From: Russ Combs (rucombs) Date: Tue, 19 May 2020 12:26:26 +0000 (+0000) Subject: Merge pull request #2213 in SNORT/snort3 from ~RUCOMBS/snort3:snort_conf to master X-Git-Tag: 3.0.1-4~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc2955ac88f8fa3c35d28c23b44118a10d414aea;p=thirdparty%2Fsnort3.git Merge pull request #2213 in SNORT/snort3 from ~RUCOMBS/snort3:snort_conf to master Squashed commit of the following: commit 7107ad5aa179c81bcf297198c9565dbf7c1af453 Author: russ Date: Mon May 11 17:33:04 2020 -0400 build: fix cppcheck warnings and typos commit 514844215a86e5e683649392f7eb3317c667f678 Author: russ Date: Mon May 11 09:27:16 2020 -0400 snort_config: constify Inspector::show and remove unnecessary logger args commit 4f61396efb898de6054dd3068bd2784f313bdf06 Author: russ Date: Sun May 10 12:33:07 2020 -0400 search_tool: refactor initialization commit c24ff7a06b405b18b85c1317d4c42438ffcd8676 Author: russ Date: Sun May 10 11:28:29 2020 -0400 mpse: constify snort config args commit cff5647c6f32eb1321964b729aac16fcfedaee2d Author: russ Date: Sat May 9 11:22:32 2020 -0400 snort_config: minimize thread local access to snort_config commit 48a6e0db8b675c3283befb04b13b6468c98ce570 Author: russ Date: Fri May 8 16:59:31 2020 -0400 snort_config: use provided conf commit d1329377a0c1a4fa5b333182c568da38c3b6b9a2 Author: russ Date: Tue Apr 28 15:01:35 2020 -0400 snort_config: make const for packet threads commit c47aabc1d11ff6208b5cb1a970a7c7f49033625d Author: russ Date: Sun Apr 26 10:54:15 2020 -0400 snort_config: pseudo packet initialization commit bf4ac2a8d1910452c170577f62fa23c6856d81c0 Author: russ Date: Sun Apr 26 09:54:45 2020 -0400 snort_config: refactor access methods --- diff --git a/src/codecs/ip/cd_auth.cc b/src/codecs/ip/cd_auth.cc index ce449d9ec..0be8f5131 100644 --- a/src/codecs/ip/cd_auth.cc +++ b/src/codecs/ip/cd_auth.cc @@ -104,7 +104,7 @@ bool AuthCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) // must be called AFTER setting next_prot_id if (snort.ip_api.is_ip6()) { - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_dst_opts.cc b/src/codecs/ip/cd_dst_opts.cc index 2681fc5ce..db1fc8f74 100644 --- a/src/codecs/ip/cd_dst_opts.cc +++ b/src/codecs/ip/cd_dst_opts.cc @@ -60,7 +60,7 @@ bool Ipv6DSTOptsCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) return false; } - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); if (dsthdr->ip6dest_nxt == IpProtocol::ROUTING) diff --git a/src/codecs/ip/cd_esp.cc b/src/codecs/ip/cd_esp.cc index d2e1add93..211f30e06 100644 --- a/src/codecs/ip/cd_esp.cc +++ b/src/codecs/ip/cd_esp.cc @@ -97,7 +97,7 @@ bool EspCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) uint8_t pad_length; uint8_t ip_proto; - if (!SnortConfig::esp_decoding()) + if (!codec.conf->esp_decoding()) return false; /* The ESP header contains a crypto Initialization Vector (IV) and @@ -126,7 +126,7 @@ bool EspCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) // must be called AFTER setting next_prot_id if (snort.ip_api.is_ip6()) { - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_frag.cc b/src/codecs/ip/cd_frag.cc index 4be6f2aaf..2c903f06a 100644 --- a/src/codecs/ip/cd_frag.cc +++ b/src/codecs/ip/cd_frag.cc @@ -55,7 +55,7 @@ bool Ipv6FragCodec::decode(const RawData& raw, CodecData& codec, DecodeData& sno return false; } - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_gre.cc b/src/codecs/ip/cd_gre.cc index 407b6bd0a..9af9a1159 100644 --- a/src/codecs/ip/cd_gre.cc +++ b/src/codecs/ip/cd_gre.cc @@ -269,7 +269,7 @@ bool GreCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) return false; } - if (SnortConfig::tunnel_bypass_enabled(TUNNEL_GRE)) + if (codec.conf->tunnel_bypass_enabled(TUNNEL_GRE)) codec.tunnel_bypass = true; codec.lyr_len = len; diff --git a/src/codecs/ip/cd_hop_opts.cc b/src/codecs/ip/cd_hop_opts.cc index 44e8b5aa1..ca0f55900 100644 --- a/src/codecs/ip/cd_hop_opts.cc +++ b/src/codecs/ip/cd_hop_opts.cc @@ -64,7 +64,7 @@ bool Ipv6HopOptsCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) return false; } - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_icmp4.cc b/src/codecs/ip/cd_icmp4.cc index 5c3e73eb6..684de2cdb 100644 --- a/src/codecs/ip/cd_icmp4.cc +++ b/src/codecs/ip/cd_icmp4.cc @@ -156,7 +156,7 @@ bool Icmp4Codec::decode(const RawData& raw, CodecData& codec,DecodeData& snort) const ICMPHdr* const icmph = reinterpret_cast(raw.data); uint16_t len = 0; - if (SnortConfig::icmp_checksums() && !valid_checksum_from_daq(raw)) + if (snort::get_network_policy()->icmp_checksums() && !valid_checksum_from_daq(raw)) { uint16_t csum = checksum::cksum_add((const uint16_t*)icmph, raw.len); diff --git a/src/codecs/ip/cd_icmp6.cc b/src/codecs/ip/cd_icmp6.cc index 20dbd9a5b..27f2f37ef 100644 --- a/src/codecs/ip/cd_icmp6.cc +++ b/src/codecs/ip/cd_icmp6.cc @@ -149,7 +149,7 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) const icmp::Icmp6Hdr* const icmp6h = reinterpret_cast(raw.data); - if ( SnortConfig::icmp_checksums() && !valid_checksum_from_daq(raw)) + if ( snort::get_network_policy()->icmp_checksums() && !valid_checksum_from_daq(raw)) { checksum::Pseudoheader6 ph6; COPY4(ph6.hdr.sip, snort.ip_api.get_src()->get_ip6_ptr()); diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index 525f1cf0d..c1759bef1 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -169,7 +169,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if ( SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) ) + if ( codec.conf->hit_ip_maxlayers(codec.ip_layer_cnt) ) { codec_event(codec, DECODE_IP_MULTIPLE_ENCAPSULATION); return false; @@ -226,7 +226,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 4-in-6 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) ) + else if ( codec.conf->tunnel_bypass_enabled(TUNNEL_4IN6) ) codec.tunnel_bypass = true; } else if (snort.ip_api.is_ip4()) @@ -234,7 +234,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 4-in-4 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4)) + else if (codec.conf->tunnel_bypass_enabled(TUNNEL_4IN4)) codec.tunnel_bypass = true; } @@ -256,7 +256,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) */ IP4AddrTests(iph, codec, snort); - if (SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw)) + if (snort::get_network_policy()->ip_checksums() && !valid_checksum_from_daq(raw)) { // routers drop packets with bad IP checksums, we don't really need to check them... int16_t csum = checksum::ip_cksum((const uint16_t*)iph, hlen); @@ -399,7 +399,7 @@ void Ipv4Codec::IP4AddrTests( if ( msb_src == ip::IP4_MULTICAST ) codec_event(codec, DECODE_IP4_SRC_MULTICAST); - if ( SnortConfig::is_address_anomaly_check_enabled() ) + if ( codec.conf->is_address_anomaly_check_enabled() ) { if ( msb_src == ip::IP4_RESERVED || sfvar_ip_in(MulticastReservedIp, snort.ip_api.get_src()) ) codec_event(codec, DECODE_IP4_SRC_RESERVED); @@ -553,13 +553,12 @@ default_case: ********************* L O G G E R ****************************** *******************************************************************/ -void Ipv4Codec::log(TextLog* const text_log, const uint8_t* raw_pkt, - const uint16_t lyr_len) +void Ipv4Codec::log(TextLog* const text_log, const uint8_t* raw_pkt, const uint16_t lyr_len) { const ip::IP4Hdr* const ip4h = reinterpret_cast(raw_pkt); // FIXIT-RC this does NOT obfuscate correctly - if (SnortConfig::obfuscate()) + if (SnortConfig::get_conf()->obfuscate()) { TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx"); } diff --git a/src/codecs/ip/cd_ipv6.cc b/src/codecs/ip/cd_ipv6.cc index f1f8432d4..90950b0f6 100644 --- a/src/codecs/ip/cd_ipv6.cc +++ b/src/codecs/ip/cd_ipv6.cc @@ -149,7 +149,7 @@ bool Ipv6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if ( SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) ) + if ( codec.conf->hit_ip_maxlayers(codec.ip_layer_cnt) ) { codec_event(codec, DECODE_IP_MULTIPLE_ENCAPSULATION); return false; @@ -187,7 +187,7 @@ bool Ipv6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 6-in-4 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_6IN4) ) + else if ( codec.conf->tunnel_bypass_enabled(TUNNEL_6IN4) ) codec.tunnel_bypass = true; } else if (snort.ip_api.is_ip6()) @@ -195,7 +195,7 @@ bool Ipv6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 6-in-6 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_6IN6)) + else if (codec.conf->tunnel_bypass_enabled(TUNNEL_6IN6)) codec.tunnel_bypass = true; } @@ -542,7 +542,7 @@ void Ipv6Codec::log(TextLog* const text_log, const uint8_t* raw_pkt, const ip::IP6Hdr* const ip6h = reinterpret_cast(raw_pkt); // FIXIT-RC this does NOT obfuscate correctly - if (SnortConfig::obfuscate()) + if (SnortConfig::get_conf()->obfuscate()) { TextLog_Print(text_log, "x:x:x:x::x:x:x:x -> x:x:x:x::x:x:x:x"); } diff --git a/src/codecs/ip/cd_mobility.cc b/src/codecs/ip/cd_mobility.cc index c7f2cc0bb..50d65da4f 100644 --- a/src/codecs/ip/cd_mobility.cc +++ b/src/codecs/ip/cd_mobility.cc @@ -60,7 +60,7 @@ void MobilityCodec::get_protocol_ids(std::vector& v) bool MobilityCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) { const MobileIPV6Header* const mip6 = reinterpret_cast(raw.data); - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_no_next.cc b/src/codecs/ip/cd_no_next.cc index de1ef8b8f..4301e5d56 100644 --- a/src/codecs/ip/cd_no_next.cc +++ b/src/codecs/ip/cd_no_next.cc @@ -49,7 +49,7 @@ bool Ipv6NoNextCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) if (raw.len < ip::MIN_EXT_LEN) return false; - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_routing.cc b/src/codecs/ip/cd_routing.cc index 799d5b744..c8d16df0d 100644 --- a/src/codecs/ip/cd_routing.cc +++ b/src/codecs/ip/cd_routing.cc @@ -80,7 +80,7 @@ bool Ipv6RoutingCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) return false; } - if ( SnortConfig::get_conf()->hit_ip6_maxopts(codec.ip6_extension_count) ) + if ( codec.conf->hit_ip6_maxopts(codec.ip6_extension_count) ) { codec_event(codec, DECODE_IP6_EXCESS_EXT_HDR); return false; diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index 4bdcde167..cf5893d10 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -218,7 +218,7 @@ bool TcpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if (SnortConfig::tcp_checksums() && !valid_checksum_from_daq(raw)) + if (snort::get_network_policy()->tcp_checksums() && !valid_checksum_from_daq(raw)) { PegCount* bad_cksum_cnt; bool valid; @@ -528,7 +528,7 @@ void TcpCodec::flag_tests(const tcp::TCPHdr* const tcph, } } - if ( SnortConfig::is_address_anomaly_check_enabled() ) + if ( codec.conf->is_address_anomaly_check_enabled() ) { if ( sfvar_ip_in(SynToMulticastDstIp, snort.ip_api.get_dst()) ) codec_event(codec, DECODE_SYN_TO_MULTICAST); diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 8443a82ad..e6745b41e 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -340,7 +340,7 @@ bool UdpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if (SnortConfig::udp_checksums() && !valid_checksum_from_daq(raw)) + if (snort::get_network_policy()->udp_checksums() && !valid_checksum_from_daq(raw)) { PegCount* bad_cksum_cnt; bool valid; diff --git a/src/codecs/link/cd_mpls.cc b/src/codecs/link/cd_mpls.cc index 8acf8b171..b31ef2a1d 100644 --- a/src/codecs/link/cd_mpls.cc +++ b/src/codecs/link/cd_mpls.cc @@ -191,14 +191,14 @@ bool MplsCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) codec.proto_bits |= PROTO_BIT__MPLS; if (!iRet) { - iRet = SnortConfig::get_mpls_payload_type(); + iRet = codec.conf->get_mpls_payload_type(); } } tmpMplsHdr++; stack_len -= MPLS_HEADER_LEN; - if ((SnortConfig::get_mpls_stack_depth() != -1) && - (chainLen++ >= SnortConfig::get_mpls_stack_depth())) + if ((codec.conf->get_mpls_stack_depth() != -1) && + (chainLen++ >= codec.conf->get_mpls_stack_depth())) { codec_event(codec, DECODE_MPLS_LABEL_STACK); @@ -207,7 +207,7 @@ bool MplsCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) } } /* while bos not 1, peel off more labels */ - if (SnortConfig::tunnel_bypass_enabled(TUNNEL_MPLS)) + if (codec.conf->tunnel_bypass_enabled(TUNNEL_MPLS)) codec.tunnel_bypass = true; codec.lyr_len = (const uint8_t*)tmpMplsHdr - raw.data; @@ -279,8 +279,8 @@ int MplsCodec::checkMplsHdr(const CodecData& codec, uint32_t label, uint8_t bos) /* when label == 2, IPv6 is expected; * when label == 0, IPv4 is expected */ - if ( (label && ( SnortConfig::get_mpls_payload_type() != MPLS_PAYLOADTYPE_IPV6) ) - || ( (!label) && (SnortConfig::get_mpls_payload_type() != MPLS_PAYLOADTYPE_IPV4))) + if ( (label && ( codec.conf->get_mpls_payload_type() != MPLS_PAYLOADTYPE_IPV6) ) + || ( (!label) && (codec.conf->get_mpls_payload_type() != MPLS_PAYLOADTYPE_IPV4))) { if ( !label ) codec_event(codec, DECODE_BAD_MPLS_LABEL0); @@ -347,7 +347,7 @@ int MplsCodec::checkMplsHdr(const CodecData& codec, uint32_t label, uint8_t bos) } if ( !iRet ) { - iRet = SnortConfig::get_mpls_payload_type(); + iRet = codec.conf->get_mpls_payload_type(); } return iRet; } diff --git a/src/codecs/misc/cd_gtp.cc b/src/codecs/misc/cd_gtp.cc index ae9961c65..c2bd88b61 100644 --- a/src/codecs/misc/cd_gtp.cc +++ b/src/codecs/misc/cd_gtp.cc @@ -174,7 +174,7 @@ bool GtpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& dd) return false; } - if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_GTP) ) + if ( codec.conf->tunnel_bypass_enabled(TUNNEL_GTP) ) codec.tunnel_bypass = true; codec.lyr_len = len; diff --git a/src/codecs/misc/cd_icmp4_ip.cc b/src/codecs/misc/cd_icmp4_ip.cc index 0b21f1a7e..e3c666dcc 100644 --- a/src/codecs/misc/cd_icmp4_ip.cc +++ b/src/codecs/misc/cd_icmp4_ip.cc @@ -151,7 +151,7 @@ void Icmp4IpCodec::log(TextLog* const text_log, const uint8_t* raw_pkt, // the two are not necessarily the same. // FIXIT-RC this does NOT obfuscate correctly - if (SnortConfig::obfuscate()) + if (SnortConfig::get_conf()->obfuscate()) { TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx"); } diff --git a/src/codecs/misc/cd_teredo.cc b/src/codecs/misc/cd_teredo.cc index 63a6c4270..86dfd9fe0 100644 --- a/src/codecs/misc/cd_teredo.cc +++ b/src/codecs/misc/cd_teredo.cc @@ -87,7 +87,7 @@ bool TeredoCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort codec.proto_bits |= PROTO_BIT__TEREDO; codec.codec_flags |= CODEC_TEREDO_SEEN; // for ipv6 codec - if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_TEREDO) ) + if ( codec.conf->tunnel_bypass_enabled(TUNNEL_TEREDO) ) codec.tunnel_bypass = true; if ( (!teredo::is_teredo_port(snort.sp)) && (!teredo::is_teredo_port(snort.dp)) ) diff --git a/src/codecs/misc/cd_vxlan.cc b/src/codecs/misc/cd_vxlan.cc index d6d39c951..e40221280 100644 --- a/src/codecs/misc/cd_vxlan.cc +++ b/src/codecs/misc/cd_vxlan.cc @@ -68,7 +68,7 @@ bool VxlanCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) if ( hdr->flags != 0x08 ) return false; - if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_VXLAN) ) + if ( codec.conf->tunnel_bypass_enabled(TUNNEL_VXLAN) ) codec.tunnel_bypass = true; codec.lyr_len = VXLAN_MIN_HDR_LEN; diff --git a/src/codecs/root/cd_eth.cc b/src/codecs/root/cd_eth.cc index 4a722dd4c..b85ac2203 100644 --- a/src/codecs/root/cd_eth.cc +++ b/src/codecs/root/cd_eth.cc @@ -169,12 +169,14 @@ bool EthCodec::encode(const uint8_t* const raw_in, const uint16_t /*raw_len*/, ho->ether_type = enc.ethertype_set() ? htons(to_utype(enc.next_ethertype)) : hi->ether_type; + const SnortConfig* sc = SnortConfig::get_conf(); + if ( enc.forward() ) { memcpy(ho->ether_src, hi->ether_src, sizeof(ho->ether_src)); - if ( SnortConfig::get_conf()->eth_dst ) - memcpy(ho->ether_dst, SnortConfig::get_conf()->eth_dst, sizeof(ho->ether_dst)); + if ( sc->eth_dst ) + memcpy(ho->ether_dst, sc->eth_dst, sizeof(ho->ether_dst)); else memcpy(ho->ether_dst, hi->ether_dst, sizeof(ho->ether_dst)); } @@ -182,8 +184,8 @@ bool EthCodec::encode(const uint8_t* const raw_in, const uint16_t /*raw_len*/, { memcpy(ho->ether_src, hi->ether_dst, sizeof(ho->ether_src)); - if ( SnortConfig::get_conf()->eth_dst ) - memcpy(ho->ether_dst, SnortConfig::get_conf()->eth_dst, sizeof(ho->ether_dst)); + if ( sc->eth_dst ) + memcpy(ho->ether_dst, sc->eth_dst, sizeof(ho->ether_dst)); else memcpy(ho->ether_dst, hi->ether_src, sizeof(ho->ether_dst)); } diff --git a/src/detection/detect.cc b/src/detection/detect.cc index ddaa9c4ad..5f77ff9d1 100644 --- a/src/detection/detect.cc +++ b/src/detection/detect.cc @@ -64,7 +64,7 @@ bool snort_log(Packet* p) void CallLogFuncs(Packet* p, ListHead* head, Event* event, const char* msg) { - event->event_id = event_id | SnortConfig::get_event_log_id(); + event->event_id = event_id | p->context->conf->get_event_log_id(); DetectionEngine::set_check_tags(false); pc.log_pkts++; @@ -81,7 +81,7 @@ void CallLogFuncs(Packet* p, const OptTreeNode* otn, ListHead* head) event.sig_info = const_cast(&otn->sigInfo); event.ref_time.tv_sec = p->pkth->ts.tv_sec; event.ref_time.tv_usec = p->pkth->ts.tv_usec; - event.event_id = event_id | SnortConfig::get_event_log_id(); + event.event_id = event_id | p->context->conf->get_event_log_id(); event.event_reference = event.event_id; DetectionEngine::set_check_tags(false); @@ -98,7 +98,7 @@ void CallAlertFuncs(Packet* p, const OptTreeNode* otn, ListHead* head) event.sig_info = const_cast(&otn->sigInfo); event.ref_time.tv_sec = p->pkth->ts.tv_sec; event.ref_time.tv_usec = p->pkth->ts.tv_usec; - event.event_id = event_id | SnortConfig::get_event_log_id(); + event.event_id = event_id | p->context->conf->get_event_log_id(); event.event_reference = event.event_id; pc.total_alert_pkts++; diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index e02c61efd..ce388726e 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -63,7 +63,7 @@ using namespace snort; void DetectionEngine::thread_init() { - SnortConfig* sc = SnortConfig::get_conf(); + const SnortConfig* sc = SnortConfig::get_conf(); FastPatternConfig* fp = sc->fast_pattern_config; const MpseApi* offload_search_api = fp->get_offload_search_api(); @@ -151,7 +151,8 @@ Packet* DetectionEngine::set_next_packet(Packet* parent) IpsContext* c = Analyzer::get_switcher()->get_next(); if ( parent ) { - c->snapshot_flow(parent->flow); + if ( parent->flow ) + c->snapshot_flow(parent->flow); c->packet_number = parent->context->packet_number; c->wire_packet = parent->context->wire_packet; } @@ -370,8 +371,6 @@ bool DetectionEngine::do_offload(Packet* p) assert(p == p->context->packet); assert(p->context == sw->get_context()); - p->context->conf = SnortConfig::get_conf(); - debug_logf(detection_trace, TRACE_DETECTION_ENGINE, "%" PRIu64 " de::offload %" PRIu64 " (r=%d)\n", p->context->packet_number, p->context->context_num, offloader->count()); @@ -395,7 +394,7 @@ bool DetectionEngine::offload(Packet* p) ContextSwitcher* sw = Analyzer::get_switcher(); fp_partial(p); - if ( p->dsize >= SnortConfig::get_conf()->offload_limit and + if ( p->dsize >= p->context->conf->offload_limit and p->context->searches.items.size() > 0 ) { if ( offloader->available() ) @@ -575,8 +574,9 @@ bool DetectionEngine::inspect(Packet* p) if ( p->ptrs.decode_flags & DECODE_ERR_FLAGS ) { - if ( SnortConfig::inline_mode() and - SnortConfig::checksum_drop(p->ptrs.decode_flags & DECODE_ERR_CKSUM_ALL) ) + if ( p->context->conf->inline_mode() and + // FIXIT-H check specific proto checksum drop flags + snort::get_network_policy()->checksum_drops(p->ptrs.decode_flags & DECODE_ERR_CKSUM_ALL) ) { p->active->drop_packet(p); } diff --git a/src/detection/detection_util.cc b/src/detection/detection_util.cc index 89badd227..8cd9f3ef2 100644 --- a/src/detection/detection_util.cc +++ b/src/detection/detection_util.cc @@ -48,8 +48,10 @@ static void LogBuffer(const char* s, const uint8_t* p, unsigned n) if ( !p ) return; - if ( n > SnortConfig::get_conf()->event_trace_max ) - n = SnortConfig::get_conf()->event_trace_max; + const SnortConfig* sc = SnortConfig::get_conf(); + + if ( n > sc->event_trace_max ) + n = sc->event_trace_max; for ( idx = 0; idx < n; idx++) { @@ -104,7 +106,9 @@ void EventTrace_Log(const Packet* p, const OptTreeNode* otn, int action) void EventTrace_Init() { - if ( SnortConfig::get_conf()->event_trace_max > 0 ) + const SnortConfig* sc = SnortConfig::get_conf(); + + if ( sc->event_trace_max > 0 ) { time_t now = time(nullptr); char time_buf[26]; @@ -112,7 +116,7 @@ void EventTrace_Init() tlog = TextLog_Init ("event_trace.txt", 4*1024, 8*1024*1024); TextLog_Print(tlog, "\nTrace started at %s", time_buf); - TextLog_Print(tlog, "Trace max_data is %u bytes\n", SnortConfig::get_conf()->event_trace_max); + TextLog_Print(tlog, "Trace max_data is %u bytes\n", sc->event_trace_max); } } diff --git a/src/detection/detection_util.h b/src/detection/detection_util.h index ad0243010..123492e0e 100644 --- a/src/detection/detection_util.h +++ b/src/detection/detection_util.h @@ -46,9 +46,9 @@ void EventTrace_Term(); void EventTrace_Log(const snort::Packet*, const OptTreeNode*, int action); -inline int EventTrace_IsEnabled() +inline int EventTrace_IsEnabled(const snort::SnortConfig* sc) { - return ( snort::SnortConfig::get_conf()->event_trace_max > 0 ); + return ( sc->event_trace_max > 0 ); } #endif diff --git a/src/detection/fp_config.h b/src/detection/fp_config.h index be0226335..80d0934f0 100644 --- a/src/detection/fp_config.h +++ b/src/detection/fp_config.h @@ -47,55 +47,55 @@ public: void set_debug_mode() { debug = true; } - bool get_debug_mode() + bool get_debug_mode() const { return debug; } void set_stream_insert(bool enable) { inspect_stream_insert = enable; } - bool get_stream_insert() + bool get_stream_insert() const { return inspect_stream_insert; } void set_max_queue_events(unsigned num_events) { max_queue_events = num_events; } - unsigned get_max_queue_events() + unsigned get_max_queue_events() const { return max_queue_events; } void set_bleed_over_port_limit(unsigned n) { bleedover_port_limit = n; } - int get_bleed_over_port_limit() + int get_bleed_over_port_limit() const { return bleedover_port_limit; } - int get_single_rule_group() + int get_single_rule_group() const { return portlists_flags & PL_SINGLE_RULE_GROUP; } - int get_bleed_over_warnings() + int get_bleed_over_warnings() const { return portlists_flags & PL_BLEEDOVER_WARNINGS_ENABLED; } - int get_debug_print_nc_rules() + int get_debug_print_nc_rules() const { return portlists_flags & PL_DEBUG_PRINT_NC_DETECT_RULES; } - int get_debug_print_rule_group_build_details() + int get_debug_print_rule_group_build_details() const { return portlists_flags & PL_DEBUG_PRINT_RULEGROUP_BUILD; } - int get_debug_print_rule_groups_compiled() + int get_debug_print_rule_groups_compiled() const { return portlists_flags & PL_DEBUG_PRINT_RULEGROUPS_COMPILED; } - int get_debug_print_rule_groups_uncompiled() + int get_debug_print_rule_groups_uncompiled() const { return portlists_flags & PL_DEBUG_PRINT_RULEGROUPS_UNCOMPILED; } void set_debug_print_fast_patterns(bool b) { debug_print_fast_pattern = b; } - bool get_debug_print_fast_patterns() + bool get_debug_print_fast_patterns() const { return debug_print_fast_pattern; } void set_split_any_any(bool enable) { split_any_any = enable; } - bool get_split_any_any() + bool get_split_any_any() const { return split_any_any; } void set_single_rule_group() @@ -119,7 +119,7 @@ public: void set_search_opt(bool flag) { search_opt = flag; } - bool get_search_opt() + bool get_search_opt() const { return search_opt; } bool set_search_method(const char*); @@ -132,25 +132,25 @@ public: void set_queue_limit(unsigned); - unsigned get_queue_limit() + unsigned get_queue_limit() const { return queue_limit; } - const snort::MpseApi* get_search_api() + const snort::MpseApi* get_search_api() const { return search_api; } - const snort::MpseApi* get_offload_search_api() + const snort::MpseApi* get_offload_search_api() const { return offload_search_api; } - bool get_trim() + bool get_trim() const { return trim; } void trimmed() { num_patterns_trimmed++; } - int get_num_patterns_trimmed() + int get_num_patterns_trimmed() const { return num_patterns_trimmed; } - int get_num_patterns_truncated() + int get_num_patterns_truncated() const { return num_patterns_truncated; } unsigned set_max(unsigned bytes); diff --git a/src/detection/fp_create.cc b/src/detection/fp_create.cc index 0d933ff0f..c9e6bc96e 100644 --- a/src/detection/fp_create.cc +++ b/src/detection/fp_create.cc @@ -382,7 +382,7 @@ static int pmx_create_tree_offload(SnortConfig* sc, void* id, void** existing_tr } static int fpFinishPortGroupRule( - SnortConfig* sc, Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, + Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, Mpse::MpseType mpse_type, bool get_final_pat) { const char* pattern; @@ -409,7 +409,7 @@ static int fpFinishPortGroupRule( Mpse::PatternDescriptor desc( pmd->is_no_case(), pmd->is_negated(), pmd->is_literal(), pmd->mpse_flags); - mpse->add_pattern(sc, (const uint8_t*)pattern, pattern_length, desc, pmx); + mpse->add_pattern((const uint8_t*)pattern, pattern_length, desc, pmx); return 0; } @@ -496,10 +496,11 @@ static int fpFinishPortGroup(SnortConfig* sc, PortGroup* pg, FastPatternConfig* return 0; } -static void fpAddAlternatePatterns(SnortConfig* sc, Mpse* mpse, - OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, Mpse::MpseType mpse_type) +static void fpAddAlternatePatterns( + Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, + Mpse::MpseType mpse_type) { - fpFinishPortGroupRule(sc, mpse, otn, pmd, fp, mpse_type, false); + fpFinishPortGroupRule(mpse, otn, pmd, fp, mpse_type, false); } static int fpAddPortGroupRule( @@ -638,7 +639,7 @@ static int fpAddPortGroupRule( add_nfp_rule = true; // Now add patterns - if (fpFinishPortGroupRule(sc, pg->mpsegrp[main_pmd->pm_type]->normal_mpse, + if (fpFinishPortGroupRule(pg->mpsegrp[main_pmd->pm_type]->normal_mpse, otn, main_pmd, fp, Mpse::MPSE_TYPE_NORMAL, true) == 0) { if (main_pmd->pattern_size > otn->longestPatternLen) @@ -646,7 +647,7 @@ static int fpAddPortGroupRule( // Add Alternative patterns for (auto p : pmv) - fpAddAlternatePatterns(sc, pg->mpsegrp[main_pmd->pm_type]->normal_mpse, + fpAddAlternatePatterns(pg->mpsegrp[main_pmd->pm_type]->normal_mpse, otn, p, fp, Mpse::MPSE_TYPE_NORMAL); } } @@ -658,7 +659,7 @@ static int fpAddPortGroupRule( add_nfp_rule = true; // Now add patterns - if (fpFinishPortGroupRule(sc, pg->mpsegrp[main_pmd->pm_type]->offload_mpse, + if (fpFinishPortGroupRule(pg->mpsegrp[main_pmd->pm_type]->offload_mpse, otn, ol_pmd, fp, Mpse::MPSE_TYPE_OFFLOAD, true) == 0) { if (ol_pmd->pattern_size > otn->longestPatternLen) @@ -666,7 +667,7 @@ static int fpAddPortGroupRule( // Add Alternative patterns for (auto p : pmv_ol) - fpAddAlternatePatterns(sc, pg->mpsegrp[main_pmd->pm_type]->offload_mpse, + fpAddAlternatePatterns(pg->mpsegrp[main_pmd->pm_type]->offload_mpse, otn, p, fp, Mpse::MPSE_TYPE_OFFLOAD); } } diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index f9b42af21..2fa764732 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -94,12 +94,12 @@ THREAD_LOCAL ProfileStats rulePerfStats; static void fp_immediate(Packet*); static void fp_immediate(MpseGroup*, Packet*, const uint8_t*, unsigned); -static inline void init_match_info(OtnxMatchData* omd) +static inline void init_match_info(const IpsContext* c) { - for ( unsigned i = 0; i < SnortConfig::get_conf()->num_rule_types; i++ ) - omd->matchInfo[i].iMatchCount = 0; + for ( unsigned i = 0; i < c->conf->num_rule_types; i++ ) + c->otnx->matchInfo[i].iMatchCount = 0; - omd->have_match = false; + c->otnx->have_match = false; } // called by fpLogEvent(), which does the filtering etc. @@ -107,7 +107,7 @@ static inline void init_match_info(OtnxMatchData* omd) static inline void fpLogOther( Packet* p, const RuleTreeNode* rtn, const OptTreeNode* otn, int action) { - if ( EventTrace_IsEnabled() ) + if ( EventTrace_IsEnabled(p->context->conf) ) EventTrace_Log(p, otn, action); if ( PacketTracer::is_active() ) @@ -158,7 +158,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) } if ((p->packet_flags & PKT_STREAM_UNEST_UNI) && - SnortConfig::assure_established() && + p->context->conf->assure_established() && (!(p->packet_flags & PKT_REBUILT_STREAM)) && !otn->stateless() ) { @@ -217,8 +217,10 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) * check the decoder/preprocessor events (they have been added to Event queue already). * If its order is lower than 'pass', it should have been passed. * This is consistent with other detection rules */ - if ( (p->packet_flags & PKT_PASS_RULE) - && (SnortConfig::get_eval_index(rtn->action) > SnortConfig::get_eval_index(Actions::PASS)) ) + const SnortConfig* sc = p->context->conf; + + if ( (p->packet_flags & PKT_PASS_RULE) && + (sc->get_eval_index(rtn->action) > sc->get_eval_index(Actions::PASS)) ) { fpLogOther(p, rtn, otn, rtn->action); return 1; @@ -260,8 +262,10 @@ int fpAddMatch(OtnxMatchData* omd, const OptTreeNode* otn) RuleTreeNode* rtn = getRuntimeRtnFromOtn(otn); unsigned evalIndex = rtn->listhead->ruleListNode->evalIndex; + const SnortConfig* sc = SnortConfig::get_conf(); + /* bounds check index */ - if ( evalIndex >= SnortConfig::get_conf()->num_rule_types ) + if ( evalIndex >= sc->num_rule_types ) { pc.match_limit++; return 1; @@ -272,7 +276,7 @@ int fpAddMatch(OtnxMatchData* omd, const OptTreeNode* otn) ** If we hit the max number of unique events for any rule type alert, ** log or pass, then we don't add it to the list. */ - if ( pmi->iMatchCount >= SnortConfig::get_conf()->fast_pattern_config->get_max_queue_events() || + if ( pmi->iMatchCount >= sc->fast_pattern_config->get_max_queue_events() || pmi->iMatchCount >= MAX_EVENT_MATCH) { pc.match_limit++; @@ -604,16 +608,16 @@ static inline int fpFinalSelectEvent(OtnxMatchData* omd, Packet* p) return 0; unsigned tcnt = 0; - EventQueueConfig* eq = SnortConfig::get_conf()->event_queue_config; + EventQueueConfig* eq = p->context->conf->event_queue_config; int (*compar)(const void *, const void *); compar = ( eq->order == SNORT_EVENTQ_PRIORITY ) ? &sortOrderByPriority : sortOrderByContentLength; - for ( unsigned i = 0; i < SnortConfig::get_conf()->num_rule_types; i++ ) + for ( unsigned i = 0; i < p->context->conf->num_rule_types; i++ ) { /* bail if were not dumping events in all the action groups, * and we've already got some events */ - if (!SnortConfig::process_all_events() && (tcnt > 0)) + if (!p->context->conf->process_all_events() && (tcnt > 0)) return 1; if ( omd->matchInfo[i].iMatchCount ) @@ -814,7 +818,7 @@ bool MpseStash::process(MpseMatch match, void* context) void fp_set_context(IpsContext& c) { - FastPatternConfig* fp = SnortConfig::get_conf()->fast_pattern_config; + FastPatternConfig* fp = c.conf->fast_pattern_config; c.stash = new MpseStash(fp->get_queue_limit()); c.otnx = (OtnxMatchData*)snort_calloc(sizeof(OtnxMatchData)); c.otnx->matchInfo = (MatchInfo*)snort_calloc(MAX_NUM_RULE_TYPES, sizeof(MatchInfo)); @@ -973,7 +977,7 @@ static inline void eval_fp( if ( DetectionEngine::content_enabled(p) ) { - FastPatternConfig* fp = SnortConfig::get_conf()->fast_pattern_config; + FastPatternConfig* fp = p->context->conf->fast_pattern_config; if ( fp->get_stream_insert() || !