#include <cstring>
#include <string>
+#include "main/snort_config.h"
#include "main/snort_types.h"
#define ENABLE_FILE_TYPE_IDENTIFICATION 0x1
// This is called when a new flow is queried for the first time
// Check & update what file policy is enabled on this flow/file
- virtual void policy_check(Flow*, FileInfo* ) { }
+ virtual void policy_check(Flow*, FileInfo*) { }
// This is called after file type is known
virtual FileVerdict type_lookup(Packet*, FileInfo*)
{ return FILE_VERDICT_UNKNOWN; }
virtual void log_file_action(Flow*, FileInfo*, FileAction) { }
-
};
inline void initFilePosition(FilePosition* position, uint64_t processed_size)
SO_PUBLIC uint64_t get_file_processed_size(Flow* flow);
SO_PUBLIC FilePosition get_file_position(Packet* pkt);
SO_PUBLIC void get_magic_rule_ids_from_type(const std::string& type,
- const std::string& version, FileTypeBitSet& ids_set);
+ const std::string& version, FileTypeBitSet& ids_set, SnortConfig*);
}
#endif
return "NA";
}
-FileConfig* get_file_config ()
+FileConfig* get_file_config(snort::SnortConfig* sc)
{
- snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true);
+ snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true, sc);
if (fi)
return (fi->config);
namespace snort
{
- void get_magic_rule_ids_from_type(const std::string& type, const std::string& version, snort::FileTypeBitSet& ids_set)
- {
- FileConfig* conf = get_file_config();
- if(conf)
- conf->get_magic_rule_ids_from_type(type, version, ids_set);
- else
- ids_set.reset();
- }
+void get_magic_rule_ids_from_type(const std::string& type, const std::string& version,
+ snort::FileTypeBitSet& ids_set, snort::SnortConfig* sc)
+{
+ FileConfig* conf = get_file_config(sc);
+ if (conf)
+ conf->get_magic_rule_ids_from_type(type, version, ids_set);
+ else
+ ids_set.reset();
+}
}
#define FILE_CONFIG_H
// This provides the basic configuration for file processing
-
+#include "main/snort_config.h"
#include "file_api/file_identifier.h"
#include "file_api/file_policy.h"
};
std::string file_type_name(uint32_t id);
-FileConfig* get_file_config();
+FileConfig* get_file_config(snort::SnortConfig* sc = nullptr);
#endif
static const Parameter s_params[] =
{
{ "~", Parameter::PT_STRING, nullptr, nullptr,
- "list of file type IDs to match" },
+ "list of file type IDs to match" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
-
#define s_help \
"rule option to check file type"
FileTypeBitSet types;
private:
- bool parse_type_and_version(std::string& token);
+ bool parse_type_and_version(std::string& token, SnortConfig*);
};
bool FileTypeModule::begin(const char*, int, SnortConfig*)
return true;
}
-bool FileTypeModule::set(const char*, Value& v, SnortConfig*)
+bool FileTypeModule::set(const char*, Value& v, SnortConfig* sc)
{
if ( !v.is("~") )
return false;
if ( tok[tok.length()-1] == '"' )
tok.erase(tok.length()-1, 1);
- if (! parse_type_and_version(tok) )
+ if (!parse_type_and_version(tok, sc) )
return false;
}
return true;
// Multiple types are separated by spaces:
// TYPE1,VER1 TYPE2 TYPE3,VER1,VER2 -- Match any of these types
//
-bool FileTypeModule::parse_type_and_version(std::string& token)
+bool FileTypeModule::parse_type_and_version(std::string& token, SnortConfig* sc)
{
std::istringstream stream(token);
std::string type_name;
std::string version;
FileTypeBitSet ids_set;
- if(!std::getline(stream, type_name, ','))
+ if (!std::getline(stream, type_name, ','))
return false;
- if(!std::getline(stream, version, ','))
+ if (!std::getline(stream, version, ','))
{
// Match all versions of this type.
- get_magic_rule_ids_from_type(type_name, "", ids_set);
- if(ids_set.none())
+ get_magic_rule_ids_from_type(type_name, "", ids_set, sc);
+ if (ids_set.none())
{
ParseError("Invalid file_type type '%s'. Not found in file_rules.", type_name.c_str());
return false;
return true;
}
- get_magic_rule_ids_from_type(type_name, version, ids_set);
- if(ids_set.none())
+ get_magic_rule_ids_from_type(type_name, version, ids_set, sc);
+ if (ids_set.none())
{
- ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", type_name.c_str(), version.c_str());
+ ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.",
+ type_name.c_str(), version.c_str());
return false;
}
types |= ids_set;
- while(std::getline(stream, version, ','))
+ while (std::getline(stream, version, ','))
{
- get_magic_rule_ids_from_type(type_name, version, ids_set);
- if(ids_set.none())
+ get_magic_rule_ids_from_type(type_name, version, ids_set, sc);
+ if (ids_set.none())
{
- ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", type_name.c_str(), version.c_str());
+ ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.",
+ type_name.c_str(), version.c_str());
return false;
}
{
const InspectApi& api;
bool initialized = false; // In the context of the main thread, this means that api.pinit()
- // has been called. In the packet thread, it means that api.tinit()
- // has been called.
