+19/04/17 - build 253
+
+-- build: delete unused code called out by cppcheck
+-- doc: remove mention of obsolete LUA_PATH, SNORT_LUA_PATH, and required snort_config library
+-- flow_cache: Pruning one stream when excess pruning skips even if max_sessions is reached
+-- ftp_server: fix normalization and PDU parsing issues
+-- helpers: directory: use readdir instead of readdir_r
+-- Lua: apply the necessary builtin defaults from one place
+-- Lua: internalize snort_config.lua dependency
+-- Lua: build-time stringify Lua files for use as C++ variables
+-- Lua: remove dependency on SNORT_LUA_PATH
+-- mime: fix decompression for multiple files
+-- parser: update include file handling
+-- parser: fix defaults for alerts.order and network.checksum_eval
+
19/04/10 - build 252
-- appid: Fix NetworkSet compilation on big-endian systems
snort_free(config);
}
-void detection_filter_print_config(DetectionFilterConfig*)
-{ }
-
int detection_filter_test(void* pv, const snort::SfIp* sip, const snort::SfIp* dip, long curtime)
{
if (pv == nullptr)
void detection_filter_init(DetectionFilterConfig*);
void detection_filter_term();
-void detection_filter_print_config(DetectionFilterConfig*);
-
int detection_filter_test(void*, const snort::SfIp* sip, const snort::SfIp* dip, long curtime);
struct THD_NODE* detection_filter_create(DetectionFilterConfig*, struct THDX_STRUCT*);
using namespace snort;
-//static int _printThresholdContext(RateFilterConfig*);
-
RateFilterConfig* RateFilter_ConfigNew()
{
RateFilterConfig* rf_config = (RateFilterConfig*)snort_calloc(sizeof(*rf_config));
return rf_config;
}
-/* Free threshold context */
void RateFilter_ConfigFree(RateFilterConfig* config)
{
int i;
sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
}
-void RateFilter_PrintConfig(RateFilterConfig*)
-{
- // FIXIT-L print from module
- //_printThresholdContext(config);
-}
-
-#if 0
-static int _logConfigNode(tSFRFConfigNode* p)
-{
- const char* trackBy = "?";
- char buf[STD_BUF+1];
- *buf = '\0';
-
- // SnortSnprintfAppend(buf, STD_BUF, "| thd-id=%d", p->thd_id );
-
- if ( p->gid == 0 )
- {
- SnortSnprintfAppend(buf, STD_BUF, "| gen-id=global");
- }
- else
- {
- SnortSnprintfAppend(buf, STD_BUF, "| gen-id=%-6d", p->gid);
- }
- if ( p->sid == 0 )
- {
- SnortSnprintfAppend(buf, STD_BUF, " sig-id=global");
- }
- else
- {
- SnortSnprintfAppend(buf, STD_BUF, " sig-id=%-10d", p->sid);
- }
-
- SnortSnprintfAppend(buf, STD_BUF, " policyId=%-10d", p->policyId);
-
- switch ( p->tracking )
- {
- case SFRF_TRACK_BY_SRC: trackBy = "src"; break;
- case SFRF_TRACK_BY_DST: trackBy = "dst"; break;
- case SFRF_TRACK_BY_RULE: trackBy = "rule"; break;
- default: break;
- }
- SnortSnprintfAppend(buf, STD_BUF, " tracking=%s", trackBy);
- SnortSnprintfAppend(buf, STD_BUF, " count=%-3d", p->count);
- SnortSnprintfAppend(buf, STD_BUF, " seconds=%-3d", p->seconds);
-
- LogMessage("%s\n", buf);
