Merge pull request #1506 in SNORT/snort3 from ~MIREDDEN/snort3:port_scan_memcap_reloa...

author Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)
author Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)
diff --git a/doc/reload_limitations.txt b/doc/reload_limitations.txt

index 3061b2dd9541898959abae29a3c7539eb52ad0d9..16910179b1eaae64c98f6358e41d7c9922c7b615 100644 (file)
--- a/doc/reload_limitations.txt
+++ b/doc/reload_limitations.txt
@@ -13,6 +13,7 @@ The following parameters can't be changed during reload, and require a restart:
  * daq.no_promisc
  * detection.asn1
  * file_id.max_files_cached
+* port_scan.memcap
  * process.chroot
  * process.daemon
  * process.set_gid
diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc

index 0a53d4fd3bd65f66bfd89e8bc7b3571dd0bd8d2f..7a647d715c5ec37f3a37f22a4693b7e2f7bb04ee 100644 (file)
--- a/src/network_inspectors/port_scan/ps_module.cc
+++ b/src/network_inspectors/port_scan/ps_module.cc
@@ -23,6 +23,7 @@
  #endif
  
  #include "ps_module.h"
+#include "log/messages.h"
  
  #include <cassert>
  
@@ -324,6 +325,28 @@ bool PortScanModule::set(const char* fqn, Value& v, SnortConfig*)
      return true;
  }
  
+bool PortScanModule::end(const char* fqn, int, SnortConfig*)
+{
+    static size_t saved_memcap = 0;
+
+    if (strcmp(fqn, "port_scan") == 0)
+    {
+        if (saved_memcap != 0  )
+        {
+            if (config->memcap != saved_memcap)
+            {
+                ReloadError("Changing port_scan.memcap requires a restart\n");
+            }
+        }
+        else
+        {
+            saved_memcap = config->memcap;
+        }
+    }
+
+    return true;
+}
+
  PS_ALERT_CONF* PortScanModule::get_alert_conf(const char* fqn)
  {
      if ( !strncmp(fqn, "port_scan.tcp_ports", 19) )
diff --git a/src/network_inspectors/port_scan/ps_module.h b/src/network_inspectors/port_scan/ps_module.h

index 6a290b0f41af58101ca4fe5563b92fa7d8010c8a..f06764fa746fd90e9be495353333b510f109cedc 100644 (file)
--- a/src/network_inspectors/port_scan/ps_module.h
+++ b/src/network_inspectors/port_scan/ps_module.h
@@ -143,6 +143,7 @@ public:
  
      bool set(const char*, snort::Value&, snort::SnortConfig*) override;
      bool begin(const char*, int, snort::SnortConfig*) override;
+    bool end(const char*, int, snort::SnortConfig*) override;
  
      const PegInfo* get_pegs() const override;
      PegCount* get_counts() const override;
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 7 Feb 2019 15:03:17 +0000 (10:03 -0500)
doc/reload_limitations.txt		patch \| blob \| blame \| history
src/network_inspectors/port_scan/ps_module.cc		patch \| blob \| blame \| history
src/network_inspectors/port_scan/ps_module.h		patch \| blob \| blame \| history