#endif
#include "reputation_inspect.h"
-#include "reputation_parse.h"
#include "detection/detect.h"
#include "detection/detection_engine.h"
#include "events/event_queue.h"
#include "log/messages.h"
+#include "network_inspectors/packet_tracer/packet_tracer.h"
#include "packet_io/active.h"
#include "profiler/profiler.h"
#include "reputation_module.h"
+#include "reputation_parse.h"
+
+#define VERDICT_REASON_REPUTATION 19
using namespace snort;
unsigned ReputationFlowData::inspector_id = 0;
-static ReputationData* set_new_reputation_data(Flow* flow)
-{
- ReputationFlowData* fd = new ReputationFlowData;
- flow->set_flow_data(fd);
- return &fd->session;
-}
-
-static ReputationData* get_session_data(Flow* flow)
-{
- ReputationFlowData* fd = (ReputationFlowData*)flow->get_flow_data(
- ReputationFlowData::inspector_id);
-
- return fd ? &fd->session : nullptr;
-}
-
-static bool is_reputation_disabled(Flow* flow)
-{
- ReputationData* data;
-
- if (!flow)
- return false;
-
- data = get_session_data(flow);
-
- if (!data)
- set_new_reputation_data(flow);
-
- return data ? data->disabled : false;
-}
-
-static void disable_reputation(Flow* flow)
-{
- ReputationData* data;
-
- if (!flow)
- return;
-
- data = get_session_data(flow);
-
- if (data)
- data->disabled = true;
-}
-
static void print_iplist_stats(ReputationConfig* config)
{
/*Print out the summary*/
DetectionEngine::disable_all(p);
Active::block_session(p, true);
reputationstats.blacklisted++;
+ if (PacketTracer::is_active())
+ {
+ PacketTracer::set_reason(VERDICT_REASON_REPUTATION);
+ PacketTracer::log("Reputation: packet blacklisted, drop\n");
+ }
}
else if (MONITORED == decision)
{
}
}
+static unsigned create_reputation_id()
+{
+ static unsigned reputation_id_tracker = 0;
+ if (++reputation_id_tracker == 0)
+ ++reputation_id_tracker;
+ return reputation_id_tracker;
+}
+
//-------------------------------------------------------------------------
// class stuff
//-------------------------------------------------------------------------
private:
ReputationConfig config;
+ unsigned reputation_id;
+ bool is_reputation_disabled(Flow* flow);
};
Reputation::Reputation(ReputationConfig* pc)
ip_list_init(conf->num_entries + 1, conf);
reputationstats.memory_allocated = sfrt_flat_usage(conf->ip_list);
+ reputation_id = create_reputation_id();
+}
+
+bool Reputation::is_reputation_disabled(Flow* flow)
+{
+ if (!flow)
+ return false;
+
+ ReputationFlowData* fd = (ReputationFlowData*)flow->get_flow_data(
+ ReputationFlowData::inspector_id);
+
+ if (!fd)
+ {
+ fd = new ReputationFlowData;
+ flow->set_flow_data(fd);
+ }
+ else if (fd->checked_reputation_id == reputation_id) // reputation previously checked
+ return true;
+
+ fd->checked_reputation_id = reputation_id; // disable future reputation checking
+ return false;
}
void Reputation::show(SnortConfig*)
if (!p->is_rebuilt() && !is_reputation_disabled(p->flow))
{
snort_reputation(&config, p);
- disable_reputation(p->flow);
++reputationstats.packets;
}
}
static void reputation_init()
{
ReputationFlowData::init();
+ PacketTracer::register_verdict_reason(VERDICT_REASON_REPUTATION, PacketTracer::PRIORITY_LOW);
}
static Inspector* reputation_ctor(Module* m)
{
char* token;
int token_index = 0;
- char* next_ptr = (char*)line;
+ char* next_ptr = const_cast<char*>(line);
bool has_zone = false;
list_item->zones.clear();
if ( *end_str )
{
ErrorMessage("%s(%d) => Bad value (%s) specified for listID. "
- "Please specify an integer between %u and %u.\n",
- manifest, line_number, token, 0, MAX_LIST_ID);
+ "Please specify an integer between 0 and %u.\n",
+ manifest, line_number, token, MAX_LIST_ID);
return false;
}
if ((list_id < 0) || (list_id > MAX_LIST_ID) || (errno == ERANGE))
{
ErrorMessage(" %s(%d) => Value specified (%s) is out of "
- "bounds. Please specify an integer between %u and %u.\n",
- manifest, line_number, token, 0, MAX_LIST_ID);
+ "bounds. Please specify an integer between 0 and %u.\n",
+ manifest, line_number, token, MAX_LIST_ID);
return false;
}
list_item->list_id = (uint32_t)list_id;
if ( *end_str )
{
ErrorMessage("%s(%d) => Bad value (%s) specified for zone. "
- "Please specify an integer between %u and %u.\n",
- manifest, line_number, token, 0, MAX_NUM_ZONES);
+ "Please specify an integer between 0 and %u.\n",
+ manifest, line_number, token, MAX_NUM_ZONES);
return false;
}
if ((zone_id < 0) || (zone_id > MAX_NUM_ZONES ) || (errno == ERANGE))
{
ErrorMessage(" %s(%d) => Value specified (%s) for zone is "
- "out of bounds. Please specify an integer between %u and %u.\n",
- manifest, line_number, token, 0, MAX_NUM_ZONES );
+ "out of bounds. Please specify an integer between 0 and %u.\n",
+ manifest, line_number, token, MAX_NUM_ZONES);
return false;
}
projects / thirdparty / snort3.git / commitdiff
