(!(cs.set_bits & SetBits::SRC_IP) or (sip == cs.src_ip)) and
(!(cs.set_bits & SetBits::DST_IP) or (dip == cs.dst_ip));
- if (res && tenant_id && !cs.tenants.empty())
+ if (res and (cs.set_bits & SetBits::TENANT) and tenant_id and !cs.tenants.empty())
{
auto it = std::find_if(cs.tenants.cbegin(), cs.tenants.cend(),
[tenant_id](uint32_t t){ return t == tenant_id; });
and ( !(set_bits & DST_PORT) or dst_port == other.dst_port )
and ( !(set_bits & SRC_IP) or src_ip == other.src_ip )
and ( !(set_bits & DST_IP) or dst_ip == other.dst_ip )
- and ( tenants == other.tenants );
+ and ( !(set_bits & TENANT) or tenants == other.tenants );
}
bool PacketConstraints::packet_match(const Packet& p) const
const auto& dip = *p.ptrs.ip_api.get_dst();
const auto sp = p.ptrs.sp;
const auto dp = p.ptrs.dp;
+ const auto tenant = p.pkth->tenant_id;
- return match_constraints(*this, sip, dip, sp, dp, p.pkth->tenant_id) or
- match_constraints(*this, dip, sip, dp, sp, p.pkth->tenant_id);
+ return match_constraints(*this, sip, dip, sp, dp, tenant) or
+ match_constraints(*this, dip, sip, dp, sp, tenant);
}
bool PacketConstraints::flow_match(const Flow& f) const
const uint32_t ip1 = 0x01010101;
const uint32_t ip2 = 0x02020202;
PacketConstraints exp = PacketConstraints(IpProtocol::PROTO_NOT_SET, 0, 0,
- SfIp(&ip1, AF_INET), SfIp(&ip2, AF_INET), (uint8_t)-1, true);
- exp.tenants = tenants1;
+ SfIp(&ip1, AF_INET), SfIp(&ip2, AF_INET), (uint8_t)-1, true, tenants1);
PacketConstraints act = PacketConstraints(IpProtocol::PROTO_NOT_SET, 0, 0,
- SfIp(&ip1, AF_INET), SfIp(&ip2, AF_INET), (uint8_t)-1, true);
- act.tenants = tenants2;
+ SfIp(&ip1, AF_INET), SfIp(&ip2, AF_INET), (uint8_t)-1, true, tenants2);
CHECK( exp == act );
}
}
cs.set_bits |= PacketConstraints::SetBits::DST_PORT;
cs.set_bits |= PacketConstraints::SetBits::SRC_IP;
cs.set_bits |= PacketConstraints::SetBits::DST_IP;
+ cs.set_bits |= PacketConstraints::SetBits::TENANT;
cs.ip_proto = proto;
cs.src_port = sport;
#include "framework/module.h"
#include "managers/module_manager.h"
+#include "utils/util.h"
#include "trace_config.h"
: trace_config(tc)
{
// Will be initialized only once when first TraceParser instance created
- if ( s_configured_trace_options.empty() )
+ if (s_configured_trace_options.empty())
init_configured_trace_options();
else
reset_configured_trace_options();
bool TraceParser::set_traces(const std::string& module_name, const Value& val)
{
- if ( !s_configured_trace_options.count(module_name)
- and module_name != DEFAULT_TRACE_OPTION_NAME )
+ if (!s_configured_trace_options.count(module_name)
+ and module_name != DEFAULT_TRACE_OPTION_NAME)
return false;
- if ( module_name == DEFAULT_TRACE_OPTION_NAME )
+ if (module_name == DEFAULT_TRACE_OPTION_NAME)
{
- for ( const auto& trace_options : s_configured_trace_options )
+ for (const auto& trace_options : s_configured_trace_options)
{
- if ( trace_options.second.at(DEFAULT_TRACE_OPTION_NAME) )
+ if (trace_options.second.at(DEFAULT_TRACE_OPTION_NAME))
continue;
- for ( const auto& trace_option : trace_options.second )
+ for (const auto& trace_option : trace_options.second)
{
- if ( !trace_option.second )
+ if (!trace_option.second)
trace_config.set_trace(trace_options.first, trace_option.first,
val.get_uint8());
}
return true;
}
- else if ( val.is(DEFAULT_TRACE_OPTION_NAME) )
+ else if (val.is(DEFAULT_TRACE_OPTION_NAME))
{
auto& trace_options = s_configured_trace_options[module_name];
- for ( const auto& trace_option : trace_options )
+ for (const auto& trace_option : trace_options)
{
- if ( !trace_option.second )
+ if (!trace_option.second)
trace_config.set_trace(module_name, trace_option.first, val.get_uint8());
}
trace_options[DEFAULT_TRACE_OPTION_NAME] = true;
