void alert(Packet*, const char* msg, const Event&) override;
+private:
+ void log_data(Packet*, const Event&);
+
private:
string file;
unsigned long limit;
TextLog_Print(fast_log, "{%s} ", p->get_type());
LogIpAddrs(fast_log, p);
- // log packet (p) if this is not an http request with one or more buffers
- // because in that case packet data is also in http_headers or http_client_body
- // only http provides buffers at present; http_raw_status is always
- // available if a response was processed by http_inspect
- bool log_pkt = true;
-
if ( packet || SnortConfig::output_app_data() )
{
- TextLog_NewLine(fast_log);
- Inspector* gadget = p->flow ? p->flow->gadget : nullptr;
- const char** buffers = gadget ? gadget->get_api()->buffers : nullptr;
+ log_data(p, event);
+ }
+ TextLog_NewLine(fast_log);
+ TextLog_Flush(fast_log);
+}
- if ( buffers )
- {
- InspectionBuffer buf;
- const std::vector<unsigned>& idv = gadget->get_buf(HttpEnums::HTTP_BUFFER_RAW_STATUS,
- p, buf) ? rsp_ids : req_ids;
- bool rsp = (idv == rsp_ids);
+// log packet (p) if this is not an http request with one or more buffers
+// because in that case packet data is also in http_headers or http_client_body
+// only http provides buffers at present; http_raw_status is always
+// available if a response was processed by http_inspect
+void FastLogger::log_data(Packet* p, const Event& event)
+{
+ bool log_pkt = true;
- for ( auto id : idv )
- {
+ TextLog_NewLine(fast_log);
+ Inspector* gadget = p->flow ? p->flow->gadget : nullptr;
+ const char** buffers = gadget ? gadget->get_api()->buffers : nullptr;
- if ( gadget->get_buf(id, p, buf) )
- LogNetData(fast_log, buf.data, buf.len, p, buffers[id-1]);
+ if ( buffers )
+ {
+ InspectionBuffer buf;
+ const std::vector<unsigned>& idv = gadget->get_buf(HttpEnums::HTTP_BUFFER_RAW_STATUS,
+ p, buf) ? rsp_ids : req_ids;
+ bool rsp = (idv == rsp_ids);
- log_pkt = rsp;
- }
- }
- else if ( gadget )
+ for ( auto id : idv )
{
- InspectionBuffer buf;
-
- if ( gadget->get_buf(InspectionBuffer::IBT_KEY, p, buf) )
- LogNetData(fast_log, buf.data, buf.len, p);
- if ( gadget->get_buf(InspectionBuffer::IBT_HEADER, p, buf) )
- LogNetData(fast_log, buf.data, buf.len, p);
+ if ( gadget->get_buf(id, p, buf) )
+ LogNetData(fast_log, buf.data, buf.len, p, buffers[id-1]);
- if ( gadget->get_buf(InspectionBuffer::IBT_BODY, p, buf) )
- LogNetData(fast_log, buf.data, buf.len, p);
+ log_pkt = rsp;
}
- if (p->has_ip())
- LogIPPkt(fast_log, p);
+ }
+ else if ( gadget )
+ {
+ InspectionBuffer buf;
- else if ( log_pkt and p->obfuscator )
- {
- // FIXIT-P avoid string copy
- std::string buf((const char*)p->data, p->dsize);
+ if ( gadget->get_buf(InspectionBuffer::IBT_KEY, p, buf) )
+ LogNetData(fast_log, buf.data, buf.len, p);
- for ( const auto& b : *p->obfuscator )
- buf.replace(b.offset, b.length, b.length, p->obfuscator->get_mask_char());
+ if ( gadget->get_buf(InspectionBuffer::IBT_HEADER, p, buf) )
+ LogNetData(fast_log, buf.data, buf.len, p);
- LogNetData(fast_log, (const uint8_t*)buf.c_str(), p->dsize, p);
- }
- else if ( log_pkt )
- LogNetData(fast_log, p->data, p->dsize, p);
+ if ( gadget->get_buf(InspectionBuffer::IBT_BODY, p, buf) )
+ LogNetData(fast_log, buf.data, buf.len, p);
+ }
+ if (p->has_ip())
+ LogIPPkt(fast_log, p);
- DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+ else if ( log_pkt and p->obfuscator )
+ {
+ // FIXIT-P avoid string copy
+ std::string buf((const char*)p->data, p->dsize);
+
+ for ( const auto& b : *p->obfuscator )
+ buf.replace(b.offset, b.length, b.length, p->obfuscator->get_mask_char());
- if ( buf.len and event.sig_info->gid != 116 )
- LogNetData(fast_log, buf.data, buf.len, p, "alt");
+ LogNetData(fast_log, (const uint8_t*)buf.c_str(), p->dsize, p);
}
- TextLog_NewLine(fast_log);
- TextLog_Flush(fast_log);
+ else if ( log_pkt )
+ LogNetData(fast_log, p->data, p->dsize, p);
