bool RejectModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("reset") )
- flags |= rst[v.get_long()];
+ flags |= rst[v.get_uint8()];
else if ( v.is("control") )
- flags |= unr[v.get_long()];
+ flags |= unr[v.get_uint8()];
else
return false;
{
if ( v.is("deep_teredo_inspection") )
{
- sc->enable_teredo = v.get_long(); // FIXIT-L move to existing bitfield
+ sc->enable_teredo = v.get_bool();
}
else if ( v.is("gtp_ports") )
{
{ "enable_mpls_overlapping_ip", Parameter::PT_BOOL, nullptr, "false",
"enable if private network addresses overlap and must be differentiated by MPLS label(s)" },
- { "max_mpls_stack_depth", Parameter::PT_INT, "-1:", "-1",
+ { "max_mpls_stack_depth", Parameter::PT_INT, "-1:255", "-1",
"set MPLS stack depth" },
{ "mpls_payload_type", Parameter::PT_ENUM, "eth | ip4 | ip6", "ip4",
}
else if ( v.is("max_mpls_stack_depth") )
{
- sc->mpls_stack_depth = v.get_long();
+ sc->mpls_stack_depth = v.get_int16();
}
else if ( v.is("mpls_payload_type") )
{
- sc->mpls_payload_type = v.get_long() + 1;
+ sc->mpls_payload_type = v.get_uint8() + 1;
}
else
return false;
config->name = v.get_string();
else if ( v.is("format") )
- config->text_format = ( v.get_long() == 1 );
+ config->text_format = ( v.get_uint8() == 1 );
else if ( v.is("direction") )
- switch ( v.get_long() )
+ switch ( v.get_uint8() )
{
case 0:
{
config->address = v.get_string();
else if ( v.is("base_port") )
- config->base_port = v.get_long();
+ config->base_port = v.get_uint16();
else if ( v.is("setup") )
- switch ( v.get_long() )
+ switch ( v.get_uint8() )
{
case 0:
{
else if ( Snort::get_switcher()->get_context() )
p->active = get_current_packet()->active;
- // shutdown, so use a dummy so nullchecking is needed everywhere
+ // shutdown, so use a dummy so null checking is not needed everywhere
else
{
p->active = &shutdown_active;
event_id, otn->sigInfo.gid, otn->sigInfo.sid, otn->sigInfo.rev, acts);
TextLog_Print(tlog,
- "Pkt=%lu, Sec=%u.%6u, Len=%u, Cap=%u\n",
- p->context->packet_number, p->pkth->ts.tv_sec, p->pkth->ts.tv_usec,
+ "Pkt=" STDu64 ", Sec=%lu.%6lu, Len=%u, Cap=%u\n",
+ p->context->packet_number, (long)p->pkth->ts.tv_sec, (long)p->pkth->ts.tv_usec,
p->pkth->pktlen, p->pkth->caplen);
TextLog_Print(tlog,
max_pattern_len = max_len;
}
-int FastPatternConfig::set_max(int bytes)
+unsigned FastPatternConfig::set_max(unsigned bytes)
{
if ( max_pattern_len and (bytes > max_pattern_len) )
{
void set_debug_print_rule_groups_uncompiled()
{ portlists_flags |= PL_DEBUG_PRINT_RULEGROUPS_UNCOMPILED; }
- void set_search_opt(int flag)
+ void set_search_opt(bool flag)
{ search_opt = flag; }
- int get_search_opt()
+ bool get_search_opt()
{ return search_opt; }
bool set_search_method(const char*);
int get_num_patterns_truncated()
{ return num_patterns_truncated; }
- int set_max(int bytes);
-
- int get_max_pattern_len()
- { return max_pattern_len; }
+ unsigned set_max(unsigned bytes);
private:
const snort::MpseApi* search_api;
bool split_any_any = false;
bool debug_print_fast_pattern = false;
bool debug = false;
+ bool search_opt = false;
unsigned max_queue_events = 5;
unsigned bleedover_port_limit = 1024;
+ unsigned max_pattern_len = 0;
- int search_opt = 0;
int portlists_flags = 0;
- int max_pattern_len = 0;
int num_patterns_truncated = 0; // due to max_pattern_len
int num_patterns_trimmed = 0; // due to zero byte prefix
};
static void fpDeletePMX(void* data);
static int fpGetFinalPattern(
- FastPatternConfig*, PatternMatchData*, const char*& ret_pattern, int& ret_bytes);
+ FastPatternConfig*, PatternMatchData*, const char*& ret_pattern, unsigned& ret_bytes);
static void print_nfp_info(const char*, OptTreeNode*);
static void print_fp_info(const char*, const OptTreeNode*, const PatternMatchData*,
- const char* pattern, int pattern_length);
+ const char* pattern, unsigned pattern_length);
static int finalize_detection_option_tree(SnortConfig* sc, detection_option_tree_root_t* root)
{
pg->add_rule();
const char* pattern;
- int pattern_length;
+ unsigned pattern_length;
if (fpGetFinalPattern(fp, pmd, pattern, pattern_length) == -1)
return -1;
static int fpGetFinalPattern(
FastPatternConfig* fp, PatternMatchData* pmd,
- const char*& ret_pattern, int& ret_bytes)
+ const char*& ret_pattern, unsigned& ret_bytes)
{
if ( !fp or !pmd )
{
}
const char* pattern = pmd->pattern_buf;
- int bytes = pmd->pattern_size;
+ unsigned bytes = pmd->pattern_size;
// Don't mess with:
//
* beyond state 0 as long as the next input char is 0x00 */
if ( fp->get_trim() )
{
- bytes =
- flp_trim(pmd->pattern_buf, pmd->pattern_size, &pattern);
+ bytes = flp_trim(pmd->pattern_buf, pmd->pattern_size, &pattern);
- if (bytes < (int)pmd->pattern_size)
+ if (bytes < pmd->pattern_size)
{
// The pattern is all '\0' - use the whole pattern. This potentially
// hurts the performance boost gained by stripping leading zeros.
opts += " )";
}
-static void print_fp_info(const char* group, const OptTreeNode* otn, const PatternMatchData* pmd,
- const char* pattern, int pattern_length)
+static void print_fp_info(
+ const char* group, const OptTreeNode* otn, const PatternMatchData* pmd,
+ const char* pattern, unsigned pattern_length)
{
std::string hex, txt, opts;
int j;
int k;
const OptTreeNode* otn;
- int tcnt = 0;
+ unsigned tcnt = 0;
EventQueueConfig* eq = SnortConfig::get_conf()->event_queue_config;
RuleTreeNode* rtn;
* length - of trimmed pattern
* buff - ptr to new beginning of trimmed buffer
*/
-int flp_trim(const char* p, int plen, const char** buff)
+unsigned flp_trim(const char* p, unsigned plen, const char** buff)
{
- int i;
- int size = 0;
+ unsigned i;
+ unsigned size = 0;
if ( !p )
return 0;
{
CursorActionType cat;
PatternMatchData* pmd;
- int size;
+ unsigned size;
FpSelector(CursorActionType, PatternMatchData*);
bool is_fast_pattern_only(OptFpList*);
void validate_fast_pattern(OptTreeNode*);
-int flp_trim(const char* p, int plen, const char** buff);
+unsigned flp_trim(const char* p, unsigned plen, const char** buff);
bool set_fp_content(OptTreeNode*);
std::vector <PatternMatchData*> get_fp_content(
unsigned IpsContextData::get_ips_id()
{
++ips_id;
- assert( ips_id < max_id );
+ assert(ips_id < max_id);
return ips_id;
}
auto id1 = IpsContextData::get_ips_id();
auto id2 = IpsContextData::get_ips_id();
- CHECK(id1 != id2);
- CHECK(max_id > id2 );
+ CHECK(id1 != id2);
+ CHECK(max_id > id2);
}
#endif
/************************ Class/Priority Implementation ***********************/
void AddClassification(
- SnortConfig* sc, const char* type, const char* name, int priority)
+ SnortConfig* sc, const char* type, const char* name, unsigned priority)
{
int max_id = 0;
ClassType* current = sc->classifications;
struct ClassType
{
// FIXIT-L type and name are backwards (name -> text, type -> name)
- char* type; /* classification type */
- int id; /* classification id */
- char* name; /* "pretty" classification name */
- int priority; /* priority */
+ char* type;
+ int id;
+ char* name; // "pretty" name
+ unsigned priority;
ClassType* next;
};
/* NOTE: These methods can only be used during parse time */
-void AddClassification(snort::SnortConfig*, const char* type, const char* name, int priority);
+void AddClassification(snort::SnortConfig*, const char* type, const char* name, unsigned priority);
ClassType* ClassTypeLookupByType(snort::SnortConfig*, const char*);
struct TagData
{
int tag_type; /* tag type (session/host) */
- int tag_seconds; /* number of "seconds" units to tag for */
- int tag_packets; /* number of "packets" units to tag for */
- int tag_bytes; /* number of "type" units to tag for */
int tag_metric; /* (packets | seconds | bytes) units */
int tag_direction; /* source or dest, used for host tagging */
+
+ uint32_t tag_seconds; /* number of "seconds" units to tag for */
+ uint32_t tag_packets; /* number of "packets" units to tag for */
+ uint32_t tag_bytes; /* number of "type" units to tag for */
};
void InitTag();
struct EventQueueConfig
{
- int max_events;
- int log_events;
+ unsigned max_events;
+ unsigned log_events;
int order;
int process_all_events;
};
{ "content", Parameter::PT_STRING, nullptr, nullptr,
"file magic content" },
- { "offset", Parameter::PT_INT, "0:", "0",
+ { "offset", Parameter::PT_INT, "0:max32", "0",
"file magic offset" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
static const Parameter file_rule_params[] =
{
- { "rev", Parameter::PT_INT, "0:", "0",
+ { "rev", Parameter::PT_INT, "0:max32", "0",
"rule revision" },
{ "msg", Parameter::PT_STRING, nullptr, nullptr,
{ "type", Parameter::PT_STRING, nullptr, nullptr,
"file type name" },
- { "id", Parameter::PT_INT, "0:", "0",
+ { "id", Parameter::PT_INT, "0:max32", "0",
"file type id" },
{ "category", Parameter::PT_STRING, nullptr, nullptr,
{
// FIXIT-M when.policy_id should be an arbitrary string auto converted
// into index for binder matching and lookups
- { "file_type_id", Parameter::PT_INT, "0:", "0",
+ { "file_type_id", Parameter::PT_INT, "0:max32", "0",
"unique ID for file type in file magic rule" },
{ "sha256", Parameter::PT_STRING, nullptr, nullptr,
static const Parameter file_id_params[] =
{
- { "type_depth", Parameter::PT_INT, "0:", "1460",
+ { "type_depth", Parameter::PT_INT, "0:max53", "1460",
"stop type ID at this point" },
- { "signature_depth", Parameter::PT_INT, "0:", "10485760",
+ { "signature_depth", Parameter::PT_INT, "0:max53", "10485760",
"stop signature at this point" },
- { "block_timeout", Parameter::PT_INT, "0:", "86400",
+ { "block_timeout", Parameter::PT_INT, "0:max31", "86400",
"stop blocking after this many seconds" },
- { "lookup_timeout", Parameter::PT_INT, "0:", "2",
+ { "lookup_timeout", Parameter::PT_INT, "0:max31", "2",
"give up on lookup after this many seconds" },
{ "block_timeout_lookup", Parameter::PT_BOOL, nullptr, "false",
"block if lookup times out" },
- { "capture_memcap", Parameter::PT_INT, "0:", "100",
+ { "capture_memcap", Parameter::PT_INT, "0:max53", "100",
"memcap for file capture in megabytes" },
- { "capture_max_size", Parameter::PT_INT, "0:", "1048576",
+ { "capture_max_size", Parameter::PT_INT, "0:max53", "1048576",
"stop file capture beyond this point" },
- { "capture_min_size", Parameter::PT_INT, "0:", "0",
+ { "capture_min_size", Parameter::PT_INT, "0:max53", "0",
"stop file capture if file size less than this" },
- { "capture_block_size", Parameter::PT_INT, "8:", "32768",
+ { "capture_block_size", Parameter::PT_INT, "8:max53", "32768",
"file capture block size in bytes" },
- { "max_files_cached", Parameter::PT_INT, "8:", "65536",
+ { "max_files_cached", Parameter::PT_INT, "8:max53", "65536",
"maximal number of files cached in memory" },
{ "enable_type", Parameter::PT_BOOL, nullptr, "true",
{ "enable_capture", Parameter::PT_BOOL, nullptr, "false",
"enable file capture" },
- { "show_data_depth", Parameter::PT_INT, "0:", "100",
+ { "show_data_depth", Parameter::PT_INT, "0:max53", "100",
"print this many octets" },
{ "file_rules", Parameter::PT_LIST, file_rule_params, nullptr,
{ "trace_stream", Parameter::PT_BOOL, nullptr, "false",
"enable runtime dump of file data" },
- { "verdict_delay", Parameter::PT_INT, "0:", "0",
+ { "verdict_delay", Parameter::PT_INT, "0:max53", "0",
"number of queries to return final verdict" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
FilePolicy& fp = fc->get_file_policy();
if ( v.is("type_depth") )
- fc->file_type_depth = v.get_long();
+ fc->file_type_depth = v.get_int64();
else if ( v.is("signature_depth") )
- fc->file_signature_depth = v.get_long();
+ fc->file_signature_depth = v.get_int64();
else if ( v.is("block_timeout") )
- fc->file_block_timeout = v.get_long();
+ fc->file_block_timeout = v.get_int64();
else if ( v.is("lookup_timeout") )
- fc->file_lookup_timeout = v.get_long();
+ fc->file_lookup_timeout = v.get_int64();
else if ( v.is("block_timeout_lookup") )
fc->block_timeout_lookup = v.get_bool();
else if ( v.is("capture_memcap") )
- fc->capture_memcap = v.get_long();
+ fc->capture_memcap = v.get_int64();
else if ( v.is("capture_max_size") )
- fc->capture_max_size = v.get_long();
+ fc->capture_max_size = v.get_int64();
else if ( v.is("capture_min_size") )
- fc->capture_min_size = v.get_long();
+ fc->capture_min_size = v.get_int64();
else if ( v.is("capture_block_size") )
- fc->capture_block_size = v.get_long();
+ fc->capture_block_size = v.get_int64();
else if ( v.is("max_files_cached") )
- fc->max_files_cached = v.get_long();
+ fc->max_files_cached = v.get_int64();
else if ( v.is("enable_type") )
{
}
}
else if ( v.is("show_data_depth") )
- fc->show_data_depth = v.get_long();
+ fc->show_data_depth = v.get_int64();
else if ( v.is("trace_type") )
fc->trace_type = v.get_bool();
else if ( v.is("verdict_delay") )
{
- fc->verdict_delay = v.get_long();
+ fc->verdict_delay = v.get_int64();
fp.set_verdict_delay(fc->verdict_delay);
}
return true;
else if ( v.is("rev") )
- rule.rev = v.get_long();
+ rule.rev = v.get_uint32();
else if ( v.is("msg") )
rule.message = v.get_string();
rule.type = v.get_string();
else if ( v.is("id") )
- rule.id = v.get_long();
+ rule.id = v.get_uint32();
else if ( v.is("category") )
rule.category = v.get_string();
magic.content_str = v.get_string();
else if ( v.is("offset") )
- magic.offset = v.get_long();
+ magic.offset = v.get_uint32();
else if ( v.is("file_policy") )
return true;
return true;
else if ( v.is("file_type_id") )
- file_rule.when.type_id = v.get_long();
+ file_rule.when.type_id = v.get_uint32();
else if ( v.is("sha256") )
file_rule.when.sha256 = v.get_string();
return true;
else if ( v.is("verdict") )
- file_rule.use.verdict = (FileVerdict)v.get_long();
+ file_rule.use.verdict = (FileVerdict)v.get_uint8();
else if ( v.is("enable_file_type") )
file_rule.use.type_enabled = v.get_bool();
struct DetectionFilterConfig
{
+ unsigned memcap;
int count;
- int memcap;
int enabled;
};
*/
struct snort::GHash* genHash [SFRF_MAX_GENID];
- // Number of DOS thresholds added.
