From: Michael Altizer (mialtize) Date: Wed, 5 Dec 2018 14:32:36 +0000 (-0500) Subject: Merge pull request #1454 in SNORT/snort3 from ~MIALTIZE/snort3:preng to master X-Git-Tag: 3.0.0-250~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f6ad7437d5181ef8c1a5ea2925d79e1d5610cb6;p=thirdparty%2Fsnort3.git Merge pull request #1454 in SNORT/snort3 from ~MIALTIZE/snort3:preng to master Squashed commit of the following: commit 05e0b65ebfc22ce68aada07f94e98442de5e6867 Author: Michael Altizer Date: Tue Oct 9 18:36:25 2018 -0400 snort: Default to a snaplen of 1518 commit d4e70b104c72b6768dc328fda396d251171707c9 Author: Michael Altizer Date: Sat Nov 3 15:03:46 2018 -0400 module_manager: Fix configuring module parameter defaults when modules have list parameters commit 9166086ae089c4296be087bb91d02dd761b8b9e0 Author: Michael Altizer Date: Mon Oct 29 10:36:47 2018 -0400 snort2lua: Fix compiler warning for catching exceptions by value commit 8ae596426cccfab0c898013e881dfc39f16eba84 Author: Michael Altizer Date: Wed Oct 3 14:41:34 2018 -0400 thread: No more breaks for pigs (union busting) commit 8cdf8b414bcc153797024c1406369e8389137098 Author: Michael Altizer Date: Fri Aug 31 13:31:11 2018 -0400 appid: Don't build unit test components without ENABLE_UNIT_TESTS --- diff --git a/src/main/snort.cc b/src/main/snort.cc index 7841fc7e8..88a7715c8 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -1056,8 +1056,6 @@ DAQ_Verdict Snort::packet_callback( SFDAQ::break_loop(0); s_pause.was_paused = s_pause.pause = true; } - else if ( break_time() ) - SFDAQ::break_loop(0); s_switcher->stop(); diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index 9062a5130..839346053 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -244,8 +244,8 @@ static const Parameter s_params[] = { "-S", Parameter::PT_STRING, nullptr, nullptr, " set config variable x equal to value v" }, - { "-s", Parameter::PT_INT, "68:65535", "1514", - " (same as --snaplen); default is 1514" }, + { "-s", Parameter::PT_INT, "68:65535", "1518", + " (same as --snaplen); default is 1518" }, { "-T", Parameter::PT_IMPLIED, nullptr, nullptr, "test and report on the current Snort configuration" }, @@ -481,7 +481,7 @@ static const Parameter s_params[] = { "--skip", Parameter::PT_INT, "0:", nullptr, " skip 1st n packets", }, - { "--snaplen", Parameter::PT_INT, "68:65535", "1514", + { "--snaplen", Parameter::PT_INT, "68:65535", "1518", " set snaplen of packet (same as -s)", }, { "--stdin-rules", Parameter::PT_IMPLIED, nullptr, nullptr, diff --git a/src/main/thread.cc b/src/main/thread.cc index 4b7364862..e0f9017c9 100644 --- a/src/main/thread.cc +++ b/src/main/thread.cc @@ -50,25 +50,6 @@ void set_instance_id(unsigned id) void set_thread_type(SThreadType type) { thread_type = type; } -//------------------------------------------------------------------------- -// union rules - breaks are mandatory and must be taken in daq thread -//------------------------------------------------------------------------- - -static unsigned g_breaks = 0; -static THREAD_LOCAL unsigned t_breaks = 0; - -void take_break() -{ g_breaks++; } - -bool break_time() -{ - if ( t_breaks == g_breaks ) - return false; - - t_breaks = g_breaks; - return true; -} - namespace snort { unsigned get_instance_id() diff --git a/src/main/thread.h b/src/main/thread.h index eca181d97..f0602343b 100644 --- a/src/main/thread.h +++ b/src/main/thread.h @@ -64,7 +64,4 @@ SO_PUBLIC inline bool is_packet_thread() SO_PUBLIC const char* get_instance_file(std::string&, const char* name); } -void take_break(); -bool break_time(); - #endif diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 331660062..bb08afa74 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -535,36 +535,41 @@ static bool top_level(const char* s) static bool begin(Module* m, const Parameter* p, const char* s, int idx, int depth) { - if ( !p ) + // Module::(verified_)begin() will be called for top-level tables, lists, and list items only + if ( top_level(s) ) { - p = m->get_parameters(); - assert(p); - } - - // Module::begin() top-level, lists, and list items only - if ( top_level(s) or - (!idx and p->type == Parameter::PT_LIST) or - (idx and p->type != Parameter::PT_LIST) ) - { - //printf("begin %s %d\n", s, idx); if ( !m->verified_begin(s, idx, s_config) ) return false; - } - // don't set list defaults - if ( m->is_list() or p->type == Parameter::PT_LIST ) - { - if ( !idx ) + // don't set list defaults + if ( m->is_list() and !idx ) return true; + if ( !p ) + { + p = m->get_parameters(); + assert(p); + } } - - // set list item defaults only if explicitly configured - // (this is why it is done here and not in the loop below) - if ( p->type == Parameter::PT_LIST ) + else { - const Parameter* t = - reinterpret_cast(p->range); + assert(p); + if ((!idx and p->type == Parameter::PT_LIST) or + (idx and p->type != Parameter::PT_LIST) ) + { + if ( !m->verified_begin(s, idx, s_config) ) + return false; + } + if ( p->type == Parameter::PT_LIST ) + { + // don't set list defaults (list items have idx > 0) + if ( !idx ) + return true; - return begin(m, t, s, idx, depth+1); + // set list item defaults only if explicitly configured + // (this is why it is done here and not in the loop below) + const Parameter* list_item_params = reinterpret_cast(p->range); + + return begin(m, list_item_params, s, idx, depth+1); + } } // don't begin subtables again @@ -582,10 +587,9 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep // traverse subtables only to set defaults case Parameter::PT_TABLE: { - const Parameter* t = - reinterpret_cast(p->range); + const Parameter* table_item_params = reinterpret_cast(p->range); - if ( !begin(m, t, fqn.c_str(), idx, depth+1) ) + if ( !begin(m, table_item_params, fqn.c_str(), idx, depth+1) ) return false; } break; @@ -599,7 +603,6 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep if ( p->deflt ) { bool b = p->get_bool(); - //printf("set default %s = %s\n", fqn.c_str(), p->deflt); set_bool(fqn.c_str(), b); } break; @@ -610,7 +613,6 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep if ( p->deflt ) { double d = p->get_number(); - //printf("set default %s = %f\n", fqn.c_str(), d); set_number(fqn.c_str(), d); } break; @@ -618,10 +620,7 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep // everything else is a string of some sort default: if ( p->deflt ) - { - //printf("set default %s = %s\n", fqn.c_str(), p->deflt); set_string(fqn.c_str(), p->deflt); - } break; } ++p; @@ -647,7 +646,6 @@ static bool end(Module* m, const Parameter* p, const char* s, int idx) (!idx and p->type == Parameter::PT_LIST) or (idx and p->type != Parameter::PT_LIST) ) { - //printf("end %s %d\n", s, idx); return m->verified_end(s, idx, s_config); } return true; @@ -666,8 +664,6 @@ SO_PUBLIC bool set_alias(const char* from, const char* to) SO_PUBLIC