Merge in SNORT/snort3 from ~RUCOMBS/snort3:rule_db_dir to master
Squashed commit of the following:
commit
453e493024c93e33af63800afa5322e7b47c6013
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 4 07:58:10 2024 -0400
snort: bump minor version for MPSE API change
commit
e2a836a2dcaafd000edebaf275244bd8f5e7424c
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Sep 12 12:28:39 2024 -0400
snort, search_engine: remove --dump-rule-databases
Rules are now automatically dumped to search_engine.rule_db_dir if not
loaded. Combine with snort --mem-check to get equivalent functionality
to --dump-rule-databases.
project (snort CXX C)
set (VERSION_MAJOR 3)
-set (VERSION_MINOR 3)
-set (VERSION_PATCH 7)
+set (VERSION_MINOR 4)
+set (VERSION_PATCH 0)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
void set_debug_print_rule_groups_uncompiled()
{ portlists_flags |= PL_DEBUG_PRINT_RULEGROUPS_UNCOMPILED; }
+#ifdef HAVE_HYPERSCAN
void set_rule_db_dir(const char* s)
{ rule_db_dir = s; }
const std::string& get_rule_db_dir() const
{ return rule_db_dir; }
+#endif
bool set_search_method(const char*);
const char* get_search_method() const;
int portlists_flags = 0;
unsigned num_patterns_truncated = 0; // due to max_pattern_len
+#ifdef HAVE_HYPERSCAN
std::string rule_db_dir;
+#endif
};
#endif
if ( !sc->test_mode() or sc->mem_check() )
{
+#ifdef HAVE_HYPERSCAN
if ( !fp->get_rule_db_dir().empty() )
mpse_loaded = fp_deserialize(sc, fp->get_rule_db_dir());
+#endif
unsigned c = compile_mpses(sc, can_build_mt(fp));
unsigned expected = mpse_count + offload_mpse_count;
bool label = fp_print_port_groups(port_tables);
fp_print_service_groups(sc->spgmmTable, !label);
- if ( !sc->rule_db_dir.empty() )
- mpse_dumped = fp_serialize(sc, sc->rule_db_dir);
+#ifdef HAVE_HYPERSCAN
+ if ( !fp->get_rule_db_dir().empty() )
+ mpse_dumped = fp_serialize(sc, fp->get_rule_db_dir());
+#endif
if ( mpse_count )
{
uint8_t* db = nullptr;
size_t len = 0;
- if ( it->group.normal_mpse->serialize(db, len) and db and len > 0 )
+ int result = it->group.normal_mpse->serialize(db, len);
+
+ if ( result == 1 and db and len > 0 )
{
store(file, db, len);
free(db);
}
else
{
- ParseWarning(WARN_RULES, "Failed to serialize %s", file.c_str());
+ if ( result != 0 )
+ ParseWarning(WARN_RULES, "Failed to serialize %s", file.c_str());
return false;
}
}
namespace snort
{
// this is the current version of the api
-#define SEAPI_VERSION ((BASE_API_VERSION << 16) | 1)
+#define SEAPI_VERSION ((BASE_API_VERSION << 16) | 2)
struct SnortConfig;
struct MpseApi;
virtual int print_info() { return 0; }
virtual int get_pattern_count() const { return 0; }
- virtual bool serialize(uint8_t*&, size_t&) const { return false; }
+ virtual int serialize(uint8_t*&, size_t&) const { return -1; }
virtual bool deserialize(const uint8_t*, size_t) { return false; }
virtual void get_hash(std::string&) { }
{ "offload_search_method", Parameter::PT_DYNAMIC, (void*)&get_search_methods, nullptr,
"set fast pattern offload algorithm - choose available search engine" },
+#ifdef HAVE_HYPERSCAN
{ "rule_db_dir", Parameter::PT_STRING, nullptr, nullptr,
