app_info_name_table[app_name] = entry;
else
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "App name, \"%s\" is a duplicate entry will be "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "App name, \"%s\" is a duplicate entry will be "
"shared by each detector.\n", app_name);
added = false;
}
{
if (!app_name || strlen(app_name) >= MAX_EVENT_APPNAME_LEN)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Appname invalid or too long: %s\n", app_name);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Appname invalid or too long: %s\n", app_name);
return nullptr;
}
void AppInfoManager::dump_app_info_table()
{
- appid_log(nullptr, TRACE_INFO_LEVEL, "Cisco provided detectors:\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Cisco provided detectors:\n");
for (auto& kv: app_info_table)
- appid_log(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId,
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId,
(kv.second->flags & APPINFO_FLAG_ACTIVE) ? "active" : "inactive");
- appid_log(nullptr, TRACE_INFO_LEVEL, "User provided detectors:\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "User provided detectors:\n");
for (auto& kv: custom_app_info_table)
- appid_log(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId,
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId,
(kv.second->flags & APPINFO_FLAG_ACTIVE) ? "active" : "inactive");
}
else if (!(strcasecmp(conf_key, "bittorrent_aggressiveness")))
{
int aggressiveness = atoi(conf_val);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: bittorrent_aggressiveness %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: bittorrent_aggressiveness %d\n",
aggressiveness);
if (aggressiveness >= 50)
{
set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER_PAYLOAD);
odp_ctxt.max_tp_flow_depth = 25;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: "
"host_port_app_cache_lookup_interval %d\n",
odp_ctxt.host_port_app_cache_lookup_interval);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: recheck_for_portservice_appid "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: recheck_for_portservice_appid "
"enabled\n");
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
APP_ID_BITTORRENT);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
APP_ID_BITTORRENT);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
odp_ctxt.allow_port_wildcard_host_cache = true;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
"enabled\n");
}
}
else if (!(strcasecmp(conf_key, "ultrasurf_aggressiveness")))
{
int aggressiveness = atoi(conf_val);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: ultrasurf_aggressiveness %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: ultrasurf_aggressiveness %d\n",
aggressiveness);
if (aggressiveness >= 50)
{
set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER_PAYLOAD);
odp_ctxt.max_tp_flow_depth = 25;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl "
"enabled\n");
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
APP_ID_ULTRASURF);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
APP_ID_ULTRASURF);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
odp_ctxt.allow_port_wildcard_host_cache = true;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
"enabled\n");
}
}
else if (!(strcasecmp(conf_key, "psiphon_aggressiveness")))
{
int aggressiveness = atoi(conf_val);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: psiphon_aggressiveness %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: psiphon_aggressiveness %d\n",
aggressiveness);
if (aggressiveness >= 50)
{
set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER_PAYLOAD);
odp_ctxt.max_tp_flow_depth = 25;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl "
"enabled\n");
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n",
APP_ID_PSIPHON);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n",
APP_ID_PSIPHON);
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n",
odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
odp_ctxt.allow_port_wildcard_host_cache = true;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache "
"enabled\n");
}
}
uint64_t max_bytes_before_service_fail = atoi(conf_val);
if (max_bytes_before_service_fail < MIN_MAX_BYTES_BEFORE_SERVICE_FAIL)
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
"max_bytes_before_service_fail %" PRIu64 ", must be greater than %u.\n",
max_bytes_before_service_fail, MIN_MAX_BYTES_BEFORE_SERVICE_FAIL);
}
uint16_t max_packet_before_service_fail = atoi(conf_val);
if (max_packet_before_service_fail < MIN_MAX_PKTS_BEFORE_SERVICE_FAIL)
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
"max_packet_before_service_fail %" PRIu16 ", must be greater than %u.\n",
max_packet_before_service_fail, MIN_MAX_PKTS_BEFORE_SERVICE_FAIL);
}
if (max_packet_service_fail_ignore_bytes <
MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES)
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid "
"max_packet_service_fail_ignore_bytes %" PRIu16 ", must be greater than "
"%u.\n", max_packet_service_fail_ignore_bytes,
MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES);
if (!conf_file.is_open())
return;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: Configuration file %s\n", file_path.c_str());
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: Configuration file %s\n", file_path.c_str());
std::string line;
while (getline(conf_file, line))
- appid_log(nullptr, TRACE_INFO_LEVEL, "%s\n", line.c_str());
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\n", line.c_str());
conf_file.close();
}
const char* token = strtok_r(buf, CONF_SEPARATORS, &context);
if (!token)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read id for AppId\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read id for AppId\n");
continue;
}
app_id = strtol(token, nullptr, 10);
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read app_name. Line %s\n", buf);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read app_name. Line %s\n", buf);
continue;
}
app_name = snort_strdup(token);
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read service id for AppId\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read service id for AppId\n");
snort_free(app_name);
continue;
}
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read client id for AppId\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read client id for AppId\n");
snort_free(app_name);
continue;
}
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
if (!token)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read payload id for AppId\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read payload id for AppId\n");
snort_free(app_name);
continue;
}
const char* app_name_service = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(APP_ID_CIP);
const char* app_name_payload = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "CIP event handler service %s (%d) and payload %s (%d) are detected\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "CIP event handler service %s (%d) and payload %s (%d) are detected\n",
app_name_service, APP_ID_CIP, app_name_payload, payload_id);
}
void OdpContext::dump_appid_config()
{
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting %s\n", (dns_host_reporting ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled %s\n", (referred_appId_disabled ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting %s\n", (mdns_user_reporting ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled %s\n", (chp_userid_disabled ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime %s\n", (is_host_port_app_cache_runtime ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache %s\n", (check_host_port_app_cache ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl %s\n", (check_host_cache_unknown_ssl ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled %s\n", (ftp_userid_disabled ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled %s\n", (chp_body_collection_disabled ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max %d\n", chp_body_collection_max);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets %d\n", rtmp_max_packets);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth %d\n", max_tp_flow_depth);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes %s\n", (tp_allow_probes ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval %d\n", host_port_app_cache_lookup_interval);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range %d\n", host_port_app_cache_lookup_range);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache %s\n", (allow_port_wildcard_host_cache ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid %s\n", (recheck_for_portservice_appid ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail %" PRIu64" \n", max_bytes_before_service_fail);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail %" PRIu16" \n", max_packet_before_service_fail);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client %s\n", (eve_http_client ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: appid_cpu_profiler %s\n", (appid_cpu_profiler ? "True" : "False"));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: brute_force_inprocess_threshold %" PRId8" \n", brute_force_inprocess_threshold);
- appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: failed_state_expiration_secs %" PRId32" \n", failed_state_expiration_secs);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting %s\n", (dns_host_reporting ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled %s\n", (referred_appId_disabled ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting %s\n", (mdns_user_reporting ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled %s\n", (chp_userid_disabled ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime %s\n", (is_host_port_app_cache_runtime ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache %s\n", (check_host_port_app_cache ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl %s\n", (check_host_cache_unknown_ssl ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled %s\n", (ftp_userid_disabled ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled %s\n", (chp_body_collection_disabled ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max %d\n", chp_body_collection_max);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets %d\n", rtmp_max_packets);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth %d\n", max_tp_flow_depth);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes %s\n", (tp_allow_probes ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval %d\n", host_port_app_cache_lookup_interval);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range %d\n", host_port_app_cache_lookup_range);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache %s\n", (allow_port_wildcard_host_cache ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid %s\n", (recheck_for_portservice_appid ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail %" PRIu64" \n", max_bytes_before_service_fail);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail %" PRIu16" \n", max_packet_before_service_fail);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client %s\n", (eve_http_client ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: appid_cpu_profiler %s\n", (appid_cpu_profiler ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: brute_force_inprocess_threshold %" PRId8" \n", brute_force_inprocess_threshold);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: failed_state_expiration_secs %" PRId32" \n", failed_state_expiration_secs);
}
bool OdpContext::is_appid_cpu_profiler_running()
Pop3ClientDetector* c_pop = (Pop3ClientDetector*) client_disco_mgr.get_client_detector("pop3");
if (!s_pop or !c_pop)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize pop3 detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize pop3 detector\n");
return;
}
s_pop->set_client_detector(c_pop);
KerberosClientDetector* c_krb = (KerberosClientDetector*) client_disco_mgr.get_client_detector("kerberos");
if (!s_krb or !c_krb)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize kerberos detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize kerberos detector\n");
return;
}
s_krb->set_client_detector(c_krb);
SmtpClientDetector* c_smtp = (SmtpClientDetector*) client_disco_mgr.get_client_detector("SMTP");
if (!s_smtp or !c_smtp)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize smtp detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize smtp detector\n");
return;
}
s_smtp->set_client_detector(c_smtp);
ImapClientDetector* c_imap = (ImapClientDetector*) client_disco_mgr.get_client_detector("IMAP");
if (!s_imap or !c_imap)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize imap detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize imap detector\n");
return;
}
s_imap->set_client_detector(c_imap);
{
SipServiceDetector* s_sip = (SipServiceDetector*) service_disco_mgr.get_service_detector("sip");
if (!s_sip)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip service detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip service detector\n");
return s_sip;
}
{
SipUdpClientDetector* c_sip = (SipUdpClientDetector*) client_disco_mgr.get_client_detector("SIP");
if (!c_sip)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip client detector\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip client detector\n");
return c_sip;
}
else if (proto == IpProtocol::UDP)
udp_port_only[port] = appid;
else
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: invalid port service for proto %d port %d app %d\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: invalid port service for proto %d port %d app %d\n",
static_cast<int>(proto), port, appid);
}
LogRespond(ctrlcon, "%s", buffer.data());
break;
case OUPUT_LOGFILE:
- appid_log(nullptr, level, "%s", buffer.data());
+ APPID_LOG(nullptr, level, "%s", buffer.data());
break;
default:
break;
{
if (!processed_packets or !processing_time)
{
- appid_log(nullptr, TRACE_INFO_LEVEL, "appid: processed packets/time are NULL for appid : %d , app_name : %s , processing time :%lu \n", appid, app_name, processing_time);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: processed packets/time are NULL for appid : %d , app_name : %s , processing time :%lu \n", appid, app_name, processing_time);
return;
}
using namespace snort;
THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
-void appid_log(const Packet* p, const uint8_t log_level, const char* format, ...)