- int count;
-
- // count of no revert DOS thresholds
+ unsigned memcap;
unsigned noRevertCount;
-
- int memcap;
-
+ int count;
int internal_event_mask;
};
{
unsigned gen_id;
unsigned sig_id;
+ unsigned seconds;
+
int type;
+ int count;
int tracking;
int priority;
- int count;
- unsigned int seconds;
+
sfip_var_t* ip_address;
};
struct ThresholdConfig
{
- int memcap;
- int enabled;
ThresholdObjects* thd_objs;
+ unsigned memcap;
+ int enabled;
};
ThresholdConfig* ThresholdConfigNew();
static const Parameter defaults[] =
{
- { "trace", Parameter::PT_INT, nullptr, nullptr,
+ { "trace", Parameter::PT_INT, "0:max53", nullptr,
"mask for enabling debug traces in module" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
if ( v.is("trace") )
{
if ( trace )
- *trace = v.get_long();
+ *trace = v.get_uint64();
}
else
return false;
#include "value.h"
+#ifdef UNIT_TEST
+#include "catch/snort_catch.h"
+#endif
+
using namespace snort;
using namespace std;
+//--------------------------------------------------------------------------
+// helpers
+//--------------------------------------------------------------------------
+
+static bool is_sep(char c)
+{ return !c || c == '|' || isspace(c); }
+
+static const char* find(const char* r, const char* s)
+{
+ size_t n = strlen(s);
+
+ if ( !n )
+ return nullptr;
+
+ const char* t = strstr(r, s);
+
+ while ( t )
+ {
+ if ( (t == r || is_sep(t[-1])) && is_sep(t[n]) )
+ return t;
+
+ t = strstr(t+n, s);
+ }
+ return nullptr;
+}
+
+static unsigned get_index(const char* r, const char* t)
+{
+ unsigned idx = 0;
+ const char* p = strchr(r, '|');
+
+ while ( p && p < t )
+ {
+ ++idx;
+ p = strchr(p+1, '|');
+ }
+ return idx;
+}
+
+#define delim " \t\n"
+
+static size_t split(const string& txt, vector<string>& strs)
+{
+ size_t last = txt.find_first_not_of(delim);
+ size_t pos = txt.find_first_of(delim, last);
+ strs.clear();
+
+ while ( pos != string::npos )
+ {
+ if ( last != pos )
+ strs.emplace_back(txt.substr(last, pos - last));
+
+ last = txt.find_first_not_of(delim, pos + 1);
+ pos = txt.find_first_of(delim, last);
+ }
+
+ // add the last one
+ if ( last != string::npos )
+ strs.emplace_back(txt.substr(last, min(pos, txt.size()) - last));
+
+ return strs.size();
+}
+
+static int64_t get_int(const char* r)
+{
+ if ( *r == 'm' )
+ {
+ if ( !strncmp(r, "maxSZ", 5) )
+ r = (sizeof(size_t) == 4) ? "max32" : "max53";
+
+ if ( !strncmp(r, "max31", 5) )
+ return 2147483647;
+
+ if ( !strncmp(r, "max32", 5) )
+ return 4294967295;
+
+ if ( !strncmp(r, "max53", 5) )
+ return 9007199254740992;
+ }
+ return (int64_t)strtod(r, nullptr);
+}
+
+//--------------------------------------------------------------------------
+// validation methods
+//--------------------------------------------------------------------------
+
static bool valid_bool(Value& v, const char*)
{
return v.get_type() == Value::VT_BOOL;
if ( v.get_type() != Value::VT_NUM )
return false;
- if ( v.get_real() != v.get_long() )
+ if ( v.get_real() != v.get_int64() )
return false;
if ( !r )
return true;
- long d = v.get_long();
+ int64_t d = v.get_int64();
// require no leading or trailing whitespace
// and either # | #: | :# | #:#
// where # is a valid pos or neg dec, hex, or octal number
+ const char* t = strchr(r, ':');
+
if ( *r != ':' )
{
- long low = strtol(r, nullptr, 0);
+ int64_t low = get_int(r);
if ( d < low )
return false;
- }
- const char* t = strchr(r, ':');
+ if ( !t )
+ return d == low;
+ }
- if ( t && *++t )
+ if ( t and *++t )
{
- long hi = strtol(t, nullptr, 0);
+ int64_t hi = get_int(t);
if ( d > hi )
return false;
// and either # | #: | :# | #:#
// where # is a valid pos or neg dec, hex, or octal number
+ const char* t = strchr(r, ':');
+
if ( *r != ':' )
{
double low = strtod(r, nullptr);
if ( d < low )
return false;
- }
- const char* t = strchr(r, ':');
+ if ( !t )
+ return d == low;
+ }
if ( t && *++t )
{
if ( r && !strcmp(r, "(optional)") )
return true;
- unsigned len = strlen(v.get_string());
+ size_t len = strlen(v.get_string());
if ( !r )
return len > 0;
- unsigned max = strtol(r, nullptr, 0);
+ size_t max = strtoul(r, nullptr, 0);
return len <= max;
}
-static bool is_sep(char c)
-{ return !c || c == '|' || isspace(c); }
-
-static const char* find(const char* r, const char* s)
-{
- unsigned n = strlen(s);
-
- if ( !n )
- return nullptr;
-
- const char* t = strstr(r, s);
-
- while ( t )
- {
- if ( (t == r || is_sep(t[-1])) && is_sep(t[n]) )
- return t;
-
- t = strstr(t+n, s);
- }
- return nullptr;
-}
-
static bool valid_select(Value& v, const char* r)
{
if ( v.get_type() != Value::VT_STR )
return true;
}
-static unsigned get_index(const char* r, const char* t)
-{
- unsigned idx = 0;
- const char* p = strchr(r, '|');
-
- while ( p && p < t )
- {
- ++idx;
- p = strchr(p+1, '|');
- }
- return idx;
-}
-
static bool valid_enum(Value& v, const char* r)
{
if ( v.get_type() != Value::VT_STR )
return true;
}
-#define delim " \t\n"
-
-static unsigned split(const string& txt, vector<string>& strs)
-{
- size_t last = txt.find_first_not_of(delim);
- size_t pos = txt.find_first_of(delim, last);
- strs.clear();
-
- while ( pos != string::npos )
- {
- if ( last != pos )
- strs.emplace_back(txt.substr(last, pos - last));
-
- last = txt.find_first_not_of(delim, pos + 1);
- pos = txt.find_first_of(delim, last);
- }
-
- // add the last one
- if ( last != string::npos )
- strs.emplace_back(txt.substr(last, min(pos, txt.size()) - last));
-
- return strs.size();
-}
-
static bool valid_multi(Value& v, const char* r)
{
if ( v.get_type() != Value::VT_STR )
vector<string> list;
split(s, list);
- unsigned long long mask = 0;
+ uint64_t mask = 0;
for ( const auto& p : list )
{
if ( !t )
return false;
- unsigned idx = get_index(r, t);
+ uint64_t idx = get_index(r, t);
if ( idx < Value::mask_bits )
mask |= (1ULL << idx);
string pl = v.get_string();
string bs;
- int max = r ? strtol(r, nullptr, 0) : 0;
+ size_t max = r ? strtoul(r, nullptr, 0) : 0;
assert(max > 0);
if ( pl == "any" )
while ( ss >> bit )
{
- if ( bit < 0 || bit > max )
+ if ( bit < 0 || (size_t)bit > max )
return false;
bs[bit] = '1';
return true;
}
+//--------------------------------------------------------------------------
+// Parameter methods
+//--------------------------------------------------------------------------
+
bool Parameter::validate(Value& v) const
{
switch ( type )
return (int)idx;
}
+//--------------------------------------------------------------------------
+// valid_* tests
+// we only test validation here
+// side effects applied to value are tested elsewhere
+//--------------------------------------------------------------------------
+
+#ifdef UNIT_TEST
+TEST_CASE("bool", "[Parameter]")
+{
+ Value v(true);
+ CHECK(valid_bool(v, nullptr));
+}
+
+struct
+{
+ bool expected;
+ bool (*validate)(Value&, const char*);
+ double value;
+ const char* range;
+}
+num_tests[] =
+{
+// __STRDUMP_DISABLE__
+ { true, valid_int, 0, nullptr },
+ { true, valid_int, 0, "" },
+ { true, valid_int, 0, "0" },
+ { true, valid_int, 0, "0:" },
+ { true, valid_int, 0, ":0" },
+ { true, valid_int, 0, ":1" },
+ { true, valid_int, 0, "-1:1" },
+ { true, valid_int, 0, "-1:" },
+
+ { false, valid_int, 1, "0" },
+ { true, valid_int, 1, "0:" },
+ { false, valid_int, 1, ":0" },
+
+ { true, valid_int, -10, "-11:-9" },
+ { true, valid_int, 10, "9:11" },
+ { true, valid_int, 10, "0xA:11" },
+
+ { true, valid_interval, 0, nullptr },
+
+ { true, valid_real, 0, nullptr },
+ { true, valid_real, 0, "" },
+ { true, valid_real, 0, "0.0" },
+ { true, valid_real, 0, "0:" },
+ { true, valid_real, 0, ":0" },
+ { true, valid_real, 0, ":0.9" },
+ { true, valid_real, 0, "-0.9:0.9" },
+ { true, valid_real, 0, "-0.9:" },
+
+ { false, valid_real, 1, "0.9" },
+ { true, valid_real, 1, "0.9:" },
+ { false, valid_real, 1, ":0.9" },
+
+ { true, valid_real, -10, "-11.1:-9.9" },
+ { true, valid_real, 10, "9.9:11.1" },
+ { false, valid_real, 10, "011:11" },
+ { true, valid_real, 10, "0xA:11" },
+
+ { false, nullptr, 0, nullptr }
+// __STRDUMP_ENABLE__
+};
+
+TEST_CASE("num", "[Parameter]")
+{
+ auto test = num_tests;
+
+ while ( test->validate )
+ {
+ Value v(test->value);
+ bool result = test->validate(v, test->range);
+ CHECK(result == test->expected);
+ ++test;
+ }
+}
+
+struct
+{
+ bool expected;
+ bool (*validate)(Value&, const char*);
+ const char* value;
+ const char* range;
+}
+string_tests[] =
+{
+// __STRDUMP_DISABLE__
+ { true, valid_string, "green", "(optional)" },
+ { true, valid_string, "green", nullptr },
+ { true, valid_string, "green", "5" },
+ { true, valid_string, "green", "6" },
+ { false, valid_string, "green", "4" },
+
+ { true, valid_select, "green", "red | green | yellow" },
+ { false, valid_select, "blue", "red | green | yellow" },
+ { false, valid_select, "green", nullptr },
+
+ { true, valid_enum, "green", "red | green | yellow" },
+ { false, valid_enum, "blue", "red | green | yellow" },
+ { false, valid_enum, "green", nullptr },
+
+ { true, valid_multi, "green", "red | green | yellow" },
+ { true, valid_multi, "red yellow", "red | green | yellow" },
+ { false, valid_multi, "redgreen", "red | green | yellow" },
+ { false, valid_multi, "blue", nullptr },
+
+ { true, valid_mac, "98:01:a7:9d:d8:41", nullptr },
+ { false, valid_mac, ":01:a7:9d:d8:41", nullptr },
+ { false, valid_mac, "01:a7:9d:d8:41", nullptr },
+ { false, valid_mac, "98:01:a7:9d:d8:419", nullptr },
+ { false, valid_mac, "98:01:a7:9d:d8:41x", nullptr },
+
+ { true, valid_ip4, "1.2.3.4", nullptr },
+ { true, valid_ip4, "1.2.3", nullptr },
+ { false, valid_ip4, "1.2.3.", nullptr },
+ { false, valid_ip4, "1.2.x", nullptr },
+
+ { true, valid_addr, "1.2.3.4", nullptr },
+ { true, valid_addr, "1.2.3.4/32", nullptr },
+ { true, valid_addr, "1.2.3.4/0", nullptr },
+ { false, valid_addr, "1.2.3.4/33", nullptr },
+ { false, valid_addr, "1.2.0x.4/33", nullptr },
+
+ { true, valid_addr, "2001:420:c0c4:1004::157", nullptr },
+ { true, valid_addr, "2001:420:c0c4:1004::157/128", nullptr },
+ { true, valid_addr, "2001:420:c0c4:1004::157/0", nullptr },
+ { false, valid_addr, "2001:420:c0c4:1004:0x:157/256", nullptr },
+
+ { true, valid_bit_list, "1 2", "3" },
+ { true, valid_bit_list, "1 2 3", "3" },
+ { false, valid_bit_list, "1 2 3 4", "3" },
+ { false, valid_bit_list, "128", "3" },
+
+ { false, nullptr, 0, nullptr }
+// __STRDUMP_ENABLE__
+};
+
+TEST_CASE("string", "[Parameter]")
+{
+ auto test = string_tests;
+
+ while ( test->validate )
+ {
+ Value v(test->value);
+ bool result = test->validate(v, test->range);
+ CHECK(result == test->expected);
+ ++test;
+ }
+}
+
+TEST_CASE("max", "[Parameter]")
+{
+ CHECK(get_int("max31") == 2147483647);
+ CHECK(get_int("max32") == 4294967295);
+ CHECK(get_int("max53") == 9007199254740992);
+
+ if ( sizeof(size_t) == 4 )
+ CHECK(get_int("maxSZ") == 4294967295);
+ else
+ CHECK(get_int("maxSZ") == 9007199254740992);
+}
+#endif
+
PT_LIST, // range is Parameter*, no default
PT_DYNAMIC, // range is RangeQuery*
PT_BOOL, // if you are reading this, get more coffee
- PT_INT, // signed 64 bits or less determined by range
+ PT_INT, // signed 53 bits or less determined by range
PT_INTERVAL, // string that defines an interval, bounds within range
PT_REAL, // double
PT_PORT, // 0 to 64K-1 unless specified otherwise
void set_enum(unsigned u)
{ type = VT_NUM; num = u; }
- void set_aux(unsigned u)
- { num = u; }
+ void set_aux(uint64_t u)
+ { num = (double)u; }
const char* get_name() const
{ return param ? param->name : nullptr; }
bool get_bool() const
{ return num != 0; }
- long get_long() const
+ long get_long() const // FIXIT-L to be removed
{ return (long)num; }
+ size_t get_size() const
+ { return (size_t)num; }
+
+ uint8_t get_uint8() const
+ { return (uint8_t)num; }
+
+ int16_t get_int16() const
+ { return (int16_t)num; }
+
+ uint16_t get_uint16() const
+ { return (uint16_t)num; }
+
+ int32_t get_int32() const
+ { return (int32_t)num; }
+
+ uint32_t get_uint32() const
+ { return (uint32_t)num; }
+
+ int64_t get_int64() const
+ { return (int64_t)num; }
+
+ uint64_t get_uint64() const
+ { return (uint64_t)num; }
+
double get_real() const
{ return num; }
const uint8_t* get_buffer(unsigned& n) const
- { n = str.size(); return (const uint8_t*)str.data(); }
+ { n = (unsigned)str.size(); return (const uint8_t*)str.data(); }
const char* get_string() const
{ return str.c_str(); }
const Parameter HostCacheModule::host_cache_params[] =
{
- { "size", Parameter::PT_INT, nullptr, nullptr,
+ { "size", Parameter::PT_INT, "1:max32", nullptr,
"size of host cache" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool HostCacheModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("size") )
- host_cache_size = v.get_long();
+ host_cache_size = v.get_uint32();
else
return false;
host->set_ip_addr(addr);
}
else if ( host and v.is("frag_policy") )
- host->set_frag_policy(v.get_long() + 1);
+ host->set_frag_policy(v.get_uint8() + 1);
else if ( host and v.is("tcp_policy") )
- host->set_stream_policy(v.get_long() + 1);
+ host->set_stream_policy(v.get_uint8() + 1);
else if ( v.is("name") )
app.snort_protocol_id = sc->proto_ref->add(v.get_string());
app.ipproto = sc->proto_ref->add(v.get_string());
else if ( v.is("port") )
- app.port = v.get_long();
+ app.port = v.get_uint16();
else
return false;
{ PRINT_OPT, Parameter::PT_IMPLIED, nullptr, nullptr,
"dump decode data to console; always true" },
- { LENGTH_OPT, Parameter::PT_INT, "0:", nullptr,
+ { LENGTH_OPT, Parameter::PT_INT, "0:max32", nullptr,
"compares ASN.1 type lengths with the supplied argument" },
- { ABS_OFFSET_OPT, Parameter::PT_INT, "0:", nullptr,
+ { ABS_OFFSET_OPT, Parameter::PT_INT, "0:65535", nullptr,
"absolute offset from the beginning of the packet" },
- { REL_OFFSET_OPT, Parameter::PT_INT, nullptr, nullptr,
+ { REL_OFFSET_OPT, Parameter::PT_INT, "-65535:65535", nullptr,
"relative offset from the cursor" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
else if ( v.is(LENGTH_OPT) )
{
data.length = 1;
- data.max_length = v.get_long();
+ data.max_length = v.get_uint32();
}
else if ( v.is(ABS_OFFSET_OPT) )
{
data.offset_type = ABS_OFFSET;
- data.offset = v.get_long();
+ data.offset = v.get_uint16();
}
else if ( v.is(REL_OFFSET_OPT) )
{
data.offset_type = REL_OFFSET;
- data.offset = v.get_long();
+ data.offset = v.get_int32();
}
else
return false;
static const Parameter s_params[] =
{
- { "bytes", Parameter::PT_INT, "1:", nullptr,
+ { "bytes", Parameter::PT_INT, "1:max32", nullptr,
"number of base64 encoded bytes to decode" },
- { "offset", Parameter::PT_INT, "0:", "0",
+ { "offset", Parameter::PT_INT, "0:max32", "0",
"bytes past start of buffer to start decoding" },
{ "relative", Parameter::PT_IMPLIED, nullptr, nullptr,
bool B64DecodeModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("bytes") )
- data.bytes_to_decode = v.get_long();
+ data.bytes_to_decode = v.get_uint32();
else if ( v.is("offset") )
- data.offset = v.get_long();
+ data.offset = v.get_uint32();
else if ( v.is("relative") )
data.flags |= BASE64DECODE_RELATIVE_FLAG;
bool ExtractModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("~count") )
- data.bytes_to_grab = v.get_long();
+ data.bytes_to_grab = v.get_uint8();
else if ( v.is("~offset") )
- data.offset = v.get_long();
+ data.offset = v.get_int32();
else if ( v.is("~name") )
data.name = snort_strdup(v.get_string());
data.relative_flag = 1;
else if ( v.is("align") )
- data.align = v.get_long();
+ data.align = v.get_uint8();
else if ( v.is("multiplier") )
- data.multiplier = v.get_long();
+ data.multiplier = v.get_uint16();
else if ( v.is("big") )
set_byte_order(data.endianness, ENDIAN_BIG, "byte_extract");
data.base = 8;
else if ( v.is("bitmask") )
- data.bitmask_val = v.get_long();
+ data.bitmask_val = v.get_uint32();
else
return false;
bool ByteJumpModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("~count") )
- data.bytes_to_grab = v.get_long();
+ data.bytes_to_grab = v.get_uint8();
else if ( v.is("~offset") )
{
data.align_flag = 1;
else if ( v.is("multiplier") )
- data.multiplier = v.get_long();
+ data.multiplier = v.get_uint16();
else if ( v.is("post_offset") )
{
data.from_end_flag = 1;
else if ( v.is("bitmask") )
- data.bitmask_val = v.get_long();
+ data.bitmask_val = v.get_uint32();
else
return false;
bool ByteMathModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("bytes") )
- data.bytes_to_extract = v.get_long();
+ data.bytes_to_extract = v.get_uint8();
else if ( v.is("oper") )
- data.oper = (BM_Oper)v.get_long();
+ data.oper = (BM_Oper)v.get_uint8();
else if ( v.is("rvalue") )
{
else if ( v.is("string") )
{
data.string_convert_flag = true;
- parse_base(v.get_long(), data);
+ parse_base(v.get_uint8(), data);
}
else if ( v.is("endian") )
- parse_endian(v.get_long(), data);
+ parse_endian(v.get_uint8(), data);
else if ( v.is("bitmask") )
- data.bitmask_val = v.get_long();
+ data.bitmask_val = v.get_uint32();
else if ( v.is("result") )
data.result_name = snort_strdup(v.get_string());
bool ByteTestModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("~count") )
- data.bytes_to_compare = v.get_long();
+ data.bytes_to_compare = v.get_uint8();
else if ( v.is("~operator") )
parse_operator(v.get_string(), data);
data.base = 8;
else if ( v.is("bitmask") )
- data.bitmask_val = v.get_long();
+ data.bitmask_val = v.get_uint32();
else
return false;
{ "fast_pattern", Parameter::PT_IMPLIED, nullptr, nullptr,
"use this content in the fast pattern matcher instead of the content selected by default" },
- { "fast_pattern_offset", Parameter::PT_INT, "0:", "0",
+ { "fast_pattern_offset", Parameter::PT_INT, "0:65535", "0",
"number of leading characters of this content the fast pattern matcher should exclude" },
- { "fast_pattern_length", Parameter::PT_INT, "1:", nullptr,
+ { "fast_pattern_length", Parameter::PT_INT, "1:65535", nullptr,
"maximum number of characters from this content the fast pattern matcher should use" },
{ "offset", Parameter::PT_STRING, nullptr, nullptr,
else if ( v.is("fast_pattern_offset") )
{
- cd->pmd.fp_offset = v.get_long();
+ cd->pmd.fp_offset = v.get_uint16();
cd->pmd.set_fast_pattern();
}
else if ( v.is("fast_pattern_length") )
{
- cd->pmd.fp_length = v.get_long();
+ cd->pmd.fp_length = v.get_uint16();
cd->pmd.set_fast_pattern();
}
else
{ "track", Parameter::PT_ENUM, "by_src | by_dst", nullptr,
"track hits by source or destination IP address" },
- { "count", Parameter::PT_INT, "1:", nullptr,
+ { "count", Parameter::PT_INT, "1:max32", nullptr,
"hits in interval before allowing the rule to fire" },
- { "seconds", Parameter::PT_INT, "1:", nullptr,
+ { "seconds", Parameter::PT_INT, "1:max32", nullptr,
"length of interval to count hits" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool DetectionFilterModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("track") )
- thdx.tracking = v.get_long() ? THD_TRK_DST : THD_TRK_SRC;
+ thdx.tracking = v.get_uint8() ? THD_TRK_DST : THD_TRK_SRC;
