From: Russ Combs (rucombs) Date: Fri, 8 Dec 2017 22:32:54 +0000 (-0500) Subject: Merge pull request #1083 in SNORT/snort3 from appid_foo to master X-Git-Tag: 3.0.0-241~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e36be63dae84510dace2f42ddf15c091f1cbdf07;p=thirdparty%2Fsnort3.git Merge pull request #1083 in SNORT/snort3 from appid_foo to master Squashed commit of the following: commit cfeb653e4d5bc599cd5ccf11f5935f1f21dee1a5 Author: Russ Combs (rucombs) Date: Fri Dec 8 13:11:31 2017 -0500 reputation: tweak warning message commit 8f8d56020559c0c388f932bf8886ea31f1bcad44 Author: Russ Combs (rucombs) Date: Fri Dec 8 10:15:51 2017 -0500 appid: tweak warnings and errors commit fccbb5a85c09a1bd817834b59c2c77a53f8fadab Author: Russ Combs (rucombs) Date: Fri Dec 8 09:54:51 2017 -0500 appid: close all Lua states when thread exits --- diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index db3ff423a..c0c5a8305 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -138,6 +138,11 @@ static AppId get_static_app_info_entry(AppId appid) return 0; } +bool AppInfoManager::configured() +{ + return !app_info_table.empty(); +} + AppInfoTableEntry* AppInfoManager::get_app_info_entry(AppId appId, const AppInfoTable& lookup_table) { @@ -257,7 +262,7 @@ void AppInfoManager::set_app_info_active(AppId appId) if (entry) entry->flags |= APPINFO_FLAG_ACTIVE; else - WarningMessage("AppInfo: AppId %d has no entry in application info table\n", appId); + ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId); } void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* path) @@ -512,13 +517,23 @@ int16_t AppInfoManager::add_appid_protocol_reference(const char* protocol) void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config) { + if ( !mod_config->app_detector_dir ) + { + AppIdPegCounts::set_detectors_configured(); + return; // no lua detectors, no rule support, already warned + } + char filepath[PATH_MAX]; snprintf(filepath, sizeof(filepath), "%s/odp/%s", mod_config->app_detector_dir, APP_MAPPING_FILE); FILE* tableFile = fopen(filepath, "r"); - if ( tableFile ) + if ( !tableFile ) + { + ParseError("appid: could not open %s", filepath); + } + else { char buf[MAX_TABLE_LINE_LEN]; @@ -606,11 +621,6 @@ void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config) USR_CONFIG_FILE); load_appid_config (mod_config, filepath); } - else - { - ParseWarning(WARN_RULES, - "Could not open AppMapping Table file: %s, no AppId rule support", filepath); - } AppIdPegCounts::set_detectors_configured(); } diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h index 604c3f5ff..b152ab4a5 100644 --- a/src/network_inspectors/appid/app_info_table.h +++ b/src/network_inspectors/appid/app_info_table.h @@ -104,6 +104,7 @@ public: void set_app_info_active(AppId); const char* get_app_name(AppId); int32_t get_appid_by_name(const char* app_name); + bool configured(); void set_app_info_flags(AppId appId, unsigned flags) { diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 00091dc73..9ddc2c9eb 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -175,9 +175,13 @@ bool AppIdModule::begin(const char* /*fqn*/, int, SnortConfig*) bool AppIdModule::end(const char*, int, SnortConfig*) { - if ( (config == nullptr) || (config->app_detector_dir == nullptr) ) - ParseWarning(WARN_CONF,"no app_detector_dir present. No support for appid in rules.\n"); + assert(config); + if ( !config->app_detector_dir ) + { + ParseWarning(WARN_CONF, + "appid: app_detector_dir not configured; no support for appids in rules.\n"); + } return true; } diff --git a/src/network_inspectors/appid/client_plugins/client_detector.cc b/src/network_inspectors/appid/client_plugins/client_detector.cc index a36adf136..aded0b3ec 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.cc +++ b/src/network_inspectors/appid/client_plugins/client_detector.cc @@ -46,9 +46,12 @@ void ClientDetector::register_appid(AppId appId, unsigned extractsInfo) AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId); if (!pEntry) { - ParseWarning(WARN_RULES, - "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.", - appId); + if ( AppInfoManager::get_instance().configured() ) + { + ParseWarning(WARN_RULES, + "appid: no entry for %d in appMapping.data; no rule support for this ID.", + appId); + } return; } extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER); diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 16dc9f457..a0d150c5d 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -2343,6 +2343,7 @@ LuaStateDescriptor::~LuaStateDescriptor() // release the reference of the userdata on the lua side if ( detector_user_data_ref != LUA_REFNIL ) luaL_unref(my_lua_state, LUA_REGISTRYINDEX, detector_user_data_ref); + lua_close(my_lua_state); } int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 6f010dcbc..585001e3a 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -322,7 +322,7 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom) static bool logged = false; if ( !logged ) { - ErrorMessage("Error can not create new luaState\n"); + ErrorMessage("Error - appid: can not create new luaState\n"); logged = true; } return; @@ -330,8 +330,8 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom) if ( luaL_loadfile(L, detector_filename) || lua_pcall(L, 0, 0, 0) ) { - ErrorMessage("Error loading Lua detector: %s : %s\n", detector_filename, lua_tostring(L, - -1)); + ErrorMessage("Error - appid: loading Lua detector: %s : %s\n", + detector_filename, lua_tostring(L, -1)); lua_close(L); return; } @@ -361,19 +361,25 @@ void LuaDetectorManager::load_lua_detectors(const char* path, bool isCustom) globfree(&globs); } else if (rval == GLOB_NOMATCH) - ParseWarning(WARN_CONF, "No lua detectors found in directory '%s'\n", pattern); + ParseWarning(WARN_CONF, "appid: no lua detectors found in directory '%s'", pattern); else - ParseWarning(WARN_CONF, "Error reading lua detectors directory '%s'. Error Code: %d\n", + ParseWarning(WARN_CONF, + "appid: error reading lua detectors directory '%s'. Error Code: %d", pattern, rval); } void LuaDetectorManager::initialize_lua_detectors() { char path[PATH_MAX]; + const char* dir = config.mod_config->app_detector_dir; - snprintf(path, sizeof(path), "%s/odp/lua", config.mod_config->app_detector_dir); + if ( !dir ) + return; + + snprintf(path, sizeof(path), "%s/odp/lua", dir); load_lua_detectors(path, false); - snprintf(path, sizeof(path), "%s/custom/lua", config.mod_config->app_detector_dir); + + snprintf(path, sizeof(path), "%s/custom/lua", dir); load_lua_detectors(path, true); } diff --git a/src/network_inspectors/appid/service_plugins/service_detector.cc b/src/network_inspectors/appid/service_plugins/service_detector.cc index 9282e3f41..8f9c15f5e 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.cc +++ b/src/network_inspectors/appid/service_plugins/service_detector.cc @@ -48,9 +48,12 @@ void ServiceDetector::register_appid(AppId appId, unsigned extractsInfo) AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId); if (!pEntry) { - ParseWarning(WARN_RULES, - "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.", - appId); + if ( AppInfoManager::get_instance().configured() ) + { + ParseWarning(WARN_RULES, + "appid: no entry for %d in appMapping.data; no rule support for this ID.", + appId); + } return; } extractsInfo &= (APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_SERVICE_UDP_REVERSED); diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 2eda06a62..9c784534b 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -72,6 +72,9 @@ AppInfoTableEntry* AppInfoManager::get_app_info_entry(int) return nullptr; } +bool AppInfoManager::configured() +{ return false; } + // Stubs for service_state.h ServiceDiscoveryState* AppIdServiceState::get(SfIp const*, IpProtocol, unsigned short, bool) { diff --git a/src/network_inspectors/reputation/reputation_module.cc b/src/network_inspectors/reputation/reputation_module.cc index 2fa006ef7..140c904de 100644 --- a/src/network_inspectors/reputation/reputation_module.cc +++ b/src/network_inspectors/reputation/reputation_module.cc @@ -150,8 +150,8 @@ bool ReputationModule::end(const char*, int, SnortConfig*) EstimateNumEntries(conf); if (conf->numEntries <= 0) { - ParseWarning(WARN_CONF, "Can't find any whitelist/blacklist entries. " - "Reputation Preprocessor disabled.\n"); + ParseWarning(WARN_CONF, + "reputation: can't find any whitelist/blacklist entries; disabled."); return true; }