From: Russ Combs (rucombs) Date: Tue, 23 Nov 2021 21:34:24 +0000 (+0000) Subject: Pull request #3160: Dead code X-Git-Tag: 3.1.18.0~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9296863309d1627087178bb53c2858795ad6173a;p=thirdparty%2Fsnort3.git Pull request #3160: Dead code Merge in SNORT/snort3 from ~RUCOMBS/snort3:dead_code to master Squashed commit of the following: commit 4822f91965a6219c28d2786d02a1d302a23cd2db Author: russ Date: Wed Nov 10 09:00:16 2021 -0500 utils: reduce flex generation of unused js normalizer code commit be2f17d4a46e4461094d7bf1a4c6ace4aad49471 Author: russ Date: Tue Nov 9 22:51:29 2021 -0500 appid: exclude stubs from coverage commit 787e0ab1671fc9c3f7aebf6f022731acdcd5e43f Author: russ Date: Tue Nov 9 16:00:05 2021 -0500 stream_user: refactor, remove cruft commit 87c9afe6b700e32ffdb11a3f14d7e716cefe76d1 Author: russ Date: Tue Nov 9 12:47:58 2021 -0500 rna: refactor unit test stubs commit 7b18a15516928e54df078a95e23d2c728d23519e Author: russ Date: Tue Nov 9 12:44:47 2021 -0500 search_engines: remove unused test code commit 6428b1fe7286fafd5b263fd26cc93714687cad3c Author: russ Date: Mon Nov 8 15:20:25 2021 -0500 reputation: remove unused sfrt code commit 192adfc363122d0e192bb4c931521542829b5035 Author: russ Date: Mon Nov 8 14:07:55 2021 -0500 piglets: refactor support code commit c75c67c9979d58f32101aa041fbc2212e4a9429d Author: russ Date: Mon Nov 8 13:36:14 2021 -0500 alert_sf_socket: remove obselete logger commit c8681a19ffd3c9184d7670a19f3ad7be55255f70 Author: russ Date: Mon Nov 8 11:57:24 2021 -0500 build: remove config.h from headers commit 5b102d96778edb30a10767f6d9e07d0fc859352a Author: russ Date: Mon Nov 8 07:05:33 2021 -0500 unified2: remove cruft commit a42e9e174445af49633dcbcfec39cef73a53f7d2 Author: russ Date: Sun Nov 7 05:47:39 2021 -0500 stream_tcp: remove unused unit test code commit bb40e0e171418955f025d1db6485f1e08a6dc9c2 Author: russ Date: Fri Nov 5 15:24:11 2021 -0400 build: remove unreachable code --- diff --git a/doc/devel/style.txt b/doc/devel/style.txt index 24738ebff..f1e124a81 100644 --- a/doc/devel/style.txt +++ b/doc/devel/style.txt @@ -285,9 +285,8 @@ yet firm so feedback is welcome to get something we can live with. * All .cc files should include config.h with the standard block shown below immediately following the initial comment blocks and before anything else. This presents a consistent view of all included header files as well as - access to any other configure-time definitions. No .h files should include - config.h unless they are guaranteed to be local header files (never - installed). + access to any other configure-time definitions. To avoid issues, no .h files + should include config.h, even if not installed. #ifdef HAVE_CONFIG_H #include "config.h" diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc index 4582062cc..acac4a9e3 100644 --- a/src/actions/act_react.cc +++ b/src/actions/act_react.cc @@ -281,10 +281,8 @@ bool ReactModule::begin(const char*, int, SnortConfig*) bool ReactModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("page") ) - return getpage(v.get_string()); - - return true; + assert(v.is("page")); + return getpage(v.get_string()); } std::string ReactModule::get_data() diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc index d1a2b2a49..b1a02f32b 100644 --- a/src/actions/act_reject.cc +++ b/src/actions/act_reject.cc @@ -250,9 +250,6 @@ bool RejectModule::set(const char*, Value& v, SnortConfig*) flags |= unr[v.get_uint8()]; } - else - return false; - return true; } diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 371f654a6..930045fa5 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -219,8 +219,6 @@ bool UdpModule::set(const char*, Value& v, SnortConfig*) v.get_bits(ports); config->set_geneve_ports(ports); } - else - return false; return true; } diff --git a/src/connectors/file_connector/file_connector_module.cc b/src/connectors/file_connector/file_connector_module.cc index a18b654ad..05cd55296 100644 --- a/src/connectors/file_connector/file_connector_module.cc +++ b/src/connectors/file_connector/file_connector_module.cc @@ -86,30 +86,22 @@ bool FileConnectorModule::set(const char*, Value& v, SnortConfig*) config->text_format = ( v.get_uint8() == 1 ); else if ( v.is("direction") ) + { switch ( v.get_uint8() ) { case 0: - { config->direction = Connector::CONN_RECEIVE; break; - } case 1: - { config->direction = Connector::CONN_TRANSMIT; break; - } case 2: - { config->direction = Connector::CONN_DUPLEX; break; - } default: return false; } - - else - return false; - + } return true; } diff --git a/src/connectors/tcp_connector/tcp_connector_module.cc b/src/connectors/tcp_connector/tcp_connector_module.cc index fe486f930..1a961b67f 100644 --- a/src/connectors/tcp_connector/tcp_connector_module.cc +++ b/src/connectors/tcp_connector/tcp_connector_module.cc @@ -86,25 +86,19 @@ bool TcpConnectorModule::set(const char*, Value& v, SnortConfig*) config->base_port = v.get_uint16(); else if ( v.is("setup") ) + { switch ( v.get_uint8() ) { case 0: - { config->setup = TcpConnectorConfig::CALL; break; - } case 1: - { config->setup = TcpConnectorConfig::ANSWER; break; - } default: return false; } - - else - return false; - + } return true; } diff --git a/src/decompress/file_oleheader.cc b/src/decompress/file_oleheader.cc index fb72c0f2b..605e52151 100644 --- a/src/decompress/file_oleheader.cc +++ b/src/decompress/file_oleheader.cc @@ -18,6 +18,10 @@ // file_oleheader.cc author Amarnath Nayak amarnaya@cisco.com +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "file_oleheader.h" unsigned char hdr_sig[8] = { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 }; diff --git a/src/dump_config/text_config_output.cc b/src/dump_config/text_config_output.cc index 7d5677790..6d728d32d 100644 --- a/src/dump_config/text_config_output.cc +++ b/src/dump_config/text_config_output.cc @@ -17,6 +17,10 @@ //-------------------------------------------------------------------------- // text_config_output.cc author Serhii Vlasiuk +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "text_config_output.h" #include diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc index ada718e8e..a95ae0f3f 100644 --- a/src/file_api/file_log.cc +++ b/src/file_api/file_log.cc @@ -266,9 +266,6 @@ bool FileLogModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("log_sys_time") ) config.log_sys_time = v.get_bool(); - else - return false; - return true; } diff --git a/src/file_api/file_module.cc b/src/file_api/file_module.cc index bb94996de..931578a9c 100644 --- a/src/file_api/file_module.cc +++ b/src/file_api/file_module.cc @@ -455,9 +455,6 @@ bool FileIdModule::set(const char*, Value& v, SnortConfig*) return false; } } - else - return false; - return true; } diff --git a/src/flow/ha_module.cc b/src/flow/ha_module.cc index 379ed4c2b..a4af327a8 100644 --- a/src/flow/ha_module.cc +++ b/src/flow/ha_module.cc @@ -145,8 +145,6 @@ bool HighAvailabilityModule::set(const char*, Value& v, SnortConfig*) { convert_milliseconds_to_timeval(v.get_uint32(), &config->min_sync_interval); } - else - return false; return true; } diff --git a/src/flow/session.h b/src/flow/session.h index 22146ceea..c846dd6e0 100644 --- a/src/flow/session.h +++ b/src/flow/session.h @@ -71,7 +71,7 @@ public: virtual void set_extra_data(snort::Packet*, uint32_t /*flag*/) { } virtual bool is_sequenced(uint8_t /*dir*/) { return true; } - virtual bool are_packets_missing(uint8_t /*dir*/) { return true; } + virtual bool are_packets_missing(uint8_t /*dir*/) { return false; } virtual bool are_client_segments_queued() { return false; } virtual void disable_reassembly(snort::Flow*) { } diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc index 080faaa5b..dc9276aaa 100644 --- a/src/flow/test/flow_cache_test.cc +++ b/src/flow/test/flow_cache_test.cc @@ -1,4 +1,4 @@ - +//-------------------------------------------------------------------------- // Copyright (C) 2019-2021 Cisco and/or its affiliates. All rights reserved. // // This program is free software; you can redistribute it and/or modify it diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index 44467fa81..d828b1596 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -1,4 +1,4 @@ - +//-------------------------------------------------------------------------- // Copyright (C) 2019-2021 Cisco and/or its affiliates. All rights reserved. // // This program is free software; you can redistribute it and/or modify it diff --git a/src/flow/test/flow_stash_test.cc b/src/flow/test/flow_stash_test.cc index f9a87c6bb..2262e595d 100644 --- a/src/flow/test/flow_stash_test.cc +++ b/src/flow/test/flow_stash_test.cc @@ -18,6 +18,10 @@ // flow_stash_test.cc author Shravan Rangaraju +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include "flow/flow_stash.h" diff --git a/src/flow/test/session_test.cc b/src/flow/test/session_test.cc index 66eec1a65..45ab0b326 100644 --- a/src/flow/test/session_test.cc +++ b/src/flow/test/session_test.cc @@ -62,8 +62,7 @@ TEST(session_test, seesion_class_test) ssn->set_extra_data(nullptr, 1); CHECK(true == ssn->is_sequenced(1)); - CHECK(true == ssn->are_packets_missing(1)); - + CHECK(false == ssn->are_packets_missing(1)); CHECK(SSN_DIR_NONE == ssn->get_reassembly_direction()); CHECK(SSN_MISSING_NONE == ssn->missing_in_reassembled(1)); diff --git a/src/host_tracker/host_cache_allocator.cc b/src/host_tracker/host_cache_allocator.cc index 8f1ae12e8..bd151d75f 100644 --- a/src/host_tracker/host_cache_allocator.cc +++ b/src/host_tracker/host_cache_allocator.cc @@ -18,6 +18,10 @@ // host_cache_allocator.cc author Silviu Minut +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #ifndef HOST_CACHE_ALLOCATOR_CC #define HOST_CACHE_ALLOCATOR_CC diff --git a/src/host_tracker/host_cache_module.cc b/src/host_tracker/host_cache_module.cc index 8987ee20b..903066dec 100644 --- a/src/host_tracker/host_cache_module.cc +++ b/src/host_tracker/host_cache_module.cc @@ -362,8 +362,6 @@ bool HostCacheModule::set(const char*, Value& v, SnortConfig*) } else if ( v.is("memcap") ) memcap = v.get_size(); - else - return false; return true; } diff --git a/src/host_tracker/host_tracker_module.cc b/src/host_tracker/host_tracker_module.cc index ab6b426c6..080cf411d 100644 --- a/src/host_tracker/host_tracker_module.cc +++ b/src/host_tracker/host_tracker_module.cc @@ -63,6 +63,7 @@ bool HostTrackerModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("port") ) host_cache[addr]->update_service_port(app, v.get_uint16()); + else if ( v.is("proto") ) { const IpProtocol mask[] = @@ -70,9 +71,6 @@ bool HostTrackerModule::set(const char*, Value& v, SnortConfig*) host_cache[addr]->update_service_proto(app, mask[v.get_uint8()]); } - else - return false; - return true; } diff --git a/src/host_tracker/test/CMakeLists.txt b/src/host_tracker/test/CMakeLists.txt index c743a6aa4..8e91de0b4 100644 --- a/src/host_tracker/test/CMakeLists.txt +++ b/src/host_tracker/test/CMakeLists.txt @@ -3,7 +3,7 @@ add_cpputest( host_cache_test SOURCES ../host_cache.cc ../host_tracker.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ../../sfip/sf_ip.cc ) @@ -15,7 +15,7 @@ add_cpputest( host_cache_module_test ../../framework/module.cc ../../framework/value.cc ../../hash/lru_cache_shared.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ../../sfip/sf_ip.cc $ LIBS @@ -26,7 +26,7 @@ add_cpputest( host_cache_module_test add_cpputest( host_tracker_test SOURCES ../host_tracker.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ../../sfip/sf_ip.cc ) @@ -38,7 +38,7 @@ add_cpputest( host_tracker_module_test ../../framework/module.cc ../../framework/parameter.cc ../../framework/value.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ../../sfip/sf_ip.cc $ LIBS @@ -48,12 +48,12 @@ add_cpputest( host_tracker_module_test add_cpputest( host_cache_allocator_ht_test SOURCES ../host_tracker.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ../../sfip/sf_ip.cc ) add_cpputest( host_cache_allocator_test SOURCES ../host_tracker.cc - ../../network_inspectors/rna/test/rna_flow_mock.cc + ../../network_inspectors/rna/test/rna_flow_stubs.cc ) diff --git a/src/ips_options/ips_ack.cc b/src/ips_options/ips_ack.cc index 0a4e5c019..3f4d92a07 100644 --- a/src/ips_options/ips_ack.cc +++ b/src/ips_options/ips_ack.cc @@ -130,9 +130,7 @@ bool AckModule::begin(const char*, int, SnortConfig*) bool AckModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index 31eee1927..b9cb456a5 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -241,9 +241,6 @@ bool Asn1Module::set(const char*, Value& v, SnortConfig*) data.offset_type = REL_OFFSET; data.offset = v.get_int32(); } - else - return false; - return true; } diff --git a/src/ips_options/ips_base64.cc b/src/ips_options/ips_base64.cc index 7084bd4b5..fc9ccdac1 100644 --- a/src/ips_options/ips_base64.cc +++ b/src/ips_options/ips_base64.cc @@ -211,9 +211,6 @@ bool B64DecodeModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("relative") ) data.flags |= BASE64DECODE_RELATIVE_FLAG; - else - return false; - return true; } diff --git a/src/ips_options/ips_ber_data.cc b/src/ips_options/ips_ber_data.cc index 2b4279981..554d09ef3 100644 --- a/src/ips_options/ips_ber_data.cc +++ b/src/ips_options/ips_ber_data.cc @@ -142,11 +142,8 @@ bool BerDataModule::begin(const char*, int, SnortConfig*) bool BerDataModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("~type") ) - type = v.get_uint32(); - else - return false; - + assert(v.is("~type")); + type = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_ber_skip.cc b/src/ips_options/ips_ber_skip.cc index 772e5173a..742199bad 100644 --- a/src/ips_options/ips_ber_skip.cc +++ b/src/ips_options/ips_ber_skip.cc @@ -161,9 +161,6 @@ bool BerSkipModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("optional") ) optional = true; - else - return false; - return true; } diff --git a/src/ips_options/ips_bufferlen.cc b/src/ips_options/ips_bufferlen.cc index 1fa95ede0..21ee5870d 100644 --- a/src/ips_options/ips_bufferlen.cc +++ b/src/ips_options/ips_bufferlen.cc @@ -141,9 +141,6 @@ bool LenModule::set(const char*, Value& v, SnortConfig*) if ( v.is("relative") ) relative = true; - else - return false; - return true; } diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 7e3b1330a..05a7ead42 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -368,9 +368,6 @@ bool ExtractModule::set(const char*, Value& v, SnortConfig*) else if (v.is("bitmask")) data.bitmask_val = v.get_uint32(); - else - return false; - return true; } @@ -1030,20 +1027,6 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") CHECK(obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } - SECTION("invalid set") - { - Value v(1023.0); - Parameter p{ - "error", Parameter::PT_INT, "nan", nullptr, - "not an option"}; - v.set(&p); - ByteExtractData expected; - INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, nullptr); - - CHECK(!obj.set(nullptr, v, nullptr)); - CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); - } - delete[] obj.data.name; } diff --git a/src/ips_options/ips_byte_jump.cc b/src/ips_options/ips_byte_jump.cc index fc02f806a..e44048127 100644 --- a/src/ips_options/ips_byte_jump.cc +++ b/src/ips_options/ips_byte_jump.cc @@ -483,9 +483,6 @@ bool ByteJumpModule::set(const char*, Value& v, SnortConfig*) else if (v.is("bitmask")) data.bitmask_val = v.get_uint32(); - else - return false; - return true; } @@ -899,11 +896,6 @@ TEST_CASE("ByteJumpModule test", "[ips_byte_jump]") { Value value(false); - SECTION("All params incorrect") - { - REQUIRE(module_jump.set(nullptr, value, nullptr) == false); - } - SECTION("Case param \"~count\"") { Parameter param("~count", snort::Parameter::Type::PT_BOOL, diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index 2a66ee2e5..4869212fa 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -392,9 +392,6 @@ bool ByteMathModule::set(const char*, Value& v, SnortConfig*) else if (v.is("result")) data.result_name = snort_strdup(v.get_string()); - else - return false; - return true; } @@ -1437,18 +1434,6 @@ TEST_CASE("ByteMathModule::set invalid", "[ips_byte_math]") ByteMathModule obj; obj.begin(nullptr, 0, nullptr); - SECTION("invalid parameter") - { - Value v(1023.0); - Parameter p{"error", Parameter::PT_INT, "nan", nullptr, - "not an option"}; - v.set(&p); - ByteMathData expected; - INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - - CHECK(!obj.set(nullptr, v, nullptr)); - CHECK_THAT(obj.data, ByteMathDataEquals(expected)); - } SECTION("rvalue = 0") { Value v("0"); diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc index eb8be8f82..6bcced7aa 100644 --- a/src/ips_options/ips_byte_test.cc +++ b/src/ips_options/ips_byte_test.cc @@ -550,9 +550,6 @@ bool ByteTestModule::set(const char*, Value& v, SnortConfig*) else if (v.is("bitmask")) data.bitmask_val = v.get_uint32(); - else - return false; - return true; } @@ -972,11 +969,6 @@ TEST_CASE("ByteTestModule test", "[ips_byte_test]") { Value value(false); - SECTION("All params incorrect") - { - REQUIRE(module_test.set(nullptr, value, nullptr) == false); - } - SECTION("Case param \"~count\"") { Parameter param("~count", snort::Parameter::Type::PT_BOOL, diff --git a/src/ips_options/ips_classtype.cc b/src/ips_options/ips_classtype.cc index fb76cad39..3f7164be8 100644 --- a/src/ips_options/ips_classtype.cc +++ b/src/ips_options/ips_classtype.cc @@ -61,9 +61,7 @@ public: bool ClassTypeModule::set(const char*, Value& v, SnortConfig* sc) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); type = get_classification(sc, v.get_string()); if ( !type and sc->dump_rule_info() ) diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc index 56017c866..ff284357f 100644 --- a/src/ips_options/ips_content.cc +++ b/src/ips_options/ips_content.cc @@ -723,9 +723,6 @@ bool ContentModule::set(const char*, Value& v, SnortConfig*) cd->pmd.fp_length = v.get_uint16(); cd->pmd.set_fast_pattern(); } - else - return false; - return true; } diff --git a/src/ips_options/ips_cvs.cc b/src/ips_options/ips_cvs.cc index 56554eaee..51973a0a4 100644 --- a/src/ips_options/ips_cvs.cc +++ b/src/ips_options/ips_cvs.cc @@ -56,8 +56,6 @@ static THREAD_LOCAL ProfileStats cvsPerfStats; #define CVS_COMMAND_DELIMITER '\n' #define CVS_COMMAND_SEPARATOR ' ' -#define CVS_CONF_INVALID_ENTRY_STR "invalid-entry" - #define CVS_NO_ALERT 0 #define CVS_ALERT 1 @@ -72,10 +70,10 @@ typedef enum _CvsTypes CVS_END_OF_ENUM } CvsTypes; -typedef struct _CvsRuleOption +struct CvsRuleOption { - CvsTypes type; -} CvsRuleOption; + CvsTypes type = CVS_INVALID_ENTRY; +}; /* represents a CVS command with argument */ typedef struct _CvsCommand @@ -374,7 +372,7 @@ static void CvsGetEOL(const uint8_t* ptr, const uint8_t* end, static const Parameter s_params[] = { - { CVS_CONF_INVALID_ENTRY_STR, Parameter::PT_IMPLIED, nullptr, nullptr, + { "invalid-entry", Parameter::PT_IMPLIED, nullptr, nullptr, "looks for an invalid Entry string" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -388,9 +386,6 @@ class CvsModule : public Module public: CvsModule() : Module(s_name, s_help, s_params) { } - bool begin(const char*, int, SnortConfig*) override; - bool set(const char*, Value&, SnortConfig*) override; - ProfileStats* get_profile() const override { return &cvsPerfStats; } @@ -398,24 +393,9 @@ public: { return DETECT; } public: - CvsRuleOption data = {}; + CvsRuleOption data; }; -bool CvsModule::begin(const char*, int, SnortConfig*) -{ - memset(&data, 0, sizeof(data)); - return true; -} - -bool CvsModule::set(const char*, Value& v, SnortConfig*) -{ - if ( !v.is(CVS_CONF_INVALID_ENTRY_STR) ) - return false; - - data.type = CVS_INVALID_ENTRY; - return true; -} - //------------------------------------------------------------------------- // api methods //------------------------------------------------------------------------- diff --git a/src/ips_options/ips_detection_filter.cc b/src/ips_options/ips_detection_filter.cc index 346198b9e..17a857453 100644 --- a/src/ips_options/ips_detection_filter.cc +++ b/src/ips_options/ips_detection_filter.cc @@ -91,9 +91,6 @@ bool DetectionFilterModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("seconds") ) thdx.seconds = v.get_uint32(); - else - return false; - return true; } diff --git a/src/ips_options/ips_dsize.cc b/src/ips_options/ips_dsize.cc index db82530ee..2c59e3def 100644 --- a/src/ips_options/ips_dsize.cc +++ b/src/ips_options/ips_dsize.cc @@ -136,9 +136,7 @@ bool DsizeModule::begin(const char*, int, SnortConfig*) bool DsizeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_enable.cc b/src/ips_options/ips_enable.cc index 25a4afa40..062d753a0 100644 --- a/src/ips_options/ips_enable.cc +++ b/src/ips_options/ips_enable.cc @@ -72,9 +72,7 @@ bool EnableModule::begin(const char*, int, SnortConfig* sc) bool EnableModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~enable") ) - return false; - + assert(v.is("~enable")); enable = IpsPolicy::Enable(v.get_uint8()); return true; } diff --git a/src/ips_options/ips_file_type.cc b/src/ips_options/ips_file_type.cc index a0f250759..49a996066 100644 --- a/src/ips_options/ips_file_type.cc +++ b/src/ips_options/ips_file_type.cc @@ -148,9 +148,7 @@ bool FileTypeModule::begin(const char*, int, SnortConfig*) bool FileTypeModule::set(const char*, Value& v, SnortConfig* sc) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); v.set_first_token(); std::string tok; diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc index 84faf28d3..9f4e2998c 100644 --- a/src/ips_options/ips_flags.cc +++ b/src/ips_options/ips_flags.cc @@ -371,9 +371,6 @@ bool FlagsModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("~mask_flags") ) flags_parse_mask(v.get_string(), &data); - else - return false; - return true; } diff --git a/src/ips_options/ips_flow.cc b/src/ips_options/ips_flow.cc index fb10c9704..6408418ac 100644 --- a/src/ips_options/ips_flow.cc +++ b/src/ips_options/ips_flow.cc @@ -358,9 +358,6 @@ bool FlowModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("only_frag") ) data.only_reassembled |= ONLY_FRAG; - else - return false; - return true; } diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index af40bb4c7..e1d95a48b 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -487,9 +487,6 @@ bool FlowbitsModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("~bits") ) bits = v.get_string(); - else - return false; - return true; } diff --git a/src/ips_options/ips_fragbits.cc b/src/ips_options/ips_fragbits.cc index d5678bfca..42ee6eb04 100644 --- a/src/ips_options/ips_fragbits.cc +++ b/src/ips_options/ips_fragbits.cc @@ -380,11 +380,8 @@ bool FragBitsModule::begin(const char*, int, SnortConfig*) // which is the string of command line arguments bool FragBitsModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("~flags") ) - fragBitsData.parse_fragbits(v.get_string()); - else - return false; - + assert(v.is("~flags")); + fragBitsData.parse_fragbits(v.get_string()); return true; } diff --git a/src/ips_options/ips_fragoffset.cc b/src/ips_options/ips_fragoffset.cc index 2df0c681e..fbae6b56f 100644 --- a/src/ips_options/ips_fragoffset.cc +++ b/src/ips_options/ips_fragoffset.cc @@ -133,9 +133,7 @@ bool FragOffsetModule::begin(const char*, int, SnortConfig*) bool FragOffsetModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_gid.cc b/src/ips_options/ips_gid.cc index 56565346a..8b98de585 100644 --- a/src/ips_options/ips_gid.cc +++ b/src/ips_options/ips_gid.cc @@ -60,9 +60,7 @@ public: bool GidModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); gid = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index 7e47ff6c5..214a5ad45 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -337,9 +337,6 @@ bool HashModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("length") ) hmd->length = v.get_uint16(); - else - return false; - return true; } diff --git a/src/ips_options/ips_icmp_id.cc b/src/ips_options/ips_icmp_id.cc index acacc8c5a..12f9d22bb 100644 --- a/src/ips_options/ips_icmp_id.cc +++ b/src/ips_options/ips_icmp_id.cc @@ -162,9 +162,7 @@ bool IcmpIdModule::begin(const char*, int, SnortConfig*) bool IcmpIdModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_icmp_seq.cc b/src/ips_options/ips_icmp_seq.cc index da6e9584e..147cbc2da 100644 --- a/src/ips_options/ips_icmp_seq.cc +++ b/src/ips_options/ips_icmp_seq.cc @@ -163,9 +163,7 @@ bool IcmpSeqModule::begin(const char*, int, SnortConfig*) bool IcmpSeqModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_icode.cc b/src/ips_options/ips_icode.cc index c6c8d9355..947cab321 100644 --- a/src/ips_options/ips_icode.cc +++ b/src/ips_options/ips_icode.cc @@ -134,9 +134,7 @@ bool IcodeModule::begin(const char*, int, SnortConfig*) bool IcodeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_id.cc b/src/ips_options/ips_id.cc index b63fb7b44..b59cfd52c 100644 --- a/src/ips_options/ips_id.cc +++ b/src/ips_options/ips_id.cc @@ -132,9 +132,7 @@ bool IpIdModule::begin(const char*, int, SnortConfig*) bool IpIdModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc index ab3ae6a87..5fe150ead 100644 --- a/src/ips_options/ips_ip_proto.cc +++ b/src/ips_options/ips_ip_proto.cc @@ -247,12 +247,8 @@ bool IpProtoModule::begin(const char*, int, SnortConfig*) bool IpProtoModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("~proto") ) - ip_proto_parse(v.get_string(), &data); - - else - return false; - + assert(v.is("~proto")); + ip_proto_parse(v.get_string(), &data); return true; } diff --git a/src/ips_options/ips_ipopts.cc b/src/ips_options/ips_ipopts.cc index f98594c9d..d05015ce9 100644 --- a/src/ips_options/ips_ipopts.cc +++ b/src/ips_options/ips_ipopts.cc @@ -220,12 +220,8 @@ bool IpOptModule::begin(const char*, int, SnortConfig*) bool IpOptModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("~opt") ) - ipopts_parse(v.get_string(), &data); - - else - return false; - + assert(v.is("~opt")); + ipopts_parse(v.get_string(), &data); return true; } diff --git a/src/ips_options/ips_isdataat.cc b/src/ips_options/ips_isdataat.cc index a6ad8f58f..0c5c572ec 100644 --- a/src/ips_options/ips_isdataat.cc +++ b/src/ips_options/ips_isdataat.cc @@ -260,9 +260,6 @@ bool IsDataAtModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("relative") ) data.flags |= ISDATAAT_RELATIVE_FLAG; - else - return false; - return true; } diff --git a/src/ips_options/ips_itype.cc b/src/ips_options/ips_itype.cc index 0d81a1237..89b7040ce 100644 --- a/src/ips_options/ips_itype.cc +++ b/src/ips_options/ips_itype.cc @@ -134,9 +134,7 @@ bool ItypeModule::begin(const char*, int, SnortConfig*) bool ItypeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_metadata.cc b/src/ips_options/ips_metadata.cc index 714418bdb..68fab67f9 100644 --- a/src/ips_options/ips_metadata.cc +++ b/src/ips_options/ips_metadata.cc @@ -69,8 +69,7 @@ bool MetadataModule::begin(const char*, int, SnortConfig*) bool MetadataModule::set(const char*, Value& v, SnortConfig* sc) { - if ( !v.is("*") ) - return false; + assert(v.is("*")); if ( !match and !sc->metadata_filter.empty() ) match = strstr(v.get_string(), sc->metadata_filter.c_str()) != nullptr; diff --git a/src/ips_options/ips_msg.cc b/src/ips_options/ips_msg.cc index 6f23f9365..7164ea7ed 100644 --- a/src/ips_options/ips_msg.cc +++ b/src/ips_options/ips_msg.cc @@ -61,9 +61,7 @@ public: bool MsgModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); msg = v.get_string(); return true; } diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index b51f0540a..4b4465b7e 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -716,15 +716,11 @@ bool PcreModule::begin(const char* name, int v, SnortConfig* sc) bool PcreModule::set(const char* name, Value& v, SnortConfig* sc) { - if ( v.is("~re") ) - { - re = v.get_string(); + assert(v.is("~re")); + re = v.get_string(); - if( mod_regex ) - mod_regex = mod_regex->set(name, v, sc) ? mod_regex : nullptr; - } - else - return false; + if( mod_regex ) + mod_regex = mod_regex->set(name, v, sc) ? mod_regex : nullptr; return true; } diff --git a/src/ips_options/ips_priority.cc b/src/ips_options/ips_priority.cc index dd36434c8..894a924ac 100644 --- a/src/ips_options/ips_priority.cc +++ b/src/ips_options/ips_priority.cc @@ -60,9 +60,7 @@ public: bool PriorityModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); priority = v.get_int32(); return true; } diff --git a/src/ips_options/ips_reference.cc b/src/ips_options/ips_reference.cc index f519ee610..c842cff37 100644 --- a/src/ips_options/ips_reference.cc +++ b/src/ips_options/ips_reference.cc @@ -72,8 +72,7 @@ bool ReferenceModule::begin(const char*, int, SnortConfig* sc) bool ReferenceModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~ref") ) - return false; + assert(v.is("~ref")); const char* ref = v.get_string(); const char* sep = strchr(ref, ','); diff --git a/src/ips_options/ips_regex.cc b/src/ips_options/ips_regex.cc index a97188e7d..d0492b7a9 100644 --- a/src/ips_options/ips_regex.cc +++ b/src/ips_options/ips_regex.cc @@ -366,15 +366,11 @@ bool RegexModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("fast_pattern") ) config.pmd.set_fast_pattern(); - else if ( v.is("nocase") ) { config.pmd.mpse_flags |= HS_FLAG_CASELESS; config.pmd.set_no_case(); } - else - return false; - return true; } diff --git a/src/ips_options/ips_rem.cc b/src/ips_options/ips_rem.cc index 7fdcab1c8..92cc8b901 100644 --- a/src/ips_options/ips_rem.cc +++ b/src/ips_options/ips_rem.cc @@ -48,20 +48,11 @@ class RemModule : public Module { public: RemModule() : Module(s_name, s_help, s_params) { } - bool set(const char*, Value&, SnortConfig*) override; Usage get_usage() const override { return DETECT; } }; -bool RemModule::set(const char*, Value& v, SnortConfig*) -{ - if ( !v.is("~") ) - return false; - - return true; -} - //------------------------------------------------------------------------- // api methods //------------------------------------------------------------------------- diff --git a/src/ips_options/ips_replace.cc b/src/ips_options/ips_replace.cc index fd7645029..5f56cd8e2 100644 --- a/src/ips_options/ips_replace.cc +++ b/src/ips_options/ips_replace.cc @@ -216,12 +216,8 @@ bool ReplModule::begin(const char*, int, SnortConfig*) bool ReplModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("~") ) - replace_parse(v.get_string(), data); - - else - return false; - + assert(v.is("~")); + replace_parse(v.get_string(), data); return true; } diff --git a/src/ips_options/ips_rev.cc b/src/ips_options/ips_rev.cc index c0cb8eb9f..47f205308 100644 --- a/src/ips_options/ips_rev.cc +++ b/src/ips_options/ips_rev.cc @@ -60,9 +60,7 @@ public: bool RevModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); rev = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 829afcca3..7e66eed5c 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -275,9 +275,6 @@ bool RpcModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("~proc") ) return set(v, data.procedure, RPC_CHECK_PROCEDURE); - else - return false; - return true; } diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc index f6c81bcb7..544e2d034 100644 --- a/src/ips_options/ips_sd_pattern.cc +++ b/src/ips_options/ips_sd_pattern.cc @@ -326,6 +326,12 @@ private: bool SdPatternModule::begin(const char*, int, SnortConfig*) { + if ( hs_valid_platform() != HS_SUCCESS ) + { + ParseError("This host does not support Hyperscan."); + return false; + } + config = SdPatternConfig(); return true; } @@ -341,11 +347,14 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig*) } else if ( v.is("threshold") ) config.threshold = v.get_uint32(); - else - return false; - // Check if built-in pattern should be used. + return true; +} + +bool SdPatternModule::end(const char*, int, SnortConfig*) +{ IpsPolicy* p = get_ips_policy(); + if (config.pii == "credit_card") { config.pii = SD_CREDIT_PATTERN_ALL; @@ -366,17 +375,6 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig*) config.forced_boundary = true; } - return true; -} - -bool SdPatternModule::end(const char*, int, SnortConfig*) -{ - if ( hs_valid_platform() != HS_SUCCESS ) - { - ParseError("This host does not support Hyperscan."); - return false; - } - hs_compile_error_t* err = nullptr; if ( hs_compile(config.pii.c_str(), HS_FLAG_DOTALL|HS_FLAG_SOM_LEFTMOST, HS_MODE_BLOCK, diff --git a/src/ips_options/ips_seq.cc b/src/ips_options/ips_seq.cc index 0c0f22199..9376aa981 100644 --- a/src/ips_options/ips_seq.cc +++ b/src/ips_options/ips_seq.cc @@ -133,9 +133,7 @@ bool SeqModule::begin(const char*, int, SnortConfig*) bool SeqModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_service.cc b/src/ips_options/ips_service.cc index 512e59a81..446bb5de3 100644 --- a/src/ips_options/ips_service.cc +++ b/src/ips_options/ips_service.cc @@ -73,9 +73,7 @@ bool ServiceModule::begin(const char*, int, SnortConfig* sc) bool ServiceModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("*") ) - return false; - + assert(v.is("*")); std::string svc = v.get_string(); for ( const auto& p : services ) @@ -87,7 +85,6 @@ bool ServiceModule::set(const char*, Value& v, SnortConfig*) } } services.emplace_back(svc); - return true; } diff --git a/src/ips_options/ips_sid.cc b/src/ips_options/ips_sid.cc index 492528844..3c35dd39d 100644 --- a/src/ips_options/ips_sid.cc +++ b/src/ips_options/ips_sid.cc @@ -60,9 +60,7 @@ public: bool SidModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); sid = v.get_uint32(); return true; } diff --git a/src/ips_options/ips_so.cc b/src/ips_options/ips_so.cc index 8ce631bdb..ddc002261 100644 --- a/src/ips_options/ips_so.cc +++ b/src/ips_options/ips_so.cc @@ -166,9 +166,6 @@ bool SoModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("relative") ) relative_flag = true; - else - return false; - return true; } diff --git a/src/ips_options/ips_soid.cc b/src/ips_options/ips_soid.cc index 81360277a..4b19024ce 100644 --- a/src/ips_options/ips_soid.cc +++ b/src/ips_options/ips_soid.cc @@ -61,9 +61,7 @@ public: bool SoidModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); soid = v.get_string(); return true; } diff --git a/src/ips_options/ips_tag.cc b/src/ips_options/ips_tag.cc index 84f2c07b2..e96ac3055 100644 --- a/src/ips_options/ips_tag.cc +++ b/src/ips_options/ips_tag.cc @@ -137,9 +137,6 @@ bool TagModule::set(const char*, Value& v, SnortConfig*) tag->tag_metric |= TAG_METRIC_BYTES; tag->tag_bytes = v.get_uint32(); } - else - return false; - return true; } diff --git a/src/ips_options/ips_target.cc b/src/ips_options/ips_target.cc index 7eede1e34..18a294344 100644 --- a/src/ips_options/ips_target.cc +++ b/src/ips_options/ips_target.cc @@ -60,12 +60,9 @@ public: bool TargetModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); assert(v.get_uint8() <= TARGET_MAX); target = static_cast(v.get_uint8() + 1); - return true; } diff --git a/src/ips_options/ips_tos.cc b/src/ips_options/ips_tos.cc index 7886942a2..c8a7d6d7a 100644 --- a/src/ips_options/ips_tos.cc +++ b/src/ips_options/ips_tos.cc @@ -136,9 +136,7 @@ bool TosModule::begin(const char*, int, SnortConfig*) bool TosModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_ttl.cc b/src/ips_options/ips_ttl.cc index b8e21e1a5..2f1fddf5f 100644 --- a/src/ips_options/ips_ttl.cc +++ b/src/ips_options/ips_ttl.cc @@ -134,9 +134,7 @@ bool TtlModule::begin(const char*, int, SnortConfig*) bool TtlModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/ips_vba_data.cc b/src/ips_options/ips_vba_data.cc index 6305bf06a..b5c784fd7 100644 --- a/src/ips_options/ips_vba_data.cc +++ b/src/ips_options/ips_vba_data.cc @@ -1,4 +1,3 @@ - //-------------------------------------------------------------------------- // Copyright (C) 2021 Cisco and/or its affiliates. All rights reserved. // @@ -18,6 +17,10 @@ //-------------------------------------------------------------------------- // ips_vba_data.cc author Amarnath Nayak +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "ips_vba_data.h" #include "framework/module.h" diff --git a/src/ips_options/ips_vba_data.h b/src/ips_options/ips_vba_data.h index 534899b7f..d75acaaec 100644 --- a/src/ips_options/ips_vba_data.h +++ b/src/ips_options/ips_vba_data.h @@ -17,11 +17,6 @@ //-------------------------------------------------------------------------- // ips_vba_data.h author Amarnath Nayak - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #include "detection/detection_engine.h" #include "framework/cursor.h" #include "framework/ips_option.h" diff --git a/src/ips_options/ips_window.cc b/src/ips_options/ips_window.cc index 3726e440a..0c57d8132 100644 --- a/src/ips_options/ips_window.cc +++ b/src/ips_options/ips_window.cc @@ -133,9 +133,7 @@ bool WindowModule::begin(const char*, int, SnortConfig*) bool WindowModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return data.validate(v.get_string(), RANGE); } diff --git a/src/ips_options/test/ips_regex_test.cc b/src/ips_options/test/ips_regex_test.cc index d782c6ed1..8f901883e 100644 --- a/src/ips_options/test/ips_regex_test.cc +++ b/src/ips_options/test/ips_regex_test.cc @@ -232,16 +232,6 @@ TEST(ips_regex_module, config_pass) CHECK(mod->set(ips_regex->name, vb, nullptr)); } -TEST(ips_regex_module, config_fail_name) -{ - Value vs("lazy"); - Parameter bad { "bad", Parameter::PT_STRING, nullptr, nullptr, "bad" }; - vs.set(&bad); - CHECK(!mod->set(ips_regex->name, vs, nullptr)); - expect = 1; - end = false; -} - TEST(ips_regex_module, config_fail_regex) { Value vs("\"/[[:fubar:]]/\""); diff --git a/src/loggers/CMakeLists.txt b/src/loggers/CMakeLists.txt index 9090e6eba..f06ed0966 100644 --- a/src/loggers/CMakeLists.txt +++ b/src/loggers/CMakeLists.txt @@ -1,7 +1,6 @@ set (LOGGER_SOURCES alert_luajit.cc - alert_sf_socket.cc log_codecs.cc loggers.cc loggers.h diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index 6ac046a7b..87dfe53ab 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -563,9 +563,6 @@ bool CsvModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("separator") ) sep = v.get_string(); - else - return false; - return true; } diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 136807f8e..b0f62b5e2 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -120,9 +120,6 @@ bool FastModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("limit") ) limit = v.get_size() * 1024 * 1024; - else - return false; - return true; } diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index 22018b178..8e63f4aff 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -100,9 +100,6 @@ bool FullModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("limit") ) limit = v.get_size() * 1024 * 1024; - else - return false; - return true; } diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index 283a2e581..3c3596758 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -758,9 +758,6 @@ bool JsonModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("separator") ) sep = v.get_string(); - else - return false; - return true; } diff --git a/src/loggers/alert_sf_socket.cc b/src/loggers/alert_sf_socket.cc deleted file mode 100644 index 5151a33ac..000000000 --- a/src/loggers/alert_sf_socket.cc +++ /dev/null @@ -1,419 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2003-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -/* We use some Linux only socket capabilities */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include - -#include "detection/treenodes.h" -#include "events/event.h" -#include "framework/logger.h" -#include "framework/module.h" -#include "hash/ghash.h" -#include "log/messages.h" -#include "main/snort_config.h" -#include "managers/event_manager.h" -#include "parser/parser.h" -#include "protocols/packet.h" -#include "target_based/snort_protocols.h" -#include "utils/util.h" -#include "utils/util_cstring.h" - -using namespace snort; -using namespace std; - -struct SfSock -{ - int connected; - int sock; - struct sockaddr_un addr; -}; - -struct RuleId -{ - unsigned gid; - unsigned sid; -}; - -static THREAD_LOCAL SfSock context; - -typedef vector RuleVector; - -#define s_name "alert_sfsocket" - -//------------------------------------------------------------------------- -// alert_sfsocket module -//------------------------------------------------------------------------- - -static const Parameter rule_params[] = -{ - { "gid", Parameter::PT_INT, "1:max32", "1", - "rule generator ID" }, - - { "sid", Parameter::PT_INT, "1:max32", "1", - "rule signature ID" }, - - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; - -static const Parameter s_params[] = -{ - { "file", Parameter::PT_STRING, nullptr, nullptr, - "name of unix socket file" }, - - { "rules", Parameter::PT_LIST, rule_params, nullptr, - "name of unix socket file" }, - - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; - -#define s_help \ - "output event over socket" - -class SfSocketModule : public Module -{ -public: - SfSocketModule() : Module(s_name, s_help, s_params) { } - - bool set(const char*, Value&, SnortConfig*) override; - bool begin(const char*, int, SnortConfig*) override; - bool end(const char*, int, SnortConfig*) override; - - Usage get_usage() const override - { return GLOBAL; } - -public: - string file; - RuleVector rulez; - RuleId rule = {}; -}; - -bool SfSocketModule::set(const char*, Value& v, SnortConfig*) -{ - if ( v.is("file") ) - file = v.get_string(); - - else if ( v.is("gid") ) - rule.gid = v.get_uint32(); - - else if ( v.is("sid") ) - rule.sid = v.get_uint32(); - - return true; -} - -bool SfSocketModule::begin(const char*, int, SnortConfig*) -{ - file.erase(); - rule.gid = rule.sid = 1; - return true; -} - -bool SfSocketModule::end(const char* fqn, int, SnortConfig*) -{ - if ( !strcmp(fqn, "alert_sfsocket.rules") ) - rulez.emplace_back(rule); - - return true; -} - -//------------------------------------------------------------------------- -// socket stuff - -static int AlertSFSocket_Connect() -{ - /* check sock value */ - if (context.sock == -1) - FatalError("AlertSFSocket: Invalid socket\n"); - - if (connect(context.sock, (sockaddr*)&context.addr, sizeof(context.addr)) == -1) - { - if (errno == ECONNREFUSED || errno == ENOENT) - { - LogMessage("WARNING: AlertSFSocket: Unable to connect to socket: " - "%s.