Merge pull request #2127 in SNORT/snort3 from ~OKHOMIAK/snort3:standardize_all_inspec...

Squashed commit of the following:

commit cb70afb884f256e88504a45217c28783cc70b083
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date:   Tue Apr 7 21:44:31 2020 +0300

    appid: remove unused config options and rename "debug" option

    changes include:
    * instance_id, dump_ports, app_stats_rollover_time options removed
    * debug option renamed to list_odp_detectors
    * snort2lua updated according to config option changes mentioned above

commit cd58c49f50c9c22a1504405d449c137b9e743375
Author: Oleksii Khomiakovskyi <okhomiak@cisco.com>
Date:   Thu Mar 26 10:49:03 2020 +0200

    inspectors: update verbose config output in show() method to a new format

    Add ConfigLogger class containing standard print functions

diff --git a/src/file_api/file_config.cc b/src/file_api/file_config.cc
index 8d27443e864741d976142b7ce033ff7f559a8ddd..fac4b68c0944d81f1d519c432081bee203f4eee7 100644 (file)
--- a/src/file_api/file_config.cc
+++ b/src/file_api/file_config.cc
@@ -68,18 +68,18 @@ void FileConfig::process_file_policy_rule(FileRule& rule)
     filePolicy.insert_file_rule(rule);
 }
 
-FileMagicRule* FileConfig::get_rule_from_id(uint32_t id)
+const FileMagicRule* FileConfig::get_rule_from_id(uint32_t id) const
 {
     return fileIdentifier.get_rule_from_id(id);
 }
 
 void FileConfig::get_magic_rule_ids_from_type(const std::string& type,
-    const std::string& version, FileTypeBitSet& ids_set)
+    const std::string& version, FileTypeBitSet& ids_set) const
 {
     return fileIdentifier.get_magic_rule_ids_from_type(type, version, ids_set);
 }
 
-std::string FileConfig::file_type_name(uint32_t id)
+std::string FileConfig::file_type_name(uint32_t id) const
 {
     if (SNORT_FILE_TYPE_UNKNOWN == id)
         return "Unknown file type, done";
@@ -87,7 +87,7 @@ std::string FileConfig::file_type_name(uint32_t id)
     else if (SNORT_FILE_TYPE_CONTINUE == id)
         return "Undecided file type, continue...";
 
-    FileMagicRule* info = get_rule_from_id(id);
+    const FileMagicRule* info = get_rule_from_id(id);
 
     if (info != nullptr)
         return info->type;

diff --git a/src/file_api/file_config.h b/src/file_api/file_config.h
index 05ea9473637471e95254d806611c8f7a9ae8b664..6e779f0882e2a7f606a63bc4b3b080e3707b2248 100644 (file)
--- a/src/file_api/file_config.h
+++ b/src/file_api/file_config.h
@@ -45,15 +45,16 @@
 class FileConfig
 {
 public:
-    FileMagicRule* get_rule_from_id(uint32_t);
+    const FileMagicRule* get_rule_from_id(uint32_t) const;
     void get_magic_rule_ids_from_type(const std::string&, const std::string&,
-        snort::FileTypeBitSet&);
+        snort::FileTypeBitSet&) const;
     void process_file_rule(FileMagicRule&);
     void process_file_policy_rule(FileRule&);
     bool process_file_magic(FileMagicData&);
     uint32_t find_file_type_id(const uint8_t* buf, int len, uint64_t file_offset, void** context);
     FilePolicy& get_file_policy() { return filePolicy; }
-    std::string file_type_name(uint32_t id);
+    const FilePolicy& get_file_policy() const { return filePolicy; }
+    std::string file_type_name(uint32_t id) const;
 
     int64_t file_type_depth = DEFAULT_FILE_TYPE_DEPTH;
     int64_t file_signature_depth = DEFAULT_FILE_SIGNATURE_DEPTH;

diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc
index 97687a216af6db6c2e489eca0238f72c226958aa..73ffdad3d0415224db2c36874368c62330a70ee2 100644 (file)
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -383,16 +383,42 @@ bool FileInspect::configure(SnortConfig*)
     return true;
 }
 
-void FileInspect::show(SnortConfig*)
+static void file_config_show(const FileConfig* fc)
 {
-    if (!config)
-        return;
+    const FilePolicy& fp = fc->get_file_policy();
+
+    if ( ConfigLogger::log_flag("enable_type", fp.get_file_type()) )
+        ConfigLogger::log_value("type_depth", fc->file_type_depth);
+
+    if ( ConfigLogger::log_flag("enable_signature", fp.get_file_signature()) )
+        ConfigLogger::log_value("signature_depth", fc->file_signature_depth);
+
+    if ( ConfigLogger::log_flag("block_timeout_lookup", fc->block_timeout_lookup) )
+        ConfigLogger::log_value("block_timeout", fc->file_block_timeout);
+
+    if ( ConfigLogger::log_flag("enable_capture", fp.get_file_capture()) )
+    {
+        ConfigLogger::log_value("capture_memcap", fc->capture_memcap);
+        ConfigLogger::log_value("capture_max_size", fc->capture_max_size);
+        ConfigLogger::log_value("capture_min_size", fc->capture_min_size);
+        ConfigLogger::log_value("capture_block_size", fc->capture_block_size);
+    }
 
-    LogMessage("    capture_memcap: %zu MB\n", config->capture_memcap);
-    LogMessage("    capture_max_size: %zu bytes\n", config->capture_max_size);
-    LogMessage("    capture_min_size: %zu bytes\n", config->capture_min_size);
-    LogMessage("    lookup_timeout: %zu secs\n", config->file_lookup_timeout);
-    LogMessage("\n");
+    ConfigLogger::log_value("lookup_timeout", fc->file_lookup_timeout);
+    ConfigLogger::log_value("max_files_cached", fc->max_files_cached);
+    ConfigLogger::log_value("max_files_per_flow", fc->max_files_per_flow);
+    ConfigLogger::log_value("show_data_depth", fc->show_data_depth);
+
+    ConfigLogger::log_flag("trace_type", fc->trace_type);
+    ConfigLogger::log_flag("trace_signature", fc->trace_signature);
+    ConfigLogger::log_flag("trace_stream", fc->trace_stream);
+    ConfigLogger::log_value("verdict_delay", fc->verdict_delay);
+}
+
+void FileInspect::show(SnortConfig*)
+{
+    if ( config )
+        file_config_show(config);
 }
 
 static Module* mod_ctor()

diff --git a/src/file_api/file_identifier.cc b/src/file_api/file_identifier.cc
index 5796f101b32fc7cc0619b8dbfff9ab651ad88c1a..233b8fa2e6db9fe38947cdc2842794c3612e8347 100644 (file)
--- a/src/file_api/file_identifier.cc
+++ b/src/file_api/file_identifier.cc
@@ -359,7 +359,7 @@ uint32_t FileIdentifier::find_file_type_id(const uint8_t* buf, int len, uint64_t
     return file_type_id;
 }
 
-FileMagicRule* FileIdentifier::get_rule_from_id(uint32_t id)
+const FileMagicRule* FileIdentifier::get_rule_from_id(uint32_t id) const
 {
     if ((id < FILE_ID_MAX) && (file_magic_rules[id].id > 0))
     {
@@ -370,7 +370,7 @@ FileMagicRule* FileIdentifier::get_rule_from_id(uint32_t id)
 }
 
 void FileIdentifier::get_magic_rule_ids_from_type(const std::string& type,
-    const std::string& version, FileTypeBitSet& ids_set)
+    const std::string& version, FileTypeBitSet& ids_set) const
 {
     ids_set.reset();
 

diff --git a/src/file_api/file_identifier.h b/src/file_api/file_identifier.h
index 81c621ae3113899e1bc5e0ef661a2bfd9bfd97e4..7315f4c9b4df924362bc08ed1d587973a16b1571 100644 (file)
--- a/src/file_api/file_identifier.h
+++ b/src/file_api/file_identifier.h
@@ -88,11 +88,12 @@ class FileIdentifier
 {
 public:
     ~FileIdentifier();
-    uint32_t memory_usage() { return memory_used; }
+    uint32_t memory_usage() const { return memory_used; }
     void insert_file_rule(FileMagicRule& rule);
     uint32_t find_file_type_id(const uint8_t* buf, int len, uint64_t offset, void** context);
-    FileMagicRule* get_rule_from_id(uint32_t);
-    void get_magic_rule_ids_from_type(const std::string&, const std::string&, snort::FileTypeBitSet&);
+    const FileMagicRule* get_rule_from_id(uint32_t) const;
+    void get_magic_rule_ids_from_type(const std::string&, const std::string&,
+        snort::FileTypeBitSet&) const;
 
 private:
     void init_merge_hash();

diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc
index 2155198b2eee064dcf1f16dc568e1a7b34d04996..54601a9de4b6907186f9ea3c396cd3a6699faec3 100644 (file)
--- a/src/file_api/file_log.cc
+++ b/src/file_api/file_log.cc
@@ -221,8 +221,8 @@ private:
 
 void FileLog::show(SnortConfig*)
 {
-    LogMessage("    Log system time: %s\n", config.log_sys_time ? "true" : "false");
-    LogMessage("    Log packet time: %s\n", config.log_pkt_time ? "true" : "false");
+    ConfigLogger::log_flag("log_pkt_time", config.log_pkt_time);
+    ConfigLogger::log_flag("log_sys_time", config.log_sys_time);
 }
 
 //-------------------------------------------------------------------------

diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc
index a1cea020aa3a28f70612f9d7e1d3da75042e6ee4..b7958720499d7f4414645673786c52ce46f5b40a 100644 (file)
--- a/src/file_api/file_policy.cc
+++ b/src/file_api/file_policy.cc
@@ -64,6 +64,21 @@ void FilePolicy::set_file_capture(bool enabled)
     capture_enabled = enabled;
 }
 
+bool FilePolicy::get_file_type() const
+{
+    return type_enabled;
+}
+
+bool FilePolicy::get_file_signature() const
+{
+    return signature_enabled;
+}
+
+bool FilePolicy::get_file_capture() const
+{
+    return capture_enabled;
+}
+
 void FilePolicy::insert_file_rule(FileRule& rule)
 {
     file_rules.emplace_back(rule);

diff --git a/src/file_api/file_policy.h b/src/file_api/file_policy.h
index 7ab9c8af25fc55b2d076c0f22d6ad1d10e6b590d..fb5c0f40fe550c4684ca552dbcaafb8148b9f068 100644 (file)
--- a/src/file_api/file_policy.h
+++ b/src/file_api/file_policy.h
@@ -73,6 +73,9 @@ public:
     void set_file_type(bool enabled);
     void set_file_signature(bool enabled);
     void set_file_capture(bool enabled);
+    bool get_file_type() const;
+    bool get_file_signature() const;
+    bool get_file_capture() const;
     void load();
     void set_verdict_delay(int64_t delay) { verdict_delay = delay; }
 

diff --git a/src/framework/inspector.h b/src/framework/inspector.h
index 7ebae979fd9356520b67e06e62c09dbd86495c39..d7b4e4ffb7c420375592e988a3f881db66b5772b 100644 (file)
--- a/src/framework/inspector.h
+++ b/src/framework/inspector.h
@@ -160,6 +160,7 @@ public:
     ~InspectorData() override
     { delete data; }
 
+    void show(SnortConfig*) override { }
     void eval(Packet*) override { }
 
     T* data;

diff --git a/src/log/dev_notes.txt b/src/log/dev_notes.txt
index f601f88a217faa2ee3a3d52e59cfbfc6c10c10e4..2f4366bdda980aeb5d7f87cfebcfe978f6a420fa 100644 (file)
--- a/src/log/dev_notes.txt
+++ b/src/log/dev_notes.txt
@@ -6,12 +6,15 @@ Text output logging facilities are located here:
 
 * messages - provides Dumper class and message logging facilities.
 
+  Class ConfigLogger is implemented to provide functions to format
+  config verbose output from Inspector::show().
+
 * obfuscator - provides an API for logging packets w/o revealing sensitive
   data.
 
   class Obfuscator is implemented with a std::set to provide in order
   access for pottentialy out-of-order insertions.
-  
+
   Currently does not support streaming mode.  It should be possible to
   iterate over contiguous chunks of data, alternating between obfuscated
   and plain.

diff --git a/src/log/messages.cc b/src/log/messages.cc
index c6388cd15d3d8f00a4e290f08a77615fabd88016..e7dc68d5ea529ab60cee2ceb55bfc3a1ec2ba66e 100644 (file)
--- a/src/log/messages.cc
+++ b/src/log/messages.cc
@@ -33,8 +33,6 @@
 #include "time/packet_time.h"
 #include "utils/util_cstring.h"
 
-#define MAX_LINE_LEN 75
-
 using namespace snort;
 
 static int already_fatal = 0;
@@ -355,36 +353,65 @@ NORETURN_ASSERT void log_safec_error(const char* msg, void*, int e)
     assert(false);
 }
 
-bool LogFlag(const char* caption, bool flag)
+bool ConfigLogger::log_flag(const char* caption, bool flag)
 {
     LogMessage("%25.25s: %s\n", caption, flag ? "enabled" : "disabled");
     return flag;
 }
 
-void LogLimit(const char* caption, int val, int unlim, int disable)
+void ConfigLogger::log_limit(const char* caption, int val, int unlim, int disable)
 {
     if ( val == disable )
-        LogMessage("%25.25s: %d %s\n", caption, disable, "(disabled)");
+        LogMessage("%25.25s: %d (disabled)\n", caption, val);
     else if ( val == unlim )
-        LogMessage("%25.25s: %d %s\n", caption, val, "(unlimited)");
+        LogMessage("%25.25s: %d (unlimited)\n", caption, val);
     else
         LogMessage("%25.25s: %d\n", caption, val);
 }
 
-void LogLimit(const char* caption, int val, int unlim)
+void ConfigLogger::log_limit(const char* caption, int val, int unlim)
 {
     if ( val == unlim )
-        LogMessage("%25.25s: %d %s\n", caption, val, "(unlimited)");
+        LogMessage("%25.25s: %d (unlimited)\n", caption, val);
     else
         LogMessage("%25.25s: %d\n", caption, val);
 }
 
-void LogValue(const char* caption, uint32_t n)
+void ConfigLogger::log_limit(const char* caption, int64_t val, int64_t unlim)
+{
+    if ( val == unlim )
+        LogMessage("%25.25s: %" PRId64 " (unlimited)\n", caption, val);
+    else
+        LogMessage("%25.25s: %" PRId64 "\n", caption, val);
+}
+
+void ConfigLogger::log_value(const char* caption, int32_t n)
+{
+    LogMessage("%25.25s: %" PRId32 "\n", caption, n);
+}
+
+void ConfigLogger::log_value(const char* caption, uint32_t n)
 {
     LogMessage("%25.25s: %" PRIu32 "\n", caption, n);
 }
 
-void LogList(const char* caption, const char* list)
+void ConfigLogger::log_value(const char* caption, int64_t n)
+{
+    LogMessage("%25.25s: %" PRId64 "\n", caption, n);
+}
+
+void ConfigLogger::log_value(const char* caption, uint64_t n)
+{
+    LogMessage("%25.25s: %" PRIu64 "\n", caption, n);
+}
+
+void ConfigLogger::log_value(const char* caption, const char* str)
+{
+    if ( str and str[0] )
+        LogMessage("%25.25s: %s\n", caption, str);
+}
+
+void ConfigLogger::log_list(const char* caption, const char* list)
 {
     std::string res;
     std::stringstream ss;
@@ -396,7 +423,7 @@ void LogList(const char* caption, const char* list)
     ss << list;
     while (ss >> val)
     {
-        if ( len + val.length() > MAX_LINE_LEN )
+        if ( len + val.length() > max_line_len )
         {
             res += '\n' + offset;
             len = 0;

diff --git a/src/log/messages.h b/src/log/messages.h
index 8813b0ed996da1336d2e49c26aa9b8f67a1bb2ce..cac2409dd0e3871ae9e700d7e206c3c26630a315 100644 (file)
--- a/src/log/messages.h
+++ b/src/log/messages.h
@@ -66,11 +66,23 @@ SO_PUBLIC void LogMessage(FILE*, const char*, ...) __attribute__((format (printf
 SO_PUBLIC void WarningMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
 SO_PUBLIC void ErrorMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
 
-SO_PUBLIC bool LogFlag(const char* caption, bool flag);
-SO_PUBLIC void LogLimit(const char* caption, int val, int unlim);
-SO_PUBLIC void LogLimit(const char* caption, int val, int unlim, int disable);
-SO_PUBLIC void LogList(const char* caption, const char* list);
-SO_PUBLIC void LogValue(const char* caption, uint32_t n);
+class SO_PUBLIC ConfigLogger final
+{
+public:
+    ConfigLogger() = delete;
+    static bool log_flag(const char* caption, bool flag);
+    static void log_limit(const char* caption, int val, int unlim);
+    static void log_limit(const char* caption, int val, int unlim, int disable);
+    static void log_limit(const char* caption, int64_t val, int64_t unlim);
+    static void log_value(const char* caption, int32_t n);
+    static void log_value(const char* caption, uint32_t n);
+    static void log_value(const char* caption, int64_t n);
+    static void log_value(const char* caption, uint64_t n);
+    static void log_value(const char* caption, const char* str);
+    static void log_list(const char* caption, const char* list);
+private:
+    static constexpr size_t max_line_len = 75;
+};
 
 // FIXIT-RC do not call FatalError() during runtime
 [[noreturn]] SO_PUBLIC void FatalError(const char*, ...) __attribute__((format (printf, 1, 2)));

diff --git a/src/mime/file_mime_config.cc b/src/mime/file_mime_config.cc
index aae828259de26c23c3feab235f944c771e1ab898..2f13d13c4d90c98e26842a4f9dcbc7bcf8742530 100644 (file)
--- a/src/mime/file_mime_config.cc
+++ b/src/mime/file_mime_config.cc
@@ -129,7 +129,7 @@ void DecodeConfig::sync_all_depths()
         (bitenc_depth >= 0) or (uu_depth >= 0);
 }
 