(p->packet_flags & PKT_STREAM_INSERT) ) if ( fp_search(port_group, p) ) @@ -995,7 +999,7 @@ static inline void eval_nfp( const uint8_t* tmp_payload = nullptr; uint16_t tmp_dsize = 0; - FastPatternConfig* fp = SnortConfig::get_conf()->fast_pattern_config; + FastPatternConfig* fp = p->context->conf->fast_pattern_config; if (ip_rule) { @@ -1085,10 +1089,10 @@ static inline void fpEvalHeaderIp(Packet* p, FPTask task) { PortGroup* any = nullptr, * ip_group = nullptr; - if ( !prmFindRuleGroupIp(SnortConfig::get_conf()->prmIpRTNX, ANYPORT, &ip_group, &any) ) + if ( !prmFindRuleGroupIp(p->context->conf->prmIpRTNX, ANYPORT, &ip_group, &any) ) return; - if ( SnortConfig::get_conf()->fast_pattern_config->get_debug_print_nc_rules() ) + if ( p->context->conf->fast_pattern_config->get_debug_print_nc_rules() ) LogMessage("fpEvalHeaderIp: ip_group=%p, any=%p\n", (void*)ip_group, (void*)any); if ( ip_group ) @@ -1102,7 +1106,7 @@ static inline void fpEvalHeaderIcmp(Packet* p, FPTask task) { PortGroup* any = nullptr, * type = nullptr; - if ( !prmFindRuleGroupIcmp(SnortConfig::get_conf()->prmIcmpRTNX, p->ptrs.icmph->type, &type, &any) ) + if ( !prmFindRuleGroupIcmp(p->context->conf->prmIcmpRTNX, p->ptrs.icmph->type, &type, &any) ) return; if ( type ) @@ -1116,7 +1120,7 @@ static inline void fpEvalHeaderTcp(Packet* p, FPTask task) { PortGroup* src = nullptr, * dst = nullptr, * any = nullptr; - if ( !prmFindRuleGroupTcp(SnortConfig::get_conf()->prmTcpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) + if ( !prmFindRuleGroupTcp(p->context->conf->prmTcpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) return; if ( dst ) @@ -1133,7 +1137,7 @@ static inline void fpEvalHeaderUdp(Packet* p, FPTask task) { PortGroup* src = nullptr, * dst = nullptr, * any = nullptr; - if ( !prmFindRuleGroupUdp(SnortConfig::get_conf()->prmUdpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) + if ( !prmFindRuleGroupUdp(p->context->conf->prmUdpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) return; if ( dst ) @@ -1155,10 +1159,10 @@ static inline bool fpEvalHeaderSvc(Packet* p, FPTask task) if (snort_protocol_id != UNKNOWN_PROTOCOL_ID and snort_protocol_id != INVALID_PROTOCOL_ID) { if (p->is_from_server()) /* to cli */ - svc = SnortConfig::get_conf()->sopgTable->get_port_group(false, snort_protocol_id); + svc = p->context->conf->sopgTable->get_port_group(false, snort_protocol_id); if (p->is_from_client()) /* to srv */ - svc = SnortConfig::get_conf()->sopgTable->get_port_group(true, snort_protocol_id); + svc = p->context->conf->sopgTable->get_port_group(true, snort_protocol_id); } if ( svc ) @@ -1270,7 +1274,7 @@ void fp_partial(Packet* p) stash->enable_process(); stash->init(); stash->disable_process(); - init_match_info(c->otnx); + init_match_info(c); c->searches.mf = rule_tree_queue; c->searches.context = c; assert(!c->searches.items.size()); diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc index a5752c616..1482f34e2 100644 --- a/src/detection/ips_context.cc +++ b/src/detection/ips_context.cc @@ -58,7 +58,8 @@ IpsContext::IpsContext(unsigned size) : pkth = new DAQ_PktHdr_t; buf = new uint8_t[buf_size]; - const EventQueueConfig* qc = SnortConfig::get_conf()->event_queue_config; + conf = SnortConfig::get_conf(); + const EventQueueConfig* qc = conf->event_queue_config; equeue = sfeventq_new(qc->max_events, qc->log_events, sizeof(EventNode)); packet->context = this; diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h index 885f5de1c..18389b592 100644 --- a/src/detection/ips_context.h +++ b/src/detection/ips_context.h @@ -145,7 +145,7 @@ public: DAQ_PktHdr_t* pkth; uint8_t* buf; - SnortConfig* conf; + const SnortConfig* conf; MpseBatch searches; MpseStash* stash; OtnxMatchData* otnx; diff --git a/src/detection/regex_offload.cc b/src/detection/regex_offload.cc index 2c0ba8201..05692aaad 100644 --- a/src/detection/regex_offload.cc +++ b/src/detection/regex_offload.cc @@ -182,9 +182,10 @@ bool MpseRegexOffload::get(Packet*& p) ThreadRegexOffload::ThreadRegexOffload(unsigned max) : RegexOffload(max) { unsigned i = ThreadConfig::get_instance_max(); + const SnortConfig* sc = SnortConfig::get_conf(); for ( auto* req : idle ) - req->thread = new std::thread(worker, req, SnortConfig::get_conf(), i++); + req->thread = new std::thread(worker, req, sc, i++); } ThreadRegexOffload::~ThreadRegexOffload() @@ -266,7 +267,7 @@ bool ThreadRegexOffload::get(Packet*& p) } void ThreadRegexOffload::worker( - RegexRequest* req, SnortConfig* initial_config, unsigned id) + RegexRequest* req, const SnortConfig* initial_config, unsigned id) { set_instance_id(id); SnortConfig::set_conf(initial_config); diff --git a/src/detection/regex_offload.h b/src/detection/regex_offload.h index d8b28305d..b75d1023d 100644 --- a/src/detection/regex_offload.h +++ b/src/detection/regex_offload.h @@ -89,7 +89,7 @@ public: bool get(snort::Packet*&) override; private: - static void worker(RegexRequest*, snort::SnortConfig*, unsigned id); + static void worker(RegexRequest*, const snort::SnortConfig*, unsigned id); }; #endif diff --git a/src/detection/tag.cc b/src/detection/tag.cc index caa3c0758..46a6ef9ac 100644 --- a/src/detection/tag.cc +++ b/src/detection/tag.cc @@ -25,6 +25,7 @@ #include "tag.h" +#include "detection/ips_context.h" #include "events/event.h" #include "hash/hash_defs.h" #include "hash/xhash.h" @@ -533,8 +534,8 @@ int CheckTagList(Packet* p, Event& event, void** log_list) * bandwidth sensors. */ /* Use the global max. If its non-0, check count for this tag node */ - if ( SnortConfig::get_tagged_packet_limit() && - returned->pkt_count >= SnortConfig::get_tagged_packet_limit() ) + if ( p->context->conf->get_tagged_packet_limit() && + returned->pkt_count >= p->context->conf->get_tagged_packet_limit() ) { returned->metric = 0; } @@ -548,7 +549,7 @@ int CheckTagList(Packet* p, Event& event, void** log_list) /* set event reference details */ event.ref_time.tv_sec = returned->event_time.tv_sec; event.ref_time.tv_usec = returned->event_time.tv_usec; - event.event_reference = returned->event_id | SnortConfig::get_event_log_id(); + event.event_reference = returned->event_id | p->context->conf->get_event_log_id(); *log_list = returned->log_list; } diff --git a/src/events/event.cc b/src/events/event.cc index ed6019623..f246406a3 100644 --- a/src/events/event.cc +++ b/src/events/event.cc @@ -41,7 +41,7 @@ void SetEvent( event.sig_info->priority = priority; /* this one gets set automatically */ - event.event_id = ++event_id | SnortConfig::get_event_log_id(); + event.event_id = ++event_id | SnortConfig::get_conf()->get_event_log_id(); if (event_ref) event.event_reference = event_ref; diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc index 357e3874f..675472761 100644 --- a/src/file_api/file_cache.cc +++ b/src/file_api/file_cache.cc @@ -290,7 +290,7 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd timercmp(&file_ctx->pending_expire_time, &now, <)) { // Timed out while waiting for pending verdict. - FileConfig* fc = get_file_config(SnortConfig::get_conf()); + FileConfig* fc = get_file_config(p->context->conf); // Block session on timeout if configured, otherwise use the // current action. diff --git a/src/file_api/file_config.cc b/src/file_api/file_config.cc index fac4b68c0..09c5073db 100644 --- a/src/file_api/file_config.cc +++ b/src/file_api/file_config.cc @@ -104,8 +104,11 @@ std::string file_type_name(uint32_t id) return "NA"; } -FileConfig* get_file_config(SnortConfig* sc) +FileConfig* get_file_config(const SnortConfig* sc) { + if ( !sc ) + sc = SnortConfig::get_conf(); + FileInspect* fi = (FileInspect*)InspectorManager::get_inspector(FILE_ID_NAME, true, sc); if (fi) diff --git a/src/file_api/file_config.h b/src/file_api/file_config.h index 6e779f088..c750d1d02 100644 --- a/src/file_api/file_config.h +++ b/src/file_api/file_config.h @@ -81,6 +81,6 @@ private: }; std::string file_type_name(uint32_t id); -FileConfig* get_file_config(snort::SnortConfig* sc = nullptr); +FileConfig* get_file_config(const snort::SnortConfig* sc = nullptr); #endif diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc index 73ffdad3d..b35a6b5e2 100644 --- a/src/file_api/file_flows.cc +++ b/src/file_api/file_flows.cc @@ -194,8 +194,8 @@ FileContext* FileFlows::get_partially_processed_context(uint64_t file_id) return nullptr; } -FileContext* FileFlows::get_file_context(uint64_t file_id, bool to_create, - uint64_t multi_file_processing_id) +FileContext* FileFlows::get_file_context( + uint64_t file_id, bool to_create, uint64_t multi_file_processing_id) { // First check if this file is currently being processed if (!multi_file_processing_id) @@ -415,7 +415,7 @@ static void file_config_show(const FileConfig* fc) ConfigLogger::log_value("verdict_delay", fc->verdict_delay); } -void FileInspect::show(SnortConfig*) +void FileInspect::show(const SnortConfig*) const { if ( config ) file_config_show(config); diff --git a/src/file_api/file_flows.h b/src/file_api/file_flows.h index ec8629a40..3e2563fec 100644 --- a/src/file_api/file_flows.h +++ b/src/file_api/file_flows.h @@ -47,7 +47,7 @@ public: ~FileInspect() override; void eval(Packet*) override { } bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; FileConfig* config; }; diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc index 54601a9de..8c66a9c55 100644 --- a/src/file_api/file_log.cc +++ b/src/file_api/file_log.cc @@ -206,7 +206,7 @@ class FileLog : public Inspector public: FileLog(const FileLogConfig& conf) { config = conf; } - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override { } bool configure(SnortConfig*) override @@ -219,7 +219,7 @@ private: FileLogConfig config; }; -void FileLog::show(SnortConfig*) +void FileLog::show(const SnortConfig*) const { ConfigLogger::log_flag("log_pkt_time", config.log_pkt_time); ConfigLogger::log_flag("log_sys_time", config.log_sys_time); diff --git a/src/file_api/file_service.cc b/src/file_api/file_service.cc index 01eacf7a4..8f371ad00 100644 --- a/src/file_api/file_service.cc +++ b/src/file_api/file_service.cc @@ -32,6 +32,7 @@ #include "log/messages.h" #include "main/snort_config.h" #include "mime/file_mime_process.h" +#include "search_engines/search_tool.h" #include "file_cache.h" #include "file_capture.h" @@ -57,9 +58,12 @@ void FileService::init() FileFlows::init(); } -void FileService::post_init() +void FileService::post_init(const SnortConfig* sc) { + SearchTool::set_conf(sc); MimeSession::init(); + SearchTool::set_conf(nullptr); + const FileConfig* const conf = get_file_config(); if (!conf) @@ -79,7 +83,7 @@ void FileService::post_init() } } -void FileService::verify_reload(SnortConfig* sc) +void FileService::verify_reload(const SnortConfig* sc) { const FileConfig* const conf = get_file_config(sc); diff --git a/src/file_api/file_service.h b/src/file_api/file_service.h index 6d976255f..2b504d199 100644 --- a/src/file_api/file_service.h +++ b/src/file_api/file_service.h @@ -40,10 +40,10 @@ public: static void init(); // Called after permission is dropped - static void post_init(); + static void post_init(const SnortConfig*); // Called during reload - static void verify_reload(SnortConfig*); + static void verify_reload(const SnortConfig*); // This must be called when snort exits static void close(); diff --git a/src/filters/rate_filter.cc b/src/filters/rate_filter.cc index 3c8c392c9..046130245 100644 --- a/src/filters/rate_filter.cc +++ b/src/filters/rate_filter.cc @@ -26,6 +26,7 @@ #include "rate_filter.h" +#include "detection/ips_context.h" #include "detection/rules.h" #include "detection/treenodes.h" #include "hash/ghash.h" @@ -124,12 +125,7 @@ int RateFilter_Test(const OptTreeNode* otn, Packet* p) dip = &cleared; } - if ((SnortConfig::get_conf() == nullptr) || - (SnortConfig::get_conf()->rate_filter_config == nullptr)) - { - /* this should not happen, see the create fcn */ - return -1; - } + RateFilterConfig* rfc = p->context->conf->rate_filter_config; if ( EventIsInternal(gid) ) { @@ -137,12 +133,12 @@ int RateFilter_Test(const OptTreeNode* otn, Packet* p) // events and these require: src -> client, dst -> server. if ( p->is_from_server() ) { - return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid, - dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); + return SFRF_TestThreshold( + rfc, gid, sid, dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); } } - return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid, - sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); + return SFRF_TestThreshold( + rfc, gid, sid, sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); } diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc index d449e52aa..d250661c2 100644 --- a/src/filters/sfrf_test.cc +++ b/src/filters/sfrf_test.cc @@ -23,6 +23,7 @@ #endif #include "catch/snort_catch.h" +#include "main/snort_config.h" #include "parser/parse_ip.h" #include "sfip/sf_ip.h" @@ -888,13 +889,13 @@ static void PrintTests() //--------------------------------------------------------------- -static void Init(unsigned cap) +static void Init(const SnortConfig* sc, unsigned cap) { // FIXIT-L must set policies because they may have been invalidated // by prior tests with transient SnortConfigs. better to fix sfrf // to use a SnortConfig parameter or make this a make check test // with a separate executable. - set_default_policy(); + set_default_policy(sc); rfc = RateFilter_ConfigNew(); rfc->memcap = cap; @@ -987,7 +988,8 @@ static int CapCheck(int i) TEST_CASE("sfrf default memcap", "[sfrf]") { - Init(MEM_DEFAULT); + SnortConfig sc; + Init(&sc, MEM_DEFAULT); SECTION("setup") { @@ -1004,7 +1006,8 @@ TEST_CASE("sfrf default memcap", "[sfrf]") TEST_CASE("sfrf minimum memcap", "[sfrf]") { - Init(MEM_MINIMUM); + SnortConfig sc; + Init(&sc, MEM_MINIMUM); SECTION("setup") { diff --git a/src/filters/sfthd_test.cc b/src/filters/sfthd_test.cc index 8ce8b81e3..00f45708d 100644 --- a/src/filters/sfthd_test.cc +++ b/src/filters/sfthd_test.cc @@ -23,6 +23,7 @@ #endif #include "catch/snort_catch.h" +#include "main/snort_config.h" #include "hash/xhash.h" #include "parser/parse_ip.h" #include "sfip/sf_ip.h" @@ -739,13 +740,13 @@ static EventData pktData[] = //--------------------------------------------------------------- -static void Init(ThreshData* base, int max) +static void Init(const SnortConfig* sc, ThreshData* base, int max) { // FIXIT-L must set policies because they may have been invalidated // by prior tests with transient SnortConfigs. better to fix sfthd // to use a SnortConfig parameter or make this a make check test // with a separate executable. - set_default_policy(); + set_default_policy(sc); int i; int id = 0; @@ -771,24 +772,24 @@ static void Init(ThreshData* base, int max) } } -static void InitDefault() +static void InitDefault(const SnortConfig* sc) { pThdObjs = sfthd_objs_new(); pThd = sfthd_new(MEM_DEFAULT, MEM_DEFAULT); - Init(thData, NUM_THDS); + Init(sc, thData, NUM_THDS); } -static void InitMincap() +static void InitMincap(const SnortConfig* sc) { pThdObjs = sfthd_objs_new(); pThd = sfthd_new(MEM_MINIMUM, MEM_MINIMUM+1); - Init(thData, NUM_THDS); + Init(sc, thData, NUM_THDS); } -static void InitDetect() +static void InitDetect(const SnortConfig* sc) { dThd = sfthd_local_new(MEM_DEFAULT); - Init(ruleData, NUM_RULS); + Init(sc, ruleData, NUM_RULS); } static void Term() @@ -914,7 +915,8 @@ static int PacketCheck(int i) TEST_CASE("sfthd normal", "[sfthd]") { - InitDefault(); + SnortConfig sc; + InitDefault(&sc); SECTION("setup") { @@ -931,7 +933,8 @@ TEST_CASE("sfthd normal", "[sfthd]") TEST_CASE("sfthd mincap", "[sfthd]") { - InitMincap(); + SnortConfig sc; + InitMincap(&sc); SECTION("setup") { @@ -948,7 +951,8 @@ TEST_CASE("sfthd mincap", "[sfthd]") TEST_CASE("sfthd detect", "[sfthd]") { - InitDetect(); + SnortConfig sc; + InitDetect(&sc); SECTION("rules") { diff --git a/src/filters/sfthreshold.cc b/src/filters/sfthreshold.cc index 15f071d6d..f7689ad71 100644 --- a/src/filters/sfthreshold.cc +++ b/src/filters/sfthreshold.cc @@ -144,12 +144,6 @@ int sfthreshold_create( int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip, const SfIp* dip, long curtime, PolicyId policy_id) { - if ((SnortConfig::get_conf()->threshold_config == nullptr) || - !SnortConfig::get_conf()->threshold_config->enabled) - { - return 0; - } - if (!thd_checked) { thd_checked = 1; diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc index bcc8fc321..12669293d 100644 --- a/src/flow/expect_cache.cc +++ b/src/flow/expect_cache.cc @@ -23,6 +23,7 @@ #include "expect_cache.h" +#include "detection/ips_context.h" #include "hash/zhash.h" #include "packet_io/sfdaq_instance.h" #include "protocols/packet.h" @@ -148,8 +149,8 @@ ExpectNode* ExpectCache::find_node_by_packet(Packet* p, FlowKey &key) PktType type = p->type(); IpProtocol ip_proto = p->get_ip_proto_next(); - bool reversed_key = key.init(type, ip_proto, dstIP, p->ptrs.dp, srcIP, p->ptrs.sp, - vlanId, mplsId, addressSpaceId); + bool reversed_key = key.init(p->context->conf, type, ip_proto, dstIP, p->ptrs.dp, + srcIP, p->ptrs.sp, vlanId, mplsId, addressSpaceId); /* Lookup order: @@ -242,8 +243,8 @@ bool ExpectCache::process_expected(ExpectNode* node, FlowKey& key, Packet* p, Fl /* If this is 0, we're ignoring, otherwise setting id of new session */ if (!node->snort_protocol_id) - ignoring = node->direction ? true : false; - else if (lws->ssn_state.snort_protocol_id != node->snort_protocol_id) + ignoring = node->direction != 0; + else lws->ssn_state.snort_protocol_id = node->snort_protocol_id; if (!node->count) @@ -318,9 +319,10 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro uint16_t vlanId = (ctrlPkt->proto_bits & PROTO_BIT__VLAN) ? layer::get_vlan_layer(ctrlPkt)->vid() : 0; uint32_t mplsId = (ctrlPkt->proto_bits & PROTO_BIT__MPLS) ? ctrlPkt->ptrs.mplsHdr.label : 0; uint16_t addressSpaceId = ctrlPkt->pkth->address_space_id; + FlowKey key; - bool reversed_key = key.init(type, ip_proto, cliIP, cliPort, srvIP, srvPort, - vlanId, mplsId, addressSpaceId); + bool reversed_key = key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort, + srvIP, srvPort, vlanId, mplsId, addressSpaceId); bool new_node = false; ExpectNode* node = static_cast ( hash_table->get_user_data(&key) ); diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index ab6d8a573..7d069a882 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -176,18 +176,18 @@ void FlowControl::set_key(FlowKey* key, Packet* p) if ( (p->ptrs.decode_flags & DECODE_FRAG) ) { - key->init(type, ip_proto, ip_api.get_src(), ip_api.get_dst(), ip_api.id(), - vlanId, mplsId, addressSpaceId); + key->init(p->context->conf, type, ip_proto, ip_api.get_src(), + ip_api.get_dst(), ip_api.id(), vlanId, mplsId, addressSpaceId); } else if ( type == PktType::ICMP ) { - key->init(type, ip_proto, ip_api.get_src(), p->ptrs.icmph->type, ip_api.get_dst(), 0, - vlanId, mplsId, addressSpaceId); + key->init(p->context->conf, type, ip_proto, ip_api.get_src(), p->ptrs.icmph->type, + ip_api.get_dst(), 0, vlanId, mplsId, addressSpaceId); } else { - key->init(type, ip_proto, ip_api.get_src(), p->ptrs.sp, ip_api.get_dst(), p->ptrs.dp, - vlanId, mplsId, addressSpaceId); + key->init(p->context->conf, type, ip_proto, ip_api.get_src(), p->ptrs.sp, + ip_api.get_dst(), p->ptrs.dp, vlanId, mplsId, addressSpaceId); } } @@ -332,7 +332,7 @@ static bool want_flow(PktType type, Packet* p) // guessing direction based on ports is misleading return false; - if ( !p->ptrs.tcph->is_syn_only() or SnortConfig::get_conf()->track_on_syn() ) + if ( !p->ptrs.tcph->is_syn_only() or p->context->conf->track_on_syn() ) return true; const unsigned DECODE_TCP_HS = DECODE_TCP_MSS | DECODE_TCP_TS | DECODE_TCP_WS; @@ -408,9 +408,10 @@ unsigned FlowControl::process(Flow* flow, Packet* p) if ( flow->flow_state != Flow::FlowState::SETUP ) { - set_inspection_policy(SnortConfig::get_conf(), flow->inspection_policy_id); - set_ips_policy(SnortConfig::get_conf(), flow->ips_policy_id); - set_network_policy(SnortConfig::get_conf(), flow->network_policy_id); + const SnortConfig* sc = SnortConfig::get_conf(); + set_inspection_policy(sc, flow->inspection_policy_id); + set_ips_policy(sc, flow->ips_policy_id); + set_network_policy(sc, flow->network_policy_id); } else diff --git a/src/flow/flow_key.cc b/src/flow/flow_key.cc index b0c10fa87..9fe4ee2d4 100644 --- a/src/flow/flow_key.cc +++ b/src/flow/flow_key.cc @@ -92,7 +92,7 @@ static inline void update_icmp6(const SfIp*& srcIP, uint16_t& srcPort, // init foo //------------------------------------------------------------------------- inline bool FlowKey::init4( - IpProtocol ip_proto, + const SnortConfig* sc, IpProtocol ip_proto, const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort, uint32_t mplsId, bool order) @@ -139,7 +139,7 @@ inline bool FlowKey::init4( port_h = srcPort; reversed = true; } - if (SnortConfig::mpls_overlapping_ip() && + if (sc->mpls_overlapping_ip() && ip::isPrivateIP(src) && ip::isPrivateIP(dst)) mplsLabel = mplsId; else @@ -149,7 +149,7 @@ inline bool FlowKey::init4( } inline bool FlowKey::init6( - IpProtocol ip_proto, + const SnortConfig* sc, IpProtocol ip_proto, const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort, uint32_t mplsId, bool order) @@ -193,7 +193,7 @@ inline bool FlowKey::init6( reversed = true; } - if (SnortConfig::mpls_overlapping_ip()) + if (sc->mpls_overlapping_ip()) mplsLabel = mplsId; else mplsLabel = 0; @@ -201,31 +201,32 @@ inline bool FlowKey::init6( return reversed; } -void FlowKey::init_vlan(uint16_t vlanId) +void FlowKey::init_vlan(const SnortConfig* sc, uint16_t vlanId) { - if (!SnortConfig::get_vlan_agnostic()) + if (!sc->get_vlan_agnostic()) vlan_tag = vlanId; else vlan_tag = 0; } -void FlowKey::init_address_space(uint16_t addrSpaceId) +void FlowKey::init_address_space(const SnortConfig* sc, uint16_t addrSpaceId) { - if (!SnortConfig::address_space_agnostic()) + if (!sc->address_space_agnostic()) addressSpaceId = addrSpaceId; else addressSpaceId = 0; } -void FlowKey::init_mpls(uint32_t mplsId) +void FlowKey::init_mpls(const SnortConfig* sc, uint32_t mplsId) { - if (SnortConfig::mpls_overlapping_ip()) + if (sc->mpls_overlapping_ip()) mplsLabel = mplsId; else mplsLabel = 0; } bool FlowKey::init( + const SnortConfig* sc, PktType type, IpProtocol ip_proto, const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort, @@ -242,25 +243,26 @@ bool FlowKey::init( if (srcIP->is_ip4() && dstIP->is_ip4()) { version = 4; - reversed = init4(ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId); + reversed = init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId); } else { version = 6; - reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId); + reversed = init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId); } pkt_type = type; ip_protocol = (uint8_t)ip_proto; - init_vlan(vlanId); - init_address_space(addrSpaceId); + init_vlan(sc, vlanId); + init_address_space(sc, addrSpaceId); padding = 0; return reversed; } bool FlowKey::init( + const SnortConfig* sc, PktType type, IpProtocol ip_proto, const SfIp *srcIP, const SfIp *dstIP, uint32_t id, uint16_t vlanId, @@ -274,20 +276,20 @@ bool FlowKey::init( if (srcIP->is_ip4() && dstIP->is_ip4()) { version = 4; - init4(ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false); + init4(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false); ip_protocol = (uint8_t)ip_proto; } else { version = 6; - init6(ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false); + init6(sc, ip_proto, srcIP, srcPort, dstIP, dstPort, mplsId, false); ip_protocol = 0; } pkt_type = type; - init_vlan(vlanId); - init_address_space(addrSpaceId); + init_vlan(sc, vlanId); + init_address_space(sc, addrSpaceId); padding = 0; return false; diff --git a/src/flow/flow_key.h b/src/flow/flow_key.h index c85129dc0..1333d174c 100644 --- a/src/flow/flow_key.h +++ b/src/flow/flow_key.h @@ -34,6 +34,7 @@ class HashKeyOperations; namespace snort { struct SfIp; +struct SnortConfig; class FlowHashKeyOps : public HashKeyOperations { @@ -67,33 +68,33 @@ struct SO_PUBLIC FlowKey The IP-only init() will always return false as we will not reorder its addresses at this time. */ bool init( - PktType, IpProtocol, + const SnortConfig*, PktType, IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId); bool init( - PktType, IpProtocol, + const SnortConfig*, PktType, IpProtocol, const snort::SfIp *srcIP, const snort::SfIp *dstIP, uint32_t id, uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId); - void init_mpls(uint32_t); - void init_vlan(uint16_t); - void init_address_space(uint16_t); + void init_mpls(const SnortConfig*, uint32_t); + void init_vlan(const SnortConfig*, uint16_t); + void init_address_space(const SnortConfig*, uint16_t); // If this data structure changes size, compare must be updated! static bool is_equal(const void* k1, const void* k2, size_t); private: bool init4( - IpProtocol, + const SnortConfig*, IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, uint32_t mplsId, bool order = true); bool init6( - IpProtocol, + const SnortConfig*, IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, uint32_t mplsId, bool order = true); diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc index 38a6b02c5..db8f0a1d2 100644 --- a/src/flow/test/flow_cache_test.cc +++ b/src/flow/test/flow_cache_test.cc @@ -71,13 +71,13 @@ void Flow::init(PktType) { } void Flow::term() { } void Flow::reset(bool) { } void Flow::free_flow_data() { } -void set_network_policy(SnortConfig*, unsigned) { } +void set_network_policy(const SnortConfig*, unsigned) { } void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { } void DataBus::publish(const char*, Packet*, Flow*) { } -SnortConfig* SnortConfig::get_conf() { return nullptr; } +const SnortConfig* SnortConfig::get_conf() { return nullptr; } void Flow::set_direction(Packet*) { } -void set_inspection_policy(SnortConfig*, unsigned) { } -void set_ips_policy(SnortConfig*, unsigned) { } +void set_inspection_policy(const SnortConfig*, unsigned) { } +void set_ips_policy(const SnortConfig*, unsigned) { } void Flow::set_mpls_layer_per_dir(Packet*) { } void DetectionEngine::disable_all(Packet*) { } void Stream::drop_traffic(const Packet*, char) { } diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index 3fd3fd75e..da1fc84bb 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -77,14 +77,14 @@ bool FlowCache::prune_one(PruneReason, bool) { return true; } unsigned FlowCache::delete_flows(unsigned) { return 0; } unsigned FlowCache::timeout(unsigned, time_t) { return 1; } void Flow::init(PktType) { } -void set_network_policy(SnortConfig*, unsigned) { } +void set_network_policy(const SnortConfig*, unsigned) { } void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { } void DataBus::publish(const char*, Packet*, Flow*) { } -SnortConfig* SnortConfig::get_conf() { return nullptr; } +const SnortConfig* SnortConfig::get_conf() { return nullptr; } void FlowCache::unlink_uni(Flow*) { } void Flow::set_direction(Packet*) { } -void set_inspection_policy(SnortConfig*, unsigned) { } -void set_ips_policy(SnortConfig*, unsigned) { } +void set_inspection_policy(const SnortConfig*, unsigned) { } +void set_ips_policy(const SnortConfig*, unsigned) { } void Flow::set_mpls_layer_per_dir(Packet*) { } void DetectionEngine::disable_all(Packet*) { } void Stream::drop_traffic(const Packet*, char) { } @@ -116,6 +116,7 @@ uint32_t IpApi::id() const { return 0; } } bool FlowKey::init( + const SnortConfig*, PktType, IpProtocol, const SfIp*, uint16_t, const SfIp*, uint16_t, @@ -125,6 +126,7 @@ bool FlowKey::init( } bool FlowKey::init( + const SnortConfig*, PktType, IpProtocol, const SfIp*, const SfIp*, uint32_t, uint16_t, diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc index 4be31f067..9af29567a 100644 --- a/src/flow/test/flow_test.cc +++ b/src/flow/test/flow_test.cc @@ -82,7 +82,7 @@ const Layer* layer::get_mpls_layer(const Packet* const) { return nullptr; } void DataBus::publish(const char*, Packet*, Flow*) {} -SnortConfig* SnortConfig::get_conf() { return nullptr; } +const SnortConfig* SnortConfig::get_conf() { return nullptr; } TEST_GROUP(nondefault_timeout) { diff --git a/src/framework/codec.h b/src/framework/codec.h index c47b18385..ec11a9a92 100644 --- a/src/framework/codec.h +++ b/src/framework/codec.h @@ -116,8 +116,12 @@ constexpr uint16_t CODEC_ETHER_NEXT = 0x1000; constexpr uint16_t CODEC_IPOPT_FLAGS = (CODEC_IPOPT_RR_SEEN | CODEC_IPOPT_RTRALT_SEEN | CODEC_IPOPT_LEN_THREE); +struct SnortConfig; + struct CodecData { + const SnortConfig* conf; + /* This section will get reset before every decode() function call */ ProtocolId next_prot_id; /* protocol type of the next layer */ uint16_t lyr_len; /* The length of the valid part layer */ @@ -137,8 +141,9 @@ struct CodecData IpProtocol ip6_csum_proto; /* initialized in cd_ipv6.cc. Used for IPv6 checksums */ bool tunnel_bypass; - CodecData(ProtocolId init_prot) : next_prot_id(init_prot), lyr_len(0), - invalid_bytes(0), proto_bits(0), codec_flags(0), ip_layer_cnt(0), tunnel_bypass(false) + CodecData(const SnortConfig* sc, ProtocolId init_prot) : + conf(sc), next_prot_id(init_prot), lyr_len(0), invalid_bytes(0), + proto_bits(0), codec_flags(0), ip_layer_cnt(0), tunnel_bypass(false) { } bool inline is_cooked() const diff --git a/src/framework/data_bus.h b/src/framework/data_bus.h index 0209c27d8..82ebd6489 100644 --- a/src/framework/data_bus.h +++ b/src/framework/data_bus.h @@ -93,13 +93,19 @@ public: DataBus(); ~DataBus(); + // configure time methods - main thread only void clone(DataBus& from); void add_mapped_module(const char*); + // FIXIT-L ideally these would not be static or would take an inspection policy* static void subscribe(const char* key, DataHandler*); static void subscribe_global(const char* key, DataHandler*, SnortConfig*); + + // FIXIT-L these should be called during cleanup static void unsubscribe(const char* key, DataHandler*); static void unsubscribe_global(const char* key, DataHandler*, SnortConfig*); + + // runtime methods static void publish(const char* key, DataEvent&, Flow* = nullptr); // convenience methods