#define DEBUG_STREAM_STATE 0x0000000400000000LL
#define DEBUG_STREAM_PAF 0x0000000800000000LL
#define DEBUG_ASN1 0x0000002000000000LL
-#define DEBUG_SIP 0x0000100000000000LL
#define DEBUG_CODEC 0x0001000000000000LL
-#define DEBUG_INSPECTOR 0x0002000000000000LL
#define DEBUG_IPS_ACTION 0x0004000000000000LL
#define DEBUG_IPS_OPTION 0x0008000000000000LL
#define DEBUG_MPSE 0x0010000000000000LL
#define DEBUG_SO_RULE 0x0020000000000000LL
#define DEBUG_LOGGER 0x0040000000000000LL
-#define DEBUG_APPID 0x0400000000000000LL
#ifdef PIGLET
#define DEBUG_PIGLET 0x0800000000000000LL
#include "log/messages.h"
#include "log/unified2.h"
#include "main/snort_config.h"
-#include "main/snort_debug.h"
#include "target_based/snort_protocols.h"
#include "utils/util_cstring.h"
if (config_file == nullptr)
return;
- DebugFormat(DEBUG_APPID, "Loading configuration file %s\n", path);
-
while (fgets(buf, sizeof(buf), config_file) != nullptr)
{
char* context;
}
else
{
- DebugFormat(DEBUG_APPID,
- "AppId: setting max thirdparty inspection flow depth to %d packets.\n",
- max_tp_flow_depth);
config->max_tp_flow_depth = max_tp_flow_depth;
}
}
{
if (!(strcasecmp(conf_val, "enabled")))
{
- DebugMessage(DEBUG_APPID,
- "AppId: TCP probes will be analyzed by NAVL.\n");
-
config->tp_allow_probes = 1;
}
}
else if (!(strcasecmp(conf_key, "tp_client_app")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: if thirdparty reports app %d, we will use it as a client.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_TP_CLIENT);
}
else if (!(strcasecmp(conf_key, "ssl_reinspect")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: adding app %d to list of SSL apps that get more granular inspection.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT);
}
else if (!(strcasecmp(conf_key, "disable_safe_search")))
{
if (!(strcasecmp(conf_val, "disabled")))
{
- DebugMessage(DEBUG_APPID, "AppId: disabling safe search enforcement.\n");
config->safe_search_enabled = false;
}
}
else if (!(strcasecmp(conf_key, "ssl_squelch")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: adding app %d to list of SSL apps that may open a second SSL connection.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH);
}
else if (!(strcasecmp(conf_key, "defer_to_thirdparty")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: adding app %d to list of apps where we should take thirdparty ID over the NDE's.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_DEFER);
}
else if (!(strcasecmp(conf_key, "defer_payload_to_thirdparty")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: adding app %d to list of apps where we should take "
- "thirdparty payload ID over the NDE's.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_DEFER_PAYLOAD);
}
else if (!(strcasecmp(conf_key, "chp_userid")))
{
if (!(strcasecmp(conf_val, "disabled")))
{
- DebugMessage(DEBUG_APPID,
- "AppId: HTTP UserID collection disabled.\n");
config->chp_userid_disabled = true;
continue;
}
{
if (!(strcasecmp(conf_val, "disabled")))
{
- DebugMessage(DEBUG_APPID,
- "AppId: HTTP Body header reading disabled.\n");
config->chp_body_collection_disabled = 1;
continue;
}
{
if (!(strcasecmp(conf_val, "disabled")))
{
- DebugMessage(DEBUG_APPID, "AppId: FTP userID disabled.\n");
config->ftp_userid_disabled = 1;
continue;
}
uint8_t temp_val;
temp_val = strtol(conf_val, nullptr, 10);
set_app_info_priority (temp_appid, temp_val);
- DebugFormat(DEBUG_APPID,"AppId: %d Setting priority bit %d .\n",
- temp_appid, temp_val);
}
else if (!(strcasecmp(conf_key, "referred_appId")))
{
sizeof(referred_app_list) - referred_app_index, "%d ", id);
set_app_info_flags(id, APPINFO_FLAG_REFERRED);
}
- DebugFormat(DEBUG_APPID,
- "AppId: adding appIds to list of referred web apps: %s\n",
- referred_app_list);
}
}
else if (!(strcasecmp(conf_key, "rtmp_max_packets")))
}
else if (!(strcasecmp(conf_key, "ignore_thirdparty_appid")))
{
- DebugFormat(DEBUG_APPID,
- "AppId: adding app %d to list of ignore thirdparty apps.\n",
- atoi(conf_val));
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_IGNORE);
}
else if (!(strcasecmp(conf_key, "http2_detection")))
// ports.
