suricata
util-exception-policy.c
Go to the documentation of this file.
1 /* Copyright (C) 2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  */
21 
22 #include "suricata-common.h"
23 #include "suricata.h"
24 #include "packet.h"
25 #include "util-exception-policy.h"
26 #include "util-misc.h"
27 #include "stream-tcp-reassemble.h"
28 #include "action-globals.h"
29 
30 void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
31 {
32  SCLogDebug("start: pcap_cnt %" PRIu64 ", policy %u", p->pcap_cnt, policy);
33  if (EngineModeIsIPS()) {
34  switch (policy) {
36  break;
38  SCLogDebug("EXCEPTION_POLICY_REJECT");
39  PacketDrop(p, ACTION_REJECT, drop_reason);
40  /* fall through */
42  SCLogDebug("EXCEPTION_POLICY_DROP_FLOW");
43  if (p->flow) {
45  FlowSetNoPayloadInspectionFlag(p->flow);
46  FlowSetNoPacketInspectionFlag(p->flow);
48  }
49  /* fall through */
51  SCLogDebug("EXCEPTION_POLICY_DROP_PACKET");
52  DecodeSetNoPayloadInspectionFlag(p);
53  DecodeSetNoPacketInspectionFlag(p);
54  PacketDrop(p, ACTION_DROP, drop_reason);
55  break;
58  /* fall through */
60  SCLogDebug("EXCEPTION_POLICY_PASS_FLOW");
61  if (p->flow) {
63  FlowSetNoPacketInspectionFlag(p->flow); // TODO util func
64  }
65  /* fall through */
67  SCLogDebug("EXCEPTION_POLICY_PASS_PACKET");
68  DecodeSetNoPayloadInspectionFlag(p);
69  DecodeSetNoPacketInspectionFlag(p);
70  break;
71  }
72  }
73  SCLogDebug("end");
74 }
75 
76 enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
77 {
79  const char *value_str = NULL;
80  if ((ConfGet(option, &value_str)) == 1 && value_str != NULL) {
81  if (strcmp(value_str, "drop-flow") == 0) {
83  SCLogConfig("%s: %s", option, value_str);
84  } else if (strcmp(value_str, "pass-flow") == 0) {
86  SCLogConfig("%s: %s", option, value_str);
87  } else if (strcmp(value_str, "bypass") == 0) {
89  SCLogConfig("%s: %s", option, value_str);
90  } else if (strcmp(value_str, "drop-packet") == 0) {
92  SCLogConfig("%s: %s", option, value_str);
93  } else if (strcmp(value_str, "pass-packet") == 0) {
95  SCLogConfig("%s: %s", option, value_str);
96  } else if (strcmp(value_str, "reject") == 0) {
97  policy = EXCEPTION_POLICY_REJECT;
98  SCLogConfig("%s: %s", option, value_str);
99  } else if (strcmp(value_str, "ignore") == 0) { // TODO name?
100  policy = EXCEPTION_POLICY_IGNORE;
101  SCLogConfig("%s: %s", option, value_str);
102  } else {
104  "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
105  "pass-flow, bypass, drop-packet, pass-packet or ignore.",
106  value_str);
107  }
108 
109  if (!support_flow) {
110  if (policy == EXCEPTION_POLICY_DROP_FLOW || policy == EXCEPTION_POLICY_PASS_FLOW ||
111  policy == EXCEPTION_POLICY_BYPASS_FLOW) {
113  "flow actions not supported for %s, defaulting to \"ignore\"", option);
114  policy = EXCEPTION_POLICY_IGNORE;
115  }
116  }
117 
118  } else {
119  SCLogConfig("%s: ignore", option);
120  }
121  return policy;
122 }
123 
124 #ifndef DEBUG
125 
126 int ExceptionSimulationCommandlineParser(const char *name, const char *arg)
127 {
128  return 0;
129 }
130 
131 #else
132 
133 /* exception policy simulation (eps) handling */
134 
135 uint64_t g_eps_applayer_error_offset_ts = UINT64_MAX;
136 uint64_t g_eps_applayer_error_offset_tc = UINT64_MAX;
137 uint64_t g_eps_pcap_packet_loss = UINT64_MAX;
138 uint64_t g_eps_stream_ssn_memcap = UINT64_MAX;
139 uint64_t g_eps_stream_reassembly_memcap = UINT64_MAX;
140 uint64_t g_eps_flow_memcap = UINT64_MAX;
141 uint64_t g_eps_defrag_memcap = UINT64_MAX;
142 bool g_eps_is_alert_queue_fail_mode = false;
143 
144 /* 1: parsed, 0: not for us, -1: error */
145 int ExceptionSimulationCommandlineParser(const char *name, const char *arg)
146 {
147  if (strcmp(name, "simulate-applayer-error-at-offset-ts") == 0) {
148  BUG_ON(arg == NULL);
149  uint64_t offset = 0;
150  if (ParseSizeStringU64(arg, &offset) < 0) {
151  return -1;
152  }
153  g_eps_applayer_error_offset_ts = offset;
154  } else if (strcmp(name, "simulate-applayer-error-at-offset-tc") == 0) {
155  BUG_ON(arg == NULL);
156  uint64_t offset = 0;
157  if (ParseSizeStringU64(arg, &offset) < 0) {
158  return TM_ECODE_FAILED;
159  }
160  g_eps_applayer_error_offset_tc = offset;
