From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Tue, 23 Oct 2018 15:37:11 +0000 (-0400)
Subject: Merge pull request #1385 in SNORT/snort3 from iprep_logging_enable_disable to master
X-Git-Tag: 3.0.0-249~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f39dfbcdeb5bd6c83fbd99700ebb9322f6d085ba;p=thirdparty%2Fsnort3.git

Merge pull request #1385 in SNORT/snort3 from iprep_logging_enable_disable to master

Squashed commit of the following:

commit f4d632e843064e7d2d8728ecb39ddc4c87e4e27a
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date:   Tue Oct 23 11:24:57 2018 -0400

    snort2lua: Add support for enable/disable iprep logging using suppress mechanism
---

diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc
index 44674ba11..505267905 100644
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -49,6 +49,16 @@ bool Rule::add_hdr_data(const std::string& data)
     }
 }
 
+void Rule::set_rule_old_action(const std::string &action)
+{
+    old_action = action;
+}
+
+std::string& Rule::get_rule_old_action()
+{
+    return old_action;
+}
+
 void Rule::update_rule_action(const std::string& new_type)
 { hdr_data[0] = new_type; }
 
diff --git a/tools/snort2lua/data/data_types/dt_rule.h b/tools/snort2lua/data/data_types/dt_rule.h
index 3e4e67079..913f327bb 100644
--- a/tools/snort2lua/data/data_types/dt_rule.h
+++ b/tools/snort2lua/data/data_types/dt_rule.h
@@ -42,6 +42,8 @@ public:
     void add_suboption(const std::string& keyword, const std::string& val);
     void set_curr_options_buffer(const std::string& buffer, bool add_option);
     void update_rule_action(const std::string&);
+    void set_rule_old_action(const std::string&);
+    std::string& get_rule_old_action();
 
     void add_comment(const std::string& comment);
     void bad_rule();
@@ -53,6 +55,7 @@ public:
 
 private:
     std::vector<std::string> comments;
+    std::string old_action;
     std::array<std::string, 7> hdr_data;
     std::vector<RuleOption*> options;
     std::string sticky_buffer;
diff --git a/tools/snort2lua/data/dt_rule_api.cc b/tools/snort2lua/data/dt_rule_api.cc
index 4d3cd84b5..67966f10e 100644
--- a/tools/snort2lua/data/dt_rule_api.cc
+++ b/tools/snort2lua/data/dt_rule_api.cc
@@ -127,6 +127,14 @@ void RuleApi::include_rule_file(const std::string& file_name)
     }
 }
 
+void RuleApi::set_rule_old_action(const std::string &action)
+{
+    if (!curr_rule)
+        begin_rule();
+
+    curr_rule->set_rule_old_action(action);
+}
+
 void RuleApi::add_hdr_data(const std::string& data)
 {
     if (!curr_rule)
@@ -135,6 +143,15 @@ void RuleApi::add_hdr_data(const std::string& data)
     curr_rule->add_hdr_data(data);
 }
 
+std::string& RuleApi::get_rule_old_action()
+{
+    std::string res = "";
+    if (!curr_rule)
+        return res;
+
+    return (curr_rule->get_rule_old_action());
+}
+
 void RuleApi::update_rule_action(const std::string& new_type)
 {
     if (!curr_rule)
diff --git a/tools/snort2lua/data/dt_rule_api.h b/tools/snort2lua/data/dt_rule_api.h
index c5f75d32a..5206677cf 100644
--- a/tools/snort2lua/data/dt_rule_api.h
+++ b/tools/snort2lua/data/dt_rule_api.h
@@ -69,6 +69,8 @@ public:
     void add_suboption(const std::string& keyword);
     void add_suboption(const std::string& keyword, const std::string& val);
     void set_curr_options_buffer(const std::string& buffer, bool add_option=false);
+    void set_rule_old_action(const std::string&);
+    std::string& get_rule_old_action();
 
     void add_comment(const std::string& comment);
     void make_rule_a_comment();
diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc
index bde6f8891..98066667d 100644
--- a/tools/snort2lua/helpers/converter.cc
+++ b/tools/snort2lua/helpers/converter.cc
@@ -37,6 +37,8 @@
 #include "helpers/util_binder.h"
 #include "init_state.h"
 
+#define GID_REPUTATION "136"
+
 TableDelegation table_delegation = 
 {
     { "binder", true },
@@ -44,6 +46,7 @@ TableDelegation table_delegation =
     { "network", true },
     { "normalizer", true},
     { "stream_tcp", true},
+    { "suppress", true},
 };
 
 std::string Converter::ips_pattern;
@@ -265,6 +268,21 @@ int Converter::parse_file(
                         break;
                     }
                 }
+
+                std::string gid = rule_api.get_option("gid");
+                if (0 == gid.compare(GID_REPUTATION) && 0 == rule_api.get_rule_old_action().compare("sdrop"))
+                {
+                    std::string sid = rule_api.get_option("sid");
+                    table_api.open_table("suppress");
+                    table_api.add_diff_option_comment("gen_id", "gid");
+                    table_api.add_diff_option_comment("sid_id", "sid");
+                    table_api.open_table();
+                    table_api.add_option("gid", std::stoi(gid));
+                    table_api.add_option("sid", std::stoi(sid));
+                    table_api.close_table();
+                    table_api.close_table();
+                }
+
                 if (commented_rule)
                     rule_api.make_rule_a_comment();
 
diff --git a/tools/snort2lua/keyword_states/kws_rule.cc b/tools/snort2lua/keyword_states/kws_rule.cc
index 15b1bbb21..a039b6da0 100644
--- a/tools/snort2lua/keyword_states/kws_rule.cc
+++ b/tools/snort2lua/keyword_states/kws_rule.cc
@@ -83,6 +83,10 @@ template<const std::string* name, const std::string* old>
 static ConversionState* conv_rule_ctor(Converter& c)
 {
     c.get_rule_api().add_hdr_data(*name);
+
+    if (*old == "sdrop")
+        c.get_rule_api().set_rule_old_action(*old);
+
     c.get_rule_api().add_comment(
         "The '" + *old + "' ruletype is no longer supported, using " + *name);
     return new RuleHeader(c);
diff --git a/tools/snort2lua/keyword_states/kws_suppress.cc b/tools/snort2lua/keyword_states/kws_suppress.cc
index 226db1ef1..62e1858bf 100644
--- a/tools/snort2lua/keyword_states/kws_suppress.cc
+++ b/tools/snort2lua/keyword_states/kws_suppress.cc
@@ -116,6 +116,8 @@ bool Suppress::convert(std::istringstream& data_stream)
             retval = false;
         }
     }
+    table_api.close_table();
+    table_api.close_table();
 
     return retval;
 }
diff --git a/tools/snort2lua/rule_states/rule_gid_sid.cc b/tools/snort2lua/rule_states/rule_gid_sid.cc
index e28dd315f..66114b4db 100644
--- a/tools/snort2lua/rule_states/rule_gid_sid.cc
+++ b/tools/snort2lua/rule_states/rule_gid_sid.cc
@@ -60,7 +60,7 @@ bool Gid::convert(std::istringstream& data_stream)
 {
     std::string gid = util::get_rule_option_args(data_stream);
 
-    const std::string old_http_gid("120");  
+    const std::string old_http_gid("120");
     if (gid.compare(old_http_gid) == 0)
     {
         const std::string nhi_gid("119");
@@ -75,6 +75,7 @@ bool Gid::convert(std::istringstream& data_stream)
             rule_api.update_option("sid", sid);
         }
     }
+
     rule_api.add_option("gid", gid);
     return set_next_rule_state(data_stream);
 }