else if ( v.is("count") )
- thdx.count = v.get_long();
+ thdx.count = v.get_uint32();
else if ( v.is("seconds") )
- thdx.seconds = v.get_long();
+ thdx.seconds = v.get_uint32();
else
return false;
static const Parameter s_params[] =
{
- { "~", Parameter::PT_INT, "1:", nullptr,
+ { "~", Parameter::PT_INT, "1:max32", nullptr,
"generator id" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ return DETECT; }
public:
- int gid;
+ uint32_t gid;
};
bool GidModule::set(const char*, Value& v, SnortConfig*)
if ( !v.is("~") )
return false;
- gid = v.get_long();
+ gid = v.get_uint32();
return true;
}
hmd->relative = true;
else if ( v.is("length") )
- hmd->length = v.get_long();
+ hmd->length = v.get_uint16();
else
return false;
if (pcre_data->pe)
{
- if ((SnortConfig::get_pcre_match_limit() != -1) &&
+ if ((SnortConfig::get_pcre_match_limit() != 0) &&
!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
{
- if (pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT)
- {
- pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit();
- }
- else
- {
+ if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT) )
pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT;
- pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit();
- }
+
+ pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit();
}
- if ((SnortConfig::get_pcre_match_limit_recursion() != -1) &&
+ if ((SnortConfig::get_pcre_match_limit_recursion() != 0) &&
!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
{
- if (pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION)
- {
- pcre_data->pe->match_limit_recursion =
- SnortConfig::get_pcre_match_limit_recursion();
- }
- else
- {
+ if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION) )
pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
- pcre_data->pe->match_limit_recursion =
- SnortConfig::get_pcre_match_limit_recursion();
- }
+
+ pcre_data->pe->match_limit_recursion =
+ SnortConfig::get_pcre_match_limit_recursion();
}
}
else
{
if (!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT) &&
- ((SnortConfig::get_pcre_match_limit() != -1) ||
- (SnortConfig::get_pcre_match_limit_recursion() != -1)))
+ ((SnortConfig::get_pcre_match_limit() != 0) ||
+ (SnortConfig::get_pcre_match_limit_recursion() != 0)))
{
pcre_data->pe = (pcre_extra*)snort_calloc(sizeof(pcre_extra));
pcre_data->free_pe = true;
- if (SnortConfig::get_pcre_match_limit() != -1)
+ if (SnortConfig::get_pcre_match_limit() != 0)
{
pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT;
pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit();
}
- if (SnortConfig::get_pcre_match_limit_recursion() != -1)
+ if (SnortConfig::get_pcre_match_limit_recursion() != 0)
{
pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
pcre_data->pe->match_limit_recursion =
static const Parameter s_params[] =
{
- { "~", Parameter::PT_INT, "1:", nullptr,
+ { "~", Parameter::PT_INT, "1:max31", nullptr,
"relative severity level; 1 is highest priority" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
if ( !v.is("~") )
return false;
- priority = v.get_long();
+ priority = v.get_int32();
return true;
}
static const Parameter s_params[] =
{
- { "~", Parameter::PT_INT, "1:", nullptr,
+ { "~", Parameter::PT_INT, "1:max32", nullptr,
"revision" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ return DETECT; }
public:
- int rev;
+ uint32_t rev;
};
bool RevModule::set(const char*, Value& v, SnortConfig*)
if ( !v.is("~") )
return false;
- rev = v.get_long();
+ rev = v.get_uint32();
return true;
}
static const Parameter s_params[] =
{
- { "~app", Parameter::PT_INT, nullptr, nullptr,
+ { "~app", Parameter::PT_INT, "0:max32", nullptr,
"application number" },
{ "~ver", Parameter::PT_STRING, nullptr, nullptr,
bool RpcModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("~app") )
- data.program = (uint32_t)v.get_long();
+ data.program = v.get_uint32();
else if ( v.is("~ver") )
return set(v, data.version, RPC_CHECK_VERSION);
{ "~pattern", Parameter::PT_STRING, nullptr, nullptr,
"The pattern to search for" },
- { "threshold", Parameter::PT_INT, "1", nullptr,
+ { "threshold", Parameter::PT_INT, "1:max32", "1",
"number of matches before alerting" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
config.pii.erase(config.pii.length()-1, 1);
}
else if ( v.is("threshold") )
- config.threshold = v.get_long();
+ config.threshold = v.get_uint32();
else
return false;
bool SsnModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("~mode") )
- data.session_flag = v.get_long() + 1;
+ data.session_flag = v.get_uint8() + 1;
else
return false;
static const Parameter s_params[] =
{
- { "~", Parameter::PT_INT, "1:", nullptr,
+ { "~", Parameter::PT_INT, "1:max32", nullptr,
"signature id" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ return DETECT; }
public:
- int sid;
+ uint32_t sid;
};
bool SidModule::set(const char*, Value& v, SnortConfig*)
if ( !v.is("~") )
return false;
- sid = v.get_long();
+ sid = v.get_uint32();
return true;
}
{ "~", Parameter::PT_ENUM, "session|host_src|host_dst", nullptr,
"log all packets in session or all packets to or from host" },
- { "packets", Parameter::PT_INT, "1:", nullptr,
+ { "packets", Parameter::PT_INT, "1:max32", nullptr,
"tag this many packets" },
- { "seconds", Parameter::PT_INT, "1:", nullptr,
+ { "seconds", Parameter::PT_INT, "1:max32", nullptr,
"tag for this many seconds" },
- { "bytes", Parameter::PT_INT, "1:", nullptr,
+ { "bytes", Parameter::PT_INT, "1:max32", nullptr,
"tag for this many bytes" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{
if ( v.is("~") )
{
- switch (v.get_long())
+ switch (v.get_uint8())
{
case 0:
tag->tag_type = TAG_SESSION;
else if ( v.is("packets") )
{
tag->tag_metric |= TAG_METRIC_PACKETS;
- tag->tag_packets = v.get_long();
+ tag->tag_packets = v.get_uint32();
}
else if ( v.is("seconds") )
{
tag->tag_metric |= TAG_METRIC_SECONDS;
- tag->tag_seconds = v.get_long();
+ tag->tag_seconds = v.get_uint32();
}
else if ( v.is("bytes") )
{
tag->tag_metric |= TAG_METRIC_BYTES;
- tag->tag_bytes = v.get_long();
+ tag->tag_bytes = v.get_uint32();
}
else
return false;
if ( !v.is("~") )
return false;
- assert(v.get_long() >= 0 and v.get_long() <= TARGET_MAX);
- target = static_cast<Target>(v.get_long() + 1);
+ assert(v.get_uint8() <= TARGET_MAX);
+ target = static_cast<Target>(v.get_uint8() + 1);
return true;
}
static const Parameter s_packet_params[] =
{
- { "max_time", Parameter::PT_INT, "0:", "500",
+ { "max_time", Parameter::PT_INT, "0:max53", "500",
"set timeout for packet latency thresholding (usec)" },
{ "fastpath", Parameter::PT_BOOL, nullptr, "false",
static const Parameter s_rule_params[] =
{
- { "max_time", Parameter::PT_INT, "0:", "500",
+ { "max_time", Parameter::PT_INT, "0:max53", "500",
"set timeout for rule evaluation (usec)" },
// We could just treat suspend_threshold == 0 as suspend == false
{ "suspend", Parameter::PT_BOOL, nullptr, "false",
"temporarily suspend expensive rules" },
- { "suspend_threshold", Parameter::PT_INT, "1:", "5",
+ { "suspend_threshold", Parameter::PT_INT, "1:max32", "5",
"set threshold for number of timeouts before suspending a rule" },
- { "max_suspend_time", Parameter::PT_INT, "0:", "30000",
+ { "max_suspend_time", Parameter::PT_INT, "0:max32", "30000",
"set max time for suspending a rule (ms, 0 means permanently disable rule)" },
{ "action", Parameter::PT_ENUM, "none | alert | log | alert_and_log", "none",
{
if ( v.is("max_time") )
{
- long t = clock_ticks(v.get_long());
+ long t = clock_ticks(v.get_int64());
config.max_time = TO_DURATION(config.max_time, t);
}
else if ( v.is("fastpath") )
else if ( v.is("action") )
config.action =
- static_cast<decltype(config.action)>(v.get_long());
+ static_cast<decltype(config.action)>(v.get_uint8());
else
return false;
{
if ( v.is("max_time") )
{
- long t = clock_ticks(v.get_long());
+ long t = clock_ticks(v.get_uint64());
config.max_time = TO_DURATION(config.max_time, t);
}
else if ( v.is("suspend") )
config.suspend = v.get_bool();
else if ( v.is("suspend_threshold") )
- config.suspend_threshold = v.get_long();
+ config.suspend_threshold = v.get_uint32();
else if ( v.is("max_suspend_time") )
{
- long t = clock_ticks(v.get_long());
+ long t = clock_ticks(v.get_uint32());
config.max_suspend_time = TO_DURATION(config.max_time, t);
}
else if ( v.is("action") )
config.action =
- static_cast<decltype(config.action)>(v.get_long());
+ static_cast<decltype(config.action)>(v.get_uint8());
else
return false;
{ "fields", Parameter::PT_MULTI, csv_range, csv_deflt,
"selected fields will be output in given order left to right" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ "separator", Parameter::PT_STRING, nullptr, ", ",
public:
bool file;
+ size_t limit;
string sep;
- unsigned long limit;
vector<CsvFunc> fields;
};
}
else if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else if ( v.is("separator") )
sep = v.get_string();
{ "packet", Parameter::PT_BOOL, nullptr, "false",
"output packet dump with alert" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ return CONTEXT; }
public:
+ size_t limit;
bool file;
- unsigned long limit;
bool packet;
};
packet = v.get_bool();
else if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else
return false;
{ "file", Parameter::PT_BOOL, nullptr, "false",
"output to " F_NAME " instead of stdout" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
public:
bool file;
- unsigned long limit;
+ size_t limit;
};
bool FullModule::set(const char*, Value& v, SnortConfig*)
file = v.get_bool();
else if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else
return false;
{ "fields", Parameter::PT_MULTI, json_range, json_deflt,
"selected fields will be output in given order left to right" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ "separator", Parameter::PT_STRING, nullptr, ", ",
public:
bool file;
+ size_t limit;
string sep;
- unsigned long limit;
vector<JsonFunc> fields;
};
}
else if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else if ( v.is("separator") )
sep = v.get_string();
static const Parameter rule_params[] =
{
- { "gid", Parameter::PT_INT, "1:", "1",
+ { "gid", Parameter::PT_INT, "1:max32", "1",
"rule generator ID" },
- { "sid", Parameter::PT_INT, "1:", "1",
+ { "sid", Parameter::PT_INT, "1:max32", "1",
"rule signature ID" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
file = v.get_string();
else if ( v.is("gid") )
- rule.gid = v.get_long();
+ rule.gid = v.get_uint32();
else if ( v.is("sid") )
- rule.sid = v.get_long();
+ rule.sid = v.get_uint32();
return true;
}
bool SyslogModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("facility") )
- facility = get_facility(v.get_long());
+ facility = get_facility(v.get_uint8());
else if ( v.is("level") )
- level = get_level(v.get_long());
+ level = get_level(v.get_uint8());
else if ( v.is("options") )
options = get_options(v.get_string());
{ "raw", Parameter::PT_BOOL, nullptr, "false",
"output all full packets if true, else just TCP payload" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
- { "width", Parameter::PT_INT, "0:", "20",
+ { "width", Parameter::PT_INT, "0:max32", "20",
"set line width (0 is unlimited)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
public:
bool file;
bool raw;
- unsigned long limit;
+ size_t limit;
unsigned width;
};
raw = v.get_bool();
else if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else if ( v.is("width") )
- width = v.get_long();
+ width = v.get_uint32();
else
return false;
static const Parameter s_params[] =
{
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ return CONTEXT; }
public:
- unsigned long limit;
+ size_t limit;
};
bool TcpdumpModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else
return false;
if(!no_timestamp)
{
char timestamp[16];
- snprintf(timestamp, sizeof(timestamp), ".%lu", context.lastTime);
+ snprintf(timestamp, sizeof(timestamp), ".%lu", (unsigned long)context.lastTime);
filename += timestamp;
}
struct Unified2Config
{
- unsigned int limit;
+ size_t limit;
int nostamp;
bool legacy_events;
};
{ "legacy_events", Parameter::PT_BOOL, nullptr, "false",
"generate Snort 2.X style events for barnyard2 compatibility" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:maxSZ", "0",
"set maximum size in MB before rollover (0 is unlimited)" },
{ "nostamp", Parameter::PT_BOOL, nullptr, "true",
{ return CONTEXT; }
public:
- unsigned limit;
+ size_t limit;
bool nostamp;
bool legacy_events;
};
bool U2Module::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("limit") )
- limit = v.get_long() * 1024 * 1024;
+ limit = v.get_size() * 1024 * 1024;
else if ( v.is("nostamp") )
nostamp = v.get_bool();
using namespace snort;
using namespace std;
-#define snort_help \
- "\n" \
- "Snort has several options to get more help:\n" \
- "\n" \
- "-? list command line options (same as --help)\n" \
- "--help this overview of help\n" \
- "--help-commands [<module prefix>] output matching commands\n" \
- "--help-config [<module prefix>] output matching config options\n" \
- "--help-counts [<module prefix>] output matching peg counts\n" \
- "--help-module <module> output description of given module\n" \
- "--help-modules list all available modules with brief help\n" \
- "--help-plugins list all available plugins with brief help\n" \
- "--help-options [<option prefix>] output matching command line options\n" \
- "--help-signals dump available control signals\n" \
- "--list-buffers output available inspection buffers\n" \
- "--list-builtin [<module prefix>] output matching builtin rules\n" \
- "--list-gids [<module prefix>] output matching generators\n" \
- "--list-modules [<module type>] list all known modules\n" \
- "--list-plugins list all known modules\n" \
- "--show-plugins list module and plugin versions\n" \
- "\n" \
- "--help* and --list* options preempt other processing so should be last on the\n" \
- "command line since any following options are ignored. To ensure options like\n" \
- "--markup and --plugin-path take effect, place them ahead of the help or list\n" \
- "options.\n" \
- "\n" \
- "Options that filter output based on a matching prefix, such as --help-config\n" \
- "won't output anything if there is no match. If no prefix is given, everything\n" \
- "matches.\n" \
- "\n" \
- "Report bugs to bugs@snort.org.\n"
+static constexpr const char* snort_help =
+ "\n"
+ "Snort has several options to get more help:\n"
+ "\n"
+ "-? list command line options (same as --help)\n"
+ "--help this overview of help\n"
+ "--help-commands [<module prefix>] output matching commands\n"
+ "--help-config [<module prefix>] output matching config options\n"
+ "--help-counts [<module prefix>] output matching peg counts\n"
+ "--help-limits print the int upper bounds denoted by max*\n"
+ "--help-module <module> output description of given module\n"
+ "--help-modules list all available modules with brief help\n"
+ "--help-plugins list all available plugins with brief help\n"
+ "--help-options [<option prefix>] output matching command line options\n"
+ "--help-signals dump available control signals\n"
+ "--list-buffers output available inspection buffers\n"
+ "--list-builtin [<module prefix>] output matching builtin rules\n"
+ "--list-gids [<module prefix>] output matching generators\n"
+ "--list-modules [<module type>] list all known modules\n"
+ "--list-plugins list all known modules\n"
+ "--show-plugins list module and plugin versions\n"
+ "\n"
+ "--help* and --list* options preempt other processing so should be last on the\n"
+ "command line since any following options are ignored. To ensure options like\n"
+ "--markup and --plugin-path take effect, place them ahead of the help or list\n"
+ "options.\n"
+ "\n"
+ "Options that filter output based on a matching prefix, such as --help-config\n"
+ "won't output anything if there is no match. If no prefix is given, everything\n"
+ "matches.\n"
+ "\n"
+ "Report bugs to bugs@snort.org.\n";
//-------------------------------------------------------------------------
{
Module* m = get_snort_module();
const Parameter* p = m->get_parameters();
- unsigned n = pfx ? strlen(pfx) : 0;
+ size_t n = pfx ? strlen(pfx) : 0;
while ( p->name )
{
show_help(sc, val, HT_PEG);
}
+[[noreturn]] void help_limits(SnortConfig*, const char*)
+{
+ fprintf(stdout, "limits:\n");
+ fprintf(stdout, "max31 = 2147483647\n");
+ fprintf(stdout, "max32 = 4294967295\n");
+ fprintf(stdout, "max53 = 9007199254740992\n");
+ fprintf(stdout, "maxSZ = %zu\n", (sizeof(size_t) == 4) ? 4294967295 : 9007199254740992);
+ exit(0);
+}
+
[[noreturn]] void help_module(SnortConfig* sc, const char* val)
{
show_help(sc, val, HT_MOD);
void config_markup(snort::SnortConfig*, const char*);
void help_args(const char* pfx);
+
[[noreturn]] void help_basic(snort::SnortConfig*, const char*);
-[[noreturn]] void help_usage(snort::SnortConfig*, const char*);
-[[noreturn]] void help_options(snort::SnortConfig*, const char*);
-[[noreturn]] void help_signals(snort::SnortConfig*, const char*);
-[[noreturn]] void help_config(snort::SnortConfig* sc, const char*);
-[[noreturn]] void help_commands(snort::SnortConfig* sc, const char*);
-[[noreturn]] void help_gids(snort::SnortConfig* sc, const char*);
[[noreturn]] void help_buffers(snort::SnortConfig* sc, const char*);
[[noreturn]] void help_builtin(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_commands(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_config(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_counts(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_gids(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_limits(snort::SnortConfig* sc, const char*);
[[noreturn]] void help_module(snort::SnortConfig* sc, const char*);
[[noreturn]] void help_modules(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_options(snort::SnortConfig*, const char*);
[[noreturn]] void help_plugins(snort::SnortConfig* sc, const char*);
+[[noreturn]] void help_signals(snort::SnortConfig*, const char*);
+[[noreturn]] void help_usage(snort::SnortConfig*, const char*);
[[noreturn]] void help_version(snort::SnortConfig*);
-[[noreturn]] void help_counts(snort::SnortConfig* sc, const char*);
+[[noreturn]] void list_daqs(snort::SnortConfig* sc);
[[noreturn]] void list_modules(snort::SnortConfig* sc, const char*);
[[noreturn]] void list_plugins(snort::SnortConfig* sc, const char*);
-[[noreturn]] void list_daqs(snort::SnortConfig* sc);
-[[noreturn]] void dump_defaults(snort::SnortConfig* sc, const char*);
[[noreturn]] void dump_builtin_rules(snort::SnortConfig* sc, const char*);
+[[noreturn]] void dump_defaults(snort::SnortConfig* sc, const char*);
[[noreturn]] void dump_dynamic_rules(snort::SnortConfig* sc, const char*);
[[noreturn]] void dump_msg_map(snort::SnortConfig* sc, const char*);
[[noreturn]] void dump_rule_hex(snort::SnortConfig* sc, const char*);
/* *INDENT-OFF* */ // Uncrustify handles this section incorrectly.
