if ( policy )
policy->rules_shared++;
- RuleTreeNode* t_rtn = dup_rtn(b_rtn, policy);
+ RuleTreeNode* t_rtn = dup_rtn(sc, otn, b_rtn, policy);
update_rtn(t_rtn, s);
-
- auto bspo = b_rtn->src_portobject;
- auto bdpo = b_rtn->dst_portobject;
- auto tspo = t_rtn->src_portobject;
- auto tdpo = t_rtn->dst_portobject;
-
- if ( (bspo and tspo and !PortObjectEqual(bspo, tspo)) or
- (bdpo and tdpo and !PortObjectEqual(bdpo, tdpo)) )
- parse_rule_finish_portlist(sc, t_rtn, otn);
-
addRtnToOtn(sc, otn, t_rtn, ips_num);
}
-RuleTreeNode* RuleStateMap::dup_rtn(RuleTreeNode* rtn, IpsPolicy* policy)
+RuleTreeNode* RuleStateMap::dup_rtn(
+ SnortConfig* sc, OptTreeNode* otn, RuleTreeNode* rtn, IpsPolicy* policy)
{
RuleTreeNode* ret = new RuleTreeNode(*rtn);
ret->sip = sip
? sfvar_create_alias(sip, sip->name)
: sfvar_deep_copy(rtn->sip);
-
ret->dip = dip
? sfvar_create_alias(dip, dip->name)
: sfvar_deep_copy(rtn->dip);
-
ret->src_portobject = spo ? spo : ret->src_portobject;
ret->dst_portobject = dpo ? dpo : ret->dst_portobject;
-
ret->otnRefCount = 0;
+ if ( sip or dip or spo or dpo )
+ {
+ ret->rule_func = nullptr;
+ parse_rule_process_rtn(sc, ret, otn);
+ return ret;
+ }
+
RuleFpList* from = rtn->rule_func;
if ( from )
void apply(snort::SnortConfig*);
private:
- RuleTreeNode* dup_rtn(RuleTreeNode*, IpsPolicy*);
+ RuleTreeNode* dup_rtn(snort::SnortConfig*, OptTreeNode*, RuleTreeNode*, IpsPolicy*);
void update_rtn(RuleTreeNode*, const RuleState&);
void apply(snort::SnortConfig*, OptTreeNode*, unsigned ips_num, const RuleState&);
validate_services(sc, otn);
OtnLookupAdd(sc->otn_map, otn);
- parse_rule_finish_portlist(sc, new_rtn, otn);
+
+ if ( FinishPortListRule(sc->port_tables, new_rtn, otn, sc->fast_pattern_config) )
+ ParseError("Failed to finish a port list rule.");
if ( s_capture )
{
ClearIpsOptionsVars();
}
-void parse_rule_finish_portlist(SnortConfig* sc, RuleTreeNode* rtn, OptTreeNode* otn)
+void parse_rule_process_rtn(SnortConfig* sc, RuleTreeNode* rtn, OptTreeNode* otn)
{
+ if (rtn->sip->head && rtn->sip->head->flags & SFIP_ANY)
+ rtn->flags |= RuleTreeNode::ANY_SRC_IP;
+ else
+ rtn->flags &= ~RuleTreeNode::ANY_SRC_IP;
+
+ if (rtn->dip->head && rtn->dip->head->flags & SFIP_ANY)
+ rtn->flags |= RuleTreeNode::ANY_DST_IP;
+ else
+ rtn->flags &= ~RuleTreeNode::ANY_DST_IP;
+
+ ValidateIPList(rtn->sip, rtn->sip->name);
+ ValidateIPList(rtn->dip, rtn->dip->name);
+
+ if ( PortObjectHasAny(rtn->src_portobject) )
+ rtn->flags |= RuleTreeNode::ANY_SRC_PORT;
+ else
+ rtn->flags &= ~RuleTreeNode::ANY_SRC_PORT;
+
+ if ( PortObjectHasAny(rtn->dst_portobject) )
+ rtn->flags |= RuleTreeNode::ANY_DST_PORT;
+ else
+ rtn->flags &= ~RuleTreeNode::ANY_DST_PORT;
+
+ head_count++;
+ SetupRTNFuncList(rtn);
+
if ( FinishPortListRule(sc->port_tables, rtn, otn, sc->fast_pattern_config) )
- ParseError("%u:%u rule failed to finish a port list.",
- otn->sigInfo.gid, otn->sigInfo.sid);
+ ParseError("%u:%u rule failed to finish a port list.", otn->sigInfo.gid, otn->sigInfo.sid);
}
OptTreeNode* parse_rule_open(snort::SnortConfig*, RuleTreeNode&, bool stub = false);
void parse_rule_close(snort::SnortConfig*, RuleTreeNode&, OptTreeNode*);
-void parse_rule_finish_portlist(snort::SnortConfig*, RuleTreeNode*, OptTreeNode*);
+void parse_rule_process_rtn(snort::SnortConfig*, RuleTreeNode*, OptTreeNode*);
#endif
projects / thirdparty / snort3.git / commitdiff
