aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-09-25 16:44:04 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-09-25 22:35:58 -0400
commit1d6ca5d09eb1db9c0347ffda6712c66cb6edf3f5 (patch)
tree020d030717cc8a2ef1fb57c5ea01b9583ce0a6f0
parent77c2f44c8d91b05e7cbc0dcf80e84e9e66a09751 (diff)
downloadpfsense-packages-1d6ca5d09eb1db9c0347ffda6712c66cb6edf3f5.tar.gz
pfsense-packages-1d6ca5d09eb1db9c0347ffda6712c66cb6edf3f5.tar.bz2
pfsense-packages-1d6ca5d09eb1db9c0347ffda6712c66cb6edf3f5.zip
Add new Snort-specific functions for using Aliases
-rwxr-xr-xconfig/snort/snort.inc95
1 files changed, 95 insertions, 0 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 0a0084c9..9781f5b6 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -83,6 +83,101 @@ $rebuild_rules = false;
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
+function snort_get_alias_value($alias) {
+ /***************************************************/
+ /* This function returns the value of the passed */
+ /* Alias, or an empty string if the value cannot */
+ /* be determined. */
+ /* */
+ /* On Entry: $alias ==> Alias to be evaluated */
+ /* Returns: Alias value as a string or an empty */
+ /* string */
+ /***************************************************/
+
+ global $config;
+
+ $entries = array();
+ $tmp = "";
+
+ // If no Aliases are defined in the configuration,
+ // return an empty string.
+ if (empty($config['aliases']))
+ return $tmp;
+
+ // See if we were passed a valid Alias and return
+ // an empty string if not.
+ if (!is_alias($alias))
+ return $tmp;
+
+ // We have a valid Alias, so find its value or
+ // values and return as a string.
+ return snort_unpack_alias($alias);
+}
+
+function snort_unpack_alias($alias) {
+
+ /**************************************************/
+ /* This function unpacks an Alias to determine */
+ /* the actual values it represents. Any nested */
+ /* Aliases encountered are also unpacked via */
+ /* recursive calls to this function. */
+ /* */
+ /* Fully-qualified-domain-name (FQDN) aliases */
+ /* are detected and resolved via a pfctl() call. */
+ /**************************************************/
+
+ global $config;
+ $value = "";
+
+ // Find the matching Alias entry in config
+ foreach ($config['aliases']['alias'] as $aliased) {
+ if($aliased['name'] == $alias) {
+ $addr = array();
+ $addr = explode(" ", trim($aliased['address']));
+ foreach ($addr as $a) {
+ if (!is_alias($a) && !empty($a)) {
+ if (is_ipaddr($a) || is_subnet($a) || is_port($a))
+ // If address, subnet or port, we found the final value
+ $value .= $a . " ";
+ elseif (is_hostname($a)) {
+ // Found a FQDN value for this Alias, so resolve it
+ $entries = array();
+ exec("/sbin/pfctl -t " . escapeshellarg($alias) . " -T show", $entries);
+ $value .= trim(implode(" ", $entries));
+ }
+ else
+ continue;
+ }
+ elseif (is_alias($a))
+ // Found a nested Alias, so recursively resolve it
+ $value .= snort_unpack_alias($a) . " ";
+ }
+ return trim($value);
+ }
+ }
+ return $value;
+}
+
+function snort_is_single_addr_alias($alias) {
+ /***************************************************/
+ /* This function evaluates the passed Alias to */
+ /* determine if it represents a single IP address, */
+ /* or a network in CIDR form, and returns TRUE if */
+ /* the condition is met, and FALSE if not. */
+ /* */
+ /* On Entry: $alias ==> Alias to be evaluated */
+ /* Returns: TRUE if Alias represents a single */
+ /* IP address or network, and FALSE */
+ /* if not. */
+ /***************************************************/
+
+ /* If spaces in expanded Alias, it's not a single entity */
+ if (strpos(snort_get_alias_value($alias), " ") !== false)
+ return false;
+ else
+ return true;
+}
+
function snort_get_blocked_ips() {
$blocked_ips = "";
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips);