day or even just a minute. That way we can find them easily and won't
lose track of them.
-* Presently using FIXIT-X where X = A | W | P | H | M | L, indicating analysis,
- warning, perf, high, med, or low priority. Place A and W comments on the
- exact warning line so we can match up comments and build output. Supporting
- comments can be added above.
+* Presently using FIXIT-X where X = A | W | P | H | M | L | D, indicating
+ analysis, warning, perf, high, med, low priority, or deprecated. Place A and
+ W comments on the exact warning line so we can match up comments and build
+ output. Supporting comments can be added above.
* Put the copyright(s) and license in a comment block at the top of each
source file (.h and .cc). Don't bother with trivial scripts and make
filterEvent = sfthreshold_test(
otn->sigInfo.gid, otn->sigInfo.sid,
p->ptrs.ip_api.get_src(), p->ptrs.ip_api.get_dst(),
- p->pkth->ts.tv_sec);
+ p->pkth->ts.tv_sec, get_network_policy()->policy_id);
}
else
{
filterEvent = sfthreshold_test(
otn->sigInfo.gid, otn->sigInfo.sid,
- &cleared, &cleared, p->pkth->ts.tv_sec);
+ &cleared, &cleared, p->pkth->ts.tv_sec, get_network_policy()->policy_id);
}
if ( (filterEvent < 0) || (filterEvent > 0 && !override) )
return 0;
return sfthd_test_rule(detection_filter_hash, (THD_NODE*)pv,
- sip, dip, curtime);
+ sip, dip, curtime, get_ips_policy()->policy_id);
}
THD_NODE* detection_filter_create(DetectionFilterConfig* df_config, THDX_STRUCT* thdx)
void sfthd_objs_free(ThresholdObjects* thd_objs)
{
- int i;
- PolicyId policyId;
-
if (thd_objs == nullptr)
return;
- for (i = 0; i < THD_MAX_GENID; i++)
+ for (int i = 0; i < THD_MAX_GENID; i++)
{
if ( thd_objs->sfthd_array[i] )
delete thd_objs->sfthd_array[i];
}
- for (policyId = 0; policyId < thd_objs->numPoliciesAllocated; policyId++)
+ for (PolicyId policy_id = 0; policy_id < thd_objs->numPoliciesAllocated; policy_id++)
{
- if ( !thd_objs->sfthd_garray[policyId] )
+ if ( !thd_objs->sfthd_garray[policy_id] )
continue;
- if ( thd_objs->sfthd_garray[policyId][0] )
+ if ( thd_objs->sfthd_garray[policy_id][0] )
{
- sfthd_node_free(thd_objs->sfthd_garray[policyId][0]);
+ sfthd_node_free(thd_objs->sfthd_garray[policy_id][0]);
/* Free any individuals */
- for (i = 0; i < THD_MAX_GENID; i++)
+ for (int i = 0; i < THD_MAX_GENID; i++)
{
- if ( thd_objs->sfthd_garray[policyId][i] !=
- thd_objs->sfthd_garray[policyId][0] )
+ if ( thd_objs->sfthd_garray[policy_id][i] !=
+ thd_objs->sfthd_garray[policy_id][0] )
{
- sfthd_node_free(thd_objs->sfthd_garray[policyId][i]);
+ sfthd_node_free(thd_objs->sfthd_garray[policy_id][i]);
}
}
}
else
{
/* Anything other GID will be allocated individually */
- for (i = 1; i < THD_MAX_GENID; i++)
+ for (int i = 1; i < THD_MAX_GENID; i++)
{
- if ( thd_objs->sfthd_garray[policyId][i] )
- sfthd_node_free(thd_objs->sfthd_garray[policyId][i]);
+ if ( thd_objs->sfthd_garray[policy_id][i] )
+ sfthd_node_free(thd_objs->sfthd_garray[policy_id][i]);
}
}
- snort_free(thd_objs->sfthd_garray[policyId]);
+ snort_free(thd_objs->sfthd_garray[policy_id]);
}
if ( thd_objs->sfthd_garray )
*/
static int sfthd_create_threshold_local(
- SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
+ SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config, PolicyId policy_id)
{
GHash* sfthd_hash;
THD_ITEM* sfthd_item;
THD_NODE* sfthd_node;
tThdItemKey key;
- PolicyId policy_id = get_network_policy()->policy_id;
-
if (thd_objs == nullptr )
return -1;
/*
*/
static int sfthd_create_threshold_global(
- SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
+ SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config, PolicyId policy_id)
{
THD_NODE* sfthd_node;
- PolicyId policy_id = get_network_policy()->policy_id;
if (thd_objs == nullptr)
return -1;
int priority,
int count,
int seconds,
- sfip_var_t* ip_address)
+ sfip_var_t* ip_address, PolicyId policy_id)
{
//allocate memory fpr sfthd_array if needed.