- "deserialize rule databases from given directory" },
+ "directory for reading / writing rule group databases" },
+#endif
{ "split_any_any", Parameter::PT_BOOL, nullptr, "true",
"evaluate any-any rules separately to save memory" },
else if ( v.is("detect_raw_tcp") )
fp->set_stream_insert(v.get_bool());
+#ifdef HAVE_HYPERSCAN
else if ( v.is("rule_db_dir") )
fp->set_rule_db_dir(v.get_string());
+#endif
else if ( v.is("search_method") )
{
if (cmd_line_conf->dirty_pig)
dirty_pig = cmd_line_conf->dirty_pig;
- // --dump-rule-databases
- if (!cmd_line_conf->rule_db_dir.empty())
- rule_db_dir = cmd_line_conf->rule_db_dir;
-
// --id-offset
id_offset = cmd_line_conf->id_offset;
// --id-subdir
obfuscation_net.set(mask);
}
-void SnortConfig::set_rule_db_dir(const char* directory)
-{
- assert(directory);
- rule_db_dir = directory;
-}
-
void SnortConfig::set_gid(const char* args)
{
struct group* gr;
std::string chroot_dir; /* -t or config chroot */
std::string include_path;
std::string plugin_path;
- std::string rule_db_dir;
std::vector<std::string> script_paths;
mode_t file_mask = 0;
void set_overlay_trace_config(TraceConfig*);
void set_include_path(const char*);
void set_process_all_events(bool);
- void set_rule_db_dir(const char*);
void set_show_year(bool);
void set_tunnel_verdicts(const char*);
void set_tweaks(const char*);
{ "--dump-defaults", Parameter::PT_STRING, "(optional)", nullptr,
"[<module prefix>] output module defaults in Lua format" },
- { "--dump-rule-databases", Parameter::PT_STRING, nullptr, nullptr,
- "dump rule databases to given directory (hyperscan only)" },
-
{ "--dump-rule-deps", Parameter::PT_IMPLIED, nullptr, nullptr,
"dump rule dependencies in json format for use by other tools" },
else if ( is(v, "--dump-defaults") )
dump_defaults(sc, v.get_string());
- else if ( is(v, "--dump-rule-databases") )
- {
- sc->set_rule_db_dir(v.get_string());
- sc->run_flags |= (RUN_FLAG__TEST | RUN_FLAG__MEM_CHECK);
- }
else if ( is(v, "--dump-rule-deps") )
{
sc->run_flags |= (RUN_FLAG__DUMP_RULE_DEPS | RUN_FLAG__TEST);
unsigned id, unsigned long long from, unsigned long long to,
unsigned flags, void*);
- bool serialize(uint8_t*&, size_t&) const override;
+ int serialize(uint8_t*&, size_t&) const override;
bool deserialize(const uint8_t*, size_t) override;
void get_hash(std::string&) override;
PatternVector pvector;
hs_database_t* hs_db = nullptr;
+ bool compiled = false;
public:
static uint64_t instances;
uint64_t HyperscanMpse::instances = 0;
uint64_t HyperscanMpse::patterns = 0;
-bool HyperscanMpse::serialize(uint8_t*& buf, size_t& sz) const
-{ return hs_db and (hs_serialize_database(hs_db, (char**)&buf, &sz) == HS_SUCCESS) and buf; }
+int HyperscanMpse::serialize(uint8_t*& buf, size_t& sz) const
+{
+ if ( !compiled )
+ return 0;
+
+ return (hs_db and (hs_serialize_database(hs_db, (char**)&buf, &sz) == HS_SUCCESS) and buf) ? 1 : -1;
+}
bool HyperscanMpse::deserialize(const uint8_t* buf, size_t sz)
{
return -2;
}
+ compiled = true;
+
if ( agent )
user_ctor(sc);
PT_SEARCH_ENGINE,
sizeof(MpseApi),
SEAPI_VERSION,
- 0,
+ 1,
API_RESERVED,
API_OPTIONS,
s_name,
projects / thirdparty / snort3.git / commitdiff
