static void dump_header(JsonStream& j, const RuleHeader* h)
{
assert(h);
+
+ // all rules have actions
j.put("action", h->action);
- j.put("src_nets", h->src_nets);
- j.put("src_ports", h->src_ports);
- j.put("direction", h->dir);
- j.put("dst_nets", h->dst_nets);
- j.put("dst_ports", h->dst_ports);
+
+ // builtin stubs only have actions
+ if ( !h->proto.empty() )
+ j.put("proto", h->proto);
+
+ if ( !h->src_nets.empty() )
+ j.put("src_nets", h->src_nets);
+
+ if ( !h->src_ports.empty() )
+ j.put("src_ports", h->src_ports);
+
+ if ( !h->dir.empty() )
+ j.put("direction", h->dir);
+
+ if ( !h->dst_nets.empty() )
+ j.put("dst_nets", h->dst_nets);
+
+ if ( !h->dst_ports.empty() )
+ j.put("dst_ports", h->dst_ports);
}
static void dump_info(JsonStream& j, const SigInfo& si)
size_t n = si.message.length();
assert(n > 2 and si.message[0] == '"' and si.message[n-1] == '"');
std::string msg = si.message.substr(1, n-2);
- j.put("msg", msg);
+
+ if ( msg != "no msg in rule" )
+ j.put("msg", msg);
}
static void dump_services(JsonStream& json, const SigInfo& si)
json.close_array();
}
+static void dump_rule(JsonStream& json, const RuleHeader* h, const SigInfo& si)
+{
+ json.put("body", *si.body);
+
+ std::string s = h->action;
+
+ if ( !h->proto.empty() )
+ s += " " + h->proto;
+
+ if ( !h->src_nets.empty() )
+ s += " " + h->src_nets;
+
+ if ( !h->src_ports.empty() )
+ s += " " + h->src_ports;
+
+ if ( !h->dir.empty() )
+ s += " " + h->dir;
+
+ if ( !h->dst_nets.empty() )
+ s += " " + h->dst_nets;
+
+ if ( !h->dst_ports.empty() )
+ s += " " + h->dst_ports;
+
+ s += " " + *si.body;
+ json.put("rule", s);
+}
+
void dump_rule_meta(const SnortConfig* sc)
{
GHashNode* ghn = sc->otn_map->find_first();
dump_bits(json, "sets", setters);
dump_bits(json, "checks", checkers);
+
dump_refs(json, si);
+ dump_rule(json, rtn->header, si);
- json.put("body", *si.body);
json.close();
-
ghn = sc->otn_map->find_next();
}
}
ParseError("unconfigured rule action '%s'", s);
}
-void parse_rule_proto(SnortConfig* sc, const char* s, RuleTreeNode& rtn)
+void parse_rule_proto(SnortConfig* sc, const char* s, RuleTreeNode& rtn, bool elided)
{
if ( s_ignore )
return;
- if ( !s_so_rule and rtn.header )
+ if ( !s_so_rule and !elided and rtn.header )
rtn.header->proto = s;
if ( !strcmp(s, "tcp") )
}
void parse_rule_nets(
- SnortConfig* sc, const char* s, bool src, RuleTreeNode& rtn)
+ SnortConfig* sc, const char* s, bool src, RuleTreeNode& rtn, bool elided)
{
if ( s_so_rule )
return;
if ( s_ignore )
return;
- if ( rtn.header )
+ if ( !elided and rtn.header )
{
if ( src )
rtn.header->src_nets = s;
}
void parse_rule_ports(
- SnortConfig*, const char* s, bool src, RuleTreeNode& rtn)
+ SnortConfig*, const char* s, bool src, RuleTreeNode& rtn, bool elided)
{
if ( s_so_rule )
return;
if ( s_ignore )
return;
- if ( rtn.header )
+ if ( !elided and rtn.header )
{
if ( src )
rtn.header->src_ports = s;
ParseError("bad ports: '%s'", s);
}
-void parse_rule_dir(SnortConfig*, const char* s, RuleTreeNode& rtn)
