From: Russ Combs (rucombs) Date: Wed, 21 Nov 2018 23:17:00 +0000 (-0500) Subject: Merge pull request #1441 in SNORT/snort3 from ~RUCOMBS/snort3:misc_cleanup to master X-Git-Tag: 3.0.0-250~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0376d7864e0ee0f61bf78725b7a8d22bc73a27d1;p=thirdparty%2Fsnort3.git Merge pull request #1441 in SNORT/snort3 from ~RUCOMBS/snort3:misc_cleanup to master Squashed commit of the following: commit e6da3affd41e11f616a61fd8f899f17122d898da Author: russ Date: Wed Nov 21 16:06:27 2018 -0500 snort: terminate gracefully upon DAQ start failure thanks to Jaime González for reporting the issue commit 7a53539c715464c6e78f4594332bf55008757058 Author: russ Date: Wed Nov 21 15:54:10 2018 -0500 snort: remove obsolete and inadequate -W option thanks to Jaime González for reporting the issue commit 9f479de6d021ef49fc456d20dc511525c6cc20e5 Author: russ Date: Wed Nov 21 14:12:50 2018 -0500 snort: fix command line parameters to support setting in Lua thanks to Meridoff for reporting the issue --- diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 1990bd7b8..4cf2a9794 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -50,7 +50,6 @@ #include "main/snort_config.h" #include "managers/inspector_manager.h" #include "packet_io/active.h" -#include "packet_io/intf.h" #include "packet_io/sfdaq.h" #include "service_inspectors/http_inspect/http_enum.h" @@ -223,7 +222,7 @@ void FastLogger::alert(Packet* p, const char* msg, const Event& event) event.sig_info->gid, event.sig_info->sid, event.sig_info->rev); if (SnortConfig::alert_interface()) - TextLog_Print(fast_log, " <%s> ", PRINT_INTERFACE(SFDAQ::get_interface_spec())); + TextLog_Print(fast_log, " <%s> ", SFDAQ::get_interface_spec()); if ( msg ) TextLog_Puts(fast_log, msg); diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index 928c82d6a..4bc294016 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -44,7 +44,6 @@ #include "log/log_text.h" #include "log/text_log.h" #include "main/snort_config.h" -#include "packet_io/intf.h" #include "packet_io/sfdaq.h" #include "protocols/packet.h" @@ -158,7 +157,7 @@ void FullLogger::alert(Packet* p, const char* msg, const Event& event) if (SnortConfig::alert_interface()) { - const char* iface = PRINT_INTERFACE(SFDAQ::get_interface_spec()); + const char* iface = SFDAQ::get_interface_spec(); TextLog_Print(full_log, " <%s> ", iface); } diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index d881479ff..0f6edce6e 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -30,7 +30,6 @@ #include "framework/module.h" #include "log/messages.h" #include "main/snort_config.h" -#include "packet_io/intf.h" #include "packet_io/sfdaq.h" #include "protocols/packet.h" #include "utils/util.h" @@ -227,7 +226,7 @@ static void AlertSyslog( if (SnortConfig::alert_interface()) { SnortSnprintfAppend(event_string, sizeof(event_string), - "<%s> ", PRINT_INTERFACE(SFDAQ::get_interface_spec())); + "<%s> ", SFDAQ::get_interface_spec()); } } if ((p != nullptr) && p->ptrs.ip_api.is_ip()) diff --git a/src/main/help.cc b/src/main/help.cc index 61c63a5db..e80fd1ccf 100644 --- a/src/main/help.cc +++ b/src/main/help.cc @@ -34,7 +34,6 @@ #include "managers/plugin_manager.h" #include "managers/script_manager.h" #include "managers/so_manager.h" -#include "packet_io/intf.h" #include "packet_io/sfdaq.h" #include "utils/util.h" @@ -276,12 +275,6 @@ void config_markup(SnortConfig*, const char*) exit(0); } -[[noreturn]] void list_interfaces(SnortConfig*) -{ - PrintAllInterfaces(); - exit(0); -} - [[noreturn]] void list_modules(SnortConfig* sc, const char* val) { show_help(sc, val, HT_LST); diff --git a/src/main/help.h b/src/main/help.h index 67f851ed2..6d7be6ae6 100644 --- a/src/main/help.h +++ b/src/main/help.h @@ -48,7 +48,6 @@ void help_args(const char* pfx); [[noreturn]] void list_modules(snort::SnortConfig* sc, const char*); [[noreturn]] void list_plugins(snort::SnortConfig* sc, const char*); -[[noreturn]] void list_interfaces(snort::SnortConfig*); [[noreturn]] void list_daqs(snort::SnortConfig* sc); [[noreturn]] void dump_defaults(snort::SnortConfig* sc, const char*); diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index a4e7f9afd..9062a5130 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -149,6 +149,15 @@ static const Command snort_cmds[] = // users aren't used to seeing the standard help format for command line // args so the few cases where there is a default, we include it in the // help as well. +// +// command line options can be specified in Lua instead by doing e.g. +// +// snort = { }; snort["-z"] = 2 +// +// so a default value can't be provided for args that kick off optional +// run modes such as --rule-to-text because the program will do strange +// things like waiting on stdin for input that won't