Pull request #3684: wizard: remove client_first option

Merge in SNORT/snort3 from ~ANOROKH/snort3:wiz_opt_rm to master

Squashed commit of the following:

commit 5e9be384bc45d5bc6f3147d2450d6cf2b27bde54
Author: AnnaNorokh <annanorokh15@gmail.comm>
Date:   Mon Nov 28 17:20:59 2022 +0200

    wizard: remove client_first option

    * removed client_first from documentation

diff --git a/doc/user/dump_config.txt b/doc/user/dump_config.txt
index 40f699d883f3d7948879663342717e12a6553ddc..9fa72d9a9c302d962abc54158835a3a7e5659c2a 100644 (file)
--- a/doc/user/dump_config.txt
+++ b/doc/user/dump_config.txt
@@ -38,7 +38,7 @@ http.lua
     {
         spells =
         {
-            { service = 'http', proto = 'tcp', client_first = true, to_server = { 'GET' }, to_client = { 'HTTP/' } },
+            { service = 'http', proto = 'tcp', to_server = { 'GET' }, to_client = { 'HTTP/' } },
         }
     }
 
@@ -88,13 +88,11 @@ Example:
     stream_tcp.show_rebuilt_packets=true
     consolidated config for http.lua
     wizard.spells[0].proto="tcp"
-    wizard.spells[0].client_first=true
     wizard.spells[0].service="http"
     wizard.spells[0].to_client[0].spell="HTTP/"
     wizard.spells[0].to_server[0].spell="GET"
     consolidated config for sip.lua
     wizard.spells[0].proto="tcp"
-    wizard.spells[0].client_first=true
     wizard.spells[0].service="sip"
     wizard.spells[0].to_server[0].spell="INVITE"
 
@@ -184,7 +182,6 @@ Example:
                 "spells": [
                 {
                     "proto": "tcp",
-                    "client_first": true,
                     "service": "http",
                     "to_client": [
                     {
@@ -208,7 +205,6 @@ Example:
                 "spells": [
                 {
                     "proto": "tcp",
-                    "client_first": true,
                     "service": "sip",
                     "to_server": [
                     {

diff --git a/doc/user/wizard.txt b/doc/user/wizard.txt
index 1605967557c7ab9075914009c5b8830479ca564b..cd070ec46701dcf07b4e3b2fa72a64d7706d353b 100644 (file)
--- a/doc/user/wizard.txt
+++ b/doc/user/wizard.txt
@@ -55,15 +55,13 @@ contain following options:
 
   * 'service' - name of the service that would be assigned
   * 'proto' - protocol to scan
-  * 'client_first' - indicator of which end initiates data transfer (deprecated)
   * 'to_server' - list of text patterns to search in the data sent to the client
   * 'to_client' - list of text patterns to search in the data sent to the server
 
   Example of a spell definition in Lua:
     { 
       service = 'smtp', 
-      proto = 'tcp', 
-      client_first = true,
+      proto = 'tcp',
       to_server = { 'HELO', 'EHLO' },
       to_client = { '220*SMTP', '220*MAIL' } 
     }
@@ -86,7 +84,6 @@ Hexes are configured in the same way as spells and have an identical set of opti
     { 
       service = 'dnp3',
       proto = 'tcp',
-      client_first = true,
       to_server = { '|05 64|' },
       to_client = { '|05 64|' } 
     }

diff --git a/lua/snort_defaults.lua b/lua/snort_defaults.lua
index 519d161a774949d2e931cf98821eeabe1c5913de..c788ca7abe26bff47527164e25145cc5905bdbb6 100644 (file)
--- a/lua/snort_defaults.lua
+++ b/lua/snort_defaults.lua
@@ -358,60 +358,60 @@ default_wizard =
 {
     spells =
     {
-        { service = 'ftp', proto = 'tcp', client_first = false,
+        { service = 'ftp', proto = 'tcp',
           to_client = { '220*FTP', '220*FileZilla' } },
 
-        { service = 'http', proto = 'tcp', client_first = true,
+        { service = 'http', proto = 'tcp',
           to_server = http_methods, to_client = { 'HTTP/' } },
 
-        { service = 'imap', proto = 'tcp', client_first = false,
+        { service = 'imap', proto = 'tcp',
           to_client = { '** OK', '** BYE', '** PREAUTH' } },
 