diff --git a/src/framework/inspector.h b/src/framework/inspector.h index a53c2a134..1ff8e6d24 100644 --- a/src/framework/inspector.h +++ b/src/framework/inspector.h @@ -69,7 +69,7 @@ public: // access external dependencies here // return verification status virtual bool configure(SnortConfig*) { return true; } - virtual void show(SnortConfig*) { } + virtual void show(const SnortConfig*) const { } // Specific to Binders to notify them of an inspector being removed from the policy // FIXIT-L Probably shouldn't be part of the base Inspector class diff --git a/src/framework/ips_action.h b/src/framework/ips_action.h index b9be2d6d1..ca9cad0c8 100644 --- a/src/framework/ips_action.h +++ b/src/framework/ips_action.h @@ -40,7 +40,6 @@ namespace snort { struct Packet; -struct SnortConfig; class SO_PUBLIC IpsAction : public ActiveAction { diff --git a/src/framework/ips_option.h b/src/framework/ips_option.h index 7381f10ae..9e514184e 100644 --- a/src/framework/ips_option.h +++ b/src/framework/ips_option.h @@ -121,7 +121,7 @@ enum RuleOptType OPT_TYPE_MAX }; -typedef void (* IpsOptFunc)(SnortConfig*); +typedef void (* IpsOptFunc)(const SnortConfig*); typedef IpsOption* (* IpsNewFunc)(Module*, OptTreeNode*); typedef void (* IpsDelFunc)(IpsOption*); diff --git a/src/framework/logger.h b/src/framework/logger.h index 40d3896b5..f2d4333d1 100644 --- a/src/framework/logger.h +++ b/src/framework/logger.h @@ -72,7 +72,7 @@ private: const LogApi* api; }; -typedef Logger* (* LogNewFunc)(struct SnortConfig*, class Module*); +typedef Logger* (* LogNewFunc)(class Module*); typedef void (* LogDelFunc)(Logger*); struct LogApi diff --git a/src/framework/mpse.cc b/src/framework/mpse.cc index e04cb95cb..8686237fd 100644 --- a/src/framework/mpse.cc +++ b/src/framework/mpse.cc @@ -99,6 +99,7 @@ void Mpse::_search(MpseBatch& batch, MpseType mpse_type) Mpse::MpseRespType Mpse::poll_responses(MpseBatch*& batch, MpseType mpse_type) { + // FIXIT-L validate for reload during offload FastPatternConfig* fp = SnortConfig::get_conf()->fast_pattern_config; assert(fp); diff --git a/src/framework/mpse.h b/src/framework/mpse.h index 9784168cb..3b083d737 100644 --- a/src/framework/mpse.h +++ b/src/framework/mpse.h @@ -75,8 +75,7 @@ public: }; virtual int add_pattern( - SnortConfig* sc, const uint8_t* pat, unsigned len, - const PatternDescriptor&, void* user) = 0; + const uint8_t* pat, unsigned len, const PatternDescriptor&, void* user) = 0; virtual int prep_patterns(SnortConfig*) = 0; @@ -120,9 +119,7 @@ private: typedef void (* MpseOptFunc)(SnortConfig*); typedef void (* MpseExeFunc)(); -typedef Mpse* (* MpseNewFunc)( - SnortConfig* sc, class Module*, const MpseAgent*); - +typedef Mpse* (* MpseNewFunc)(const SnortConfig*, class Module*, const MpseAgent*); typedef void (* MpseDelFunc)(Mpse*); typedef Mpse::MpseRespType (* MpsePollFunc)(MpseBatch*&, Mpse::MpseType); diff --git a/src/framework/mpse_batch.cc b/src/framework/mpse_batch.cc index d6a90a82d..8f505e441 100644 --- a/src/framework/mpse_batch.cc +++ b/src/framework/mpse_batch.cc @@ -82,9 +82,9 @@ MpseGroup::~MpseGroup() } } -bool MpseGroup::create_normal_mpse(SnortConfig* sc, const MpseAgent* agent) +bool MpseGroup::create_normal_mpse(const SnortConfig* sc, const MpseAgent* agent) { - FastPatternConfig* fp = sc->fast_pattern_config; + const FastPatternConfig* fp = sc->fast_pattern_config; const MpseApi* search_api = nullptr; if (fp) @@ -102,7 +102,7 @@ bool MpseGroup::create_normal_mpse(SnortConfig* sc, const MpseAgent* agent) } } -bool MpseGroup::create_normal_mpse(SnortConfig* sc, const char* type) +bool MpseGroup::create_normal_mpse(const SnortConfig* sc, const char* type) { if ( !type and sc->fast_pattern_config ) type = sc->fast_pattern_config->get_search_method(); @@ -126,9 +126,9 @@ bool MpseGroup::create_normal_mpse(SnortConfig* sc, const char* type) } } -bool MpseGroup::create_offload_mpse(SnortConfig* sc, const MpseAgent* agent) +bool MpseGroup::create_offload_mpse(const SnortConfig* sc, const MpseAgent* agent) { - FastPatternConfig* fp = sc->fast_pattern_config; + const FastPatternConfig* fp = sc->fast_pattern_config; const MpseApi* search_api = nullptr; const MpseApi* offload_search_api = nullptr; @@ -150,7 +150,7 @@ bool MpseGroup::create_offload_mpse(SnortConfig* sc, const MpseAgent* agent) } } -bool MpseGroup::create_offload_mpse(SnortConfig* sc) +bool MpseGroup::create_offload_mpse(const SnortConfig* sc) { const MpseApi* search_api = nullptr; const MpseApi* offload_search_api = nullptr; diff --git a/src/framework/mpse_batch.h b/src/framework/mpse_batch.h index f6d7c6ce0..0ecffbebc 100644 --- a/src/framework/mpse_batch.h +++ b/src/framework/mpse_batch.h @@ -50,11 +50,11 @@ public: Mpse* get_offload_mpse() const { return offload_mpse ? offload_mpse : normal_mpse; } - bool create_normal_mpse(SnortConfig*, const MpseAgent* agent); - bool create_normal_mpse(SnortConfig*, const char*); + bool create_normal_mpse(const SnortConfig*, const MpseAgent* agent); + bool create_normal_mpse(const SnortConfig*, const char*); - bool create_offload_mpse(SnortConfig*, const MpseAgent* agent); - bool create_offload_mpse(SnortConfig*); + bool create_offload_mpse(const SnortConfig*, const MpseAgent* agent); + bool create_offload_mpse(const SnortConfig*); inline bool can_fallback() const { return get_offload_mpse() != normal_mpse; } diff --git a/src/framework/test/data_bus_test.cc b/src/framework/test/data_bus_test.cc index 14646ecbd..b68ddfdb1 100644 --- a/src/framework/test/data_bus_test.cc +++ b/src/framework/test/data_bus_test.cc @@ -38,18 +38,21 @@ InspectionPolicy::~InspectionPolicy() {} namespace snort { SnortConfig::SnortConfig(snort::SnortConfig const*) -{ - global_dbus = new DataBus(); -} -THREAD_LOCAL SnortConfig* snort_conf = nullptr; -SnortConfig* SnortConfig::get_conf() +{ global_dbus = new DataBus(); } + +THREAD_LOCAL const SnortConfig* snort_conf = nullptr; + +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } + +SnortConfig* SnortConfig::get_main_conf() +{ return const_cast(snort_conf); } + SnortConfig::~SnortConfig() -{ - delete global_dbus; -} +{ delete global_dbus; } static InspectionPolicy* my_inspection_policy = nullptr; + InspectionPolicy* get_inspection_policy() { return my_inspection_policy; } } @@ -105,7 +108,7 @@ TEST_GROUP(data_bus) TEST(data_bus, subscribe_global) { - SnortConfig* sc = SnortConfig::get_conf(); + SnortConfig* sc = SnortConfig::get_main_conf(); UTestHandler* h = new UTestHandler(); DataBus::subscribe_global(DB_UTEST_EVENT, h, sc); diff --git a/src/hash/test/ghash_test.cc b/src/hash/test/ghash_test.cc index f0543f88c..370c08f6c 100644 --- a/src/hash/test/ghash_test.cc +++ b/src/hash/test/ghash_test.cc @@ -36,14 +36,15 @@ using namespace snort; // Stubs whose sole purpose is to make the test code link static SnortConfig my_config; -THREAD_LOCAL SnortConfig *snort_conf = &my_config; +THREAD_LOCAL SnortConfig* snort_conf = &my_config; +// run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() SnortConfig::SnortConfig(const SnortConfig* const) -{ snort_conf->run_flags = 0;} // run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() +{ snort_conf->run_flags = 0;} SnortConfig::~SnortConfig() = default; -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } // user free function diff --git a/src/hash/test/xhash_test.cc b/src/hash/test/xhash_test.cc index 96002f4e8..b13b817ec 100644 --- a/src/hash/test/xhash_test.cc +++ b/src/hash/test/xhash_test.cc @@ -36,14 +36,15 @@ using namespace snort; // Stubs whose sole purpose is to make the test code link static SnortConfig my_config; -THREAD_LOCAL SnortConfig *snort_conf = &my_config; +THREAD_LOCAL SnortConfig* snort_conf = &my_config; +// run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() SnortConfig::SnortConfig(const SnortConfig* const) -{ snort_conf->run_flags = 0;} // run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() +{ snort_conf->run_flags = 0;} SnortConfig::~SnortConfig() = default; -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } struct xhash_test_key diff --git a/src/hash/test/zhash_test.cc b/src/hash/test/zhash_test.cc index 93e4817ac..7a55cba0f 100644 --- a/src/hash/test/zhash_test.cc +++ b/src/hash/test/zhash_test.cc @@ -63,12 +63,13 @@ bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t len) static SnortConfig my_config; THREAD_LOCAL SnortConfig *snort_conf = &my_config; +// run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() SnortConfig::SnortConfig(const SnortConfig* const) -{ snort_conf->run_flags = 0;} // run_flags is used indirectly from HashFnc class by calling SnortConfig::static_hash() +{ snort_conf->run_flags = 0;} SnortConfig::~SnortConfig() = default; -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } const unsigned ZHASH_ROWS = 1000; diff --git a/src/helpers/hyper_scratch_allocator.h b/src/helpers/hyper_scratch_allocator.h index 3fa245165..08bcb9524 100644 --- a/src/helpers/hyper_scratch_allocator.h +++ b/src/helpers/hyper_scratch_allocator.h @@ -54,7 +54,7 @@ private: hs_scratch_t** get_addr(SnortConfig* sc, unsigned idx) { return (hs_scratch_t**)&sc->state[idx][scratch_id]; } - hs_scratch_t* get(SnortConfig* sc, unsigned idx) + hs_scratch_t* get(const SnortConfig* sc, unsigned idx) { return (hs_scratch_t*)sc->state[idx][scratch_id]; } void set(SnortConfig* sc, unsigned idx, void* pv) diff --git a/src/helpers/process.cc b/src/helpers/process.cc index beef4049a..c5cb9f0c8 100644 --- a/src/helpers/process.cc +++ b/src/helpers/process.cc @@ -122,7 +122,7 @@ static void exit_handler(int signal) static void dirty_handler(int signal) { - SnortConfig::get_conf()->dirty_pig = true; + SnortConfig::get_main_conf()->dirty_pig = true; exit_handler(signal); } @@ -356,7 +356,7 @@ void daemonize() if ( errno ) FatalError("failed to setsid - %s", get_error(errno)); - if ( SnortConfig::log_quiet() or SnortConfig::log_syslog() ) + if ( SnortConfig::get_conf()->log_quiet() or SnortConfig::get_conf()->log_syslog() ) snuff_stdio(); pid_t ppid = getppid(); diff --git a/src/helpers/test/hyper_search_test.cc b/src/helpers/test/hyper_search_test.cc index d4779e80f..bf4e69254 100644 --- a/src/helpers/test/hyper_search_test.cc +++ b/src/helpers/test/hyper_search_test.cc @@ -68,7 +68,7 @@ int SnortConfig::request_scratch(ScratchAllocator* s) void SnortConfig::release_scratch(int) { s_state.clear(); } -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } void ParseError(const char*, ...) diff --git a/src/host_tracker/host_cache.h b/src/host_tracker/host_cache.h index 0f7a86a9c..553412aea 100644 --- a/src/host_tracker/host_cache.h +++ b/src/host_tracker/host_cache.h @@ -75,7 +75,7 @@ public: void print_config() { - if ( snort::SnortConfig::log_verbose() ) + if ( snort::SnortConfig::get_conf()->log_verbose() ) { std::lock_guard cache_lock(cache_mutex); diff --git a/src/host_tracker/test/host_cache_module_test.cc b/src/host_tracker/test/host_cache_module_test.cc index 4f1a5a94a..649741fdb 100644 --- a/src/host_tracker/test/host_cache_module_test.cc +++ b/src/host_tracker/test/host_cache_module_test.cc @@ -47,9 +47,15 @@ static char logged_message[LOG_MAX+1]; namespace snort { -SnortConfig* SnortConfig::get_conf() { return nullptr; } -char* snort_strdup(const char* s) { return strdup(s); } -Module* ModuleManager::get_module(const char*) { return nullptr; } +const SnortConfig* SnortConfig::get_conf() +{ return nullptr; } + +char* snort_strdup(const char* s) +{ return strdup(s); } + +Module* ModuleManager::get_module(const char*) +{ return nullptr; } + void LogMessage(const char* format,...) { va_list args; diff --git a/src/ips_options/asn1_util.cc b/src/ips_options/asn1_util.cc index 80455524b..caa87fa91 100644 --- a/src/ips_options/asn1_util.cc +++ b/src/ips_options/asn1_util.cc @@ -45,7 +45,7 @@ #include "asn1_util.h" -#include "main/snort_config.h" +#include "main/thread.h" #include "utils/util.h" using namespace snort; @@ -114,9 +114,9 @@ static ASN1_TYPE* asn1_node_alloc() ** @return none ** */ -void asn1_init_mem(SnortConfig* sc) +void asn1_init_mem(int asn1_mem) { - asn1_config.num_nodes = sc->asn1_mem; + asn1_config.num_nodes = asn1_mem; if (asn1_config.num_nodes > 0) asn1_config.mem = (ASN1_TYPE*)snort_calloc(asn1_config.num_nodes, sizeof(ASN1_TYPE)); @@ -134,7 +134,7 @@ void asn1_init_mem(SnortConfig* sc) ** @return none ** */ -void asn1_free_mem(SnortConfig*) +void asn1_free_mem() { if (asn1_config.mem != nullptr) { diff --git a/src/ips_options/asn1_util.h b/src/ips_options/asn1_util.h index 88f069190..4ff44a65f 100644 --- a/src/ips_options/asn1_util.h +++ b/src/ips_options/asn1_util.h @@ -147,12 +147,12 @@ struct SnortConfig; #define ASN1_ERR_INVALID_ARG (-7) #define ASN1_ERR_STACK (-8) -void asn1_init_mem(snort::SnortConfig*); -void asn1_free_mem(snort::SnortConfig*); +void asn1_init_mem(int asn1_mem); +void asn1_free_mem(); + int asn1_decode(const unsigned char* data, unsigned int len, ASN1_TYPE** asn1_type); int asn1_print_types(ASN1_TYPE* asn1_type, void* user); -int asn1_traverse(ASN1_TYPE* asn1, void* user, - int (* DetectFunc)(ASN1_TYPE*, void*)); +int asn1_traverse(ASN1_TYPE* asn1, void* user, int (* DetectFunc)(ASN1_TYPE*, void*)); #endif diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index 2abccf341..02632fa81 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -57,6 +57,7 @@ #include "framework/ips_option.h" #include "framework/module.h" #include "hash/hash_key_operations.h" +#include "main/snort_config.h" #include "profiler/profiler.h" #include "protocols/packet.h" @@ -264,6 +265,12 @@ static void mod_dtor(Module* m) delete m; } +static void asn1_init(const SnortConfig* sc) +{ asn1_init_mem(sc->asn1_mem); } + +static void asn1_term(const SnortConfig*) +{ asn1_free_mem(); } + static IpsOption* asn1_ctor(Module* p, OptTreeNode*) { Asn1Module* m = (Asn1Module*)p; @@ -291,8 +298,8 @@ static const IpsApi asn1_api = }, OPT_TYPE_DETECTION, 0, 0, - asn1_init_mem, - asn1_free_mem, + asn1_init, + asn1_term, nullptr, nullptr, asn1_ctor, diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index ed6c72bbc..4f5e2264c 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -539,7 +539,7 @@ static void flowbits_dtor(IpsOption* p) delete p; } -static void flowbits_verify(SnortConfig*) +static void flowbits_verify(const SnortConfig*) { flowbits_verify(); } diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index 56f498996..441bf7b2f 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -27,6 +27,7 @@ #include +#include "detection/ips_context.h" #include "framework/cursor.h" #include "framework/ips_option.h" #include "framework/module.h" @@ -272,45 +273,45 @@ static void pcre_parse(const SnortConfig* sc, const char* data, PcreData* pcre_d if (pcre_data->pe) { - if ((SnortConfig::get_pcre_match_limit() != 0) && + if ((sc->get_pcre_match_limit() != 0) && !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT)) { if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT) ) pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT; - pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); + pcre_data->pe->match_limit = sc->get_pcre_match_limit(); } - if ((SnortConfig::get_pcre_match_limit_recursion() != 0) && + if ((sc->get_pcre_match_limit_recursion() != 0) && !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT)) { if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION) ) pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; pcre_data->pe->match_limit_recursion = - SnortConfig::get_pcre_match_limit_recursion(); + sc->get_pcre_match_limit_recursion(); } } else { if (!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT) && - ((SnortConfig::get_pcre_match_limit() != 0) || - (SnortConfig::get_pcre_match_limit_recursion() != 0))) + ((sc->get_pcre_match_limit() != 0) || + (sc->get_pcre_match_limit_recursion() != 0))) { pcre_data->pe = (pcre_extra*)snort_calloc(sizeof(pcre_extra)); pcre_data->free_pe = true; - if (SnortConfig::get_pcre_match_limit() != 0) + if (sc->get_pcre_match_limit() != 0) { pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT; - pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit(); + pcre_data->pe->match_limit = sc->get_pcre_match_limit(); } - if (SnortConfig::get_pcre_match_limit_recursion() != 0) + if (sc->get_pcre_match_limit_recursion() != 0) { pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; pcre_data->pe->match_limit_recursion = - SnortConfig::get_pcre_match_limit_recursion(); + sc->get_pcre_match_limit_recursion(); } } } @@ -342,6 +343,7 @@ syntax: * found_offset will be set to -1 when the find is unsuccessful OR the routine is inverted */ static bool pcre_search( + Packet* p, const PcreData* pcre_data, const uint8_t* buf, unsigned len, @@ -352,7 +354,7 @@ static bool pcre_search( found_offset = -1; - std::vector ss = SnortConfig::get_conf()->state[get_instance_id()]; + std::vector ss = p->context->conf->state[get_instance_id()]; assert(ss[scratch_index]); int result = pcre_exec( @@ -363,7 +365,7 @@ static bool pcre_search( start_offset, /* start at offset 0 in the subject */ 0, /* options(handled at compile time */ (int*)ss[scratch_index], /* vector for substring information */ - SnortConfig::get_conf()->pcre_ovector_size); /* number of elements in the vector */ + p->context->conf->pcre_ovector_size); /* number of elements in the vector */ if (result >= 0) { @@ -547,12 +549,12 @@ bool PcreOption::operator==(const IpsOption& ips) const return false; } -IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet*) +IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet* p) { RuleProfile profile(pcrePerfStats); // short circuit this for testing pcre performance impact - if ( SnortConfig::no_pcre() ) + if ( p->context->conf->no_pcre() ) return NO_MATCH; unsigned pos = c.get_delta(); @@ -566,7 +568,7 @@ IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet*) int found_offset = -1; // where is the ending location of the pattern - if ( pcre_search(config, c.buffer()+adj, c.size()-adj, pos, found_offset) ) + if ( pcre_search(p, config, c.buffer()+adj, c.size()-adj, pos, found_offset) ) { if ( found_offset > 0 ) { @@ -678,8 +680,8 @@ private: Module* mod_regex = nullptr; std::string re; - static bool scratch_setup(SnortConfig* sc); - static void scratch_cleanup(SnortConfig* sc); + static bool scratch_setup(SnortConfig*); + static void scratch_cleanup(SnortConfig*); }; PcreData* PcreModule::get_data() diff --git a/src/ips_options/ips_replace.cc b/src/ips_options/ips_replace.cc index 50071f2ee..46111f6ed 100644 --- a/src/ips_options/ips_replace.cc +++ b/src/ips_options/ips_replace.cc @@ -50,9 +50,9 @@ static void replace_parse(const char* args, string& s) ParseError("can't negate replace string"); } -static bool replace_ok() +static bool replace_ok(const SnortConfig* sc) { - if ( SnortConfig::inline_mode() and SFDAQ::can_replace() ) + if ( sc->inline_mode() and SFDAQ::can_replace() ) return true; static THREAD_LOCAL bool warned = false; @@ -167,7 +167,7 @@ IpsOption::EvalStatus ReplaceOption::eval(Cursor& c, Packet* p) if ( c.get_pos() < repl.size() ) return NO_MATCH; - if ( replace_ok() ) + if ( replace_ok(p->context->conf) ) store(c.get_pos() - repl.size()); return MATCH; diff --git a/src/ips_options/test/ips_regex_test.cc b/src/ips_options/test/ips_regex_test.cc index b3d5e45da..16bb91889 100644 --- a/src/ips_options/test/ips_regex_test.cc +++ b/src/ips_options/test/ips_regex_test.cc @@ -70,7 +70,7 @@ int SnortConfig::request_scratch(ScratchAllocator* s) void SnortConfig::release_scratch(int) { } -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } Packet::Packet(bool) { } diff --git a/src/log/log_text.cc b/src/log/log_text.cc index cbab0915a..3b21cb5cf 100644 --- a/src/log/log_text.cc +++ b/src/log/log_text.cc @@ -152,7 +152,7 @@ void Log2ndHeader(TextLog* log, Packet* p) if ( SFDAQ::get_base_protocol() == DLT_EN10MB ) LogEthHeader(log, p); - else if ( SnortConfig::log_verbose() ) + else if ( p->context->conf->log_verbose() ) ErrorMessage("Datalink %i (not supported)\n", SFDAQ::get_base_protocol()); } @@ -265,13 +265,13 @@ void LogIpAddrs(TextLog* log, Packet* p) const char* ip_fmt = "%s -> %s"; InetBuf src, dst; - if (SnortConfig::obfuscate()) + if (p->context->conf->obfuscate()) { ObfuscateIpToText(p->ptrs.ip_api.get_src(), - SnortConfig::get_conf()->homenet, SnortConfig::get_conf()->obfuscation_net, src); + p->context->conf->homenet, p->context->conf->obfuscation_net, src); ObfuscateIpToText(p->ptrs.ip_api.get_dst(), - SnortConfig::get_conf()->homenet, SnortConfig::get_conf()->obfuscation_net, dst); + p->context->conf->homenet, p->context->conf->obfuscation_net, dst); TextLog_Print(log, ip_fmt, src, dst); } @@ -287,13 +287,13 @@ void LogIpAddrs(TextLog* log, Packet* p) const char* ip_fmt = "%s:%d -> %s:%d"; InetBuf src, dst; - if (SnortConfig::obfuscate()) + if (p->context->conf->obfuscate()) { ObfuscateIpToText(p->ptrs.ip_api.get_src(), - SnortConfig::get_conf()->homenet, SnortConfig::get_conf()->obfuscation_net, src); + p->context->conf->homenet, p->context->conf->obfuscation_net, src); ObfuscateIpToText(p->ptrs.ip_api.get_dst(), - SnortConfig::get_conf()->homenet, SnortConfig::get_conf()->obfuscation_net, dst); + p->context->conf->homenet, p->context->conf->obfuscation_net, dst); TextLog_Print(log, ip_fmt, src, p->ptrs.sp, dst, p->ptrs.dp); } @@ -320,7 +320,7 @@ void LogIPHeader(TextLog* log, Packet* p) LogIpAddrs(log, p); - if (!SnortConfig::output_datalink()) + if (!p->context->conf->output_datalink()) { TextLog_NewLine(log); } @@ -692,14 +692,11 @@ static void LogEmbeddedICMPHeader(TextLog* log, const ICMPHdr* icmph) */ static void LogICMPEmbeddedIP(TextLog* log, Packet* p) { - if (log == nullptr || p == nullptr) - return; - // FIXIT-L -- Allocating a new Packet here is ridiculously excessive. - Packet* orig_p = new Packet; - Packet& op = *orig_p; + Packet* orig = DetectionEngine::set_next_packet(p); + orig->context->conf = p->context->conf; - if (!layer::set_api_ip_embed_icmp(p, op.ptrs.ip_api)) + if (!layer::set_api_ip_embed_icmp(p, orig->ptrs.ip_api)) { TextLog_Puts(log, "\nORIGINAL DATAGRAM TRUNCATED"); } @@ -709,38 +706,35 @@ static void LogICMPEmbeddedIP(TextLog* log, Packet* p) { case PROTO_BIT__TCP_EMBED_ICMP: { - const tcp::TCPHdr* const tcph = layer::get_tcp_embed_icmp(op.ptrs.ip_api); + const tcp::TCPHdr* const tcph = layer::get_tcp_embed_icmp(orig->ptrs.ip_api); if (tcph) { - orig_p->ptrs.sp = tcph->src_port(); - orig_p->ptrs.dp = tcph->dst_port(); - orig_p->ptrs.tcph = tcph; - orig_p->ptrs.set_pkt_type(PktType::TCP); + orig->ptrs.sp = tcph->src_port(); + orig->ptrs.dp = tcph->dst_port(); + orig->ptrs.tcph = tcph; + orig->ptrs.set_pkt_type(PktType::TCP); TextLog_Print(log, "\n** ORIGINAL DATAGRAM DUMP:\n"); - LogIPHeader(log, orig_p); - - TextLog_Print(log, "Seq: 0x%lX\n", - (u_long)ntohl(orig_p->ptrs.tcph->th_seq)); + LogIPHeader(log, orig); + TextLog_Print(log, "Seq: 0x%lX\n", (u_long)ntohl(orig->ptrs.tcph->th_seq)); } break; } case PROTO_BIT__UDP_EMBED_ICMP: { - const udp::UDPHdr* const udph = layer::get_udp_embed_icmp(op.ptrs.ip_api); + const udp::UDPHdr* const udph = layer::get_udp_embed_icmp(orig->ptrs.ip_api); if (udph) { - orig_p->ptrs.sp = udph->src_port(); - orig_p->ptrs.dp = udph->dst_port(); - orig_p->ptrs.udph = udph; - orig_p->ptrs.set_pkt_type(PktType::UDP); + orig->ptrs.sp = udph->src_port(); + orig->ptrs.dp = udph->dst_port(); + orig->ptrs.udph = udph; + orig->ptrs.set_pkt_type(PktType::UDP); TextLog_Print(log, "\n** ORIGINAL DATAGRAM DUMP:\n"); - LogIPHeader(log, orig_p); - TextLog_Print(log, "Len: %d Csum: %d\n", - udph->len() - udp::UDP_HEADER_LEN, - udph->cksum()); + LogIPHeader(log, orig); + TextLog_Print( + log, "Len: %d Csum: %d\n", udph->len() - udp::UDP_HEADER_LEN, udph->cksum()); } break; } @@ -748,10 +742,11 @@ static void LogICMPEmbeddedIP(TextLog* log, Packet* p) case PROTO_BIT__ICMP_EMBED_ICMP: { TextLog_Print(log, "\n** ORIGINAL DATAGRAM DUMP:\n"); - LogIPHeader(log, orig_p); + LogIPHeader(log, orig); - const icmp::ICMPHdr* icmph = layer::get_icmp_embed_icmp(op.ptrs.ip_api); - if (icmph != nullptr) + const icmp::ICMPHdr* icmph = layer::get_icmp_embed_icmp(orig->ptrs.ip_api); + + if (icmph) LogEmbeddedICMPHeader(log, icmph); break; } @@ -759,27 +754,22 @@ static void LogICMPEmbeddedIP(TextLog* log, Packet* p) default: { TextLog_Print(log, "\n** ORIGINAL DATAGRAM DUMP:\n"); - LogIPHeader(log, orig_p); + LogIPHeader(log, orig); TextLog_Print(log, "Protocol: 0x%X (unknown or " - "header truncated)", orig_p->ptrs.ip_api.proto()); + "header truncated)", orig->ptrs.ip_api.proto()); break; } } /* switch */ /* if more than 8 bytes of original IP payload sent */ - const int16_t more_bytes = p->dsize - 8; + if (more_bytes > 0) - { - TextLog_Print(log, "(%d more bytes of original packet)\n", - more_bytes); - } + TextLog_Print(log, "(%d more bytes of original packet)\n", more_bytes); TextLog_Puts(log, "** END OF DUMP"); } - - delete orig_p; } /*-------------------------------------------------------------------- @@ -1126,7 +1116,7 @@ static void obfuscate(Packet* p, const uint8_t* data, int& ip_ob_start, int& ip_ assert(p); ip_ob_start = ip_ob_end = -1; - if ( !SnortConfig::obfuscate() ) + if ( !p->context->conf->obfuscate() ) return; const ProtocolIndex ipv4_idx = PacketManager::proto_idx(ProtocolId::IPIP); @@ -1177,7 +1167,7 @@ void LogNetData( } const HexAsciiLayout& hal = SnortConfig::get_conf()->output_wide_hex() ? hal_wide : hal_std; - const char* hdr_off = SnortConfig::verbose_byte_dump() ? hal.offset_hdr : ""; + const char* hdr_off = p->context->conf->verbose_byte_dump() ? hal.offset_hdr : ""; if ( !ins_name ) ins_name = p->flow and p->flow->gadget ? p->flow->gadget->get_name() : "snort"; @@ -1193,7 +1183,7 @@ void LogNetData( /* loop thru the whole buffer */ while ( pb < end ) { - if (SnortConfig::verbose_byte_dump()) + if (p->context->conf->verbose_byte_dump()) { TextLog_Print(log, hal.offset_fmt, offset); offset += hal.bytes_per_frame; @@ -1246,7 +1236,7 @@ void LogNetData( void LogIPPkt(TextLog* log, Packet* p) { - if ( SnortConfig::output_datalink() ) + if ( p->context->conf->output_datalink() ) { Log2ndHeader(log, p); @@ -1323,9 +1313,9 @@ void LogIPPkt(TextLog* log, Packet* p) void LogPayload(TextLog* log, Packet* p) { /* dump the application layer data */ - if (SnortConfig::output_app_data() && !SnortConfig::verbose_byte_dump()) + if (p->context->conf->output_app_data() && !p->context->conf->verbose_byte_dump()) { - if (SnortConfig::output_char_data()) + if (p->context->conf->output_char_data()) { LogCharData(log, p->data, p->dsize); @@ -1363,7 +1353,7 @@ void LogPayload(TextLog* log, Packet* p) } } } - else if (SnortConfig::verbose_byte_dump()) + else if (p->context->conf->verbose_byte_dump()) { LogNetData(log, p->pkt, p->pktlen, p); } diff --git a/src/log/messages.cc b/src/log/messages.cc index b512ea03d..42e91a2d1 100644 --- a/src/log/messages.cc +++ b/src/log/messages.cc @@ -174,20 +174,29 @@ void ReloadError(const char* format, ...) FatalError("%s\n", buf); } +static bool log_syslog() +{ + const SnortConfig* sc = SnortConfig::get_conf(); + return sc and sc->log_syslog(); +} + +static bool log_quiet() +{ + const SnortConfig* sc = SnortConfig::get_conf(); + return sc and sc->log_quiet(); +} + static void WriteLogMessage(FILE* fh, bool prefer_fh, const char* format, va_list& ap) { - if ( SnortConfig::get_conf() && !prefer_fh ) + if ( prefer_fh or !log_syslog() ) { - if ( SnortConfig::log_syslog() ) - { - char buf[STD_BUF+1]; - vsnprintf(buf, STD_BUF, format, ap); - buf[STD_BUF] = '\0'; - syslog(LOG_DAEMON | LOG_NOTICE, "%s", buf); - return; - } + vfprintf(fh, format, ap); + return; } - vfprintf(fh, format, ap); + char buf[STD_BUF+1]; + vsnprintf(buf, STD_BUF, format, ap); + buf[STD_BUF] = '\0'; + syslog(LOG_DAEMON | LOG_NOTICE, "%s", buf); } /* @@ -202,7 +211,7 @@ static void WriteLogMessage(FILE* fh, bool prefer_fh, const char* format, va_lis */ void LogMessage(const char* format,...) { - if ( SnortConfig::get_conf() and SnortConfig::log_quiet() ) + if ( log_quiet() ) return; va_list ap; @@ -215,7 +224,7 @@ void LogMessage(const char* format,...) void LogMessage(FILE* fh, const char* format,...) { - if ( fh == stdout and SnortConfig::get_conf() and SnortConfig::log_quiet() ) + if ( fh == stdout and log_quiet() ) return; va_list ap; @@ -242,7 +251,7 @@ void WarningMessage(const char* format,...) va_start(ap, format); - if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) + if ( log_syslog() ) { char buf[STD_BUF+1]; vsnprintf(buf, STD_BUF, format, ap); @@ -273,7 +282,7 @@ void ErrorMessage(const char* format,...) va_start(ap, format); - if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) + if ( log_syslog() ) { char buf[STD_BUF+1]; vsnprintf(buf, STD_BUF, format, ap); @@ -317,7 +326,7 @@ void ErrorMessage(const char* format,...) buf[STD_BUF] = '\0'; - if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) + if ( log_syslog() ) { syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "FATAL ERROR: %s", buf); } diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index f223b1a2c..41770da33 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -654,7 +654,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* csv_ctor(SnortConfig*, Module* mod) +static Logger* csv_ctor(Module* mod) { return new CsvLogger((CsvModule*)mod); } static void csv_dtor(Logger* p) diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 7f1a43837..78087545d 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -227,7 +227,7 @@ void FastLogger::alert(Packet* p, const char* msg, const Event& event) TextLog_Print(fast_log, "[%u:%u:%u] ", event.sig_info->gid, event.sig_info->sid, event.sig_info->rev); - if (SnortConfig::alert_interface()) + if (p->context->conf->alert_interface()) TextLog_Print(fast_log, " <%s> ", SFDAQ::get_input_spec()); if ( msg ) @@ -241,7 +241,7 @@ void FastLogger::alert(Packet* p, const char* msg, const Event& event) TextLog_Print(fast_log, "{%s} ", p->get_type()); LogIpAddrs(fast_log, p); - if ( packet || SnortConfig::output_app_data() ) + if ( packet || p->context->conf->output_app_data() ) { log_data(p, event); } @@ -333,7 +333,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* fast_ctor(SnortConfig*, Module* mod) +static Logger* fast_ctor(Module* mod) { return new FastLogger((FastModule*)mod); } static void fast_dtor(Logger* p) diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index 4de7f3712..306fa5202 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -37,6 +37,7 @@ #include "config.h" #endif +#include "detection/ips_context.h" #include "detection/signature.h" #include "events/event.h" #include "framework/logger.h" @@ -155,7 +156,7 @@ void FullLogger::alert(Packet* p, const char* msg, const Event& event) TextLog_Print(full_log, "[%u:%u:%u] ", event.sig_info->gid, event.sig_info->sid, event.sig_info->rev); - if (SnortConfig::alert_interface()) + if (p->context->conf->alert_interface()) { const char* iface = SFDAQ::get_input_spec(); TextLog_Print(full_log, " <%s> ", iface); @@ -171,7 +172,7 @@ void FullLogger::alert(Packet* p, const char* msg, const Event& event) TextLog_Puts(full_log, "[**]\n"); } - if (p && p->has_ip()) + if (p->has_ip()) { LogPriorityData(full_log, event); TextLog_NewLine(full_log); @@ -182,11 +183,11 @@ void FullLogger::alert(Packet* p, const char* msg, const Event& event) LogTimeStamp(full_log, p); TextLog_Putc(full_log, ' '); - if (p && p->has_ip()) + if (p->has_ip()) { /* print the packet header to the alert file */ - if (SnortConfig::output_datalink()) + if (p->context->conf->output_datalink()) { Log2ndHeader(full_log, p); } @@ -230,7 +231,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* full_ctor(SnortConfig*, Module* mod) +static Logger* full_ctor(Module* mod) { return new FullLogger((FullModule*)mod); } static void full_dtor(Logger* p) diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index 41255f18e..6978b40e8 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -841,7 +841,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* json_ctor(SnortConfig*, Module* mod) +static Logger* json_ctor(Module* mod) { return new JsonLogger((JsonModule*)mod); } static void json_dtor(Logger* p) diff --git a/src/loggers/alert_luajit.cc b/src/loggers/alert_luajit.cc index 79e6c974d..933ce1a74 100644 --- a/src/loggers/alert_luajit.cc +++ b/src/loggers/alert_luajit.cc @@ -200,7 +200,7 @@ static void mod_dtor(Module* m) delete m; } -static Logger* log_ctor(SnortConfig*, Module* m) +static Logger* log_ctor(Module* m) { const char* key = m->get_name(); std::string* chunk = ScriptManager::get_chunk(key); diff --git a/src/loggers/alert_sf_socket.cc b/src/loggers/alert_sf_socket.cc index 9c15e4b4a..cf0c8caf9 100644 --- a/src/loggers/alert_sf_socket.cc +++ b/src/loggers/alert_sf_socket.cc @@ -249,9 +249,11 @@ static OptTreeNode* OptTreeNode_Search(uint32_t, uint32_t sid) if (sid == 0) return nullptr; - for (hashNode = SnortConfig::get_conf()->otn_map->find_first(); + const SnortConfig* sc = SnortConfig::get_conf(); + + for (hashNode = sc->otn_map->find_first(); hashNode; - hashNode = SnortConfig::get_conf()->otn_map->find_next()) + hashNode = sc->otn_map->find_next()) { OptTreeNode* otn = (OptTreeNode*)hashNode->data; RuleTreeNode* rtn = getRuntimeRtnFromOtn(otn); @@ -384,7 +386,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* sf_sock_ctor(SnortConfig*, Module* mod) +static Logger* sf_sock_ctor(Module* mod) { return new SfSocketLogger((SfSocketModule*)mod); } static void sf_sock_dtor(Logger* p) diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index 1cc4f88ed..3fd09cd98 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -24,6 +24,7 @@ #include +#include "detection/ips_context.h" #include "detection/signature.h" #include "events/event.h" #include "framework/logger.h" @@ -93,8 +94,11 @@ static int get_level(unsigned lvl) return 0; } -#define syslog_options \ - "cons | ndelay | perror | pid" +#ifdef LOG_PERROR +#define syslog_options "cons | ndelay | perror | pid" +#else +#define syslog_options "cons | ndelay | pid" +#endif static int get_options(const char* s) { @@ -181,9 +185,9 @@ bool SyslogModule::begin(const char*, int, SnortConfig*) return true; } -bool SyslogModule::end(const char*, int, SnortConfig*) +bool SyslogModule::end(const char*, int, SnortConfig* sc) { - if ( SnortConfig::daemon_mode() ) + if ( sc->daemon_mode() ) options |= LOG_PID; return true; @@ -222,7 +226,7 @@ static void AlertSyslog( "[Priority: %u] ", event.sig_info->priority); } - if (SnortConfig::alert_interface()) + if (p->context->conf->alert_interface()) { SnortSnprintfAppend(event_string, sizeof(event_string), "<%s> ", SFDAQ::get_input_spec()); @@ -249,13 +253,13 @@ static void AlertSyslog( const char* ip_fmt = "%s -> %s"; InetBuf src, dst; - if (SnortConfig::obfuscate()) + if (p->context->conf->obfuscate()) { - ObfuscateIpToText(p->ptrs.ip_api.get_src(), SnortConfig::get_conf()->homenet, - SnortConfig::get_conf()->obfuscation_net, src); + ObfuscateIpToText(p->ptrs.ip_api.get_src(), p->context->conf->get_conf()->homenet, + p->context->conf->get_conf()->obfuscation_net, src); - ObfuscateIpToText(p->ptrs.ip_api.get_dst(), SnortConfig::get_conf()->homenet, - SnortConfig::get_conf()->obfuscation_net, dst); + ObfuscateIpToText(p->ptrs.ip_api.get_dst(), p->context->conf->get_conf()->homenet, + p->context->conf->get_conf()->obfuscation_net, dst); SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt, src, dst); } @@ -271,13 +275,13 @@ static void AlertSyslog( const char* ip_fmt = "%s:%d -> %s:%d"; InetBuf src, dst; - if (SnortConfig::obfuscate()) + if (p->context->conf->obfuscate()) { - ObfuscateIpToText(p->ptrs.ip_api.get_src(), SnortConfig::get_conf()->homenet, - SnortConfig::get_conf()->obfuscation_net, src); + ObfuscateIpToText(p->ptrs.ip_api.get_src(), p->context->conf->get_conf()->homenet, + p->context->conf->get_conf()->obfuscation_net, src); - ObfuscateIpToText(p->ptrs.ip_api.get_dst(), SnortConfig::get_conf()->homenet, - SnortConfig::get_conf()->obfuscation_net, dst); + ObfuscateIpToText(p->ptrs.ip_api.get_dst(), p->context->conf->get_conf()->homenet, + p->context->conf->get_conf()->obfuscation_net, dst); SnortSnprintfAppend(event_string, sizeof(event_string), ip_fmt, src, p->ptrs.sp, dst, p->ptrs.dp); @@ -338,7 +342,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* syslog_ctor(SnortConfig*, Module* mod) +static Logger* syslog_ctor(Module* mod) { return new SyslogLogger((SyslogModule*)mod); } static void syslog_dtor(Logger* p) diff --git a/src/loggers/alert_talos.cc b/src/loggers/alert_talos.cc index 807531dc5..b602d9ce4 100644 --- a/src/loggers/alert_talos.cc +++ b/src/loggers/alert_talos.cc @@ -208,7 +208,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* talos_ctor(SnortConfig*, Module* mod) +static Logger* talos_ctor(Module* mod) { return new TalosLogger((TalosModule*)mod); } static void talos_dtor(Logger* p) diff --git a/src/loggers/alert_unixsock.cc b/src/loggers/alert_unixsock.cc index c20834853..5c7936cf4 100644 --- a/src/loggers/alert_unixsock.cc +++ b/src/loggers/alert_unixsock.cc @@ -271,7 +271,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* unix_sock_ctor(SnortConfig*, Module*) +static Logger* unix_sock_ctor(Module*) { return new UnixSockLogger; } static void unix_sock_dtor(Logger* p) diff --git a/src/loggers/log_codecs.cc b/src/loggers/log_codecs.cc index aac88c176..4a33a0c08 100644 --- a/src/loggers/log_codecs.cc +++ b/src/loggers/log_codecs.cc @@ -156,7 +156,7 @@ void CodecLogger::log(Packet* p, const char* msg, Event* e) PacketManager::log_protocols(test_file, p); TextLog_NewLine(test_file); - if ( p->dsize and SnortConfig::output_app_data() ) + if ( p->dsize and p->context->conf->output_app_data() ) LogNetData(test_file, p->data, p->dsize, p); TextLog_NewLine(test_file); @@ -172,7 +172,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* codec_log_ctor(SnortConfig*, Module* mod) +static Logger* codec_log_ctor(Module* mod) { return new CodecLogger((LogCodecModule*)mod); } static void codec_log_dtor(Logger* p) diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc index eea98a901..ce95f1998 100644 --- a/src/loggers/log_hext.cc +++ b/src/loggers/log_hext.cc @@ -298,7 +298,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* hext_ctor(SnortConfig*, Module* mod) +static Logger* hext_ctor(Module* mod) { return new HextLogger((HextModule*)mod); } diff --git a/src/loggers/log_pcap.cc b/src/loggers/log_pcap.cc index 55a5569b7..ee774c158 100644 --- a/src/loggers/log_pcap.cc +++ b/src/loggers/log_pcap.cc @@ -24,6 +24,7 @@ #include +#include "detection/ips_context.h" #include "framework/logger.h" #include "framework/module.h" #include "log/messages.h" @@ -140,7 +141,7 @@ static void LogTcpdumpSingle( pcap_dump((uint8_t*)context.dumpd, &pcaphdr, p->pkt); context.size += dumpSize; - if (!SnortConfig::line_buffered_logging()) // FIXIT-L misnomer + if (!p->context->conf->line_buffered_logging()) // FIXIT-L misnomer { fflush( (FILE*)context.dumpd); } @@ -272,7 +273,7 @@ PcapLogger::~PcapLogger() void PcapLogger::open() { - TcpdumpInitLogFile(config, SnortConfig::output_no_timestamp()); + TcpdumpInitLogFile(config, SnortConfig::get_conf()->output_no_timestamp()); } void PcapLogger::close() @@ -318,7 +319,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* tcpdump_ctor(SnortConfig*, Module* mod) +static Logger* tcpdump_ctor(Module* mod) { return new PcapLogger((TcpdumpModule*)mod); } static void tcpdump_dtor(Logger* p) diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 940a8e452..9516f1d59 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -839,10 +839,10 @@ bool U2Module::set(const char*, Value& v, SnortConfig*) return true; } -bool U2Module::begin(const char*, int, SnortConfig*) +bool U2Module::begin(const char*, int, SnortConfig* sc) { limit = 0; - nostamp = SnortConfig::output_no_timestamp(); + nostamp = sc->output_no_timestamp(); legacy_events = false; return true; } @@ -1006,7 +1006,7 @@ static Module* mod_ctor() static void mod_dtor(Module* m) { delete m; } -static Logger* u2_ctor(SnortConfig*, Module* mod) +static Logger* u2_ctor(Module* mod) { return new U2Logger((U2Module*)mod); } static void u2_dtor(Logger* p) diff --git a/src/main.cc b/src/main.cc index f64bd5ed9..9f3853e76 100644 --- a/src/main.cc +++ b/src/main.cc @@ -88,7 +88,7 @@ static const char* prompt = "o\")~ "; const char* get_prompt() { return prompt; } -static bool use_shell(SnortConfig* sc) +static bool use_shell(const SnortConfig* sc) { #ifdef SHELL return ( sc->run_flags & RUN_FLAG__SHELL ); @@ -148,8 +148,9 @@ private: bool Pig::prep(const char* source) { - SnortConfig* sc = SnortConfig::get_conf(); + const SnortConfig* sc = SnortConfig::get_conf(); SFDAQInstance *instance = new SFDAQInstance(source, idx, sc->daq_config); + if (!SFDAQ::init_instance(instance, sc->bpf_filter)) { delete instance; @@ -170,7 +171,7 @@ void Pig::start() assert(!athread); LogMessage("++ [%u] %s\n", idx, analyzer->get_source()); - Swapper* ps = new Swapper(SnortConfig::get_conf(), HostAttributes::get_host_attributes_table()); + Swapper* ps = new Swapper(SnortConfig::get_main_conf(), HostAttributes::get_host_attributes_table()); athread = new std::thread(std::ref(*analyzer), ps, ++run_num); } @@ -347,7 +348,7 @@ int main_reload_config(lua_State* L) } current_request->respond(".. reloading configuration\n"); - SnortConfig* old = SnortConfig::get_conf(); + const SnortConfig* old = SnortConfig::get_conf(); SnortConfig* sc = Snort::get_reload_config(fname, plugin_path); if ( !sc ) @@ -362,7 +363,6 @@ int main_reload_config(lua_State* L) else current_request->respond("== reload failed - bad config\n"); - SnortConfig::set_parser_conf(nullptr); return 0; } @@ -381,7 +381,6 @@ int main_reload_config(lua_State* L) current_request->respond(".. swapping configuration\n", from_shell); main_broadcast_command(new ACSwap(new Swapper(old, sc, old_tc, tc), current_request, from_shell), from_shell); - SnortConfig::set_parser_conf(nullptr); return 0; } @@ -408,7 +407,7 @@ int main_reload_policy(lua_State* L) return 0; } - SnortConfig* old = SnortConfig::get_conf(); + SnortConfig* old = SnortConfig::get_main_conf(); SnortConfig* sc = Snort::get_updated_policy(old, fname, nullptr); if ( !sc ) @@ -449,7 +448,7 @@ int main_reload_module(lua_State* L) return 0; } - SnortConfig* old = SnortConfig::get_conf(); + SnortConfig* old = SnortConfig::get_main_conf(); SnortConfig* sc = Snort::get_updated_module(old, fname); if ( !sc ) @@ -496,7 +495,7 @@ int main_reload_hosts(lua_State* L) } proc_stats.attribute_table_overflow = 0; - HostAttributes::load_hosts_file(SnortConfig::get_conf(), fname); + HostAttributes::load_hosts_file(SnortConfig::get_main_conf(), fname); HostAttributesTable* old = HostAttributes::get_host_attributes_table(); HostAttributesTable* tc = HostAttributes::activate(); @@ -540,7 +539,7 @@ int main_delete_inspector(lua_State* L) return 0; } - SnortConfig* old = SnortConfig::get_conf(); + SnortConfig* old = SnortConfig::get_main_conf(); SnortConfig* sc = Snort::get_updated_policy(old, nullptr, iname); if ( !sc ) @@ -742,20 +741,20 @@ static void service_check() // main foo //------------------------------------------------------------------------- -static bool just_validate() +static bool just_validate(const SnortConfig* sc) { - if ( SnortConfig::test_mode() ) + if ( sc->test_mode() ) return true; - if ( use_shell(SnortConfig::get_conf()) ) + if ( use_shell(sc) ) return false; - if ( SnortConfig::get_conf()->daq_config->module_configs.empty() ) + if ( sc->daq_config->module_configs.empty() ) { - if ( SnortConfig::read_mode() && !Trough::get_queue_size() ) + if ( sc->read_mode() && !Trough::get_queue_size() ) return true; - if ( !SnortConfig::read_mode() && !SFDAQ::get_input_spec(SnortConfig::get_conf()->daq_config, 0) ) + if ( !sc->read_mode() && !SFDAQ::get_input_spec(sc->daq_config, 0) ) return true; } @@ -785,47 +784,49 @@ static bool set_mode() if ( unsigned k = get_parse_errors() ) FatalError("see prior %u errors (%u warnings)\n", k, warnings); - if ( SnortConfig::conf_error_out() ) + SnortConfig* sc = SnortConfig::get_main_conf(); + + if ( sc->conf_error_out() ) { if ( warnings ) FatalError("see prior %u warnings\n", warnings); } - if ( SnortConfig::dump_msg_map() ) + if ( sc->dump_msg_map() ) { - dump_msg_map(SnortConfig::get_conf()); + dump_msg_map(sc); return false; } - if ( SnortConfig::dump_rule_deps() ) + if ( sc->dump_rule_deps() ) { - dump_rule_deps(SnortConfig::get_conf()); + dump_rule_deps(sc); return false; } - if ( SnortConfig::dump_rule_meta() ) + if ( sc->dump_rule_meta() ) { - dump_rule_meta(SnortConfig::get_conf()); + dump_rule_meta(sc); return false; } - if ( SnortConfig::dump_rule_state() ) + if ( sc->dump_rule_state() ) { - dump_rule_state(SnortConfig::get_conf()); + dump_rule_state(sc); return false; } - if ( just_validate() ) + if ( just_validate(sc) ) { LogMessage("\nSnort successfully validated the configuration (with %u warnings).\n", warnings); // force test mode to exit w/o stats - SnortConfig::get_conf()->run_flags |= RUN_FLAG__TEST; + sc->run_flags |= RUN_FLAG__TEST; return false; } - if ( SnortConfig::get_conf()->run_flags & RUN_FLAG__PAUSE ) + if ( sc->run_flags & RUN_FLAG__PAUSE ) { LogMessage("Paused; resume to start packet processing\n"); paused = true; @@ -834,7 +835,7 @@ static bool set_mode() LogMessage("Commencing packet processing\n"); #ifdef SHELL - if ( use_shell(SnortConfig::get_conf()) ) + if ( use_shell(sc) ) { LogMessage("Entering command shell\n"); ControlMgmt::add_control(STDOUT_FILENO, true); @@ -916,11 +917,11 @@ static void main_loop() { unsigned swine = 0, pending_privileges = 0; - if (SnortConfig::change_privileges()) + if (SnortConfig::get_conf()->change_privileges()) pending_privileges = max_pigs; // Preemptively prep all pigs in live traffic mode - if (!SnortConfig::read_mode()) + if (!SnortConfig::get_conf()->read_mode()) { for (unsigned i = 0; i < max_pigs; i++) { diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index c2cd39392..e381102de 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -193,7 +193,7 @@ static bool process_packet(Packet* p) PacketTracer::activate(*p); // FIXIT-M should not need to set policies here - set_default_policy(); + set_default_policy(p->context->conf); p->user_inspection_policy_id = get_inspection_policy()->user_policy_id; p->user_ips_policy_id = get_ips_policy()->user_policy_id; p->user_network_policy_id = get_network_policy()->user_policy_id; @@ -272,7 +272,7 @@ static DAQ_Verdict distill_verdict(Packet* p) daq_stats.internal_blacklist++; verdict = DAQ_VERDICT_BLOCK; } - else if ( SnortConfig::inline_mode() || act->packet_force_dropped() ) + else if ( p->context->conf->inline_mode() || act->packet_force_dropped() ) verdict = DAQ_VERDICT_BLACKLIST; else verdict = DAQ_VERDICT_IGNORE; @@ -387,7 +387,6 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p) void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry) { const DAQ_PktHdr_t* pkthdr = daq_msg_get_pkthdr(msg); - set_default_policy(); pc.analyzed_pkts++; @@ -396,19 +395,22 @@ void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry) DetectionEngine::wait_for_context(); switcher->start(); + Packet* p = switcher->get_context()->packet; oops_handler->set_current_packet(p); p->context->wire_packet = p; p->context->packet_number = get_packet_number(); + set_default_policy(p->context->conf); DetectionEngine::reset(); - sfthreshold_reset(); Active::clear_queue(p); p->daq_msg = msg; p->daq_instance = daq_instance; + PacketManager::decode(p, pkthdr, daq_msg_get_data(msg), daq_msg_get_data_len(msg), false, retry); + if (process_packet(p)) { post_process_daq_pkt_msg(p); @@ -590,7 +592,7 @@ void Analyzer::init_unprivileged() for ( unsigned i = 0; i < max_contexts; ++i ) switcher->push(new IpsContext); - SnortConfig* sc = SnortConfig::get_conf(); + const SnortConfig* sc = SnortConfig::get_conf(); // This should be called as soon as possible // to handle all trace log messages @@ -607,7 +609,7 @@ void Analyzer::init_unprivileged() detection_filter_init(sc->detection_filter_config); EventManager::open_outputs(); - IpsManager::setup_options(); + IpsManager::setup_options(sc); ActionManager::thread_init(sc); FileService::thread_init(); SideChannelManager::thread_init(); @@ -624,7 +626,7 @@ void Analyzer::init_unprivileged() SFRF_Alloc(sc->rate_filter_config->memcap); } -void Analyzer::reinit(SnortConfig* sc) +void Analyzer::reinit(const SnortConfig* sc) { InspectorManager::thread_reinit(sc); ActionManager::thread_reinit(sc); @@ -633,7 +635,7 @@ void Analyzer::reinit(SnortConfig* sc) void Analyzer::term() { - SnortConfig* sc = SnortConfig::get_conf(); + const SnortConfig* sc = SnortConfig::get_conf(); HighAvailabilityManager::thread_term_beginning(); @@ -650,11 +652,11 @@ void Analyzer::term() DetectionEngine::idle(); InspectorManager::thread_stop(sc); - ModuleManager::accumulate(sc); - InspectorManager::thread_term(sc); - ActionManager::thread_term(sc); + ModuleManager::accumulate(); + InspectorManager::thread_term(); + ActionManager::thread_term(); - IpsManager::clear_options(); + IpsManager::clear_options(sc); EventManager::close_outputs(); CodecManager::thread_term(); HighAvailabilityManager::thread_term(); @@ -716,7 +718,7 @@ void Analyzer::operator()(Swapper* ps, uint16_t run_num) ps->apply(*this); delete ps; - if (SnortConfig::pcap_show()) + if (SnortConfig::get_conf()->pcap_show()) show_source(); // init here to pin separately from packet threads @@ -724,8 +726,8 @@ void Analyzer::operator()(Swapper* ps, uint16_t run_num) // Perform all packet thread initialization actions that need to be taken with escalated // privileges prior to starting the DAQ module. - SnortConfig::get_conf()->thread_config->implement_thread_affinity(STHREAD_TYPE_PACKET, - get_instance_id()); + SnortConfig::get_conf()->thread_config->implement_thread_affinity( + STHREAD_TYPE_PACKET, get_instance_id()); SFDAQ::set_local_instance(daq_instance); set_state(State::INITIALIZED); diff --git a/src/main/analyzer.h b/src/main/analyzer.h index 36446cdab..01f4111f4 100644 --- a/src/main/analyzer.h +++ b/src/main/analyzer.h @@ -104,7 +104,7 @@ public: void pause(); void resume(uint64_t msg_cnt); void reload_daq(); - void reinit(snort::SnortConfig*); + void reinit(const snort::SnortConfig*); void rotate(); snort::SFDAQInstance* get_daq_instance() { return daq_instance; } diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc index 57f3c6b94..5528a3032 100644 --- a/src/main/analyzer_command.cc +++ b/src/main/analyzer_command.cc @@ -81,7 +81,7 @@ bool ACGetStats::execute(Analyzer&, void**) // FIXIT-P This incurs locking on all threads to retrieve stats. It // could be reimplemented to optimize for large thread counts by // retrieving stats in the command and accumulating in the main thread. - ModuleManager::accumulate(SnortConfig::get_conf()); + ModuleManager::accumulate(); return true; } @@ -106,7 +106,7 @@ bool ACSwap::execute(Analyzer& analyzer, void** ac_state) { ps->apply(analyzer); - SnortConfig* sc = ps->get_new_conf(); + const SnortConfig* sc = ps->get_new_conf(); if ( sc ) { std::list* reload_tuners; diff --git a/src/main/control_mgmt.cc b/src/main/control_mgmt.cc index fabb4f8d5..4aaf8b789 100644 --- a/src/main/control_mgmt.cc +++ b/src/main/control_mgmt.cc @@ -439,25 +439,27 @@ int ControlMgmt::socket_conn() int ControlMgmt::setup_socket_family() { int family = AF_UNSPEC; - if (SnortConfig::get_conf()->remote_control_port) + const SnortConfig* sc = SnortConfig::get_conf(); + + if (sc->remote_control_port) { memset(&in_addr, 0, sizeof(in_addr)); in_addr.sin_family = AF_INET; in_addr.sin_addr.s_addr = htonl(0x7F000001); - in_addr.sin_port = htons(SnortConfig::get_conf()->remote_control_port); + in_addr.sin_port = htons(sc->remote_control_port); sock_addr = (struct sockaddr*)&in_addr; sock_addr_size = sizeof(in_addr); family = AF_INET; } - else if (!SnortConfig::get_conf()->remote_control_socket.empty()) + else if (!sc->remote_control_socket.empty()) { string fullpath; - const char* path_sep = strrchr(SnortConfig::get_conf()->remote_control_socket.c_str(), '/'); + const char* path_sep = strrchr(sc->remote_control_socket.c_str(), '/'); if (path_sep != nullptr) - fullpath = SnortConfig::get_conf()->remote_control_socket; + fullpath = sc->remote_control_socket; else - get_instance_file(fullpath, SnortConfig::get_conf()->remote_control_socket.c_str()); + get_instance_file(fullpath, sc->remote_control_socket.c_str()); memset(&unix_addr, 0, sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; diff --git a/src/main/modules.cc b/src/main/modules.cc index 8829d7f8c..2241531b7 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -785,8 +785,10 @@ bool OutputModule::set(const char*, Value& v, SnortConfig* sc) sc->tagged_packet_limit = v.get_uint32(); else if ( v.is("verbose") ) - v.update_mask(sc->logging_flags, LOGGING_FLAG__VERBOSE); - + { + if ( v.get_bool() ) + v.update_mask(sc->logging_flags, LOGGING_FLAG__VERBOSE); + } else if ( v.is("wide_hex_dump") ) v.update_mask(sc->output_flags, OUTPUT_FLAG__WIDE_HEX); @@ -1327,8 +1329,10 @@ private: bool ProcessModule::set(const char*, Value& v, SnortConfig* sc) { if ( v.is("daemon") ) - sc->set_daemon(v.get_bool()); - + { + if ( v.get_bool() ) // FIXIT-M fix cmd line vs conf conflicts + sc->set_daemon(true); + } else if ( v.is("chroot") ) sc->set_chroot_dir(v.get_string()); diff --git a/src/main/policy.cc b/src/main/policy.cc index 60821a7a6..a698b25ca 100644 --- a/src/main/policy.cc +++ b/src/main/policy.cc @@ -305,7 +305,7 @@ IpsPolicy* get_ips_policy(const SnortConfig* sc, unsigned i) sc->policy_map->get_ips_policy(i) : nullptr; } -InspectionPolicy* get_default_inspection_policy(SnortConfig* sc) +InspectionPolicy* get_default_inspection_policy(const SnortConfig* sc) { return sc->policy_map->get_inspection_policy(0); } void set_ips_policy(IpsPolicy* p) @@ -314,23 +314,23 @@ void set_ips_policy(IpsPolicy* p) void set_network_policy(NetworkPolicy* p) { s_traffic_policy = p; } -IpsPolicy* get_user_ips_policy(SnortConfig* sc, unsigned policy_id) +IpsPolicy* get_user_ips_policy(const SnortConfig* sc, unsigned policy_id) { return sc->policy_map->get_user_ips(policy_id); } -IpsPolicy* get_empty_ips_policy(SnortConfig* sc) +IpsPolicy* get_empty_ips_policy(const SnortConfig* sc) { return sc->policy_map->get_empty_ips(); } -NetworkPolicy* get_user_network_policy(SnortConfig* sc, unsigned policy_id) +NetworkPolicy* get_user_network_policy(const SnortConfig* sc, unsigned policy_id) { return sc->policy_map->get_user_network(policy_id); } } // namespace snort -void set_network_policy(SnortConfig* sc, unsigned i) +void set_network_policy(const SnortConfig* sc, unsigned i) { PolicyMap* pm = sc->policy_map; @@ -341,7 +341,7 @@ void set_network_policy(SnortConfig* sc, unsigned i) void set_inspection_policy(InspectionPolicy* p) { s_inspection_policy = p; } -void set_inspection_policy(SnortConfig* sc, unsigned i) +void set_inspection_policy(const SnortConfig* sc, unsigned i) { PolicyMap* pm = sc->policy_map; @@ -349,7 +349,7 @@ void set_inspection_policy(SnortConfig* sc, unsigned i) set_inspection_policy(pm->get_inspection_policy(i)); } -void set_ips_policy(SnortConfig* sc, unsigned i) +void set_ips_policy(const SnortConfig* sc, unsigned i) { PolicyMap* pm = sc->policy_map; @@ -357,7 +357,7 @@ void set_ips_policy(SnortConfig* sc, unsigned i) set_ips_policy(pm->get_ips_policy(i)); } -void set_policies(SnortConfig* sc, Shell* sh) +void set_policies(const SnortConfig* sc, Shell* sh) { auto policies = sc->policy_map->get_policies(sh); @@ -371,16 +371,13 @@ void set_policies(SnortConfig* sc, Shell* sh) set_network_policy(policies->network); } -void set_default_policy(SnortConfig* sc) +void set_default_policy(const SnortConfig* sc) { set_network_policy(sc->policy_map->get_network_policy(0)); set_inspection_policy(sc->policy_map->get_inspection_policy(0)); set_ips_policy(sc->policy_map->get_ips_policy(0)); } -void set_default_policy() -{ set_default_policy(SnortConfig::get_conf()); } - bool default_inspection_policy() { if ( !get_inspection_policy() ) diff --git a/src/main/policy.h b/src/main/policy.h index b7269712e..69cd27638 100644 --- a/src/main/policy.h +++ b/src/main/policy.h @@ -88,6 +88,21 @@ struct NetworkPolicy public: NetworkPolicy(PolicyId = 0); + bool checksum_drops(uint16_t codec_cksum_err_flag) + { return (checksum_drop & codec_cksum_err_flag) != 0; } + + bool ip_checksums() + { return (checksum_eval & CHECKSUM_FLAG__IP) != 0; } + + bool udp_checksums() + { return (checksum_eval & CHECKSUM_FLAG__UDP) != 0; } + + bool tcp_checksums() + { return (checksum_eval & CHECKSUM_FLAG__TCP) != 0; } + + bool icmp_checksums() + { return (checksum_eval & CHECKSUM_FLAG__ICMP) != 0; } + public: PolicyId policy_id; uint32_t user_policy_id = 0; @@ -280,24 +295,23 @@ SO_PUBLIC NetworkPolicy* get_network_policy(); SO_PUBLIC InspectionPolicy* get_inspection_policy(); SO_PUBLIC IpsPolicy* get_ips_policy(); SO_PUBLIC IpsPolicy* get_ips_policy(const snort::SnortConfig*, unsigned i = 0); -SO_PUBLIC InspectionPolicy* get_default_inspection_policy(snort::SnortConfig*); -SO_PUBLIC void set_ips_policy(IpsPolicy* p); -SO_PUBLIC void set_network_policy(NetworkPolicy* p); -SO_PUBLIC IpsPolicy* get_user_ips_policy(snort::SnortConfig* sc, unsigned policy_id); -SO_PUBLIC IpsPolicy* get_empty_ips_policy(snort::SnortConfig* sc); -SO_PUBLIC NetworkPolicy* get_user_network_policy(snort::SnortConfig* sc, unsigned policy_id); +SO_PUBLIC InspectionPolicy* get_default_inspection_policy(const snort::SnortConfig*); +SO_PUBLIC void set_ips_policy(IpsPolicy*); +SO_PUBLIC void set_network_policy(NetworkPolicy*); +SO_PUBLIC IpsPolicy* get_user_ips_policy(const snort::SnortConfig*, unsigned policy_id); +SO_PUBLIC IpsPolicy* get_empty_ips_policy(const snort::SnortConfig*); +SO_PUBLIC NetworkPolicy* get_user_network_policy(const snort::SnortConfig*, unsigned policy_id); } -void set_network_policy(snort::SnortConfig*, unsigned = 0); +void set_network_policy(const snort::SnortConfig*, unsigned = 0); void set_inspection_policy(InspectionPolicy*); -void set_inspection_policy(snort::SnortConfig*, unsigned = 0); +void set_inspection_policy(const snort::SnortConfig*, unsigned = 0); -void set_ips_policy(snort::SnortConfig*, unsigned = 0); +void set_ips_policy(const snort::SnortConfig*, unsigned = 0); -void set_policies(snort::SnortConfig*, Shell*); -void set_default_policy(); -void set_default_policy(snort::SnortConfig*); +void set_policies(const snort::SnortConfig*, Shell*); +void set_default_policy(const snort::SnortConfig*); bool default_inspection_policy(); bool only_inspection_policy(); diff --git a/src/main/shell.cc b/src/main/shell.cc index 742f3c0c0..8992b195b 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -253,7 +253,7 @@ bool Shell::configure(SnortConfig* sc, bool is_fatal, bool is_root) if ( !overrides.empty() ) load_string(lua, overrides.c_str()); - if ( SnortConfig::log_verbose() ) + if ( SnortConfig::get_conf()->log_verbose() ) print_whitelist(); load_string(lua, ModuleManager::get_lua_finalize()); diff --git a/src/main/snort.cc b/src/main/snort.cc index acdbb9808..0349a8d5b 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -159,7 +159,7 @@ void Snort::init(int argc, char** argv) PluginManager::load_so_plugins(sc); - if ( snort_cmd_line_conf->logging_flags & LOGGING_FLAG__SHOW_PLUGINS ) + if ( sc->logging_flags & LOGGING_FLAG__SHOW_PLUGINS ) { ModuleManager::dump_modules(); PluginManager::dump_plugins(); @@ -177,7 +177,7 @@ void Snort::init(int argc, char** argv) HighAvailabilityManager::configure(sc->ha_config); - if (SnortConfig::alert_before_pass()) + if (sc->alert_before_pass()) sc->rule_order = "reset block drop alert pass log"; sc->setup(); @@ -188,11 +188,11 @@ void Snort::init(int argc, char** argv) // Must be after CodecManager::instantiate() if ( !InspectorManager::configure(sc) ) ParseError("can't initialize inspectors"); - else if ( SnortConfig::log_verbose() ) + else if ( sc->log_verbose() ) InspectorManager::print_config(sc); // Must be after InspectorManager::configure() - FileService::post_init(); + FileService::post_init(sc); ModuleManager::reset_stats(sc); @@ -256,20 +256,22 @@ void Snort::init(int argc, char** argv) bool Snort::drop_privileges() { - /* Enter the chroot jail if necessary. */ - if (!SnortConfig::get_conf()->chroot_dir.empty() && - !EnterChroot(SnortConfig::get_conf()->chroot_dir, SnortConfig::get_conf()->log_dir)) + SnortConfig* sc = SnortConfig::get_main_conf(); + + // Enter the chroot jail if necessary. + if (!sc->chroot_dir.empty() && !EnterChroot(sc->chroot_dir, sc->log_dir)) return false; - /* Drop privileges if requested. */ - if (SnortConfig::get_uid() != -1 || SnortConfig::get_gid() != -1) + // Drop privileges if requested. + if (sc->get_uid() != -1 || sc->get_gid() != -1) { if (!SFDAQ::can_run_unprivileged()) { - ParseError("Cannot drop privileges - at least one of the configured DAQ modules does not support unprivileged operation.\n"); + ParseError("Cannot drop privileges - " + "at least one of the configured DAQ modules does not support unprivileged operation.