if (!(strcasecmp(conf_val, "disabled")))
{
- DebugMessage(DEBUG_APPID, "AppId: disabling internal HTTP/2 detection.\n");
config->http2_detection_enabled = false;
}
else if (!(strcasecmp(conf_val, "enabled")))
{
- DebugMessage(DEBUG_APPID, "AppId: enabling internal HTTP/2 detection.\n");
config->http2_detection_enabled = true;
}
else
#include "appid_utils/network_set.h"
#include "appid_utils/ip_funcs.h"
#endif
-#include "main/snort_debug.h"
#include "main/snort_config.h"
#include "log/messages.h"
#include "utils/util.h"
six = ias6->range_max;
NetworkSetManager::ntoh_ipv6(&six);
inet_ntop(AF_INET6, (struct in6_addr*)&six, max_ip, sizeof(max_ip));
- DebugFormat(DEBUG_APPID, "Adding %s-%s (0x%08X) with zone %d\n", min_ip, max_ip,
- ias6->addr_flags, zone);
if (zone >= 0)
{
if (!(my_net_list = net_list_by_zone[zone]))
else
zone = -1;
ias->addr_flags |= flag;
- DebugFormat(DEBUG_APPID, "Adding 0x%08X-0x%08X (0x%08X) with zone %d\n",
- ias->range_min, ias->range_max, ias->addr_flags, zone);
if (zone >= 0)
{
if (!(my_net_list = net_list_by_zone[zone]))
if (!config_file || (!config_file[0]))
{
char addrString[sizeof("0.0.0.0/0")];
- DebugMessage(DEBUG_APPID, "Defaulting to monitoring all Snort traffic for AppID.\n");
toklist[1] = nullptr;
toklist[0] = addrString;
strcpy(addrString,"0.0.0.0/0");
}
else
{
- DebugFormat(DEBUG_APPID, "Loading configuration file: %s", config_file);
FILE* fp;
if (!(fp = fopen(config_file, "r")))
{
char* instance_toklist[2];
char addrString[sizeof("0.0.0.0/0")];
- DebugMessage(DEBUG_APPID, "Defaulting to monitoring all Snort traffic for AppID.\n");
instance_toklist[0] = addrString;
instance_toklist[1] = nullptr;
strcpy(addrString,"0.0.0.0/0");
void AppIdConfig::set_safe_search_enforcement(bool enabled)
{
- DEBUG_WRAP(DebugFormat(DEBUG_APPID,
- " Safe Search Enforcement enabled = %d.\n", enabled); );
mod_config->safe_search_enabled = enabled;
}
using namespace snort;
using namespace std;
+Trace TRACE_NAME(appid_module);
+
//-------------------------------------------------------------------------
// appid module
//-------------------------------------------------------------------------
#endif
AppIdModule::AppIdModule() :
- Module(MOD_NAME, MOD_HELP, s_params)
+ Module(MOD_NAME, MOD_HELP, s_params, false, &TRACE_NAME(appid_module))
{
config = nullptr;
}
return temp;
}
-bool AppIdModule::set(const char*, Value& v, SnortConfig*)
+bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c)
{
#ifdef USE_RNA_CONFIG
