From: Russ Combs (rucombs) Date: Tue, 6 Nov 2018 16:39:40 +0000 (-0500) Subject: Merge pull request #1420 in SNORT/snort3 from ~RUCOMBS/snort3:rule_path to master X-Git-Tag: 3.0.0-249~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27beedd5ff225d11ce7037ae53d9dad66a4610ef;p=thirdparty%2Fsnort3.git Merge pull request #1420 in SNORT/snort3 from ~RUCOMBS/snort3:rule_path to master Squashed commit of the following: commit 67eff43ab875aeaf441a187c4e5d3c5f4ab3f71e Author: russ Date: Sun Nov 4 09:36:59 2018 -0500 snort: add --rule-path to load rules from all files under given dir --- diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index c76311eb8..8d53d1bd3 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -434,6 +434,9 @@ static const Parameter s_params[] = { "--rule", Parameter::PT_STRING, nullptr, nullptr, " to be added to configuration; may be repeated" }, + { "--rule-path", Parameter::PT_STRING, nullptr, nullptr, + " where to find rules files" }, + { "--rule-to-hex", Parameter::PT_IMPLIED, nullptr, nullptr, "output so rule header to stdout for text rule on stdin" }, @@ -890,6 +893,9 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("--rule") ) parser_append_rules(v.get_string()); + else if ( v.is("--rule-path") ) + parser_append_includes(v.get_string()); + else if ( v.is("--rule-to-hex") ) dump_rule_hex(sc, v.get_string()); diff --git a/src/parser/parser.cc b/src/parser/parser.cc index 7057648c2..8f235962d 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -35,6 +35,7 @@ #include "filters/sfthreshold.h" #include "hash/hashfcn.h" #include "hash/xhash.h" +#include "helpers/directory.h" #include "log/messages.h" #include "main/shell.h" #include "main/snort_config.h" @@ -63,34 +64,10 @@ static struct rule_index_map_t* ruleIndexMap = nullptr; static std::string s_aux_rules; -void parser_append_rules(const char* s) -{ - s_aux_rules += s; - s_aux_rules += "\n"; -} - //------------------------------------------------------------------------- // private / implementation methods //------------------------------------------------------------------------- -void parser_init() -{ - parse_rule_init(); - - ruleIndexMap = RuleIndexMapCreate(); - - if ( !ruleIndexMap ) - ParseAbort("failed to create rule index map."); -} - -void parser_term(SnortConfig* sc) -{ - parse_rule_term(); - RuleIndexMapFree(ruleIndexMap); - ruleIndexMap = nullptr; - sc->free_rule_state_list(); -} - static void CreateDefaultRules(SnortConfig* sc) { CreateRuleType(sc, Actions::get_string(Actions::LOG), Actions::LOG); @@ -387,22 +364,24 @@ static void parse_file(SnortConfig* sc, Shell* sh) // public methods //------------------------------------------------------------------------- -/**************************************************************************** - * Function: ParseSnortConf() - * - * Read the rules file a line at a time and send each rule to the rule parser - * This is the first pass of the configuration file. It parses everything - * except the rules. - * - * Arguments: None - * - * Returns: - * SnortConfig * - * An initialized and configured snort configuration struct. - * This struct should be passed on the second pass of the - * configuration file to parse the rules. - * - ***************************************************************************/ +void parser_init() +{ + parse_rule_init(); + + ruleIndexMap = RuleIndexMapCreate(); + + if ( !ruleIndexMap ) + ParseAbort("failed to create rule index map."); +} + +void parser_term(SnortConfig* sc) +{ + parse_rule_term(); + RuleIndexMapFree(ruleIndexMap); + ruleIndexMap = nullptr; + sc->free_rule_state_list(); +} + SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname) { SnortConfig* sc = new SnortConfig(SnortConfig::get_conf()->proto_ref); @@ -899,3 +878,22 @@ int parser_get_rule_index(unsigned gid, unsigned sid) return RuleIndexMapAdd(ruleIndexMap, gid, sid); } +void parser_append_rules(const char* s) +{ + s_aux_rules += s; + s_aux_rules += "\n"; +} + +void parser_append_includes(const char* d) +{ + Directory dir(d); + const char* f; + + while ( (f = dir.next()) ) + { + std::string s = "include "; + s += f; + parser_append_rules(s.c_str()); + } +} + diff --git a/src/parser/parser.h b/src/parser/parser.h index 43e70b72c..a6411b573 100644 --- a/src/parser/parser.h +++ b/src/parser/parser.h @@ -54,6 +54,7 @@ void FreeRuleLists(snort::SnortConfig*); void VarTablesFree(snort::SnortConfig*); void parser_append_rules(const char*); +void parser_append_includes(const char*); int ParseBool(const char* arg);