From: Mike Stepanek (mstepane) Date: Tue, 1 Feb 2022 17:56:59 +0000 (+0000) Subject: Pull request #3247: Define config options precedence X-Git-Tag: 3.1.23.0~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a28f8e2ec379f719821414056cbb799f0e95ed53;p=thirdparty%2Fsnort3.git Pull request #3247: Define config options precedence Merge in SNORT/snort3 from ~OSHUMEIK/snort3:snort_the_first to master Squashed commit of the following: commit 8e80ead518f81e01d5030cd9419c1e9e49aad273 Author: Oleksii Shumeiko Date: Wed Jan 26 10:01:29 2022 +0200 doc: add notes about CLI/Lua precedence commit c33f249fbef12ebfbed574054410fb28d4c13f16 Author: Oleksii Shumeiko Date: Tue Jan 25 14:37:10 2022 +0200 main: remove default values for other-module parameters in snort module Snort module is not listed in coreinit.lua as a builtin module, thus some of its parameters get their default values elsewhere. Adjust the range for snaplen parameter, as in daq. Update --daq-batch-size description with a default value. commit 0ff8c06919d30aace185f197aaa8a7b7c71ea7a5 Author: Oleksii Shumeiko Date: Tue Jan 25 14:26:16 2022 +0200 packet_io: decrease daq module's parameters priority Config parameter priority follows: Highest: command-line option Lower: snort module config entry (from Lua) Lowest: targeted module config entry (from Lua) commit 948e8a18880395c9b84f3adcfe0c4adf10b0a5a4 Author: Oleksii Shumeiko Date: Mon Jan 24 14:18:52 2022 +0200 main: ignore Snort module's option if it duplicates CLI option commit 2a5282cb6d73e513dc04fbd025e439b662b9c3f5 Author: Oleksii Shumeiko Date: Thu Jan 20 15:06:42 2022 +0200 main: parse snort module before others --- diff --git a/doc/user/daq.txt b/doc/user/daq.txt index 8076ac5f8..d2922763c 100644 --- a/doc/user/daq.txt +++ b/doc/user/daq.txt @@ -26,7 +26,8 @@ bundled DAQ modules. As with a number of features in Snort 3, the LibDAQ and DAQ module configuration may be controlled using either the command line options or by -configuring the 'daq' Snort module in the Lua configuration. +configuring the 'daq' Snort module in the Lua configuration (command line +option has higher precedence). DAQ modules may be statically built into Snort, but the more common case is to use DAQ modules that have been built as dynamically loadable objects. Because diff --git a/doc/user/overview.txt b/doc/user/overview.txt index 63c5782ee..66844e8de 100644 --- a/doc/user/overview.txt +++ b/doc/user/overview.txt @@ -162,7 +162,14 @@ There many other options available too depending on the DAQ you use. -A cmg says to output intrusion events in "cmg" format, which has basic header details followed by the payload in hex and text. -Note that you add to and/or override anything in your configuration file by +Command line options have precedence over Lua configuration files. This can be +used to make a custom run keeping all configuration files unchanged: + + --daq-batch-size=32 + +will override daq.batch_size value. + +Notably, you can add to and/or override anything in your configuration file by using the --lua command line option. For example: --lua 'ips = { enable_builtin_rules = true }' diff --git a/doc/user/params.txt b/doc/user/params.txt index d9eb2c8df..7629ef42c 100644 --- a/doc/user/params.txt +++ b/doc/user/params.txt @@ -32,6 +32,8 @@ information about the type and use of