Implemented possibility to set MySQL wait_timeout using mysql_wait confi...

src/barnyard2.c

@@ -1796,14 +1796,19 @@ static Barnyard2Config * MergeBarnyard2Confs(Barnyard2Config *cmd_line, Barnyard
     if (cmd_line->pid_path[0] != '\0')
         ConfigPidPath(config_file, cmd_line->pid_path);
 
-    if( (config_file->alert_on_each_packet_in_stream_flag == 0) &&
-	(cmd_line->alert_on_each_packet_in_stream_flag == 1))
+    if( config_file->alert_on_each_packet_in_stream_flag == 0)
     {
-	config_file->alert_on_each_packet_in_stream_flag = 0;
+	LogMessage("[INFO]: Alerting on each packet in stream has been disabled by configuration file,\n"
+		   "\tevents will only be outputed for the first matching event/packet,\n"
+		   "\tfurther packets matching previous processed events will be ignored");
     }
-    else
+    else if( cmd_line->alert_on_each_packet_in_stream_flag == 0 )
     {
-	config_file->alert_on_each_packet_in_stream_flag  = cmd_line->alert_on_each_packet_in_stream_flag;
+	LogMessage("[INFO]: Alerting on each packet in stream has been disabled by command line option,\n"
+		   "\tevents will only be outputed for the first matching event/packet,\n"
+		   "\tfurther packets matching previous processed events will be ignored");
+
+	config_file->alert_on_each_packet_in_stream_flag = cmd_line->alert_on_each_packet_in_stream_flag;
     }
 
     config_file->process_new_records_only_flag = cmd_line->process_new_records_only_flag;

src/barnyard2.h

@@ -63,7 +63,7 @@
 #define VER_MAJOR	"2"
 #define VER_MINOR	"1"
 #define VER_REVISION	"13"
-#define VER_BUILD	"327"
+#define VER_BUILD	"333"
 
 #define STD_BUF  1024
 
@@ -132,7 +132,8 @@
 
 
 /* SIDMAP V2 */
-#define SIDMAPV2STRING "v2\n"
+#define SIDMAPV1STRING "v1"
+#define SIDMAPV2STRING "v2"
 #define SIDMAPV1 0x01
 #define SIDMAPV2 0x02
 /* SIDMAP V2 */

src/map.c

@@ -722,7 +722,11 @@ int ReadSidFile(Barnyard2Config *bc)
 	    if(*index == '#')
 	    {
 		index++;
-		if( strncasecmp(index,SIDMAPV2STRING,strlen(SIDMAPV2STRING)) == 0)
+		if(strncasecmp(index,SIDMAPV1STRING,strlen(SIDMAPV1STRING)) == 0)
+		{
+		    bc->sidmap_version=SIDMAPV1;
+		}
+		else if( strncasecmp(index,SIDMAPV2STRING,strlen(SIDMAPV2STRING)) == 0)
 		{
 		    bc->sidmap_version=SIDMAPV2;
 		    continue;

src/output-plugins/spo_alert_fwsam.c

@@ -895,6 +895,7 @@ void FWsamNewStationKey(FWsamStation *station,FWsamPacket *packet)
  * unlike inet_ntoa which keeps only one. This is used for (s)printf's were two IP
  * addresses are printed.
 */
+/*
 char *inettoa(unsigned long ip)
 {
     struct in_addr ips;
@@ -906,6 +907,7 @@ char *inettoa(unsigned long ip)
     strncpy(addr[toggle],inet_ntoa(ips),18);
     return addr[toggle];
 }
+*/
 #endif
 
 

src/output-plugins/spo_database.c

@@ -1043,7 +1043,7 @@ void ParseDatabaseArgs(DatabaseData *data)
              !strncasecmp(type, KEYWORD_MSSQL, strlen(KEYWORD_MSSQL))  ||
              !strncasecmp(type, KEYWORD_ORACLE, strlen(KEYWORD_ORACLE)) )
         {
-            ErrorMessage("ERROR database: '%s' support is not compiled into this build of snort\n\n", type);
+            ErrorMessage("ERROR database: '%s' support is not compiled into this build of barnyard2\n\n", type);
             FatalError(FATAL_NO_SUPPORT_1, type, type, type, FATAL_NO_SUPPORT_2);
         }
         else
@@ -1188,6 +1188,11 @@ void ParseDatabaseArgs(DatabaseData *data)
 	{
 	    data->dbRH[DB_MYSQL].mysql_reconnect =1;
 	}
+	else if(!strncasecmp(dbarg, KEYWORD_MYSQL_WAIT, strlen(KEYWORD_MYSQL_WAIT)))
+	{
+	    data->dbRH[DB_MYSQL].mysql_wait = strtoul(a1,NULL,10);
+	    LogMessage("INFO database: Setting MySQL wait_timeout to %u. \n", data->dbRH[DB_MYSQL].mysql_wait);
+	}
 #endif
 