if ( v.is("conf") )
else if ( v.is("log_all_sessions") )
config->log_all_sessions = v.get_bool();
else
- return false;
+ return Module::set(fqn, v, c);
return true;
}
extern THREAD_LOCAL snort::ProfileStats appidPerfStats;
+extern Trace TRACE_NAME(appid_module);
+
#define MOD_NAME "appid"
#define MOD_HELP "application and service identification"
#include "sf_mlmp.h"
-#include "main/snort_debug.h"
#include "search_engines/search_tool.h"
#include "utils/util.h"
-#define _MLMP_DEBUG 0
-
struct tPatternNode
{
tMlmpPattern pattern;
static int compareMlmpPatterns(const void* p1, const void* p2);
static int createTreesRecusively(tMlmpTree* root);
static void destroyTreesRecursively(tMlmpTree* root);
-static void dumpTreesRecursively(tMlmpTree* root);
static int addPatternRecursively(tMlmpTree* root, const tMlmpPattern* inputPatternList,
void* metaData, uint32_t level);
static tPatternNode* urlPatternSelector(const tMatchedPatternList* matchList, const
destroyTreesRecursively(root);
}
-void mlmpDump(tMlmpTree* root)
-{
- dumpTreesRecursively(root);
-}
/**tMlmpPattern comparator: compares patterns based on pattern, patternSize. This will
* result in alphabetical order. Notice that patternId is ignored here.
snort_free(rootNode);
}
-static void dumpTreesRecursively(tMlmpTree* rootNode)
-{
-#ifdef DEBUG
- uint32_t prefixSize = 4 * (rootNode->level) + 2;
-
- if (prefixSize > 40)
- prefixSize = 40;
-
- char prefix[41];
- memset(prefix, ' ', prefixSize);
- prefix[prefixSize] = '\0';
-#endif
-
- for (tPatternPrimaryNode* primaryPatternNode = rootNode->patternList;
- primaryPatternNode;
- primaryPatternNode = primaryPatternNode->nextPrimaryNode)
- {
- DebugFormat(DEBUG_APPID, "%s%u. Primary id %u. partTotal %u, Data %p\n", prefix,
- rootNode->level+1,
- primaryPatternNode->patternNode.patternId,
- primaryPatternNode->patternNode.partTotal,
- primaryPatternNode->patternNode.userData);
-
- for (tPatternNode* ddPatternNode = &primaryPatternNode->patternNode;
- ddPatternNode;
- ddPatternNode = ddPatternNode->nextPattern)
- {
- DebugFormat(DEBUG_APPID, "%s\t part %u/%u: Pattern %s, size %u\n", prefix,
- ddPatternNode->partNum,
- ddPatternNode->partTotal,
- (const char*)ddPatternNode->pattern.pattern,
- (uint32_t)ddPatternNode->pattern.patternSize);
- }
-
- if (primaryPatternNode->nextLevelMatcher)
- {
- dumpTreesRecursively(primaryPatternNode->nextLevelMatcher);
- }
- }
-}
-
/*compares multipart patterns, and orders then according to <patternId, partNum>.