-int DecodeConfig::get_max_depth(int decode_depth)
+int DecodeConfig::get_max_depth(int decode_depth) const
 {
     if ( file_depth and decode_depth )
         return (file_depth > decode_depth) ? file_depth : decode_depth;
@@ -142,7 +142,7 @@ void DecodeConfig::show(bool full) const
 {
     if ( !decode_enabled )
     {
-        LogFlag("decode_enabled", decode_enabled);
+        ConfigLogger::log_flag("decode_enabled", decode_enabled);
         return;
     }
 
@@ -150,16 +150,16 @@ void DecodeConfig::show(bool full) const
     auto qp = (qp_depth == 0) ? -1 : ((qp_depth == -1) ? 0 : qp_depth);
     auto uu = (uu_depth == 0) ? -1 : ((uu_depth == -1) ? 0 : uu_depth);
     auto bitenc = (bitenc_depth == 0) ? -1 : ((bitenc_depth == -1) ? 0 : bitenc_depth);
-    LogLimit("b64_decode_depth", b64, -1, 0);
-    LogLimit("qp_decode_depth", qp, -1, 0);
-    LogLimit("uu_decode_depth", uu, -1, 0);
-    LogLimit("bitenc_decode_depth", bitenc, -1, 0);
+    ConfigLogger::log_limit("b64_decode_depth", b64, -1, 0);
+    ConfigLogger::log_limit("qp_decode_depth", qp, -1, 0);
+    ConfigLogger::log_limit("uu_decode_depth", uu, -1, 0);
+    ConfigLogger::log_limit("bitenc_decode_depth", bitenc, -1, 0);
 
     if ( full )
-        LogFlag("ignore_data", ignore_data);
+        ConfigLogger::log_flag("ignore_data", ignore_data);
 
-    LogFlag("decompress_pdf", decompress_pdf);
-    LogFlag("decompress_swf", decompress_swf);
-    LogFlag("decompress_zip", decompress_zip);
+    ConfigLogger::log_flag("decompress_pdf", decompress_pdf);
+    ConfigLogger::log_flag("decompress_swf", decompress_swf);
+    ConfigLogger::log_flag("decompress_zip", decompress_zip);
 }
 

diff --git a/src/mime/file_mime_config.h b/src/mime/file_mime_config.h
index 1d15d0c382d067e93c1d764626f60fd0b93eb4b4..4e5ca53ffa383266297025bf94a15fd24d38c3a2 100644 (file)
--- a/src/mime/file_mime_config.h
+++ b/src/mime/file_mime_config.h
@@ -66,7 +66,7 @@ public:
     bool is_decoding_enabled() const;
     void sync_all_depths();
     void show(bool = false) const;
-    int get_max_depth(int);
+    int get_max_depth(int) const;
 
 private:
     bool ignore_data = false;

diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 947cda661d61ede3499654813953f7761675aa26..5e8baa64c75847e3d5aa6b1622fed60ac78cc01f 100644 (file)
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -74,6 +74,26 @@ AppIdConfig::~AppIdConfig()
     snort_free((void*)app_detector_dir);
 }
 
+void AppIdConfig::show() const
+{
+    ConfigLogger::log_value("app_detector_dir", app_detector_dir);
+
+    ConfigLogger::log_value("app_stats_period", app_stats_period);
+    ConfigLogger::log_value("app_stats_rollover_size", app_stats_rollover_size);
+
+    ConfigLogger::log_flag("list_odp_detectors", list_odp_detectors);
+
+    ConfigLogger::log_value("tp_appid_path", tp_appid_path.c_str());
+    ConfigLogger::log_value("tp_appid_config", tp_appid_config.c_str());
+
+    ConfigLogger::log_flag("tp_appid_stats_enable", tp_appid_stats_enable);
+    ConfigLogger::log_flag("tp_appid_config_dump", tp_appid_config_dump);
+
+    ConfigLogger::log_flag("log_all_sessions", log_all_sessions);
+    ConfigLogger::log_flag("log_stats", log_stats);
+    ConfigLogger::log_value("memcap", memcap);
+}
+
 void AppIdContext::pterm()
 {
     assert(odp_ctxt);
@@ -112,10 +132,9 @@ void AppIdContext::create_tp_appid_ctxt()
     tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt);
 }
 
-void AppIdContext::show()
+void AppIdContext::show() const
 {
-    if (!config.tp_appid_path.empty())
-        LogMessage("    3rd Party Dir: %s\n", config.tp_appid_path.c_str());
+    config.show();
 }
 
 OdpContext::OdpContext(AppIdConfig& config, SnortConfig* sc)

diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h
index 3e1d850d2de6cf88d13679c567988260b70b7bbd..e044ef052a3cd5b30c5ebd1ff9ebd96099fd967a 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -60,20 +60,19 @@ public:
     // after certificate-exchange). Such manual detection is disabled by default (0).
     uint32_t first_decrypted_packet_debug = 0;
 #endif
-    bool stats_logging_enabled = false;
+    bool log_stats = false;
     unsigned long app_stats_period = 300;
     unsigned long app_stats_rollover_size = 0;
-    unsigned long app_stats_rollover_time = 0;
     const char* app_detector_dir = nullptr;
     std::string tp_appid_path = "";
     std::string tp_appid_config = "";
     bool tp_appid_stats_enable = false;
     bool tp_appid_config_dump = false;
-    uint32_t instance_id = 0;
     size_t memcap = 0;
-    bool debug = false;
-    bool dump_ports = false;
+    bool list_odp_detectors = false;
     bool log_all_sessions = false;
+
+    void show() const;
 };
 
 class OdpContext
@@ -214,7 +213,7 @@ public:
     void create_tp_appid_ctxt();
     bool init_appid(snort::SnortConfig*);
     static void pterm();
-    void show();
+    void show() const;
 
     AppIdConfig& config;
 

diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc
index ea04bd0823c9ea377ad53306c8d816aa5e34ed87..1e8e614dd3a56bb382de49650113a38a8b055ed7 100644 (file)
--- a/src/network_inspectors/appid/appid_inspector.cc
+++ b/src/network_inspectors/appid/appid_inspector.cc
@@ -28,7 +28,6 @@
 #include <openssl/crypto.h>
 
 #include "flow/flow.h"
-#include "log/messages.h"
 #include "managers/inspector_manager.h"
 #include "managers/module_manager.h"
 #include "packet_tracer/packet_tracer.h"
@@ -129,16 +128,7 @@ bool AppIdInspector::configure(SnortConfig* sc)
 
 void AppIdInspector::show(SnortConfig*)
 {
-    LogMessage("    Detector Path:          %s\n", config->app_detector_dir);
-    LogMessage("    appStats Logging:       %s\n", config->stats_logging_enabled ? "enabled" :
-        "disabled");
-    LogMessage("    appStats Period:        %lu secs\n", config->app_stats_period);
-    LogMessage("    appStats Rollover Size: %lu bytes\n",
-        config->app_stats_rollover_size);
-    LogMessage("    appStats Rollover time: %lu secs\n",
-        config->app_stats_rollover_time);
-    LogMessage("    memcap:                 %zu bytes\n", config->memcap);
-    LogMessage("\n");
+    config->show();
 }
 
 void AppIdInspector::tinit()

diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index 382ec586b24d539074e564bb4f04e5906f91249b..e9cce524b4f1dbfdd7cef99bfa58bd06808779e6 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -70,16 +70,10 @@ static const Parameter s_params[] =
       "time period for collecting and logging appid statistics" },
     { "app_stats_rollover_size", Parameter::PT_INT, "0:max32", "20971520",
       "max file size for appid stats before rolling over the log file" },
-    { "app_stats_rollover_time", Parameter::PT_INT, "0:max31", "86400",
-      "max time period for collection appid stats before rolling over the log file" },
     { "app_detector_dir", Parameter::PT_STRING, nullptr, nullptr,
       "directory to load appid detectors from" },
-    { "instance_id", Parameter::PT_INT, "0:max32", "0",
-      "instance id - ignored" },
-    { "debug", Parameter::PT_BOOL, nullptr, "false",
-      "enable appid debug logging" },
-    { "dump_ports", Parameter::PT_BOOL, nullptr, "false",
-      "enable dump of appid port information" },
+    { "list_odp_detectors", Parameter::PT_BOOL, nullptr, "false",
+      "enable logging of odp detectors statistics" },
     { "tp_appid_path", Parameter::PT_STRING, nullptr, nullptr,
       "path to third party appid dynamic library" },
     { "tp_appid_config", Parameter::PT_STRING, nullptr, nullptr,
@@ -290,13 +284,11 @@ bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c)
     if ( v.is("memcap") )
         config->memcap = v.get_size();
     else if ( v.is("log_stats") )
-        config->stats_logging_enabled = v.get_bool();
+        config->log_stats = v.get_bool();
     else if ( v.is("app_stats_period") )
         config->app_stats_period = v.get_uint32();
     else if ( v.is("app_stats_rollover_size") )
         config->app_stats_rollover_size = v.get_uint32();
-    else if ( v.is("app_stats_rollover_time") )
-        config->app_stats_rollover_time = v.get_uint32();
     else if ( v.is("app_detector_dir") )
         config->app_detector_dir = snort_strdup(v.get_string());
     else if ( v.is("tp_appid_path") )
@@ -307,12 +299,8 @@ bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c)
         config->tp_appid_stats_enable = v.get_bool();
     else if ( v.is("tp_appid_config_dump") )
         config->tp_appid_config_dump = v.get_bool();
-    else if ( v.is("instance_id") )
-        config->instance_id = v.get_uint32();
-    else if ( v.is("debug") )
-        config->debug = v.get_bool();
-    else if ( v.is("dump_ports") )
-        config->dump_ports = v.get_bool();
+    else if ( v.is("list_odp_detectors") )
+        config->list_odp_detectors = v.get_bool();
     else if ( v.is("log_all_sessions") )
         config->log_all_sessions = v.get_bool();
     else

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index edaf6887e5cd8f9c48e053a8abca7ad8b612b8a2..78a0dab64a15659031a2da08da44d38860cbac9b 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -112,7 +112,7 @@ AppIdSession::~AppIdSession()
 {
     if (!in_expected_cache)
     {
-        if (ctxt.config.stats_logging_enabled)
+        if (ctxt.config.log_stats)
             AppIdStatistics::get_stats_manager()->update(*this);
 
         // fail any service detection that is in process for this flow

diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc
index cd453f32ccf1f528cd5748e2170fd74c01c2a041..77f25a6b3ac1b5c798276fd85e2e8fcc53f1b771 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -142,7 +142,6 @@ AppIdStatistics::AppIdStatistics(const AppIdConfig& config)
 {
     enabled = true;
 
-    rollPeriod = config.app_stats_rollover_time;
     rollSize = config.app_stats_rollover_size;
     bucketInterval = config.app_stats_period;
 
@@ -178,7 +177,7 @@ AppIdStatistics::~AppIdStatistics()
 
 AppIdStatistics* AppIdStatistics::initialize_manager(const AppIdConfig& config)
 {
-    if ( !config.stats_logging_enabled )
+    if ( !config.log_stats )
         return nullptr;
 
     appid_stats_manager = new AppIdStatistics(config);

diff --git a/src/network_inspectors/appid/appid_stats.h b/src/network_inspectors/appid/appid_stats.h
index 425b54495549f2f3fa9577d92319e213c4dc2ed7..b45a6b0eebbe521b9778bbc329f5679fa72b1586 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.h
+++ b/src/network_inspectors/appid/appid_stats.h
@@ -82,7 +82,6 @@ private:
     time_t bucketInterval = 0;
     time_t bucketEnd = 0;
     size_t rollSize = 0;
-    time_t rollPeriod = 0;
 };
 
 #endif

diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc
index 5788371d54ded39701b4be5c7c340bf8b7963efb..b85003d79f73a088661ee53ff995ac68fbe65157 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.cc
+++ b/src/network_inspectors/appid/lua_detector_module.cc
@@ -212,7 +212,7 @@ void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control)
     lua_detector_mgr->initialize_lua_detectors();
     lua_detector_mgr->activate_lua_detectors();
 
-    if (ctxt.config.debug)
+    if (ctxt.config.list_odp_detectors)
         lua_detector_mgr->list_lua_detectors();
 }
 

diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc
index b768627fc43f1f5f52ce1d61edc60da5db8efca0..7678a6ed8451380c8063575cc1c6131606ef6721 100644 (file)
--- a/src/network_inspectors/arp_spoof/arp_spoof.cc
+++ b/src/network_inspectors/arp_spoof/arp_spoof.cc
@@ -71,6 +71,9 @@
 #include "config.h"
 #endif
 
+#include <iomanip>
+#include <sstream>
+
 #include "detection/detection_engine.h"
 #include "events/event_queue.h"
 #include "log/messages.h"
@@ -103,6 +106,33 @@ static const IPMacEntry* LookupIPMacEntryByIP(const IPMacEntryList& ipmel, uint3
     return nullptr;
 }
 
+static std::string to_hex_string(const uint8_t* data, size_t len)
+{
+    std::stringstream ss;
+    ss << std::hex;
+    for (size_t i = 0; i < len; i++)
+        ss << std::setw(2) << std::setfill('0') << (unsigned int)data[i];
+    return ss.str();
+}
+
+static void arp_config_show(const ArpSpoofConfig* config)
+{
+    if ( !config->ipmel.size() )
+        return;
+
+    ConfigLogger::log_list("hosts", "(list)");
+
+    for (auto& ip : config->ipmel)
+    {
+        std::string ip_mac;
+        SfIpString ip_str;
+        snort_inet_ntop(AF_INET, &ip.ipv4_addr, ip_str, sizeof(SfIpString));
+        ip_mac += "{ ip = " + std::string(ip_str);
+        ip_mac += ", mac = " + to_hex_string(ip.mac_addr, sizeof(ip.mac_addr)) + " }";
+        ConfigLogger::log_list("", ip_mac.c_str());
+    }
+}
+
 //-------------------------------------------------------------------------
 // class stuff
 //-------------------------------------------------------------------------
@@ -113,6 +143,7 @@ public:
     ArpSpoof(ArpSpoofModule*);
     ~ArpSpoof() override;
 
+    void show(snort::SnortConfig*) override;
     void eval(Packet*) override;
 
 private:
@@ -129,6 +160,12 @@ ArpSpoof::~ArpSpoof ()
     delete config;
 }
 
+void ArpSpoof::show(SnortConfig*)
+{
+    if ( config )
+        arp_config_show(config);
+}
+
 void ArpSpoof::eval(Packet* p)
 {
     Profile profile(arpPerfStats);

diff --git a/src/network_inspectors/normalize/norm.h b/src/network_inspectors/normalize/norm.h
index d2bb2cf9317a03edcc9129c356e2c554a20322a2..6cbbec385f02fc7e289cf502acf03b9508dc7e66 100644 (file)
--- a/src/network_inspectors/normalize/norm.h
+++ b/src/network_inspectors/normalize/norm.h
@@ -67,9 +67,9 @@ inline void Norm_Set(NormalizerConfig* nc, NormFlags nf, bool enable)
         Norm_Disable(nc, nf);
 }
 
-inline int Norm_IsEnabled(const NormalizerConfig* nc, NormFlags nf)
+inline bool Norm_IsEnabled(const NormalizerConfig* nc, NormFlags nf)
 {
-    return ( (nc->normalizer_flags & nf) != 0 );
+    return nc->normalizer_flags & nf;
 }
 
 inline void Norm_TcpPassOption(NormalizerConfig* nc, uint8_t opt)
@@ -84,10 +84,10 @@ inline void Norm_TcpDropOption(NormalizerConfig* nc, uint8_t opt)
     nc->normalizer_options[byte] &= ~bit;
 }
 
-inline int Norm_TcpIsOptional(const NormalizerConfig* nc, uint8_t opt)
+inline bool Norm_TcpIsOptional(const NormalizerConfig* nc, uint8_t opt)
 {
     uint8_t byte = (opt >> 3), bit = (1 << (opt & 0x07));
-    return ( (nc->normalizer_options[byte] & bit) != 0 );
+    return nc->normalizer_options[byte] & bit;
 }
 
 const PegInfo* Norm_GetPegs();

diff --git a/src/network_inspectors/normalize/normalize.cc b/src/network_inspectors/normalize/normalize.cc
index 5be0a08ac2da6d7d0332bfe79ea3c3d8fd1f82df..2da195ff8fda474da03c49d88eeb90bd763c1bcd 100644 (file)
--- a/src/network_inspectors/normalize/normalize.cc
+++ b/src/network_inspectors/normalize/normalize.cc
@@ -40,127 +40,163 @@ static THREAD_LOCAL uint32_t t_flags = 0;
 //-------------------------------------------------------------------------
 // printing stuff
 //-------------------------------------------------------------------------
-
-#define ON "on"
-#define OFF "off"
-
-static inline void LogConf(const char* p, const char* s)
+static inline std::string to_str(bool flag)
 {
-    LogMessage("%12s: %s\n", p, s);
+    return flag ? "enabled" : "disabled";
 }
 
-static inline void LogFlag(
-    const char* p, const NormalizerConfig* nc, NormFlags nf)
+static void print_ip4(const NormalizerConfig* nc)
 {
-    const char* s = Norm_IsEnabled(nc, nf) ? ON : OFF;
-    LogConf(p, s);
-}
+    bool ip4 = Norm_IsEnabled(nc, (NormFlags)NORM_IP4_ANY);
+    ConfigLogger::log_flag("ip4", ip4);
 
-static void Print_IP4(SnortConfig*, const NormalizerConfig* nc)
-{
-    if ( !Norm_IsEnabled(nc, (NormFlags)NORM_IP4_ANY) )
+    if ( !ip4 )
         return;
 