static const Parameter detection_params[] =
{
- { "asn1", Parameter::PT_INT, "0:256", "0",
+ { "asn1", Parameter::PT_INT, "0:65535", "0",
"maximum decode nodes" },
- { "offload_limit", Parameter::PT_INT, "0:", "99999",
+ { "offload_limit", Parameter::PT_INT, "0:max32", "99999",
"minimum sizeof PDU to offload fast pattern search (defaults to disabled)" },
- { "offload_threads", Parameter::PT_INT, "0:", "0",
+ { "offload_threads", Parameter::PT_INT, "0:max32", "0",
"maximum number of simultaneous offloads (defaults to disabled)" },
{ "pcre_enable", Parameter::PT_BOOL, nullptr, "true",
"disable pcre pattern matching" },
- { "pcre_match_limit", Parameter::PT_INT, "-1:1000000", "1500",
- "limit pcre backtracking, -1 = max, 0 = off" },
+ { "pcre_match_limit", Parameter::PT_INT, "0:max32", "1500",
+ "limit pcre backtracking, 0 = off" },
- { "pcre_match_limit_recursion", Parameter::PT_INT, "-1:10000", "1500",
- "limit pcre stack consumption, -1 = max, 0 = off" },
+ { "pcre_match_limit_recursion", Parameter::PT_INT, "0:max32", "1500",
+ "limit pcre stack consumption, 0 = off" },
{ "enable_address_anomaly_checks", Parameter::PT_BOOL, nullptr, "false",
"enable check and alerting of address anomalies" },
bool DetectionModule::set(const char* fqn, Value& v, SnortConfig* sc)
{
if ( v.is("asn1") )
- sc->asn1_mem = v.get_long();
+ sc->asn1_mem = v.get_uint16();
else if ( v.is("offload_limit") )
- sc->offload_limit = v.get_long();
+ sc->offload_limit = v.get_uint32();
else if ( v.is("offload_threads") )
- sc->offload_threads = v.get_long();
+ sc->offload_threads = v.get_uint32();
else if ( v.is("pcre_enable") )
v.update_mask(sc->run_flags, RUN_FLAG__NO_PCRE, true);
else if ( v.is("pcre_match_limit") )
- sc->pcre_match_limit = v.get_long();
+ sc->pcre_match_limit = v.get_uint32();
else if ( v.is("pcre_match_limit_recursion") )
- sc->pcre_match_limit_recursion = v.get_long();
+ sc->pcre_match_limit_recursion = v.get_uint32();
else if ( v.is("enable_address_anomaly_checks") )
sc->address_anomaly_check_enabled = v.get_bool();
static const Parameter event_queue_params[] =
{
- { "max_queue", Parameter::PT_INT, "1:", "8",
+ { "max_queue", Parameter::PT_INT, "1:max32", "8",
"maximum events to queue" },
- { "log", Parameter::PT_INT, "1:", "3",
+ { "log", Parameter::PT_INT, "1:max32", "3",
"maximum events to log" },
{ "order_events", Parameter::PT_ENUM,
EventQueueConfig* eq = sc->event_queue_config;
if ( v.is("max_queue") )
- eq->max_events = v.get_long();
+ eq->max_events = v.get_uint32();
else if ( v.is("log") )
- eq->log_events = v.get_long();
+ eq->log_events = v.get_uint32();
else if ( v.is("order_events") )
{
- if ( v.get_long() )
+ if ( v.get_uint8() )
eq->order = SNORT_EVENTQ_CONTENT_LEN;
else
eq->order = SNORT_EVENTQ_PRIORITY;
static const Parameter search_engine_params[] =
{
- { "bleedover_port_limit", Parameter::PT_INT, "1:", "1024",
+ { "bleedover_port_limit", Parameter::PT_INT, "1:max32", "1024",
"maximum ports in rule before demotion to any-any port group" },
{ "bleedover_warnings_enabled", Parameter::PT_BOOL, nullptr, "false",
{ "debug_print_rule_groups_compiled", Parameter::PT_BOOL, nullptr, "false",
"prints compiled rule group information" },
- { "max_pattern_len", Parameter::PT_INT, "0:", "0",
+ { "max_pattern_len", Parameter::PT_INT, "0:max32", "0",
"truncate patterns when compiling into state machine (0 means no maximum)" },
{ "max_queue_events", Parameter::PT_INT, "2:100", "5", // upper bound is MAX_EVENT_MATCH
FastPatternConfig* fp = sc->fast_pattern_config;
if ( v.is("bleedover_port_limit") )
- fp->set_bleed_over_port_limit(v.get_long());
+ fp->set_bleed_over_port_limit(v.get_uint32());
else if ( v.is("bleedover_warnings_enabled") )
{
fp->set_debug_print_rule_groups_compiled();
}
else if ( v.is("max_pattern_len") )
- fp->set_max_pattern_len(v.get_long());
+ fp->set_max_pattern_len(v.get_uint32());
else if ( v.is("max_queue_events") )
- fp->set_max_queue_events(v.get_long());
+ fp->set_max_queue_events(v.get_uint8());
else if ( v.is("detect_raw_tcp") )
fp->set_stream_insert(v.get_bool());
return false;
}
else if ( v.is("search_optimize") )
- fp->set_search_opt(v.get_long());
+ fp->set_search_opt(v.get_bool());
else if ( v.is("show_fast_patterns") )
fp->set_debug_print_fast_patterns(v.get_bool());
else if ( v.is("split_any_any") )
- fp->set_split_any_any(v.get_long());
+ fp->set_split_any_any(v.get_bool());
else
return false;
{ "show", Parameter::PT_BOOL, nullptr, "true",
"show module time profile stats" },
- { "count", Parameter::PT_INT, "0:", "0",
+ { "count", Parameter::PT_INT, "0:max32", "0",
"limit results to count items per level (0 = no limit)" },
{ "sort", Parameter::PT_ENUM,
"none | checks | avg_check | total_time ",
"total_time", "sort by given field" },
- { "max_depth", Parameter::PT_INT, "-1:", "-1",
+ { "max_depth", Parameter::PT_INT, "-1:255", "-1",
"limit depth to max_depth (-1 = no limit)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "show", Parameter::PT_BOOL, nullptr, "true",
"show module memory profile stats" },
- { "count", Parameter::PT_INT, "0:", "0",
+ { "count", Parameter::PT_INT, "0:max32", "0",
"limit results to count items per level (0 = no limit)" },
{ "sort", Parameter::PT_ENUM,
"none | allocations | total_used | avg_allocation ",
"total_used", "sort by given field" },
- { "max_depth", Parameter::PT_INT, "-1:", "-1",
+ { "max_depth", Parameter::PT_INT, "-1:255", "-1",
"limit depth to max_depth (-1 = no limit)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "show", Parameter::PT_BOOL, nullptr, "true",
"show rule time profile stats" },
- { "count", Parameter::PT_INT, "0:", "0",
+ { "count", Parameter::PT_INT, "0:max32", "0",
"print results to given level (0 = all)" },
{ "sort", Parameter::PT_ENUM,
template<typename T>
static bool s_profiler_module_set_max_depth(T& config, Value& v)
-{ config.max_depth = v.get_long(); return true; }
+{ config.max_depth = v.get_uint8(); return true; }
static bool s_profiler_module_set_max_depth(RuleProfilerConfig&, Value&)
{ return false; }
static bool s_profiler_module_set(T& config, Value& v)
{
if ( v.is("count") )
- config.count = v.get_long();
+ config.count = v.get_uint32();
else if ( v.is("show") )
config.show = v.get_bool();
else if ( v.is("sort") )
- config.sort = static_cast<typename T::Sort>(v.get_long());
+ config.sort = static_cast<typename T::Sort>(v.get_uint8());
else if ( v.is("max_depth") )
return s_profiler_module_set_max_depth(config, v);
{ "name", Parameter::PT_STRING, nullptr, nullptr,
"name used with classtype rule option" },
- { "priority", Parameter::PT_INT, "0:", "1",
+ { "priority", Parameter::PT_INT, "0:max32", "1",
"default priority for class" },
{ "text", Parameter::PT_STRING, nullptr, nullptr,
private:
string name;
string text;
- int priority;
+ unsigned priority;
};
bool ClassificationsModule::begin(const char*, int, SnortConfig*)
name = v.get_string();
else if ( v.is("priority") )
- priority = v.get_long();
+ priority = v.get_uint32();
else if ( v.is("text") )
text = v.get_string();
{ "default_rule_state", Parameter::PT_BOOL, nullptr, "true",
"enable or disable ips rules" },
- { "detection_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available bytes of memory for detection_filters" },
+ { "detection_filter_memcap", Parameter::PT_INT, "0:max32", "1048576",
+ "set available MB of memory for detection_filters" },
- { "event_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available bytes of memory for event_filters" },
+ { "event_filter_memcap", Parameter::PT_INT, "0:max32", "1048576",
+ "set available MB of memory for event_filters" },
{ "log_references", Parameter::PT_BOOL, nullptr, "false",
"include rule references in alert info (full only)" },
{ "order", Parameter::PT_STRING, nullptr, "pass drop alert log",
"change the order of rule action application" },
- { "rate_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available bytes of memory for rate_filters" },
+ { "rate_filter_memcap", Parameter::PT_INT, "0:max32", "1048576",
+ "set available MB of memory for rate_filters" },
{ "reference_net", Parameter::PT_STRING, nullptr, nullptr,
"set the CIDR for homenet "
sc->default_rule_state = v.get_bool();
else if ( v.is("detection_filter_memcap") )
- sc->detection_filter_config->memcap = v.get_long();
+ sc->detection_filter_config->memcap = v.get_uint32();
else if ( v.is("event_filter_memcap") )
- sc->threshold_config->memcap = v.get_long();
+ sc->threshold_config->memcap = v.get_uint32();
else if ( v.is("log_references") )
v.update_mask(sc->output_flags, OUTPUT_FLAG__ALERT_REFS);
OrderRuleLists(sc, v.get_string());
else if ( v.is("rate_filter_memcap") )
- sc->rate_filter_config->memcap = v.get_long();
+ sc->rate_filter_config->memcap = v.get_uint32();
else if ( v.is("reference_net") )
return ( sc->homenet.set(v.get_string()) == SFIP_SUCCESS );
{ "show_year", Parameter::PT_BOOL, nullptr, "false",
"include year in timestamp in the alert and log files (same as -y)" },
- { "tagged_packet_limit", Parameter::PT_INT, "0:", "256",
+ { "tagged_packet_limit", Parameter::PT_INT, "0:max32", "256",
"maximum number of packets tagged for non-packet metrics" },
{ "verbose", Parameter::PT_BOOL, nullptr, "false",
sc->log_dir = v.get_string();
else if ( v.is("max_data") )
- sc->event_trace_max = v.get_long();
+ sc->event_trace_max = v.get_uint16();
else if ( v.is("obfuscate") )
v.update_mask(sc->output_flags, OUTPUT_FLAG__OBFUSCATE);
v.update_mask(sc->output_flags, OUTPUT_FLAG__INCLUDE_YEAR);
else if ( v.is("tagged_packet_limit") )
- sc->tagged_packet_limit = v.get_long();
+ sc->tagged_packet_limit = v.get_uint32();
else if ( v.is("verbose") )
v.update_mask(sc->logging_flags, LOGGING_FLAG__VERBOSE);
static const Parameter active_params[] =
{
- { "attempts", Parameter::PT_INT, "0:20", "0",
+ { "attempts", Parameter::PT_INT, "0:255", "0",
"number of TCP packets sent per response (with varying sequence numbers)" },
{ "device", Parameter::PT_STRING, nullptr, nullptr,
{ "dst_mac", Parameter::PT_STRING, nullptr, nullptr,
"use format '01:23:45:67:89:ab'" },
- { "max_responses", Parameter::PT_INT, "0:", "0",
+ { "max_responses", Parameter::PT_INT, "0:255", "0",
"maximum number of responses" },
{ "min_interval", Parameter::PT_INT, "1:255", "255",
bool ActiveModule::set(const char*, Value& v, SnortConfig* sc)
{
if ( v.is("attempts") )
- sc->respond_attempts = v.get_long();
+ sc->respond_attempts = v.get_uint8();
else if ( v.is("device") )
sc->respond_device = v.get_string();
sc->set_dst_mac(v.get_string());
else if ( v.is("max_responses") )
- sc->max_responses = v.get_long();
+ sc->max_responses = v.get_uint8();
else if ( v.is("min_interval") )
- sc->min_interval = v.get_long();
+ sc->min_interval = v.get_uint8();
else
return false;
{ "bpf_file", Parameter::PT_STRING, nullptr, nullptr,
"file with BPF to select traffic for Snort" },
- { "limit", Parameter::PT_INT, "0:", "0",
+ { "limit", Parameter::PT_INT, "0:max53", "0",
"maximum number of packets to process before stopping (0 is unlimited)" },
- { "skip", Parameter::PT_INT, "0:", "0",
+ { "skip", Parameter::PT_INT, "0:max53", "0",
"number of packets to skip before before processing" },
{ "vlan_agnostic", Parameter::PT_BOOL, nullptr, "false",
bool PacketsModule::set(const char*, Value& v, SnortConfig* sc)
{
if ( v.is("address_space_agnostic") )
- sc->addressspace_agnostic = v.get_long();
+ sc->addressspace_agnostic = v.get_bool();
else if ( v.is("bpf_file") )
sc->bpf_file = v.get_string();
else if ( v.is("limit") )
- sc->pkt_cnt = v.get_long();
+ sc->pkt_cnt = v.get_uint64();
else if ( v.is("skip") )
- sc->pkt_skip = v.get_long();
+ sc->pkt_skip = v.get_uint64();
else if ( v.is("vlan_agnostic") )
- sc->vlan_agnostic = v.get_long();
+ sc->vlan_agnostic = v.get_bool();
else
return false;
static const Parameter attribute_table_params[] =
{
- { "max_hosts", Parameter::PT_INT, "32:207551", "1024",
+ { "max_hosts", Parameter::PT_INT, "32:max53", "1024",
"maximum number of hosts in attribute table" },
{ "max_services_per_host", Parameter::PT_INT, "1:65535", "8",
"maximum number of services per host entry in attribute table" },
- { "max_metadata_services", Parameter::PT_INT, "1:256", "8",
- "maximum number of services in rule metadata" },
+ { "max_metadata_services", Parameter::PT_INT, "1:255", "8",
+ "maximum number of services in rule" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
bool AttributeTableModule::set(const char*, Value& v, SnortConfig* sc)
{
if ( v.is("max_hosts") )
- sc->max_attribute_hosts = v.get_long();
+ sc->max_attribute_hosts = v.get_uint32();
else if ( v.is("max_services_per_host") )
- sc->max_attribute_services_per_host = v.get_long();
+ sc->max_attribute_services_per_host = v.get_uint16();
else if ( v.is("max_metadata_services") )
- sc->max_metadata_services = v.get_long();
+ sc->max_metadata_services = v.get_uint8();
else
return false;
else if ( v.is("id") )
{
- p->user_policy_id = v.get_long();
+ p->user_policy_id = v.get_uint16();
sc->policy_map->set_user_network(p);
}
else if ( v.is("min_ttl") )
- p->min_ttl = (uint8_t)v.get_long();
+ p->min_ttl = v.get_uint8();
else if ( v.is("new_ttl") )
- p->new_ttl = (uint8_t)v.get_long();
+ p->new_ttl = v.get_uint8();
else if (v.is("layers"))
- sc->num_layers = (uint8_t)v.get_long();
+ sc->num_layers = v.get_uint8();
else if (v.is("max_ip6_extensions"))
- sc->max_ip6_extensions = (uint8_t)v.get_long();
+ sc->max_ip6_extensions = v.get_uint8();
else if (v.is("max_ip_layers"))
- sc->max_ip_layers = (uint8_t)v.get_long();
+ sc->max_ip_layers = v.get_uint8();
else
return false;
if ( v.is("id") )
{
- p->user_policy_id = v.get_long();
+ p->user_policy_id = v.get_uint16();
sc->policy_map->set_user_inspection(p);
}
else if ( v.is("mode") )
{
- switch ( v.get_long() )
+ switch ( v.get_uint8() )
{
case 0:
p->policy_mode = POLICY_MODE__INLINE;
else if ( v.is("id") )
{
- p->user_policy_id = v.get_long();
+ p->user_policy_id = v.get_uint16();
sc->policy_map->set_user_ips(p);
}
p->include = v.get_string();
else if ( v.is("mode") )
- p->policy_mode = (PolicyMode)v.get_long();
+ p->policy_mode = (PolicyMode)v.get_uint8();
else if ( v.is("rules") )
p->rules = v.get_string();
{ "cpuset", Parameter::PT_STRING, nullptr, nullptr,
"pin the associated thread to this cpuset" },
- { "thread", Parameter::PT_INT, "0:", "0",
+ { "thread", Parameter::PT_INT, "0:65535", "0",
"set cpu affinity for the <cur_thread_num> thread that runs" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "set_uid", Parameter::PT_STRING, nullptr, nullptr,
"set user ID (same as -u)" },
- { "umask", Parameter::PT_STRING, nullptr, nullptr,
+ { "umask", Parameter::PT_INT, "0x000:0x1FF", nullptr,
"set process umask (same as -m)" },
{ "utc", Parameter::PT_BOOL, nullptr, "false",
sc->set_uid(v.get_string());
else if ( v.is("umask") )
- sc->set_umask(v.get_string());
+ sc->set_umask(v.get_uint32());
else if ( v.is("utc") )
sc->set_utc(v.get_bool());
return false;
}
else if (v.is("thread"))
- thread = v.get_long();
+ thread = v.get_uint16();
else
return false;
static const Parameter suppress_params[] =
{
- { "gid", Parameter::PT_INT, "0:", "0",
+ { "gid", Parameter::PT_INT, "0:max32", "0",
"rule generator ID" },
- { "sid", Parameter::PT_INT, "0:", "0",
+ { "sid", Parameter::PT_INT, "0:max32", "0",
"rule signature ID" },
{ "track", Parameter::PT_ENUM, "by_src | by_dst", nullptr,
bool SuppressModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("gid") )
- thdx.gen_id = v.get_long();
+ thdx.gen_id = v.get_uint32();
else if ( v.is("sid") )
- thdx.sig_id = v.get_long();
+ thdx.sig_id = v.get_uint32();
else if ( v.is("track") )
- thdx.tracking = v.get_long() + 1;
+ thdx.tracking = v.get_uint8() + 1;
else if ( v.is("ip") )
