config_ipv6_frag.cc
config_memcaps.cc
config_mpls_payload_type.cc
+ config_na_policy_mode.cc
config_no_option.cc
config_one_int_option.cc
config_one_string_option.cc
config_ipv6_frag.cc \
config_memcaps.cc \
config_mpls_payload_type.cc \
+config_na_policy_mode.cc \
config_no_option.cc \
config_one_int_option.cc \
config_one_string_option.cc \
extern const ConvertMap* max_mpls_labelchain_len_map;
extern const ConvertMap* mpls_payload_type_map;
extern const ConvertMap* min_ttl_map;
+extern const ConvertMap* na_policy_mode_map;
extern const ConvertMap* new_ttl_map;
extern const ConvertMap* nolog_map;
extern const ConvertMap* nopcre_map;
extern const ConvertMap* policy_version_map;
extern const ConvertMap* profile_preprocs_map;
extern const ConvertMap* profile_rules_map;
+extern const ConvertMap* protected_content_map;
extern const ConvertMap* quiet_map;
extern const ConvertMap* rate_filter_map;
extern const ConvertMap* react_map;
max_metadata_services_map,
max_mpls_labelchain_len_map,
mpls_payload_type_map,
+ na_policy_mode_map,
new_ttl_map,
nolog_map,
nopcre_map,
policy_version_map,
profile_preprocs_map,
profile_rules_map,
+ protected_content_map,
quiet_map,
rate_filter_map,
react_map,
};
const ConvertMap* decode_data_link_map = &decode_data_link_api;
+
+/*************************************************
+ ************* protected_content ****************
+ *************************************************/
+
+static const std::string protected_content = "protected_content";
+static const ConvertMap protected_content_api =
+{
+ protected_content,
+ deleted_ctor<& protected_content>,
+};
+
+const ConvertMap* protected_content_map = &protected_content_api;
} // namespace config
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// config_na_policy_mode.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "helpers/s2l_util.h"
+
+namespace config
+{
+
+//FIXIT-L add when snort supports separate inline mode and normalization inline mode
+static std::string header = "config na_policy_mode: ";
+
+static ConversionState* ctor(Converter& c)
+{ return new UnsupportedState<&header>(c); }
+
+static const ConvertMap na_policy_mode_api =
+{
+ "na_policy_mode",
+ ctor,
+};
+
+const ConvertMap* na_policy_mode_map = &na_policy_mode_api;
+} // namespace config
+
private:
};
+template<std::string* config_header>
+class UnsupportedState : public ConversionState
+{
+public:
+ UnsupportedState(Converter& c) : ConversionState(c) {}
+ virtual ~UnsupportedState() {}
+
+ bool convert(std::istringstream& data_stream)
+ {
+ data_api.add_unsupported_comment(*config_header +
+ std::string(std::istreambuf_iterator<char>(data_stream), {}));
+ return true;
+ }
+};
+
#endif
" these lines were commented "
"in the configuration file.\n\n";
+static const std::string start_unsupported =
+ "\nUNSUPPORTED:\n"
+ " these configuration items are not currently supported\n\n";
+
static const std::string start_errors =
"\nERRORS:\n"
" all of these occurred during the attempted conversion:\n\n";
Comments::CommentType::MULTI_LINE);
errors = new Comments(start_errors, 0,
Comments::CommentType::MULTI_LINE);
+ unsupported = new Comments(start_unsupported, 0,
+ Comments::CommentType::MULTI_LINE);
}
DataApi::~DataApi()
delete comments;
delete errors;
+ delete unsupported;
}
std::string DataApi::translate_variable(const std::string& var_name)
return error_string;
}
-void DataApi::failed_conversion(const std::istringstream& stream)
-{
- // we only need to go through this once.
- if (!curr_data_bad)
- {
- errors->add_text(std::string());
- errors->add_text(get_file_line());
- errors->add_text(stream.str());
- curr_data_bad = true;
- errors_count++;
- }
-}
-
-void DataApi::failed_conversion(const std::istringstream& stream,
- const std::string unknown_option)
+void DataApi::failed_conversion(const std::istringstream& stream, const std::string unknown_option)
{
// we only need to go through this once.
