From: Russ Combs (rucombs) Date: Wed, 5 Dec 2018 22:57:09 +0000 (-0500) Subject: Merge pull request #1452 in SNORT/snort3 from ~RUCOMBS/snort3:int_types to master X-Git-Tag: 3.0.0-250~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=020356df5610f79286513d9610bb7c411281fb7f;p=thirdparty%2Fsnort3.git Merge pull request #1452 in SNORT/snort3 from ~RUCOMBS/snort3:int_types to master Squashed commit of the following: commit 927335a9d770afd3f976c5d433dfbf59c358f1d3 Author: russ Date: Sat Dec 1 09:08:48 2018 -0500 build: clean up additional warnings commit 237dc040cedf560fa2e10127c5db9cf6b313fd8c Author: russ Date: Fri Nov 30 14:54:58 2018 -0500 build: fix some int format specifiers commit bd1b6a63ed81d99dcec9404bdf08a886d04acf48 Author: russ Date: Fri Nov 30 14:22:37 2018 -0500 build: fix some int type conversion warnings commit 489e5ce892199bef55974bbd1b85281fd1e1c453 Author: russ Date: Fri Nov 30 08:17:16 2018 -0500 parameter: remove arbitrary one day limit on timers commit dadfae41cc9e2cc73809688de593f93b9d4e6a20 Author: russ Date: Thu Nov 29 08:46:55 2018 -0500 snort: add --help-limits to output max* values commit 8886dbaec359e974b016d5f33e50fd75a62722ef Author: russ Date: Thu Nov 29 07:50:07 2018 -0500 parameter: add maxSZ upper bound for int sizes commit 4d29c63de0c65315f3cfb7c30d63604366369095 Author: russ Date: Wed Nov 28 13:39:16 2018 -0500 parameter: add max31, max32, and max53 for int upper bounds commit 25c837adb622de44ea746d8081498b4a3c3e3d7a Author: russ Date: Tue Nov 27 08:27:05 2018 -0500 spelling: fix typo, disable checks on test data commit acca70d032f3de0ca5e3ca0ef4e80dbd2199d743 Author: russ Date: Mon Nov 26 22:46:47 2018 -0500 parameter: clean up some signed/unsigned mismatches commit f0d5e1a033ccf16a57af6551f098bb43adf19fdd Author: russ Date: Mon Nov 26 17:37:52 2018 -0500 parameter: remove ineffective -1 from pcre_match_limit* commit f52729f59324519be52a0058fbe3c104bb056783 Author: russ Date: Mon Nov 26 12:03:55 2018 -0500 parameter: use bool instead of int for bools commit c845621d7900f97da697a966b4b2fe8af9008614 Author: russ Date: Mon Nov 26 11:44:57 2018 -0500 parameter: use consistent default port ranges commit ab3be3c2121bb9a2f89f65ed3712eb5f5f68046b Author: russ Date: Mon Nov 26 08:32:20 2018 -0500 parameter: clean up upper bounds commit 78aaf9fc08d6b05e8949426eace6a83e06f731ea Author: russ Date: Fri Nov 23 10:52:57 2018 -0500 parameter: build out validation unit tests commit ed4235ab439d1966e645378f97fd079672329091 Author: russ Date: Fri Nov 23 09:16:35 2018 -0500 perf_monitor: fix benign parameter errors commit bfcbb47e5c01608532df3308cf2e684c5e06b6dc Author: russ Date: Fri Nov 23 09:14:57 2018 -0500 parameter: reorgranize for unit tests --- diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc index 9a8d85251..c364ce8ef 100644 --- a/src/actions/act_reject.cc +++ b/src/actions/act_reject.cc @@ -209,10 +209,10 @@ static const int unr[] = bool RejectModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("reset") ) - flags |= rst[v.get_long()]; + flags |= rst[v.get_uint8()]; else if ( v.is("control") ) - flags |= unr[v.get_long()]; + flags |= unr[v.get_uint8()]; else return false; diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 3351a0fca..e75006137 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -101,7 +101,7 @@ public: { if ( v.is("deep_teredo_inspection") ) { - sc->enable_teredo = v.get_long(); // FIXIT-L move to existing bitfield + sc->enable_teredo = v.get_bool(); } else if ( v.is("gtp_ports") ) { diff --git a/src/codecs/link/cd_mpls.cc b/src/codecs/link/cd_mpls.cc index 3e04f6692..757fd2efe 100644 --- a/src/codecs/link/cd_mpls.cc +++ b/src/codecs/link/cd_mpls.cc @@ -43,7 +43,7 @@ static const Parameter mpls_params[] = { "enable_mpls_overlapping_ip", Parameter::PT_BOOL, nullptr, "false", "enable if private network addresses overlap and must be differentiated by MPLS label(s)" }, - { "max_mpls_stack_depth", Parameter::PT_INT, "-1:", "-1", + { "max_mpls_stack_depth", Parameter::PT_INT, "-1:255", "-1", "set MPLS stack depth" }, { "mpls_payload_type", Parameter::PT_ENUM, "eth | ip4 | ip6", "ip4", @@ -101,11 +101,11 @@ public: } else if ( v.is("max_mpls_stack_depth") ) { - sc->mpls_stack_depth = v.get_long(); + sc->mpls_stack_depth = v.get_int16(); } else if ( v.is("mpls_payload_type") ) { - sc->mpls_payload_type = v.get_long() + 1; + sc->mpls_payload_type = v.get_uint8() + 1; } else return false; diff --git a/src/connectors/file_connector/file_connector_module.cc b/src/connectors/file_connector/file_connector_module.cc index df32877dc..6e2b32ce0 100644 --- a/src/connectors/file_connector/file_connector_module.cc +++ b/src/connectors/file_connector/file_connector_module.cc @@ -83,10 +83,10 @@ bool FileConnectorModule::set(const char*, Value& v, SnortConfig*) config->name = v.get_string(); else if ( v.is("format") ) - config->text_format = ( v.get_long() == 1 ); + config->text_format = ( v.get_uint8() == 1 ); else if ( v.is("direction") ) - switch ( v.get_long() ) + switch ( v.get_uint8() ) { case 0: { diff --git a/src/connectors/tcp_connector/tcp_connector_module.cc b/src/connectors/tcp_connector/tcp_connector_module.cc index 20355ae9c..4da921086 100644 --- a/src/connectors/tcp_connector/tcp_connector_module.cc +++ b/src/connectors/tcp_connector/tcp_connector_module.cc @@ -83,10 +83,10 @@ bool TcpConnectorModule::set(const char*, Value& v, SnortConfig*) config->address = v.get_string(); else if ( v.is("base_port") ) - config->base_port = v.get_long(); + config->base_port = v.get_uint16(); else if ( v.is("setup") ) - switch ( v.get_long() ) + switch ( v.get_uint8() ) { case 0: { diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index 39889d91f..152136304 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -136,7 +136,7 @@ Packet* DetectionEngine::set_next_packet(Packet* parent) else if ( Snort::get_switcher()->get_context() ) p->active = get_current_packet()->active; - // shutdown, so use a dummy so nullchecking is needed everywhere + // shutdown, so use a dummy so null checking is not needed everywhere else { p->active = &shutdown_active; diff --git a/src/detection/detection_util.cc b/src/detection/detection_util.cc index 40474820e..4304925b6 100644 --- a/src/detection/detection_util.cc +++ b/src/detection/detection_util.cc @@ -84,8 +84,8 @@ void EventTrace_Log(const Packet* p, const OptTreeNode* otn, int action) event_id, otn->sigInfo.gid, otn->sigInfo.sid, otn->sigInfo.rev, acts); TextLog_Print(tlog, - "Pkt=%lu, Sec=%u.%6u, Len=%u, Cap=%u\n", - p->context->packet_number, p->pkth->ts.tv_sec, p->pkth->ts.tv_usec, + "Pkt=" STDu64 ", Sec=%lu.%6lu, Len=%u, Cap=%u\n", + p->context->packet_number, (long)p->pkth->ts.tv_sec, (long)p->pkth->ts.tv_usec, p->pkth->pktlen, p->pkth->caplen); TextLog_Print(tlog, diff --git a/src/detection/fp_config.cc b/src/detection/fp_config.cc index 9d6c87f6e..5a285efe5 100644 --- a/src/detection/fp_config.cc +++ b/src/detection/fp_config.cc @@ -75,7 +75,7 @@ void FastPatternConfig::set_max_pattern_len(unsigned int max_len) max_pattern_len = max_len; } -int FastPatternConfig::set_max(int bytes) +unsigned FastPatternConfig::set_max(unsigned bytes) { if ( max_pattern_len and (bytes > max_pattern_len) ) { diff --git a/src/detection/fp_config.h b/src/detection/fp_config.h index 184c2d3ea..a6985652a 100644 --- a/src/detection/fp_config.h +++ b/src/detection/fp_config.h @@ -116,10 +116,10 @@ public: void set_debug_print_rule_groups_uncompiled() { portlists_flags |= PL_DEBUG_PRINT_RULEGROUPS_UNCOMPILED; } - void set_search_opt(int flag) + void set_search_opt(bool flag) { search_opt = flag; } - int get_search_opt() + bool get_search_opt() { return search_opt; } bool set_search_method(const char*); @@ -142,10 +142,7 @@ public: int get_num_patterns_truncated() { return num_patterns_truncated; } - int set_max(int bytes); - - int get_max_pattern_len() - { return max_pattern_len; } + unsigned set_max(unsigned bytes); private: const snort::MpseApi* search_api; @@ -155,13 +152,13 @@ private: bool split_any_any = false; bool debug_print_fast_pattern = false; bool debug = false; + bool search_opt = false; unsigned max_queue_events = 5; unsigned bleedover_port_limit = 1024; + unsigned max_pattern_len = 0; - int search_opt = 0; int portlists_flags = 0; - int max_pattern_len = 0; int num_patterns_truncated = 0; // due