From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Tue, 12 Feb 2019 03:08:59 +0000 (-0500)
Subject: Merge pull request #1504 in SNORT/snort3 from ~SHASLAD/snort3:new_binder_ports_type... 
X-Git-Tag: 3.0.0-251~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2eb20232ad29d6952dd92a1c124fd5cabc7ac224;p=thirdparty%2Fsnort3.git

Merge pull request #1504 in SNORT/snort3 from ~SHASLAD/snort3:new_binder_ports_type to master

Squashed commit of the following:

commit 65994e4ea71a5918cbca8216a911b88e287a7d8f
Author: shaslad <shaslad@cisco.com>
Date:   Fri Feb 8 00:24:30 2019 -0500

    snort2lua: adding when.role for specific inspectors
---

diff --git a/.gitignore b/.gitignore
index 753712449..def2f38af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,14 @@
+*.gcda
+*.gcno
+*.gcov
 *.log
 *.out
 *.rej
 *.swp
-*.gcno
-*.gcda
-*.gcov
 *.trs
 *~
 ._Xcode*
+.vscode/
 Cbuild/
 Xcode*/
 doc/basic.txt
@@ -15,9 +16,9 @@ doc/builtin.txt
 doc/codec.txt
 doc/commands.txt
 doc/config.txt
-doc/counts.txt
 doc/config_changes.txt
 doc/connector.txt
+doc/counts.txt
 doc/data.txt
 doc/docbook-xsl.css
 doc/gids.txt
@@ -33,8 +34,8 @@ doc/plugins.txt
 doc/search_engine.txt
 doc/signals.txt
 doc/snort2lua_cmds.txt
-doc/snort_manual.chunked/
 doc/snort_manual.chunked.tgz
+doc/snort_manual.chunked/
 doc/snort_manual.tgz
 doc/snort_manual.xml
 doc/version.txt
@@ -42,9 +43,9 @@ extra/rule.xxd
 extra/snort_examples-1.0.tar.gz
 snort.pc
 src/framework/api_options.h
-GTAGS
-GRTAGS
 GPATH
+GRTAGS
+GTAGS
 HTML
 
 # These are related to the build-scripts
diff --git a/lua/snort.lua.in b/lua/snort.lua.in
index 347e735e0..92424bbaa 100644
--- a/lua/snort.lua.in
+++ b/lua/snort.lua.in
@@ -141,10 +141,11 @@ wizard = default_wizard
 binder =
 {
     -- port bindings required for protocols without wizard support
-    { when = { proto = 'udp', ports = '53' },  use = { type = 'dns' } },
-    { when = { proto = 'tcp', ports = '111' }, use = { type = 'rpc_decode' } },
-    { when = { proto = 'tcp', ports = '502' }, use = { type = 'modbus' } },
-    { when = { proto = 'tcp', ports = '2123 2152 3386' }, use = { type = 'gtp' } },
+    { when = { proto = 'udp', ports = '53', role='server' },  use = { type = 'dns' } },
+    { when = { proto = 'tcp', ports = '53', role='server' },  use = { type = 'dns' } },
+    { when = { proto = 'tcp', ports = '111', role='server' }, use = { type = 'rpc_decode' } },
+    { when = { proto = 'tcp', ports = '502', role='server' }, use = { type = 'modbus' } },
+    { when = { proto = 'tcp', ports = '2123 2152 3386', role='server' }, use = { type = 'gtp' } },
 
     { when = { proto = 'tcp', service = 'dcerpc' }, use = { type = 'dce_tcp' } },
     { when = { proto = 'udp', service = 'dcerpc' }, use = { type = 'dce_udp' } },
diff --git a/tools/snort2lua/preprocessor_states/pps_dns.cc b/tools/snort2lua/preprocessor_states/pps_dns.cc
index 78ac3e203..bb3653b95 100644
--- a/tools/snort2lua/preprocessor_states/pps_dns.cc
+++ b/tools/snort2lua/preprocessor_states/pps_dns.cc
@@ -73,6 +73,7 @@ bool Dns::convert(std::istringstream& data_stream)
                 while (data_stream >> keyword && keyword != "}")
                 {
                     ports_set = true;
+                    bind.set_when_role("server");
                     bind.add_when_port(keyword);
                 }
             }
@@ -95,8 +96,11 @@ bool Dns::convert(std::istringstream& data_stream)
         }
     }
 
