Merge in SNORT/snort3 from ~RDEMPSTE/snort3:np_during_free to master
Squashed commit of the following:
commit
aa69ac344a8eecf332d56c11d81a3dd97e11e5eb
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Apr 27 18:12:49 2023 -0400
main, managers: set the network policy using the user id during inspector delete
const char* get_alias_name() const
{ return alias_name; }
+ void set_network_policy_user_id(uint32_t user_id)
+ {
+ network_policy_user_id = user_id;
+ network_policy_user_id_set = true;
+ }
+
+ bool get_network_policy_user_id(uint32_t& user_id) const
+ {
+ user_id = network_policy_user_id;
+ return network_policy_user_id_set;
+ }
+
virtual bool is_control_channel() const
{ return false; }
SnortProtocolId snort_protocol_id = 0;
// FIXIT-E Use std::string to avoid storing a pointer to external std::string buffers
const char* alias_name = nullptr;
+ uint32_t network_policy_user_id = 0;
+ bool network_policy_user_id_set = false;
};
// at present there is no sequencing among like types except that appid
return pt == shell_map.end() ? nullptr : pt->second;
}
-NetworkPolicy* PolicyMap::get_user_network(unsigned user_id)
+NetworkPolicy* PolicyMap::get_user_network(unsigned user_id) const
{
auto it = user_network.find(user_id);
NetworkPolicy* np = (it == user_network.end()) ? nullptr : it->second;
void set_user_ips(IpsPolicy* p)
{ user_ips[p->user_policy_id] = p; }
- NetworkPolicy* get_user_network(unsigned user_id);
+ NetworkPolicy* get_user_network(unsigned user_id) const;
IpsPolicy* get_user_ips(unsigned user_id)
{
// since the "TraceApi::thread_term()" uses SnortConfig
TraceApi::thread_term();
+ SnortConfig::set_conf(nullptr);
+
/* free allocated memory */
if (sc != snort_cmd_line_conf)
delete sc;
delete snort_cmd_line_conf;
snort_cmd_line_conf = nullptr;
- SnortConfig::set_conf(nullptr);
CleanupProtoNames();
HighAvailabilityManager::term();
delete fast_pattern_config;
delete policy_map;
+ policy_map = nullptr;
InspectorManager::delete_config(this);
ActionManager::delete_config(this);
PHInstance* get_instance_by_type(const char* key, InspectorType);
PHObjectList* get_specific_handlers();
+
+ void set_inspector_network_policy_user_id(uint32_t);
};
TrafficPolicy::~TrafficPolicy()
return nullptr;
}
+void TrafficPolicy::set_inspector_network_policy_user_id(uint32_t user_id)
+{
+ for (auto* p : ilist)
+ p->handler->set_network_policy_user_id(user_id);
+}
+
class SingleInstanceInspectorPolicy
{
public:
void InspectorManager::free_inspector(Inspector* p)
{
+ NetworkPolicy* np = get_network_policy();
+ uint32_t user_id;
+ if ( p->get_network_policy_user_id(user_id) )
+ {
+ const SnortConfig* sc = SnortConfig::get_conf();
+ if ( sc && sc->policy_map )
+ {
+ NetworkPolicy* user_np = sc->policy_map->get_user_network(user_id);
+ set_network_policy(user_np);
+ }
+ }
p->get_api()->dtor(p);
+ set_network_policy(np);
}
InspectSsnFunc InspectorManager::get_session(uint16_t proto)
if (!tp->ts_handlers)
tp->ts_handlers = new ThreadSpecificHandlers(ThreadConfig::get_instance_max());
tp->allocate_thread_storage();
+ tp->set_inspector_network_policy_user_id(np->user_policy_id);
}
}
THREAD_LOCAL const snort::Trace* snort_trace = nullptr;
std::shared_ptr<PolicyTuple> PolicyMap::get_policies(Shell*) { return nullptr; }
-NetworkPolicy* PolicyMap::get_user_network(unsigned) { return nullptr; }
+NetworkPolicy* PolicyMap::get_user_network(unsigned) const { return nullptr; }
void InspectionPolicy::configure() { }
void BinderModule::add(const char*, const char*) { }
void BinderModule::add(unsigned, const char*) { }
projects / thirdparty / snort3.git / commitdiff
