From: Michael Altizer (mialtize) Date: Mon, 17 Oct 2016 17:46:28 +0000 (-0400) Subject: Merge pull request #678 in SNORT/snort3 from icc to master X-Git-Tag: 3.0.0-233~217 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96d56f51992c213f5d9eb0e3ab9aa234dd606cd7;p=thirdparty%2Fsnort3.git Merge pull request #678 in SNORT/snort3 from icc to master Squashed commit of the following: commit ad8de2fe4d3121d81c923ec94a4b73c696c6cf59 Author: Michael Altizer Date: Mon Oct 17 12:02:45 2016 -0400 build: Clean up some ICC warnings --- diff --git a/src/ips_options/ips_fragbits.cc b/src/ips_options/ips_fragbits.cc index 30b1de75b..3194eb39c 100644 --- a/src/ips_options/ips_fragbits.cc +++ b/src/ips_options/ips_fragbits.cc @@ -30,8 +30,8 @@ * Arguments: * * The keyword to reference this plugin is "fragbits". Possible arguments are - * D, M and R for DF, MF and RB, respectively. - * + * D, M and R for DF, MF and RB, respectively. + * * Possible modes are '+', '!', and '*' for plus, not and any modes. * * Effect: @@ -70,52 +70,52 @@ static THREAD_LOCAL ProfileStats fragBitsPerfStats; -// this class holds the logic for setting up the fragment test -// data and testing for the data match (is_match function). +// this class holds the logic for setting up the fragment test +// data and testing for the data match (is_match function). class FragBitsData { -public: +public: FragBitsData() { mode = 0; frag_bits = 0; } - + uint8_t get_mode() const; uint16_t get_frag_bits() const; void set_frag_bits(uint16_t); void set_more_fragment_bit(); void set_dont_fragment_bit(); void set_reserved_bit(); - + //no mode for normal since it is set as the default void set_not_mode(); void set_any_mode(); void set_plus_mode(); - + void parse_fragbits(const char* data); - + bool is_match(Packet *); - + private: //numeric mode values enum MODE { NORMAL, PLUS, ANY, NOT}; - - const static uint16_t BITMASK = 0xE000; - const static uint16_t RESERVED_BIT = 0x8000; - const static uint16_t DONT_FRAG_BIT = 0x4000; - const static uint16_t MORE_FRAG_BIT = 0x2000; - + + static const uint16_t BITMASK = 0xE000; + static const uint16_t RESERVED_BIT = 0x8000; + static const uint16_t DONT_FRAG_BIT = 0x4000; + static const uint16_t MORE_FRAG_BIT = 0x2000; + //flags used to indicate mode - const static char PLUS_FLAG = '+'; - const static char ANY_FLAG = '*'; - const static char NOT_FLAG = '!'; - + static const char PLUS_FLAG = '+'; + static const char ANY_FLAG = '*'; + static const char NOT_FLAG = '!'; + bool check_normal(const uint16_t); bool check_any(const uint16_t); bool check_not(const uint16_t); bool check_plus(const uint16_t); - + uint8_t mode; uint16_t frag_bits; }; @@ -146,20 +146,20 @@ void FragBitsData::set_not_mode() { mode = NOT; } // this is the function that checks for a match -bool FragBitsData::is_match(Packet* p) +bool FragBitsData::is_match(Packet* p) { - uint16_t packet_fragbits = p->ptrs.ip_api.off_w_flags(); - + uint16_t packet_fragbits = p->ptrs.ip_api.off_w_flags(); + // strip the offset value and leave only the fragment bits packet_fragbits &= BITMASK; - + bool match = false; - + // get the mode we have .. then check for match switch( get_mode() ) { case NORMAL: - match = check_normal(packet_fragbits); + match = check_normal(packet_fragbits); break; case ANY: match = check_any(packet_fragbits); @@ -171,7 +171,7 @@ bool FragBitsData::is_match(Packet* p) match = check_not(packet_fragbits); break; } - + return match; } @@ -207,7 +207,7 @@ bool