\n", get_error(errno)); - return 1; - } - else - { - FatalError("AlertSFSocket: Unable to connect to socket " - "(%i): %s\n", errno, get_error(errno)); - } - } - return 0; -} - -static void sock_init(const char* args) -{ - if ( (context.sock = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0 ) - FatalError("Unable to create socket: %s\n", get_error(errno)); - - std::string name; - get_instance_file(name, args); - - memset(&context.addr, 0, sizeof(context.addr)); - context.addr.sun_family = AF_UNIX; - SnortStrncpy(context.addr.sun_path, name.c_str(), sizeof(context.addr.sun_path)); - - if (AlertSFSocket_Connect() == 0) - context.connected = 1; -} - -static void send_sar(uint8_t* data, unsigned len) -{ - int tries = 0; - - do - { - tries++; - /* connect as needed */ - if (!context.connected) - { - if (AlertSFSocket_Connect() != 0) - break; - context.connected = 1; - } - - /* send request */ - if (send(context.sock, data, len, 0) == len) - { - /* success */ - return; - } - /* send failed */ - if (errno == ENOBUFS) - { - LogMessage("ERROR: AlertSFSocket: out of buffer space\n"); - break; - } - else if (errno == ECONNRESET) - { - context.connected = 0; - LogMessage("WARNING: AlertSFSocket: connection reset, will attempt " - "to reconnect.\n"); - } - else if (errno == ECONNREFUSED) - { - LogMessage("WARNING: AlertSFSocket: connection refused, " - "will attempt to reconnect.\n"); - context.connected = 0; - } - else if (errno == ENOTCONN) - { - LogMessage("WARNING: AlertSFSocket: not connected, " - "will attempt to reconnect.\n"); - context.connected = 0; - } - else - { - LogMessage("ERROR: AlertSFSocket: unhandled error '%i' in send(): " - "%s\n", errno, get_error(errno)); - context.connected = 0; - } - } - while (tries <= 1); - LogMessage("ERROR: AlertSFSocket: Alert not sent\n"); -} - -//------------------------------------------------------------------------- -// sig stuff - -/* search for an OptTreeNode by sid in specific policy*/ -// FIXIT-L wow - OptTreeNode_Search should be encapsulated somewhere ... -// (actually, the whole reason for doing this needs to be rethought) -static OptTreeNode* OptTreeNode_Search(uint32_t, uint32_t sid) -{ - GHashNode* hashNode; - - if (sid == 0) - return nullptr; - - const SnortConfig* sc = SnortConfig::get_conf(); - - for (hashNode = sc->otn_map->find_first(); - hashNode; - hashNode = sc->otn_map->find_next()) - { - OptTreeNode* otn = (OptTreeNode*)hashNode->data; - RuleTreeNode* rtn = getRuntimeRtnFromOtn(otn); - - if ( rtn and is_network_protocol(rtn->snort_protocol_id) ) - { - if (otn->sigInfo.sid == sid) - return otn; - } - } - - return nullptr; -} - -//------------------------------------------------------------------------- -// sar stuff - -struct SnortActionRequest -{ - uint32_t event_id; - uint32_t tv_sec; - uint32_t gid; - uint32_t sid; - uint32_t src_ip; - uint32_t dest_ip; - uint16_t sport; - uint16_t dport; - IpProtocol ip_proto; -}; - -static void load_sar(Packet* packet, const Event& event, SnortActionRequest& sar) -{ - if ( !packet || !packet->ptrs.ip_api.is_ip() ) - return; - - // for now, only support ip4 - if ( !packet->ptrs.ip_api.is_ip4() ) - return; - - /* construct the action request */ - sar.event_id = event.get_event_id(); - sar.tv_sec = packet->pkth->ts.tv_sec; - sar.gid = event.sig_info->gid; - sar.sid = event.sig_info->sid; - - // when ip6 is supported: - // * suggest TLV format where T == family, L is implied by - // T (and not sent), and V is just the address octets in - // network order - // * if T is made the 1st octet of struct, bytes to read - // can be determined by reading 1 byte - // * addresses could be moved to end of struct in uint8_t[32] - // and only 1st 8 used for ip4 - sar.src_ip = ntohl(packet->ptrs.ip_api.get_src()->get_ip4_value()); - sar.dest_ip = ntohl(packet->ptrs.ip_api.get_dst()->get_ip4_value()); - sar.ip_proto = packet->get_ip_proto_next(); - - if (packet->is_tcp() || packet->is_udp()) - { - sar.sport = packet->ptrs.sp; - sar.dport = packet->ptrs.dp; - } - else - { - sar.sport = 0; - sar.dport = 0; - } -} - -//------------------------------------------------------------------------- - -class SfSocketLogger : public Logger -{ -public: - SfSocketLogger(SfSocketModule*); - - void configure(RuleId&); - - void open() override; - void close() override; - - void alert(Packet*, const char* msg, const Event&) override; - -private: - string file; -}; - -SfSocketLogger::SfSocketLogger(SfSocketModule* m) -{ - file = m->file; - - for ( auto r : m->rulez ) - configure(r); -} - -void SfSocketLogger::configure(RuleId& r) -{ - OptTreeNode* otn = OptTreeNode_Search(r.gid, r.sid); - - if ( !otn ) - ParseError("Unable to find OptTreeNode for %u:%u", r.gid, r.sid); - - else - EventManager::add_output(&otn->outputFuncs, this); -} - -void SfSocketLogger::open() -{ - sock_init(file.c_str()); -} - -void SfSocketLogger::close() -{ - ::close(context.sock); - context.sock = -1; -} - -void SfSocketLogger::alert(Packet* packet, const char*, const Event& event) -{ - SnortActionRequest sar; - load_sar(packet, event, sar); - send_sar((uint8_t*)&sar, sizeof(sar)); -} - -//------------------------------------------------------------------------- - -static Module* mod_ctor() -{ return new SfSocketModule; } - -static void mod_dtor(Module* m) -{ delete m; } - -static Logger* sf_sock_ctor(Module* mod) -{ return new SfSocketLogger((SfSocketModule*)mod); } - -static void sf_sock_dtor(Logger* p) -{ delete p; } - -static LogApi sf_sock_api -{ - { - PT_LOGGER, - sizeof(LogApi), - LOGAPI_VERSION, - 0, - API_RESERVED, - API_OPTIONS, - s_name, - s_help, - mod_ctor, - mod_dtor - }, - OUTPUT_TYPE_FLAG__NONE, - sf_sock_ctor, - sf_sock_dtor -}; - -const BaseApi* alert_sf_socket[] = -{ - &sf_sock_api.base, - nullptr -}; - diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index aa2a06462..3dcfbb301 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -171,9 +171,6 @@ bool SyslogModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("options") ) options = get_options(v.get_string()); - else - return false; - return true; } diff --git a/src/loggers/log_codecs.cc b/src/loggers/log_codecs.cc index 2a1694983..e2dd6d257 100644 --- a/src/loggers/log_codecs.cc +++ b/src/loggers/log_codecs.cc @@ -88,9 +88,6 @@ bool LogCodecModule::set(const char*, Value& v, SnortConfig*) if ( v.get_bool() ) flags |= ALERT_FLAG_MSG; } - else - return false; - return true; } diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc index 3d76cecb0..4df68f6f8 100644 --- a/src/loggers/log_hext.cc +++ b/src/loggers/log_hext.cc @@ -238,9 +238,6 @@ bool HextModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("width") ) width = v.get_uint32(); - else - return false; - return true; } diff --git a/src/loggers/log_pcap.cc b/src/loggers/log_pcap.cc index 70557f39e..65676bd8e 100644 --- a/src/loggers/log_pcap.cc +++ b/src/loggers/log_pcap.cc @@ -102,12 +102,8 @@ public: bool TcpdumpModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("limit") ) - limit = v.get_size() * 1024 * 1024; - - else - return false; - + assert(v.is("limit")); + limit = v.get_size() * 1024 * 1024; return true; } diff --git a/src/loggers/loggers.cc b/src/loggers/loggers.cc index 461c6c139..07bd431c4 100644 --- a/src/loggers/loggers.cc +++ b/src/loggers/loggers.cc @@ -30,8 +30,6 @@ using namespace snort; // to ensure PacketManager::log_protocols() is built into Snort++ extern const BaseApi* log_codecs[]; -extern const BaseApi* alert_sf_socket[]; - #ifdef STATIC_LOGGERS extern const BaseApi* alert_csv[]; extern const BaseApi* alert_fast[]; @@ -49,7 +47,6 @@ void load_loggers() { // loggers PluginManager::load_plugins(log_codecs); - PluginManager::load_plugins(alert_sf_socket); #ifdef STATIC_LOGGERS // alerters diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 490813363..030bfc579 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -344,31 +344,14 @@ static void _Unified2LogPacketAlert( logheader.sensor_id = 0; logheader.linktype = u2.base_proto; - if (event != nullptr) - { - logheader.event_id = htonl(event->get_event_reference()); - logheader.event_second = htonl(event->ref_time.tv_sec); - } - else - { - logheader.event_id = 0; - logheader.event_second = 0; - } + logheader.event_id = htonl(event->get_event_reference()); + logheader.event_second = htonl(event->ref_time.tv_sec); - if ( p and p->pkth ) - { - logheader.packet_second = htonl((uint32_t)p->pkth->ts.tv_sec); - logheader.packet_microsecond = htonl((uint32_t)p->pkth->ts.tv_usec); - pkt_length = ( p->is_rebuilt() ) ? p->dsize : p->pktlen; - logheader.packet_length = htonl(pkt_length + u2h_len); - write_len += pkt_length + u2h_len; - } - else - { - logheader.packet_second = 0; - logheader.packet_microsecond = 0; - logheader.packet_length = 0; - } + logheader.packet_second = htonl((uint32_t)p->pkth->ts.tv_sec); + logheader.packet_microsecond = htonl((uint32_t)p->pkth->ts.tv_usec); + pkt_length = ( p->is_rebuilt() ) ? p->dsize : p->pktlen; + logheader.packet_length = htonl(pkt_length + u2h_len); + write_len += pkt_length + u2h_len; if ( config->limit && (u2.current + write_len) > config->limit ) Unified2RotateFile(config); @@ -832,9 +815,6 @@ bool U2Module::set(const char*, Value& v, SnortConfig*) else if ( v.is("legacy_events") ) legacy_events = v.get_bool(); - else - return false; - return true; } diff --git a/src/lua/CMakeLists.txt b/src/lua/CMakeLists.txt index a2c5ae62e..b26b4acc3 100644 --- a/src/lua/CMakeLists.txt +++ b/src/lua/CMakeLists.txt @@ -1,15 +1,22 @@ +if ( ENABLE_PIGLET ) + set(PIGLET_FILES + lua_arg.h + lua_iface.h + lua_ref.cc + lua_ref.h + lua_table.h + lua_util.cc + lua_util.h + ) +endif () + add_library (lua OBJECT lua.cc lua.h - lua_ref.cc - lua_ref.h - lua_iface.h - lua_util.cc - lua_util.h - lua_table.h + lua_script.h lua_stack.h - lua_arg.h + ${PIGLET_FILES} ) target_include_directories(lua PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) diff --git a/src/lua/lua_script.h b/src/lua/lua_script.h new file mode 100644 index 000000000..06ee6a5ec --- /dev/null +++ b/src/lua/lua_script.h @@ -0,0 +1,40 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2015-2021 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// lua_script.h author Joel Cornett + +#ifndef LUA_SCRIPT_H +#define LUA_SCRIPT_H + +#include + +#include + +#define LUA_DIR_SEP '/' +#define SCRIPT_DIR_VARNAME "SCRIPT_DIR" + +namespace Lua +{ +inline void set_script_dir( + lua_State* L, const std::string& varname, const std::string& path) +{ + std::string dir = path.substr(0, path.rfind(LUA_DIR_SEP)); + lua_pushlstring(L, dir.c_str(), dir.size()); + lua_setglobal(L, varname.c_str()); +} +} +#endif diff --git a/src/lua/lua_util.h b/src/lua/lua_util.h index 050c7d95e..e89ca2657 100644 --- a/src/lua/lua_util.h +++ b/src/lua/lua_util.h @@ -20,24 +20,11 @@ #ifndef LUA_UTIL_H #define LUA_UTIL_H -#include - #include -#define LUA_DIR_SEP '/' -#define SCRIPT_DIR_VARNAME "SCRIPT_DIR" - namespace Lua { const char* fmt_expected_message(const char* type); const char* fmt_range_message(unsigned min, unsigned max); - -inline void set_script_dir( - lua_State* L, const std::string& varname, const std::string& path) -{ - std::string dir = path.substr(0, path.rfind(LUA_DIR_SEP)); - lua_pushlstring(L, dir.c_str(), dir.size()); - lua_setglobal(L, varname.c_str()); -} } #endif diff --git a/src/main/modules.cc b/src/main/modules.cc index f0b1b9a6b..cd5b9f039 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -100,6 +100,7 @@ class EventQueueModule : public Module public: EventQueueModule() : Module("event_queue", event_queue_help, event_queue_params) { } bool set(const char*, Value&, SnortConfig*) override; + bool end(const char*, int, SnortConfig*) override; Usage get_usage() const override { return CONTEXT; } @@ -125,8 +126,12 @@ bool EventQueueModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("process_all_events") ) eq->process_all_events = v.get_bool(); - else - return false; + return true; +} + +bool EventQueueModule::end(const char*, int, SnortConfig* sc) +{ + EventQueueConfig* eq = sc->event_queue_config; if ( eq->max_events < eq->log_events ) eq->max_events = eq->log_events; @@ -313,9 +318,6 @@ bool SearchEngineModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("queue_limit") ) fp->set_queue_limit(v.get_uint32()); - else - return false; - return true; } @@ -545,9 +547,6 @@ bool ClassificationsModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("text") ) text = v.get_string(); - else - return false; - return true; } @@ -609,9 +608,6 @@ bool ReferencesModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("url") ) url = v.get_string(); - else - return false; - return true; } @@ -693,9 +689,6 @@ bool AlertsModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("tunnel_verdicts") ) sc->set_tunnel_verdicts(v.get_string()); - else - return false; - return true; } @@ -818,9 +811,6 @@ bool OutputModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("obfuscate") ) v.update_mask(sc->output_flags, OUTPUT_FLAG__OBFUSCATE); - else - return false; - return true; } @@ -896,9 +886,6 @@ bool ActiveModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("min_interval") ) sc->min_interval = v.get_uint8(); - else - return false; - return true; } @@ -1015,9 +1002,6 @@ bool AttributeTableModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("max_metadata_services") ) sc->max_metadata_services = v.get_uint8(); - else - return false; - return true; } @@ -1103,9 +1087,6 @@ bool NetworkModule::set(const char*, Value& v, SnortConfig* sc) else if (v.is("max_ip_layers")) sc->max_ip_layers = v.get_uint8(); - else - return false; - return true; } @@ -1188,9 +1169,6 @@ bool InspectionModule::set(const char*, Value& v, SnortConfig* sc) return true; } - else - return false; - return true; } //------------------------------------------------------------------------- @@ -1370,9 +1348,6 @@ bool IpsModule::set(const char* fqn, Value& v, SnortConfig* sc) else if ( v.is("with") ) with = v.get_string(); - else - return false; - return true; } @@ -1506,9 +1481,6 @@ bool ProcessModule::set(const char*, Value& v, SnortConfig* sc) else if (v.is("name")) name = v.get_string(); - else - return false; - return true; } @@ -1641,9 +1613,6 @@ bool SuppressModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("ip") ) thdx.ip_address = sfip_var_from_string(v.get_string(), "suppress"); - else - return false; - return true; } @@ -1756,9 +1725,6 @@ bool EventFilterModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("type") ) thdx.type = v.get_uint8(); - else - return false; - return true; } @@ -1892,9 +1858,6 @@ bool RateFilterModule::set(const char*, Value& v, SnortConfig*) v.get_string()); } - else - return false; - return true; } @@ -2002,9 +1965,6 @@ bool HostsModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("port") ) service.port = v.get_uint16(); - else - return false; - return true; } diff --git a/src/managers/event_manager.cc b/src/managers/event_manager.cc index b25ce9520..c44106cb3 100644 --- a/src/managers/event_manager.cc +++ b/src/managers/event_manager.cc @@ -68,8 +68,7 @@ bool EventManager::log_enabled = true; void EventManager::add_plugin(const LogApi* api) { - // can't assert - alert_sf_socket operates differently - //assert(api->flags & (OUTPUT_TYPE_FLAG__ALERT | OUTPUT_TYPE_FLAG__LOG)); + assert(api->flags & (OUTPUT_TYPE_FLAG__ALERT | OUTPUT_TYPE_FLAG__LOG)); s_outputs.emplace_back(new Output(api)); } diff --git a/src/managers/script_manager.cc b/src/managers/script_manager.cc index fb8a922da..d6deb2aed 100644 --- a/src/managers/script_manager.cc +++ b/src/managers/script_manager.cc @@ -31,7 +31,7 @@ #include "helpers/directory.h" #include "log/messages.h" #include "lua/lua.h" -#include "lua/lua_util.h" +#include "lua/lua_script.h" #ifdef PIGLET #include "piglet/piglet_manager.h" diff --git a/src/memory/memory_module.cc b/src/memory/memory_module.cc index 844f15771..b1a3da9c7 100644 --- a/src/memory/memory_module.cc +++ b/src/memory/memory_module.cc @@ -84,9 +84,6 @@ bool MemoryModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("threshold") ) sc->memory->threshold = v.get_uint8(); - else - return false; - return true; } diff --git a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h index d696eaece..373b760d9 100644 --- a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h +++ b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h @@ -17,10 +17,6 @@ //-------------------------------------------------------------------------- // client_plugins_mock.h author author Sreeja Athirkandathil Narayanan -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #define APPID_UT_ID 1492 namespace snort diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index cf2cd4551..0e5bc048d 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -28,9 +28,11 @@ namespace snort { // Stubs for messages void ErrorMessage(const char*,...) { } +// LCOV_EXCL_START void WarningMessage(const char*,...) { } void LogMessage(const char*,...) { } void ParseWarning(WarningGroup, const char*, ...) { } +// LCOV_EXCL_STOP // Stubs for appid sessions FlowData::FlowData(unsigned, Inspector*) { } @@ -42,16 +44,20 @@ Packet::~Packet() = default; Inspector::Inspector() = default; Inspector::~Inspector() = default; +// LCOV_EXCL_START bool Inspector::likes(Packet*) { return true; } bool Inspector::get_buf(const char*, Packet*, InspectionBuffer&) { return true; } class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; } +// LCOV_EXCL_STOP // Stubs for search_tool.cc SearchTool::~SearchTool() = default; +// LCOV_EXCL_START void SearchTool::add(const char*, unsigned, int, bool) { } void SearchTool::add(const char*, unsigned, void*, bool) { } void SearchTool::add(const uint8_t*, unsigned, int, bool) { } void SearchTool::add(const uint8_t*, unsigned, void*, bool) { } +// LCOV_EXCL_STOP void SearchTool::prep() { } // Stubs for util.cc @@ -75,9 +81,11 @@ char* snort_strdup(const char* str) return p; } } +// LCOV_EXCL_START DiscoveryFilter::~DiscoveryFilter(){} void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } +// LCOV_EXCL_STOP #ifndef SIP_UNIT_TEST class AppIdInspector : public snort::Inspector @@ -85,11 +93,13 @@ class AppIdInspector : public snort::Inspector public: AppIdInspector(AppIdModule&) { } ~AppIdInspector() override = default; - void eval(Packet*) override { } bool configure(snort::SnortConfig*) override; +// LCOV_EXCL_START + void eval(Packet*) override { } void show(const SnortConfig*) const override { } void tinit() override { } void tterm() override { } +// LCOV_EXCL_STOP private: AppIdContext* ctxt = nullptr; }; @@ -100,6 +110,8 @@ AppIdConfig::~AppIdConfig() = default; AppIdModule::AppIdModule() : Module("a", "b") { } AppIdModule::~AppIdModule() = default; + +// LCOV_EXCL_START bool AppIdModule::begin(const char*, int, snort::SnortConfig*) { return false; @@ -137,6 +149,7 @@ snort::ProfileStats* AppIdModule::get_profile() const void AppIdModule::set_trace(const Trace*) const { } const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } +// LCOV_EXCL_STOP // Stubs for inspectors unsigned AppIdSession::inspector_id = 0; @@ -167,6 +180,7 @@ AppIdHttpSession::~AppIdHttpSession() } // Stubs for AppIdPegCounts +// LCOV_EXCL_START void AppIdPegCounts::update_service_count(AppId, bool) { } void AppIdPegCounts::update_client_count(AppId, bool) { } void AppIdPegCounts::inc_user_count(AppId) { } @@ -214,6 +228,7 @@ void ServiceDiscovery::reload() {} int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return 0; } +// LCOV_EXCL_STOP OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc index f8ce42d74..77cafe1c6 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc @@ -70,7 +70,7 @@ SearchTool::SearchTool(const char*, bool) { mpsegrp = &mpse_group; } -void SearchTool::reload() { } +void SearchTool::reload() { } // LCOV_EXCL_LINE int SearchTool::find_all(const char*, unsigned, MpseMatch, bool, void*) { // Seg-fault will be observed if this is called without initializing pattern matchers @@ -86,12 +86,16 @@ bool AppIdInspector::configure(snort::SnortConfig*) ctxt = &context; return true; } + +// LCOV_EXCL_START void AppIdInspector::eval(Packet*) { } void AppIdInspector::show(const SnortConfig*) const { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } void AppIdInspector::tear_down(SnortConfig*) { } AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; } +// LCOV_EXCL_STOP + AppIdInspector::~AppIdInspector() = default; void AppIdContext::create_odp_ctxt() @@ -127,11 +131,17 @@ AppIdSession* AppIdSession::allocate_session(snort::Packet const*, IpProtocol, void AppIdSession::publish_appid_event(AppidChangeBits&, const Packet&, bool, uint32_t) { } AppIdDiscovery::~AppIdDiscovery() = default; + +// LCOV_EXCL_START void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void ClientDiscovery::initialize(AppIdInspector&) { } void ClientDiscovery::reload() { } +// LCOV_EXCL_STOP + void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } + +// LCOV_EXCL_START void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, unsigned int, @@ -139,13 +149,17 @@ void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } -void AppIdModule::reset_stats() {} +void AppIdModule::reset_stats() { } +// LCOV_EXCL_STOP + DnsPatternMatchers::~DnsPatternMatchers() = default; EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; ClientDetector::ClientDetector() { } + +// LCOV_EXCL_START void ClientDetector::register_appid(int, unsigned int, OdpContext&) { } int AppIdDetector::initialize(AppIdInspector&) { return 1; } void AppIdDetector::reload() { } @@ -155,12 +169,13 @@ void AppIdDetector::add_payload(AppIdSession&, int) { } void AppIdDetector::add_app(snort::Packet const&, AppIdSession&, AppidSessionDirection, int, int, char const*, AppidChangeBits&) { } void memory::MemoryCap::update_deallocations(size_t) { } +// LCOV_EXCL_STOP SipEvent::SipEvent(snort::Packet const* p, SIPMsg const*, SIP_DialogData const*) { this->p = p; } SipEvent::~SipEvent() = default; bool SipEvent::is_invite() const { return false; } bool SipEvent::is_dialog_established() const { return false; } -int SipPatternMatchers::get_client_from_ua(char const*, unsigned int, int&, char*&) { return 0; } +int SipPatternMatchers::get_client_from_ua(char const*, unsigned int, int&, char*&) { return 0; } // LCOV_EXCL_LINE void SipEventHandler::service_handler(SipEvent&, AppIdSession&, AppidChangeBits&) { } SipUdpClientDetector* SipEventHandler::client = &cd; diff --git a/src/network_inspectors/appid/ips_appid_option.cc b/src/network_inspectors/appid/ips_appid_option.cc index 0ff614c10..127416710 100644 --- a/src/network_inspectors/appid/ips_appid_option.cc +++ b/src/network_inspectors/appid/ips_appid_option.cc @@ -195,8 +195,7 @@ bool AppIdOptionModule::begin(const char*, int, SnortConfig*) bool AppIdOptionModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; + assert(v.is("~")); v.set_first_token(); string tok; diff --git a/src/network_inspectors/appid/test/CMakeLists.txt b/src/network_inspectors/appid/test/CMakeLists.txt index c5dca9c25..a56750e6c 100644 --- a/src/network_inspectors/appid/test/CMakeLists.txt +++ b/src/network_inspectors/appid/test/CMakeLists.txt @@ -48,7 +48,7 @@ add_cpputest( appid_efp_process_event_handler_test add_cpputest( tp_lib_handler_test SOURCES tp_lib_handler_test.cc - ../../../network_inspectors/rna/test/rna_flow_mock.cc + ../../../network_inspectors/rna/test/rna_flow_stubs.cc ../tp_lib_handler.cc LIBS dl diff --git a/src/network_inspectors/appid/test/log_message_mock.h b/src/network_inspectors/appid/test/log_message_mock.h index a5646c699..030204fff 100644 --- a/src/network_inspectors/appid/test/log_message_mock.h +++ b/src/network_inspectors/appid/test/log_message_mock.h @@ -1,10 +1,6 @@ #ifndef LOG_MESSAGE_MOCK #define LOG_MESSAGE_MOCK -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #include using namespace std; diff --git a/src/network_inspectors/arp_spoof/arp_module.cc b/src/network_inspectors/arp_spoof/arp_module.cc index 9f5804a29..a459a154b 100644 --- a/src/network_inspectors/arp_spoof/arp_module.cc +++ b/src/network_inspectors/arp_spoof/arp_module.cc @@ -100,9 +100,6 @@ bool ArpSpoofModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("mac") ) v.get_mac(host.mac_addr); - else - return false; - return true; } diff --git a/src/network_inspectors/normalize/norm_module.cc b/src/network_inspectors/normalize/norm_module.cc index c4ef1a672..3f22443bc 100644 --- a/src/network_inspectors/normalize/norm_module.cc +++ b/src/network_inspectors/normalize/norm_module.cc @@ -321,9 +321,6 @@ bool NormalizeModule::set(const char* fqn, Value& v, SnortConfig* sc) else if ( v.is("icmp6") ) Norm_Set(&config, NORM_ICMP6, v.get_bool()); - else - return false; - return true; } diff --git a/src/network_inspectors/packet_capture/capture_module.cc b/src/network_inspectors/packet_capture/capture_module.cc index b4f4d179b..5bf1cce94 100644 --- a/src/network_inspectors/packet_capture/capture_module.cc +++ b/src/network_inspectors/packet_capture/capture_module.cc @@ -153,9 +153,6 @@ bool CaptureModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("group") ) config.group = v.get_int16(); - else - return false; - return true; } diff --git a/src/network_inspectors/packet_tracer/packet_tracer_module.cc b/src/network_inspectors/packet_tracer/packet_tracer_module.cc index 7b0302bbe..ee7a88a99 100644 --- a/src/network_inspectors/packet_tracer/packet_tracer_module.cc +++ b/src/network_inspectors/packet_tracer/packet_tracer_module.cc @@ -184,9 +184,6 @@ bool PacketTracerModule::set(const char *, Value &v, SnortConfig*) return false; } } - else - return false; - return true; } diff --git a/src/network_inspectors/perf_monitor/perf_module.cc b/src/network_inspectors/perf_monitor/perf_module.cc index fe901aca9..f3286daa7 100644 --- a/src/network_inspectors/perf_monitor/perf_module.cc +++ b/src/network_inspectors/perf_monitor/perf_module.cc @@ -313,9 +313,6 @@ bool PerfMonModule::set(const char*, Value& v, SnortConfig*) { return true; } - else - return false; - return true; } diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc index 05333fff3..5054a3001 100644 --- a/src/network_inspectors/port_scan/ps_module.cc +++ b/src/network_inspectors/port_scan/ps_module.cc @@ -320,9 +320,6 @@ bool PortScanModule::set(const char* fqn, Value& v, SnortConfig*) else if ( v.is("icmp_window") ) config->icmp_window = v.get_uint32(); - else - return false; - return true; } diff --git a/src/network_inspectors/reputation/reputation_module.cc b/src/network_inspectors/reputation/reputation_module.cc index 3f97ed91c..c713318d3 100644 --- a/src/network_inspectors/reputation/reputation_module.cc +++ b/src/network_inspectors/reputation/reputation_module.cc @@ -144,9 +144,6 @@ bool ReputationModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("allowlist") ) conf->allowlist_path = v.get_string(); - else - return false; - return true; } diff --git a/src/network_inspectors/rna/rna_module.cc b/src/network_inspectors/rna/rna_module.cc index 73567cb10..1ef7a7f91 100644 --- a/src/network_inspectors/rna/rna_module.cc +++ b/src/network_inspectors/rna/rna_module.cc @@ -510,9 +510,6 @@ bool RnaModule::set(const char* fqn, Value& v, SnortConfig*) else return false; } - else - return false; - return true; } @@ -666,9 +663,6 @@ TEST_CASE("RNA module", "[rna_module]") Value v1("rna.conf"); v1.set(Parameter::find(rna_params, "rna_conf_path")); CHECK(mod.set(nullptr, v1, nullptr) == true); - - Value v3("dummy"); - CHECK(mod.set(nullptr, v3, nullptr) == false); CHECK(mod.end("rna", 0, &sc) == true); RnaModuleConfig* rc = mod.get_config(); diff --git a/src/network_inspectors/rna/test/CMakeLists.txt b/src/network_inspectors/rna/test/CMakeLists.txt index 0be3be0ed..dfc6e9102 100644 --- a/src/network_inspectors/rna/test/CMakeLists.txt +++ b/src/network_inspectors/rna/test/CMakeLists.txt @@ -3,6 +3,8 @@ add_cpputest( rna_module_test ../../../framework/parameter.cc ../../../host_tracker/host_cache.cc ../rna_fingerprint.cc + rna_module_mock.h + rna_module_stubs.h $ LIBS ${DNET_LIBRARIES} diff --git a/src/network_inspectors/rna/test/rna_flow_mock.cc b/src/network_inspectors/rna/test/rna_flow_stubs.cc similarity index 100% rename from src/network_inspectors/rna/test/rna_flow_mock.cc rename to src/network_inspectors/rna/test/rna_flow_stubs.cc diff --git a/src/network_inspectors/rna/test/rna_module_mock.h b/src/network_inspectors/rna/test/rna_module_mock.h index 75eed5935..033948abf 100644 --- a/src/network_inspectors/rna/test/rna_module_mock.h +++ b/src/network_inspectors/rna/test/rna_module_mock.h @@ -28,49 +28,9 @@ THREAD_LOCAL ProfileStats rna_perf_stats; namespace snort { -Module* ModuleManager::get_module(const char*) -{ return nullptr; } - -char* snort_strdup(const char* s) -{ return strdup(s); } - Module::Module(const char*, const char*, const Parameter*, bool) {} -void Module::sum_stats(bool) {} -void Module::show_stats() {} -void Module::reset_stats() {} -PegCount Module::get_global_count(char const*) const -{ return 0; } -void Module::show_interval_stats(std::vector >&, FILE*) -{} -void LogMessage(const char*,...) {} -void WarningMessage(const char*,...) {} -SnortConfig::SnortConfig(SnortConfig const*) {} -SnortConfig::~SnortConfig() = default; -time_t packet_time() { return 0; } - -// tcp fingerprint functions -bool TcpFpProcessor::push(const TcpFingerprint&) { return true; } -void TcpFpProcessor::make_tcp_fp_tables(TCP_FP_MODE) { } -const TcpFingerprint* TcpFpProcessor::get_tcp_fp(const FpTcpKey&, uint8_t, TCP_FP_MODE) const -{ return nullptr; } -const TcpFingerprint* TcpFpProcessor::get(const Packet*, RNAFlow*) const -{ return nullptr; } -TcpFpProcessor* get_tcp_fp_processor() { return nullptr; } -void set_tcp_fp_processor(TcpFpProcessor*) { } - -TcpFingerprint::TcpFingerprint(const RawFingerprint&) { } bool TcpFingerprint::operator==(const TcpFingerprint&) const { return true; } -UaFpProcessor::~UaFpProcessor() = default; -void UaFpProcessor::make_mpse(SnortConfig*) { } -void UaFpProcessor::push(RawFingerprint const&) { } - -void UdpFpProcessor::push(RawFingerprint const&) { } - -SmbFingerprint::SmbFingerprint(const RawFingerprint&) { } -bool SmbFingerprint::operator==(const SmbFingerprint&) const { return true; } -bool SmbFpProcessor::push(SmbFingerprint const&) { return true; } - // inspector class RnaInspector { @@ -104,26 +64,9 @@ private: } // end of namespace snort -void snort::main_broadcast_command(snort::AnalyzerCommand*, ControlConn*) {} - static ControlConn s_ctrlcon(1, true); ControlConn::ControlConn(int, bool) {} ControlConn::~ControlConn() {} -ControlConn* ControlConn::query_from_lua(const lua_State*) { return &s_ctrlcon; } -bool ControlConn::respond(const char*, ...) { return true; } - -HostCacheMac* get_host_cache_mac() { return nullptr; } - -DataPurgeAC::~DataPurgeAC() = default; -bool DataPurgeAC::execute(Analyzer&, void**) { return true;} - -void set_host_cache_mac(HostCacheMac*) { } - -Inspector* InspectorManager::get_inspector(const char*, bool, const SnortConfig*) -{ - return nullptr; -} - -void HostTracker::remove_flows() { } #endif + diff --git a/src/network_inspectors/rna/test/rna_module_stubs.h b/src/network_inspectors/rna/test/rna_module_stubs.h new file mode 100644 index 000000000..6c9a7b8b3 --- /dev/null +++ b/src/network_inspectors/rna/test/rna_module_stubs.h @@ -0,0 +1,87 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2020-2021 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// rna_module_stubs.h author Masud Hasan + +#ifndef RNA_MODULE_TEST_H +#define RNA_MODULE_TEST_H + +namespace snort +{ +Module* ModuleManager::get_module(const char*) +{ return nullptr; } + +char* snort_strdup(const char* s) +{ return strdup(s); } + +void Module::sum_stats(bool) {} +void Module::show_stats() {} +void Module::reset_stats() {} +PegCount Module::get_global_count(char const*) const +{ return 0; } +void Module::show_interval_stats(std::vector >&, FILE*) +{} +void LogMessage(const char*,...) {} +void WarningMessage(const char*,...) {} +SnortConfig::SnortConfig(SnortConfig const*) {} +SnortConfig::~SnortConfig() = default; +time_t packet_time() { return 0; } + +// tcp fingerprint functions +bool TcpFpProcessor::push(const TcpFingerprint&) { return true; } +void TcpFpProcessor::make_tcp_fp_tables(TCP_FP_MODE) { } +const TcpFingerprint* TcpFpProcessor::get_tcp_fp(const FpTcpKey&, uint8_t, TCP_FP_MODE) const +{ return nullptr; } +const TcpFingerprint* TcpFpProcessor::get(const Packet*, RNAFlow*) const +{ return nullptr; } +TcpFpProcessor* get_tcp_fp_processor() { return nullptr; } +void set_tcp_fp_processor(TcpFpProcessor*) { } + +TcpFingerprint::TcpFingerprint(const RawFingerprint&) { } + +UaFpProcessor::~UaFpProcessor() = default; +void UaFpProcessor::make_mpse(SnortConfig*) { } +void UaFpProcessor::push(RawFingerprint const&) { } + +void UdpFpProcessor::push(RawFingerprint const&) { } + +SmbFingerprint::SmbFingerprint(const RawFingerprint&) { } +bool SmbFingerprint::operator==(const SmbFingerprint&) const { return true; } +bool SmbFpProcessor::push(SmbFingerprint const&) { return true; } +} + +void snort::main_broadcast_command(snort::AnalyzerCommand*, ControlConn*) {} + +ControlConn* ControlConn::query_from_lua(const lua_State*) { return &s_ctrlcon; } +bool ControlConn::respond(const char*, ...) { return true; } + +HostCacheMac* get_host_cache_mac() { return nullptr; } + +DataPurgeAC::~DataPurgeAC() = default; +bool DataPurgeAC::execute(Analyzer&, void**) { return true;} + +void set_host_cache_mac(HostCacheMac*) { } + +Inspector* InspectorManager::get_inspector(const char*, bool, const SnortConfig*) +{ + return nullptr; +} + +void HostTracker::remove_flows() { } + +#endif diff --git a/src/network_inspectors/rna/test/rna_module_test.cc b/src/network_inspectors/rna/test/rna_module_test.cc index 8d1238ddb..60711e603 100644 --- a/src/network_inspectors/rna/test/rna_module_test.cc +++ b/src/network_inspectors/rna/test/rna_module_test.cc @@ -25,6 +25,7 @@ #include "../rna_module.cc" #include "rna_module_mock.h" +#include "rna_module_stubs.h" // To avoid warnings between catch.hpp and UtestMacros.h macro definitions, // since rna_module.cc has both catch and cpputest tests diff --git a/src/piglet/piglet_runner.cc b/src/piglet/piglet_runner.cc index b9fbe32a0..3469c2962 100644 --- a/src/piglet/piglet_runner.cc +++ b/src/piglet/piglet_runner.cc @@ -27,7 +27,7 @@ #include "lua/lua.h" #include "lua/lua_table.h" -#include "lua/lua_util.h" +#include "lua/lua_script.h" #include "piglet_api.h" #include "piglet_manager.h" diff --git a/src/protocols/arp.h b/src/protocols/arp.h index ef40e4d48..46580a9c7 100644 --- a/src/protocols/arp.h +++ b/src/protocols/arp.h @@ -1,4 +1,3 @@ - //-------------------------------------------------------------------------- // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. // diff --git a/src/search_engines/test/search_tool_test.cc b/src/search_engines/test/search_tool_test.cc index 451a11e13..c28d64e4f 100644 --- a/src/search_engines/test/search_tool_test.cc +++ b/src/search_engines/test/search_tool_test.cc @@ -113,41 +113,8 @@ int Mpse::search_all( return _search(T, n, match, context, current_state); } -void Mpse::search(MpseBatch& batch, MpseType mpse_type) -{ - _search(batch, mpse_type); -} - -void Mpse::_search(MpseBatch& batch, MpseType mpse_type) -{ - int start_state; - - for ( auto& item : batch.items ) - { - if (item.second.done) - continue; - - item.second.error = false; - item.second.matches = 0; - - for ( auto& so : item.second.so ) - { - start_state = 0; - switch (mpse_type) - { - case MPSE_TYPE_NORMAL: - item.second.matches += so->normal_mpse->search(item.first.buf, item.first.len, - batch.mf, batch.context, &start_state); - break; - case MPSE_TYPE_OFFLOAD: - item.second.matches += so->offload_mpse->search(item.first.buf, item.first.len, - batch.mf, batch.context, &start_state); - break; - } - } - item.second.done = true; - } -} +void Mpse::search(MpseBatch&, MpseType) { } +void Mpse::_search(MpseBatch&, MpseType) { } } diff --git a/src/service_inspectors/cip/cip_module.cc b/src/service_inspectors/cip/cip_module.cc index ce4d76dd4..298abc9dc 100644 --- a/src/service_inspectors/cip/cip_module.cc +++ b/src/service_inspectors/cip/cip_module.cc @@ -113,9 +113,6 @@ bool CipModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("max_unconnected_messages") ) conf->max_unconnected_messages = v.get_uint32(); - else - return false; - return true; } diff --git a/src/service_inspectors/cip/ips_cip_attribute.cc b/src/service_inspectors/cip/ips_cip_attribute.cc index b17669490..a3bd448d6 100644 --- a/src/service_inspectors/cip/ips_cip_attribute.cc +++ b/src/service_inspectors/cip/ips_cip_attribute.cc @@ -149,9 +149,7 @@ bool CipAttributeModule::begin(const char*, int, SnortConfig*) bool CipAttributeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_attr.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_class.cc b/src/service_inspectors/cip/ips_cip_class.cc index 0d03b6ded..a0384593d 100644 --- a/src/service_inspectors/cip/ips_cip_class.cc +++ b/src/service_inspectors/cip/ips_cip_class.cc @@ -148,9 +148,7 @@ bool CipClassModule::begin(const char*, int, SnortConfig*) bool CipClassModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_class.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_connpathclass.cc b/src/service_inspectors/cip/ips_cip_connpathclass.cc index 2ba69b0d3..b1da5a545 100644 --- a/src/service_inspectors/cip/ips_cip_connpathclass.cc +++ b/src/service_inspectors/cip/ips_cip_connpathclass.cc @@ -149,9 +149,7 @@ bool CipConnpathclassModule::begin(const char*, int, SnortConfig*) bool CipConnpathclassModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_cpc.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_enipcommand.cc b/src/service_inspectors/cip/ips_cip_enipcommand.cc index c576a9dfd..467ee8c47 100644 --- a/src/service_inspectors/cip/ips_cip_enipcommand.cc +++ b/src/service_inspectors/cip/ips_cip_enipcommand.cc @@ -142,9 +142,7 @@ bool CipEnipCommandModule::begin(const char*, int, SnortConfig*) bool CipEnipCommandModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_enip_cmd.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_instance.cc b/src/service_inspectors/cip/ips_cip_instance.cc index 2e31a4d87..224a364d6 100644 --- a/src/service_inspectors/cip/ips_cip_instance.cc +++ b/src/service_inspectors/cip/ips_cip_instance.cc @@ -149,9 +149,7 @@ bool CipInstanceModule::begin(const char*, int, SnortConfig*) bool CipInstanceModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_inst.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_service.cc b/src/service_inspectors/cip/ips_cip_service.cc index 7b5e373ea..97af706ad 100644 --- a/src/service_inspectors/cip/ips_cip_service.cc +++ b/src/service_inspectors/cip/ips_cip_service.cc @@ -153,9 +153,7 @@ bool CipServiceModule::begin(const char*, int, SnortConfig*) bool CipServiceModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_serv.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/cip/ips_cip_status.cc b/src/service_inspectors/cip/ips_cip_status.cc index 495f66586..c4dcd021b 100644 --- a/src/service_inspectors/cip/ips_cip_status.cc +++ b/src/service_inspectors/cip/ips_cip_status.cc @@ -148,9 +148,7 @@ bool CipStatusModule::begin(const char*, int, SnortConfig*) bool CipStatusModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~range") ) - return false; - + assert(v.is("~range")); return cip_status.validate(v.get_string(), RANGE); } diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.cc b/src/service_inspectors/dce_rpc/dce_tcp_module.cc index 04d9cd3ec..0b1c1bd6a 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.cc @@ -146,10 +146,7 @@ ProfileStats* Dce2TcpModule::get_profile() const bool Dce2TcpModule::set(const char*, Value& v, SnortConfig*) { - if (dce2_set_co_config(v,config.common)) - return true; - - return false; + return dce2_set_co_config(v,config.common); } void Dce2TcpModule::get_data(dce2TcpProtoConf& dce2_tcp_config) diff --git a/src/service_inspectors/dce_rpc/ips_dce_iface.cc b/src/service_inspectors/dce_rpc/ips_dce_iface.cc index 5bc1917ce..bd70959c9 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_iface.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_iface.cc @@ -474,9 +474,6 @@ bool Dce2IfaceModule::set(const char*, Value& v, SnortConfig*) token = DCE2_PruneWhiteSpace(token); return DCE2_ParseIface(token, &uuid); } - else - return false; - return true; } diff --git a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc index 00b8a85ed..75d6d69ac 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc @@ -489,27 +489,21 @@ bool Dce2OpnumModule::begin(const char*, int, SnortConfig*) bool Dce2OpnumModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; + assert(v.is("~")); - if (v.get_string()) - { - std::string tok (v.get_string()); - if ( tok[0] == '"' ) - tok.erase(0, 1); + std::string tok (v.get_string()); - if ( tok[tok.length()-1] == '"' ) - tok.erase(tok.length()-1, 1); + if ( tok[0] == '"' ) + tok.erase(0, 1); - char* s = snort_strdup(tok.c_str()); - DCE2_Ret status = DCE2_OpnumParse(s, &opnum); - snort_free(s); + if ( tok[tok.length()-1] == '"' ) + tok.erase(tok.length()-1, 1); - if (status == DCE2_RET__SUCCESS) - return true; - } + char* s = snort_strdup(tok.c_str()); + DCE2_Ret status = DCE2_OpnumParse(s, &opnum); + snort_free(s); - return false; + return (status == DCE2_RET__SUCCESS); } ProfileStats* Dce2OpnumModule::get_profile() const diff --git a/src/service_inspectors/dnp3/dnp3_module.cc b/src/service_inspectors/dnp3/dnp3_module.cc index 5ef2a6e15..a8e431b44 100644 --- a/src/service_inspectors/dnp3/dnp3_module.cc +++ b/src/service_inspectors/dnp3/dnp3_module.cc @@ -86,12 +86,8 @@ ProfileStats* Dnp3Module::get_profile() const bool Dnp3Module::set(const char*, Value& v, SnortConfig*) { - if ( v.is("check_crc") ) - config.check_crc = v.get_bool(); - - else - return false; - + assert(v.is("check_crc")); + config.check_crc = v.get_bool(); return true; } diff --git a/src/service_inspectors/dnp3/ips_dnp3_func.cc b/src/service_inspectors/dnp3/ips_dnp3_func.cc index 163731ea9..c9f582fb7 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_func.