to max_pattern_len int num_patterns_trimmed = 0; // due to zero byte prefix }; diff --git a/src/detection/fp_create.cc b/src/detection/fp_create.cc index aedfe8f05..725fae892 100644 --- a/src/detection/fp_create.cc +++ b/src/detection/fp_create.cc @@ -64,11 +64,11 @@ static const char* s_group = ""; static void fpDeletePMX(void* data); static int fpGetFinalPattern( - FastPatternConfig*, PatternMatchData*, const char*& ret_pattern, int& ret_bytes); + FastPatternConfig*, PatternMatchData*, const char*& ret_pattern, unsigned& ret_bytes); static void print_nfp_info(const char*, OptTreeNode*); static void print_fp_info(const char*, const OptTreeNode*, const PatternMatchData*, - const char* pattern, int pattern_length); + const char* pattern, unsigned pattern_length); static int finalize_detection_option_tree(SnortConfig* sc, detection_option_tree_root_t* root) { @@ -404,7 +404,7 @@ static int fpFinishPortGroupRule( pg->add_rule(); const char* pattern; - int pattern_length; + unsigned pattern_length; if (fpGetFinalPattern(fp, pmd, pattern, pattern_length) == -1) return -1; @@ -755,7 +755,7 @@ static void fpFreeRuleMaps(SnortConfig* sc) static int fpGetFinalPattern( FastPatternConfig* fp, PatternMatchData* pmd, - const char*& ret_pattern, int& ret_bytes) + const char*& ret_pattern, unsigned& ret_bytes) { if ( !fp or !pmd ) { @@ -763,7 +763,7 @@ static int fpGetFinalPattern( } const char* pattern = pmd->pattern_buf; - int bytes = pmd->pattern_size; + unsigned bytes = pmd->pattern_size; // Don't mess with: // @@ -806,10 +806,9 @@ static int fpGetFinalPattern( * beyond state 0 as long as the next input char is 0x00 */ if ( fp->get_trim() ) { - bytes = - flp_trim(pmd->pattern_buf, pmd->pattern_size, &pattern); + bytes = flp_trim(pmd->pattern_buf, pmd->pattern_size, &pattern); - if (bytes < (int)pmd->pattern_size) + if (bytes < pmd->pattern_size) { // The pattern is all '\0' - use the whole pattern. This potentially // hurts the performance boost gained by stripping leading zeros. @@ -1637,8 +1636,9 @@ void get_pattern_info(const PatternMatchData* pmd, opts += " )"; } -static void print_fp_info(const char* group, const OptTreeNode* otn, const PatternMatchData* pmd, - const char* pattern, int pattern_length) +static void print_fp_info( + const char* group, const OptTreeNode* otn, const PatternMatchData* pmd, + const char* pattern, unsigned pattern_length) { std::string hex, txt, opts; diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index b89b1fc36..b1b867bf2 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -624,7 +624,7 @@ static inline int fpFinalSelectEvent(OtnxMatchData* o, Packet* p) int j; int k; const OptTreeNode* otn; - int tcnt = 0; + unsigned tcnt = 0; EventQueueConfig* eq = SnortConfig::get_conf()->event_queue_config; RuleTreeNode* rtn; diff --git a/src/detection/fp_utils.cc b/src/detection/fp_utils.cc index 9df8a2972..dc9609e3c 100644 --- a/src/detection/fp_utils.cc +++ b/src/detection/fp_utils.cc @@ -145,10 +145,10 @@ bool is_fast_pattern_only(OptFpList* ofl) * length - of trimmed pattern * buff - ptr to new beginning of trimmed buffer */ -int flp_trim(const char* p, int plen, const char** buff) +unsigned flp_trim(const char* p, unsigned plen, const char** buff) { - int i; - int size = 0; + unsigned i; + unsigned size = 0; if ( !p ) return 0; @@ -222,7 +222,7 @@ struct FpSelector { CursorActionType cat; PatternMatchData* pmd; - int size; + unsigned size; FpSelector(CursorActionType, PatternMatchData*); diff --git a/src/detection/fp_utils.h b/src/detection/fp_utils.h index 3d4f9d6a3..d11e40df3 100644 --- a/src/detection/fp_utils.h +++ b/src/detection/fp_utils.h @@ -32,7 +32,7 @@ struct PatternMatchData* get_pmd(OptFpList*, SnortProtocolId, snort::RuleDirecti bool is_fast_pattern_only(OptFpList*); void validate_fast_pattern(OptTreeNode*); -int flp_trim(const char* p, int plen, const char** buff); +unsigned flp_trim(const char* p, unsigned plen, const char** buff); bool set_fp_content(OptTreeNode*); std::vector get_fp_content( diff --git a/src/detection/ips_context_data.cc b/src/detection/ips_context_data.cc index 230619b58..d460770f6 100644 --- a/src/detection/ips_context_data.cc +++ b/src/detection/ips_context_data.cc @@ -43,7 +43,7 @@ static unsigned max_id = IpsContext::max_ips_id; unsigned IpsContextData::get_ips_id() { ++ips_id; - assert( ips_id < max_id ); + assert(ips_id < max_id); return ips_id; } @@ -64,9 +64,9 @@ TEST_CASE("IpsContextData id", "[IpsContextData]") auto id1 = IpsContextData::get_ips_id(); auto id2 = IpsContextData::get_ips_id(); - CHECK(id1 != id2); - CHECK(max_id > id2 ); + CHECK(id1 != id2); + CHECK(max_id > id2); } #endif diff --git a/src/detection/signature.cc b/src/detection/signature.cc index aed4fdb5e..2d4ee53ac 100644 --- a/src/detection/signature.cc +++ b/src/detection/signature.cc @@ -102,7 +102,7 @@ void AddReference( /************************ Class/Priority Implementation ***********************/ void AddClassification( - SnortConfig* sc, const char* type, const char* name, int priority) + SnortConfig* sc, const char* type, const char* name, unsigned priority) { int max_id = 0; ClassType* current = sc->classifications; diff --git a/src/detection/signature.h b/src/detection/signature.h index 8179e27d8..50dff7ed6 100644 --- a/src/detection/signature.h +++ b/src/detection/signature.h @@ -60,15 +60,15 @@ void AddReference(snort::SnortConfig*, ReferenceNode**, const char*, const char* struct ClassType { // FIXIT-L type and name are backwards (name -> text, type -> name) - char* type; /* classification type */ - int id; /* classification id */ - char* name; /* "pretty" classification name */ - int priority; /* priority */ + char* type; + int id; + char* name; // "pretty" name + unsigned priority; ClassType* next; }; /* NOTE: These methods can only be used during parse time */ -void AddClassification(snort::SnortConfig*, const char* type, const char* name, int priority); +void AddClassification(snort::SnortConfig*, const char* type, const char* name, unsigned priority); ClassType* ClassTypeLookupByType(snort::SnortConfig*, const char*); diff --git a/src/detection/tag.h b/src/detection/tag.h index 2a935cae4..983d68a34 100644 --- a/src/detection/tag.h +++ b/src/detection/tag.h @@ -54,11 +54,12 @@ struct Event; struct TagData { int tag_type; /* tag type (session/host) */ - int tag_seconds; /* number of "seconds" units to tag for */ - int tag_packets; /* number of "packets" units to tag for */ - int tag_bytes; /* number of "type" units to tag for */ int tag_metric; /* (packets | seconds | bytes) units */ int tag_direction; /* source or dest, used for host tagging */ + + uint32_t tag_seconds; /* number of "seconds" units to tag for */ + uint32_t tag_packets; /* number of "packets" units to tag for */ + uint32_t tag_bytes; /* number of "type" units to tag for */ }; void InitTag(); diff --git a/src/events/event_queue.h b/src/events/event_queue.h index c0e3f1dfa..28a2dc4c5 100644 --- a/src/events/event_queue.h +++ b/src/events/event_queue.h @@ -28,8 +28,8 @@ struct EventQueueConfig { - int max_events; - int log_events; + unsigned max_events; + unsigned log_events; int order; int process_all_events; }; diff --git a/src/file_api/file_module.cc b/src/file_api/file_module.cc index 6828f2b1a..f35d481bf 100644 --- a/src/file_api/file_module.cc +++ b/src/file_api/file_module.cc @@ -43,7 +43,7 @@ static const Parameter file_magic_params[] = { "content", Parameter::PT_STRING, nullptr, nullptr, "file magic content" }, - { "offset", Parameter::PT_INT, "0:", "0", + { "offset", Parameter::PT_INT, "0:max32", "0", "file magic offset" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -51,7 +51,7 @@ static const Parameter file_magic_params[] = static const Parameter file_rule_params[] = { - { "rev", Parameter::PT_INT, "0:", "0", + { "rev", Parameter::PT_INT, "0:max32", "0", "rule revision" }, { "msg", Parameter::PT_STRING, nullptr, nullptr, @@ -60,7 +60,7 @@ static const Parameter file_rule_params[] = { "type", Parameter::PT_STRING, nullptr, nullptr, "file type name" }, - { "id", Parameter::PT_INT, "0:", "0", + { "id", Parameter::PT_INT, "0:max32", "0", "file type id" }, { "category", Parameter::PT_STRING, nullptr, nullptr, @@ -83,7 +83,7 @@ static const Parameter file_when_params[] = { // FIXIT-M when.policy_id should be an arbitrary string auto