From: Bhagya Tholpady (bbantwal) Date: Thu, 7 May 2020 18:56:51 +0000 (+0000) Subject: Merge pull request #2184 in SNORT/snort3 from ~OKHOMIAK/snort3:verbose_output_for_bin... X-Git-Tag: 3.0.1-4~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f002fd5104b24dcd69a08da54224606e303080a9;p=thirdparty%2Fsnort3.git Merge pull request #2184 in SNORT/snort3 from ~OKHOMIAK/snort3:verbose_output_for_binders to master Squashed commit of the following: commit 2fd410c112d41467fc950fb45b61da97b784198e Author: Oleksii Shumeiko Date: Fri Apr 24 12:54:58 2020 +0300 log: do not truncate config option names in ConfigLogger commit e5486fbe6016f443dd3f41f7021c2db3b69c10d0 Author: Oleksii Khomiakovskyi Date: Thu Apr 23 11:38:53 2020 +0300 binder: print configured bindings in show() method --- diff --git a/src/log/messages.cc b/src/log/messages.cc index e7dc68d5e..b512ea03d 100644 --- a/src/log/messages.cc +++ b/src/log/messages.cc @@ -23,10 +23,10 @@ #include "messages.h" -#include - #include #include +#include +#include #include "main/snort_config.h" #include "parser/parser.h" @@ -353,86 +353,146 @@ NORETURN_ASSERT void log_safec_error(const char* msg, void*, int e) assert(false); } -bool ConfigLogger::log_flag(const char* caption, bool flag) +#define CAPTION "%*s: " +#define SUB_CAPTION "%*s = " + +void ConfigLogger::log_option(const char* caption) +{ + LogMessage("%*s:\n", indention, caption); +} + +bool ConfigLogger::log_flag(const char* caption, bool flag, bool subopt) { - LogMessage("%25.25s: %s\n", caption, flag ? "enabled" : "disabled"); + auto fmt = subopt ? SUB_CAPTION "%s\n" : CAPTION "%s\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, flag ? "enabled" : "disabled"); return flag; } -void ConfigLogger::log_limit(const char* caption, int val, int unlim, int disable) +void ConfigLogger::log_limit(const char* caption, int val, int unlim, int disable, bool subopt) { + auto fmt = subopt ? SUB_CAPTION "%d%s\n" : CAPTION "%d%s\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + if ( val == disable ) - LogMessage("%25.25s: %d (disabled)\n", caption, val); + LogMessage(fmt, ind, caption, val, " (disabled)"); else if ( val == unlim ) - LogMessage("%25.25s: %d (unlimited)\n", caption, val); + LogMessage(fmt, ind, caption, val, " (unlimited)"); else - LogMessage("%25.25s: %d\n", caption, val); + LogMessage(fmt, ind, caption, val, ""); } -void ConfigLogger::log_limit(const char* caption, int val, int unlim) +void ConfigLogger::log_limit(const char* caption, int val, int unlim, bool subopt) { + auto fmt = subopt ? SUB_CAPTION "%d%s\n" : CAPTION "%d%s\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + if ( val == unlim ) - LogMessage("%25.25s: %d (unlimited)\n", caption, val); + LogMessage(fmt, ind, caption, val, " (unlimited)"); else - LogMessage("%25.25s: %d\n", caption, val); + LogMessage(fmt, ind, caption, val, ""); } -void ConfigLogger::log_limit(const char* caption, int64_t val, int64_t unlim) +void ConfigLogger::log_limit(const char* caption, int64_t val, int64_t unlim, bool subopt) { + auto fmt = subopt ? SUB_CAPTION "%" PRId64 "%s\n" : CAPTION "%" PRId64 "%s\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + if ( val == unlim ) - LogMessage("%25.25s: %" PRId64 " (unlimited)\n", caption, val); + LogMessage(fmt, ind, caption, val, " (unlimited)"); else - LogMessage("%25.25s: %" PRId64 "\n", caption, val); + LogMessage(fmt, ind, caption, val, ""); } -void ConfigLogger::log_value(const char* caption, int32_t n) +void ConfigLogger::log_value(const char* caption, int n, const char* descr, bool subopt) { - LogMessage("%25.25s: %" PRId32 "\n", caption, n); + auto fmt = subopt ? SUB_CAPTION "%" PRId32 " (%s)\n" : CAPTION "%" PRId32 " (%s)\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n, descr); } -void ConfigLogger::log_value(const char* caption, uint32_t n) +void ConfigLogger::log_value(const char* caption, int32_t n, bool subopt) { - LogMessage("%25.25s: %" PRIu32 "\n", caption, n); + auto fmt = subopt ? SUB_CAPTION "%" PRId32 "\n" : CAPTION "%" PRId32 "\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n); } -void ConfigLogger::log_value(const char* caption, int64_t n) +void ConfigLogger::log_value(const char* caption, uint32_t n, bool subopt) { - LogMessage("%25.25s: %" PRId64 "\n", caption, n); + auto fmt = subopt ? SUB_CAPTION "%" PRIu32 "\n" : CAPTION "%" PRIu32 "\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n); } -void ConfigLogger::log_value(const char* caption, uint64_t n) +void ConfigLogger::log_value(const char* caption, int64_t n, bool subopt) { - LogMessage("%25.25s: %" PRIu64 "\n", caption, n); + auto fmt = subopt ? SUB_CAPTION "%" PRId64 "\n" : CAPTION "%" PRId64 "\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n); } -void ConfigLogger::log_value(const char* caption, const char* str) +void ConfigLogger::log_value(const char* caption, uint64_t n, bool subopt) { - if ( str and str[0] ) - LogMessage("%25.25s: %s\n", caption, str); + auto fmt = subopt ? SUB_CAPTION "%" PRIu64 "\n" : CAPTION "%" PRIu64 "\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n); } -void ConfigLogger::log_list(const char* caption, const char* list) +void ConfigLogger::log_value(const char* caption, double n, bool subopt) { - std::string res; - std::stringstream ss; - const std::string offset(26,' '); + auto fmt = subopt ? SUB_CAPTION "%lf\n" : CAPTION "%lf\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, n); +} + +void ConfigLogger::log_value(const char* caption, const char* str, bool subopt) +{ + if ( !str or !str[0] ) + return; - size_t len = 0; + auto fmt = subopt ? SUB_CAPTION "%s\n" : CAPTION "%s\n"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + LogMessage(fmt, ind, caption, str); +} + +void ConfigLogger::log_list(const char* caption, const char* list, const char* prefix, bool subopt) +{ + if ( !list or !list[0] ) + return; + + auto delim_symbol = subopt ? "=" : ":"; + auto ind = subopt ? indention + strlen(caption) + 2 : indention; + + const char* const delim = (caption and caption[0]) ? delim_symbol : " "; + const char* const head_fmt = "%*s%s%.0s%s\n"; + const char* const tail_fmt = "%*.0s%.0s%s%s\n"; + const char* fmt = head_fmt; + + std::stringstream ss(list); + std::string res; std::string val; - ss << list; while (ss >> val) { - if ( len + val.length() > max_line_len ) + if ( res.length() + val.length() > max_line_len ) { - res += '\n' + offset; - len = 0; + LogMessage(fmt, ind, caption, delim, prefix, res.c_str()); + fmt = tail_fmt; + res.clear(); } res += ' ' + val; - len += val.length() + 1; } - LogMessage("%25.25s:%s\n", caption, res.c_str()); + LogMessage(fmt, ind, caption, delim, prefix, res.c_str()); } } //namespace snort diff --git a/src/log/messages.h b/src/log/messages.h index cac2409dd..b0b93ca54 100644 --- a/src/log/messages.h +++ b/src/log/messages.h @@ -70,18 +70,22 @@ class SO_PUBLIC ConfigLogger final { public: ConfigLogger() = delete; - static bool log_flag(const char* caption, bool flag); - static void log_limit(const char* caption, int val, int unlim); - static void log_limit(const char* caption, int val, int unlim, int disable); - static void log_limit(const char* caption, int64_t val, int64_t unlim); - static void log_value(const char* caption, int32_t n); - static void log_value(const char* caption, uint32_t n); - static void log_value(const char* caption, int64_t