madscientist
/
SNFMulti
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Sfoglia il codice sorgente

converted snfIPRange from enum to enum class

master
Pete McNeil 3 anni fa
parent
d122549f7e
commit
fe5e00d82c
6 ha cambiato i file con 61 aggiunte e 61 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 22
    22
      SNFMulti.cpp
  2. 9
    9
      snfCFGmgr.cpp
  3. 1
    1
      snfCFGmgr.hpp
  4. 15
    15
      snfLOGmgr.cpp
  5. 7
    7
      snfNETmgr.cpp
  6. 7
    7
      snfXCImgr.cpp

+ 22
- 22
SNFMulti.cpp Vedi File

@@ -638,25 +638,25 @@ IPTestRecord& snf_RulebaseHandler::performIPTest(IPTestRecord& I) {
// Convert the RangeEvaluation into the configured Code

switch(I.R) {
case Unknown: // Unknown - not defined.
case Normal: // Benefit of the doubt.
case New: { // It is new to us.
case snfIPRange::Unknown: // Unknown - not defined.
case snfIPRange::Normal: // Benefit of the doubt.
case snfIPRange::New: { // It is new to us.
I.Code = 0; // Zero is the default - no code.
break;
}
case White: { // This is a good guy.
case snfIPRange::White: { // This is a good guy.
I.Code = MyCFGPacket.Config()->WhiteRangeHandler.Symbol;
break;
}
case Caution: { // This is suspicious.
case snfIPRange::Caution: { // This is suspicious.
I.Code = MyCFGPacket.Config()->CautionRangeHandler.Symbol;
break;
}
case Black: { // This is bad.
case snfIPRange::Black: { // This is bad.
I.Code = MyCFGPacket.Config()->BlackRangeHandler.Symbol;
break;
}
case Truncate: { // Don't even bother looking.
case snfIPRange::Truncate: { // Don't even bother looking.
I.Code = MyCFGPacket.Config()
->gbudb_regions_black_truncate_symbol;
break;
@@ -834,13 +834,13 @@ std::string& snf_IPTestEngine::test(std::string& input, std::string& output) {
// We will also emit a range identifier for pattern matches that might use it.

switch(IPR) {
case Unknown: { S << " Unknown"; break; } // Unknown - not defined.
case White: { S << " White"; break; } // This is a good guy.
case Normal: { S << " Normal"; break; } // Benefit of the doubt.
case New: { S << " New"; break; } // It is new to us.
case Caution: { S << " Caution"; break; } // This is suspicious.
case Black: { S << " Black"; break; } // This is bad.
case Truncate: { S << " Truncate"; break; } // Don't even bother looking.
case snfIPRange::Unknown: { S << " Unknown"; break; } // Unknown - not defined.
case snfIPRange::White: { S << " White"; break; } // This is a good guy.
case snfIPRange::Normal: { S << " Normal"; break; } // Benefit of the doubt.
case snfIPRange::New: { S << " New"; break; } // It is new to us.
case snfIPRange::Caution: { S << " Caution"; break; } // This is suspicious.
case snfIPRange::Black: { S << " Black"; break; } // This is bad.
case snfIPRange::Truncate: { S << " Truncate"; break; } // Don't even bother looking.
}

ScanData->SourceIPEvaluation = S.str(); // Capture the source IP eval.
@@ -851,7 +851,7 @@ std::string& snf_IPTestEngine::test(std::string& input, std::string& output) {
// range. If the Good flag is set the function always returns White so
// here we only have to check for the Truncate flag.

if(Truncate == IPR) { // If all of the conditions are met
if(snfIPRange::Truncate == IPR) { // If all of the conditions are met
ScanData->GBUdbTruncateTriggered = true; // then Truncate has been triggered.
ScanData->GBUdbPeekTriggered = LOGmgr->OkToPeek( // Since truncate was triggered, see if
CFGData->gbudb_regions_black_truncate_peek_one_in); // we would also trigger a peek.
@@ -1790,7 +1790,7 @@ int snf_EngineHandler::scanMessage(

switch(MyScanData.SourceIPRange()) {

case White: { // If the IP was in the white zone
case snfIPRange::White: { // If the IP was in the white zone
MyScanData.GBUdbWhiteTriggered = true; // mark that down.
if(MyCFGPacket.Config()->WhiteRangeHandler.On_Off) { // If we're also turned on then
if( // do we need to force the symbol?
@@ -1821,16 +1821,16 @@ int snf_EngineHandler::scanMessage(
break;
}

case Normal: { // If the IP is normal...
case snfIPRange::Normal: { // If the IP is normal...
MyScanData.GBUdbNormalTriggered = true; // Count the event.
break; // That's all.
}

case New: {
case snfIPRange::New: {
break;
}

case Caution: { // If the IP is in the caution range.
case snfIPRange::Caution: { // If the IP is in the caution range.
MyScanData.GBUdbCautionTriggered = true; // Track that this range fired.
if(
MyCFGPacket.Config()->CautionRangeHandler.On_Off && // If we're also turned on and there
@@ -1847,8 +1847,8 @@ int snf_EngineHandler::scanMessage(
// peek cases or if Truncate is turned off then Truncate might not
// execute-- when that happens we need to fall back to Black behavior.

