CC source-netmap.o
source-netmap.c: In function ‘NetmapOpen’:
source-netmap.c:327:56: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 10 and 57 [-Werror=format-truncation=]
snprintf(devname, sizeof(devname), "netmap:%s%s%s",
^~
ns->iface, strlen(optstr) ? "/" : "", optstr);
~~~~~~
source-netmap.c:327:9: note: ‘snprintf’ output 8 or more bytes (assuming 70) into a destination of size 64
snprintf(devname, sizeof(devname), "netmap:%s%s%s",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ns->iface, strlen(optstr) ? "/" : "", optstr);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source-netmap.c:330:59: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 8 and 55 [-Werror=format-truncation=]
snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
^~
ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
~~~~~~
source-netmap.c:330:9: note: ‘snprintf’ output 10 or more bytes (assuming 72) into a destination of size 64
snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source-netmap.c:316:54: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
snprintf(devname, sizeof(devname), "%s}%d%s%s",
^
source-netmap.c:316:9: note: ‘snprintf’ output 3 or more bytes (assuming 65) into a destination of size 64
snprintf(devname, sizeof(devname), "%s}%d%s%s",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Gcc 8 with -Wformat-truncation=1
rustc 1.36 introduced:
error: variable does not need to be mutable
--> src/dhcp/parser.rs:202:17
|
202 | let mut malformed_options = false;
| ----^^^^^^^^^^^^^^^^^
| |
| help: remove this `mut`
|
note: lint level defined here
--> src/lib.rs:18:38
|
18 | #![cfg_attr(feature = "strict", deny(warnings))]
| ^^^^^^^^
= note: #[deny(unused_mut)] implied by #[deny(warnings)]
error: aborting due to previous error
error: Could not compile `suricata`.
Ticket #3072.
Date makes it even clearer that when was the last commit for the build
that one is running. Add this info alongwith rev. Change inspired by
rustc.
Before
```
$ suricata -V
This is Suricata version 5.0.0-dev (rev 2d217e666)
```
After
```
This is Suricata version 5.0.0-dev (2d217e666 2019-07-12)
```
Closes redmine ticket #3092
This changeset breaks multi-line FTP responses into separate array
entries. Multi-line responses are those with "text-1\r\ntext-2[...]".
Each of \r\n delimited text segments is reported in the `reply` array;
each text segment _may_ include a completion code; completion codes are
reported in the `completion_code` array.
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.
Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
When a TCP session is picked up from the response the flow is
reversed by the protocol detection code.
This would lead to duplicate logging of the response. The reason this
happened was that the per stream app progress tracker was not handled
correctly by the direction reversing code. While the streams were
swapped the stream engine would continue to use a now outdated pointer
to what had become the wrong direction.
This patches fixes this by making the stream a ptr to ptr that can be
updated by the protocol detection as well.
In addition, the progress tracking was cleaned up and the GAP error
handling in this case was improved as well.
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.
Related to https://redmine.openinfosecfoundation.org/issues/3076
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.
Related to https://redmine.openinfosecfoundation.org/issues/3076
If vlan.use-for-tracking is disabled, set the vlan_id fields to 0 when
hashing or comparing flows. This is done using a bitmask as suggested by
Victor Julien in IRC, in order to avoid adding more branches to this
code.
Currently, suricata does not fill in vlan_id fields if
vlan.use-for-tracking is disabled and instead leaves them at the default
0 value, so this commit makes no functional change. This change is in
preparation for future commits where the vlan_ids will be always filled
in.
Related to https://redmine.openinfosecfoundation.org/issues/3076
Victor Julien
Max Fillinger
Eric Leblond
Shivani Bhardwaj
Philippe Antoine
Jeff Lucovsky
Zach Kelly