-    if (!ports_set)
+    if (!ports_set) 
+    {
+        bind.set_when_role("server");
         bind.add_when_port("53");
+    }
 
     return retval;
 }
diff --git a/tools/snort2lua/preprocessor_states/pps_gtp.cc b/tools/snort2lua/preprocessor_states/pps_gtp.cc
index df06af6ea..31d33c28f 100644
--- a/tools/snort2lua/preprocessor_states/pps_gtp.cc
+++ b/tools/snort2lua/preprocessor_states/pps_gtp.cc
@@ -50,6 +50,7 @@ Gtp::~Gtp()
 
     auto& bind = cv.make_binder();
     bind.set_when_proto("udp");
+    bind.set_when_role("server");
     bind.add_when_port("2123");
     bind.add_when_port("3386");
     bind.set_use_type("gtp_inspect");
@@ -86,6 +87,7 @@ bool Gtp::convert(std::istringstream& data_stream)
                 while (data_stream >> keyword && keyword != "}")
                 {
                     ports_set = true;
+                    bind.set_when_role("server");
                     bind.add_when_port(keyword);
                 }
             }
@@ -110,6 +112,7 @@ bool Gtp::convert(std::istringstream& data_stream)
 
     if (!ports_set)
     {
+        bind.set_when_role("server");
         bind.add_when_port("2123");
         bind.add_when_port("3386");
     }
diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
index ddc1b54ad..42c70c22c 100644
--- a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
+++ b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
@@ -285,6 +285,7 @@ bool HttpInspectServer::convert(std::istringstream& data_stream)
                 while (data_stream >> keyword && keyword != "}")
                 {
                     ports_set = true;
+                    bind.set_when_role("server");
                     bind.add_when_port(keyword);
                 }
             }
@@ -346,8 +347,10 @@ bool HttpInspectServer::convert(std::istringstream& data_stream)
     }
 
     if (!ports_set)
+    {
+        bind.set_when_role("server");
         bind.add_when_port("80");
-
+    }
     return retval;
 }
 
diff --git a/tools/snort2lua/preprocessor_states/pps_modbus.cc b/tools/snort2lua/preprocessor_states/pps_modbus.cc
index 4ed7e7f65..31f58841d 100644
--- a/tools/snort2lua/preprocessor_states/pps_modbus.cc
+++ b/tools/snort2lua/preprocessor_states/pps_modbus.cc
@@ -49,6 +49,7 @@ Modbus::~Modbus()
 
     auto& bind = cv.make_binder();
     bind.set_when_proto("tcp");
+    bind.set_when_role("server");
     bind.add_when_port("502");
     bind.set_use_type("modbus");
 
@@ -84,6 +85,7 @@ bool Modbus::convert(std::istringstream& data_stream)
                 while (data_stream >> keyword && keyword != "}")
                 {
                     ports_set = true;
+                    bind.set_when_role("server");
                     bind.add_when_port(keyword);
                 }
             }
@@ -107,7 +109,10 @@ bool Modbus::convert(std::istringstream& data_stream)
     }
 
     if (!ports_set)
+    {
+        bind.set_when_role("server");
         bind.add_when_port("502");
+    }
 
     table_api.close_table();
     return retval;
diff --git a/tools/snort2lua/preprocessor_states/pps_rpc_decode.cc b/tools/snort2lua/preprocessor_states/pps_rpc_decode.cc
index 13b8d024f..5da4bd744 100644
--- a/tools/snort2lua/preprocessor_states/pps_rpc_decode.cc
+++ b/tools/snort2lua/preprocessor_states/pps_rpc_decode.cc
@@ -52,6 +52,7 @@ RpcDecode::~RpcDecode()
     {
         auto& bind = cv.make_binder();
         bind.set_when_proto("tcp");
+        bind.set_when_role("server");
         bind.add_when_port("111");
         bind.add_when_port("32271");
         bind.set_use_type("rpc_decode");
@@ -90,6 +91,7 @@ bool RpcDecode::convert(std::istringstream& data_stream)
 
         else if (isdigit(keyword[0]))
         {
+            bind.set_when_role("server");
             bind.add_when_port(keyword);
             ports_set = true;
         }
@@ -102,6 +104,7 @@ bool RpcDecode::convert(std::istringstream& data_stream)
 
     if (!ports_set)
     {
+        bind.set_when_role("server");
         bind.add_when_port("111");
         bind.add_when_port("32271");
     }