+inline void appid_log(const Packet* p, const uint8_t log_level, const char* format, ...)
{
va_list args;
va_start(args, format);
info.sip.ntop(sipstr, sizeof(sipstr));
info.dip.ntop(dipstr, sizeof(dipstr));
- appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu and tenants:%s\n", desc,
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu and tenants:%s\n", desc,
sipstr, info.sport, dipstr, info.dport, static_cast<uint8_t>(info.protocol),
int_vector_to_str(info.tenants).c_str());
}
else
{
- appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s disabled\n", desc);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Debugging %s disabled\n", desc);
enabled = false;
active = false;
}
#include "protocols/protocol_ids.h"
#include "sfip/sf_ip.h"
+extern THREAD_LOCAL bool appid_trace_enabled;
+
class AppIdSession;
namespace snort
{
void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...);
+#define APPID_LOG(pkt, log_level, ...) do { \
+ if ((log_level > 2) || (appidDebug and appidDebug->is_active()) || (appid_trace_enabled)) { \
+ appid_log(pkt, log_level, __VA_ARGS__); \
+ } \
+} while(0)
+
struct AppIdDebugSessionConstraints
{
snort::SfIp sip;
else if (proto == IpProtocol::UDP)
udp_detectors[name] = cd;
else
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Detector %s has unsupported protocol %u\n", name.c_str(), (unsigned)proto);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Detector %s has unsupported protocol %u\n", name.c_str(), (unsigned)proto);
}
void AppIdDiscovery::add_pattern_data(AppIdDetector* detector, SearchTool& st, int position, const
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
{
asd->flags |= APPID_SESSION_MID;
- appid_log(p, TRACE_DEBUG_LEVEL, "New AppId mid-stream session\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId mid-stream session\n");
}
else
- appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session\n");
}
else if (!asd->get_session_flags(APPID_SESSION_MID) and
(p->flow->get_session_flags() & SSNFLAG_MIDSTREAM))
{
asd->flags |= APPID_SESSION_MID;
- appid_log(p, TRACE_DEBUG_LEVEL, "AppId mid-stream session\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "AppId mid-stream session\n");
}
if (!asd->get_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED))
const char *app_name =
asd->get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id());
- appid_log(p, TRACE_DEBUG_LEVEL, "Ignoring connection with service %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Ignoring connection with service %s (%d)\n",
app_name ? app_name : "unknown", asd->get_service_id());
return false;
(p->dsize and !(p->packet_flags & (PKT_STREAM_ORDER_OK | PKT_REBUILT_STREAM))))
{
asd->set_session_flags(APPID_SESSION_OOO | APPID_SESSION_OOO_CHECK_TP);
- appid_log(p, TRACE_DEBUG_LEVEL, "Packet out-of-order, %s%sflow\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Packet out-of-order, %s%sflow\n",
(p->packet_flags & PKT_STREAM_ORDER_BAD) ? "bad " : "not-ok ",
asd->get_session_flags(APPID_SESSION_MID) ? "mid-stream " : "");
{
asd->set_service_id(asd->expected_external_app_id, odp_ctxt);
}
- appid_log(p, TRACE_DEBUG_LEVEL, "stopped service/client discovery\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "stopped service/client discovery\n");
}
}
else
if (fdpd and (fdpd == asd->session_packet_count))
{
p->flow->set_proxied();
- appid_log(p, TRACE_DEBUG_LEVEL, "Marked the flow as decrypted at packet number %lu\n", (long unsigned)fdpd);
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Marked the flow as decrypted at packet number %lu\n", (long unsigned)fdpd);
}
#endif
asd.set_port_service_id(id);
AppId ps_id = asd.get_port_service_id();
const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from port\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from port\n",
app_name ? app_name : "unknown", asd.get_port_service_id());
}
asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE);
break;
}
asd.set_session_flags(APPID_SESSION_FIRST_PKT_CACHE_MATCHED);
- appid_log(p, TRACE_DEBUG_LEVEL, "Host cache match found on first packet, service: %s(%d), "
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Host cache match found on first packet, service: %s(%d), "
"client: %s(%d), payload: %s(%d), reinspect: %s \n",
(service_app_name ? service_app_name : ""), service_id,
(client_app_name ? client_app_name : ""), client_id,
{
asd.misc_app_id = misc_id = id;
const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "Outer protocol service %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Outer protocol service %s (%d)\n",
app_name ? app_name : "unknown", asd.misc_app_id);
}
}
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
AppId ps_id = asd.get_port_service_id();
const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "Protocol service %s (%d) from protocol\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Protocol service %s (%d) from protocol\n",
app_name ? app_name : "unknown", ps_id);
}
asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE);
service_id = id;
asd.set_port_service_id(id);
const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(id);
- appid_log(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from length\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from length\n",
app_name ? app_name : "unknown", id);
asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE);
}
if (!asd.is_tp_appid_done())
{
asd.tpsession->set_state(TP_STATE_TERMINATED);
- appid_log(p, TRACE_DEBUG_LEVEL, "Stopped 3rd party detection\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Stopped 3rd party detection\n");
}
}
if (appidDebug->is_enabled())
appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions);
- appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at mercury event\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at mercury event\n");
}
if (!asd->get_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED))
debug_str += "]";
}
- appid_log(p, TRACE_DEBUG_LEVEL, "%s\n", debug_str.c_str());
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s\n", debug_str.c_str());
}
#endif
);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n");
flow.set_flow_data(asd);
asd->flow = &flow;
appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions);
Packet* p = CURRENT_PACKET;
- appid_log(p, TRACE_DEBUG_LEVEL, "high-avail - Consuming app data - flags 0x%x, service %d, "
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "high-avail - Consuming app data - flags 0x%x, service %d, "
"client %d, payload %d, misc %d, referred %d, client_inferred_service %d, "
"port_service %d, tp_app %d, tp_payload %d\n",
appHA->flags, appHA->appId[APPID_HA_APP_SERVICE],
const TPLibHandler* tph = TPLibHandler::get();
TpAppIdCreateSession tpsf = tph->tpsession_factory();
if ( !(asd->tpsession = tpsf(*asd->get_tp_appid_ctxt())) )
- appid_log(p, TRACE_ERROR_LEVEL, "appid: Could not allocate asd.tpsession data in consume");
+ APPID_LOG(p, TRACE_ERROR_LEVEL, "appid: Could not allocate asd.tpsession data in consume");
else
{
asd->tpsession->set_state(TP_STATE_HA);
appHA->appId[APPID_HA_APP_TP] = asd->get_tp_app_id();
appHA->appId[APPID_HA_APP_TP_PAYLOAD] = asd->get_tp_payload_app_id();
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing app data - flags 0x%x, service %d, client %d, "
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing app data - flags 0x%x, service %d, client %d, "
"payload %d, misc %d, referred %d, client_inferred_service %d, port_service %d, "
"tp_app %d, tp_payload %d\n",
appHA->flags, appHA->appId[APPID_HA_APP_SERVICE],
if (appidDebug->is_enabled())
appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming HTTP data - URL %s, host %s\n",
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming HTTP data - URL %s, host %s\n",
appHA->url, appHA->host);
if (!asd)
else
appHA->host[0] = '\0';
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing HTTP data - URL %s, host %s\n",
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing HTTP data - URL %s, host %s\n",
appHA->url, appHA->host);
msg.advance_cursor(sizeof(AppIdSessionHAHttp));
if (appidDebug->is_enabled())
appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming TLS host - %s\n", appHA->tls_host);
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming TLS host - %s\n", appHA->tls_host);
if (!asd)
asd = create_appid_session(*flow, key, *inspector);
memcpy(appHA->tls_host, tls_host, length);
appHA->tls_host[length] = '\0';
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing TLS host - %s\n", appHA->tls_host);
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing TLS host - %s\n", appHA->tls_host);
msg.advance_cursor(sizeof(AppIdSessionHATlsHost));
return true;
appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions);
is_debug_active = true;
}
- appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at HTTP event\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at HTTP event\n");
}
else if ( asd->get_odp_ctxt_version() != pkt_thread_odp_ctxt->get_version() )
return; // Skip detection for sessions using old odp context after odp reload
if (appidDebug->is_enabled() and !is_debug_active)
appidDebug->activate(flow, asd, config.log_all_sessions);
- appid_log(p, TRACE_DEBUG_LEVEL, "Processing HTTP metadata from HTTP Inspector for stream %" PRId64 "\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Processing HTTP metadata from HTTP Inspector for stream %" PRId64 "\n",
http_event->get_httpx_stream_id());
asd->set_session_flags(APPID_SESSION_HTTP_SESSION);
