Pull request #3437: Fix config option handling for suppress module

Merge in SNORT/snort3 from ~VHORBAN/snort3:fix_config_option_handling_for_suppress_module to master

Squashed commit of the following:

commit 099db62ee3f27240572b9007f3365e4e9e768bae
Author: Volodymyr Horban <vhorban@cisco.com>
Date:   Sun May 15 17:00:51 2022 +0300

    filters: add correct handling of by_src and by_dst

    Thanks to Albert O'Balsam for reporting the bug.

diff --git a/lua/snort.lua b/lua/snort.lua
index d8c037eb370abbf932929df49483146794e3a4d3..e9021b426c591e540c97e6fc43d24cf6dbf16461 100644 (file)
--- a/lua/snort.lua
+++ b/lua/snort.lua
@@ -212,7 +212,10 @@ suppress =
     -- don't want to any of see these
     { gid = 1, sid = 1 },
 
-    -- don't want to see these for a given server
+    -- don't want to see anything for a given host
+    { track = 'by_dst', ip = '1.2.3.4' }
+
+    -- don't want to see these for a given host
     { gid = 1, sid = 2, track = 'by_dst', ip = '1.2.3.4' },
 }
 --]]

diff --git a/src/main/modules.cc b/src/main/modules.cc
index eae9299112f3b959d0f46f6963635dc34283bc14..552656dd1336f944a8cf506121d923b0c6a1e1fe 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1546,11 +1546,27 @@ bool SuppressModule::begin(const char*, int, SnortConfig*)
 
 bool SuppressModule::end(const char*, int idx, SnortConfig* sc)
 {
-    if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) )
+    if ( !idx )
+        return true;
+
+    if ( thdx.gen_id == 0 and thdx.sig_id >= 1 )
     {
-        ParseError("bad suppress configuration [%d]", idx);
+        ParseError("bad or incomplete gid:sid pair [%d]", idx);
         return false;
     }
+
+    if ( ( thdx.tracking == 0 and thdx.ip_address ) or ( thdx.tracking > 0 and !thdx.ip_address ) )
+    {
+        ParseError("incomplete pair of track and IP [%d]", idx);
+        return false;
+    }
+
+    if ( sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) )
+    {
+        ParseError("threshold object cannot be created from the given parameters [%d]", idx);
+        return false;
+    }
+
     return true;
 }
 

diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc
index 044c38bd531b44e4709c5f2c60840829fa46b11c..40d4baa2e5b533aea7eb658d1658f0e3645506d3 100644 (file)
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -29,6 +29,7 @@
 #include <algorithm>
 #include <cassert>
 #include <iostream>
+#include <sstream>
 #include <string>
 #include <unordered_map>
 #include <vector>
@@ -223,8 +224,29 @@ static void dump_field_std(const string& key, const Parameter* p)
 
     cout << ": " << p->help;
 
-    if ( const char* r = p->get_range() )
-        cout << " { " << r << " }";
+    const char* range = p->get_range();
+    if ( !range )
+    {
+        cout << endl;
+        return;
+    }
+
+    if ( strcmp(p->get_type(), "enum" ) != 0 )
+        cout << " { " << range << " }";
+    else
+    {
+        std::stringstream ss(range);
+        std::string word;
+        cout << " { ";
+        while ( ss >> word )
+        {
+            if ( word != "|" )
+                std::cout << "'" << word << "'";
+            else
+                std::cout << " " << word << " ";
+        }
+        cout << " }";
+    }
 
     cout << endl;
 }