{ "blocklist", Parameter::PT_STRING, nullptr, nullptr,
"blocklist file name with IP lists" },
- { "blacklist", Parameter::PT_STRING, nullptr, nullptr,
- "blacklist file name with IP lists" },
-
{ "list_dir", Parameter::PT_STRING, nullptr, nullptr,
"directory for IP lists and manifest file" },
{ "nested_ip", Parameter::PT_ENUM, "inner|outer|all", "inner",
"IP to use when there is IP encapsulation" },
- { "priority", Parameter::PT_ENUM, "blocklist|allowlist|blacklist|whitelist", "allowlist",
+ { "priority", Parameter::PT_ENUM, "blocklist|allowlist", "allowlist",
"defines priority when there is a decision conflict during run-time" },
{ "scan_local", Parameter::PT_BOOL, nullptr, "false",
"inspect local address defined in RFC 1918" },
- { "allow", Parameter::PT_ENUM, "do_not_block|trust|unblack", "do_not_block",
+ { "allow", Parameter::PT_ENUM, "do_not_block|trust", "do_not_block",
"specify the meaning of allowlist" },
- { "white", Parameter::PT_ENUM, "do_not_block|trust|unblack", "do_not_block",
- "specify the meaning of whitelist" },
-
{ "allowlist", Parameter::PT_STRING, nullptr, nullptr,
"allowlist file name with IP lists" },
- { "whitelist", Parameter::PT_STRING, nullptr, nullptr,
- "whitelist file name with IP lists" },
-
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
bool ReputationModule::set(const char*, Value& v, SnortConfig*)
{
- if ( v.is("blocklist") or v.is("blacklist") )
+ if ( v.is("blocklist") )
conf->blocklist_path = v.get_string();
else if ( v.is("list_dir") )
conf->nested_ip = (NestedIP)v.get_uint8();
else if ( v.is("priority") )
- {
- int priority = v.get_uint8() + 1;
-
- if (priority == 3) // blacklist
- priority = 1;
-
- else if (priority == 4) // whitelist
- priority = 2;
-
- conf->priority = (IPdecision)(priority);
-
- }
+ conf->priority = (IPdecision)(v.get_uint8() + 1);
else if ( v.is("scan_local") )
conf->scanlocal = v.get_bool();
- else if ( v.is("allow") or v.is("white") )
- {
- int action = v.get_uint8();
-
- if ( action == 2 ) // unblack
- action = 0;
-
- conf->allow_action = (AllowAction)action;
-
- }
+ else if ( v.is("allow") )
+ conf->allow_action = (AllowAction)v.get_uint8();
- else if ( v.is("allowlist") or v.is("whitelist") )
+ else if ( v.is("allowlist") )
conf->allowlist_path = v.get_string();
else
static char allow_info[] = "allowlist";
static char monitor_info[] = "monitorlist";
-#define ALLOW_TYPE_KEYWORD "allow"
+// Support backward compatibility
+#define WHITE_TYPE_KEYWORD "white"
+
+#define TRUST_TYPE_KEYWORD "trust"
#define BLOCK_TYPE_KEYWORD "block"
#define MONITOR_TYPE_KEYWORD "monitor"
type_name = ignore_start_space(type_name);
- if (strncasecmp(type_name, ALLOW_TYPE_KEYWORD, strlen(ALLOW_TYPE_KEYWORD)) == 0)
+ if (strncasecmp(type_name, TRUST_TYPE_KEYWORD, strlen(TRUST_TYPE_KEYWORD)) == 0)
+ {
+ type = ALLOW_LIST;
+ type_name += strlen(TRUST_TYPE_KEYWORD);
+ }
+ else if (strncasecmp(type_name, WHITE_TYPE_KEYWORD, strlen(WHITE_TYPE_KEYWORD)) == 0)
{
type = ALLOW_LIST;
- type_name += strlen(ALLOW_TYPE_KEYWORD);
+ type_name += strlen(WHITE_TYPE_KEYWORD);
}
else if (strncasecmp(type_name, BLOCK_TYPE_KEYWORD, strlen(BLOCK_TYPE_KEYWORD)) == 0)
{
if (UNKNOWN_LIST == list_item->file_type)
{
ErrorMessage(" %s(%d) => Unknown action specified (%s)."
- " Please specify a value: %s | %s | %s.\n", manifest, line_number, token,
- ALLOW_TYPE_KEYWORD, BLOCK_TYPE_KEYWORD, MONITOR_TYPE_KEYWORD);
+ " Please specify a value: %s | %s | %s | %s.\n", manifest, line_number, token,
+ WHITE_TYPE_KEYWORD, TRUST_TYPE_KEYWORD, BLOCK_TYPE_KEYWORD, MONITOR_TYPE_KEYWORD);
return false;
}
break;
projects / thirdparty / snort3.git / commitdiff
