From: Michael Altizer (mialtize) Date: Fri, 20 Mar 2020 16:59:53 +0000 (+0000) Subject: Merge pull request #1957 in SNORT/snort3 from ~SELYSENK/snort3:bug/network_policy_nul... X-Git-Tag: 3.0.0-270~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3c57251c9941a731c52ff14ba8feba707ded1ca;p=thirdparty%2Fsnort3.git Merge pull request #1957 in SNORT/snort3 from ~SELYSENK/snort3:bug/network_policy_nullptr to master Squashed commit of the following: commit 691b1f3af718cf70893c4026b1d480ca1abe3d9b Author: Serhii Lysenko Date: Thu Mar 5 13:37:53 2020 +0200 loggers: update usage to GLOBAL for all loggers commit d661b7e1eac7fdb3386ac4cbab537de72ebfcabb Author: Bhagya Tholpady Date: Wed Mar 4 11:26:20 2020 -0500 snort2lua: don't print out network_policy binding commit 43de169f5a6f10c0c03bfe6521bd22dfab0a0b17 Author: Bhagya Tholpady Date: Wed Mar 4 11:25:22 2020 -0500 binder: ignore the network_policy binding commit 3ac2647f7f2e358ab6205adabd9e22a4643ef845 Author: Bhagya Tholpady Date: Wed Feb 26 20:23:07 2020 -0500 filters: update threshold tracking functions General event threshold tracking functions take one more parameter policy_id. Usage for suppress and rate_filter modules is changed to CONTEXT. event_filter, rate_filter and suppress modules use get_network_policy to get the policy_id passed to the generic threshold tracking. detection filter module uses get_ips_policy to get the policy_id passed to the generic threshold traching. --- diff --git a/doc/style.txt b/doc/style.txt index 0059a4a6b..6113b4f52 100644 --- a/doc/style.txt +++ b/doc/style.txt @@ -94,10 +94,10 @@ yet firm so feedback is welcome to get something we can live with. day or even just a minute. That way we can find them easily and won't lose track of them. -* Presently using FIXIT-X where X = A | W | P | H | M | L, indicating analysis, - warning, perf, high, med, or low priority. Place A and W comments on the - exact warning line so we can match up comments and build output. Supporting - comments can be added above. +* Presently using FIXIT-X where X = A | W | P | H | M | L | D, indicating + analysis, warning, perf, high, med, low priority, or deprecated. Place A and + W comments on the exact warning line so we can match up comments and build + output. Supporting comments can be added above. * Put the copyright(s) and license in a comment block at the top of each source file (.h and .cc). Don't bother with trivial scripts and make diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index 84f3f56d6..55057a973 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -189,7 +189,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) filterEvent = sfthreshold_test( otn->sigInfo.gid, otn->sigInfo.sid, p->ptrs.ip_api.get_src(), p->ptrs.ip_api.get_dst(), - p->pkth->ts.tv_sec); + p->pkth->ts.tv_sec, get_network_policy()->policy_id); } else { @@ -198,7 +198,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) filterEvent = sfthreshold_test( otn->sigInfo.gid, otn->sigInfo.sid, - &cleared, &cleared, p->pkth->ts.tv_sec); + &cleared, &cleared, p->pkth->ts.tv_sec, get_network_policy()->policy_id); } if ( (filterEvent < 0) || (filterEvent > 0 && !override) ) diff --git a/src/filters/detection_filter.cc b/src/filters/detection_filter.cc index 5d30a7818..2ca26927d 100644 --- a/src/filters/detection_filter.cc +++ b/src/filters/detection_filter.cc @@ -59,7 +59,7 @@ int detection_filter_test(void* pv, const SfIp* sip, const SfIp* dip, long curti return 0; return