From 3678dda185656930037cd13f1eaaaa076c507b64 Mon Sep 17 00:00:00 2001 From: William Metcalf Date: Thu, 15 Apr 2010 13:15:44 -0500 Subject: [PATCH] libnet now optional --- configure.in | 92 ++++++++++++++++++++++------------- src/detect-parse.c | 16 ++++++ src/respond-reject-libnet11.c | 34 ++++++------- src/util-error.c | 8 +++ src/util-error.h | 7 +++ 5 files changed, 107 insertions(+), 50 deletions(-) diff --git a/configure.in b/configure.in index d04f94a7cd..5bfb362203 100644 --- a/configure.in +++ b/configure.in @@ -23,6 +23,18 @@ AC_INIT(configure.in) exit 1 ]) + AC_DEFUN([LIBNET_FAIL_WARN],[ + echo + echo "*************************************************************************" + echo " Warning! libnet version 1.1.x could not be found in " $1 + echo " Reject keywords will not be supported." + echo " If you require reject support plese install libnet 1.1.x. " + echo " If libnet is not installed in a non-standard location please use the" + echo " --with-libnet-includes and --with-libnet-libraries configure options" + echo "*************************************************************************" + echo + ]) + dnl get gcc version AC_MSG_CHECKING([gcc version]) gccver=$($CC -dumpversion) @@ -410,55 +422,69 @@ AC_INIT(configure.in) [with_libnet_libraries="$withval"],[with_libnet_libraries="no"]) if test "x$with_libnet_includes" != "xno"; then - CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}" - libnet_dir="${with_libnet_includes}" + CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}" + libnet_dir="${with_libnet_includes}" else - libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include" + libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include" fi if test "x$with_libnet_libraries" != "xno"; then - LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}" + LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}" fi + LIBNET_DETECT_FAIL="no" LIBNET_INC_DIR="" - AC_MSG_CHECKING("for libnet.h version 1.1.x") + for i in $libnet_dir; do if test -r "$i/libnet.h"; then - LIBNET_INC_DIR="$i" + LIBNET_INC_DIR="$i" fi done + AC_MSG_CHECKING(for libnet.h version 1.1.x) if test "$LIBNET_INC_DIR" != ""; then - if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.1 >/dev/null"; then - FAIL_MESSAGE("libnet 1.1.x (libnet.h)", $libnet_dir) - fi + if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.1 >/dev/null"; then + AC_MSG_RESULT(no) + LIBNET_DETECT_FAIL="yes" + LIBNET_FAIL_WARN($libnet_dir) + else + AC_MSG_RESULT(yes) + fi - #CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems - #to have been depreciated but all distro's seem to include it as part of the package. - LLIBNET="" - AC_CHECK_LIB(net, libnet_write,, LLIBNET="no") - if test "$LLIBNET" != "no"; then - CFLAGS="${CFLAGS} -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H" - fi - #AC_MSG_RESULT($i) + #CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems + #to have been depreciated but all distro's seem to include it as part of the package. + if test "$LIBNET_DETECT_FAIL" = "no"; then + LLIBNET="" + AC_CHECK_LIB(net, libnet_write,, LLIBNET="no") + if test "$LLIBNET" != "no"; then + CFLAGS="${CFLAGS} -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H" + else + #if we displayed a warning already no reason to do it again. + if test "$LIBNET_DETECT_FAIL" = "no"; then + LIBNET_DETECT_FAIL="yes" + LIBNET_FAIL_WARN($libnet_dir) + fi + fi + + # see if we have the patched libnet 1.1 + # http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html + # + # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work + # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful + if test "$LIBNET_DETECT_FAIL" = "no"; then + LLIBNET="" + TMPLIBS="${LIBS}" + AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no") + if test "$LLIBNET" != "no"; then + CFLAGS="$CFLAGS -DHAVE_LIBNET_ICMPV6_UNREACH" + fi + LIBS="${TMPLIBS}" + fi + fi else - AC_MSG_RESULT(no) - AC_MSG_ERROR("libnet 1.1.x could not be found. please download and install