+
+ DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+
+ if ( buf.len and event.sig_info->gid != 116 )
+ LogNetData(fast_log, buf.data, buf.len, p, "alt");
}
//-------------------------------------------------------------------------
TestPacketTracer::pause();
TestPacketTracer::log("%s", test_str);
- CHECK( TestPacketTracer::get_buff()[0] == '\0' );
- CHECK( TestPacketTracer::get_buff_len() == 0 );
+ CHECK((TestPacketTracer::get_buff()[0] == '\0'));
+ CHECK((TestPacketTracer::get_buff_len() == 0));
TestPacketTracer::unpause();
TestPacketTracer::log("%s", test_str);
- CHECK( TestPacketTracer::get_buff()[0] == '\0' );
- CHECK( TestPacketTracer::get_buff_len() == 0 );
+ CHECK((TestPacketTracer::get_buff()[0] == '\0'));
+ CHECK((TestPacketTracer::get_buff_len() == 0));
TestPacketTracer::unpause();
TestPacketTracer::log("%s", test_str);
- CHECK( TestPacketTracer::get_buff()[0] == '\0' );
- CHECK( TestPacketTracer::get_buff_len() == 0 );
+ CHECK((TestPacketTracer::get_buff()[0] == '\0'));
+ CHECK((TestPacketTracer::get_buff_len() == 0));
TestPacketTracer::unpause();
TestPacketTracer::log("%s", test_str);
CHECK( !strcmp(TestPacketTracer::get_buff(), test_str) );
- CHECK( TestPacketTracer::get_buff_len() == 10 );
+ CHECK((TestPacketTracer::get_buff_len() == 10));
TestPacketTracer::thread_term();
}
TestPacketTracer::register_verdict_reason(high, PacketTracer::PRIORITY_HIGH);
// Init
- CHECK( TestPacketTracer::get_reason() == VERDICT_REASON_NO_BLOCK );
+ CHECK((TestPacketTracer::get_reason() == VERDICT_REASON_NO_BLOCK));
// Update
TestPacketTracer::set_reason(low1);
- CHECK( TestPacketTracer::get_reason() == low1 );
+ CHECK((TestPacketTracer::get_reason() == low1));
// Don't update if already set
TestPacketTracer::set_reason(VERDICT_REASON_NO_BLOCK);
- CHECK( TestPacketTracer::get_reason() == low1 );
+ CHECK((TestPacketTracer::get_reason() == low1));
TestPacketTracer::set_reason(low2);
- CHECK( TestPacketTracer::get_reason() == low1 );
+ CHECK((TestPacketTracer::get_reason() == low1));
// Always update for high priority
TestPacketTracer::set_reason(high);
- CHECK( TestPacketTracer::get_reason() == high );
+ CHECK((TestPacketTracer::get_reason() == high));
// Dump resets reason
TestPacketTracer::dump(nullptr);
- CHECK( TestPacketTracer::get_reason() == VERDICT_REASON_NO_BLOCK );
+ CHECK((TestPacketTracer::get_reason() == VERDICT_REASON_NO_BLOCK));
// Dump delivers reason to daq
- CHECK( TestPacketTracer::get_dump_reason() == high );
+ CHECK((TestPacketTracer::get_dump_reason() == high));
TestPacketTracer::thread_term();
}
std::string val = TestPacketTracer::get_buff();
std::string expected = "this should log\nthis should also log\n";
- CHECK( val == expected );
+ CHECK((val == expected));
// reset mutes
TestPacketTracer::dump(nullptr, 0);
TestPacketTracer::log(mute_1, "this should log\n");
TestPacketTracer::log(mute_2, "this should also log\n");
val = TestPacketTracer::get_buff();
- CHECK( val == expected );
+ CHECK((val == expected));
TestPacketTracer::thread_term();
}
{
global_mutes.val = 0;
- CHECK( TestPacketTracer::get_mute() == 0 );
- CHECK( TestPacketTracer::get_mute() == 1 );
- CHECK( TestPacketTracer::get_mute() == 2 );
+ CHECK((TestPacketTracer::get_mute() == 0));
+ CHECK((TestPacketTracer::get_mute() == 1));
+ CHECK((TestPacketTracer::get_mute() == 2));
// activation mid-run
TestPacketTracer::thread_init();
- CHECK( TestPacketTracer::get_mute() == 3 );
- CHECK( TestPacketTracer::get_mute() == 4 );
- CHECK( TestPacketTracer::get_mute() == 5 );
+ CHECK((TestPacketTracer::get_mute() == 3));
+ CHECK((TestPacketTracer::get_mute() == 4));
+ CHECK((TestPacketTracer::get_mute() == 5));
std::vector<bool> expected = {false, false, false, false, false, false};
CHECK( TestPacketTracer::get_mutes() == expected );
projects / thirdparty / snort3.git / commitdiff
