Pull request #4344: stream_tcp: add CDB for stream_tcp

Merge in SNORT/snort3 from ~AKAYAMBU/snort3:cbd_stream_tcp to master

Squashed commit of the following:

commit 42be43a84ccd4c71eb690ea10d691f5c113d8e66
Author: Arunkumar Kayambu <akayambu@cisco.com>
Date:   Fri Jun 7 03:43:30 2024 -0400

    stream_tcp: support tracing without compilation flags

diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc
index 1d80f624f484ecfdf1e54e0f534ec9cf31b433fd..0bfe2f7c9cda8ac5a7e6634d68e214683bd30e27 100644 (file)
--- a/src/stream/tcp/tcp_module.cc
+++ b/src/stream/tcp/tcp_module.cc
@@ -22,15 +22,15 @@
 #include "config.h"
 #endif
 
-#include "tcp_module.h"
-#include "tcp_normalizer.h"
-
 #include "main/snort_config.h"
 #include "profiler/profiler_defs.h"
 #include "stream/paf.h"
 #include "stream/paf_stats.h"
 #include "trace/trace.h"
+#include "trace/trace_api.h"
 
+#include "tcp_module.h"
+#include "tcp_normalizer.h"
 #include "tcp_trace.h"
 
 using namespace snort;
@@ -42,8 +42,8 @@ using namespace snort;
 THREAD_LOCAL ProfileStats s5TcpPerfStats;
 
 THREAD_LOCAL const Trace* stream_tcp_trace = nullptr;
+THREAD_LOCAL bool stream_tcp_trace_enabled = false;
 
-#ifdef DEBUG_MSGS
 static const TraceOption stream_tcp_trace_options[] =
 {
     { "segments", TRACE_SEGMENTS, "enable stream TCP segments trace logging" },
@@ -51,7 +51,6 @@ static const TraceOption stream_tcp_trace_options[] =
 
     { nullptr, 0, nullptr }
 };
-#endif
 
 const PegInfo tcp_pegs[] =
 {
@@ -276,15 +275,15 @@ StreamTcpModule::StreamTcpModule() :
 }
 
 void StreamTcpModule::set_trace(const Trace* trace) const
-{ stream_tcp_trace = trace; }
+{
+    stream_tcp_trace = trace;
+    stream_tcp_trace_enabled = trace_enabled(stream_tcp_trace, TRACE_SEGMENTS) ||
+                                   trace_enabled(stream_tcp_trace, TRACE_STATE);
+}
 
 const TraceOption* StreamTcpModule::get_trace_options() const
 {
-#ifndef DEBUG_MSGS
-    return nullptr;
-#else
     return stream_tcp_trace_options;
-#endif
 }
 
 const RuleMap* StreamTcpModule::get_rules() const

diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h
index 06b196b3d3ff963126e56746d123fec42693c481..6ed90c3c142eae1f81f6f176a748b945f0e91f28 100644 (file)
--- a/src/stream/tcp/tcp_module.h
+++ b/src/stream/tcp/tcp_module.h
@@ -124,6 +124,7 @@ struct TcpStats
 };
 
 extern THREAD_LOCAL struct TcpStats tcpStats;
+extern THREAD_LOCAL bool stream_tcp_trace_enabled;
 
 //-------------------------------------------------------------------------
 // stream_tcp module

diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc
index 84c080f4037cce36c3bfb8452a302035fc999d14..4681baa63d70f2cc1c5bf32317fcd1daf1b0305d 100644 (file)
--- a/src/stream/tcp/tcp_normalizer.cc
+++ b/src/stream/tcp/tcp_normalizer.cc
@@ -27,7 +27,7 @@
 
 #include "stream/stream.h"
 #include "packet_io/packet_tracer.h"
-
+#include "trace/trace_api.h"
 #include "tcp_module.h"
 #include "tcp_stream_session.h"
 #include "tcp_stream_tracker.h"
@@ -517,6 +517,8 @@ void TcpNormalizer::log_drop_reason(TcpNormalizerState& tns, const TcpSegmentDes
         tsd.get_pkt()->active->set_drop_reason(issuer);
         if (PacketTracer::is_active())
             PacketTracer::log("%s", log.c_str());
+        if (stream_tcp_trace_enabled)
+            trace_logf(TRACE_WARNING_LEVEL, stream_tcp_trace, DEFAULT_TRACE_OPTION_ID, tsd.get_pkt(), "%s", log.c_str());
     }
 }
 

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index a0c4e39a8ed049f9c2359941e296dae40e461025..6c0efd45d9e53e1704c6265145643ddaaa04a740 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -64,6 +64,7 @@
 #include "tcp_segment_node.h"
 #include "tcp_state_machine.h"
 #include "tcp_trace.h"
+#include "trace/trace_api.h"
 
 using namespace snort;
 
@@ -1141,7 +1142,8 @@ int TcpSession::process_tcp_packet(TcpSegmentDescriptor& tsd, const Packet* p)
     tsm->eval(tsd);
     check_events_and_actions(tsd);
 