the parameter: * IPS rules may also have a wild card parameter, which is indicated by a *. Used for unquoted, comma-separated lists such as service and metadata. * The snort module has command line options starting with a -. + The options passed from command line override the options configured via + snort module. * $ denotes variable names. Some additional details to note: diff --git a/doc/user/tutorial.txt b/doc/user/tutorial.txt index 5f1d4319c..5a5db4cb0 100644 --- a/doc/user/tutorial.txt +++ b/doc/user/tutorial.txt @@ -188,6 +188,10 @@ General Use Lua Configuration +* Some parameters could be configured via a command line option or snort module. + In this case a command line option has the highest precedence, in turn, + snort module configuration has precedence over other modules. + * Configure the wizard and default bindings will be created based on configured inspectors. No need to explicitly bind ports in this case. @@ -331,6 +335,7 @@ The following parameters can't be changed during reload, and require a restart: * process.set_uid * snort.--bpf * snort.-l +* trace.output In addition, the following scenarios require a restart: diff --git a/src/main/finalize.lua b/src/main/finalize.lua index 420f7cd28..876a60d6c 100644 --- a/src/main/finalize.lua +++ b/src/main/finalize.lua @@ -101,6 +101,16 @@ function snort_config(env) if ( env.binder and type(env.binder) == 'table' ) then load_aliases(env) end + + if ( env.snort and type(env.snort) == 'table' ) then + name = "snort" + if ( ffi.C.open_table(name, 0) ) then + snort_traverse(env.snort, name) + ffi.C.close_table(name, 0) + end + env.snort = nil + end + snort_traverse(env) end diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index 0c8b464c7..43eaf7117 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -24,6 +24,7 @@ #include "snort_module.h" +#include #include #include "detection/detect.h" @@ -275,7 +276,7 @@ static const Parameter s_params[] = { "-r", Parameter::PT_STRING, nullptr, nullptr, "... (same as --pcap-list)" }, - { "-s", Parameter::PT_INT, "68:65535", "1518", + { "-s", Parameter::PT_INT, "0:65535", nullptr, " (same as --snaplen); default is 1518" }, { "-T", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -331,8 +332,8 @@ static const Parameter s_params[] = { "--daq", Parameter::PT_STRING, nullptr, nullptr, " select packet acquisition module (default is pcap)" }, - { "--daq-batch-size", Parameter::PT_INT, "1:", "64", - " set the DAQ receive batch size", }, + { "--daq-batch-size", Parameter::PT_INT, "1:", nullptr, + " set the DAQ receive batch size; default is 64", }, { "--daq-dir", Parameter::PT_STRING, nullptr, nullptr, " tell snort where to find desired DAQ" }, @@ -503,7 +504,7 @@ static const Parameter s_params[] = { "--pcap-dir", Parameter::PT_STRING, nullptr, nullptr, " a directory to recurse to look for pcaps - read mode is implied" }, - { "--pcap-filter", Parameter::PT_STRING, nullptr, "*.