-
- return 1;
-}
-
-static int _printThresholdContext(RateFilterConfig* config)
-{
- int gid;
- int lcnt=0;
-
- if (config == NULL)
- return 0;
-
- for ( gid=0; gid < SFRF_MAX_GENID; gid++ )
- {
- GHashNode* item_hash_node;
- GHash* sfrf_hash = config->genHash [ gid ];
-
- if ( !sfrf_hash )
- {
- continue;
- }
-
- for ( item_hash_node = ghash_findfirst(sfrf_hash);
- item_hash_node != 0;
- item_hash_node = ghash_findnext(sfrf_hash) )
- {
- tSFRFSidNode* sfrf_item;
- tSFRFConfigNode* sfrf_node;
-
- /* Check for any Permanent sid objects for this gid */
- sfrf_item = (tSFRFSidNode*)item_hash_node->data;
- SF_LNODE* cursor;
-
- for ( sfrf_node =
- (tSFRFConfigNode*)sflist_first(sfrf_item->configNodeList, &cursor);
- sfrf_node != 0;
- sfrf_node =
- (tSFRFConfigNode*)sflist_next(&cursor) )
- {
- if ( _logConfigNode(sfrf_node) != 0 )
- lcnt++;
- }
- }
- }
-
- if ( !lcnt )
- LogMessage("| none\n");
-
- return 0;
-}
-
-#endif
-
void RateFilter_Cleanup();
int RateFilter_Create(snort::SnortConfig* sc, RateFilterConfig*, tSFRFConfigNode*);
-void RateFilter_PrintConfig(RateFilterConfig*);
-
int RateFilter_Test(const OptTreeNode*, snort::Packet*);
#endif
snort_free(tc);
}
-// prnMode = 0: init output format
-// prnMode = 1: term output format (with header and count of filtered events)
-// prnMode = 2: term output format (count only)
-#if 0
-static int print_thd_node(THD_NODE* p, PrintFormat type, unsigned* prnMode)
-{
- char buf[STD_BUF+1];
- memset(buf, 0, STD_BUF+1);
-
- switch ( type )
- {
- case PRINT_GLOBAL:
- if (p->type == THD_TYPE_SUPPRESS )
- return 0;
- if (p->sig_id != 0 )
- return 0;
- break;
-
- case PRINT_LOCAL:
- if (p->type == THD_TYPE_SUPPRESS )
- return 0;
- if (p->sig_id == 0 || p->gen_id == 0 )
- return 0;
- break;
-
- case PRINT_SUPPRESS:
- if (p->type != THD_TYPE_SUPPRESS )
- return 0;
- break;
- }
-
- /* SnortSnprintfAppend(buf, STD_BUF, "| thd-id=%d", p->thd_id ); */
-
- if ( *prnMode && !p->filtered )
- return 1;
-
- if ( p->gen_id == 0 )
- {
- SnortSnprintfAppend(buf, STD_BUF, "| gen-id=global");
- }
- else
- {
- SnortSnprintfAppend(buf, STD_BUF, "| gen-id=%-6d", p->gen_id);
- }
- if ( p->sig_id == 0 )
- {
- SnortSnprintfAppend(buf, STD_BUF, " sig-id=global");
- }
- else
- {
- SnortSnprintfAppend(buf, STD_BUF, " sig-id=%-10d", p->sig_id);
- }
-
- switch ( p->type )
- {
- case THD_TYPE_LIMIT:
- SnortSnprintfAppend(buf, STD_BUF, " type=Limit ");
- break;
-
- case THD_TYPE_THRESHOLD:
- SnortSnprintfAppend(buf, STD_BUF, " type=Threshold");
- break;
-
- case THD_TYPE_BOTH:
- SnortSnprintfAppend(buf, STD_BUF, " type=Both ");
- break;
-
- case THD_TYPE_SUPPRESS:
- if ( *prnMode )
- SnortSnprintfAppend(buf, STD_BUF, " type=Suppress ");
- break;
- }
-
- switch ( p->tracking )
- {
- case THD_TRK_NONE:
- SnortSnprintfAppend(buf, STD_BUF, " tracking=none");
- break;
-
- case THD_TRK_SRC:
- SnortSnprintfAppend(buf, STD_BUF, " tracking=src");