\n"); return false; } - if (!SetUidGid(SnortConfig::get_uid(), SnortConfig::get_gid())) + if (!SetUidGid(sc->get_uid(), sc->get_gid())) return false; } @@ -283,7 +285,7 @@ void Snort::do_pidfile() { static bool pid_file_created = false; - if (SnortConfig::create_pid_file() && !pid_file_created) + if (SnortConfig::get_conf()->create_pid_file() && !pid_file_created) { CreatePidFile(snort_main_thread_pid); pid_file_created = true; @@ -308,13 +310,15 @@ void Snort::term() if ( already_exiting ) return; + const SnortConfig* sc = SnortConfig::get_conf(); + already_exiting = true; initializing = false; // just in case we cut out early memory::MemoryCap::print(); term_signals(); - IpsManager::global_term(SnortConfig::get_conf()); + IpsManager::global_term(sc); HostAttributes::cleanup(); #ifdef PIGLET @@ -325,14 +329,14 @@ void Snort::term() ClosePidFile(); /* remove pid file */ - if ( !SnortConfig::get_conf()->pid_filename.empty() ) + if ( !sc->pid_filename.empty() ) { - int ret = unlink(SnortConfig::get_conf()->pid_filename.c_str()); + int ret = unlink(sc->pid_filename.c_str()); if (ret != 0) { ErrorMessage("Could not remove pid file %s: %s\n", - SnortConfig::get_conf()->pid_filename.c_str(), get_error(errno)); + sc->pid_filename.c_str(), get_error(errno)); } } @@ -347,20 +351,12 @@ void Snort::term() TraceApi::thread_term(); /* free allocated memory */ - if (SnortConfig::get_conf() == snort_cmd_line_conf) - { - delete snort_cmd_line_conf; - snort_cmd_line_conf = nullptr; - SnortConfig::set_conf(nullptr); - } - else - { - delete snort_cmd_line_conf; - snort_cmd_line_conf = nullptr; + if (sc != snort_cmd_line_conf) + delete sc; - delete SnortConfig::get_conf(); - SnortConfig::set_conf(nullptr); - } + delete snort_cmd_line_conf; + snort_cmd_line_conf = nullptr; + SnortConfig::set_conf(nullptr); CleanupProtoNames(); HighAvailabilityManager::term(); @@ -402,15 +398,16 @@ void Snort::setup(int argc, char* argv[]) OpenLogger(); init(argc, argv); + const SnortConfig* sc = SnortConfig::get_conf(); - if ( SnortConfig::daemon_mode() ) + if ( sc->daemon_mode() ) daemonize(); // this must follow daemonization snort_main_thread_pid = gettid(); /* Change groups */ - InitGroups(SnortConfig::get_uid(), SnortConfig::get_gid()); + InitGroups(sc->get_uid(), sc->get_gid()); set_quick_exit(false); @@ -428,7 +425,7 @@ void Snort::cleanup() SFDAQ::term(); FileService::close(); - if ( !SnortConfig::test_mode() ) // FIXIT-M ideally the check is in one place + if ( !SnortConfig::get_conf()->test_mode() ) // FIXIT-M ideally the check is in one place PrintStatistics(); CloseLogger(); @@ -482,12 +479,9 @@ SnortConfig* Snort::get_reload_config(const char* fname, const char* plugin_path return nullptr; } - if ( SnortConfig::log_verbose() ) + if ( sc->log_verbose() ) InspectorManager::print_config(sc); - if ((sc->file_mask != 0) && (sc->file_mask != SnortConfig::get_conf()->file_mask)) - umask(sc->file_mask); - // FIXIT-L is this still needed? /* Transfer any user defined rule type outputs to the new rule list */ { @@ -527,7 +521,8 @@ SnortConfig* Snort::get_reload_config(const char* fname, const char* plugin_path return sc; } -SnortConfig* Snort::get_updated_policy(SnortConfig* other_conf, const char* fname, const char* iname) +SnortConfig* Snort::get_updated_policy( + SnortConfig* other_conf, const char* fname, const char* iname) { reloading = true; reset_parse_errors(); diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index fb86664e6..876c1b90d 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -83,8 +83,7 @@ using namespace snort; #define OUTPUT_U2 "unified2" #define OUTPUT_FAST "alert_fast" -SnortConfig* parser_conf = nullptr; -THREAD_LOCAL SnortConfig* snort_conf = nullptr; +static THREAD_LOCAL const SnortConfig* snort_conf = nullptr; uint32_t SnortConfig::warning_flags = 0; @@ -94,20 +93,20 @@ static std::vector scratch_handlers; // private implementation //------------------------------------------------------------------------- -static PolicyMode init_policy_mode(PolicyMode mode) +static PolicyMode init_policy_mode(const SnortConfig* sc, PolicyMode mode) { switch ( mode ) { case POLICY_MODE__PASSIVE: - if ( SnortConfig::adaptor_inline_test_mode() ) + if ( sc->adaptor_inline_test_mode() ) return POLICY_MODE__INLINE_TEST; break; case POLICY_MODE__INLINE: - if ( SnortConfig::adaptor_inline_test_mode() ) + if ( sc->adaptor_inline_test_mode() ) return POLICY_MODE__INLINE_TEST; - else if (!SnortConfig::adaptor_inline_mode()) + else if (!sc->adaptor_inline_mode()) { ParseWarning(WARN_DAQ, "adapter is in passive mode; switching policy mode to tap."); return POLICY_MODE__PASSIVE; @@ -118,7 +117,7 @@ static PolicyMode init_policy_mode(PolicyMode mode) break; case POLICY_MODE__MAX: - if ( SnortConfig::adaptor_inline_mode() ) + if ( sc->adaptor_inline_mode() ) return POLICY_MODE__INLINE; else return POLICY_MODE__PASSIVE; @@ -135,13 +134,13 @@ static void init_policies(SnortConfig* sc) for ( unsigned idx = 0; idx < sc->policy_map->ips_policy_count(); ++idx ) { ips_policy = sc->policy_map->get_ips_policy(idx); - ips_policy->policy_mode = init_policy_mode(ips_policy->policy_mode); + ips_policy->policy_mode = init_policy_mode(sc, ips_policy->policy_mode); } for ( unsigned idx = 0; idx < sc->policy_map->inspection_policy_count(); ++idx ) { inspection_policy = sc->policy_map->get_inspection_policy(idx); - inspection_policy->policy_mode = init_policy_mode(inspection_policy->policy_mode); + inspection_policy->policy_mode = init_policy_mode(sc, inspection_policy->policy_mode); } } @@ -184,10 +183,6 @@ void SnortConfig::init(const SnortConfig* const other_conf, ProtocolReference* p clone(other_conf); policy_map = new PolicyMap(other_conf->policy_map); } - - set_inspection_policy(policy_map->get_inspection_policy()); - set_ips_policy(policy_map->get_ips_policy()); - set_network_policy(policy_map->get_network_policy()); } //------------------------------------------------------------------------- @@ -464,47 +459,48 @@ void SnortConfig::merge(SnortConfig* cmd_line) trace_config->merge_cmd_line(cmd_line->trace_config); } -bool SnortConfig::verify() +bool SnortConfig::verify() const { bool config_ok = false; + const SnortConfig* sc = get_conf(); - if (get_conf()->asn1_mem != asn1_mem) + if ( sc->asn1_mem != asn1_mem ) ReloadError("Changing detection.asn1_mem requires a restart.\n"); - else if ( get_conf()->bpf_filter != bpf_filter ) + else if ( sc->bpf_filter != bpf_filter ) ReloadError("Changing packets.bfp_filter requires a restart.\n"); - else if ( get_conf()->respond_attempts != respond_attempts ) + else if ( sc->respond_attempts != respond_attempts ) ReloadError("Changing active.attempts requires a restart.\n"); - else if ( get_conf()->respond_device != respond_device ) + else if ( sc->respond_device != respond_device ) ReloadError("Changing active.device requires a restart.\n"); - else if (get_conf()->chroot_dir != chroot_dir) + else if (sc->chroot_dir != chroot_dir) ReloadError("Changing process.chroot requires a restart.\n"); - else if ((get_conf()->run_flags & RUN_FLAG__DAEMON) != (run_flags & RUN_FLAG__DAEMON)) + else if ((sc->run_flags & RUN_FLAG__DAEMON) != (run_flags & RUN_FLAG__DAEMON)) ReloadError("Changing process.daemon requires a restart.\n"); - else if (get_conf()->orig_log_dir != orig_log_dir) + else if (sc->orig_log_dir != orig_log_dir) ReloadError("Changing output.logdir requires a restart.\n"); - else if (get_conf()->group_id != group_id) + else if (sc->group_id != group_id) ReloadError("Changing process.setgid requires a restart.\n"); - else if (get_conf()->user_id != user_id) + else if (sc->user_id != user_id) ReloadError("Changing process.setuid requires a restart.\n"); - else if (get_conf()->daq_config->get_mru_size() != daq_config->get_mru_size()) + else if (sc->daq_config->get_mru_size() != daq_config->get_mru_size()) ReloadError("Changing daq.snaplen requires a restart.\n"); - else if (get_conf()->threshold_config->memcap != threshold_config->memcap) + else if (sc->threshold_config->memcap != threshold_config->memcap) ReloadError("Changing alerts.event_filter_memcap requires a restart.\n"); - else if (get_conf()->rate_filter_config->memcap != rate_filter_config->memcap) + else if (sc->rate_filter_config->memcap != rate_filter_config->memcap) ReloadError("Changing alerts.rate_filter_memcap requires a restart.\n"); - else if (get_conf()->detection_filter_config->memcap != detection_filter_config->memcap) + else if (sc->detection_filter_config->memcap != detection_filter_config->memcap) ReloadError("Changing alerts.detection_filter_memcap requires a restart.\n"); else @@ -924,12 +920,28 @@ void SnortConfig::enable_syslog() syslog_configured = true; } -bool SnortConfig::tunnel_bypass_enabled(uint16_t proto) +bool SnortConfig::get_default_rule_state() const { - return (!((get_conf()->tunnel_mask & proto) or SFDAQ::get_tunnel_bypass(proto))); + switch ( get_ips_policy()->default_rule_state ) + { + case IpsPolicy::INHERIT_ENABLE: + return global_default_rule_state; + + case IpsPolicy::ENABLED: + return true; + + case IpsPolicy::DISABLED: + return false; + } + return true; } -SO_PUBLIC int SnortConfig::request_scratch(ScratchAllocator* s) +bool SnortConfig::tunnel_bypass_enabled(uint16_t proto) const +{ + return !((tunnel_mask & proto) or SFDAQ::get_tunnel_bypass(proto)); +} + +int SnortConfig::request_scratch(ScratchAllocator* s) { scratch_handlers.emplace_back(s); @@ -938,22 +950,19 @@ SO_PUBLIC int SnortConfig::request_scratch(ScratchAllocator* s) return scratch_handlers.size() - 1; } -SO_PUBLIC void SnortConfig::release_scratch(int id) +void SnortConfig::release_scratch(int id) { assert((unsigned)id < scratch_handlers.size()); scratch_handlers[id] = nullptr; } -SO_PUBLIC SnortConfig* SnortConfig::get_parser_conf() -{ return parser_conf; } - -void SnortConfig::set_parser_conf(SnortConfig* sc) -{ parser_conf = sc; } +SnortConfig* SnortConfig::get_main_conf() +{ return const_cast(snort_conf); } -SO_PUBLIC SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } -void SnortConfig::set_conf(SnortConfig* sc) +void SnortConfig::set_conf(const SnortConfig* sc) { snort_conf = sc; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index f58c5d72a..5faf5edef 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -195,7 +195,7 @@ public: void setup(); void post_setup(); - bool verify(); + bool verify() const; void merge(SnortConfig*); void clone(const SnortConfig* const); @@ -474,250 +474,193 @@ public: void set_verbose(bool); //------------------------------------------------------ - // Static convenience accessor methods + // accessor methods - static long int get_mpls_stack_depth() - { return get_conf()->mpls_stack_depth; } + long int get_mpls_stack_depth() const + { return mpls_stack_depth; } - static long int get_mpls_payload_type() - { return get_conf()->mpls_payload_type; } + long int get_mpls_payload_type() const + { return mpls_payload_type; } - static bool mpls_overlapping_ip() - { return get_conf()->run_flags & RUN_FLAG__MPLS_OVERLAPPING_IP; } + bool mpls_overlapping_ip() const + { return run_flags & RUN_FLAG__MPLS_OVERLAPPING_IP; } - static bool mpls_multicast() - { return get_conf()->run_flags & RUN_FLAG__MPLS_MULTICAST; } + bool mpls_multicast() const + { return run_flags & RUN_FLAG__MPLS_MULTICAST; } - static bool esp_decoding() - { return get_conf()->enable_esp; } + bool esp_decoding() const + { return enable_esp; } - static bool is_address_anomaly_check_enabled() - { return get_conf()->address_anomaly_check_enabled; } + bool is_address_anomaly_check_enabled() const + { return address_anomaly_check_enabled; } // mode related - static bool dump_msg_map() - { return get_conf()->run_flags & RUN_FLAG__DUMP_MSG_MAP; } + bool dump_msg_map() const + { return run_flags & RUN_FLAG__DUMP_MSG_MAP; } - static bool dump_rule_meta() - { return get_conf()->run_flags & RUN_FLAG__DUMP_RULE_META; } + bool dump_rule_meta() const + { return run_flags & RUN_FLAG__DUMP_RULE_META; } - static bool dump_rule_state() - { return get_conf()->run_flags & RUN_FLAG__DUMP_RULE_STATE; } + bool dump_rule_state() const + { return run_flags & RUN_FLAG__DUMP_RULE_STATE; } - static bool dump_rule_deps() - { return get_conf()->run_flags & RUN_FLAG__DUMP_RULE_DEPS; } + bool dump_rule_deps() const + { return run_flags & RUN_FLAG__DUMP_RULE_DEPS; } - static bool dump_rule_info() - { - const SnortConfig* sc = get_conf(); - return sc->dump_msg_map() or sc->dump_rule_meta() or - sc->dump_rule_deps() or sc->dump_rule_state(); - } + bool dump_rule_info() const + { return dump_msg_map() or dump_rule_meta() or dump_rule_deps() or dump_rule_state(); } - static bool test_mode() - { return get_conf()->run_flags & RUN_FLAG__TEST; } + bool test_mode() const + { return run_flags & RUN_FLAG__TEST; } - static bool mem_check() - { return get_conf()->run_flags & RUN_FLAG__MEM_CHECK; } + bool mem_check() const + { return run_flags & RUN_FLAG__MEM_CHECK; } - static bool daemon_mode() - { return get_conf()->run_flags & RUN_FLAG__DAEMON; } + bool daemon_mode() const + { return run_flags & RUN_FLAG__DAEMON; } - static bool read_mode() - { return get_conf()->run_flags & RUN_FLAG__READ; } + bool read_mode() const + { return run_flags & RUN_FLAG__READ; } - static bool inline_mode() - { return snort::get_ips_policy()->policy_mode == POLICY_MODE__INLINE; } + bool inline_mode() const + { return get_ips_policy()->policy_mode == POLICY_MODE__INLINE; } - static bool inline_test_mode() - { return snort::get_ips_policy()->policy_mode == POLICY_MODE__INLINE_TEST; } + bool inline_test_mode() const + { return get_ips_policy()->policy_mode == POLICY_MODE__INLINE_TEST; } - static bool show_file_codes() - { return get_conf()->run_flags & RUN_FLAG__SHOW_FILE_CODES; } + bool show_file_codes() const + { return run_flags & RUN_FLAG__SHOW_FILE_CODES; } - static bool adaptor_inline_mode() - { return get_conf()->run_flags & RUN_FLAG__INLINE; } + bool adaptor_inline_mode() const + { return run_flags & RUN_FLAG__INLINE; } - static bool adaptor_inline_test_mode() - { return get_conf()->run_flags & RUN_FLAG__INLINE_TEST; } + bool adaptor_inline_test_mode() const + { return run_flags & RUN_FLAG__INLINE_TEST; } // logging stuff - static bool log_syslog() - { return get_conf()->logging_flags & LOGGING_FLAG__SYSLOG; } + bool log_syslog() const + { return logging_flags & LOGGING_FLAG__SYSLOG; } - static bool log_verbose() - { return get_conf()->logging_flags & LOGGING_FLAG__VERBOSE; } + bool log_verbose() const + { return logging_flags & LOGGING_FLAG__VERBOSE; } - static bool log_quiet() - { return get_conf()->logging_flags & LOGGING_FLAG__QUIET; } + bool log_quiet() const + { return logging_flags & LOGGING_FLAG__QUIET; } // event stuff - static uint32_t get_event_log_id() - { return get_conf()->event_log_id; } + uint32_t get_event_log_id() const + { return event_log_id; } - static bool process_all_events() - { return get_conf()->event_queue_config->process_all_events; } + bool process_all_events() const + { return event_queue_config->process_all_events; } - static int get_eval_index(Actions::Type type) - { return get_conf()->evalOrder[type]; } - - static bool get_default_rule_state() - { - switch ( get_ips_policy()->default_rule_state ) - { - case IpsPolicy::INHERIT_ENABLE: - return get_conf()->global_default_rule_state; - - case IpsPolicy::ENABLED: - return true; - - case IpsPolicy::DISABLED: - return false; - } - return true; - } - - SO_PUBLIC static bool tunnel_bypass_enabled(uint16_t proto); - - // checksum stuff - static bool checksum_drop(uint16_t codec_cksum_err_flag) - { return snort::get_network_policy()->checksum_drop & codec_cksum_err_flag; } - - static bool ip_checksums() - { return snort::get_network_policy()->checksum_eval & CHECKSUM_FLAG__IP; } - - static bool ip_checksum_drops() - { return snort::get_network_policy()->checksum_drop & CHECKSUM_FLAG__IP; } - - static bool udp_checksums() - { return snort::get_network_policy()->checksum_eval & CHECKSUM_FLAG__UDP; } - - static bool udp_checksum_drops() - { return snort::get_network_policy()->checksum_drop & CHECKSUM_FLAG__UDP; } - - static bool tcp_checksums() - { return snort::get_network_policy()->checksum_eval & CHECKSUM_FLAG__TCP; } - - static bool tcp_checksum_drops() - { return snort::get_network_policy()->checksum_drop & CHECKSUM_FLAG__TCP; } - - static bool icmp_checksums() - { return snort::get_network_policy()->checksum_eval & CHECKSUM_FLAG__ICMP; } - - static bool icmp_checksum_drops() - { return snort::get_network_policy()->checksum_drop & CHECKSUM_FLAG__ICMP; } + int get_eval_index(Actions::Type type) const + { return evalOrder[type]; } // output stuff - static bool output_include_year() - { return get_conf()->output_flags & OUTPUT_FLAG__INCLUDE_YEAR; } + bool output_include_year() const + { return output_flags & OUTPUT_FLAG__INCLUDE_YEAR; } - static bool output_use_utc() - { return get_conf()->output_flags & OUTPUT_FLAG__USE_UTC; } + bool output_use_utc() const + { return output_flags & OUTPUT_FLAG__USE_UTC; } - static bool output_datalink() - { return get_conf()->output_flags & OUTPUT_FLAG__SHOW_DATA_LINK; } + bool output_datalink() const + { return output_flags & OUTPUT_FLAG__SHOW_DATA_LINK; } - static bool verbose_byte_dump() - { return get_conf()->output_flags & OUTPUT_FLAG__VERBOSE_DUMP; } + bool verbose_byte_dump() const + { return output_flags & OUTPUT_FLAG__VERBOSE_DUMP; } - static bool obfuscate() - { return get_conf()->output_flags & OUTPUT_FLAG__OBFUSCATE; } + bool obfuscate() const + { return output_flags & OUTPUT_FLAG__OBFUSCATE; } - static bool output_app_data() - { return get_conf()->output_flags & OUTPUT_FLAG__APP_DATA; } + bool output_app_data() const + { return output_flags & OUTPUT_FLAG__APP_DATA; } - static bool output_char_data() - { return get_conf()->output_flags & OUTPUT_FLAG__CHAR_DATA; } + bool output_char_data() const + { return output_flags & OUTPUT_FLAG__CHAR_DATA; } - static bool alert_interface() - { return get_conf()->output_flags & OUTPUT_FLAG__ALERT_IFACE; } + bool alert_interface() const + { return output_flags & OUTPUT_FLAG__ALERT_IFACE; } - static bool output_no_timestamp() - { return get_conf()->output_flags & OUTPUT_FLAG__NO_TIMESTAMP; } + bool output_no_timestamp() const + { return output_flags & OUTPUT_FLAG__NO_TIMESTAMP; } - static bool line_buffered_logging() - { return get_conf()->output_flags & OUTPUT_FLAG__LINE_BUFFER; } + bool line_buffered_logging() const + { return output_flags & OUTPUT_FLAG__LINE_BUFFER; } - static bool output_wide_hex() - { return get_conf()->output_flags & OUTPUT_FLAG__WIDE_HEX; } + bool output_wide_hex() const + { return output_flags & OUTPUT_FLAG__WIDE_HEX; } - static bool alert_refs() - { return get_conf()->output_flags & OUTPUT_FLAG__ALERT_REFS; } + bool alert_refs() const + { return output_flags & OUTPUT_FLAG__ALERT_REFS; } // run flags - static bool no_lock_pid_file() - { return get_conf()->run_flags & RUN_FLAG__NO_LOCK_PID_FILE; } + bool no_lock_pid_file() const + { return run_flags & RUN_FLAG__NO_LOCK_PID_FILE; } - static bool create_pid_file() - { return get_conf()->run_flags & RUN_FLAG__CREATE_PID_FILE; } + bool create_pid_file() const + { return run_flags & RUN_FLAG__CREATE_PID_FILE; } - static bool pcap_show() - { return get_conf()->run_flags & RUN_FLAG__PCAP_SHOW; } + bool pcap_show() const + { return run_flags & RUN_FLAG__PCAP_SHOW; } - static bool treat_drop_as_alert() - { return get_conf()->run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT; } + bool treat_drop_as_alert() const + { return run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT; } - static bool treat_drop_as_ignore() - { return get_conf()->run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE; } + bool treat_drop_as_ignore() const + { return run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE; } - static bool alert_before_pass() - { return get_conf()->run_flags & RUN_FLAG__ALERT_BEFORE_PASS; } + bool alert_before_pass() const + { return run_flags & RUN_FLAG__ALERT_BEFORE_PASS; } - static bool no_pcre() - { return get_conf()->run_flags & RUN_FLAG__NO_PCRE; } + bool no_pcre() const + { return run_flags & RUN_FLAG__NO_PCRE; } - static bool conf_error_out() - { return get_conf()->run_flags & RUN_FLAG__CONF_ERROR_OUT; } + bool conf_error_out() const + { return run_flags & RUN_FLAG__CONF_ERROR_OUT; } - static bool assure_established() - { return get_conf()->run_flags & RUN_FLAG__ASSURE_EST; } - - // FIXIT-L snort_conf needed for static hash before initialized - static bool static_hash() - { return get_conf() && get_conf()->run_flags & RUN_FLAG__STATIC_HASH; } + bool assure_established() const + { return run_flags & RUN_FLAG__ASSURE_EST; } // other stuff - static uint8_t min_ttl() - { return snort::get_network_policy()->min_ttl; } + uint8_t min_ttl() const + { return get_network_policy()->min_ttl; } - static uint8_t new_ttl() - { return snort::get_network_policy()->new_ttl; } + uint8_t new_ttl() const + { return get_network_policy()->new_ttl; } - static long int get_pcre_match_limit() - { return get_conf()->pcre_match_limit; } + long int get_pcre_match_limit() const + { return pcre_match_limit; } - static long int get_pcre_match_limit_recursion() - { return get_conf()->pcre_match_limit_recursion; } + long int get_pcre_match_limit_recursion() const + { return pcre_match_limit_recursion; } - static const ProfilerConfig* get_profiler() - { return get_conf()->profiler; } + const ProfilerConfig* get_profiler() const + { return profiler; } - static long int get_tagged_packet_limit() - { return get_conf()->tagged_packet_limit; } + long int get_tagged_packet_limit() const + { return tagged_packet_limit; } - static uint32_t get_max_attribute_hosts() - { return get_conf()->max_attribute_hosts; } + uint32_t get_max_attribute_hosts() const + { return max_attribute_hosts; } - static uint32_t get_max_services_per_host() - { return get_conf()->max_attribute_services_per_host; } + uint32_t get_max_services_per_host() const + { return max_attribute_services_per_host; } - static int get_uid() - { return get_conf()->user_id; } + int get_uid() const + { return user_id; } - static int get_gid() - { return get_conf()->group_id; } + int get_gid() const + { return group_id; } - static bool get_vlan_agnostic() - { return get_conf()->vlan_agnostic; } + bool get_vlan_agnostic() const + { return vlan_agnostic; } - static bool address_space_agnostic() - { return get_conf()->addressspace_agnostic; } + bool address_space_agnostic() const + { return addressspace_agnostic; } - static bool change_privileges() - { - return get_conf()->user_id != -1 || get_conf()->group_id != -1 || - !get_conf()->chroot_dir.empty(); - } + bool change_privileges() const + { return user_id != -1 || group_id != -1 || !chroot_dir.empty(); } bool track_on_syn() const { return (run_flags & RUN_FLAG__TRACK_ON_SYN) != 0; } @@ -731,26 +674,36 @@ public: void set_run_flags(RunFlag flag) { run_flags |= flag; } + const std::list& get_reload_resource_tuners() const + { return reload_tuners; } + + void clear_reload_resource_tuner_list() + { reload_tuners.clear(); } + + bool get_default_rule_state() const; + + SO_PUBLIC bool tunnel_bypass_enabled(uint16_t proto) const; + + // FIXIT-L snort_conf needed for static hash before initialized + static bool static_hash() + { return get_conf() && get_conf()->run_flags & RUN_FLAG__STATIC_HASH; } + // This requests an entry in the scratch space vector and calls setup / // cleanup as appropriate SO_PUBLIC static int request_scratch(ScratchAllocator*); SO_PUBLIC static void release_scratch(int); - // Use this to access current thread's conf from other units - static void set_conf(SnortConfig*); - static void set_parser_conf(SnortConfig*); + // runtime access to const config - especially for packet threads + // prefer access via packet->context->conf + SO_PUBLIC static const SnortConfig* get_conf(); - SO_PUBLIC static SnortConfig* get_conf(); - SO_PUBLIC static SnortConfig* get_parser_conf(); // main thread only! + // runtime access to mutable config - main thread only, and only special cases + SO_PUBLIC static SnortConfig* get_main_conf(); SO_PUBLIC void register_reload_resource_tuner(ReloadResourceTuner& rrt) { reload_tuners.push_back(&rrt); } - const std::list& get_reload_resource_tuners() const - { return reload_tuners; } - - void clear_reload_resource_tuner_list() - { reload_tuners.clear(); } + static void set_conf(const SnortConfig*); }; } diff --git a/src/main/swapper.cc b/src/main/swapper.cc index 0bd66a70e..cdbe3469b 100644 --- a/src/main/swapper.cc +++ b/src/main/swapper.cc @@ -42,7 +42,7 @@ Swapper::Swapper(SnortConfig* s, HostAttributesTable* t) new_attribs = t; } -Swapper::Swapper(SnortConfig* sold, SnortConfig* snew) +Swapper::Swapper(const SnortConfig* sold, SnortConfig* snew) { old_conf = sold; new_conf = snew; @@ -51,7 +51,9 @@ Swapper::Swapper(SnortConfig* sold, SnortConfig* snew) new_attribs = nullptr; } -Swapper::Swapper(SnortConfig* sold, SnortConfig* snew, HostAttributesTable* told, HostAttributesTable* tnew) +Swapper::Swapper( + const SnortConfig* sold, SnortConfig* snew, + HostAttributesTable* told, HostAttributesTable* tnew) { old_conf = sold; new_conf = snew; diff --git a/src/main/swapper.h b/src/main/swapper.h index a91d98fa2..bc222d07c 100644 --- a/src/main/swapper.h +++ b/src/main/swapper.h @@ -34,8 +34,11 @@ class Swapper { public: Swapper(snort::SnortConfig*, HostAttributesTable*); - Swapper(snort::SnortConfig*, snort::SnortConfig*); - Swapper(snort::SnortConfig*, snort::SnortConfig*, HostAttributesTable*, HostAttributesTable*); + Swapper(const snort::SnortConfig* sold, snort::SnortConfig* snew); + + Swapper(const snort::SnortConfig* sold, snort::SnortConfig* snew, + HostAttributesTable*, HostAttributesTable*); + Swapper(HostAttributesTable*, HostAttributesTable*); ~Swapper(); @@ -46,7 +49,7 @@ public: static void set_reload_in_progress(bool rip) { reload_in_progress = rip; } private: - snort::SnortConfig* old_conf; + const snort::SnortConfig* old_conf; snort::SnortConfig* new_conf; HostAttributesTable* old_attribs; diff --git a/src/main/thread.cc b/src/main/thread.cc index 37ae19cfb..d4ff0f838 100644 --- a/src/main/thread.cc +++ b/src/main/thread.cc @@ -72,29 +72,30 @@ SThreadType get_thread_type() const char* get_instance_file(std::string& file, const char* name) { + const SnortConfig* sc = SnortConfig::get_conf(); + bool sep = false; - file = !SnortConfig::get_conf()->log_dir.empty() ? - SnortConfig::get_conf()->log_dir : "./"; + file = !sc->log_dir.empty() ? sc->log_dir : "./"; if ( file.back() != '/' ) file += '/'; - if ( !SnortConfig::get_conf()->run_prefix.empty() ) + if ( !sc->run_prefix.empty() ) { - file += SnortConfig::get_conf()->run_prefix; + file += sc->run_prefix; sep = true; } - if ( (ThreadConfig::get_instance_max() > 1) || SnortConfig::get_conf()->id_zero ) + if ( (ThreadConfig::get_instance_max() > 1) || sc->id_zero ) { char id[8]; snprintf(id, sizeof(id), "%u", - get_instance_id() + SnortConfig::get_conf()->id_offset); + get_instance_id() + sc->id_offset); file += id; sep = true; } - if ( SnortConfig::get_conf()->id_subdir ) + if ( sc->id_subdir ) { file += '/'; struct stat s; diff --git a/src/managers/action_manager.cc b/src/managers/action_manager.cc index 18ffc445c..c85d87cb9 100644 --- a/src/managers/action_manager.cc +++ b/src/managers/action_manager.cc @@ -188,7 +188,7 @@ static ActionClass& get_thread_local_action_class(const ActionApi* api) return s_tl_actors->back(); } -void ActionManager::thread_init(SnortConfig* sc) +void ActionManager::thread_init(const SnortConfig* sc) { // Initial build out of this thread's configured plugin registry s_tl_actors = new ACList; @@ -201,7 +201,7 @@ void ActionManager::thread_init(SnortConfig* sc) } } -void ActionManager::thread_reinit(SnortConfig* sc) +void ActionManager::thread_reinit(const SnortConfig* sc) { // Update this thread's configured plugin registry with any newly configured inspectors for ( auto& p : sc->ips_actions_config->clist ) @@ -217,7 +217,7 @@ void ActionManager::thread_reinit(SnortConfig* sc) Active::thread_init(sc); } -void ActionManager::thread_term(SnortConfig*) +void ActionManager::thread_term() { if (s_tl_actors) { diff --git a/src/managers/action_manager.h b/src/managers/action_manager.h index 21ebce884..bfb95fad5 100644 --- a/src/managers/action_manager.h +++ b/src/managers/action_manager.h @@ -68,9 +68,9 @@ public: static void instantiate(const snort::ActionApi*, snort::Module*, snort::SnortConfig*); - static void thread_init(snort::SnortConfig*); - static void thread_reinit(snort::SnortConfig*); - static void thread_term(snort::SnortConfig*); + static void thread_init(const snort::SnortConfig*); + static void thread_reinit(const snort::SnortConfig*); + static void thread_term(); #ifdef PIGLET static IpsActionWrapper* instantiate(const char*, snort::Module*); diff --git a/src/managers/codec_manager.cc b/src/managers/codec_manager.cc index 44926a09d..c03111442 100644 --- a/src/managers/codec_manager.cc +++ b/src/managers/codec_manager.cc @@ -190,7 +190,7 @@ void CodecManager::instantiate() instantiate(wrap, nullptr, nullptr); } -void CodecManager::thread_init(SnortConfig* sc) +void CodecManager::thread_init(const SnortConfig* sc) { max_layers = sc->num_layers; diff --git a/src/managers/codec_manager.h b/src/managers/codec_manager.h index d62871d42..17a16452a 100644 --- a/src/managers/codec_manager.h +++ b/src/managers/codec_manager.h @@ -81,7 +81,7 @@ public: // destroy all global codec related information static void release_plugins(); // initialize the current threads DLT and Packet struct - static void thread_init(snort::SnortConfig*); + static void thread_init(const snort::SnortConfig*); // destroy thread_local data static void thread_term(); // print all of the codec plugins diff --git a/src/managers/event_manager.cc b/src/managers/event_manager.cc index 0aee3cdd4..cea97932d 100644 --- a/src/managers/event_manager.cc +++ b/src/managers/event_manager.cc @@ -156,7 +156,7 @@ void EventManager::copy_outputs(OutputSet* dst, OutputSet* src) // configuration void EventManager::instantiate( - Output* p, Module* mod, SnortConfig* sc) + Output* p, Module* mod, SnortConfig*) { bool enabled = false; @@ -169,7 +169,7 @@ void EventManager::instantiate( if ( !enabled ) return; - p->handler = p->api->ctor(sc, mod); + p->handler = p->api->ctor(mod); assert(p->handler); p->handler->set_api(p->api); @@ -271,13 +271,13 @@ static const LogApi* find_api(const char* name) return nullptr; } -LoggerWrapper* EventManager::instantiate(const