From f09294e93086a51130b60b9df5e34eff5c0e1fc3 Mon Sep 17 00:00:00 2001 From: "Russ Combs (rucombs)" Date: Tue, 30 Jun 2020 18:18:41 +0000 Subject: [PATCH] Merge pull request #2302 in SNORT/snort3 from ~RUCOMBS/snort3:disable to master Squashed commit of the following: commit 7727770ef9e075cb537853274ee559995b2213ad Author: russ Date: Mon Jun 29 18:09:55 2020 -0400 inspectors: add a virtual disable method for controls In some cases, a complex configuration may include unnecessary control inspectors. The disable method allows them to tell the framework to not call them at runtime. This does not apply to non-control inspectors. The best approach is not configure unnecessary inspection in the first place. --- src/framework/inspector.h | 5 +++++ src/main/snort.cc | 8 ++++++++ src/managers/inspector_manager.cc | 19 +++++++++++++++++++ src/managers/inspector_manager.h | 1 + 4 files changed, 33 insertions(+) diff --git a/src/framework/inspector.h b/src/framework/inspector.h index b51bd701e..a30fe998b 100644 --- a/src/framework/inspector.h +++ b/src/framework/inspector.h @@ -71,6 +71,11 @@ public: // access external dependencies here // return verification status virtual bool configure(SnortConfig*) { return true; } + + // called on controls after everything is configured + // return true if there is nothing to do ever based on config + virtual bool disable(SnortConfig*) { return false; } + virtual void show(const SnortConfig*) const { } // Specific to Binders to notify them of an inspector being removed from the policy diff --git a/src/main/snort.cc b/src/main/snort.cc index f175cc29f..0ccdad0e1 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -191,6 +191,8 @@ void Snort::init(int argc, char** argv) else if ( sc->log_verbose() ) InspectorManager::print_config(sc); + InspectorManager::prepare_controls(sc); + // Must be after InspectorManager::configure() FileService::post_init(sc); @@ -472,6 +474,8 @@ SnortConfig* Snort::get_reload_config(const char* fname, const char* plugin_path return nullptr; } + InspectorManager::prepare_controls(sc); + FileService::verify_reload(sc); if ( get_reload_errors() ) { @@ -569,6 +573,8 @@ SnortConfig* Snort::get_updated_policy( return nullptr; } + InspectorManager::prepare_controls(sc); + other_conf->cloned = true; InspectorManager::update_policy(sc); reloading = false; @@ -608,6 +614,8 @@ SnortConfig* Snort::get_updated_module(SnortConfig* other_conf, const char* name return nullptr; } + InspectorManager::prepare_controls(sc); + other_conf->cloned = true; InspectorManager::update_policy(sc); reloading = false; diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index d42f0a700..f45cad877 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -998,6 +998,25 @@ bool InspectorManager::configure(SnortConfig* sc, bool cloned) return ok; } +// remove any disabled controls while retaining order +void InspectorManager::prepare_controls(SnortConfig* sc) +{ + InspectionPolicy* pi = get_default_inspection_policy(sc); + assert(pi); + + FrameworkPolicy* fp = pi->framework_policy; + assert(fp); + + unsigned c = 0; + + for ( unsigned i = 0; i < fp->control.num; ++i ) + { + if ( !fp->control.vec[i]->handler->disable(sc) ) + fp->control.vec[c++] = fp->control.vec[i]; + } + fp->control.num = c; +} + void InspectorManager::print_config(SnortConfig* sc) { const auto shell_number = sc->policy_map->shells_count(); diff --git a/src/managers/inspector_manager.h b/src/managers/inspector_manager.h index 7e3e3fe65..c76b6f066 100644 --- a/src/managers/inspector_manager.h +++ b/src/managers/inspector_manager.h @@ -71,6 +71,7 @@ public: SO_PUBLIC static void release(Inspector*); static bool configure(SnortConfig*, bool cloned = false); + static void prepare_controls(SnortConfig*); static void print_config(SnortConfig*); static void thread_init(const SnortConfig*); -- 2.47.3