git.ipfire.org Git - people/ms/suricata.git/commit

]> git.ipfire.org Git - people/ms/suricata.git/commit

projects / people / ms / suricata.git / commit

author	Victor Julien <vjulien@oisf.net>
	Tue, 15 Feb 2022 19:43:27 +0000 (20:43 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Thu, 17 Feb 2022 16:00:26 +0000 (17:00 +0100)
commit	51d4e0dced9cac7463ee924b00bc8666c68b20c3
tree	277f6e3fa1029a0181ecf22267c8da1f1bf1708a	tree \| snapshot
parent	311085dd34c445b8d9195c8517475b764a61eb3b	commit \| diff

detect/iponly: fix netmask handling

If the ipaddress was not the address range start, it was not masked to turn
it into that. So 1.2.3.4/24 was not stored as address 1.2.3.0 with netmask 24,
but as 1.2.3.4 with netmask 24. This was then propagated into the radix tree,
where it was used as an exact key in exact lookups, giving unexpected results.

This patch implements the netmask handling for IPv4 and IPv6, and adds a set
of tests for it.

Bug: #5081.
Bug: #5066.

src/detect-engine-address.c		diff \| blob \| blame \| history
src/detect-engine-iponly.c		diff \| blob \| blame \| history

Michael's tree of suricata

RSS Atom