Merge pull request #1173 in SNORT/snort3 from goodbye_sfbpf to master

Squashed commit of the following: commit 2035f870bb488b62736f1ebfde1121f018baff81 Author: Michael Altizer <mialtize@cisco.com> Date: Mon Apr 2 12:38:48 2018 -0400 packet_tracer: Fix compiler warning when compiling with NDEBUG commit ddb9bc841c1bad6106f2df43f164703b832528aa Author: Michael Altizer <mialtize@cisco.com> Date: Mon Apr 2 12:35:57 2018 -0400 daq_hext: Make IpAddr() static to fix compiler warning commit 2186276c5ceff4fc7011f70b232ee60cfb8762f9 Author: Michael Altizer <mialtize@cisco.com> Date: Mon Apr 2 12:21:24 2018 -0400 file_connector: Fix address-of-packed-member compiler warnings commit 74b692aa80c0d15f9344a2424eb7ff4da25be9bc Author: Michael Altizer <mialtize@cisco.com> Date: Mon Apr 2 11:54:04 2018 -0400 build: Clean up CMake string APPENDing for configure options commit 2fde019218be0b10182a7c1815a5d0e8f91a46b2 Author: Michael Altizer <mialtize@cisco.com> Date: Mon Apr 2 11:25:30 2018 -0400 build: Define NDEBUG if debugging is not enabled commit b21625c8676af54d47bf4033c551b5ebb5d7d557 Author: Michael Altizer <mialtize@cisco.com> Date: Sun Mar 11 20:14:04 2018 -0400 packet_capture, cmake: Remove SFBPF dependencies commit 8e7e552aba8f6584ab8836eed38b4bccd9e11167 Author: Michael Altizer <mialtize@cisco.com> Date: Sun Mar 11 20:12:20 2018 -0400 cmake: Rework FindPCAP logic and ignore SFBPF
snort3 · Apr 2, 2018 · bc1de87 · bc1de87
1 parent fd416ad
commit bc1de87
Show file tree

Hide file tree

Showing 13 changed files with 76 additions and 120 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -38,10 +38,10 @@ add_definitions( -DHAVE_CONFIG_H )
 
 # Set these after all tests are done but *before* any subdirectories are included
 #  or other targets declared.
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_C_FLAGS}")
-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_CXX_FLAGS}")
-set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${EXTRA_LINKER_FLAGS}")
-set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${EXTRA_LINKER_FLAGS}")
+string(APPEND CMAKE_C_FLAGS " ${EXTRA_C_FLAGS}")
+string(APPEND CMAKE_CXX_FLAGS " ${EXTRA_CXX_FLAGS}")
+string(APPEND CMAKE_EXE_LINKER_FLAGS " ${EXTRA_LINKER_FLAGS}")
+string(APPEND CMAKE_MODULE_LINKER_FLAGS " ${EXTRA_LINKER_FLAGS}")
 foreach (EXTRA_LIBRARY IN LISTS EXTRA_LIBRARIES)
     link_libraries(${EXTRA_LIBRARY})
 endforeach (EXTRA_LIBRARY)

diff --git a/cmake/FindPCAP.cmake b/cmake/FindPCAP.cmake
@@ -21,71 +21,47 @@ set(ERROR_MESSAGE
     shared library that may be installed in an unusual place"
 )
 
-
-
-find_path(PCAP_INCLUDE_DIR
-    NAMES pcap.h
-)
-
-# call find_library twice. First search custom path, then search standard paths
-find_library(PCAP_LIBRARIES 
-    NAMES pcap
-    HINTS ${PCAP_LIBRARIES_DIR} # user specified option in ./configure_cmake.sh
-    NO_DEFAULT_PATH
-    NO_CMAKE_ENVIRONMENT_PATH
-)
-find_library(PCAP_LIBRARIES 
-    NAMES pcap
-)
-
-
-#  foo to ensure PCAP compiles
+# Call find_path twice.  First search custom path, then search standard paths.
+if (PCAP_INCLUDE_DIR_HINT)
+    find_path(PCAP_INCLUDE_DIR pcap.h
+        HINTS ${PCAP_INCLUDE_DIR_HINT}
+        NO_DEFAULT_PATH
+    )
+endif()
+find_path(PCAP_INCLUDE_DIR pcap.h)
+
+# Ditto for the library.
+if (PCAP_LIBRARIES_DIR_HINT)
+    find_library(PCAP_LIBRARIES
+        pcap
+        HINTS ${PCAP_LIBRARIES_DIR_HINT}
+        NO_DEFAULT_PATH
+    )
+endif()
+find_library(PCAP_LIBRARIES pcap)
 