char* name, Module* m, SnortConfig* sc) +LoggerWrapper* EventManager::instantiate(const char* name, Module* m, SnortConfig*) { auto api = find_api(name); if ( !api || !api->ctor ) return nullptr; - auto p = api->ctor(sc, m); + auto p = api->ctor(m); if ( !p ) return nullptr; diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 45f5c51aa..cbf257ede 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -37,6 +37,7 @@ #include "main/snort.h" #include "main/snort_config.h" #include "main/thread_config.h" +#include "search_engines/search_tool.h" #include "protocols/packet.h" #include "target_based/snort_protocols.h" @@ -556,14 +557,16 @@ bool InspectorManager::inspector_exists_in_any_policy(const char* key, SnortConf } // FIXIT-P cache get_inspector() returns or provide indexed lookup -Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, SnortConfig* sc) +Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, const SnortConfig* sc) { InspectionPolicy* pi; - if (dflt_only && (sc != nullptr)) + if ( dflt_only ) + { + if ( !sc ) + sc = SnortConfig::get_conf(); pi = get_default_inspection_policy(sc); - else if (dflt_only) - pi = get_default_inspection_policy(SnortConfig::get_conf()); + } else pi = get_inspection_policy(); @@ -685,7 +688,7 @@ static PHGlobal& get_thread_local_plugin(const InspectApi& api) return s_tl_handlers->back(); } -void InspectorManager::thread_init(SnortConfig* sc) +void InspectorManager::thread_init(const SnortConfig* sc) { Inspector::slot = get_instance_id(); @@ -700,7 +703,7 @@ void InspectorManager::thread_init(SnortConfig* sc) } // pin->tinit() only called for default policy - set_default_policy(); + set_default_policy(sc); InspectionPolicy* pi = get_inspection_policy(); if ( pi && pi->framework_policy ) @@ -717,7 +720,7 @@ void InspectorManager::thread_init(SnortConfig* sc) } } -void InspectorManager::thread_reinit(SnortConfig* sc) +void InspectorManager::thread_reinit(const SnortConfig* sc) { // Update this thread's configured plugin registry with any newly configured inspectors for ( auto* p : sc->framework_config->clist ) @@ -749,14 +752,14 @@ void InspectorManager::thread_reinit(SnortConfig* sc) } } -void InspectorManager::thread_stop(SnortConfig*) +void InspectorManager::thread_stop(const SnortConfig* sc) { // If thread_init() was never called, we have nothing to do. if ( !s_tl_handlers ) return; // pin->tterm() only called for default policy - set_default_policy(); + set_default_policy(sc); InspectionPolicy* pi = get_inspection_policy(); // FIXIT-RC Any inspectors that were once configured/instantiated but @@ -777,7 +780,7 @@ void InspectorManager::thread_stop(SnortConfig*) } } -void InspectorManager::thread_term(SnortConfig*) +void InspectorManager::thread_term() { // If thread_init() was never called, we have nothing to do. if ( !s_tl_handlers ) @@ -969,6 +972,8 @@ bool InspectorManager::configure(SnortConfig* sc, bool cloned) } bool ok = true; + SearchTool::set_conf(sc); + for ( unsigned idx = 0; idx < sc->policy_map->inspection_policy_count(); ++idx ) { if ( cloned and idx ) @@ -981,6 +986,7 @@ bool InspectorManager::configure(SnortConfig* sc, bool cloned) } set_inspection_policy(sc); + SearchTool::set_conf(nullptr); return ok; } @@ -1110,7 +1116,7 @@ void InspectorManager::execute(Packet* p) if ( p->disable_inspect ) return; - SnortConfig* sc = SnortConfig::get_conf(); + const SnortConfig* sc = p->context->conf; FrameworkPolicy* fp_dft = get_default_inspection_policy(sc)->framework_policy; if ( !p->flow ) @@ -1149,7 +1155,7 @@ void InspectorManager::execute(Packet* p) void InspectorManager::probe(Packet* p) { - InspectionPolicy* policy = SnortConfig::get_conf()->policy_map->get_inspection_policy(0); + InspectionPolicy* policy = p->context->conf->policy_map->get_inspection_policy(0); FrameworkPolicy* fp = policy->framework_policy; ::execute(p, fp->probe.vec, fp->probe.num); } diff --git a/src/managers/inspector_manager.h b/src/managers/inspector_manager.h index e71850039..ffd9bb46c 100644 --- a/src/managers/inspector_manager.h +++ b/src/managers/inspector_manager.h @@ -56,12 +56,13 @@ public: static void instantiate( const InspectApi*, Module*, SnortConfig*, const char* name = nullptr); - static bool delete_inspector(SnortConfig* sc, const char* iname); + static bool delete_inspector(SnortConfig*, const char* iname); static void free_inspector(Inspector*); static InspectSsnFunc get_session(uint16_t proto); - SO_PUBLIC static Inspector* get_inspector(const char* key, bool dflt_only = false, - SnortConfig* sc = nullptr); + SO_PUBLIC static Inspector* get_inspector( + const char* key, bool dflt_only = false, const SnortConfig* = nullptr); + SO_PUBLIC static Inspector* get_inspector_by_service(const char*); SO_PUBLIC static Binder* get_binder(); @@ -72,10 +73,11 @@ public: static bool configure(SnortConfig*, bool cloned = false); static void print_config(SnortConfig*); - static void thread_init(SnortConfig*); - static void thread_reinit(SnortConfig*); - static void thread_stop(SnortConfig*); - static void thread_term(SnortConfig*); + static void thread_init(const SnortConfig*); + static void thread_reinit(const SnortConfig*); + + static void thread_stop(const SnortConfig*); + static void thread_term(); static void release_policy(FrameworkPolicy*); static void dispatch_meta(FrameworkPolicy*, int type, const uint8_t* data); diff --git a/src/managers/ips_manager.cc b/src/managers/ips_manager.cc index 321b9deaf..494132d81 100644 --- a/src/managers/ips_manager.cc +++ b/src/managers/ips_manager.cc @@ -331,11 +331,11 @@ bool IpsManager::option_end( //------------------------------------------------------------------------- -void IpsManager::global_init(SnortConfig*) +void IpsManager::global_init(const SnortConfig*) { } -void IpsManager::global_term(SnortConfig* sc) +void IpsManager::global_term(const SnortConfig* sc) { for ( auto& p : s_options ) if ( p.second->init && p.second->api->pterm ) @@ -354,18 +354,18 @@ void IpsManager::reset_options() IpsOption::set_buffer("pkt_data"); } -void IpsManager::setup_options() +void IpsManager::setup_options(const SnortConfig* sc) { for ( auto& p : s_options ) if ( p.second->init && p.second->api->tinit ) - p.second->api->tinit(SnortConfig::get_conf()); + p.second->api->tinit(sc); } -void IpsManager::clear_options() +void IpsManager::clear_options(const SnortConfig* sc) { for ( auto& p : s_options ) if ( p.second->init && p.second->api->tterm ) - p.second->api->tterm(SnortConfig::get_conf()); + p.second->api->tterm(sc); } bool IpsManager::verify(SnortConfig* sc) diff --git a/src/managers/ips_manager.h b/src/managers/ips_manager.h index 54a665c52..f00ab2501 100644 --- a/src/managers/ips_manager.h +++ b/src/managers/ips_manager.h @@ -60,19 +60,25 @@ public: static void dump_plugins(); static void release_plugins(); static void instantiate(const snort::IpsApi*, snort::Module*, snort::SnortConfig*); + static bool option_begin(snort::SnortConfig*, const char* key, SnortProtocolId); static bool option_set( snort::SnortConfig*, const char* key, const char* opt, const char* val); static bool option_end( snort::SnortConfig*, OptTreeNode*, SnortProtocolId, const char* key, snort::RuleOptType&); + static void delete_option(snort::IpsOption*); static const char* get_option_keyword(); + SO_PUBLIC static const snort::IpsApi* get_option_api(const char* keyword); - static void global_init(snort::SnortConfig*); - static void global_term(snort::SnortConfig*); + + static void global_init(const snort::SnortConfig*); + static void global_term(const snort::SnortConfig*); + static void reset_options(); - static void setup_options(); - static void clear_options(); + static void setup_options(const snort::SnortConfig*); + static void clear_options(const snort::SnortConfig*); + static bool verify(snort::SnortConfig*); #ifdef PIGLET diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 85540579e..93d63a800 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -1357,7 +1357,7 @@ void ModuleManager::load_rules(SnortConfig* sc) } } -void ModuleManager::dump_stats(SnortConfig*, const char* skip, bool dynamic) +void ModuleManager::dump_stats(const char* skip, bool dynamic) { auto mod_hooks = get_all_modhooks(); mod_hooks.sort(comp_mods); @@ -1375,7 +1375,7 @@ void ModuleManager::dump_stats(SnortConfig*, const char* skip, bool dynamic) } } -void ModuleManager::accumulate(SnortConfig*) +void ModuleManager::accumulate() { auto mod_hooks = get_all_modhooks(); diff --git a/src/managers/module_manager.h b/src/managers/module_manager.h index c522d92c4..5bf4657fd 100644 --- a/src/managers/module_manager.h +++ b/src/managers/module_manager.h @@ -83,9 +83,9 @@ public: static void reset_errors(); static unsigned get_errors(); - static void dump_stats(SnortConfig*, const char* skip = nullptr, bool dynamic = false); + static void dump_stats(const char* skip = nullptr, bool dynamic = false); - static void accumulate(SnortConfig*); + static void accumulate(); static void accumulate_offload(const char* name); static void reset_stats(SnortConfig*); diff --git a/src/managers/mpse_manager.cc b/src/managers/mpse_manager.cc index d9928dbfd..9cb739a64 100644 --- a/src/managers/mpse_manager.cc +++ b/src/managers/mpse_manager.cc @@ -89,7 +89,7 @@ const MpseApi* MpseManager::get_search_api(const char* name) } Mpse* MpseManager::get_search_engine( - SnortConfig* sc, const MpseApi* api, const MpseAgent* agent) + const SnortConfig* sc, const MpseApi* api, const MpseAgent* agent) { Module* mod = ModuleManager::get_module(api->base.name); Mpse* eng = api->ctor(sc, mod, agent); @@ -97,31 +97,6 @@ Mpse* MpseManager::get_search_engine( return eng; } -Mpse* MpseManager::get_search_engine(const char* type) -{ - SnortConfig* sc = SnortConfig::get_conf(); - - if ( !type and sc->fast_pattern_config ) - type = sc->fast_pattern_config->get_search_method(); - - if ( !type ) - type = "ac_bnfa"; - - const MpseApi* api = get_search_api(type); - - if ( !api ) - return nullptr; - - Module* mod = ModuleManager::get_module(api->base.name); - Mpse* eng = api->ctor(nullptr, mod, nullptr); - eng->set_api(api); - - if ( sc->fast_pattern_config and sc->fast_pattern_config->get_search_opt() ) - eng->set_opt(1); - - return eng; -} - void MpseManager::delete_search_engine(Mpse* eng) { const MpseApi* api = eng->get_api(); diff --git a/src/managers/mpse_manager.h b/src/managers/mpse_manager.h index 0a04cd2b8..0e721ffbb 100644 --- a/src/managers/mpse_manager.h +++ b/src/managers/mpse_manager.h @@ -67,9 +67,8 @@ public: static const snort::MpseApi* get_search_api(const char* type); static void delete_search_engine(snort::Mpse*); - static snort::Mpse* get_search_engine(const char*); static snort::Mpse* get_search_engine( - snort::SnortConfig* sc,const snort::MpseApi* api, const struct MpseAgent*); + const snort::SnortConfig* sc,const snort::MpseApi* api, const struct MpseAgent*); static void activate_search_engine(const snort::MpseApi*, snort::SnortConfig*); static void setup_search_engine(const snort::MpseApi*, snort::SnortConfig*); diff --git a/src/memory/memory_cap.cc b/src/memory/memory_cap.cc index dfc954ace..9cbe0f35a 100644 --- a/src/memory/memory_cap.cc +++ b/src/memory/memory_cap.cc @@ -201,10 +201,12 @@ void MemoryCap::print() if ( !MemoryModule::is_active() ) return; - if ( SnortConfig::log_verbose() or mem_stats.allocations ) + bool verbose = SnortConfig::get_conf()->log_verbose(); + + if ( verbose or mem_stats.allocations ) LogLabel("memory (heap)"); - if ( SnortConfig::log_verbose() ) + if ( verbose ) { LogMessage(" thread cap: %zu\n", thread_cap); LogMessage(" thread preemptive threshold: %zu\n", preemptive_threshold); diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 1d681293b..71df6fc11 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -127,7 +127,7 @@ bool AppIdInspector::configure(SnortConfig* sc) return true; } -void AppIdInspector::show(SnortConfig*) +void AppIdInspector::show(const SnortConfig*) const { config->show(); } diff --git a/src/network_inspectors/appid/appid_inspector.h b/src/network_inspectors/appid/appid_inspector.h index 0e1779b4b..3ea39a28f 100644 --- a/src/network_inspectors/appid/appid_inspector.h +++ b/src/network_inspectors/appid/appid_inspector.h @@ -42,7 +42,7 @@ public: ~AppIdInspector() override; bool configure(snort::SnortConfig*) override; - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void tinit() override; void tterm() override; void eval(snort::Packet*) override; diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index ee874d50b..855df582c 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -97,7 +97,7 @@ public: ~AppIdInspector() override = default; void eval(Packet*) override { } bool configure(snort::SnortConfig*) override { return true; } - void show(snort::SnortConfig*) override { } + void show(const SnortConfig*) const override { } void tinit() override { } void tterm() override { } }; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index a6238b277..9b3fbd2fe 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -670,13 +670,13 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, } } - /* If the session appears to only have the client sending data then + /* If the session appears to only have the client sending data then we must mark the service unknown to prevent pending forever. */ if (asd.service_disco_state == APPID_DISCO_STATE_STATEFUL && asd.service.get_id() == APP_ID_NONE && asd.is_svc_taking_too_much_time()) { asd.stop_service_inspection(p, direction); - asd.service.set_id(APP_ID_UNKNOWN, asd.ctxt.get_odp_ctxt()); + asd.service.set_id(APP_ID_UNKNOWN, asd.ctxt.get_odp_ctxt()); return isTpAppidDiscoveryDone; } diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc index f88e81a24..357359e7f 100644 --- a/src/network_inspectors/appid/service_plugins/service_ftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc @@ -25,6 +25,8 @@ #include "service_ftp.h" +#include "detection/ips_context.h" + #include "appid_inspector.h" #include "app_info_table.h" #include "protocols/packet.h" @@ -883,7 +885,7 @@ void FtpServiceDetector::create_expected_session(AppIdSession& asd, const Packet // FIXIT-M - Avoid thread locals static THREAD_LOCAL SnortProtocolId ftp_data_snort_protocol_id = UNKNOWN_PROTOCOL_ID; if(ftp_data_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - ftp_data_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("ftp-data"); + ftp_data_snort_protocol_id = pkt->context->conf->proto_ref->find("ftp-data"); AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort, protocol, ftp_data_snort_protocol_id, flags); diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc index 8f6b41c6d..e301ba252 100644 --- a/src/network_inspectors/appid/service_plugins/service_rexec.cc +++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc @@ -25,6 +25,8 @@ #include "service_rexec.h" +#include "detection/ips_context.h" + #include "appid_debug.h" #include "appid_inspector.h" #include "app_info_table.h" @@ -140,7 +142,7 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args) { case REXEC_STATE_PORT: if(rexec_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - rexec_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rexec"); + rexec_snort_protocol_id = args.pkt->context->conf->proto_ref->find("rexec"); if (args.dir != APP_ID_FROM_INITIATOR) goto bail; diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index 97641314d..8be459026 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -33,11 +33,13 @@ #include #endif -#include "appid_inspector.h" -#include "app_info_table.h" +#include "detection/ips_context.h" #include "log/messages.h" #include "protocols/packet.h" +#include "appid_inspector.h" +#include "app_info_table.h" + using namespace snort; @@ -403,7 +405,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi static THREAD_LOCAL SnortProtocolId sunrpc_snort_protocol_id = UNKNOWN_PROTOCOL_ID; if(sunrpc_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - sunrpc_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("sunrpc"); + sunrpc_snort_protocol_id = pkt->context->conf->proto_ref->find("sunrpc"); const SfIp* dip = pkt->ptrs.ip_api.get_dst(); const SfIp* sip = pkt->ptrs.ip_api.get_src(); diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc index e2624e118..b261b2e21 100644 --- a/src/network_inspectors/appid/service_plugins/service_rshell.cc +++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc @@ -25,6 +25,7 @@ #include "service_rshell.h" +#include "detection/ips_context.h" #include "protocols/packet.h" #include "app_info_table.h" @@ -155,7 +156,7 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args) if (port) { if(rsh_error_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - rsh_error_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rsh-error"); + rsh_error_snort_protocol_id = args.pkt->context->conf->proto_ref->find("rsh-error"); const SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); const SfIp* sip = args.pkt->ptrs.ip_api.get_src(); diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index 98ac2784a..b6c15f797 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -25,6 +25,7 @@ #include "service_snmp.h" +#include "detection/ips_context.h" #include "log/messages.h" #include "protocols/packet.h" @@ -74,20 +75,6 @@ enum SNMPPDUType SNMP_PDU_TRAPV2 }; -#pragma pack(1) - -struct ServiceSNMPHeader -{ - uint16_t opcode; - union - { - uint16_t block; - uint16_t errorcode; - } d; -}; - -#pragma pack() - static const uint8_t SNMP_PATTERN_2[] = { 0x02, 0x01, 0x00, 0x04 }; static const uint8_t SNMP_PATTERN_3[] = { 0x02, 0x01, 0x01, 0x04 }; static const uint8_t SNMP_PATTERN_4[] = { 0x02, 0x01, 0x03, 0x30 }; @@ -479,7 +466,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) /*adding expected connection in case the server doesn't send from 161*/ if(snmp_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - snmp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("snmp"); + snmp_snort_protocol_id = args.pkt->context->conf->proto_ref->find("snmp"); const SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); const SfIp* sip = args.pkt->ptrs.ip_api.get_src(); diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc index c8448d11d..8abfd2db4 100644 --- a/src/network_inspectors/appid/service_plugins/service_tftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc @@ -25,6 +25,7 @@ #include "service_tftp.h" +#include "detection/ips_context.h" #include "protocols/packet.h" #include "app_info_table.h" @@ -184,7 +185,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) goto bail; if(tftp_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - tftp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("tftp"); + tftp_snort_protocol_id = args.pkt->context->conf->proto_ref->find("tftp"); tmp_td = (ServiceTFTPData*)snort_calloc(sizeof(ServiceTFTPData)); tmp_td->state = TFTP_STATE_TRANSFER; diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 9cc07e1c5..89791988b 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -49,7 +49,7 @@ using namespace snort; namespace snort { -class Inspector* InspectorManager::get_inspector(char const*, bool, SnortConfig*) +class Inspector* InspectorManager::get_inspector(char const*, bool, const SnortConfig*) { return nullptr; } } diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index fa864cd15..923a5b944 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -36,8 +36,12 @@ #include #include -snort::Inspector* snort::InspectorManager::get_inspector(char const*, bool, snort::SnortConfig*) { return nullptr; } -void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +snort::Inspector* snort::InspectorManager::get_inspector( + char const*, bool, const snort::SnortConfig*) { return nullptr; } + +void ApplicationDescriptor::set_id( + const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } + void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} class TestDetector : public AppIdDetector diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index c8e0dd172..3521a4cf9 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -168,7 +168,7 @@ AppIdInspector::AppIdInspector(AppIdModule&) { ctxt = &stub_ctxt; } AppIdInspector::~AppIdInspector() = default; void AppIdInspector::eval(Packet*) { } bool AppIdInspector::configure(SnortConfig*) { return true; } -void AppIdInspector::show(SnortConfig*) { } +void AppIdInspector::show(const SnortConfig*) const { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } AppIdContext& AppIdInspector::get_ctxt() const diff --git a/src/network_inspectors/appid/test/appid_expected_flags_test.cc b/src/network_inspectors/appid/test/appid_expected_flags_test.cc index 60ad0ce91..175c69215 100644 --- a/src/network_inspectors/appid/test/appid_expected_flags_test.cc +++ b/src/network_inspectors/appid/test/appid_expected_flags_test.cc @@ -28,8 +28,12 @@ #include #include -snort::Inspector* snort::InspectorManager::get_inspector(char const*, bool, snort::SnortConfig*) { return nullptr; } -void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +snort::Inspector* snort::InspectorManager::get_inspector( + char const*, bool, const snort::SnortConfig*) { return nullptr; } + +void ApplicationDescriptor::set_id( + const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } + void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} class MockServiceDetector : public ServiceDetector diff --git a/src/network_inspectors/appid/test/appid_mock_inspector.h b/src/network_inspectors/appid/test/appid_mock_inspector.h index 9d30adce6..66eb7a794 100644 --- a/src/network_inspectors/appid/test/appid_mock_inspector.h +++ b/src/network_inspectors/appid/test/appid_mock_inspector.h @@ -64,7 +64,7 @@ AppIdInspector::AppIdInspector(AppIdModule& ) { } AppIdInspector::~AppIdInspector() { } void AppIdInspector::eval(snort::Packet*) { } bool AppIdInspector::configure(snort::SnortConfig*) { return true; } -void AppIdInspector::show(snort::SnortConfig*) { } +void AppIdInspector::show(const SnortConfig*) const { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; } diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc index 26fe8d6e5..eb9aa32ee 100644 --- a/src/network_inspectors/arp_spoof/arp_spoof.cc +++ b/src/network_inspectors/arp_spoof/arp_spoof.cc @@ -143,7 +143,7 @@ public: ArpSpoof(ArpSpoofModule*); ~ArpSpoof() override; - void show(snort::SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; private: @@ -160,7 +160,7 @@ ArpSpoof::~ArpSpoof () delete config; } -void ArpSpoof::show(SnortConfig*) +void ArpSpoof::show(const SnortConfig*) const { if ( config ) arp_config_show(config); diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc index 2f102f210..50756ad54 100644 --- a/src/network_inspectors/binder/binder.cc +++ b/src/network_inspectors/binder/binder.cc @@ -452,8 +452,9 @@ static Inspector* get_gadget(Flow* flow) static Inspector* get_gadget_by_id(const char* service) { - const SnortProtocolId id = SnortConfig::get_conf()->proto_ref->find(service); - const char* s = SnortConfig::get_conf()->proto_ref->get_name(id); + const SnortConfig* sc = SnortConfig::get_conf(); + const SnortProtocolId id = sc->proto_ref->find(service); + const char* s = sc->proto_ref->get_name(id); return InspectorManager::get_inspector_by_service(s); } @@ -825,7 +826,7 @@ public: void remove_inspector_binding(SnortConfig*, const char*) override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override { } @@ -945,7 +946,7 @@ bool Binder::configure(SnortConfig* sc) return true; } -void Binder::show(SnortConfig*) +void Binder::show(const SnortConfig*) const { std::once_flag once; @@ -1137,6 +1138,8 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi // It gets potentially hairy if people start specifying overlapping policy types in // overlapping rules. bool inspection_set = false, ips_set = false; + const SnortConfig* sc = SnortConfig::get_conf(); + for ( unsigned i = 0; i < sz; i++ ) { Binding* pb = bindings[i]; @@ -1151,7 +1154,7 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi if ( pb->use.inspection_index and !inspection_set ) { - set_inspection_policy(SnortConfig::get_conf(), pb->use.inspection_index - 1); + set_inspection_policy(sc, pb->use.inspection_index - 1); if (!service) flow->inspection_policy_id = pb->use.inspection_index - 1; inspection_set = true; @@ -1159,7 +1162,7 @@ void Binder::get_bindings(Flow* flow, Stuff& stuff, Packet* p, const char* servi if ( pb->use.ips_index and !ips_set ) { - set_ips_policy(SnortConfig::get_conf(), pb->use.ips_index - 1); + set_ips_policy(sc, pb->use.ips_index - 1); if (!service) flow->ips_policy_id = pb->use.ips_index - 1; ips_set = true; diff --git a/src/network_inspectors/normalize/norm.cc b/src/network_inspectors/normalize/norm.cc index 09f2f2bb4..025e5d877 100644 --- a/src/network_inspectors/normalize/norm.cc +++ b/src/network_inspectors/normalize/norm.cc @@ -23,6 +23,7 @@ #include "norm.h" +#include "detection/ips_context.h" #include "main/snort_config.h" #include "packet_io/sfdaq.h" #include "protocols/icmp4.h" @@ -247,11 +248,11 @@ static int Norm_IP4( } if ( Norm_IsEnabled(c, NORM_IP4_TTL) ) { - if ( h->ip_ttl < SnortConfig::min_ttl() ) + if ( h->ip_ttl < p->context->conf->min_ttl() ) { if ( mode == NORM_MODE_ON ) { - h->ip_ttl = SnortConfig::new_ttl(); + h->ip_ttl = p->context->conf->new_ttl(); p->ptrs.decode_flags &= ~DECODE_ERR_BAD_TTL; changes++; } @@ -304,13 +305,13 @@ static int Norm_IP6( ip::IP6Hdr* h = reinterpret_cast(const_cast(p->layers[layer].start)); - if ( h->ip6_hoplim < SnortConfig::min_ttl() ) + if ( h->ip6_hoplim < p->context->conf->min_ttl() ) { const NormMode mode = get_norm_mode(p); if ( mode == NORM_MODE_ON ) { - h->ip6_hoplim = SnortConfig::new_ttl(); + h->ip6_hoplim = p->context->conf->new_ttl(); p->ptrs.decode_flags &= ~DECODE_ERR_BAD_TTL; changes++; } diff --git a/src/network_inspectors/normalize/normalize.cc b/src/network_inspectors/normalize/normalize.cc index 2da195ff8..4ded34b71 100644 --- a/src/network_inspectors/normalize/normalize.cc +++ b/src/network_inspectors/normalize/normalize.cc @@ -209,7 +209,7 @@ public: Normalizer(const NormalizerConfig&); bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; private: @@ -266,7 +266,7 @@ NormMode Normalize_GetMode(NormFlags nf) return NORM_MODE_TEST; } -void Normalizer::show(SnortConfig*) +void Normalizer::show(const SnortConfig*) const { print_ip4(&config); print_ip6(&config); diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc index 925a3b027..d90256217 100644 --- a/src/network_inspectors/packet_capture/packet_capture.cc +++ b/src/network_inspectors/packet_capture/packet_capture.cc @@ -168,7 +168,7 @@ public: PacketCapture(CaptureModule*); // non-static functions - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; void tterm() override { capture_term(); } @@ -197,7 +197,7 @@ bool PacketCapture::capture_init() return false; } -void PacketCapture::show(SnortConfig*) +void PacketCapture::show(const SnortConfig*) const { ConfigLogger::log_flag("enable", config.enabled); if ( config.enabled ) diff --git a/src/network_inspectors/perf_monitor/perf_monitor.cc b/src/network_inspectors/perf_monitor/perf_monitor.cc index 4f5e93118..9329970d4 100644 --- a/src/network_inspectors/perf_monitor/perf_monitor.cc +++ b/src/network_inspectors/perf_monitor/perf_monitor.cc @@ -157,7 +157,7 @@ static const char* to_string(const PerfFormat& pf) return ""; } -void PerfMonitor::show(SnortConfig*) +void PerfMonitor::show(const SnortConfig*) const { ConfigLogger::log_flag("base", config->perf_flags & PERF_BASE); ConfigLogger::log_flag("cpu", config->perf_flags & PERF_CPU); diff --git a/src/network_inspectors/perf_monitor/perf_monitor.h b/src/network_inspectors/perf_monitor/perf_monitor.h index 4f8cb3f2c..939f73739 100644 --- a/src/network_inspectors/perf_monitor/perf_monitor.h +++ b/src/network_inspectors/perf_monitor/perf_monitor.h @@ -39,7 +39,7 @@ public: ~PerfMonitor() override { delete config; } bool configure(snort::SnortConfig*) override; - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void eval(snort::Packet*) override; bool ready_to_process(snort::Packet* p); diff --git a/src/network_inspectors/perf_monitor/perf_tracker.cc b/src/network_inspectors/perf_monitor/perf_tracker.cc index cc9efa409..10ab1d07d 100644 --- a/src/network_inspectors/perf_monitor/perf_tracker.cc +++ b/src/network_inspectors/perf_monitor/perf_tracker.cc @@ -132,13 +132,13 @@ bool PerfTracker::open(bool append) file_name, mode, get_error(errno)); } - if (chown(file_name, SnortConfig::get_uid(), - SnortConfig::get_gid()) != 0) + const SnortConfig* sc = SnortConfig::get_conf(); + + if (chown(file_name, sc->get_uid(), sc->get_gid()) != 0) { WarningMessage("perfmonitor: Unable to change permissions of " "stats file '%s' to user:%d and group:%d: %s.