return p;
}
-enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
+static enum ExceptionPolicy ExceptionPolicyConfigValueParse(
+ const char *option, const char *value_str)
{
enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
- const char *value_str = NULL;
- if ((ConfGet(option, &value_str)) == 1 && value_str != NULL) {
- if (strcmp(value_str, "drop-flow") == 0) {
- policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW);
- } else if (strcmp(value_str, "pass-flow") == 0) {
- policy = EXCEPTION_POLICY_PASS_FLOW;
- } else if (strcmp(value_str, "bypass") == 0) {
- policy = EXCEPTION_POLICY_BYPASS_FLOW;
- } else if (strcmp(value_str, "drop-packet") == 0) {
- policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET);
- } else if (strcmp(value_str, "pass-packet") == 0) {
- policy = EXCEPTION_POLICY_PASS_PACKET;
- } else if (strcmp(value_str, "reject") == 0) {
- policy = EXCEPTION_POLICY_REJECT;
- } else if (strcmp(value_str, "ignore") == 0) { // TODO name?
+ if (strcmp(value_str, "drop-flow") == 0) {
+ policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW);
+ } else if (strcmp(value_str, "pass-flow") == 0) {
+ policy = EXCEPTION_POLICY_PASS_FLOW;
+ } else if (strcmp(value_str, "bypass") == 0) {
+ policy = EXCEPTION_POLICY_BYPASS_FLOW;
+ } else if (strcmp(value_str, "drop-packet") == 0) {
+ policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET);
+ } else if (strcmp(value_str, "pass-packet") == 0) {
+ policy = EXCEPTION_POLICY_PASS_PACKET;
+ } else if (strcmp(value_str, "reject") == 0) {
+ policy = EXCEPTION_POLICY_REJECT;
+ } else if (strcmp(value_str, "ignore") == 0) { // TODO name?
+ policy = EXCEPTION_POLICY_NOT_SET;
+ } else if (strcmp(value_str, "auto") == 0) {
+ if (!EngineModeIsIPS()) {
policy = EXCEPTION_POLICY_NOT_SET;
- } else if (strcmp(value_str, "auto") == 0) {
- if (!EngineModeIsIPS()) {
- policy = EXCEPTION_POLICY_NOT_SET;
- } else {
- policy = EXCEPTION_POLICY_DROP_FLOW;
- }
} else {
- FatalErrorOnInit(
- "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
- "pass-flow, bypass, drop-packet, pass-packet or ignore.",
- value_str);
+ policy = EXCEPTION_POLICY_DROP_FLOW;
}
+ } else {
+ FatalErrorOnInit(
+ "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
+ "pass-flow, bypass, reject, drop-packet, pass-packet or ignore.",
+ value_str);
+ }
+
+ return policy;
+}
+
+static enum ExceptionPolicy ExceptionPolicyMasterParse(const char *value)
+{
+ enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
+
+ policy = ExceptionPolicyConfigValueParse("exception-policy", value);
+ g_eps_have_exception_policy = true;
+ policy = SetIPSOption("exception-policy", value, policy);
+ SCLogConfig("exception-policy set to: %s", ExceptionPolicyEnumToString(policy));
+ return policy;
+}
+
+static enum ExceptionPolicy ExceptionPolicyGetDefault(const char *option, bool support_flow)
+{
+ enum ExceptionPolicy p = EXCEPTION_POLICY_NOT_SET;
+ if (g_eps_have_exception_policy) {
+ p = GetMasterExceptionPolicy(option);
if (!support_flow) {
- policy = PickPacketAction(option, policy);
+ p = PickPacketAction(option, p);
}
+ SCLogConfig("%s: %s (defined via 'exception-policy' master switch)", option,
+ ExceptionPolicyEnumToString(p));
+ return p;
+ } else if (EngineModeIsIPS()) {
+ p = EXCEPTION_POLICY_DROP_FLOW;
+ }
+ SCLogConfig("%s: %s (defined via 'built-in default' for %s-mode)", option,
+ ExceptionPolicyEnumToString(p), EngineModeIsIPS() ? "IPS" : "IDS");
- if (strcmp(option, "exception-policy") == 0) {
- g_eps_have_exception_policy = true;
+ return p;
+}
- if (strcmp(value_str, "auto") == 0) {
- SCLogConfig("%s: %s (because of 'auto' setting in %s-mode)", option,
- ExceptionPolicyEnumToString(policy), EngineModeIsIPS() ? "IPS" : "IDS");
- } else {
- SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
- }
- } else {
- SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
- }
+enum ExceptionPolicy ExceptionPolicyParse(const char *option, bool support_flow)
+{
+ enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
+ const char *value_str = NULL;
- } else if (strcmp(option, "exception-policy") == 0) {
- /* not enabled, we won't change the master exception policy,
- for now */
- if (!EngineModeIsIPS()) {
- policy = EXCEPTION_POLICY_NOT_SET;
+ if ((ConfGet(option, &value_str)) == 1 && value_str != NULL) {
+ if (strcmp(option, "exception-policy") == 0) {
+ policy = ExceptionPolicyMasterParse(value_str);
} else {
- policy = EXCEPTION_POLICY_DROP_FLOW;
+ policy = ExceptionPolicyConfigValueParse(option, value_str);
+ if (!support_flow) {
+ policy = PickPacketAction(option, policy);
+ }
+ SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
}
- SCLogConfig("%s: %s (%s-mode)", option, ExceptionPolicyEnumToString(policy),
- EngineModeIsIPS() ? "IPS" : "IDS");
-
} else {
- /* Exception Policy was not defined individually */
- policy = GetMasterExceptionPolicy(option);
- if (g_eps_have_exception_policy) {
- SCLogConfig("%s: %s (defined via 'exception-policy' master switch)", option,
- ExceptionPolicyEnumToString(policy));
- } else {
- SCLogConfig("%s: %s (defined via 'built-in default' for %s-mode)", option,
- ExceptionPolicyEnumToString(policy), EngineModeIsIPS() ? "IPS" : "IDS");
- }
+ policy = ExceptionPolicyGetDefault(option, support_flow);
}
return policy;
projects / thirdparty / suricata.git / commitdiff
