From: Mike Stepanek (mstepane) Date: Tue, 12 Mar 2019 17:07:33 +0000 (-0400) Subject: Merge pull request #1536 in SNORT/snort3 from ~SMINUT/snort3:snort2lua_max_sessions... X-Git-Tag: 3.0.0-251~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9bf7a5f32e7ea18d222c195d7a1224fa0c10e93;p=thirdparty%2Fsnort3.git Merge pull request #1536 in SNORT/snort3 from ~SMINUT/snort3:snort2lua_max_sessions to master Squashed commit of the following: commit 1209c74f20a4b0356b1a6f5e972c437716a5ed2d Author: Silviu Minut Date: Tue Mar 5 10:17:39 2019 -0500 snort2lua: do not translate max_sessions from snort.conf to snort.lua. snort2lua: introduce command line option -l to suppress conversion of max_tcp, max_udp, max_icmp and max_ip to max_sessions. stream: log StreamBase::config in StreamBase::show(). snort2lua: do generate the tcp_cache instance even when we don't convert tcp_max to max_sessions. --- diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc index 369048a95..f8cfe9646 100644 --- a/src/stream/base/stream_base.cc +++ b/src/stream/base/stream_base.cc @@ -24,6 +24,7 @@ #include "flow/flow_control.h" #include "flow/prune_stats.h" +#include "log/messages.h" #include "main/snort_config.h" #include "main/snort_types.h" #include "managers/inspector_manager.h" @@ -217,8 +218,13 @@ bool StreamBase::configure(SnortConfig* sc) void StreamBase::show(SnortConfig*) { - // FIXIT-L SSN print - //StreamPrintGlobalConfig(&config); + LogMessage("Stream Base config:\n"); + LogMessage(" IP max sessions: %d\n", config.ip_cfg.max_sessions); + LogMessage(" ICMP max sessions: %d\n", config.icmp_cfg.max_sessions); + LogMessage(" TCP max sessions: %d\n", config.tcp_cfg.max_sessions); + LogMessage(" UDP max sessions: %d\n", config.udp_cfg.max_sessions); + LogMessage(" User max sessions: %d\n", config.user_cfg.max_sessions); + LogMessage(" File max sessions: %d\n", config.file_cfg.max_sessions); } void StreamBase::eval(Packet* p) @@ -338,4 +344,3 @@ static const InspectApi base_api = }; const BaseApi* nin_stream_base = &base_api.base; - diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc index d197ce615..07064dfdd 100644 --- a/tools/snort2lua/helpers/converter.cc +++ b/tools/snort2lua/helpers/converter.cc @@ -39,7 +39,7 @@ #define GID_REPUTATION "136" -TableDelegation table_delegation = +TableDelegation table_delegation = { { "binder", true }, { "detection", true }, @@ -56,6 +56,7 @@ bool Converter::empty_args = false; bool Converter::convert_rules_mult_files = true; bool Converter::convert_conf_mult_files = true; bool Converter::bind_wizard = false; +bool Converter::convert_max_session = true; Converter::Converter() : table_api(&top_table_api, table_delegation), @@ -292,7 +293,7 @@ int Converter::parse_file( } rule_api.resolve_pcre_buffer_options(); - + if (commented_rule) rule_api.make_rule_a_comment(); @@ -583,4 +584,3 @@ int Converter::convert( } return rc; } - diff --git a/tools/snort2lua/helpers/converter.h b/tools/snort2lua/helpers/converter.h index 99f10656a..6b1315c0d 100644 --- a/tools/snort2lua/helpers/converter.h +++ b/tools/snort2lua/helpers/converter.h @@ -73,6 +73,12 @@ public: inline static bool get_bind_wizard() { return bind_wizard; } + static void unset_convert_max_session() + { convert_max_session = false; } + + static bool do_convert_max_session() + { return convert_max_session; } + Binder& make_binder(Binder&); Binder& make_binder(); Binder& make_pending_binder(int ips_policy_id); @@ -124,6 +130,7 @@ private: static bool convert_conf_mult_files; static bool empty_args; static bool bind_wizard; + static