aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-05-14 18:54:14 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-05-14 18:54:14 -0400
commit86b9d0fc9c53fc10ee6a37630b609fb4a5656ba5 (patch)
tree838abb78cc02e3ea60f803b41b53c611616808da /config/snort
parent3de5c81b8c8ea9c4357b70f5aed33b8a6aad8e68 (diff)
downloadpfsense-packages-86b9d0fc9c53fc10ee6a37630b609fb4a5656ba5.tar.gz
pfsense-packages-86b9d0fc9c53fc10ee6a37630b609fb4a5656ba5.tar.bz2
pfsense-packages-86b9d0fc9c53fc10ee6a37630b609fb4a5656ba5.zip
Improve flowbits logic to include bitwise logical operators.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc20
1 files changed, 11 insertions, 9 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 430e5a95..a191d941 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1268,10 +1268,10 @@ function snort_get_flowbits($rule) {
if (preg_match_all('/flowbits\b\s*:\s*(set|setx|unset|toggle|isset|isnotset)\s*,([^;]+)/i', $rule, $matches)) {
$i = -1;
while (++$i < count($matches[1])) {
- $action = trim($matches[1][$i]) . ",";
+ $action = trim($matches[1][$i]);
$target = preg_split('/[&|]/', $matches[2][$i]);
foreach ($target as $t)
- $flowbits[] = $action . trim($t);
+ $flowbits[] = "{$action}," . trim($t);
}
}
@@ -1316,9 +1316,10 @@ function snort_get_checked_flowbits(&$rules_map) {
continue;
$action = substr(strtolower($flowbit), 0, $pos);
if ($action == "isset" || $action == "isnotset") {
- $tmp = substr($flowbit, strpos($flowbit, ",") + 1 );
- if (!empty($tmp))
- $checked_flowbits[$tmp] = $action;
+ $target = preg_split('/[&|]/', substr($flowbit, $pos + 1));
+ foreach ($target as $t)
+ if (!empty($t) && !isset($checked_flowbits[$t]))
+ $checked_flowbits[$t] = $action;
}
}
}
@@ -1356,9 +1357,10 @@ function snort_get_set_flowbits(&$rules_map) {
continue;
$action = substr(strtolower($flowbit), 0, $pos);
if ($action == "set" || $action == "toggle" || $action == "setx") {
- $tmp = substr($flowbit, strpos($flowbit, ",") + 1 );
- if (!empty($tmp))
- $set_flowbits[$tmp] = $action;
+ $target = preg_split('/[&|]/', substr($flowbit, $pos + 1));
+ foreach ($target as $t)
+ if (!empty($t) && !isset($set_flowbits[$t]))
+ $set_flowbits[$t] = $action;
}
}
}
@@ -3162,7 +3164,7 @@ function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
log_error("snort XMLRPC sync successfully completed with {$url}:{$port}.");
}
- /* tell squid to reload our settings on the destination sync host. */
+ /* tell snort to reload our settings on the destination sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/snort/snort.inc');\n";
$execcmd .= "sync_snort_package_config();";