From: Tom Peters (thopeter) Date: Thu, 7 Feb 2019 15:03:17 +0000 (-0500) Subject: Merge pull request #1506 in SNORT/snort3 from ~MIREDDEN/snort3:port_scan_memcap_reloa... X-Git-Tag: 3.0.0-251~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c796464eb9ea81739e4dbb4c9fb01bb6d39d7689;p=thirdparty%2Fsnort3.git Merge pull request #1506 in SNORT/snort3 from ~MIREDDEN/snort3:port_scan_memcap_reload to master Squashed commit of the following: commit ceccbcae1fc77038787c320f7e422607960ec0c4 Author: Mike Redden Date: Tue Feb 5 13:07:44 2019 -0500 port_scan: Fail reload if memcap changed --- diff --git a/doc/reload_limitations.txt b/doc/reload_limitations.txt index 3061b2dd9..16910179b 100644 --- a/doc/reload_limitations.txt +++ b/doc/reload_limitations.txt @@ -13,6 +13,7 @@ The following parameters can't be changed during reload, and require a restart: * daq.no_promisc * detection.asn1 * file_id.max_files_cached +* port_scan.memcap * process.chroot * process.daemon * process.set_gid diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc index 0a53d4fd3..7a647d715 100644 --- a/src/network_inspectors/port_scan/ps_module.cc +++ b/src/network_inspectors/port_scan/ps_module.cc @@ -23,6 +23,7 @@ #endif #include "ps_module.h" +#include "log/messages.h" #include @@ -324,6 +325,28 @@ bool PortScanModule::set(const char* fqn, Value& v, SnortConfig*) return true; } +bool PortScanModule::end(const char* fqn, int, SnortConfig*) +{ + static size_t saved_memcap = 0; + + if (strcmp(fqn, "port_scan") == 0) + { + if (saved_memcap != 0 ) + { + if (config->memcap != saved_memcap) + { + ReloadError("Changing port_scan.memcap requires a restart\n"); + } + } + else + { + saved_memcap = config->memcap; + } + } + + return true; +} + PS_ALERT_CONF* PortScanModule::get_alert_conf(const char* fqn) { if ( !strncmp(fqn, "port_scan.tcp_ports", 19) ) diff --git a/src/network_inspectors/port_scan/ps_module.h b/src/network_inspectors/port_scan/ps_module.h index 6a290b0f4..f06764fa7 100644 --- a/src/network_inspectors/port_scan/ps_module.h +++ b/src/network_inspectors/port_scan/ps_module.h @@ -143,6 +143,7 @@ public: bool set(const char*, snort::Value&, snort::SnortConfig*) override; bool begin(const char*, int, snort::SnortConfig*) override; + bool end(const char*, int, snort::SnortConfig*) override; const PegInfo* get_pegs() const override; PegCount* get_counts() const override;