converted // into index for binder matching and lookups - { "file_type_id", Parameter::PT_INT, "0:", "0", + { "file_type_id", Parameter::PT_INT, "0:max32", "0", "unique ID for file type in file magic rule" }, { "sha256", Parameter::PT_STRING, nullptr, nullptr, @@ -122,34 +122,34 @@ static const Parameter file_policy_rule_params[] = static const Parameter file_id_params[] = { - { "type_depth", Parameter::PT_INT, "0:", "1460", + { "type_depth", Parameter::PT_INT, "0:max53", "1460", "stop type ID at this point" }, - { "signature_depth", Parameter::PT_INT, "0:", "10485760", + { "signature_depth", Parameter::PT_INT, "0:max53", "10485760", "stop signature at this point" }, - { "block_timeout", Parameter::PT_INT, "0:", "86400", + { "block_timeout", Parameter::PT_INT, "0:max31", "86400", "stop blocking after this many seconds" }, - { "lookup_timeout", Parameter::PT_INT, "0:", "2", + { "lookup_timeout", Parameter::PT_INT, "0:max31", "2", "give up on lookup after this many seconds" }, { "block_timeout_lookup", Parameter::PT_BOOL, nullptr, "false", "block if lookup times out" }, - { "capture_memcap", Parameter::PT_INT, "0:", "100", + { "capture_memcap", Parameter::PT_INT, "0:max53", "100", "memcap for file capture in megabytes" }, - { "capture_max_size", Parameter::PT_INT, "0:", "1048576", + { "capture_max_size", Parameter::PT_INT, "0:max53", "1048576", "stop file capture beyond this point" }, - { "capture_min_size", Parameter::PT_INT, "0:", "0", + { "capture_min_size", Parameter::PT_INT, "0:max53", "0", "stop file capture if file size less than this" }, - { "capture_block_size", Parameter::PT_INT, "8:", "32768", + { "capture_block_size", Parameter::PT_INT, "8:max53", "32768", "file capture block size in bytes" }, - { "max_files_cached", Parameter::PT_INT, "8:", "65536", + { "max_files_cached", Parameter::PT_INT, "8:max53", "65536", "maximal number of files cached in memory" }, { "enable_type", Parameter::PT_BOOL, nullptr, "true", @@ -161,7 +161,7 @@ static const Parameter file_id_params[] = { "enable_capture", Parameter::PT_BOOL, nullptr, "false", "enable file capture" }, - { "show_data_depth", Parameter::PT_INT, "0:", "100", + { "show_data_depth", Parameter::PT_INT, "0:max53", "100", "print this many octets" }, { "file_rules", Parameter::PT_LIST, file_rule_params, nullptr, @@ -179,7 +179,7 @@ static const Parameter file_id_params[] = { "trace_stream", Parameter::PT_BOOL, nullptr, "false", "enable runtime dump of file data" }, - { "verdict_delay", Parameter::PT_INT, "0:", "0", + { "verdict_delay", Parameter::PT_INT, "0:max53", "0", "number of queries to return final verdict" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -221,34 +221,34 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) FilePolicy& fp = fc->get_file_policy(); if ( v.is("type_depth") ) - fc->file_type_depth = v.get_long(); + fc->file_type_depth = v.get_int64(); else if ( v.is("signature_depth") ) - fc->file_signature_depth = v.get_long(); + fc->file_signature_depth = v.get_int64(); else if ( v.is("block_timeout") ) - fc->file_block_timeout = v.get_long(); + fc->file_block_timeout = v.get_int64(); else if ( v.is("lookup_timeout") ) - fc->file_lookup_timeout = v.get_long(); + fc->file_lookup_timeout = v.get_int64(); else if ( v.is("block_timeout_lookup") ) fc->block_timeout_lookup = v.get_bool(); else if ( v.is("capture_memcap") ) - fc->capture_memcap = v.get_long(); + fc->capture_memcap = v.get_int64(); else if ( v.is("capture_max_size") ) - fc->capture_max_size = v.get_long(); + fc->capture_max_size = v.get_int64(); else if ( v.is("capture_min_size") ) - fc->capture_min_size = v.get_long(); + fc->capture_min_size = v.get_int64(); else if ( v.is("capture_block_size") ) - fc->capture_block_size = v.get_long(); + fc->capture_block_size = v.get_int64(); else if ( v.is("max_files_cached") ) - fc->max_files_cached = v.get_long(); + fc->max_files_cached = v.get_int64(); else if ( v.is("enable_type") ) { @@ -277,7 +277,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) } } else if ( v.is("show_data_depth") ) - fc->show_data_depth = v.get_long(); + fc->show_data_depth = v.get_int64(); else if ( v.is("trace_type") ) fc->trace_type = v.get_bool(); @@ -290,7 +290,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("verdict_delay") ) { - fc->verdict_delay = v.get_long(); + fc->verdict_delay = v.get_int64(); fp.set_verdict_delay(fc->verdict_delay); } @@ -298,7 +298,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) return true; else if ( v.is("rev") ) - rule.rev = v.get_long(); + rule.rev = v.get_uint32(); else if ( v.is("msg") ) rule.message = v.get_string(); @@ -307,7 +307,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) rule.type = v.get_string(); else if ( v.is("id") ) - rule.id = v.get_long(); + rule.id = v.get_uint32(); else if ( v.is("category") ) rule.category = v.get_string(); @@ -332,7 +332,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) magic.content_str = v.get_string(); else if ( v.is("offset") ) - magic.offset = v.get_long(); + magic.offset = v.get_uint32(); else if ( v.is("file_policy") ) return true; @@ -341,7 +341,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) return true; else if ( v.is("file_type_id") ) - file_rule.when.type_id = v.get_long(); + file_rule.when.type_id = v.get_uint32(); else if ( v.is("sha256") ) file_rule.when.sha256 = v.get_string(); @@ -350,7 +350,7 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) return true; else if ( v.is("verdict") ) - file_rule.use.verdict = (FileVerdict)v.get_long(); + file_rule.use.verdict = (FileVerdict)v.get_uint8(); else if ( v.is("enable_file_type") ) file_rule.use.type_enabled = v.get_bool(); diff --git a/src/filters/detection_filter.h b/src/filters/detection_filter.h index b07347daa..f65304810 100644 --- a/src/filters/detection_filter.h +++ b/src/filters/detection_filter.h @@ -36,8 +36,8 @@ struct SfIp; struct DetectionFilterConfig { + unsigned memcap; int count; - int memcap; int enabled; }; diff --git a/src/filters/sfrf.h b/src/filters/sfrf.h index 444d13285..09b00de76 100644 --- a/src/filters/sfrf.h +++ b/src/filters/sfrf.h @@ -139,14 +139,9 @@ struct RateFilterConfig */ struct snort::GHash* genHash [SFRF_MAX_GENID]; - // Number of DOS thresholds added. - int count; - - // count of no revert DOS thresholds + unsigned memcap; unsigned noRevertCount; - - int memcap; - + int count; int internal_event_mask; }; diff --git a/src/filters/sfthd.h b/src/filters/sfthd.h index 1f9b5d29c..20f6d8fff 100644 --- a/src/filters/sfthd.h +++ b/src/filters/sfthd.h @@ -162,11 +162,13 @@ struct THDX_STRUCT { unsigned gen_id; unsigned sig_id; + unsigned seconds; + int type; + int count; int tracking; int priority; - int count; - unsigned int seconds; + sfip_var_t* ip_address; }; diff --git a/src/filters/sfthreshold.h b/src/filters/sfthreshold.h index 75dfffe45..cea7e3910 100644 --- a/src/filters/sfthreshold.h +++ b/src/filters/sfthreshold.h @@ -30,9 +30,9 @@ struct ThresholdObjects; struct ThresholdConfig { - int memcap; - int enabled; ThresholdObjects* thd_objs; + unsigned memcap; + int enabled; }; ThresholdConfig* ThresholdConfigNew(); diff --git a/src/framework/module.cc b/src/framework/module.cc index c2cf7cdf0..bcf1a6ffa 100644 --- a/src/framework/module.cc +++ b/src/framework/module.cc @@ -27,7 +27,7 @@ using namespace snort; static const Parameter defaults[] = { - { "trace", Parameter::PT_INT, nullptr, nullptr, + { "trace", Parameter::PT_INT, "0:max53", nullptr, "mask for enabling debug traces in module" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -79,7 +79,7 @@ bool Module::set(const char*, Value& v, SnortConfig*) if ( v.is("trace") ) { if ( trace ) - *trace = v.get_long(); + *trace = v.get_uint64(); } else return false; diff --git a/src/framework/parameter.cc b/src/framework/parameter.cc index ccdc02e7b..e42c66b74 100644 --- a/src/framework/parameter.cc +++ b/src/framework/parameter.cc @@ -33,9 +33,99 @@ #include "value.h" +#ifdef UNIT_TEST +#include "catch/snort_catch.h" +#endif + using namespace snort; using namespace std; +//-------------------------------------------------------------------------- +// helpers +//-------------------------------------------------------------------------- + +static bool is_sep(char c) +{ return !c || c == '|' || isspace(c); } + +static const char* find(const char* r, const char* s) +{ + size_t n = strlen(s); + + if ( !n ) + return nullptr; + + const char* t = strstr(r, s); + + while ( t ) + { + if ( (t == r || is_sep(t[-1])) && is_sep(t[n]) ) + return t; + + t = strstr(t+n, s); + } + return nullptr; +} + +static unsigned get_index(const char* r, const char* t) +{ + unsigned idx = 0; + const char* p = strchr(r, '|'); + + while ( p && p < t ) + { + ++idx; + p = strchr(p+1, '|'); + } + return idx; +} + +#define delim " \t\n" + +static size_t split(const string& txt, vector& strs) +{ + size_t last = txt.find_first_not_of(delim); + size_t pos = txt.find_first_of(delim, last); + strs.clear(); + + while ( pos != string::npos ) + { + if ( last != pos ) + strs.emplace_back(txt.substr(last, pos - last)); + + last = txt.find_first_not_of(delim, pos + 1); + pos = txt.find_first_of(delim, last); + } + + // add the last one + if ( last != string::npos ) + strs.emplace_back(txt.substr(last, min(pos, txt.size()) - last)); + + return strs.size(); +} + +static int64_t get_int(const char* r) +{ + if ( *r == 'm' ) + { + if ( !strncmp(r, "maxSZ", 5) ) + r = (sizeof(size_t) == 4) ? "max32" : "max53"; + + if ( !strncmp(r, "max31", 5) ) + return 2147483647; + + if ( !strncmp(r, "max32", 5) ) + return 4294967295; + + if ( !strncmp(r, "max53", 5) ) + return 9007199254740992; + } + return (int64_t)strtod(r, nullptr); +} + +//-------------------------------------------------------------------------- +// validation methods +//-------------------------------------------------------------------------- + static bool valid_bool(Value& v, const char*) { return v.get_type() == Value::VT_BOOL; @@ -47,31 +137,34 @@ static bool valid_int(Value& v, const char* r) if ( v.get_type() != Value::VT_NUM ) return false; - if ( v.get_real() != v.get_long() ) + if ( v.get_real() != v.get_int64() ) return false; if ( !r ) return true; - long d = v.get_long(); + int64_t d = v.get_int64(); // require no leading or trailing whitespace // and either # | #: | :# | #:# // where # is a valid pos or neg dec, hex, or octal number + const char* t = strchr(r, ':'); + if ( *r != ':' ) { - long low = strtol(r, nullptr, 0); + int64_t low = get_int(r); if ( d < low ) return false; - } - const char* t = strchr(r, ':'); + if ( !t ) + return d == low; + } - if ( t && *++t ) + if ( t and *++t ) { - long hi = strtol(t, nullptr, 0); + int64_t hi = get_int(t); if ( d > hi ) return false; @@ -108,15 +201,18 @@ static bool valid_real(Value& v, const char* r) // and either # | #: | :# | #:# // where # is a valid pos or neg dec, hex, or octal number + const char* t = strchr(r, ':'); + if ( *r != ':' ) { double low = strtod(r, nullptr); if ( d < low ) return false; - } - const char* t = strchr(r, ':'); + if ( !t ) + return d == low; + } if ( t && *++t ) { @@ -136,37 +232,15 @@ static bool valid_string(Value& v, const char* r) if ( r && !strcmp(r, "(optional)") ) return true; - unsigned len = strlen(v.get_string()); + size_t len = strlen(v.get_string()); if ( !r ) return len > 0; - unsigned max = strtol(r, nullptr, 0); + size_t max = strtoul(r, nullptr, 0); return len <= max; } -static bool is_sep(char c) -{ return !c || c == '|' || isspace(c); } - -static const char* find(const char* r, const char* s) -{ - unsigned n = strlen(s); - - if ( !n ) - return nullptr; - - const char* t = strstr(r, s); - - while ( t ) - { - if ( (t == r || is_sep(t[-1])) && is_sep(t[n]) ) - return t; - - t = strstr(t+n, s); - } - return nullptr; -} - static bool valid_select(Value& v, const char* r) { if ( v.get_type() != Value::VT_STR ) @@ -184,19 +258,6 @@ static bool valid_select(Value& v, const char* r) return true; } -static unsigned get_index(const char* r, const char* t) -{ - unsigned idx = 0; - const char* p = strchr(r, '|'); - - while ( p && p < t ) - { - ++idx; - p = strchr(p+1, '|'); - } - return idx; -} - static bool valid_enum(Value& v, const char* r) { if ( v.get_type() != Value::VT_STR ) @@ -217,30 +278,6 @@ static bool valid_enum(Value& v, const char* r) return true; } -#define delim " \t\n" - -static unsigned split(const string& txt, vector& strs) -{ - size_t last = txt.find_first_not_of(delim); - size_t pos = txt.find_first_of(delim, last); - strs.clear(); - - while ( pos != string::npos ) - { - if ( last != pos ) - strs.emplace_back(txt.substr(last, pos - last)); - - last = txt.find_first_not_of(delim, pos + 1); - pos = txt.find_first_of(delim, last); - } - - // add the last one - if ( last != string::npos ) - strs.emplace_back(txt.substr(last, min(pos, txt.size()) - last)); - - return strs.size(); -} - static bool valid_multi(Value& v, const char* r) { if ( v.get_type() != Value::VT_STR ) @@ -253,7 +290,7 @@ static bool valid_multi(Value& v, const char* r) vector list; split(s, list); - unsigned long long mask = 0; + uint64_t mask = 0; for ( const auto& p : list ) { @@ -261,7 +298,7 @@ static bool valid_multi(Value& v, const char* r) if ( !t ) return false; - unsigned idx = get_index(r, t); + uint64_t idx = get_index(r, t); if ( idx < Value::mask_bits ) mask |= (1ULL << idx); @@ -333,7 +370,7 @@ static bool valid_bit_list(Value& v, const char* r) string pl = v.get_string(); string bs; - int max = r ? strtol(r, nullptr, 0) : 0; + size_t max = r ? strtoul(r, nullptr, 0) : 0; assert(max > 0); if ( pl == "any" ) @@ -350,7 +387,7 @@ static bool valid_bit_list(Value& v, const char* r) while ( ss >> bit ) { - if ( bit < 0 || bit > max ) + if ( bit < 0 || (size_t)bit > max ) return false; bs[bit] = '1'; @@ -362,6 +399,10 @@ static bool valid_bit_list(Value& v, const char* r) return true; } +//-------------------------------------------------------------------------- +// Parameter methods +//-------------------------------------------------------------------------- + bool Parameter::validate(Value& v) const { switch ( type ) @@ -504,3 +545,166 @@ int Parameter::index(const char* r, const char* s) return (int)idx; } +//-------------------------------------------------------------------------- +// valid_* tests +// we only test validation here +// side effects applied to value are tested elsewhere +//-------------------------------------------------------------------------- + +#ifdef UNIT_TEST +TEST_CASE("bool", "[Parameter]") +{ + Value v(true); + CHECK(valid_bool(v, nullptr)); +} + +struct +{ + bool expected; + bool (*validate)(Value&, const char*); + double value; + const char* range; +} +num_tests[] = +{ +// __STRDUMP_DISABLE__ + { true, valid_int, 0, nullptr }, + { true, valid_int, 0, "" }, + { true, valid_int, 0, "0" }, + { true, valid_int, 0, "0:" }, + { true, valid_int, 0, ":0" }, + { true, valid_int, 0, ":1" }, + { true, valid_int, 0, "-1:1" }, + { true, valid_int, 0, "-1:" }, + + { false, valid_int, 1, "0" }, + { true, valid_int, 1, "0:" }, + { false, valid_int, 1, ":0" }, + + { true, valid_int, -10, "-11:-9" }, + { true, valid_int, 10, "9:11" }, + { true, valid_int, 10, "0xA:11" }, + + { true, valid_interval, 0, nullptr }, + + { true, valid_real, 0, nullptr }, + { true, valid_real, 0, "" }, + { true, valid_real, 0, "0.0" }, + { true, valid_real, 0, "0:" }, + { true, valid_real, 0, ":0" }, + { true, valid_real, 0, ":0.9" }, + { true, valid_real, 0, "-0.9:0.9" }, + { true, valid_real, 0, "-0.9:" }, + + { false, valid_real, 1, "0.9" }, + { true, valid_real, 1, "0.9:" }, + { false, valid_real, 1, ":0.9" }, + + { true, valid_real, -10, "-11.1:-9.9" }, + { true, valid_real, 10, "9.9:11.1" }, + { false, valid_real, 10, "011:11" }, + { true, valid_real, 10, "0xA:11" }, + + { false, nullptr, 0, nullptr } +// __STRDUMP_ENABLE__ +}; + +TEST_CASE("num", "[Parameter]") +{ + auto test = num_tests; + + while ( test->validate ) + { + Value v(test->value); + bool result = test->validate(v, test->range); + CHECK(result == test->expected); + ++test; + } +} + +struct +{ + bool expected; + bool (*validate)(Value&, const char*); + const char* value; + const char* range; +} +string_tests[] = +{ +// __STRDUMP_DISABLE__ + { true, valid_string, "green", "(optional)" }, + { true, valid_string, "green", nullptr }, + { true, valid_string, "green", "5" }, + { true, valid_string, "green", "6" }, + { false, valid_string, "green", "4" }, + + { true, valid_select, "green", "red | green | yellow" }, + { false, valid_select, "blue", "red | green | yellow" }, + { false, valid_select, "green", nullptr }, + + { true, valid_enum, "green", "red | green | yellow" }, + { false, valid_enum, "blue", "red | green | yellow" }, + { false, valid_enum, "green", nullptr }, + + { true, valid_multi, "green", "red | green | yellow" }, + { true, valid_multi, "red yellow", "red | green | yellow" }, + { false, valid_multi, "redgreen", "red | green | yellow" }, + { false, valid_multi, "blue", nullptr }, + + { true, valid_mac, "98:01:a7:9d:d8:41", nullptr }, + { false, valid_mac, ":01:a7:9d:d8:41", nullptr }, + { false, valid_mac, "01:a7:9d:d8:41", nullptr }, + { false, valid_mac, "98:01:a7:9d:d8:419", nullptr }, + { false, valid_mac, "98:01:a7:9d:d8:41x", nullptr }, + + { true, valid_ip4, "1.2.3.4", nullptr }, + { true, valid_ip4, "1.2.3", nullptr }, + { false, valid_ip4, "1.2.3.", nullptr }, + { false, valid_ip4, "1.2.x", nullptr }, + + { true, valid_addr, "1.2.3.4", nullptr }, + { true, valid_addr, "1.2.3.4/32", nullptr }, + { true, valid_addr, "1.2.3.4/0", nullptr }, + { false, valid_addr, "1.2.3.4/33", nullptr }, + { false, valid_addr, "1.2.0x.4/33", nullptr }, + + { true, valid_addr, "2001:420:c0c4:1004::157", nullptr }, + { true, valid_addr, "2001:420:c0c4:1004::157/128", nullptr }, + { true, valid_addr, "2001:420:c0c4:1004::157/0", nullptr }, + { false, valid_addr, "2001:420:c0c4:1004:0x:157/256", nullptr }, + + { true, valid_bit_list, "1 2", "3" }, + { true, valid_bit_list, "1 2 3", "3" }, + { false, valid_bit_list, "1 2 3 4", "3" }, + { false, valid_bit_list, "128", "3" }, + + { false, nullptr, 0, nullptr } +// __STRDUMP_ENABLE__ +}; + +TEST_CASE("string", "[Parameter]") +{ + auto test = string_tests; + + while ( test->validate ) + { + Value v(test->value); + bool result = test->validate(v, test->range); + CHECK(result == test->expected); + ++test; + } +} + +TEST_CASE("max", "[Parameter]") +{ + CHECK(get_int("max31") == 2147483647); + CHECK(get_int("max32") == 4294967295); + CHECK(get_int("max53") == 9007199254740992); + + if ( sizeof(size_t) == 4 ) + CHECK(get_int("maxSZ") == 4294967295); + else + CHECK(get_int("maxSZ") == 9007199254740992); +} +#endif + diff --git a/src/framework/parameter.h b/src/framework/parameter.h index 360e14824..c5ed8e6fb 100644 --- a/src/framework/parameter.h +++ b/src/framework/parameter.h @@ -45,7 +45,7 @@ struct SO_PUBLIC Parameter PT_LIST, // range is Parameter*, no default PT_DYNAMIC, // range is RangeQuery* PT_BOOL, // if you are reading this, get more coffee - PT_INT, // signed 64 bits or less determined by range + PT_INT, // signed 53 bits or less determined by range PT_INTERVAL, // string that defines an interval, bounds within range PT_REAL, // double PT_PORT, // 0 to 64K-1 unless specified otherwise diff --git a/src/framework/value.h b/src/framework/value.h index 12e2af3c1..281f2306a 100644 --- a/src/framework/value.h +++ b/src/framework/value.h @@ -75,8 +75,8 @@ public: void set_enum(unsigned u) { type = VT_NUM; num = u; } - void set_aux(unsigned u) - { num = u; } + void set_aux(uint64_t u) + { num = (double)u; } const char* get_name() const { return param ? param->name : nullptr; } @@ -87,14 +87,38 @@ public: bool get_bool() const { return num != 0; } - long get_long() const + long get_long() const // FIXIT-L to be removed { return (long)num; } + size_t get_size() const + { return (size_t)num; } + + uint8_t get_uint8() const + { return (uint8_t)num; } + + int16_t get_int16() const + { return (int16_t)num; } + + uint16_t get_uint16() const + { return (uint16_t)num; } + + int32_t get_int32() const + { return (int32_t)num; } + + uint32_t get_uint32() const + { return (uint32_t)num; } + + int64_t get_int64() const + { return (int64_t)num; } + + uint64_t get_uint64() const + { return (uint64_t)num; } + double get_real() const { return num; } const uint8_t* get_buffer(unsigned& n) const - { n = str.size(); return (const uint8_t*)str.data(); } + { n = (unsigned)str.size(); return (const uint8_t*)str.data(); } const char* get_string() const { return str.c_str(); } diff --git a/src/host_tracker/host_cache_module.cc b/src/host_tracker/host_cache_module.cc index 4c463f0b2..1330ac3fe 100644 --- a/src/host_tracker/host_cache_module.cc +++ b/src/host_tracker/host_cache_module.cc @@ -30,7 +30,7 @@ using namespace snort; const Parameter HostCacheModule::host_cache_params[] = { - { "size", Parameter::PT_INT, nullptr, nullptr, + { "size", Parameter::PT_INT, "1:max32", nullptr, "size of host cache" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -39,7 +39,7 @@ const Parameter HostCacheModule::host_cache_params[] = bool HostCacheModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("size") ) - host_cache_size = v.get_long(); + host_cache_size = v.get_uint32(); else return false; diff --git a/src/host_tracker/host_tracker_module.cc b/src/host_tracker/host_tracker_module.cc index 415a3395e..0b175a918 100644 --- a/src/host_tracker/host_tracker_module.cc +++ b/src/host_tracker/host_tracker_module.cc @@ -80,10 +80,10 @@ bool HostTrackerModule::set(const char*, Value& v, SnortConfig* sc) host->set_ip_addr(addr); } else if ( host and v.is("frag_policy") ) - host->set_frag_policy(v.get_long() + 1); + host->set_frag_policy(v.get_uint8() + 1); else if ( host and v.is("tcp_policy") ) - host->set_stream_policy(v.get_long() + 1); + host->set_stream_policy(v.get_uint8() + 1); else if ( v.is("name") ) app.snort_protocol_id = sc->proto_ref->add(v.get_string()); @@ -92,7 +92,7 @@ bool HostTrackerModule::set(const char*, Value& v, SnortConfig* sc) app.ipproto = sc->proto_ref->add(v.get_string()); else if ( v.is("port") ) - app.port = v.get_long(); + app.port = v.get_uint16(); else return false; diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index 9227e5e33..f8b7e4b43 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -182,13 +182,13 @@ static const Parameter s_params[] = { PRINT_OPT, Parameter::PT_IMPLIED, nullptr, nullptr, "dump decode data to console; always true" }, - { LENGTH_OPT, Parameter::PT_INT, "0:", nullptr, + { LENGTH_OPT, Parameter::PT_INT, "0:max32", nullptr, "compares ASN.1 type lengths with the supplied argument" }, - { ABS_OFFSET_OPT, Parameter::PT_INT, "0:", nullptr, + { ABS_OFFSET_OPT, Parameter::PT_INT, "0:65535", nullptr, "absolute offset from the beginning of the packet" }, - { REL_OFFSET_OPT, Parameter::PT_INT, nullptr, nullptr, + { REL_OFFSET_OPT, Parameter::PT_INT, "-65535:65535", nullptr, "relative offset from the cursor" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -232,17 +232,17 @@ bool Asn1Module::set(const char*, Value& v, SnortConfig*) else if ( v.is(LENGTH_OPT) ) { data.length = 1; - data.max_length = v.get_long(); + data.max_length = v.get_uint32(); } else if ( v.is(ABS_OFFSET_OPT) ) { data.offset_type = ABS_OFFSET; - data.offset = v.get_long(); + data.offset = v.get_uint16(); } else if ( v.is(REL_OFFSET_OPT) ) { data.offset_type = REL_OFFSET; - data.offset = v.get_long(); + data.offset = v.get_int32(); } else return false; diff --git a/src/ips_options/ips_base64.cc b/src/ips_options/ips_base64.cc index 929f03c25..1cce97ec8 100644 --- a/src/ips_options/ips_base64.cc +++ b/src/ips_options/ips_base64.cc @@ -168,10 +168,10 @@ IpsOption::EvalStatus Base64DecodeOption::eval(Cursor& c, Packet*) static const Parameter s_params[] = { - { "bytes", Parameter::PT_INT, "1:", nullptr, + { "bytes", Parameter::PT_INT, "1:max32", nullptr, "number of base64 encoded bytes to decode" }, - { "offset", Parameter::PT_INT, "0:", "0", + { "offset", Parameter::PT_INT, "0:max32", "0", "bytes past start of buffer to start decoding" }, { "relative", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -207,10 +207,10 @@ bool B64DecodeModule::begin(const char*, int, SnortConfig*) bool B64DecodeModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("bytes") ) - data.bytes_to_decode = v.get_long(); + data.bytes_to_decode = v.get_uint32(); else if ( v.is("offset") ) - data.offset = v.get_long(); + data.offset = v.get_uint32(); else if ( v.is("relative") ) data.flags |= BASE64DECODE_RELATIVE_FLAG; diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 517f607d4..395d3bde9 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -375,10 +375,10 @@ bool ExtractModule::end(const char*, int, SnortConfig*) bool ExtractModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~count") ) - data.bytes_to_grab = v.get_long(); + data.bytes_to_grab = v.get_uint8(); else if ( v.is("~offset") ) - data.offset = v.get_long(); + data.offset = v.get_int32(); else if ( v.is("~name") ) data.name = snort_strdup(v.get_string()); @@ -387,10 +387,10 @@ bool ExtractModule::set(const char*, Value& v, SnortConfig*) data.relative_flag = 1; else if ( v.is("align") ) - data.align = v.get_long(); + data.align = v.get_uint8(); else if ( v.is("multiplier") ) - data.multiplier = v.get_long(); + data.multiplier = v.get_uint16(); else if ( v.is("big") ) set_byte_order(data.endianness, ENDIAN_BIG, "byte_extract"); @@ -416,7 +416,7 @@ bool ExtractModule::set(const char*, Value& v, SnortConfig*) data.base = 8; else if ( v.is("bitmask") ) - data.bitmask_val = v.get_long(); + data.bitmask_val = v.get_uint32(); else return false; diff --git a/src/ips_options/ips_byte_jump.cc b/src/ips_options/ips_byte_jump.cc index e95484486..34e82983d 100644 --- a/src/ips_options/ips_byte_jump.cc +++ b/src/ips_options/ips_byte_jump.cc @@ -465,7 +465,7 @@ bool ByteJumpModule::end(const char*, int, SnortConfig*) bool ByteJumpModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~count") ) - data.bytes_to_grab = v.get_long(); + data.bytes_to_grab = v.get_uint8(); else if ( v.is("~offset") ) { @@ -485,7 +485,7 @@ bool ByteJumpModule::set(const char*, Value& v, SnortConfig*) data.align_flag = 1; else if ( v.is("multiplier") ) - data.multiplier = v.get_long(); + data.multiplier = v.get_uint16(); else if ( v.is("post_offset") ) { @@ -522,7 +522,7 @@ bool ByteJumpModule::set(const char*, Value& v, SnortConfig*) data.from_end_flag = 1; else if ( v.is("bitmask") ) - data.bitmask_val = v.get_long(); + data.bitmask_val = v.get_uint32(); else return false; diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index 89dbdb7a2..48f91fa64 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -363,10 +363,10 @@ bool ByteMathModule::begin(const char*, int, SnortConfig*) bool ByteMathModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("bytes") ) - data.bytes_to_extract = v.get_long(); + data.bytes_to_extract = v.get_uint8(); else if ( v.is("oper") ) - data.oper = (BM_Oper)v.get_long(); + data.oper = (BM_Oper)v.get_uint8(); else if ( v.is("rvalue") ) { @@ -397,13 +397,13 @@ bool ByteMathModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("string") ) { data.string_convert_flag = true; - parse_base(v.get_long(), data); + parse_base(v.get_uint8(), data); } else if ( v.is("endian") ) - parse_endian(v.get_long(), data); + parse_endian(v.get_uint8(), data); else if ( v.is("bitmask") ) - data.bitmask_val = v.get_long(); + data.bitmask_val = v.get_uint32(); else if ( v.is("result") ) data.result_name = snort_strdup(v.get_string()); diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc index 62566f740..4962c3ed3 100644 --- a/src/ips_options/ips_byte_test.cc +++ b/src/ips_options/ips_byte_test.cc @@ -532,7 +532,7 @@ bool ByteTestModule::end(const char*, int, SnortConfig*) bool ByteTestModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~count") ) - data.bytes_to_compare = v.get_long(); + data.bytes_to_compare = v.get_uint8(); else if ( v.is("~operator") ) parse_operator(v.get_string(), data); @@ -580,7 +580,7 @@ bool ByteTestModule::set(const char*, Value& v, SnortConfig*) data.base = 8; else if ( v.is("bitmask") ) - data.bitmask_val = v.get_long(); + data.bitmask_val = v.get_uint32(); else return false; diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc index 3c2bbbfc8..0ae0509c3 100644 --- a/src/ips_options/ips_content.cc +++ b/src/ips_options/ips_content.cc @@ -613,10 +613,10 @@ static const Parameter s_params[] = { "fast_pattern", Parameter::PT_IMPLIED, nullptr, nullptr, "use this content in the fast pattern matcher instead of the content selected by default" }, - { "fast_pattern_offset", Parameter::PT_INT, "0:", "0", + { "fast_pattern_offset", Parameter::PT_INT, "0:65535", "0", "number of leading characters of this content the fast pattern matcher should exclude" }, - { "fast_pattern_length", Parameter::PT_INT, "1:", nullptr, + { "fast_pattern_length", Parameter::PT_INT, "1:65535", nullptr, "maximum number of characters from this content the fast pattern matcher should use" }, { "offset", Parameter::PT_STRING, nullptr, nullptr, @@ -730,12 +730,12 @@ bool ContentModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("fast_pattern_offset") ) { - cd->pmd.fp_offset = v.get_long(); + cd->pmd.fp_offset = v.get_uint16(); cd->pmd.set_fast_pattern(); } else if ( v.is("fast_pattern_length") ) { - cd->pmd.fp_length = v.get_long(); + cd->pmd.fp_length = v.get_uint16(); cd->pmd.set_fast_pattern(); } else diff --git a/src/ips_options/ips_detection_filter.cc b/src/ips_options/ips_detection_filter.cc index ace5efc98..ebbc86c3d 100644 --- a/src/ips_options/ips_detection_filter.cc +++ b/src/ips_options/ips_detection_filter.cc @@ -45,10 +45,10 @@ static const Parameter s_params[] = { "track", Parameter::PT_ENUM, "by_src | by_dst", nullptr, "track hits by source or destination IP address" }, - { "count", Parameter::PT_INT, "1:", nullptr, + { "count", Parameter::PT_INT, "1:max32", nullptr, "hits in interval before allowing the rule to fire" }, - { "seconds", Parameter::PT_INT, "1:", nullptr, + { "seconds", Parameter::PT_INT, "1:max32", nullptr, "length of interval to count hits" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -83,13 +83,13 @@ bool DetectionFilterModule::begin(const char*, int, SnortConfig* sc) bool DetectionFilterModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("track") ) - thdx.tracking = v.get_long() ? THD_TRK_DST : THD_TRK_SRC; + thdx.tracking = v.get_uint8() ? THD_TRK_DST : THD_TRK_SRC; else if ( v.is("count") ) - thdx.count = v.get_long(); + thdx.count = v.get_uint32(); else if ( v.is("seconds") ) - thdx.seconds = v.get_long(); + thdx.seconds = v.get_uint32(); else return false; diff --git a/src/ips_options/ips_gid.cc b/src/ips_options/ips_gid.cc index bcfe86c27..06e37d7de 100644 --- a/src/ips_options/ips_gid.cc +++ b/src/ips_options/ips_gid.cc @@ -36,7 +36,7 @@ using namespace snort; static const Parameter s_params[] = { - { "~", Parameter::PT_INT, "1:", nullptr, + { "~", Parameter::PT_INT, "1:max32", nullptr, "generator id" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -55,7 +55,7 @@ public: { return DETECT; } public: - int gid; + uint32_t gid; }; bool GidModule::set(const char*, Value& v, SnortConfig*) @@ -63,7 +63,7 @@ bool GidModule::set(const char*, Value& v, SnortConfig*) if ( !v.is("~") ) return false; - gid = v.get_long(); + gid = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index ef0f4a100..5624123eb 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -336,7 +336,7 @@ bool HashModule::set(const char*, Value& v, SnortConfig*) hmd->relative = true; else if ( v.is("length") ) - hmd->length = v.get_long(); + hmd->length = v.get_uint16(); else return false; diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index 238d717e2..372b05fd8 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -272,52 +272,41 @@ static void pcre_parse(const char* data, PcreData* pcre_data) if (pcre_data->pe) { - if ((SnortConfig::get_pcre_match_limit() != -1) && + if ((SnortConfig::get_pcre_match_limit() != 0) && !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT)) { - if (pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT) - { - pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); - } - else - { + if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT) ) pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT; - pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); - } + + pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); } - if ((SnortConfig::get_pcre_match_limit_recursion() != -1) && + if ((SnortConfig::get_pcre_match_limit_recursion() != 0) && !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT)) { - if (pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION) - { - pcre_data->pe->match_limit_recursion = - SnortConfig::get_pcre_match_limit_recursion(); - } - else - { + if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION) ) pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; - pcre_data->pe->match_limit_recursion = - SnortConfig::get_pcre_match_limit_recursion(); - } + + pcre_data->pe->match_limit_recursion = + SnortConfig::get_pcre_match_limit_recursion(); } } else { if (!