}
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is client %s (%d)\n",
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is client %s (%d)\n",
type, app_name ? app_name : "unknown", app_id);
}
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
if (app_id == APP_ID_UNKNOWN)
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Payload is Unknown (%d)\n", app_id);
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Payload is Unknown (%d)\n", app_id);
else
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is payload %s (%d)\n", type,
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is payload %s (%d)\n", type,
app_name ? app_name : "unknown", app_id);
}
change_bits.set(APPID_REFERRED_BIT);
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "URL is referred %s (%d)\n", app_name ? app_name : "unknown", app_id);
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "URL is referred %s (%d)\n", app_name ? app_name : "unknown", app_id);
}
int AppIdHttpSession::process_http_packet(AppidSessionDirection direction,
constexpr auto RESPONSE_CODE_LENGTH = 3;
if (response_code->size() != RESPONSE_CODE_LENGTH)
{
- appid_log(p, TRACE_DEBUG_LEVEL, "Bad http response code.\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Bad http response code.\n");
asd.reset_session_data(change_bits);
return 0;
}
set_session_flags(APPID_SESSION_RESPONSE_CODE_CHECKED);
/* didn't receive response code in first X packets. Stop processing this session */
asd.reset_session_data(change_bits);
- appid_log(p, TRACE_DEBUG_LEVEL, "No response code received\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No response code received\n");
return 0;
}
#endif
if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and asd.get_service_id() != service_id)
{
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "User Agent is service %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "User Agent is service %s (%d)\n",
app_name ? app_name : "unknown", service_id);
}
asd.set_service_appid_data(service_id, change_bits);
{
asd.set_service_appid_data(app_id, change_bits, version);
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "X service %s (%d)\n", app_name ? app_name : "unknown", app_id);
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "X service %s (%d)\n", app_name ? app_name : "unknown", app_id);
}
}
asd.scan_flags &= ~SCAN_HTTP_XWORKINGWITH_FLAG;
if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP)
{
const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "URL is service %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "URL is service %s (%d)\n",
app_name ? app_name : "unknown", service_id);
}
asd.set_service_appid_data(service_id, change_bits);
}
if (httpx_stream_id >= 0)
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s is %s\n",
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s is %s\n",
httpx_stream_id, field_name.c_str(), field->c_str());
- else
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is %s\n", field_name.c_str(), field->c_str());
+ else
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is %s\n", field_name.c_str(), field->c_str());
}
{
#endif
if ( prev_maxrss == -1 or getrusage(RUSAGE_SELF, &ru) == -1 )
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: fetching memory usage failed\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: fetching memory usage failed\n");
else
- appid_log(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss);
- appid_log(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", ctxt.get_odp_ctxt().get_pattern_count());
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", ctxt.get_odp_ctxt().get_pattern_count());
#ifdef REG_TEST
}
#endif
#include "src/main.h"
#include "target_based/host_attributes.h"
#include "trace/trace.h"
+#include "trace/trace_api.h"
#include "utils/util.h"
#include "app_info_table.h"
using namespace std;
THREAD_LOCAL const Trace* appid_trace = nullptr;
-
+THREAD_LOCAL bool appid_trace_enabled = false;
//-------------------------------------------------------------------------
// appid module
//-------------------------------------------------------------------------
ACThirdPartyAppIdContextSwap(AppIdInspector& inspector, ControlConn* conn)
: AnalyzerCommand(conn), inspector(inspector)
{
- appid_log(nullptr, TRACE_INFO_LEVEL, "== swapping third-party configuration\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== swapping third-party configuration\n");
}
~ACThirdPartyAppIdContextSwap() override;
pkt_thread_tp_appid_ctxt = inspector.get_ctxt().get_tp_appid_ctxt();
pkt_thread_tp_appid_ctxt->tinit();
ThirdPartyAppIdContext::set_tp_reload_in_progress(false);
- appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party context swap in progress\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party context swap in progress\n");
return true;
}
std::string file_path = ctxt.get_tp_appid_ctxt()->get_user_config();
ctxt.get_odp_ctxt().get_app_info_mgr().dump_appid_configurations(file_path);
log_message("== reload third-party complete\n");
- appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party configuration swap complete\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party configuration swap complete\n");
ReloadTracker::end(ctrlcon, true);
}
reload_in_progress = pkt_thread_tp_appid_ctxt->tfini();
if (reload_in_progress) {
- appid_log(nullptr, TRACE_INFO_LEVEL, "== rescheduling third-party context unload\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== rescheduling third-party context unload\n");
return false;
}
pkt_thread_tp_appid_ctxt = nullptr;
- appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party context unload in progress\n");
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party context unload in progress\n");
return true;
}
if (sipstr)
{
if (constraints.sip.set(sipstr) != SFIP_SUCCESS)
- appid_log(nullptr, TRACE_INFO_LEVEL, "Invalid source IP address provided: %s\n", sipstr);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Invalid source IP address provided: %s\n", sipstr);
else if (constraints.sip.is_set())
constraints.sip_flag = true;
}
if (dipstr)
{
if (constraints.dip.set(dipstr) != SFIP_SUCCESS)
- appid_log(nullptr, TRACE_INFO_LEVEL, "Invalid destination IP address provided: %s\n", dipstr);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Invalid destination IP address provided: %s\n", dipstr);
else if (constraints.dip.is_set())
constraints.dip_flag = true;
}
{
#endif
getrusage(RUSAGE_SELF, &ru);
- appid_log(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss);
- appid_log(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", odp_ctxt.get_pattern_count());
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", odp_ctxt.get_pattern_count());
#ifdef REG_TEST
}
#endif
}
void AppIdModule::set_trace(const Trace* trace) const
-{ appid_trace = trace; }
+{
+ appid_trace = trace;
+ appid_trace_enabled = trace_enabled(appid_trace, DEFAULT_TRACE_OPTION_ID);
+}
const TraceOption* AppIdModule::get_trace_options() const
{
return &appid_trace_options;
}
-
-
snort::ProfileStats* AppIdModule::get_profile(
unsigned i, const char*& name, const char*& parent) const
{
extern THREAD_LOCAL snort::ProfileStats appid_perf_stats;
extern THREAD_LOCAL snort::ProfileStats tp_appid_perf_stats;
extern THREAD_LOCAL const snort::Trace* appid_trace;
+extern THREAD_LOCAL bool appid_trace_enabled;
#define MOD_NAME "appid"
#define MOD_HELP "application and service identification"
{
if (!peg_ids)
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "AppId peg counts thread created with no ids\n");
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "AppId peg counts thread created with no ids\n");
peg_ids = std::make_shared<AppIdPegCountIdInfo>();
}
}
inspector, *pkt_thread_odp_ctxt);
if (appidDebug->is_enabled())
appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions);
- appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at service event\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at service event\n");
}
else if (asd->get_odp_ctxt_version() != pkt_thread_odp_ctxt->get_version())
return; // Skip detection for sessions using old odp context after odp reload
if (!asd->has_no_service_candidate())
{
- appid_log(p, TRACE_DEBUG_LEVEL, "No service inspector\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service inspector\n");
return;
}
- appid_log(p, TRACE_DEBUG_LEVEL, "No service candidate and no inspector\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service candidate and no inspector\n");
const SfIp* service_ip;
uint16_t port;
if (type == PktType::NONE)
{
- appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow - invalid protocol %u\n",
+ APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow - invalid protocol %u\n",
(unsigned)proto);
return nullptr;
}
{
sfip_ntop(cliIp, src_ip, sizeof(src_ip));
sfip_ntop(srvIp, dst_ip, sizeof(dst_ip));
- appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow for %s-%u -> %s-%u %u\n",
+ APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow for %s-%u -> %s-%u %u\n",
src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto);
delete asd;
asd = nullptr;
{
sfip_ntop(cliIp, src_ip, sizeof(src_ip));
sfip_ntop(srvIp, dst_ip, sizeof(dst_ip));
- appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Related flow created for %s-%u -> %s-%u %u\n",
+ APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Related flow created for %s-%u -> %s-%u %u\n",
src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto);
