Merge pull request #1178 in SNORT/snort3 from reload_ips_actions to master

Squashed commit of the following:

commit 6d659feda07dd5071cb3035d55ad61136d2faea8
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Fri Mar 30 11:27:47 2018 -0400

    reload: enabled reloading ips_actions

    added parse error check for reloading

diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc
index 10bda0f0719089306ea7d244db9482a4c96c97a0..392c31116cf9a8f19d35cd7ebd5ce392a009722d 100644 (file)
--- a/src/actions/act_react.cc
+++ b/src/actions/act_react.cc
@@ -97,10 +97,9 @@ struct ReactData
     int rule_msg;        // 1=>use rule msg; 0=>use DEFAULT_MSG
     ssize_t buf_len;     // length of response
     char* resp_buf;      // response to send
+    char* resp_page;
 };
 
-static char* s_page = nullptr;
-
 class ReactAction : public IpsAction
 {
 public:
@@ -124,11 +123,6 @@ private:
 
 ReactAction::~ReactAction()
 {
-    if ( s_page )
-    {
-        snort_free(s_page);
-        s_page = nullptr;
-    }
     if (config->resp_buf)
         snort_free(config->resp_buf);
 
@@ -164,60 +158,6 @@ void ReactAction::send(Packet* p)
 // implementation foo
 //-------------------------------------------------------------------------
 
-static bool react_getpage(const char* file)
-{
-    char* msg;
-    char* percent_s;
-    struct stat fs;
-    FILE* fd;
-    size_t n;
-
-    if ( stat(file, &fs) )
-    {
-        ParseError("can't stat react page file '%s'.", file);
-        return false;
-    }
-
-    s_page = (char*)snort_calloc(fs.st_size+1);
-    fd = fopen(file, "r");
-
-    if ( !fd )
-    {
-        ParseError("can't open react page file '%s'.", file);
-        return false;
-    }
-
-    n = fread(s_page, 1, fs.st_size, fd);
-    fclose(fd);
-
-    if ( n != (size_t)fs.st_size )
-    {
-        ParseError("can't load react page file '%s'.", file);
-        return false;
-    }
-
-    s_page[n] = '\0';
-    msg = strstr(s_page, MSG_KEY);
-    if ( msg )
-        strncpy(msg, "%s", 2);
-
-    // search for %
-    percent_s = strstr(s_page, MSG_PERCENT);
-    if (percent_s)
-    {
-        percent_s += strlen(MSG_PERCENT); // move past current
-        // search for % again
-        percent_s = strstr(percent_s, MSG_PERCENT);
-        if (percent_s)
-        {
-            ParseError("can't specify more than one %%s or other "
-                "printf style formatting characters in react page '%s'.",
-                file);
-            return false;
-        }
-    }
-    return true;
-}
 
 //--------------------------------------------------------------------
 
@@ -228,7 +168,7 @@ static void react_config(ReactData* rd)
     char dummy;
 
     const char* head = DEFAULT_HTTP;
-    const char* body = s_page ? s_page : DEFAULT_HTML;
+    const char* body = rd->resp_page ? rd->resp_page : DEFAULT_HTML;
     const char* msg = DEFAULT_MSG;
 
     body_len = snprintf(&dummy, 1, body, msg);
@@ -263,7 +203,8 @@ static const Parameter s_params[] =
 class ReactModule : public Module
 {
 public:
-    ReactModule() : Module(s_name, s_help, s_params) { }
+    ReactModule() : Module(s_name, s_help, s_params) { page = nullptr; }
+    ~ReactModule() override { if (page) snort_free(page); }
 
     bool begin(const char*, int, SnortConfig*) override;
     bool set(const char*, Value&, SnortConfig*) override;
@@ -276,8 +217,66 @@ public:
 
 public:
     bool msg;
+    char* page;
+private:
+    bool getpage(const char* file);
 };
 
+bool ReactModule::getpage(const char* file)
+{
+    char* msg;
+    char* percent_s;
+    struct stat fs;
+    FILE* fd;
+    size_t n;
+
+    if ( stat(file, &fs) )
+    {
+        ParseError("can't stat react page file '%s'.", file);
+        return false;
+    }
+
+    page = (char*)snort_calloc(fs.st_size+1);
+    fd = fopen(file, "r");
+
+    if ( !fd )
+    {
+        ParseError("can't open react page file '%s'.", file);
+        return false;
+    }
+
+    n = fread(page, 1, fs.st_size, fd);
+    fclose(fd);
+
+    if ( n != (size_t)fs.st_size )
+    {
+        ParseError("can't load react page file '%s'.", file);
+        return false;
+    }
+
+    page[n] = '\0';
+    msg = strstr(page, MSG_KEY);
+    if ( msg )
+        strncpy(msg, "%s", 2);
+
+    // search for %
+    percent_s = strstr(page, MSG_PERCENT);
+    if (percent_s)
+    {
+        percent_s += strlen(MSG_PERCENT); // move past current
+        // search for % again
+        percent_s = strstr(percent_s, MSG_PERCENT);
+        if (percent_s)
+        {
+            ParseError("can't specify more than one %%s or other "
+                "printf style formatting characters in react page '%s'.",
+                file);
+            return false;
+        }
+    }
+    return true;
+}
+
 bool ReactModule::begin(const char*, int, SnortConfig*)
 {
     msg = false;
@@ -290,7 +289,7 @@ bool ReactModule::set(const char*, Value& v, SnortConfig*)
         msg = v.get_bool();
 
     else if ( v.is("page") )
-        return react_getpage(v.get_string());
+        return getpage(v.get_string());
 
     else
         return false;
@@ -318,7 +317,7 @@ static IpsAction* react_ctor(Module* p)
 
     ReactModule* m = (ReactModule*)p;
     rd->rule_msg = m->msg;
-
+    rd->resp_page = m->page;
     react_config(rd); // FIXIT-L this must be done per response
     Active::set_enabled();
 

diff --git a/src/main/snort.cc b/src/main/snort.cc
index 25c304d0a3c5f9cf685cce2ee990a1c38e769c78..eef5834b1ba2ef5a9b5e36e7853ebf2ef827192b 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -572,7 +572,7 @@ SnortConfig* Snort::get_reload_config(const char* fname)
     ControlMgmt::reconfigure_controls();
 #endif
 
-    if ( !InspectorManager::configure(sc) )
+    if ( get_parse_errors() or !InspectorManager::configure(sc) )
     {
         parser_term(sc);
         delete sc;

diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc
index d681dfd463c6b27cf688c6a63682d280e8c9d5b7..5ee151fbffff85f432c83c3735b4946fd09a698a 100644 (file)
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -684,9 +684,9 @@ SO_PUBLIC bool open_table(const char* s, int idx)
     if ( !h || (h->api && h->api->type == PT_IPS_OPTION) )
         return false;
 
-    // FIXIT-M only basic modules and inspectors can be reloaded at present
-    if ( ( snort::Snort::is_reloading() )
-            and h->api and h->api->type != PT_INSPECTOR )
+    // FIXIT-M only basic modules, inspectors and ips actions can be reloaded at present
+    if ( ( snort::Snort::is_reloading() ) and h->api
+            and h->api->type != PT_INSPECTOR and h->api->type != PT_IPS_ACTION )
         return false;
 
     Module* m = h->mod;