From: Tom Peters (thopeter) Date: Fri, 21 Sep 2018 17:11:05 +0000 (-0400) Subject: Merge pull request #1359 in SNORT/snort3 from pause_after_n to master X-Git-Tag: 3.0.0-248~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66e613aa88879c4dc489577bf555048c491c310d;p=thirdparty%2Fsnort3.git Merge pull request #1359 in SNORT/snort3 from pause_after_n to master Squashed commit of the following: commit 777a72243206730ae2880e5f1cf2386d5290d7a8 Author: mdagon Date: Tue Aug 14 10:54:37 2018 -0400 snort: pause-after-n support --- diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index bb764dfd0..567836e42 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -147,6 +147,11 @@ void Analyzer::analyze() // The main analyzer loop is terminated by a command returning false or an error during acquire while (!exit_requested) { + if ( Snort::get_pause()) + { + pause(); + Snort::clear_pause(); + } if (handle_command()) continue; @@ -202,7 +207,7 @@ void Analyzer::pause() set_state(State::PAUSED); else ErrorMessage("Analyzer: Received PAUSE command while in state %s\n", - get_state_string()); + get_state_string()); } void Analyzer::resume() @@ -211,7 +216,7 @@ void Analyzer::resume() set_state(State::RUNNING); else ErrorMessage("Analyzer: Received RESUME command while in state %s\n", - get_state_string()); + get_state_string()); } void Analyzer::reload_daq() diff --git a/src/main/snort.cc b/src/main/snort.cc index 38ca13d0f..f91ac2ec6 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -370,7 +370,7 @@ bool Snort::drop_privileges() if (!SFDAQ::unprivileged()) { ParseError("Cannot drop privileges - %s DAQ does not support unprivileged operation.\n", - SFDAQ::get_type()); + SFDAQ::get_type()); return false; } if (!SetUidGid(SnortConfig::get_uid(), SnortConfig::get_gid())) @@ -486,6 +486,8 @@ void Snort::clean_exit(int) bool Snort::initializing = true; bool Snort::reloading = false; bool Snort::privileges_dropped = false; +bool Snort::pause = false; +bool Snort::was_paused = false; bool Snort::is_starting() { return initializing; } @@ -759,10 +761,11 @@ bool Snort::thread_init_privileged(const char* intf) s_data = new uint8_t[65535]; show_source(intf); - SnortConfig::get_conf()->thread_config->implement_thread_affinity(STHREAD_TYPE_PACKET, get_instance_id()); + SnortConfig::get_conf()->thread_config->implement_thread_affinity(STHREAD_TYPE_PACKET, + get_instance_id()); // FIXIT-M the start-up sequence is a little off due to dropping privs - SFDAQInstance *daq_instance = new SFDAQInstance(intf); + SFDAQInstance* daq_instance = new SFDAQInstance(intf); SFDAQ::set_local_instance(daq_instance); if (!daq_instance->configure(SnortConfig::get_conf())) { @@ -807,7 +810,7 @@ void Snort::thread_init_unprivileged() HighAvailabilityManager::thread_init(); // must be before InspectorManager::thread_init(); InspectorManager::thread_init(SnortConfig::get_conf()); PacketTracer::thread_init(); - + // in case there are HA messages waiting, process them first HighAvailabilityManager::process_receive(); PacketManager::thread_init(); @@ -834,7 +837,7 @@ void Snort::thread_term() s_packet = nullptr; - SFDAQInstance *daq_instance = SFDAQ::get_local_instance(); + SFDAQInstance* daq_instance = SFDAQ::get_local_instance(); if ( daq_instance->was_started() ) daq_instance->stop(); SFDAQ::set_local_instance(nullptr); @@ -1019,7 +1022,14 @@ DAQ_Verdict Snort::packet_callback( if ( SnortConfig::get_conf()->pkt_cnt && pc.total_from_daq >= SnortConfig::get_conf()->pkt_cnt ) SFDAQ::break_loop(-1); - +#ifdef REG_TEST + else if ( SnortConfig::get_conf()->pkt_pause_cnt && !was_paused && + pc.total_from_daq >= SnortConfig::get_conf()->pkt_pause_cnt ) + { + SFDAQ::break_loop(0); + was_paused = pause = true; + } +#endif else if ( break_time() ) SFDAQ::break_loop(0); diff --git a/src/main/snort.h b/src/main/snort.h index e796f4709..5caef79cf 100644 --- a/src/main/snort.h +++ b/src/main/snort.h @@ -72,6 +72,9 @@ public: SO_PUBLIC static Packet* get_packet(); + static bool get_pause() { return pause; } + static void clear_pause() { pause = false; } + private: static void init(int, char**); static void term(); @@ -81,6 +84,8 @@ private: static bool initializing; static bool reloading; static bool privileges_dropped; + static bool pause; + static bool was_paused; }; } diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index 120c3575f..91ecf2d77 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -433,6 +433,9 @@ void SnortConfig::merge(SnortConfig* cmd_line) if (cmd_line->pkt_skip != 0) pkt_skip = cmd_line->pkt_skip; + if (cmd_line->pkt_pause_cnt != 0) + pkt_pause_cnt = cmd_line->pkt_pause_cnt; + if (cmd_line->group_id != -1) group_id = cmd_line->group_id; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index 3f8d05058..83acda4f4 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -265,6 +265,7 @@ public: uint64_t pkt_cnt = 0; /* -n */ uint64_t pkt_skip = 0; + uint64_t pkt_pause_cnt = 0; std::string bpf_file; /* -F or config bpf_file */ diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index daf4fe3df..c76311eb8 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -390,6 +390,11 @@ static const Parameter s_params[] = { "--pause", Parameter::PT_IMPLIED, nullptr, nullptr, "wait for resume/quit command before processing packets/terminating", }, +#ifdef REG_TEST + { "--pause-after-n", Parameter::PT_INT, "1:", nullptr, + " pause after count packets, to be used with single packet thread only", }, +#endif + { "--parsing-follows-files", Parameter::PT_IMPLIED, nullptr, nullptr, "parse relative paths from the perspective of the current configuration file" }, @@ -473,11 +478,11 @@ static const Parameter s_params[] = "use drop, sdrop, and reject rules to ignore session traffic when not inline" }, { "--tweaks", Parameter::PT_STRING, nullptr, nullptr, - "tune configuration" }, + "tune configuration" }, #ifdef UNIT_TEST { "--catch-test", Parameter::PT_STRING, nullptr, nullptr, - "comma separated list of cat unit test tags or 'all'" }, + "comma separated list of cat unit test tags or 'all'" }, #endif { "--version", Parameter::PT_IMPLIED, nullptr, nullptr, "show version number (same as -V)" }, @@ -517,7 +522,7 @@ static const Parameter s_params[] = { "--x2s", Parameter::PT_STRING, nullptr, nullptr, "output ASCII string for given byte code (see also --x2c)" }, - + { "--trace", Parameter::PT_IMPLIED, nullptr, nullptr, "turn on main loop debug trace" }, @@ -558,7 +563,7 @@ public: { return proc_names; } PegCount* get_counts() const override - { return (PegCount*) &proc_stats; } + { return (PegCount*)&proc_stats; } bool global_stats() const override { return true; } @@ -740,10 +745,9 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) stringstream ss { v.get_string() }; string path; - while( getline(ss, path, ':') ) + while ( getline(ss, path, ':') ) sc->daq_config->add_module_dir(path.c_str()); } - else if ( v.is("--daq-list") ) list_daqs(sc); @@ -754,7 +758,6 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else sc->daq_config->set_variable(v.get_string(), instance_id); } - else if ( v.is("--dirty-pig") ) sc->set_dirty_pig(true); @@ -845,6 +848,11 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("--pause") ) sc->run_flags |= RUN_FLAG__PAUSE; +#ifdef REG_TEST + else if ( v.is("--pause-after-n") ) + sc->pkt_pause_cnt = v.get_long(); +#endif + else if ( v.is("--parsing-follows-files") ) parsing_follows_files = true;