bool convert_max_session; bool ftp_data_is_added = false; @@ -154,4 +161,3 @@ private: }; #endif - diff --git a/tools/snort2lua/helpers/parse_cmd_line.cc b/tools/snort2lua/helpers/parse_cmd_line.cc index 20e072505..6d1e7681a 100644 --- a/tools/snort2lua/helpers/parse_cmd_line.cc +++ b/tools/snort2lua/helpers/parse_cmd_line.cc @@ -283,6 +283,11 @@ static void print_version(const char* /*key*/, const char* /*val*/) std::cout << "Snort2Lua\t0.2.0"; } +static void dont_convert_max_session(const char* /*key*/, const char* /*val*/) +{ + Converter::unset_convert_max_session(); +} + #ifdef REG_TEST [[noreturn]] static void print_binder_order(const char* /*key*/, const char* /*val*/) { @@ -351,6 +356,9 @@ static ConfigFunc basic_opts[] = "if file contains any or " "(i.e. 'include path/to/conf/other_conf'), do NOT parse those files" }, + { "l", dont_convert_max_session, "", + "do not convert max_tcp, max_udp, max_icmp, max_ip to max_session" }, + { "m", add_remark, "", "add a remark to the end of every converted rule" }, @@ -515,4 +523,3 @@ static void help_args(const char* /*pfx*/, const char* /*val*/) } } } // namespace parser - diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_global.cc b/tools/snort2lua/preprocessor_states/pps_stream5_global.cc index caf4b3347..48b66d5b7 100644 --- a/tools/snort2lua/preprocessor_states/pps_stream5_global.cc +++ b/tools/snort2lua/preprocessor_states/pps_stream5_global.cc @@ -88,8 +88,11 @@ bool StreamGlobal::convert(std::istringstream& data_stream) else if (keyword == "max_tcp") { table_api.open_table("tcp_cache"); - table_api.add_diff_option_comment("max_tcp", "max_sessions"); - tmpval = parse_int_option("max_sessions", arg_stream, false); + if (cv.do_convert_max_session()) + { + table_api.add_diff_option_comment("max_tcp", "max_sessions"); + tmpval = parse_int_option("max_sessions", arg_stream, false); + } table_api.close_table(); } else if (keyword == "tcp_cache_nominal_timeout") @@ -109,8 +112,11 @@ bool StreamGlobal::convert(std::istringstream& data_stream) else if (keyword == "max_udp") { table_api.open_table("udp_cache"); - table_api.add_diff_option_comment("max_udp","max_sessions"); - tmpval = parse_int_option("max_sessions", arg_stream, false); + if (cv.do_convert_max_session()) + { + table_api.add_diff_option_comment("max_udp","max_sessions"); + tmpval = parse_int_option("max_sessions", arg_stream, false); + } table_api.close_table(); } else if (keyword == "udp_cache_pruning_timeout") @@ -130,15 +136,21 @@ bool StreamGlobal::convert(std::istringstream& data_stream) else if (keyword == "max_icmp") { table_api.open_table("icmp_cache"); - table_api.add_diff_option_comment("max_icmp","max_sessions"); - tmpval = parse_int_option("max_sessions", arg_stream, false); + if (cv.do_convert_max_session()) + { + table_api.add_diff_option_comment("max_icmp","max_sessions"); + tmpval = parse_int_option("max_sessions", arg_stream, false); + } table_api.close_table(); } else if (keyword == "max_ip") { table_api.open_table("ip_cache"); - table_api.add_diff_option_comment("max_ip","max_sessions"); - tmpval = parse_int_option("max_sessions", arg_stream, false); + if (cv.do_convert_max_session()) + { + table_api.add_diff_option_comment("max_ip","max_sessions"); + tmpval = parse_int_option("max_sessions", arg_stream, false); + } table_api.close_table(); } else if (keyword == "show_rebuilt_packets") @@ -196,4 +208,3 @@ static const ConvertMap preprocessor_stream_global = const ConvertMap* stream_global_map = &preprocessor_stream_global; } // namespace preprocessors -