From: Bhagya Tholpady (bbantwal) Date: Tue, 25 Aug 2020 16:02:22 +0000 (+0000) Subject: Merge pull request #2412 in SNORT/snort3 from ~OSHUMEIK/snort3:dump_config_top to... X-Git-Tag: 3.0.2-6~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e49d1abaa8f20c6b73041e04aa83b11774ca692;p=thirdparty%2Fsnort3.git Merge pull request #2412 in SNORT/snort3 from ~OSHUMEIK/snort3:dump_config_top to master Squashed commit of the following: commit 1830d71daba5ee91ee67f1d5570f9ef2872488fe Author: Oleksii Shumeiko Date: Tue Aug 18 14:58:19 2020 +0300 dump_config: add --dump-config="top" to dump the main policy config only --- diff --git a/src/dump_config/json_config_output.cc b/src/dump_config/json_config_output.cc index a8f9bae1f..73d34d354 100644 --- a/src/dump_config/json_config_output.cc +++ b/src/dump_config/json_config_output.cc @@ -27,49 +27,7 @@ using namespace snort; -JsonAllConfigOutput::JsonAllConfigOutput() : - ConfigOutput(), json(std::cout) -{ json.open_array(); } - -JsonAllConfigOutput::~JsonAllConfigOutput() -{ json.close_array(); } - -void JsonAllConfigOutput::dump(const ConfigData& config_data) -{ - json.open(); - json.put("filename", config_data.file_name); - json.open("config"); - - for ( const auto config_tree: config_data.config_trees ) - dump_modules(config_tree); - - json.close(); - json.close(); -} - -void JsonAllConfigOutput::dump_modules(const BaseConfigNode* node) -{ - Parameter::Type type = node->get_type(); - if ( type == Parameter::PT_LIST ) - json.open_array(node->get_name().c_str()); - else if ( type == Parameter::PT_TABLE ) - { - std::string name = node->get_name(); - name.empty() ? json.open() : json.open(name.c_str()); - } - else - dump_value(node); - - for ( const auto n : node->get_children() ) - dump_modules(n); - - if ( type == Parameter::PT_LIST ) - json.close_array(); - else if ( type == Parameter::PT_TABLE ) - json.close(); -} - -void JsonAllConfigOutput::dump_value(const BaseConfigNode* node) +static void dump_value(JsonStream& json, const BaseConfigNode* node) { const Value* value = node->get_value(); if ( !value ) @@ -102,3 +60,54 @@ void JsonAllConfigOutput::dump_value(const BaseConfigNode* node) } } +static void dump_modules(JsonStream& json, const BaseConfigNode* node) +{ + Parameter::Type type = node->get_type(); + if ( type == Parameter::PT_LIST ) + json.open_array(node->get_name().c_str()); + else if ( type == Parameter::PT_TABLE ) + { + std::string name = node->get_name(); + name.empty() ? json.open() : json.open(name.c_str()); + } + else + dump_value(json, node); + + for ( const auto n : node->get_children() ) + dump_modules(json, n); + + if ( type == Parameter::PT_LIST ) + json.close_array(); + else if ( type == Parameter::PT_TABLE ) + json.close(); +} + +JsonAllConfigOutput::JsonAllConfigOutput() : + ConfigOutput(), json(std::cout) +{ json.open_array(); } + +JsonAllConfigOutput::~JsonAllConfigOutput() +{ json.close_array(); } + +void JsonAllConfigOutput::dump(const ConfigData& config_data) +{ + json.open(); + json.put("filename", config_data.file_name); + json.open("config"); + + for ( const auto config_tree: config_data.config_trees ) + dump_modules(json, config_tree); + + json.close(); + json.close(); +} + +void JsonTopConfigOutput::dump(const ConfigData& config_data) +{ + json.open(); + + for ( const auto config_tree: config_data.config_trees ) + dump_modules(json, config_tree); + + json.close(); +} diff --git a/src/dump_config/json_config_output.h b/src/dump_config/json_config_output.h index c0c8c901d..5bb41f8ce 100644 --- a/src/dump_config/json_config_output.h +++ b/src/dump_config/json_config_output.h @@ -34,12 +34,20 @@ public: private: void dump(const ConfigData&) override; - void dump_modules(const BaseConfigNode* node); - void dump_value(const BaseConfigNode* node); +private: + JsonStream json; +}; + +class JsonTopConfigOutput : public ConfigOutput +{ +public: + JsonTopConfigOutput() : ConfigOutput(), json(std::cout) {} + +private: + void dump(const ConfigData&) override; private: JsonStream json; }; #endif // JSON_CONFIG_OUTPUT_H - diff --git a/src/main/shell.cc b/src/main/shell.cc index e757361f1..791dd99c7 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -116,6 +116,9 @@ void Shell::whitelist_append(const char* keyword, bool is_prefix) void Shell::config_open_table(bool is_root_node, bool is_list, int idx, const std::string& table_name, const Parameter* p) { + if ( !s_config_output ) + return; + Parameter::Type node_type = is_list ? Parameter::PT_LIST : Parameter::PT_TABLE; if ( is_root_node ) add_config_root_node(table_name, node_type); @@ -144,7 +147,7 @@ void Shell::config_open_table(bool is_root_node, bool is_list, int idx, void Shell::add_config_child_node(const std::string& node_name, snort::Parameter::Type