n); - static void log_value(const char* caption, uint64_t n); - static void log_value(const char* caption, const char* str); - static void log_list(const char* caption, const char* list); + static void log_option(const char* caption); + static bool log_flag(const char* caption, bool flag, bool subopt = false); + static void log_limit(const char* caption, int val, int unlim, bool subopt = false); + static void log_limit(const char* caption, int val, int unlim, int disable, bool subopt = false); + static void log_limit(const char* caption, int64_t val, int64_t unlim, bool subopt = false); + static void log_value(const char* caption, int n, const char* descr, bool subopt = false); + static void log_value(const char* caption, int32_t n, bool subopt = false); + static void log_value(const char* caption, uint32_t n, bool subopt = false); + static void log_value(const char* caption, int64_t n, bool subopt = false); + static void log_value(const char* caption, uint64_t n, bool subopt = false); + static void log_value(const char* caption, double n, bool subopt = false); + static void log_value(const char* caption, const char* str, bool subopt = false); + static void log_list(const char* caption, const char* list, const char* prefix = " ", bool subopt = false); private: - static constexpr size_t max_line_len = 75; + static constexpr int indention = 25; + static constexpr int max_line_len = 75; }; // FIXIT-RC do not call FatalError() during runtime diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc index 7678a6ed8..26fe8d6e5 100644 --- a/src/network_inspectors/arp_spoof/arp_spoof.cc +++ b/src/network_inspectors/arp_spoof/arp_spoof.cc @@ -120,7 +120,7 @@ static void arp_config_show(const ArpSpoofConfig* config) if ( !config->ipmel.size() ) return; - ConfigLogger::log_list("hosts", "(list)"); + ConfigLogger::log_option("hosts"); for (auto& ip : config->ipmel) { diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc index e4636621e..2f102f210 100644 --- a/src/network_inspectors/binder/binder.cc +++ b/src/network_inspectors/binder/binder.cc @@ -21,6 +21,9 @@ #include "config.h" #endif +#include +#include + #include "flow/flow.h" #include "flow/flow_key.h" #include "framework/data_bus.h" @@ -454,6 +457,193 @@ static Inspector* get_gadget_by_id(const char* service) return InspectorManager::get_inspector_by_service(s); } +static std::string to_string(const sfip_var_t* list) +{ + std::string ipset; + + if ( !list or !list->head ) + return ""; + + for (auto node = list->head; node; node = node->next) + { + SfIpString ip_str; + auto ip = node->ip; + + ip->get_addr()->ntop(ip_str); + ipset += std::string(ip_str); + + if ( ((ip->get_family() == AF_INET6) and (ip->get_bits() != 128)) or + ((ip->get_family() == AF_INET ) and (ip->get_bits() != 32 )) ) + { + auto bits = ip->get_bits(); + bits -= (ip->get_family() == AF_INET and bits) ? 96 : 0; + ipset += "/" + std::to_string(bits); + } + + ipset += ", "; + } + + if ( !ipset.empty() ) + ipset.erase(ipset.end() - 2, ipset.end()); + + return ipset; +} + +template +static std::string to_string(const std::bitset& bitset) +{ + std::stringstream ss; + + if ( bitset.none() or bitset.all() ) + return ""; + + for (unsigned i = 0; i < bitset.size(); ++i) + if ( bitset[i] ) + ss << i << " "; + + auto str = ss.str(); + if ( !str.empty() ) + str.pop_back(); + + return str; +} + +static std::string to_string(const BindWhen::Role& role) +{ + switch( role ) + { + case BindWhen::BR_CLIENT: + return "client"; + case BindWhen::BR_SERVER: + return "server"; + default: + return ""; + } +} + +static std::string proto_to_string(unsigned proto) +{ + switch( proto ) + { + case PROTO_BIT__IP: + return "ip"; + case PROTO_BIT__ICMP: + return "icmp"; + case PROTO_BIT__TCP: + return "tcp"; + case PROTO_BIT__UDP: + return "udp"; + case PROTO_BIT__PDU: + return "user"; + case PROTO_BIT__FILE: + return "file"; + default: + return ""; + } +} + +static std::string to_string(const BindUse::Action& action) +{ + switch( action ) + { + case BindUse::BA_RESET: + return "reset"; + case BindUse::BA_BLOCK: + return "block"; + case BindUse::BA_ALLOW: + return "allow"; + default: + return ""; + } +} + +static std::string to_string(const BindWhen& bw) +{ + std::string when; + + when += "{"; + + if ( bw.ips_id_user ) + when += " ips_policy_id = " + std::to_string(bw.ips_id_user) + ","; + + if ( !bw.svc.empty() ) + when += " service = " + bw.svc + ","; + + auto role = to_string(bw.role); + if ( !role.empty() ) + when += " role = " + role + ","; + + auto proto = proto_to_string(bw.protos); + if ( !proto.empty() ) + when += " proto = " + proto + ","; + + auto src_nets = to_string(bw.src_nets); + auto dst_nets = to_string(bw.dst_nets); + + if ( !src_nets.empty() ) + when += (bw.split_nets ? " src_nets = " : " nets = ") + src_nets + ","; + if ( bw.split_nets and !dst_nets.empty() ) + when += " dst_nets = " + dst_nets + ","; + + auto src_ports = to_string<65536>(bw.src_ports); + auto dst_ports = to_string<65536>(bw.dst_ports); + + if ( !src_ports.empty() ) + when += (bw.split_ports ? " src_ports = " : " ports = ") + src_ports + ","; + if ( bw.split_ports and !dst_ports.empty() ) + when += " dst_ports = " + dst_ports + ","; + + auto src_zones = to_string<64>(bw.src_zones); + auto dst_zones = to_string<64>(bw.dst_zones); + + if ( !src_zones.empty() ) + when += (bw.split_zones ? " src_zones = " : " zones = ") + src_zones + ","; + if ( bw.split_zones and !dst_zones.empty() ) + when += " dst_zones = " + dst_zones + ","; + + auto ifaces = to_string<256>(bw.ifaces); + if ( !ifaces.empty() ) + when += " ifaces = " + ifaces + ","; + + auto vlans = to_string<4096>(bw.vlans); + if ( !vlans.empty() ) + when += " vlans = " + vlans + ","; + + if ( when.length() > 1 ) + when.pop_back(); + + when += " }"; + + return when; +} + +static std::string to_string(const BindUse& bu) +{ + std::string use; + + use += "{"; + + auto action = to_string(bu.action); + if ( !action.empty() ) + use += " action = " + action + ","; + + if ( !bu.svc.empty() ) + use += " service = " + bu.svc + ","; + + if ( !bu.type.empty() ) + use += " type = " + ((bu.type.at(0) == '.') ? bu.type.substr(1) : bu.type) + ","; + + if ( !bu.name.empty() and (bu.type != bu.name) ) + use += " name = " + bu.name + ","; + + if ( use.length() > 1 ) + use.pop_back(); + + use += " }"; + + return use; +} + //------------------------------------------------------------------------- // stuff stuff //------------------------------------------------------------------------- @@ -635,6 +825,7 @@ public: void remove_inspector_binding(SnortConfig*, const char*) override; bool configure(SnortConfig*) override; + void show(SnortConfig*) override; void eval(Packet*) override { } @@ -754,6 +945,27 @@ bool Binder::configure(SnortConfig* sc) return true; } +void Binder::show(SnortConfig*) +{ + std::once_flag once; + + if ( !bindings.size() ) + return; + + for (auto& b : bindings) + { + auto when = b->when; + auto use = b->use; + + std::call_once(once, []{ ConfigLogger::log_option("bindings"); }); + + auto bind_when = "{ when = " + to_string(when) + ","; + auto bind_use = "use = " + to_string(use) + " }"; + ConfigLogger::log_list("", bind_when.c_str(), " "); + ConfigLogger::log_list("", bind_use.c_str(), " ", true); + } +} + void Binder::remove_inspector_binding(SnortConfig*, const char* name) { vector::iterator it;