case Truncate: // If the IP was in the truncate range
case Black: { // and/or If the IP is in the black range
case snfIPRange::Truncate: // If the IP was in the truncate range
case snfIPRange::Black: { // and/or If the IP is in the black range
MyScanData.GBUdbBlackTriggered = true; // mark that down.

if(MyScanData.GBUdbTruncateExecuted) { // If the truncate action was executed
@@ -1898,7 +1898,7 @@ int snf_EngineHandler::scanMessage(
break;
}

case Unknown: // Unknown - most likely we couldn't
case snfIPRange::Unknown: // Unknown - most likely we couldn't
default: { // find a usable source.
break; // Do nothing.
}

+ 9
- 9
snfCFGmgr.cpp Vedi File

@@ -547,13 +547,13 @@ void snfCFGData::initializeFromFile(const char* FileName) {
snfIPRange snfCFGData::RangeEvaluation(GBUdbRecord& R) { // Returns the range for a GBUdbRecord.

if(Good == R.Flag()) { // If the flag on the IP is Good
return White; // then this IP is automatically white.
return snfIPRange::White; // then this IP is automatically white.
} else
if(Bad == R.Flag()) { // If the flag on this IP is Bad
if(true == gbudb_regions_black_truncate_on_off) { // and truncate is turned on then
return Truncate; // the IP is automatically in the
return snfIPRange::Truncate; // the IP is automatically in the
} else { // truncate range. If truncate is off
return Black; // then this IP is automatically black.
return snfIPRange::Black; // then this IP is automatically black.
}
}
// If it's not so simple then get a
@@ -566,23 +566,23 @@ snfIPRange snfCFGData::RangeEvaluation(RangePoint& p) {
0.0 == p.Confidence && // by a zero confidence and
0.0 == p.Probability // a zero probability, then
) { // the range point cannot be "in"
return New; // any range.
return snfIPRange::New; // any range.
}

if(WhiteRangeHandler.isInWhite(p)) { // If it's in the white range,
return White; // return White.
return snfIPRange::White; // return White.
} else // White has priority over all others.
if(BlackRangeHandler.isInBlack(p)) { // If it's in the black range then
if(p.Probability >= gbudb_regions_black_truncate_probability) { // determine if it's also in the truncate
return Truncate; // range, and if so - send back Truncate.
return snfIPRange::Truncate; // range, and if so - send back Truncate.
} else { // If not then we can send back a
return Black; // normal black result.
return snfIPRange::Black; // normal black result.
}
} else // Black takes precedence over caution.
if(CautionRangeHandler.isInBlack(p)) { // If we're in the caution range
return Caution; // then return caution.
return snfIPRange::Caution; // then return caution.
} // If none of those ranges matched then
return Normal; // the IP is in the normal range.
return snfIPRange::Normal; // the IP is in the normal range.
}

//// snfCFGmgr /////////////////////////////////////////////////////////////////

+ 1
- 1
snfCFGmgr.hpp Vedi File

@@ -313,7 +313,7 @@ class XHDRSymbolsInitializer : public cd::Configurator {
}
};

enum snfIPRange { // IP action ranges
enum class snfIPRange { // IP action ranges
Unknown, // Unknown - not defined.
White, // This is a good guy.
Normal, // Benefit of the doubt.

+ 15
- 15
snfLOGmgr.cpp Vedi File

@@ -234,7 +234,7 @@ void snfScanData::clear() {

SourceIPOrdinal = -1; // There is no source IP because it
SourceIPFoundFlag = false; // has not yet been found.
SourceIPRangeFlag = Unknown; // Range flag is not yet known.
SourceIPRangeFlag = snfIPRange::Unknown; // Range flag is not yet known.
SourceIPEvaluation.clear(); // No eval yet.