-    LogFlag("ip4.base", nc, NORM_IP4_BASE);
-    //LogFlag("ip4.id", nc, NORM_IP4_ID);
-    LogFlag("ip4.df", nc, NORM_IP4_DF);
-    LogFlag("ip4.rf", nc, NORM_IP4_RF);
-    LogFlag("ip4.tos", nc, NORM_IP4_TOS);
-    LogFlag("ip4.trim", nc, NORM_IP4_TRIM);
+    std::string opts;
+    opts += "{ base = " + to_str(Norm_IsEnabled(nc, NORM_IP4_BASE));
+    opts += ", df = " + to_str(Norm_IsEnabled(nc, NORM_IP4_DF));
+    opts += ", rf = " + to_str(Norm_IsEnabled(nc,  NORM_IP4_RF));
+    opts += ", tos = " + to_str(Norm_IsEnabled(nc, NORM_IP4_TOS));
+    opts += ", trim = " + to_str(Norm_IsEnabled(nc, NORM_IP4_TRIM));
+    opts += ", ttl = " + to_str(Norm_IsEnabled(nc, NORM_IP4_TTL));
 
     if ( Norm_IsEnabled(nc, NORM_IP4_TTL) )
     {
         NetworkPolicy* policy = get_network_policy();
-        LogMessage("%12s: %s (min=%d, new=%d)\n", "ip4.ttl", ON,
-            policy->min_ttl, policy->new_ttl);
+        opts += ", min_ttl = " + std::to_string(policy->min_ttl);
+        opts += ", new_ttl = " + std::to_string(policy->new_ttl);
     }
-    else
-        LogConf("ip4.ttl", OFF);
+
+    opts += " }";
+
+    ConfigLogger::log_list("ip4", opts.c_str());
 }
 
-static void Print_ICMP4(const NormalizerConfig* nc)
+static void print_icmp4(const NormalizerConfig* nc)
 {
-    LogFlag("icmp4", nc, NORM_ICMP4);
+    ConfigLogger::log_flag("icmp4", Norm_IsEnabled(nc, NORM_ICMP4));
 }
 
-static void Print_IP6(SnortConfig*, const NormalizerConfig* nc)
+static void print_ip6(const NormalizerConfig* nc)
 {
-    if ( !Norm_IsEnabled(nc, (NormFlags)NORM_IP6_ANY) )
+    bool ip6 = Norm_IsEnabled(nc, (NormFlags)NORM_IP6_ANY);
+    ConfigLogger::log_flag("ip6", ip6);
+
+    if ( !ip6 )
         return;
 
-    LogFlag("ip6.base", nc, NORM_IP6_BASE);
+    std::string opts;
+    opts += "{ base = " + to_str(Norm_IsEnabled(nc, NORM_IP6_BASE));
 
     if ( Norm_IsEnabled(nc, NORM_IP6_TTL) )
     {
         NetworkPolicy* policy = get_network_policy();
-        LogMessage("%12s: %s (min=%d, new=%d)\n", "ip6.hops",
-            ON, policy->min_ttl, policy->new_ttl);
+        opts += ", min_ttl = " + std::to_string(policy->min_ttl);
+        opts += ", new_ttl = " + std::to_string(policy->new_ttl);
     }
+
+    opts += " }";
+
+    ConfigLogger::log_list("ip6", opts.c_str());
+}
+
+static void print_icmp6(const NormalizerConfig* nc)
+{
+    ConfigLogger::log_flag("icmp6", Norm_IsEnabled(nc, NORM_ICMP6));
+}
+
+static std::string get_allowed_names(const NormalizerConfig* config)
+{
+    std::string names;
+    if ( Norm_TcpIsOptional(config, 4) or Norm_TcpIsOptional(config, 5) )
+        names += "sack";
+
+    if ( Norm_TcpIsOptional(config, 6) or Norm_TcpIsOptional(config, 7) )
+        names += " echo";
+
+    if ( Norm_TcpIsOptional(config, 9) or Norm_TcpIsOptional(config, 10) )
+        names += " partial_order";
+
+    if ( Norm_TcpIsOptional(config, 11) or Norm_TcpIsOptional(config, 12)
+        or Norm_TcpIsOptional(config, 13) )
+        names += " conn_count";
+
+    if ( Norm_TcpIsOptional(config, 14) or Norm_TcpIsOptional(config, 15) )
+        names += " alt_checksum";
+
+    if ( Norm_TcpIsOptional(config, 19) )
+        names += " md5";
+
+    return names;
 }
 
-static void Print_ICMP6(const NormalizerConfig* nc)
+static std::string get_allowed_codes(const NormalizerConfig* nc)
 {
-    LogFlag("icmp6", nc, NORM_ICMP6);
+    std::string codes;
+    std::unordered_set<int> named_codes = {4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 19};
+
+    for (int opt = 2; opt < 256; opt++)
+    {
+        if ( Norm_TcpIsOptional(nc, opt) and !named_codes.count(opt) )
+            codes += std::to_string(opt) + ", ";
+    }
+
+    if ( !codes.empty() )
+        codes.erase(codes.end() - 2);
+
+    return codes;
 }
 
-static void Print_TCP(const NormalizerConfig* nc)
+static void print_tcp(const NormalizerConfig* nc)
 {
-    if ( !Norm_IsEnabled(nc, (NormFlags)NORM_TCP_ANY) )
+    bool tcp = Norm_IsEnabled(nc, (NormFlags)NORM_TCP_ANY);
+    ConfigLogger::log_flag("tcp", tcp);
+
+    if ( !tcp )
         return;
 
-    const char* s;
+    std::string opts;
 
+    opts += "{ ecn = ";
     if ( Norm_IsEnabled(nc, NORM_TCP_ECN_PKT) )
-        s = "packet";
+        opts += "packet";
     else if ( Norm_IsEnabled(nc, NORM_TCP_ECN_STR) )
-        s = "stream";
+        opts +="stream";
     else
-        s = OFF;
-
-    LogConf("tcp.ecn", s);
-    LogFlag("tcp.block", nc, NORM_TCP_BLOCK);
-    LogFlag("tcp.rsv", nc, NORM_TCP_RSV);
-    LogFlag("tcp.pad", nc, NORM_TCP_PAD);
-    LogFlag("tcp.req_urg", nc, NORM_TCP_REQ_URG);
-    LogFlag("tcp.req_pay", nc, NORM_TCP_REQ_PAY);
-    LogFlag("tcp.req_urp", nc, NORM_TCP_REQ_URP);
-    LogFlag("tcp.urp", nc, NORM_TCP_URP);
-
-    if ( Norm_IsEnabled(nc, NORM_TCP_OPT) )
+        opts += to_str(false);
+
+    opts += ", block = " + to_str(Norm_IsEnabled(nc, NORM_TCP_BLOCK));
+    opts += ", rsv = " + to_str(Norm_IsEnabled(nc, NORM_TCP_RSV));
+    opts += ", pad = " + to_str(Norm_IsEnabled(nc, NORM_TCP_PAD));
+    opts += ", req_urg = " + to_str(Norm_IsEnabled(nc, NORM_TCP_REQ_URG));
+    opts += ", req_pay = " + to_str(Norm_IsEnabled(nc, NORM_TCP_REQ_PAY));
+    opts += ", req_urp = " + to_str(Norm_IsEnabled(nc, NORM_TCP_REQ_URP));
+    opts += ", urp = " + to_str(Norm_IsEnabled(nc, NORM_TCP_URP));
+    opts += ", ips = " + to_str(Norm_IsEnabled(nc, NORM_TCP_IPS));
+
+    auto names = get_allowed_names(nc);
+    auto codes = get_allowed_codes(nc);
+
+    if ( !names.empty() )
+        opts += ", allow_names = { " + names + " }";
+
+    if ( !codes.empty() )
+        opts += ", allow_codes = { " + codes + " }";
+
+    if ( Norm_IsEnabled(nc, (NormFlags)NORM_TCP_TRIM_ANY) )
     {
-        char buf[1024];
-        char* p = buf;
-        int opt;
-        int buf_size = sizeof(buf);
-
-        int len = safe_snprintf(p, buf_size, "%s", "(allow ");
-        p += len;
-        buf_size -= len;
-        bool opt_printed = false;
-        // TBD translate options to keywords allowed by parser
-        for ( opt = 2; opt < 256; opt++ )
-        {
-            if ( Norm_TcpIsOptional(nc, opt) )
-            {
-                const char* fmt = opt_printed ? ",%d" : "%d";
-                len = safe_snprintf(p, buf_size, fmt, opt);
-                if (len >0)
-                    opt_printed = true;
-                p += len;
-                buf_size -= len;
-            }
-        }
-        snprintf(p, buf_size, "%c", ')');
-        LogMessage("%12s: %s %s\n", "tcp.opt", ON, buf);
+        opts += ", trim_syn = " + to_str(Norm_IsEnabled(nc, NORM_TCP_TRIM_SYN));
+        opts += ", trim_rst = " + to_str(Norm_IsEnabled(nc, NORM_TCP_TRIM_RST));
+        opts += ", trim_win = " + to_str(Norm_IsEnabled(nc, NORM_TCP_TRIM_WIN));
+        opts += ", trim_mss = " + to_str(Norm_IsEnabled(nc, NORM_TCP_TRIM_MSS));
     }
     else
-        LogConf("tcp.opt", OFF);
+        opts += ", trim = " + to_str(false);
+
+    opts += " }";
 
-    LogFlag("tcp.ips", nc, NORM_TCP_IPS);
-    LogFlag("tcp.trim_syn", nc, NORM_TCP_TRIM_SYN);
-    LogFlag("tcp.trim_rst", nc, NORM_TCP_TRIM_RST);
-    LogFlag("tcp.trim_win", nc, NORM_TCP_TRIM_WIN);
-    LogFlag("tcp.trim_mss", nc, NORM_TCP_TRIM_MSS);
+    ConfigLogger::log_list("tcp", opts.c_str());
 }
 
 //-------------------------------------------------------------------------
@@ -215,7 +251,7 @@ bool Normalize_IsEnabled(NormFlags nf)
         return false;
 
     NetworkPolicy* nap = get_network_policy();
-    return ( (nap->normal_mask & nf) != 0 );
+    return nap->normal_mask & nf;
 }
 
 NormMode Normalize_GetMode(NormFlags nf)
@@ -230,13 +266,13 @@ NormMode Normalize_GetMode(NormFlags nf)
     return NORM_MODE_TEST;
 }
 
-void Normalizer::show(SnortConfig* sc)
+void Normalizer::show(SnortConfig*)
 {
-    Print_IP4(sc, &config);
-    Print_IP6(sc, &config);
-    Print_ICMP4(&config);
-    Print_ICMP6(&config);
-    Print_TCP(&config);
+    print_ip4(&config);
+    print_ip6(&config);
+    print_icmp4(&config);
+    print_icmp6(&config);
+    print_tcp(&config);
 }
 
 void Normalizer::eval(Packet* p)

diff --git a/src/network_inspectors/normalize/normalize.h b/src/network_inspectors/normalize/normalize.h
index 2687ac3821f91195ebd632a73376fba5795c1481..ea108cfb4ced4aeafa9b0ab8354a76c33caf13d0 100644 (file)
--- a/src/network_inspectors/normalize/normalize.h
+++ b/src/network_inspectors/normalize/normalize.h
@@ -55,6 +55,7 @@ enum NormFlags
     NORM_TCP_REQ_URG     = 0x01000000, // clear URP if URG = 0
     NORM_TCP_REQ_PAY     = 0x02000000, // clear URP/URG on no payload
     NORM_TCP_REQ_URP     = 0x04000000, // clear URG if URP is not set
+
     NORM_ALL             = 0xFFFFFFFF,  // all normalizations on
 };
 
@@ -71,8 +72,10 @@ bool Normalize_IsEnabled(NormFlags);
 NormMode Normalize_GetMode(NormFlags);
 
 #define NORM_IP4_ANY (0xFF)
-#define NORM_IP6_ANY (NORM_IP6_BASE|NORM_IP6_TTL)
-#define NORM_TCP_ANY (0xFF000)
+#define NORM_IP6_ANY (NORM_IP6_BASE | NORM_IP6_TTL)
+#define NORM_TCP_ANY (0xFFFF000)
+#define NORM_TCP_TRIM_ANY (NORM_TCP_TRIM_SYN | NORM_TCP_TRIM_RST | \
+    NORM_TCP_TRIM_WIN | NORM_TCP_TRIM_MSS)
 
 #endif
 

diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc
index 5add618bf0b16468ad5d0ab2f11643c79123802e..925a3b027b713e5d1d9c51be47a67f5524ba49f4 100644 (file)
--- a/src/network_inspectors/packet_capture/packet_capture.cc
+++ b/src/network_inspectors/packet_capture/packet_capture.cc
@@ -168,6 +168,7 @@ public:
     PacketCapture(CaptureModule*);
 
     // non-static functions
+    void show(SnortConfig*) override;
     void eval(Packet*) override;
     void tterm() override { capture_term(); }
 
@@ -196,6 +197,13 @@ bool PacketCapture::capture_init()
     return false;
 }
 
+void PacketCapture::show(SnortConfig*)
+{
+    ConfigLogger::log_flag("enable", config.enabled);
+    if ( config.enabled )
+        ConfigLogger::log_value("filter", config.filter.c_str());
+}
+
 void PacketCapture::eval(Packet* p)
 {
 

diff --git a/src/network_inspectors/perf_monitor/perf_module.h b/src/network_inspectors/perf_monitor/perf_module.h
index 02f446a130af509ed71b88ba208897f8760f2db8..c6a2aa8bebac86c533d1b070c6ff37a347dc2bc6 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_module.h
+++ b/src/network_inspectors/perf_monitor/perf_module.h
@@ -35,10 +35,8 @@
 #define PERF_BASE       0x00000001
 #define PERF_CPU        0x00000002
 #define PERF_FLOW       0x00000004
-#define PERF_EVENT      0x00000008
-#define PERF_BASE_MAX   0x00000010
-#define PERF_FLOWIP     0x00000020
-#define PERF_SUMMARY    0x00000040
+#define PERF_FLOWIP     0x00000008
+#define PERF_SUMMARY    0x00000010
 
 #define ROLLOVER_THRESH     512
 #define MAX_PERF_FILE_SIZE  UINT64_MAX

diff --git a/src/network_inspectors/perf_monitor/perf_monitor.cc b/src/network_inspectors/perf_monitor/perf_monitor.cc
index d18ffdddd7a94b8b918af3f7f907890aedf921ad..4f5e931186a61adf6b462ce0ebf3edf4adef9fa7 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_monitor.cc
+++ b/src/network_inspectors/perf_monitor/perf_monitor.cc
@@ -123,58 +123,58 @@ private:
 PerfMonitor::PerfMonitor(PerfConfig* pcfg) : config(pcfg)
 { assert (config != nullptr); }
 
-void PerfMonitor::show(SnortConfig*)
+static const char* to_string(const PerfOutput& po)
 {
-    LogMessage("  Sample Time:      %d seconds\n", config->sample_interval);
-    LogMessage("  Packet Count:     %d\n", config->pkt_cnt);
-    LogMessage("  Max File Size:    " STDu64 "\n", config->max_file_size);
-    LogMessage("  Summary Mode:     %s\n",
-        (config->perf_flags & PERF_SUMMARY) ? "ACTIVE" : "INACTIVE");
-    LogMessage("  Base Stats:       %s\n",
-        (config->perf_flags & PERF_BASE) ? "ACTIVE" : "INACTIVE");
-    LogMessage("  Flow Stats:       %s\n",
-        (config->perf_flags & PERF_FLOW) ? "ACTIVE" : "INACTIVE");
-    if (config->perf_flags & PERF_FLOW)
-    {
-        LogMessage("    Max Flow Port:    %u\n", config->flow_max_port_to_track);
-    }
-    LogMessage("  Event Stats:      %s\n",
-        (config->perf_flags & PERF_EVENT) ? "ACTIVE" : "INACTIVE");
-    LogMessage("  Flow IP Stats:    %s\n",
-        (config->perf_flags & PERF_FLOWIP) ? "ACTIVE" : "INACTIVE");
-    if (config->perf_flags & PERF_FLOWIP)
+    switch (po)
     {
-        LogMessage("    Flow IP Memcap:   %zu\n", config->flowip_memcap);
+    case PerfOutput::TO_CONSOLE:
+        return "console";
+    case PerfOutput::TO_FILE:
+        return "file";
     }
-    LogMessage("  CPU Stats:    %s\n",
-        (config->perf_flags & PERF_CPU) ? "ACTIVE" : "INACTIVE");
-    switch ( config->output )
-    {
-        case PerfOutput::TO_CONSOLE:
-            LogMessage("    Output Location:  console\n");
-            break;
-        case PerfOutput::TO_FILE:
-            LogMessage("    Output Location:  file\n");
-            break;
-    }
-    switch(config->format)
+
+    return "";
+}
+
+static const char* to_string(const PerfFormat& pf)
+{
+    switch (pf)
     {
-        case PerfFormat::TEXT:
-            LogMessage("    Output Format:  text\n");
-            break;
-        case PerfFormat::CSV:
-            LogMessage("    Output Format:  csv\n");
-            break;
-        case PerfFormat::JSON:
-            LogMessage("    Output Format:  json\n");
-            break;
+    case PerfFormat::TEXT:
+        return "text";
+    case PerfFormat::CSV:
+        return "csv";
+    case PerfFormat::JSON:
+        return "json";
 #ifdef HAVE_FLATBUFFERS
-        case PerfFormat::FBS:
-            LogMessage("    Output Format:  flatbuffers\n");
-            break;
+    case PerfFormat::FBS:
+        return "flatbuffers";
 #endif
-        default: break;
+    case PerfFormat::MOCK:
+        return "mock";
     }
+
+    return "";
+}
+
+void PerfMonitor::show(SnortConfig*)
+{
+    ConfigLogger::log_flag("base", config->perf_flags & PERF_BASE);
+    ConfigLogger::log_flag("cpu", config->perf_flags & PERF_CPU);
+    ConfigLogger::log_flag("summary", config->perf_flags & PERF_SUMMARY);
+
+    if ( ConfigLogger::log_flag("flow", config->perf_flags & PERF_FLOW) )
+        ConfigLogger::log_value("flow_ports", config->flow_max_port_to_track);
+
+    if ( ConfigLogger::log_flag("flow_ip", config->perf_flags & PERF_FLOWIP) )
+        ConfigLogger::log_value("flow_ip_memcap", config->flowip_memcap);
+
+    ConfigLogger::log_value("packets", config->pkt_cnt);
+    ConfigLogger::log_value("seconds", config->sample_interval);
+    ConfigLogger::log_value("max_file_size", config->max_file_size);
+
+    ConfigLogger::log_value("output", to_string(config->output));
+    ConfigLogger::log_value("format", to_string(config->format));
 }
 
 void PerfMonitor::disable_tracker(size_t i)

diff --git a/src/network_inspectors/port_scan/port_scan.cc b/src/network_inspectors/port_scan/port_scan.cc
index a129ac176124e47a1374d88713e9f9d9df9eca5a..e2435f7c6ba5df489c373578a5f0d37a584e021e 100644 (file)
--- a/src/network_inspectors/port_scan/port_scan.cc
+++ b/src/network_inspectors/port_scan/port_scan.cc
@@ -290,116 +290,120 @@ static void PortscanAlert(PS_PKT* ps_pkt, PS_PROTO* proto, int proto_type)
     }
 }
 
