1 /* $Id$ */
2 /*
3 * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
4 * Copyright (C) 2002-2013 Sourcefire, Inc.
5 *
6 * Author(s): Andrew R. Baker <andrewb@snort.org>
7 * Martin Roesch <roesch@sourcefire.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License Version 2 as
11 * published by the Free Software Foundation. You may not use, modify or
12 * distribute this program under any other version of the GNU General
13 * Public License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 *
24 */
25
26 /* includes */
27
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31
32 #include <errno.h>
33 #include <stdio.h>
34 #include <string.h>
35 #include <stdlib.h>
36 #ifndef WIN32
37 #include <netdb.h>
38 #include <ctype.h>
39 #include <sys/types.h>
40 #include <sys/socket.h>
41 #include <netinet/in.h>
42 #include <arpa/inet.h>
43 #endif
44
45 #ifdef HAVE_STRINGS_H
46 #include <strings.h>
47 #endif
48
49 #include "util.h"
50 #include "mstring.h"
51 #include "parser.h"
52 #include "snort_debug.h"
53 #include "snort.h"
54 #include "sfPolicy.h"
55
56 #include "IpAddrSet.h"
57
58 # include "ipv6_port.h"
59
60 extern char *file_name; /* current rules file being processed */
61 extern int line_num; /* current rules file line */
62
63
64
IpAddrSetParse(SnortConfig * sc,char * addr)65 IpAddrSet *IpAddrSetParse(SnortConfig *sc, char *addr)
66 {
67 IpAddrSet *ret;
68 int ret_code;
69 vartable_t *ip_vartable;
70
71 if ((sc == NULL) || (sc->targeted_policies[getParserPolicy(sc)] == NULL))
72 {
73 FatalError("%s(%d) Snort conf for parsing is NULL.\n",
74 __FILE__, __LINE__);
75 }
76
77 ip_vartable = sc->targeted_policies[getParserPolicy(sc)]->ip_vartable;
78
79 DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Got address string: %s\n",
80 addr););
81
82 ret = (IpAddrSet*)SnortAlloc(sizeof(IpAddrSet));
83
84 if((ret_code = sfvt_add_to_var(ip_vartable, ret, addr)) != SFIP_SUCCESS)
85 {
86 if(ret_code == SFIP_LOOKUP_FAILURE)
87 FatalError("%s(%d) => Undefined variable in the string: %s\n",
88 file_name, file_line, addr);
89 else if(ret_code == SFIP_CONFLICT)
90 FatalError("%s(%d) => Negated IP ranges that equal to or are"
91 " more-specific than non-negated ranges are not allowed."
92 " Consider inverting the logic: %s.\n",
93 file_name, file_line, addr);
94 else
95 FatalError("%s(%d) => Unable to process the IP address: %s\n",
96 file_name, file_line, addr);
97 }
98
99 return ret;
100 }
101
IpAddrSetDestroy(IpAddrSet * ipAddrSet)102 void IpAddrSetDestroy(IpAddrSet *ipAddrSet)
103 {
104
105 if(!ipAddrSet)
106 return;
107
108 sfvar_free(ipAddrSet);
109 }
110
111