thdx.ip_address = sfip_var_from_string(v.get_string(), "suppress");
static const Parameter event_filter_params[] =
{
- { "gid", Parameter::PT_INT, "0:", "1",
+ { "gid", Parameter::PT_INT, "0:max32", "1",
"rule generator ID" },
- { "sid", Parameter::PT_INT, "0:", "1",
+ { "sid", Parameter::PT_INT, "0:max32", "1",
"rule signature ID" },
{ "type", Parameter::PT_ENUM, "limit | threshold | both", nullptr,
{ "track", Parameter::PT_ENUM, "by_src | by_dst", nullptr,
"filter only matching source or destination addresses" },
- { "count", Parameter::PT_INT, "-1:", "0",
+ { "count", Parameter::PT_INT, "-1:max31", "0",
"number of events in interval before tripping; -1 to disable" },
- { "seconds", Parameter::PT_INT, "0:", "0",
+ { "seconds", Parameter::PT_INT, "0:max32", "0",
"count interval" },
{ "ip", Parameter::PT_STRING, nullptr, nullptr,
bool EventFilterModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("gid") )
- thdx.gen_id = v.get_long();
+ thdx.gen_id = v.get_uint32();
else if ( v.is("sid") )
- thdx.sig_id = v.get_long();
+ thdx.sig_id = v.get_uint32();
else if ( v.is("track") )
- thdx.tracking = v.get_long() + 1;
+ thdx.tracking = v.get_uint8() + 1;
else if ( v.is("ip") )
thdx.ip_address = sfip_var_from_string(v.get_string(), "event_filter");
else if ( v.is("count") )
- thdx.count = v.get_long();
+ thdx.count = v.get_int32();
else if ( v.is("seconds") )
- thdx.seconds = v.get_long();
+ thdx.seconds = v.get_uint32();
else if ( v.is("type") )
- thdx.type = v.get_long();
+ thdx.type = v.get_uint8();
else
return false;
static const Parameter rate_filter_params[] =
{
- { "gid", Parameter::PT_INT, "0:", "1",
+ { "gid", Parameter::PT_INT, "0:max32", "1",
"rule generator ID" },
- { "sid", Parameter::PT_INT, "0:", "1",
+ { "sid", Parameter::PT_INT, "0:max32", "1",
"rule signature ID" },
{ "track", Parameter::PT_ENUM, "by_src | by_dst | by_rule", "by_src",
"filter only matching source or destination addresses" },
- { "count", Parameter::PT_INT, "0:", "1",
+ { "count", Parameter::PT_INT, "0:max32", "1",
"number of events in interval before tripping" },
- { "seconds", Parameter::PT_INT, "0:", "1",
+ { "seconds", Parameter::PT_INT, "0:max32", "1",
"count interval" },
{ "new_action", Parameter::PT_ENUM,
"log | pass | alert | drop | block | reset", "alert",
"take this action on future hits until timeout" },
- { "timeout", Parameter::PT_INT, "0:", "1",
+ { "timeout", Parameter::PT_INT, "0:max32", "1",
"count interval" },
{ "apply_to", Parameter::PT_STRING, nullptr, nullptr,
bool RateFilterModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("gid") )
- thdx.gid = v.get_long();
+ thdx.gid = v.get_uint32();
else if ( v.is("sid") )
- thdx.sid = v.get_long();
+ thdx.sid = v.get_uint32();
else if ( v.is("track") )
- thdx.tracking = (SFRF_TRACK)(v.get_long() + 1);
+ thdx.tracking = (SFRF_TRACK)(v.get_uint8() + 1);
else if ( v.is("count") )
- thdx.count = v.get_long();
+ thdx.count = v.get_uint32();
else if ( v.is("seconds") )
- thdx.seconds = v.get_long();
+ thdx.seconds = v.get_uint32();
else if ( v.is("timeout") )
- thdx.timeout = v.get_long();
+ thdx.timeout = v.get_uint32();
else if ( v.is("apply_to") )
thdx.applyTo = sfip_var_from_string(v.get_string(), "rate_filter");
else if ( v.is("new_action") )
- thdx.newAction = (Actions::Type)(v.get_long() + 1);
+ thdx.newAction = (Actions::Type)(v.get_uint8() + 1);
else
return false;
static const Parameter rule_state_params[] =
{
- { "gid", Parameter::PT_INT, "0:", "0",
+ { "gid", Parameter::PT_INT, "0:max32", "0",
"rule generator ID" },
- { "sid", Parameter::PT_INT, "0:", "0",
+ { "sid", Parameter::PT_INT, "0:max32", "0",
"rule signature ID" },
{ "enable", Parameter::PT_BOOL, nullptr, "true",
bool RuleStateModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("gid") )
- state.gid = v.get_long();
+ state.gid = v.get_uint32();
else if ( v.is("sid") )
- state.sid = v.get_long();
+ state.sid = v.get_uint32();
else if ( v.is("enable") )
state.state = v.get_bool();
v.get_addr(host->ipAddr);
else if ( host and v.is("frag_policy") )
- host->hostInfo.fragPolicy = v.get_long() + 1;
+ host->hostInfo.fragPolicy = v.get_uint8() + 1;
else if ( host and v.is("tcp_policy") )
- host->hostInfo.streamPolicy = v.get_long() + 1;
+ host->hostInfo.streamPolicy = v.get_uint8() + 1;
else if ( app and v.is("name") )
app->snort_protocol_id = sc->proto_ref->add(v.get_string());
app->ipproto = sc->proto_ref->add(v.get_string());
else if ( app and v.is("port") )
- app->port = v.get_long();
+ app->port = v.get_uint16();
else
return false;
# endif
#endif
-void SnortConfig::set_umask(const char* args)
+void SnortConfig::set_umask(uint32_t mask)
{
- char* endptr;
- long mask = SnortStrtol(args, &endptr, 0);
-
- if ((errno == ERANGE) || (*endptr != '\0') ||
- (mask < 0) || (mask & ~FILE_ACCESS_BITS))
- {
- ParseError("bad umask: %s", args);
- }
file_mask = (mode_t)mask;
}
#endif
uint32_t logging_flags = 0;
+ uint32_t tagged_packet_limit = 256;
uint16_t event_trace_max = 0;
- long int tagged_packet_limit = 256;
std::string log_dir;
//------------------------------------------------------
// decode module stuff
- uint8_t mpls_payload_type = 0;
- long int mpls_stack_depth = 0;
-
- uint8_t enable_teredo = 0;
- uint8_t enable_esp = 0;
PortBitSet* gtp_ports = nullptr;
+ int mpls_stack_depth = 0;
+
+ uint8_t mpls_payload_type = 0;
uint8_t num_layers = 0;
uint8_t max_ip6_extensions = 0;
uint8_t max_ip_layers = 0;
+
+ bool enable_teredo = false;
+ bool enable_esp = false;
bool address_anomaly_check_enabled = false;
//------------------------------------------------------
//------------------------------------------------------
// packet module stuff
- uint8_t vlan_agnostic = 0;
- uint8_t addressspace_agnostic = 0;
+ bool vlan_agnostic = false;
+ bool addressspace_agnostic = false;
uint64_t pkt_cnt = 0; /* -n */
uint64_t pkt_skip = 0;
void set_treat_drop_as_ignore(bool);
void set_tweaks(const char*);
void set_uid(const char*);
- void set_umask(const char*);
+ void set_umask(uint32_t);
void set_utc(bool);
void set_verbose(bool);
void free_rule_state_list();
static const Parameter s_pktnum[] =
{
- { "pkt_num", Parameter::PT_INT, "1:", nullptr,
+ { "pkt_num", Parameter::PT_INT, "1:max53", nullptr,
"resume and pause after pkt_num packets" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
static const Command snort_cmds[] =
{
{ "show_plugins", main_dump_plugins, nullptr, "show available plugins" },
- { "delete_inspector", main_delete_inspector, s_delete, "delete an inspector from the default policy" },
+
+ { "delete_inspector", main_delete_inspector, s_delete,
+ "delete an inspector from the default policy" },
+
{ "dump_stats", main_dump_stats, nullptr, "show summary statistics" },
{ "rotate_stats", main_rotate_stats, nullptr, "roll perfmonitor log files" },
{ "reload_config", main_reload_config, s_reload, "load new configuration" },
//{ "process", main_process, nullptr, "process given pcap" },
{ "pause", main_pause, nullptr, "suspend packet processing" },
+
{ "resume", main_resume, s_pktnum, "continue packet processing. "
"If number of packet is specified, will resume for n packets and pause" },
+
{ "detach", main_detach, nullptr, "exit shell w/o shutdown" },
{ "quit", main_quit, nullptr, "shutdown and dump-stats" },
{ "help", main_help, nullptr, "this output" },
exit(0);
}
-[[noreturn]] static void x2c(unsigned x)
+[[noreturn]] static void x2c(uint8_t x)
{
printf("0x%2.2X (%u) = '%c'\n", x, x, static_cast<char>(x));
exit(0);
{ "-M", Parameter::PT_IMPLIED, nullptr, nullptr,
"log messages to syslog (not alerts)" },
- { "-m", Parameter::PT_INT, "0:", nullptr,
- "<umask> set umask = <umask>" },
+ { "-m", Parameter::PT_INT, "0x000:0x1FF", nullptr,
+ "<umask> set the process file mode creation mask" },
- { "-n", Parameter::PT_INT, "0:", nullptr,
+ { "-n", Parameter::PT_INT, "0:max53", nullptr,
"<count> stop after count packets" },
{ "-O", Parameter::PT_IMPLIED, nullptr, nullptr,
{ "-y", Parameter::PT_IMPLIED, nullptr, nullptr,
"include year in timestamp in the alert and log files" },
- { "-z", Parameter::PT_INT, "0:", "1",
+ { "-z", Parameter::PT_INT, "0:max32", "1",
"<count> maximum number of packet threads (same as --max-packet-threads); "
"0 gets the number of CPU cores reported by the system; default is 1" },
{ "--help-counts", Parameter::PT_STRING, "(optional)", nullptr,
"[<module prefix>] output matching peg counts" },
+ { "--help-limits", Parameter::PT_IMPLIED, nullptr, nullptr,
+ "print the int upper bounds denoted by max*" },
+
{ "--help-module", Parameter::PT_STRING, nullptr, nullptr,
"<module> output description of given module" },
{ "--markup", Parameter::PT_IMPLIED, nullptr, nullptr,
"output help in asciidoc compatible format" },
- { "--max-packet-threads", Parameter::PT_INT, "0:", "1",
+ { "--max-packet-threads", Parameter::PT_INT, "0:max32", "1",
"<count> configure maximum number of packet threads (same as -z)" },
{ "--mem-check", Parameter::PT_IMPLIED, nullptr, nullptr,
"wait for resume/quit command before processing packets/terminating", },
#ifdef REG_TEST
- { "--pause-after-n", Parameter::PT_INT, "1:", nullptr,
+ { "--pause-after-n", Parameter::PT_INT, "1:max53", nullptr,
"<count> pause after count packets", },
#endif
{ "--pcap-filter", Parameter::PT_STRING, nullptr, nullptr,
"<filter> filter to apply when getting pcaps from file or directory" },
- { "--pcap-loop", Parameter::PT_INT, "-1:", nullptr,
+ { "--pcap-loop", Parameter::PT_INT, "0:max32", nullptr,
"<count> read all pcaps <count> times; 0 will read until Snort is terminated" },
{ "--pcap-no-filter", Parameter::PT_IMPLIED, nullptr, nullptr,
{ "--show-plugins", Parameter::PT_IMPLIED, nullptr, nullptr,
"list module and plugin versions", },
- { "--skip", Parameter::PT_INT, "0:", nullptr,
+ { "--skip", Parameter::PT_INT, "0:max53", nullptr,
"<n> skip 1st n packets", },
{ "--snaplen", Parameter::PT_INT, "68:65535", "1518",
{ "--warn-vars", Parameter::PT_IMPLIED, nullptr, nullptr,
"warn about variable definition and usage issues" },
- { "--x2c", Parameter::PT_INT, nullptr, nullptr,
+ { "--x2c", Parameter::PT_INT, "0x00:0xFF", nullptr,
"output ASCII char for given hex (see also --c2x)" },
{ "--x2s", Parameter::PT_STRING, nullptr, nullptr,
sc->output_flags |= OUTPUT_FLAG__LINE_BUFFER;
else if ( v.is("-G") || v.is("--logid") )
- sc->event_log_id = v.get_long() << 16;
+ sc->event_log_id = v.get_uint16() << 16;
else if ( v.is("-g") )
sc->set_gid(v.get_string());
#ifdef SHELL
else if ( v.is("-j") )
{
- sc->remote_control_port = v.get_long();
+ sc->remote_control_port = v.get_uint16();
sc->remote_control_socket.clear();
}
#endif
sc->enable_syslog();
else if ( v.is("-m") )
- sc->set_umask(v.get_string());
+ sc->set_umask(v.get_uint32());
else if ( v.is("-n") )
- sc->pkt_cnt = v.get_long();
+ sc->pkt_cnt = v.get_uint64();
else if ( v.is("-O") )
sc->set_obfuscate(true);
else if ( v.is("-S") )
config_set_var(sc, v.get_string());
- else if ( v.is("-s") )
- sc->daq_config->set_mru_size(v.get_long());
+ else if ( v.is("-s") or v.is("--snaplen") )
+ sc->daq_config->set_mru_size(v.get_uint16());
else if ( v.is("-T") )
sc->run_flags |= RUN_FLAG__TEST;
sc->set_show_year(true);
else if ( v.is("-z") || v.is("--max-packet-threads") )
- ThreadConfig::set_instance_max(v.get_long());
+ ThreadConfig::set_instance_max(v.get_uint32());
else if ( v.is("--alert-before-pass") )
sc->set_alert_before_pass(true);
else if ( v.is("--help-counts") )
help_counts(sc, v.get_string());
+ else if ( v.is("--help-limits") )
+ help_limits(sc, v.get_string());
+
else if ( v.is("--help-module") )
help_module(sc, v.get_string());
help_signals(sc, v.get_string());
else if ( v.is("--id-offset") )
- sc->id_offset = v.get_long();
+ sc->id_offset = v.get_uint16();
else if ( v.is("--id-subdir") )
sc->id_subdir = true;
#ifdef REG_TEST
else if ( v.is("--pause-after-n") )
- sc->pkt_pause_cnt = v.get_long();
+ sc->pkt_pause_cnt = v.get_uint64();
#endif
else if ( v.is("--parsing-follows-files") )
Trough::set_filter(v.get_string());
else if ( v.is("--pcap-loop") )
- Trough::set_loop_count(v.get_long());
+ Trough::set_loop_count(v.get_uint32());
else if ( v.is("--pcap-no-filter") )
Trough::set_filter(nullptr);
sc->logging_flags |= LOGGING_FLAG__SHOW_PLUGINS;
else if ( v.is("--skip") )
- sc->pkt_skip = v.get_long();
-
- else if ( v.is("--snaplen") )
- sc->daq_config->set_mru_size(v.get_long());
+ sc->pkt_skip = v.get_uint64();
else if ( v.is("--stdin-rules") )
sc->stdin_rules = true;
sc->warning_flags |= (1 << WARN_VARS);
else if ( v.is("--x2c") )
- x2c(v.get_long());
+ x2c(v.get_uint8());
else if ( v.is("--x2s") )
x2s(v.get_string());
if ( p->is_wild_card() )
val = opt;
- long n = strtol(val, &end, 0);
+ long n = (long)strtod(val, &end);
if ( !*end )
v.set(n);
if ( v.get_type() == Value::VT_STR )
printf("%s: %s = '%s'\n", s, fqn, v.get_string());
else
- printf("%s: %s = %ld\n", s, fqn, v.get_long());
+ printf("%s: %s = " STDi64 "\n", s, fqn, v.get_int64());
}
static ModHook* get_hook(const char* s)
if ( v.get_type() == Value::VT_STR )
ParseError("invalid %s = '%s'", fqn, v.get_string());
- else if ( v.get_real() == v.get_long() )
- ParseError("invalid %s = %ld", fqn, v.get_long());
+ else if ( v.get_real() == v.get_int64() )
+ ParseError("invalid %s = " STDi64, fqn, v.get_int64());
else
ParseError("invalid %s = %g", fqn, v.get_real());
Mpse* MpseManager::get_search_engine(const char* type)
{
- if ( !type and SnortConfig::get_conf()->fast_pattern_config )
- type = SnortConfig::get_conf()->fast_pattern_config->get_search_method();
+ SnortConfig* sc = SnortConfig::get_conf();
+
+ if ( !type and sc->fast_pattern_config )
+ type = sc->fast_pattern_config->get_search_method();
if ( !type )
type = "ac_bnfa";
Mpse* eng = api->ctor(nullptr, mod, nullptr);
eng->set_api(api);
- if ( SnortConfig::get_conf()->fast_pattern_config and SnortConfig::get_conf()->fast_pattern_config->get_search_opt() )
+ if ( sc->fast_pattern_config and sc->fast_pattern_config->get_search_opt() )
eng->set_opt(1);
return eng;
if ( snort::SnortConfig::log_verbose() )
{
LogMessage(" global cap: %zu\n", config.cap);
- LogMessage(" global preemptive threshold percent: %zu\n", config.threshold);
+ LogMessage(" global preemptive threshold percent: %u\n", config.threshold);
LogMessage(" cap type: %s\n", config.soft? "soft" : "hard");
}
struct MemoryConfig
{
size_t cap = 0;
+ unsigned threshold = 0;
bool soft = false;
- size_t threshold = 0;
constexpr MemoryConfig() = default;
};
static const Parameter s_params[] =
{
- { "cap", Parameter::PT_INT, "0:", "0",
+ { "cap", Parameter::PT_INT, "0:maxSZ", "0",
"set the per-packet-thread cap on memory (bytes, 0 to disable)" },
{ "soft", Parameter::PT_BOOL, nullptr, "false",
"always succeed in allocating memory, even if above the cap" },
- { "threshold", Parameter::PT_INT, "0:", "0",
+ { "threshold", Parameter::PT_INT, "0:100", "0",
"set the per-packet-thread threshold for preemptive cleanup actions "
"(percent, 0 to disable)" },
bool MemoryModule::set(const char*, Value& v, SnortConfig* sc)
{
if ( v.is("cap") )
- sc->memory->cap = v.get_long();
+ sc->memory->cap = v.get_size();
else if ( v.is("soft") )
sc->memory->soft = v.get_bool();
else if ( v.is("threshold") )
- sc->memory->threshold = v.get_long();
+ sc->memory->threshold = v.get_uint8();
else
return false;
bool tp_appid_stats_enable = false;
bool tp_appid_config_dump = false;
uint32_t instance_id = 0;
- uint32_t memcap = 0;
+ size_t memcap = 0;
bool debug = false;
bool dump_ports = false;
bool log_all_sessions = false;
#endif
// FIXIT-L: DECRYPT_DEBUG - Move this to ssl-module
#ifdef REG_TEST
- { "first_decrypted_packet_debug", Parameter::PT_INT, "0:", "0",
+ { "first_decrypted_packet_debug", Parameter::PT_INT, "0:max32", "0",