- break;
-
- case THD_TRK_DST:
- SnortSnprintfAppend(buf, STD_BUF, " tracking=dst");
- break;
- }
-
- if ( p->type == THD_TYPE_SUPPRESS )
- {
- if ( p->tracking != THD_TRK_NONE )
- {
- // TBD output suppress node ip addr set
- SnortSnprintfAppend(buf, STD_BUF, "-ip=%-16s", "<list>");
- }
- }
- else
- {
- SnortSnprintfAppend(buf, STD_BUF, " count=%-3d", p->count);
- SnortSnprintfAppend(buf, STD_BUF, " seconds=%-3d", p->seconds);
- }
-
- if ( *prnMode )
- {
- if ( *prnMode == 1 )
- {
- LogMessage(
- "+-----------------------[filtered events]--------------------------------------\n");
- *prnMode = 2;
- }
- SnortSnprintfAppend(buf, STD_BUF, " filtered=" STDu64, p->filtered);
- }
- LogMessage("%s\n", buf);
-
- return 1;
-}
-
-static int print_thd_local(ThresholdObjects* thd_objs, PrintFormat type, unsigned* prnMode)
-{
- GHash* sfthd_hash;
- THD_ITEM* sfthd_item;
- THD_NODE* sfthd_node;
- int gen_id;
- GHashNode* item_hash_node;
- int lcnt=0;
- PolicyId policyId;
-
- for (policyId = 0; policyId < thd_objs->numPoliciesAllocated; policyId++)
- {
- for (gen_id=0; gen_id < THD_MAX_GENID; gen_id++ )
- {
- sfthd_hash = thd_objs->sfthd_array[gen_id];
- if ( !sfthd_hash )
- {
- continue;
- }
-
- for (item_hash_node = ghash_findfirst(sfthd_hash);
- item_hash_node != 0;
- item_hash_node = ghash_findnext(sfthd_hash) )
- {
- /* Check for any Permanent sig_id objects for this gen_id */
- sfthd_item = (THD_ITEM*)item_hash_node->data;
-
- if (sfthd_item->policyId != policyId)
- {
- continue;
- }
- SF_LNODE* cursor;
-
- for ( sfthd_node = (THD_NODE*)sflist_first(sfthd_item->sfthd_node_list, &cursor);
- sfthd_node != 0;
- sfthd_node = (THD_NODE*)sflist_next(&cursor) )
- {
- if (print_thd_node(sfthd_node, type, prnMode) != 0)
- lcnt++;
- }
- }
- }
- }
-
- if ( !lcnt && !*prnMode )
- LogMessage("| none\n");
-
- return 0;
-}
-
-#endif
-
-void print_thresholding(ThresholdConfig*, unsigned)
-{ }
-
void sfthreshold_free()
{
if (thd_runtime != nullptr)
thd_runtime = nullptr;
}
-/*
-
- Create and Add a Thresholding Event Object
-
-*/
int sfthreshold_create(
snort::SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx)
{
void ThresholdConfigFree(ThresholdConfig*);
void sfthreshold_reset();
int sfthreshold_create(snort::SnortConfig*, ThresholdConfig*, THDX_STRUCT*);
-int sfthreshold_test(unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime);
-void print_thresholding(ThresholdConfig*, unsigned shutdown);
+int sfthreshold_test(
+ unsigned int, unsigned int, const snort::SfIp*, const snort::SfIp*, long curtime);
void sfthreshold_free();
#endif
namespace snort
{
-void ParseMessage(const char* format, ...)
-{
- char buf[STD_BUF+1];
- va_list ap;
-
- va_start(ap, format);
- vsnprintf(buf, STD_BUF, format, ap);
- va_end(ap);
-
- buf[STD_BUF] = '\0';
- log_message(stderr, "INFO", buf);
-}
-
void ParseWarning(WarningGroup wg, const char* format, ...)