\n", - file_name, SnortConfig::get_uid(), SnortConfig::get_gid(), - get_error(errno)); + file_name, sc->get_uid(), sc->get_gid(), get_error(errno)); } } } diff --git a/src/network_inspectors/port_scan/port_scan.cc b/src/network_inspectors/port_scan/port_scan.cc index e2435f7c6..938d7aaeb 100644 --- a/src/network_inspectors/port_scan/port_scan.cc +++ b/src/network_inspectors/port_scan/port_scan.cc @@ -431,7 +431,7 @@ void PortScan::tterm() ps_cleanup(); } -void PortScan::show(SnortConfig*) +void PortScan::show(const SnortConfig*) const { if ( config ) portscan_config_show(config); diff --git a/src/network_inspectors/port_scan/ps_inspect.h b/src/network_inspectors/port_scan/ps_inspect.h index 00d1dedaa..b75dfc01f 100644 --- a/src/network_inspectors/port_scan/ps_inspect.h +++ b/src/network_inspectors/port_scan/ps_inspect.h @@ -42,7 +42,7 @@ public: PortScan(class PortScanModule*); ~PortScan() override; - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void eval(snort::Packet*) override; void tinit() override; diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc index 1813009e8..48d4f4e93 100644 --- a/src/network_inspectors/reputation/reputation_inspect.cc +++ b/src/network_inspectors/reputation/reputation_inspect.cc @@ -411,7 +411,7 @@ Reputation::Reputation(ReputationConfig* pc) reputationstats.memory_allocated = sfrt_flat_usage(conf->ip_list); } -void Reputation::show(SnortConfig*) +void Reputation::show(const SnortConfig*) const { ConfigLogger::log_value("blacklist", config.blacklist_path.c_str()); ConfigLogger::log_value("list_dir", config.list_dir.c_str()); diff --git a/src/network_inspectors/reputation/reputation_inspect.h b/src/network_inspectors/reputation/reputation_inspect.h index d094eda10..e4e219dc4 100644 --- a/src/network_inspectors/reputation/reputation_inspect.h +++ b/src/network_inspectors/reputation/reputation_inspect.h @@ -28,7 +28,7 @@ class Reputation : public snort::Inspector public: Reputation(ReputationConfig*); - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void eval(snort::Packet*) override; private: diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc index 19fbb97ba..015e247a3 100644 --- a/src/network_inspectors/rna/rna_inspector.cc +++ b/src/network_inspectors/rna/rna_inspector.cc @@ -100,7 +100,7 @@ void RnaInspector::eval(Packet* p) UNUSED(p); } -void RnaInspector::show(SnortConfig*) +void RnaInspector::show(const SnortConfig*) const { if ( mod_conf ) { diff --git a/src/network_inspectors/rna/rna_inspector.h b/src/network_inspectors/rna/rna_inspector.h index 37d62e479..69b45f092 100644 --- a/src/network_inspectors/rna/rna_inspector.h +++ b/src/network_inspectors/rna/rna_inspector.h @@ -39,7 +39,7 @@ public: bool configure(snort::SnortConfig*) override; void eval(snort::Packet*) override; - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void tinit() override; void tterm() override; diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc index 0c958542f..883434901 100644 --- a/src/packet_io/active.cc +++ b/src/packet_io/active.cc @@ -178,7 +178,7 @@ void Active::init(SnortConfig* sc) Active::set_enabled(); } -bool Active::thread_init(SnortConfig* sc) +bool Active::thread_init(const SnortConfig* sc) { s_attempts = sc->respond_attempts; @@ -190,7 +190,7 @@ bool Active::thread_init(SnortConfig* sc) if ( enabled && (!SFDAQ::can_inject() || !sc->respond_device.empty()) ) { - if ( SnortConfig::read_mode() || !open(sc->respond_device.c_str()) ) + if ( sc->read_mode() || !open(sc->respond_device.c_str()) ) { ParseWarning(WARN_DAQ, "active responses disabled since DAQ " "can't inject packets."); @@ -521,12 +521,12 @@ void Active::update_status(const Packet* p, bool force) else if ( active_status != AST_FORCE) { - if ( SnortConfig::inline_mode() ) + if ( p->context->conf->inline_mode() ) { if ( !SFDAQ::forwarding_packet(p->pkth) ) active_status = AST_WOULD; } - else if ( SnortConfig::inline_test_mode() ) + else if ( p->context->conf->inline_test_mode() ) { active_status = AST_WOULD; } @@ -629,7 +629,7 @@ void Active::block_session(Packet* p, bool force) active_action = ACT_BLOCK; update_status(p, force); - if ( force or SnortConfig::inline_mode() or SnortConfig::treat_drop_as_ignore() ) + if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() ) Stream::block_flow(p); p->disable_inspect = true; @@ -645,7 +645,7 @@ void Active::reset_session(Packet* p, ActiveAction* reject, bool force) update_status(p, force); active_action = ACT_RESET; - if ( force or SnortConfig::inline_mode() or SnortConfig::treat_drop_as_ignore() ) + if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() ) Stream::drop_flow(p); if ( enabled ) diff --git a/src/packet_io/active.h b/src/packet_io/active.h index 52fdefdc8..1ee25b2e5 100644 --- a/src/packet_io/active.h +++ b/src/packet_io/active.h @@ -59,7 +59,7 @@ public: public: static void init(SnortConfig*); - static bool thread_init(SnortConfig*); + static bool thread_init(const SnortConfig*); static void thread_term(); static void set_enabled(bool on_off = true) diff --git a/src/packet_io/sfdaq.cc b/src/packet_io/sfdaq.cc index a8389e749..aee331289 100644 --- a/src/packet_io/sfdaq.cc +++ b/src/packet_io/sfdaq.cc @@ -219,10 +219,12 @@ bool SFDAQ::init(const SFDAQConfig* cfg, unsigned total_instances) int rval; - if (SnortConfig::adaptor_inline_mode()) + if (SnortConfig::get_conf()->adaptor_inline_mode()) default_daq_mode = DAQ_MODE_INLINE; - else if (SnortConfig::read_mode()) + + else if (SnortConfig::get_conf()->read_mode()) default_daq_mode = DAQ_MODE_READ_FILE; + else default_daq_mode = DAQ_MODE_PASSIVE; diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc index 860ed0886..561dbaac3 100644 --- a/src/packet_io/sfdaq_instance.cc +++ b/src/packet_io/sfdaq_instance.cc @@ -57,7 +57,7 @@ static bool DAQ_ValidateInstance(DAQ_Instance_h instance) { uint32_t caps = daq_instance_get_capabilities(instance); - if (!SnortConfig::adaptor_inline_mode()) + if (!SnortConfig::get_conf()->adaptor_inline_mode()) return true; if (!(caps & DAQ_CAPA_BLOCK)) @@ -172,7 +172,7 @@ bool SFDAQInstance::start() pool_size = mpool_info.size; pool_available = mpool_info.available; assert(pool_size == pool_available); - if (SnortConfig::log_verbose()) + if (SnortConfig::get_conf()->log_verbose()) { LogMessage("Instance %d daq pool size: %d\n", get_instance_id(), pool_size); LogMessage("Instance %d daq batch size: %d\n", get_instance_id(), batch_size); diff --git a/src/parser/parse_conf.cc b/src/parser/parse_conf.cc index 6bcc38d17..134619305 100644 --- a/src/parser/parse_conf.cc +++ b/src/parser/parse_conf.cc @@ -84,7 +84,7 @@ void get_parse_location(const char*& file, unsigned& line) static void print_parse_file(const char* msg, Location& loc) { - if ( SnortConfig::show_file_codes() ) + if ( SnortConfig::get_conf()->show_file_codes() ) LogMessage("%s %s:%s:\n", msg, (loc.code ? loc.code : "?"), loc.file.c_str()); else @@ -270,15 +270,14 @@ void add_service_to_otn(SnortConfig* sc, OptTreeNode* otn, const char* svc_name) // or we are going to just alert instead of drop, // or we are going to ignore session data instead of drop. // the alert case is tested for separately with SnortConfig::treat_drop_as_alert(). -static inline int ScKeepDropRules() +static inline int keep_drop_rules(const SnortConfig* sc) { - return ( SnortConfig::inline_mode() or SnortConfig::adaptor_inline_mode() or - SnortConfig::treat_drop_as_ignore() ); + return ( sc->inline_mode() or sc->adaptor_inline_mode() or sc->treat_drop_as_ignore() ); } -static inline int ScLoadAsDropRules() +static inline int load_as_drop_rules(const SnortConfig* sc) { - return ( SnortConfig::inline_test_mode() || SnortConfig::adaptor_inline_test_mode() ); + return ( sc->inline_test_mode() || sc->adaptor_inline_test_mode() ); } Actions::Type get_rule_type(const char* s) @@ -288,15 +287,17 @@ Actions::Type get_rule_type(const char* s) if ( rt == Actions::NONE ) rt = ActionManager::get_action_type(s); + const SnortConfig* sc = SnortConfig::get_conf(); + switch ( rt ) { case Actions::DROP: case Actions::BLOCK: case Actions::RESET: - if ( SnortConfig::treat_drop_as_alert() ) + if ( sc->treat_drop_as_alert() ) return Actions::ALERT; - if ( ScKeepDropRules() || ScLoadAsDropRules() ) + if ( keep_drop_rules(sc) || load_as_drop_rules(sc) ) return rt; return Actions::NONE; diff --git a/src/parser/parse_rule.cc b/src/parser/parse_rule.cc index 84beb2062..c0ecf5341 100644 --- a/src/parser/parse_rule.cc +++ b/src/parser/parse_rule.cc @@ -957,7 +957,7 @@ void parse_rule_type(SnortConfig* sc, const char* s, RuleTreeNode& rtn) CreateRuleType(sc, s, rtn.action); rtn.listhead = get_rule_list(sc, s); } - if ( SnortConfig::get_default_rule_state() ) + if ( sc->get_default_rule_state() ) rtn.set_enabled(); if ( !rtn.listhead ) @@ -1131,7 +1131,7 @@ OptTreeNode* parse_rule_open(SnortConfig* sc, RuleTreeNode& rtn, bool stub) otn->snort_protocol_id = rtn.snort_protocol_id; - if ( SnortConfig::get_default_rule_state() ) + if ( sc->get_default_rule_state() ) rtn.set_enabled(); IpsManager::reset_options(); diff --git a/src/parser/parser.cc b/src/parser/parser.cc index 355ccf4b4..9d8f7530c 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -307,8 +307,9 @@ void parser_term(SnortConfig*) SnortConfig* ParseSnortConf(const SnortConfig* boot_conf, const char* fname, bool is_fatal) { SnortConfig* sc = new SnortConfig(SnortConfig::get_conf()->proto_ref); - SnortConfig::set_parser_conf(sc); + sc->run_flags = boot_conf->run_flags; + sc->output_flags = boot_conf->output_flags; sc->logging_flags = boot_conf->logging_flags; sc->tweaks = boot_conf->tweaks; diff --git a/src/piglet/piglet_manager.cc b/src/piglet/piglet_manager.cc index 355d28491..1c1d82c8b 100644 --- a/src/piglet/piglet_manager.cc +++ b/src/piglet/piglet_manager.cc @@ -103,11 +103,11 @@ static BasePlugin* instantiate( Module* m; if ( key == PT_IPS_OPTION || use_defaults ) // FIXIT-L this is just a workaround, need to be able to get parsed rule module - m = ModuleManager::get_default_module(name.c_str(), SnortConfig::get_conf()); + m = ModuleManager::get_default_module(name.c_str(), SnortConfig::get_main_conf()); else m = ModuleManager::get_module(name.c_str()); - auto piglet = piglet_api->ctor(lua, name, m, SnortConfig::get_conf()); + auto piglet = piglet_api->ctor(lua, name, m, SnortConfig::get_main_conf()); assert(piglet); diff --git a/src/piglet_plugins/pp_codec_data_iface.cc b/src/piglet_plugins/pp_codec_data_iface.cc index 2f0ae41a5..927d866db 100644 --- a/src/piglet_plugins/pp_codec_data_iface.cc +++ b/src/piglet_plugins/pp_codec_data_iface.cc @@ -25,6 +25,7 @@ #include "framework/codec.h" #include "lua/lua_arg.h" +#include "main/snort_config.h" using namespace snort; @@ -66,7 +67,8 @@ static const luaL_Reg methods[] = { Lua::Args args(L); - auto& self = CodecDataIface.create(L, ProtocolId::ETHERTYPE_NOT_SET); + auto& self = CodecDataIface.create( + L, SnortConfig::get_conf(), ProtocolId::ETHERTYPE_NOT_SET); if ( args[1].is_table() ) args[1].check_table(set_fields, self); diff --git a/src/piglet_plugins/pp_inspector_iface.cc b/src/piglet_plugins/pp_inspector_iface.cc index 1c8bd85a4..b20add544 100644 --- a/src/piglet_plugins/pp_inspector_iface.cc +++ b/src/piglet_plugins/pp_inspector_iface.cc @@ -55,7 +55,7 @@ static const luaL_Reg methods[] = { auto& self = InspectorIface.get(L); // FIXIT-L do we need an opaque SnortConfig interface? - bool result = self.configure(SnortConfig::get_conf()); + bool result = self.configure(SnortConfig::get_main_conf()); lua_pushboolean(L, result); return 1; } diff --git a/src/ports/port_var_table.cc b/src/ports/port_var_table.cc index c7871d71c..06dffaa3b 100644 --- a/src/ports/port_var_table.cc +++ b/src/ports/port_var_table.cc @@ -93,7 +93,7 @@ PortObject* PortVarTableFind(PortVarTable* h, const char* name) PortObject* po = (PortObject*)h->find(name); - if ( !po and SnortConfig::dump_rule_info() and strstr(name, "PORT") ) + if ( !po and SnortConfig::get_conf()->dump_rule_info() and strstr(name, "PORT") ) { po = PortObjectNew(); po->name = snort_strdup(name); diff --git a/src/profiler/profiler.cc b/src/profiler/profiler.cc index 75def056d..06d0696bc 100644 --- a/src/profiler/profiler.cc +++ b/src/profiler/profiler.cc @@ -117,7 +117,7 @@ void Profiler::show_stats() s_profiler_nodes.accumulate_flex(); - const auto* config = SnortConfig::get_profiler(); + const auto* config = SnortConfig::get_conf()->get_profiler(); assert(config); show_time_profiler_stats(s_profiler_nodes, config->time); diff --git a/src/profiler/rule_profiler.cc b/src/profiler/rule_profiler.cc index 715e37c90..50e846116 100644 --- a/src/profiler/rule_profiler.cc +++ b/src/profiler/rule_profiler.cc @@ -194,10 +194,11 @@ static void consolidate_otn_states(OtnState* states) static std::vector build_entries() { - assert(SnortConfig::get_conf()); + const SnortConfig* sc = SnortConfig::get_conf(); + assert(sc); - detection_option_tree_update_otn_stats(SnortConfig::get_conf()->detection_option_tree_hash_table); - auto* otn_map = SnortConfig::get_conf()->otn_map; + detection_option_tree_update_otn_stats(sc->detection_option_tree_hash_table); + auto* otn_map = sc->otn_map; std::vector entries; @@ -313,8 +314,10 @@ void show_rule_profiler_stats(const RuleProfilerConfig& config) void reset_rule_profiler_stats() { - assert(SnortConfig::get_conf()); - auto* otn_map = SnortConfig::get_conf()->otn_map; + const SnortConfig* sc = SnortConfig::get_conf(); + assert(sc); + + auto* otn_map = sc->otn_map; for ( auto* h = otn_map->find_first(); h; h = otn_map->find_next() ) { diff --git a/src/protocols/packet.cc b/src/protocols/packet.cc index 1acc69da3..67e6dcb69 100644 --- a/src/protocols/packet.cc +++ b/src/protocols/packet.cc @@ -257,7 +257,7 @@ uint16_t Packet::get_flow_vlan_id() const if (flow) vid = flow->key->vlan_tag; - else if ( !SnortConfig::get_vlan_agnostic() and (proto_bits & PROTO_BIT__VLAN) ) + else if ( !context->conf->get_vlan_agnostic() and (proto_bits & PROTO_BIT__VLAN) ) vid = layer::get_vlan_layer(this)->vid(); return vid; diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index 0d31e465d..ffcd685d8 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -100,7 +100,7 @@ static inline void push_layer(Packet* p, void PacketManager::pop_teredo(Packet* p, RawData& raw) { p->proto_bits &= ~PROTO_BIT__TEREDO; - if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_TEREDO) ) + if ( p->context->conf->tunnel_bypass_enabled(TUNNEL_TEREDO) ) p->active->clear_tunnel_bypass(); const ProtocolIndex mapped_prot = CodecManager::s_proto_map[to_utype(ProtocolId::TEREDO)]; @@ -138,7 +138,7 @@ void PacketManager::decode( ProtocolId prev_prot_id = CodecManager::grinder_id; RawData raw(p->daq_msg, pkt, pktlen); - CodecData codec_data(ProtocolId::FINISHED_DECODE); + CodecData codec_data(p->context->conf, ProtocolId::FINISHED_DECODE); if ( cooked ) codec_data.codec_flags |= CODEC_STREAM_REBUILT; diff --git a/src/search_engines/ac_banded.cc b/src/search_engines/ac_banded.cc index 5603895f8..9241b9e1e 100644 --- a/src/search_engines/ac_banded.cc +++ b/src/search_engines/ac_banded.cc @@ -37,12 +37,8 @@ private: ACSM_STRUCT2* obj; public: - AcbMpse( - SnortConfig*, const MpseAgent* agent) - : Mpse("ac_banded") - { - obj = acsmNew2(agent, ACF_BANDED); - } + AcbMpse(const MpseAgent* agent) : Mpse("ac_banded") + { obj = acsmNew2(agent, ACF_BANDED); } ~AcbMpse() override { acsmFree2(obj); } @@ -51,8 +47,7 @@ public: { obj->enable_dfa(); } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return acsmAddPattern2(obj, P, m, desc.no_case, desc.negated, user); } @@ -87,9 +82,9 @@ public: //------------------------------------------------------------------------- static Mpse* acb_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcbMpse(sc, agent); + return new AcbMpse(agent); } static void acb_dtor(Mpse* p) diff --git a/src/search_engines/ac_bnfa.cc b/src/search_engines/ac_bnfa.cc index 376c0f1f8..89b0378a0 100644 --- a/src/search_engines/ac_bnfa.cc +++ b/src/search_engines/ac_bnfa.cc @@ -46,8 +46,7 @@ private: bnfa_struct_t* obj; public: - AcBnfaMpse(SnortConfig*, const MpseAgent* agent) - : Mpse("ac_bnfa") + AcBnfaMpse(const MpseAgent* agent) : Mpse("ac_bnfa") { obj=bnfaNew(agent); if ( obj ) obj->bnfaMethod = 1; @@ -66,8 +65,7 @@ public: } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return bnfaAddPattern(obj, P, m, desc.no_case, desc.negated, user); } @@ -105,9 +103,9 @@ public: //------------------------------------------------------------------------- static Mpse* bnfa_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcBnfaMpse(sc, agent); + return new AcBnfaMpse(agent); } static void bnfa_dtor(Mpse* p) diff --git a/src/search_engines/ac_full.cc b/src/search_engines/ac_full.cc index b17519368..0340548d6 100644 --- a/src/search_engines/ac_full.cc +++ b/src/search_engines/ac_full.cc @@ -37,11 +37,8 @@ private: ACSM_STRUCT2* obj; public: - AcfMpse(SnortConfig*, const MpseAgent* agent) - : Mpse("ac_full") - { - obj = acsmNew2(agent, ACF_FULL); - } + AcfMpse(const MpseAgent* agent) : Mpse("ac_full") + { obj = acsmNew2(agent, ACF_FULL); } ~AcfMpse() override { acsmFree2(obj); } @@ -53,8 +50,7 @@ public: } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return acsmAddPattern2(obj, P, m, desc.no_case, desc.negated, user); } @@ -94,9 +90,9 @@ public: //------------------------------------------------------------------------- static Mpse* acf_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcfMpse(sc, agent); + return new AcfMpse(agent); } static void acf_dtor(Mpse* p) diff --git a/src/search_engines/ac_sparse.cc b/src/search_engines/ac_sparse.cc index 22e80c035..e5cfd6071 100644 --- a/src/search_engines/ac_sparse.cc +++ b/src/search_engines/ac_sparse.cc @@ -37,11 +37,8 @@ private: ACSM_STRUCT2* obj; public: - AcsMpse(SnortConfig*, const MpseAgent* agent) - : Mpse("ac_sparse") - { - obj = acsmNew2(agent, ACF_SPARSE); - } + AcsMpse(const MpseAgent* agent) : Mpse("ac_sparse") + { obj = acsmNew2(agent, ACF_SPARSE); } ~AcsMpse() override { if (obj) acsmFree2(obj); } @@ -50,8 +47,7 @@ public: { obj->enable_dfa(); } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return acsmAddPattern2(obj, P, m, desc.no_case, desc.negated, user); } @@ -81,9 +77,9 @@ public: //------------------------------------------------------------------------- static Mpse* acs_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcsMpse(sc, agent); + return new AcsMpse(agent); } static void acs_dtor(Mpse* p) diff --git a/src/search_engines/ac_sparse_bands.cc b/src/search_engines/ac_sparse_bands.cc index 85f969b93..7e12be9ae 100644 --- a/src/search_engines/ac_sparse_bands.cc +++ b/src/search_engines/ac_sparse_bands.cc @@ -37,11 +37,8 @@ private: ACSM_STRUCT2* obj; public: - AcsbMpse(SnortConfig*, const MpseAgent* agent) - : Mpse("ac_sparse_bands") - { - obj = acsmNew2(agent, ACF_SPARSE_BANDS); - } + AcsbMpse(const MpseAgent* agent) : Mpse("ac_sparse_bands") + { obj = acsmNew2(agent, ACF_SPARSE_BANDS); } ~AcsbMpse() override { acsmFree2(obj); } @@ -50,8 +47,7 @@ public: { obj->enable_dfa(); } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return acsmAddPattern2(obj, P, m, desc.no_case, desc.negated, user); } @@ -81,9 +77,9 @@ public: //------------------------------------------------------------------------- static Mpse* acsb_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcsbMpse(sc, agent); + return new AcsbMpse(agent); } static void acsb_dtor(Mpse* p) diff --git a/src/search_engines/ac_std.cc b/src/search_engines/ac_std.cc index c641dacf8..521b42e73 100644 --- a/src/search_engines/ac_std.cc +++ b/src/search_engines/ac_std.cc @@ -37,16 +37,14 @@ private: ACSM_STRUCT* obj; public: - AcMpse(SnortConfig*, const MpseAgent* agent) - : Mpse("ac_std") + AcMpse(const MpseAgent* agent) : Mpse("ac_std") { obj = acsmNew(agent); } ~AcMpse() override { acsmFree(obj); } int add_pattern( - SnortConfig*, const uint8_t* P, unsigned m, - const PatternDescriptor& desc, void* user) override + const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override { return acsmAddPattern(obj, P, m, desc.no_case, desc.negated, user); } @@ -73,9 +71,9 @@ public: //------------------------------------------------------------------------- static Mpse* ac_ctor( - SnortConfig* sc, class Module*, const MpseAgent* agent) + const SnortConfig*, class Module*, const MpseAgent* agent) { - return new AcMpse(sc, agent); + return new AcMpse(agent); } static void ac_dtor(Mpse* p) diff --git a/src/search_engines/hyperscan.cc b/src/search_engines/hyperscan.cc index 712a51205..b04f92f35 100644 --- a/src/search_engines/hyperscan.cc +++ b/src/search_engines/hyperscan.cc @@ -126,7 +126,7 @@ struct ScanContext class HyperscanMpse : public Mpse { public: - HyperscanMpse(SnortConfig*, const MpseAgent* a) + HyperscanMpse(const MpseAgent* a) : Mpse("hyperscan") { agent = a; @@ -143,8 +143,7 @@ public: } int add_pattern( - SnortConfig*, const uint8_t* pat, unsigned len, - const PatternDescriptor& desc, void* user) override + const uint8_t* pat, unsigned len, const PatternDescriptor& desc, void* user) override { Pattern p(pat, len, desc, user); pvector.emplace_back(p); @@ -378,12 +377,12 @@ static void mod_dtor(Module* p) { delete p; } static Mpse* hs_ctor( - SnortConfig* sc, class Module*, const MpseAgent* a) + const SnortConfig* sc, class Module*, const MpseAgent* a) { if ( s_scratch.empty() ) s_scratch.resize(sc->num_slots, nullptr); - return new HyperscanMpse(sc, a); + return new HyperscanMpse(a); } static void hs_dtor(Mpse* p) diff --git a/src/search_engines/search_tool.cc b/src/search_engines/search_tool.cc index 513aa4f12..e385a125a 100644 --- a/src/search_engines/search_tool.cc +++ b/src/search_engines/search_tool.cc @@ -31,6 +31,8 @@ namespace snort { +const SnortConfig* SearchTool::conf = nullptr; + SearchTool::SearchTool(const char* method, bool dfa) { mpsegrp = new MpseGroup; @@ -42,10 +44,9 @@ SearchTool::SearchTool(const char* method, bool dfa) // pattern offload search method. If a method is passed in then an offload // search engine will not be created - SnortConfig* sc = SnortConfig::get_parser_conf(); - assert(sc); + assert(conf); - if (mpsegrp->create_normal_mpse(sc, method)) + if (mpsegrp->create_normal_mpse(conf, method)) { if( dfa ) mpsegrp->normal_mpse->set_opt(1); @@ -53,7 +54,7 @@ SearchTool::SearchTool(const char* method, bool dfa) if (method == nullptr) { - if (mpsegrp->create_offload_mpse(sc)) + if (mpsegrp->create_offload_mpse(conf)) { if ( dfa ) mpsegrp->offload_mpse->set_opt(1); @@ -69,28 +70,23 @@ SearchTool::~SearchTool() } void SearchTool::add(const char* pat, unsigned len, int id, bool no_case) -{ - add((const uint8_t*)pat, len, id, no_case); -} +{ add((const uint8_t*)pat, len, id, no_case); } void SearchTool::add(const char* pat, unsigned len, void* id, bool no_case) -{ - add((const uint8_t*)pat, len, id, no_case); -} +{ add((const uint8_t*)pat, len, id, no_case); } void SearchTool::add(const uint8_t* pat, unsigned len, int id, bool no_case) -{ - add(pat, len, (void*)(long)id, no_case); -} +{ add(pat, len, (void*)(long)id, no_case); } void SearchTool::add(const uint8_t* pat, unsigned len, void* id, bool no_case) { Mpse::PatternDescriptor desc(no_case, false, true); if ( mpsegrp->normal_mpse ) - mpsegrp->normal_mpse->add_pattern(nullptr, pat, len, desc, id); + mpsegrp->normal_mpse->add_pattern(pat, len, desc, id); + if ( mpsegrp->offload_mpse ) - mpsegrp->offload_mpse->add_pattern(nullptr, pat, len, desc, id); + mpsegrp->offload_mpse->add_pattern(pat, len, desc, id); if ( len > max_len ) max_len = len; @@ -105,16 +101,11 @@ void SearchTool::prep() } int SearchTool::find( - const char* str, - unsigned len, - MpseMatch mf, - int& state, - bool confine, - void* user_data) + const char* str, unsigned len, MpseMatch mf, int& state, bool confine, void* user_data) { int num = 0; - SnortConfig* sc = SnortConfig::get_conf(); - FastPatternConfig* fp = sc->fast_pattern_config; + const SnortConfig* sc = SnortConfig::get_conf(); + const FastPatternConfig* fp = sc->fast_pattern_config; if ( confine && max_len > 0 ) { @@ -143,26 +134,18 @@ int SearchTool::find( } int SearchTool::find( - const char* str, - unsigned len, - MpseMatch mf, - bool confine, - void* user_data) + const char* str, unsigned len, MpseMatch mf, bool confine, void* user_data) { int state = 0; return find(str, len, mf, state, confine, user_data); } int SearchTool::find_all( - const char* str, - unsigned len, - MpseMatch mf, - bool confine, - void* user_data) + const char* str, unsigned len, MpseMatch mf, bool confine, void* user_data) { int num = 0; - SnortConfig* sc = SnortConfig::get_conf(); - FastPatternConfig* fp = sc->fast_pattern_config; + const SnortConfig* sc = SnortConfig::get_conf(); + const FastPatternConfig* fp = sc->fast_pattern_config; if ( confine && max_len > 0 ) { diff --git a/src/search_engines/search_tool.h b/src/search_engines/search_tool.h index a99f62891..abb247f1e 100644 --- a/src/search_engines/search_tool.h +++ b/src/search_engines/search_tool.h @@ -27,6 +27,11 @@ namespace snort class SO_PUBLIC SearchTool { public: + // FIXIT-L SnortConfig should be passed to ctor, a lot of appid plumbing + // for now set_conf must be called before instantiation + static void set_conf(const SnortConfig* sc) + { conf = sc; } + SearchTool(const char* method = nullptr, bool dfa = false); ~SearchTool(); @@ -49,6 +54,7 @@ public: bool confine = false, void* user_data = nullptr); private: + static const SnortConfig* conf; class MpseGroup* mpsegrp; unsigned max_len; }; diff --git a/src/search_engines/test/hyperscan_test.cc b/src/search_engines/test/hyperscan_test.cc index 3458e1b03..e509d2062 100644 --- a/src/search_engines/test/hyperscan_test.cc +++ b/src/search_engines/test/hyperscan_test.cc @@ -118,7 +118,7 @@ int SnortConfig::request_scratch(ScratchAllocator* s) void SnortConfig::release_scratch(int) { } -SnortConfig* SnortConfig::get_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } static unsigned parse_errors = 0; @@ -260,7 +260,7 @@ TEST(mpse_hs_match, single) { Mpse::PatternDescriptor desc; - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"foo", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"foo", 3, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 1); @@ -275,7 +275,7 @@ TEST(mpse_hs_match, nocase) { Mpse::PatternDescriptor desc(true, true, false); - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"foo", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"foo", 3, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 1); @@ -291,7 +291,7 @@ TEST(mpse_hs_match, other) { Mpse::PatternDescriptor desc(false, true, false); - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"foo", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"foo", 3, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 1); @@ -307,9 +307,9 @@ TEST(mpse_hs_match, multi) { Mpse::PatternDescriptor desc; - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"foo", 3, desc, s_user) == 0); - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"bar", 3, desc, s_user) == 0); - CHECK(hs->add_pattern(nullptr, (const uint8_t*)"baz", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"foo", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"bar", 3, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"baz", 3, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 3); @@ -326,8 +326,7 @@ TEST(mpse_hs_match, regex) { Mpse::PatternDescriptor desc; - CHECK(hs->add_pattern( - nullptr, (const uint8_t*)"(foo)|(bar)|(baz)", 17, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"(foo)|(bar)|(baz)", 17, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 1); @@ -344,8 +343,7 @@ TEST(mpse_hs_match, pcre) Mpse::PatternDescriptor desc; // from sid 23286 - CHECK(hs->add_pattern( - nullptr, (const uint8_t*)"\\.definition\\s*\\(", 21, desc, s_user) == 0); + CHECK(hs->add_pattern((const uint8_t*)"\\.definition\\s*\\(", 21, desc, s_user) == 0); CHECK(hs->prep_patterns(snort_conf) == 0); CHECK(hs->get_pattern_count() == 1); @@ -405,8 +403,8 @@ TEST(mpse_hs_multi, single) { Mpse::PatternDescriptor desc; - CHECK(hs1->add_pattern(nullptr, (const uint8_t*)"uba", 3, desc, s_user) == 0); - CHECK(hs2->add_pattern(nullptr, (const uint8_t*)"tuba", 4, desc, s_user) == 0); + CHECK(hs1->add_pattern((const uint8_t*)"uba", 3, desc, s_user) == 0); + CHECK(hs2->add_pattern((const uint8_t*)"tuba", 4, desc, s_user) == 0); CHECK(hs1->prep_patterns(snort_conf) == 0); CHECK(hs2->prep_patterns(snort_conf) == 0); diff --git a/src/search_engines/test/search_tool_test.cc b/src/search_engines/test/search_tool_test.cc index 68319c8c0..ecdb9fce0 100644 --- a/src/search_engines/test/search_tool_test.cc +++ b/src/search_engines/test/search_tool_test.cc @@ -62,10 +62,7 @@ SnortConfig::SnortConfig(const SnortConfig* const) SnortConfig::~SnortConfig() = default; -SnortConfig* SnortConfig::get_conf() -{ return snort_conf; } - -SnortConfig* SnortConfig::get_parser_conf() +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } unsigned get_instance_id() @@ -157,28 +154,6 @@ extern const BaseApi* se_ac_bnfa; extern const BaseApi* se_ac_full; Mpse* mpse = nullptr; -Mpse* MpseManager::get_search_engine(const char *type) -{ - const MpseApi* api; - - if ( !strcmp(type, "ac_bnfa") ) - api = (const MpseApi*) se_ac_bnfa; - - else if ( !strcmp(type, "ac_full") ) - api = (const MpseApi*) se_ac_full; - - else - return nullptr; - - api->init(); - mpse = api->ctor(snort_conf, nullptr, &s_agent); - - CHECK(mpse); - - mpse->set_api(api); - return mpse; -} - void MpseManager::delete_search_engine(Mpse* eng) { const MpseApi* api = eng->get_api(); @@ -199,14 +174,31 @@ MpseGroup::~MpseGroup() } } -bool MpseGroup::create_normal_mpse(SnortConfig*, const char* type) +bool MpseGroup::create_normal_mpse(const SnortConfig*, const char* type) { - normal_mpse = MpseManager::get_search_engine(type); + const MpseApi* api; + + if ( !strcmp(type, "ac_bnfa") ) + api = (const MpseApi*) se_ac_bnfa; + + else if ( !strcmp(type, "ac_full") ) + api = (const MpseApi*) se_ac_full; + + else + return false; + + api->init(); + mpse = api->ctor(snort_conf, nullptr, &s_agent); + + CHECK(mpse); + + mpse->set_api(api); + normal_mpse = mpse; return true; } -bool MpseGroup::create_offload_mpse(SnortConfig*) +bool MpseGroup::create_offload_mpse(const SnortConfig*) { offload_mpse = nullptr; return false; @@ -248,7 +240,9 @@ TEST_GROUP(search_tool_bnfa) void setup() override { CHECK(se_ac_bnfa); + SearchTool::set_conf(snort_conf); stool = new SearchTool("ac_bnfa"); + SearchTool::set_conf(nullptr); CHECK(stool->mpsegrp->normal_mpse); @@ -338,7 +332,9 @@ TEST_GROUP(search_tool_full) void setup() override { CHECK(se_ac_full); + SearchTool::set_conf(snort_conf); stool = new SearchTool("ac_full", true); + SearchTool::set_conf(nullptr); CHECK(stool->mpsegrp->normal_mpse); diff --git a/src/service_inspectors/cip/cip.cc b/src/service_inspectors/cip/cip.cc index 4ffc824cc..28a23abc6 100644 --- a/src/service_inspectors/cip/cip.cc +++ b/src/service_inspectors/cip/cip.cc @@ -252,7 +252,7 @@ public: Cip(CipProtoConf*); ~Cip() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; class StreamSplitter* get_splitter(bool c2s) override @@ -278,7 +278,7 @@ Cip::~Cip() } } -void Cip::show(SnortConfig*) +void Cip::show(const SnortConfig*) const { if (!config) return; diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc index 257f7a7f4..a687227ca 100644 --- a/src/service_inspectors/dce_rpc/dce_common.cc +++ b/src/service_inspectors/dce_rpc/dce_common.cc @@ -116,14 +116,14 @@ bool dce2_set_co_config(Value& v, dce2CoProtoConf& co) return true; } -void print_dce2_common_config(dce2CommonProtoConf& common) +void print_dce2_common_config(const dce2CommonProtoConf& common) { ConfigLogger::log_flag("limit_alerts", common.limit_alerts); ConfigLogger::log_flag("disable_defrag", common.disable_defrag); ConfigLogger::log_value("max_frag_len", common.max_frag_len); } -void print_dce2_co_config(dce2CoProtoConf& co) +void print_dce2_co_config(const dce2CoProtoConf& co) { print_dce2_common_config(co.common); diff --git a/src/service_inspectors/dce_rpc/dce_common.h b/src/service_inspectors/dce_rpc/dce_common.h index 94f4740be..6b8bad3b5 100644 --- a/src/service_inspectors/dce_rpc/dce_common.h +++ b/src/service_inspectors/dce_rpc/dce_common.h @@ -396,9 +396,9 @@ inline void dce_alert(uint32_t gid, uint32_t sid, dce2CommonStats* stats, DCE2_S } bool