From: Bhagya Tholpady (bbantwal) Date: Tue, 19 May 2020 16:35:23 +0000 (+0000) Subject: Merge pull request #2214 in SNORT/snort3 from ~OKHOMIAK/snort3:print_rules_enabled_pe... X-Git-Tag: 3.0.1-4~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cdf971a88ac16528fdb0a333ac8fea5f66ffd6f;p=thirdparty%2Fsnort3.git Merge pull request #2214 in SNORT/snort3 from ~OKHOMIAK/snort3:print_rules_enabled_per_policy to master Squashed commit of the following: commit c717346b95fb84e010e4256f5c05365c24ecb2e4 Author: Oleksii Khomiakovskyi Date: Wed May 13 10:09:31 2020 +0300 parser: print enabled rules for each ips policy --- diff --git a/src/main/policy.h b/src/main/policy.h index 69cd27638..78e56b9e0 100644 --- a/src/main/policy.h +++ b/src/main/policy.h @@ -32,6 +32,7 @@ typedef unsigned char uuid_t[16]; #endif +#include #include #include #include @@ -267,6 +268,14 @@ public: void set_cloned(bool state) { cloned = state; } + const Shell* get_shell_by_policy(unsigned id) const + { + auto it = std::find_if(std::begin(shell_map), std::end(shell_map), + [=](auto&& p) { return p.second->ips and p.second->ips->policy_id == id; }); + + return (it == std::end(shell_map)) ? nullptr : it->first; + } + private: std::vector shells; std::vector inspection_policy; diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index 876c1b90d..33c10e6a3 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -294,6 +294,8 @@ void SnortConfig::setup() rule_states = nullptr; } + ShowPolicyStats(this); + /* Need to do this after dynamic detection stuff is initialized, too */ IpsManager::verify(this); ModuleManager::load_commands(policy_map->get_shell()); diff --git a/src/parser/parser.cc b/src/parser/parser.cc index 9d8f7530c..7993e1660 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -457,6 +457,59 @@ void ParseRules(SnortConfig* sc) parse_rule_print(); } +void ShowPolicyStats(const SnortConfig* sc) +{ + std::unordered_map stats; + std::multimap> sorted_stats; + + if ( !sc->otn_map ) + return; + + for (auto node = sc->otn_map->find_first(); node; node = sc->otn_map->find_next()) + { + const OptTreeNode* otn = (const OptTreeNode*)node->data; + if ( !otn ) + continue; + + for (PolicyId id = 0; id < otn->proto_node_num; id++) + { + const auto rtn = getRtnFromOtn(otn, id); + + if ( rtn and rtn->enabled() ) + stats[id]++; + } + } + + for (const auto& s : stats) + { + auto shell = sc->policy_map->get_shell_by_policy(s.first); + if ( !shell ) + continue; + + auto file = shell->get_file(); + if ( !file or !file[0] ) + continue; + + auto policy = sc->policy_map->get_ips_policy(s.first); + auto id = policy ? policy->user_policy_id : 0; + + sorted_stats.emplace(id, std::make_tuple(file, s.second)); + } + + if ( !sorted_stats.size() ) + return; + + LogLabel("ips policies"); + LogMessage("%16s%16s%8s\n", "id", "rules enabled", "file"); + + for (const auto& s : sorted_stats) + { + auto file = std::get<0>(s.second); + auto rules_count = std::get<1>(s.second); + LogMessage("%16u%16d%4s%s\n", s.first, rules_count, " ", file); + } +} + /**************************************************************************** * * Function: CreateRuleType diff --git a/src/parser/parser.h b/src/parser/parser.h index 0978b884c..ec6ef76a3 100644 --- a/src/parser/parser.h +++ b/src/parser/parser.h @@ -45,6 +45,7 @@ void inc_parse_position(); snort::SnortConfig* ParseSnortConf(const snort::SnortConfig*, const char* fname = nullptr, bool is_fatal = true); void ParseRules(snort::SnortConfig*); +void ShowPolicyStats(const snort::SnortConfig*); char* ProcessFileOption(snort::SnortConfig*, const char*); void SetRuleStates(snort::SnortConfig*);