"the first packet of an already decrypted SSL flow (debug single session only)" },
#endif
- { "memcap", Parameter::PT_INT, "0:", "0",
+ { "memcap", Parameter::PT_INT, "0:maxSZ", "0",
"disregard - not implemented" }, // FIXIT-M implement or delete appid.memcap
{ "log_stats", Parameter::PT_BOOL, nullptr, "false",
"enable logging of appid statistics" },
- { "app_stats_period", Parameter::PT_INT, "0:", "300",
+ { "app_stats_period", Parameter::PT_INT, "0:max32", "300",
"time period for collecting and logging appid statistics" },
- { "app_stats_rollover_size", Parameter::PT_INT, "0:", "20971520",
+ { "app_stats_rollover_size", Parameter::PT_INT, "0:max32", "20971520",
"max file size for appid stats before rolling over the log file" },
- { "app_stats_rollover_time", Parameter::PT_INT, "0:", "86400",
+ { "app_stats_rollover_time", Parameter::PT_INT, "0:max31", "86400",
"max time period for collection appid stats before rolling over the log file" },
{ "app_detector_dir", Parameter::PT_STRING, nullptr, nullptr,
"directory to load appid detectors from" },
- { "instance_id", Parameter::PT_INT, "0:", "0",
+ { "instance_id", Parameter::PT_INT, "0:max32", "0",
"instance id - ignored" },
{ "debug", Parameter::PT_BOOL, nullptr, "false",
"enable appid debug logging" },
// FIXIT-L: DECRYPT_DEBUG - Move this to ssl-module
#ifdef REG_TEST
if ( v.is("first_decrypted_packet_debug") )
- config->first_decrypted_packet_debug = v.get_long();
+ config->first_decrypted_packet_debug = v.get_uint32();
else
#endif
if ( v.is("memcap") )
- config->memcap = v.get_long();
+ config->memcap = v.get_size();
else if ( v.is("log_stats") )
config->stats_logging_enabled = v.get_bool();
else if ( v.is("app_stats_period") )
- config->app_stats_period = v.get_long();
+ config->app_stats_period = v.get_uint32();
else if ( v.is("app_stats_rollover_size") )
- config->app_stats_rollover_size = v.get_long();
+ config->app_stats_rollover_size = v.get_uint32();
else if ( v.is("app_stats_rollover_time") )
- config->app_stats_rollover_time = v.get_long();
+ config->app_stats_rollover_time = v.get_uint32();
else if ( v.is("app_detector_dir") )
config->app_detector_dir = snort_strdup(v.get_string());
else if ( v.is("tp_appid_path") )
else if ( v.is("tp_appid_config_dump") )
config->tp_appid_config_dump = v.get_bool();
else if ( v.is("instance_id") )
- config->instance_id = v.get_long();
+ config->instance_id = v.get_uint32();
else if ( v.is("debug") )
config->debug = v.get_bool();
else if ( v.is("dump_ports") )
app_name = tmpBuff;
}
- TextLog_Print(log, "%lu,%s,%lu,%lu\n",
+ // FIXIT-M %lu won't do time_t on 32-bit systems
+ TextLog_Print(log, "%lu,%s," STDu64 "," STDu64 "\n",
packet_time(), app_name, record->initiatorBytes, record->responderBytes);
}
}
};
#define TPAD_GET(func) \
- string* func(bool caller_owns_it = 0) \
+ string* func(bool caller_owns_it = false) \
{ \
string* tmp = func ## _buf; \
if (caller_owns_it) \
// binder module
//-------------------------------------------------------------------------
-#define INT32_MAX_STR "2147483647"
static const Parameter binder_when_params[] =
{
// FIXIT-L when.policy_id should be an arbitrary string auto converted
// into index for binder matching and lookups
- { "ips_policy_id", Parameter::PT_INT, "0:", "0",
+ { "ips_policy_id", Parameter::PT_INT, "0:max32", "0",
"unique ID for selection of this config by external logic" },
{ "ifaces", Parameter::PT_BIT_LIST, "255", nullptr,
{ "dst_ports", Parameter::PT_BIT_LIST, "65535", nullptr,
"list of destination ports" },
- { "src_zone", Parameter::PT_INT, "0:" INT32_MAX_STR, nullptr,
+ { "src_zone", Parameter::PT_INT, "0:max31", nullptr,
"source zone" },
- { "dst_zone", Parameter::PT_INT, "0:" INT32_MAX_STR, nullptr,
+ { "dst_zone", Parameter::PT_INT, "0:max31", nullptr,
"destination zone" },
{ "role", Parameter::PT_ENUM, "client | server | any", "any",
work->when.split_nets = true;
}
else if ( v.is("ips_policy_id") )
- work->when.ips_id = v.get_long();
+ work->when.ips_id = v.get_uint32();
else if ( v.is("proto") )
{
PROTO_BIT__ANY_TYPE, PROTO_BIT__IP, PROTO_BIT__ICMP,
PROTO_BIT__TCP, PROTO_BIT__UDP, PROTO_BIT__PDU, PROTO_BIT__FILE
};
- work->when.protos = mask[v.get_long()];
+ work->when.protos = mask[v.get_uint8()];
}
else if ( v.is("ports") )
{
}
else if ( v.is("src_zone") )
- work->when.src_zone = v.get_long();
+ work->when.src_zone = v.get_int32();
else if ( v.is("dst_zone") )
- work->when.dst_zone = v.get_long();
+ work->when.dst_zone = v.get_int32();
else if ( v.is("role") )
- work->when.role = (BindWhen::Role)v.get_long();
+ work->when.role = (BindWhen::Role)v.get_uint8();
else if ( v.is("vlans") )
v.get_bits(work->when.vlans);
// use
else if ( v.is("action") )
- work->use.action = (BindUse::Action)(v.get_long());
+ work->use.action = (BindUse::Action)(v.get_uint8());
else if ( v.is("file") )
add_file(v.get_string(), FILE_KEY);
static const Parameter enable_packet_tracer_params[] =
{
- {"proto", Parameter::PT_INT, nullptr, nullptr, "numerical IP protocol ID filter"},
+ {"proto", Parameter::PT_INT, "0:255", nullptr, "numerical IP protocol ID filter"},
{"src_ip", Parameter::PT_STRING, nullptr, nullptr, "source IP address filter"},
- {"src_port", Parameter::PT_INT, nullptr, nullptr, "source port filter"},
+ {"src_port", Parameter::PT_INT, "0:65535", nullptr, "source port filter"},
{"dst_ip", Parameter::PT_STRING, nullptr, nullptr, "destination IP address filter"},
- {"dst_port", Parameter::PT_INT, nullptr, nullptr, "destination port filter"},
+ {"dst_port", Parameter::PT_INT, "0:65535", nullptr, "destination port filter"},
{nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr}
};
else if ( v.is("output") )
{
- switch ( v.get_long() )
+ switch ( v.get_uint8() )
{
case PACKET_TRACE_CONSOLE:
config->file = "-";
static const Parameter s_params[] =
{
- { "base", Parameter::PT_BOOL, "nullptr", "true",
+ { "base", Parameter::PT_BOOL, nullptr, "true",
"enable base statistics" },
- { "cpu", Parameter::PT_BOOL, "nullptr", "false",
+ { "cpu", Parameter::PT_BOOL, nullptr, "false",
"enable cpu statistics" },
{ "flow", Parameter::PT_BOOL, nullptr, "false",
{ "flow_ip", Parameter::PT_BOOL, nullptr, "false",
"enable statistics on host pairs" },
- { "packets", Parameter::PT_INT, "0:", "10000",
+ { "packets", Parameter::PT_INT, "0:max32", "10000",
"minimum packets to report" },
- { "seconds", Parameter::PT_INT, "1:", "60",
+ { "seconds", Parameter::PT_INT, "1:max32", "60",
"report interval" },
- { "flow_ip_memcap", Parameter::PT_INT, "8200:", "52428800",
+ { "flow_ip_memcap", Parameter::PT_INT, "8200:maxSZ", "52428800",
"maximum memory in bytes for flow tracking" },
- { "max_file_size", Parameter::PT_INT, "4096:", "1073741824",
+ { "max_file_size", Parameter::PT_INT, "4096:max53", "1073741824",
"files will be rolled over if they exceed this size" },
{ "flow_ports", Parameter::PT_INT, "0:65535", "1023",
}
else if ( v.is("packets") )
{
- config->pkt_cnt = v.get_long();
+ config->pkt_cnt = v.get_uint32();
}
else if ( v.is("seconds") )
{
- config->sample_interval = v.get_long();
+ config->sample_interval = v.get_uint32();
if ( config->sample_interval == 0 )
config->perf_flags |= PERF_SUMMARY;
}
else if ( v.is("flow_ip_memcap") )
{
- config->flowip_memcap = v.get_long();
+ config->flowip_memcap = v.get_size();
}
else if ( v.is("max_file_size") )
- config->max_file_size = v.get_long() - ROLLOVER_THRESH;
+ config->max_file_size = v.get_uint64() - ROLLOVER_THRESH;
else if ( v.is("flow_ports") )
{
- config->flow_max_port_to_track = v.get_long();
+ config->flow_max_port_to_track = v.get_uint16();
}
else if ( v.is("output") )
{
- config->output = (PerfOutput)v.get_long();
+ config->output = (PerfOutput)v.get_uint8();
}
else if ( v.is("format") )
{
- config->format = (PerfFormat)v.get_long();
+ config->format = (PerfFormat)v.get_uint8();
}
else if ( v.is("name") )
{
{
int perf_flags = 0;
uint32_t pkt_cnt = 0;
- int sample_interval = 0;
+ unsigned sample_interval = 0;
uint64_t max_file_size = 0;
int flow_max_port_to_track = 0;
- uint32_t flowip_memcap = 0;
+ size_t flowip_memcap = 0;
PerfFormat format = PerfFormat::CSV;
PerfOutput output = PerfOutput::TO_FILE;
std::vector<ModuleConfig> modules;
(config->perf_flags & PERF_FLOWIP) ? "ACTIVE" : "INACTIVE");
if (config->perf_flags & PERF_FLOWIP)
{
- LogMessage(" Flow IP Memcap: %u\n", config->flowip_memcap);
+ LogMessage(" Flow IP Memcap: %zu\n", config->flowip_memcap);
}
LogMessage(" CPU Stats: %s\n",
(config->perf_flags & PERF_CPU) ? "ACTIVE" : "INACTIVE");
sfsnprintfappend(buf, sizeof(buf)-1, "distributed_portscan");
LogMessage("%s\n", buf);
- LogMessage(" Memcap (in bytes): %lu\n", config->memcap);
- LogMessage(" Number of Nodes: %ld\n", config->memcap / ps_node_size());
+ LogMessage(" Memcap (in bytes): %zu\n", config->memcap);
+ LogMessage(" Number of Nodes: %zu\n", config->memcap / ps_node_size());
if ( config->logfile )
LogMessage(" Logfile: %s\n", "yes");
struct PortscanConfig
{
- unsigned long memcap;
+ size_t memcap;
int detect_scans;
int detect_scan_type;
static const Parameter scan_params[] =
{
- { "scans", Parameter::PT_INT, "0:", "100",
+ { "scans", Parameter::PT_INT, "0:65535", "100",
"scan attempts" },
- { "rejects", Parameter::PT_INT, "0:", "15",
+ { "rejects", Parameter::PT_INT, "0:65535", "15",
"scan attempts with negative response" },
- { "nets", Parameter::PT_INT, "0:", "25",
+ { "nets", Parameter::PT_INT, "0:65535", "25",
"number of times address changed from prior attempt" },
- { "ports", Parameter::PT_INT, "0:", "25",
+ { "ports", Parameter::PT_INT, "0:65535", "25",
"number of times port (or proto) changed from prior attempt" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
static const Parameter ps_params[] =
{
- { "memcap", Parameter::PT_INT, "1:", "1048576",
+ { "memcap", Parameter::PT_INT, "1:maxSZ", "1048576",
"maximum tracker memory in bytes" },
{ "protos", Parameter::PT_MULTI, protos, "all",
{ "icmp_sweep", Parameter::PT_TABLE, scan_params, nullptr,
"ICMP sweep scan configuration (one-to-many)" },
- { "tcp_window", Parameter::PT_INT, "0:", "0",
+ { "tcp_window", Parameter::PT_INT, "0:max32", "0",
"detection interval for all TCP scans" },
- { "udp_window", Parameter::PT_INT, "0:", "0",
+ { "udp_window", Parameter::PT_INT, "0:max32", "0",
"detection interval for all UDP scans" },
- { "ip_window", Parameter::PT_INT, "0:", "0",
+ { "ip_window", Parameter::PT_INT, "0:max32", "0",
"detection interval for all IP scans" },
- { "icmp_window", Parameter::PT_INT, "0:", "0",
+ { "icmp_window", Parameter::PT_INT, "0:max32", "0",
"detection interval for all ICMP scans" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool PortScanModule::set(const char* fqn, Value& v, SnortConfig*)
{
if ( v.is("memcap") )
- config->memcap = v.get_long();
+ config->memcap = v.get_size();
else if ( v.is("protos") )
{
- unsigned u = v.get_long();
+ unsigned u = v.get_uint32();
if ( u & (PS_PROTO_ALL+1) )
u = PS_PROTO_ALL;
config->detect_scans = u;
}
else if ( v.is("scan_types") )
{
- unsigned u = v.get_long();
+ unsigned u = v.get_uint32();
if ( u & (PS_TYPE_ALL+1) )
u = PS_TYPE_ALL;
config->detect_scan_type = u;
else if ( v.is("scans") )
{
if ( auto p = get_alert_conf(fqn) )
- p->connection_count = v.get_long();
+ p->connection_count = v.get_uint16();
else
return false;
}
else if ( v.is("rejects") )
{
if ( auto p = get_alert_conf(fqn) )
- p->priority_count = v.get_long();
+ p->priority_count = v.get_uint16();
else
return false;
}
else if ( v.is("nets") )
{
if ( auto p = get_alert_conf(fqn) )
- p->u_ip_count = v.get_long();
+ p->u_ip_count = v.get_uint16();
else
return false;
}
else if ( v.is("ports") )
{
if ( auto p = get_alert_conf(fqn) )
- p->u_port_count = v.get_long();
+ p->u_port_count = v.get_uint16();
else
return false;
}
else if ( v.is("tcp_window") )
- config->tcp_window = v.get_long();
+ config->tcp_window = v.get_uint32();
else if ( v.is("udp_window") )
- config->udp_window = v.get_long();
+ config->udp_window = v.get_uint32();
else if ( v.is("ip_window") )
- config->ip_window = v.get_long();
+ config->ip_window = v.get_uint32();
else if ( v.is("icmp_window") )
- config->icmp_window = v.get_long();
+ config->icmp_window = v.get_uint32();
else
return false;
conf->list_dir = v.get_string();
else if ( v.is("memcap") )
- conf->memcap = v.get_long();
+ conf->memcap = v.get_uint32();
else if ( v.is("nested_ip") )
- conf->nested_ip = (NestedIP)v.get_long();
+ conf->nested_ip = (NestedIP)v.get_uint8();
else if ( v.is("priority") )
- conf->priority = (IPdecision)(v.get_long() + 1);
+ conf->priority = (IPdecision)(v.get_uint8() + 1);
else if ( v.is("scan_local") )
conf->scanlocal = v.get_bool();
else if ( v.is("white") )
- conf->white_action = (WhiteAction)v.get_long();
+ conf->white_action = (WhiteAction)v.get_uint8();
else if ( v.is("whitelist") )
conf->whitelist_path = v.get_string();
static const Parameter instance_params[] =
{
- { "id", Parameter::PT_INT, "0:", nullptr, "instance ID (required)" },
+ { "id", Parameter::PT_INT, "0:max32", nullptr, "instance ID (required)" },
{ "input_spec", Parameter::PT_STRING, nullptr, nullptr, "input specification" },
{ "variables", Parameter::PT_LIST, string_list_param, nullptr, "DAQ variables" },
}
else if (!strcmp(fqn, "daq.snaplen"))
{
- config->set_mru_size(v.get_long());
+ config->set_mru_size(v.get_uint16());
}
else if (!strcmp(fqn, "daq.no_promisc"))
{
}
else if (!strcmp(fqn, "daq.instances.id"))
{
- instance_id = v.get_long();
+ instance_id = v.get_uint32();
}
else if (!strcmp(fqn, "daq.instances.input_spec"))
{
std::vector<std::string> Trough::pcap_queue;
std::string Trough::pcap_filter;
std::vector<std::string>::const_iterator Trough::pcap_queue_iter;
-long Trough::pcap_loop_count = 0;
+
+unsigned Trough::pcap_loop_count = 0;
unsigned Trough::file_count = 0;
int Trough::get_pcaps(std::vector<struct PcapReadObject> &pol)
{
struct stat sb;
std::string pcap_name;
- auto i = 0;
+ size_t i = 0;
size_t pos = 0;
if (arg.empty())
SOURCE_DIR // a directory of sources; often used with filter
};
- static void set_loop_count(long int c)
+ static void set_loop_count(unsigned c)
{
pcap_loop_count = c;
}
{
return pcap_queue.size();
}
- static long get_loop_count()
+ static unsigned get_loop_count()
{
return pcap_loop_count;
}
static std::vector<std::string> pcap_queue;
static std::vector<std::string>::const_iterator pcap_queue_iter;
static std::string pcap_filter;
- static long pcap_loop_count;
+
+ static unsigned pcap_loop_count;
static unsigned file_count;
};
case Parameter::PT_INT:
case Parameter::PT_PORT:
- {
- char* end = nullptr;
- long n = strtol(val, &end, 0);
-
- if ( !*end )
- v.set(n);
- else
- ok = false;
- break;
- }
case Parameter::PT_REAL:
{
char* end = nullptr;
from context id established for fragmented request"
#define DCE2_MAX_XMIT_SIZE_FUZZ 500
-#define DCE2_MOCK_HDR_LEN__CO_CLI (sizeof(DceRpcCoHdr) + sizeof(DceRpcCoRequest))
-#define DCE2_MOCK_HDR_LEN__CO_SRV (sizeof(DceRpcCoHdr) + sizeof(DceRpcCoResponse))
+#define DCE2_MOCK_HDR_LEN__CO_CLI ((unsigned)(sizeof(DceRpcCoHdr) + sizeof(DceRpcCoRequest)))
+#define DCE2_MOCK_HDR_LEN__CO_SRV ((unsigned)(sizeof(DceRpcCoHdr) + sizeof(DceRpcCoResponse)))
#define DCE2_CO__MIN_ALLOC_SIZE 50
#define DCE2_LITTLE_ENDIAN 0x10
common.disable_defrag = v.get_bool();
else if ( v.is("max_frag_len") )
- common.max_frag_len = v.get_long();
+ common.max_frag_len = v.get_uint16();
+
else
return false;
+
return true;
}
{
if (dce2_set_common_config(v, co.common))
return true;
+
else if ( v.is("policy") )
- co.policy = (DCE2_Policy)v.get_long();
+ co.policy = (DCE2_Policy)v.get_uint8();
+
else if ( v.is("reassemble_threshold") )
- co.co_reassemble_threshold = v.get_long();
+ co.co_reassemble_threshold = v.get_uint16();
+
else
return false;
+
return true;
}