asd->in_expected_cache = true;
}
}
reinit_session_data(change_bits, curr_tp_appid_ctxt);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSL decryption is available, restarting app detection\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSL decryption is available, restarting app detection\n");
// APPID_SESSION_ENCRYPTED is set upon receiving a command which upgrades the session to
// SSL. Next packet after the command will have encrypted traffic. In the case of a
if (!hsession or !hsession->get_tunnel())
return;
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Found HTTP Tunnel, restarting app Detection\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Found HTTP Tunnel, restarting app Detection\n");
if (odp_ctxt.is_appid_cpu_profiler_running())
{
if (tsession->get_tls_handshake_done() and
api.payload.get_id() == APP_ID_NONE)
{
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "End of SSL/TLS handshake detected with no payloadAppId, "
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "End of SSL/TLS handshake detected with no payloadAppId, "
"so setting to unknown\n");
api.payload.set_id(APP_ID_UNKNOWN);
}
std::string str;
change_bits_to_string(change_bits, str);
if (is_httpx)
- appid_log(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s for HTTPX stream index %u\n",
+ APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s for HTTPX stream index %u\n",
str.c_str(), httpx_stream_index);
else
- appid_log(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s\n", str.c_str());
+ APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s\n", str.c_str());
}
size_t version_len = (size_t)(version_end - version_begin);
fd->version.assign(version_begin, version_len);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler read SSH version string with vendor %s and version %s\n",
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler read SSH version string with vendor %s and version %s\n",
fd->vendor.c_str(), fd->version.c_str());
return true;
if (table.has_pattern(fd.vendor))
{
client_id = table.get_appid(fd.vendor);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler identified client with AppId %u\n", client_id);
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler identified client with AppId %u\n", client_id);
}
else
{
client_id = APP_ID_SSH;
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler client detected, but vendor not recognized\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler client detected, but vendor not recognized\n");
}
asd.set_client_id(client_id);
service_success(data.service_info, *event.get_packet(), asd, change_bits);
client_success(data.client_info, asd, change_bits);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler service detected\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler service detected\n");
}
if (data and data->failed)
{
- appid_log(p, TRACE_DEBUG_LEVEL, "SSH detection failed, ignoring event\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH detection failed, ignoring event\n");
return;
}
if ( asd->get_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL) and
((ssh_event.get_direction() == PKT_FROM_CLIENT) or data->client_info.vendor.size()) )
{
- appid_log(p, TRACE_DEBUG_LEVEL, "Early detection of SSH\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Early detection of SSH\n");
handle_success(*data, ssh_event, *asd, change_bits);
asd->publish_appid_event(change_bits, *ssh_event.get_packet());
asd->clear_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL);
}
}
else
- appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received unsupported protocol %s\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received unsupported protocol %s\n",
ssh_event.get_version_str().c_str());
break;
switch (ssh_event.get_validation_result())
{
case SSH_VALID_KEXINIT:
- appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received valid key exchange\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received valid key exchange\n");
fd->finished = true;
break;
case SSH_INVALID_KEXINIT:
- appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid key exchange\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid key exchange\n");
handle_failure(*asd, *data);
break;
case SSH_INVALID_VERSION:
- appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid version\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid version\n");
handle_failure(*asd, *data);
break;
{
AppIdDiscoveryArgs disco_args(p->data, p->dsize, direction, asd, p, change_bits);
ret = asd.client_detector->validate(disco_args);
- appid_log(p, TRACE_DEBUG_LEVEL, "%s client detector returned %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s client detector returned %s (%d)\n",
asd.client_detector->get_log_name().c_str(),
asd.client_detector->get_code_string((APPID_STATUS_CODE)ret), ret);
}
{
AppIdDiscoveryArgs disco_args(p->data, p->dsize, direction, asd, p, change_bits);
int result = kv->second->validate(disco_args);
- appid_log(p, TRACE_DEBUG_LEVEL, "%s client candidate returned %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s client candidate returned %s (%d)\n",
kv->second->get_log_name().c_str(),
kv->second->get_code_string((APPID_STATUS_CODE)result), result);
if (match != eve_ca_load_list.end())
{
if ((*match)->app_id != app_id)
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - process name '%s' for client app %d is already "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - process name '%s' for client app %d is already "
"mapped to client app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id,
(*match)->app_id);
}
AppIdInspector* inspector =
(AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true);
if (inspector and inspector->get_ctxt().config.log_eve_process_client_mappings)
- appid_log(nullptr, TRACE_INFO_LEVEL, "Adding EVE Client App pattern %d %s %d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Adding EVE Client App pattern %d %s %d\n",
p->app_id, p->pattern.c_str(), p->confidence);
#endif
}
asd.set_session_flags(APPID_SESSION_CONTINUE);
service->add_service(change_bits, asd, sip_event.get_packet(), direction, APP_ID_SIP,
ss->vendor[0] ? ss->vendor : nullptr);
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Sip service detected. Setting APPID_SESSION_CONTINUE flag\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Sip service detected. Setting APPID_SESSION_CONTINUE flag\n");
}
}
}
for (unsigned i = 0; i <= partNum; i++)
snort_free((void*)parts[i].pattern);
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to allocate memory");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to allocate memory");
return 0;
}
partNum++;
#include "trace/trace.h"
#include "utils/util.h"
+//#include "appid_module.h"
#include "appid_debug.h"
#include "appid_types.h"
#include "appid_utils/sf_mlmp.h"
{
if( !pat )
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "HTTP pattern string is null.");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "HTTP pattern string is null.");
return false;
}
if (seq < SINGLE || seq > USER_AGENT_HEADER)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid HTTP DHP Sequence.");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid HTTP DHP Sequence.");
return false;
}
HostPortVal hv = kv.second;
inet_ntop(AF_INET6, &hk.ip, inet_buffer, sizeof(inet_buffer));
- appid_log(nullptr, TRACE_INFO_LEVEL, "\tip=%s, \tport %d, \tip_proto %u, \ttype=%u, \tappId=%d\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "\tip=%s, \tport %d, \tip_proto %u, \ttype=%u, \tappId=%d\n",
inet_buffer, hk.port, (unsigned)hk.proto, hv.type, hv.appId);
}
}
if (tmp_proto > (unsigned)IpProtocol::RESERVED)
{
if (print_err)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol value %u\n", tmp_proto);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol value %u\n", tmp_proto);
return -1;
}
}
}
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator/fini to non-function\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator/fini to non-function\n",
ud->sd->get_name().c_str());
lua_pop(L, 1);
return 0;
switch (level)
{
case LUA_LOG_CRITICAL:
- appid_log(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_ERR:
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_WARN:
- appid_log(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_NOTICE:
case LUA_LOG_INFO:
- appid_log(nullptr, TRACE_INFO_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_TRACE:
switch (level)
{
case LUA_LOG_CRITICAL:
- appid_log(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_ERR:
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_WARN:
- appid_log(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message);
break;
case LUA_LOG_NOTICE:
case LUA_LOG_INFO:
if ( !appidDebug or !appidDebug->is_enabled() )
return 0;
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppIdDbg %s:%s\n", name.c_str(), message);
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppIdDbg %s:%s\n", name.c_str(), message);
break;
case LUA_LOG_TRACE:
auto curr_packet = (Analyzer::get_local_analyzer() and snort::DetectionEngine::get_context()) ? snort::DetectionEngine::get_current_packet() : nullptr;
- appid_log(curr_packet, TRACE_DEBUG_LEVEL, curr_packet ? "%s:%s\n" : "AppIdDbg %s:%s\n", name.c_str(), message);
+ APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL, curr_packet ? "%s:%s\n" : "AppIdDbg %s:%s\n", name.c_str(), message);
break;
}
lua_getfield(L, -1, pValidator);