- PolicyId policyId = get_network_policy()->policy_id;
THD_NODE sfthd_node;
memset(&sfthd_node, 0, sizeof(sfthd_node));
sfthd_node.ip_address= ip_address;
// FIXIT-L convert to std::vector
- sfDynArrayCheckBounds ((void**)&thd_objs->sfthd_garray, policyId,
+ sfDynArrayCheckBounds ((void**)&thd_objs->sfthd_garray, policy_id,
&thd_objs->numPoliciesAllocated);
- if (thd_objs->sfthd_garray[policyId] == nullptr)
+ if (thd_objs->sfthd_garray[policy_id] == nullptr)
{
- thd_objs->sfthd_garray[policyId] =
+ thd_objs->sfthd_garray[policy_id] =
(THD_NODE**)snort_calloc(THD_MAX_GENID, sizeof(THD_NODE*));
}
if ( sig_id == 0 )
{
- return sfthd_create_threshold_global(sc, thd_objs, &sfthd_node);
+ return sfthd_create_threshold_global(sc, thd_objs, &sfthd_node, policy_id);
}
if ( gen_id == 0 )
return -1;
- return sfthd_create_threshold_local(sc, thd_objs, &sfthd_node);
+ return sfthd_create_threshold_local(sc, thd_objs, &sfthd_node, policy_id);
}
#ifdef THD_DEBUG
#endif
int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node,
- const SfIp* sip, const SfIp* dip, long curtime)
+ const SfIp* sip, const SfIp* dip, long curtime, PolicyId policy_id)
{
if ((rule_hash == nullptr) || (sfthd_node == nullptr))
return 0;
- int status = sfthd_test_local(rule_hash, sfthd_node, sip, dip, curtime);
+ int status = sfthd_test_local(rule_hash, sfthd_node, sip, dip, curtime, policy_id);
return (status < -1) ? 1 : status;
}
THD_NODE* sfthd_node,
const SfIp* sip,
const SfIp* dip,
- time_t curtime)
+ time_t curtime,
+ PolicyId policy_id)
{
THD_IP_NODE_KEY key;
THD_IP_NODE data,* sfthd_ip_node;
const SfIp* ip;
- PolicyId policy_id = get_network_policy()->policy_id;
-
#ifdef THD_DEBUG
char buf[24];
printf("THD_DEBUG: Key THD_NODE IP=%s,",
unsigned sig_id, /* from current event */
const SfIp* sip, /* " */
const SfIp* dip, /* " */
- time_t curtime)
+ time_t curtime,
+ PolicyId policy_id)
{
THD_IP_GNODE_KEY key;
THD_IP_NODE data;
THD_IP_NODE* sfthd_ip_node;
const SfIp* ip;
- PolicyId policy_id = get_network_policy()->policy_id;
-
#ifdef THD_DEBUG
char buf[24];
printf("THD_DEBUG: Global THD_NODE IP=%s,",
unsigned sig_id,
const SfIp* sip,
const SfIp* dip,
- long curtime)
+ long curtime,
+ PolicyId policy_id)
{
tThdItemKey key;
GHash* sfthd_hash;
int cnt;
#endif
- PolicyId policy_id = get_network_policy()->policy_id;
-
if ((thd_objs == nullptr) || (thd == nullptr))
return 0;
/*
* Test SUPPRESSION and THRESHOLDING
*/
- int status = sfthd_test_local(thd->ip_nodes, sfthd_node, sip, dip, curtime);
+ int status = sfthd_test_local(thd->ip_nodes, sfthd_node, sip, dip, curtime, policy_id);
if ( status < 0 ) /* -1 == Don't log and stop looking */
{
if ( g_thd_node )
{
- int status = sfthd_test_global(thd->ip_gnodes, g_thd_node, sig_id, sip, dip, curtime);
+ int status = sfthd_test_global(thd->ip_gnodes, g_thd_node, sig_id,
+ sip, dip, curtime, policy_id);
if ( status < 0 ) /* -1 == Don't log and stop looking */
{
void sfthd_objs_free(ThresholdObjects*);
int sfthd_test_rule(snort::XHash* rule_hash, THD_NODE* sfthd_node,
- const snort::SfIp* sip, const snort::SfIp* dip, long curtime);
+ const snort::SfIp* sip, const snort::SfIp* dip, long curtime, PolicyId policy_id);
THD_NODE* sfthd_create_rule_threshold(
int id,
int sfthd_create_threshold(snort::SnortConfig*, ThresholdObjects*, unsigned gen_id,
unsigned sig_id, int tracking, int type, int priority, int count,
- int seconds, sfip_var_t* ip_address);
+ int seconds, sfip_var_t* ip_address, PolicyId policy_id);
// 1: don't log due to event_filter
// 0: log
// -1: don't log due to suppress
int sfthd_test_threshold(ThresholdObjects*, THD_STRUCT*, unsigned gen_id, unsigned sig_id,
- const snort::SfIp* sip, const snort::SfIp* dip, long curtime);
+ const snort::SfIp* sip, const snort::SfIp* dip, long curtime, PolicyId policy_id);
snort::XHash* sfthd_new_hash(unsigned, size_t, size_t);
int sfthd_test_local(snort::XHash* local_hash, THD_NODE* sfthd_node, const snort::SfIp* sip,
- const snort::SfIp* dip, time_t curtime);