{
if ( !(snort::SnortConfig::get_conf()->warning_flags & (1 << wg)) )
namespace snort
{
-SO_PUBLIC void ParseMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void ParseWarning(WarningGroup, const char*, ...) __attribute__((format (printf, 2, 3)));
SO_PUBLIC void ParseError(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void ReloadError(const char*, ...) __attribute__((format (printf, 1, 2)));
// //
//-----------------------------------------------//
-#define BUILD_NUMBER 252
+#define BUILD_NUMBER 253
#ifndef EXTRABUILD
#define BUILD STRINGIFY_MX(BUILD_NUMBER)
ParseRules(this);
OrderRuleLists(this);
- // FIXIT-L see SnortInit() on config printing
- //detection_filter_print_config(detection_filter_config);
- //RateFilter_PrintConfig(rate_filter_config);
- //print_thresholding(threshold_config, 0);
- //PrintRuleOrder(rule_lists);
-
for ( auto& state : rule_states )
state->apply(this);
return mod;
}
-const char* ModuleManager::get_current_module()
-{ return s_current.c_str(); }
-
list<Module*> ModuleManager::get_all_modules()
{
list<Module*> ret;
static void add_module(Module*, const BaseApi* = nullptr);
SO_PUBLIC static Module* get_module(const char*);
static Module* get_default_module(const char*, SnortConfig*);
- static const char* get_current_module();
SO_PUBLIC static std::list<Module*> get_all_modules();
static const char* get_lua_bootstrap();
return ordered_list;
}
-static void printRuleListOrder(RuleListNode* node)
-{
- char buf[STD_BUF];
- RuleListNode* first_node = node;
-
- SnortSnprintf(buf, STD_BUF, "Rule application order: ");
-
- while ( node != nullptr )
- {
- SnortSnprintfAppend(buf, STD_BUF, "%s%s",
- node == first_node ? "" : "->", node->name);
-
- node = node->next;
- }
-
- LogMessage("%s\n", buf);
-}
-
static bool parse_file(SnortConfig* sc, Shell* sh, bool is_fatal)
{
const char* fname = sh->get_file();
sc->rule_lists = nullptr;
}
-void PrintRuleOrder(RuleListNode* rule_lists)
-{
- printRuleListOrder(rule_lists);
-}
-
void OrderRuleLists(SnortConfig* sc)
{
int evalIndex = 0;
bool is_fatal = true);
void ParseRules(snort::SnortConfig*);
-void OrderRuleLists(snort::SnortConfig*);
-void PrintRuleOrder(RuleListNode*);
-
char* ProcessFileOption(snort::SnortConfig*, const char*);
void SetRuleStates(snort::SnortConfig*);
+void OrderRuleLists(snort::SnortConfig*);
void FreeRuleLists(snort::SnortConfig*);
void VarTablesFree(snort::SnortConfig*);
DropStats();
timing_stats();
- // FIXIT-L below stats need to be made consistent with above
- print_thresholding(SnortConfig::get_conf()->threshold_config, 1);
+ // FIXIT-L can do flag saving with RAII (much cleaner)
+ int save_quiet_flag = SnortConfig::get_conf()->logging_flags & LOGGING_FLAG__QUIET;
- {
- // FIXIT-L can do flag saving with RAII (much cleaner)
- int save_quiet_flag = SnortConfig::get_conf()->logging_flags & LOGGING_FLAG__QUIET;
-
- SnortConfig::get_conf()->logging_flags &= ~LOGGING_FLAG__QUIET;
+ SnortConfig::get_conf()->logging_flags &= ~LOGGING_FLAG__QUIET;
- // once more for the main thread
- Profiler::consolidate_stats();
- Profiler::show_stats();
+ // once more for the main thread
+ Profiler::consolidate_stats();
+ Profiler::show_stats();
- SnortConfig::get_conf()->logging_flags |= save_quiet_flag;
- }
+ SnortConfig::get_conf()->logging_flags |= save_quiet_flag;
}
//-------------------------------------------------------------------------
projects / thirdparty / snort3.git / commitdiff
