struct IpsActionsConfig
{
vector<ActionInst> clist;
- IpsAction* reject = nullptr;
};
using ACList = vector<ActionClass>;
// Add this instance to the list of those created for this config
sc->ips_actions_config->clist.emplace_back(*cls, act);
- // FIXIT-M Either you are static or you're not, make a choice.
- // Anyway, if we happen to instantiate an action called reject, cache that for use later.
- if ( !sc->ips_actions_config->reject && !strcmp(act->get_name(), "reject") )
- sc->ips_actions_config->reject = act;
-
RuleListNode* rln = CreateRuleType(sc, api->base.name, api->type, true);
// The plugin actions (e.g. reject, react, etc.) are per policy, per mode.
Actions::Type idx = rln->mode;
assert(ips->action[idx] == nullptr);
ips->action[idx] = act;
-
}
}
#include "binding.h"
using namespace snort;
-using namespace std;
THREAD_LOCAL ProfileStats bindPerfStats;
bool update(const Binding&);
void apply_action(Flow&);
- void apply_session(Flow&, const HostAttributesEntry);
- void apply_service(Flow&, const HostAttributesEntry);
+ void apply_session(Flow&);
+ void apply_service(Flow&);
void apply_assistant(Flow&, const char*);
};
case BindUse::BW_NONE:
break;
case BindUse::BW_PASSIVE:
- data = pb.use.inspector;
+ if (!data)
+ data = pb.use.inspector;
break;
case BindUse::BW_CLIENT:
- client = pb.use.inspector;
+ if (!client)
+ client = pb.use.inspector;
break;
case BindUse::BW_SERVER:
- server = pb.use.inspector;
+ if (!server)
+ server = pb.use.inspector;
break;
case BindUse::BW_STREAM:
- client = server = pb.use.inspector;
+ if (!client)
+ client = pb.use.inspector;
+ if (!server)
+ server = pb.use.inspector;
break;
case BindUse::BW_WIZARD:
wizard = pb.use.inspector;
}
}
-void Stuff::apply_session(Flow& flow, const HostAttributesEntry host)
+void Stuff::apply_session(Flow& flow)
{
if (client)
flow.set_client(client);
flow.set_server(server);
else if (flow.ssn_server)
flow.clear_server();
-
- switch (flow.pkt_type)
- {
- case PktType::IP:
- flow.ssn_policy = host ? host->get_frag_policy() : 0;
- break;
- case PktType::TCP:
- flow.ssn_policy = host ? host->get_stream_policy() : 0;
- break;
- default:
- break;
- }
}
-void Stuff::apply_service(Flow& flow, const HostAttributesEntry host)
+void Stuff::apply_service(Flow& flow)
{
if (data)
flow.set_data(data);
- if (host)
- Stream::set_snort_protocol_id(&flow, host, FROM_SERVER);
-
if (!gadget)
gadget = get_gadget(flow);
class Binder : public Inspector
{
public:
- Binder(vector<Binding>&, vector<Binding>&);
+ Binder(std::vector<Binding>&, std::vector<Binding>&);
~Binder() override;
void remove_inspector_binding(SnortConfig*, const char*) override;
Inspector* find_gadget(Flow&);
private:
- vector<Binding> bindings;
- vector<Binding> policy_bindings;
+ std::vector<Binding> bindings;
+ std::vector<Binding> policy_bindings;
Inspector* default_ssn_inspectors[to_utype(PktType::MAX)]{};
};
}
};
-Binder::Binder(vector<Binding>& bv, vector<Binding>& pbv)
+Binder::Binder(std::vector<Binding>& bv, std::vector<Binding>& pbv)
{
bindings = std::move(bv);
policy_bindings = std::move(pbv);
{
Profile profile(bindPerfStats);
+ // FIXIT-M logic for applying information from the host attribute table likely doesn't belong