sfthd_test_rule(detection_filter_hash, (THD_NODE*)pv, - sip, dip, curtime); + sip, dip, curtime, get_ips_policy()->policy_id); } THD_NODE* detection_filter_create(DetectionFilterConfig* df_config, THDX_STRUCT* thdx) diff --git a/src/filters/sfthd.cc b/src/filters/sfthd.cc index 6eaaa5d2d..3d1c06eed 100644 --- a/src/filters/sfthd.cc +++ b/src/filters/sfthd.cc @@ -162,48 +162,45 @@ static void sfthd_node_free(void* node) void sfthd_objs_free(ThresholdObjects* thd_objs) { - int i; - PolicyId policyId; - if (thd_objs == nullptr) return; - for (i = 0; i < THD_MAX_GENID; i++) + for (int i = 0; i < THD_MAX_GENID; i++) { if ( thd_objs->sfthd_array[i] ) delete thd_objs->sfthd_array[i]; } - for (policyId = 0; policyId < thd_objs->numPoliciesAllocated; policyId++) + for (PolicyId policy_id = 0; policy_id < thd_objs->numPoliciesAllocated; policy_id++) { - if ( !thd_objs->sfthd_garray[policyId] ) + if ( !thd_objs->sfthd_garray[policy_id] ) continue; - if ( thd_objs->sfthd_garray[policyId][0] ) + if ( thd_objs->sfthd_garray[policy_id][0] ) { - sfthd_node_free(thd_objs->sfthd_garray[policyId][0]); + sfthd_node_free(thd_objs->sfthd_garray[policy_id][0]); /* Free any individuals */ - for (i = 0; i < THD_MAX_GENID; i++) + for (int i = 0; i < THD_MAX_GENID; i++) { - if ( thd_objs->sfthd_garray[policyId][i] != - thd_objs->sfthd_garray[policyId][0] ) + if ( thd_objs->sfthd_garray[policy_id][i] != + thd_objs->sfthd_garray[policy_id][0] ) { - sfthd_node_free(thd_objs->sfthd_garray[policyId][i]); + sfthd_node_free(thd_objs->sfthd_garray[policy_id][i]); } } } else { /* Anything other GID will be allocated individually */ - for (i = 1; i < THD_MAX_GENID; i++) + for (int i = 1; i < THD_MAX_GENID; i++) { - if ( thd_objs->sfthd_garray[policyId][i] ) - sfthd_node_free(thd_objs->sfthd_garray[policyId][i]); + if ( thd_objs->sfthd_garray[policy_id][i] ) + sfthd_node_free(thd_objs->sfthd_garray[policy_id][i]); } } - snort_free(thd_objs->sfthd_garray[policyId]); + snort_free(thd_objs->sfthd_garray[policy_id]); } if ( thd_objs->sfthd_garray ) @@ -278,15 +275,13 @@ the current event should be logged or dropped. */ static int sfthd_create_threshold_local( - SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) + SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config, PolicyId policy_id) { GHash* sfthd_hash; THD_ITEM* sfthd_item; THD_NODE* sfthd_node; tThdItemKey key; - PolicyId policy_id = get_network_policy()->policy_id; - if (thd_objs == nullptr ) return -1; @@ -468,10 +463,9 @@ static int sfthd_create_threshold_local( /* */ static int sfthd_create_threshold_global( - SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) + SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config, PolicyId policy_id) { THD_NODE* sfthd_node; - PolicyId policy_id = get_network_policy()->policy_id; if (thd_objs == nullptr) return -1; @@ -581,10 +575,9 @@ int sfthd_create_threshold( int priority, int count, int seconds, - sfip_var_t* ip_address) + sfip_var_t* ip_address, PolicyId policy_id) { //allocate memory fpr sfthd_array if needed. - PolicyId policyId = get_network_policy()->policy_id; THD_NODE sfthd_node; memset(&sfthd_node, 0, sizeof(sfthd_node)); @@ -601,24 +594,24 @@ int sfthd_create_threshold( sfthd_node.ip_address= ip_address; // FIXIT-L convert to std::vector - sfDynArrayCheckBounds ((void**)&thd_objs->sfthd_garray, policyId, + sfDynArrayCheckBounds ((void**)&thd_objs->sfthd_garray, policy_id, &thd_objs->numPoliciesAllocated); - if (thd_objs->sfthd_garray[policyId] == nullptr) + if (thd_objs->sfthd_garray[policy_id] == nullptr) { - thd_objs->sfthd_garray[policyId] = + thd_objs->sfthd_garray[policy_id] = (THD_NODE**)snort_calloc(THD_MAX_GENID, sizeof(THD_NODE*)); } if ( sig_id == 0 ) { - return sfthd_create_threshold_global(sc, thd_objs, &sfthd_node); + return sfthd_create_threshold_global(sc, thd_objs, &sfthd_node, policy_id); } if ( gen_id == 0 ) return -1; - return sfthd_create_threshold_local(sc, thd_objs, &sfthd_node); + return sfthd_create_threshold_local(sc, thd_objs, &sfthd_node, policy_id); } #ifdef THD_DEBUG @@ -631,12 +624,12 @@ static char* printIP(unsigned u, char* buf, unsigned len) #endif int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node, - const SfIp* sip, const SfIp* dip, long curtime) + const SfIp* sip, const SfIp* dip, long curtime, PolicyId policy_id) { if ((rule_hash == nullptr) || (sfthd_node == nullptr)) return 0; - int status = sfthd_test_local(rule_hash, sfthd_node, sip, dip, curtime); + int status = sfthd_test_local(rule_hash, sfthd_node, sip, dip, curtime, policy_id); return (status < -1) ? 1 : status; } @@ -823,14 +816,13 @@ int sfthd_test_local( THD_NODE* sfthd_node, const SfIp* sip, const SfIp* dip, - time_t curtime) + time_t curtime, + PolicyId policy_id) { THD_IP_NODE_KEY key; THD_IP_NODE data,* sfthd_ip_node; const SfIp* ip; - PolicyId policy_id = get_network_policy()->policy_id; - #ifdef THD_DEBUG char buf[24]; printf("THD_DEBUG: Key THD_NODE IP=%s,", @@ -925,15 +917,14 @@ static inline int sfthd_test_global( unsigned sig_id, /* from current event */ const SfIp* sip, /* " */ const SfIp* dip, /* " */ - time_t curtime) + time_t curtime, + PolicyId policy_id) { THD_IP_GNODE_KEY key; THD_IP_NODE data; THD_IP_NODE* sfthd_ip_node; const SfIp* ip; - PolicyId policy_id = get_network_policy()->policy_id; - #ifdef THD_DEBUG char buf[24]; printf("THD_DEBUG: Global THD_NODE IP=%s,", @@ -1039,7 +1030,8 @@ int sfthd_test_threshold( unsigned sig_id, const SfIp* sip, const SfIp* dip, - long curtime) + long curtime, + PolicyId policy_id) { tThdItemKey key; GHash* sfthd_hash; @@ -1050,8 +1042,6 @@ int sfthd_test_threshold( int cnt; #endif - PolicyId policy_id = get_network_policy()->policy_id; - if ((thd_objs == nullptr) || (thd == nullptr)) return 0; @@ -1126,7 +1116,7 @@ int sfthd_test_threshold( /* * Test SUPPRESSION and THRESHOLDING */ - int status = sfthd_test_local(thd->ip_nodes, sfthd_node, sip, dip, curtime); + int status = sfthd_test_local(thd->ip_nodes, sfthd_node, sip, dip, curtime, policy_id); if ( status < 0 ) /* -1 == Don't log and stop looking */ { @@ -1167,7 +1157,8 @@ global_test: if ( g_thd_node ) { - int status = sfthd_test_global(thd->ip_gnodes, g_thd_node, sig_id, sip, dip, curtime); + int status = sfthd_test_global(thd->ip_gnodes, g_thd_node, sig_id, + sip, dip, curtime, policy_id); if ( status < 0 ) /* -1 == Don't log and stop looking */ { diff --git a/src/filters/sfthd.h b/src/filters/sfthd.h index 4b240acc1..844a20a2d 100644 --- a/src/filters/sfthd.h +++ b/src/filters/sfthd.h @@ -228,7 +228,7 @@ ThresholdObjects* sfthd_objs_new(); void sfthd_objs_free(ThresholdObjects*); int sfthd_test_rule(snort::XHash* rule_hash, THD_NODE* sfthd_node, - const snort::SfIp* sip, const snort::SfIp* dip, long curtime); + const snort::SfIp* sip, const snort::SfIp* dip, long curtime, PolicyId policy_id); THD_NODE* sfthd_create_rule_threshold( int id, @@ -241,18 +241,18 @@ void sfthd_node_free(THD_NODE*); int sfthd_create_threshold(snort::SnortConfig*, ThresholdObjects*, unsigned gen_id, unsigned sig_id, int tracking, int type, int priority, int count, - int seconds, sfip_var_t* ip_address); + int seconds, sfip_var_t* ip_address, PolicyId policy_id); // 1: don't log