- bool instance_initialized = false; // In the packet thread, at least one instance has had tinit() called.
+ // has been called. In the packet thread, it means that
+ // api.tinit() has been called.
+ bool instance_initialized = false; // In the packet thread, at least one instance has had
+ // tinit() called.
PHGlobal(const InspectApi& p) : api(p) { }
{ return ( a->api.type < b->api.type ); }
};
-enum ReloadType {
+enum ReloadType
+{
RELOAD_TYPE_NONE = 0,
RELOAD_TYPE_DELETED,
RELOAD_TYPE_REENABLED,
{ reload_type = val; }
bool is_reloaded()
- { return ((reload_type == RELOAD_TYPE_REENABLED) or
- (reload_type == RELOAD_TYPE_DELETED) or
- (reload_type == RELOAD_TYPE_NEW)); }
+ {
+ return ((reload_type == RELOAD_TYPE_REENABLED)or
+ (reload_type == RELOAD_TYPE_DELETED) or
+ (reload_type == RELOAD_TYPE_NEW));
+ }
ReloadType get_reload_type()
{ return reload_type; }
{
switch ( p->pp_class.api.type )
{
- case IT_PASSIVE :
+ case IT_PASSIVE:
passive.add(p);
// FIXIT-L Ugly special case for noticing a binder
if ( !strcmp(p->pp_class.api.base.name, bind_id) )
// FIXIT-L allowing lookup by name or type or key is kinda hinky
// would be helpful to have specific lookups
static bool get_instance(
- FrameworkPolicy* fp, const char* keyword, bool dflt_only, std::vector<PHInstance*>::iterator& it)
+ FrameworkPolicy* fp, const char* keyword, bool dflt_only,
+ std::vector<PHInstance*>::iterator& it)
{
for ( it = fp->ilist.begin(); it != fp->ilist.end(); ++it )
{
}
static PHInstance* get_instance(
- FrameworkPolicy* fp, const char* keyword, bool dflt_only = false)
+ FrameworkPolicy* fp, const char* keyword, bool dflt_only = false)
{
std::vector<PHInstance*>::iterator it;
return get_instance(fp, keyword, dflt_only, it) ? *it : nullptr;
for ( auto* p : pi->framework_policy->ilist )
{
if ( cloned and !(p->is_reloaded()) )
- continue;
+ continue;
if ( p->handler->get_api()->type == IT_PASSIVE )
s_trash2.emplace_back(p->handler);
if ( !pi || !pi->framework_policy )
return nullptr;
- return (Binder*) pi->framework_policy->binder;
+ return (Binder*)pi->framework_policy->binder;
}
// FIXIT-P cache get_inspector() returns or provide indexed lookup
-Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only)
+Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, SnortConfig* sc)
{
InspectionPolicy* pi;
-
- if (dflt_only)
+
+ if (dflt_only && (sc != nullptr))
+ pi = snort::get_default_inspection_policy(sc);
+ else if (dflt_only)
pi = snort::get_default_inspection_policy(SnortConfig::get_conf());
else
pi = snort::get_inspection_policy();
// FIXIT-L can't we just unify PHInstance and InspectorWrapper?
return ppi->handler;
}
+
#endif
// create default binding for wizard and configured services
}
// must check between each ::execute()
if ( p->disable_inspect )
- return;
+ return;
if ( !p->is_cooked() )
::execute(p, fp->packet.vec, fp->packet.num);
if ( p->disable_inspect )
- return;
+ return;
SnortConfig* sc = SnortConfig::get_conf();
FrameworkPolicy* fp_dft = snort::get_default_inspection_policy(sc)->framework_policy;
::execute(p, fp->network.vec, fp->network.num);
if ( p->disable_inspect )
- return;
+ return;
::execute(p, fp_dft->control.vec, fp_dft->control.num);
}
}
if ( p->disable_inspect )
- return;
+ return;
if ( p->flow->full_inspection() )
full_inspection(p);
static InspectSsnFunc get_session(uint16_t proto);
static InspectorType get_type(const char* key);
- SO_PUBLIC static Inspector* get_inspector(const char* key, bool dflt_only = false);
+ SO_PUBLIC static Inspector* get_inspector(const char* key, bool dflt_only = false,
+ SnortConfig* sc = nullptr);
SO_PUBLIC static Binder* get_binder();
projects / thirdparty / snort3.git / commitdiff
