tag: add some debug statements

diff --git a/src/detect-engine-tag.c b/src/detect-engine-tag.c
index 66659ece234fce31db5beca2b035e63b74a9bfa8..d8b3eb1433ac1046798b8e9e495fb8ba65932d0e 100644 (file)
--- a/src/detect-engine-tag.c
+++ b/src/detect-engine-tag.c
@@ -120,7 +120,7 @@ static DetectTagDataEntry *DetectTagDataCopy(DetectTagDataEntry *dtd)
 int TagFlowAdd(Packet *p, DetectTagDataEntry *tde)
 {
     uint8_t updated = 0;
-    uint16_t num_tags = 0;
+    uint16_t tag_cnt = 0;
     DetectTagDataEntry *iter = NULL;
 
     if (p->flow == NULL)
@@ -131,7 +131,7 @@ int TagFlowAdd(Packet *p, DetectTagDataEntry *tde)
     if (iter != NULL) {
         /* First iterate installed entries searching a duplicated sid/gid */
         for (; iter != NULL; iter = iter->next) {
-            num_tags++;
+            tag_cnt++;
 
             if (iter->sid == tde->sid && iter->gid == tde->gid) {
                 iter->cnt_match++;
@@ -151,15 +151,16 @@ int TagFlowAdd(Packet *p, DetectTagDataEntry *tde)
     }
 
     /* If there was no entry of this rule, prepend the new tde */
-    if (updated == 0 && num_tags < DETECT_TAG_MAX_TAGS) {
+    if (updated == 0 && tag_cnt < DETECT_TAG_MAX_TAGS) {
         DetectTagDataEntry *new_tde = DetectTagDataCopy(tde);
         if (new_tde != NULL) {
             new_tde->next = FlowGetStorageById(p->flow, flow_tag_id);
             FlowSetStorageById(p->flow, flow_tag_id, new_tde);
+            SCLogDebug("adding tag with first_ts %u", new_tde->first_ts);
             (void) SC_ATOMIC_ADD(num_tags, 1);
         }
-    } else if (num_tags == DETECT_TAG_MAX_TAGS) {
-        SCLogDebug("Max tags for sessions reached (%"PRIu16")", num_tags);
+    } else if (tag_cnt == DETECT_TAG_MAX_TAGS) {
+        SCLogDebug("Max tags for sessions reached (%"PRIu16")", tag_cnt);
     }
 
     FLOWLOCK_UNLOCK(p->flow);
@@ -328,6 +329,9 @@ static void TagHandlePacketFlow(Flow *f, Packet *p)
                     /* last_ts handles this metric, but also a generic time based
                      * expiration to prevent dead sessions/hosts */
                     if (iter->last_ts - iter->first_ts > iter->count) {
+                        SCLogDebug("flow tag expired: %u - %u = %u > %u",
+                            iter->last_ts, iter->first_ts,
+                            (iter->last_ts - iter->first_ts), iter->count);
                         /* tag expired */
                         if (prev != NULL) {
                             tde = iter;
@@ -485,10 +489,12 @@ void TagHandlePacketHost(Host *host, Packet *p)
 void TagHandlePacket(DetectEngineCtx *de_ctx,
                      DetectEngineThreadCtx *det_ctx, Packet *p)
 {
+    SCEnter();
+
     /* If there's no tag, get out of here */
     unsigned int current_tags = SC_ATOMIC_GET(num_tags);
     if (current_tags == 0)
-        return;
+        SCReturn;
 
     /* First update and get session tags */
     if (p->flow != NULL) {
@@ -511,6 +517,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx,
         }
         HostRelease(dst);
     }
+    SCReturn;
 }
 
 /**

diff --git a/src/detect-tag.c b/src/detect-tag.c
index c53766de3eafb687eac6e67119c7c819b46df75c..50e2740e27afa3b24cb4153cb6d5516686aeb6c7 100644 (file)
--- a/src/detect-tag.c
+++ b/src/detect-tag.c
@@ -135,6 +135,7 @@ int DetectTagMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si
             break;
         case DETECT_TAG_TYPE_SESSION:
             if (p->flow != NULL) {
+                SCLogDebug("Setting up tag for flow");
                 /* If it already exists it will be updated */
                 tde.sid = s->id;
                 tde.gid = s->gid;
@@ -142,6 +143,8 @@ int DetectTagMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si
                 tde.metric = td->metric;
                 tde.count = td->count;
 
+                SCLogDebug("Adding to or updating flow; first_ts %u count %u",
+                    tde.first_ts, tde.count);
                 TagFlowAdd(p, &tde);
             } else {
                 SCLogDebug("No flow to append the session tag");