-static void PrintIPPortSet(IP_PORT* p)
+static std::string get_protos(int ds)
 {
-    char output_str[80];
-
-    SfIpString ip_str;
-    p->ip.get_addr()->ntop(ip_str);
-
-    if (p->notflag)
-        SnortSnprintf(output_str, sizeof(output_str), "        !%s", ip_str);
-    else
-        SnortSnprintf(output_str, sizeof(output_str), "        %s", ip_str);
-
-    if (((p->ip.get_family() == AF_INET6) and (p->ip.get_bits() != 128)) ||
-        ((p->ip.get_family() == AF_INET ) and (p->ip.get_bits() != 32 )))
-        SnortSnprintfAppend(output_str, sizeof(output_str), "/%d", p->ip.get_bits());
-
-    SF_LNODE* cursor;
-    PORTRANGE* pr =(PORTRANGE*)sflist_first(&p->portset.port_list, &cursor);
-
-    if ( pr and pr->port_lo != 0 )
-        SnortSnprintfAppend(output_str, sizeof(output_str), " : ");
-
-    for (; pr != nullptr;
-        pr=(PORTRANGE*)sflist_next(&cursor) )
-    {
-        if ( pr->port_lo != 0)
-        {
-            SnortSnprintfAppend(output_str, sizeof(output_str), "%u", pr->port_lo);
-            if ( pr->port_hi != pr->port_lo )
-            {
-                SnortSnprintfAppend(output_str, sizeof(output_str), "-%u", pr->port_hi);
-            }
-            SnortSnprintfAppend(output_str, sizeof(output_str), " ");
-        }
-    }
-    LogMessage("%s\n", output_str);
+    std::string protos;
+
+    if ( !ds )
+        return "none";
+    if ( (ds & PS_PROTO_ALL) == PS_PROTO_ALL )
+        return "all";
+    if ( ds & PS_PROTO_TCP )
+        protos += "tcp ";
+    if ( ds & PS_PROTO_UDP )
+        protos += "udp ";
+    if ( ds & PS_PROTO_ICMP )
+        protos += "icmp ";
+    if ( ds & PS_PROTO_IP )
+        protos += "ip ";
+
+    protos.pop_back();
+
+    return protos;
 }
 
-static void PrintPortscanConf(PortscanConfig* config)
+static std::string get_types(int dst)
 {
-    char buf[STD_BUF + 1];
-
-    SnortSnprintf(buf, sizeof(buf), "    Detect Protocols:  ");
-
-    if ( config->detect_scans & PS_PROTO_TCP )
-        sfsnprintfappend(buf, sizeof(buf)-1, "TCP ");
-
-    if ( config->detect_scans & PS_PROTO_UDP )
-        sfsnprintfappend(buf, sizeof(buf)-1, "UDP ");
+    std::string types;
+
+    if ( !dst )
+        return "none";
+    if ( (dst & PS_TYPE_ALL) == PS_TYPE_ALL )
+        return "all";
+    if ( dst & PS_TYPE_PORTSCAN )
+        types += "portscan ";
+    if ( dst & PS_TYPE_PORTSWEEP )
+        types += "portsweep ";
+    if ( dst & PS_TYPE_DECOYSCAN )
+        types += "decoy_portscan ";
+    if ( dst & PS_TYPE_DISTPORTSCAN )
+        types += "distributed_portscan ";
+
+    types.pop_back();
+
+    return types;
+}
 
-    if ( config->detect_scans & PS_PROTO_ICMP )
-        sfsnprintfappend(buf, sizeof(buf)-1, "ICMP ");
+static std::string to_string(const IPSET* list)
+{
+    SF_LNODE* cursor;
+    std::string ipset;
 
-    if ( config->detect_scans & PS_PROTO_IP )
-        sfsnprintfappend(buf, sizeof(buf)-1, "IP");
+    for (auto p = (const IP_PORT*)sflist_first(&list->ip_list, &cursor); p;
+        p = (const IP_PORT*)sflist_next(&cursor))
+    {
+        SfIpString ip_str;
 
-    LogMessage("%s\n", buf);
-    SnortSnprintf(buf, sizeof(buf), "    Detect Scan Type:  ");
+        p->ip.get_addr()->ntop(ip_str);
 
-    if (config->detect_scan_type & PS_TYPE_PORTSCAN)
-        sfsnprintfappend(buf, sizeof(buf)-1, "portscan ");
+        if ( p->notflag )
+            ipset += "!";
 
-    if (config->detect_scan_type & PS_TYPE_PORTSWEEP)
-        sfsnprintfappend(buf, sizeof(buf)-1, "portsweep ");
+        ipset += std::string(ip_str);
 
-    if (config->detect_scan_type & PS_TYPE_DECOYSCAN)
-        sfsnprintfappend(buf, sizeof(buf)-1, "decoy_portscan ");
+        if ( ((p->ip.get_family() == AF_INET6) and (p->ip.get_bits() != 128)) or
+            ((p->ip.get_family() == AF_INET ) and (p->ip.get_bits() != 32 )) )
+            ipset += "/" + std::to_string(p->ip.get_bits());
 
-    if (config->detect_scan_type & PS_TYPE_DISTPORTSCAN)
-        sfsnprintfappend(buf, sizeof(buf)-1, "distributed_portscan");
+        SF_LNODE* pr_cursor;
+        auto pr =(const PORTRANGE*)sflist_first(&p->portset.port_list, &pr_cursor);
 
-    LogMessage("%s\n", buf);
-    LogMessage("    Memcap (in bytes): %zu\n", config->memcap);
-    LogMessage("    Number of Nodes:   %zu\n", config->memcap / ps_node_size());
+        if ( pr and pr->port_lo )
+            ipset += " : ";
 
-    if ( config->logfile )
-        LogMessage("    Logfile:           %s\n", "yes");
+        for (; pr; pr = (const PORTRANGE*)sflist_next(&pr_cursor))
+        {
+            if ( pr->port_lo )
+            {
+                ipset += std::to_string(pr->port_lo);
+                if ( pr->port_hi != pr->port_lo )
+                    ipset += "-" + std::to_string(pr->port_hi);
+                ipset += " ";
+            }
+        }
+        ipset += ", ";
+    }
 
-    if (config->ignore_scanners)
-    {
-        LogMessage("    Ignore Scanner IP List:\n");
-        SF_LNODE* cursor;
+    if ( ipset.empty() )
+        return "none";
 
-        IP_PORT* p = (IP_PORT*)sflist_first(&config->ignore_scanners->ip_list, &cursor);
+    ipset.erase(ipset.end() - 2);
 
-        for ( ; p; p = (IP_PORT*)sflist_next(&cursor) )
-            PrintIPPortSet(p);
-    }
+    return ipset;
+}
 
-    if (config->ignore_scanned)
-    {
-        LogMessage("    Ignore Scanned IP List:\n");
-        SF_LNODE* cursor;
+static void portscan_config_show(const PortscanConfig* config)
+{
+    ConfigLogger::log_value("memcap", config->memcap);
+    ConfigLogger::log_value("protos", get_protos(config->detect_scans).c_str());
+    ConfigLogger::log_value("scan_types", get_types(config->detect_scan_type).c_str());
 
-        IP_PORT* p = (IP_PORT*)sflist_first(&config->ignore_scanned->ip_list, &cursor);
+    if ( config->watch_ip )
+        ConfigLogger::log_list("watch_ip", to_string(config->watch_ip).c_str());
 
-        for ( ; p; p = (IP_PORT*)sflist_next(&cursor) )
-            PrintIPPortSet(p);
-    }
+    if ( config->ignore_scanners )
+        ConfigLogger::log_list("ignore_scanners", to_string(config->ignore_scanners).c_str());
 
-    if (config->watch_ip)
-    {
-        LogMessage("    Watch IP List:\n");
-        SF_LNODE* cursor;
+    if ( config->ignore_scanned )
+        ConfigLogger::log_list("ignore_scanned", to_string(config->ignore_scanned).c_str());
 
-        IP_PORT* p = (IP_PORT*)sflist_first(&config->watch_ip->ip_list, &cursor);
+    ConfigLogger::log_flag("alert_all", config->alert_all);
+    ConfigLogger::log_flag("include_midstream", config->include_midstream);
 
-        for ( ; p; p = (IP_PORT*)sflist_next(&cursor) )
-            PrintIPPortSet(p);
-    }
+    ConfigLogger::log_value("tcp_window", config->tcp_window);
+    ConfigLogger::log_value("udp_window", config->udp_window);
+    ConfigLogger::log_value("ip_window", config->ip_window);
+    ConfigLogger::log_value("icmp_window", config->icmp_window);
 }
 
 //-------------------------------------------------------------------------
@@ -429,7 +433,8 @@ void PortScan::tterm()
 
 void PortScan::show(SnortConfig*)
 {
-    PrintPortscanConf(config);
+    if ( config )
+        portscan_config_show(config);
 }
 
 void PortScan::eval(Packet* p)

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index 92246b78d34384b7cdc672a49e1427239ddd7af3..1813009e88b32eac8fca803a0a0121aab23ccf93 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -75,45 +75,6 @@ const char* WhiteActionOption[] =
  */
 static void snort_reputation(ReputationConfig* GlobalConf, Packet* p);
 
-static void print_iplist_stats(ReputationConfig* config)
-{
-    /*Print out the summary*/
-    LogMessage("    Reputation total memory usage: " STDu64 " bytes\n",
-        reputationstats.memory_allocated);
-    config->num_entries = sfrt_flat_num_entries(config->ip_list);
-    LogMessage("    Reputation total entries loaded: %u, invalid: %lu, re-defined: %lu\n",
-        config->num_entries,total_invalids,total_duplicates);
-}
-
-static void print_reputation_conf(ReputationConfig* config)
-{
-    assert(config);
-
-    print_iplist_stats(config);
-
-    LogMessage("    Memcap: %d %s \n",
-        config->memcap,
-        config->memcap == 500 ? "(Default) M bytes" : "M bytes");
-    LogMessage("    Scan local network: %s\n",
-        config->scanlocal ? "ENABLED" : "DISABLED (Default)");
-    LogMessage("    Reputation priority:  %s \n",
-        config->priority ==  WHITELISTED_TRUST ?
-        "whitelist (Default)" : "blacklist");
-    LogMessage("    Nested IP: %s %s \n",
-        NestedIPKeyword[config->nested_ip],
-        config->nested_ip ==  INNER ? "(Default)" : "");
-    LogMessage("    White action: %s %s \n",
-        WhiteActionOption[config->white_action],
-        config->white_action ==  UNBLACK ? "(Default)" : "");
-    if (config->blacklist_path.size())
-        LogMessage("    Blacklist File Path: %s\n", config->blacklist_path.c_str());
-
-    if (config->whitelist_path.size())
-        LogMessage("    Whitelist File Path: %s\n", config->whitelist_path.c_str());
-
-    LogMessage("\n");
-}
-
 static inline IPrepInfo* reputation_lookup(ReputationConfig* config, const SfIp* ip)
 {
     IPrepInfo* result;
@@ -246,6 +207,7 @@ static IPdecision reputation_decision(ReputationConfig* config, Packet* p)
     }
 
     // For OUTER or ALL, save current layers, iterate, then restore layers as needed
+    ip::IpApi blocked_api;
     ip::IpApi tmp_api = p->ptrs.ip_api;
     int8_t num_layer = 0;
     IpProtocol tmp_next = p->get_ip_proto_next();
@@ -254,13 +216,10 @@ static IPdecision reputation_decision(ReputationConfig* config, Packet* p)
     {
         layer::set_outer_ip_api(p, p->ptrs.ip_api, p->ip_proto_next, num_layer);
         decision_per_layer(config, p, ingress_zone, egress_zone, p->ptrs.ip_api, &decision_final);
-        if (decision_final != BLACKLISTED_SRC and decision_final != BLACKLISTED_DST)
-            p->ptrs.ip_api = tmp_api;
     }
     else if (config->nested_ip == ALL)
     {
         bool done = false;
-        ip::IpApi blocked_api;
         IPdecision decision_current = DECISION_NULL;
 
         while (!done and layer::set_outer_ip_api(p, p->ptrs.ip_api, p->ip_proto_next, num_layer))
@@ -275,14 +234,15 @@ static IPdecision reputation_decision(ReputationConfig* config, Packet* p)
                 decision_current = DECISION_NULL;
             }
         }
-        if (decision_final != BLACKLISTED_SRC and decision_final != BLACKLISTED_DST)
-            p->ptrs.ip_api = tmp_api;
-        else if (p->ptrs.ip_api != blocked_api)
-            p->ptrs.ip_api = blocked_api;
     }
     else
         assert(false); // Should never hit this
 
+    if (decision_final != BLACKLISTED_SRC and decision_final != BLACKLISTED_DST)
+        p->ptrs.ip_api = tmp_api;
+    else if (config->nested_ip == ALL and p->ptrs.ip_api != blocked_api)
+        p->ptrs.ip_api = blocked_api;
+
     p->ip_proto_next = tmp_next;
     return decision_final;
 }
@@ -367,6 +327,65 @@ static unsigned create_reputation_id()
     return reputation_id_tracker;
 }
 
+static const char* to_string(NestedIP nip)
+{
+    switch (nip)
+    {
+    case INNER:
+        return "inner";
+    case OUTER:
+        return "outer";
+    case ALL:
+        return "all";
+    }
+
+    return "";
+}
+
+static const char* to_string(WhiteAction wa)
+{
+    switch (wa)
+    {
+    case UNBLACK:
+        return "unblack";
+    case TRUST:
+        return "trust";
+    }
+
+    return "";
+}
+
+static const char* to_string(IPdecision ipd)
+{
+    switch (ipd)
+    {
+    case BLACKLISTED:
+        return "blacklisted";
+    case WHITELISTED_TRUST:
+        return "whitelisted_trust";
+    case MONITORED:
+        return "monitored";
+    case BLACKLISTED_SRC:
+        return "blacklisted_src";
+    case BLACKLISTED_DST:
+        return "blacklisted_dst";
+    case WHITELISTED_TRUST_SRC:
+        return "whitelisted_trust_src";
+    case WHITELISTED_TRUST_DST:
+        return "whitelisted_trust_dst";
+    case WHITELISTED_UNBLACK:
+        return "whitelisted_unblack";
+    case MONITORED_SRC:
+        return "monitored_src";
+    case MONITORED_DST:
+        return "monitored_dst";
+    case DECISION_NULL:
+    case DECISION_MAX:
+    default:
+        return "";
+    }
+}
+
 //-------------------------------------------------------------------------
 // class stuff
 //-------------------------------------------------------------------------
@@ -394,7 +413,14 @@ Reputation::Reputation(ReputationConfig* pc)
 
 void Reputation::show(SnortConfig*)
 {
-    print_reputation_conf(&config);
+    ConfigLogger::log_value("blacklist", config.blacklist_path.c_str());
+    ConfigLogger::log_value("list_dir", config.list_dir.c_str());
+    ConfigLogger::log_value("memcap", config.memcap);
+    ConfigLogger::log_value("nested_ip", to_string(config.nested_ip));
+    ConfigLogger::log_value("priority", to_string(config.priority));
+    ConfigLogger::log_flag("scan_local", config.scanlocal);
+    ConfigLogger::log_value("white (action)", to_string(config.white_action));
+    ConfigLogger::log_value("whitelist", config.whitelist_path.c_str());
 }
 
 void Reputation::eval(Packet* p)

diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc
index d0cee90116607539d1dadae73bc0cdc9c24b799e..19fbb97bae5fb03911cf7abeeefc5814826a849a 100644 (file)
--- a/src/network_inspectors/rna/rna_inspector.cc
+++ b/src/network_inspectors/rna/rna_inspector.cc
@@ -102,31 +102,25 @@ void RnaInspector::eval(Packet* p)
 
 void RnaInspector::show(SnortConfig*)
 {
-    if (mod_conf)
+    if ( mod_conf )
     {
-        if (!mod_conf->rna_conf_path.empty())
-            LogMessage("    Config path:            %s\n", mod_conf->rna_conf_path.c_str());
-        if (!mod_conf->rna_util_lib_path.empty())
-            LogMessage("    Library path:           %s\n", mod_conf->rna_util_lib_path.c_str());
-        if (!mod_conf->fingerprint_dir.empty())
-            LogMessage("    Fingerprint dir:        %s\n", mod_conf->fingerprint_dir.c_str());
-        if (!mod_conf->custom_fingerprint_dir.empty())
-            LogMessage("    Custom fingerprint dir: %s\n",
-                mod_conf->custom_fingerprint_dir.c_str());
-        LogMessage("    Enable logger:          %d\n", mod_conf->enable_logger);
+        ConfigLogger::log_value("rna_conf_path", mod_conf->rna_conf_path.c_str());
+        ConfigLogger::log_value("rna_util_lib_path", mod_conf->rna_util_lib_path.c_str());
+        ConfigLogger::log_value("fingerprint_dir", mod_conf->fingerprint_dir.c_str());
+        ConfigLogger::log_value("custom_fingerprint_dir", mod_conf->custom_fingerprint_dir.c_str());
+        ConfigLogger::log_flag("enable_logger", mod_conf->enable_logger);
+        ConfigLogger::log_flag("log_when_idle", mod_conf->log_when_idle);
     }
 