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(PCAP
     REQUIRED_VARS PCAP_LIBRARIES PCAP_INCLUDE_DIR
     FAIL_MESSAGE ${ERROR_MESSAGE}
 )
 
-
+# Check if linking against libpcap also requires linking against a thread library.
+# (lifted from Bro's FindPCAP.cmake)
 include(CheckCSourceCompiles)
 set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARIES})
 check_c_source_compiles("int main() { return 0; }" PCAP_LINKS_SOLO)
 set(CMAKE_REQUIRED_LIBRARIES)
 
-
-# check if linking against libpcap also needs to link against a thread and/or SFBPF library
 if (NOT PCAP_LINKS_SOLO)
     find_package(Threads)
     if (THREADS_FOUND)
         set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT})
-        check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_THREADS_ONLY)
-        if (PCAP_NEEDS_THREADS_ONLY)
-            set(PCAP_EXTRA_LIBS ${CMAKE_THREAD_LIBS_INIT})
-        endif ()
-        set(CMAKE_REQUIRED_LIBRARIES)
-    endif ()
-
-    find_package(SFBPF)
-    if (NOT PCAP_NEEDS_THREADS AND SFBPF_FOUND)
-        set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARIES} ${SFBPF_LIBRARIES})
-        check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_SFBPF_ONLY)
-        if (PCAP_NEEDS_SFBPF_ONLY)
-            set(PCAP_EXTRA_LIBS ${SFBPF_LIBRARIES})
-        endif ()
+        check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_THREADS)
         set(CMAKE_REQUIRED_LIBRARIES)
     endif ()
-
-    if (NOT (PCAP_NEEDS_THREADS_ONLY OR PCAP_NEEDS_SFBPF_ONLY) AND THREADS_FOUND AND SFBPF_FOUND)
-        set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARIES} ${SFBPF_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT})
-        check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_SFBPF_AND_THREADS)
-        if (PCAP_NEEDS_SFBPF_AND_THREADS)
-            set(PCAP_EXTRA_LIBS ${SFBPF_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT})
-        endif ()
-    endif ()
-
-    if (PCAP_EXTRA_LIBS)
-        set(_tmp ${PCAP_LIBRARIES} ${PCAP_EXTRA_LIBS})
+    if (THREADS_FOUND AND PCAP_NEEDS_THREADS)
+        set(_tmp ${PCAP_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT})
         list(REMOVE_DUPLICATES _tmp)
         set(PCAP_LIBRARIES ${_tmp}
             CACHE STRING "Libraries needed to link against libpcap" FORCE)
@@ -98,4 +74,3 @@ mark_as_advanced(
     PCAP_INCLUDE_DIR
     PCAP_LIBRARIES
 )
-unset(PCAP_CONFIG CACHE)
diff --git a/cmake/FindSFBPF.cmake b/cmake/FindSFBPF.cmake
diff --git a/cmake/configure_options.cmake b/cmake/configure_options.cmake
@@ -42,50 +42,52 @@ if ( ENABLE_HARDENED_BUILD )
 
     check_cxx_compiler_flag ( "-Wdate-time" HAS_WDATE_TIME_CPPFLAG )
     if ( HAS_WDATE_TIME_CPPFLAG )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -Wdate-time" )
+        string ( APPEND HARDENED_CXX_FLAGS " -Wdate-time" )
     endif ()
 
     check_cxx_compiler_flag ( "-D_FORTIFY_SOURCE=2" HAS_FORTIFY_SOURCE_2_CPPFLAG )
     if ( HAS_FORTIFY_SOURCE_2_CPPFLAG )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -D_FORTIFY_SOURCE=2" )
+        string ( APPEND HARDENED_CXX_FLAGS " -D_FORTIFY_SOURCE=2" )
     endif ()
 
     check_cxx_compiler_flag ( "-fstack-protector-strong" HAS_FSTACK_PROTECTOR_STRONG_CXXFLAG )
     if ( HAS_FSTACK_PROTECTOR_STRONG_CXXFLAG )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -fstack-protector-strong" )
+        string ( APPEND HARDENED_CXX_FLAGS " -fstack-protector-strong" )
     endif ()
 