// Used for reassembled packets
#define DCE2_MOCK_HDR_LEN__SMB_CLI \
- (sizeof(NbssHdr) + sizeof(SmbNtHdr) + sizeof(SmbWriteAndXReq))
+ ((unsigned)(sizeof(NbssHdr) + sizeof(SmbNtHdr) + sizeof(SmbWriteAndXReq)))
#define DCE2_MOCK_HDR_LEN__SMB_SRV \
- (sizeof(NbssHdr) + sizeof(SmbNtHdr) + sizeof(SmbReadAndXResp))
+ ((unsigned)(sizeof(NbssHdr) + sizeof(SmbNtHdr) + sizeof(SmbReadAndXResp)))
DCE2_SmbSsnData* get_dce2_smb_session_data(snort::Flow*);
static const Parameter s_params[] =
{
{ "disable_defrag", Parameter::PT_BOOL, nullptr, "false",
- " Disable DCE/RPC defragmentation" },
+ "disable DCE/RPC defragmentation" },
+
{ "max_frag_len", Parameter::PT_INT, "1514:65535", "65535",
- " Maximum fragment size for defragmentation" },
+ "maximum fragment size for defragmentation" },
+
{ "reassemble_threshold", Parameter::PT_INT, "0:65535", "0",
- " Minimum bytes received before performing reassembly" },
- { "smb_fingerprint_policy", Parameter::PT_ENUM,
- "none | client | server | both ", "none",
- " Target based SMB policy to use" },
+ "minimum bytes received before performing reassembly" },
+
+ { "smb_fingerprint_policy", Parameter::PT_ENUM, "none | client | server | both ", "none",
+ "target based SMB policy to use" },
+
{ "policy", Parameter::PT_ENUM,
- "Win2000 | WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba | Samba-3.0.37 | Samba-3.0.22 | Samba-3.0.20",
- "WinXP",
- " Target based policy to use" },
+ "Win2000 | WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba | Samba-3.0.37 | "
+ "Samba-3.0.22 | Samba-3.0.20", "WinXP",
+ "target based policy to use" },
+
{ "smb_max_chain", Parameter::PT_INT, "0:255", "3",
- " SMB max chain size" },
+ "SMB max chain size" },
+
{ "smb_max_compound", Parameter::PT_INT, "0:255", "3",
- " SMB max compound size" },
- { "valid_smb_versions", Parameter::PT_MULTI,
- "v1 | v2 | all", "all",
- " Valid SMB versions" },
- { "smb_file_inspection", Parameter::PT_ENUM,
- "off | on | only", "off",
- " SMB file inspection" },
- { "smb_file_depth", Parameter::PT_INT, "-1:", "16384",
- " SMB file depth for file data" },
+ "SMB max compound size" },
+
+ { "valid_smb_versions", Parameter::PT_MULTI, "v1 | v2 | all", "all",
+ "valid SMB versions" },
+
+ { "smb_file_inspection", Parameter::PT_ENUM, "off | on | only", "off",
+ "SMB file inspection" },
+
+ { "smb_file_depth", Parameter::PT_INT, "-1:32767", "16384",
+ "SMB file depth for file data" },
+
{ "smb_invalid_shares", Parameter::PT_STRING, nullptr, nullptr,
"SMB shares to alert on " },
+
{ "smb_legacy_mode", Parameter::PT_BOOL, nullptr, "false",
"inspect only SMBv1" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
{
if (dce2_set_co_config(v,config.common))
return true;
+
else if ( v.is("smb_fingerprint_policy") )
- config.smb_fingerprint_policy = (dce2SmbFingerprintPolicy)v.get_long();
+ config.smb_fingerprint_policy = (dce2SmbFingerprintPolicy)v.get_uint8();
+
else if ( v.is("smb_max_chain") )
- config.smb_max_chain = v.get_long();
+ config.smb_max_chain = v.get_uint8();
+
else if ( v.is("smb_max_compound") )
- config.smb_max_compound = v.get_long();
+ config.smb_max_compound = v.get_uint8();
+
else if ( v.is("valid_smb_versions") )
set_smb_versions_mask(config,v.get_string());
+
else if ( v.is("smb_file_inspection") )
- config.smb_file_inspection = (dce2SmbFileInspection)v.get_long();
+ config.smb_file_inspection = (dce2SmbFileInspection)v.get_uint8();
+
else if ( v.is("smb_file_depth") )
- config.smb_file_depth = v.get_long();
+ config.smb_file_depth = v.get_int16();
+
else if ( v.is("smb_invalid_shares") )
return(set_smb_invalid_shares(config,v));
+
else if ( v.is("smb_legacy_mode"))
config.legacy_mode = v.get_bool();
+
else
return Module::set(fqn, v, c);
+
return true;
}
static const Parameter s_params[] =
{
{ "disable_defrag", Parameter::PT_BOOL, nullptr, "false",
- " Disable DCE/RPC defragmentation" },
+ "disable DCE/RPC defragmentation" },
+
{ "max_frag_len", Parameter::PT_INT, "1514:65535", "65535",
- " Maximum fragment size for defragmentation" },
+ "maximum fragment size for defragmentation" },
+
{ "reassemble_threshold", Parameter::PT_INT, "0:65535", "0",
- " Minimum bytes received before performing reassembly" },
+ "minimum bytes received before performing reassembly" },
+
{ "policy", Parameter::PT_ENUM,
"Win2000 | WinXP | WinVista | Win2003 | Win2008 | Win7 | "
"Samba | Samba-3.0.37 | Samba-3.0.22 | Samba-3.0.20", "WinXP",
- " Target based policy to use" },
+ "target based policy to use" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter s_params[] =
{
{ "disable_defrag", Parameter::PT_BOOL, nullptr, "false",
- " Disable DCE/RPC defragmentation" },
+ "disable DCE/RPC defragmentation" },
+
{ "max_frag_len", Parameter::PT_INT, "1514:65535", "65535",
- " Maximum fragment size for defragmentation" },
+ "maximum fragment size for defragmentation" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
{
{ "group", Parameter::PT_INT, "0:255", "0",
"match given DNP3 object header group" },
+
{ "var", Parameter::PT_INT, "0:255", "0",
"match given DNP3 object header var" },
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
bool Dnp3ObjModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("group") )
- group = v.get_long();
+ group = v.get_uint8();
+
else if ( v.is("var") )
- var = v.get_long();
+ var = v.get_uint8();
return true;
}
"allowed IP address in CIDR format" },
// FIXIT-L port and last_port should be replaced with a port list
- { "port", Parameter::PT_PORT, "1:", "20",
+ { "port", Parameter::PT_PORT, nullptr, "20",
"allowed port" },
- { "last_port", Parameter::PT_PORT, "0:", nullptr,
+ { "last_port", Parameter::PT_PORT, nullptr, nullptr,
"optional allowed range from port to last_port inclusive" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "ignore_telnet_erase_cmds", Parameter::PT_BOOL, nullptr, "false",
"ignore erase character and erase line commands when normalizing" },
- { "max_resp_len", Parameter::PT_INT, "-1:", "-1",
+ { "max_resp_len", Parameter::PT_INT, "0:max32", "4294967295",
"maximum FTP response accepted by client" },
{ "telnet_cmds", Parameter::PT_BOOL, nullptr, "false",
conf->ignore_telnet_erase_cmds = v.get_bool();
else if ( v.is("last_port") )
- last_port = v.get_long();
+ last_port = v.get_uint16();
else if ( v.is("max_resp_len") )
- conf->max_resp_len = v.get_long();
+ conf->max_resp_len = v.get_uint32();
else if ( v.is("port") )
- port = v.get_long();
+ port = v.get_uint16();
else if ( v.is("telnet_cmds") )
conf->telnet_cmds = v.get_bool();
{ "format", Parameter::PT_STRING, nullptr, nullptr,
"format specification" },
- { "length", Parameter::PT_INT, "0:", "0",
+ { "length", Parameter::PT_INT, "0:max32", "0",
"specify non-default maximum for command" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "dir_cmd", Parameter::PT_STRING, nullptr, nullptr,
"directory command" },
- { "rsp_code", Parameter::PT_INT, "200:", "200",
+ { "rsp_code", Parameter::PT_INT, "200:max32", "200",
"expected successful response code for command" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{ "cmd_validity", Parameter::PT_LIST, ftp_server_validity_params, nullptr,
"specify command formats" },
- { "def_max_param_len", Parameter::PT_INT, "1:", "100",
+ { "def_max_param_len", Parameter::PT_INT, "1:max32", "100",
"default maximum length of commands handled by server; 0 is unlimited" },
{ "encrypted_traffic", Parameter::PT_BOOL, nullptr, "false",
add_commands(v, CMD_XFER);
else if ( v.is("def_max_param_len") )
- conf->def_max_param_len = v.get_long();
+ conf->def_max_param_len = v.get_uint32();
else if ( v.is("dir_cmd") )
names = v.get_string();
conf->ignore_telnet_erase_cmds = v.get_bool();
else if ( v.is("length") )
- number = v.get_long();
+ number = v.get_uint32();
else if ( v.is("login_cmds") )
add_commands(v, CMD_LOGIN);
conf->print_commands = v.get_bool();
else if ( v.is("rsp_code") )
- number = v.get_long();
+ number = v.get_uint32();
else if ( v.is("telnet_cmds") )
conf->telnet_cmds = v.get_bool();
static const Parameter s_params[] =
{
- { "ayt_attack_thresh", Parameter::PT_INT, "-1:", "-1",
+ { "ayt_attack_thresh", Parameter::PT_INT, "-1:max31", "-1",
"alert on this number of consecutive Telnet AYT commands" },
{ "check_encrypted", Parameter::PT_BOOL, nullptr, "false",
bool TelnetModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("ayt_attack_thresh") )
- conf->ayt_threshold = v.get_long();
+ conf->ayt_threshold = v.get_int32();
else if ( v.is("check_encrypted") )
conf->detect_encrypted = v.get_bool();
bool GtpInspectModule::set(const char* fqn, Value& v, SnortConfig* c)
{
if ( v.is("version") )
- stuff.version = v.get_long();
+ stuff.version = v.get_uint8();
else if ( v.is("type") )
- stuff.type = v.get_long();
+ stuff.type = v.get_uint8();
else if ( v.is("length") )
- stuff.length = v.get_long();
+ stuff.length = v.get_uint8();
else if ( v.is("name") )
stuff.name = v.get_string();
if ( !v.is("~") )
return false;
- version = v.get_long();
+ version = v.get_uint8();
return true;
}
const Parameter HttpModule::http_params[] =
{
- { "request_depth", Parameter::PT_INT, "-1:", "-1",
- "maximum request message body bytes to examine (-1 no limit)" },
- { "response_depth", Parameter::PT_INT, "-1:", "-1",
- "maximum response message body bytes to examine (-1 no limit)" },
- { "unzip", Parameter::PT_BOOL, nullptr, "true", "decompress gzip and deflate message bodies" },
+ { "request_depth", Parameter::PT_INT, "-1:max53", "-1",
+ "maximum request message body bytes to examine (-1 no limit)" },
+
+ { "response_depth", Parameter::PT_INT, "-1:max53", "-1",
+ "maximum response message body bytes to examine (-1 no limit)" },
+
+ { "unzip", Parameter::PT_BOOL, nullptr, "true",
+ "decompress gzip and deflate message bodies" },
+
{ "normalize_utf", Parameter::PT_BOOL, nullptr, "true",
- "normalize charset utf encodings in response bodies" },
+ "normalize charset utf encodings in response bodies" },
+
{ "decompress_pdf", Parameter::PT_BOOL, nullptr, "false",
- "decompress pdf files in response bodies" },
+ "decompress pdf files in response bodies" },
+
{ "decompress_swf", Parameter::PT_BOOL, nullptr, "false",
- "decompress swf files in response bodies" },
+ "decompress swf files in response bodies" },
+
{ "normalize_javascript", Parameter::PT_BOOL, nullptr, "false",
- "normalize javascript in response bodies" },
+ "normalize javascript in response bodies" },
+
{ "max_javascript_whitespaces", Parameter::PT_INT, "1:65535", "200",
- "maximum consecutive whitespaces allowed within the Javascript obfuscated data" },
+ "maximum consecutive whitespaces allowed within the Javascript obfuscated data" },
+
{ "bad_characters", Parameter::PT_BIT_LIST, "255", nullptr,
- "alert when any of specified bytes are present in URI after percent decoding" },
+ "alert when any of specified bytes are present in URI after percent decoding" },
+
{ "ignore_unreserved", Parameter::PT_STRING, "(optional)", nullptr,
- "do not alert when the specified unreserved characters are percent-encoded in a URI."
- "Unreserved characters are 0-9, a-z, A-Z, period, underscore, tilde, and minus." },
- { "percent_u", Parameter::PT_BOOL, nullptr, "false", "normalize %uNNNN and %UNNNN encodings" },
+ "do not alert when the specified unreserved characters are percent-encoded in a URI."
+ "Unreserved characters are 0-9, a-z, A-Z, period, underscore, tilde, and minus." },
+
+ { "percent_u", Parameter::PT_BOOL, nullptr, "false",
+ "normalize %uNNNN and %UNNNN encodings" },
+
{ "utf8", Parameter::PT_BOOL, nullptr, "true",
- "normalize 2-byte and 3-byte UTF-8 characters to a single byte" },
+ "normalize 2-byte and 3-byte UTF-8 characters to a single byte" },
+
{ "utf8_bare_byte", Parameter::PT_BOOL, nullptr, "false",
- "when doing UTF-8 character normalization include bytes that were not percent encoded" },
+ "when doing UTF-8 character normalization include bytes that were not percent encoded" },
+
{ "iis_unicode", Parameter::PT_BOOL, nullptr, "false",
- "use IIS unicode code point mapping to normalize characters" },
+ "use IIS unicode code point mapping to normalize characters" },
+
{ "iis_unicode_map_file", Parameter::PT_STRING, "(optional)", nullptr,
- "file containing code points for IIS unicode." },
+ "file containing code points for IIS unicode." },
+
{ "iis_unicode_code_page", Parameter::PT_INT, "0:65535", "1252",
- "code page to use from the IIS unicode map file" },
+ "code page to use from the IIS unicode map file" },
+
{ "iis_double_decode", Parameter::PT_BOOL, nullptr, "false",
- "perform double decoding of percent encodings to normalize characters" },
+ "perform double decoding of percent encodings to normalize characters" },
+
{ "oversize_dir_length", Parameter::PT_INT, "1:65535", "300",
- "maximum length for URL directory" },
+ "maximum length for URL directory" },
+
{ "backslash_to_slash", Parameter::PT_BOOL, nullptr, "false",
- "replace \\ with / when normalizing URIs" },
+ "replace \\ with / when normalizing URIs" },
+
{ "plus_to_space", Parameter::PT_BOOL, nullptr, "true",
- "replace + with <sp> when normalizing URIs" },
+ "replace + with <sp> when normalizing URIs" },
+
{ "simplify_path", Parameter::PT_BOOL, nullptr, "true",
- "reduce URI directory path to simplest form" },
+ "reduce URI directory path to simplest form" },
+
#ifdef REG_TEST
- { "test_input", Parameter::PT_BOOL, nullptr, "false", "read HTTP messages from text file" },
- { "test_output", Parameter::PT_BOOL, nullptr, "false", "print out HTTP section data" },
- { "print_amount", Parameter::PT_INT, "1:1000000", "1200",
- "number of characters to print from a Field" },
+ { "test_input", Parameter::PT_BOOL, nullptr, "false",
+ "read HTTP messages from text file" },
+
+ { "test_output", Parameter::PT_BOOL, nullptr, "false",
+ "print out HTTP section data" },
+
+ { "print_amount", Parameter::PT_INT, "1:max53", "1200",
+ "number of characters to print from a Field" },
+
{ "print_hex", Parameter::PT_BOOL, nullptr, "false",
"nonprinting characters printed in [HH] format instead of using an asterisk" },
- { "show_pegs", Parameter::PT_BOOL, nullptr, "true", "display peg counts with test output" },
- { "show_scan", Parameter::PT_BOOL, nullptr, "false", "display scanned segments" },
+
+ { "show_pegs", Parameter::PT_BOOL, nullptr, "true",
+ "display peg counts with test output" },
+
+ { "show_scan", Parameter::PT_BOOL, nullptr, "false",
+ "display scanned segments" },
#endif
+
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
{
if (val.is("request_depth"))
{
- params->request_depth = val.get_long();
+ params->request_depth = val.get_int64();
}
else if (val.is("response_depth"))
{
- params->response_depth = val.get_long();
+ params->response_depth = val.get_int64();
}
else if (val.is("unzip"))
{
}
else if (val.is("max_javascript_whitespaces"))
{
- params->js_norm_param.max_javascript_whitespaces = val.get_long();
+ params->js_norm_param.max_javascript_whitespaces = val.get_uint16();
}
else if (val.is("bad_characters"))
{
}
else if (val.is("iis_unicode_code_page"))
{
- params->uri_param.iis_unicode_code_page = val.get_long();
+ params->uri_param.iis_unicode_code_page = val.get_uint16();
}
else if (val.is("iis_double_decode"))
{
}
else if (val.is("oversize_dir_length"))
{
- params->uri_param.oversize_dir_length = val.get_long();
+ params->uri_param.oversize_dir_length = val.get_uint16();
}
else if (val.is("backslash_to_slash"))
{
}
else if (val.is("print_amount"))
{
- params->print_amount = val.get_long();
+ params->print_amount = val.get_int64();
}
else if (val.is("print_hex"))
{
// 0-9, a-z, A-Z, tilde, period, underscore, and minus
// Initializer string for std::bitset is in reverse order. The first character is element 255
// and the last is element 0.