due to event_filter // 0: log // -1: don't log due to suppress int sfthd_test_threshold(ThresholdObjects*, THD_STRUCT*, unsigned gen_id, unsigned sig_id, - const snort::SfIp* sip, const snort::SfIp* dip, long curtime); + const snort::SfIp* sip, const snort::SfIp* dip, long curtime, PolicyId policy_id); snort::XHash* sfthd_new_hash(unsigned, size_t, size_t); int sfthd_test_local(snort::XHash* local_hash, THD_NODE* sfthd_node, const snort::SfIp* sip, - const snort::SfIp* dip, time_t curtime); + const snort::SfIp* dip, time_t curtime, PolicyId policy_id); #ifdef THD_DEBUG int sfthd_show_objects(THD_STRUCT* thd); diff --git a/src/filters/sfthd_test.cc b/src/filters/sfthd_test.cc index 5058d4a08..8ce8b81e3 100644 --- a/src/filters/sfthd_test.cc +++ b/src/filters/sfthd_test.cc @@ -760,7 +760,7 @@ static void Init(ThreshData* base, int max) p->create = sfthd_create_threshold(nullptr, pThdObjs, p->gid, p->sid, p->tracking, p->type, PRIORITY, - p->count, p->seconds, set); + p->count, p->seconds, set, get_network_policy()->policy_id); continue; } @@ -843,12 +843,12 @@ static int EventTest(EventData* p, THD_NODE* rule) if ( rule ) { - status = sfthd_test_rule(dThd, rule, &sip, &dip, curtime); + status = sfthd_test_rule(dThd, rule, &sip, &dip, curtime, get_ips_policy()->policy_id); } else { status = sfthd_test_threshold( - pThdObjs, pThd, p->gid, p->sid, &sip, &dip, curtime); + pThdObjs, pThd, p->gid, p->sid, &sip, &dip, curtime, get_network_policy()->policy_id); } return status; diff --git a/src/filters/sfthreshold.cc b/src/filters/sfthreshold.cc index e173dffd7..15f071d6d 100644 --- a/src/filters/sfthreshold.cc +++ b/src/filters/sfthreshold.cc @@ -107,7 +107,7 @@ int sfthreshold_alloc(unsigned int l_memcap, unsigned int g_memcap) int sfthreshold_create( - SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx) + SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx, PolicyId policy_id) { if (thd_config == nullptr) return -1; @@ -127,7 +127,8 @@ int sfthreshold_create( thdx->priority, thdx->count, thdx->seconds, - thdx->ip_address); + thdx->ip_address, + policy_id); } /* @@ -141,7 +142,7 @@ int sfthreshold_create( !0 - don't log */ int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip, - const SfIp* dip, long curtime) + const SfIp* dip, long curtime, PolicyId policy_id) { if ((SnortConfig::get_conf()->threshold_config == nullptr) || !SnortConfig::get_conf()->threshold_config->enabled) @@ -153,7 +154,7 @@ int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip, { thd_checked = 1; thd_answer = sfthd_test_threshold(SnortConfig::get_conf()->threshold_config->thd_objs, - thd_runtime, gen_id, sig_id, sip, dip, curtime); + thd_runtime, gen_id, sig_id, sip, dip, curtime, policy_id); } return thd_answer; diff --git a/src/filters/sfthreshold.h b/src/filters/sfthreshold.h index fc93e5e72..631735ca6 100644 --- a/src/filters/sfthreshold.h +++ b/src/filters/sfthreshold.h @@ -20,6 +20,8 @@ #ifndef SFTHRESHOLD_H #define SFTHRESHOLD_H +#include "main/policy.h" + namespace snort { struct SfIp; @@ -38,9 +40,10 @@ struct ThresholdConfig ThresholdConfig* ThresholdConfigNew(); void ThresholdConfigFree(ThresholdConfig*); void sfthreshold_reset(); -int sfthreshold_create(snort::SnortConfig*, ThresholdConfig*, THDX_STRUCT*); +int sfthreshold_create(snort::SnortConfig*, ThresholdConfig*, THDX_STRUCT*, PolicyId); int sfthreshold_test( - unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime); + unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime, + PolicyId); void sfthreshold_free(); int sfthreshold_alloc(unsigned