be coming. in these +// cases the default must only be indicated in the help. //------------------------------------------------------------------------- static const Parameter s_params[] = @@ -256,9 +265,6 @@ static const Parameter s_params[] = { "-v", Parameter::PT_IMPLIED, nullptr, nullptr, "be verbose" }, - { "-W", Parameter::PT_IMPLIED, nullptr, nullptr, - "lists available interfaces" }, - { "-X", Parameter::PT_IMPLIED, nullptr, nullptr, "dump the raw packet data starting at the link layer" }, @@ -449,8 +455,9 @@ static const Parameter s_params[] = { "--rule-to-hex", Parameter::PT_IMPLIED, nullptr, nullptr, "output so rule header to stdout for text rule on stdin" }, - { "--rule-to-text", Parameter::PT_STRING, "16", "[SnortFoo]", - "output plain so rule header to stdout for text rule on stdin" }, + { "--rule-to-text", Parameter::PT_STRING, "16", nullptr, + "output plain so rule header to stdout for text rule on stdin " + "(specify delimiter or [Snort_SO_Rule] will be used)" }, { "--run-prefix", Parameter::PT_STRING, nullptr, nullptr, " prepend this to each output file" }, @@ -714,9 +721,6 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("-v") ) sc->set_verbose(true); - else if ( v.is("-W") ) - list_interfaces(sc); - else if ( v.is("-X") ) sc->set_dump_payload_verbose(true); diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 3c0178a14..8cea5a670 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -715,6 +715,13 @@ void InspectorManager::thread_stop(SnortConfig*) void InspectorManager::thread_term(SnortConfig*) { + // FIXIT-L this check required if startup failed in + // Analyzer::analyze before thread_init is called eg + // Can't start DAQ (-1) - socket: Operation not permitted + // ideally thread_term not called w/o calling thread_init + if ( !s_tl_handlers ) + return; + // Call tterm for every inspector plugin ever configured during the lifetime of this thread for ( PHGlobal& phg : *s_tl_handlers ) { diff --git a/src/packet_io/CMakeLists.txt b/src/packet_io/CMakeLists.txt index 1d73e1c64..563bfd465 100644 --- a/src/packet_io/CMakeLists.txt +++ b/src/packet_io/CMakeLists.txt @@ -13,8 +13,6 @@ endif (ENABLE_UNIT_TESTS) add_library (packet_io OBJECT active.cc active.h - intf.cc - intf.h sfdaq.cc sfdaq.h sfdaq_config.cc diff --git a/src/packet_io/intf.cc b/src/packet_io/intf.cc deleted file mode 100644 index a77ffe20c..000000000 --- a/src/packet_io/intf.cc +++ /dev/null @@ -1,76 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2013-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "intf.h" - -#include -#include - -#include "log/messages.h" -#include "sfip/sf_ip.h" - -//------------------------------------------------------------------------------ -// interface stuff -//------------------------------------------------------------------------------ - -void PrintAllInterfaces() -{ - char errorbuf[PCAP_ERRBUF_SIZE]; - pcap_if_t* alldevs; - pcap_if_t* dev; - int j = 1; - - if (pcap_findalldevs(&alldevs, errorbuf) == -1) - snort::FatalError("Could not get device list: %s.", errorbuf); - - printf("Index\tDevice\tPhysical Address\tIP Address\tDescription\n"); - printf("-----\t------\t----------------\t----------\t-----------\n"); - - for (dev = alldevs; dev != nullptr; dev = dev->next, j++) - { - printf("%5d", j); - printf("\t%s", dev->name); - printf("\t00:00:00:00:00:00"); - - if (dev->addresses) - { - struct sockaddr_in* saddr = (struct sockaddr_in*)dev->addresses->addr; - if ((saddr->sin_family == AF_INET) || (saddr->sin_family == AF_INET6)) - { - snort::SfIp dev_ip; - dev_ip.set(&saddr->sin_addr, saddr->sin_family); - - snort::SfIpString ip; - printf("\t%s", dev_ip.ntop(ip)); - } - else - printf("\tdisabled"); - } - else - printf("\tdisabled"); - - printf("\t%s\n", dev->description); - } - pcap_freealldevs(alldevs); -} - diff --git a/src/packet_io/intf.h b/src/packet_io/intf.h deleted file mode 100644 index ac49513df..000000000 --- a/src/packet_io/intf.h +++ /dev/null @@ -1,30 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2013-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -#ifndef INTF_H -#define INTF_H - -/* This macro helps to simplify the differences between Win32 and - non-Win32 code when printing out the name of the interface */ -#define PRINT_INTERFACE(i) ((i) ? (i) : "NULL") - -void PrintAllInterfaces(); - -#endif - diff --git a/src/packet_io/sfdaq.cc b/src/packet_io/sfdaq.cc index 1f851234a..71b4b95b2 100644 --- a/src/packet_io/sfdaq.cc +++ b/src/packet_io/sfdaq.cc @@ -30,6 +30,7 @@ extern "C" { #include } +#include #include #include "log/messages.h" @@ -224,6 +225,7 @@ SFDAQInstance* SFDAQ::get_local_instance() const char* SFDAQ::get_interface_spec() { + assert(local_instance->get_interface_spec()); return local_instance->get_interface_spec(); }