Merge pull request #2214 in SNORT/snort3 from ~OKHOMIAK/snort3:print_rules_enabled_pe...

Squashed commit of the following:

commit c717346b95fb84e010e4256f5c05365c24ecb2e4
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date:   Wed May 13 10:09:31 2020 +0300

    parser: print enabled rules for each ips policy

diff --git a/src/main/policy.h b/src/main/policy.h
index 69cd276380328c9e238a4b9eec16f045ad37c5cd..78e56b9e001da30f83995c4f94d1269d830b9687 100644 (file)
--- a/src/main/policy.h
+++ b/src/main/policy.h
@@ -32,6 +32,7 @@
 typedef unsigned char uuid_t[16];
 #endif
 
+#include <algorithm>
 #include <memory>
 #include <unordered_map>
 #include <vector>
@@ -267,6 +268,14 @@ public:
     void set_cloned(bool state)
     { cloned = state; }
 
+    const Shell* get_shell_by_policy(unsigned id) const
+    {
+        auto it = std::find_if(std::begin(shell_map), std::end(shell_map),
+            [=](auto&& p) { return p.second->ips and p.second->ips->policy_id == id; });
+
+        return (it == std::end(shell_map)) ? nullptr : it->first;
+    }
+
 private:
     std::vector<Shell*> shells;
     std::vector<InspectionPolicy*> inspection_policy;

diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc
index 876c1b90d91f767f4c3b4c8bb17644c7ae0d2d0d..33c10e6a3e7fec64b68f51ed211eccf064c58c91 100644 (file)
--- a/src/main/snort_config.cc
+++ b/src/main/snort_config.cc
@@ -294,6 +294,8 @@ void SnortConfig::setup()
         rule_states = nullptr;
     }
 
+    ShowPolicyStats(this);
+
     /* Need to do this after dynamic detection stuff is initialized, too */
     IpsManager::verify(this);
     ModuleManager::load_commands(policy_map->get_shell());

diff --git a/src/parser/parser.cc b/src/parser/parser.cc
index 9d8f7530c90d39d4d3f59b21ea90b190b0abecd3..7993e1660fc062e580d74eb98ad819ee53fe53e2 100644 (file)
--- a/src/parser/parser.cc
+++ b/src/parser/parser.cc
@@ -457,6 +457,59 @@ void ParseRules(SnortConfig* sc)
     parse_rule_print();
 }
 
+void ShowPolicyStats(const SnortConfig* sc)
+{
+    std::unordered_map<PolicyId, int> stats;
+    std::multimap<PolicyId, std::tuple<const char*, int>> sorted_stats;
+
+    if ( !sc->otn_map )
+        return;
+
+    for (auto node = sc->otn_map->find_first(); node; node = sc->otn_map->find_next())
+    {
+        const OptTreeNode* otn = (const OptTreeNode*)node->data;
+        if ( !otn )
+            continue;
+
+        for (PolicyId id = 0; id < otn->proto_node_num; id++)
+        {
+            const auto rtn = getRtnFromOtn(otn, id);
+
+            if ( rtn and rtn->enabled() )
+                stats[id]++;
+        }
+    }
+
+    for (const auto& s : stats)
+    {
+        auto shell = sc->policy_map->get_shell_by_policy(s.first);
+        if ( !shell )
+            continue;
+
+        auto file = shell->get_file();
+        if ( !file or !file[0] )
+            continue;
+
+        auto policy = sc->policy_map->get_ips_policy(s.first);
+        auto id = policy ? policy->user_policy_id : 0;
+
+        sorted_stats.emplace(id, std::make_tuple(file, s.second));
+    }
+
+    if ( !sorted_stats.size() )
+        return;
+
+    LogLabel("ips policies");
+    LogMessage("%16s%16s%8s\n", "id", "rules enabled", "file");
+
+    for (const auto& s : sorted_stats)
+    {
+        auto file = std::get<0>(s.second);
+        auto rules_count = std::get<1>(s.second);
+        LogMessage("%16u%16d%4s%s\n", s.first, rules_count, " ", file);
+    }
+}
+
 /****************************************************************************
  *
  * Function: CreateRuleType

diff --git a/src/parser/parser.h b/src/parser/parser.h
index 0978b884c83bb8ca0bd36d27ff9bc9e3d16f60a0..ec6ef76a33135cb751100638411f72c7cba3be0a 100644 (file)
--- a/src/parser/parser.h
+++ b/src/parser/parser.h
@@ -45,6 +45,7 @@ void inc_parse_position();
 snort::SnortConfig* ParseSnortConf(const snort::SnortConfig*, const char* fname = nullptr,
     bool is_fatal = true);
 void ParseRules(snort::SnortConfig*);
+void ShowPolicyStats(const snort::SnortConfig*);
 
 char* ProcessFileOption(snort::SnortConfig*, const char*);
 void SetRuleStates(snort::SnortConfig*);