using namespace snort;
+#define REJ_NONE 0x00
#define REJ_RST_SRC 0x01
#define REJ_RST_DST 0x02
#define REJ_UNR_NET 0x04
class RejectAction : public IpsAction
{
public:
- RejectAction(uint32_t f) : IpsAction(s_name, ACT_RESET)
- { mask = f; }
+ RejectAction(uint32_t f) : IpsAction(s_name, ACT_RESET), mask(f) { }
void exec(Packet*) override;
private:
void send(Packet*);
-private:
uint32_t mask;
};
static const Parameter s_params[] =
{
- { "reset", Parameter::PT_ENUM, "source|dest|both", nullptr,
+ { "reset", Parameter::PT_ENUM, "none|source|dest|both", "both",
"send TCP reset to one or both ends" },
- { "control", Parameter::PT_ENUM, "network|host|port|forward|all", nullptr,
+ { "control", Parameter::PT_ENUM, "none|network|host|port|forward|all", "none",
"send ICMP unreachable(s)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
static const int rst[] =
{
+ REJ_NONE,
REJ_RST_SRC,
REJ_RST_DST,
REJ_RST_BOTH
static const int unr[] =
{
+ REJ_NONE,
REJ_UNR_NET,
REJ_UNR_HOST,
REJ_UNR_PORT,
bool RejectModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("reset") )
+ {
+ flags &= ~REJ_RST_BOTH;
flags |= rst[v.get_uint8()];
+ }
else if ( v.is("control") )
+ {
+ flags &= ~REJ_UNR_ALL;
flags |= unr[v.get_uint8()];
+ }
else
return false;
projects / thirdparty / snort3.git / commitdiff