+ const snort::SfIp* dip, time_t curtime, PolicyId policy_id);
#ifdef THD_DEBUG
int sfthd_show_objects(THD_STRUCT* thd);
p->create = sfthd_create_threshold(nullptr,
pThdObjs, p->gid, p->sid, p->tracking, p->type, PRIORITY,
- p->count, p->seconds, set);
+ p->count, p->seconds, set, get_network_policy()->policy_id);
continue;
}
if ( rule )
{
- status = sfthd_test_rule(dThd, rule, &sip, &dip, curtime);
+ status = sfthd_test_rule(dThd, rule, &sip, &dip, curtime, get_ips_policy()->policy_id);
}
else
{
status = sfthd_test_threshold(
- pThdObjs, pThd, p->gid, p->sid, &sip, &dip, curtime);
+ pThdObjs, pThd, p->gid, p->sid, &sip, &dip, curtime, get_network_policy()->policy_id);
}
return status;
int sfthreshold_create(
- SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx)
+ SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx, PolicyId policy_id)
{
if (thd_config == nullptr)
return -1;
thdx->priority,
thdx->count,
thdx->seconds,
- thdx->ip_address);
+ thdx->ip_address,
+ policy_id);
}
/*
!0 - don't log
*/
int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip,
- const SfIp* dip, long curtime)
+ const SfIp* dip, long curtime, PolicyId policy_id)
{
if ((SnortConfig::get_conf()->threshold_config == nullptr) ||
!SnortConfig::get_conf()->threshold_config->enabled)
{
thd_checked = 1;
thd_answer = sfthd_test_threshold(SnortConfig::get_conf()->threshold_config->thd_objs,
- thd_runtime, gen_id, sig_id, sip, dip, curtime);
+ thd_runtime, gen_id, sig_id, sip, dip, curtime, policy_id);
}
return thd_answer;
#ifndef SFTHRESHOLD_H
#define SFTHRESHOLD_H
+#include "main/policy.h"
+
namespace snort
{
struct SfIp;
ThresholdConfig* ThresholdConfigNew();
void ThresholdConfigFree(ThresholdConfig*);
void sfthreshold_reset();
-int sfthreshold_create(snort::SnortConfig*, ThresholdConfig*, THDX_STRUCT*);
+int sfthreshold_create(snort::SnortConfig*, ThresholdConfig*, THDX_STRUCT*, PolicyId);
int sfthreshold_test(
- unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime);
+ unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime,
+ PolicyId);
void sfthreshold_free();
int sfthreshold_alloc(unsigned int l_memcap, unsigned int g_memcap);
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
bool file;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
size_t limit;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
bool file;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
bool file;
{ return &luaLogPerfStats; }
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
std::string args;
bool end(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
string file;
bool end(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
int facility;
{
public:
TalosModule() : Module(S_NAME, s_help, s_params) { }
+
+ Usage get_usage() const override
+ { return GLOBAL; }
};
//-------------------------------------------------------------------------
{ return false; }
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
};
//-------------------------------------------------------------------------
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
bool print_to_file;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
bool file;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
size_t limit;
bool begin(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return CONTEXT; }
+ { return GLOBAL; }
public:
size_t limit;
bool end(const char*, int, SnortConfig*) override;
Usage get_usage() const override
- { return DETECT; }
+ { return CONTEXT; }
private:
THDX_STRUCT thdx;
bool SuppressModule::end(const char*, int idx, SnortConfig* sc)
{
- if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx) )
+ if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) )
{
ParseError("bad suppress configuration [%d]", idx);
return false;
bool EventFilterModule::end(const char*, int idx, SnortConfig* sc)
{
- if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx) )
+ if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) )
{
