We don't export s6_addr16 and don't have
suitable uint16_t member in in6_addr
--- snort-2.9.9.0/src/sfutil/sf_ip.h.~2~ 2017-02-01 21:45:38.917735171 +0300
+++ snort-2.9.9.0/src/sfutil/sf_ip.h 2017-02-01 21:48:52.021491697 +0300
@@ -44,6 +44,7 @@
#include "snort_debug.h" /* for inline definition */
#include "sf_types.h"
+#include <inttypes.h>
/* define SFIP_ROBUST to check pointers passed into the sfip libs.
* Robustification should not be enabled if the client code is trustworthy.
@@ -75,13 +76,25 @@
#ifndef WIN32
#if !defined(s6_addr8)
-#define s6_addr8 __u6_addr.__u6_addr8
+#if defined __sun
+#define s6_addr8 _S6_un._S6_u8
+#else
+#define s6_addr8 u6_addr.u6_addr8
+#endif
#endif
#if !defined(s6_addr16)
-#define s6_addr16 __u6_addr.__u6_addr16
+#if defined __sun
+/* Unfortunately, we don't have uint16_t[] member here */
+#else
+#define s6_addr16 u6_addr.u6_addr16
+#endif
#endif
#if !defined(s6_addr32)
-#define s6_addr32 __u6_addr.__u6_addr32
+#if defined __sun
+#define s6_addr32 _S6_un._S6_u32
+#else
+#define s6_addr32 u6_addr.u6_addr32
+#endif
#endif
#ifdef _WIN32
@@ -93,7 +106,9 @@
struct in6_addr ip;
uint16_t family;
# define ia8 ip.s6_addr
+#if !defined(__sun)
# define ia16 ip.s6_addr16
+#endif
# define ia32 ip.s6_addr32
#ifdef _WIN32
};
@@ -272,16 +287,26 @@
* need to determine if it's safe to not check these pointers */\
static inline int sfraw_is_set(const struct in6_addr *addr) {
/* ARG_CHECK1(ip, -1); */
+#ifdef __sun
+ return (addr->s6_addr32[3] || addr->s6_addr32[0] || addr->s6_addr32[1] || ((uint16_t*)(addr->s6_addr32))[4] ||
+ (((uint16_t*)(addr->s6_addr32))[5] && ((uint16_t*)(addr->s6_addr32))[5] != 0xFFFF)) ? 1 : 0;
+#else
return (addr->s6_addr32[3] || addr->s6_addr32[0] || addr->s6_addr32[1] || addr->s6_addr16[4] ||
(addr->s6_addr16[5] && addr->s6_addr16[5] != 0xFFFF)) ? 1 : 0;
+#endif
}
static inline int sfaddr_is_set(const sfaddr_t *addr) {
/* ARG_CHECK1(ip, -1); */
return ((addr->family == AF_INET && addr->ia32[3]) ||
(addr->family == AF_INET6 &&
+#ifdef __sun
+ (addr->ia32[0] || addr->ia32[1] || addr->ia32[3] || ((uint16_t*)(addr->ia32))[4] ||
+ (((uint16_t *)(addr->ia32))[5] && ((uint16_t*)(addr->ia32))[5] != 0xFFFF)))) ? 1 : 0;
+#else
(addr->ia32[0] || addr->ia32[1] || addr->ia32[3] || addr->ia16[4] ||
(addr->ia16[5] && addr->ia16[5] != 0xFFFF)))) ? 1 : 0;
+#endif
}
static inline int sfip_is_set(const sfcidr_t *ip) {
@@ -297,8 +322,11 @@
/* Returns 1 if the IPv6 address appears mapped. 0 otherwise. */
static inline int sfip_ismapped(const sfaddr_t *ip) {
ARG_CHECK1(ip, 0);
-
+#ifdef __sun
+ return (ip->ia32[0] || ip->ia32[1] || ((uint16_t*)(ip->ia32))[4] || ( ((uint16_t*)(ip->ia32))[5] != 0xffff && ((uint16_t*)(ip->ia32))[5])) ? 0 : 1;
+#else
return (ip->ia32[0] || ip->ia32[1] || ip->ia16[4] || (ip->ia16[5] != 0xffff && ip->ia16[5])) ? 0 : 1;
+#endif
}
/* Support function for sfip_compare */
@@ -532,9 +560,15 @@
/* Check the first 80 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
- if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4]) return 0;
+#ifdef __sun
+ if(ip->ia32[0] || ip->ia32[1] || ((uint16_t *)(ip->ia32))[4]) return 0;
+
+ if ( ((uint16_t *)(ip->ia32))[5] == 0xffff ) {
+#else
+ if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4]) return 0;
if ( ip->ia16[5] == 0xffff ) {
+#endif
/* ::ffff: IPv4 mapped over IPv6 */
/*
* 10.0.0.0 - 10.255.255.255 (10/8 prefix)
@@ -547,7 +581,11 @@
}
/* Check if the 3rd 32-bit int is zero */
+#ifdef __sun
+ if ( !((uint16_t *)(ip->ia32))[5] ) {
+#else
if ( !ip->ia16[5] ) {