 #ifdef ENABLE_POSTGRESQL
@@ -1278,6 +1283,14 @@ void ParseDatabaseArgs(DatabaseData *data)
 	data->dbRH[data->dbtype_id].dbReconnectSleepTime.tv_sec = 5;
     }
 
+#ifdef ENABLE_MYSQL
+    if(data->dbRH[data->dbtype_id].mysql_wait == 0)
+    {
+	LogMessage("INFO database: Defaulting MySQL wait_timeout to 28800 \n");
+	data->dbRH[data->dbtype_id].mysql_wait = 28800;
+    }
+#endif
+
     return;
 }
 
@@ -1501,14 +1514,14 @@ int dbProcessSignatureInformation(DatabaseData *data,void *event, u_int32_t even
 	    }
 
 	    /* If we have an "uninitialized signature save it */
-	    if( (data->mc.plgSigCompare[x].cacheSigObj->obj.rev == 0) || 
-		(data->mc.plgSigCompare[x].cacheSigObj->obj.rev < revision) ||
+	    if( ( (data->mc.plgSigCompare[x].cacheSigObj->obj.rev == 0) || 
+		  (data->mc.plgSigCompare[x].cacheSigObj->obj.rev < revision)) ||
 
 		/* So we have a signature that was inserted, probably a preprocessor signature,
 		   but it has probably never been logged before lets set it as a temporary unassigned signature */
 		((data->mc.plgSigCompare[x].cacheSigObj->obj.rev == revision) && 
-		 (data->mc.plgSigCompare[x].cacheSigObj->obj.class_id == 0  ||
-		  (data->mc.plgSigCompare[x].cacheSigObj->obj.priority_id == 0))))
+		 ( data->mc.plgSigCompare[x].cacheSigObj->obj.class_id == 0  ||
+		   data->mc.plgSigCompare[x].cacheSigObj->obj.priority_id == 0)))
 	    {
 		memcpy(&unInitSig,data->mc.plgSigCompare[x].cacheSigObj,sizeof(cacheSignatureObj));
 
@@ -3130,7 +3143,7 @@ int CheckDBVersion(DatabaseData * data)
        if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
                           "SELECT vseq FROM [schema]")) != SNORT_SNPRINTF_SUCCESS)
        {
-	   return -1;
+	   return 1;
        }
    }
    else
@@ -3146,7 +3159,7 @@ int CheckDBVersion(DatabaseData * data)
 	  if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
                              "SELECT vseq FROM `schema`")) != SNORT_SNPRINTF_SUCCESS)
 	  {
-	      return -1;
+	      return 1;
 	  }
       }
       else
@@ -3155,7 +3168,7 @@ int CheckDBVersion(DatabaseData * data)
 	  if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
                              "SELECT vseq FROM schema")) != SNORT_SNPRINTF_SUCCESS)
 	  {
-	      return -1;
+	      return 1;
 	  }
       }
    }
@@ -4049,6 +4062,17 @@ void Connect(DatabaseData * data)
             FatalError("database Connection to database '%s' failed\n", data->dbname);
         }
 
