/src/suricata7/src/util-cidr.c

Source (jump to first uncovered line)
/* Copyright (C) 2007-2022 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 *
 * CIDR utility functions
 */

#include "suricata-common.h"
#include "util-cidr.h"
#include "util-debug.h"
#include "util-unittest.h"

/** \brief Turn 32 bit mask into CIDR
 *
 *  \retval cidr The cidr value or -1 if the netmask can't be expressed as cidr
 */
int CIDRFromMask(uint32_t netmask)
{
    netmask = ntohl(netmask);
    if (netmask == 0) {
        return 0;
    }
    int p = 0;
    bool seen_1 = false;
    while (netmask > 0) {
        if (netmask & 1) {
            seen_1 = true;
            p++;
        } else {
            if (seen_1) {
                return -1;
            }
        }
        netmask >>= 1;
    }
    return p;
}

uint32_t CIDRGet(int cidr)
{
    if (cidr <= 0 || cidr > 32)
        return 0;
    uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr));
    SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask);
    return netmask;
}

/**
 * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
 *
 *        For example if we send a cidr of 7 as argument, an ipv6 address
 *        mask of the value FE:00:00:00:00:00:00:00 is created and updated
 *        in the argument struct in6_addr *in6.
 *
 * \todo I think for the final section: while (cidr > 0), we can simply
 *       replace it with a
 *       if (cidr > 0) {
 *           in6->s6_addr[i] = -1 << (8 - cidr);
 *
 * \param cidr The value of the cidr.
 * \param in6  Pointer to an ipv6 address structure(struct in6_addr) which will
 *             hold the cidr netblock result.
 */
void CIDRGetIPv6(int cidr, struct in6_addr *in6)
{
    int i = 0;

    memset(in6, 0, sizeof(struct in6_addr));

    while (cidr > 8) {
        in6->s6_addr[i] = 0xff;
        cidr -= 8;
        i++;
    }

    while (cidr > 0) {
        in6->s6_addr[i] |= 0x80;
        if (--cidr > 0)
            in6->s6_addr[i] = in6->s6_addr[i] >> 1;
    }
}

#ifdef UNITTESTS

static int CIDRFromMaskTest01(void)
{
    struct in_addr in;
    int v = inet_pton(AF_INET, "255.255.255.0", &in);

    FAIL_IF(v <= 0);
    FAIL_IF_NOT(24 == CIDRFromMask(in.s_addr));

    PASS;
}

static int CIDRFromMaskTest02(void)
{
    struct in_addr in;
    int v = inet_pton(AF_INET, "255.255.0.42", &in);

    FAIL_IF(v <= 0);
    FAIL_IF_NOT(-1 == CIDRFromMask(in.s_addr));

    PASS;
}

static int CIDRFromMaskTest03(void)
{
    struct in_addr in;
    int v = inet_pton(AF_INET, "0.0.0.0", &in);

    FAIL_IF(v <= 0);
    FAIL_IF_NOT(0 == CIDRFromMask(in.s_addr));

    PASS;
}

static int CIDRFromMaskTest04(void)
{
    struct in_addr in;
    int v = inet_pton(AF_INET, "255.255.255.255", &in);

    FAIL_IF(v <= 0);
    FAIL_IF_NOT(32 == CIDRFromMask(in.s_addr));

