From: Masud Hasan (mashasan) Date: Mon, 21 Jun 2021 19:18:23 +0000 (+0000) Subject: Merge pull request #2930 in SNORT/snort3 from ~MMATIRKO/snort3:snort_docker to master X-Git-Tag: 3.1.7.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72c7aa1002affc7aecce6a835a505bd99d15c65b;p=thirdparty%2Fsnort3.git Merge pull request #2930 in SNORT/snort3 from ~MMATIRKO/snort3:snort_docker to master Squashed commit of the following: commit d3a7ea0a8a94c50ca91bd3bb45be34337a8e8721 Author: Michael Matirko Date: Thu Jun 10 11:03:41 2021 -0400 main: implement test_features run flag to enable debug-like output commit bdb3926895abb3d78dbc27046430d48c0bdd10cc Author: Michael Matirko Date: Fri Jun 4 11:38:12 2021 -0400 sfip: fix unit tests for non-regtest builds commit 2afa7a822c85641dbb7acaf9585b86781968baa9 Author: Michael Matirko Date: Thu Jun 3 15:58:32 2021 -0400 snort2lua: remove footprint size config --- diff --git a/src/main/snort_config.h b/src/main/snort_config.h index 683f7fcc7..bf73f6c2f 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -72,11 +72,13 @@ enum RunFlag RUN_FLAG__IP_FRAGS_ONLY = 0x00200000, RUN_FLAG__DUMP_RULE_STATE = 0x00400000, + RUN_FLAG__TEST_FEATURES = 0x00800000, + #ifdef SHELL - RUN_FLAG__SHELL = 0x00800000, + RUN_FLAG__SHELL = 0x01000000, #endif #ifdef PIGLET - RUN_FLAG__PIGLET = 0x01000000, + RUN_FLAG__PIGLET = 0x02000000, #endif }; @@ -611,6 +613,9 @@ public: bool assure_established() const { return run_flags & RUN_FLAG__ASSURE_EST; } + bool test_features() const + { return run_flags & RUN_FLAG__TEST_FEATURES; } + // other stuff uint8_t min_ttl() const { return get_network_policy()->min_ttl; } diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index a013ac424..a909fcd3d 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -131,7 +131,7 @@ static const Command snort_cmds[] = #endif //------------------------------------------------------------------------- -// why not +// hex conversion helper funcs //------------------------------------------------------------------------- [[noreturn]] static void c2x(const char* s) @@ -378,6 +378,9 @@ static const Parameter s_params[] = { "--enable-inline-test", Parameter::PT_IMPLIED, nullptr, nullptr, "enable Inline-Test Mode Operation" }, + { "--enable-test-features", Parameter::PT_IMPLIED, nullptr, nullptr, + "enable features used in testing" }, + { "--gen-msg-map", Parameter::PT_IMPLIED, nullptr, nullptr, "dump configured rules in gen-msg.map format for use by other tools" }, @@ -920,6 +923,12 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("--enable-inline-test") ) sc->run_flags |= RUN_FLAG__INLINE_TEST; + else if ( v.is("--enable-test-features") ) + { + sc->run_flags |= RUN_FLAG__TEST_FEATURES; + SfIp::test_features = true; + } + else if ( v.is("--gen-msg-map") ) { sc->run_flags |= (RUN_FLAG__DUMP_MSG_MAP | RUN_FLAG__TEST); diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index 0b58e5db0..c5024f00b 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -179,6 +179,7 @@ TEST(appid_debug, reverse_direction_activate_test) TEST(appid_debug, ipv6_test) { // set_constraints() + SfIp::test_features = true; AppIdDebugSessionConstraints constraints = { }; SetConstraints(IpProtocol::UDP, "2001:db8:85a3::8a2e:370:7334", 1234, "2001:db8:85a3::8a2e:370:7335", 443, constraints); @@ -204,13 +205,9 @@ TEST(appid_debug, ipv6_test) CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() -#ifdef REG_TEST const char* str = "2001:0db8:85a3:0000:0000:8a2e:0370:7334 1234 -> " "2001:0db8:85a3:0000:0000:8a2e:0370:7335 443 17 AS=100 ID=3"; -#else - const char* str = "2001:db8:85a3::8a2e:370:7334 1234 -> " - "2001:db8:85a3::8a2e:370:7335 443 17 AS=100 ID=3"; -#endif + CHECK_TRUE(strcmp(appidDebug->get_debug_session(), str) == 0); delete &session.get_api(); diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc index 363738e64..29b78526e 100644 --- a/src/sfip/sf_ip.cc +++ b/src/sfip/sf_ip.cc @@ -37,6 +37,8 @@ using namespace snort; +bool SfIp::test_features{ false }; + /* Masks off 'val' bits from the IP contained within 'ip' */ inline int SfIp::cidr_mask(int val) { @@ -405,46 +407,49 @@ const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsi return buf; } -#if !defined(REG_TEST) && !defined(CATCH_TEST_BUILD) - if (!inet_ntop(family, ip_raw, buf, bufsize)) - snprintf(buf, bufsize, "ERROR"); -#else - /* 4 fields of at most 3 characters each */ - if (family == AF_INET) + if ( !SfIp::test_features ) { - int i; - const uint8_t* p = (const uint8_t*)ip_raw; - - for (i=0; p < ((const uint8_t*)ip_raw) + 4; p++) - { - i += sprintf(&buf[i], "%d", *p); - - /* If this is the last iteration, this could technically cause one - * extra byte to be written past the end. */ - if (i < bufsize && ((p + 1) < ((const uint8_t*)ip_raw+4))) - buf[i] = '.'; - - i++; - } + if (!inet_ntop(family, ip_raw, buf, bufsize)) + snprintf(buf, bufsize, "ERROR"); } else { - int i; - const uint16_t* p = (const uint16_t*)ip_raw; + /* 4 fields of at most 3 characters each */ + if (family == AF_INET) + { + int i; + const uint8_t* p = (const uint8_t*)ip_raw; + + for (i=0; p < ((const uint8_t*)ip_raw) + 4; p++) + { + i += sprintf(&buf[i], "%d", *p); - for (i=0; p < ((const uint16_t*)ip_raw) + 8; p++) + /* If this is the last iteration, this could technically cause one + * extra byte to be written past the end. */ + if (i < bufsize && ((p + 1) < ((const uint8_t*)ip_raw+4))) + buf[i] = '.'; + + i++; + } + } + else { - i += sprintf(&buf[i], "%04x", ntohs(*p)); + int i; + const uint16_t* p = (const uint16_t*)ip_raw; + + for (i=0; p < ((const uint16_t*)ip_raw) + 8; p++) + { + i += sprintf(&buf[i], "%04x", ntohs(*p)); - /* If this is the last iteration, this could technically cause one - * extra byte to be written past the end. */ - if (i < bufsize && ((p + 1) < ((const uint16_t*)ip_raw) + 8)) - buf[i] = ':'; + /* If this is the last iteration, this could technically cause one + * extra byte to be written past the end. */ + if (i < bufsize && ((p + 1) < ((const uint16_t*)ip_raw) + 8)) + buf[i] = ':'; - i++; + i++; + } } } -#endif return buf; } diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h index a40fbcabe..0446932e0 100644 --- a/src/sfip/sf_ip.h +++ b/src/sfip/sf_ip.h @@ -101,6 +101,8 @@ struct SO_PUBLIC SfIp void obfuscate(const SfCidr* ob); + static bool test_features; + private: int cidr_mask(int val); bool _is_equals(const SfIp& rhs) const; diff --git a/src/sfip/sf_ipvar.cc b/src/sfip/sf_ipvar.cc index e9777dd14..698dca2ba 100644 --- a/src/sfip/sf_ipvar.cc +++ b/src/sfip/sf_ipvar.cc @@ -1206,6 +1206,8 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]") sfip_var_t* var1; sfip_var_t* var2; + SfIp::test_features = true; + SECTION("basic list merge") { table = sfvt_alloc_table(); @@ -1232,6 +1234,7 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]") CHECK(sfvt_add_str(table, "my_cidr [ 192.168.0.0/16, f0:e0:d0:c0::8/64, 10.10.1.8/19," " f0:e0:d1:c1::1/32]", &var2) == SFIP_SUCCESS); print_var_list(var2->head); + CHECK(!strcmp("10.10.0.0,192.168.0.0,00f0:00e0:0000:0000:0000:0000:0000:0000", sfipvar_test_buff)); @@ -1300,6 +1303,9 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]") SECTION("merge contained IPs and negated-IPs") { + + SfIp::test_features = true; + table = sfvt_alloc_table(); CHECK(sfvt_add_str(table, "foo 1.2.3.4, cafe:feed:beef::0/48", &var1) == SFIP_SUCCESS); @@ -1312,6 +1318,7 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]") /* Check merged IP lists */ print_var_list(var1->head); + CHECK(!strcmp("1.2.0.0,cafe:0000:0000:0000:0000:0000:0000:0000", sfipvar_test_buff)); print_var_list(var1->neg_head); CHECK(!strcmp("!9.0.0.0,!dead:beef:0000:0000:0000:0000:0000:0000", sfipvar_test_buff)); diff --git a/src/sfip/test/sf_ip_test.cc b/src/sfip/test/sf_ip_test.cc index 738afdbb0..1ca03aa58 100644 --- a/src/sfip/test/sf_ip_test.cc +++ b/src/sfip/test/sf_ip_test.cc @@ -248,6 +248,8 @@ static FuncTest ftests[] = static int RunFunc(const char* func, const char* arg1, const char* arg2) { + SfIp::test_features = true; + SfCidr cidr1, cidr2; const SfIp* ip1, * ip2; int result = SFIP_FAILURE; diff --git a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc index fe8aaed35..308eb1740 100644 --- a/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc +++ b/tools/snort2lua/preprocessor_states/pps_stream5_tcp.cc @@ -374,11 +374,7 @@ bool StreamTcp::convert(std::istringstream& data_stream) } else if (keyword == "use_static_footprint_sizes") { - table_api.add_diff_option_comment("use_static_footprint_sizes", - "stream.footprint = 192"); - table_api.close_table(); - table_api.open_top_level_table("stream"); - table_api.add_option("footprint", 192); + table_api.add_deleted_comment("use_static_footprint_sizes"); table_api.close_table(); table_api.open_table("stream_tcp"); }