FragBitsData::check_any(const uint16_t packet_fragbits) } //check for packets that do NOT have matching flags set '!' -bool FragBitsData::check_not(const uint16_t packet_fragbits) +bool FragBitsData::check_not(const uint16_t packet_fragbits) { if ( (get_frag_bits() & packet_fragbits ) == 0) { @@ -220,7 +220,7 @@ bool FragBitsData::check_not(const uint16_t packet_fragbits) void FragBitsData::parse_fragbits(const char* data) { std::string bit_string; - + // if its null the bit_string will stay empty if(data) { @@ -231,32 +231,32 @@ void FragBitsData::parse_fragbits(const char* data) ParseError("no arguments to the fragbits keyword"); return; } - + unsigned long len = bit_string.length(); - + for(unsigned long a = 0; a < len; a++) { //if we hit a space skip/continue if( isspace( bit_string.at(a) ) ) continue; - + switch ( bit_string.at( a ) ) { case 'd': // dont fragment - case 'D': + case 'D': set_dont_fragment_bit(); break; - + case 'm': // more fragment - case 'M': + case 'M': set_more_fragment_bit(); break; - + case 'r': // reserved bit - case 'R': + case 'R': set_reserved_bit(); break; - + case NOT_FLAG:// NOT flag, fire if flags are NOT set set_not_mode(); break; @@ -268,7 +268,7 @@ void FragBitsData::parse_fragbits(const char* data) case PLUS_FLAG: // PLUS flag, fire on these bits PLUS any others set_plus_mode(); break; - + default: ParseError("Bad fragbit = '%c'. Valid options are: RDM+!*", bit_string.at(a) ); @@ -305,8 +305,8 @@ uint32_t FragBitsOption::hash() const uint32_t a,b,c; const FragBitsData* data = &fragBitsData; - a = data->get_mode(); - b = data->get_frag_bits(); + a = data->get_mode(); + b = data->get_frag_bits(); c = 0; mix_str(a,b,c,get_name()); @@ -341,10 +341,10 @@ int FragBitsOption::eval(Cursor&, Packet* p) return DETECTION_OPTION_NO_MATCH; bool is_match = fragBitsData.is_match(p); - + if(is_match) return DETECTION_OPTION_MATCH; - + // if the test isn't successful, this function *must* return 0 return DETECTION_OPTION_NO_MATCH; } @@ -374,7 +374,7 @@ public: ProfileStats* get_profile() const override { return &fragBitsPerfStats; } - + FragBitsData get_fragBits_data(); private: @@ -444,10 +444,10 @@ static const IpsApi fragbits_api = mod_ctor, //ModNewFunc constructor mod_dtor //ModDelFunc destructor }, - + //IpsApi struct OPT_TYPE_DETECTION, //RuleOptType - 1, //max per rule + 1, //max per rule 0, //IpsOptFunc protos nullptr, //IpsOptFunc pinit nullptr, //IpsOptFunc pterm diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index f69db31d0..ca36e405f 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -716,7 +716,7 @@ static void free_config_items(ConfigItem* ci) } } -void free_port_exclusion_list( SF_LIST** pe_list ) +static void free_port_exclusion_list( SF_LIST** pe_list ) { for ( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ ) { diff --git a/src/network_inspectors/appid/appid_utils/network_set.cc b/src/network_inspectors/appid/appid_utils/network_set.cc index da0ccbc09..e2546ff0b 100644 --- a/src/network_inspectors/appid/appid_utils/network_set.cc +++ b/src/network_inspectors/appid/appid_utils/network_set.cc @@ -373,8 +373,6 @@ int NetworkSet_Fprintf(NetworkSet* network_set, const char* prefix, FILE* stream return 0; } -NODE_DATA sflist_first(SF_LIST*, SF_LNODE**); -NODE_DATA sflist_next(SF_LNODE**); static inline int NetworkSet_OrderByNetmask(SF_LIST* ordered_networks, SF_LIST* networks, unsigned id) { diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc index 6dfdd3c80..f239560c6 