[Snort-devel] Minor snort patch file

John Eure john.eure at ...2499...
Thu Jan 30 23:01:31 EST 2014


Hello all,

Here's a small patch file I've been using, which I thought I'd contribute
back, in case anyone is interested.  It removes the build warnings that
I've seen, and fixes a few build breaks when using certain configuration
options, and touches up a few minor incorrect messages that I happened to
notice.  I think some of these have been sent to the list before, but if
so, they didn't make it into 2.9.6.0.  I think it's all fairly
straightforward, except for the change to the makefiles in the target-based
directory...

The issue was that sometimes, apparently at random, after I had done a
"make clean" and then one "make", if I did a second "make", it would
sometimes spontaneously rebuild the "target-based" directory, even though I
hadn't touched anything inside of it.  This only happened on the second
make after a "make clean", and only some of the time, with no discernable
pattern to when it would and wouldn't happen.

I tracked it down, and it's caused by a complicated interaction:
sf_attribute_table.c is a generated file, and is removed by "make clean",
but is also included in the distribution, and the build command for
sf_attribute_table.c has the side effect of building sf_attribute_table.h.
When combined with the two-pass implementation of make, and my operating
system's ignorance of fractional seconds, this caused the weird behavior.
To go into detail:  I might do an initial make, which would first detect
that the .h file needed to be built, and then would build it.  Then I'd do
a "make clean", which would remove the .c and .h files.  So far so good.
Then I'd do my first "make", which would first detect that both files need
to be rebuilt, and would then build the .h file, and then build the .c
file.  But when it built the .c file, it had the side-effect of also
rebuilding the .h file, which would overwrite the previously-built .h
file.  So when I'd do my second "make", it would (sometimes) detect that
the .h file had changed, and thus do another rebuild in the target-based
directory, even though nothing in there had changed.  The "sometimes" is
because make often runs quickly enough on my build machine that both builds
of the .h file happen within the same second.  Since my OS (Linux kernel
2.6.32) ignores fractions of a second when recording file modification
times, make thinks that the .h file hasn't changed (even if it actually
has).  But if the two builds occur in different seconds, make does detect a
change.

To eliminate this behavior, I replaced the two make rules with a single
rule that formally builds both the .h and .c files.  I've included a
commented-out pattern rule which would work for the whole class of .y
files, assuming that you wouldn't mind using the "sfat_" prefix all the
time.

Enjoy,
John Eure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140130/3a607b6f/attachment.html>
-------------- next part --------------
diff -ru snort-orig/doc/snort_manual.tex snort-new/doc/snort_manual.tex
--- snort-orig/doc/snort_manual.tex	2013-12-31 10:31:21.000000000 -0800
+++ snort-new/doc/snort_manual.tex	2014-01-30 18:07:36.000000000 -0800
@@ -19285,7 +19285,7 @@
 Patches to Snort should be sent to the
 \verb!snort-devel at lists.sourceforge.net!
 mailing list.  Patches should done with the command
-\verb!diff -nu snort-orig snort-new!.
+\verb!diff -ru snort-orig snort-new!.
 
 \section{Snort Data Flow}
 
diff -ru snort-orig/src/active.h snort-new/src/active.h
--- snort-orig/src/active.h	2013-12-31 08:07:53.000000000 -0800
+++ snort-new/src/active.h	2014-01-30 18:07:36.000000000 -0800
@@ -104,7 +104,7 @@
     return ( active_suspend != 0 );
 }
 
-static tActiveDrop Active_GetDisposition (void)
+static inline tActiveDrop Active_GetDisposition (void)
 {
     return active_drop_pkt;
 }
diff -ru snort-orig/src/dynamic-preprocessors/dnp3/dnp3_roptions.c snort-new/src/dynamic-preprocessors/dnp3/dnp3_roptions.c
--- snort-orig/src/dynamic-preprocessors/dnp3/dnp3_roptions.c	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/dynamic-preprocessors/dnp3/dnp3_roptions.c	2014-01-30 18:07:36.000000000 -0800
@@ -145,7 +145,7 @@
 
 int DNP3ObjInit(struct _SnortConfig *sc, char *name, char *params, void **data)
 {
-    char *endptr, *token, *saveptr;
+    char *endptr, *token, *saveptr = NULL;
     dnp3_option_data_t *dnp3_data;
     unsigned int obj_group, obj_var;
 
