From: Amarnath Sathyanarayanan (amsathya) <amsathya@cisco.com>
Date: Wed, 7 Aug 2019 18:05:47 +0000 (-0400)
Subject: Merge pull request #1705 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to... 
X-Git-Tag: 3.0.0-259~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4b03c247a3f7a7579a3ba8c4176a442fc2fddf6;p=thirdparty%2Fsnort3.git

Merge pull request #1705 in SNORT/snort3 from ~AMSATHYA/snort3:identity_plugin to master

Squashed commit of the following:

commit bb548cd89a07db9e05bdc0c67a8b424b55a4758c
Author: Ruiqi Tian <rutian@cisco.com>
Date:   Mon Aug 5 20:04:06 2019 -0400

    snort2lua: add identity section from firewall settings
---

diff --git a/tools/snort2lua/preprocessor_states/pps_firewall.cc b/tools/snort2lua/preprocessor_states/pps_firewall.cc
index 377dfac79..f6b618a7a 100644
--- a/tools/snort2lua/preprocessor_states/pps_firewall.cc
+++ b/tools/snort2lua/preprocessor_states/pps_firewall.cc
@@ -40,6 +40,10 @@ namespace preprocessors
     {
         bool retval = true;
 
+        // identity
+        bool identity_table = false;
+        std::streampos pos = data_stream.tellg();
+
         table_api.open_table("firewall");
 
         std::string keyword;
@@ -159,7 +163,7 @@ namespace preprocessors
             else if (keyword == "debug_future_date")
                 tmpval = table_api.add_option("future_date_debug_enabled", true);
             else if (keyword == "identity_rule_path")
-                tmpval = parse_string_option("identity_rule_path", data_stream);
+                identity_table = tmpval = parse_string_option("identity_rule_path", data_stream);
             else if (keyword == "interface_ip_map_path")
                 tmpval = parse_string_option("intf_ip_map_path", data_stream);
             else if (keyword == "daqif_path")
@@ -175,6 +179,42 @@ namespace preprocessors
                 retval = false;
             }
         }
+        table_api.close_table();
+
+        // identity, reading data_stream again
+        if ( identity_table )
+        {
+            data_stream.clear();
+            data_stream.seekg(pos);
+
+            table_api.open_top_level_table("identity");
+            while (data_stream >> keyword)
+            {
+                bool tmpval = true;
+
+                if (keyword == "fw_usrc_memcap")
+                    tmpval = parse_int_option("user_cache_memcap", data_stream, false);
+                else if (keyword == "identity_rule_path")
+                    tmpval = parse_string_option("identity_rule_path", data_stream);
+                else if (keyword == "interface_ip_map_path")
+                    tmpval = parse_string_option("intf_ip_map_path", data_stream);
+                else if (keyword == "daqif_path")
+                    tmpval = parse_string_option("daq_intf_path", data_stream);
+                else if (keyword == "running_config_network_path")
+                    tmpval = parse_string_option("running_network_config_path", data_stream);
+
+                if (!tmpval)
+                {
+                    data_api.failed_conversion(data_stream, keyword);
+                    retval = false;
+                }
+            }
+#ifdef REG_TEST
+            table_api.add_option("regtest", true);
+            table_api.add_option("user_snapshot_path", "./");
+#endif
+            table_api.close_table();
+        }
 
         // Auto enable for firewall
         table_api.open_top_level_table("reject");