-        { service = 'pop3', proto = 'tcp', client_first = false,
+        { service = 'pop3', proto = 'tcp',
           to_client = { '+OK', '-ERR' } },
 
-        { service = 'sip', client_first = true,
+        { service = 'sip',
           to_server = sip_requests, to_client = { 'SIP/' } },
 
-        { service = 'smtp', proto = 'tcp', client_first = true,
+        { service = 'smtp', proto = 'tcp',
           to_server = { 'HELO', 'EHLO' },
           to_client = { '220*SMTP', '220*MAIL' } },
 
-        { service = 'ssh', proto = 'tcp', client_first = true,
+        { service = 'ssh', proto = 'tcp',
           to_server = { 'SSH-' }, to_client = { 'SSH-' } },
 
-        { service = 'dce_http_server', proto = 'tcp', client_first = false,
+        { service = 'dce_http_server', proto = 'tcp',
           to_client = { 'ncacn_http' } },
 
-        { service = 'dce_http_proxy', proto = 'tcp', client_first = true,
+        { service = 'dce_http_proxy', proto = 'tcp',
           to_server = { 'RPC_CONNECT' } },
 
     },
     hexes =
     {
-        { service = 'dnp3', proto = 'tcp', client_first = true,
+        { service = 'dnp3', proto = 'tcp',
           to_server = { '|05 64|' }, to_client = { '|05 64|' } },
 
-        { service = 'netflow', proto = 'udp', client_first = true,
+        { service = 'netflow', proto = 'udp',
           to_server = netflow_versions },
 
-        { service = 'http2', proto = 'tcp', client_first = true,
+        { service = 'http2', proto = 'tcp',
           to_client = { '???|04 00 00 00 00 00|' },
           to_server = { '|50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a 0d 0a 53 4d 0d 0a 0d 0a|' } },
 
 --[[
-        { service = 'modbus', proto = 'tcp', client_first = true,
+        { service = 'modbus', proto = 'tcp',
           to_server = { '??|0 0|' } },
 
-        { service = 'rpc', proto = 'tcp', client_first = true,
+        { service = 'rpc', proto = 'tcp',
           to_server = { '????|0 0 0 0 0 0 0 1|' },
           to_client = { '????|0 0 0 0 0 0 0 1|' } },
 --]]
 
-        { service = 'ssl', proto = 'tcp', client_first = true,
+        { service = 'ssl', proto = 'tcp',
           to_server = { '|16 03|' }, to_client = { '|16 03|' } },
 
-        { service = 'telnet', proto = 'tcp', client_first = true,
+        { service = 'telnet', proto = 'tcp',
           to_server = telnet_commands, to_client = telnet_commands },
     },
 

diff --git a/src/service_inspectors/wizard/wiz_module.cc b/src/service_inspectors/wizard/wiz_module.cc
index fce518d96239838870f2c9d983823fd145e5b86a..f0baf969439e4ee202576cc0439957757437b430 100644 (file)
--- a/src/service_inspectors/wizard/wiz_module.cc
+++ b/src/service_inspectors/wizard/wiz_module.cc
@@ -54,9 +54,6 @@ static const Parameter wizard_hexes_params[] =
     { "proto", Parameter::PT_SELECT, "tcp | udp | any", "any",
       "protocol to scan" },
 
-    { "client_first", Parameter::PT_BOOL, nullptr, "true",
-      "which end initiates data transfer (deprecated)" },
-
     { "to_server", Parameter::PT_LIST, wizard_hex_param, nullptr,
       "sequence of data with wild chars (?)" },
 
@@ -82,9 +79,6 @@ static const Parameter wizard_spells_params[] =
     { "proto", Parameter::PT_SELECT, "tcp | udp | any", "any",
       "protocol to scan" },
 
-    { "client_first", Parameter::PT_BOOL, nullptr, "true",
-      "which end initiates data transfer (deprecated)" },
-
     { "to_server", Parameter::PT_LIST, wizard_spell_param, nullptr,
       "list of initial tokens with wild cards (*)" },
 
@@ -152,10 +146,6 @@ bool WizardModule::set(const char*, Value& v, SnortConfig*)
             proto = MagicBook::ArcaneType::ANY;
     }
 
-    // FIXIT-H implement client_first
-    else if ( v.is("client_first") )
-        return true;
-
     else if ( v.is("hex") or v.is("spell") )
     {
         if ( c2s )