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_func.cc @@ -140,8 +140,7 @@ ProfileStats* Dnp3FuncModule::get_profile() const bool Dnp3FuncModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~")) - return false; + assert(v.is("~")); long n; diff --git a/src/service_inspectors/dnp3/ips_dnp3_ind.cc b/src/service_inspectors/dnp3/ips_dnp3_ind.cc index 7e5ad10a6..051cd228c 100644 --- a/src/service_inspectors/dnp3/ips_dnp3_ind.cc +++ b/src/service_inspectors/dnp3/ips_dnp3_ind.cc @@ -137,11 +137,9 @@ public: bool Dnp3IndModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; + assert(v.is("~")); flags = 0; - v.set_first_token(); std::string tok; diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc index dd4703a23..f089757b0 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.cc +++ b/src/service_inspectors/ftp_telnet/ftp_module.cc @@ -120,9 +120,6 @@ bool FtpClientModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("telnet_cmds") ) conf->telnet_cmds = v.get_bool(); - else - return false; - return true; } @@ -470,9 +467,6 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("telnet_cmds") ) conf->telnet_cmds = v.get_bool(); - else - return false; - return true; } diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc index 4d130760b..2e1344e94 100644 --- a/src/service_inspectors/ftp_telnet/telnet_module.cc +++ b/src/service_inspectors/ftp_telnet/telnet_module.cc @@ -109,9 +109,6 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("normalize") ) conf->normalize = v.get_bool(); - else - return false; - return true; } diff --git a/src/service_inspectors/gtp/ips_gtp_info.cc b/src/service_inspectors/gtp/ips_gtp_info.cc index 4e845ac23..88f453dbd 100644 --- a/src/service_inspectors/gtp/ips_gtp_info.cc +++ b/src/service_inspectors/gtp/ips_gtp_info.cc @@ -193,9 +193,7 @@ bool GtpInfoModule::set_types(const char* name) bool GtpInfoModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); long n; if ( v.strtol(n) ) diff --git a/src/service_inspectors/gtp/ips_gtp_type.cc b/src/service_inspectors/gtp/ips_gtp_type.cc index cbe0389be..163e25f15 100644 --- a/src/service_inspectors/gtp/ips_gtp_type.cc +++ b/src/service_inspectors/gtp/ips_gtp_type.cc @@ -191,9 +191,7 @@ bool GtpTypeModule::set_types(const char* name) bool GtpTypeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); v.set_first_token(); std::string tok; diff --git a/src/service_inspectors/gtp/ips_gtp_version.cc b/src/service_inspectors/gtp/ips_gtp_version.cc index 70929b755..ecb3116b3 100644 --- a/src/service_inspectors/gtp/ips_gtp_version.cc +++ b/src/service_inspectors/gtp/ips_gtp_version.cc @@ -125,9 +125,7 @@ public: bool GtpVersionModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); version = v.get_uint8(); return true; } diff --git a/src/service_inspectors/http2_inspect/http2_huffman_state_machine.cc b/src/service_inspectors/http2_inspect/http2_huffman_state_machine.cc index 436a2aebb..666955133 100644 --- a/src/service_inspectors/http2_inspect/http2_huffman_state_machine.cc +++ b/src/service_inspectors/http2_inspect/http2_huffman_state_machine.cc @@ -17,6 +17,10 @@ //-------------------------------------------------------------------------- // http2_huffman_state_machine.cc author Maya Dagon +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "http2_huffman_state_machine.h" const HuffmanEntry huffman_decode[HUFFMAN_LOOKUP_MAX+1] [UINT8_MAX+1] = diff --git a/src/service_inspectors/http2_inspect/http2_module.cc b/src/service_inspectors/http2_inspect/http2_module.cc index 299cfe407..62bfeca5f 100644 --- a/src/service_inspectors/http2_inspect/http2_module.cc +++ b/src/service_inspectors/http2_inspect/http2_module.cc @@ -99,10 +99,6 @@ bool Http2Module::set(const char*, Value& val, SnortConfig*) params->show_scan = val.get_bool(); } #endif - else - { - return false; - } return true; } diff --git a/src/service_inspectors/http2_inspect/http2_utils.cc b/src/service_inspectors/http2_inspect/http2_utils.cc index aa641afc5..dcd2d4186 100644 --- a/src/service_inspectors/http2_inspect/http2_utils.cc +++ b/src/service_inspectors/http2_inspect/http2_utils.cc @@ -17,6 +17,10 @@ //-------------------------------------------------------------------------- // http2_utils.cc author Maya Dagon +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "http2_utils.h" #include diff --git a/src/service_inspectors/http2_inspect/http2_utils.h b/src/service_inspectors/http2_inspect/http2_utils.h index 8e3b7921a..5effceac4 100644 --- a/src/service_inspectors/http2_inspect/http2_utils.h +++ b/src/service_inspectors/http2_inspect/http2_utils.h @@ -20,10 +20,6 @@ #ifndef HTTP2_UTILS_H #define HTTP2_UTILS_H -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #include "main/snort_types.h" #include "service_inspectors/http_inspect/http_common.h" diff --git a/src/service_inspectors/http_inspect/http_buffer_info.cc b/src/service_inspectors/http_inspect/http_buffer_info.cc index 74de314be..809c4dd89 100644 --- a/src/service_inspectors/http_inspect/http_buffer_info.cc +++ b/src/service_inspectors/http_inspect/http_buffer_info.cc @@ -17,6 +17,10 @@ //-------------------------------------------------------------------------- // http_buffer_info.cc author Brandon Stultz +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "hash/hash_key_operations.h" #include "http_buffer_info.h" diff --git a/src/service_inspectors/http_inspect/http_module.cc b/src/service_inspectors/http_inspect/http_module.cc index f8da39760..a9794f68d 100755 --- a/src/service_inspectors/http_inspect/http_module.cc +++ b/src/service_inspectors/http_inspect/http_module.cc @@ -417,10 +417,6 @@ bool HttpModule::set(const char*, Value& val, SnortConfig*) params->show_scan = val.get_bool(); } #endif - else - { - return false; - } return true; } diff --git a/src/service_inspectors/http_inspect/ips_http.cc b/src/service_inspectors/http_inspect/ips_http.cc index 38d911ce1..067d17209 100644 --- a/src/service_inspectors/http_inspect/ips_http.cc +++ b/src/service_inspectors/http_inspect/ips_http.cc @@ -163,10 +163,6 @@ bool HttpCursorModule::set(const char*, Value& v, SnortConfig*) para_list.fragment = true; sub_id = UC_FRAGMENT; } - else - { - return false; - } return true; } diff --git a/src/service_inspectors/iec104/ips_iec104_apci_type.cc b/src/service_inspectors/iec104/ips_iec104_apci_type.cc index 168d9dfc4..066adadfe 100644 --- a/src/service_inspectors/iec104/ips_iec104_apci_type.cc +++ b/src/service_inspectors/iec104/ips_iec104_apci_type.cc @@ -185,27 +185,14 @@ public: bool Iec104ApciTypeModule::set(const char*, Value& v, SnortConfig*) { - if (!v.is("~")) - { - return false; - } - + assert(v.is("~")); long n; if (v.strtol(n)) - { apci_type = static_cast(n); - } else if (get_apci_type(v.get_string(), n)) - { apci_type = static_cast(n); - } - - else - { - return false; - } return true; } diff --git a/src/service_inspectors/iec104/ips_iec104_asdu_func.cc b/src/service_inspectors/iec104/ips_iec104_asdu_func.cc index 2e2fd3962..7e2ee68e4 100644 --- a/src/service_inspectors/iec104/ips_iec104_asdu_func.cc +++ b/src/service_inspectors/iec104/ips_iec104_asdu_func.cc @@ -258,27 +258,14 @@ public: bool Iec104AsduFuncModule::set(const char*, Value& v, SnortConfig*) { - if (!v.is("~")) - { - return false; - } - + assert(v.is("~")); long n; if (v.strtol(n)) - { func = static_cast(n); - } else if (get_func(v.get_string(), n)) - { func = static_cast(n); - } - - else - { - return false; - } return true; } diff --git a/src/service_inspectors/imap/imap_module.cc b/src/service_inspectors/imap/imap_module.cc index 169332a5f..0e889aa72 100644 --- a/src/service_inspectors/imap/imap_module.cc +++ b/src/service_inspectors/imap/imap_module.cc @@ -122,9 +122,6 @@ bool ImapModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("uu_decode_depth") ) config->decode_conf.set_uu_depth(mime_value); - else - return false; - return true; } diff --git a/src/service_inspectors/modbus/ips_modbus_func.cc b/src/service_inspectors/modbus/ips_modbus_func.cc index 3df06c476..f4d118aab 100644 --- a/src/service_inspectors/modbus/ips_modbus_func.cc +++ b/src/service_inspectors/modbus/ips_modbus_func.cc @@ -176,9 +176,7 @@ public: bool ModbusFuncModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); long n; if ( v.strtol(n) ) @@ -187,9 +185,6 @@ bool ModbusFuncModule::set(const char*, Value& v, SnortConfig*) else if ( get_func(v.get_string(), n) ) func = (uint8_t)n; - else - return false; - return true; } diff --git a/src/service_inspectors/modbus/ips_modbus_unit.cc b/src/service_inspectors/modbus/ips_modbus_unit.cc index eee9eccbe..da082193a 100644 --- a/src/service_inspectors/modbus/ips_modbus_unit.cc +++ b/src/service_inspectors/modbus/ips_modbus_unit.cc @@ -128,9 +128,7 @@ public: bool ModbusUnitModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); unit = v.get_uint8(); return true; } diff --git a/src/service_inspectors/netflow/netflow_module.cc b/src/service_inspectors/netflow/netflow_module.cc index 304919599..b21f49938 100644 --- a/src/service_inspectors/netflow/netflow_module.cc +++ b/src/service_inspectors/netflow/netflow_module.cc @@ -193,9 +193,6 @@ bool NetflowModule::set(const char*, Value& v, SnortConfig*) { rule_cfg.create_service = v.get_bool(); } - else - return false; - return true; } diff --git a/src/service_inspectors/pop/pop_module.cc b/src/service_inspectors/pop/pop_module.cc index 23836abcf..336984a89 100644 --- a/src/service_inspectors/pop/pop_module.cc +++ b/src/service_inspectors/pop/pop_module.cc @@ -121,9 +121,6 @@ bool PopModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("uu_decode_depth") ) config->decode_conf.set_uu_depth(mime_value); - else - return false; - return true; } diff --git a/src/service_inspectors/s7commplus/ips_s7comm_func.cc b/src/service_inspectors/s7commplus/ips_s7comm_func.cc index 21d9d3a03..cbb433bd1 100644 --- a/src/service_inspectors/s7commplus/ips_s7comm_func.cc +++ b/src/service_inspectors/s7commplus/ips_s7comm_func.cc @@ -170,9 +170,7 @@ public: bool S7commplusFuncModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); long n; if ( v.strtol(n) ) @@ -181,9 +179,6 @@ bool S7commplusFuncModule::set(const char*, Value& v, SnortConfig*) else if ( get_func(v.get_string(), n) ) func = static_cast(n); - else - return false; - return true; } diff --git a/src/service_inspectors/s7commplus/ips_s7comm_opcode.cc b/src/service_inspectors/s7commplus/ips_s7comm_opcode.cc index fb3bd8f47..65ac4de1b 100644 --- a/src/service_inspectors/s7commplus/ips_s7comm_opcode.cc +++ b/src/service_inspectors/s7commplus/ips_s7comm_opcode.cc @@ -162,9 +162,7 @@ public: bool S7commplusOpcodeModule::set(const char*, Value& v, SnortConfig*) { - if ( !v.is("~") ) - return false; - + assert(v.is("~")); long n; if ( v.strtol(n) ) @@ -173,9 +171,6 @@ bool S7commplusOpcodeModule::set(const char*, Value& v, SnortConfig*) else if ( get_opcode(v.get_string(), n) ) opcode = (uint8_t)n; - else - return false; - return true; } diff --git a/src/service_inspectors/sip/ips_sip_method.cc b/src/service_inspectors/sip/ips_sip_method.cc index be79fd975..7a047d421 100644 --- a/src/service_inspectors/sip/ips_sip_method.cc +++ b/src/service_inspectors/sip/ips_sip_method.cc @@ -174,28 +174,24 @@ bool SipMethodModule::begin(const char*, int, SnortConfig*) bool SipMethodModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("*method") ) + assert(v.is("*method")); + const char* tok = v.get_string(); + + if (tok[0] == '!') { - const char* tok = v.get_string(); - - if (tok[0] == '!') - { - negated = true; - tok++; - } - else - negated = false; - - /*Only one method is allowed with !*/ - if ( negated && (!methods.empty()) ) - ParseError("Only one method is allowed with ! for sip_method"); - - std::string key = tok; - std::transform(key.begin(), key.end(), key.begin(), ::toupper); - methods[key] = negated; + negated = true; + tok++; } else - return false; + negated = false; + + /*Only one method is allowed with !*/ + if ( negated && (!methods.empty()) ) + ParseError("Only one method is allowed with ! for sip_method"); + + std::string key = tok; + std::transform(key.begin(), key.end(), key.begin(), ::toupper); + methods[key] = negated; return true; } diff --git a/src/service_inspectors/sip/ips_sip_stat_code.cc b/src/service_inspectors/sip/ips_sip_stat_code.cc index db70b924c..f1fe426a0 100644 --- a/src/service_inspectors/sip/ips_sip_stat_code.cc +++ b/src/service_inspectors/sip/ips_sip_stat_code.cc @@ -162,25 +162,20 @@ bool SipStatCodeModule::begin(const char*, int, SnortConfig*) bool SipStatCodeModule::set(const char*, Value& v, SnortConfig*) { - if (num_tokens < SIP_NUM_STAT_CODE_MAX) + assert(v.is("*code")); + + if (num_tokens >= SIP_NUM_STAT_CODE_MAX) + return false; + + uint16_t statCode = v.get_uint16(); + + if ( (statCode >= NUM_OF_RESPONSE_TYPES) && (statCode < MIN_STAT_CODE) ) { - if ( v.is("*code") ) - { - uint16_t statCode = v.get_uint16(); - - if ( (statCode >= NUM_OF_RESPONSE_TYPES) && (statCode < MIN_STAT_CODE) ) - { - ParseError("Status code specified is not a single digit or a 3 digit number"); - return false; - } - ssod.stat_codes[num_tokens] = statCode; - num_tokens++; - } - else - return false; - } - else + ParseError("Status code specified is not a single digit or a 3 digit number"); return false; + } + ssod.stat_codes[num_tokens] = statCode; + num_tokens++; return true; } diff --git a/src/service_inspectors/sip/sip_module.cc b/src/service_inspectors/sip/sip_module.cc index b7d20d6ec..b43245779 100644 --- a/src/service_inspectors/sip/sip_module.cc +++ b/src/service_inspectors/sip/sip_module.cc @@ -234,9 +234,6 @@ bool SipModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("methods") ) sip_methods = v.get_string(); - else - return false; - return true; } diff --git a/src/service_inspectors/smtp/smtp_module.cc b/src/service_inspectors/smtp/smtp_module.cc index 8cb8eb786..49e572af5 100644 --- a/src/service_inspectors/smtp/smtp_module.cc +++ b/src/service_inspectors/smtp/smtp_module.cc @@ -333,9 +333,6 @@ bool SmtpModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("xlink2state") ) config->xlink2state = (SMTPXlinkState)v.get_uint8(); - else - return false; - return true; } diff --git a/src/service_inspectors/ssh/ssh_module.cc b/src/service_inspectors/ssh/ssh_module.cc index 747987876..2b60de581 100644 --- a/src/service_inspectors/ssh/ssh_module.cc +++ b/src/service_inspectors/ssh/ssh_module.cc @@ -115,9 +115,6 @@ bool SshModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("max_server_version_len") ) conf->MaxServerVersionLen = v.get_uint8(); - else - return false; - return true; } diff --git a/src/service_inspectors/ssl/ips_ssl_state.cc b/src/service_inspectors/ssl/ips_ssl_state.cc index ffeb0cc7e..22f4d625b 100644 --- a/src/service_inspectors/ssl/ips_ssl_state.cc +++ b/src/service_inspectors/ssl/ips_ssl_state.cc @@ -219,9 +219,6 @@ bool SslStateModule::set(const char*, Value& v, SnortConfig*) ssod.flags |= SSL_UNKNOWN_FLAG; ssod.mask |= SSL_UNKNOWN_FLAG; } - else - return false; - return true; } diff --git a/src/service_inspectors/ssl/ips_ssl_version.cc b/src/service_inspectors/ssl/ips_ssl_version.cc index 57ba78dfa..538ebcca5 100644 --- a/src/service_inspectors/ssl/ips_ssl_version.cc +++ b/src/service_inspectors/ssl/ips_ssl_version.cc @@ -220,9 +220,6 @@ bool SslVersionModule::set(const char*, Value& v, SnortConfig*) svod.flags |= SSL_VER_TLS12_FLAG; svod.mask |= SSL_VER_TLS12_FLAG; } - else - return false; - return true; } diff --git a/src/service_inspectors/ssl/ssl_module.cc b/src/service_inspectors/ssl/ssl_module.cc index a6737c193..ce818453c 100644 --- a/src/service_inspectors/ssl/ssl_module.cc +++ b/src/service_inspectors/ssl/ssl_module.cc @@ -90,9 +90,6 @@ bool SslModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("max_heartbeat_length") ) conf->max_heartbeat_len = v.get_uint16(); - else - return false; - return true; } diff --git a/src/service_inspectors/ssl/ssl_splitter.cc b/src/service_inspectors/ssl/ssl_splitter.cc index f9f13d930..30381a38b 100644 --- a/src/service_inspectors/ssl/ssl_splitter.cc +++ b/src/service_inspectors/ssl/ssl_splitter.cc @@ -18,6 +18,10 @@ // ssl_splitter.cc author Steven Baigal +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "ssl_splitter.h" #include diff --git a/src/sfip/sf_ipvar.cc b/src/sfip/sf_ipvar.cc index 698dca2ba..28ad4b28b 100644 --- a/src/sfip/sf_ipvar.cc +++ b/src/sfip/sf_ipvar.cc @@ -546,9 +546,6 @@ static SfIpRet sfvar_add_node(sfip_var_t* var, sfip_node_t* node, int negated) ++*count; return SFIP_SUCCESS; - - // FIXIT-L Insert new node into routing table - // sfrt_add(node->ip, } sfip_var_t* sfvar_create_alias(const sfip_var_t* alias_from, const char* alias_to) diff --git a/src/sfrt/CMakeLists.txt b/src/sfrt/CMakeLists.txt index 6e73dc72f..aa451148f 100644 --- a/src/sfrt/CMakeLists.txt +++ b/src/sfrt/CMakeLists.txt @@ -1,17 +1,8 @@ -if ( ENABLE_UNIT_TESTS ) - set(TEST_FILES sfrt_test.cc) -endif() - add_library ( sfrt OBJECT - sfrt.cc - sfrt.h - sfrt_dir.cc - sfrt_dir.h sfrt_flat.cc sfrt_flat.h sfrt_flat_dir.cc sfrt_flat_dir.h - ${TEST_FILES} ) diff --git a/src/sfrt/sfrt.cc b/src/sfrt/sfrt.cc deleted file mode 100644 index 55ccb3f7f..000000000 --- a/src/sfrt/sfrt.cc +++ /dev/null @@ -1,600 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2006-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -/* - * sfrt.cc author Adam Keeton - * Thu July 20 10:16:26 EDT 2006 - * - * Route implements two different routing table lookup mechanisms. The table - * lookups have been adapted to return a void pointer so any information can - * be associated with each CIDR block. - * - * As of this writing, the two methods used are Stefan Nilsson and Gunnar - * Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s - * DIR-n-m. Presently, the LC-trie is used primarily for testing purposes as - * the current implementation does not allow for fast dynamic inserts. - * - * The intended use is for a user to optionally specify large IP blocks and - * then more specific information will be written into the routing tables - * from RNA. Ideally, information will only move from less specific to more - * specific. If a more general information is to overwrite existing entries, - * the table should be freed and rebuilt. - * - * - * Implementation: - * - * The routing tables associate an index into a "data" table with each CIDR. - * Each entry in the data table stores a pointer to actual data. This - * implementation was chosen so each routing entry only needs one word to - * either index the data array, or point to another table. - * - * Inserts are performed by specifying a CIDR and a pointer to its associated - * data. Since a new routing table entry may overwrite previous entries, - * a flag selects whether the insert favors the most recent or favors the most - * specific. Favoring most specific should be the default behavior. If - * the user wishes to overwrite routing entries with more general data, the - * table should be flushed, rather than using favor-most-recent. - * - * Before modifying the routing or data tables, the insert function performs a - * lookup on the CIDR-to-be-inserted. If no entry or an entry *of differing - * bit length* is found, the data is inserted into the data table, and its - * index is used for the new routing table entry. If an entry is found that - * is as specific as the new CIDR, the index stored points to where the new - * data is written into the data table. - * - * If more specific CIDR blocks overwrote the data table, then the more - * general routing table entries that were not overwritten will be referencing - * the wrong data. Alternatively, less specific entries can only overwrite - * existing routing table entries if favor-most-recent inserts are used. - * - * Because there is no quick way to clean the data-table if a user wishes to - * use a favor-most-recent insert for more general