int l_memcap, unsigned int g_memcap); diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index 91d44be93..c3451bb82 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -512,7 +512,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: bool file; diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index d1a665c53..26a7befd0 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -98,7 +98,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: size_t limit; diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index d7d966b42..65225603f 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -84,7 +84,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: bool file; diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index 8f7d1cac6..386f1bdcf 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -700,7 +700,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: bool file; diff --git a/src/loggers/alert_luajit.cc b/src/loggers/alert_luajit.cc index 17620bced..79e6c974d 100644 --- a/src/loggers/alert_luajit.cc +++ b/src/loggers/alert_luajit.cc @@ -122,7 +122,7 @@ public: { return &luaLogPerfStats; } Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: std::string args; diff --git a/src/loggers/alert_sf_socket.cc b/src/loggers/alert_sf_socket.cc index ea4f8d2a2..92469fb22 100644 --- a/src/loggers/alert_sf_socket.cc +++ b/src/loggers/alert_sf_socket.cc @@ -100,7 +100,7 @@ public: bool end(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: string file; diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index eb7b40d37..3f7fd0ee7 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -148,7 +148,7 @@ public: bool end(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: int facility; diff --git a/src/loggers/alert_talos.cc b/src/loggers/alert_talos.cc index 576a45000..807531dc5 100644 --- a/src/loggers/alert_talos.cc +++ b/src/loggers/alert_talos.cc @@ -98,6 +98,9 @@ class TalosModule : public Module { public: TalosModule() : Module(S_NAME, s_help, s_params) { } + + Usage get_usage() const override + { return GLOBAL; } }; //------------------------------------------------------------------------- diff --git a/src/loggers/alert_unixsock.cc b/src/loggers/alert_unixsock.cc index ca3b3bf88..bbe25d291 100644 --- a/src/loggers/alert_unixsock.cc +++ b/src/loggers/alert_unixsock.cc @@ -109,7 +109,7 @@ public: { return false; } Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } }; //------------------------------------------------------------------------- diff --git a/src/loggers/log_codecs.cc b/src/loggers/log_codecs.cc index e995ca8f0..67814976a 100644 --- a/src/loggers/log_codecs.cc +++ b/src/loggers/log_codecs.cc @@ -68,7 +68,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: bool print_to_file; diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc index 08e253578..0dd4c6ef0 100644 --- a/src/loggers/log_hext.cc +++ b/src/loggers/log_hext.cc @@ -193,7 +193,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: bool file; diff --git a/src/loggers/log_pcap.cc b/src/loggers/log_pcap.cc index 5a7eb1156..ccdc1791c 100644 --- a/src/loggers/log_pcap.cc +++ b/src/loggers/log_pcap.cc @@ -93,7 +93,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: size_t limit; diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 5324a4c4f..808175c94 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -814,7 +814,7 @@ public: bool begin(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return CONTEXT; } + { return GLOBAL; } public: size_t limit; diff --git a/src/main/modules.cc