Merge pull request #673 in SNORT/snort3 from rate_filter to master

author Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)

committer Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)
author Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)
committer Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)
diff --git a/src/actions/actions.h b/src/actions/actions.h

index 06244fd78cdd9b6e28607e543eed512ddcfb5051..54292ba2f9c5de4661fbfc27b14ed306d083d227 100644 (file)
--- a/src/actions/actions.h
+++ b/src/actions/actions.h
@@ -33,6 +33,7 @@
  struct Packet;
  struct OptTreeNode;
  
+// FIXIT-L if RuleType is changed, RateFilterModule must be updated
  enum RuleType  // FIXIT-L convert to a scoped enum
  {
      RULE_TYPE__NONE = 0,
diff --git a/src/main/modules.cc b/src/main/modules.cc

index e35ef0e87b30a51ca7778186bbda3f3b986a77b1..4b568d556f3ad9fbeeaf6f5d1117b24734665c26 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1423,9 +1423,10 @@ static const Parameter rate_filter_params[] =
      { "seconds", Parameter::PT_INT, "0:", "1",
        "count interval" },
  
-    { "new_action", Parameter::PT_SELECT,
-      // FIXIT-L this list should be defined globally
-      "alert | drop | log | pass | | reject | sdrop", "alert",
+    { "new_action", Parameter::PT_ENUM,
+      // FIXIT-L new_action options must match RuleType and
+      // should include pluggable actions as well
+      "log | pass | alert | drop | block | reset", "alert",
        "take this action on future hits until timeout" },
  
      { "timeout", Parameter::PT_INT, "0:", "1",
@@ -1501,10 +1502,9 @@ bool RateFilterModule::begin(const char*, int, SnortConfig*)
  bool RateFilterModule::end(const char*, int idx, SnortConfig* sc)
  {
      if ( idx && RateFilter_Create(sc, sc->rate_filter_config,  &thdx) )
-    {
          ParseError("bad rate_filter configuration [%d]", idx);
-        return false;
-    }
+
+    thdx.applyTo = nullptr;
      return true;
  }
  
diff --git a/tools/snort2lua/keyword_states/kws_rate_filter.cc b/tools/snort2lua/keyword_states/kws_rate_filter.cc

index 912032b30be3c05d1ec91fee1c1ce6714a28a3f0..b27737881a86d8c35a66d64c557bca5c0adb0253 100644 (file)
--- a/tools/snort2lua/keyword_states/kws_rate_filter.cc
+++ b/tools/snort2lua/keyword_states/kws_rate_filter.cc
@@ -76,6 +76,8 @@ bool RateFilter::convert(std::istringstream& data_stream)
      std::string args;
  
      table_api.open_table("rate_filter");
+    table_api.open_table();
+
      fix_separators(data_stream);
  
      while (std::getline(data_stream, args, ';'))
author	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)
committer	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 12 Oct 2016 17:28:29 +0000 (13:28 -0400)
src/actions/actions.h		patch \| blob \| blame \| history
src/main/modules.cc		patch \| blob \| blame \| history
tools/snort2lua/keyword_states/kws_rate_filter.cc		patch \| blob \| blame \| history