From: Steve Chew (stechew) Date: Fri, 18 Sep 2020 19:48:29 +0000 (+0000) Subject: Merge pull request #2457 in SNORT/snort3 from ~DERAMADA/snort3:term_changes to master X-Git-Tag: 3.0.3-1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51ddf2758a8a05a2a300891629c15e11973d2935;p=thirdparty%2Fsnort3.git Merge pull request #2457 in SNORT/snort3 from ~DERAMADA/snort3:term_changes to master Squashed commit of the following: commit d0d90374fef89082cede713f0168f68322643ad6 Author: deramada Date: Tue Sep 1 22:16:51 2020 -0400 reputation: change terms used in code, logs and peg counts --- diff --git a/src/flow/deferred_trust.h b/src/flow/deferred_trust.h index f9c4266cb..5e2f27c0c 100644 --- a/src/flow/deferred_trust.h +++ b/src/flow/deferred_trust.h @@ -46,10 +46,10 @@ class DeferredTrust // The TRUST_DEFER_DO_TRUST state is checked at the end of packet processing. If the state // is TRUST_DEFER_DO_TRUST and the action is ACT_ALLOW, the session is trusted. // If a drop, block or reset action occurs while deferring, deferring is stopped and the - // block or blacklist version is enforced. + // block or blocklist version is enforced. // The module_id, a unique module identifier created by calling // FlowData::create_flow_data_id(), is used to track the modules that are currently deferring. - // This allows the module to use whitelist deferring without needing to track the deferring + // This allows the module to use trusted deferring without needing to track the deferring // state of the module. enum DeferredTrustState : uint8_t { diff --git a/src/flow/flow.h b/src/flow/flow.h index 20f083b88..8177b0d4a 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -442,9 +442,9 @@ public: // FIXIT-M privatize if possible bool app_direction_swapped : 1; // Packet direction swapped from application perspective bool disable_inspect : 1; bool reputation_src_dest : 1; - bool reputation_blacklist : 1; + bool reputation_blocklist : 1; bool reputation_monitor : 1; - bool reputation_whitelist : 1; + bool reputation_allowlist : 1; bool trigger_detained_packet_event : 1; bool trigger_finalize_event : 1; bool use_direct_inject : 1; diff --git a/src/framework/decode_data.h b/src/framework/decode_data.h index e12560ab7..817f806ad 100644 --- a/src/framework/decode_data.h +++ b/src/framework/decode_data.h @@ -94,7 +94,7 @@ enum DecodeFlags : std::uint16_t DECODE_ERR_CKSUM_UDP | DECODE_ERR_CKSUM_ICMP ), DECODE_ERR_FLAGS = ( DECODE_ERR_CKSUM_ALL | DECODE_ERR_BAD_TTL ), - DECODE_PKT_TRUST = 0x0020, // whitelist this packet + DECODE_PKT_TRUST = 0x0020, // trust this packet DECODE_FRAG = 0x0040, // ip - fragmented packet DECODE_MF = 0x0080, // ip - more fragments diff --git a/src/network_inspectors/reputation/dev_notes.txt b/src/network_inspectors/reputation/dev_notes.txt index fab441e8c..a91fbeff4 100644 --- a/src/network_inspectors/reputation/dev_notes.txt +++ b/src/network_inspectors/reputation/dev_notes.txt @@ -1,14 +1,14 @@ This directory contains all files related to IP Reputation inspection. -Reputation inspector provides basic IP blacklist/whitelist capabilities, to +Reputation inspector provides basic IP blocklist/allowlist capabilities, to block/drop/pass traffic from IP addresses listed. In the past, we use standard Snort rules to implement Reputation-based IP blocking. This inspector will address the performance issue and make the IP reputation management easier. This inspector also supports interfaces through manifest files. You can specify an -action (BLACK, WHITE, MONITOR) for an IP list with