b/src/main/modules.cc index 4cdd48727..b21043ce1 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -1422,7 +1422,7 @@ public: bool end(const char*, int, SnortConfig*) override; Usage get_usage() const override - { return DETECT; } + { return CONTEXT; } private: THDX_STRUCT thdx; @@ -1459,7 +1459,7 @@ bool SuppressModule::begin(const char*, int, SnortConfig*) bool SuppressModule::end(const char*, int idx, SnortConfig* sc) { - if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx) ) + if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) ) { ParseError("bad suppress configuration [%d]", idx); return false; @@ -1573,7 +1573,7 @@ bool EventFilterModule::begin(const char*, int, SnortConfig*) bool EventFilterModule::end(const char*, int idx, SnortConfig* sc) { - if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx) ) + if ( idx && sfthreshold_create(sc, sc->threshold_config, &thdx, get_network_policy()->policy_id) ) { ParseError("bad event_filter configuration [%d]", idx); return false; @@ -1649,7 +1649,7 @@ public: } Usage get_usage() const override - { return DETECT; } + { return CONTEXT; } private: tSFRFConfigNode thdx; diff --git a/src/network_inspectors/binder/bind_module.cc b/src/network_inspectors/binder/bind_module.cc index e8fad1044..ab731ab07 100644 --- a/src/network_inspectors/binder/bind_module.cc +++ b/src/network_inspectors/binder/bind_module.cc @@ -122,7 +122,7 @@ static const Parameter binder_use_params[] = "use ips policy from given file" }, { "network_policy", Parameter::PT_STRING, nullptr, nullptr, - "use network policy from given file" }, + "deprecated, ignored by binder" }, { "service", Parameter::PT_STRING, nullptr, nullptr, "override automatic service identification" }, @@ -326,6 +326,15 @@ bool BinderModule::end(const char* fqn, int idx, SnortConfig* sc) return true; } + // FIXIT-D: remove this when network_policy binding is deleted from + // the binder's options + if ( work->use.type == NETWORK_KEY ) + { + delete work; + work = nullptr; + return true; + } + if ( unsplit_nets && work->when.split_nets ) split_nets_warning(); @@ -344,7 +353,6 @@ bool BinderModule::end(const char* fqn, int idx, SnortConfig* sc) auto policies = sc->policy_map->add_shell(sh); work->use.inspection_index = policies->inspection->policy_id + 1; work->use.ips_index = policies->ips->policy_id + 1; - work->use.network_index = policies->network->policy_id + 1; } else if ( work->use.type == INSPECTION_KEY ) { @@ -356,11 +364,6 @@ bool BinderModule::end(const char* fqn, int idx, SnortConfig* sc) Shell* sh = new Shell(work->use.name.c_str()); work->use.ips_index = sc->policy_map->add_ips_shell(sh) + 1; } - else if ( work->use.type == NETWORK_KEY ) - { - Shell* sh = new Shell(work->use.name.c_str()); - work->use.network_index = sc->policy_map->add_network_shell(sh) + 1; - } if ( work->use.name.empty() ) work->use.name = work->use.type; diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc index 9790710dc..3e0348cf7 100644 --- a/src/network_inspectors/binder/binder.cc +++ b/src/network_inspectors/binder/binder.cc @@ -82,7 +82,6 @@ Binding::Binding() use.inspection_index = 0; use.ips_index = 0; - use.network_index = 0; use.action = BindUse::BA_INSPECT; use.what = BindUse::BW_NONE; @@ -743,7 +742,7 @@ bool Binder::configure(SnortConfig* sc) ParseError("can't bind. ips_policy_id %u does not exist", pb->when.ips_id); } - if ( !pb->use.ips_index and !pb->use.inspection_index and !pb->use.network_index ) + if ( !pb->use.ips_index and !pb->use.inspection_index ) set_binding(sc, pb); } @@ -818,7 +817,7 @@ void