+#endif
/* ::ipv4 compatible ipv6 */
/* ::1 is the IPv6 loopback */
return ( (ip->ia8[12] == 10)
--- snort-2.9.9.0/src/sfutil/sfrt.h.1 2017-02-01 21:50:21.485565677 +0300
+++ snort-2.9.9.0/src/sfutil/sfrt.h 2017-02-01 21:51:56.601538134 +0300
@@ -229,7 +229,11 @@
rt = table->rt;
subtable = ((dir_table_t *)rt)->sub_table;
/* 16 bits*/
+#ifdef __sun
+ index = ntohs (((uint16_t*)(ip->ia8))[6]);
+#else
index = ntohs(ip->ia16[6]);
+#endif
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
--- snort-2.9.9.0/src/sfutil/sfrt_flat.h.1 2017-02-01 21:53:43.221557566 +0300
+++ snort-2.9.9.0/src/sfutil/sfrt_flat.h 2017-02-01 21:55:02.016896936 +0300
@@ -102,7 +102,11 @@
rt = (dir_table_flat_t *)(&base[table->rt]);
subtable = (dir_sub_table_flat_t *)(&base[rt->sub_table]);
/* 16 bits */
+#ifdef __sun
+ index = ntohs(((uint16_t*)(ip->ia8))[6]);
+#else
index = ntohs(ip->ia16[6]);
+#endif
entries_value = (Entry_Value *)(&base[subtable->entries_value]);
entries_length = (Entry_Len *)(&base[subtable->entries_length]);
if( !entries_value[index] || entries_length[index] )
--- snort-2.9.9.0/src/sfutil/sf_ip.c 2016-06-07 10:47:49.000000000 +0300
+++ snort-2.9.9.0/src/sfutil/sf_ip.c 2017-02-01 22:03:00.217171822 +0300
@@ -386,8 +386,13 @@
new_octet = (chr == '.');
}
addr = (sfaddr_t*)dst;
+#ifdef __sun
+ addr->ia32[0] = addr->ia32[1] = ((uint16_t*)(addr->ia8))[4] = 0;
+ ((uint16_t*)(addr->ia32))[5] = 0xFFFF;
+#else
addr->ia32[0] = addr->ia32[1] = addr->ia16[4] = 0;
addr->ia16[5] = 0xFFFF;
+#endif
dst = &addr->ia32[3];
}
@@ -419,8 +424,13 @@
dst->family = family;
if(family == AF_INET) {
+#ifdef __sun
+ dst->ia32[0] = dst->ia32[1] = ((uint16_t*)(dst->ia32))[4] = 0;
+ ((uint16_t*)(dst->ia32))[5] = 0xFFFF;
+#else
dst->ia32[0] = dst->ia32[1] = dst->ia16[4] = 0;
dst->ia16[5] = 0xFFFF;
+#endif
dst->ia32[3] = *(uint32_t*)src;
} else if(family == AF_INET6) {
memcpy(sfaddr_get_ip6_ptr(dst), src, 16);
@@ -612,16 +622,27 @@
/* Check the first 80 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
+#ifdef __sun
+ if(ip->ia32[0] || ip->ia32[1] || ((uint16_t*)(ip->ia8))[4])
+#else
if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4])
+#endif
return 0;
+#ifdef __sun
+ if(((uint16_t*)(ip->ia8))[5] == 0xFFFF)
+#else
if(ip->ia16[5] == 0xFFFF)
+#endif
{
/* ::ffff:7f00:0/104 is ipv4 compatible ipv6 */
return (ip->ia8[12] == 0x7f);
}
-
+#ifdef __sun
+ if(!((uint16_t*)(ip->ia8))[5])
+#else
if(!ip->ia16[5])
+#endif
{
/* ::7f00:0/104 is ipv4 compatible ipv6 */
/* ::1 is the IPv6 loopback */
--- snort-2.9.9.0/src/decode.c.1 2017-02-01 22:26:01.531260324 +0300
+++ snort-2.9.9.0/src/decode.c 2017-02-01 22:30:34.379039380 +0300
@@ -3188,9 +3188,17 @@
/* Multicast addresses only specify the first 16 and last 40 bits.
Others should be zero. */
+#ifdef __sun
+ if ((((uint16_t*)(ip_dst->s6_addr32))[1] != 0) ||
+#else
if ((ip_dst->s6_addr16[1] != 0) ||
+#endif
(ip_dst->s6_addr32[1] != 0) ||
+#ifdef __sun
+ (((uint16_t*)(ip_dst->s6_addr32))[4] != 0) ||
+#else
(ip_dst->s6_addr16[4] != 0) ||
+#endif
(ip_dst->s6_addr[10] != 0))
{
DecoderEvent(p, DECODE_IPV6_DST_RESERVED_MULTICAST,
@@ -3201,10 +3209,18 @@
if (ip_dst->s6_addr[1] == IP6_MULTICAST_SCOPE_INTERFACE)
{
// Node-local scope
+#ifdef __sun
+ if ((((uint16_t*)(ip_dst->s6_addr32))[1] != 0) ||
+#else
if ((ip_dst->s6_addr16[1] != 0) ||
+#endif
(ip_dst->s6_addr32[1] != 0) ||
(ip_dst->s6_addr32[2] != 0) ||
+#ifdef __sun
+ (((uint16_t*)(ip_dst->s6_addr32))[6] != 0))
+#else
(ip_dst->s6_addr16[6] != 0))
+#endif
{
DecoderEvent(p, DECODE_IPV6_DST_RESERVED_MULTICAST,