bool open_table(const char* s, int idx) { - //printf("open %s %d\n", s, idx); - const char* orig = s; string fqn = s; set_type(fqn); @@ -744,8 +740,6 @@ SO_PUBLIC bool open_table(const char* s, int idx) SO_PUBLIC void close_table(const char* s, int idx) { - //printf("close %s %d\n", s, idx); - string fqn = s; set_type(fqn); s = fqn.c_str(); @@ -783,21 +777,18 @@ SO_PUBLIC void close_table(const char* s, int idx) SO_PUBLIC bool set_bool(const char* fqn, bool b) { - //printf("bool %s %d\n", fqn, b); Value v(b); return set_value(fqn, v); } SO_PUBLIC bool set_number(const char* fqn, double d) { - //printf("real %s %f\n", fqn, d); Value v(d); return set_value(fqn, v); } SO_PUBLIC bool set_string(const char* fqn, const char* s) { - //printf("string %s %s\n", fqn, s); Value v(s); return set_value(fqn, v); } diff --git a/src/network_inspectors/appid/test/CMakeLists.txt b/src/network_inspectors/appid/test/CMakeLists.txt index 3fd626d79..a421447f6 100644 --- a/src/network_inspectors/appid/test/CMakeLists.txt +++ b/src/network_inspectors/appid/test/CMakeLists.txt @@ -1,4 +1,11 @@ -add_library(appid_cpputest_deps OBJECT ../appid_peg_counts.cc ../../../sfip/sf_ip.cc ../../../utils/util_cstring.cc) + +if ( ENABLE_UNIT_TESTS ) + add_library(appid_cpputest_deps OBJECT EXCLUDE_FROM_ALL + ../appid_peg_counts.cc + ../../../sfip/sf_ip.cc + ../../../utils/util_cstring.cc + ) +endif ( ENABLE_UNIT_TESTS ) include_directories ( appid PRIVATE ${APPID_INCLUDE_DIR} ) @@ -39,18 +46,24 @@ add_cpputest( appid_http_session_test ) if ( ENABLE_APPID_THIRD_PARTY ) - add_library(tp_mock MODULE tp_mock.cc) - add_cpputest( tp_lib_handler_test - SOURCES tp_lib_handler_test.cc - ../tp_lib_handler.cc - LIBS dl + add_cpputest( tp_lib_handler_test + SOURCES + tp_lib_handler_test.cc + ../tp_lib_handler.cc + LIBS + dl ) - add_cpputest( tp_appid_types_test - SOURCES tp_appid_types_test.cc + if ( ENABLE_UNIT_TESTS ) + add_library(tp_mock MODULE EXCLUDE_FROM_ALL tp_mock.cc) + set_property(TARGET tp_mock PROPERTY ENABLE_EXPORTS 1) + add_dependencies(tp_lib_handler_test tp_mock) + endif ( ENABLE_UNIT_TESTS ) + + add_cpputest( tp_appid_types_test + SOURCES tp_appid_types_test.cc ) - set_property(TARGET tp_mock PROPERTY ENABLE_EXPORTS 1) endif() diff --git a/src/packet_io/sfdaq.cc b/src/packet_io/sfdaq.cc index 71b4b95b2..a1851f9c1 100644 --- a/src/packet_io/sfdaq.cc +++ b/src/packet_io/sfdaq.cc @@ -51,7 +51,7 @@ using namespace std; #define DAQ_DEFAULT "pcap" #endif -static const int DEFAULT_PKT_SNAPLEN = 1514; +static const int DEFAULT_PKT_SNAPLEN = 1518; // common for all daq threads / instances static const DAQ_Module_t* daq_mod = nullptr; diff --git a/tools/snort2lua/config_states/config_ignore_ports.cc b/tools/snort2lua/config_states/config_ignore_ports.cc index 9019ef713..2ac07804f 100644 --- a/tools/snort2lua/config_states/config_ignore_ports.cc +++ b/tools/snort2lua/config_states/config_ignore_ports.cc @@ -111,13 +111,13 @@ bool IgnorePorts::convert(std::istringstream& data_stream) bind.add_when_port(std::to_string(i)); } } - catch (std::invalid_argument) + catch (std::invalid_argument&) { data_api.failed_conversion(data_stream, "can't convert " + port); retval = false; bind.print_binding(false); // don't print the binding if an error occurred } - catch (std::out_of_range) + catch (std::out_of_range&) { data_api.failed_conversion(data_stream, "Port" + port + " must be <= 65535"); retval = false;