From: George Koikara (gkoikara) Date: Thu, 27 Jun 2019 10:02:43 +0000 (-0400) Subject: Merge pull request #1597 in SNORT/snort3 from ~POAWASTH/snort3:HA to master X-Git-Tag: 3.0.0-258~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5528c1aef35ce1b12704a9b40c207de62375825f;p=thirdparty%2Fsnort3.git Merge pull request #1597 in SNORT/snort3 from ~POAWASTH/snort3:HA to master Squashed commit of the following: commit ec4a4fbf906685e5ed48e9b8d9a2b37848ac16f9 Author: Pooja Awasthi Date: Mon Jun 3 04:25:04 2019 -0400 high_availability: high availability support in Snort2Lua commit 921d334faceea4b4b3d0050a809f6b27add2b43f Merge: f33a1a3b0d fc765be03d Author: Pooja Awasthi Date: Thu Jun 20 01:02:06 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit f33a1a3b0d6c129a5ed60fa840cd135155151340 Merge: 8f33e02bbf 0f1bfa63a2 Author: Pooja Awasthi Date: Tue Jun 18 01:30:18 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 8f33e02bbf85b66976c9b033c76d60975feea419 Merge: ef5462a197 5f54ed99ca Author: Pooja Awasthi Date: Mon Jun 17 01:47:17 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit ef5462a19724068d4f30ab47145a111e1398a449 Merge: 354a0f43b3 728c88e590 Author: Pooja Awasthi Date: Wed Jun 12 01:52:57 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 354a0f43b30341dc8bbc0feeae7ee7f11289976c Merge: 05771d2a9d 2a063bd7fc Author: Pooja Awasthi Date: Mon Jun 3 04:26:16 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 05771d2a9d7fabe20dbef9998346ac2d932b84ee Merge: ea74ebefe4 35d4b98423 Author: Pooja Awasthi Date: Fri May 24 14:22:51 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit ea74ebefe459505932e9633ecc58acf86f72afb1 Merge: b05e64d3f4 514211db93 Author: Pooja Awasthi Date: Fri May 24 04:42:35 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit b05e64d3f4c7e0be9946a6b94ef38227a5b93962 Merge: fd54dd4c67 683220535f Author: Pooja Awasthi Date: Mon May 20 13:24:12 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit fd54dd4c67b610c1fb2b9a8fee809c49e6275fac Merge: 3be4b6fd38 91d81bb4c4 Author: Pooja Awasthi Date: Wed May 15 01:18:15 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 3be4b6fd38ba5133795559ed5a696912d11fbf76 Merge: 49e4495f9d 2c994c4987 Author: Pooja Awasthi Date: Fri May 10 02:29:14 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 49e4495f9d094c0978465aef4694a0689cc9331b Merge: 7875fdda54 51c6942a68 Author: Pooja Awasthi Date: Wed May 8 00:42:12 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 7875fdda543729688243daf17d28ab1de9a5291a Merge: 0bf526d1f8 42f72b3882 Author: Pooja Awasthi Date: Mon May 6 11:36:04 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit 0bf526d1f8b4c02bed19fd6a649c70268ec5ff00 Author: Pooja Awasthi Date: Wed May 1 13:09:08 2019 -0400 Revert "ha: Precommit for snort2lua Changes" This reverts commit b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1. commit 3bb98944144ae4d780ec26fa77e81f2ed9f06f84 Merge: b26b0b5b6f a62e18d8c1 Author: Pooja Awasthi Date: Wed May 1 12:46:20 2019 -0400 Merge branch 'master' of ssh://bitbucket-eng-rtp1.cisco.com:7999/~poawasth/snort3 commit b26b0b5b6f08b641b49c4ac4cc7c1e426a362ca1 Author: Pooja Awasthi Date: Wed May 1 12:40:48 2019 -0400 ha: Precommit for snort2lua Changes --- diff --git a/doc/high_availability.txt b/doc/high_availability.txt index 8f1ee2d25..904bfb503 100644 --- a/doc/high_availability.txt +++ b/doc/high_availability.txt @@ -18,8 +18,8 @@ The HA module is configured with these items: { ports = "1", enable = true, - min_age = 0.0, - min_sync = 0.0 + min_age = 0, + min_sync = 0 } The 'ports' item maps to the SideChannel port to