From: Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Date: Wed, 15 Jul 2020 11:55:33 +0000 (+0000)
Subject: Merge pull request #2321 in SNORT/snort3 from ~BBANTWAL/snort3:warn_all_without_rules... 
X-Git-Tag: 3.0.2-2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82746cb789eadedb62b853246176e75c8e776d12;p=thirdparty%2Fsnort3.git

Merge pull request #2321 in SNORT/snort3 from ~BBANTWAL/snort3:warn_all_without_rules_n_flowbits to master

Squashed commit of the following:

commit 1666ad7ae813a3891e8e61d002a6cb115156f8f7
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Thu Jul 9 00:06:51 2020 -0400

    main: add config options --ignore-warn-rules and --ignore-warn-flowbits to snort module

    --ignore-warn-rules ignores the warnings generated by rule parsing.
    --ignore-warn-flowbits ignores the warnings generted by flowbits parsing.
---

diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc
index a68685f19..1f373d7e1 100644
--- a/src/main/snort_module.cc
+++ b/src/main/snort_module.cc
@@ -411,6 +411,12 @@ static const Parameter s_params[] =
     { "--id-zero", Parameter::PT_IMPLIED, nullptr, nullptr,
       "use id prefix / subdirectory even with one packet thread" },
 
+    { "--ignore-warn-flowbits", Parameter::PT_IMPLIED, nullptr, nullptr,
+      "ignore warnings about flowbits that are checked but not set and vice-versa" },
+
+    { "--ignore-warn-rules", Parameter::PT_IMPLIED, nullptr, nullptr,
+      "ignore warnings about duplicate rules and rule parsing issues" },
+
     { "--include-path", Parameter::PT_STRING, nullptr, nullptr,
       "<path> where to find Lua and rule included files; "
       "searched before current or config directories" },
@@ -654,6 +660,8 @@ public:
 
 private:
     SFDAQModuleConfig* module_config;
+    bool ignore_warn_flowbits = false;
+    bool ignore_warn_rules = false;
 };
 
 void SnortModule::set_trace(const Trace* trace) const
@@ -1082,6 +1090,12 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc)
     else if ( v.is("--warn-hosts") )
         sc->warning_flags |= (1 << WARN_HOSTS);
 
+    else if ( v.is("--ignore-warn-flowbits") )
+        ignore_warn_flowbits = true;
+
+    else if ( v.is("--ignore-warn-rules") )
+        ignore_warn_rules = true;
+
     else if ( v.is("--warn-plugins") )
         sc->warning_flags |= (1 << WARN_PLUGINS);
 
@@ -1111,6 +1125,18 @@ bool SnortModule::end(const char*, int, SnortConfig* sc)
     if ( sc->offload_threads and ThreadConfig::get_instance_max() != 1 )
         ParseError("You can not enable experimental offload with more than one packet thread.");
 
+    if ( ignore_warn_flowbits )
+    {
+        sc->warning_flags &= ~(1 << WARN_FLOWBITS);
+        ignore_warn_flowbits = false;
+    }
+
+    if ( ignore_warn_rules )
+    {
+        sc->warning_flags &= ~(1 << WARN_RULES);
+        ignore_warn_rules = false;
+    }
+
     return true;
 }