+ // in binder, but it *does* need to occur before the binding lookup (for service information)
+ const HostAttributesEntry host = HostAttributesManager::find_host(flow.server_ip);
+ if (host)
+ {
+ // Set the fragmentation (IP) or stream (TCP) policy from the host entry
+ switch (flow.pkt_type)
+ {
+ case PktType::IP:
+ flow.ssn_policy = host->get_frag_policy();
+ break;
+ case PktType::TCP:
+ flow.ssn_policy = host->get_stream_policy();
+ break;
+ default:
+ break;
+ }
+
+ Stream::set_snort_protocol_id(&flow, host, FROM_SERVER);
+ if (flow.ssn_state.snort_protocol_id != UNKNOWN_PROTOCOL_ID)
+ {
+ const SnortConfig* sc = SnortConfig::get_conf();
+ flow.service = sc->proto_ref->get_name(flow.ssn_state.snort_protocol_id);
+ }
+ }
+
Stuff stuff;
get_bindings(flow, stuff);
apply(flow, stuff);
if (flow.flow_state != Flow::FlowState::INSPECT)
return;
- const HostAttributesEntry host = HostAttributesManager::find_host(flow.server_ip);
-
- stuff.apply_session(flow, host);
-
- stuff.apply_service(flow, host);
+ stuff.apply_session(flow);
+ stuff.apply_service(flow);
}
void Binder::apply_assistant(Flow& flow, Stuff& stuff, const char* service)
static Inspector* bind_ctor(Module* m)
{
BinderModule* mod = (BinderModule*)m;
- vector<Binding>& bv = mod->get_bindings();
- vector<Binding>& pbv = mod->get_policy_bindings();
+ std::vector<Binding>& bv = mod->get_bindings();
+ std::vector<Binding>& pbv = mod->get_policy_bindings();
return new Binder(bv, pbv);
}
*/
struct FTP_SERVER_PROTO_CONF
{
- unsigned int def_max_param_len;
- unsigned int max_cmd_len;
+ unsigned int def_max_param_len = FTPP_UI_CONFIG_FTP_DEF_CMD_PARAM_MAX;
+ unsigned int max_cmd_len = MAX_CMD;
- bool print_commands;
- bool data_chan;
- bool check_encrypted_data;
- bool telnet_cmds;
- bool ignore_telnet_erase_cmds;
- bool detect_encrypted;
+ bool print_commands = false;
+ bool data_chan = false;
+ bool check_encrypted_data = false;
+ bool telnet_cmds = false;
+ bool ignore_telnet_erase_cmds = false;
+ bool detect_encrypted = false;
CMD_LOOKUP* cmd_lookup;
{
unsigned int max_resp_len = FTPP_UI_CONFIG_FTP_DEF_RESP_MSG_MAX;
- bool data_chan = false;
bool bounce = false;
bool telnet_cmds = false;
bool ignore_telnet_erase_cmds = false;
int iRet;
char ignoreTelnetErase = FTPP_APPLY_TNC_ERASE_CMDS;
/* Normalize this packet ala telnet */
- if (((iMode == FTPP_SI_CLIENT_MODE) &&
- session->client_conf->ignore_telnet_erase_cmds) ||
- ((iMode == FTPP_SI_SERVER_MODE) &&
- session->server_conf->ignore_telnet_erase_cmds) )
+ if ((iMode == FTPP_SI_CLIENT_MODE && session->client_conf->ignore_telnet_erase_cmds) ||
+ (iMode == FTPP_SI_SERVER_MODE && session->server_conf->ignore_telnet_erase_cmds))
ignoreTelnetErase = FTPP_IGNORE_TNC_ERASE_CMDS;
DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
if ( buf.len )
{
/* Normalized data will always be in decode buffer */
- if ( (iMode == FTPP_SI_CLIENT_MODE) ||
- (iMode == FTPP_SI_SERVER_MODE) )
+ if ((iMode == FTPP_SI_CLIENT_MODE && session->client_conf->telnet_cmds) ||
+ (iMode == FTPP_SI_SERVER_MODE && session->server_conf->telnet_cmds))
{
DetectionEngine::queue_event(GID_FTP, FTP_TELNET_CMD);
return FTPP_ALERT; /* Nothing else to do since we alerted */
projects / thirdparty / snort3.git / commitdiff