*cap*", + { "--pcap-filter", Parameter::PT_STRING, nullptr, nullptr, " filter to apply when getting pcaps from file or directory" }, { "--pcap-loop", Parameter::PT_INT, "0:max32", nullptr, @@ -563,7 +564,7 @@ static const Parameter s_params[] = { "--skip", Parameter::PT_INT, "0:max53", nullptr, " skip 1st n packets", }, - { "--snaplen", Parameter::PT_INT, "68:65535", "1518", + { "--snaplen", Parameter::PT_INT, "0:65535", nullptr, " set snaplen of packet (same as -s)", }, { "--stdin-rules", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -676,10 +677,14 @@ public: const TraceOption* get_trace_options() const override; private: + inline bool is(const Value& v, const char* opt); + SFDAQModuleConfig* module_config; bool no_warn_flowbits = false; bool no_warn_rules = false; std::string stub_opts; + std::set cli_opts; + bool cli_mode = true; }; void SnortModule::set_trace(const Trace* trace) const @@ -697,157 +702,170 @@ bool SnortModule::begin(const char* fqn, int, SnortConfig*) return true; } +bool SnortModule::is(const Value& v, const char* opt) +{ + if ( !v.is(opt) ) + return false; + + if ( cli_mode ) + cli_opts.emplace(string(opt)); + else + return cli_opts.end() == cli_opts.find(string(opt)); + + return true; +} + bool SnortModule::set(const char*, Value& v, SnortConfig* sc) { - if ( v.is("-?") ) + if ( is(v, "-?") ) help_options(sc, v.get_string()); - else if ( v.is("-A") ) + else if ( is(v, "-A") ) sc->set_alert_mode(v.get_string()); - else if ( v.is("-B") ) + else if ( is(v, "-B") ) sc->set_obfuscation_mask(v.get_string()); - else if ( v.is("-C") ) + else if ( is(v, "-C") ) sc->set_dump_chars_only(true); - else if ( v.is("-c") ) + else if ( is(v, "-c") ) config_conf(v.get_string()); - else if ( v.is("-D") ) + else if ( is(v, "-D") ) sc->set_daemon(true); - else if ( v.is("-d") ) + else if ( is(v, "-d") ) sc->set_dump_payload(true); - else if ( v.is("-e") ) + else if ( is(v, "-e") ) sc->set_decode_data_link(true); - else if ( v.is("-f") ) + else if ( is(v, "-f") ) sc->output_flags |= OUTPUT_FLAG__LINE_BUFFER; - else if ( v.is("-G") || v.is("--logid") ) + else if ( is(v, "-G") || is(v, "--logid") ) sc->event_log_id = v.get_uint16(); - else if ( v.is("-g") ) + else if ( is(v, "-g") ) sc->set_gid(v.get_string()); - else if ( v.is("-H") ) + else if ( is(v, "-H") ) sc->run_flags |= RUN_FLAG__STATIC_HASH; - else if ( v.is("-h") ) + else if ( is(v, "-h") ) help_basic(sc, v.get_string()); - else if ( v.is("-i") ) + else if ( is(v, "-i") ) sc->daq_config->add_input(v.get_string()); #ifdef SHELL - else if ( v.is("-j") ) + else if ( is(v, "-j") ) { sc->remote_control_port = v.get_uint16(); sc->remote_control_socket.clear(); } #endif - else if ( v.is("-k") ) + else if ( is(v, "-k") ) ConfigChecksumMode(v.get_string()); - else if ( v.is("-L") ) + else if ( is(v, "-L") ) sc->set_log_mode(v.get_string()); - else if ( v.is("-l") ) + else if ( is(v, "-l") ) sc->set_log_dir(v.get_string()); - else if ( v.is("-M") ) + else if ( is(v, "-M") ) sc->enable_syslog(); - else if ( v.is("-m") ) + else if ( is(v, "-m") ) sc->set_umask(v.get_uint32()); - else if ( v.is("-n") ) + else if ( is(v, "-n") ) sc->pkt_cnt = v.get_uint64(); - else if ( v.is("-O") ) + else if ( is(v, "-O") ) sc->set_obfuscate(true); - else if ( v.is("-Q") ) + else if ( is(v, "-Q") ) sc->run_flags |= RUN_FLAG__INLINE; - else if ( v.is("-q") ) + else if ( is(v, "-q") ) SnortConfig::set_log_quiet(true); - else if ( v.is("-R") ) + else if ( is(v, "-R") ) { string s = "include "; s += v.get_string(); parser_append_rules(s.c_str()); } - else if ( v.is("-r") || v.is("--pcap-list") ) + else if ( is(v, "-r") || is(v, "--pcap-list") ) { sc->run_flags |= RUN_FLAG__READ; Trough::add_source(Trough::SOURCE_LIST, v.get_string()); } - else