+        /* Setting connection timeout to defined value */
+	char SessionSQL[50];
+        sprintf(SessionSQL, "/*!40101 set @@session.wait_timeout=%u */", data->dbRH[data->dbtype_id].mysql_wait);
+        if (mysql_options(data->m_sock,  MYSQL_INIT_COMMAND, SessionSQL) != 0)
+        {
+    	    LogMessage("database: Failed to set SESSION wait_timeout option: %s\n", mysql_error(data->m_sock));
+    	    mysql_close(data->m_sock);
+    	    data->m_sock = NULL;
+    	    return;
+        }
+
         /* check if we want to connect with ssl options */
         if (data->use_ssl == 1)
         {
@@ -4464,7 +4488,7 @@ void DatabasePrintUsage(void)
     puts(" The configuration I am currently using is MySQL with the database");
     puts(" name of \"snort\". The user \"snortusr@localhost\" has INSERT and SELECT");
     puts(" privileges on the \"snort\" database and does not require a password.");
-    puts(" The following line enables snort to log to this database.\n");
+    puts(" The following line enables barnyard2 to log to this database.\n");
 
     puts(" output database: log, mysql, dbname=snort user=snortusr host=localhost\n");
 }
@@ -4776,6 +4800,17 @@ u_int32_t MYSQL_ManualConnect(DatabaseData *dbdata)
 		   dbdata->dbname);
     }
 
+    /* Setting connection timeout to defined value */
+    char SessionSQL[50];
+    sprintf(SessionSQL, "/*!40101 set @@session.wait_timeout=%u */", dbdata->dbRH[dbdata->dbtype_id].mysql_wait);
+    if (mysql_options(dbdata->m_sock,  MYSQL_INIT_COMMAND, SessionSQL) != 0)
+    {
+	LogMessage("database: Failed to set SESSION wait_timeout option: %s\n", mysql_error(dbdata->m_sock));
+	mysql_close(dbdata->m_sock);
+	dbdata->m_sock = NULL;
+	return 1;
+    }
+
     /* check if we want to connect with ssl options */
     if (dbdata->use_ssl == 1)
     {

src/output-plugins/spo_database.h

@@ -358,6 +358,7 @@ typedef struct _dbReliabilityHandle
 
     unsigned long pThreadID; /* Used to store thread information and know if we "reconnected automaticaly" */
     my_bool mysql_reconnect; /* We will handle it via the api. */
+    u_int32_t mysql_wait;    /* MySQL wait_timeout */
 #endif /* ENABLE_MYSQL */
 
 #ifdef ENABLE_POSTGRESQL
@@ -500,14 +501,14 @@ typedef struct _DatabaseData
 #define KEYWORD_RECONNECT_SLEEP_TIME "reconnect_sleep_time"
 #define KEYWORD_DISABLE_SIGREFTABLE "disable_signature_reference_table"
 
-#define KEYWORD_MYSQL_RECONNECT "mysql_reconnect"
-
 #ifdef ENABLE_MYSQL
 #   define KEYWORD_SSL_KEY     "ssl_key"
 #   define KEYWORD_SSL_CERT    "ssl_cert"
 #   define KEYWORD_SSL_CA      "ssl_ca"
 #   define KEYWORD_SSL_CA_PATH "ssl_ca_path"
 #   define KEYWORD_SSL_CIPHER  "ssl_cipher"
+#   define KEYWORD_MYSQL_RECONNECT "mysql_reconnect"
+#   define KEYWORD_MYSQL_WAIT 	   "mysql_wait"
 #endif
 
 #ifdef ENABLE_POSTGRESQL

src/output-plugins/spo_database_cache.c

@@ -106,8 +106,31 @@ u_int32_t CacheSynchronize(DatabaseData *data);
 void MasterCacheFlush(DatabaseData *data,u_int32_t flushFlag);
 /* Destructor */
 
+/* Return largest string lenght */
+inline u_int32_t glsl(char *a,char *b)
+{
+    u_int32_t alen = 0;
+    u_int32_t blen = 0;
+
+    alen = strlen(a);
+    blen = strlen(b);
+
+    if(alen > blen)
+    {
+	return alen;
+    }
+    else if(alen < blen)
+    {
+	return blen;
+    }
+    if(alen == blen)
+    {
+	return alen;
+    }
 