if (!lua_isfunction(L, -1))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator to non-function\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator to non-function\n",
ud->sd->get_name().c_str());
lua_pop(L, 1);
if (re == nullptr)
{
pcre2_get_error_message(errorcode, error, 128);
- appid_log(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE compilation failed at offset %d: %s\n", erroffset, error);
+ APPID_LOG(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE compilation failed at offset %d: %s\n", erroffset, error);
return 0;
}
{
/*overflow of matches */
rc = OVECCOUNT / 3;
- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "ovector only has room for %d captured substrings\n", rc - 1);
+ APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "ovector only has room for %d captured substrings\n", rc - 1);
}
if (!lua_checkstack(L, rc))
{
- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Cannot grow Lua stack by %d slots to hold "
+ APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Cannot grow Lua stack by %d slots to hold "
"PCRE matches\n", rc);
return 0;
}
{
// log errors except no matches
if (rc != PCRE2_ERROR_NOMATCH)
- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE regular expression group match failed. rc: %d\n", rc);
+ APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE regular expression group match failed. rc: %d\n", rc);
rc = 0;
}
unsigned int substr_len = lua_tonumber(L, 3);
if (offset + substr_len > lsd->ldp.size)
{
- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Requested substr end offset %d is greater than data size %d\n",
+ APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Requested substr end offset %d is greater than data size %d\n",
offset + substr_len, lsd->ldp.size);
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid alpn service string: appid %u.\n", appid);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid alpn service string: appid %u.\n", appid);
return 0;
}
const std::string service_name(tmp_string);
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name string: appid %u.\n", appid);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name string: appid %u.\n", appid);
return 0;
}
const std::string process_name(tmp_string);
const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config;
if (!MpseManager::is_regex_capable(fp->get_search_api())){
- appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
"regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name regex string: appid %u.\n", appid);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name regex string: appid %u.\n", appid);
return 0;
}
const std::string process_name(tmp_string);
enum httpPatternType pat_type = (enum httpPatternType)lua_tointeger(L, ++index);
if (pat_type < HTTP_PAYLOAD or pat_type > HTTP_URL)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const uint8_t* pattern_str = (const uint8_t*)lua_tolstring(L, ++index, &pattern_size);
if (!pattern_str or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config;
if (!MpseManager::is_regex_capable(fp->get_search_api())){
- appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
"regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host regex pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host regex pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config;
if (!MpseManager::is_regex_capable(fp->get_search_api())){
- appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
"regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN regex pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN regex pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &pattern_size);
if (!tmp_string or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid DNS Host pattern string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid DNS Host pattern string.\n");
return 0;
}
if (!cidr_str or !ipaddr_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: No IP address provided\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: No IP address provided\n");
return 0;
}
{
if (!convert_string_to_address(cidr_str, &ip_address))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", cidr_str);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", cidr_str);
return 0;
}
}
if (!netip_str or !convert_string_to_address(netip_str, &ip_address))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", netip_str);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", netip_str);
return 0;
}
{
if (bits < 0 or bits > 32)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv4 prefix range: %d\n", bits);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv4 prefix range: %d\n", bits);
return 0;
}
}
else if (strchr(netip_str, ':'))
{
if (bits < 0 or bits > 128) {
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv6 prefix range: %d\n", bits);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv6 prefix range: %d\n", bits);
return 0;
}
}
}
else
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid prefix bit: %s\n", tokens[1].c_str());
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid prefix bit: %s\n", tokens[1].c_str());
return 0;
}
}
if (!ud->get_odp_ctxt().host_first_pkt_add(
sc, &ip_address, netmask_parsed ? netmask32 : nullptr, (uint16_t)port, proto, protocol_appid, client_appid, web_appid, reinspect))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call first pkt add\n", __func__);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call first pkt add\n", __func__);
return 0;
}
const char* ip_str= lua_tolstring(L, ++index, &ipaddr_size);
if (!ip_str or !ipaddr_size or !convert_string_to_address(ip_str, &ip_address))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: Invalid IP address: %s\n", __func__, ip_str);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: Invalid IP address: %s\n", __func__, ip_str);
return 0;
}
lua_pop(L, 1);
if (!ud->get_odp_ctxt().host_port_cache_add(
sc, &ip_address, (uint16_t)port, proto, type, app_id))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call\n", __func__);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call\n", __func__);
return 0;
}
if (added)
{
AppIdSession::incr_inferred_svcs_ver();
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Added hostPortCache entry ip=%s, port %d, ip_proto %u, "
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Added hostPortCache entry ip=%s, port %d, ip_proto %u, "
"type=%u, appId=%d\n", ip_str, port, (unsigned)proto, type, appid);
}
const char* tmp_string = lua_tolstring(L, ++index, &stringSize);
if (!tmp_string or !stringSize)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP Header string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP Header string.\n");
return 0;
}
uint8_t* pattern = (uint8_t*)snort_strdup(tmp_string);
const char* tmp_string = lua_tolstring(L, ++index, &string_size);
if (!tmp_string || !string_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSH Client string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSH Client string.\n");
return 0;
}
std::string pattern(tmp_string);
{
if (entry->flags & flag)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n",
app_id);
return 1;
}
}
else
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback cannot be registered for invalid app %d\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback cannot be registered for invalid app %d\n",
app_id);
return 1;
}
if (!odp_thread_local_ctxt->insert_cb_detector(app_id, &ud))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", app_id);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", app_id);
return 1;
}
}
// when an ODP detector triggers the detector callback to be called, there are some elements
// in the stack. Checking here to make sure the number of elements is not too many
if (lua_gettop(my_lua_state) > 20)
- appid_log(&p, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector callback\n",
+ APPID_LOG(&p, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector callback\n",
lua_gettop(my_lua_state));
const string& cb_fn_name = ud.get_cb_fn_name();
lua_getfield(my_lua_state, -1, cb_fn_name.c_str());
if (lua_pcall(my_lua_state, 0, 1, 0))
{
- appid_log(&p, TRACE_ERROR_LEVEL, "Detector %s: Error validating %s\n", detector_name,
+ APPID_LOG(&p, TRACE_ERROR_LEVEL, "Detector %s: Error validating %s\n", detector_name,
lua_tostring(my_lua_state, -1));
ud.lsd.ldp.pkt = nullptr;
lua_settop(my_lua_state, 0);
// retrieve result
if (!lua_isnumber(my_lua_state, -1))
{
- appid_log(&p, TRACE_ERROR_LEVEL, "Detector %s: Validator returned non-numeric value\n", detector_name);
+ APPID_LOG(&p, TRACE_ERROR_LEVEL, "Detector %s: Validator returned non-numeric value\n", detector_name);
ud.lsd.ldp.pkt = nullptr;
lua_settop(my_lua_state, 0);
return -10;
ud->set_running(true);
int ret = detector_callback(p.data, p.dsize, dir, asd, p, *ud, change_bits);
- appid_log(&p, TRACE_DEBUG_LEVEL, "%s detector callback returned %d\n",
+ APPID_LOG(&p, TRACE_DEBUG_LEVEL, "%s detector callback returned %d\n",
ud->get_detector()->get_name().empty() ? "UKNOWN" : ud->get_detector()->get_name().c_str(), ret);
ud->set_running(false);
}
if (CHP_glossary->emplace(appIdInstance, new_app).second == false)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Failed to add CHP for appId %d, instance %d",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Failed to add CHP for appId %d, instance %d",
CHP_APPIDINSTANCE_TO_ID(appIdInstance), CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance));
delete new_app;
return -1;
// We only want one of these for each appId.