if ( v.is("-s") or v.is("--snaplen") ) + else if ( is(v, "-s") or is(v, "--snaplen") ) sc->daq_config->set_mru_size(v.get_uint16()); - else if ( v.is("-T") ) + else if ( is(v, "-T") ) sc->run_flags |= RUN_FLAG__TEST; - else if ( v.is("-t") ) + else if ( is(v, "-t") ) sc->set_chroot_dir(v.get_string()); - else if ( v.is("-U") ) + else if ( is(v, "-U") ) sc->set_utc(true); - else if ( v.is("-u") ) + else if ( is(v, "-u") ) sc->set_uid(v.get_string()); - else if ( v.is("-V") ) + else if ( is(v, "-V") ) help_version(sc); - else if ( v.is("-v") ) + else if ( is(v, "-v") ) SnortConfig::enable_log_verbose(); - else if ( v.is("-X") ) + else if ( is(v, "-X") ) sc->set_dump_payload_verbose(true); - else if ( v.is("-x") || v.is("--pedantic") ) + else if ( is(v, "-x") || is(v, "--pedantic") ) sc->run_flags |= RUN_FLAG__CONF_ERROR_OUT; - else if ( v.is("-y") ) + else if ( is(v, "-y") ) sc->set_show_year(true); - else if ( v.is("-z") || v.is("--max-packet-threads") ) + else if ( is(v, "-z") || is(v, "--max-packet-threads") ) ThreadConfig::set_instance_max(v.get_uint32()); - else if ( v.is("--alert-before-pass") ) + else if ( is(v, "--alert-before-pass") ) sc->set_alert_before_pass(true); - else if ( v.is("--bpf") ) + else if ( is(v, "--bpf") ) sc->bpf_filter = v.get_string(); - else if ( v.is("--c2x") ) + else if ( is(v, "--c2x") ) c2x(v.get_string()); #ifdef SHELL - else if ( v.is("--control-socket") ) + else if ( is(v, "--control-socket") ) { sc->remote_control_socket = v.get_string(); sc->remote_control_port = 0; } #endif - else if ( v.is("--create-pidfile") ) + else if ( is(v, "--create-pidfile") ) sc->set_create_pid_file(true); - else if ( v.is("--daq") ) + else if ( is(v, "--daq") ) module_config = sc->daq_config->add_module_config(v.get_string()); - else if ( v.is("--daq-batch-size") ) + else if ( is(v, "--daq-batch-size") ) sc->daq_config->set_batch_size(v.get_uint32()); - else if ( v.is("--daq-dir") ) + else if ( is(v, "--daq-dir") ) { stringstream ss { v.get_string() }; string path; @@ -855,7 +873,7 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) while ( getline(ss, path, ':') ) sc->daq_config->add_module_dir(path.c_str()); } - else if ( v.is("--daq-mode") ) + else if ( is(v, "--daq-mode") ) { if (!module_config) return false; @@ -872,25 +890,25 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) break; } } - else if ( v.is("--daq-list") ) + else if ( is(v, "--daq-list") ) list_daqs(sc); - else if ( v.is("--daq-var") ) + else if ( is(v, "--daq-var") ) { if (!module_config) return false; module_config->set_variable(v.get_string()); } - else if ( v.is("--dirty-pig") ) + else if ( is(v, "--dirty-pig") ) sc->set_dirty_pig(true); - else if ( v.is("--dump-builtin-options") ) + else if ( is(v, "--dump-builtin-options") ) stub_opts = v.get_string(); - else if ( v.is("--dump-builtin-rules") ) + else if ( is(v, "--dump-builtin-rules") ) dump_builtin_rules(sc, v.get_string(), stub_opts.c_str()); - else if ( v.is("--dump-config") ) + else if ( is(v, "--dump-config") ) { SnortConfig::set_log_quiet(true); sc->run_flags |= RUN_FLAG__TEST; @@ -900,271 +918,271 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) sc->dump_config_type = DUMP_CONFIG_JSON_TOP; } - else if ( v.is("--dump-config-text") ) + else if ( is(v, "--dump-config-text") ) { SnortConfig::set_log_quiet(true); sc->run_flags |= RUN_FLAG__TEST; sc->dump_config_type = DUMP_CONFIG_TEXT; } - else if ( v.is("--dump-dynamic-rules") ) + else if ( is(v, "--dump-dynamic-rules") ) dump_dynamic_rules(sc, v.get_string()); - else if ( v.is("--dump-defaults") ) + else if ( is(v, "--dump-defaults") ) dump_defaults(sc, v.get_string()); - else if ( v.is("--dump-rule-databases") ) + else if ( is(v, "--dump-rule-databases") ) { sc->set_rule_db_dir(v.get_string()); sc->run_flags |= (RUN_FLAG__TEST | RUN_FLAG__MEM_CHECK); } - else if ( v.is("--dump-rule-deps") ) + else if ( is(v, "--dump-rule-deps") ) { sc->run_flags |= (RUN_FLAG__DUMP_RULE_DEPS | RUN_FLAG__TEST); SnortConfig::set_log_quiet(true); } - else if ( v.is("--dump-rule-meta") ) + else if ( is(v, "--dump-rule-meta") ) { sc->run_flags |= (RUN_FLAG__DUMP_RULE_META | RUN_FLAG__TEST); sc->output_flags |= OUTPUT_FLAG__ALERT_REFS; SnortConfig::set_log_quiet(true); } - else if ( v.is("--dump-rule-state") ) + else if ( is(v, "--dump-rule-state") ) { sc->run_flags |= (RUN_FLAG__DUMP_RULE_STATE | RUN_FLAG__TEST); SnortConfig::set_log_quiet(true); } - else if ( v.is("--dump-version") ) + else if ( is(v, "--dump-version") ) dump_version(sc); - else if ( v.is("--enable-inline-test") ) + else if ( is(v, "--enable-inline-test") ) sc->run_flags |= RUN_FLAG__INLINE_TEST; - else if ( v.is("--enable-test-features") ) + else if ( is(v, "--enable-test-features") ) { sc->run_flags |= RUN_FLAG__TEST_FEATURES; SfIp::test_features = true; } - else if ( v.is("--gen-msg-map") ) + else if ( is(v, "--gen-msg-map") ) { sc->run_flags |= (RUN_FLAG__DUMP_MSG_MAP | RUN_FLAG__TEST); sc->output_flags |= OUTPUT_FLAG__ALERT_REFS; SnortConfig::set_log_quiet(true); } - else if ( v.is("--help") ) + else if ( is(v, "--help") ) help_basic(sc, v.get_string()); - else if ( v.is("--help-commands") ) + else if ( is(v, "--help-commands") ) help_commands(sc, v.get_string()); - else if ( v.is("--help-config") ) + else if ( is(v, "--help-config") ) help_config(sc, v.get_string()); - else if ( v.is("--help-counts") ) + else if ( is(v, "--help-counts") ) help_counts(sc, v.get_string()); - else if ( v.is("--help-limits") ) + else if ( is(v, "--help-limits") ) help_limits(sc, v.get_string()); - else if ( v.is("--help-module") ) + else if ( is(v, "--help-module") ) help_module(sc, v.get_string()); - else if ( v.is("--help-modules") ) + else if ( is(v, "--help-modules") ) help_modules(sc, v.get_string()); - else if ( v.is("--help-modules-json") ) + else if ( is(v, "--help-modules-json") ) help_modules_json(sc, v.get_string()); - else if ( v.is("--help-options") ) + else if ( is(v, "--help-options") ) help_options(sc, v.get_string()); - else if ( v.is("--help-plugins") ) + else if ( is(v, "--help-plugins") ) help_plugins(sc, v.get_string()); - else if ( v.is("--help-signals") ) + else if ( is(v, "--help-signals") ) help_signals(sc, v.get_string()); - else if ( v.is("--id-offset") ) + else if ( is(v, "--id-offset") ) sc->id_offset = v.get_uint16(); - else if ( v.is("--id-subdir") ) + else if ( is(v, "--id-subdir") ) sc->id_subdir = true; - else if ( v.is("--id-zero") ) + else if ( is(v, "--id-zero") ) sc->id_zero = true; - else if ( v.is("--include-path") ) + else if ( is(v, "--include-path") ) sc->set_include_path(v.get_string()); - else