*/
static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p)
{
- GenericVar *gv = p->flow->flowvar;
- while (gv != NULL) {
- if (gv->type == DETECT_FLOWBITS) {
- FlowBit *fb = (FlowBit *) gv;
- MemBufferWriteString(aft->buffer, "FLOWBIT idx(%"PRIu32")\n", fb->idx);
+ int i;
+ for (i = 0; i < p->debuglog_flowbits_names_len; i++) {
+ if (p->debuglog_flowbits_names[i] != NULL) {
+ MemBufferWriteString(aft->buffer, "FLOWBIT: %s\n",
+ p->debuglog_flowbits_names[i]);
}
- gv = gv->next;
}
+
+ SCFree(p->debuglog_flowbits_names);
+ p->debuglog_flowbits_names = NULL;
+ p->debuglog_flowbits_names_len = 0;
+
+ return;
}
/**
#include "detect.h"
#include "flow.h"
#include "flow-private.h"
+#include "flow-bit.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "stream-tcp.h"
#include "stream-tcp-inline.h"
+#include "util-var-name.h"
#include "util-classification-config.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-vector.h"
#include "util-path.h"
+#include "runmodes.h"
+
extern uint8_t engine_mode;
extern int engine_analysis;
}
#endif
+static void AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(Packet *p, DetectEngineCtx *de_ctx)
+{
+#define MALLOC_JUMP 5
+
+ int i = 0;
+
+ GenericVar *gv = p->flow->flowvar;
+
+ while (gv != NULL) {
+ i++;
+ gv = gv->next;
+ }
+ if (i == 0)
+ return;
+
+ p->debuglog_flowbits_names_len = i;
+
+ p->debuglog_flowbits_names = SCMalloc(sizeof(char *) *
+ p->debuglog_flowbits_names_len);
+ if (p->debuglog_flowbits_names == NULL) {
+ return;
+ }
+ memset(p->debuglog_flowbits_names, 0,
+ sizeof(char *) * p->debuglog_flowbits_names_len);
+
+ i = 0;
+ gv = p->flow->flowvar;
+ while (gv != NULL) {
+ if (gv->type != DETECT_FLOWBITS) {
+ gv = gv->next;
+ continue;
+ }
+
+ FlowBit *fb = (FlowBit *) gv;
+ char *name = VariableIdxGetName(de_ctx, fb->idx, fb->type);
+ if (name != NULL) {
+ p->debuglog_flowbits_names[i] = SCStrdup(name);
+ if (p->debuglog_flowbits_names[i] == NULL) {
+ return;
+ }
+ i++;
+ }
+
+ if (i == p->debuglog_flowbits_names_len) {
+ p->debuglog_flowbits_names_len += MALLOC_JUMP;
+ p->debuglog_flowbits_names = SCRealloc(p->debuglog_flowbits_names,
+ sizeof(char *) *
+ p->debuglog_flowbits_names_len);
+ if (p->debuglog_flowbits_names == NULL) {
+ return;
+ }
+ memset(p->debuglog_flowbits_names +
+ p->debuglog_flowbits_names_len - MALLOC_JUMP,
+ 0, sizeof(char *) * MALLOC_JUMP);
+ }
+
+ gv = gv->next;
+ }
+
+ return;
+}
+
/**
* \brief Signature match function
*
reset_de_state = 1;
p->flow->de_ctx_id = de_ctx->id;
+ GenericVarFree(p->flow->flowvar);
+ p->flow->flowvar = NULL;
}
/* set the iponly stuff */
}
FLOWLOCK_WRLOCK(p->flow);
+ if (debuglog_enabled) {
+ if (p->alerts.cnt > 0) {
+ AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(p, de_ctx);
+ }
+ }
+
if (!(sms_runflags & SMS_USE_FLOW_SGH)) {
if (p->flowflags & FLOW_PKT_TOSERVER && !(p->flow->flags & FLOW_SGH_TOSERVER)) {
/* first time we see this toserver sgh, store it */
#include "source-pfring.h"
+int debuglog_enabled = 0;
+
/**
* \brief Holds description for a runmode.
*/
"TmModuleGetByName for %s failed", module->name);
exit(EXIT_FAILURE);
}
+ if (strcmp(tmm_modules[TMM_ALERTDEBUGLOG].name, tm_module->name) == 0)
+ debuglog_enabled = 1;
+
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (runmode_output == NULL)
return;
projects / thirdparty / suricata.git / commitdiff