if (CHP_glossary->find(appIdInstance) != CHP_glossary->end())
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Attempt to add more than one CHP for appId %d - "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Attempt to add more than one CHP for appId %d - "
"use CHPMultiCreateApp.\n", appId);
return 0;
}
*pattern_type = (HttpFieldIds)lua_tointeger(L, index);
if (*pattern_type >= NUM_HTTP_FIELDS)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action pattern type.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action pattern type.\n");
return -1;
}
return 0;
// non-empty pattern required
if (!tmp_string or !*pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action PATTERN string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action PATTERN string.\n");
return -1;
}
*pattern_data = snort_strdup(tmp_string);
action_type = (ActionType)lua_tointeger(L, index);
if (action_type < NO_ACTION or action_type > MAX_ACTION_TYPE)
{
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: Unsupported CHP Action type: %d, "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: Unsupported CHP Action type: %d, "
"possible version mismatch.\n", action_type);
return -1;
}
auto chp_entry = CHP_glossary->find(appIdInstance);
if (chp_entry == CHP_glossary->end() or !chp_entry->second)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid attempt to add a CHP action for "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid attempt to add a CHP action for "
"unknown appId %d, instance %d. - pattern:\"%s\" - action \"%s\"\n", CHP_APPIDINSTANCE_TO_ID(appIdInstance),
CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance), patternData, optionalActionData ? optionalActionData : "");
snort_free(patternData);
// We only want a maximum of these for each appId.
if (instance == CHP_APPID_INSTANCE_MAX)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Attempt to create more than %d CHP for appId %d",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Attempt to create more than %d CHP for appId %d",
CHP_APPID_INSTANCE_MAX, appId);
return 0;
}
or ((sequence_cnt == 0) or (sequence_cnt > LENGTH_SEQUENCE_CNT_MAX))
or ((sequence_str == nullptr) or (strlen(sequence_str) == 0)))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid input (%d,%u,%u,\"%s\")!",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid input (%d,%u,%u,\"%s\")!",
appId, (unsigned)proto, (unsigned)sequence_cnt, sequence_str ? sequence_str : "");
lua_pushnumber(L, -1);
return 1;
length_sequence.sequence[i].direction = APP_ID_FROM_RESPONDER;
break;
default:
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
sequence_str);
lua_pushnumber(L, -1);
return 1;
if (*str_ptr != '/')
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
sequence_str);
lua_pushnumber(L, -1);
return 1;
if (length == 0)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
sequence_str);
lua_pushnumber(L, -1);
return 1;
if ((!last_one and (*str_ptr != ','))
or (last_one and (*str_ptr != 0)))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!",
sequence_str);
lua_pushnumber(L, -1);
return 1;
if (!ud->get_odp_ctxt().length_cache_add(length_sequence, appId))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Could not add entry to cache!");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Could not add entry to cache!");
lua_pushnumber(L, -1);
return 1;
}
const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size);
if (!tmp_string or !host_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
return 0;
}
tmp_string = lua_tolstring(L, ++index, &path_pattern_size);
if (!tmp_string or !path_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; "
"client_id %u; payload %u.\n", service_id, client_id, payload_id);
snort_free(host_pattern);
return 0;
tmp_string = lua_tolstring(L, ++index, &schemePatternSize);
if (!tmp_string or !schemePatternSize)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; "
"client_id %u; payload %u.\n", service_id, client_id, payload_id);
snort_free(path_pattern);
snort_free(host_pattern);
const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config;
if (!MpseManager::is_regex_capable(fp->get_search_api())){
- appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of "
"regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size);
if (!tmp_string or !host_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host regex pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host regex pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
return 0;
}
tmp_string = lua_tolstring(L, ++index, &path_pattern_size);
if (!tmp_string or !path_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path regex pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path regex pattern string: service_id %u; "
"client_id %u; payload %u.\n", service_id, client_id, payload_id);
snort_free(host_pattern);
return 0;
tmp_string = lua_tolstring(L, ++index, &schemePatternSize);
if (!tmp_string or !schemePatternSize)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme regex pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme regex pattern string: service_id %u; "
"client_id %u; payload %u.\n", service_id, client_id, payload_id);
snort_free(path_pattern);
snort_free(host_pattern);
const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size);
if (!tmp_string or !host_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP host pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP host pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
return 0;
}
tmp_string = lua_tolstring(L, ++index, &path_pattern_size);
if (!tmp_string or !path_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP path pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP path pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
snort_free(host_pattern);
return 0;
tmp_string = lua_tolstring(L, ++index, &schemePatternSize);
if (!tmp_string or !schemePatternSize)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP scheme pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP scheme pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
snort_free(path_pattern);
snort_free(host_pattern);
const char* client_version = lua_tostring(L, ++index);
if (!client_version)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n");
return 0;
}
const char* ua_pattern = lua_tolstring(L, ++index, &ua_len);
if (!ua_pattern or !ua_len)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip ua pattern string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip ua pattern string.\n");
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &appNameLen);
if (!tmp_string or !appNameLen)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid appName string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid appName string.\n");
lua_pushnumber(L, APP_ID_NONE);
return 1; /*number of results */
}
enum httpPatternType pat_type = (enum httpPatternType)lua_tointeger(L, ++index);
if (pat_type < HTTP_PAYLOAD or pat_type > HTTP_URL)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const uint8_t* pattern_str = (const uint8_t*)lua_tolstring(L, ++index, &pattern_size);
if (!pattern_str or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size);
if (!tmp_string or !host_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
return 0;
}
tmp_string = lua_tolstring(L, ++index, &path_pattern_size);
if (!tmp_string or !path_pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
snort_free(host_pattern);
return 0;
tmp_string = lua_tolstring(L, ++index, &schemePatternSize);
if (!tmp_string or !schemePatternSize)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; "
"client_id %u; payload_id %u.\n", service_id, client_id, payload_id);
snort_free(path_pattern);
snort_free(host_pattern);
if (appid <= APP_ID_NONE or !pattern or !pattern_size or
(protocol != IpProtocol::TCP and protocol != IpProtocol::UDP))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternClient() - Invalid input in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternClient() - Invalid input in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
if (appid <= APP_ID_NONE or !pattern or !pattern_size or
(protocol != IpProtocol::TCP and protocol != IpProtocol::UDP))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternService() - Invalid input in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternService() - Invalid input in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* client_version = lua_tostring(L, ++index);
if (!client_version)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n");
return 0;
}
const char* server_pattern = lua_tolstring(L, ++index, &pattern_size);
if (!server_pattern or !pattern_size)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip server pattern string.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip server pattern string.\n");
return 0;
}
const char* table = lua_tostring(L, 2);
if (!table)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data table string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data table string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
const char* key = lua_tostring(L, 3);
if (!key)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data key string in %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data key string in %s.\n",
ud->get_detector()->get_name().c_str());
return 0;
}
auto my_lua_state = odp_thread_local_ctxt->get_lua_state();
if (!my_lua_state)
{
- appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: no LUA state\n", package_info.name.c_str());
+ APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: no LUA state\n", package_info.name.c_str());
lua_settop(my_lua_state, 0);
return APPID_ENULL;
}
// Runtime Lua errors are suppressed in production code since detectors are written for
// efficiency and with defensive minimum checks. Errors are dealt as exceptions
// that don't impact processing by other detectors or future packets by the same detector.
- appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: error validating %s\n",
+ APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: error validating %s\n",
package_info.name.c_str(), lua_tostring(my_lua_state, -1));
ldp.pkt = nullptr;
odp_thread_local_ctxt->free_detector_flow();
/* retrieve result */
if (!lua_isnumber(my_lua_state, -1))
{
- appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: returned non-numeric value\n",
+ APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: returned non-numeric value\n",
package_info.name.c_str());
ldp.pkt = nullptr;
lua_settop(my_lua_state, 0);
{
auto my_lua_state = odp_thread_local_ctxt->get_lua_state();
if (lua_gettop(my_lua_state))
- appid_log(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before service validate\n",
+ APPID_LOG(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before service validate\n",
lua_gettop(my_lua_state));
std::string name = this->name + "_";
{
auto my_lua_state = odp_thread_local_ctxt->get_lua_state();
if (lua_gettop(my_lua_state))
- appid_log(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before client validate\n",
+ APPID_LOG(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before client validate\n",
lua_gettop(my_lua_state));
std::string name = this->name + "_";
if (line.find(OPEN_DETECTOR_PACKAGE_VERSION) == 0)
{
line = line.substr(strlen(OPEN_DETECTOR_PACKAGE_VERSION));
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Open Detector Package(ODP) Version: %s\n", line.c_str());
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Open Detector Package(ODP) Version: %s\n", line.c_str());
break;
}
}
if (!L)
{
if (is_control)
- appid_log(nullptr, TRACE_CRITICAL_LEVEL,
+ APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL,
"Error - appid: can not create new luaState, control instance\n");
else
- appid_log(nullptr, TRACE_ERROR_LEVEL,
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL,
"Error - appid: can not create new luaState, instance=%u\n", get_instance_id());
}
}
if (L)
{
if (lua_gettop(L))
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector unload\n",
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector unload\n",
lua_gettop(L));
for ( auto& lua_object : allocated_objects )
if ( lua_pcall(L, 1, 1, 0) )
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not cleanup the %s client app element: %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not cleanup the %s client app element: %s\n",
lsd->package_info.name.c_str(), lua_tostring(L, -1));
}
}
{
lua_pushinteger (L, numTrackers);
if (lua_pcall(L, 1, 0, 0) != 0 and init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: activating lua detector. "
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: activating lua detector. "
"Setting tracker size to %u failed.\n", numTrackers);
}
}
{
lua_pushinteger (L, numTrackers);
if (lua_pcall(L, 1, 0, 0) != 0 and init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: setting tracker size\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: setting tracker size\n");
}
}
int c = detector_file.peek();
detector_file.close();
if (c != EOF)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo table from %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo table from %s\n",
detector_name);
}
if (!lua_isnil(L, -1)) // pop DetectorPackageInfo index if it was pushed
if (!get_lua_field(L, -1, "name", log_name))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'name' from %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'name' from %s\n",
detector_name);
lua_pop(L, 1);
return nullptr;
if (!get_lua_field(L, -1, "proto", proto))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'proto' from %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'proto' from %s\n",
detector_name);
lua_pop(L, 1);
return nullptr;
detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt());
}
else if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field"
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field"
" 'client' or 'server' from %s\n", detector_name);
lua_pop(L, 1); // pop server table
if (luaL_loadbuffer(L, buf.c_str(), buf.length(), detector_filename))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1));
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1));
lua_pop(L, 1);
return false;
}
if (luaL_loadfile(L, detector_filename))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1));
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1));
lua_pop(L, 1);
return false;
}
if (lua_dump(L, dump, &buf))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not compile Lua detector, %s\n", lua_tostring(L, -1));
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not compile Lua detector, %s\n", lua_tostring(L, -1));
lua_pop(L, 1);
return false;
}
lua_setfenv(L, -2);
if (lua_pcall(L, 0, 0, 0))
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not set env of Lua detector %s : %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not set env of Lua detector %s : %s\n",
detector_filename, lua_tostring(L, -1));
lua_pop(L, 1);
return false;
void LuaDetectorManager::activate_lua_detectors(const SnortConfig* sc)
{
if (lua_gettop(L))
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector activate\n",
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector activate\n",
lua_gettop(L));
uint32_t lua_tracker_size = compute_lua_tracker_size(MAX_MEMORY_FOR_LUA_DETECTORS, allocated_objects.size());
if (!lua_isfunction(L, -1))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load DetectorInit function from %s\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load DetectorInit function from %s\n",
(*lo)->get_detector()->get_name().c_str());
if (!(*lo)->get_detector()->is_custom_detector())
num_odp_detectors--;
if (lua_pcall(L, 2, 1, 0))
{
if (init(L))
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not run DetectorInit, %s\n", lua_tostring(L, -1));
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not run DetectorInit, %s\n", lua_tostring(L, -1));
if (!(*lo)->get_detector()->is_custom_detector())
num_odp_detectors--;
lua_settop(L, 0);
}
if (size > MAX_LUA_DETECTOR_FILE_SIZE)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector %s : \
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector %s : \
size exceeded maximum limit\n", detector_file_path);
file.close();
return;
std::ifstream file(required_lua_detectors);
if (!file)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not open required lua detectors list file %s\n", required_lua_detectors);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not open required lua detectors list file %s\n", required_lua_detectors);
}
else
{
std::string line;
int lua_top = lua_gettop(L);
if (lua_top)
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", lua_top);
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", lua_top);
while (std::getline(file, line))
{
std::string full_path = std::string(path) + "/" + line;
if (rval == 0 )
{
if (lua_gettop(L))
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n",
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n",
lua_gettop(L));
for (unsigned n = 0; n < globs.gl_pathc; n++)
int memory_used_by_lua = lua_gc(L, LUA_GCCOUNT, 0);
#endif
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: control instance, odp detectors %zu, custom detectors %zu,"
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: control instance, odp detectors %zu, custom detectors %zu,"
" total memory %d kb\n", num_odp_detectors, (allocated_objects.size() - num_odp_detectors), memory_used_by_lua);
}
int memory_used_by_lua = lua_gc(L, LUA_GCCOUNT, 0);
#endif
- appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: instance %u, odp detectors %zu, custom detectors %zu,"
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: instance %u, odp detectors %zu, custom detectors %zu,"
" total memory %d kb\n", get_instance_id(), num_odp_detectors,
(allocated_objects.size() - num_odp_detectors), memory_used_by_lua);
}
if (match != alpn_load_list.end())
{
if ((*match)->app_id != app_id)
- appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - alpn '%s' for service app %d is already "
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - alpn '%s' for service app %d is already "
"mapped to service app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id,
(*match)->app_id);
}
AppIdInspector* inspector =
(AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true);
if (inspector and inspector->get_ctxt().config.log_alpn_service_mappings)
- appid_log(nullptr, TRACE_INFO_LEVEL, "Adding ALPN service App pattern %d %s\n",
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Adding ALPN service App pattern %d %s\n",
p->app_id, p->pattern.c_str());
#endif
}
}
else
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol (%u) specified for service %s.\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol (%u) specified for service %s.\n",
(unsigned)pp.proto, service->get_name().c_str());
return 0;
}
if ( sds_state == ServiceState::FAILED )
{
- appid_log(p, TRACE_DEBUG_LEVEL, "No service match, failed state\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service match, failed state\n");
fail_service(asd, p, dir, nullptr, sds);
return APPID_NOMATCH;
}
else if (ret == APPID_NOT_COMPATIBLE)
got_incompatible_service = true;
asd.service_search_state = SESSION_SERVICE_SEARCH_STATE::PENDING;
- appid_log(p, TRACE_DEBUG_LEVEL, "%s service detector returned %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s service detector returned %s (%d)\n",
asd.service_detector->get_log_name().c_str(),
asd.service_detector->get_code_string((APPID_STATUS_CODE)ret), ret);
}
int result;
result = service->validate(args);
- appid_log(p, TRACE_DEBUG_LEVEL, "%s service candidate returned %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s service candidate returned %s (%d)\n",
service->get_log_name().c_str(), service->get_code_string((APPID_STATUS_CODE)result), result);
if ( result == APPID_SUCCESS )
if (asd.has_no_service_inspector() or (proto == IpProtocol::UDP))
got_fail_service = true;
else if (!asd.service_detector and !asd.has_no_service_candidate())
- appid_log(p, TRACE_DEBUG_LEVEL, "No service candidate, wait for snort service inspection\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service candidate, wait for snort service inspection\n");
asd.set_no_service_candidate();
}
asd.is_decrypted(), true);