     check_cxx_compiler_flag ( "-Wformat" HAS_WFORMAT_CXXFLAG )
     if ( HAS_WFORMAT_CXXFLAG )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -Wformat" )
+        string ( APPEND HARDENED_CXX_FLAGS " -Wformat" )
     endif ()
 
     check_cxx_compiler_flag ( "-Werror=format-security" HAS_WERROR_FORMAT_SECURITY_CXXFLAG )
     if ( HAS_WERROR_FORMAT_SECURITY_CXXFLAG )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -Werror=format-security" )
+        string ( APPEND HARDENED_CXX_FLAGS " -Werror=format-security" )
     endif ()
 
     set ( CMAKE_REQUIRED_FLAGS "-Wl,-z,relro" )
     check_cxx_compiler_flag ( "" HAS_ZRELRO_LDFLAG )
+    unset ( CMAKE_REQUIRED_FLAGS )
     if ( HAS_ZRELRO_LDFLAG )
-        set ( HARDENED_LINKER_FLAGS "${HARDENED_LINKER_FLAGS} -Wl,-z,relro" )
+        string ( APPEND HARDENED_LINKER_FLAGS " -Wl,-z,relro" )
     endif ()
-    unset ( CMAKE_REQUIRED_FLAGS )
 
     set ( CMAKE_REQUIRED_FLAGS "-Wl,-z,now" )
     check_cxx_compiler_flag ( "-Wl,-z,now" HAS_ZNOW_LDFLAG )
+    unset ( CMAKE_REQUIRED_FLAGS )
     if ( HAS_ZNOW_LDFLAG )
-        set ( HARDENED_LINKER_FLAGS "${HARDENED_LINKER_FLAGS} -Wl,-z,now" )
+        string ( APPEND HARDENED_LINKER_FLAGS " -Wl,-z,now" )
     endif ()
-    unset ( CMAKE_REQUIRED_FLAGS )
 
 endif ( ENABLE_HARDENED_BUILD )
 
 if ( ENABLE_PIE )
-    check_cxx_compiler_flag ( "-fPIE -pie" HAS_PIE_SUPPORT )
+    set ( CMAKE_REQUIRED_FLAGS "-fPIE -pie" )
+    check_cxx_compiler_flag ( "-fPIE" HAS_PIE_SUPPORT )
+    unset ( CMAKE_REQUIRED_FLAGS )
     if ( HAS_PIE_SUPPORT )
-        set ( HARDENED_CXX_FLAGS "${HARDENED_CXX_FLAGS} -fPIE" )
-        set ( HARDENED_LINKER_FLAGS "${HARDENED_LINKER_FLAGS} -fPIE -pie" )
+        string ( APPEND HARDENED_CXX_FLAGS " -fPIE" )
+        string ( APPEND HARDENED_LINKER_FLAGS " -fPIE -pie" )
     endif ()
 endif ( ENABLE_PIE )
 
@@ -97,17 +99,19 @@ endif ( ENABLE_SAFEC )
 
 set ( DEBUG_MSGS ${ENABLE_DEBUG_MSGS} )
 
-set ( DEBUG ${ENABLE_DEBUG} )
+# FIXIT-L Properly handle NDEBUG through CMAKE_BUILD_TYPE
 if ( ENABLE_DEBUG )
-    set ( DEBUGGING_C_FLAGS "${DEBUGGING_C_FLAGS} -g -DDEBUG" )
+    string ( APPEND DEBUGGING_C_FLAGS " -g -DDEBUG" )
+else ()
+    string ( APPEND DEBUGGING_C_FLAGS " -DNDEBUG" )
 endif ( ENABLE_DEBUG )
 
 if ( ENABLE_GDB )
-    set ( DEBUGGING_C_FLAGS "${DEBUGGING_C_FLAGS} -g -ggdb" )
+    string ( APPEND DEBUGGING_C_FLAGS " -g -ggdb" )
 endif ( ENABLE_GDB )
 
 if ( ENABLE_PROFILE AND CMAKE_COMPILER_IS_GNUCXX )
-    set ( DEBUGGING_C_FLAGS "${DEBUGGING_C_FLAGS} -pg" )
+    string ( APPEND DEBUGGING_C_FLAGS " -pg" )
 endif ( ENABLE_PROFILE AND CMAKE_COMPILER_IS_GNUCXX )
 