interfaces. The name of manifest +action (BLOCK, ALLOW, MONITOR) for an IP list with interfaces. The name of manifest file is interface.info. For each line of the manifest file, the format is: - file_name, list_id, action (black, white, monitor), [interface information] + file_name, list_id, action (block, allow, monitor), [interface information] If interface information is empty, this means all interfaces are applied diff --git a/src/network_inspectors/reputation/reputation_common.h b/src/network_inspectors/reputation/reputation_common.h index a5314aa2f..f88b70cd4 100644 --- a/src/network_inspectors/reputation/reputation_common.h +++ b/src/network_inspectors/reputation/reputation_common.h @@ -25,11 +25,11 @@ #define GID_REPUTATION 136 -#define REPUTATION_EVENT_BLACKLIST_SRC 1 -#define REPUTATION_EVENT_WHITELIST_SRC 2 +#define REPUTATION_EVENT_BLOCKLIST_SRC 1 +#define REPUTATION_EVENT_ALLOWLIST_SRC 2 #define REPUTATION_EVENT_MONITOR_SRC 3 -#define REPUTATION_EVENT_BLACKLIST_DST 4 -#define REPUTATION_EVENT_WHITELIST_DST 5 +#define REPUTATION_EVENT_BLOCKLIST_DST 4 +#define REPUTATION_EVENT_ALLOWLIST_DST 5 #define REPUTATION_EVENT_MONITOR_DST 6 #endif diff --git a/src/network_inspectors/reputation/reputation_config.h b/src/network_inspectors/reputation/reputation_config.h index 762cd4cfb..83869faab 100644 --- a/src/network_inspectors/reputation/reputation_config.h +++ b/src/network_inspectors/reputation/reputation_config.h @@ -39,23 +39,23 @@ enum NestedIP ALL }; -enum WhiteAction +enum AllowAction { - UNBLACK, + DO_NOT_BLOCK, TRUST }; enum IPdecision { DECISION_NULL, - BLACKLISTED, - WHITELISTED_TRUST, + BLOCKED, + TRUSTED, MONITORED, - BLACKLISTED_SRC, - BLACKLISTED_DST, - WHITELISTED_TRUST_SRC, - WHITELISTED_TRUST_DST, - WHITELISTED_UNBLACK, + BLOCKED_SRC, + BLOCKED_DST, + TRUSTED_SRC, + TRUSTED_DST, + TRUSTED_DO_NOT_BLOCK, MONITORED_SRC, MONITORED_DST, DECISION_MAX @@ -82,11 +82,11 @@ struct ReputationConfig uint32_t memcap = 500; int num_entries = 0; bool scanlocal = false; - IPdecision priority = WHITELISTED_TRUST; + IPdecision priority = TRUSTED; NestedIP nested_ip = INNER; - WhiteAction white_action = UNBLACK; - std::string blacklist_path; - std::string whitelist_path; + AllowAction allow_action = DO_NOT_BLOCK; + std::string blocklist_path; + std::string allowlist_path; bool memcap_reached = false; uint8_t* reputation_segment = nullptr; table_flat_t* ip_list = nullptr; @@ -105,8 +105,8 @@ struct IPrepInfo struct ReputationStats { PegCount packets; - PegCount blacklisted; - PegCount whitelisted; + PegCount blocked; + PegCount trusted; PegCount monitored; PegCount memory_allocated; }; diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc index 4505c7726..d9bdd71ac 100644 --- a/src/network_inspectors/reputation/reputation_inspect.cc +++ b/src/network_inspectors/reputation/reputation_inspect.cc @@ -45,8 +45,8 @@ THREAD_LOCAL ReputationStats reputationstats; const PegInfo reputation_peg_names[] = { { CountType::SUM, "packets", "total packets processed" }, -{ CountType::SUM, "blacklisted", "number of packets blacklisted" }, -{ CountType::SUM, "whitelisted", "number of packets whitelisted" }, +{ CountType::SUM, "blocked", "number of packets blocked" }, +{ CountType::SUM, "trusted", "number of packets trusted" }, { CountType::SUM, "monitored", "number of packets monitored" }, { CountType::SUM, "memory_allocated", "total memory allocated" }, @@ -61,9 +61,9 @@ const char* NestedIPKeyword[] = nullptr }; -const char* WhiteActionOption[] = +const