-
+    abort();
+    return 0;
+}
 
 #if DEBUG
 u_int32_t file_reference_object_count = 0;
@@ -235,7 +258,9 @@ u_int32_t cacheSignatureLookup(dbSignatureObj *iLookup,cacheSignatureObj *iHead)
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->message,iHead->obj.message,strlen(iHead->obj.message)) == 0) &&
+
+	if( (strncasecmp(iLookup->message,iHead->obj.message,
+			 glsl(iLookup->message,iHead->obj.message)) == 0) &&
             (iLookup->sid == iHead->obj.sid) &&
             (iLookup->gid == iHead->obj.gid) &&
             (iLookup->rev == iHead->obj.rev))
@@ -277,7 +302,8 @@ cacheSignatureObj * cacheSignatureGetObject(dbSignatureObj *iLookup,cacheSignatu
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->message,iHead->obj.message,strlen(iHead->obj.message)) == 0) &&
+	if( (strncasecmp(iLookup->message,iHead->obj.message,
+			 glsl(iLookup->message,iHead->obj.message)) == 0) &&
             (iLookup->sid == iHead->obj.sid) &&
             (iLookup->gid == iHead->obj.gid) &&
             (iLookup->rev == iHead->obj.rev))
@@ -420,7 +446,8 @@ u_int32_t cacheReferenceLookup(dbReferenceObj *iLookup,cacheReferenceObj *iHead,
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->ref_tag,iHead->obj.ref_tag,strlen(iLookup->ref_tag)) == 0))
+	if( (strncasecmp(iLookup->ref_tag,iHead->obj.ref_tag,
+			 glsl(iLookup->ref_tag,iHead->obj.ref_tag)) == 0))
 	{
 	    /* Match */
 	    *retRefLookupNode = iHead;
@@ -526,7 +553,8 @@ u_int32_t dbReferenceLookup(dbReferenceObj *iLookup,cacheReferenceObj *iHead)
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->ref_tag,iHead->obj.ref_tag,strlen(iHead->obj.ref_tag)) == 0))
+	if( (strncasecmp(iLookup->ref_tag,iHead->obj.ref_tag,
+			 glsl(iLookup->ref_tag,iHead->obj.ref_tag))) == 0)
 	{
             /* Found */
 	    if(iHead->flag & CACHE_INTERNAL_ONLY)
@@ -577,7 +605,8 @@ u_int32_t dbSystemLookup(dbSystemObj *iLookup,cacheSystemObj *iHead)
 
     while(iHead != NULL)
     {
-	if((strncasecmp(iLookup->ref_system_name,iHead->obj.ref_system_name,strlen(iHead->obj.ref_system_name)) == 0))
+	if((strncasecmp(iLookup->ref_system_name,iHead->obj.ref_system_name, 
+			glsl(iLookup->ref_system_name,iHead->obj.ref_system_name))) == 0)
 	{
             /* Found */
 	    if(  iHead->flag & CACHE_INTERNAL_ONLY)
@@ -631,7 +660,8 @@ u_int32_t dbSignatureLookup(dbSignatureObj *iLookup,cacheSignatureObj *iHead)
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->message,iHead->obj.message,strlen(iHead->obj.message)) == 0) &&
+	if( (strncasecmp(iLookup->message,iHead->obj.message,
+			 glsl(iLookup->message,iHead->obj.message)) == 0) &&
 	    (iLookup->sid == iHead->obj.sid) &&
 	    (iLookup->gid == iHead->obj.gid))
         {
@@ -718,7 +748,8 @@ u_int32_t dbClassificationLookup(dbClassificationObj *iLookup,cacheClassificatio
 
     while(iHead != NULL)
     {
-	if( (strncasecmp(iLookup->sig_class_name,iHead->obj.sig_class_name,strlen(iHead->obj.sig_class_name)) == 0))
+	if( (strncasecmp(iLookup->sig_class_name,iHead->obj.sig_class_name,
+			 glsl(iLookup->sig_class_name,iHead->obj.sig_class_name)) == 0))
 	{
             /* Found */
 	    if(  iHead->flag & CACHE_INTERNAL_ONLY)
@@ -1810,7 +1841,7 @@ u_int32_t ClassificationPopulateDatabase(DatabaseData  *data,cacheClassification
     {
 	if(cacheHead->flag & CACHE_INTERNAL_ONLY)
 	{
-
+	    
 #if DEBUG
             inserted_classification_object_count++;
 #endif

src/parser.c

@@ -284,9 +284,13 @@ Barnyard2Config * ParseBarnyard2Conf(void)
     /* Need to set this for plugin configurations since they're using
      * lists of callbacks */
     barnyard2_conf_for_parsing = bc;
+
 
     InitParser();
 
+    /* By default */
+    bc->alert_on_each_packet_in_stream_flag=1;
+
     /* We're not going to parse rules on the first pass */
     parse_rules = 0;