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT) && - ((SnortConfig::get_pcre_match_limit() != -1) || - (SnortConfig::get_pcre_match_limit_recursion() != -1))) + ((SnortConfig::get_pcre_match_limit() != 0) || + (SnortConfig::get_pcre_match_limit_recursion() != 0))) { pcre_data->pe = (pcre_extra*)snort_calloc(sizeof(pcre_extra)); pcre_data->free_pe = true; - if (SnortConfig::get_pcre_match_limit() != -1) + if (SnortConfig::get_pcre_match_limit() != 0) { pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT; pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); } - if (SnortConfig::get_pcre_match_limit_recursion() != -1) + if (SnortConfig::get_pcre_match_limit_recursion() != 0) { pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; pcre_data->pe->match_limit_recursion = diff --git a/src/ips_options/ips_priority.cc b/src/ips_options/ips_priority.cc index 45f505331..fb37efceb 100644 --- a/src/ips_options/ips_priority.cc +++ b/src/ips_options/ips_priority.cc @@ -36,7 +36,7 @@ using namespace snort; static const Parameter s_params[] = { - { "~", Parameter::PT_INT, "1:", nullptr, + { "~", Parameter::PT_INT, "1:max31", nullptr, "relative severity level; 1 is highest priority" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -63,7 +63,7 @@ bool PriorityModule::set(const char*, Value& v, SnortConfig*) if ( !v.is("~") ) return false; - priority = v.get_long(); + priority = v.get_int32(); return true; } diff --git a/src/ips_options/ips_rev.cc b/src/ips_options/ips_rev.cc index 1e4acde54..6c6e5070d 100644 --- a/src/ips_options/ips_rev.cc +++ b/src/ips_options/ips_rev.cc @@ -36,7 +36,7 @@ using namespace snort; static const Parameter s_params[] = { - { "~", Parameter::PT_INT, "1:", nullptr, + { "~", Parameter::PT_INT, "1:max32", nullptr, "revision" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -55,7 +55,7 @@ public: { return DETECT; } public: - int rev; + uint32_t rev; }; bool RevModule::set(const char*, Value& v, SnortConfig*) @@ -63,7 +63,7 @@ bool RevModule::set(const char*, Value& v, SnortConfig*) if ( !v.is("~") ) return false; - rev = v.get_long(); + rev = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 766aebc76..1a09a3873 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -225,7 +225,7 @@ bool RpcOption::check_procedure(uint32_t procedure) static const Parameter s_params[] = { - { "~app", Parameter::PT_INT, nullptr, nullptr, + { "~app", Parameter::PT_INT, "0:max32", nullptr, "application number" }, { "~ver", Parameter::PT_STRING, nullptr, nullptr, @@ -269,7 +269,7 @@ bool RpcModule::begin(const char*, int, SnortConfig*) bool RpcModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~app") ) - data.program = (uint32_t)v.get_long(); + data.program = v.get_uint32(); else if ( v.is("~ver") ) return set(v, data.version, RPC_CHECK_VERSION); diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc index d16a3f2e5..b574c0d44 100644 --- a/src/ips_options/ips_sd_pattern.cc +++ b/src/ips_options/ips_sd_pattern.cc @@ -290,7 +290,7 @@ static const Parameter s_params[] = { "~pattern", Parameter::PT_STRING, nullptr, nullptr, "The pattern to search for" }, - { "threshold", Parameter::PT_INT, "1", nullptr, + { "threshold", Parameter::PT_INT, "1:max32", "1", "number of matches before alerting" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -347,7 +347,7 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig* sc) config.pii.erase(config.pii.length()-1, 1); } else if ( v.is("threshold") ) - config.threshold = v.get_long(); + config.threshold = v.get_uint32(); else return false; diff --git a/src/ips_options/ips_session.cc b/src/ips_options/ips_session.cc index 55f1b4a49..9ec87c9df 100644 --- a/src/ips_options/ips_session.cc +++ b/src/ips_options/ips_session.cc @@ -339,7 +339,7 @@ bool SsnModule::begin(const char*, int, SnortConfig*) bool SsnModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~mode") ) - data.session_flag = v.get_long() + 1; + data.session_flag = v.get_uint8() + 1; else return false; diff --git a/src/ips_options/ips_sid.cc b/src/ips_options/ips_sid.cc index 8a516578c..360897a83 100644 --- a/src/ips_options/ips_sid.cc +++ b/src/ips_options/ips_sid.cc @@ -36,7 +36,7 @@ using namespace snort; static const Parameter s_params[] = { - { "~", Parameter::PT_INT, "1:", nullptr, + { "~", Parameter::PT_INT, "1:max32", nullptr, "signature id" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -55,7 +55,7 @@ public: { return DETECT; } public: - int sid; + uint32_t sid; }; bool SidModule::set(const char*, Value& v, SnortConfig*) @@ -63,7 +63,7 @@ bool SidModule::set(const char*, Value& v, SnortConfig*) if ( !v.is("~") ) return false; - sid = v.get_long(); + sid = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_tag.cc b/src/ips_options/ips_tag.cc index 549b89c1b..f23d0b4f3 100644 --- a/src/ips_options/ips_tag.cc +++ b/src/ips_options/ips_tag.cc @@ -42,13 +42,13 @@ static const Parameter s_params[] = { "~", Parameter::PT_ENUM, "session|host_src|host_dst", nullptr, "log all packets in session or all packets to or from host" }, - { "packets", Parameter::PT_INT, "1:", nullptr, + { "packets", Parameter::PT_INT, "1:max32", nullptr, "tag this many packets" }, - { "seconds", Parameter::PT_INT, "1:", nullptr, + { "seconds", Parameter::PT_INT, "1:max32", nullptr, "tag for this many seconds" }, - { "bytes", Parameter::PT_INT, "1:", nullptr, + { "bytes", Parameter::PT_INT, "1:max32", nullptr, "tag for this many bytes" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -105,7 +105,7 @@ bool TagModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("~") ) { - switch (v.get_long()) + switch (v.get_uint8()) { case 0: tag->tag_type = TAG_SESSION; @@ -125,17 +125,17 @@ bool TagModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("packets") ) { tag->tag_metric |= TAG_METRIC_PACKETS; - tag->tag_packets = v.get_long(); + tag->tag_packets = v.get_uint32(); } else if ( v.is("seconds") ) { tag->tag_metric |= TAG_METRIC_SECONDS; - tag->tag_seconds = v.get_long(); + tag->tag_seconds = v.get_uint32(); } else if ( v.is("bytes") ) { tag->tag_metric |= TAG_METRIC_BYTES; - tag->tag_bytes = v.get_long(); + tag->tag_bytes = v.get_uint32(); } else return false; diff --git a/src/ips_options/ips_target.cc b/src/ips_options/ips_target.cc index 737e76990..1c22de31b 100644 --- a/src/ips_options/ips_target.cc +++ b/src/ips_options/ips_target.cc @@ -63,8 +63,8 @@ bool TargetModule::set(const char*, Value& v, SnortConfig*) if ( !v.is("~") ) return false; - assert(v.get_long() >= 0 and v.get_long() <= TARGET_MAX); - target = static_cast(v.get_long() + 1); + assert(v.get_uint8() <= TARGET_MAX); + target = static_cast(v.get_uint8() + 1); return true; } diff --git a/src/latency/latency_module.cc b/src/latency/latency_module.cc index 482c9eb3e..bda8881a8 100644 --- a/src/latency/latency_module.cc +++ b/src/latency/latency_module.cc @@ -44,7 +44,7 @@ using namespace snort; static const Parameter s_packet_params[] = { - { "max_time", Parameter::PT_INT, "0:", "500", + { "max_time", Parameter::PT_INT, "0:max53", "500", "set timeout for packet latency thresholding (usec)" }, { "fastpath", Parameter::PT_BOOL, nullptr, "false", @@ -58,7 +58,7 @@ static const Parameter s_packet_params[] = static const Parameter s_rule_params[] = { - { "max_time", Parameter::PT_INT, "0:", "500", + { "max_time", Parameter::PT_INT, "0:max53", "500", "set timeout for rule evaluation (usec)" }, // We could just treat suspend_threshold == 0 as suspend == false @@ -66,10 +66,10 @@ static const Parameter s_rule_params[] = { "suspend", Parameter::PT_BOOL, nullptr, "false", "temporarily suspend expensive rules" }, - { "suspend_threshold", Parameter::PT_INT, "1:", "5", + { "suspend_threshold", Parameter::PT_INT, "1:max32", "5", "set threshold for number of timeouts before suspending a rule" }, - { "max_suspend_time", Parameter::PT_INT, "0:", "30000", + { "max_suspend_time", Parameter::PT_INT, "0:max32", "30000", "set max time for suspending a rule (ms, 0 means permanently disable rule)" }, { "action", Parameter::PT_ENUM, "none | alert | log | alert_and_log", "none", @@ -120,7 +120,7 @@ static inline bool latency_set(Value& v, PacketLatencyConfig& config) { if ( v.is("max_time") ) { - long t = clock_ticks(v.get_long()); + long t = clock_ticks(v.get_int64()); config.max_time = TO_DURATION(config.max_time, t); } else if ( v.is("fastpath") ) @@ -128,7 +128,7 @@ static inline bool latency_set(Value& v, PacketLatencyConfig& config) else