data, the user should flush - * the table with sfrt_free and create one anew. Alternatively, a small - * memory leak occurs with the data table, as it will be storing pointers that - * no routing table entry cares about. - * - * - * The API calls that should be used are: - * sfrt_new - create new table - * sfrt_insert - insert entry - * sfrt_lookup - lookup entry - * sfrt_free - free table -*/ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "sfrt.h" - -#include "sfip/sf_cidr.h" -#include "utils/util.h" - -using namespace snort; - -const char* rt_error_messages[] = -{ - "Success", - "Insert Failure", - "Policy Table Exceeded", - "Dir Insert Failure", - "Dir Lookup Failure", - "Memory Allocation Failure" -}; - -static inline int allocateTableIndex(table_t* table); - -/* Create new lookup table - * @param table_type Type of table. Uses the types enumeration in route.h - * @param ip_type IPv4 or IPv6. Uses the types enumeration in route.h - * @param data_size Max number of unique data entries - * - * Returns the new table. */ -table_t* sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_cap) -{ - table_t* table = (table_t*)snort_alloc(sizeof(table_t)); - - /* If this limit is exceeded, there will be no way to distinguish - * between pointers and indices into the data table. Only - * applies to DIR-n-m. */ -#if SIZEOF_LONG_INT == 8 - if (data_size >= 0x800000000000000) -#else - if (data_size >= 0x8000000) -#endif - { - snort_free(table); - return nullptr; - } - - /* mem_cap is specified in megabytes, but internally uses bytes. Convert */ - mem_cap *= 1024*1024; - - /* Maximum allowable number of stored entries */ - table->max_size = data_size; - table->lastAllocatedIndex = 0; - - table->data = (GENERIC*)snort_calloc(sizeof(GENERIC) * table->max_size); - table->allocated = sizeof(table_t) + sizeof(GENERIC) * table->max_size; - - table->ip_type = ip_type; - table->table_type = table_type; - - /* This will point to the actual table lookup algorithm */ - table->rt = nullptr; - table->rt6 = nullptr; - - /* index 0 will be used for failed lookups, so set this to 1 */ - table->num_ent = 1; - - switch (table_type) - { - /* Setup DIR-n-m table */ - case DIR_24_8: - case DIR_16x2: - case DIR_16_8x2: - case DIR_16_4x4: - case DIR_8x4: - case DIR_4x8: - case DIR_2x16: - case DIR_16_4x4_16x5_4x4: - case DIR_16x7_4x4: - case DIR_16x8: - case DIR_8x16: - table->insert = sfrt_dir_insert; - table->lookup = sfrt_dir_lookup; - table->free = sfrt_dir_free; - table->usage = sfrt_dir_usage; - table->print = sfrt_dir_print; - table->remove = sfrt_dir_remove; - - break; - - default: - snort_free(table->data); - snort_free(table); - return nullptr; - } - - /* Allocate the user-specified DIR-n-m table */ - switch (table_type) - { - case DIR_24_8: - table->rt = sfrt_dir_new(mem_cap, 2, 24,8); - break; - case DIR_16x2: - table->rt = sfrt_dir_new(mem_cap, 2, 16,16); - break; - case DIR_16_8x2: - table->rt = sfrt_dir_new(mem_cap, 3, 16,8,8); - break; - case DIR_16_4x4: - table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4); - break; - case DIR_8x4: - table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8); - break; - /* There is no reason to use 4x8 except for benchmarking and - * comparison purposes. */ - case DIR_4x8: - table->rt = sfrt_dir_new(mem_cap, 8, 4,4,4,4,4,4,4,4); - break; - /* There is no reason to use 2x16 except for benchmarking and - * comparison purposes. */ - case DIR_2x16: - table->rt = sfrt_dir_new(mem_cap, 16, - 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2); - break; - case DIR_16_4x4_16x5_4x4: - table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4); - table->rt6 = sfrt_dir_new(mem_cap, 14, 16,4,4,4,4,16,16,16,16,16,4,4,4,4); - break; - case DIR_16x7_4x4: - table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4); - table->rt6 = sfrt_dir_new(mem_cap, 11, 16,16,16,16,16,16,16,4,4,4,4); - break; - case DIR_16x8: - table->rt = sfrt_dir_new(mem_cap, 2, 16,16); - table->rt6 = sfrt_dir_new(mem_cap, 8, 16,16,16,16,16,16,16,16); - break; - case DIR_8x16: - table->rt = sfrt_dir_new(mem_cap, 4, 16,8,4,4); - table->rt6 = sfrt_dir_new(mem_cap, 16, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8); - break; - } - - if ((!table->rt) || (!table->rt6)) - { - if (table->rt) - table->free(table->rt); - if (table->rt6) - table->free(table->rt6); - snort_free(table->data); - snort_free(table); - return nullptr; - } - - return table; -} - -/* Free lookup table */ -void sfrt_free(table_t* table) -{ - if (!table) - { - /* What are you calling me for? */ - return; - } - - if (!table->data) - { - /* This really really should not have happened */ - } - else - { - snort_free(table->data); - } - - if (!table->rt) - { - /* This should not have happened either */ - } - else - { - table->free(table->rt); - } - - if (!table->rt6) - { - /* This should not have happened either */ - } - else - { - table->free(table->rt6); - } - - snort_free(table); -} - -/* Perform a lookup on value contained in "ip" */ -GENERIC sfrt_lookup(const SfIp* ip, table_t* table) -{ - tuple_t tuple; - const uint32_t* addr; - int numAddrDwords; - void* rt ; - - if (!ip || !table || !table->lookup) - return nullptr; - - if (ip->is_ip4()) - { - addr = ip->get_ip4_ptr(); - numAddrDwords = 1; - rt = table->rt; - } - else - { - addr = ip->get_ip6_ptr(); - numAddrDwords = 4; - rt = table->rt6; - } - - if (!rt) - return nullptr; - - tuple = table->lookup(addr, numAddrDwords, rt); - - if (tuple.index >= table->max_size) - return nullptr; - - return table->data[tuple.index]; -} - -void sfrt_cleanup(table_t* table, sfrt_iterator_callback cleanup_func) -{ - uint32_t index, count; - - if (!table) - return; - - for (index = 0, count = 0; - index < table->max_size; - index++) - { - if (table->data[index]) - { - cleanup_func(table->data[index]); - - /* cleanup_func is supposed to free memory associated with this - * table->data[index]. Set that to null. - */ - table->data[index] = nullptr; - - if (++count == table->num_ent) - break; - } - } -} - -GENERIC sfrt_search(const SfIp* ip, unsigned char len, table_t* table) -{ - const uint32_t* addr; - int numAddrDwords; - tuple_t tuple; - void* rt; - - if ((ip == nullptr) || (table == nullptr) || (len == 0)) - return nullptr; - - if (ip->is_ip4()) - { - addr = ip->get_ip4_ptr(); - numAddrDwords = 1; - rt = table->rt; - } - else if (ip->is_ip6()) - { - addr = ip->get_ip6_ptr(); - numAddrDwords = 4; - rt = table->rt6; - } - else - return nullptr; - - // FIXIT-RC IPv6 not yet supported by sfrt? - if (table->ip_type == IPv6) - return nullptr; - - if ( (table->ip_type == IPv4 && len > 32) || - (table->ip_type == IPv6 && len > 128) ) - { - return nullptr; - } - - tuple = table->lookup(addr, numAddrDwords, rt); - - if (tuple.length != len) - return nullptr; - - return table->data[tuple.index]; -} - -/* Insert "ip", of length "len", into "table", and have it point to "ptr" */ -int sfrt_insert(SfCidr* cidr, unsigned char len, GENERIC ptr, - int behavior, table_t* table) -{ - const uint32_t* addr; - const SfIp* ip; - int numAddrDwords; - int index; - int newIndex = 0; - int res; - tuple_t tuple; - void* rt; - - if (!cidr) - { - return RT_INSERT_FAILURE; - } - - if (len == 0) - return RT_INSERT_FAILURE; - - if (!table || !table->insert || !table->data || !table->lookup) - { - return RT_INSERT_FAILURE; - } - - if ( (table->ip_type == IPv4 && len > 32) || - (table->ip_type == IPv6 && len > 128) ) - { - return RT_INSERT_FAILURE; - } - - /* Check if we can reuse an existing data table entry by - * seeing if there is an existing entry with the same length. */ - ip = cidr->get_addr(); - if (ip->is_ip4()) - { - if (len < 96) - return RT_INSERT_FAILURE; - len -= 96; - addr = ip->get_ip4_ptr(); - numAddrDwords = 1; - rt = table->rt; - } - else if (ip->is_ip6()) - { - addr = ip->get_ip6_ptr(); - numAddrDwords = 4; - rt = table->rt6; - } - else - return RT_INSERT_FAILURE; - - tuple = table->lookup(addr, numAddrDwords, rt); - - if (tuple.length != len) - { - if ( table->num_ent >= table->max_size) - { - return RT_POLICY_TABLE_EXCEEDED; - } - - index = newIndex = allocateTableIndex(table); - if (!index) - return RT_POLICY_TABLE_EXCEEDED; - } - else - { - index = tuple.index; - } - - /* The actual value that is looked-up is an index - * into the data table. */ - res = table->insert(addr, numAddrDwords, len, index, behavior, rt); - - if ((res == RT_SUCCESS) && newIndex) - { - table->num_ent++; - table->data[ index ] = ptr; - } - - return res; -} -/** Pretty print table - * Pretty print sfrt table. - * @param table - routing table. - */ -void sfrt_print(table_t* table) -{ - if (!table || !table->print ) - { - return; - } - - if (table->rt) - table->print(table->rt); - if (table->rt6) - table->print(table->rt6); -} - -uint32_t sfrt_num_entries(table_t* table) -{ - if (!table || !table->rt || !table->allocated) - { - return 0; - } - - /* There is always a root node, so subtract 1 for it */ - return table->num_ent - 1; -} - -uint32_t sfrt_usage(table_t* table) -{ - uint32_t usage; - if (!table || !table->rt || !table->allocated || !table->usage) - { - return 0; - } - - usage = table->allocated + table->usage(table->rt); - - if (table->rt6) - { - usage += table->usage(table->rt6); - } - - return usage; -} - -/** Remove subnet from sfrt table. - * Remove subnet identified by ip/len and return associated data. - * @param ip - IP address - * @param len - length of netmask - * @param ptr - void ** that is set to value associated with subnet - * @param behavior - RT_FAVOR_SPECIFIC or RT_FAVOR_TIME - * @note - For RT_FAVOR_TIME behavior, if partial subnet is removed then table->data[x] is nulled. Any remaining entries - * will then point to null data. This can cause hung or crosslinked data. RT_FAVOR_SPECIFIC does not have this drawback. - * hung or crosslinked entries. - */ -int sfrt_remove(SfCidr* cidr, unsigned char len, GENERIC* ptr, - int behavior, table_t* table) -{ - const uint32_t* addr; - const SfIp* ip; - int numAddrDwords; - int index; - void* rt; - - if (!cidr) - { - return RT_REMOVE_FAILURE; - } - - if (len == 0) - return RT_REMOVE_FAILURE; - - if (!table || !table->data || !table->remove || !table->lookup ) - return RT_REMOVE_FAILURE; - - if ( (table->ip_type == IPv4 && len > 32) || - (table->ip_type == IPv6 && len > 128) ) - { - return RT_REMOVE_FAILURE; - } - - ip = cidr->get_addr(); - if (ip->is_ip4()) - { - if (len < 96) - return RT_REMOVE_FAILURE; - len -= 96; - addr = ip->get_ip4_ptr(); - numAddrDwords = 1; - rt = table->rt; - } - else if (ip->is_ip6()) - { - addr = ip->get_ip6_ptr(); - numAddrDwords = 4; - rt = table->rt6; - } - else - return RT_REMOVE_FAILURE; - - /* The actual value that is looked-up is an index - * into the data table. */ - index = table->remove(addr, numAddrDwords, len, behavior, rt); - - /* Remove value into policy table. See TBD in function header*/ - if (index) - { - *ptr = table->data[ index ]; - table->data[ index ] = nullptr; - table->num_ent--; - } - - return RT_SUCCESS; -} - -/**allocate first unused index value. With delete operation, index values can be non-contiguous. - * Index 0 is error in this function but this is valid entry in table->data that is used - * for failure case. Calling function must check for 0 and take appropriate error action. - */ -static inline int allocateTableIndex(table_t* table) -{ - uint32_t index; - - // 0 is special index for failed entries. - for (index = table->lastAllocatedIndex+1; - index != table->lastAllocatedIndex; - index = (index+1) % table->max_size) - { - if (index && !table->data[index]) - { - table->lastAllocatedIndex = index; - return index; - } - } - return 0; -} - diff --git a/src/sfrt/sfrt.h b/src/sfrt/sfrt.h index 5e6ee447c..f1dd644b7 100644 --- a/src/sfrt/sfrt.h +++ b/src/sfrt/sfrt.h @@ -40,10 +40,12 @@ struct tuple_t word length; }; -#include "sfrt/sfrt_dir.h" - enum types { +#if 0 + // supporting code for these types (and RT_FAVOR_* below) is + // disabled since it is not used. not deleting in case we need + // switch types at some point. see sfrt_*.cc. DIR_24_8, DIR_16x2, DIR_16_8x2, @@ -54,6 +56,7 @@ enum types DIR_16_4x4_16x5_4x4, DIR_16x7_4x4, DIR_16x8, +#endif DIR_8x16, IPv4, IPv6 @@ -72,64 +75,12 @@ enum return_codes enum { +#if 0 RT_FAVOR_TIME, RT_FAVOR_SPECIFIC, +#endif RT_FAVOR_ALL }; -extern const char* rt_error_messages[]; - -typedef int (* table_insert)( - const uint32_t* addr, int numAddrDwords, int len, word index, int behavior, GENERIC); - -typedef word (* table_remove)( - const uint32_t* addr, int numAddrDwords, int len, int behavior, GENERIC); - -typedef tuple_t (* table_lookup)(const uint32_t* addr, int numAddrDwords, GENERIC); - -typedef uint32_t (* table_usage)(GENERIC); -typedef void (* table_print)(GENERIC); -typedef void (* table_free)(GENERIC); - -// Master table struct. Abstracts DIR and LC-trie methods -struct table_t -{ - GENERIC* data; // data table. Each IP points to an entry here - uint32_t num_ent; // Number of entries in the policy table - uint32_t max_size; // Max size of policies array - uint32_t lastAllocatedIndex; // Index allocated last. Search for unused index - // starts from this value and then wraps around at max_size. - char ip_type; // Only IPs of this family will be used - char table_type; - uint32_t allocated; - - void* rt; // Actual "routing" table - void* rt6; // Actual "routing" table - - table_insert insert; - table_remove remove; - table_lookup lookup; - table_usage usage; - table_print print; - table_free free; -}; - -// Abstracted routing table API -table_t* sfrt_new(char type, char ip_type, long data_size, uint32_t mem_cap); -void sfrt_free(table_t*); - -GENERIC sfrt_lookup(const snort::SfIp*, table_t*); -GENERIC sfrt_search(const snort::SfIp*, unsigned char len, table_t*); - -typedef void (* sfrt_iterator_callback)(void*); -void sfrt_cleanup(table_t*, sfrt_iterator_callback); - -int sfrt_insert(snort::SfCidr*, unsigned char len, GENERIC, int behavior, table_t*); -int sfrt_remove(snort::SfCidr*, unsigned char len, GENERIC*, int behavior, table_t*); - -uint32_t sfrt_usage(table_t*); -void sfrt_print(table_t*); -uint32_t sfrt_num_entries(table_t*); - #endif diff --git a/src/sfrt/sfrt_dir.cc b/src/sfrt/sfrt_dir.cc deleted file mode 100644 index 3fc9660ac..000000000 --- a/src/sfrt/sfrt_dir.cc +++ /dev/null @@ -1,766 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2006-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -/* - * @file sfdir.c - * @author Adam Keeton - * @date Thu July 20 10:16:26 EDT 2006 - * - * The implementation uses an multibit-trie that is similar to Gupta et-al's - * DIR-n-m. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "sfrt.h" // FIXIT-L these includes are circular -#include "sfrt_dir.h" - -#include - -#include "utils/util.h" - -typedef struct -{ - const uint32_t* addr; - int bits; -} IPLOOKUP; - -/* Create new "sub" table of 2^width entries */ -static dir_sub_table_t* _sub_table_new(dir_table_t* root, uint32_t dimension, - uint32_t prefill, uint32_t bit_length) -{ - int width = root->dimensions[dimension]; - int len = 1 << width; - int index; - dir_sub_table_t* sub; - - /* Check if creating this node will exceed the memory cap. - * The symbols in the conditional (other than cap), come from the - * allocs below. */ - if ( root->mem_cap < ( root->allocated + - sizeof(dir_sub_table_t) + - sizeof(word) * len + len ) || - bit_length > 128) - { - return nullptr; - } - - /* Set up the initial prefilled "sub table" */ - sub = (dir_sub_table_t*)snort_alloc(sizeof(dir_sub_table_t)); - - /* This keeps the width readily available rather than recalculating it - * from the number of entries during an insert or lookup */ - sub->width = width; - - /* need 2^sub->width entries */ - sub->num_entries = len; - sub->entries = (word*)snort_alloc(sizeof(word) * sub->num_entries); - - /* A "length" needs to be stored with each entry above. The length refers - * to how specific the insertion that set the entry was. It is necessary - * so that the entry is not overwritten by less general routing - * information if "RT_FAVOR_SPECIFIC" insertions are being performed. */ - sub->lengths = (uint8_t*)snort_alloc(sub->num_entries); - - /* Can't use memset here since prefill is multibyte */ - for (index = 0; index < sub->num_entries; index++) - { - sub->entries[index] = prefill; - sub->lengths[index] = (uint8_t)bit_length; - } - - sub->cur_num = 0; - - if (prefill) - sub->filledEntries = sub->num_entries; - else - sub->filledEntries = 0; - - root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries + - sub->num_entries; - - root->cur_num++; - - return sub; -} - -/* Create new dir-n-m root table with 'count' depth */ -dir_table_t* sfrt_dir_new(uint32_t mem_cap, int count,...) -{ - dir_table_t* table = (dir_table_t*)snort_alloc(sizeof(dir_table_t)); - - table->allocated = 0; - table->dimensions = (int*)snort_alloc(sizeof(int)*count); - table->dim_size = count; - - va_list ap; - va_start(ap, count); - - for (int index=0; index < count; index++) - table->dimensions[index] = va_arg(ap, int); - - va_end(ap); - - table->mem_cap = mem_cap; - - table->cur_num = 0; - - table->sub_table = _sub_table_new(table, 0, 0, 0); - - if (!table->sub_table) - { - snort_free(table->dimensions); - snort_free(table); - return nullptr; - } - - table->allocated += sizeof(dir_table_t) + sizeof(int)*count; - - return table; -} - -/* Traverse "sub" tables, freeing each */ -static void _sub_table_free(uint32_t* allocated, dir_sub_table_t* sub) -{ - int index; - - sub->cur_num--; - - for (index=0; index < sub->num_entries; index++) - { - /* The following condition will only be true if - * this entry is a pointer */ - if ( !sub->lengths[index] && sub->entries[index] ) - { - _sub_table_free(allocated, (dir_sub_table_t*)sub->entries[index]); - } - } - - if (sub->entries) - { - /* This probably does not need to be checked - * since if it was not allocated, we would have errored out - * in _sub_table_new */ - snort_free(sub->entries); - - *allocated -= sizeof(word) * sub->num_entries; - } - - if (sub->lengths) - { - /* This probably does not need to be checked - * since if it was not allocated, we would have errored out - * in _sub_table_new */ - snort_free(sub->lengths); - - *allocated -= sub->num_entries; - } - - snort_free(sub); - - *allocated -= sizeof(dir_sub_table_t); -} - -/* Free the DIR-n-m structure */ -void sfrt_dir_free(void* tbl) -{ - dir_table_t* table = (dir_table_t*)tbl; - - if (!table) - { - return; - } - - if (table->sub_table) - { - _sub_table_free(&table->allocated, table->sub_table); - } - - if (table->dimensions) - { - snort_free(table->dimensions); - } - - snort_free(table); -} - -static inline void _dir_fill_all(uint32_t* allocated, uint32_t index, uint32_t fill, - word length, uint32_t val, dir_sub_table_t* table) -{ - /* Fill entries */ - for (; index < fill; index++) - { - /* Before overwriting this entry, verify there's not an existing - * pointer ... otherwise free it to avoid a huge memory leak. */ - if (table->entries[index]) - { - if (!table->lengths[index]) - { - _sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]); - } - } - else - { - table->filledEntries++; - } - - table->entries[index] = val; - table->lengths[index] = (uint8_t)length; - } -} - -static inline void _dir_fill_less_specific(int index, int fill, - word length, uint32_t val, dir_sub_table_t* table) -{ - /* Fill entries */ - for (; index < fill; index++) - { - /* If we encounter a pointer, and we're inserting at this level, we - * automatically know that this entry refers to more specific - * information. However, there might only be one more specific entry - * in the entire block, meaning the rest must be filled. - * - * For instance, imagine a 24-8 with 1.2.3/24 -> A and 1.2.3.4/32 -> B - * There will be a pointer at 1.2.3 in the first table. The second - * table needs to have 255 entries pointing A, and 1 entry pointing to - * B. - * - * Therefore, recurse to this next level. */ - - if ( !table->lengths[index] && table->entries[index]) - { - dir_sub_table_t* next = (dir_sub_table_t*)table->entries[index]; - _dir_fill_less_specific(0, 1 << next->width, length, val, next); - } - else if (length >= (word)table->lengths[index]) - { - if (!table->entries[index]) - { - table->filledEntries++; - } - table->entries[index] = val; - table->lengths[index] = (char)length; - } - } -} - -/*Remove entries all this level and discard any more specific entries. - * - * @note RT_FAVOR_TIME behavior can cause hung or crosslinked entries if part of a subnet - * (which was added) are deleted. Same issue is there when a more general subnet overwrites - * a specific subnet. table->data[] entry for more specific subnet is not cleared. - * - * @note RT_FAVOR_TIME can cause orphaned table->data[] entries if the entire subnet - * is replaced by more