@@ -199,7 +199,7 @@
 int DNP3IndInit(struct _SnortConfig *sc, char *name, char *params, void **data)
 {
     dnp3_option_data_t *dnp3_data;
-    char *token, *saveptr;
+    char *token, *saveptr = NULL;
     uint16_t flags = 0;
 
     if (name == NULL || data == NULL)
diff -ru snort-orig/src/dynamic-preprocessors/ssh/spp_ssh.c snort-new/src/dynamic-preprocessors/ssh/spp_ssh.c
--- snort-orig/src/dynamic-preprocessors/ssh/spp_ssh.c	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/dynamic-preprocessors/ssh/spp_ssh.c	2014-01-30 18:07:36.000000000 -0800
@@ -1092,7 +1092,7 @@
 {
     SSH2Packet* ssh2packetp = NULL;
     unsigned int payload_size = packetp->payload_size;
-    const char *payload = packetp->payload;
+    const uint8_t *payload = packetp->payload;
     unsigned int ssh_length = 0;
 
     if (payload_size < sizeof(SSH2Packet) || (payload_size < (offset + sizeof(SSH2Packet)))
@@ -1276,7 +1276,7 @@
 {
     SSH2Packet* ssh2packetp = NULL;
     unsigned int payload_size = packetp->payload_size;
-    const char *payload = packetp->payload;
+    const uint8_t *payload = packetp->payload;
     unsigned int ssh_length;
     bool next_packet = true;
     unsigned int npacket_offset = 0;
diff -ru snort-orig/src/file-process/file_capture.c snort-new/src/file-process/file_capture.c
--- snort-orig/src/file-process/file_capture.c	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/file-process/file_capture.c	2014-01-30 18:07:36.000000000 -0800
@@ -52,7 +52,7 @@
  * This is used for debug purpose
  */
 
-#ifdef DEBUG
+#ifdef DEBUG_MSGS
 #include "file_sha256.h"
 static void verify_file_capture_info(FileContext* context,
         FileCaptureInfo *fileInfo)
diff -ru snort-orig/src/fpdetect.c snort-new/src/fpdetect.c
--- snort-orig/src/fpdetect.c	2013-12-31 08:07:53.000000000 -0800
+++ snort-new/src/fpdetect.c	2014-01-30 18:07:36.000000000 -0800
@@ -1076,11 +1076,11 @@
 {
     void * so;
     int start_state;
-    const uint8_t *tmp_payload;
-    uint16_t tmp_dsize;
-    void *tmp_iph;
-    void *tmp_ip6h;
-    void *tmp_ip4h;
+    const uint8_t *tmp_payload = NULL;
+    uint16_t tmp_dsize = 0;
+    void *tmp_iph = NULL;
+    void *tmp_ip6h = NULL;
+    void *tmp_ip4h = NULL;
     char repeat = 0;
     FastPatternConfig *fp = snort_conf->fast_pattern_config;
     PROFILE_VARS;
diff -ru snort-orig/src/parser.c snort-new/src/parser.c
--- snort-orig/src/parser.c	2013-12-31 08:07:53.000000000 -0800
+++ snort-new/src/parser.c	2014-01-30 18:07:36.000000000 -0800
@@ -10640,7 +10640,7 @@
     priority = SnortStrtoul(args, &endptr, 0);
     if ((errno == ERANGE) || (*endptr != '\0'))
     {
-        ParseError("Invalid argument to 'gid' rule option: %s.  "
+        ParseError("Invalid argument to 'priority' rule option: %s.  "
                    "Must be a positive integer.", args);
     }
 
diff -ru snort-orig/src/preprocessors/perf-base.c snort-new/src/preprocessors/perf-base.c
--- snort-orig/src/preprocessors/perf-base.c	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/preprocessors/perf-base.c	2014-01-30 18:07:36.000000000 -0800
@@ -1421,11 +1421,16 @@
 
     if (wrote != 1)
     {
-        WarningMessage("%s: Failed to write stats\n", __FUNCTION__);
+        WarningMessage("%s: Failed to write stats (%d)\n", __FUNCTION__, errno);
 
         // fseek to adjust offset; ftruncate doesn't do that for us.
-        fseek(fh, start, SEEK_SET);
-        ftruncate(fileno(fh), start);
+        int ret = fseek(fh, start, SEEK_SET);
+        if (ret == -1)
+            ErrorMessage("%s: Failed to rewind stats (%d)\n", __FUNCTION__, errno);
+
+        ret = ftruncate(fileno(fh), start);
+        if (ret == -1)
+            ErrorMessage("%s: Failed to truncate stats (%d)\n", __FUNCTION__, errno);
     }
 
     fflush(fh);
diff -ru snort-orig/src/preprocessors/Stream5/snort_stream5_ip.c snort-new/src/preprocessors/Stream5/snort_stream5_ip.c
--- snort-orig/src/preprocessors/Stream5/snort_stream5_ip.c	2013-12-31 08:07:55.000000000 -0800
+++ snort-new/src/preprocessors/Stream5/snort_stream5_ip.c	2014-01-30 18:07:36.000000000 -0800
@@ -151,6 +151,8 @@
 // ip ha stuff
 //-------------------------------------------------------------------------
 