161  } else if (strcmp(name, "simulate-packet-loss") == 0) {
162  BUG_ON(arg == NULL);
163  uint64_t pkt_num = 0;
164  if (ParseSizeStringU64(arg, &pkt_num) < 0) {
165  return TM_ECODE_FAILED;
166  }
167  g_eps_pcap_packet_loss = pkt_num;
168  } else if (strcmp(name, "simulate-packet-tcp-reassembly-memcap") == 0) {
169  BUG_ON(arg == NULL);
170  uint64_t pkt_num = 0;
171  if (ParseSizeStringU64(arg, &pkt_num) < 0) {
172  return TM_ECODE_FAILED;
173  }
174  g_eps_stream_reassembly_memcap = pkt_num;
175  } else if (strcmp(name, "simulate-packet-tcp-ssn-memcap") == 0) {
176  BUG_ON(arg == NULL);
177  uint64_t pkt_num = 0;
178  if (ParseSizeStringU64(arg, &pkt_num) < 0) {
179  return TM_ECODE_FAILED;
180  }
181  g_eps_stream_ssn_memcap = pkt_num;
182  } else if (strcmp(name, "simulate-packet-flow-memcap") == 0) {
183  BUG_ON(arg == NULL);
184  uint64_t pkt_num = 0;
185  if (ParseSizeStringU64(arg, &pkt_num) < 0) {
186  return TM_ECODE_FAILED;
187  }
188  g_eps_flow_memcap = pkt_num;
189  } else if (strcmp(name, "simulate-packet-defrag-memcap") == 0) {
190  BUG_ON(arg == NULL);
191  uint64_t pkt_num = 0;
192  if (ParseSizeStringU64(arg, &pkt_num) < 0) {
193  return TM_ECODE_FAILED;
194  }
195  g_eps_defrag_memcap = pkt_num;
196  } else if (strcmp(name, "simulate-alert-queue-realloc-failure") == 0) {
197  g_eps_is_alert_queue_fail_mode = true;
198  } else {
199  // not for us
200  return 0;
201  }
202  return 1;
203 }
204 #endif
ExceptionPolicyApply
void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
Definition: util-exception-policy.c:30
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
FatalErrorOnInit
#define FatalErrorOnInit(x,...)
Fatal error IF we're starting up, and configured to consider errors to be fatal errors.
Definition: util-debug.h:538
PacketBypassCallback
void PacketBypassCallback(Packet *p)
Definition: decode.c:446
ACTION_REJECT
#define ACTION_REJECT
Definition: action-globals.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:594
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:200
action-globals.h
EXCEPTION_POLICY_DROP_PACKET
@ EXCEPTION_POLICY_DROP_PACKET
Definition: util-exception-policy.h:32
stream-tcp-reassemble.h
FLOW_ACTION_DROP
#define FLOW_ACTION_DROP
Definition: flow.h:66
ExceptionSimulationCommandlineParser
int ExceptionSimulationCommandlineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:126
SC_WARN_COMPATIBILITY
@ SC_WARN_COMPATIBILITY
Definition: util-error.h:193
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
PacketDropReason
PacketDropReason
Definition: decode.h:390
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
FLOW_ACTION_PASS
#define FLOW_ACTION_PASS
Definition: flow.h:113
util-exception-policy.h
EXCEPTION_POLICY_REJECT
@ EXCEPTION_POLICY_REJECT
Definition: util-exception-policy.h:34
EXCEPTION_POLICY_IGNORE
@ EXCEPTION_POLICY_IGNORE
Definition: util-exception-policy.h:28
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
EXCEPTION_POLICY_PASS_PACKET
@ EXCEPTION_POLICY_PASS_PACKET
Definition: util-exception-policy.h:29
EXCEPTION_POLICY_DROP_FLOW
@ EXCEPTION_POLICY_DROP_FLOW
Definition: util-exception-policy.h:33
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:289
ExceptionPolicy
ExceptionPolicy
Definition: util-exception-policy.h:27
Packet_
Definition: decode.h:428
Packet_::flow
struct Flow_ * flow
Definition: decode.h:465
ExceptionPolicyParse
enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
Definition: util-exception-policy.c:76
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:431
suricata-common.h
packet.h
ACTION_DROP
#define ACTION_DROP
Definition: action-globals.h:30
EXCEPTION_POLICY_BYPASS_FLOW
@ EXCEPTION_POLICY_BYPASS_FLOW
Definition: util-exception-policy.h:31
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
EXCEPTION_POLICY_PASS_FLOW
@ EXCEPTION_POLICY_PASS_FLOW
Definition: util-exception-policy.h:30
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:242
Flow_::flags
uint32_t flags
Definition: flow.h:434
PacketDrop
void PacketDrop(Packet *p, const uint8_t action, enum PacketDropReason r)
issue drop action
Definition: packet.c:32
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:213
suricata.h
util-misc.h