-    if (rna_conf)
+    if ( rna_conf )
     {
-        LogMessage("    Update timeout:         %u secs\n", rna_conf->update_timeout);
-        LogMessage("    Max host client apps:   %u\n", rna_conf->max_host_client_apps);
-        LogMessage("    Max payloads:           %u\n", rna_conf->max_payloads);
-        LogMessage("    Max host services:      %u\n", rna_conf->max_host_services);
-        LogMessage("    Max host service info:  %u\n", rna_conf->max_host_service_info);
-        LogMessage("    Banner grab:            %d\n", rna_conf->enable_banner_grab);
+        ConfigLogger::log_value("UpdateTimeout", rna_conf->update_timeout);
+        ConfigLogger::log_value("MaxHostClientApps", rna_conf->max_host_client_apps);
+        ConfigLogger::log_value("MaxPayloads", rna_conf->max_payloads);
+        ConfigLogger::log_value("MaxHostServices", rna_conf->max_host_services);
+        ConfigLogger::log_value("MaxHostServiceInfo", rna_conf->max_host_service_info);
+        ConfigLogger::log_value("BannerGrab", rna_conf->enable_banner_grab);
     }
-
-    LogMessage("\n");
 }
 
 void RnaInspector::tinit()

diff --git a/src/service_inspectors/cip/cip.cc b/src/service_inspectors/cip/cip.cc
index 0f365e81f5d776bc257ef349cd7ec938720a9d6c..4ccc0504b556a2e56d824f8fd1673cc07e753d7b 100644 (file)
--- a/src/service_inspectors/cip/cip.cc
+++ b/src/service_inspectors/cip/cip.cc
@@ -111,27 +111,6 @@ static void free_cip_data(void* data)
     }
 }
 
-static void print_cip_conf(CipProtoConf* config)
-{
-    if (config == nullptr)
-        return;
-    LogMessage("    Embedded Enabled: %s\n",
-        config->embedded_cip_enabled ? "ENABLED" : "DISABLED");
-    if (config->embedded_cip_enabled)
-    {
-        LogMessage("    Embedded Class: 0x%x\n", config->embedded_cip_class_id);
-        LogMessage("    Embedded Service: 0x%x\n", config->embedded_cip_service_id);
-    }
-
-    LogMessage("    Unconnected Timeout: %d (seconds)\n", config->unconnected_timeout);
-    LogMessage("    Max CIP connections per TCP connection: %d\n",
-        static_cast<int>(config->max_cip_connections));
-    LogMessage("    Max unconnected messages per TCP connection: %d\n",
-        static_cast<int>(config->max_unconnected_messages));
-
-    LogMessage("\n");
-}
-
 static CipPacketDirection get_packet_direction(Packet* p)
 {
     if (!p->has_tcp_data())
@@ -300,8 +279,20 @@ Cip::~Cip()
 
 void Cip::show(SnortConfig*)
 {
-    /* defined in module.cc */
-    print_cip_conf(config);
+    if (!config)
+        return;
+
+    if (config->embedded_cip_enabled)
+    {
+        std::string cip_path = std::to_string(config->embedded_cip_class_id);
+        cip_path += " ";
+        cip_path += std::to_string(config->embedded_cip_service_id);
+        ConfigLogger::log_value("embedded_cip_path", cip_path.c_str());
+    }
+
+    ConfigLogger::log_value("unconnected_timeout", config->unconnected_timeout);
+    ConfigLogger::log_value("max_cip_connections", config->max_cip_connections);
+    ConfigLogger::log_value("max_unconnected_messages", config->max_unconnected_messages);
 }
 
 void Cip::eval(Packet* p)

diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc
index d1469648e4032b95db45f497aa8c1e5eca3aba7a..257f7a7f4211ec581c0bed1fb9af6ce53d0003d7 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_common.cc
+++ b/src/service_inspectors/dce_rpc/dce_common.cc
@@ -118,24 +118,17 @@ bool dce2_set_co_config(Value& v, dce2CoProtoConf& co)
 
 void print_dce2_common_config(dce2CommonProtoConf& common)
 {
-    LogMessage("    One alert per flow: %s\n",
-        common.limit_alerts ?
-        "ENABLED" : "DISABLED");
-    LogMessage("    Defragmentation: %s\n",
-        common.disable_defrag ?
-        "DISABLED" : "ENABLED");
-    LogMessage("    Max Fragment length: %d\n",
-        common.max_frag_len);
+    ConfigLogger::log_flag("limit_alerts", common.limit_alerts);
+    ConfigLogger::log_flag("disable_defrag", common.disable_defrag);
+    ConfigLogger::log_value("max_frag_len", common.max_frag_len);
 }
 
 void print_dce2_co_config(dce2CoProtoConf& co)
 {
     print_dce2_common_config(co.common);
 
-    LogMessage("    Policy : %s\n",
-        dce2_get_policy_name(co.policy));
-    LogMessage("    Reassemble Threshold : %d\n",
-        co.co_reassemble_threshold);
+    ConfigLogger::log_value("policy", dce2_get_policy_name(co.policy));
+    ConfigLogger::log_value("reassemble_threshold", co.co_reassemble_threshold);
 }
 
 bool dce2_paf_abort(DCE2_SsnData* sd)

diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc
index 1ae5a23c1ff391380e624061c930c7a8289fe3d5..f07307c0996735d61d7e28bb4fac38c8d4cf01d5 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_module.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc
@@ -96,7 +96,7 @@ static const PegInfo dce2_smb_pegs[] =
 };
 
 static const char* dce2SmbFingerprintPolicyStrings[] =
-{ "Disabled", "Client","Server", "Client and Server" };
+{ "disabled", "client", "server", "client and server" };
 
 static const Parameter s_params[] =
 {
@@ -190,6 +190,29 @@ static const RuleMap dce2_smb_rules[] =
     { 0, nullptr }
 };
 
+static std::string get_shares(DCE2_List* shares)
+{
+    std::string cmds;
+
+    if ( shares )
+    {
+        for (dce2SmbShare* share = (dce2SmbShare*)DCE2_ListFirst(shares);
+            share;
+            share = (dce2SmbShare*)DCE2_ListNext(shares))
+        {
+            cmds += share->ascii_str;
+            cmds += " ";
+        }
+    }
+
+    if ( !cmds.empty() )
+        cmds.pop_back();
+    else
+        cmds += "none";
+
+    return cmds;
+}
+
 Dce2SmbModule::Dce2SmbModule() : Module(DCE2_SMB_NAME, DCE2_SMB_HELP, s_params, false, &dce_smb_trace)
 {
     memset(&config, 0, sizeof(config));
@@ -273,6 +296,19 @@ static void set_smb_versions_mask(dce2SmbProtoConf& config, const char* s)
     }
 }
 
+static const char* get_smb_versions(uint16_t mask)
+{
+    switch (mask)
+    {
+    case DCE2_VALID_SMB_VERSION_FLAG_V1:
+        return "v1";
+    case DCE2_VALID_SMB_VERSION_FLAG_V2:
+        return "v2";
+    default:
+        return "all";
+    }
+}
+
 static bool set_smb_invalid_shares(dce2SmbProtoConf& config, Value& v)
 {
     string tok;
@@ -384,56 +420,16 @@ void Dce2SmbModule::get_data(dce2SmbProtoConf& dce2_smb_config)
 void print_dce2_smb_conf(dce2SmbProtoConf& config)
 {
     print_dce2_co_config(config.common);
-    LogMessage("    SMB fingerprint policy : %s\n",
-        dce2SmbFingerprintPolicyStrings[config.smb_fingerprint_policy]);
-
-    if (config.smb_max_chain == 0)
-        LogMessage("    Maximum SMB command chaining: Unlimited\n");
-    else if (config.smb_max_chain == 1)
-        LogMessage("    Maximum SMB command chaining: No chaining allowed\n");
-    else
-        LogMessage("    Maximum SMB command chaining: %u\n", config.smb_max_chain);
 
-    if (config.smb_max_compound == 0)
-        LogMessage("    Maximum SMB compounded requests: Unlimited\n");
-    else if (config.smb_max_compound == 1)
-        LogMessage("    Maximum SMB compounded requests: No compounding allowed\n");
-    else
-        LogMessage("    Maximum SMB compounded requests: %u\n", config.smb_max_compound);
-
-    if (config.smb_file_depth == -1)
-        LogMessage("    SMB file depth: Disabled\n");
-    else if (config.smb_file_depth == 0)
-        LogMessage("    SMB file depth: Unlimited\n");
-    else
-        LogMessage("    SMB file depth: %d\n",config.smb_file_depth);
-
-    if (config.smb_valid_versions_mask  == DCE2_VALID_SMB_VERSION_FLAG_V1)
-    {
-        LogMessage("    SMB valid versions : v1\n");
-    }
-    else if (config.smb_valid_versions_mask  == DCE2_VALID_SMB_VERSION_FLAG_V2)
-    {
-        LogMessage("    SMB valid versions : v2\n");
-    }
-    else
-    {
-        LogMessage("    SMB valid versions : all\n");
-    }
-    if (config.smb_invalid_shares != nullptr)
-    {
-        dce2SmbShare* share;
-
-        LogMessage("    Invalid SMB shares:\n");
-
-        for (share = (dce2SmbShare*)DCE2_ListFirst(config.smb_invalid_shares);
-            share != nullptr;
-            share = (dce2SmbShare*)DCE2_ListNext(config.smb_invalid_shares))
-        {
-            LogMessage("    %s\n",share->ascii_str);
-        }
-    }
-    if (config.legacy_mode)
-        LogMessage("    SMB legacy mode enabled\n");
+    ConfigLogger::log_value("smb_fingerprint_policy",
+        dce2SmbFingerprintPolicyStrings[config.smb_fingerprint_policy]);
+    ConfigLogger::log_limit("smb_max_chain", config.smb_max_chain, 0, 1);
+    ConfigLogger::log_limit("smb_max_compound", config.smb_max_compound, 0, 1);
+    ConfigLogger::log_value("valid_smb_versions",
+        get_smb_versions(config.smb_valid_versions_mask));
+    ConfigLogger::log_limit("smb_file_depth", config.smb_file_depth, 0, -1);
+    ConfigLogger::log_list("smb_invalid_shares",
+        get_shares(config.smb_invalid_shares).c_str());
+    ConfigLogger::log_flag("smb_legacy_mode", config.legacy_mode);
 }
 

diff --git a/src/service_inspectors/dnp3/dnp3.cc b/src/service_inspectors/dnp3/dnp3.cc
index a43b797f2518167778ca4ee3c135fa314544a138..d41d6af23b87cf072d096fed029600cdf9da6090 100644 (file)
--- a/src/service_inspectors/dnp3/dnp3.cc
+++ b/src/service_inspectors/dnp3/dnp3.cc
@@ -27,6 +27,7 @@
 
 #include "detection/detection_engine.h"
 #include "events/event_queue.h"
+#include "log/messages.h"
 #include "protocols/packet.h"
 
 #include "dnp3_paf.h"
@@ -240,7 +241,7 @@ Dnp3::Dnp3(const dnp3ProtoConf& pc)
 
 void Dnp3::show(SnortConfig*)
 {
-    print_dnp3_conf(config);
+    ConfigLogger::log_flag("check_crc", config.check_crc);
 }
 
 void Dnp3::eval(Packet* p)

diff --git a/src/service_inspectors/dnp3/dnp3_module.cc b/src/service_inspectors/dnp3/dnp3_module.cc
index e2db079b2231eed10b1478c464b8c12cbb91d1eb..9333deb0a7d03908b66718e16f5ee00670f21162 100644 (file)
--- a/src/service_inspectors/dnp3/dnp3_module.cc
+++ b/src/service_inspectors/dnp3/dnp3_module.cc
@@ -24,8 +24,6 @@
 
 #include "dnp3_module.h"
 
-#include "log/messages.h"
-
 #include "dnp3.h"
 
 using namespace snort;
@@ -101,11 +99,3 @@ void Dnp3Module::get_data(dnp3ProtoConf& dnp3_config)
 {
     dnp3_config.check_crc = config.check_crc;
 }
-
-void print_dnp3_conf(const dnp3ProtoConf& config)
-{
-    LogMessage("    Check CRC: %s\n",
-        config.check_crc ?
-        "ENABLED" : "DISABLED");
-}
-

diff --git a/src/service_inspectors/dnp3/dnp3_module.h b/src/service_inspectors/dnp3/dnp3_module.h
index 3de09693ec7a6d312619cbdac3487bc01a2fe6fd..8a6ff065a86dc51309c3b7be5131bbbc06079849 100644 (file)
--- a/src/service_inspectors/dnp3/dnp3_module.h
+++ b/src/service_inspectors/dnp3/dnp3_module.h
@@ -58,7 +58,5 @@ private:
     dnp3ProtoConf config;
 };
 
-void print_dnp3_conf(const dnp3ProtoConf& config);
-
 #endif
 

diff --git a/src/service_inspectors/ftp_telnet/ftp.cc b/src/service_inspectors/ftp_telnet/ftp.cc
index 2413ef42d0b47af73e04b9aa4e06abcea10f207c..4715fd6599ab636e78c4a55ec4ae6f9600197509 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp.cc
+++ b/src/service_inspectors/ftp_telnet/ftp.cc
@@ -188,6 +188,13 @@ static int snort_ftp(Packet* p)
 
 typedef InspectorData<FTP_CLIENT_PROTO_CONF> FtpClient;
 
+template<>
+void FtpClient::show(SnortConfig*)
+{
+    if ( data )
+        print_conf_client(data);
+}
+
 class FtpServer : public Inspector
 {
 public:
@@ -220,7 +227,8 @@ bool FtpServer::configure(SnortConfig* sc)
 
 void FtpServer::show(SnortConfig*)
 {
-    PrintFTPServerConf(ftp_server);
+    if ( ftp_server )
+        print_conf_server(ftp_server);
 }
 
 StreamSplitter* FtpServer::get_splitter(bool c2s)

diff --git a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc
index 226c4eff6df4a193f93ee73c3bf4cda9e209d417..b423e7619d428d67d70949f9af880fe5f4348ba2 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc
@@ -66,22 +66,6 @@ int ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP** BounceLookup)
     return FTPP_SUCCESS;
 }
 
-/*
- * Function: ftp_bounce_lookup_add(BOUNCE_LOOKUP *BounceLookup,
- *                                 char *ip, int len,
- *                                 FTP_BOUNCE_TO *BounceTo)
- *
- * Purpose: Add a bounce configuration to the list.  IP is stored
- *          in dot notation order.  When the lookup happens, we
- *          compare up to len bytes of the address.
- *
- * Arguments: BounceLookup => a pointer to the lookup structure
- *            IP           => the ftp bounce address
- *            BounceTo     => a pointer to the bounce configuration structure
- *
- * Returns: int => return code indicating error or success
- *
- */
 int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip,
     FTP_BOUNCE_TO* BounceTo)
 {
@@ -112,24 +96,6 @@ int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip,
     return FTPP_SUCCESS;
 }
 
-/*
- * Function: ftp_bounce_lookup_find(BOUNCE_LOOKUP *BounceLookup,
- *                                  const SfIp *ip, int *iError)
- *
- * Purpose: Find a bounce configuration given a IP.
- *          We look up a bounce configuration given an IP and
- *          return a pointer to that bounce configuration if found.
- *
- * Arguments: BounceLookup => a pointer to the lookup structure
- *            IP           => the ftp bounce address
- *            iError       => a pointer to an error code
- *
- * Returns: int => return code indicating error or success
- *
- * Returns: FTP_BOUNCE_TO* => Pointer to bounce configuration structure
- *                            matching IP if found, NULL otherwise.
- *
- */
 FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip,
     int* iError)
 {
@@ -157,21 +123,6 @@ FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const SfIp* I
     return BounceTo;
 }
 
-// FIXIT-L orphan code until FTP client inspector acquires a show() method
-#if 0
-/*
- * Function: ftp_bounce_lookup_first(BOUNCE_LOOKUP *BounceLookup,
- *                                   int *iError)
- *
- * Purpose: This lookups the first bounce configuration, so we can
- *          iterate through the configurations.
- *
- * Arguments: BounceLookup  => pointer to the bounce lookup structure
- *            iError        => pointer to the integer to set for errors
- *
- * Returns: FTP_BOUNCE_TO* => Pointer to first bounce configuration structure
- *
- */
 FTP_BOUNCE_TO* ftp_bounce_lookup_first(BOUNCE_LOOKUP* BounceLookup, int* iError)
 {
     FTP_BOUNCE_TO* BounceTo;
@@ -198,22 +149,6 @@ FTP_BOUNCE_TO* ftp_bounce_lookup_first(BOUNCE_LOOKUP* BounceLookup, int* iError)
     return BounceTo;
 }
 
-/*
- * Function: ftp_bounce_lookup_next(BOUNCE_LOOKUP *BounceLookup,
- *                                  int *iError)
- *
- * Iterates to the next configuration, like a list it just returns
- * the next config in the config list.
- *
- * Purpose: This lookups the next bounce configuration, so we can
- *          iterate through the configurations.
- *
- * Arguments: BounceLookup  => pointer to the bounce lookup structure
- *            iError        => pointer to the integer to set for errors
- *
- * Returns: FTP_BOUNCE_TO*  => Pointer to next bounce configuration structure
- *
- */
 FTP_BOUNCE_TO* ftp_bounce_lookup_next(BOUNCE_LOOKUP* BounceLookup, int* iError)
 {
     FTP_BOUNCE_TO* BounceTo;
@@ -239,5 +174,3 @@ FTP_BOUNCE_TO* ftp_bounce_lookup_next(BOUNCE_LOOKUP* BounceLookup, int* iError)
 
     return BounceTo;
 }
-#endif
-

diff --git a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.h b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.h
index 734aa6779f07ac4bae413bf62e4d7aacdac6c8cf..6e697a14694ea474b579653930adfe84ff022635 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.h
+++ b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.h
@@ -39,9 +39,8 @@ int ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP** BounceLookup);
 int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* ip, FTP_BOUNCE_TO* BounceTo);
 
 FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* ip, int* iError);
-// FIXIT-L orphan code until FTP client inspector acquires a show() method
-// FTP_BOUNCE_TO* ftp_bounce_lookup_first(BOUNCE_LOOKUP* BounceLookup, int* iError);
-// FTP_BOUNCE_TO* ftp_bounce_lookup_next(BOUNCE_LOOKUP* BounceLookup, int* iError);
+FTP_BOUNCE_TO* ftp_bounce_lookup_first(BOUNCE_LOOKUP* BounceLookup, int* iError);
+FTP_BOUNCE_TO* ftp_bounce_lookup_next(BOUNCE_LOOKUP* BounceLookup, int* iError);
 
