From: Bhagya Tholpady (bbantwal) Date: Fri, 9 Oct 2020 16:36:58 +0000 (+0000) Subject: Merge pull request #2406 in SNORT/snort3 from ~BBANTWAL/snort3:lua_snort_version... X-Git-Tag: 3.0.3-3~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=330a0b39d0509a575f7aeea8a90fb76fcb4b54de;p=thirdparty%2Fsnort3.git Merge pull request #2406 in SNORT/snort3 from ~BBANTWAL/snort3:lua_snort_version to master Squashed commit of the following: commit 84c77e479426a68fc09faf91e43eab75fe5338b5 Author: Bhagya Tholpady Date: Thu Oct 8 15:39:26 2020 -0400 managers: Delete obsolete variable parsing code commit d914f1df3c109b3c6de79be2f7ad30a3f8c7a15c Author: Bhagya Tholpady Date: Thu Oct 8 15:38:56 2020 -0400 managers: Skip snort_set lua function for non-table top level keys in finalize.lua commit 5ae145f0d4dedd3bf129de4fdc42404a50734105 Author: Bhagya Tholpady Date: Thu Oct 8 15:38:16 2020 -0400 main: Add lua variables for snort version and build --- diff --git a/doc/user/overview.txt b/doc/user/overview.txt index e1f323eb8..287b0e81d 100644 --- a/doc/user/overview.txt +++ b/doc/user/overview.txt @@ -234,6 +234,31 @@ If we also wanted to limit retries to at least 5 seconds, we could do: active = { max_responses = 1, min_interval = 5 } +== Lua Variables + +The following Global Lua Variables are available when Snort is run with +a lua config using -c option. + +* SNORT_VERSION: points to a string containing snort version and build as +follows: + + SNORT_VERSION = "3.0.2-x" + +* SNORT_MAJOR_VERSION: Snort version's major +number. + + SNORT_MAJOR_VERSION = 3 + +* SNORT_MINOR_VERSION: Snort version's minor +number. + + SNORT_MINOR_VERSION = 0 + +* SNORT_PATCH_VERSION: Snort version's patch +number. + + SNORT_PATCH_VERSION = 2 + ==== Whitelist When Snort is run with the --warn-conf-strict option, warnings will be @@ -275,8 +300,8 @@ You can use both approaches together. ==== Includes -Your configuration file file may include other files, either directly via Lua or via -various parameters. Snort will find relative includes in the following order: +Your configuration file may include other files, either directly via Lua or via +various parameters. Snort will find relative includes in the following order: 1. If you specify --include-path, this directory will be tried first. 2. Snort will try the directory containing the including file. diff --git a/src/main/shell.cc b/src/main/shell.cc index 3889ebdc9..4fdc8b60c 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -38,6 +38,8 @@ #include "parser/parser.h" #include "utils/stats.h" +#include "build.h" + using namespace snort; using namespace std; @@ -45,6 +47,37 @@ using namespace std; // helper functions //------------------------------------------------------------------------- +static const char* versions[] = { + "SNORT_VERSION", + "SNORT_MAJOR_VERSION", + "SNORT_MINOR_VERSION", + "SNORT_PATCH_VERSION", + nullptr +}; + +static void install_version_strings(lua_State* L) +{ + assert(versions[0]); + + lua_pushstring(L, VERSION "-" BUILD); + lua_setglobal(L, versions[0]); + + std::istringstream vs(VERSION); + for ( int i = 1 ; versions[i] ; i++ ) + { + std::string tmp; + int num = 0; + std::getline(vs, tmp, '.'); + + if ( !tmp.empty() ) + num = stoi(tmp); + + lua_pushinteger(L, num); + lua_setglobal(L, versions[i]); + } +} + + string Shell::fatal; std::stack Shell::current_shells; ConfigOutput* Shell::s_config_output = nullptr; @@ -330,6 +363,7 @@ Shell::Shell(const char* s, bool load_defaults) : loaded = false; load_string(lua, ModuleManager::get_lua_bootstrap()); + install_version_strings(lua); bootstrapped = true; if ( load_defaults ) diff --git a/src/managers/finalize.lua b/src/managers/finalize.lua index d3dabb1bd..47d3e0266 100644 --- a/src/managers/finalize.lua +++ b/src/managers/finalize.lua @@ -36,16 +36,8 @@ function snort_traverse(tab, fqn) for key,val in pairs(tab) do -- skip Lua reserved symbols if ( string.sub(key, 1, 1) ~= '_' ) then - if ( type(val) == 'string' ) then - snort_set(fqn, key, val) - end - end - end - - for key,val in pairs(tab) do - -- skip Lua reserved symbols - if ( string.sub(key, 1, 1) ~= '_' ) then - if ( type(val) ~= 'string' ) then + --skip anything at the top level other than tables + if ( type(val) == 'table' or fqn ) then snort_set(fqn, key, val) end end diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 4e0206f13..e9d33e860 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -403,56 +403,6 @@ static const Parameter* get_params( return get_params(new_fqn, m, p, idx); } -static bool ignored(const char* fqn) -{ - static const char* ignore = nullptr; - - if ( !ignore ) - { - ignore = getenv("SNORT_IGNORE"); - if ( !ignore ) - ignore = ""; - } - const char* s = strstr(ignore, fqn); - - if ( !s ) - return false; - - if ( s != ignore && s[-1] != ' ' ) - return false; - - s += strlen(fqn); - - if ( *s && *s != ' ' ) - return false; - - return true; -} - -// FIXIT-M vars may have been defined on command line. that mechanism will -// be replaced with pulling a Lua chunk from the command line and stuffing -// into L before setting configs; that will overwrite -// -// FIXIT-L presently no way to catch errors like EXTERNAL_NET = not HOME_NET -// which becomes a bool var and is ignored. -static bool set_var(const char* fqn, const Value& v) -{ - bool to_be_set = v.get_type() == Value::VT_STR; - - if ( to_be_set ) - { - if ( get_ips_policy() != nullptr ) - SetVar(s_config, fqn, v.get_string()); - } - else - { - if ( !ignored(fqn) ) - ParseWarning(WARN_SYMBOLS, "unknown symbol %s", fqn); - } - - return to_be_set; -} - static bool set_param(Module* mod, const char* fqn, Value& val) { Shell::set_config_value(fqn, val); @@ -478,7 +428,11 @@ static bool set_value(const char* fqn, Value& v) Module* mod = ModuleManager::get_module(key.c_str()); if ( !mod ) - return set_var(fqn, v); + { + ParseError("can't find %s", key.c_str()); + ++s_errors; + return false; + } const Parameter* p; auto a = s_pmap.find(t);