+#ifdef ENABLE_HA
+
 static Stream5LWSession *GetLWIpSession (const SessionKey *key)
 {
     return GetLWSessionFromKey(ip_lws_cache, key);
@@ -175,8 +177,6 @@
     return 0;
 }
 
-#ifdef ENABLE_HA
-
 static HA_Api ha_ip_api = {
     /*.get_lws = */ GetLWIpSession,
 
diff -ru snort-orig/src/preprocessors/Stream5/snort_stream5_tcp.c snort-new/src/preprocessors/Stream5/snort_stream5_tcp.c
--- snort-orig/src/preprocessors/Stream5/snort_stream5_tcp.c	2013-12-31 08:07:55.000000000 -0800
+++ snort-new/src/preprocessors/Stream5/snort_stream5_tcp.c	2014-01-30 18:07:36.000000000 -0800
@@ -977,6 +977,8 @@
 //-------------------------------------------------------------------------
 // tcp ha stuff
 
+#ifdef ENABLE_HA
+
 static Stream5LWSession *Stream5TCPCreateSession(const SessionKey *key)
 {
     setRuntimePolicy(getDefaultPolicy());
@@ -1008,6 +1010,8 @@
     return 0;
 }
 
+#endif
+
 Stream5LWSession *GetLWTcpSession(const SessionKey *key)
 {
     return GetLWSessionFromKey(tcp_lws_cache, key);
@@ -1533,7 +1537,7 @@
                     if (errno == ERANGE)
                     {
                         errno = 0;
-                        FatalError("%s(%d) => Invalid Max Queued Bytes.  Integer parameter required.\n",
+                        FatalError("%s(%d) => Invalid Max Queued Segments.  Integer parameter required.\n",
                             file_name, file_line);
                     }
                     s5TcpPolicy->max_queued_segs = (uint32_t)long_val;
@@ -1541,7 +1545,7 @@
 
                 if (!stoks[1] || (endPtr == &stoks[1][0]))
                 {
-                    FatalError("%s(%d) => Invalid Max Queued Bytes.  Integer parameter required.\n",
+                    FatalError("%s(%d) => Invalid Max Queued Segments.  Integer parameter required.\n",
                             file_name, file_line);
                 }
 
@@ -1549,7 +1553,7 @@
                      (long_val < S5_MIN_MAX_QUEUED_SEGS)) &&
                     (long_val != 0))
                 {
-                    FatalError("%s(%d) => Invalid Max Queued Bytes."
+                    FatalError("%s(%d) => Invalid Max Queued Segments."
                         "  Must be 0 (disabled) or between %d and %d\n",
                         file_name, file_line,
                         S5_MIN_MAX_QUEUED_SEGS, S5_MAX_MAX_QUEUED_SEGS);
diff -ru snort-orig/src/preprocessors/Stream5/snort_stream5_udp.c snort-new/src/preprocessors/Stream5/snort_stream5_udp.c
--- snort-orig/src/preprocessors/Stream5/snort_stream5_udp.c	2013-12-31 08:07:55.000000000 -0800
+++ snort-new/src/preprocessors/Stream5/snort_stream5_udp.c	2014-01-30 18:07:36.000000000 -0800
@@ -94,6 +94,8 @@
 // TBD there may be some refactoring possible once tcp, icmp, and udp
 // are complete
 
+#ifdef ENABLE_HA
+
 static Stream5LWSession *Stream5UDPCreateSession(const SessionKey *key)
 {
     setRuntimePolicy(getDefaultPolicy());
@@ -111,8 +113,6 @@
     return 0;
 }
 
-#ifdef ENABLE_HA
-
 static HA_Api ha_udp_api = {
     /*.get_lws = */ GetLWUdpSession,
 
@@ -342,14 +342,18 @@
 #ifdef DEBUG_STREAM5
 static void PrintUdpSession(UdpSession *us)
 {
+    char buf[64];
+
     LogMessage("UdpSession:\n");
     LogMessage("    ssn_time:           %lu\n", us->ssn_time.tv_sec);
-    LogMessage("    sender IP:          0x%08X\n", us->udp_sender_ip);
-    LogMessage("    responder IP:          0x%08X\n", us->udp_responder_ip);
+    sfip_ntop(&us->udp_sender_ip, buf, sizeof(buf));
+    LogMessage("    sender IP:          %s\n", buf);
+    sfip_ntop(&us->udp_responder_ip, buf, sizeof(buf));
+    LogMessage("    responder IP:       %s\n", buf);
     LogMessage("    sender port:        %d\n", us->udp_sender_port);
-    LogMessage("    responder port:        %d\n", us->udp_responder_port);
+    LogMessage("    responder port:     %d\n", us->udp_responder_port);
 