 #endif
 

diff --git a/src/service_inspectors/ftp_telnet/ftp_print.cc b/src/service_inspectors/ftp_telnet/ftp_print.cc
index f7c3fcb6a04cad6d83429c5b4977eeca2e4efb7b..559ab0f3a8b1532984c7f804f756120823716dd7 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_print.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_print.cc
@@ -42,245 +42,60 @@
 
 using namespace snort;
 
-int PrintConfOpt(bool on, const char* Option)
+void print_conf_client(FTP_CLIENT_PROTO_CONF* config)
 {
-    LogMessage("    %s: %s\n", Option, on ? "ON" : "OFF");
-    return FTPP_SUCCESS;
-}
-
-/*
- * Function: PrintFormatDate(FTP_DATE_FMT *DateFmt)
- *
- * Purpose: Recursively prints the FTP date validation tree
- *
- * Arguments: DateFmt       => pointer to the date format node
- *
- * Returns: None
- *
- */
-static void PrintFormatDate(char* buf, FTP_DATE_FMT* DateFmt)
-{
-    FTP_DATE_FMT* OptChild;
-
-    if (!DateFmt->empty)
-        sfsnprintfappend(buf, BUF_SIZE, "%s", DateFmt->format_string);
-
-    if (DateFmt->optional)
-    {
-        OptChild = DateFmt->optional;
-        sfsnprintfappend(buf, BUF_SIZE, "[");
-        PrintFormatDate(buf, OptChild);
-        sfsnprintfappend(buf, BUF_SIZE, "]");
-    }
-
-    if (DateFmt->next_a)
-    {
-        if (DateFmt->next_b)
-            sfsnprintfappend(buf, BUF_SIZE, "{");
-        OptChild = DateFmt->next_a;
-        PrintFormatDate(buf, OptChild);
-        if (DateFmt->next_b)
-        {
-            sfsnprintfappend(buf, BUF_SIZE, "|");
-            OptChild = DateFmt->next_b;
-            PrintFormatDate(buf, OptChild);
-            sfsnprintfappend(buf, BUF_SIZE, "}");
-        }
-    }
-
-    if (DateFmt->next)
-        PrintFormatDate(buf, DateFmt->next);
-}
-
-/*
- * Function: PrintCmdFmt(FTP_PARAM_FMT *CmdFmt)
- *
- * Purpose: Recursively prints the FTP command parameter validation tree
- *
- * Arguments: CmdFmt       => pointer to the parameter validation node
- *
- * Returns: None
- *
- */
-static void PrintCmdFmt(char* buf, FTP_PARAM_FMT* CmdFmt)
-{
-    FTP_PARAM_FMT* OptChild;
-
-    switch (CmdFmt->type)
-    {
-    case e_int:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_INT);
-        break;
-    case e_number:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_NUMBER);
-        break;
-    case e_char:
-        sfsnprintfappend(buf, BUF_SIZE, " %s 0x%x", F_CHAR,
-            CmdFmt->format.chars_allowed);
-        break;
-    case e_date:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_DATE);
-        PrintFormatDate(buf, CmdFmt->format.date_fmt);
-        break;
-    case e_literal:
-        sfsnprintfappend(buf, BUF_SIZE, " %s %s", F_LITERAL,
-            CmdFmt->format.literal);
-        break;
-    case e_unrestricted:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_STRING);
-        break;
-    case e_strformat:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_STRING_FMT);
-        break;
-    case e_host_port:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_HOST_PORT);
-        break;
-    case e_long_host_port:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_LONG_HOST_PORT);
-        break;
-    case e_extd_host_port:
-        sfsnprintfappend(buf, BUF_SIZE, " %s", F_EXTD_HOST_PORT);
-        break;
-    case e_head:
-        break;
-    default:
-        break;
-    }
-
-    if (CmdFmt->optional_fmt)
-    {
-        OptChild = CmdFmt->optional_fmt;
-        sfsnprintfappend(buf, BUF_SIZE, "[");
-        PrintCmdFmt(buf, OptChild);
-        sfsnprintfappend(buf, BUF_SIZE, "]");
-    }
-
-    if (CmdFmt->numChoices)
-    {
-        int i;
-        sfsnprintfappend(buf, BUF_SIZE, "{");
-        for (i=0; i<CmdFmt->numChoices; i++)
-        {
-            if (i)
-                sfsnprintfappend(buf, BUF_SIZE, "|");
-            OptChild = CmdFmt->choices[i];
-            PrintCmdFmt(buf, OptChild);
-        }
-        sfsnprintfappend(buf, BUF_SIZE, "}");
-    }
+    ConfigLogger::log_flag("bounce", config->bounce);
+    ConfigLogger::log_flag("ignore_telnet_erase_cmds", config->ignore_telnet_erase_cmds);
+    ConfigLogger::log_value("max_resp_len", config->max_resp_len);
+    ConfigLogger::log_flag("telnet_cmds", config->telnet_cmds);
 
-    if (CmdFmt->next_param_fmt && CmdFmt->next_param_fmt->prev_optional)
-        PrintCmdFmt(buf, CmdFmt->next_param_fmt);
-}
+    int ret;
 
-// FIXIT-L orphan code until FTP client inspector acquires a show() method
-#if 0
-int PrintFTPClientConf(FTP_CLIENT_PROTO_CONF* ClientConf)
-{
-    FTP_BOUNCE_TO* FTPBounce;
-    int iErr;
-
-    LogMessage(FTP_CLIENT_NAME ":\n");
-
-    PrintConfOpt(ClientConf->bounce, "Check for Bounce Attacks");
-    PrintConfOpt(ClientConf->telnet_cmds, "Check for Telnet Cmds");
-    PrintConfOpt(ClientConf->ignore_telnet_erase_cmds, "Ignore Telnet Cmd Operations");
-    LogMessage("    Max Response Length: %d\n", ClientConf->max_resp_len);
-
-    FTPBounce = ftp_bounce_lookup_first(ClientConf->bounce_lookup, &iErr);
-    if (FTPBounce)
+    for (FTP_BOUNCE_TO* FTPBounce = ftp_bounce_lookup_first(config->bounce_lookup, &ret);
+        FTPBounce;
+        FTPBounce = ftp_bounce_lookup_next(config->bounce_lookup, &ret))
     {
-        LogMessage("    Allow FTP bounces to:\n");
+        char buf[BUF_SIZE + 1] = {0};
 
-        while (FTPBounce)
-        {
-            char* addr_str;
-            char bits_str[5];
-            uint8_t bits;
-            bits_str[0] = '\0';
+        FTPBounce->ip.ntop(buf, BUF_SIZE);
 
-            addr_str = FTPBounce->ip.ntoa();
-            bits = (uint8_t)FTPBounce->ip.bits;
-            if (((FTPBounce->ip.family == AF_INET) && (bits != 32)) ||
-                ((FTPBounce->ip.family == AF_INET6) && (bits != 128)))
-            {
-                snprintf(bits_str, sizeof(bits_str), "/%hhu", bits);
-            }
-            if (FTPBounce->porthi)
-            {
-                LogMessage("        Address: %s%s, Ports: %d-%d\n",
-                    addr_str, bits_str[0] ? bits_str : "",
-                    FTPBounce->portlo, FTPBounce->porthi);
-            }
-            else
-            {
-                LogMessage("        Address: %s%s, Port: %d\n",
-                    addr_str, bits_str[0] ? bits_str : "",
-                    FTPBounce->portlo);
-            }
+        if (FTPBounce->porthi)
+            snprintf(buf, BUF_SIZE, ":%d-%d", FTPBounce->portlo, FTPBounce->porthi);
+        else
+            snprintf(buf, BUF_SIZE, ":%d", FTPBounce->portlo);
 
-            FTPBounce = ftp_bounce_lookup_next(ClientConf->bounce_lookup, &iErr);
-        }
+        ConfigLogger::log_list("bounce", buf);
     }
-
-    return FTPP_SUCCESS;
 }
-#endif
 
-int PrintFTPServerConf(FTP_SERVER_PROTO_CONF* ServerConf)
+void print_conf_server(FTP_SERVER_PROTO_CONF* config)
 {
-    int iRet;
-    FTP_CMD_CONF* FTPCmd;
-
-    if (!ServerConf)
+    ConfigLogger::log_flag("check_encrypted", config->detect_encrypted);
+    ConfigLogger::log_value("def_max_param_len", config->def_max_param_len);
+    ConfigLogger::log_flag("encrypted_traffic", config->check_encrypted_data);
+    ConfigLogger::log_flag("ignore_data_chan", config->data_chan);
+    ConfigLogger::log_flag("ignore_telnet_erase_cmds", config->ignore_telnet_erase_cmds);
+    ConfigLogger::log_flag("telnet_cmds", config->telnet_cmds);
+    ConfigLogger::log_flag("print_cmds", config->print_commands);
+
+    if (!config->print_commands)
+        return;
+
+    int ret;
+    std::string cmds;
+
+    for (FTP_CMD_CONF* ftp_cmd = ftp_cmd_lookup_first(config->cmd_lookup, &ret);
+        ftp_cmd;
+        ftp_cmd = ftp_cmd_lookup_next(config->cmd_lookup, &ret))
     {
-        return FTPP_INVALID_ARG;
+        cmds += ftp_cmd->cmd_name;
+        cmds += " ";
     }
 
-    PrintConfOpt(ServerConf->telnet_cmds, "Check for Telnet Cmds");
-    PrintConfOpt(ServerConf->ignore_telnet_erase_cmds, "Ignore Telnet Cmd Operations");
-    LogMessage("    Ignore open data channels: %s\n",
-        ServerConf->data_chan ? "YES" : "NO");
-    PrintConfOpt(ServerConf->detect_encrypted, "Check for Encrypted Traffic");
-    LogMessage("    Continue to check encrypted data: %s\n",
-        ServerConf->check_encrypted_data ? "YES" : "NO");
-
-    if (ServerConf->print_commands)
-    {
-        LogMessage("    FTP Commands:\n");
-
-        FTPCmd = ftp_cmd_lookup_first(ServerConf->cmd_lookup, &iRet);
-        while (FTPCmd != nullptr)
-        {
-            char buf[BUF_SIZE+1];
-            snprintf(buf, BUF_SIZE, "        %s { %u ",
-                FTPCmd->cmd_name, FTPCmd->max_param_len);
+    if ( !cmds.empty() )
+        cmds.pop_back();
+    else
+        cmds += "none";
 
-#ifdef PRINT_DEFAULT_CONFIGS
-            // FIXIT-L should append, not overwrite
-            if (FTPCmd->data_chan_cmd)
-                snprintf(buf, BUF_SIZE, "%s", "data_chan ");
-            if (FTPCmd->data_xfer_cmd)
-                snprintf(buf, BUF_SIZE, "%s", "data_xfer ");
-            if (FTPCmd->encr_cmd)
-                snprintf(buf, BUF_SIZE, "%s", "encr ");
-#endif
-
-            if (FTPCmd->check_validity)
-            {
-                FTP_PARAM_FMT* CmdFmt = FTPCmd->param_format;
-                while (CmdFmt != nullptr)
-                {
-                    PrintCmdFmt(buf, CmdFmt);
-
-                    CmdFmt = CmdFmt->next_param_fmt;
-                }
-            }
-            LogMessage("%s}\n", buf);
-            FTPCmd = ftp_cmd_lookup_next(ServerConf->cmd_lookup, &iRet);
-        }
-    }
-
-    return FTPP_SUCCESS;
+    ConfigLogger::log_list("commands", cmds.c_str());
 }
-

diff --git a/src/service_inspectors/ftp_telnet/ftp_print.h b/src/service_inspectors/ftp_telnet/ftp_print.h
index 1ddb880fd75514028729c406f3e6f1619cbc9ad8..3e7aa86317ba2b99d0c63caaaace62c4bad9466e 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_print.h
+++ b/src/service_inspectors/ftp_telnet/ftp_print.h
@@ -27,10 +27,8 @@
 
 #include "ftpp_ui_config.h"
 
-int PrintConfOpt(bool on, const char* Option);
-// FIXIT-L orphan code until FTP client inspector acquires a show() method
-// int PrintFTPClientConf(FTP_CLIENT_PROTO_CONF*);
-int PrintFTPServerConf(FTP_SERVER_PROTO_CONF*);
+void print_conf_client(FTP_CLIENT_PROTO_CONF*);
+void print_conf_server(FTP_SERVER_PROTO_CONF*);
 
 #endif
 

diff --git a/src/service_inspectors/ftp_telnet/telnet.cc b/src/service_inspectors/ftp_telnet/telnet.cc
index 32337088d6dcff108038fb4c9eeea7f315d2cef2..27b01eccf599986d115d54054197c4c49fa65aa5 100644 (file)
--- a/src/service_inspectors/ftp_telnet/telnet.cc
+++ b/src/service_inspectors/ftp_telnet/telnet.cc
@@ -174,35 +174,6 @@ static int snort_telnet(TELNET_PROTO_CONF* GlobalConf, Packet* p)
     return FTPP_INVALID_PROTO;
 }
 
-/*
- * Function: PrintTelnetConf(TELNET_PROTO_CONF *TelnetConf,
- *                          char *Option)
- *
- * Purpose: Prints the telnet configuration
- *
- * Arguments: TelnetConf    => pointer to the telnet configuration
- *
- * Returns: int     => an error code integer (0 = success,
- *                     >0 = non-fatal error, <0 = fatal error)
- *
- */
-static int PrintTelnetConf(TELNET_PROTO_CONF* TelnetConf)
-{
-    if (!TelnetConf)
-    {
-        return FTPP_INVALID_ARG;
-    }
-
-    LogMessage("      Are You There Threshold: %d\n",
-        TelnetConf->ayt_threshold);
-    LogMessage("      Normalize: %s\n", TelnetConf->normalize ? "YES" : "NO");
-    PrintConfOpt(TelnetConf->detect_encrypted, "Check for Encrypted Traffic");
-    LogMessage("      Continue to check encrypted data: %s\n",
-        TelnetConf->check_encrypted_data ? "YES" : "NO");
-
-    return FTPP_SUCCESS;
-}
-
 //-------------------------------------------------------------------------
 // class stuff
 //-------------------------------------------------------------------------
@@ -242,7 +213,13 @@ bool Telnet::configure(SnortConfig* sc)
 
 void Telnet::show(SnortConfig*)
 {
-    PrintTelnetConf(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_value("ayt_attack_thresh", config->ayt_threshold);
+    ConfigLogger::log_flag("check_encrypted", config->detect_encrypted);
+    ConfigLogger::log_flag("encrypted_traffic", config->check_encrypted_data);
+    ConfigLogger::log_flag("normalize", config->normalize);
 }
 
 void Telnet::eval(Packet* p)

diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc
index f6f8d57e45f50fc4a31aff696b61f86777842cdc..920833cf23debb16904c1ffba2d1ec644f28c9d0 100644 (file)
--- a/src/service_inspectors/http_inspect/http_inspect.cc
+++ b/src/service_inspectors/http_inspect/http_inspect.cc
@@ -24,6 +24,8 @@
 #include "http_inspect.h"
 
 #include <cassert>
+#include <iomanip>
+#include <sstream>
 
 #include "detection/detection_engine.h"
 #include "detection/detection_util.h"
@@ -52,7 +54,35 @@ using namespace snort;
 using namespace HttpCommon;
 using namespace HttpEnums;
 
-HttpInspect::HttpInspect(const HttpParaList* params_) : 
+static std::string GetUnreservedChars(const ByteBitSet& bitset)
+{
+    const ByteBitSet& def_bitset(HttpParaList::UriParam::UriParam::default_unreserved_char);
+    std::string chars;
+
+    for (unsigned char c = 1; c; ++c)
+        if (def_bitset[c] && !bitset[c])
+            chars += c;
+
+    return chars;
+}
+
+static std::string GetBadChars(const ByteBitSet& bitset)
+{
+    std::stringstream ss;
+    ss << std::hex;
+
+    for (unsigned i = 0; i < bitset.size(); ++i)
+        if (bitset[i])
+            ss << " 0x" << std::setw(2) << std::setfill('0') << i;
+
+    auto str = ss.str();
+    if ( !str.empty() )
+        str.erase(0, 1);
+
+    return str;
+}
+
+HttpInspect::HttpInspect(const HttpParaList* params_) :
     params(params_),
     xtra_trueip_id(Stream::reg_xtra_data_cb(get_xtra_trueip)),
     xtra_uri_id(Stream::reg_xtra_data_cb(get_xtra_uri)),
@@ -92,36 +122,34 @@ void HttpInspect::show(snort::SnortConfig*)
 {
     assert(params);
 