if (!curr_data_bad)
curr_data_bad = true;
errors_count++;
}
- errors->add_text("^^^^ unknown_syntax=" + unknown_option);
+ if ( unknown_option.size() )
+ errors->add_text("^^^^ unknown_syntax=" + unknown_option);
}
bool DataApi::add_variable(std::string name, std::string value)
void DataApi::add_comment(std::string c)
{ comments->add_text(c); }
+void DataApi::add_unsupported_comment(std::string c)
+{ unsupported->add_text(c); }
+
void DataApi::print_errors(std::ostream& out)
{
if (is_default_mode() &&
out << (*comments) << "\n";
}
+void DataApi::print_unsupported(std::ostream& out)
+{
+ if (is_default_mode() && !unsupported->empty())
+ out << (*unsupported) << "\n";
+}
+
void DataApi::swap_conf_data(std::vector<Variable*>& new_vars,
std::vector<Include*>& new_includes,
- Comments*& new_comments)
+ Comments*& new_comments, Comments*& new_unsupported)
{
vars.swap(new_vars);
includes.swap(new_includes);
Comments* tmp = new_comments;
new_comments = comments;
comments = tmp;
+
+ tmp = new_unsupported;
+ new_unsupported = unsupported;
+ unsupported = tmp;
}
void print_errors(std::ostream&);
void print_data(std::ostream&);
void print_comments(std::ostream& out);
+ void print_unsupported(std::ostream& out);
// have there been any failed conversion?
bool failed_conversions() const;
// 'print_conf_options()'
void swap_conf_data(std::vector<Variable*>&,
std::vector<Include*>&,
- Comments*&);
+ Comments*& comments, Comments*& unsupported);
// FILE CREATION AND ADDITIONS
// add a 'comment' to the Lua file. should ONLY be used when
// adding a comment from the original Snort file.
void add_comment(std::string);
+ // add a lua comment stating that the top-level item does not
+ // exist yet (i.e. preprocessor X, where X doesn't exist)
+ void add_unsupported_comment(std::string);
// Call when failed to convert a line.
// stream == the stringstream object which failed to convert
- void failed_conversion(const std::istringstream& stream);
- // same as above. unknown_option is the specific option which
- // caused the failure.
- void failed_conversion(const std::istringstream& stream, const std::string unkown_option);
+ // unknown_option is the specific option which caused the failure.
+ void failed_conversion(const std::istringstream& stream, const std::string unkown_option = "");
void set_current_file(std::string& file)
{ current_file = &file; }
std::vector<Include*> includes;
Comments* comments;
Comments* errors;
+ Comments* unsupported;
bool curr_data_bad; // keep track whether current 'conversion' is already bad
std::string* current_file;
std::vector<Rule*> rules;
std::vector<Include*> includes;
Comments* comments;
+ Comments* unsupported;
+
int rc;
if (!parse_includes)
comments = new Comments(start_comments, 0,
Comments::CommentType::MULTI_LINE);
- data_api.swap_conf_data(vars, includes, comments);
+ unsupported = new Comments(start_unsupported, 0,
+ Comments::CommentType::MULTI_LINE);
+
+ data_api.swap_conf_data(vars, includes, comments, unsupported);
table_api.swap_tables(tables);
}
out.open(input_file + ".lua");
data_api.print_data(out);
table_api.print_tables(out);
+ data_api.print_unsupported(out);
data_api.print_comments(out);
out << std::endl;
out.close();
include_file = true;
}
- data_api.swap_conf_data(vars, includes, comments);
+ data_api.swap_conf_data(vars, includes, comments, unsupported);
table_api.swap_tables(tables);
delete comments;
+ delete unsupported;
if (include_file)
data_api.add_include_file(input_file + ".lua");
}
table_api.print_tables(out);
+ data_api.print_unsupported(out);
data_api.print_comments(out);
if ((failed_conversions()) && !DataApi::is_quiet_mode())
add_library( keyword_states
kws_attribute_table.cc
kws_config.cc
+ kws_deleted.cc
kws_event_filter.cc
kws_file.cc
kws_include.cc
libkeyword_states_a_SOURCES = \
kws_attribute_table.cc \
kws_config.cc \
+kws_deleted.cc \
kws_event_filter.cc \
kws_file.cc \
kws_include.cc \
extern const ConvertMap* dynamicdetection_map;
extern const ConvertMap* dynamicengine_map;
extern const ConvertMap* dynamicpreprocessor_map;