 # ASAN and TSAN are mutually exclusive, so have them absolutely set SANITIZER_*_FLAGS first.
@@ -146,8 +150,8 @@ if ( ENABLE_UB_SANITIZER )
     check_cxx_compiler_flag ( "${UBSAN_CXX_FLAGS}" HAVE_UB_SANITIZER )
     unset ( CMAKE_REQUIRED_FLAGS )
     if ( HAVE_UB_SANITIZER )
-        set ( SANITIZER_CXX_FLAGS "${SANITIZER_CXX_FLAGS} ${UBSAN_CXX_FLAGS}" )
-        set ( SANITIZER_LINKER_FLAGS "${SANITIZER_LINKER_FLAGS} ${UBSAN_LINKER_FLAGS}" )
+        string ( APPEND SANITIZER_CXX_FLAGS " ${UBSAN_CXX_FLAGS}" )
+        string ( APPEND SANITIZER_LINKER_FLAGS " ${UBSAN_LINKER_FLAGS}" )
     else ()
         message ( SEND_ERROR "Could not enable the undefined behavior sanitizer!" )
     endif ()

diff --git a/cmake/include_libraries.cmake b/cmake/include_libraries.cmake
@@ -8,7 +8,6 @@ find_package(LuaJIT REQUIRED)
 find_package(OpenSSL REQUIRED)
 find_package(PCAP REQUIRED)
 find_package(PCRE REQUIRED)
-find_package(SFBPF REQUIRED)
 find_package(ZLIB REQUIRED)
 if (ENABLE_UNIT_TESTS)
     find_package(CppUTest REQUIRED)

diff --git a/configure_cmake.sh b/configure_cmake.sh
@@ -309,10 +309,10 @@ while [ $# -ne 0 ]; do
             append_cache_entry MAKE_PDF_DOC             BOOL true
             ;;
         --with-pcap-includes=*)
-            append_cache_entry PCAP_INCLUDE_DIR PATH $optarg
+            append_cache_entry PCAP_INCLUDE_DIR_HINT PATH $optarg
             ;;
         --with-pcap-libraries=*)
-            append_cache_entry PCAP_LIBRARIES_DIR PATH $optarg
+            append_cache_entry PCAP_LIBRARIES_DIR_HINT PATH $optarg
             ;;
         --with-luajit-includes=*)
             append_cache_entry LUAJIT_INCLUDE_DIR_HINT PATH $optarg

diff --git a/daqs/daq_hext.c b/daqs/daq_hext.c
@@ -144,7 +144,7 @@ static bool is_ipv4(char const* src)
     return false;
 }
 
-void IpAddr(uint32_t* addr, char const* ip)
+static void IpAddr(uint32_t* addr, char const* ip)
 {
     if ( is_ipv4(ip) ) {
         addr[0] = 0;

diff --git a/extra/cmake/configure_options.cmake b/extra/cmake/configure_options.cmake
@@ -5,12 +5,15 @@ include(CheckCXXCompilerFlag)
 
 # debugging
 
+# FIXIT-L Properly handle NDEBUG through CMAKE_BUILD_TYPE
 if ( ENABLE_DEBUG )
-    set ( DEBUGGING_C_FLAGS "${DEBUGGING_C_FLAGS} -g -DDEBUG" )
+    string ( APPEND DEBUGGING_C_FLAGS " -g -DDEBUG" )
+else ()
+    string ( APPEND DEBUGGING_C_FLAGS " -DNDEBUG" )
 endif ( ENABLE_DEBUG )
 
 if ( ENABLE_GDB )
-    set ( DEBUGGING_C_FLAGS "${DEBUGGING_C_FLAGS} -g -ggdb" )
+    string ( APPEND DEBUGGING_C_FLAGS " -g -ggdb" )
 endif ( ENABLE_GDB )
 
 # ASAN and TSAN are mutually exclusive, so have them absolutely set SANITIZER_*_FLAGS first.
@@ -49,8 +52,8 @@ if ( ENABLE_UB_SANITIZER )
     check_cxx_compiler_flag ( "${UBSAN_CXX_FLAGS}" HAVE_UB_SANITIZER )
     unset ( CMAKE_REQUIRED_FLAGS )
     if ( HAVE_UB_SANITIZER )
-        set ( SANITIZER_CXX_FLAGS "${SANITIZER_CXX_FLAGS} ${UBSAN_CXX_FLAGS}" )
-        set ( SANITIZER_LINKER_FLAGS "${SANITIZER_LINKER_FLAGS} ${UBSAN_LINKER_FLAGS}" )
+        string ( APPEND SANITIZER_CXX_FLAGS " ${UBSAN_CXX_FLAGS}" )
+        string ( APPEND SANITIZER_LINKER_FLAGS " ${UBSAN_LINKER_FLAGS}" )
     else ()
         message ( SEND_ERROR "Could not enable the undefined behavior sanitizer!" )
     endif ()

