/* Check configs & set up mempool. Mempool stuff is in this function because we want to parse & check *ALL* of the configs before allocating a mempool. */ static int DNP3CheckConfig(struct _SnortConfig *sc) { int rval; unsigned int max_sessions; /* Get default configuration */ dnp3_config_t *default_config = (dnp3_config_t *)sfPolicyUserDataGetDefault(dnp3_context_id); if ( !default_config ) { _dpd.errMsg( "ERROR: preprocessor dnp3 must be configured in the default policy.\n"); return -1; } /* Check all individual configurations */ if ((rval = sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3CheckPolicyConfig))) return rval; /* Set up MemPool, but only if a config exists that's not "disabled". */ if (sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3IsEnabled) == 0) return 0; // FIXTHIS default_config is null when configured in target policy only max_sessions = default_config->memcap / sizeof(dnp3_session_data_t); dnp3_mempool = (MemPool *)calloc(1, sizeof(MemPool)); if (mempool_init(dnp3_mempool, max_sessions, sizeof(dnp3_session_data_t)) != 0) { DynamicPreprocessorFatalMessage("Unable to allocate DNP3 mempool.\n"); } return 0; }
static int SSLPP_CheckConfig(struct _SnortConfig *sc) { #ifdef ENABLE_HA int haNotConfigured = 0; #endif int rval; SSLPP_config_t *defaultConfig = (SSLPP_config_t *)sfPolicyUserDataGetDefault(ssl_config); if ((rval = sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyConfig))) return rval; // Load SSL once for default policy if (defaultConfig) { if( SSLPP_PolicyInit(sc, ssl_config, defaultConfig, _dpd.getDefaultPolicy(), false) != 0 ) return -1; #ifdef ENABLE_HA if (defaultConfig->enable_ssl_ha) { haNotConfigured = (SSLVerifyHAConfig(sc, defaultConfig->ssl_ha_config) != 0); if (haNotConfigured) { _dpd.errMsg("WARNING: SSL HA misconfigured.\n"); return -1; } } #endif } sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyEnabled); return 0; }
static int FileCheckConfig(struct _SnortConfig *sc) { int rval; if ((rval = sfPolicyUserDataIterate (sc, file_config, FileCheckPolicyConfig))) return rval; return 0; }
static int SSLPP_PolicyInit(struct _SnortConfig *sc, tSfPolicyUserContextId ssl_config, SSLPP_config_t *pPolicyConfig, tSfPolicyId policyId, bool reloading) { ssl_callback_interface_t *ssl_cb = (ssl_callback_interface_t *)_dpd.getSSLCallback(); // Load SSL once for default policy if (pPolicyConfig != NULL) { if(pPolicyConfig->pki_dir && pPolicyConfig->ssl_rules_dir && ssl_cb) { if ( ssl_cb->policy_initialize(pPolicyConfig, reloading) != 0 ) { _dpd.errMsg( "SSLPP_PolicyInit(): Failed to initialize ssl_rules_dir and pki_dir.\n"); return -1; } else { if((sfPolicyUserDataIterate (sc, ssl_config, SSLPP_SetSSLPolicy))!= 0) { _dpd.errMsg( "SSLPP_PolicyInit(): SetSSLpolicy failed.\n"); return -1; } } } } return 0; }
static int SIPReloadVerify(struct _SnortConfig *sc, void *swap_config) { tSfPolicyUserContextId sip_swap_config = (tSfPolicyUserContextId)swap_config; SIPConfig * pPolicyConfig = NULL; SIPConfig * pCurrentConfig = NULL; int rval; if (sip_swap_config == NULL) return 0; pPolicyConfig = (SIPConfig *)sfPolicyUserDataGet(sip_swap_config, _dpd.getDefaultPolicy()); if ( pPolicyConfig == NULL ) return 0; if (sip_config != NULL) { pCurrentConfig = (SIPConfig *)sfPolicyUserDataGet(sip_config, _dpd.getDefaultPolicy()); if (!pCurrentConfig) return 0; if (pPolicyConfig->maxNumSessions != pCurrentConfig->maxNumSessions) { _dpd.errMsg("SIP reload: Changing the max_sessions requires a restart.\n"); return -1; } } // validate each policy and do per policy initialization processing if ((rval = sfPolicyUserDataIterate (sc, sip_config, SIPCheckPolicyConfig))) return rval; return 0; }