-    if ( params->request_depth == -1 )
-        LogMessage("    request_depth: " "%s" "\n", "unlimited");
-    else
-        LogMessage("    request_depth: " STDi64 "\n", params->request_depth);
-
-    if ( params->response_depth == -1 )
-        LogMessage("    response_depth: " "%s" "\n", "unlimited");
-    else
-        LogMessage("    response_depth: " STDi64 "\n", params->response_depth);
-
-    LogMessage("    unzip: %s\n", params->unzip ? "yes" : "no");
-    LogMessage("    normalize_utf: %s\n", params->normalize_utf ? "yes" : "no");
-    LogMessage("    decompress_pdf: %s\n", params->decompress_pdf ? "yes" : "no");
-    LogMessage("    decompress_swf: %s\n", params->decompress_swf ? "yes" : "no");
-    LogMessage("    decompress_zip: %s\n", params->decompress_zip ? "yes" : "no");
-    LogMessage("    detained_inspection: %s\n", params->detained_inspection ? "yes" : "no");
-
-    LogMessage("    normalize_javascript: %s\n", params->js_norm_param.normalize_javascript ? "yes" : "no");
-    LogMessage("    max_javascript_whitespaces: %d\n", params->js_norm_param.max_javascript_whitespaces);
-
-    LogMessage("    percent_u: %s\n", params->uri_param.percent_u ? "yes" : "no");
-    LogMessage("    utf8: %s\n", params->uri_param.utf8 ? "yes" : "no");
-    LogMessage("    utf8_bare_byte: %s\n", params->uri_param.utf8_bare_byte ? "yes" : "no");
-    LogMessage("    oversize_dir_length: %d\n", params->uri_param.oversize_dir_length);
-    LogMessage("    iis_unicode: %s\n", params->uri_param.iis_unicode ? "yes" : "no");
-    LogMessage("    iis_unicode_map_file: %s\n", params->uri_param.iis_unicode_map_file.c_str());
-    LogMessage("    iis_double_decode: %s\n", params->uri_param.iis_double_decode ? "yes" : "no");
-    LogMessage("    backslash_to_slash: %s\n", params->uri_param.backslash_to_slash ? "yes" : "no");
-    LogMessage("    plus_to_space: %s\n", params->uri_param.plus_to_space ? "yes" : "no");
-    LogMessage("    simplify_path: %s\n", params->uri_param.simplify_path ? "yes" : "no");
+    auto unreserved_chars = GetUnreservedChars(params->uri_param.unreserved_char);
+    auto bad_chars = GetBadChars(params->uri_param.bad_characters);
+
+    ConfigLogger::log_limit("request_depth", params->request_depth, -1LL);
+    ConfigLogger::log_limit("response_depth", params->response_depth, -1LL);
+    ConfigLogger::log_flag("unzip", params->unzip);
+    ConfigLogger::log_flag("normalize_utf", params->normalize_utf);
+    ConfigLogger::log_flag("decompress_pdf", params->decompress_pdf);
+    ConfigLogger::log_flag("decompress_swf", params->decompress_swf);
+    ConfigLogger::log_flag("decompress_zip", params->decompress_zip);
+    ConfigLogger::log_flag("detained_inspection", params->detained_inspection);
+    ConfigLogger::log_flag("normalize_javascript", params->js_norm_param.normalize_javascript);
+    ConfigLogger::log_value("max_javascript_whitespaces",
+        params->js_norm_param.max_javascript_whitespaces);
+    ConfigLogger::log_flag("detained_inspection", params->detained_inspection);
+    ConfigLogger::log_value("bad_characters", bad_chars.c_str());
+    ConfigLogger::log_value("ignore_unreserved", unreserved_chars.c_str());
+    ConfigLogger::log_flag("percent_u", params->uri_param.percent_u);
+    ConfigLogger::log_flag("utf8", params->uri_param.utf8);
+    ConfigLogger::log_flag("utf8_bare_byte", params->uri_param.utf8_bare_byte);
+    ConfigLogger::log_flag("iis_unicode", params->uri_param.iis_unicode);
+    ConfigLogger::log_value("iis_unicode_map_file", params->uri_param.iis_unicode_map_file.c_str());
+    ConfigLogger::log_value("iis_unicode_code_page", params->uri_param.iis_unicode_code_page);
+    ConfigLogger::log_flag("iis_double_decode", params->uri_param.iis_double_decode);
+    ConfigLogger::log_value("oversize_dir_length", params->uri_param.oversize_dir_length);
+    ConfigLogger::log_flag("backslash_to_slash", params->uri_param.backslash_to_slash);
+    ConfigLogger::log_flag("plus_to_space", params->uri_param.plus_to_space);
+    ConfigLogger::log_flag("simplify_path", params->uri_param.simplify_path);
 }
 
 InspectSection HttpInspect::get_latest_is(const Packet* p)

diff --git a/src/service_inspectors/http_inspect/http_module.cc b/src/service_inspectors/http_inspect/http_module.cc
index 3af6878d932ee382f7b20309a03b066f913a0513..8ea340e090a8ac1ff6dad58e96aeb21b4545273a 100644 (file)
--- a/src/service_inspectors/http_inspect/http_module.cc
+++ b/src/service_inspectors/http_inspect/http_module.cc
@@ -306,24 +306,27 @@ HttpParaList::JsNormParam::~JsNormParam()
     delete js_norm;
 }
 
+// Characters that should not be percent-encoded
+// 0-9, a-z, A-Z, tilde, period, underscore, and minus
+// Initializer string for std::bitset is in reverse order. The first character is element 255
+// and the last is element 0.
+// __STRDUMP_DISABLE__
+const std::bitset<256> HttpParaList::UriParam::UriParam::default_unreserved_char
+    { std::string(
+        "00000000" "00000000" "00000000" "00000000"
+        "00000000" "00000000" "00000000" "00000000"
+        "00000000" "00000000" "00000000" "00000000"
+        "00000000" "00000000" "00000000" "00000000"
+        "01000111" "11111111" "11111111" "11111110"
+        "10000111" "11111111" "11111111" "11111110"
+        "00000011" "11111111" "01100000" "00000000"
+        "00000000" "00000000" "00000000" "00000000") };
+// __STRDUMP_ENABLE__
+
 // Some values in these tables may be changed by configuration parameters.
 HttpParaList::UriParam::UriParam() :
-  // Characters that should not be percent-encoded
-  // 0-9, a-z, A-Z, tilde, period, underscore, and minus
-  // Initializer string for std::bitset is in reverse order. The first character is element 255
-  // and the last is element 0.
 
-// __STRDUMP_DISABLE__
-  unreserved_char { std::string(
-      "00000000" "00000000" "00000000" "00000000"
-      "00000000" "00000000" "00000000" "00000000"
-      "00000000" "00000000" "00000000" "00000000"
-      "00000000" "00000000" "00000000" "00000000"
-      "01000111" "11111111" "11111111" "11111110"
-      "10000111" "11111111" "11111111" "11111110"
-      "00000011" "11111111" "01100000" "00000000"
-      "00000000" "00000000" "00000000" "00000000" ) },
-// __STRDUMP_ENABLE__
+  unreserved_char { default_unreserved_char },
 
   uri_char {
     CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,    CHAR_NORMAL,

diff --git a/src/service_inspectors/http_inspect/http_module.h b/src/service_inspectors/http_inspect/http_module.h
index e9021ed52059ff920be230ac4237b24b8f0de04a..ca97f9516d5e9134661e3faf97bac3ce6c94c6ab 100644 (file)
--- a/src/service_inspectors/http_inspect/http_module.h
+++ b/src/service_inspectors/http_inspect/http_module.h
@@ -75,6 +75,8 @@ public:
         std::bitset<256> bad_characters;
         std::bitset<256> unreserved_char;
         HttpEnums::CharAction uri_char[256];
+
+        static const std::bitset<256> default_unreserved_char;
     };
     UriParam uri_param;
 

diff --git a/src/service_inspectors/sip/sip.cc b/src/service_inspectors/sip/sip.cc
index bd2ed64ba054ced8ef29ce62b1ab3b2950b53105..74e916845c13c563e95946e1f7841b2517bada0f 100644 (file)
--- a/src/service_inspectors/sip/sip.cc
+++ b/src/service_inspectors/sip/sip.cc
@@ -81,74 +81,22 @@ static void FreeSipData(void* data)
     sip_freeDialogs(&ssn->dialogs);
 }
 
-static void PrintSipConf(SIP_PROTO_CONF* config)
+static std::string GetSIPMethods(SIPMethodNode* method)
 {
-    SIPMethodNode* method;
-    if (config == nullptr)
-        return;
-    LogMessage("    Max number of dialogs in a session: %d %s \n",
-        config->maxNumDialogsInSession,
-        config->maxNumDialogsInSession
-        == SIP_DEFAULT_MAX_DIALOGS_IN_SESSION ?
-        "(Default)" : "");
-
-    LogMessage("    Ignore media channel: %s\n",
-        config->ignoreChannel ?
-        "ENABLED" : "DISABLED");
-    LogMessage("    Max URI length: %d %s \n",
-        config->maxUriLen,
-        config->maxUriLen
-        == SIP_DEFAULT_MAX_URI_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max Call ID length: %d %s \n",
-        config->maxCallIdLen,
-        config->maxCallIdLen
-        == SIP_DEFAULT_MAX_CALL_ID_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max Request name length: %d %s \n",
-        config->maxRequestNameLen,
-        config->maxRequestNameLen
-        == SIP_DEFAULT_MAX_REQUEST_NAME_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max From length: %d %s \n",
-        config->maxFromLen,
-        config->maxFromLen
-        == SIP_DEFAULT_MAX_FROM_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max To length: %d %s \n",
-        config->maxToLen,
-        config->maxToLen
-        == SIP_DEFAULT_MAX_TO_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max Via length: %d %s \n",
-        config->maxViaLen,
-        config->maxViaLen
-        == SIP_DEFAULT_MAX_VIA_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max Contact length: %d %s \n",
-        config->maxContactLen,
-        config->maxContactLen
-        == SIP_DEFAULT_MAX_CONTACT_LEN ?
-        "(Default)" : "");
-    LogMessage("    Max Content length: %d %s \n",
-        config->maxContentLen,
-        config->maxContentLen
-        == SIP_DEFAULT_MAX_CONTENT_LEN ?
-        "(Default)" : "");
-    LogMessage("\n");
-    LogMessage("    Methods:\n");
-    LogMessage("\t%s ",
-        config->methodsConfig
-        == SIP_METHOD_DEFAULT ?
-        "(Default)" : "");
-    method = config->methods;
-    while (nullptr != method)
+    std::string cmds;
+
+    for (; method; method = method->nextm)
     {
-        LogMessage(" %s", method->methodName);
-        method = method->nextm;
+        cmds += method->methodName;
+        cmds += " ";
     }
 
-    LogMessage("\n");
+    if ( !cmds.empty() )
+        cmds.pop_back();
+    else
+        cmds += "none";
+
+    return cmds;
 }
 
 /*********************************************************************
@@ -271,7 +219,22 @@ Sip::~Sip()
 
 void Sip::show(SnortConfig*)
 {
-    PrintSipConf(config);
+    if ( !config )
+        return;
+
+    auto methods = GetSIPMethods(config->methods);
+
+    ConfigLogger::log_flag("ignore_call_channel", config->ignoreChannel);
+    ConfigLogger::log_value("max_call_id_len", config->maxCallIdLen);
+    ConfigLogger::log_value("max_contact_len", config->maxContactLen);
+    ConfigLogger::log_value("max_content_len", config->maxContentLen);
+    ConfigLogger::log_value("max_dialogs", config->maxNumDialogsInSession);
+    ConfigLogger::log_value("max_from_len", config->maxFromLen);
+    ConfigLogger::log_value("max_requestName_len", config->maxRequestNameLen);
+    ConfigLogger::log_value("max_to_len", config->maxToLen);
+    ConfigLogger::log_value("max_uri_len", config->maxUriLen);
+    ConfigLogger::log_value("max_via_len", config->maxViaLen);
+    ConfigLogger::log_list("methods", methods.c_str());
 }
 
 void Sip::eval(Packet* p)

diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc
index 9e0933d8537c41468041fd80ac03d380d62b0210..3aea12cef0a758ca16f5b95c36854028b63de8ef 100644 (file)
--- a/src/service_inspectors/smtp/smtp.cc
+++ b/src/service_inspectors/smtp/smtp.cc
@@ -476,12 +476,12 @@ static const char* to_string(const SMTPXlinkState& mode)
 
 static void log_mail_show(const snort::MailLogConfig& conf)
 {
-    LogFlag("log_mailfrom", conf.log_mailfrom);
-    LogFlag("log_rcptto", conf.log_rcptto);
-    LogFlag("log_filename", conf.log_filename);
+    ConfigLogger::log_flag("log_mailfrom", conf.log_mailfrom);
+    ConfigLogger::log_flag("log_rcptto", conf.log_rcptto);
+    ConfigLogger::log_flag("log_filename", conf.log_filename);
 
-    if ( LogFlag("log_email_hdrs", conf.log_email_hdrs) )
-        LogValue("email_hdrs_log_depth", conf.email_hdrs_log_depth);
+    if ( ConfigLogger::log_flag("log_email_hdrs", conf.log_email_hdrs) )
+        ConfigLogger::log_value("email_hdrs_log_depth", conf.email_hdrs_log_depth);
 }
 
 void SmtpProtoConf::show() const
@@ -494,23 +494,23 @@ void SmtpProtoConf::show() const
     auto norm_cmds = GetCmdGroup(cmds, cmd_config, NORM_CMDS);
     auto valid_cmds = GetCmdGroup(cmds, cmd_config, VALID_CMDS);
 
-    LogValue("normalize", to_string(normalize));
-    LogList("normalize_cmds", norm_cmds.c_str());
+    ConfigLogger::log_value("normalize", to_string(normalize));
+    ConfigLogger::log_list("normalize_cmds", norm_cmds.c_str());
 
-    LogFlag("ignore_tls_data", ignore_tls_data);
-    LogLimit("max_command_line_len", max_command_line_len, 0);
-    LogList("alt_max_command_line_len", alt_len_cmds.c_str());
-    LogLimit("max_header_line_len", max_header_line_len, 0);
-    LogLimit("max_auth_command_line_len", max_auth_command_line_len, 0);
-    LogLimit("max_response_line_length", max_response_line_len, 0);
+    ConfigLogger::log_flag("ignore_tls_data", ignore_tls_data);
+    ConfigLogger::log_limit("max_command_line_len", max_command_line_len, 0);
+    ConfigLogger::log_list("alt_max_command_line_len", alt_len_cmds.c_str());
+    ConfigLogger::log_limit("max_header_line_len", max_header_line_len, 0);
+    ConfigLogger::log_limit("max_auth_command_line_len", max_auth_command_line_len, 0);
+    ConfigLogger::log_limit("max_response_line_length", max_response_line_len, 0);
 
-    LogValue("xlink2state", to_string(xlink2state));
-    LogList("invalid_cmds", alert_cmds.c_str());
+    ConfigLogger::log_value("xlink2state", to_string(xlink2state));
+    ConfigLogger::log_list("invalid_cmds", alert_cmds.c_str());
 
-    LogList("auth_cmds", auth_cmds.c_str());
-    LogList("binary_data_cmds", bdata_cmds.c_str());
-    LogList("data_cmds", data_cmds.c_str());
-    LogList("valid_cmds", valid_cmds.c_str());
+    ConfigLogger::log_list("auth_cmds", auth_cmds.c_str());
+    ConfigLogger::log_list("binary_data_cmds", bdata_cmds.c_str());
+    ConfigLogger::log_list("data_cmds", data_cmds.c_str());
+    ConfigLogger::log_list("valid_cmds", valid_cmds.c_str());
 
     decode_conf.show(true);
     log_mail_show(log_config);

diff --git a/src/service_inspectors/ssh/ssh.cc b/src/service_inspectors/ssh/ssh.cc
index a3b1c1c18238a4208f790bde0433b5b6fdcc81ba..622978c57ee57c037da21136a14935b3b80fe47d 100644 (file)
--- a/src/service_inspectors/ssh/ssh.cc
+++ b/src/service_inspectors/ssh/ssh.cc
@@ -80,18 +80,6 @@ static SSHData* get_session_data(Flow* flow)
     return fd ? &fd->session : nullptr;
 }
 
-static void PrintSshConf(SSH_PROTO_CONF* config)
-{
-    if ( !config )
-        return;
-
-    LogMessage("    Max Encrypted Packets: %d\n", config->MaxEncryptedPackets);
-    LogMessage("    Max Server Version String Length: %d\n", config->MaxServerVersionLen);
-    LogMessage("    MaxClientBytes: %d\n", config->MaxClientBytes);
-
-    LogMessage("\n");
-}
-
 /* Returns the true length of the ssh packet, including
  * the ssh packet header and all padding.
  *
@@ -757,7 +745,12 @@ Ssh::~Ssh()
 
 void Ssh::show(SnortConfig*)
 {
-    PrintSshConf(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_value("max_encrypted_packets", config->MaxEncryptedPackets);
+    ConfigLogger::log_value("max_client_bytes", config->MaxClientBytes);
+    ConfigLogger::log_value("max_server_version_len", config->MaxServerVersionLen);
 }
 
 void Ssh::eval(Packet* p)

diff --git a/src/service_inspectors/ssl/ssl_inspector.cc b/src/service_inspectors/ssl/ssl_inspector.cc
index a023fd6ee2736f604dca8f5f1e2fed61a3eb7d35..89a9d51a8107de29b975866bb538c38ebfbd27c6 100644 (file)
--- a/src/service_inspectors/ssl/ssl_inspector.cc
+++ b/src/service_inspectors/ssl/ssl_inspector.cc
@@ -99,18 +99,6 @@ SSLData* get_ssl_session_data(Flow* flow)
     return fd ? &fd->session : nullptr;
 }
 
-static void PrintSslConf(SSL_PROTO_CONF* config)
-{
-    if (config == nullptr)
-        return;
-    if ( config->trustservers )
-    {
-        LogMessage("    Server side data is trusted\n");
-    }
-
-    LogMessage("\n");
-}
-
 static void SSL_UpdateCounts(const uint32_t new_flags)
 {
     if (new_flags & SSL_CHANGE_CIPHER_FLAG)
@@ -445,7 +433,11 @@ Ssl::~Ssl()
 
 void Ssl::show(SnortConfig*)
 {
-    PrintSslConf(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_flag("trust_servers", config->trustservers);
+    ConfigLogger::log_value("max_heartbeat_length", config->max_heartbeat_len);
 }
 
 void Ssl::eval(Packet* p)

diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc
index 5e2a9e9710f35f220ef6f7b013f60110be3e0148..5c863e7db994f68b760cef83a0300b352686f4de 100644 (file)
--- a/src/stream/base/stream_base.cc
+++ b/src/stream/base/stream_base.cc
@@ -207,10 +207,11 @@ void StreamBase::tterm()
     FlushBucket::clear();
 }
 
-void StreamBase::show(SnortConfig*)
+void StreamBase::show(SnortConfig* sc)
 {
-    LogMessage("    Max flows: %d\n", config.flow_cache_cfg.max_flows);
-    LogMessage("    Pruning timeout: %d\n", config.flow_cache_cfg.pruning_timeout);
+    if ( sc )
+        ConfigLogger::log_flag("ip_frags_only", sc->ip_frags_only());
+    config.show();
 }
 
 void StreamBase::eval(Packet* p)

diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc
index f700a6ba575f0bea308c4fceeba23fc9cb045b73..c6a3345b892b83781d1ff3bace9494fdaf524645 100644 (file)
--- a/src/stream/base/stream_module.cc
+++ b/src/stream/base/stream_module.cc
@@ -98,6 +98,9 @@ static const RuleMap stream_rules[] =
     { 0, nullptr }
 };
 
