From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed, 12 Oct 2016 17:28:29 +0000 (-0400)
Subject: Merge pull request #673 in SNORT/snort3 from rate_filter to master
X-Git-Tag: 3.0.0-233~226
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bc1967e7247874a5f8191bd7daac605aa5c0935;p=thirdparty%2Fsnort3.git

Merge pull request #673 in SNORT/snort3 from rate_filter to master

Squashed commit of the following:

commit 13dfca8d4b9d15ca5671150f181f3c603581524b
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Oct 12 09:21:27 2016 -0400

    convert rate_filter as list of tables

commit 4a8b78d83e61811d308ed3b4d828876c18b8408b
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Oct 11 20:11:39 2016 -0400

    fix rate_filter action config and apply_to clean up
---

diff --git a/src/actions/actions.h b/src/actions/actions.h
index 06244fd78..54292ba2f 100644
--- a/src/actions/actions.h
+++ b/src/actions/actions.h
@@ -33,6 +33,7 @@
 struct Packet;
 struct OptTreeNode;
 
+// FIXIT-L if RuleType is changed, RateFilterModule must be updated
 enum RuleType  // FIXIT-L convert to a scoped enum
 {
     RULE_TYPE__NONE = 0,
diff --git a/src/main/modules.cc b/src/main/modules.cc
index e35ef0e87..4b568d556 100644
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1423,9 +1423,10 @@ static const Parameter rate_filter_params[] =
     { "seconds", Parameter::PT_INT, "0:", "1",
       "count interval" },
 
-    { "new_action", Parameter::PT_SELECT,
-      // FIXIT-L this list should be defined globally
-      "alert | drop | log | pass | | reject | sdrop", "alert",
+    { "new_action", Parameter::PT_ENUM,
+      // FIXIT-L new_action options must match RuleType and
+      // should include pluggable actions as well
+      "log | pass | alert | drop | block | reset", "alert",
       "take this action on future hits until timeout" },
 
     { "timeout", Parameter::PT_INT, "0:", "1",
@@ -1501,10 +1502,9 @@ bool RateFilterModule::begin(const char*, int, SnortConfig*)
 bool RateFilterModule::end(const char*, int idx, SnortConfig* sc)
 {
     if ( idx && RateFilter_Create(sc, sc->rate_filter_config,  &thdx) )
-    {
         ParseError("bad rate_filter configuration [%d]", idx);
-        return false;
-    }
+
+    thdx.applyTo = nullptr;
     return true;
 }
 
diff --git a/tools/snort2lua/keyword_states/kws_rate_filter.cc b/tools/snort2lua/keyword_states/kws_rate_filter.cc
index 912032b30..b27737881 100644
--- a/tools/snort2lua/keyword_states/kws_rate_filter.cc
+++ b/tools/snort2lua/keyword_states/kws_rate_filter.cc
@@ -76,6 +76,8 @@ bool RateFilter::convert(std::istringstream& data_stream)
     std::string args;
 
     table_api.open_table("rate_filter");
+    table_api.open_table();
+
     fix_separators(data_stream);
 
     while (std::getline(data_stream, args, ';'))