Skip to content

Commit

Permalink
exceptions: refactor exception policy parse fn
Browse files Browse the repository at this point in the history 
Split up ExceptionPolicyParse to try to improve readability.

Related to
Bug OISF#5825
  • Loading branch information
@jufajardini @victorjulien
jufajardini authored and victorjulien committed Jun 13, 2023
1 parent c0db25d commit bf22129
Showing 1 changed file with 69 additions and 56 deletions.
125 changes: 69 additions & 56 deletions src/util-exception-policy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,76 +148,89 @@ static enum ExceptionPolicy PickPacketAction(const char *option, enum ExceptionP
return p;
}

enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
static enum ExceptionPolicy ExceptionPolicyConfigValueParse(
const char *option, const char *value_str)
{
enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
const char *value_str = NULL;
if ((ConfGet(option, &value_str)) == 1 && value_str != NULL) {
if (strcmp(value_str, "drop-flow") == 0) {
policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW);
} else if (strcmp(value_str, "pass-flow") == 0) {
policy = EXCEPTION_POLICY_PASS_FLOW;
} else if (strcmp(value_str, "bypass") == 0) {
policy = EXCEPTION_POLICY_BYPASS_FLOW;
} else if (strcmp(value_str, "drop-packet") == 0) {
policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET);
} else if (strcmp(value_str, "pass-packet") == 0) {
policy = EXCEPTION_POLICY_PASS_PACKET;
} else if (strcmp(value_str, "reject") == 0) {
policy = EXCEPTION_POLICY_REJECT;
} else if (strcmp(value_str, "ignore") == 0) { // TODO name?
if (strcmp(value_str, "drop-flow") == 0) {
policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW);
} else if (strcmp(value_str, "pass-flow") == 0) {
policy = EXCEPTION_POLICY_PASS_FLOW;
} else if (strcmp(value_str, "bypass") == 0) {
policy = EXCEPTION_POLICY_BYPASS_FLOW;
} else if (strcmp(value_str, "drop-packet") == 0) {
policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET);
} else if (strcmp(value_str, "pass-packet") == 0) {
policy = EXCEPTION_POLICY_PASS_PACKET;
} else if (strcmp(value_str, "reject") == 0) {
policy = EXCEPTION_POLICY_REJECT;
} else if (strcmp(value_str, "ignore") == 0) { // TODO name?
policy = EXCEPTION_POLICY_NOT_SET;
} else if (strcmp(value_str, "auto") == 0) {
if (!EngineModeIsIPS()) {
policy = EXCEPTION_POLICY_NOT_SET;
} else if (strcmp(value_str, "auto") == 0) {
if (!EngineModeIsIPS()) {
policy = EXCEPTION_POLICY_NOT_SET;
} else {
policy = EXCEPTION_POLICY_DROP_FLOW;
}
} else {
FatalErrorOnInit(
"\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
"pass-flow, bypass, drop-packet, pass-packet or ignore.",
value_str);
policy = EXCEPTION_POLICY_DROP_FLOW;
}
} else {
FatalErrorOnInit(
"\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
"pass-flow, bypass, reject, drop-packet, pass-packet or ignore.",
value_str);
}

return policy;
}

static enum ExceptionPolicy ExceptionPolicyMasterParse(const char *value)
{
enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;

policy = ExceptionPolicyConfigValueParse("exception-policy", value);
g_eps_have_exception_policy = true;
policy = SetIPSOption("exception-policy", value, policy);
SCLogConfig("exception-policy set to: %s", ExceptionPolicyEnumToString(policy));

return policy;
}

static enum ExceptionPolicy ExceptionPolicyGetDefault(const char *option, bool support_flow)
{
enum ExceptionPolicy p = EXCEPTION_POLICY_NOT_SET;
if (g_eps_have_exception_policy) {
p = GetMasterExceptionPolicy(option);
if (!support_flow) {
policy = PickPacketAction(option, policy);
p = PickPacketAction(option, p);
}
SCLogConfig("%s: %s (defined via 'exception-policy' master switch)", option,
ExceptionPolicyEnumToString(p));
return p;
} else if (EngineModeIsIPS()) {
p = EXCEPTION_POLICY_DROP_FLOW;
}
SCLogConfig("%s: %s (defined via 'built-in default' for %s-mode)", option,
ExceptionPolicyEnumToString(p), EngineModeIsIPS() ? "IPS" : "IDS");

if (strcmp(option, "exception-policy") == 0) {
g_eps_have_exception_policy = true;
return p;
}

if (strcmp(value_str, "auto") == 0) {
SCLogConfig("%s: %s (because of 'auto' setting in %s-mode)", option,
ExceptionPolicyEnumToString(policy), EngineModeIsIPS() ? "IPS" : "IDS");
} else {
SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
}
} else {
SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
}
enum ExceptionPolicy ExceptionPolicyParse(const char *option, bool support_flow)
{
enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
const char *value_str = NULL;

} else if (strcmp(option, "exception-policy") == 0) {
/* not enabled, we won't change the master exception policy,
for now */
if (!EngineModeIsIPS()) {
policy = EXCEPTION_POLICY_NOT_SET;
if ((ConfGet(option, &value_str)) == 1 && value_str != NULL) {
if (strcmp(option, "exception-policy") == 0) {
policy = ExceptionPolicyMasterParse(value_str);
} else {
policy = EXCEPTION_POLICY_DROP_FLOW;
policy = ExceptionPolicyConfigValueParse(option, value_str);
if (!support_flow) {
policy = PickPacketAction(option, policy);
}
SCLogConfig("%s: %s", option, ExceptionPolicyEnumToString(policy));
}
SCLogConfig("%s: %s (%s-mode)", option, ExceptionPolicyEnumToString(policy),
EngineModeIsIPS() ? "IPS" : "IDS");

} else {
/* Exception Policy was not defined individually */
policy = GetMasterExceptionPolicy(option);
if (g_eps_have_exception_policy) {
SCLogConfig("%s: %s (defined via 'exception-policy' master switch)", option,
ExceptionPolicyEnumToString(policy));
} else {
SCLogConfig("%s: %s (defined via 'built-in default' for %s-mode)", option,
ExceptionPolicyEnumToString(policy), EngineModeIsIPS() ? "IPS" : "IDS");
}
policy = ExceptionPolicyGetDefault(option, support_flow);
}

return policy;
Expand Down

0 comments on commit bf22129

Please sign in to comment.