use for the HA messaging. @@ -27,10 +27,10 @@ The 'ports' item maps to the SideChannel port to use for the HA messaging. The 'enabled' item controls the overall HA operation. The items min_age and min_sync are used in the stream HA logic. min_age is -the number of seconds that a flow must exist in the flow cache before sending +the number of milliseconds that a flow must exist in the flow cache before sending HA messages to the partner. min_sync is the minimum time between HA status updates. HA messages for a particular flow will not be sent faster than -min_sync. Both are expressed as a floating point number of seconds. +min_sync. Both are expressed as a number of milliseconds. HA messages are composed of the base 'stream' information plus any content from additional modules. Modules subscribe HA in order to add message diff --git a/src/flow/ha_module.cc b/src/flow/ha_module.cc index fb5017036..b6da2ce11 100644 --- a/src/flow/ha_module.cc +++ b/src/flow/ha_module.cc @@ -47,11 +47,11 @@ static const Parameter ha_params[] = { "ports", Parameter::PT_BIT_LIST, "65535", nullptr, "side channel message port list" }, - { "min_age", Parameter::PT_REAL, "0.0:100.0", "1.0", - "minimum session life in seconds before HA updates" }, + { "min_age", Parameter::PT_INT, "0:max32", "0", + "minimum session life in milliseconds before HA updates" }, - { "min_sync", Parameter::PT_REAL, "0.0:100.0", "0.1", - "minimum interval in seconds between HA updates" }, + { "min_sync", Parameter::PT_INT, "0:max32", "0", + "minimum interval in milliseconds between HA updates" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -79,12 +79,10 @@ THREAD_LOCAL ProfileStats ha_perf_stats; //------------------------------------------------------------------------- -static void convert_real_seconds_to_timeval(double seconds, struct timeval* tv) +static void convert_milliseconds_to_timeval(uint32_t milliseconds, struct timeval* tv) { - double whole = trunc(seconds); - double fraction = (seconds - whole); - tv->tv_sec = (time_t)whole; - tv->tv_usec = (long int)(fraction * 1.0E6); + tv->tv_sec = (milliseconds / 1000); + tv->tv_usec = (milliseconds % 1000) * 1000; } HighAvailabilityModule::HighAvailabilityModule() : @@ -140,11 +138,11 @@ bool HighAvailabilityModule::set(const char*, Value& v, SnortConfig*) } else if ( v.is("min_age") ) { - convert_real_seconds_to_timeval(v.get_real(), &config->min_session_lifetime); + convert_milliseconds_to_timeval(v.get_uint32(), &config->min_session_lifetime); } else if ( v.is("min_sync") ) { - convert_real_seconds_to_timeval(v.get_real(), &config->min_sync_interval); + convert_milliseconds_to_timeval(v.get_uint32(), &config->min_sync_interval); } else return false; diff --git a/tools/snort2lua/preprocessor_states/CMakeLists.txt b/tools/snort2lua/preprocessor_states/CMakeLists.txt index e6d923f0a..c3c995f7a 100644 --- a/tools/snort2lua/preprocessor_states/CMakeLists.txt +++ b/tools/snort2lua/preprocessor_states/CMakeLists.txt @@ -35,6 +35,7 @@ add_library(preprocessor_states OBJECT pps_stream5_global.cc pps_stream5_tcp.cc pps_stream5_udp.cc + pps_stream5_ha.cc preprocessor_api.h preprocessor_api.cc ) diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_global.cc b/tools/snort2lua/preprocessor_states/pps_stream5_global.cc index dbcda8c11..d9f9e9702 100644 --- a/tools/snort2lua/preprocessor_states/pps_stream5_global.cc +++ b/tools/snort2lua/preprocessor_states/pps_stream5_global.cc @@ -59,8 +59,11 @@ bool StreamGlobal::convert(std::istringstream& data_stream) table_api.add_deleted_comment("disabled"); else if (keyword == "enable_ha") - table_api.add_unsupported_comment("enable_ha"); - + { + table_api.open_top_level_table("high_availability"); + table_api.add_option("enable", true); + table_api.close_table(); + } else if (keyword == "memcap") table_api.add_deleted_comment("memcap"); diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_ha.cc b/tools/snort2lua/preprocessor_states/pps_stream5_ha.cc new file mode 100644 index 000000000..4082296b9 --- /dev/null +++ b/tools/snort2lua/preprocessor_states/pps_stream5_ha.cc @@ -0,0 +1,107 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2019-2019 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// pps_stream5_ha.cc author Pooja Awasthi + +#include +#include +#include + +#include "conversion_state.h" +#include "helpers/s2l_util.h" +#include "helpers/util_binder.h" + +namespace preprocessors +{ +namespace +{ +class StreamHa : public ConversionState +{ +public: + StreamHa(Converter& c) : ConversionState(c) { } + bool convert(std::istringstream& data_stream) override; +}; +} // namespace + +bool StreamHa::convert(std::istringstream& data_stream) +{ + std::string keyword; + bool retval = true; + + table_api.open_table("high_availability"); + table_api.add_diff_option_comment("stream5_ha", "high_availability"); + + while (util::get_string(data_stream, keyword, ",")) + { + bool tmpval = true; + std::istringstream arg_stream(keyword); + + if (!(arg_stream >> keyword)) + tmpval = false; + + if (keyword == "min_session_lifetime") + { + table_api.add_diff_option_comment("min_session_lifetime", "min_age"); + tmpval = parse_int_option("min_age", arg_stream , false); + } + else if (keyword == "min_sync_interval") + { + table_api.add_diff_option_comment("min_sync_interval", "min_sync"); + tmpval = parse_int_option("min_sync", arg_stream,false); + } + else if (keyword == "use_daq") + { + table_api.add_diff_option_comment("use_daq", "daq_channel"); + tmpval = table_api.add_option("daq_channel", true); + } + else if (keyword == "startup_input_file") + tmpval = parse_deleted_option("startup_input_file", arg_stream); + else if (keyword == "runtime_output_file") + tmpval = parse_deleted_option("runtime_output_file", arg_stream); + else if (keyword == "shutdown_output_file") + tmpval = parse_deleted_option("shutdown_output_file", arg_stream); + else if (keyword == "use_side_channel") + table_api.add_unsupported_comment("use_side_channel"); + else + tmpval = false; + + if (!tmpval) + { + data_api.failed_conversion(data_stream, arg_stream.str()); + retval = false;; + } + } + table_api.close_table(); // ha stream + return retval; +} +/************************** + ******* A P I *********** + **************************/ + +static ConversionState* ctor(Converter& c) +{ + return new StreamHa(c); +} + +static const ConvertMap preprocessor_stream_ha = +{ + "stream5_ha", + ctor, +}; + +const ConvertMap* stream_ha_map = &preprocessor_stream_ha; +} // namespace preprocessors diff --git a/tools/snort2lua/preprocessor_states/preprocessor_api.cc b/tools/snort2lua/preprocessor_states/preprocessor_api.cc index 98f0d6721..51363010d 100644 --- a/tools/snort2lua/preprocessor_states/preprocessor_api.cc +++ b/tools/snort2lua/preprocessor_states/preprocessor_api.cc @@ -62,6 +62,7 @@ extern const ConvertMap* stream_ip_map; extern const ConvertMap* stream_global_map; extern const ConvertMap* stream_tcp_map; extern const ConvertMap* stream_udp_map; +extern const ConvertMap* stream_ha_map; std::vector preprocessor_api = { @@ -100,8 +101,9 @@ std::vector preprocessor_api = smtp_map, ssh_map, ssl_map, - stream_ip_map, stream_global_map, + stream_ha_map, + stream_ip_map, stream_tcp_map, stream_udp_map, };