Merge pull request #1588 in SNORT/snort3 from ~RUCOMBS/snort3:includer to master

Squashed commit of the following:

commit 62464559e2ebd8b9739db1ea8c10907bc6830aeb
Author: russ <rucombs@cisco.com>
Date:   Sat Apr 27 16:03:45 2019 -0400

    ips: add includer for better relative path support

diff --git a/src/main/modules.cc b/src/main/modules.cc
index f2470b874bb936e0dc136cb866f988f606427c34..520f2d557ead96ad31d801887bdeeeaa0178976a 100755 (executable)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1228,7 +1228,10 @@ static const Parameter ips_params[] =
       "correlate unified2 events with configuration" },
 
     { "include", Parameter::PT_STRING, nullptr, nullptr,
-      "legacy snort rules and includes" },
+      "snort rules and includes" },
+
+    { "includer", Parameter::PT_STRING, "(optional)", nullptr,
+      "for internal use; where includes are included from" },
 
     // FIXIT-L no default; it breaks initialization by -Q
     { "mode", Parameter::PT_ENUM, "tap | inline | inline-test", nullptr,
@@ -1280,6 +1283,9 @@ bool IpsModule::set(const char*, Value& v, SnortConfig* sc)
     else if ( v.is("include") )
         p->include = v.get_string();
 
+    else if ( v.is("includer") )
+        p->includer = v.get_string();
+
     else if ( v.is("mode") )
         p->policy_mode = (PolicyMode)v.get_uint8();
 

diff --git a/src/main/policy.cc b/src/main/policy.cc
index de627555fc90823e9df8436a26405ec8479f8023..b33f6fcdc87f699e79d2b8a76014802b862a2708 100644 (file)
--- a/src/main/policy.cc
+++ b/src/main/policy.cc
@@ -113,7 +113,6 @@ IpsPolicy::IpsPolicy(PolicyId id)
     policy_mode = POLICY_MODE__MAX;
 
     var_table = nullptr;
-    parse_from = get_parse_file();
 
     var_id = 1;
     ip_vartable = sfvt_alloc_table();

diff --git a/src/main/policy.h b/src/main/policy.h
index a652613f450d79f2a930f6d9b8e28de384c30ad6..ba808867404ef7de03df4e893b454498e3f955ed 100644 (file)
--- a/src/main/policy.h
+++ b/src/main/policy.h
@@ -150,9 +150,9 @@ public:
     PolicyMode policy_mode = POLICY_MODE__MAX;
     bool enable_builtin_rules;
 
+    std::string includer;
     std::string include;
     std::string rules;
-    std::string parse_from;
 
     uint32_t var_id;
 

diff --git a/src/managers/bootstrap.lua b/src/managers/bootstrap.lua
index 3340e94c2a5d0f551a0285e8dc7b7f4f0869a800..c01c4b321181a8b4c65685a7003449228f208576 100644 (file)
--- a/src/managers/bootstrap.lua
+++ b/src/managers/bootstrap.lua
@@ -34,12 +34,6 @@ const char* push_include_path(const char*);
 void pop_include_path();
 ]]
 
-function include(file)
-    local base_name = ffi.C.push_include_path(file)
-    dofile(ffi.string(base_name))
-    ffi.C.pop_include_path()
-end
-
 function snort_traverse(tab, fqn)
     local key, val
 
@@ -66,7 +60,7 @@ function snort_set(fqn, key, val)
     local name
     local idx = 0
     local what = type(val)
-        
+
     if ( not fqn ) then
         name = key
 
@@ -118,3 +112,41 @@ function snort_config(tab)
     end
 end
 
+---------------------------------------------------------------------------
+-- path magic for includes
+---------------------------------------------------------------------------
+
+function path_push(file)
+    if ( _snort_path == nil ) then
+        _snort_path = { }
+    end
+    _snort_path[#_snort_path + 1] = file
+end
+
+function path_pop()
+    if ( _snort_path == nil ) then
+        return
+    end
+    table.remove(_snort_path, #_snort_path)
+end
+
+function path_top()
+    if ( _snort_path == nil ) then
+        return nil
+    end
+    return _snort_path[#_snort_path]
+end
+
+function include(file)
+    local cname = ffi.C.push_include_path(file)
+    local fname = ffi.string(cname);
+    path_push(fname)
+    dofile(fname)
+    local iname = path_top()
+    if ( (ips ~= nil) and (ips.includer == nil) and (iname ~= nil) ) then
+        ips.includer = iname
+    end
+    path_pop()
+    ffi.C.pop_include_path()
+end
+

diff --git a/src/parser/parse_conf.cc b/src/parser/parse_conf.cc
index 3268098bf60d9601157d3d7b823f47a70102f8aa..6410ba3e1dd39c7ded76a656aafa372708176a3c 100644 (file)
--- a/src/parser/parse_conf.cc
+++ b/src/parser/parse_conf.cc
@@ -136,9 +136,10 @@ static bool relative_to_parse_dir(const char* file, std::string& path)
     if ( !path.length() )
         path = get_parse_file();
     size_t idx = path.rfind('/');
-    if ( idx == std::string::npos )
-        idx = 0;
-    path.erase(idx);
+    if ( idx != std::string::npos )
+        path.erase(idx);
+    else
+        path = ".";
     return valid_file(file, path);
 }
 
@@ -185,7 +186,7 @@ void parse_include(SnortConfig* sc, const char* arg)
 {
     assert(arg);
     arg = ExpandVars(sc, arg);
-    std::string file;
+    std::string file = get_ips_policy()->includer;
 
     const char* code = get_config_file(arg, file);
 

diff --git a/src/parser/parser.cc b/src/parser/parser.cc
index ace9940f5a1062e3f4481a605709f13dc659ddf3..a1d3f4d7112066a644c880be22920de58803fce9 100644 (file)
--- a/src/parser/parser.cc
+++ b/src/parser/parser.cc
@@ -355,7 +355,7 @@ void ParseRules(SnortConfig* sc)
             ModuleManager::load_rules(sc);
 
         const char* fname = p->include.c_str();
-        std::string file = p->parse_from;
+        std::string file = p->includer;
 
         if ( fname && *fname )
         {