myHeaderDirectiveSourceIP = 0UL; // Header directive source is empty now.
@@ -1285,13 +1285,13 @@ void snfLOGmgr::doXMLLogs(snfCFGData& CFGData, snfScanData& ScanData) {
<< "c=\'" << ScanData.SourceIPRecord().GBUdbData.Confidence() << "\' "
<< "p=\'" << ScanData.SourceIPRecord().GBUdbData.Probability() << "\' "
<< "r=\'" <<
((Unknown == ScanData.SourceIPRange())? "Unknown" :
((White == ScanData.SourceIPRange())? "White" :
((Normal == ScanData.SourceIPRange())? "Normal" :
((New == ScanData.SourceIPRange())? "New" :
((Caution == ScanData.SourceIPRange())? "Caution" :
((Black == ScanData.SourceIPRange())? "Black" :
((Truncate == ScanData.SourceIPRange())? "Truncate" :
((snfIPRange::Unknown == ScanData.SourceIPRange())? "Unknown" :
((snfIPRange::White == ScanData.SourceIPRange())? "White" :
((snfIPRange::Normal == ScanData.SourceIPRange())? "Normal" :
((snfIPRange::New == ScanData.SourceIPRange())? "New" :
((snfIPRange::Caution == ScanData.SourceIPRange())? "Caution" :
((snfIPRange::Black == ScanData.SourceIPRange())? "Black" :
((snfIPRange::Truncate == ScanData.SourceIPRange())? "Truncate" :
"Fault")))))))
<< "\'/>"
<< std::endl;
@@ -1659,13 +1659,13 @@ void snfLOGmgr::logThisIPTest(IPTestRecord& I, std::string Action) {
<< "c=\'" << I.G.Confidence() << "\' "
<< "p=\'" << I.G.Probability() << "\' "
<< "r=\'" <<
((Unknown == I.R)? "Unknown" :
((White == I.R)? "White" :
((Normal == I.R)? "Normal" :
((New == I.R)? "New" :
((Caution == I.R)? "Caution" :
((Black == I.R)? "Black" :
((Truncate == I.R)? "Truncate" :
((snfIPRange::Unknown == I.R)? "Unknown" :
((snfIPRange::White == I.R)? "White" :
((snfIPRange::Normal == I.R)? "Normal" :
((snfIPRange::New == I.R)? "New" :
((snfIPRange::Caution == I.R)? "Caution" :
((snfIPRange::Black == I.R)? "Black" :
((snfIPRange::Truncate == I.R)? "Truncate" :
"Fault")))))))
<< "\' "
<< "a=\'" << Action << "\'"

+ 7
- 7
snfNETmgr.cpp Vedi File

@@ -155,13 +155,13 @@ void snfNETmgr::sendSample(
XML << "<ip range=\'";
std::string IPRange;
switch(ScanData.SourceIPRange()) {
case Unknown: { IPRange = "Unknown"; break; } // Unknown - not defined.
case White: { IPRange = "White"; break; } // This is a good guy.
case Normal: { IPRange = "Normal"; break; } // Benefit of the doubt.
case New: { IPRange = "New"; break; } // It is new to us.
case Caution: { IPRange = "Caution"; break; } // This is suspicious.
case Black: { IPRange = "Black"; break; } // This is bad.
case Truncate: { IPRange = "Truncate"; break; } // Don't even bother looking.
case snfIPRange::Unknown: { IPRange = "Unknown"; break; } // Unknown - not defined.
case snfIPRange::White: { IPRange = "White"; break; } // This is a good guy.
case snfIPRange::Normal: { IPRange = "Normal"; break; } // Benefit of the doubt.
case snfIPRange::New: { IPRange = "New"; break; } // It is new to us.
case snfIPRange::Caution: { IPRange = "Caution"; break; } // This is suspicious.
case snfIPRange::Black: { IPRange = "Black"; break; } // This is bad.
case snfIPRange::Truncate: { IPRange = "Truncate"; break; } // Don't even bother looking.
}

cd::SocketAddress IP;

+ 7
- 7
snfXCImgr.cpp Vedi File

@@ -270,13 +270,13 @@ std::string snfXCIJobProcessor::processGBUdb() {
<< "\' b=\'" << IPState.G.Bad() // Emit the bad count.
<< "\' g=\'" << IPState.G.Good() // Emit the good count.
<< "\' range=\'"
<< ((Unknown == IPState.R) ? "unknown" :
((White == IPState.R) ? "white" :
((Normal == IPState.R) ? "normal" :
((New == IPState.R) ? "new" :
((Caution == IPState.R) ? "caution" :
((Black == IPState.R) ? "black" :
((Truncate == IPState.R) ? "truncate" : "error")))))))
<< ((snfIPRange::Unknown == IPState.R) ? "unknown" :
((snfIPRange::White == IPState.R) ? "white" :
((snfIPRange::Normal == IPState.R) ? "normal" :
((snfIPRange::New == IPState.R) ? "new" :
((snfIPRange::Caution == IPState.R) ? "caution" :
((snfIPRange::Black == IPState.R) ? "black" :
((snfIPRange::Truncate == IPState.R) ? "truncate" : "error")))))))
<< "\' code=\'" << IPState.Code
<< "\'"
<< "/></gbudb></xci></snf>" // Finish it up.

Write Preview
Loading…
Annulla
Salva