ParseError("bad event_filter configuration [%d]", idx);
return false;
}
Usage get_usage() const override
- { return DETECT; }
+ { return CONTEXT; }
private:
tSFRFConfigNode thdx;
"use ips policy from given file" },
{ "network_policy", Parameter::PT_STRING, nullptr, nullptr,
- "use network policy from given file" },
+ "deprecated, ignored by binder" },
{ "service", Parameter::PT_STRING, nullptr, nullptr,
"override automatic service identification" },
return true;
}
+ // FIXIT-D: remove this when network_policy binding is deleted from
+ // the binder's options
+ if ( work->use.type == NETWORK_KEY )
+ {
+ delete work;
+ work = nullptr;
+ return true;
+ }
+
if ( unsplit_nets && work->when.split_nets )
split_nets_warning();
auto policies = sc->policy_map->add_shell(sh);
work->use.inspection_index = policies->inspection->policy_id + 1;
work->use.ips_index = policies->ips->policy_id + 1;
- work->use.network_index = policies->network->policy_id + 1;
}
else if ( work->use.type == INSPECTION_KEY )
{
Shell* sh = new Shell(work->use.name.c_str());
work->use.ips_index = sc->policy_map->add_ips_shell(sh) + 1;
}
- else if ( work->use.type == NETWORK_KEY )
- {
- Shell* sh = new Shell(work->use.name.c_str());
- work->use.network_index = sc->policy_map->add_network_shell(sh) + 1;
- }
if ( work->use.name.empty() )
work->use.name = work->use.type;
use.inspection_index = 0;
use.ips_index = 0;
- use.network_index = 0;
use.action = BindUse::BA_INSPECT;
use.what = BindUse::BW_NONE;
ParseError("can't bind. ips_policy_id %u does not exist", pb->when.ips_id);
}
- if ( !pb->use.ips_index and !pb->use.inspection_index and !pb->use.network_index )
+ if ( !pb->use.ips_index and !pb->use.inspection_index )
set_binding(sc, pb);
}
for ( unsigned i = 0; i < sz; i++ )
{
Binding* pb = bindings[i];
- if ( pb->use.ips_index or pb->use.inspection_index or pb->use.network_index )
+ if ( pb->use.ips_index or pb->use.inspection_index )
continue;
if ( pb->use.what == BindUse::BW_WIZARD )
// FIXIT-L This will select the first policy ID of each type that it finds and ignore the rest.
// It gets potentially hairy if people start specifying overlapping policy types in
// overlapping rules.
- bool inspection_set = false, ips_set = false, network_set = false;
+ bool inspection_set = false, ips_set = false;
for ( unsigned i = 0; i < sz; i++ )
{
Binding* pb = bindings[i];
// Skip any rules that don't contain an ID for a policy type we haven't set yet.
if ( (!pb->use.inspection_index or inspection_set) and
- (!pb->use.ips_index or ips_set) and
- (!pb->use.network_index or network_set) )
+ (!pb->use.ips_index or ips_set) )
continue;
if ( !pb->check_all(flow, p, service) )
ips_set = true;
}
- if ( pb->use.network_index and !network_set )
- {
- set_network_policy(SnortConfig::get_conf(), pb->use.network_index - 1);
- if (!service)
- flow->network_policy_id = pb->use.network_index - 1;
- network_set = true;
- }
}
Binder* sub = InspectorManager::get_binder();
{
Binding* pb = bindings[i];
- if ( pb->use.ips_index or pb->use.inspection_index or pb->use.network_index )
+ if ( pb->use.ips_index or pb->use.inspection_index )
continue;
if ( !pb->check_all(flow, p, service) )
std::string name;
Action action;
- unsigned network_index;
unsigned inspection_index;
unsigned ips_index;
What what;
bind.set_use_file(file, is_ips ? Binder::IT_IPS : Binder::IT_FILE);
- // FIXIT-H this resets network config by forcing network policy to swap with ips selection
- if ( is_ips )
- {
- net_bind.set_use_file(file, Binder::IT_NETWORK);
- net_bind.print_binding(true);
- }
return rc;
}
opt_name = "ips_policy";
break;
- case IT_NETWORK:
- opt_name = "network_policy";
- break;
-
default:
// This should always be set explicitly if a file name exists.
assert(false);
{
public:
enum IncludeType
- { IT_NONE, IT_FILE, IT_INSPECTION, IT_IPS, IT_NETWORK };
+ { IT_NONE, IT_FILE, IT_INSPECTION, IT_IPS };
typedef std::pair<std::string, IncludeType> IncludeTypePair;
projects / thirdparty / snort3.git / commitdiff
