Project

General

Profile

Bug #11637

Preprocs - possible to create two defaults

Added by Max Leighton 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Category:
Snort
Target version:
-
Start date:
03/08/2021
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fields, the new HTTP Inspect server configuration will change to 'default'. If the user doesn't notice this and saves, there will be a second un-removeable default configuration. Snort will subsequently fail to start on that interface with the error:

FATAL ERROR: /usr/local/etc/snort/snort_34319_em0/snort.conf(237) => Cannot configure 'global_server' settings more than once.

This can be recreated on http_inspect, Frag3, or Stream5.

Steps to reproduce:

1. Create a new Snort interface
2. Edit the interface and navigate to the <interface> Preprocs tab
3. Add a new server configuration under HTTP Inspect
4. Click the + Aliases button next to the Ports field. Select a port alias and hit save
The engine name and Bind-To IP address will now be 'default' and 'all'
5. Click save
There is now a second un-removeable server configuration.
6. Click save again and the Snort on this interface will fail with the above error

Tested on 4.1.3_2 on pfSense 2.5 CE and 2.4.5p1

History

#1 Updated by Bill Meeks about 1 month ago

This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue can be marked "Resolved" when this pull request is merged.

#2 Updated by Renato Botelho about 1 month ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Affected Version deleted (2.5.0)

PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests

#3 Updated by Max Leighton about 1 month ago

Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:

When creating a new server configuration, if I use the alias button to select an IP alias for the Bind-To address, the Ports field is set automatically to default. Then, if I use the alias button to select a port alias, the bind-to IP becomes blank. Using the button for one field will change the value for the other. I have to type the name of my alias in one of the fields in order to use two aliases here. Once I have a server configuration saved, I can edit it and I don't see this behavior. It only happens when creating a new one.

Also available in: Atom PDF