dce2_set_common_config(snort::Value&, dce2CommonProtoConf&); -void print_dce2_common_config(dce2CommonProtoConf&); +void print_dce2_common_config(const dce2CommonProtoConf&); bool dce2_set_co_config(snort::Value&, dce2CoProtoConf&); -void print_dce2_co_config(dce2CoProtoConf&); +void print_dce2_co_config(const dce2CoProtoConf&); bool dce2_paf_abort(DCE2_SsnData*); void DCE2_Detect(DCE2_SsnData*); snort::Packet* DCE2_GetRpkt(snort::Packet*, DCE2_RpktType, const uint8_t*, uint32_t); diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index 9fc6e1465..c093e9802 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -321,7 +321,7 @@ public: Dce2Smb(const dce2SmbProtoConf&); ~Dce2Smb() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; void clear(Packet*) override; @@ -348,7 +348,7 @@ Dce2Smb::~Dce2Smb() } } -void Dce2Smb::show(SnortConfig*) +void Dce2Smb::show(const SnortConfig*) const { print_dce2_smb_conf(config); } diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index f3f0cc253..2c8dc15f5 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -424,7 +424,7 @@ void Dce2SmbModule::get_data(dce2SmbProtoConf& dce2_smb_config) config.smb_invalid_shares = nullptr; } -void print_dce2_smb_conf(dce2SmbProtoConf& config) +void print_dce2_smb_conf(const dce2SmbProtoConf& config) { print_dce2_co_config(config.common); diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h index 86e0061ea..9dbacd0d4 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.h +++ b/src/service_inspectors/dce_rpc/dce_smb_module.h @@ -91,7 +91,7 @@ private: dce2SmbProtoConf config; }; -void print_dce2_smb_conf(dce2SmbProtoConf& config); +void print_dce2_smb_conf(const dce2SmbProtoConf&); inline int64_t DCE2_ScSmbFileDepth(const dce2SmbProtoConf* sc) { diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index f90dc68cd..88c8877f0 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -110,7 +110,7 @@ class Dce2Tcp : public Inspector public: Dce2Tcp(const dce2TcpProtoConf&); - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; void clear(Packet*) override; StreamSplitter* get_splitter(bool c2s) override @@ -127,7 +127,7 @@ Dce2Tcp::Dce2Tcp(const dce2TcpProtoConf& pc) config = pc; } -void Dce2Tcp::show(SnortConfig*) +void Dce2Tcp::show(const SnortConfig*) const { print_dce2_tcp_conf(config); } diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.cc b/src/service_inspectors/dce_rpc/dce_tcp_module.cc index 798d3aa72..1dfc2f3a2 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.cc @@ -155,7 +155,7 @@ void Dce2TcpModule::get_data(dce2TcpProtoConf& dce2_tcp_config) dce2_tcp_config = config; } -void print_dce2_tcp_conf(dce2TcpProtoConf& config) +void print_dce2_tcp_conf(const dce2TcpProtoConf& config) { print_dce2_co_config(config.common); } diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.h b/src/service_inspectors/dce_rpc/dce_tcp_module.h index 555a87191..56bbade41 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.h +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.h @@ -57,7 +57,7 @@ private: dce2TcpProtoConf config; }; -void print_dce2_tcp_conf(dce2TcpProtoConf& config); +void print_dce2_tcp_conf(const dce2TcpProtoConf& config); #endif diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc index b8de97093..222b2bc55 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.cc +++ b/src/service_inspectors/dce_rpc/dce_udp.cc @@ -109,7 +109,7 @@ class Dce2Udp : public Inspector { public: Dce2Udp(const dce2UdpProtoConf&); - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; void clear(Packet*) override; @@ -122,7 +122,7 @@ Dce2Udp::Dce2Udp(const dce2UdpProtoConf& pc) config = pc; } -void Dce2Udp::show(SnortConfig*) +void Dce2Udp::show(const SnortConfig*) const { print_dce2_udp_conf(config); } diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.cc b/src/service_inspectors/dce_rpc/dce_udp_module.cc index 8f32459d6..c38c3c957 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_module.cc @@ -127,7 +127,7 @@ void Dce2UdpModule::get_data(dce2UdpProtoConf& dce2_udp_config) dce2_udp_config = config; } -void print_dce2_udp_conf(dce2UdpProtoConf& config) +void print_dce2_udp_conf(const dce2UdpProtoConf& config) { print_dce2_common_config(config.common); } diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.h b/src/service_inspectors/dce_rpc/dce_udp_module.h index 4c953ec46..27d36228e 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.h +++ b/src/service_inspectors/dce_rpc/dce_udp_module.h @@ -73,7 +73,7 @@ private: dce2UdpProtoConf config; }; -void print_dce2_udp_conf(dce2UdpProtoConf& config); +void print_dce2_udp_conf(const dce2UdpProtoConf&); #endif diff --git a/src/service_inspectors/dnp3/dnp3.cc b/src/service_inspectors/dnp3/dnp3.cc index d41d6af23..2327c8902 100644 --- a/src/service_inspectors/dnp3/dnp3.cc +++ b/src/service_inspectors/dnp3/dnp3.cc @@ -219,7 +219,7 @@ class Dnp3 : public Inspector public: Dnp3(const dnp3ProtoConf&); - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; bool get_buf(InspectionBuffer::Type, Packet*, InspectionBuffer&) override; void clear(Packet*) override; @@ -239,7 +239,7 @@ Dnp3::Dnp3(const dnp3ProtoConf& pc) } -void Dnp3::show(SnortConfig*) +void Dnp3::show(const SnortConfig*) const { ConfigLogger::log_flag("check_crc", config.check_crc); } diff --git a/src/service_inspectors/ftp_telnet/ftp.cc b/src/service_inspectors/ftp_telnet/ftp.cc index b89a4bb80..26648beb3 100644 --- a/src/service_inspectors/ftp_telnet/ftp.cc +++ b/src/service_inspectors/ftp_telnet/ftp.cc @@ -194,13 +194,13 @@ public: ~FtpClient() override { delete ftp_client; } - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override { } FTP_CLIENT_PROTO_CONF* ftp_client; }; -void FtpClient::show(SnortConfig*) +void FtpClient::show(const SnortConfig*) const { if ( ftp_client ) print_conf_client(ftp_client); @@ -213,7 +213,7 @@ public: ~FtpServer() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; StreamSplitter* get_splitter(bool) override; @@ -242,7 +242,7 @@ bool FtpServer::configure(SnortConfig* sc) return !FTPCheckConfigs(sc, ftp_server); } -void FtpServer::show(SnortConfig*) +void FtpServer::show(const SnortConfig*) const { if ( ftp_server ) print_conf_server(ftp_server); diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc index ccd2731c9..45388297a 100644 --- a/src/service_inspectors/ftp_telnet/ftp_data.cc +++ b/src/service_inspectors/ftp_telnet/ftp_data.cc @@ -103,7 +103,7 @@ static void FTPDataProcess( // and no IPS rules are configured. if ( !status ) { - IpsPolicy* empty_policy = snort::get_empty_ips_policy(SnortConfig::get_conf()); + IpsPolicy* empty_policy = snort::get_empty_ips_policy(p->context->conf); if ( empty_policy->policy_id == p->flow->ips_policy_id ) { if ( PacketTracer::is_active() ) diff --git a/src/service_inspectors/ftp_telnet/telnet.cc b/src/service_inspectors/ftp_telnet/telnet.cc index 27b01eccf..98ec7088d 100644 --- a/src/service_inspectors/ftp_telnet/telnet.cc +++ b/src/service_inspectors/ftp_telnet/telnet.cc @@ -185,7 +185,7 @@ public: ~Telnet() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; bool get_buf(InspectionBuffer::Type, Packet*, InspectionBuffer&) override; @@ -211,7 +211,7 @@ bool Telnet::configure(SnortConfig* sc) return !TelnetCheckConfigs(sc, config); } -void Telnet::show(SnortConfig*) +void Telnet::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc index 544110994..198d4aaa7 100644 --- a/src/service_inspectors/http_inspect/http_inspect.cc +++ b/src/service_inspectors/http_inspect/http_inspect.cc @@ -118,7 +118,7 @@ bool HttpInspect::configure(SnortConfig* ) return true; } -void HttpInspect::show(snort::SnortConfig*) +void HttpInspect::show(const SnortConfig*) const { assert(params); diff --git a/src/service_inspectors/http_inspect/http_inspect.h b/src/service_inspectors/http_inspect/http_inspect.h index 1c51e1474..593f21aed 100644 --- a/src/service_inspectors/http_inspect/http_inspect.h +++ b/src/service_inspectors/http_inspect/http_inspect.h @@ -51,7 +51,7 @@ public: bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p, snort::InspectionBuffer& b) override; bool configure(snort::SnortConfig*) override; - void show(snort::SnortConfig*) override; + void show(const snort::SnortConfig*) const override; void eval(snort::Packet* p) override; void clear(snort::Packet* p) override; diff --git a/src/service_inspectors/imap/imap.cc b/src/service_inspectors/imap/imap.cc index 001f8e9c0..baeebf33d 100644 --- a/src/service_inspectors/imap/imap.cc +++ b/src/service_inspectors/imap/imap.cc @@ -694,7 +694,7 @@ public: ~Imap() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; StreamSplitter* get_splitter(bool c2s) override @@ -732,7 +732,7 @@ bool Imap::configure(SnortConfig*) return true; } -void Imap::show(SnortConfig*) +void Imap::show(const SnortConfig*) const { if ( config ) config->decode_conf.show(); diff --git a/src/service_inspectors/pop/pop.cc b/src/service_inspectors/pop/pop.cc index 4819da9e8..a68a43648 100644 --- a/src/service_inspectors/pop/pop.cc +++ b/src/service_inspectors/pop/pop.cc @@ -635,7 +635,7 @@ public: ~Pop() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; StreamSplitter* get_splitter(bool c2s) override @@ -673,7 +673,7 @@ bool Pop::configure(SnortConfig* ) return true; } -void Pop::show(SnortConfig*) +void Pop::show(const SnortConfig*) const { if ( config ) config->decode_conf.show(); diff --git a/src/service_inspectors/sip/sip.cc b/src/service_inspectors/sip/sip.cc index 6902a05f9..e557307ca 100644 --- a/src/service_inspectors/sip/sip.cc +++ b/src/service_inspectors/sip/sip.cc @@ -192,7 +192,7 @@ public: Sip(SIP_PROTO_CONF*); ~Sip() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; bool get_buf(InspectionBuffer::Type, Packet*, InspectionBuffer&) override; @@ -220,7 +220,7 @@ Sip::~Sip() } } -void Sip::show(SnortConfig*) +void Sip::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc index c6b0eb04e..4ce1d373e 100644 --- a/src/service_inspectors/smtp/smtp.cc +++ b/src/service_inspectors/smtp/smtp.cc @@ -1402,7 +1402,7 @@ public: ~Smtp() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; bool get_buf(InspectionBuffer::Type, Packet*, InspectionBuffer&) override; void clear(Packet*) override; @@ -1451,7 +1451,7 @@ bool Smtp::configure(SnortConfig*) return true; } -void Smtp::show(SnortConfig*) +void Smtp::show(const SnortConfig*) const { if ( config ) config->show(); diff --git a/src/service_inspectors/ssh/ssh.cc b/src/service_inspectors/ssh/ssh.cc index 622978c57..bb9ddb019 100644 --- a/src/service_inspectors/ssh/ssh.cc +++ b/src/service_inspectors/ssh/ssh.cc @@ -725,7 +725,7 @@ public: Ssh(SSH_PROTO_CONF*); ~Ssh() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; private: @@ -743,7 +743,7 @@ Ssh::~Ssh() delete config; } -void Ssh::show(SnortConfig*) +void Ssh::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/service_inspectors/ssl/ssl_inspector.cc b/src/service_inspectors/ssl/ssl_inspector.cc index 89a9d51a8..cc1e1306d 100644 --- a/src/service_inspectors/ssl/ssl_inspector.cc +++ b/src/service_inspectors/ssl/ssl_inspector.cc @@ -410,7 +410,7 @@ public: Ssl(SSL_PROTO_CONF*); ~Ssl() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void eval(Packet*) override; StreamSplitter* get_splitter(bool c2s) override @@ -431,7 +431,7 @@ Ssl::~Ssl() delete config; } -void Ssl::show(SnortConfig*) +void Ssl::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc index 52efa5348..97997805e 100644 --- a/src/sfip/sf_ip.cc +++ b/src/sfip/sf_ip.cc @@ -353,7 +353,7 @@ SfIpRet SfIp::set(const void* src) /* Obfuscates this IP with an obfuscation CIDR Makes this: ob | (this & mask) */ -void SfIp::obfuscate(SfCidr* ob) +void SfIp::obfuscate(const SfCidr* ob) { const uint32_t* ob_p; int index, i; diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h index 93f112adb..b5cd78cc7 100644 --- a/src/sfip/sf_ip.h +++ b/src/sfip/sf_ip.h @@ -94,7 +94,7 @@ struct SO_PUBLIC SfIp const char* ntop(char* buf, int bufsize) const; const char* ntop(SfIpString) const; - void obfuscate(SfCidr* ob); + void obfuscate(const SfCidr* ob); private: int cidr_mask(int val); diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc index 9d6b08097..0270a2900 100644 --- a/src/stream/base/stream_base.cc +++ b/src/stream/base/stream_base.cc @@ -22,6 +22,7 @@ #include +#include "detection/ips_context.h" #include "flow/expect_cache.h" #include "flow/flow_control.h" #include "flow/prune_stats.h" @@ -153,7 +154,7 @@ class StreamBase : public Inspector { public: StreamBase(const StreamModuleConfig*); - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; void tinit() override; void tterm() override; @@ -213,7 +214,7 @@ void StreamBase::tterm() FlushBucket::clear(); } -void StreamBase::show(SnortConfig* sc) +void StreamBase::show(const SnortConfig* sc) const { if ( sc ) ConfigLogger::log_flag("ip_frags_only", sc->ip_frags_only()); @@ -234,7 +235,7 @@ void StreamBase::eval(Packet* p) case PktType::IP: if ( p->has_ip() and ((p->ptrs.decode_flags & DECODE_FRAG) or - !SnortConfig::get_conf()->ip_frags_only()) ) + !p->context->conf->ip_frags_only()) ) { bool new_flow = false; flow_con->process(PktType::IP, p, &new_flow); diff --git a/src/stream/file/stream_file.cc b/src/stream/file/stream_file.cc index c9f2bb4f6..2d5578579 100644 --- a/src/stream/file/stream_file.cc +++ b/src/stream/file/stream_file.cc @@ -41,7 +41,7 @@ public: { config.upload = b; } NORETURN_ASSERT void eval(Packet*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; StreamFileConfig config; }; @@ -52,7 +52,7 @@ NORETURN_ASSERT void StreamFile::eval(Packet*) assert(false); } -void StreamFile::show(SnortConfig*) +void StreamFile::show(const SnortConfig*) const { ConfigLogger::log_flag("upload", config.upload); } diff --git a/src/stream/flush_bucket.cc b/src/stream/flush_bucket.cc index a8ab9f627..c1d4195f5 100644 --- a/src/stream/flush_bucket.cc +++ b/src/stream/flush_bucket.cc @@ -43,8 +43,10 @@ void FlushBucket::set(unsigned sz) if ( sz ) s_flush_bucket = new ConstFlushBucket(sz); + else if ( SnortConfig::static_hash() ) s_flush_bucket = new StaticFlushBucket; + else s_flush_bucket = new RandomFlushBucket; diff --git a/src/stream/icmp/icmp_session.cc b/src/stream/icmp/icmp_session.cc index 2df3afb8d..2221afe8b 100644 --- a/src/stream/icmp/icmp_session.cc +++ b/src/stream/icmp/icmp_session.cc @@ -23,6 +23,7 @@ #include "icmp_session.h" +#include "detection/ips_context.h" #include "flow/flow_key.h" #include "memory/memory_cap.h" #include "profiler/profiler_defs.h" @@ -140,9 +141,10 @@ static int ProcessIcmpUnreach(Packet* p) // FIXIT-L see FlowKey::init*() - call those instead // or do mpls differently for ip4 and ip6 - skey.init_vlan(vlan); - skey.init_address_space(0); - skey.init_mpls(0); + const SnortConfig* sc = p->context->conf; + skey.init_vlan(sc, vlan); + skey.init_address_space(sc, 0); + skey.init_mpls(sc, 0); switch (p->type()) { diff --git a/src/stream/icmp/stream_icmp.cc b/src/stream/icmp/stream_icmp.cc index 10dbcd847..2074a7d78 100644 --- a/src/stream/icmp/stream_icmp.cc +++ b/src/stream/icmp/stream_icmp.cc @@ -50,7 +50,7 @@ public: StreamIcmp(StreamIcmpConfig*); ~StreamIcmp() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; NORETURN_ASSERT void eval(Packet*) override; public: @@ -67,7 +67,7 @@ StreamIcmp::~StreamIcmp() delete config; } -void StreamIcmp::show(SnortConfig*) +void StreamIcmp::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index 77481ddb2..d7498f24c 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -838,7 +838,7 @@ bool Defrag::configure(SnortConfig* sc) return true; } -void Defrag::show(SnortConfig*) +void Defrag::show() const { ConfigLogger::log_value("max_frags", engine.max_frags); ConfigLogger::log_value("max_overlaps", engine.max_overlaps); @@ -1390,7 +1390,7 @@ left_overlap_last: } } - if ((uint16_t)fragLength > SnortConfig::get_conf()->daq_config->get_mru_size()) + if ((uint16_t)fragLength > p->context->conf->daq_config->get_mru_size()) { debug_logf(stream_ip_trace, "Overly large fragment %d 0x%x 0x%x %d\n", fragLength, p->ptrs.ip_api.dgram_len(), p->ptrs.ip_api.off(), @@ -1750,7 +1750,7 @@ int Defrag::new_tracker(Packet* p, FragTracker* ft) fragStart = p->data; /* Just to double check */ - if (!fragLength or fragLength > SnortConfig::get_conf()->daq_config->get_mru_size()) + if (!fragLength or fragLength > p->context->conf->daq_config->get_mru_size()) { debug_logf(stream_ip_trace, "Bad fragment length:%d(0x%x) off:0x%x(%d)\n", fragLength, p->ptrs.ip_api.dgram_len(), p->ptrs.ip_api.off(), diff --git a/src/stream/ip/ip_defrag.h b/src/stream/ip/ip_defrag.h index 73b194d9c..b69c96c4c 100644 --- a/src/stream/ip/ip_defrag.h +++ b/src/stream/ip/ip_defrag.h @@ -40,7 +40,7 @@ public: Defrag(FragEngine&); bool configure(snort::SnortConfig*); - void show(snort::SnortConfig*); + void show() const; void process(snort::Packet*, FragTracker*); void cleanup(FragTracker*); diff --git a/src/stream/ip/ip_session.cc b/src/stream/ip/ip_session.cc index eecb0c4aa..3a5004a6c 100644 --- a/src/stream/ip/ip_session.cc +++ b/src/stream/ip/ip_session.cc @@ -248,7 +248,7 @@ public: ~StreamIp() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; NORETURN_ASSERT void eval(Packet*) override; StreamIpConfig* config; Defrag* defrag; diff --git a/src/stream/ip/stream_ip.cc b/src/stream/ip/stream_ip.cc index 694efe084..d7bfbfb00 100644 --- a/src/stream/ip/stream_ip.cc +++ b/src/stream/ip/stream_ip.cc @@ -70,7 +70,7 @@ public: ~StreamIp() override; bool configure(SnortConfig*) override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; NORETURN_ASSERT void eval(Packet*) override; @@ -97,12 +97,12 @@ bool StreamIp::configure(SnortConfig* sc) return true; } -void StreamIp::show(SnortConfig* sc) +void StreamIp::show(const SnortConfig*) const { if ( !config ) return; - defrag->show(sc); + defrag->show(); ConfigLogger::log_value("session_timeout", config->session_timeout); } diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 2f96dd37d..603f3d5e8 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -89,7 +89,8 @@ Flow* Stream::get_flow( uint16_t vlan, uint32_t mplsId, uint16_t addressSpaceId) { FlowKey key; - key.init(type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId, addressSpaceId); + const SnortConfig* sc = SnortConfig::get_conf(); + key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId, addressSpaceId); return get_flow(&key); } @@ -99,6 +100,7 @@ void Stream::populate_flow_key(Packet* p, FlowKey* key) return; key->init( + SnortConfig::get_conf(), p->type(), p->get_ip_proto_next(), p->ptrs.ip_api.get_src(), p->ptrs.sp, p->ptrs.ip_api.get_dst(), p->ptrs.dp, @@ -330,8 +332,8 @@ void Stream::init_active_response(const Packet* p, Flow* flow) flow->response_count = 1; - if ( SnortConfig::get_conf()->max_responses > 1 ) - flow->set_expire(p, SnortConfig::get_conf()->min_interval); + if ( p->context->conf->max_responses > 1 ) + flow->set_expire(p, p->context->conf->min_interval); } void Stream::purge_flows() @@ -558,7 +560,7 @@ uint8_t Stream::get_flow_ttl(Flow* flow, char dir, bool outer) // that we only send in the still active direction(s). static void active_response(Packet* p, Flow* lwssn) { - uint8_t max = SnortConfig::get_conf()->max_responses; + uint8_t max = p->context->conf->max_responses; if ( p->is_from_client() ) lwssn->session_state |= STREAM_STATE_DROP_CLIENT; @@ -567,7 +569,7 @@ static void active_response(Packet* p, Flow* lwssn) if ( (lwssn->response_count < max) && lwssn->expired(p) ) { - uint32_t delay = SnortConfig::get_conf()->min_interval; + uint32_t delay = p->context->conf->min_interval; EncodeFlags flags = ( (lwssn->session_state & STREAM_STATE_DROP_CLIENT) && (lwssn->session_state & STREAM_STATE_DROP_SERVER) ) ? diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index cafac897d..fdb3e5262 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -302,7 +302,7 @@ TEST_CASE("IPS Stream Reassemble", "[ips_stream_reassemble][stream_tcp]") SECTION("reassembler initialization") { - bool status = reassembler->begin(nullptr, 0, SnortConfig::get_conf()); + bool status = reassembler->begin(nullptr, 0, SnortConfig::get_main_conf()); CHECK(status); CHECK( ( reassembler->srod.enable == 0 ) ); CHECK( ( reassembler->srod.direction == 0 ) ); diff --git a/src/stream/tcp/stream_tcp.cc b/src/stream/tcp/stream_tcp.cc index 5fd23df43..e149f5e7a 100644 --- a/src/stream/tcp/stream_tcp.cc +++ b/src/stream/tcp/stream_tcp.cc @@ -42,7 +42,7 @@ public: StreamTcp(TcpStreamConfig*); ~StreamTcp() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; bool configure(SnortConfig*) override; void tinit() override; void tterm() override; @@ -60,7 +60,7 @@ StreamTcp::StreamTcp (TcpStreamConfig* c) StreamTcp::~StreamTcp() { delete config; } -void StreamTcp::show(SnortConfig*) +void StreamTcp::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 7b39d13fc..3ea0de62f 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -368,6 +368,8 @@ void TcpReassembler::show_rebuilt_packet(TcpReassemblerState& trs, Packet* pkt) { if ( trs.sos.session->config->flags & STREAM_CONFIG_SHOW_PACKETS ) { + // FIXIT-L setting conf here is required because this is called before context start + pkt->context->conf = SnortConfig::get_conf(); LogFlow(pkt); LogNetData(pkt->data, pkt->dsize, pkt); } diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 5d06521d0..b1f18b067 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -1026,7 +1026,8 @@ bool TcpSession::do_packet_analysis_pre_checks(Packet* p, TcpSegmentDescriptor& update_ignored_session(tsd); set_window_scale(*talker, *listener, tsd); - if ( SnortConfig::is_address_anomaly_check_enabled() ) + + if ( p->context->conf->is_address_anomaly_check_enabled() ) check_for_session_hijack(tsd); return true; @@ -1036,7 +1037,7 @@ bool TcpSession::validate_packet_established_session(TcpSegmentDescriptor& tsd) { pkt_action_mask |= listener->normalizer.handle_paws(tsd); - if ( SnortConfig::inline_mode() ) + if ( tsd.get_pkt()->context->conf->inline_mode() ) if ( tsd.get_tcph()->is_ack() && !listener->is_ack_valid(tsd.get_seg_ack()) ) pkt_action_mask |= ACTION_BAD_PKT; diff --git a/src/stream/test/stream_splitter_test.cc b/src/stream/test/stream_splitter_test.cc index 2937936f9..8ee9a620a 100644 --- a/src/stream/test/stream_splitter_test.cc +++ b/src/stream/test/stream_splitter_test.cc @@ -38,7 +38,8 @@ using namespace snort; namespace snort { THREAD_LOCAL SnortConfig* snort_conf = nullptr; -SnortConfig* SnortConfig::get_conf() + +const SnortConfig* SnortConfig::get_conf() { return snort_conf; } static StreamSplitter* next_splitter = nullptr; diff --git a/src/stream/udp/stream_udp.cc b/src/stream/udp/stream_udp.cc index f8444a5bc..3e3feb42f 100644 --- a/src/stream/udp/stream_udp.cc +++ b/src/stream/udp/stream_udp.cc @@ -49,7 +49,7 @@ public: StreamUdp(StreamUdpConfig*); ~StreamUdp() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; NORETURN_ASSERT void eval(Packet*) override; public: @@ -66,7 +66,7 @@ StreamUdp::~StreamUdp() delete config; } -void StreamUdp::show(SnortConfig*) +void StreamUdp::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/stream/user/stream_user.cc b/src/stream/user/stream_user.cc index f747e188d..7fe712443 100644 --- a/src/stream/user/stream_user.cc +++ b/src/stream/user/stream_user.cc @@ -49,7 +49,7 @@ public: StreamUser(StreamUserConfig*); ~StreamUser() override; - void show(SnortConfig*) override; + void show(const SnortConfig*) const override; NORETURN_ASSERT void eval(Packet*) override; @@ -67,7 +67,7 @@ StreamUser::~StreamUser() delete config; } -void StreamUser::show(SnortConfig*) +void StreamUser::show(const SnortConfig*) const { if ( !config ) return; diff --git a/src/target_based/host_attributes.cc b/src/target_based/host_attributes.cc index 9cc37a7b8..de14a3145 100644 --- a/src/target_based/host_attributes.cc +++ b/src/target_based/host_attributes.cc @@ -136,7 +136,7 @@ void HostAttributeEntry::update_service } // application service not found, add it - if ( service_count >= SnortConfig::get_max_services_per_host() ) + if ( service_count >= SnortConfig::get_conf()->get_max_services_per_host() ) return; ApplicationEntry* app = new ApplicationEntry(port, protocol, snort_protocol_id); @@ -158,7 +158,8 @@ void HostAttributes::load_hosts_file(SnortConfig* sc, const char* fname) delete next_cfg; next_cfg = new HostAttributesTable(sc->max_attribute_hosts); - Shell sh = Shell(fname); + Shell sh(fname); + if ( !sh.configure(sc, false, true) ) { delete next_cfg; diff --git a/src/trace/trace_api.cc b/src/trace/trace_api.cc index 40b6abb5e..fd6f79f84 100644 --- a/src/trace/trace_api.cc +++ b/src/trace/trace_api.cc @@ -33,7 +33,7 @@ using namespace snort; static THREAD_LOCAL TraceLogger* g_trace_logger = nullptr; -void TraceApi::thread_init(SnortConfig* sc) +void TraceApi::thread_init(const SnortConfig* sc) { if ( sc->trace_config->logger_factory ) g_trace_logger = sc->trace_config->logger_factory->instantiate(); @@ -47,7 +47,7 @@ void TraceApi::thread_term() g_trace_logger = nullptr; } -void TraceApi::thread_reinit(SnortConfig* sc) +void TraceApi::thread_reinit(const SnortConfig* sc) { sc->trace_config->setup_module_trace(); } diff --git a/src/trace/trace_api.h b/src/trace/trace_api.h index 06268b8cc..ffedd0848 100644 --- a/src/trace/trace_api.h +++ b/src/trace/trace_api.h @@ -29,8 +29,8 @@ struct SnortConfig; class TraceApi { public: - static void thread_init(SnortConfig* sc); - static void thread_reinit(SnortConfig* sc); + static void thread_init(const SnortConfig* sc); + static void thread_reinit(const SnortConfig* sc); static void thread_term(); static void log(const char* log_msg, const char* name, diff --git a/src/utils/stats.cc b/src/utils/stats.cc index 48a9ed2d1..b83d5a72b 100644 --- a/src/utils/stats.cc +++ b/src/utils/stats.cc @@ -230,8 +230,8 @@ void DropStats() LogLabel("Module Statistics"); const char* exclude = "daq snort"; - ModuleManager::dump_stats(SnortConfig::get_conf(), exclude, false); - ModuleManager::dump_stats(SnortConfig::get_conf(), exclude, true); + ModuleManager::dump_stats(exclude, false); + ModuleManager::dump_stats(exclude, true); LogLabel("Summary Statistics"); show_stats((PegCount*)&proc_stats, proc_names, array_size(proc_names)-1, "process"); @@ -245,17 +245,17 @@ void PrintStatistics() DropStats(); timing_stats(); - // FIXIT-L can do flag saving with RAII (much cleaner) - int save_quiet_flag = SnortConfig::get_conf()->logging_flags & LOGGING_FLAG__QUIET; + SnortConfig* sc = SnortConfig::get_main_conf(); - SnortConfig::get_conf()->logging_flags &= ~LOGGING_FLAG__QUIET; + // FIXIT-L can do flag saving with RAII (much cleaner) + int save_quiet_flag = sc->logging_flags & LOGGING_FLAG__QUIET; + sc->logging_flags &= ~LOGGING_FLAG__QUIET; // once more for the main thread Profiler::consolidate_stats(); - Profiler::show_stats(); - SnortConfig::get_conf()->logging_flags |= save_quiet_flag; + sc->logging_flags |= save_quiet_flag; } //------------------------------------------------------------------------- diff --git a/src/utils/util.cc b/src/utils/util.cc index 905fa6f9f..0694efbb1 100644 --- a/src/utils/util.cc +++ b/src/utils/util.cc @@ -159,12 +159,13 @@ void ts_print(const struct timeval* tvp, char* timebuf) tvp = &tv; } - int localzone = SnortConfig::get_conf()->thiszone; + const SnortConfig* sc = SnortConfig::get_conf(); + int localzone = sc->thiszone; /* ** If we're doing UTC, then make sure that the timezone is correct. */ - if (SnortConfig::output_use_utc()) + if (sc->output_use_utc()) localzone = 0; int s = (tvp->tv_sec + localzone) % SECONDS_PER_DAY; @@ -178,7 +179,7 @@ void ts_print(const struct timeval* tvp, char* timebuf) (void)SnortSnprintf(timebuf, TIMEBUF_SIZE, "%lu", tvp->tv_sec); } - else if (SnortConfig::output_include_year()) + else if (sc->output_include_year()) { int year = (lt->tm_year >= 100) ? (lt->tm_year - 100) : lt->tm_year; @@ -240,14 +241,16 @@ static FILE* pid_file = nullptr; void CreatePidFile(pid_t pid) { - SnortConfig::get_conf()->pid_filename = SnortConfig::get_conf()->log_dir; - SnortConfig::get_conf()->pid_filename += "/snort.pid"; + SnortConfig* sc = SnortConfig::get_main_conf(); + + sc->pid_filename = sc->log_dir; + sc->pid_filename += "/snort.pid"; std::string pid_lockfilename; - if ( !SnortConfig::no_lock_pid_file() ) + if ( !sc->no_lock_pid_file() ) { - pid_lockfilename = SnortConfig::get_conf()->pid_filename; + pid_lockfilename = sc->pid_filename; pid_lockfilename += ".lck"; /* First, lock the PID file */ @@ -267,18 +270,18 @@ void CreatePidFile(pid_t pid) { ClosePidFile(); ParseError("Failed to Lock PID File \"%s\" for PID \"%d\"", - SnortConfig::get_conf()->pid_filename.c_str(), (int)pid); + sc->pid_filename.c_str(), (int)pid); return; } } } /* Okay, were able to lock PID file, now open and write PID */ - pid_file = fopen(SnortConfig::get_conf()->pid_filename.c_str(), "w"); + pid_file = fopen(sc->pid_filename.c_str(), "w"); if (pid_file) { LogMessage("Writing PID \"%d\" to file \"%s\"\n", (int)pid, - SnortConfig::get_conf()->pid_filename.c_str()); + sc->pid_filename.c_str()); fprintf(pid_file, "%d\n", (int)pid); fflush(pid_file); } @@ -287,8 +290,8 @@ void CreatePidFile(pid_t pid) fclose(pid_lockfile); const char* error = get_error(errno); ErrorMessage("Failed to create pid file %s, Error: %s\n", - SnortConfig::get_conf()->pid_filename.c_str(), error); - SnortConfig::get_conf()->pid_filename.clear(); + sc->pid_filename.c_str(), error); + sc->pid_filename.clear(); } if ( !pid_lockfilename.empty() ) unlink(pid_lockfilename.c_str()); @@ -523,7 +526,7 @@ static char* GetAbsolutePath(const char* dir, PathBuf& buf) } /** - * Chroot and adjust the SnortConfig::get_conf()->log_dir reference + * Chroot and adjust the log_dir reference */ bool EnterChroot(std::string& root_dir, std::string& log_dir) { diff --git a/src/utils/util_net.cc b/src/utils/util_net.cc index a7b0ea50e..6b0cbbf80 100644 --- a/src/utils/util_net.cc +++ b/src/utils/util_net.cc @@ -28,7 +28,7 @@ namespace snort { -char* ObfuscateIpToText(const SfIp* ip, const SfCidr& homenet, SfCidr& obfunet, InetBuf& ab) +char* ObfuscateIpToText(const SfIp* ip, const SfCidr& homenet, const SfCidr& obfunet, InetBuf& ab) { ab[0] = 0; diff --git a/src/utils/util_net.h b/src/utils/util_net.h index bdf01a611..09af96a05 100644 --- a/src/utils/util_net.h +++ b/src/utils/util_net.h @@ -29,7 +29,7 @@ struct SfCidr; typedef char InetBuf[INET6_ADDRSTRLEN]; SO_PUBLIC char* ObfuscateIpToText( - const struct SfIp*, const SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&); + const struct SfIp*, const SfCidr& homenet, const SfCidr& obfuscate_net, InetBuf&); } #endif