the library from http://sourceforge.net/projects/libnet-dev/") + LIBNET_DETECT_FAIL="yes" + LIBNET_FAIL_WARN($libnet_dir) fi - -# see if we have the patched libnet 1.1 -# http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html - LLIBNET="" - -#To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work -#see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful - TMPLIBS="${LIBS}" - AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no") - if test "$LLIBNET" != "no"; then - CFLAGS="$CFLAGS -DHAVE_LIBNET_ICMPV6_UNREACH" - fi - LIBS="${TMPLIBS}" - # libpfring (currently only supported for libpcap enabled pfring) # Error on the side of caution. If libpfring enabled pcap is being used and we don't link against -lpfring compilation will fail. AC_ARG_ENABLE(pfring, diff --git a/src/detect-parse.c b/src/detect-parse.c index a2e2692010..1a362326dd 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -525,6 +525,7 @@ int SigParseAction(Signature *s, const char *action) { } else if(strcasecmp(action, "pass") == 0) { s->action = ACTION_PASS; return 0; +#ifdef HAVE_LIBNET11 } else if(strcasecmp(action, "reject") == 0) { s->action = ACTION_REJECT; return 0; @@ -537,7 +538,22 @@ int SigParseAction(Signature *s, const char *action) { } else if(strcasecmp(action, "rejectboth") == 0) { s->action = ACTION_REJECT_BOTH; return 0; +#else + } else if(strcasecmp(action, "reject") == 0) { + SCLogError(SC_ERR_LIBNET_REQUIRED_FOR_ACTION,"Libnet 1.1.x is required for action \"%s\" and is not installed or could not be found",action); + return -1; + } else if(strcasecmp(action, "rejectsrc") == 0) { + SCLogError(SC_ERR_LIBNET_REQUIRED_FOR_ACTION,"Libnet 1.1.x is required for action \"%s\" and is not installed or could not be found",action); + return -1; + } else if(strcasecmp(action, "rejectdst") == 0) { + SCLogError(SC_ERR_LIBNET_REQUIRED_FOR_ACTION,"Libnet 1.1.x is required for action \"%s\" and is not installed or could not be found",action); + return -1; + } else if(strcasecmp(action, "rejectboth") == 0) { + SCLogError(SC_ERR_LIBNET_REQUIRED_FOR_ACTION,"Libnet 1.1.x is required for action \"%s\" and is not installed or could not be found",action); + return -1; +#endif /* HAVE_LIBNET11 */ } else { + SCLogError(SC_ERR_INVALID_ACTION,"An invalid action \"%s\" was given",action); return -1; } } diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c index af036a7fd6..e78dca5455 100644 --- a/src/respond-reject-libnet11.c +++ b/src/respond-reject-libnet11.c @@ -29,7 +29,7 @@ #include "respond-reject.h" #include "respond-reject-libnet11.h" -#ifndef OS_WIN32 +#ifdef HAVE_LIBNET11 #include @@ -63,7 +63,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) if ((c = libnet_init (LIBNET_RAW4, NULL, ebuf)) == NULL) { - printf("RejectSendLibnet11IPv4TCP libnet_init %s\n", ebuf); + SCLogError(SC_ERR_LIBNET_INIT,"libnet_inint failed: %s", ebuf); return 1; } @@ -74,7 +74,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.dsize = p->payload_len; if (dir == REJECT_DIR_SRC) { - printf ("sending a tcp reset to src\n"); + SCLogDebug("sending a tcp reset to src"); lpacket.seq = TCP_GET_ACK(p); lpacket.ack = TCP_GET_SEQ(p) + lpacket.dsize; @@ -85,7 +85,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.dst4 = GET_IPV4_SRC_ADDR_U32(p); } else if (dir == REJECT_DIR_DST) { - printf ("sending a tcp reset to dst\n"); + SCLogDebug("sending a tcp reset to dst"); lpacket.seq = TCP_GET_SEQ(p); lpacket.ack = TCP_GET_ACK(p); @@ -96,7 +96,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.dst4 = GET_IPV4_DST_ADDR_U32(p); } else { - printf ("reset not src or dst returning\n"); + SCLogError(SC_ERR_LIBNET_INVALID_DIR,"reset not src or dst returning"); return 1; } @@ -122,7 +122,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) c, /* libnet context */ 0)) < 0) /* libnet ptag */ { - printf("RejectSendLibnet11IPv4TCP libnet_build_tcp %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_BUILD_FAILED,"libnet_build_tcp %s", libnet_geterror(c)); goto