char* AllowActionOption[] = { - "unblack", + "do_not_block", "trust", nullptr }; @@ -112,7 +112,7 @@ static inline IPdecision get_reputation(ReputationConfig* config, IPrepInfo* rep list_info[list_index]->intfs.count(ingress_intf) || list_info[list_index]->intfs.count(egress_intf)) { - if (WHITELISTED_UNBLACK == (IPdecision)list_info[list_index]->list_type) + if (TRUSTED_DO_NOT_BLOCK == (IPdecision)list_info[list_index]->list_type) return DECISION_NULL; if (config->priority == (IPdecision)list_info[list_index]->list_type ) { @@ -148,12 +148,12 @@ static bool decision_per_layer(ReputationConfig* config, Packet* p, { decision = get_reputation(config, result, &p->iplist_id, ingress_intf, egress_intf); - if (decision == BLACKLISTED) - *decision_final = BLACKLISTED_SRC; + if (decision == BLOCKED) + *decision_final = BLOCKED_SRC; else if (decision == MONITORED) *decision_final = MONITORED_SRC; - else if (decision == WHITELISTED_TRUST) - *decision_final = WHITELISTED_TRUST_SRC; + else if (decision == TRUSTED) + *decision_final = TRUSTED_SRC; else *decision_final = decision; @@ -167,12 +167,12 @@ static bool decision_per_layer(ReputationConfig* config, Packet* p, { decision = get_reputation(config, result, &p->iplist_id, ingress_intf, egress_intf); - if (decision == BLACKLISTED) - *decision_final = BLACKLISTED_DST; + if (decision == BLOCKED) + *decision_final = BLOCKED_DST; else if (decision == MONITORED) *decision_final = MONITORED_DST; - else if (decision == WHITELISTED_TRUST) - *decision_final = WHITELISTED_TRUST_DST; + else if (decision == TRUSTED) + *decision_final = TRUSTED_DST; else *decision_final = decision; @@ -226,7 +226,7 @@ static IPdecision reputation_decision(ReputationConfig* config, Packet* p) &decision_current); if (decision_current != DECISION_NULL) { - if (decision_current == BLACKLISTED_SRC or decision_current == BLACKLISTED_DST) + if (decision_current == BLOCKED_SRC or decision_current == BLOCKED_DST) blocked_api = p->ptrs.ip_api; decision_final = decision_current; decision_current = DECISION_NULL; @@ -236,7 +236,7 @@ static IPdecision reputation_decision(ReputationConfig* config, Packet* p) else assert(false); // Should never hit this - if (decision_final != BLACKLISTED_SRC and decision_final != BLACKLISTED_DST) + if (decision_final != BLOCKED_SRC and decision_final != BLOCKED_DST) p->ptrs.ip_api = tmp_api; else if (config->nested_ip == ALL and p->ptrs.ip_api != blocked_api) p->ptrs.ip_api = blocked_api; @@ -258,27 +258,27 @@ static void snort_reputation(ReputationConfig* config, Packet* p) if (DECISION_NULL == decision) return; - else if (BLACKLISTED_SRC == decision or BLACKLISTED_DST == decision) + else if (BLOCKED_SRC == decision or BLOCKED_DST == decision) { - unsigned blacklist_event = (BLACKLISTED_SRC == decision) ? - REPUTATION_EVENT_BLACKLIST_SRC : REPUTATION_EVENT_BLACKLIST_DST; + unsigned blocklist_event = (BLOCKED_SRC == decision) ? + REPUTATION_EVENT_BLOCKLIST_SRC : REPUTATION_EVENT_BLOCKLIST_DST; if (p->flow) { - p->flow->flags.reputation_blacklist = true; - p->flow->flags.reputation_src_dest = (BLACKLISTED_SRC == decision); + p->flow->flags.reputation_blocklist = true; + p->flow->flags.reputation_src_dest = (BLOCKED_SRC == decision); } - DetectionEngine::queue_event(GID_REPUTATION, blacklist_event); + DetectionEngine::queue_event(GID_REPUTATION, blocklist_event); act->drop_packet(p, true); // disable all preproc analysis and detection for this packet DetectionEngine::disable_all(p); act->block_session(p, true); act->set_drop_reason("reputation"); - reputationstats.blacklisted++; + reputationstats.blocked++; if (PacketTracer::is_active()) - PacketTracer::log("Reputation: packet blacklisted, drop\n"); + PacketTracer::log("Reputation: packet blocked, drop\n"); } else if (MONITORED_SRC == decision or MONITORED_DST == decision) @@ -296,20 +296,20 @@ static void snort_reputation(ReputationConfig* config, Packet* p) reputationstats.monitored++; } - else if (WHITELISTED_TRUST_SRC == decision or WHITELISTED_TRUST_DST == decision) + else if (TRUSTED_SRC == decision or TRUSTED_DST == decision) { - unsigned whitelist_event = (WHITELISTED_TRUST_SRC == decision) ? - REPUTATION_EVENT_WHITELIST_SRC : REPUTATION_EVENT_WHITELIST_DST; + unsigned allowlist_event = (TRUSTED_SRC == decision) ? + REPUTATION_EVENT_ALLOWLIST_SRC : REPUTATION_EVENT_ALLOWLIST_DST; if (p->flow) { - p->flow->flags.reputation_whitelist = true; - p->flow->flags.reputation_src_dest = (WHITELISTED_TRUST_SRC == decision); + p->flow->flags.reputation_allowlist = true; + p->flow->flags.reputation_src_dest = (TRUSTED_SRC == decision); } - DetectionEngine::queue_event(GID_REPUTATION, whitelist_event); + DetectionEngine::queue_event(GID_REPUTATION, allowlist_event); act->trust_session(p, true); - reputationstats.whitelisted++; + reputationstats.trusted++; } } @@ -336,12 +336,12 @@ static const char* to_string(NestedIP nip) return ""; } -static const char* to_string(WhiteAction wa) +static const char* to_string(AllowAction aa) { - switch (wa) + switch (aa) { - case UNBLACK: - return "unblack"; + case DO_NOT_BLOCK: + return "do_not_block"; case TRUST: return "trust"; } @@ -353,22 +353,22 @@ static const char* to_string(IPdecision ipd) { switch (ipd) { - case BLACKLISTED: - return "blacklisted"; - case WHITELISTED_TRUST: - return "whitelisted_trust"; + case BLOCKED: + return "blocked"; + case TRUSTED: + return "trusted"; case MONITORED: return "monitored"; - case BLACKLISTED_SRC: - return "blacklisted_src"; - case BLACKLISTED_DST: - return "blacklisted_dst"; - case WHITELISTED_TRUST_SRC: - return "whitelisted_trust_src"; - case WHITELISTED_TRUST_DST: - return "whitelisted_trust_dst"; - case WHITELISTED_UNBLACK: - return "whitelisted_unblack"; + case BLOCKED_SRC: + return "blocked_src"; + case BLOCKED_DST: + return "blocked_dst"; + case TRUSTED_SRC: + return "trusted_src"; + case TRUSTED_DST: + return "trusted_dst"; + case TRUSTED_DO_NOT_BLOCK: + return "trusted_do_not_block"; case MONITORED_SRC: return "monitored_src"; case MONITORED_DST: @@ -392,12 +392,12 @@ Reputation::Reputation(ReputationConfig* pc) if (!config.list_dir.empty()) read_manifest(MANIFEST_FILENAME, conf); - add_black_white_List(conf); + add_block_allow_List(conf); estimate_num_entries(conf); if (conf->num_entries <= 0) { ParseWarning(WARN_CONF, - "reputation: can't find any whitelist/blacklist entries; disabled."); + "reputation: can't find any allowlist/blocklist entries; disabled."); return; } @@ -407,14 +407,14 @@ Reputation::Reputation(ReputationConfig* pc) void Reputation::show(const SnortConfig*) const { - ConfigLogger::log_value("blacklist", config.blacklist_path.c_str()); + ConfigLogger::log_value("blocklist", config.blocklist_path.c_str()); ConfigLogger::log_value("list_dir", config.list_dir.c_str()); ConfigLogger::log_value("memcap", config.memcap); ConfigLogger::log_value("nested_ip", to_string(config.nested_ip)); ConfigLogger::log_value("priority", to_string(config.priority)); ConfigLogger::log_flag("scan_local", config.scanlocal); - ConfigLogger::log_value("white (action)", to_string(config.white_action)); - ConfigLogger::log_value("whitelist", config.whitelist_path.c_str()); + ConfigLogger::log_value("allow (action)", to_string(config.allow_action)); + ConfigLogger::log_value("allowlist", config.allowlist_path.c_str()); } void Reputation::eval(Packet* p) diff --git a/src/network_inspectors/reputation/reputation_module.cc b/src/network_inspectors/reputation/reputation_module.cc index e6d0f90d3..611f61526 100644 --- a/src/network_inspectors/reputation/reputation_module.cc +++ b/src/network_inspectors/reputation/reputation_module.cc @@ -34,15 +34,15 @@ using namespace snort; using namespace std; -#define REPUTATION_EVENT_BLACKLIST_SRC_STR \ - "packets blacklisted based on source" -#define REPUTATION_EVENT_BLACKLIST_DST_STR \ - "packets blacklisted based on destination" +#define REPUTATION_EVENT_BLOCKLIST_SRC_STR \ + "packets blocked based on source" +#define REPUTATION_EVENT_BLOCKLIST_DST_STR \ + "packets blocked based on destination" -#define REPUTATION_EVENT_WHITELIST_SRC_STR \ - "packets whitelisted based on source" -#define REPUTATION_EVENT_WHITELIST_DST_STR \ - "packets whitelisted based on destination" +#define REPUTATION_EVENT_ALLOWLIST_SRC_STR \ + "packets trusted based on source" +#define REPUTATION_EVENT_ALLOWLIST_DST_STR \ + "packets trusted based on destination" #define REPUTATION_EVENT_MONITOR_SRC_STR \ "packets monitored based on source" @@ -51,6 +51,9 @@ using namespace std; static const Parameter s_params[] = { + { "blocklist", Parameter::PT_STRING, nullptr, nullptr, + "blocklist file name with IP lists" }, + { "blacklist", Parameter::PT_STRING, nullptr, nullptr, "blacklist file name with IP lists" }, @@ -63,15 +66,21 @@ static const Parameter s_params[] = { "nested_ip", Parameter::PT_ENUM, "inner|outer|all", "inner", "IP to use when there is IP encapsulation" }, - { "priority", Parameter::PT_ENUM, "blacklist|whitelist", "whitelist", + { "priority", Parameter::PT_ENUM, "blocklist|allowlist|blacklist|whitelist", "allowlist", "defines priority when there is a decision conflict during run-time" }, { "scan_local", Parameter::PT_BOOL, nullptr, "false", "inspect local address defined in RFC 1918" }, - { "white", Parameter::PT_ENUM, "unblack|trust", "unblack", + { "allow", Parameter::PT_ENUM, "do_not_block|trust|unblack", "do_not_block", + "specify the meaning of allowlist" }, + + { "white", Parameter::PT_ENUM, "do_not_block|trust|unblack", "do_not_block", "specify the meaning of whitelist" }, + { "allowlist", Parameter::PT_STRING, nullptr, nullptr, + "allowlist file name with IP lists" }, + { "whitelist", Parameter::PT_STRING, nullptr, nullptr, "whitelist file name with IP lists" }, @@ -80,11 +89,11 @@ static const Parameter s_params[] = static const RuleMap reputation_rules[] = { - { REPUTATION_EVENT_BLACKLIST_SRC, REPUTATION_EVENT_BLACKLIST_SRC_STR }, - { REPUTATION_EVENT_WHITELIST_SRC, REPUTATION_EVENT_WHITELIST_SRC_STR }, + { REPUTATION_EVENT_BLOCKLIST_SRC, REPUTATION_EVENT_BLOCKLIST_SRC_STR }, + { REPUTATION_EVENT_ALLOWLIST_SRC, REPUTATION_EVENT_ALLOWLIST_SRC_STR }, { REPUTATION_EVENT_MONITOR_SRC, REPUTATION_EVENT_MONITOR_SRC_STR }, - { REPUTATION_EVENT_BLACKLIST_DST, REPUTATION_EVENT_BLACKLIST_DST_STR }, - { REPUTATION_EVENT_WHITELIST_DST, REPUTATION_EVENT_WHITELIST_DST_STR }, + { REPUTATION_EVENT_BLOCKLIST_DST, REPUTATION_EVENT_BLOCKLIST_DST_STR }, + { REPUTATION_EVENT_ALLOWLIST_DST, REPUTATION_EVENT_ALLOWLIST_DST_STR }, { REPUTATION_EVENT_MONITOR_DST, REPUTATION_EVENT_MONITOR_DST_STR }, @@ -120,8 +129,8 @@ ProfileStats* ReputationModule::get_profile() const bool ReputationModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("blacklist") ) - conf->blacklist_path = v.get_string(); + if ( v.is("blocklist") or v.is("blacklist") ) + conf->blocklist_path = v.get_string(); else if ( v.is("list_dir") ) conf->list_dir = v.get_string(); @@ -133,16 +142,35 @@ bool ReputationModule::set(const char*, Value& v, SnortConfig*) conf->nested_ip = (NestedIP)v.get_uint8(); else if ( v.is("priority") ) - conf->priority = (IPdecision)(v.get_uint8() + 1); + { + int priority = v.get_uint8() + 1; + + if (priority == 3) // blacklist + priority = 1; + + else if (priority == 4) // whitelist + priority = 2; + + conf->priority = (IPdecision)(priority); + + } else if ( v.is("scan_local") ) conf->scanlocal = v.get_bool(); - else if ( v.is("white") ) - conf->white_action = (WhiteAction)v.get_uint8(); + else if ( v.is("allow") or v.is("white") ) + { + int action = v.get_uint8(); + + if ( action == 2 ) // unblack + action = 0; + + conf->allow_action = (AllowAction)action; + + } - else if ( v.is("whitelist") ) - conf->whitelist_path = v.get_string(); + else if ( v.is("allowlist") or v.is("whitelist") ) + conf->allowlist_path = v.get_string(); else return false; @@ -169,11 +197,11 @@ bool ReputationModule::begin(const char*, int, SnortConfig*) bool ReputationModule::end(const char*, int, SnortConfig*) { - if ( (conf->priority == WHITELISTED_TRUST) && (conf->white_action == UNBLACK) ) + if ( (conf->priority == TRUSTED) && (conf->allow_action == DO_NOT_BLOCK) ) { - ParseWarning(WARN_CONF, "Keyword \"whitelist\" for \"priority\" is " - "not applied when white action is unblack.\n"); - conf->priority = WHITELISTED_UNBLACK; + ParseWarning(WARN_CONF, "Keyword \"allowlist\" for \"priority\" is " + "not applied when allow action is do_not_block.\n"); + conf->priority = TRUSTED_DO_NOT_BLOCK; } return true; diff --git a/src/network_inspectors/reputation/reputation_parse.cc b/src/network_inspectors/reputation/reputation_parse.cc index 032cf2e22..952b3fa23 100644 --- a/src/network_inspectors/reputation/reputation_parse.cc +++ b/src/network_inspectors/reputation/reputation_parse.cc @@ -53,18 +53,18 @@ enum #define MANIFEST_SEPARATORS ",\r\n" #define MIN_MANIFEST_COLUMNS 3 -static char black_info[] = "blacklist"; -static char white_info[] = "whitelist"; +static char block_info[] = "blocklist"; +static char allow_info[] = "allowlist"; static char monitor_info[] = "monitorlist"; -#define WHITE_TYPE_KEYWORD "white" -#define BLACK_TYPE_KEYWORD "block" +#define ALLOW_TYPE_KEYWORD "allow" +#define BLOCK_TYPE_KEYWORD "block" #define MONITOR_TYPE_KEYWORD "monitor" #define UNKNOWN_LIST 0 #define MONITOR_LIST 1 -#define BLACK_LIST 2 -#define WHITE_LIST 3 +#define BLOCK_LIST 2 +#define ALLOW_LIST 3 #define MAX_MSGS_TO_PRINT 20 @@ -137,15 +137,15 @@ void ip_list_init(uint32_t max_entries, ReputationConfig* config) for (size_t i = 0; i < config->list_files.size(); i++) { config->list_files[i]->list_index = (uint8_t)i + 1; - if (config->list_files[i]->file_type == WHITE_LIST) + if (config->list_files[i]->file_type == ALLOW_LIST) { - if (config->white_action == UNBLACK) - config->list_files[i]->list_type = WHITELISTED_UNBLACK; + if (config->allow_action == DO_NOT_BLOCK) + config->list_files[i]->list_type = TRUSTED_DO_NOT_BLOCK; else - config->list_files[i]->list_type = WHITELISTED_TRUST; + config->list_files[i]->list_type = TRUSTED; } - else if (config->list_files[i]->file_type == BLACK_LIST) - config->list_files[i]->list_type = BLACKLISTED; + else if (config->list_files[i]->file_type == BLOCK_LIST) + config->list_files[i]->list_type = BLOCKED; else if (config->list_files[i]->file_type == MONITOR_LIST) config->list_files[i]->list_type = MONITORED; @@ -555,14 +555,14 @@ static char* get_list_type_name(ListFile* list_info) { case DECISION_NULL: return nullptr; - case BLACKLISTED: - return black_info; - case WHITELISTED_UNBLACK: - return white_info; + case BLOCKED: + return block_info; + case TRUSTED_DO_NOT_BLOCK: + return allow_info; case MONITORED: return monitor_info; - case WHITELISTED_TRUST: - return white_info; + case TRUSTED: + return allow_info; default: return nullptr; } @@ -744,23 +744,23 @@ void estimate_num_entries(ReputationConfig* config) config->num_entries = total_lines; } -void add_black_white_List(ReputationConfig* config) +void add_block_allow_List(ReputationConfig* config) { - if (config->blacklist_path.size()) + if (config->blocklist_path.size()) { ListFile* listItem = new ListFile; listItem->all_intfs_enabled = true; - listItem->file_name = config->blacklist_path; - listItem->file_type = BLACK_LIST; + listItem->file_name = config->blocklist_path; + listItem->file_type = BLOCK_LIST; listItem->list_id = 0; config->list_files.emplace_back(listItem); } - if (config->whitelist_path.size()) + if (config->allowlist_path.size()) { ListFile* listItem = new ListFile; listItem->all_intfs_enabled = true; - listItem->file_name = config->whitelist_path; - listItem->file_type = WHITE_LIST; + listItem->file_name = config->allowlist_path; + listItem->file_type = ALLOW_LIST; listItem->list_id = 0; config->list_files.emplace_back(listItem); } @@ -786,15 +786,15 @@ static int get_file_type(char* type_name) type_name = ignore_start_space(type_name); - if (strncasecmp(type_name, WHITE_TYPE_KEYWORD, strlen(WHITE_TYPE_KEYWORD)) == 0) + if (strncasecmp(type_name, ALLOW_TYPE_KEYWORD, strlen(ALLOW_TYPE_KEYWORD)) == 0) { - type = WHITE_LIST; - type_name += strlen(WHITE_TYPE_KEYWORD); + type = ALLOW_LIST; + type_name += strlen(ALLOW_TYPE_KEYWORD); } - else if (strncasecmp(type_name, BLACK_TYPE_KEYWORD, strlen(BLACK_TYPE_KEYWORD)) == 0) + else if (strncasecmp(type_name, BLOCK_TYPE_KEYWORD, strlen(BLOCK_TYPE_KEYWORD)) == 0) { - type = BLACK_LIST; - type_name += strlen(BLACK_TYPE_KEYWORD); + type = BLOCK_LIST; + type_name += strlen(BLOCK_TYPE_KEYWORD); } else if (strncasecmp(type_name, MONITOR_TYPE_KEYWORD, strlen(MONITOR_TYPE_KEYWORD)) == 0) { @@ -816,7 +816,7 @@ static int get_file_type(char* type_name) } //The format of manifest is: -// file_name, list_id, action (black, white, monitor), interface information +// file_name, list_id, action (block, allow, monitor), interface information //If no interface information provided, this means all interfaces are applied. static bool process_line_in_manifest(ListFile* list_item, const char* manifest, const char* line, @@ -869,7 +869,7 @@ static bool process_line_in_manifest(ListFile* list_item, const char* manifest, { ErrorMessage(" %s(%d) => Unknown action specified (%s)." " Please specify a value: %s | %s | %s.\n", manifest, line_number, token, - WHITE_TYPE_KEYWORD, BLACK_TYPE_KEYWORD, MONITOR_TYPE_KEYWORD); + ALLOW_TYPE_KEYWORD, BLOCK_TYPE_KEYWORD, MONITOR_TYPE_KEYWORD); return false; } break; diff --git a/src/network_inspectors/reputation/reputation_parse.h b/src/network_inspectors/reputation/reputation_parse.h index 5e808033c..060230d17 100644 --- a/src/network_inspectors/reputation/reputation_parse.h +++ b/src/network_inspectors/reputation/reputation_parse.h @@ -27,6 +27,6 @@ void ip_list_init(uint32_t,ReputationConfig *config); void