void SIPFreeConfig(tSfPolicyUserContextId config) { if (config == NULL) return; sfPolicyUserDataIterate (config, SIPFreeConfigPolicy); sfPolicyConfigDelete(config); }
static void ModbusFreeConfig(tSfPolicyUserContextId context_id) { if (context_id == NULL) return; sfPolicyUserDataIterate(context_id, ModbusFreeConfigPolicy); sfPolicyConfigDelete(context_id); }
void Stream5FreeConfigs(tSfPolicyUserContextId config) { if (config == NULL) return; sfPolicyUserDataIterate (config, Stream5FreeConfigsPolicy); sfPolicyConfigDelete(config); }
int SIPCheckConfig(struct _SnortConfig *sc) { int rval; if ((rval = sfPolicyUserDataIterate (sc, sip_config, SIPCheckPolicyConfig))) return rval; return 0; }
static int ModbusCheckConfig(struct _SnortConfig *sc) { int rval; if ((rval = sfPolicyUserDataIterate(sc, modbus_context_id, ModbusCheckPolicyConfig))) return rval; return 0; }
/********************************************************************* * Function: DCE2_ReloadVerify() * * Purpose: Verifies a reloaded DCE/RPC preprocessor configuration * * Arguments: None * * Returns: * int * -1 if changed configuration value requires a restart * 0 if configuration is ok * *********************************************************************/ static int DCE2_ReloadVerify(void) { if ((dce2_swap_config == NULL) || (dce2_config == NULL)) return 0; if (sfPolicyUserDataIterate(dce2_swap_config, DCE2_ReloadVerifyPolicy) != 0) return -1; return 0; }
/********************************************************************* * Function: DCE2_ReloadSwap() * * Purpose: Swaps a new config for the old one. * * Arguments: None * * Returns: None * *********************************************************************/ static void * DCE2_ReloadSwap(void) { tSfPolicyUserContextId old_config = dce2_config; if (dce2_swap_config == NULL) return NULL; dce2_config = dce2_swap_config; dce2_swap_config = NULL; sfPolicyUserDataIterate (old_config, DCE2_ReloadSwapPolicy); if (sfPolicyUserPolicyGetActive(old_config) == 0) return (void *)old_config; return NULL; }
static void * SIPReloadSwap(void) { tSfPolicyUserContextId old_config = sip_config; if (sip_swap_config == NULL) return NULL; sip_config = sip_swap_config; sip_swap_config = NULL; sfPolicyUserDataIterate (old_config, SIPFreeUnusedConfigPolicy); if (sfPolicyUserPolicyGetActive(old_config) == 0) { /* No more outstanding configs - free the config array */ return (void *)old_config; } return NULL; }
static void * ModbusReloadSwap(void) { tSfPolicyUserContextId old_context_id = modbus_context_id; if (modbus_swap_context_id == NULL) return NULL; modbus_context_id = modbus_swap_context_id; modbus_swap_context_id = NULL; sfPolicyUserDataIterate(old_context_id, ModbusFreeUnusedConfigPolicy); if (sfPolicyUserPolicyGetActive(old_context_id) == 0) { /* No more outstanding configs - free the config array */ return (void *)old_context_id; } return NULL; }
/********************************************************************* * Function: DCE2_CheckConfig() * * Purpose: Verifies the DCE/RPC preprocessor configuration * * Arguments: None * * Returns: None * *********************************************************************/ static void DCE2_CheckConfig(void) { sfPolicyUserDataIterate (dce2_config, DCE2_CheckConfigPolicy); }
void SIPCheckConfig(void) { sfPolicyUserDataIterate (sip_config, SIPCheckPolicyConfig); }
static void SSHCheckConfig(void) { sfPolicyUserDataIterate (ssh_config, SSHCheckPolicyConfig); }
void GTPCheckConfig(void) { sfPolicyUserDataIterate (gtp_config, GTPCheckPolicyConfig); }
static void ModbusCheckConfig(void) { sfPolicyUserDataIterate(modbus_context_id, ModbusCheckPolicyConfig); }