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -13,7 +13,6 @@ set(EXTERNAL_LIBRARIES
     ${PCAP_LIBRARIES}
     ${PCRE_LIBRARIES}
     ${SAFEC_LIBRARIES}
-    ${SFBPF_LIBRARIES}
     ${UUID_LIBRARY}
     ${ZLIB_LIBRARIES}
 )
@@ -26,7 +25,6 @@ set(EXTERNAL_INCLUDES
     ${PCAP_INCLUDE_DIR}
     ${PCRE_INCLUDE_DIR}
     ${SAFEC_INCLUDE_DIR}
-    ${SFBPF_INCLUDE_DIR}
     ${UUID_INCLUDE_DIR}
     ${ZLIB_INCLUDE_DIRS}
 )

diff --git a/src/codecs/root/CMakeLists.txt b/src/codecs/root/CMakeLists.txt
@@ -4,7 +4,6 @@ if (STATIC_CODECS)
         cd_eth.cc
     )
 
-
 else (STATIC_CODECS)
     add_dynamic_module (cd_eth codecs cd_eth.cc)
 
@@ -14,6 +13,5 @@ endif (STATIC_CODECS)
 if (STATIC_CODECS)
     add_library(root_codecs OBJECT
         ${PLUGIN_LIST}
-        ${PCAP_INCLUDE_DIR}/pcap.h  # rebuild if a new libpcap is installed
     )
 endif (STATIC_CODECS)
diff --git a/src/connectors/file_connector/file_connector.cc b/src/connectors/file_connector/file_connector.cc
@@ -174,8 +174,10 @@ ConnectorMsgHandle* FileConnector::receive_message_text()
     char line_buffer[4*MAXIMUM_SC_MESSAGE_CONTENT];
     char message[MAXIMUM_SC_MESSAGE_CONTENT];
     char* current = line_buffer;
+    uint64_t time_seconds;
+    uint32_t time_u_seconds;
+    uint16_t port;
     int length = 0;
-    SCMsgHdr hdr;
 
     // Read the record
     file.getline(line_buffer, sizeof(line_buffer));
@@ -187,7 +189,8 @@ ConnectorMsgHandle* FileConnector::receive_message_text()
         return nullptr;
     }
 
-    sscanf(line_buffer, "%hu:%" SCNu64 ".%" SCNu32, &hdr.port, &hdr.time_seconds, &hdr.time_u_seconds);
+    // FIXIT-L Add sanity/retval checking for sscanfs below
+    sscanf(line_buffer, "%hu:%" SCNu64 ".%" SCNu32, &port, &time_seconds, &time_u_seconds);
 
     while ( (current = strchr(current,(int)',')) != nullptr )
     {
@@ -198,8 +201,12 @@ ConnectorMsgHandle* FileConnector::receive_message_text()
     // The message is valid, make a ConnectorMsg to contain it.
     FileConnectorMsgHandle* handle = new FileConnectorMsgHandle(length+sizeof(SCMsgHdr));
 
-    // Copy the header
-    memcpy(handle->connector_msg.data, &hdr, sizeof(SCMsgHdr));
+    // Populate the new message header
+    SCMsgHdr* hdr = (SCMsgHdr*) handle->connector_msg.data;
+    hdr->port = port;
+    hdr->sequence = 0;
+    hdr->time_seconds = time_seconds;
+    hdr->time_u_seconds = time_u_seconds;
     // Copy the connector message into the new ConnectorMsg
     memcpy((handle->connector_msg.data+sizeof(SCMsgHdr)), message, length);
 

diff --git a/src/log/packet_tracer.cc b/src/log/packet_tracer.cc
@@ -59,8 +59,7 @@ PacketTracer::PacketTracer()
 
 void PacketTracer::register_verdict_reason(uint8_t reason_code, uint8_t priority)
 {
-    auto it = reasons.find(reason_code);
-    assert( it == reasons.end() );
+    assert(reasons.find(reason_code) == reasons.end());
 
     reasons[reason_code] = priority;
 }