From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Tue, 4 Dec 2018 18:56:48 +0000 (-0500)
Subject: Merge pull request #1453 in SNORT/snort3 from ~MDAGON/snort3:reload_config to master
X-Git-Tag: 3.0.0-250~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e605b3d26bf528ccc4cb719458e643199c70f905;p=thirdparty%2Fsnort3.git

Merge pull request #1453 in SNORT/snort3 from ~MDAGON/snort3:reload_config to master

Squashed commit of the following:

commit 13980e232f10ab4f289c4ffde26df4170a865ce5
Author: Maya Dagon <mdagon@cisco.com>
Date:   Fri Nov 16 15:10:19 2018 -0500

    file_api: choose whether to get file config from current config or staged one
---

diff --git a/src/file_api/file_api.h b/src/file_api/file_api.h
index 3b0439faa..423922196 100644
--- a/src/file_api/file_api.h
+++ b/src/file_api/file_api.h
@@ -30,6 +30,7 @@
 #include <cstring>
 #include <string>
 
+#include "main/snort_config.h"
 #include "main/snort_types.h"
 
 #define     ENABLE_FILE_TYPE_IDENTIFICATION      0x1
@@ -132,7 +133,7 @@ public:
 
     // This is called when a new flow is queried for the first time
     // Check & update what file policy is enabled on this flow/file
-    virtual void policy_check(Flow*, FileInfo* ) { }
+    virtual void policy_check(Flow*, FileInfo*) { }
 
     // This is called after file type is known
     virtual FileVerdict type_lookup(Packet*, FileInfo*)
@@ -143,7 +144,6 @@ public:
     { return FILE_VERDICT_UNKNOWN; }
 
     virtual void log_file_action(Flow*, FileInfo*, FileAction) { }
-
 };
 
 inline void initFilePosition(FilePosition* position, uint64_t processed_size)
@@ -194,7 +194,7 @@ inline FileCharEncoding get_character_encoding(const char* file_name, size_t len
 SO_PUBLIC uint64_t get_file_processed_size(Flow* flow);
 SO_PUBLIC FilePosition get_file_position(Packet* pkt);
 SO_PUBLIC void get_magic_rule_ids_from_type(const std::string& type,
-    const std::string& version, FileTypeBitSet& ids_set);
+    const std::string& version, FileTypeBitSet& ids_set, SnortConfig*);
 }
 #endif
 
diff --git a/src/file_api/file_config.cc b/src/file_api/file_config.cc
index f602b8239..27a2abf97 100644
--- a/src/file_api/file_config.cc
+++ b/src/file_api/file_config.cc
@@ -102,9 +102,9 @@ std::string file_type_name(uint32_t id)
         return "NA";
 }
 
-FileConfig* get_file_config ()
+FileConfig* get_file_config(snort::SnortConfig* sc)
 {
-    snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true);
+    snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true, sc);
 
     if (fi)
         return (fi->config);
@@ -114,13 +114,14 @@ FileConfig* get_file_config ()
 
 namespace snort
 {
-    void get_magic_rule_ids_from_type(const std::string& type, const std::string& version, snort::FileTypeBitSet& ids_set)
-    {
-        FileConfig* conf = get_file_config();
-        if(conf)
-            conf->get_magic_rule_ids_from_type(type, version, ids_set);
-        else
-            ids_set.reset();
-    }
+void get_magic_rule_ids_from_type(const std::string& type, const std::string& version,
+    snort::FileTypeBitSet& ids_set, snort::SnortConfig* sc)
+{
+    FileConfig* conf = get_file_config(sc);
+    if (conf)
+        conf->get_magic_rule_ids_from_type(type, version, ids_set);
+    else
+        ids_set.reset();
+}
 }
 
diff --git a/src/file_api/file_config.h b/src/file_api/file_config.h
index fec378cee..596da495c 100644
--- a/src/file_api/file_config.h
+++ b/src/file_api/file_config.h
@@ -23,7 +23,7 @@
 #define FILE_CONFIG_H
 
 // This provides the basic configuration for file processing
-
+#include "main/snort_config.h"
 #include "file_api/file_identifier.h"
 #include "file_api/file_policy.h"
 
@@ -78,6 +78,6 @@ private:
 };
 
 std::string file_type_name(uint32_t id);
-FileConfig* get_file_config();
+FileConfig* get_file_config(snort::SnortConfig* sc = nullptr);
 #endif
 
diff --git a/src/ips_options/ips_file_type.cc b/src/ips_options/ips_file_type.cc
index a3dcbc779..fc65490dc 100644
--- a/src/ips_options/ips_file_type.cc
+++ b/src/ips_options/ips_file_type.cc
@@ -90,12 +90,11 @@ IpsOption::EvalStatus FileTypeOption::eval(Cursor&, Packet* pkt)
 static const Parameter s_params[] =
 {
     { "~", Parameter::PT_STRING, nullptr, nullptr,
-        "list of file type IDs to match" },
+      "list of file type IDs to match" },
 
