4fdc794ae08e61474d99d48d6fae25;p=thirdparty%2Fsuricata.git util/cidr: simplify IPv4 CIDR handling; add IPv6 Instead of building a table at init just calculate it on demand. Callsites are all during init, so its not performance critical. Add similar function for IPv6. (cherry picked from commit e04d378e587d99fa40e1b237c0ef4db5cfde1902) --- diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 55489a41cf..d915a2a10f 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -243,11 +243,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) SigTableSetup(); /* load the rule keywords */ TmqhSetup(); - CIDRInit(); - -#ifdef DBG_MEM_ALLOC - SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem); -#endif SCProtoNameInit(); TagInitCtx(); diff --git a/src/suricata.c b/src/suricata.c index c3f7844fe9..f2d005c529 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2858,7 +2858,6 @@ static int PostConfLoadedSetup(SCInstance *suri) SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string); TmqhSetup(); - CIDRInit(); SCProtoNameInit(); TagInitCtx(); diff --git a/src/util-cidr.c b/src/util-cidr.c index 7889a5ecf4..41d9b66536 100644 --- a/src/util-cidr.c +++ b/src/util-cidr.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2022 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -26,24 +26,46 @@ #include "suricata-common.h" #include "util-cidr.h" -static uint32_t cidrs[33]; +uint32_t CIDRGet(int cidr) +{ + if (cidr <= 0 || cidr > 32) + return 0; + uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr)); + SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask); + return netmask; +} -void CIDRInit(void) +/** + * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value. + * + * For example if we send a cidr of 7 as argument, an ipv6 address + * mask of the value FE:00:00:00:00:00:00:00 is created and updated + * in the argument struct in6_addr *in6. + * + * \todo I think for the final section: while (cidr > 0), we can simply + * replace it with a + * if (cidr > 0) { + * in6->s6_addr[i] = -1 << (8 - cidr); + * + * \param cidr The value of the cidr. + * \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will + * hold the cidr netblock result. + */ +void CIDRGetIPv6(int cidr, struct in6_addr *in6) { int i = 0; - /* skip 0 as it will result in 0xffffffff */ - cidrs[0] = 0; - for (i = 1; i < 33; i++) { - cidrs[i] = htonl(0xFFFFFFFF << (32 - i)); - //printf("CIDRInit: cidrs[%02d] = 0x%08X\n", i, cidrs[i]); + memset(in6, 0, sizeof(struct in6_addr)); + + while (cidr > 8) { + in6->s6_addr[i] = 0xff; + cidr -= 8; + i++; } -} -uint32_t CIDRGet(int cidr) -{ - if (cidr < 0 || cidr > 32) - return 0; - return cidrs[cidr]; + while (cidr > 0) { + in6->s6_addr[i] |= 0x80; + if (--cidr > 0) + in6->s6_addr[i] = in6->s6_addr[i] >> 1; + } } - diff --git a/src/util-cidr.h b/src/util-cidr.h index ee275b4cc3..3653b8b95a 100644 --- a/src/util-cidr.h +++ b/src/util-cidr.h @@ -24,8 +24,8 @@ #ifndef __UTIL_NETMASK_H__ #define __UTIL_NETMASK_H__ -void CIDRInit(void); uint32_t CIDRGet(int); +void CIDRGetIPv6(int cidr, struct in6_addr *in6); #endif /* __UTIL_NETMASK_H__ */