Add IPv6 support to signature header conditions.

- "src-ip" and "dst-ip" conditions can now use IPv6 addresses/subnets. They must be written in colon-hexadecimal representation and enclosed in square brackets (e.g. [fe80::1]). Addresses #774. - "icmp6" is now a valid protocol for use with "ip-proto" and "header" conditions. This allows signatures to be written that can match against ICMPv6 payloads. Addresses #880. - "ip6" is now a valid protocol for use with the "header" condition. (also the "ip-proto" condition, but it results in a no-op in that case since signatures apply only to the inner-most IP packet when packets are tunneled). This allows signatures to match specifically against IPv6 packets (whereas "ip" only matches against IPv4 packets). - "ip-proto" conditions can now match against IPv6 packets. Before, IPv6 packets were just silently ignored which meant DPD based on signatures did not function for IPv6 -- protocol analyzers would only get attached to a connection over IPv6 based on the well-known ports set in the "dpd_config" table.
2025-10-10 02:28:21 +00:00 · 2012-10-17 11:11:51 -05:00 · 2012-10-17 11:11:51 -05:00 · e835a55229
commit e835a55229
parent 2915e04db4
132 changed files with 1731 additions and 124 deletions
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -342,6 +342,21 @@ public:
 		return memcmp(&addr1.in6, &addr2.in6, sizeof(in6_addr)) < 0;
 		}

+	friend bool operator<=(const IPAddr& addr1, const IPAddr& addr2)
+		{
+		return addr1 < addr2 || addr1 == addr2;
+		}
+
+	friend bool operator>=(const IPAddr& addr1, const IPAddr& addr2)
+		{
+		return ! ( addr1 < addr2 );
+		}
+
+	friend bool operator>(const IPAddr& addr1, const IPAddr& addr2)
+		{
+		return ! ( addr1 <= addr2 );
+		}
+
 	/** Converts the address into the type used internally by the
 	  * inter-thread communication.
 	  */
@ -583,6 +598,11 @@ public:
 		return net1.Prefix() == net2.Prefix() && net1.Length() == net2.Length();
 		}

+	friend bool operator!=(const IPPrefix& net1, const IPPrefix& net2)
+		{
+		return ! (net1 == net2);
+		}
+
 	/**
 	 * Comparison operator IP prefixes. This defines a well-defined order for
 	 * IP prefix. However, the order does not necessarily corresponding to their
@ -600,6 +620,21 @@ public:
 			return false;
 		}

+	friend bool operator<=(const IPPrefix& net1, const IPPrefix& net2)
+		{
+		return net1 < net2 || net1 == net2;
+		}
+
+	friend bool operator>=(const IPPrefix& net1, const IPPrefix& net2)
+		{
+		return ! (net1 < net2 );
+		}
+
+	friend bool operator>(const IPPrefix& net1, const IPPrefix& net2)
+		{
+		return ! ( net1 <= net2 );
+		}
+
 private:
 	IPAddr prefix;	// We store it as an address with the non-prefix bits masked out via Mask().
 	uint8_t length;	// The bit length of the prefix relative to full IPv6 addr.