estimate_num_entries(ReputationConfig* config); int read_manifest(const char* filename, ReputationConfig* config); -void add_black_white_List(ReputationConfig* config); +void add_block_allow_List(ReputationConfig* config); #endif diff --git a/src/stream/base/stream_ha.cc b/src/stream/base/stream_ha.cc index cf1346310..23a64d425 100644 --- a/src/stream/base/stream_ha.cc +++ b/src/stream/base/stream_ha.cc @@ -193,7 +193,7 @@ static void update_flags(Flow* flow) { flow->ha_state->add(FlowHAState::MODIFIED); /* If we have started ignoring both directions, that means we'll probably - * try to whitelist the session. This is a critical change since we + * try to trust the session. This is a critical change since we * probably won't see another packet on the session if we're using * a DAQ module that fully supports the WHITELIST verdict. */ if( cur_state->ignore_direction == SSN_DIR_BOTH ) diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index e491cd437..a141b4853 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -176,7 +176,7 @@ static const Parameter s_params[] = "don't alert when rule matches" }, { "fastpath", Parameter::PT_IMPLIED, nullptr, nullptr, - "optionally whitelist the remainder of the session" }, + "optionally trust the remainder of the session" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; diff --git a/tools/snort2lua/preprocessor_states/pps_reputation.cc b/tools/snort2lua/preprocessor_states/pps_reputation.cc index ffc993bc0..096548271 100644 --- a/tools/snort2lua/preprocessor_states/pps_reputation.cc +++ b/tools/snort2lua/preprocessor_states/pps_reputation.cc @@ -71,9 +71,9 @@ bool Reputation::convert(std::istringstream& data_stream) else if (keyword == "shared_refresh") table_api.add_deleted_comment("shared_refresh"); - else if (keyword == "blacklist") + else if (keyword == "blacklist" or keyword == "blocklist") { - tmpval = parse_path_option("blacklist", arg_stream); + tmpval = parse_path_option("blocklist", arg_stream); } else if (keyword == "memcap") { @@ -100,10 +100,10 @@ bool Reputation::convert(std::istringstream& data_stream) std::string val; if (!(arg_stream >> val)) data_api.failed_conversion(arg_stream, "reputation: priority "); - else if (val == "whitelist") - table_api.add_option("priority", "whitelist"); - else if (val == "blacklist") - table_api.add_option("priority", "blacklist"); + else if (val == "whitelist" or val == "allowlist") + table_api.add_option("priority", "allowlist"); + else if (val == "blacklist" or val == "blocklist") + table_api.add_option("priority", "blocklist"); else { data_api.failed_conversion(arg_stream, "reputation: priority " + val); @@ -117,23 +117,23 @@ bool Reputation::convert(std::istringstream& data_stream) { table_api.add_deleted_comment("shared_max_instances"); } - else if (keyword == "white") + else if (keyword == "white" or keyword == "allow") { std::string val; if (!(arg_stream >> val)) data_api.failed_conversion(arg_stream, "reputation: white "); - else if (val == "unblack") - table_api.add_option("white", "unblack"); + else if (val == "unblack" or val == "do_not_block") + table_api.add_option("allow", "do_not_block"); else if (val == "trust") - table_api.add_option("white", "trust"); + table_api.add_option("allow", "trust"); else { data_api.failed_conversion(arg_stream, "reputation: white " + val); } } - else if (keyword == "whitelist") + else if (keyword == "whitelist" or keyword == "allowlist") { - tmpval = parse_path_option("whitelist", arg_stream); + tmpval = parse_path_option("allowlist", arg_stream); } else {