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc @@ -318,7 +318,7 @@ static KRB_RETCODE krb_walk_client_packet(KRBState* krbs, const uint8_t* s, cons krbs->pos++; break; case KRB_STATE_APP: - DebugFormat(DEBUG_INSPECTOR,"%p Type %u (%02X)\n", + DebugFormat(DEBUG_INSPECTOR,"%p Type %d (%02X)\n", (void*)asd, *s & (~ASN_1_TYPE_MASK), *s); if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT)) return KRB_FAILED; @@ -642,7 +642,7 @@ static KRB_RETCODE krb_walk_server_packet(KRBState* krbs, const uint8_t* s, cons krbs->pos++; break; case KRB_STATE_APP: - DebugFormat(DEBUG_INSPECTOR,"%p Type %u (%02X)\n", + DebugFormat(DEBUG_INSPECTOR,"%p Type %d (%02X)\n", (void*)asd, *s & (~ASN_1_TYPE_MASK), *s); if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT)) return KRB_FAILED; @@ -719,7 +719,7 @@ static KRB_RETCODE krb_walk_server_packet(KRBState* krbs, const uint8_t* s, cons krbs->pos++; break; case KRB_STATE_ERROR_VALUE: - DebugFormat(DEBUG_INSPECTOR,"%p Error %u\n", (void*)asd, *s); + DebugFormat(DEBUG_INSPECTOR,"%p Error %hhu\n", (void*)asd, *s); if (krbs->msg_len <= 1) { krbs->flags |= KRB_FLAG_SERVICE_DETECTED; @@ -962,7 +962,7 @@ static CLIENT_APP_RETCODE krb_client_validate(const uint8_t* data, uint16_t size DetectorData* fd; #ifdef DEBUG_MSGS - DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %u->%u %u %d", + DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %hu->%hu %hu %d", (void*)asd, (unsigned int)asd->protocol, pkt->ptrs.sp, pkt->ptrs.dp, size, dir); #else UNUSED(pkt); @@ -1035,7 +1035,7 @@ static int krb_server_validate(ServiceValidationArgs* args) const uint8_t* s = data; const uint8_t* end = (data + size); - DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %u->%u %u %d", + DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %hu->%hu %hu %d", (void*)asd, (unsigned int)asd->protocol, pkt->ptrs.sp, pkt->ptrs.dp, size, dir); if (dir != APP_ID_FROM_RESPONDER) diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index 7e24d7e32..9990ce8cc 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -480,10 +480,10 @@ static void dumpPatterns(const char* name, PatternService* pList) { for (pattern = ps->pattern; pattern; pattern = pattern->next) { - DebugFormat(DEBUG_LOG,"\t%s, %d\n",pattern->data, pattern->length); + DebugFormat(DEBUG_LOG,"\t%s, %u\n",pattern->data, pattern->length); if (pattern->data && pattern->length) { - DebugFormat(DEBUG_LOG,"\t\t%s, %d\n",pattern->data, pattern->length); + DebugFormat(DEBUG_LOG,"\t\t%s, %u\n",pattern->data, pattern->length); } } } diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 099708cd4..835f7dc2c 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -509,9 +509,9 @@ static int addFutureRtpFlows(AppIdSession* asd, const SipDialog* dialog, const P mdataB = dialog->mediaSessions->nextS->medias; while ((nullptr != mdataA)&&(nullptr != mdataB)) { - DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %u\n", + DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %hu\n", sfip_to_str(&mdataA->maddress), mdataA->mport); - DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %u\n", + DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %hu\n", sfip_to_str(&mdataB->maddress), mdataB->mport); createRtpFlow(asd, p, &mdataA->maddress, mdataA->mport, &mdataB->maddress, diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 914ec5231..c229a5a35 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1526,7 +1526,7 @@ static int Detector_addHostPortApp(lua_State* L) if (proto > UINT8_MAX) { - ErrorMessage("%s:Invalid protocol value %d\n",__func__, proto); + ErrorMessage("%s:Invalid protocol value %u\n",__func__, proto); return 0; } diff --git a/src/network_inspectors/appid/service_plugins/service_base.cc b/src/network_inspectors/appid/service_plugins/service_base.cc index bb521fedb..9475254da 100644 --- a/src/network_inspectors/appid/service_plugins/service_base.cc +++ b/src/network_inspectors/appid/service_plugins/service_base.cc @@ -189,7 +189,7 @@ static void CServiceRegisterPattern(RNAServiceValidationFCN, IpProtocol, const u int, const char*); static void ServiceRegisterPatternUser(RNAServiceValidationFCN, IpProtocol, const uint8_t*, unsigned, int, const char*); -void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo); +static void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo); static int CServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*); static void CServiceRemovePorts(RNAServiceValidationFCN validate); @@ -252,7 +252,7 @@ static RNAServiceValidationModule* static_service_list[] = const uint32_t NUM_STATIC_SERVICES = sizeof(static_service_list) / sizeof(RNAServiceValidationModule*); -void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo) +static void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo) { AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId); if (!pEntry) diff --git a/src/protocols/layer.cc b/src/protocols/layer.cc index 69d6d65e1..f56d34de2 100644 --- a/src/protocols/layer.cc +++ b/src/protocols/layer.cc @@ -399,9 +399,6 @@ bool set_outer_ip_api(const Packet* const p, return false; } -bool set_api_ip_embed_icmp(Packet* const p) -{ return set_api_ip_embed_icmp(p, p->ptrs.ip_api); } - bool set_api_ip_embed_icmp(const Packet* p, ip::IpApi& api) { int num_layers = p->num_layers - 1; diff --git a/src/protocols/layer.h b/src/protocols/layer.h index 2cd4a678c..d117f4eb8 100644 --- a/src/protocols/layer.h +++ b/src/protocols/layer.h @@ -120,8 +120,6 @@ SO_PUBLIC int get_inner_ip6_frag_index(const Packet* const p); // true - ip layer found and api set // false - ip layer NOT found, api reset SO_PUBLIC bool set_api_ip_embed_icmp(const Packet*, ip::IpApi& api); -// a helper function when the api to be set is inside the packet -SO_PUBLIC bool set_api_ip_embed_icmp(const Packet* p); /* *When a protocol is embedded in ICMP, these functions diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc index 3b63e5225..5f458a35f 100644 --- a/src/service_inspectors/ftp_telnet/ftp_data.cc +++ b/src/service_inspectors/ftp_telnet/ftp_data.cc @@ -101,10 +101,10 @@ static int SnortFTPData(Packet* p) if (!p->flow) return -1; - FtpDataFlowData* fd = (FtpDataFlowData*) + FtpDataFlowData* fdfd = (FtpDataFlowData*) p->flow->get_flow_data(FtpDataFlowData::flow_id); - FTP_DATA_SESSION* data_ssn = fd ? &fd->session : nullptr; + FTP_DATA_SESSION* data_ssn = fdfd ? &fdfd->session : nullptr; if ( !data_ssn or (data_ssn->packet_flags & FTPDATA_FLG_STOP) ) return 0; @@ -120,10 +120,10 @@ static int SnortFTPData(Packet* p) /* FTP-Data session is in limbo, we need to lookup the control session * to figure out what to do. */ - FtpFlowData* fd = (FtpFlowData*)Stream::get_flow_data( + FtpFlowData* ffd = (FtpFlowData*)Stream::get_flow_data( &data_ssn->ftp_key, FtpFlowData::flow_id); - FTP_SESSION* ftp_ssn = fd ? &fd->session : NULL; + FTP_SESSION* ftp_ssn = ffd ? &ffd->session : NULL; if (!PROTO_IS_FTP(ftp_ssn)) { diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index 07e5d693a..775fe16b4 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1668,7 +1668,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) break; case FTP_RESPONSE: /* Response */ DebugFormat(DEBUG_FTPTELNET, - "FTP response: code: %.