specific subnets. - */ -static inline uint32_t _dir_remove_all(uint32_t* allocated, uint32_t index, uint32_t fill, - word length, dir_sub_table_t* table) -{ - uint32_t valueIndex = 0; - - /* Fill entries */ - for (; index < fill; index++) - { - /* Before overwriting this entry, verify there's not an existing - * pointer ... otherwise free it to avoid a huge memory leak. */ - if (table->entries[index]) - { - if (!table->lengths[index]) - { - _sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]); - } - - if (length == (word)table->lengths[index]) - { - valueIndex = table->entries[index]; - } - - table->filledEntries--; - - //zero value here works since sfrt uses 0 for failed entries. - table->entries[index] = 0; - table->lengths[index] = 0; - } - } - - return valueIndex; -} - -/**Remove entries which match in address/length in all subtables. - * @note RT_FAVOR_SPECIFIC can cause orphaned table->data[] entries if the entire subnet - * is replaced by more specific subnets. - */ -static inline uint32_t _dir_remove_less_specific(uint32_t* allocated, int index, int fill, - word length, dir_sub_table_t* table) -{ - uint32_t valueIndexRet = 0; - - for (; index < fill; index++) - { - if ( !table->lengths[index] && table->entries[index]) - { - dir_sub_table_t* next = (dir_sub_table_t*)table->entries[index]; - uint32_t valueIndex = _dir_remove_less_specific(allocated, 0, 1 << next->width, length, next); - if (valueIndex) - { - valueIndexRet = valueIndex; - } - - if (!next->filledEntries) //table can be collapsed. - { - _sub_table_free(allocated, next); - table->entries[index] = 0; - table->lengths[index] = 0; - table->filledEntries--; - } - } - else if (length == (word)table->lengths[index]) - { - if (table->entries[index]) - { - table->filledEntries--; - valueIndexRet = table->entries[index]; - } - table->entries[index] = 0; - table->lengths[index] = 0; - } - } - - return valueIndexRet; -} - -/* Sub table insertion - * This is called by dir_insert and recursively to find the the sub table - * that should house the value "ptr" - * @param ip IP address structure - * @param cur_len Number of bits of the IP left at this depth - * @param length Number of bits of the IP used to specify this CIDR - * @param ptr Information to be associated with this IP range - * @param master_table The table that describes all, returned by dir_new */ -static int _dir_sub_insert(IPLOOKUP* ip, int length, int cur_len, GENERIC ptr, - int current_depth, int behavior, - dir_sub_table_t* sub_table, dir_table_t* root_table) -{ - word index; - { - uint32_t local_index, i; - /* need to handle bits usage across multiple 32bit vals within IPv6. */ - if (ip->bits < 32) - { - i=0; - } - else if (ip->bits < 64) - { - i=1; - } - else if (ip->bits < 96) - { - i=2; - } - else - { - i=3; - } - local_index = ip->addr[i] << (ip->bits % 32); - index = local_index >> (sizeof(local_index) * 8 - sub_table->width); - } - - /* Check if this is the last table to traverse to */ - if (sub_table->width >= cur_len) - { - /* Calculate how many entries need to be filled - * in this table. If the table is 24 bits wide, and the entry - * is 20 bytes long, 2^4 entries need to be filled. */ - uint32_t fill = 1 << (sub_table->width - cur_len); - - index = (index >> (sub_table->width - cur_len)) << - (sub_table->width - cur_len); - - fill += index; - - /* Favor most recent CIDR */ - if (behavior == RT_FAVOR_TIME) - { - _dir_fill_all(&root_table->allocated, index, fill, length, - (word)ptr, sub_table); - } - /* Fill over less specific CIDR */ - else - { - _dir_fill_less_specific(index, fill, length, (word)ptr, sub_table); - } - } - /* Need to traverse to a sub-table */ - else - { - dir_sub_table_t* next_sub = - (dir_sub_table_t*)sub_table->entries[index]; - - /* Check if we need to alloc a new sub table. - * If next_sub was 0/null, there's no entry at this index - * If the length is non-zero, there is an entry */ - if (!next_sub || sub_table->lengths[index]) - { - if ( root_table->dim_size <= current_depth ) - { - return RT_INSERT_FAILURE; - } - - sub_table->entries[index] = - (word)_sub_table_new(root_table, current_depth+1, - (word)next_sub, sub_table->lengths[index]); - - if (!next_sub) - { - sub_table->filledEntries++; - } - - sub_table->cur_num++; - - sub_table->lengths[index] = 0; - - next_sub = (dir_sub_table_t*)sub_table->entries[index]; - - if (!next_sub) - { - return MEM_ALLOC_FAILURE; - } - } - /* Recurse to next level. Rightshift off appropriate number of - * bits and update the length accordingly. */ - ip->bits += sub_table->width; - return (_dir_sub_insert(ip, length, - cur_len - sub_table->width, ptr, current_depth+1, - behavior, next_sub, root_table)); - } - - return RT_SUCCESS; -} - -/* Insert entry into DIR-n-m tables */ -int sfrt_dir_insert(const uint32_t* addr, int /* numAddrDwords */, int len, word data_index, - int behavior, void* table) -{ - dir_table_t* root = (dir_table_t*)table; - uint32_t h_addr[4]; - IPLOOKUP iplu; - iplu.addr = h_addr; - iplu.bits = 0; - - /* Validate arguments */ - if (!root || !root->sub_table) - { - return DIR_INSERT_FAILURE; - } - - h_addr[0] = ntohl(addr[0]); - if (len > 96) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = ntohl(addr[2]); - h_addr[3] = ntohl(addr[3]); - } - else if (len > 64) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = ntohl(addr[2]); - h_addr[3] = 0; - } - else if (len > 32) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = 0; - h_addr[3] = 0; - } - else - { - h_addr[1] = 0; - h_addr[2] = 0; - h_addr[3] = 0; - } - - /* Find the sub table in which to insert */ - return _dir_sub_insert(&iplu, len, len, (GENERIC)data_index, - 0, behavior, root->sub_table, root); -} - -/* Traverse sub tables looking for match - Called by dir_lookup and recursively */ -static tuple_t _dir_sub_lookup(IPLOOKUP* ip, dir_sub_table_t* table) -{ - word index; - { - uint32_t local_index, i; - /* need to handle bits usage across multiple 32bit vals within IPv6. */ - if (ip->bits < 32 ) - { - i=0; - } - else if (ip->bits < 64) - { - i=1; - } - else if (ip->bits < 96) - { - i=2; - } - else - { - i=3; - } - local_index = ip->addr[i] << (ip->bits % 32); - index = local_index >> (sizeof(local_index) * 8 - table->width); - } - - if ( !table->entries[index] || table->lengths[index] ) - { - tuple_t ret; - ret.index = table->entries[index]; - ret.length = (word)table->lengths[index]; - - return ret; - } - - ip->bits += table->width; - return _dir_sub_lookup(ip, (dir_sub_table_t*)table->entries[index]); -} - -/* Lookup information associated with the value "ip" */ -tuple_t sfrt_dir_lookup(const uint32_t* addr, int numAddrDwords, void* tbl) -{ - dir_table_t* root = (dir_table_t*)tbl; - uint32_t h_addr[4]; - int i; - IPLOOKUP iplu; - iplu.addr = h_addr; - iplu.bits = 0; - - if (!root || !root->sub_table || numAddrDwords < 1) - { - tuple_t ret = { 0, 0 }; - - return ret; - } - - for (i= 0 ; i < numAddrDwords; i++) - h_addr[i] = ntohl(addr[i]); - - return _dir_sub_lookup(&iplu, root->sub_table); -} - -uint32_t sfrt_dir_usage(void* table) -{ - if (!table) - { - return 0; - } - - return ((dir_table_t*)(table))->allocated; -} - -static void _sub_table_print(dir_sub_table_t* sub, uint32_t level, dir_table_t* table) -{ - int index; - - char label[100]; - - memset(label, ' ', sizeof(label)); - label[level*5] = '\0'; - - printf("%sCurrent Nodes: %d, Filled Entries: %d, table Width: %d\n", label, sub->cur_num, - sub->filledEntries, sub->width); - for (index=0; index < sub->num_entries; index++) - { - if (sub->lengths[index] || sub->entries[index]) - printf("%sIndex: %d, Length: %d, dataIndex: %u\n", label, index, sub->lengths[index], - (uint32_t)sub->entries[index]); - - if ( !sub->lengths[index] && sub->entries[index] ) - { - _sub_table_print((dir_sub_table_t*)sub->entries[index], level+1, table); - } - } -} - -/* Print a table. - * Prints a table and its subtable. This is used for debugging purpose only. - * @param table The table that describes all, returned by dir_new - */ -void sfrt_dir_print(void* tbl) -{ - dir_table_t* table = (dir_table_t*)tbl; - - if (!table) - { - return; - } - - printf ("Nodes in use: %d\n", table->cur_num); - if (table->sub_table) - { - _sub_table_print(table->sub_table, 1, table); - } -} - -/* Sub table removal - * Recursive function to drill down to subnet table and remove entries. - * @param ip IP address structure - * @param length Number of bits of the IP used to specify this CIDR - * @param cur_len Number of bits of the IP left at this depth - * @param current_depth Number of levels down from root_table. - * @param behavior RT_FAVOR_SPECIFIC or RT_FAVOR_TIME - * @param root_table The table that describes all, returned by dir_new - * @returns index of entry removed. Returns 0, which is a valid index, as failure code. - * Calling function should treat 0 index as failure case.*/ - -static int _dir_sub_remove(IPLOOKUP* ip, int length, int cur_len, - int current_depth, int behavior, - dir_sub_table_t* sub_table, dir_table_t* root_table) -{ - word index; - uint32_t valueIndex = 0; - - { - uint32_t local_index, i; - /* need to handle bits usage across multiple 32bit vals within IPv6. */ - if (ip->bits < 32) - { - i=0; - } - else if (ip->bits < 64) - { - i=1; - } - else if (ip->bits < 96) - { - i=2; - } - else - { - i=3; - } - local_index = ip->addr[i] << (ip->bits % 32); - index = local_index >> (sizeof(local_index) * 8 - sub_table->width); - } - - /* Check if this is the last table to traverse to */ - if (sub_table->width >= cur_len) - { - /* Calculate how many entries need to be removed (filled with 0) - * in this table. If the table is 24 bits wide, and the entry - * is 20 bytes long, 2^4 entries need to be filled. */ - uint32_t fill = 1 << (sub_table->width - cur_len); - - index = (index >> (sub_table->width - cur_len)) << - (sub_table->width - cur_len); - - fill += index; - - /* Remove and overwrite without considering CIDR specificity*/ - if (behavior == RT_FAVOR_TIME) - { - valueIndex = _dir_remove_all(&root_table->allocated, index, fill, length, sub_table); - } - /* Remove and overwrite only less specific CIDR */ - else - { - valueIndex = _dir_remove_less_specific(&root_table->allocated, index, fill, length, - sub_table); - } - } - else - { - /* traverse to a next sub-table down*/ - - dir_sub_table_t* next_sub = (dir_sub_table_t*)sub_table->entries[index]; - - /*subtable was never added. */ - if (!next_sub || sub_table->lengths[index]) - { - return 0; - } - /* Recurse to next level. Rightshift off appropriate number of - * bits and update the length accordingly. */ - ip->bits += sub_table->width; - valueIndex = _dir_sub_remove(ip, length, - cur_len - sub_table->width, current_depth+1, - behavior, next_sub, root_table); - if (!next_sub->filledEntries) - { - _sub_table_free(&root_table->allocated, next_sub); - sub_table->entries[index] = 0; - sub_table->lengths[index] = 0; - sub_table->filledEntries--; - root_table->cur_num--; - } - } - - return valueIndex; -} - -/* Remove entry into DIR-n-m tables - * @return index to data or 0 on failure. Calling function should check for 0 since - * this is valid index for failed operation. - */ -word sfrt_dir_remove(const uint32_t* addr, int /* numAddrDwords */, int len, int behavior, void* table) -{ - dir_table_t* root = (dir_table_t*)table; - uint32_t h_addr[4]; - IPLOOKUP iplu; - iplu.addr = h_addr; - iplu.bits = 0; - - /* Validate arguments */ - if (!root || !root->sub_table) - { - return 0; - } - - h_addr[0] = ntohl(addr[0]); - if (len > 96) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = ntohl(addr[2]); - h_addr[3] = ntohl(addr[3]); - } - else if (len > 64) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = ntohl(addr[2]); - h_addr[3] = 0; - } - else if (len > 32) - { - h_addr[1] = ntohl(addr[1]); - h_addr[2] = 0; - h_addr[3] = 0; - } - else - { - h_addr[1] = 0; - h_addr[2] = 0; - h_addr[3] = 0; - } - - /* Find the sub table in which to remove */ - return _dir_sub_remove(&iplu, len, len, 0, behavior, root->sub_table, root); -} - diff --git a/src/sfrt/sfrt_dir.h b/src/sfrt/sfrt_dir.h deleted file mode 100644 index 70ec50316..000000000 --- a/src/sfrt/sfrt_dir.h +++ /dev/null @@ -1,86 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2006-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -/* - * @file sfdir.h - * @author Adam Keeton - * @date Thu July 20 10:16:26 EDT 2006 - * - */ - -#ifndef SFRT_DIR_H -#define SFRT_DIR_H - - // The implementation uses an multibit-trie that is similar to Gupta et-al's - // DIR-n-m. - -#include - -/*******************************************************************/ -/* DIR-n-m data structures - * Each table in the DIR-n-m method is represented by a - * dir_sub_table_t. They are managed by a dir_table_t. */ -typedef struct -{ - word* entries; - uint8_t* lengths; - int num_entries; /* Number of entries in this table */ - int width; /* width of this table. */ - /* While one determines the other, this way fewer - * calculations are needed at runtime, since both - * are used. */ - int cur_num; /* Present number of used nodes */ - - /** number of entries filled including children sub_tables. This is used - * for freeing sub_tables when all entries are freed by delete operation. - */ - int filledEntries; -} dir_sub_table_t; - -/* Master data structure for the DIR-n-m derivative */ -typedef struct -{ - int* dimensions; /* DIR-n-m will consist of any number of arbitrarily - * long tables. This variable keeps track of the - * dimensions */ - int dim_size; /* And this variable keeps track of 'dimensions''s - * dimensions! */ - uint32_t mem_cap; /* User-defined maximum memory that can be allocated - * for the DIR-n-m derivative */ - - int cur_num; /* Present number of used nodes */ - - uint32_t allocated; - - dir_sub_table_t* sub_table; -} dir_table_t; - -/****************************************************************** - DIR-n-m functions, these are not intended to be called directly */ -dir_table_t* sfrt_dir_new(uint32_t mem_cap, int count,...); -void sfrt_dir_free(void*); -tuple_t sfrt_dir_lookup(const uint32_t* addr, int numAddrDwords, void* table); -int sfrt_dir_insert(const uint32_t* addr, int numAddrDwords, int len, word data_index, - int behavior, void* table); -uint32_t sfrt_dir_usage(void* table); -void sfrt_dir_print(void* table); -word sfrt_dir_remove(const uint32_t* addr, int numAddrDwords, int len, int behavior, void* table); - -#endif /* SFRT_DIR_H */ - diff --git a/src/sfrt/sfrt_flat.cc b/src/sfrt/sfrt_flat.cc index 58eb49f57..21b4c8d14 100644 --- a/src/sfrt/sfrt_flat.cc +++ b/src/sfrt/sfrt_flat.cc @@ -106,6 +106,7 @@ table_flat_t* sfrt_flat_new(char table_flat_type, char ip_type, long data_size, /* Allocate the user-specified DIR-n-m table */ switch (table_flat_type) { +#if 0 case DIR_24_8: table->rt = sfrt_dir_flat_new(mem_cap, 2, 24, 8); break; @@ -144,6 +145,7 @@ table_flat_t* sfrt_flat_new(char table_flat_type, char ip_type, long data_size, table->rt = sfrt_dir_flat_new(mem_cap, 2, 16,16); table->rt6 = sfrt_dir_flat_new(mem_cap, 8, 16,16,16,16,16,16,16,16); break; +#endif case DIR_8x16: table->rt = sfrt_dir_flat_new(mem_cap, 4, 16,8,4,4); table->rt6 = sfrt_dir_flat_new(mem_cap, 16, @@ -151,65 +153,12 @@ table_flat_t* sfrt_flat_new(char table_flat_type, char ip_type, long data_size, break; } - if ((!table->rt) || (!table->rt6)) - { - if (table->rt) - sfrt_dir_flat_free(table->rt); - if (table->rt6) - sfrt_dir_flat_free(table->rt6); - segment_free(table->data); - segment_free(table_ptr); - return nullptr; - } + assert(table->rt); + assert(table->rt6); return table; } -/* Free lookup table */ -void sfrt_flat_free(TABLE_PTR table_ptr) -{ - table_flat_t* table; - uint8_t* base; - - if (!table_ptr) - { - /* What are you calling me for? */ - return; - } - - base = (uint8_t*)segment_basePtr(); - table = (table_flat_t*)(&base[table_ptr]); - - if (!table->data) - { - /* This really really should not have happened */ - } - else - { - segment_free(table->data); - } - - if (!table->rt) - { - /* This should not have happened either */ - } - else - { - sfrt_dir_flat_free(table->rt); - } - - if (!table->rt6) - { - /* This should not have happened either */ - } - else - { - sfrt_dir_flat_free(table->rt6); - } - - segment_free(table_ptr); -} - /* Perform a lookup on value contained in "ip" */ GENERIC sfrt_flat_lookup(const SfIp* ip, table_flat_t* table) { diff --git a/src/sfrt/sfrt_flat.h b/src/sfrt/sfrt_flat.h index 87625f487..ae6c8705b 100644 --- a/src/sfrt/sfrt_flat.h +++ b/src/sfrt/sfrt_flat.h @@ -72,7 +72,6 @@ typedef struct /* Abstracted routing table API */ table_flat_t* sfrt_flat_new(char table_flat_type, char ip_type, long data_size, uint32_t mem_cap); -void sfrt_flat_free(TABLE_PTR table); GENERIC sfrt_flat_lookup(const snort::SfIp* ip, table_flat_t* table); GENERIC sfrt_flat_dir8x_lookup(const snort::SfIp* ip, table_flat_t* table); diff --git a/src/sfrt/sfrt_flat_dir.cc b/src/sfrt/sfrt_flat_dir.cc index d6da9a3c1..e21160deb 100644 --- a/src/sfrt/sfrt_flat_dir.cc +++ b/src/sfrt/sfrt_flat_dir.cc @@ -159,6 +159,7 @@ TABLE_PTR sfrt_dir_flat_new(uint32_t mem_cap, int count,...) return table_ptr; } +#if 0 /* Traverse "sub" tables, freeing each */ static void _sub_table_flat_free(uint32_t* allocated, SUB_TABLE_PTR sub_ptr) { @@ -197,28 +198,6 @@ static void _sub_table_flat_free(uint32_t* allocated, SUB_TABLE_PTR sub_ptr) *allocated -= sizeof(dir_sub_table_flat_t); } -/* Free the DIR-n-m structure */ -void sfrt_dir_flat_free(TABLE_PTR tbl_ptr) -{ - dir_table_flat_t* table; - uint8_t* base; - - if (!tbl_ptr) - { - return; - } - - base = (uint8_t*)segment_basePtr(); - table = (dir_table_flat_t*)(&base[tbl_ptr]); - - if (table->sub_table) - { - _sub_table_flat_free(&table->allocated, table->sub_table); - } - - segment_free(tbl_ptr); -} - static inline void _dir_fill_all(uint32_t* allocated, uint32_t index, uint32_t fill, word length, uint32_t val, SUB_TABLE_PTR sub_ptr) { @@ -280,6 +259,7 @@ static inline void _dir_fill_less_specific(int index, int fill, } } } +#endif static inline int64_t _dir_update_info(int index, int fill, word length, uint32_t val, SUB_TABLE_PTR sub_ptr, updateEntryInfoFunc updateEntry, INFO* data) @@ -401,6 +381,7 @@ static int _dir_sub_insert(IPLOOKUP* ip, int length, int cur_len, INFO ptr, fill += index; +#if 0 /* Favor most recent CIDR */ if (behavior == RT_FAVOR_TIME) { @@ -413,6 +394,8 @@ static int _dir_sub_insert(IPLOOKUP* ip, int length, int cur_len, INFO ptr, _dir_fill_less_specific(index, fill, length, (word)ptr, sub_ptr); } else if (behavior == RT_FAVOR_ALL) +#endif + assert(behavior == RT_FAVOR_ALL); { int64_t bytesAllocated; diff --git a/src/sfrt/sfrt_flat_dir.h b/src/sfrt/sfrt_flat_dir.h index c6a5a54b4..65afcaada 100644 --- a/src/sfrt/sfrt_flat_dir.h +++ b/src/sfrt/sfrt_flat_dir.h @@ -69,7 +69,6 @@ typedef struct /****************************************************************** DIR-n-m functions, these are not intended to be called directly */ TABLE_PTR sfrt_dir_flat_new(uint32_t mem_cap, int count,...); -void sfrt_dir_flat_free(TABLE_PTR); tuple_flat_t sfrt_dir_flat_lookup(const uint32_t* addr, int numAddrDwords, TABLE_PTR table); int sfrt_dir_flat_insert(const uint32_t* addr, int numAddrDwords, int len, word data_index, int behavior, TABLE_PTR, updateEntryInfoFunc updateEntry, INFO *data); diff --git a/src/sfrt/sfrt_test.cc b/src/sfrt/sfrt_test.cc deleted file mode 100644 index 96ada73b4..000000000 --- a/src/sfrt/sfrt_test.cc +++ /dev/null @@ -1,252 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2009-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- -// sfrt_test.cc author Hui Cao - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "catch/snort_catch.h" -#include "sfip/sf_cidr.h" -#include "utils/util.h" - -#include "sfrt.h" - -using namespace snort; - -#define NUM_IPS 32 -#define NUM_DATA 4 - -typedef struct -{ - const char* ip_str; - int value; -} IP_entry; - -static IP_entry ip_lists[] = -{ -// __STRDUMP_DISABLE__ - { "192.168.0.1",4 }, - { "2.16.0.1", 100 }, - { "12.16.0.1", 500 }, - { "19.16.0.1", 12345 }, - { "12.16.0.2", 567890 }, - { "12.168.0.1", 456 }, - { "12.178.0.1", 123456 }, - { "192.168.0.11", 345667 }, - { "192.16.0.17/16", 345667 }, - { "192.168.0.12", 10 }, - { "::FFFF:129.144.52.38", 120 }, - { "ffee:ddcc:bbaa:9988:7766:5544:3322:1100/32", 121 }, - { "1001:db8:85a3::/29", 122 }, - { "255.255.255.255", 0 } -// __STRDUMP_ENABLE__ -}; - -//--------------------------------------------------------------- - -static int s_debug = 0; - -/* Add one ip, then delete that IP*/ -static void test_sfrt_remove_after_insert() -{ - table_t* dir; - unsigned num_entries; - unsigned index; - - num_entries = sizeof(ip_lists)/sizeof(ip_lists[0]); - if ( s_debug ) - printf("Number of entries: %u \n",num_entries); - - dir = sfrt_new(DIR_16_4x4_16x5_4x4, IPv6, num_entries + 1, 