+extern const ConvertMap* dynamicoutput_map;
extern const ConvertMap* dynamicsidechannel_map;
extern const ConvertMap* event_filter_map;
extern const ConvertMap* file_map;
dynamicdetection_map,
dynamicengine_map,
dynamicpreprocessor_map,
+ dynamicoutput_map,
dynamicsidechannel_map,
event_filter_map,
file_map,
var_map,
};
} // namespace keywords
-
-#if 0
-
-Unconverted keyword---
-
-#define SNORT_CONF_KEYWORD__DYNAMIC_OUTPUT "dynamicoutput"
-#define SNORT_CONF_KEYWORD__RULE_TYPE "ruletype"
-
-# define SNORT_CONF_KEYWORD__SIDE_CHANNEL "sidechannel"
-#define SNORT_CONF_KEYWORD__VERSION "version"
-#endif
-
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// kws_deleted.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "helpers/s2l_util.h"
+
+namespace keywords
+{
+namespace
+{
+class Deleted : public ConversionState
+{
+public:
+ Deleted(Converter& c) : ConversionState(c) { }
+ virtual ~Deleted() { }
+ virtual bool convert(std::istringstream& data_stream);
+};
+} // namespace
+
+bool Deleted::convert(std::istringstream& data_stream)
+{
+ data_stream.setstate(std::ios::eofbit); // deleted, not failures
+ return true;
+}
+
+template<const std::string* snort_option>
+static ConversionState* deleted_ctor(Converter& c)
+{
+ // set here since not all deleted keywords have options
+ if (!DataApi::is_quiet_mode())
+ {
+ c.get_table_api().open_table("deleted_snort_keywords");
+ c.get_table_api().add_deleted_comment(*snort_option + "[:.*]");
+ c.get_table_api().close_table();
+ }
+
+ return new Deleted(c);
+}
+
+/*************************************************
+ ************* dynamicoutput ****************
+ *************************************************/
+
+static const std::string dynamicoutput = "dynamicoutput";
+static const ConvertMap dynamicoutput_api =
+{
+ dynamicoutput,
+ deleted_ctor<&dynamicoutput>,
+};
+
+const ConvertMap* dynamicoutput_map = &dynamicoutput_api;
+} // namespace keywords
add_library(output_states
out_csv.cc
+ out_deleted.cc
out_fast.cc
out_full.cc
out_null.cc
out_tcpdump.cc
out_test.cc
+ out_sfunified2.cc
out_syslog.cc
out_unified2.cc
out_unixsock.cc
liboutput_states_a_SOURCES = \
out_csv.cc \
+out_deleted.cc \
out_fast.cc \
out_full.cc \
out_null.cc \
out_tcpdump.cc \
out_test.cc \
out_syslog.cc \
+out_sfunified2.cc \
out_unified2.cc \
out_unixsock.cc \
output_api.h \
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// output_deleted.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "helpers/s2l_util.h"
+
+namespace output
+{
+namespace
+{
+class Deleted : public ConversionState
+{
+public:
+ Deleted(Converter& c) : ConversionState(c) { }
+ virtual ~Deleted() { }
+ virtual bool convert(std::istringstream& data_stream);
+};
+} // namespace
+
+bool Deleted::convert(std::istringstream& data_stream)
+{
+ data_stream.setstate(std::ios::eofbit); // deleted, not failures
+ return true;
+}
+
+template<const std::string* snort_option>
+static ConversionState* deleted_ctor(Converter& c)
+{
+ // set here since not all deleted keywords have options
+ if (!DataApi::is_quiet_mode())
+ {
+ c.get_table_api().open_table("deleted_snort_outputs");
+ c.get_table_api().add_deleted_comment("output " + *snort_option + "[:.*]");
+ c.get_table_api().close_table();
+ }
+
+ return new Deleted(c);
+}
+
+/*************************************************
+ ************* sfalert_unified2 ****************
+ *************************************************/
+
+static const std::string sfalert_unified2 = "sfalert_unified2";
+static const ConvertMap sfalert_unified2_api =
+{
+ sfalert_unified2,
+ deleted_ctor<&sfalert_unified2>,
+};
+
+const ConvertMap* sfalert_unified2_map = &sfalert_unified2_api;
+
+/*************************************************
+ ************* sflog_unified2 ****************
+ *************************************************/
+
+static const std::string sflog_unified2 = "slog_unified2";
+static const ConvertMap sflog_unified2_api =
+{
+ sflog_unified2,
+ deleted_ctor<&sflog_unified2>,
+};
+