if ( v.is("action") ) config.action = - static_cast(v.get_long()); + static_cast(v.get_uint8()); else return false; @@ -139,23 +139,23 @@ static inline bool latency_set(Value& v, RuleLatencyConfig& config) { if ( v.is("max_time") ) { - long t = clock_ticks(v.get_long()); + long t = clock_ticks(v.get_uint64()); config.max_time = TO_DURATION(config.max_time, t); } else if ( v.is("suspend") ) config.suspend = v.get_bool(); else if ( v.is("suspend_threshold") ) - config.suspend_threshold = v.get_long(); + config.suspend_threshold = v.get_uint32(); else if ( v.is("max_suspend_time") ) { - long t = clock_ticks(v.get_long()); + long t = clock_ticks(v.get_uint32()); config.max_suspend_time = TO_DURATION(config.max_time, t); } else if ( v.is("action") ) config.action = - static_cast(v.get_long()); + static_cast(v.get_uint8()); else return false; diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index f3a3d3970..5dc662c69 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -470,7 +470,7 @@ static const Parameter s_params[] = { "fields", Parameter::PT_MULTI, csv_range, csv_deflt, "selected fields will be output in given order left to right" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { "separator", Parameter::PT_STRING, nullptr, ", ", @@ -495,8 +495,8 @@ public: public: bool file; + size_t limit; string sep; - unsigned long limit; vector fields; }; @@ -516,7 +516,7 @@ bool CsvModule::set(const char*, Value& v, SnortConfig*) } else if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else if ( v.is("separator") ) sep = v.get_string(); diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 412c1d147..db9d7f822 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -80,7 +80,7 @@ static const Parameter s_params[] = { "packet", Parameter::PT_BOOL, nullptr, "false", "output packet dump with alert" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -101,8 +101,8 @@ public: { return CONTEXT; } public: + size_t limit; bool file; - unsigned long limit; bool packet; }; @@ -115,7 +115,7 @@ bool FastModule::set(const char*, Value& v, SnortConfig*) packet = v.get_bool(); else if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else return false; diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index 4bc294016..faa4ef98e 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -66,7 +66,7 @@ static const Parameter s_params[] = { "file", Parameter::PT_BOOL, nullptr, "false", "output to " F_NAME " instead of stdout" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -88,7 +88,7 @@ public: public: bool file; - unsigned long limit; + size_t limit; }; bool FullModule::set(const char*, Value& v, SnortConfig*) @@ -97,7 +97,7 @@ bool FullModule::set(const char*, Value& v, SnortConfig*) file = v.get_bool(); else if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else return false; diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index 073cadb9a..e5e12065d 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -634,7 +634,7 @@ static const Parameter s_params[] = { "fields", Parameter::PT_MULTI, json_range, json_deflt, "selected fields will be output in given order left to right" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { "separator", Parameter::PT_STRING, nullptr, ", ", @@ -659,8 +659,8 @@ public: public: bool file; + size_t limit; string sep; - unsigned long limit; vector fields; }; @@ -680,7 +680,7 @@ bool JsonModule::set(const char*, Value& v, SnortConfig*) } else if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else if ( v.is("separator") ) sep = v.get_string(); diff --git a/src/loggers/alert_sf_socket.cc b/src/loggers/alert_sf_socket.cc index 0d17fe7ce..8462fcbaf 100644 --- a/src/loggers/alert_sf_socket.cc +++ b/src/loggers/alert_sf_socket.cc @@ -67,10 +67,10 @@ typedef vector RuleVector; static const Parameter rule_params[] = { - { "gid", Parameter::PT_INT, "1:", "1", + { "gid", Parameter::PT_INT, "1:max32", "1", "rule generator ID" }, - { "sid", Parameter::PT_INT, "1:", "1", + { "sid", Parameter::PT_INT, "1:max32", "1", "rule signature ID" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -114,10 +114,10 @@ bool SfSocketModule::set(const char*, Value& v, SnortConfig*) file = v.get_string(); else if ( v.is("gid") ) - rule.gid = v.get_long(); + rule.gid = v.get_uint32(); else if ( v.is("sid") ) - rule.sid = v.get_long(); + rule.sid = v.get_uint32(); return true; } diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index 0f6edce6e..fabf9bb33 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -159,10 +159,10 @@ public: bool SyslogModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("facility") ) - facility = get_facility(v.get_long()); + facility = get_facility(v.get_uint8()); else if ( v.is("level") ) - level = get_level(v.get_long()); + level = get_level(v.get_uint8()); else if ( v.is("options") ) options = get_options(v.get_string()); diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc index 818470928..9abecd43a 100644 --- a/src/loggers/log_hext.cc +++ b/src/loggers/log_hext.cc @@ -168,10 +168,10 @@ static const Parameter s_params[] = { "raw", Parameter::PT_BOOL, nullptr, "false", "output all full packets if true, else just TCP payload" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, - { "width", Parameter::PT_INT, "0:", "20", + { "width", Parameter::PT_INT, "0:max32", "20", "set line width (0 is unlimited)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -191,7 +191,7 @@ public: public: bool file; bool raw; - unsigned long limit; + size_t limit; unsigned width; }; @@ -204,10 +204,10 @@ bool HextModule::set(const char*, Value& v, SnortConfig*) raw = v.get_bool(); else if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else if ( v.is("width") ) - width = v.get_long(); + width = v.get_uint32(); else return false; diff --git a/src/loggers/log_pcap.cc b/src/loggers/log_pcap.cc index ffb7c4b42..62ac36196 100644 --- a/src/loggers/log_pcap.cc +++ b/src/loggers/log_pcap.cc @@ -74,7 +74,7 @@ static void TcpdumpRollLogFile(LtdConfig*); static const Parameter s_params[] = { - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -95,13 +95,13 @@ public: { return CONTEXT; } public: - unsigned long limit; + size_t limit; }; bool TcpdumpModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else return false; @@ -159,7 +159,7 @@ static void TcpdumpInitLogFile(LtdConfig*, bool no_timestamp) if(!no_timestamp) { char timestamp[16]; - snprintf(timestamp, sizeof(timestamp), ".%lu", context.lastTime); + snprintf(timestamp, sizeof(timestamp), ".%lu", (unsigned long)context.lastTime); filename += timestamp; } diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 74b950afa..f0b067ce2 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -62,7 +62,7 @@ using namespace std; struct Unified2Config { - unsigned int limit; + size_t limit; int nostamp; bool legacy_events; }; @@ -788,7 +788,7 @@ static const Parameter s_params[] = { "legacy_events", Parameter::PT_BOOL, nullptr, "false", "generate Snort 2.X style events for barnyard2 compatibility" }, - { "limit", Parameter::PT_INT, "0:", "0", + { "limit", Parameter::PT_INT, "0:maxSZ", "0", "set maximum size in MB before rollover (0 is unlimited)" }, { "nostamp", Parameter::PT_BOOL, nullptr, "true", @@ -812,7 +812,7 @@ public: { return CONTEXT; } public: - unsigned limit; + size_t limit; bool nostamp; bool legacy_events; }; @@ -820,7 +820,7 @@ public: bool U2Module::set(const char*, Value& v, SnortConfig*) { if ( v.is("limit") ) - limit = v.get_long() * 1024 * 1024; + limit = v.get_size() * 1024 * 1024; else if ( v.is("nostamp") ) nostamp = v.get_bool(); diff --git a/src/main/help.cc b/src/main/help.cc index e80fd1ccf..f1b3d346f 100644 --- a/src/main/help.cc +++ b/src/main/help.cc @@ -43,37 +43,38 @@ using namespace snort; using namespace std; -#define snort_help \ - "\n" \ - "Snort has several options to get more help:\n" \ - "\n" \ - "-? list command line options (same as --help)\n" \ - "--help this overview of help\n" \ - "--help-commands [] output matching commands\n" \ - "--help-config [] output matching config options\n" \ - "--help-counts [] output matching peg counts\n" \ - "--help-module output description of given module\n" \ - "--help-modules list all available modules with brief help\n" \ - "--help-plugins list all available plugins with brief help\n" \ - "--help-options [