*s : M len %d : M %.*s\n", + "FTP response: code: %.*s : M len %u : M %.*s\n", req->cmd_size, req->cmd_begin, req->param_size, req->param_size, req->param_begin); if ((ftpssn->client_conf->max_resp_len > 0) && @@ -1687,7 +1687,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) break; case FTP_RESPONSE_CONT: /* Response continued */ DebugFormat(DEBUG_FTPTELNET, - "FTP response: continuation of code: %d : M len %d : M %.*s\n", + "FTP response: continuation of code: %d : M len %u : M %.*s\n", ftpssn->server.response.state, req->param_size, req->param_size, req->param_begin); if ((ftpssn->client_conf->max_resp_len > 0) && @@ -1700,7 +1700,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) break; case FTP_RESPONSE_ENDCONT: /* Continued response end */ DebugFormat(DEBUG_FTPTELNET, - "FTP response: final continue of code: %.*s : M len %d : " + "FTP response: final continue of code: %.*s : M len %u : " "M %.*s\n", req->cmd_size, req->cmd_begin, req->param_size, req->param_size, req->param_begin); if ((ftpssn->client_conf->max_resp_len > 0) && @@ -1713,7 +1713,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) break; default: DebugFormat(DEBUG_FTPTELNET, "FTP command: CMD: %.*s : " - "P len %d : P %.*s\n", req->cmd_size, req->cmd_begin, + "P len %u : P %.*s\n", req->cmd_size, req->cmd_begin, req->param_size, req->param_size, req->param_begin); if (CmdConf) { @@ -1726,7 +1726,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) /* Alert on param length overrun */ SnortEventqAdd(GID_FTP, FTP_PARAMETER_LENGTH_OVERFLOW); DebugFormat(DEBUG_FTPTELNET, "FTP command: %.*s" - "parameter length overrun %d > %d \n", + "parameter length overrun %u > %u \n", req->cmd_size, req->cmd_begin, req->param_size, max); iRet = FTPP_ALERT; } diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index a9a3a6607..a81add4c9 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -883,7 +883,7 @@ uint32_t TcpReassembler::get_forward_packet_dir(const Packet* p) // see flush_pdu_ackd() for details // the key difference is that we operate on forward moving data // because we don't wait until it is acknowledged -uint32_t TcpReassembler::flush_pdu_ips(uint32_t* flags) +int32_t TcpReassembler::flush_pdu_ips(uint32_t* flags) { Profile profile(s5TcpPAFPerfStats); @@ -952,7 +952,7 @@ void TcpReassembler::fallback() // - if we partially scan a segment we must save state so we // know where we left off and can resume scanning the remainder -uint32_t TcpReassembler::flush_pdu_ackd(uint32_t* flags) +int32_t TcpReassembler::flush_pdu_ackd(uint32_t* flags) { Profile profile(s5TcpPAFPerfStats); diff --git a/src/stream/tcp/tcp_reassembler.h b/src/stream/tcp/tcp_reassembler.h index 951aa86b1..53c5b9bb2 100644 --- a/src/stream/tcp/tcp_reassembler.h +++ b/src/stream/tcp/tcp_reassembler.h @@ -155,9 +155,9 @@ protected: void final_flush(Packet* p, PegCount& peg, uint32_t dir); uint32_t get_reverse_packet_dir(const Packet* p); uint32_t get_forward_packet_dir(const Packet* p); - uint32_t flush_pdu_ips(uint32_t* flags); + int32_t flush_pdu_ips(uint32_t* flags); void fallback(); - uint32_t flush_pdu_ackd(uint32_t* flags); + int32_t flush_pdu_ackd(uint32_t* flags); int purge_to_seq(uint32_t flush_seq); bool server_side;