if ( v.is("--list-buffers") ) + else if ( is(v, "--list-buffers") ) help_buffers(sc, v.get_string()); - else if ( v.is("--list-builtin") ) + else if ( is(v, "--list-builtin") ) help_builtin(sc, v.get_string()); - else if ( v.is("--list-gids") ) + else if ( is(v, "--list-gids") ) help_gids(sc, v.get_string()); - else if ( v.is("--list-modules") ) + else if ( is(v, "--list-modules") ) list_modules(sc, v.get_string()); - else if ( v.is("--list-plugins") ) + else if ( is(v, "--list-plugins") ) list_plugins(sc, v.get_string()); - else if ( v.is("--lua") ) + else if ( is(v, "--lua") ) sc->policy_map->get_shell()->set_overrides(v.get_string()); - else if ( v.is("--lua-sandbox") ) + else if ( is(v, "--lua-sandbox") ) Shell::set_lua_sandbox(v.get_string()); - else if ( v.is("--markup") ) + else if ( is(v, "--markup") ) config_markup(sc, v.get_string()); - else if ( v.is("--mem-check") ) + else if ( is(v, "--mem-check") ) sc->run_flags |= (RUN_FLAG__TEST | RUN_FLAG__MEM_CHECK); - else if ( v.is("--metadata-filter") ) + else if ( is(v, "--metadata-filter") ) sc->metadata_filter = v.get_string(); - else if ( v.is("--nostamps") ) + else if ( is(v, "--nostamps") ) sc->set_no_logging_timestamps(true); - else if ( v.is("--nolock-pidfile") ) + else if ( is(v, "--nolock-pidfile") ) sc->run_flags |= RUN_FLAG__NO_LOCK_PID_FILE; - else if ( v.is("--no-warn-flowbits") ) + else if ( is(v, "--no-warn-flowbits") ) no_warn_flowbits = true; - else if ( v.is("--no-warn-rules") ) + else if ( is(v, "--no-warn-rules") ) no_warn_rules = true; - else if ( v.is("--pause") ) + else if ( is(v, "--pause") ) sc->run_flags |= RUN_FLAG__PAUSE; #ifdef REG_TEST - else if ( v.is("--pause-after-n") ) + else if ( is(v, "--pause-after-n") ) sc->pkt_pause_cnt = v.get_uint64(); #endif - else if ( v.is("--pcap-file") ) + else if ( is(v, "--pcap-file") ) { sc->run_flags |= RUN_FLAG__READ; Trough::add_source(Trough::SOURCE_FILE_LIST, v.get_string()); } - else if ( v.is("--pcap-dir") ) + else if ( is(v, "--pcap-dir") ) { sc->run_flags |= RUN_FLAG__READ; Trough::add_source(Trough::SOURCE_DIR, v.get_string()); } - else if ( v.is("--pcap-filter") ) + else if ( is(v, "--pcap-filter") ) Trough::set_filter(v.get_string()); - else if ( v.is("--pcap-loop") ) + else if ( is(v, "--pcap-loop") ) Trough::set_loop_count(v.get_uint32()); - else if ( v.is("--pcap-no-filter") ) + else if ( is(v, "--pcap-no-filter") ) Trough::set_filter(nullptr); - else if ( v.is("--pcap-show") ) + else if ( is(v, "--pcap-show") ) sc->run_flags |= RUN_FLAG__PCAP_SHOW; #ifdef PIGLET - else if ( v.is("--piglet") ) + else if ( is(v, "--piglet") ) sc->run_flags |= RUN_FLAG__PIGLET; #endif - else if ( v.is("--plugin-path") ) + else if ( is(v, "--plugin-path") ) sc->add_plugin_path(v.get_string()); - else if ( v.is("--process-all-events") ) + else if ( is(v, "--process-all-events") ) sc->set_process_all_events(true); - else if ( v.is("--rule") ) + else if ( is(v, "--rule") ) parser_append_rules(v.get_string()); - else if ( v.is("--rule-path") ) + else if ( is(v, "--rule-path") ) parser_append_includes(v.get_string()); - else if ( v.is("--rule-to-hex") ) + else if ( is(v, "--rule-to-hex") ) dump_rule_hex(sc, v.get_string()); - else if ( v.is("--rule-to-text") ) + else if ( is(v, "--rule-to-text") ) dump_rule_text(sc, v.get_string()); - else if ( v.is("--run-prefix") ) + else if ( is(v, "--run-prefix") ) sc->run_prefix = v.get_string(); - else if ( v.is("--script-path") ) + else if ( is(v, "--script-path") ) sc->add_script_path(v.get_string()); #ifdef SHELL - else if ( v.is("--shell") ) + else if ( is(v, "--shell") ) sc->run_flags |= RUN_FLAG__SHELL; #endif - else if ( v.is("--show-file-codes") ) + else if ( is(v, "--show-file-codes") ) sc->run_flags |= RUN_FLAG__SHOW_FILE_CODES; - else if ( v.is("--show-plugins") ) + else if ( is(v, "--show-plugins") ) SnortConfig::enable_log_show_plugins(); - else if ( v.is("--skip") ) + else if ( is(v, "--skip") ) sc->pkt_skip = v.get_uint64(); - else if ( v.is("--stdin-rules") ) + else if ( is(v, "--stdin-rules") ) sc->stdin_rules = true; - else if ( v.is("--talos") ) + else if ( is(v, "--talos") ) sc->set_tweaks("talos"); - else if ( v.is("--tweaks") ) + else if ( is(v, "--tweaks") ) sc->set_tweaks(v.get_string()); #if defined(UNIT_TEST) || defined(BENCHMARK_TEST) - else if ( v.is("--catch-test") ) + else if ( is(v, "--catch-test") ) catch_set_filter(v.get_string()); #endif - else if ( v.is("--version") ) + else if ( is(v, "--version") ) help_version(sc); - else if ( v.is("--warn-all") ) + else if ( is(v, "--warn-all") ) sc->warning_flags = 0xFFFFFFFF; - else if ( v.is("--warn-conf") ) + else if ( is(v, "--warn-conf") ) sc->warning_flags |= (1 << WARN_CONF); - else if ( v.is("--warn-conf-strict") ) + else if ( is(v, "--warn-conf-strict") ) sc->warning_flags |= (1 << WARN_CONF_STRICT); - else if ( v.is("--warn-daq") ) + else if ( is(v, "--warn-daq") ) sc->warning_flags |= (1 << WARN_DAQ); - else if ( v.is("--warn-flowbits") ) + else if ( is(v, "--warn-flowbits") ) sc->warning_flags |= (1 << WARN_FLOWBITS); - else if ( v.is("--warn-hosts") ) + else if ( is(v, "--warn-hosts") ) sc->warning_flags |= (1 << WARN_HOSTS); - else if ( v.is("--warn-plugins") ) + else if ( is(v, "--warn-plugins") ) sc->warning_flags |= (1 << WARN_PLUGINS); - else if ( v.is("--warn-rules") ) + else if ( is(v, "--warn-rules") ) sc->warning_flags |= (1 << WARN_RULES); - else if ( v.is("--warn-scripts") ) + else if ( is(v, "--warn-scripts") ) sc->warning_flags |= (1 << WARN_SCRIPTS); - else if ( v.is("--warn-symbols") ) + else if ( is(v, "--warn-symbols") ) sc->warning_flags |= (1 << WARN_SYMBOLS); - else if ( v.is("--warn-vars") ) + else if ( is(v, "--warn-vars") ) sc->warning_flags |= (1 << WARN_VARS); - else if ( v.is("--x2c") ) + else if ( is(v, "--x2c") ) x2c(v.get_uint8()); - else if ( v.is("--x2s") ) + else if ( is(v, "--x2s") ) x2s(v.get_string()); return true; @@ -1172,6 +1190,8 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) bool SnortModule::end(const char*, int, SnortConfig* sc) { + cli_mode = false; + if ( sc->offload_threads and ThreadConfig::get_instance_max() != 1 ) ParseError("You can not enable experimental offload with more than one packet thread."); diff --git a/src/packet_io/sfdaq_module.cc b/src/packet_io/sfdaq_module.cc index 125329386..e863d2685 100644 --- a/src/packet_io/sfdaq_module.cc +++ b/src/packet_io/sfdaq_module.cc @@ -158,7 +158,10 @@ bool SFDAQModule::end(const char* fqn, int idx, SnortConfig* sc) else if (!strcmp(fqn, "daq")) { if ( sc->daq_config ) + { + config->overlay(sc->daq_config); delete sc->daq_config; + } sc->daq_config = config; config = nullptr;