-    S5TraceTCP(tsd, p);
+    if ( stream_tcp_trace_enabled )
+        S5TraceTCP(tsd, p);
 
     return ACTION_NOTHING;
 }

diff --git a/src/stream/tcp/tcp_trace.cc b/src/stream/tcp/tcp_trace.cc
index bfbf7ee4e82ea1044aa473f5113b3711d54a33ca..63544ff0aff5f0949aa7a3b0742d4c123cf673c9 100644 (file)
--- a/src/stream/tcp/tcp_trace.cc
+++ b/src/stream/tcp/tcp_trace.cc
@@ -42,9 +42,6 @@ const char* stream_tcp_state_to_str(const TcpStreamTracker& t)
     return statext[t.get_tcp_state()];
 }
 
-#ifndef DEBUG_MSGS
-void S5TraceTCP(const TcpSegmentDescriptor&, const snort::Packet*) { }
-#else
 #define LCL(p, x) ((p).x() - (p).get_iss())
 #define RMT(p, x, q) ((p).x - (q).get_iss())
 
@@ -77,7 +74,7 @@ inline void TraceEvent(const TcpSegmentDescriptor& tsd, uint32_t txd, uint32_t r
     uint32_t rseq = txd ? tsd.get_seq() - txd : tsd.get_seq();
     uint32_t rack = rxd ? tsd.get_ack() - rxd : tsd.get_ack();
 
-    debug_logf(stream_tcp_trace, TRACE_STATE, p,
+    trace_logf(DEFAULT_TRACE_LOG_LEVEL, stream_tcp_trace, TRACE_STATE, p,
         FMTu64("-3") " %s %s=0x%02x Seq=%-4u Ack=%-4u Win=%-4u Len=%-4hu%s\n",
         tsd.get_packet_number(), meta_ack_marker, flags, h->th_flags, rseq, rack, tsd.get_wnd(),
         tsd.get_len(), order);
@@ -85,7 +82,7 @@ inline void TraceEvent(const TcpSegmentDescriptor& tsd, uint32_t txd, uint32_t r
 
 inline void TraceSession(const snort::Flow* flow, const snort::Packet* p)
 {
-    debug_logf(stream_tcp_trace, TRACE_STATE, p,
+    trace_logf(DEFAULT_TRACE_LOG_LEVEL, stream_tcp_trace, TRACE_STATE, p,
         "      LWS: ST=0x%x SF=0x%x CP=%hu SP=%hu\n", (unsigned)flow->session_state,
         flow->ssn_state.session_flags, flow->client_port, flow->server_port);
 }
@@ -123,7 +120,7 @@ inline void TraceSegments(const TcpReassemblerPolicy& trp, const snort::Packet*
     }
 
     if ( !ss.str().empty() )
-        debug_logf(stream_tcp_trace, TRACE_SEGMENTS, p, "       %s\n", ss.str().c_str());
+        trace_logf(DEFAULT_TRACE_LOG_LEVEL, stream_tcp_trace, TRACE_SEGMENTS, p, "       %s\n", ss.str().c_str());
 
     assert(trp.trs.sos.seg_count == segs);
     assert(trp.trs.sos.seg_bytes_logical == bytes);
@@ -135,7 +132,7 @@ inline void TraceState(const TcpStreamTracker& a, const TcpStreamTracker& b, con
     uint32_t ua = a.get_snd_una() ? LCL(a, get_snd_una) : 0;
     uint32_t ns = a.get_snd_nxt() ? LCL(a, get_snd_nxt) : 0;
 
-    debug_logf(stream_tcp_trace, TRACE_STATE, p,
+    trace_logf(DEFAULT_TRACE_LOG_LEVEL, stream_tcp_trace, TRACE_STATE, p,
         "      %s ST=%s      UA=%-4u NS=%-4u LW=%-5u RN=%-4u RW=%-4u ISS=%-4u IRS=%-4u\n",
         s, stream_tcp_state_to_str(a), ua, ns, a.get_snd_wnd( ),
         RMT(a, rcv_nxt, b), RMT(a, r_win_base, b), a.get_iss(), a.get_irs());
@@ -143,7 +140,7 @@ inline void TraceState(const TcpStreamTracker& a, const TcpStreamTracker& b, con
     unsigned paf = a.is_splitter_paf() ? 2 : 0;
     unsigned fpt = a.get_flush_policy() ? 192 : 0;
 
-    debug_logf(stream_tcp_trace, TRACE_STATE, p,
+    trace_logf(DEFAULT_TRACE_LOG_LEVEL, stream_tcp_trace, TRACE_STATE, p,
         "           FP=%s:%-4u SC=%-4u FL=%-4u SL=%-5u BS=%-4u\n",
         flushxt[a.get_flush_policy() + paf], fpt,
         a.reassembler.get_seg_count(), a.reassembler.get_flush_count(),
@@ -189,5 +186,4 @@ void S5TraceTCP(const TcpSegmentDescriptor& tsd, const snort::Packet* p)
     TraceState(srv, cli, sdir, p);
 }
 
-#endif // DEBUG_MSGS