200); - - CHECK(dir != nullptr); // "sfrt_new()" - - for (index=0; indexip_str); - char* ip2_str = snort_strdup(ip_entry->ip_str); - char* p = strchr(ip2_str, '/'); - if (p) - *p = '\0'; - ip2.set(ip2_str); - snort_free(ip2_str); - - if ( s_debug ) - { - SfIpString ip_str; - printf("Insert IP addr: %s, family: %d\n", ip.get_addr()->ntop(ip_str), ip.get_family()); - } - CHECK(sfrt_insert(&ip, ip.get_bits(), &(ip_entry->value), RT_FAVOR_TIME, dir) == - RT_SUCCESS); // "sfrt_insert()" - - if ( s_debug ) - { - SfIpString ip_str; - printf("Lookup IP addr: %s, family: %d\n", ip2.ntop(ip_str), ip2.get_family()); - } - result = (int*)sfrt_lookup(&ip2, dir); - if ( s_debug ) - { - if (result) - printf("value input: %d, output: %d\n", ip_entry->value, *result); - else - printf("value input: %d, output: nullptr\n", ip_entry->value); - } - - CHECK(result != nullptr); // "sfrt_lookup()" - - if ( s_debug ) - { - SfIpString ip_str; - printf("IP addr: %s, family: %d\n", ip.get_addr()->ntop(ip_str), ip.get_family()); - printf("value input: %d, output: %d\n", ip_entry->value, *result); - } - - CHECK(sfrt_remove(&ip, ip.get_bits(), (void**)&result, RT_FAVOR_TIME, dir) == RT_SUCCESS); - CHECK(result != nullptr); //sfrt_remove()" - - val = *result; - if ( s_debug ) - printf("value expected: %d, actual: %d\n", ip_entry->value, val); - - CHECK(val == ip_entry->value); //sfrt_remove(): value return" - CHECK(sfrt_lookup(ip.get_addr(), dir) == nullptr); // "sfrt_lookup(): value return" - } - - if ( s_debug ) - { - printf("Usage: %u bytes\n", sfrt_usage(dir)); - printf("Number of entries: %u \n", sfrt_num_entries(dir)); - } - - sfrt_free(dir); -} - -/*Add all IPs, then delete all of them*/ -static void test_sfrt_remove_after_insert_all() -{ - table_t* dir; - unsigned num_entries; - unsigned index; - - num_entries = sizeof(ip_lists)/sizeof(ip_lists[0]); - - if ( s_debug ) - printf("Number of entries: %u \n",num_entries); - - dir = sfrt_new(DIR_16_4x4_16x5_4x4, IPv6, num_entries + 1, 200); - - CHECK(dir != nullptr); // "sfrt_new()" - - /*insert all entries*/ - for (index=0; indexip_str); - char* ip2_str = snort_strdup(ip_entry->ip_str); - char* p = strchr(ip2_str, '/'); - if (p) - *p = '\0'; - ip2.set(ip2_str); - snort_free(ip2_str); - - CHECK(sfrt_insert(&ip, ip.get_bits(), &(ip_entry->value), RT_FAVOR_TIME, dir) == - RT_SUCCESS); // "sfrt_insert()" - - result = (int*)sfrt_lookup(ip.get_addr(), dir); - - if ( s_debug ) - printf("value input: %d, output: %d\n", ip_entry->value, result ? *result : -1); - - CHECK(result != nullptr); // "sfrt_lookup()" - } - - if ( s_debug ) - { - printf("Usage: %u bytes\n", sfrt_usage(dir)); - printf("Number of entries: %u \n", sfrt_num_entries(dir)); - } - - /*remove all entries*/ - for (index=0; indexip_str); - - CHECK(sfrt_remove(&ip, ip.get_bits(), (void**)&result, RT_FAVOR_TIME, dir) == RT_SUCCESS); - - REQUIRE(result != nullptr); - - val = *result; - if ( s_debug ) - printf("value expected: %d, actual: %d\n", ip_entry->value, val); - - CHECK(val == ip_entry->value); //sfrt_remove(): value return" - CHECK(!sfrt_lookup(ip.get_addr(), dir)); - - /*check the next entry still exist*/ - if (index + 1 < num_entries) - { - ip_entry = &(ip_lists[index + 1]); - /*Parse IP*/ - ip.set(ip_entry->ip_str); - CHECK(sfrt_lookup(ip.get_addr(), dir)); // "sfrt_lookup(): value return" - } - } - - if ( s_debug ) - { - printf("Usage: %u bytes\n", sfrt_usage(dir)); - printf("Number of entries: %u \n", sfrt_num_entries(dir)); - } - - sfrt_free(dir); -} - -TEST_CASE("sfrt", "[sfrt]") -{ - SECTION("remove after insert") - { - test_sfrt_remove_after_insert(); - } - SECTION("remove after insert all") - { - test_sfrt_remove_after_insert_all(); - } -} - diff --git a/src/side_channel/side_channel_module.cc b/src/side_channel/side_channel_module.cc index 274f975b6..99563be32 100644 --- a/src/side_channel/side_channel_module.cc +++ b/src/side_channel/side_channel_module.cc @@ -106,8 +106,6 @@ bool SideChannelModule::set(const char*, Value& v, SnortConfig*) config->ports = new PortBitSet; v.get_bits(*(config->ports) ); } - else - return false; return true; } diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc index 72da087b9..e3812a3e1 100644 --- a/src/stream/base/stream_module.cc +++ b/src/stream/base/stream_module.cc @@ -208,6 +208,7 @@ bool StreamModule::set(const char* fqn, Value& v, SnortConfig* c) if ( v.is("idle_timeout") ) config.flow_cache_cfg.proto[to_utype(type)].nominal_timeout = v.get_uint32(); + else if ( v.is("cap_weight") ) config.flow_cache_cfg.proto[to_utype(type)].cap_weight = v.get_uint16(); diff --git a/src/stream/file/file_module.cc b/src/stream/file/file_module.cc index e98f3fcea..158dfef66 100644 --- a/src/stream/file/file_module.cc +++ b/src/stream/file/file_module.cc @@ -50,12 +50,8 @@ bool StreamFileModule::begin(const char*, int, SnortConfig*) bool StreamFileModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("upload") ) - upload = v.get_bool(); - - else - return false; - + assert(v.is("upload")); + upload = v.get_bool(); return true; } diff --git a/src/stream/icmp/icmp_module.cc b/src/stream/icmp/icmp_module.cc index f4f9b421b..bb16f39a3 100644 --- a/src/stream/icmp/icmp_module.cc +++ b/src/stream/icmp/icmp_module.cc @@ -61,12 +61,8 @@ StreamIcmpConfig* StreamIcmpModule::get_data() bool StreamIcmpModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("session_timeout") ) - config->session_timeout = v.get_uint32(); - - else - return false; - + assert(v.is("session_timeout")); + config->session_timeout = v.get_uint32(); return true; } diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index 23d9713ea..42653be4b 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -222,9 +222,6 @@ bool ReassembleModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("fastpath") ) srod.fastpath = 1; - else - return false; - return true; } diff --git a/src/stream/tcp/ips_stream_size.cc b/src/stream/tcp/ips_stream_size.cc index b63ca4229..ce3cd5f5a 100644 --- a/src/stream/tcp/ips_stream_size.cc +++ b/src/stream/tcp/ips_stream_size.cc @@ -207,9 +207,6 @@ bool SizeModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("~direction") ) direction = v.get_uint8(); - else - return false; - return true; } diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index e0037fdf5..36511a813 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -359,8 +359,6 @@ bool StreamTcpModule::set(const char*, Value& v, SnortConfig*) else config->flags &= ~STREAM_CONFIG_NO_REASSEMBLY; } - else - return false; return true; } diff --git a/src/stream/tcp/tcp_state_closed.cc b/src/stream/tcp/tcp_state_closed.cc index 3aeb2f657..f9e43ca89 100644 --- a/src/stream/tcp/tcp_state_closed.cc +++ b/src/stream/tcp/tcp_state_closed.cc @@ -149,202 +149,3 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr return true; } -#if 0 // FIXIT-M unit tests need work -#include "tcp_normalizers.h" -#include "tcp_reassemblers.h" - -TEST_CASE("TCP State Closed", "[tcp_closed_state][stream_tcp]") -{ - // initialization code here - Flow* flow = new Flow; - TcpStreamTracker* ctrk = new TcpStreamTracker(true); - TcpStreamTracker* strk = new TcpStreamTracker(false); - TcpEventLogger* tel = new TcpEventLogger; - TcpSession* session = new TcpSession(flow); - TcpStateMachine* tsm = new TcpStateMachine; - TcpStateHandler* tsh = new TcpStateClosed(*tsm, *session); - ctrk->normalizer = TcpNormalizerFactory::create(StreamPolicy::OS_LINUX, session, ctrk, strk); - strk->normalizer = TcpNormalizerFactory::create(StreamPolicy::OS_LINUX, session, strk, ctrk); - ctrk->reassembler = TcpReassemblerFactory::create(session, ctrk, StreamPolicy::OS_LINUX, - false); - strk->reassembler = TcpReassemblerFactory::create(session, strk, StreamPolicy::OS_LINUX, true); - - SECTION("syn_packet") - { - Packet* pkt = get_syn_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("syn_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK(TcpStreamTracker::TCP_SYN_SENT_EVENT == ctrk->get_tcp_event() ); - //CHECK( ( ctrk->get_iss() == 9050 ) ); - //CHECK( ( ctrk->get_snd_una() == 9051 ) ); - //CHECK( ( ctrk->get_snd_nxt() == 9050 ) ); - //CHECK( ( ctrk->get_snd_wnd() == 8192 ) ); - } - - SECTION("syn_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("syn_ack_packet") - { - Packet* pkt = get_syn_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("syn_ack_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("syn_ack_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("ack_packet") - { - Packet* pkt = get_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("ack_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("ack_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("data_seg_packet") - { - Packet* pkt = get_data_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("data_seg_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("data_seg_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("fin_packet") - { - Packet* pkt = get_fin_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("fin_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("fin_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("rst_packet") - { - Packet* pkt = get_rst_packet(flow); - REQUIRE( ( pkt != nullptr )); - - SECTION("rst_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() )); - } - - SECTION("rst_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - delete flow; - delete tsh; - delete ctrk; - delete strk; -} - -#endif - diff --git a/src/stream/tcp/tcp_state_handler.cc b/src/stream/tcp/tcp_state_handler.cc index b40e4f90c..a9de1b71a 100644 --- a/src/stream/tcp/tcp_state_handler.cc +++ b/src/stream/tcp/tcp_state_handler.cc @@ -95,182 +95,3 @@ bool TcpStateHandler::eval(TcpSegmentDescriptor& tsd, TcpStreamTracker& tracker) return false; } -// FIXIT-RC get the unit test working again -#ifdef UNIT_TEST_FOO - -SCENARIO("TCP State Handler Base Class", "[state_handlers][stream_tcp]") -{ - // initialization code here - Flow* flow = new Flow; - TcpStateHandler* tsh = new TcpStateHandler; - TcpStreamTracker* client_tracker = new TcpStreamTracker(true); - TcpStreamTracker* server_tracker = new TcpStreamTracker(false); - TcpEventLogger tel; - - GIVEN("a SYN Packet") - { - Packet* pkt = get_syn_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - WHEN("SYN is sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_SYN_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - THEN("Event should be TCP_SYN_SENT_EVENT") - { - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - } - delete tsd; - } - - SECTION("SYN is received") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_SYN_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - SECTION("syn_ack_packet") - { - Packet* pkt = get_syn_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("syn_ack_sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_SYN_ACK_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - delete tsd; - } - - SECTION("syn_ack_recv") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_SYN_ACK_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - SECTION("ack_packet") - { - Packet* pkt = get_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("ack_sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_ACK_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - delete tsd; - } - - SECTION("ack_recv") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_ACK_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - SECTION("data_seg_packet") - { - Packet* pkt = get_data_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("data_seg_sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_DATA_SEG_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - delete tsd; - } - - SECTION("data_seg_recv") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_DATA_SEG_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - SECTION("fin_packet") - { - Packet* pkt = get_fin_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("fin_sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_FIN_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - delete tsd; - } - - SECTION("fin_recv") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_FIN_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - SECTION("rst_packet") - { - Packet* pkt = get_rst_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("rst_sent") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - client_tracker->set_tcp_event(TcpStreamTracker::TCP_RST_SENT_EVENT); - tsh->eval(*tsd, *client_tracker); - CHECK( ( tsh->get_tcp_event() == client_tracker->get_tcp_event() ) ); - delete tsd; - } - - SECTION("rst_recv") - { - TcpSegmentDescriptor* tsd = new TcpSegmentDescriptor(flow, pkt, tel); - server_tracker->set_tcp_event(TcpStreamTracker::TCP_RST_RECV_EVENT); - tsh->eval(*tsd, *server_tracker); - CHECK( ( tsh->get_tcp_event() == server_tracker->get_tcp_event() ) ); - delete tsd; - } - - delete pkt; - } - - delete flow; - delete tsh; - delete client_tracker; - delete server_tracker; -} - -#endif - diff --git a/src/stream/tcp/tcp_state_none.cc b/src/stream/tcp/tcp_state_none.cc index 57e4c7491..179cce464 100644 --- a/src/stream/tcp/tcp_state_none.cc +++ b/src/stream/tcp/tcp_state_none.cc @@ -228,203 +228,3 @@ bool TcpStateNone::rst_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) return true; } -#if 0 // FIXIT-M unit tests need work -#include "tcp_normalizers.h" -#include "tcp_reassemblers.h" - -TEST_CASE("TCP State None", "[tcp_none_state][stream_tcp]") -{ - // initialization code here - Flow* flow = new Flow; - TcpStreamTracker* ctrk = new TcpStreamTracker(true); - TcpStreamTracker* strk = new TcpStreamTracker(false); - TcpEventLogger* tel = new TcpEventLogger; - TcpSession* session = new TcpSession(flow); - TcpStateMachine* tsm = new TcpStateMachine; - TcpStateHandler* tsh = new TcpStateNone(*tsm, *session); - - ctrk->normalizer = TcpNormalizerFactory::create(StreamPolicy::OS_LINUX, session, ctrk, strk); - strk->normalizer = TcpNormalizerFactory::create(StreamPolicy::OS_LINUX, session, strk, ctrk); - ctrk->reassembler = TcpReassemblerFactory::create(session, ctrk, StreamPolicy::OS_LINUX, - false); - strk->reassembler = TcpReassemblerFactory::create(session, strk, StreamPolicy::OS_LINUX, true); - - SECTION("syn_packet") - { - Packet* pkt = get_syn_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("syn_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK(TcpStreamTracker::TCP_SYN_SENT_EVENT == ctrk->get_tcp_event() ); - //CHECK( ( ctrk->get_iss() == 9050 ) ); - //CHECK( ( ctrk->get_snd_una() == 9051 ) ); - //CHECK( ( ctrk->get_snd_nxt() == 9050 ) ); - //CHECK( ( ctrk->get_snd_wnd() == 8192 ) ); - } - - SECTION("syn_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("syn_ack_packet") - { - Packet* pkt = get_syn_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("syn_ack_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("syn_ack_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("ack_packet") - { - Packet* pkt = get_ack_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("ack_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("ack_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("data_seg_packet") - { - Packet* pkt = get_data_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("data_seg_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("data_seg_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("fin_packet") - { - Packet* pkt = get_fin_packet(flow); - REQUIRE( ( pkt != nullptr ) ); - - SECTION("fin_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - SECTION("fin_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - SECTION("rst_packet") - { - Packet* pkt = get_rst_packet(flow); - REQUIRE( ( pkt != nullptr )); - - SECTION("rst_sent") - { - flow->ssn_state.direction = FROM_CLIENT; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() )); - } - - SECTION("rst_recv") - { - flow->ssn_state.direction = FROM_SERVER; - TcpSegmentDescriptor tsd(flow, pkt, tel); - ctrk->set_tcp_event(tsd); - ctrk->set_require_3whs(false); - tsh->eval(tsd, *ctrk); - CHECK( ( tsh->get_tcp_event() == ctrk->get_tcp_event() ) ); - } - - delete pkt; - } - - delete flow; - delete tsh; - delete ctrk; - delete strk; -} - -#endif - diff --git a/src/stream/tcp/test/stream_tcp_test_utils.cc b/src/stream/tcp/test/stream_tcp_test_utils.cc index f2d9b3c6c..3e2891a78 100644 --- a/src/stream/tcp/test/stream_tcp_test_utils.cc +++ b/src/stream/tcp/test/stream_tcp_test_utils.cc @@ -119,44 +119,3 @@ Packet* get_syn_ack_packet(Flow* flow) return pkt; } -Packet* get_ack_packet(Flow* flow) -{ - Packet* pkt = init_packet(flow, PKT_FROM_CLIENT); - - pkt->pkt = cooked_ack; - pkt->ptrs.tcph = ( const tcp::TCPHdr* )( cooked_ack + 34 ); - - return pkt; -} - -Packet* get_fin_packet(Flow* flow) -{ - Packet* pkt = init_packet(flow, PKT_FROM_CLIENT); - - pkt->pkt = cooked_fin; - pkt->ptrs.tcph = ( const tcp::TCPHdr* )( cooked_fin + 34 ); - - return pkt; -} - -Packet* get_rst_packet(Flow* flow) -{ - Packet* pkt = init_packet(flow, PKT_FROM_CLIENT); - - pkt->pkt = cooked_rst; - pkt->ptrs.tcph = ( const tcp::TCPHdr* )( cooked_rst + 34 ); - - return pkt; -} - -Packet* get_data_packet(Flow* flow) -{ - Packet* pkt = init_packet(flow, PKT_FROM_CLIENT); - - pkt->pkt = cooked_data; - pkt->ptrs.tcph = ( const tcp::TCPHdr* )( cooked_data + 34 ); - pkt->dsize = 42; - - return pkt; -} - diff --git a/src/stream/udp/udp_module.cc b/src/stream/udp/udp_module.cc index 2fe77b43f..006394342 100644 --- a/src/stream/udp/udp_module.cc +++ b/src/stream/udp/udp_module.cc @@ -61,12 +61,8 @@ StreamUdpConfig* StreamUdpModule::get_data() bool StreamUdpModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("session_timeout") ) - config->session_timeout = v.get_uint32(); - - else - return false; - + assert(v.is("session_timeout")); + config->session_timeout = v.get_uint32(); return true; } diff --git a/src/stream/user/stream_user.cc b/src/stream/user/stream_user.cc index 99babfc99..2c187f78b 100644 --- a/src/stream/user/stream_user.cc +++ b/src/stream/user/stream_user.cc @@ -21,6 +21,8 @@ #include "config.h" #endif +#include + #include "stream_user.h" #include "log/messages.h" @@ -69,9 +71,7 @@ StreamUser::~StreamUser() void StreamUser::show(const SnortConfig*) const { - if ( !config ) - return; - + assert(config); ConfigLogger::log_value("session_timeout", config->session_timeout); } diff --git a/src/stream/user/user_module.cc b/src/stream/user/user_module.cc index 9a1b8bd7c..105c7ae60 100644 --- a/src/stream/user/user_module.cc +++ b/src/stream/user/user_module.cc @@ -44,15 +44,10 @@ static const Parameter s_params[] = }; StreamUserModule::StreamUserModule() : Module(MOD_NAME, MOD_HELP, s_params) -{ - config = nullptr; -} +{ config = nullptr; } StreamUserModule::~StreamUserModule() -{ - if ( config ) - delete config; -} +{ delete config; } StreamUserConfig* StreamUserModule::get_data() { @@ -76,9 +71,8 @@ const TraceOption* StreamUserModule::get_trace_options() const bool StreamUserModule::set(const char*, Value& v, SnortConfig*) { - if ( v.is("session_timeout") ) - config->session_timeout = v.get_uint32(); - + assert(v.is("session_timeout")); + config->session_timeout = v.get_uint32(); return true; } diff --git a/src/stream/user/user_session.h b/src/stream/user/user_session.h index 5f836e117..46ababbfe 100644 --- a/src/stream/user/user_session.h +++ b/src/stream/user/user_session.h @@ -87,15 +87,6 @@ public: snort::StreamSplitter* get_splitter(bool c2s) override; void restart(snort::Packet*) override; - bool is_sequenced(uint8_t /*dir*/) override - { return true; } - - bool are_packets_missing(uint8_t /*dir*/) override - { return false; } - - uint8_t missing_in_reassembled(uint8_t /*dir*/) override - { return SSN_MISSING_NONE; } - private: void start(snort::Packet*, snort::Flow*); void update(snort::Packet*, snort::Flow*); @@ -107,13 +98,6 @@ private: int update_alert( snort::Packet*, uint32_t gid, uint32_t sid, uint32_t event_id, uint32_t event_second) override; - void flush_client(snort::Packet*) override { } - void flush_server(snort::Packet*) override { } - void flush_talker(snort::Packet*, bool /*final_flush */ = false) override { } - void flush_listener(snort::Packet*, bool /*final_flush */ = false) override { } - - void set_extra_data(snort::Packet*, uint32_t /* flag */) override { } - uint8_t get_reassembly_direction() override; public: diff --git a/src/utils/js_tokenizer.l b/src/utils/js_tokenizer.l index 649f78abd..8191d3dde 100644 --- a/src/utils/js_tokenizer.l +++ b/src/utils/js_tokenizer.l @@ -26,8 +26,9 @@ %option c++ %option batch - %option never-interactive +%option noinput nounput +%option noyy_push_state noyy_pop_state noyy_top_state %{ @@ -42,6 +43,7 @@ #include "utils/js_identifier_ctx.h" #include "utils/util_cstring.h" +#define YY_NO_UNPUT #define YY_USER_ACTION \ { \ debug_logf(5, http_trace, TRACE_JS_PROC, nullptr, \