+const ConvertMap* sflog_unified2_map = &sflog_unified2_api;
+} // namespace output
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// out_sfunified2.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "rule_states/rule_api.h"
+#include "helpers/s2l_util.h"
+
+namespace output
+{
+ namespace
+ {
+ //FIXIT-L add when avaiable
+ static std::string header = "output sf_unified2: ";
+
+ template<std::string* header_text>
+ static ConversionState* unified2_ctor(Converter& c)
+ { return new UnsupportedState<header_text>(c); }
+
+ } // namespace
+
+ /**************************
+ ******* A P I ***********
+ **************************/
+
+ static const ConvertMap unified2_api =
+ {
+ "sf_unified2",
+ unified2_ctor<&header>,
+ };
+
+ const ConvertMap* sfunified2_map = &unified2_api;
+} // output namespace
+
extern const ConvertMap* log_unified2_map;
extern const ConvertMap* alert_unixsock_map;
extern const ConvertMap* unified2_map;
+extern const ConvertMap* sfunified2_map;
+extern const ConvertMap* sflog_unified2_map;
+extern const ConvertMap* sfalert_unified2_map;
const std::vector<const ConvertMap*> output_api =
{
log_unified2_map,
alert_unixsock_map,
unified2_map,
+ sfunified2_map,
+ sflog_unified2_map,
+ sfalert_unified2_map
};
} // namespace output
pps_dcerpc_server.h
pps_dcerpc_server.cc
pps_dnp3.cc
+ pps_firewall.cc
pps_frag3_engine.cc
pps_frag3_global.cc
pps_ftp_telnet.cc
pps_gtp.cc
pps_http_inspect.cc
pps_http_inspect_server.cc
+ pps_nap_selector.cc
pps_normalizers.cc
pps_perfmonitor.cc
pps_reputation.cc
pps_dcerpc_server.h \
pps_dcerpc_server.cc \
pps_dnp3.cc \
+pps_firewall.cc \
pps_frag3_engine.cc \
pps_frag3_global.cc \
pps_ftp_telnet.cc \
pps_gtp.cc \
pps_http_inspect.cc \
pps_http_inspect_server.cc \
+pps_nap_selector.cc \
pps_normalizers.cc \
pps_perfmonitor.cc \
pps_reputation.cc \
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// pps_firewall.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "helpers/s2l_util.h"
+
+namespace preprocessors
+{
+
+//FIXIT-L add when supported
+static std::string header = "preprocessor firewall: ";
+
+static ConversionState* ctor(Converter& c)
+{ return new UnsupportedState<&header>(c); }
+
+static const ConvertMap firewall_api =
+{
+ "firewall",
+ ctor,
+};
+
+const ConvertMap* firewall_map = &firewall_api;
+} // namespace preprocessors
+
}
else if (!keyword.compare("profile"))
parse_deleted_option("profile", data_stream);
+ else if ( !keyword.compare("xff_headers") )
+ parse_bracketed_unsupported_list("xff_headers", data_stream);
else
{
tmpval = false;
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2017-2017 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// pps_nap_selector.cc author Carter Waxman <cwaxman@cisco.com>
+
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "helpers/s2l_util.h"
+
+namespace preprocessors
+{
+
+//FIXIT-L add when supported
+static std::string header = "preprocessor nap_selector: ";
+
+static ConversionState* ctor(Converter& c)
+{ return new UnsupportedState<&header>(c); }
+
+static const ConvertMap nap_selector_api =
+{
+ "nap_selector",
+ ctor,
+};
+
+const ConvertMap* nap_selector_map = &nap_selector_api;
+} // namespace preprocessors
+
extern const ConvertMap* dcerpc_map;
extern const ConvertMap* dcerpc_server_map;
extern const ConvertMap* dnp3_map;
+extern const ConvertMap* firewall_map;
extern const ConvertMap* frag3_engine_map;
extern const ConvertMap* frag3_global_map;
extern const ConvertMap* ftptelnet_map;
extern const ConvertMap* gtp_map;
extern const ConvertMap* httpinspect_map;
extern const ConvertMap* httpinspect_server_map;
+extern const ConvertMap* nap_selector_map;
extern const ConvertMap* nhttpinspect_map;
extern const ConvertMap* nhttpinspect_server_map;
extern const ConvertMap* normalizer_icmp4_map;
dcerpc_server_map,
dnp3_map,
dns_map,
+ firewall_map,
frag3_engine_map,
frag3_global_map,
ftptelnet_map,
gtp_map,
imap_map,
modbus_map,
+ nap_selector_map,
nhttpinspect_map,
nhttpinspect_server_map,
normalizer_icmp4_map,
projects / thirdparty / snort3.git / commitdiff