+static const char* const flow_type_names[] =
+{ "none", "ip_cache", "tcp_cache", "udp_cache", "icmp_cache", "user_cache", "file_cache", "max"};
+
 StreamModule::StreamModule() :
     Module(MOD_NAME, MOD_HELP, s_params, false, &stream_trace)
 { }
@@ -266,3 +269,18 @@ bool StreamReloadResourceManager::tune_resources(unsigned work_limit)
     return ( flows_to_delete ) ? false : true;
 }
 
+void StreamModuleConfig::show() const
+{
+    ConfigLogger::log_value("max_flows", flow_cache_cfg.max_flows);
+    ConfigLogger::log_value("pruning_timeout", flow_cache_cfg.pruning_timeout);
+
+    for (int i = to_utype(PktType::IP); i < to_utype(PktType::MAX); ++i)
+    {
+        std::string tmp;
+        tmp += "{ idle_timeout = " + std::to_string(flow_cache_cfg.proto[i].nominal_timeout);
+        tmp += ", cap_weight = " + std::to_string(flow_cache_cfg.proto[i].cap_weight);
+        tmp += " }";
+
+        ConfigLogger::log_value(flow_type_names[i], tmp.c_str());
+    }
+}

diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h
index acba5f112aab3e64a0e1b0ae01755344058eb3e0..2e09796813da1904595fdddf36d083171b5b4091 100644 (file)
--- a/src/stream/base/stream_module.h
+++ b/src/stream/base/stream_module.h
@@ -79,6 +79,7 @@ struct StreamModuleConfig
     unsigned footprint = 0;
 #endif
 
+    void show() const;
 };
 
 class StreamReloadResourceManager : public snort::ReloadResourceTuner

diff --git a/src/stream/file/stream_file.cc b/src/stream/file/stream_file.cc
index 5597ff203b2f4662ca1b56661566c8d36b842b90..c9f2bb4f6c4f62faebb7dcc1200168d836d88a54 100644 (file)
--- a/src/stream/file/stream_file.cc
+++ b/src/stream/file/stream_file.cc
@@ -23,6 +23,8 @@
 
 #include "stream_file.h"
 
+#include "log/messages.h"
+
 #include "file_module.h"
 #include "file_session.h"
 
@@ -39,6 +41,7 @@ public:
     { config.upload = b; }
 
     NORETURN_ASSERT void eval(Packet*) override;
+    void show(SnortConfig*) override;
 
     StreamFileConfig config;
 };
@@ -49,6 +52,11 @@ NORETURN_ASSERT void StreamFile::eval(Packet*)
     assert(false);
 }
 
+void StreamFile::show(SnortConfig*)
+{
+    ConfigLogger::log_flag("upload", config.upload);
+}
+
 StreamFileConfig* get_file_cfg(Inspector* ins)
 {
     assert(ins);

diff --git a/src/stream/icmp/stream_icmp.cc b/src/stream/icmp/stream_icmp.cc
index 809ece03dd05b976daf3fc6eb3478db5022eafab..10dbcd8473ca38a3c08864c36d08ef5e4e0990a4 100644 (file)
--- a/src/stream/icmp/stream_icmp.cc
+++ b/src/stream/icmp/stream_icmp.cc
@@ -40,11 +40,6 @@ StreamIcmpConfig::StreamIcmpConfig()
     session_timeout = 30;
 }
 
-static void icmp_show(StreamIcmpConfig* pc)
-{
-    LogMessage("    Timeout: %d seconds\n", pc->session_timeout);
-}
-
 //-------------------------------------------------------------------------
 // inspector stuff
 //-------------------------------------------------------------------------
@@ -74,7 +69,10 @@ StreamIcmp::~StreamIcmp()
 
 void StreamIcmp::show(SnortConfig*)
 {
-    icmp_show(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_value("session_timeout", config->session_timeout);
 }
 
 NORETURN_ASSERT void StreamIcmp::eval(Packet*)

diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc
index 73f6942071873e4231e5c4edfd510eda3aaeae15..24ac736cef5d3438911e6dc1a3397cf7ca77c4d2 100644 (file)
--- a/src/stream/ip/ip_defrag.cc
+++ b/src/stream/ip/ip_defrag.cc
@@ -183,24 +183,6 @@ static const char* const frag_policy_names[] =
     "SOLARIS"
 };
 
-static void FragPrintEngineConfig(FragEngine* engine)
-{
-    LogMessage("    engine-based policy: %s\n",
-        frag_policy_names[engine->frag_policy]);
-    LogMessage("    Fragment timeout: %d seconds\n",
-        engine->frag_timeout);
-    LogMessage("    Fragment min_ttl:   %d\n", engine->min_ttl);
-
-    LogMessage("    Max frags: %d\n", engine->max_frags);
-    LogMessage("    Max overlaps:     %d\n",
-        engine->max_overlaps);
-    LogMessage("    Min fragment Length:     %d\n",
-        engine->min_fragment_length);
-#ifdef REG_TEST
-    LogMessage("    FragTracker Size: %zu\n", sizeof(FragTracker));
-#endif
-}
-
 static inline void EventAnomIpOpts(FragEngine*)
 {
     DetectionEngine::queue_event(GID_DEFRAG, DEFRAG_IPOPTIONS);
@@ -857,7 +839,11 @@ bool Defrag::configure(SnortConfig* sc)
 
 void Defrag::show(SnortConfig*)
 {
-    FragPrintEngineConfig(&engine);
+    ConfigLogger::log_value("max_frags", engine.max_frags);
+    ConfigLogger::log_value("max_overlaps", engine.max_overlaps);
+    ConfigLogger::log_value("min_frag_length", engine.min_fragment_length);
+    ConfigLogger::log_value("min_ttl", engine.min_ttl);
+    ConfigLogger::log_value("policy", frag_policy_names[engine.frag_policy]);
 }
 
 void Defrag::cleanup(FragTracker* ft)

diff --git a/src/stream/ip/stream_ip.cc b/src/stream/ip/stream_ip.cc
index 31d25cefae9759ad6442502f48fd07e136765195..694efe0845ce575f88b11f903d95097b9c374f13 100644 (file)
--- a/src/stream/ip/stream_ip.cc
+++ b/src/stream/ip/stream_ip.cc
@@ -59,11 +59,6 @@ StreamIpConfig::StreamIpConfig()
     frag_engine.min_fragment_length = 0;
 }
 
-static void ip_show(StreamIpConfig* pc)
-{
-    LogMessage("    Timeout: %d seconds\n", pc->session_timeout);
-}
-
 //-------------------------------------------------------------------------
 // inspector stuff
 //-------------------------------------------------------------------------
@@ -104,8 +99,11 @@ bool StreamIp::configure(SnortConfig* sc)
 
 void StreamIp::show(SnortConfig* sc)
 {
-    ip_show(config);
+    if ( !config )
+        return;
+
     defrag->show(sc);
+    ConfigLogger::log_value("session_timeout", config->session_timeout);
 }
 
 NORETURN_ASSERT void StreamIp::eval(Packet*)

diff --git a/src/stream/tcp/stream_tcp.cc b/src/stream/tcp/stream_tcp.cc
index 33e1d9aadf8466f1425e2116869e3199abf1dc2e..1433e90c5759051a0833b1394b642d368ceda09a 100644 (file)
--- a/src/stream/tcp/stream_tcp.cc
+++ b/src/stream/tcp/stream_tcp.cc
@@ -59,7 +59,12 @@ StreamTcp::~StreamTcp()
 { delete config; }
 
 void StreamTcp::show(SnortConfig*)
-{ TcpStreamConfig::show_config(config); }
+{
+    if ( !config )
+        return;
+
+    config->show();
+}
 
 bool StreamTcp::configure(SnortConfig* sc)
 {

diff --git a/src/stream/tcp/tcp_stream_config.cc b/src/stream/tcp/tcp_stream_config.cc
index 40ff21d1d08315a4f4d10bbcea29d57d63db2dcd..dad8375e9e184ef8424c6895b47e196f61307c32 100644 (file)
--- a/src/stream/tcp/tcp_stream_config.cc
+++ b/src/stream/tcp/tcp_stream_config.cc
@@ -29,47 +29,40 @@
 
 using namespace snort;
 
-static const char* const reassembly_policy_names[] =
+static const char* const policy_names[] =
 { "first", "last", "linux", "old_linux", "bsd", "macos", "solaris", "irix",
   "hpux11", "hpux10", "windows", "win_2003", "vista", "proxy" };
 
 TcpStreamConfig::TcpStreamConfig() = default;
 
-void TcpStreamConfig::show_config() const
+void TcpStreamConfig::show() const
 {
-    TcpStreamConfig::show_config(this);
-}
-
-void TcpStreamConfig::show_config(const TcpStreamConfig* config)
-{
-    LogMessage("    Reassembly Policy: %s\n",
-        reassembly_policy_names[ static_cast<int>( config->reassembly_policy ) ]);
-    LogMessage("    Timeout: %d seconds\n", config->session_timeout);
-
-    if ( config->max_window != 0 )
-        LogMessage("    Max TCP Window: %u\n", config->max_window);
-
-    if ( config->overlap_limit )
-        LogMessage("    Limit on TCP Overlaps: %d\n", config->overlap_limit);
-
-    if ( config->max_queued_bytes != 0 )
-        LogMessage("    Maximum number of bytes to queue per session: %d\n",
-            config->max_queued_bytes);
-
-    if ( config->max_queued_segs != 0 )
-        LogMessage("    Maximum number of segs to queue per session: %d\n",
-            config->max_queued_segs);
-
-    if ( config->flags )
-    {
-        LogMessage("    Options:\n");
-        if (config->flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY)
-            LogMessage("        Don't queue packets on one-sided sessions: YES\n");
-    }
-
-    if ( config->hs_timeout < 0 )
-        LogMessage("    Require 3-Way Handshake: NO\n");
-    else
-        LogMessage("    Require 3-Way Handshake: after %d seconds\n", config->hs_timeout);
+    ConfigLogger::log_value("flush_factor", flush_factor);
+    ConfigLogger::log_value("max_pdu", paf_max);
+    ConfigLogger::log_value("max_window", max_window);
+    ConfigLogger::log_flag("no_ack", no_ack);
+    ConfigLogger::log_value("overlap_limit", overlap_limit);
+    ConfigLogger::log_value("policy", policy_names[static_cast<int>(policy)]);
+
+    std::string str;
+    str += "{ max_bytes = ";
+    str += std::to_string(max_queued_bytes);
+    str += ", max_segments = ";
+    str += std::to_string(max_queued_segs);
+    str += " }";
+    ConfigLogger::log_value("queue_limit", str.c_str());
+
+    ConfigLogger::log_flag("reassemble_async", !(flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY));
+    ConfigLogger::log_limit("require_3whs", hs_timeout, -1, hs_timeout < 0 ? hs_timeout : -1);
+    ConfigLogger::log_value("session_timeout", session_timeout);
+
+    str = "{ count = ";
+    str += std::to_string(max_consec_small_segs);
+    str += ", maximum_size = ";
+    str += std::to_string(max_consec_small_seg_size);
+    str += " }";
+    ConfigLogger::log_value("small_segments", str.c_str());
+
+    ConfigLogger::log_flag("track_only", (flags & STREAM_CONFIG_NO_REASSEMBLY));
 }
 

diff --git a/src/stream/tcp/tcp_stream_config.h b/src/stream/tcp/tcp_stream_config.h
index cd3d6f5f49144977f7746cef10acb480418beebd..40595a5a35e2649190758de5a7cfe4429d3750f3 100644 (file)
--- a/src/stream/tcp/tcp_stream_config.h
+++ b/src/stream/tcp/tcp_stream_config.h
@@ -50,11 +50,9 @@ public:
         return false;
     }
 
-    void show_config() const;
-    static void show_config(const TcpStreamConfig*);
+    void show() const;
 
     StreamPolicy policy = StreamPolicy::OS_DEFAULT;
-    StreamPolicy reassembly_policy = StreamPolicy::OS_DEFAULT;
 
     uint16_t flags = 0;
     uint16_t flush_factor = 0;

diff --git a/src/stream/udp/stream_udp.cc b/src/stream/udp/stream_udp.cc
index e071bd97ac3a36d3b662e8f25148b2bf9af66eb9..f8444a5bc622738a662fba23143323172a9c8fba 100644 (file)
--- a/src/stream/udp/stream_udp.cc
+++ b/src/stream/udp/stream_udp.cc
@@ -39,15 +39,6 @@ StreamUdpConfig::StreamUdpConfig()
     session_timeout = 30;
 }
 
-static void udp_show(StreamUdpConfig* pc)
-{
-    LogMessage("    Timeout: %d seconds\n", pc->session_timeout);
-
-#ifdef REG_TEST
-    LogMessage("    UDP Session Size: %zu\n", sizeof(UdpSession));
-#endif
-}
-
 //-------------------------------------------------------------------------
 // inspector stuff
 //-------------------------------------------------------------------------
@@ -77,8 +68,10 @@ StreamUdp::~StreamUdp()
 
 void StreamUdp::show(SnortConfig*)
 {
-    if ( config )
-        udp_show(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_value("session_timeout", config->session_timeout);
 }
 
 NORETURN_ASSERT void StreamUdp::eval(Packet*)

diff --git a/src/stream/user/stream_user.cc b/src/stream/user/stream_user.cc
index 3c1117bd83a0fe29d1000d7359c46f48715bcc72..f747e188df4a42c4bb1106bbf68d2936590b0602 100644 (file)
--- a/src/stream/user/stream_user.cc
+++ b/src/stream/user/stream_user.cc
@@ -39,11 +39,6 @@ StreamUserConfig::StreamUserConfig()
     session_timeout = 60;
 }
 
-static void user_show (StreamUserConfig* pc)
-{
-    LogMessage("    Timeout: %d seconds\n", pc->session_timeout);
-}
-
 //-------------------------------------------------------------------------
 // inspector stuff
 //-------------------------------------------------------------------------
@@ -74,7 +69,10 @@ StreamUser::~StreamUser()
 
 void StreamUser::show(SnortConfig*)
 {
-    user_show(config);
+    if ( !config )
+        return;
+
+    ConfigLogger::log_value("session_timeout", config->session_timeout);
 }
 
 NORETURN_ASSERT void StreamUser::eval(Packet*)

diff --git a/src/utils/sflsq.cc b/src/utils/sflsq.cc
index 4f54d6c1b06ddf9e5be062c973872d062a60a31d..b86bd45c9a480ccb6b8de398878ba89d38c35d36 100644 (file)
--- a/src/utils/sflsq.cc
+++ b/src/utils/sflsq.cc
@@ -116,7 +116,7 @@ void sflist_add_tail(SF_LIST* s, NODE_DATA ndata)
     s->count++;
 }
 
-NODE_DATA sflist_first(SF_LIST* s, SF_LNODE** v)
+NODE_DATA sflist_first(const SF_LIST* s, SF_LNODE** v)
 {
     if ( !s )
     {

diff --git a/src/utils/sflsq.h b/src/utils/sflsq.h
index 3e736dbb46ff3cced733df850bc49ca67d75f2ea..c4505f087f329c5ff69a37ad37786de9d30d717f 100644 (file)
--- a/src/utils/sflsq.h
+++ b/src/utils/sflsq.h
@@ -59,7 +59,7 @@ SO_PUBLIC void sflist_add_before(SF_LIST*, SF_LNODE*, NODE_DATA);
 SO_PUBLIC NODE_DATA sflist_remove_head(SF_LIST*);
 SO_PUBLIC NODE_DATA sflist_remove_tail(SF_LIST*);
 SO_PUBLIC int sflist_count(SF_LIST*);
-SO_PUBLIC NODE_DATA sflist_first(SF_LIST*, SF_LNODE**);
+SO_PUBLIC NODE_DATA sflist_first(const SF_LIST*, SF_LNODE**);
 SO_PUBLIC NODE_DATA sflist_next(SF_LNODE**);
 SO_PUBLIC void sflist_free(SF_LIST*);
 SO_PUBLIC void sflist_free_all(SF_LIST*, void (* free)(void*) );

diff --git a/tools/snort2lua/preprocessor_states/pps_appid.cc b/tools/snort2lua/preprocessor_states/pps_appid.cc
index ef764b8595a19e6b6859a0ab5c2da408f5d8c2cb..1cd729bc06804dc17b16cd8587182bd76dff9183 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_appid.cc
+++ b/tools/snort2lua/preprocessor_states/pps_appid.cc
@@ -68,23 +68,15 @@ bool AppId::convert(std::istringstream& data_stream)
         {
             tmpval = parse_int_option("memcap", arg_stream, false);
         }
-        else if (keyword == "debug")
+        else if (keyword == "list_odp_detectors")
         {
             std::string val;
             if (!(arg_stream >> val))
-                data_api.failed_conversion(arg_stream,  "appid: debug <missing_arg>");
+                data_api.failed_conversion(arg_stream,  "appid: list_odp_detectors <missing_arg>");
             else if (val == "yes")
-                table_api.add_option("debug", true);
+                table_api.add_option("list_odp_detectors", true);
             else
-                table_api.add_option("debug", false);
-        }
-        else if (keyword == "dump_ports")
-        {
-            table_api.add_option("dump_ports", true);
-        }
-        else if (keyword == "instance_id")
-        {
-            tmpval = parse_int_option("instance_id", arg_stream, false);
+                table_api.add_option("list_odp_detectors", false);
         }
         else if (keyword == "app_stats_filename")
         {
@@ -107,10 +99,6 @@ bool AppId::convert(std::istringstream& data_stream)
         {
             tmpval = parse_int_option("app_stats_rollover_size", arg_stream, false);
         }
-        else if (keyword == "app_stats_rollover_time")
-        {
-            tmpval = parse_int_option("app_stats_rollover_time", arg_stream, false);
-        }
         else if (keyword == "app_detector_dir")
         {
             std::string file_name;