Binder::handle_flow_service_change( Flow* flow ) for ( unsigned i = 0; i < sz; i++ ) { Binding* pb = bindings[i]; - if ( pb->use.ips_index or pb->use.inspection_index or pb->use.network_index ) + if ( pb->use.ips_index or pb->use.inspection_index ) continue; if ( pb->use.what == BindUse::BW_WIZARD ) @@ -925,15 +924,14 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi // FIXIT-L This will select the first policy ID of each type that it finds and ignore the rest. // It gets potentially hairy if people start specifying overlapping policy types in // overlapping rules. - bool inspection_set = false, ips_set = false, network_set = false; + bool inspection_set = false, ips_set = false; for ( unsigned i = 0; i < sz; i++ ) { Binding* pb = bindings[i]; // Skip any rules that don't contain an ID for a policy type we haven't set yet. if ( (!pb->use.inspection_index or inspection_set) and - (!pb->use.ips_index or ips_set) and - (!pb->use.network_index or network_set) ) + (!pb->use.ips_index or ips_set) ) continue; if ( !pb->check_all(flow, p, service) ) @@ -955,13 +953,6 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi ips_set = true; } - if ( pb->use.network_index and !network_set ) - { - set_network_policy(SnortConfig::get_conf(), pb->use.network_index - 1); - if (!service) - flow->network_policy_id = pb->use.network_index - 1; - network_set = true; - } } Binder* sub = InspectorManager::get_binder(); @@ -979,7 +970,7 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi { Binding* pb = bindings[i]; - if ( pb->use.ips_index or pb->use.inspection_index or pb->use.network_index ) + if ( pb->use.ips_index or pb->use.inspection_index ) continue; if ( !pb->check_all(flow, p, service) ) diff --git a/src/network_inspectors/binder/binding.h b/src/network_inspectors/binder/binding.h index 550176400..77ba0ddce 100644 --- a/src/network_inspectors/binder/binding.h +++ b/src/network_inspectors/binder/binding.h @@ -72,7 +72,6 @@ struct BindUse std::string name; Action action; - unsigned network_index; unsigned inspection_index; unsigned ips_index; What what; diff --git a/tools/snort2lua/config_states/config_binding.cc b/tools/snort2lua/config_states/config_binding.cc index 27cfee91d..d1202edc1 100644 --- a/tools/snort2lua/config_states/config_binding.cc +++ b/tools/snort2lua/config_states/config_binding.cc @@ -213,12 +213,6 @@ bool Binding::convert(std::istringstream& data_stream) bind.set_use_file(file, is_ips ? Binder::IT_IPS : Binder::IT_FILE); - // FIXIT-H this resets network config by forcing network policy to swap with ips selection - if ( is_ips ) - { - net_bind.set_use_file(file, Binder::IT_NETWORK); - net_bind.print_binding(true); - } return rc; } diff --git a/tools/snort2lua/helpers/util_binder.cc b/tools/snort2lua/helpers/util_binder.cc index 272b0f306..eb5b9084b 100644 --- a/tools/snort2lua/helpers/util_binder.cc +++ b/tools/snort2lua/helpers/util_binder.cc @@ -118,10 +118,6 @@ void Binder::add_to_configuration() opt_name = "ips_policy"; break; - case IT_NETWORK: - opt_name = "network_policy"; - break; - default: // This should always be set explicitly if a file name exists. assert(false); diff --git a/tools/snort2lua/helpers/util_binder.h b/tools/snort2lua/helpers/util_binder.h index 06ab905d0..19576c8e6 100644 --- a/tools/snort2lua/helpers/util_binder.h +++ b/tools/snort2lua/helpers/util_binder.h @@ -34,7 +34,7 @@ class Binder { public: enum IncludeType - { IT_NONE, IT_FILE, IT_INSPECTION, IT_IPS, IT_NETWORK }; + { IT_NONE, IT_FILE, IT_INSPECTION, IT_IPS }; typedef std::pair IncludeTypePair;