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 
-
 #define s_help \
     "rule option to check file type"
 
@@ -117,7 +116,7 @@ public:
     FileTypeBitSet types;
 
 private:
-    bool parse_type_and_version(std::string& token);
+    bool parse_type_and_version(std::string& token, SnortConfig*);
 };
 
 bool FileTypeModule::begin(const char*, int, SnortConfig*)
@@ -127,7 +126,7 @@ bool FileTypeModule::begin(const char*, int, SnortConfig*)
     return true;
 }
 
-bool FileTypeModule::set(const char*, Value& v, SnortConfig*)
+bool FileTypeModule::set(const char*, Value& v, SnortConfig* sc)
 {
     if ( !v.is("~") )
         return false;
@@ -143,7 +142,7 @@ bool FileTypeModule::set(const char*, Value& v, SnortConfig*)
         if ( tok[tok.length()-1] == '"' )
             tok.erase(tok.length()-1, 1);
 
-        if (! parse_type_and_version(tok) )
+        if (!parse_type_and_version(tok, sc) )
             return false;
     }
     return true;
@@ -162,21 +161,21 @@ bool FileTypeModule::set(const char*, Value& v, SnortConfig*)
 //    Multiple types are separated by spaces:
 // TYPE1,VER1 TYPE2 TYPE3,VER1,VER2 -- Match any of these types
 //
-bool FileTypeModule::parse_type_and_version(std::string& token)
+bool FileTypeModule::parse_type_and_version(std::string& token, SnortConfig* sc)
 {
     std::istringstream stream(token);
     std::string type_name;
     std::string version;
     FileTypeBitSet ids_set;
 
-    if(!std::getline(stream, type_name, ','))
+    if (!std::getline(stream, type_name, ','))
         return false;
 
-    if(!std::getline(stream, version, ','))
+    if (!std::getline(stream, version, ','))
     {
         // Match all versions of this type.
-        get_magic_rule_ids_from_type(type_name, "", ids_set);
-        if(ids_set.none())
+        get_magic_rule_ids_from_type(type_name, "", ids_set, sc);
+        if (ids_set.none())
         {
             ParseError("Invalid file_type type '%s'. Not found in file_rules.", type_name.c_str());
             return false;
@@ -186,21 +185,23 @@ bool FileTypeModule::parse_type_and_version(std::string& token)
         return true;
     }
 
-    get_magic_rule_ids_from_type(type_name, version, ids_set);
-    if(ids_set.none())
+    get_magic_rule_ids_from_type(type_name, version, ids_set, sc);
+    if (ids_set.none())
     {
-        ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", type_name.c_str(), version.c_str());
+        ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.",
+            type_name.c_str(), version.c_str());
         return false;
     }
 
     types |= ids_set;
 
-    while(std::getline(stream, version, ','))
+    while (std::getline(stream, version, ','))
     {
-        get_magic_rule_ids_from_type(type_name, version, ids_set);
-        if(ids_set.none())
+        get_magic_rule_ids_from_type(type_name, version, ids_set, sc);
+        if (ids_set.none())
         {
-            ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.", type_name.c_str(), version.c_str());
+            ParseError("Invalid file_type type '%s' or version '%s'. Not found in file_rules.",
+                type_name.c_str(), version.c_str());
             return false;
         }
 
diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc
index 8cea5a670..497020e7a 100644
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -64,9 +64,10 @@ struct PHGlobal
 {
     const InspectApi& api;
     bool initialized = false;   // In the context of the main thread, this means that api.pinit()
-                                // has been called.  In the packet thread, it means that api.tinit()
-                                // has been called.
-    bool instance_initialized = false;  // In the packet thread, at least one instance has had tinit() called.
+                                // has been called.  In the packet thread, it means that
+                                // api.tinit() has been called.
+    bool instance_initialized = false;  // In the packet thread, at least one instance has had
+                                        // tinit() called.
 
     PHGlobal(const InspectApi& p) : api(p) { }
 
@@ -89,7 +90,8 @@ struct PHClass
     { return ( a->api.type < b->api.type ); }
 };
 
-enum ReloadType {
+enum ReloadType
+{
     RELOAD_TYPE_NONE = 0,
     RELOAD_TYPE_DELETED,
     RELOAD_TYPE_REENABLED,
@@ -117,9 +119,11 @@ struct PHInstance
     { reload_type = val; }
 
     bool is_reloaded()
-    { return ((reload_type == RELOAD_TYPE_REENABLED) or
-            (reload_type == RELOAD_TYPE_DELETED) or
-            (reload_type == RELOAD_TYPE_NEW)); }
+    {
+        return ((reload_type == RELOAD_TYPE_REENABLED)or
+                   (reload_type == RELOAD_TYPE_DELETED) or
+                   (reload_type == RELOAD_TYPE_NEW));
+    }
 