-    LogMessage("    flags:              0x%X\n", us->lwSsn->session_flags);
+    LogMessage("    flags:              0x%X\n", us->lwSsn->ha_state.session_flags);
 }
 #endif
 
diff -ru snort-orig/src/preprocessors/Stream5/stream5_paf.c snort-new/src/preprocessors/Stream5/stream5_paf.c
--- snort-orig/src/preprocessors/Stream5/stream5_paf.c	2013-12-31 08:07:55.000000000 -0800
+++ snort-new/src/preprocessors/Stream5/stream5_paf.c	2014-01-30 18:07:36.000000000 -0800
@@ -148,7 +148,7 @@
     PAF_State* ps, void* ssn,
     const uint8_t* data, uint32_t len, uint32_t flags)
 {
-    PAF_Status paf;
+    PAF_Status paf = PAF_ABORT;
     uint8_t mask = ps->cb_mask;
     bool update = false;
     int i = 0;
diff -ru snort-orig/src/profiler.h snort-new/src/profiler.h
--- snort-orig/src/profiler.h	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/profiler.h	2014-01-30 18:07:36.000000000 -0800
@@ -55,7 +55,7 @@
 #define PROFILING_RULES ScProfileRules()
 #endif
 
-#define NODE_PROFILE_VARS uint64_t node_ticks_start, node_ticks_end, node_ticks_delta, node_deltas = 0
+#define NODE_PROFILE_VARS uint64_t node_ticks_start = 0, node_ticks_end = 0, node_ticks_delta = 0, node_deltas = 0
 
 #define NODE_PROFILE_START(node) \
     if (PROFILING_RULES) { \
diff -ru snort-orig/src/target-based/Makefile.am snort-new/src/target-based/Makefile.am
--- snort-orig/src/target-based/Makefile.am	2012-09-20 17:09:14.000000000 -0700
+++ snort-new/src/target-based/Makefile.am	2014-01-30 18:07:36.000000000 -0800
@@ -29,14 +29,11 @@
 libtarget_based_a_SOURCES = sftarget_reader.c
 endif
 
-.y.c:
-	$(YACC) -d -psfat_ -o$@ $?
-
-#### Ugly to get the header file built.
-#### any other suggestions?
-sf_attribute_table.h: sf_attribute_table.y
-	$(YACC) -d -psfat_ $?
-	mv y.tab.h $@
+#### This builds both the .c source file and the .h header file.
+#%.c %.h: %.y
+#	$(YACC) -d -psfat_ -o$*.c $?
+sf_attribute_table.c sf_attribute_table.h: sf_attribute_table.y
+	$(YACC) -d -psfat_ -osf_attribute_table.c $?
 
 .l.c:
 	$(LEX) -i -o$@ $?
diff -ru snort-orig/src/target-based/Makefile.in snort-new/src/target-based/Makefile.in
--- snort-orig/src/target-based/Makefile.in	2013-12-31 10:30:46.000000000 -0800
+++ snort-new/src/target-based/Makefile.in	2014-01-30 18:07:36.000000000 -0800
@@ -622,14 +622,11 @@
 	tags tags-am uninstall uninstall-am
 
 
-.y.c:
-	$(YACC) -d -psfat_ -o$@ $?
-
-#### Ugly to get the header file built.
-#### any other suggestions?
-sf_attribute_table.h: sf_attribute_table.y
-	$(YACC) -d -psfat_ $?
-	mv y.tab.h $@
+#### This builds both the .c source file and the .h header file.
+#%.c %.h: %.y
+#	$(YACC) -d -psfat_ -o$*.c $?
+sf_attribute_table.c sf_attribute_table.h: sf_attribute_table.y
+	$(YACC) -d -psfat_ -osf_attribute_table.c $?
 
 .l.c:
 	$(LEX) -i -o$@ $?
diff -ru snort-orig/src/util.c snort-new/src/util.c
--- snort-orig/src/util.c	2013-12-31 08:07:54.000000000 -0800
+++ snort-new/src/util.c	2014-01-30 18:07:36.000000000 -0800
@@ -1542,9 +1542,10 @@
     /* redirect stdin/stdout/stderr to /dev/null */
     (void)open("/dev/null", O_RDWR);  /* stdin, fd 0 */
 #endif
+    int fd_ignored;
 
-    dup(0);  /* stdout, fd 0 => fd 1 */
-    dup(0);  /* stderr, fd 0 => fd 2 */
+    fd_ignored = dup(0);  /* stdout, fd 0 => fd 1 */
+    fd_ignored = dup(0);  /* stderr, fd 0 => fd 2 */
 
     SignalWaitingParent();
 #endif /* ! WIN32 */


More information about the Snort-devel mailing list