+void parse_rule_dir(SnortConfig*, const char* s, RuleTreeNode& rtn, bool elided)
{
if ( s_so_rule )
return;
if ( s_ignore )
return;
- if ( rtn.header )
+ if ( !elided and rtn.header )
rtn.header->dir = s;
if (strcmp(s, "<>") == 0)
if ( stub )
{
- parse_rule_proto(sc, "tcp", rtn);
- parse_rule_nets(sc, "any", true, rtn);
- parse_rule_ports(sc, "any", true, rtn);
- parse_rule_dir(sc, "->", rtn);
- parse_rule_nets(sc, "any", false, rtn);
- parse_rule_ports(sc, "any", false, rtn);
+ parse_rule_proto(sc, "tcp", rtn, true);
+ parse_rule_nets(sc, "any", true, rtn, true);
+ parse_rule_ports(sc, "any", true, rtn, true);
+ parse_rule_dir(sc, "->", rtn, true);
+ parse_rule_nets(sc, "any", false, rtn, true);
+ parse_rule_ports(sc, "any", false, rtn, true);
}
OptTreeNode* otn = new OptTreeNode;
otn->state = new OtnState[ThreadConfig::get_instance_max()];
int get_policy_shared_rule_count();
void parse_rule_type(snort::SnortConfig*, const char*, RuleTreeNode&);
-void parse_rule_proto(snort::SnortConfig*, const char*, RuleTreeNode&);
-void parse_rule_nets(snort::SnortConfig*, const char*, bool src, RuleTreeNode&);
-void parse_rule_ports(snort::SnortConfig*, const char*, bool src, RuleTreeNode&);
-void parse_rule_dir(snort::SnortConfig*, const char*, RuleTreeNode&);
+void parse_rule_proto(snort::SnortConfig*, const char*, RuleTreeNode&, bool elided = false);
+void parse_rule_nets(snort::SnortConfig*, const char*, bool src, RuleTreeNode&, bool elided = false);
+void parse_rule_ports(snort::SnortConfig*, const char*, bool src, RuleTreeNode&, bool elided = false);
+void parse_rule_dir(snort::SnortConfig*, const char*, RuleTreeNode&, bool elided = false);
void parse_rule_opt_begin(snort::SnortConfig*, const char* key);
void parse_rule_opt_set(snort::SnortConfig*, const char* key, const char* opt, const char* val);
void parse_rule_opt_end(snort::SnortConfig*, const char* key, OptTreeNode*);
parse_rule_proto(sc, tok.c_str(), rps.rtn);
break;
case FSM_HDR:
- parse_rule_nets(sc, "any", true, rps.rtn);
- parse_rule_ports(sc, "any", true, rps.rtn);
- parse_rule_dir(sc, "->", rps.rtn);
- parse_rule_nets(sc, "any", false, rps.rtn);
- parse_rule_ports(sc, "any", false, rps.rtn);
+ parse_rule_nets(sc, "any", true, rps.rtn, true);
+ parse_rule_ports(sc, "any", true, rps.rtn, true);
+ parse_rule_dir(sc, "->", rps.rtn, true);
+ parse_rule_nets(sc, "any", false, rps.rtn, true);
+ parse_rule_ports(sc, "any", false, rps.rtn, true);
rps.otn = parse_rule_open(sc, rps.rtn);
break;
case FSM_SIP:
parse_rule_ports(sc, tok.c_str(), true, rps.rtn);
break;
case FSM_SPX:
- parse_rule_ports(sc, "any", true, rps.rtn);
+ parse_rule_ports(sc, "any", true, rps.rtn, true);
// fall thru ...
case FSM_DIR:
parse_rule_dir(sc, tok.c_str(), rps.rtn);
parse_rule_ports(sc, tok.c_str(), false, rps.rtn);
break;
case FSM_DPX:
- parse_rule_ports(sc, "any", false, rps.rtn);
+ parse_rule_ports(sc, "any", false, rps.rtn, true);
// fall thru ...
case FSM_SOB:
rps.otn = parse_rule_open(sc, rps.rtn);
projects / thirdparty / snort3.git / commitdiff