     ReloadType get_reload_type()
     { return reload_type; }
@@ -236,7 +240,7 @@ void FrameworkPolicy::vectorize(SnortConfig* sc)
     {
         switch ( p->pp_class.api.type )
         {
-        case IT_PASSIVE :
+        case IT_PASSIVE:
             passive.add(p);
             // FIXIT-L Ugly special case for noticing a binder
             if ( !strcmp(p->pp_class.api.base.name, bind_id) )
@@ -382,7 +386,8 @@ void InspectorManager::empty_trash()
 // FIXIT-L allowing lookup by name or type or key is kinda hinky
 // would be helpful to have specific lookups
 static bool get_instance(
-        FrameworkPolicy* fp, const char* keyword, bool dflt_only, std::vector<PHInstance*>::iterator& it)
+    FrameworkPolicy* fp, const char* keyword, bool dflt_only,
+    std::vector<PHInstance*>::iterator& it)
 {
     for ( it = fp->ilist.begin(); it != fp->ilist.end(); ++it )
     {
@@ -400,7 +405,7 @@ static bool get_instance(
 }
 
 static PHInstance* get_instance(
-        FrameworkPolicy* fp, const char* keyword, bool dflt_only = false)
+    FrameworkPolicy* fp, const char* keyword, bool dflt_only = false)
 {
     std::vector<PHInstance*>::iterator it;
     return get_instance(fp, keyword, dflt_only, it) ? *it : nullptr;
@@ -465,7 +470,7 @@ void InspectorManager::delete_policy(InspectionPolicy* pi, bool cloned)
     for ( auto* p : pi->framework_policy->ilist )
     {
         if ( cloned and !(p->is_reloaded()) )
-                continue;
+            continue;
 
         if ( p->handler->get_api()->type == IT_PASSIVE )
             s_trash2.emplace_back(p->handler);
@@ -499,15 +504,17 @@ Binder* InspectorManager::get_binder()
     if ( !pi || !pi->framework_policy )
         return nullptr;
 
-    return (Binder*) pi->framework_policy->binder;
+    return (Binder*)pi->framework_policy->binder;
 }
 
 // FIXIT-P cache get_inspector() returns or provide indexed lookup
-Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only)
+Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, SnortConfig* sc)
 {
     InspectionPolicy* pi;
-    
-    if (dflt_only)
+
+    if (dflt_only && (sc != nullptr))
+        pi = snort::get_default_inspection_policy(sc);
+    else if (dflt_only)
         pi = snort::get_default_inspection_policy(SnortConfig::get_conf());
     else
         pi = snort::get_inspection_policy();
@@ -790,6 +797,7 @@ Inspector* InspectorManager::instantiate(
     // FIXIT-L can't we just unify PHInstance and InspectorWrapper?
     return ppi->handler;
 }
+
 #endif
 
 // create default binding for wizard and configured services
@@ -1020,13 +1028,13 @@ void InspectorManager::execute(Packet* p)
     }
     // must check between each ::execute()
     if ( p->disable_inspect )
-       return;
+        return;
 
     if ( !p->is_cooked() )
         ::execute(p, fp->packet.vec, fp->packet.num);
 
     if ( p->disable_inspect )
-       return;
+        return;
 
     SnortConfig* sc = SnortConfig::get_conf();
     FrameworkPolicy* fp_dft = snort::get_default_inspection_policy(sc)->framework_policy;
@@ -1038,7 +1046,7 @@ void InspectorManager::execute(Packet* p)
         ::execute(p, fp->network.vec, fp->network.num);
 
         if ( p->disable_inspect )
-           return;
+            return;
 
         ::execute(p, fp_dft->control.vec, fp_dft->control.num);
     }
@@ -1055,7 +1063,7 @@ void InspectorManager::execute(Packet* p)
         }
 
         if ( p->disable_inspect )
-           return;
+            return;
 
         if ( p->flow->full_inspection() )
             full_inspection(p);
diff --git a/src/managers/inspector_manager.h b/src/managers/inspector_manager.h
index d87a8e049..831e4e46c 100644
--- a/src/managers/inspector_manager.h
+++ b/src/managers/inspector_manager.h
@@ -59,7 +59,8 @@ public:
     static InspectSsnFunc get_session(uint16_t proto);
 
     static InspectorType get_type(const char* key);
-    SO_PUBLIC static Inspector* get_inspector(const char* key, bool dflt_only = false);
+    SO_PUBLIC static Inspector* get_inspector(const char* key, bool dflt_only = false,
+        SnortConfig* sc = nullptr);
 
     SO_PUBLIC static Binder* get_binder();