bool TraceParser::set_constraints(const Value& val)
{
- if ( val.is("ip_proto") )
+ if (val.is("ip_proto"))
{
parsed_constraints.ip_proto = static_cast<IpProtocol>(val.get_uint8());
parsed_constraints.set_bits |= PacketConstraints::SetBits::IP_PROTO;
}
- else if ( val.is("src_port") )
+ else if (val.is("src_port"))
{
parsed_constraints.src_port = val.get_uint16();
parsed_constraints.set_bits |= PacketConstraints::SetBits::SRC_PORT;
}
- else if ( val.is("dst_port") )
+ else if (val.is("dst_port"))
{
parsed_constraints.dst_port = val.get_uint16();
parsed_constraints.set_bits |= PacketConstraints::SetBits::DST_PORT;
}
- else if ( val.is("src_ip") )
+ else if (val.is("src_ip"))
{
const char* str = val.get_string();
- if ( parsed_constraints.src_ip.set(str) != SFIP_SUCCESS )
+ if (parsed_constraints.src_ip.set(str) != SFIP_SUCCESS)
return false;
parsed_constraints.set_bits |= PacketConstraints::SetBits::SRC_IP;
}
- else if ( val.is("dst_ip") )
+ else if (val.is("dst_ip"))
{
const char* str = val.get_string();
- if ( parsed_constraints.dst_ip.set(str) != SFIP_SUCCESS )
+ if (parsed_constraints.dst_ip.set(str) != SFIP_SUCCESS)
return false;
parsed_constraints.set_bits |= PacketConstraints::SetBits::DST_IP;
}
- else if ( val.is("match") )
+ else if (val.is("match"))
parsed_constraints.match = val.get_bool();
+ else if (val.is("tenants"))
+ {
+ const char* tenants_str = val.get_string();
+ if (!tenants_str)
+ return false;
+
+ StrToIntVector(tenants_str, ',', parsed_constraints.tenants);
+ parsed_constraints.set_bits |= PacketConstraints::SetBits::TENANT;
+ }
else
return false;
void TraceParser::finalize_constraints()
{
- if ( !parsed_constraints.match or parsed_constraints.set_bits )
+ if (!parsed_constraints.match or parsed_constraints.set_bits)
trace_config.constraints = new PacketConstraints(parsed_constraints);
}
void TraceParser::reset_configured_trace_options()
{
- for ( auto& module_trace_options : s_configured_trace_options )
+ for (auto& module_trace_options : s_configured_trace_options)
{
- for ( auto& trace_options : module_trace_options.second )
+ for (auto& trace_options : module_trace_options.second)
trace_options.second = false;
}
}
void TraceParser::init_configured_trace_options()
{
auto trace_modules = ModuleManager::get_all_modules();
- for ( const auto* module : trace_modules )
+ for (const auto* module : trace_modules)
{
const TraceOption* trace_options = module->get_trace_options();
- if ( !trace_options )
+ if (!trace_options)
continue;
auto& module_trace_options = s_configured_trace_options[module->get_name()];
module_trace_options[DEFAULT_TRACE_OPTION_NAME] = false;
- while ( trace_options->name )
+ while (trace_options->name)
{
module_trace_options[trace_options->name] = false;
++trace_options;
#define PORT_OPTION(name, value) \
CONFIG_OPTION(name, (uint64_t)value, Parameter::PT_INT, "0:65535")
+#define TENANT_OPTION(name, value) \
+ CONFIG_OPTION(name, value, Parameter::PT_STRING, nullptr)
+
enum { OPT_1, OPT_2 };
static const TraceOption s_trace_options[] =
CONFIG_OPTION(invalid_option, (uint64_t)5, Parameter::PT_INT, "0:8");
CHECK(false == tp.set_constraints(invalid_option));
}
+
+ SECTION("tenants")
+ {
+ TENANT_OPTION(tenants, "11,12");
+ const auto expected_tenants = std::vector<uint32_t>{ 11, 12 };
+
+ const PacketConstraints expected_constraints = PacketConstraints(IpProtocol::PROTO_NOT_SET, 0, 0,
+ SfIp(), SfIp(), PacketConstraints::TENANT, true, expected_tenants);
+
+ CHECK(true == tp.set_constraints(tenants));
+ tp.finalize_constraints();
+
+ REQUIRE(tc.constraints != nullptr);
+ CHECK(*tc.constraints == expected_constraints);
+ }
}
#endif // UNIT_TEST
projects / thirdparty / snort3.git / commitdiff