+
+// __STRDUMP_DISABLE__
unreserved_char { std::string(
"00000000" "00000000" "00000000" "00000000"
"00000000" "00000000" "00000000" "00000000"
"10000111" "11111111" "11111111" "11111110"
"00000011" "11111111" "01100000" "00000000"
"00000000" "00000000" "00000000" "00000000" ) },
+// __STRDUMP_ENABLE__
uri_char {
CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL, CHAR_NORMAL,
struct HttpParaList
{
public:
- long request_depth;
- long response_depth;
+ int64_t request_depth;
+ int64_t response_depth;
+
bool unzip;
bool normalize_utf = true;
bool decompress_pdf = false;
UriParam uri_param;
#ifdef REG_TEST
+ int64_t print_amount;
+
bool test_input;
bool test_output;
- long print_amount;
bool print_hex;
bool show_pegs;
bool show_scan;
bool ImapModule::set(const char*, Value& v, SnortConfig*)
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1); // flip 0 and -1 for MIME processing
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1); // flip 0 and -1 for MIME use
+
if ( v.is("b64_decode_depth") )
config->decode_conf.set_b64_depth(mime_value);
+
else if ( v.is("bitenc_decode_depth") )
config->decode_conf.set_bitenc_depth(mime_value);
+
else if ( v.is("qp_decode_depth") )
config->decode_conf.set_qp_depth(mime_value);
+
else if ( v.is("uu_decode_depth") )
config->decode_conf.set_uu_depth(mime_value);
+
else
return false;
if ( !v.is("~") )
return false;
- unit = v.get_long();
+ unit = v.get_uint8();
return true;
}
bool PopModule::set(const char*, Value& v, SnortConfig*)
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1); // flip 0 and -1 for MIME processing
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1); // flip 0 and -1 for MIME use
+
if ( v.is("b64_decode_depth") )
config->decode_conf.set_b64_depth(mime_value);
+
else if ( v.is("bitenc_decode_depth") )
config->decode_conf.set_bitenc_depth(mime_value);
+
else if ( v.is("qp_decode_depth") )
config->decode_conf.set_qp_depth(mime_value);
+
else if ( v.is("uu_decode_depth") )
config->decode_conf.set_uu_depth(mime_value);
+
else
return false;
static const Parameter s_params[] =
{
{ "*code", Parameter::PT_INT, "1:999", nullptr,
- "stat code" },
+ "status code" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
{
if ( v.is("*code") )
{
- unsigned long statCode = v.get_long();
+ uint16_t statCode = v.get_uint16();
- if ((statCode > MAX_STAT_CODE) || ((statCode > NUM_OF_RESPONSE_TYPES - 1) &&
- (statCode < MIN_STAT_CODE)))
+ if ( (statCode >= NUM_OF_RESPONSE_TYPES) && (statCode < MIN_STAT_CODE) )
{
- ParseError("Status code specified is not a 3 digit number or 1");
+ ParseError("Status code specified is not a single digit or a 3 digit number");
return false;
}
- ssod.stat_codes[num_tokens] = (uint16_t)statCode;
+ ssod.stat_codes[num_tokens] = statCode;
num_tokens++;
}
else
{ "max_content_len", Parameter::PT_INT, "0:65535", "1024",
"maximum content length of the message body" },
- { "max_dialogs", Parameter::PT_INT, "1:4194303", "4",
+ { "max_dialogs", Parameter::PT_INT, "1:max32", "4",
"maximum number of dialogs within one stream session" },
{ "max_from_len", Parameter::PT_INT, "0:65535", "256",
conf->ignoreChannel = v.get_bool();
else if ( v.is("max_call_id_len") )
- conf->maxCallIdLen = v.get_long();
+ conf->maxCallIdLen = v.get_uint16();
else if ( v.is("max_contact_len") )
- conf->maxContactLen = v.get_long();
+ conf->maxContactLen = v.get_uint16();
else if ( v.is("max_content_len") )
- conf->maxContentLen = v.get_long();
+ conf->maxContentLen = v.get_uint16();
else if ( v.is("max_dialogs") )
- conf->maxNumDialogsInSession = v.get_long();
+ conf->maxNumDialogsInSession = v.get_uint32();
else if ( v.is("max_from_len") )
- conf->maxFromLen = v.get_long();
+ conf->maxFromLen = v.get_uint16();
else if ( v.is("max_requestName_len") )
- conf->maxRequestNameLen = v.get_long();
+ conf->maxRequestNameLen = v.get_uint16();
else if ( v.is("max_to_len") )
- conf->maxToLen = v.get_long();
+ conf->maxToLen = v.get_uint16();
else if ( v.is("max_uri_len") )
- conf->maxUriLen = v.get_long();
+ conf->maxUriLen = v.get_uint16();
else if ( v.is("max_via_len") )
- conf->maxViaLen = v.get_long();
+ conf->maxViaLen = v.get_uint16();
else if ( v.is("methods") )
sip_methods = v.get_string();
{ "command", Parameter::PT_STRING, nullptr, nullptr,
"command string" },
- { "length", Parameter::PT_INT, "0:", "0",
+ { "length", Parameter::PT_INT, "0:max32", "0",
"specify non-default maximum for command" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
else if ( v.is("b64_decode_depth") )
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1);
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1);
config->decode_conf.set_b64_depth(mime_value);
}
else if ( v.is("bitenc_decode_depth") )
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1);
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1);
config->decode_conf.set_bitenc_depth(mime_value);
}
add_commands(v, PCMD_DATA);
else if ( v.is("email_hdrs_log_depth") )
- config->log_config.email_hdrs_log_depth = v.get_long();
+ config->log_config.email_hdrs_log_depth = v.get_uint16();
else if ( v.is("ignore_data") )
config->decode_conf.set_ignore_data(v.get_bool());
add_commands(v, PCMD_INVALID);
else if ( v.is("length") )
- number = v.get_long();
+ number = v.get_uint32();
else if ( v.is("log_filename") )
config->log_config.log_filename =v.get_bool();
config->log_config.log_email_hdrs = v.get_bool();
else if ( v.is("max_auth_command_line_len") )
- config->max_auth_command_line_len = v.get_long();
+ config->max_auth_command_line_len = v.get_uint16();
else if ( v.is("max_command_line_len") )
- config->max_command_line_len = v.get_long();
+ config->max_command_line_len = v.get_uint16();
else if ( v.is("max_header_line_len") )
- config->max_header_line_len = v.get_long();
+ config->max_header_line_len = v.get_uint16();
else if ( v.is("max_response_line_len") )
- config->max_response_line_len = v.get_long();
+ config->max_response_line_len = v.get_uint16();
else if ( v.is("normalize") )
- config->normalize = (NORM_TYPES)v.get_long();
+ config->normalize = (NORM_TYPES)v.get_uint8();
else if ( v.is("normalize_cmds"))
add_commands(v, PCMD_NORM);
else if ( v.is("qp_decode_depth") )
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1);
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1);
config->decode_conf.set_qp_depth(mime_value);
}
else if ( v.is("uu_decode_depth") )
{
- const long value = v.get_long();
- const long mime_value = (value > 0) ? value : -(value+1);
+ const int32_t value = v.get_int32();
+ const int32_t mime_value = (value > 0) ? value : -(value+1);
config->decode_conf.set_uu_depth(mime_value);
}
else if ( v.is("xlink2state") )
- config->xlink2state = (XLINK2STATE)v.get_long();
+ config->xlink2state = (XLINK2STATE)v.get_uint8();
else
return false;
bool SshModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("max_encrypted_packets") )
- conf->MaxEncryptedPackets = v.get_long();
+ conf->MaxEncryptedPackets = v.get_uint16();
else if ( v.is("max_client_bytes") )
- conf->MaxClientBytes = v.get_long();
+ conf->MaxClientBytes = v.get_uint16();
else if ( v.is("max_server_version_len") )
- conf->MaxServerVersionLen = v.get_long();
+ conf->MaxServerVersionLen = v.get_uint8();
else
return false;
conf->trustservers = v.get_bool();
else if ( v.is("max_heartbeat_length") )
- conf->max_heartbeat_len = v.get_long();
+ conf->max_heartbeat_len = v.get_uint16();
else
return false;
static IP_entry ip_lists[] =
{
+// __STRDUMP_DISABLE__
{ "192.168.0.1",4 },
{ "2.16.0.1", 100 },
{ "12.16.0.1", 500 },
{ "ffee:ddcc:bbaa:9988:7766:5544:3322:1100/32", 121 },
{ "1001:db8:85a3::/29", 122 },
{ "255.255.255.255", 0 }
+// __STRDUMP_ENABLE__
};
//---------------------------------------------------------------
#define CACHE_PARAMS(name, max, prune, idle, cleanup) \
static const Parameter name[] = \
{ \
- { "max_sessions", Parameter::PT_INT, "2:", max, \
+ { "max_sessions", Parameter::PT_INT, "2:max32", max, \
"maximum simultaneous sessions tracked before pruning" }, \
\
- { "pruning_timeout", Parameter::PT_INT, "1:", prune, \
+ { "pruning_timeout", Parameter::PT_INT, "1:max32", prune, \
"minimum inactive time before being eligible for pruning" }, \
\
- { "idle_timeout", Parameter::PT_INT, "1:", idle, \
+ { "idle_timeout", Parameter::PT_INT, "1:max32", idle, \
"maximum inactive time before retiring session tracker" }, \
\
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } \
static const Parameter s_params[] =
{
- { "footprint", Parameter::PT_INT, "0:", "0",
+ { "footprint", Parameter::PT_INT, "0:max32", "0",
"use zero for production, non-zero for testing at given size (for TCP and user)" },
{ "ip_frags_only", Parameter::PT_BOOL, nullptr, "false",
if ( v.is("footprint") )
{
- config.footprint = v.get_long();
+ config.footprint = v.get_uint32();
return true;
}
else if ( v.is("ip_frags_only") )
return Module::set(fqn, v, c);
if ( v.is("max_sessions") )
- fc->max_sessions = v.get_long();
+ fc->max_sessions = v.get_uint32();
else if ( v.is("pruning_timeout") )
- fc->pruning_timeout = v.get_long();
+ fc->pruning_timeout = v.get_uint32();
else if ( v.is("idle_timeout") )
- fc->nominal_timeout = v.get_long();
+ fc->nominal_timeout = v.get_uint32();
else
return false;
FlowConfig user_cfg;
FlowConfig file_cfg;
- int footprint;
+ unsigned footprint;
bool ip_frags_only;
bool track_on_syn;
};
static const Parameter s_params[] =
{
- { "session_timeout", Parameter::PT_INT, "1:86400", "30",
+ { "session_timeout", Parameter::PT_INT, "1:max31", "30",
"session tracking timeout" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool StreamIcmpModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("session_timeout") )
- config->session_timeout = v.get_long();
+ config->session_timeout = v.get_uint32();
else
return false;
static const Parameter s_params[] =
{
- { "max_frags", Parameter::PT_INT, "1:", "8192",
+ { "max_frags", Parameter::PT_INT, "1:max32", "8192",
"maximum number of simultaneous fragments being tracked" },
- { "max_overlaps", Parameter::PT_INT, "0:", "0",
+ { "max_overlaps", Parameter::PT_INT, "0:max32", "0",
"maximum allowed overlaps per datagram; 0 is unlimited" },
- { "min_frag_length", Parameter::PT_INT, "0:", "0",
+ { "min_frag_length", Parameter::PT_INT, "0:65535", "0",
"alert if fragment length is below this limit before or after trimming" },
{ "min_ttl", Parameter::PT_INT, "1:255", "1",
{ "policy", Parameter::PT_ENUM, IP_POLICIES, "linux",
"fragment reassembly policy" },
- { "session_timeout", Parameter::PT_INT, "1:86400", "30",
+ { "session_timeout", Parameter::PT_INT, "1:max31", "30",
"session tracking timeout" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool StreamIpModule::set(const char* f, Value& v, SnortConfig* c)
{
if ( v.is("max_frags") )
- config->frag_engine.max_frags = v.get_long();
+ config->frag_engine.max_frags = v.get_uint32();
else if ( v.is("max_overlaps") )
- config->frag_engine.max_overlaps = v.get_long();
+ config->frag_engine.max_overlaps = v.get_uint32();
else if ( v.is("min_frag_length") )
- config->frag_engine.min_fragment_length = v.get_long();
+ config->frag_engine.min_fragment_length = v.get_uint32();
else if ( v.is("min_ttl") )
- config->frag_engine.min_ttl = v.get_long();
+ config->frag_engine.min_ttl = v.get_uint8();
else if ( v.is("policy") )
- config->frag_engine.frag_policy = v.get_long() + 1;
+ config->frag_engine.frag_policy = v.get_uint16() + 1;
else if ( v.is("session_timeout") )
{
// FIXIT-L need to integrate to eliminate redundant data
- config->session_timeout = v.get_long();
- config->frag_engine.frag_timeout = v.get_long();
+ config->session_timeout = v.get_uint32();
+ config->frag_engine.frag_timeout = v.get_uint32();
}
else
return Module::set(f, v, c);
bool ReassembleModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("action") )
- srod.enable = v.get_long();
+ srod.enable = v.get_uint8();
else if ( v.is("direction") )
- srod.direction = v.get_long() + 1;
+ srod.direction = v.get_uint8() + 1;
else if ( v.is("noalert") )
srod.alert = 0;
return ssod.validate(v.get_string(), RANGE);
else if ( v.is("~direction") )
- direction = v.get_long();
+ direction = v.get_uint8();
else
return false;
static const Parameter stream_queue_limit_params[] =
{
- { "max_bytes", Parameter::PT_INT, "0:", "1048576",
+ { "max_bytes", Parameter::PT_INT, "0:max32", "1048576",
"don't queue more than given bytes per session and direction" },
- { "max_segments", Parameter::PT_INT, "0:", "2621",
+ { "max_segments", Parameter::PT_INT, "0:max32", "2621",
"don't queue more than given segments per session and direction" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
static const Parameter s_params[] =
{
- { "flush_factor", Parameter::PT_INT, "0:", "0",
+ { "flush_factor", Parameter::PT_INT, "0:65535", "0",
"flush upon seeing a drop in segment size after given number of non-decreasing segments" },
{ "max_window", Parameter::PT_INT, "0:1073725440", "0",
"maximum allowed TCP window" },
- { "overlap_limit", Parameter::PT_INT, "0:255", "0",
+ { "overlap_limit", Parameter::PT_INT, "0:max32", "0",
"maximum number of allowed overlapping segments per session" },
{ "max_pdu", Parameter::PT_INT, "1460:32768", "16384",
{ "reassemble_async", Parameter::PT_BOOL, nullptr, "true",
"queue data for reassembly before traffic is seen in both directions" },
- { "require_3whs", Parameter::PT_INT, "-1:86400", "-1",
+ { "require_3whs", Parameter::PT_INT, "-1:max31", "-1",
"don't track midstream sessions after given seconds from start up; -1 tracks all" },
{ "show_rebuilt_packets", Parameter::PT_BOOL, nullptr, "false",
{ "small_segments", Parameter::PT_TABLE, stream_tcp_small_params, nullptr,
"limit number of small segments queued" },
- { "session_timeout", Parameter::PT_INT, "1:86400", "30",
+ { "session_timeout", Parameter::PT_INT, "1:max31", "30",
"session tracking timeout" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool StreamTcpModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("count") )
- config->max_consec_small_segs = v.get_long();
+ config->max_consec_small_segs = v.get_uint16();
else if ( v.is("maximum_size") )
- config->max_consec_small_seg_size = v.get_long();
+ config->max_consec_small_seg_size = v.get_uint16();
else if ( v.is("flush_factor") )
- config->flush_factor = v.get_long();
+ config->flush_factor = v.get_uint16();
else if ( v.is("max_bytes") )
- config->max_queued_bytes = v.get_long();
+ config->max_queued_bytes = v.get_uint32();
else if ( v.is("max_segments") )
- config->max_queued_segs = v.get_long();
+ config->max_queued_segs = v.get_uint32();
else if ( v.is("max_window") )
- config->max_window = v.get_long();
+ config->max_window = v.get_uint32();
else if ( v.is("max_pdu") )
- config->paf_max = v.get_long();
+ config->paf_max = v.get_uint16();
else if ( v.is("policy") )
- config->policy = static_cast< StreamPolicy >( v.get_long() + 1 );
+ config->policy = static_cast< StreamPolicy >( v.get_uint8() + 1 );
else if ( v.is("overlap_limit") )
- config->overlap_limit = v.get_long();
+ config->overlap_limit = v.get_uint32();
else if ( v.is("session_timeout") )
- config->session_timeout = v.get_long();
+ config->session_timeout = v.get_uint32();
else if ( v.is("reassemble_async") )
{
}
else if ( v.is("require_3whs") )
{
- config->hs_timeout = v.get_long();
+ config->hs_timeout = v.get_int32();
}
else if ( v.is("show_rebuilt_packets") )
{
static const Parameter s_params[] =
{
- { "session_timeout", Parameter::PT_INT, "1:86400", "30",
+ { "session_timeout", Parameter::PT_INT, "1:max31", "30",
"session tracking timeout" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool StreamUdpModule::set(const char*, Value& v, SnortConfig*)
{
if ( v.is("session_timeout") )
- config->session_timeout = v.get_long();
+ config->session_timeout = v.get_uint32();
else
return false;
static const Parameter s_params[] =
{
- { "session_timeout", Parameter::PT_INT, "1:86400", "30",
+ { "session_timeout", Parameter::PT_INT, "1:max31", "30",
"session tracking timeout" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
bool StreamUserModule::set(const char* fqn, Value& v, SnortConfig* sc)
{
if ( v.is("session_timeout") )
- config->session_timeout = v.get_long();
+ config->session_timeout = v.get_uint32();
else
return Module::set(fqn, v, sc);
if (SnortConfig::output_use_utc())
localzone = 0;
- int s = (tvp->tv_sec + localzone) % 86400;
+ int s = (tvp->tv_sec + localzone) % SECONDS_PER_DAY;
time_t Time = (tvp->tv_sec + localzone) - s;
struct tm ttm;
};
const ConvertMap* tagged_packet_limit_map = &tagged_packet_limit_api;
+
+/**************************************************
+ ********************* umask *********************
+ **************************************************/
+
+static const std::string umask = "umask";
+static const ConvertMap umask_api =
+{
+ umask,
+ config_int_ctor<& umask, & process>,
+};
+
+const ConvertMap* umask_map = &umask_api;
} // namespace config
};
const ConvertMap* set_uid_map = &set_uid_api;
-
-/**************************************************
- ********************* umask *********************
- **************************************************/
-
-static const std::string umask = "umask";
-static const ConvertMap umask_api =
-{
- umask,
- config_string_ctor<& umask, & process>,
-};
-
-const ConvertMap* umask_map = &umask_api;
} // namespace config
if (bytes_read != sizeof(uint32_t)*2)
{
puts("ERROR: Failed to read record metadata.");
- printf("\tRead %u of %lu bytes\n", bytes_read, (unsigned long)sizeof(uint32_t)*2);
+ printf("\tRead %u of %zu bytes\n", bytes_read, sizeof(uint32_t)*2);
return false;
}
projects / thirdparty / snort3.git / commitdiff