type) { - if ( !s_current_node ) + if ( !s_config_output || !s_current_node ) return; std::string name; @@ -158,6 +161,9 @@ void Shell::add_config_child_node(const std::string& node_name, snort::Parameter void Shell::add_config_root_node(const std::string& root_name, snort::Parameter::Type node_type) { + if ( !s_config_output ) + return; + Shell* sh = Shell::get_current_shell(); if ( !sh ) @@ -169,7 +175,7 @@ void Shell::add_config_root_node(const std::string& root_name, snort::Parameter: void Shell::update_current_config_node(const std::string& node_name) { - if ( !s_current_node ) + if ( !s_config_output || !s_current_node ) return; // node has been added during setting default options @@ -185,6 +191,9 @@ void Shell::update_current_config_node(const std::string& node_name) void Shell::config_close_table() { + if ( !s_config_output ) + return; + if ( !s_close_table ) { s_close_table = true; @@ -199,7 +208,7 @@ void Shell::config_close_table() void Shell::set_config_value(const std::string& fqn, const snort::Value& value) { - if ( !s_current_node ) + if ( !s_config_output || !s_current_node ) return; // lua interpreter does not call open_table for simple list items like (string) or diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index b22540e59..beac61b02 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -957,6 +957,9 @@ ConfigOutput* SnortConfig::create_config_output() const case DUMP_CONFIG_JSON_ALL: output = new JsonAllConfigOutput(); break; + case DUMP_CONFIG_JSON_TOP: + output = new JsonTopConfigOutput(); + break; case DUMP_CONFIG_TEXT: output = new TextConfigOutput(); break; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index f7d89d5b7..40f8ac6e9 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -129,6 +129,7 @@ enum DumpConfigType { DUMP_CONFIG_NONE = 0, DUMP_CONFIG_JSON_ALL, + DUMP_CONFIG_JSON_TOP, DUMP_CONFIG_TEXT }; diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index aa3adb786..497fb306b 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -347,7 +347,7 @@ static const Parameter s_params[] = { "--dump-builtin-rules", Parameter::PT_STRING, "(optional)", nullptr, "[] output stub rules for selected modules" }, - { "--dump-config", Parameter::PT_SELECT, "all", nullptr, + { "--dump-config", Parameter::PT_SELECT, "all | top", nullptr, "dump config in json format" }, { "--dump-config-text", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -880,6 +880,8 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) sc->run_flags |= RUN_FLAG__TEST; if ( v.get_as_string() == "all" ) sc->dump_config_type = DUMP_CONFIG_JSON_ALL; + else if ( v.get_as_string() == "top" ) + sc->dump_config_type = DUMP_CONFIG_JSON_TOP; } else if ( v.is("--dump-config-text") ) diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 5276b1b08..44f4f2d70 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -455,8 +455,7 @@ static bool set_var(const char* fqn, Value& v) static bool set_param(Module* mod, const char* fqn, Value& val) { - if ( s_config->dump_config_mode() ) - Shell::set_config_value(fqn, val); + Shell::set_config_value(fqn, val); if ( !mod->verified_set(fqn, val, s_config) ) { @@ -595,8 +594,7 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep { const Parameter* table_item_params = reinterpret_cast(p->range); - if ( s_config->dump_config_mode() ) - Shell::add_config_child_node(get_sub_table(fqn), p->type); + Shell::add_config_child_node(get_sub_table(fqn), p->type); if ( !begin(m, table_item_params, fqn.c_str(), idx, depth+1) ) return false; @@ -634,8 +632,9 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep } ++p; } - if ( s_config->dump_config_mode() ) - Shell::update_current_config_node(); + + Shell::update_current_config_node(); + return true; } @@ -817,8 +816,7 @@ SO_PUBLIC void close_table(const char* s, int idx) s_type.clear(); } - if ( s_config->dump_config_mode() ) - Shell::config_close_table(); + Shell::config_close_table(); } SO_PUBLIC bool set_bool(const char* fqn, bool b) diff --git a/src/parser/parser.cc b/src/parser/parser.cc index ce857a4f9..0d9138827 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -361,7 +361,7 @@ SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname, boo bool parse_file_failed = false; auto output = SnortConfig::get_conf()->create_config_output(); - Shell::set_config_output(output); + bool is_top = SnortConfig::get_conf()->dump_config_type == DUMP_CONFIG_JSON_TOP; for ( unsigned i = 0; true; i++ ) { sh = sc->policy_map->get_shell(i); @@ -369,6 +369,8 @@ SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname, boo if ( !sh ) break; + auto shell_output = ( i != 0 && is_top ) ? nullptr : output; + Shell::set_config_output(shell_output); set_policies(sc, sh); if (!parse_file(sc, sh, is_fatal, (i == 0)))