// Don't log this if fail service is not due to empty list
if (!(got_fail_service and asd.service_detector))
- appid_log(p, TRACE_DEBUG_LEVEL, "No service %s\n", got_fail_service ? "candidate" : "detector");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service %s\n", got_fail_service ? "candidate" : "detector");
got_fail_service = true;
fail_service(asd, p, dir, nullptr, sds);
ret = APPID_NOMATCH;
if ( entry && entry->service_detector &&
!(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL) )
{
- appid_log(p, TRACE_DEBUG_LEVEL, "Stop service detection\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Stop service detection\n");
asd.stop_service_inspection(p, direction);
}
}
rd->state = REXEC_STATE_PORT;
}
// cppcheck-suppress nullPointerRedundantCheck
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "rexec state %d\n", rd->state);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "rexec state %d\n", rd->state);
switch (rd->state) // cppcheck-suppress nullPointerRedundantCheck
{
}
// cppcheck-suppress nullPointerRedundantCheck
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "RSHELL state %d\n",rd->state);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "RSHELL state %d\n",rd->state);
switch (rd->state) // cppcheck-suppress nullPointerRedundantCheck
{
if (snmp_verify_packet(&data, data+size, &pdu, &version))
{
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "SNMP payload verify failed\n");
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "SNMP payload verify failed\n");
if (args.asd.get_session_flags(APPID_SESSION_UDP_REVERSED))
{
if (args.dir == APP_ID_FROM_RESPONDER)
}
}
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "SNMP state %d\n", sd->state);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "SNMP state %d\n", sd->state);
switch (sd->state)
{
data_add(args.asd, td, &snort_free);
td->state = TFTP_STATE_CONNECTION;
}
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP state %d\n", td->state);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP state %d\n", td->state);
if (td->state == TFTP_STATE_CONNECTION && args.dir == APP_ID_FROM_RESPONDER)
goto fail;
case TFTP_STATE_TRANSFER:
if ((mode=tftp_verify_header(data, size, &block)) < 0)
{
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n");
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n");
goto fail;
}
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d and block %u\n", mode, (unsigned)block);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d and block %u\n", mode, (unsigned)block);
if (mode == TFTP_STATE_ACK)
{
if (block != 0)
goto fail;
else
{
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n");
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n");
goto bail;
}
}
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d\n", mode);
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d\n", mode);
if (mode == TFTP_STATE_ERROR)
{
td->state = TFTP_STATE_TRANSFER;
}
if (args.dir == APP_ID_FROM_INITIATOR && mode != TFTP_STATE_DATA)
{
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP bad mode\n");
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP bad mode\n");
goto bail;
}
if (args.dir == APP_ID_FROM_RESPONDER && mode != TFTP_STATE_ACK)
return APPID_INPROCESS;
success:
- appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP success\n");
+ APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP success\n");
return add_service(args.change_bits, args.asd, args.pkt, args.dir, APP_ID_TFTP);
bail:
service = tcp_brute_force_mgr->current();
}
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more TCP detectors");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more TCP detectors");
}
else if (proto == IpProtocol::UDP)
{
service = udp_brute_force_mgr->current();
}
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more UDP detectors");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more UDP detectors");
}
else
service = nullptr;
ipstr[0] = 0;
sfip_ntop(ip, ipstr, sizeof(ipstr));
- appid_log(CURRENT_PACKET, TRACE_ERROR_LEVEL, "Failed to remove from hash: %s:%u:%hu\n", ipstr,
+ APPID_LOG(CURRENT_PACKET, TRACE_ERROR_LEVEL, "Failed to remove from hash: %s:%u:%hu\n", ipstr,
(unsigned)proto, port);
}
}
if ( !asd.tsession->get_tls_host() and (field=attribute_data.quic_sni()) != nullptr )
{
- appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Flow is QUIC\n");
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Flow is QUIC\n");
asd.tsession->set_tls_host(field->c_str(), field->size(), change_bits);
if ( asd.get_service_id() <= APP_ID_NONE )
asd.set_service_appid_data(APP_ID_QUIC, change_bits);
if ( contains(proto_list, APP_ID_HTTP) )
{
- appid_log(&p, TRACE_DEBUG_LEVEL, "Flow is HTTP\n");
+ APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Flow is HTTP\n");
asd.set_session_flags(APPID_SESSION_HTTP_SESSION);
}
if ( contains(proto_list, APP_ID_SPDY) )
{
- appid_log(&p, TRACE_DEBUG_LEVEL, "Flow is SPDY\n");
+ APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Flow is SPDY\n");
asd.set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_SPDY_SESSION);
}
{
asd.tp_reinspect_by_initiator = true;
asd.set_session_flags(APPID_SESSION_APP_REINSPECT);
- appid_log(p, TRACE_DEBUG_LEVEL, "3rd party allow reinspect http\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party allow reinspect http\n");
// If on reinspection, payload is found, a new record would be inserted for that
// payload, only for the time and packets processed from this point onwards
if ( p->ptrs.ip_api.tos() == 8 )
{
asd.set_payload_id(APP_ID_SFTP);
- appid_log(p, TRACE_DEBUG_LEVEL, "Payload is SFTP\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Payload is SFTP\n");
}
return true;
TpAppIdCreateSession tpsf = tph->tpsession_factory();
if ( !(asd.tpsession = tpsf(tp_appid_ctxt)) )
{
- appid_log(p, TRACE_ERROR_LEVEL, "Could not allocate asd.tpsession data");
+ APPID_LOG(p, TRACE_ERROR_LEVEL, "Could not allocate asd.tpsession data");
return false;
}
}
}
const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "3rd party returned %s (%d)\n", app_name ? app_name : "unknown", tp_app_id);
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party returned %s (%d)\n", app_name ? app_name : "unknown", tp_app_id);
process_third_party_results(*p, asd, tp_confidence, tp_proto_list, tp_attribute_data, change_bits);
if (tp_app_id == APP_ID_SSH)
{
- appid_log(p, TRACE_DEBUG_LEVEL, "Setting the ignore and early detection flag\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "Setting the ignore and early detection flag\n");
asd.get_odp_ctxt().get_app_info_mgr().set_app_info_flags(tp_app_id, APPINFO_FLAG_IGNORE);
asd.set_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL);
asd.expected_external_app_id = tp_app_id;
if ( app_info_flags & APPINFO_FLAG_IGNORE )
{
- appid_log(p, TRACE_DEBUG_LEVEL, "3rd party ignored\n");
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party ignored\n");
if (asd.get_session_flags(APPID_SESSION_HTTP_SESSION))
tp_app_id = APP_ID_HTTP;
asd.set_port_service_id(portAppId);
const char *service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
const char *port_service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id());
- appid_log(p, TRACE_DEBUG_LEVEL, "SSL is service %s (%d), portServiceAppId %s (%d)\n",
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSL is service %s (%d), portServiceAppId %s (%d)\n",
service_name ? service_name : "unknown", tp_app_id,
port_service_name ? port_service_name : "unknown", asd.get_port_service_id());
}
asd.set_tp_payload_app_id(*p, direction, tp_app_id, change_bits);
tp_app_id = portAppId;
const char *tp_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
- appid_log(p, TRACE_DEBUG_LEVEL, "SSL is %s (%d)\n", tp_app_name ? tp_app_name : "unknown", tp_app_id);
+ APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSL is %s (%d)\n", tp_app_name ? tp_app_name : "unknown", tp_app_id);
}
snort_app_id = APP_ID_SSL;
}
self->tp_so_handle = dlopen(path, RTLD_NOW | RTLD_LOCAL);
if (self->tp_so_handle == nullptr)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to load 3rd party AppID library: %s - %s\n", path, dlerror());
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to load 3rd party AppID library: %s - %s\n", path, dlerror());
return false;
}
if (*(index->local_sym) == nullptr)
{
char* error;
- appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: Failed to resolve symbol: %s %s\n", index->lib_sym,
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: Failed to resolve symbol: %s %s\n", index->lib_sym,
(error = dlerror()) ? error : "");
dlclose(self->tp_so_handle);
self->tp_so_handle = nullptr;
ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config);
if (tp_appid_ctxt == nullptr)
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to create third party appId context.\n");
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to create third party appId context.\n");
dlclose(self->tp_so_handle);
self->tp_so_handle = nullptr;
return nullptr;
if ( (tp_appid_ctxt->get_api_version() != THIRD_PARTY_APPID_API_VERSION)
|| (tp_appid_ctxt->module_name().empty()) )
{
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Ignoring incomplete 3rd party AppID module (%s, %u, %s)!\n",
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Ignoring incomplete 3rd party AppID module (%s, %u, %s)!\n",
config.tp_appid_path.c_str(), tp_appid_ctxt->get_api_version(),
tp_appid_ctxt->module_name().empty() ? "empty" : tp_appid_ctxt->module_name().c_str());
ret = self->tp_appid_tfini();
if (ret != 0)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not terminate packet thread in 3rd party AppID module (%d)!\n", ret);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not terminate packet thread in 3rd party AppID module (%d)!\n", ret);
}
void TPLibHandler::pfini()
ret = self->tp_appid_pfini();
if (ret != 0)
- appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not terminate 3rd party AppID module (%d)!\n", ret);
+ APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not terminate 3rd party AppID module (%d)!\n", ret);
AppIdContext::delete_tp_appid_ctxt();
{
if (user_data_maps[table].find(key) != user_data_maps[table].end())
{
- appid_log(nullptr, TRACE_WARNING_LEVEL,"ignoring duplicate key %s in table %s",
+ APPID_LOG(nullptr, TRACE_WARNING_LEVEL,"ignoring duplicate key %s in table %s",
key.c_str(), table.c_str());
return;
}
projects / thirdparty / snort3.git / commitdiff