cleanup; } @@ -141,13 +141,13 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) c, /* libnet context pointer */ 0)) < 0) /* packet id */ { - printf("RejectSendLibnet11IPv4TCP libnet_build_ipv4 %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_BUILD_FAILED,"libnet_build_ipv4 %s", libnet_geterror(c)); goto cleanup; } result = libnet_write(c); if (result == -1) { - printf("RejectSendLibnet11IPv4TCP libnet_write failed: %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_WRITE_FAILED,"libnet_write failed: %s", libnet_geterror(c)); goto cleanup; } @@ -171,7 +171,7 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len); if ((c = libnet_init (LIBNET_RAW4, NULL, ebuf)) == NULL){ - printf("RejectSendLibnet11L3IPv4ICMP libnet_init %s\n", ebuf); + SCLogError(SC_ERR_LIBNET_INIT,"libnet_inint failed: %s", ebuf); return 1; } @@ -184,7 +184,7 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) lpacket.dst4 = GET_IPV4_DST_ADDR_U32(p); } else { - printf ("reset not src or dst returning\n"); + SCLogError(SC_ERR_LIBNET_INVALID_DIR,"reset not src or dst returning"); return 1; } @@ -201,7 +201,7 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) c, /* libnet context */ 0)) < 0) /* libnet ptag */ { - printf("RejectSendLibnet11L3IPv4ICMP libnet_build_icmpv4_unreach %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_BUILD_FAILED,"libnet_build_icmpv4_unreach %s", libnet_geterror(c)); goto cleanup; } @@ -221,13 +221,13 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) c, /* libnet context pointer */ 0)) < 0) /* packet id */ { - printf("RejectSendLibnet11L3IPv4ICMP %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_BUILD_FAILED,"libnet_build_ipv4 %s", libnet_geterror(c)); goto cleanup; } result = libnet_write(c); if (result == -1) { - printf("RejectSendLibnet11L3IPv4ICMP libnet_write_raw_ipv4 failed: %s\n", libnet_geterror(c)); + SCLogError(SC_ERR_LIBNET_WRITE_FAILED,"libnet_write_raw_ipv4 failed: %s", libnet_geterror(c)); goto cleanup; } @@ -236,16 +236,16 @@ cleanup: return 0; } -#else /* ifndef OS_WIN32 */ +#else int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) { - printf("RejectSendLibnet11L3IPv4TCP not implemented for OS_WIN32\n"); + SCLogError(SC_ERR_LIBNET_NOT_ENABLED,"Libnet based rejects are disabled. Usually this means that you don't have libnet installed, or configure couldn't find it."); return 0; } int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) { - printf("RejectSendLibnet11L3IPv4ICMP not implemented for OS_WIN32\n"); + SCLogError(SC_ERR_LIBNET_NOT_ENABLED,"Libnet based rejects are disabled. Usually this means that you don't have libnet installed, or configure couldn't find it."); return 0; } -#endif /*ifndef OS_WIN32 */ +#endif /* HAVE_LIBNET11 */ diff --git a/src/util-error.c b/src/util-error.c index b94b6acec9..80ac78c7cb 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -130,7 +130,15 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_TMQ_ALREADY_REGISTERED); CASE_CODE (SC_ERR_CONFLICTING_RULE_KEYWORDS); CASE_CODE (SC_ERR_INITIALIZATION); + CASE_CODE (SC_ERR_INVALID_ACTION); + CASE_CODE (SC_ERR_LIBNET_REQUIRED_FOR_ACTION); + CASE_CODE (SC_ERR_LIBNET_INIT); + CASE_CODE (SC_ERR_LIBNET_INVALID_DIR); + CASE_CODE (SC_ERR_LIBNET_BUILD_FAILED); + CASE_CODE (SC_ERR_LIBNET_WRITE_FAILED); + CASE_CODE (SC_ERR_LIBNET_NOT_ENABLED); CASE_CODE (SC_ERR_UNIFIED_LOG_FILE_HEADER); + default: return "UNKNOWN_ERROR"; } diff --git a/src/util-error.h b/src/util-error.h index c34a3164bd..7d392417ef 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -146,6 +146,13 @@ typedef enum { SC_ERR_INVALID_YAML_CONF_ENTRY, SC_ERR_TMQ_ALREADY_REGISTERED, SC_ERR_CONFLICTING_RULE_KEYWORDS, + SC_ERR_INVALID_ACTION, + SC_ERR_LIBNET_REQUIRED_FOR_ACTION, + SC_ERR_LIBNET_INIT, + SC_ERR_LIBNET_INVALID_DIR, + SC_ERR_LIBNET_BUILD_FAILED, + SC_ERR_LIBNET_WRITE_FAILED, + SC_ERR_LIBNET_NOT_ENABLED, SC_ERR_UNIFIED_LOG_FILE_HEADER, /**< Error to indicate the unified file header writing function has been failed */