From: Russ Combs (rucombs) Date: Thu, 23 Jan 2020 03:11:14 +0000 (+0000) Subject: Merge pull request #1929 in SNORT/snort3 from ~ALLEWI/snort3:disable_normalization_de... X-Git-Tag: 3.0.0-268~44 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=676b2320919795ccf8faff059aa2407cef0f9823;p=thirdparty%2Fsnort3.git Merge pull request #1929 in SNORT/snort3 from ~ALLEWI/snort3:disable_normalization_defaults to master Squashed commit of the following: commit dcf81f202f0d8aa46297cb90cbf69c8eaf371f14 Author: allewi Date: Thu Jan 9 16:55:53 2020 -0500 normalizer: disable all normalizations by default except for tcp.ips --- diff --git a/src/network_inspectors/normalize/norm_module.cc b/src/network_inspectors/normalize/norm_module.cc index cb894040f..73b057d63 100644 --- a/src/network_inspectors/normalize/norm_module.cc +++ b/src/network_inspectors/normalize/norm_module.cc @@ -87,7 +87,7 @@ static bool allow_codes(NormalizerConfig* config, const char* s) static const Parameter norm_ip4_params[] = { - { "base", Parameter::PT_BOOL, nullptr, "true", + { "base", Parameter::PT_BOOL, nullptr, "false", "clear options" }, { "df", Parameter::PT_BOOL, nullptr, "false", @@ -107,13 +107,13 @@ static const Parameter norm_ip4_params[] = static const Parameter norm_tcp_params[] = { - { "base", Parameter::PT_BOOL, nullptr, "true", + { "base", Parameter::PT_BOOL, nullptr, "false", "clear reserved bits and option padding and fix urgent pointer / flags issues" }, - { "block", Parameter::PT_BOOL, nullptr, "true", + { "block", Parameter::PT_BOOL, nullptr, "false", "allow packet drops during TCP normalization" }, - { "urp", Parameter::PT_BOOL, nullptr, "true", + { "urp", Parameter::PT_BOOL, nullptr, "false", "adjust urgent pointer if beyond segment length" }, { "ips", Parameter::PT_BOOL, nullptr, "true", @@ -122,7 +122,7 @@ static const Parameter norm_tcp_params[] = { "ecn", Parameter::PT_SELECT, "off | packet | stream", "off", "clear ecn for all packets | sessions w/o ecn setup" }, - { "pad", Parameter::PT_BOOL, nullptr, "true", + { "pad", Parameter::PT_BOOL, nullptr, "false", "clear any option padding bytes" }, { "trim_syn", Parameter::PT_BOOL, nullptr, "false", @@ -140,19 +140,19 @@ static const Parameter norm_tcp_params[] = { "trim", Parameter::PT_BOOL, nullptr, "false", "enable all of the TCP trim options" }, - { "opts", Parameter::PT_BOOL, nullptr, "true", + { "opts", Parameter::PT_BOOL, nullptr, "false", "clear all options except mss, wscale, timestamp, and any explicitly allowed" }, - { "req_urg", Parameter::PT_BOOL, nullptr, "true", + { "req_urg", Parameter::PT_BOOL, nullptr, "false", "clear the urgent pointer if the urgent flag is not set" }, - { "req_pay", Parameter::PT_BOOL, nullptr, "true", + { "req_pay", Parameter::PT_BOOL, nullptr, "false", "clear the urgent pointer and the urgent flag if there is no payload" }, - { "rsv", Parameter::PT_BOOL, nullptr, "true", + { "rsv", Parameter::PT_BOOL, nullptr, "false", "clear the reserved bits in the TCP header" }, - { "req_urp", Parameter::PT_BOOL, nullptr, "true", + { "req_urp", Parameter::PT_BOOL, nullptr, "false", "clear the urgent flag if the urgent pointer is not set" }, { "allow_names", Parameter::PT_MULTI,