    PASS;
}

#endif /* UNITTESTS */

void UtilCIDRTests(void)
{
#ifdef UNITTESTS
    UtRegisterTest("CIDRFromMaskTest01", CIDRFromMaskTest01);
    UtRegisterTest("CIDRFromMaskTest02", CIDRFromMaskTest02);
    UtRegisterTest("CIDRFromMaskTest03", CIDRFromMaskTest03);
    UtRegisterTest("CIDRFromMaskTest04", CIDRFromMaskTest04);
#endif /* UNITTESTS */
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright (C) 2007-2022 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		/**
19		* \file
20		*
21		* \author Victor Julien <victor@inliniac.net>
22		*
23		* CIDR utility functions
24		*/
25
26		#include "suricata-common.h"
27		#include "util-cidr.h"
28		#include "util-debug.h"
29		#include "util-unittest.h"
30
31		/** \brief Turn 32 bit mask into CIDR
32		*
33		* \retval cidr The cidr value or -1 if the netmask can't be expressed as cidr
34		*/
35		int CIDRFromMask(uint32_t netmask)
36	1.99k	{
37	1.99k	netmask = ntohl(netmask);
38	1.99k	if (netmask == 0) {
39	2	return 0;
40	2	}
41	1.99k	int p = 0;
42	1.99k	bool seen_1 = false;
43	16.3k	while (netmask > 0) {
44	16.0k	if (netmask & 1) {
45	2.69k	seen_1 = true;
46	2.69k	p++;
47	13.3k	} else {
48	13.3k	if (seen_1) {
49	1.66k	return -1;
50	1.66k	}
51	13.3k	}
52	14.3k	netmask >>= 1;
53	14.3k	}
54	327	return p;
55	1.99k	}
56
57		uint32_t CIDRGet(int cidr)
58	413k	{
59	413k	if (cidr <= 0 \|\| cidr > 32)
60	372k	return 0;
61	41.2k	uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr));
62	41.2k	SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask);
63	41.2k	return netmask;
64	413k	}
65
66		/**
67		* \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
68		*
69		* For example if we send a cidr of 7 as argument, an ipv6 address
70		* mask of the value FE:00:00:00:00:00:00:00 is created and updated
71		* in the argument struct in6_addr *in6.
72		*
73		* \todo I think for the final section: while (cidr > 0), we can simply
74		* replace it with a
75		* if (cidr > 0) {
76		* in6->s6_addr[i] = -1 << (8 - cidr);
77		*
78		* \param cidr The value of the cidr.
79		* \param in6 Pointer to an ipv6 address structure(struct in6_addr) which will
80		* hold the cidr netblock result.
81		*/
82		void CIDRGetIPv6(int cidr, struct in6_addr *in6)
83	506k	{
84	506k	int i = 0;
85
86	506k	memset(in6, 0, sizeof(struct in6_addr));
87
88	1.03M	while (cidr > 8) {
89	530k	in6->s6_addr[i] = 0xff;
90	530k	cidr -= 8;
91	530k	i++;
92	530k	}
93
94	851k	while (cidr > 0) {
95	344k	in6->s6_addr[i] \|= 0x80;
96	344k	if (--cidr > 0)
97	239k	in6->s6_addr[i] = in6->s6_addr[i] >> 1;
98	344k	}
99	506k	}
100
101		#ifdef UNITTESTS
102
103		static int CIDRFromMaskTest01(void)
104		{
105		struct in_addr in;
106		int v = inet_pton(AF_INET, "255.255.255.0", &in);
107
108		FAIL_IF(v <= 0);
109		FAIL_IF_NOT(24 == CIDRFromMask(in.s_addr));
110
111		PASS;
112		}
113
114		static int CIDRFromMaskTest02(void)
115		{
116		struct in_addr in;
117		int v = inet_pton(AF_INET, "255.255.0.42", &in);
118
119		FAIL_IF(v <= 0);
120		FAIL_IF_NOT(-1 == CIDRFromMask(in.s_addr));
121
122		PASS;
123		}
124
125		static int CIDRFromMaskTest03(void)
126		{
127		struct in_addr in;
128		int v = inet_pton(AF_INET, "0.0.0.0", &in);
129
130		FAIL_IF(v <= 0);
131		FAIL_IF_NOT(0 == CIDRFromMask(in.s_addr));
132
133		PASS;
134		}
135
136		static int CIDRFromMaskTest04(void)
137		{
138		struct in_addr in;
139		int v = inet_pton(AF_INET, "255.255.255.255", &in);
140
141		FAIL_IF(v <= 0);
142		FAIL_IF_NOT(32 == CIDRFromMask(in.s_addr));
143
144		PASS;
145		}
146
147		#endif /* UNITTESTS */
148
149		void UtilCIDRTests(void)
150	0	{
151		#ifdef UNITTESTS
152		UtRegisterTest("CIDRFromMaskTest01", CIDRFromMaskTest01);
153		UtRegisterTest("CIDRFromMaskTest02", CIDRFromMaskTest02);
154		UtRegisterTest("CIDRFromMaskTest03", CIDRFromMaskTest03);
155		UtRegisterTest("CIDRFromMaskTest04", CIDRFromMaskTest04);
156		#endif /* UNITTESTS */
157	0	}

Coverage Report

Created: 2025-07-23 07:29