Comparing multi-parts alphanumerically does not make sense. */
static int compareMlmpPatternList(const tPatternNode* p1, const tPatternNode* p2)
patternId = 0;
patternSize = maxPatternSize = 0;
-#if _MLMP_DEBUG
- tPatternNode* ddPatternNode;
- DebugMessage(DEBUG_APPID, "\tMatches found -------------------\n"); for (tmpList =
- patternMatchList;
- tmpList;
- tmpList = tmpList->next)
- {
- ddPatternNode = tmpList->patternNode;
- {
- DebugFormat(DEBUG_APPID,
- "\t\tid %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
- ddPatternNode->patternId,
- ddPatternNode->pattern.pattern,
- (uint32_t)ddPatternNode->pattern.patternSize,
- ddPatternNode->partNum,
- ddPatternNode->partTotal,
- ddPatternNode->userData);
- }
- }
-#endif
-
for (tmpList = patternMatchList;
tmpList;
tmpList = tmpList->next)
}
}
-#if _MLMP_DEBUG
- if (bestNode)
- {
- ddPatternNode = bestNode;
- {
- DebugFormat(DEBUG_APPID,
- "\t\tSELECTED Id %d, pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
- ddPatternNode->patternId,
- ddPatternNode->pattern.pattern,
- (uint32_t)ddPatternNode->pattern.patternSize,
- ddPatternNode->partNum,
- ddPatternNode->partTotal,
- ddPatternNode->userData);
- }
- }
- DebugMessage(DEBUG_APPID, "\tMatches end -------------------\n");
-#endif
return bestNode;
}
/*sort matches by patternId, and then by partId or pattern// */
-#if _MLMP_DEBUG
- DebugFormat(DEBUG_APPID,
- "\tCallback id %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
- target->patternId,
- target->pattern.pattern,
- (uint32_t)target->pattern.patternSize,
- target->partNum,
- target->partTotal,
- target->userData);
-#endif
-
for (prevNode = nullptr, tmpList = *matchList;
tmpList;
prevNode = tmpList, tmpList = tmpList->next)
#include "app_info_table.h"
#include "application_ids.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "utils/sflsq.h"
#include "utils/util.h"
#include "config.h"
#endif
-#include "main/snort_debug.h"
#include "client_app_msn.h"
#include "client_app_rtp.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "utils/sflsq.h"
#include "utils/util.h"
#include "client_app_timbuktu.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "utils/sflsq.h"
#include "utils/util.h"
#include "appid_session.h"
#include "lua_detector_api.h"
#include "protocols/packet.h"
-#include "main/snort_debug.h"
#include "log/messages.h"
static THREAD_LOCAL unsigned client_module_index = 0;
extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER);
if (!extractsInfo)
{
- DebugFormat(DEBUG_LOG,
- "Ignoring direct client application without info for AppId: %d", appId);
return;
}
#include "app_info_table.h"
#include "application_ids.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
enum KerberosState
krbs->pos++;
break;
case KRB_STATE_APP:
- DebugFormat(DEBUG_APPID,"%p Type %d (%02X)\n",
- (void*)&asd, *s & (~ASN_1_TYPE_MASK), *s);
if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT))
return KRB_FAILED;
krbs->msg_type = *s & (~ASN_1_TYPE_MASK);
krbs->pos++;
break;
case KRB_STATE_ERROR_VALUE:
- DebugFormat(DEBUG_APPID,"%p Error %hhu\n", (void*)&asd, *s);
if (krbs->msg_len <= 1)
{
krbs->flags |= KRB_FLAG_SERVICE_DETECTED;
if (*s == KDC_ERR_PREAUTH_FAILED)
{
- DebugFormat(DEBUG_APPID,"%p unAuthorized\n", (void*)&asd);
krbs->flags |= KRB_FLAG_AUTH_FAILED;
}
krbs->state = KRB_STATE_FIELD;
break;
case KRB_STATE_FIELD:
- DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s);
if (krbs->msg_len < 2 || *s <= krbs->tag || (*s & ASN_1_TYPE_MASK) != 0xa0)
return KRB_FAILED;
krbs->tag = *s;
{
if (krbs->pos)
{
- DebugFormat(DEBUG_APPID,"%p Name %u\n", (void*)&asd, krbs->pos);
krbs->cname[krbs->pos] = 0;
krbs->flags |= KRB_FLAG_USER_DETECTED;
}
if (krbs->msg_len <= 1)
{
/*end of server response message */
- DebugFormat(DEBUG_APPID,"%p Valid\n", (void*)&asd);
if (krbs->flags & KRB_FLAG_SERVICE_DETECTED)
if (!asd.is_service_detected() && pkt)
krb_service_detector->add_service(asd, pkt, dir, APP_ID_KERBEROS,
if (krb_walk_server_packet(&fd->svr_state, s, end, args.asd, args.pkt, args.dir, fd->clnt_state.cname) ==
KRB_FAILED)
{
- DebugFormat(DEBUG_APPID,"%p Failed\n", (void*)&args.asd);
if (!args.asd.is_service_detected())
{
fail_service(args.asd, args.pkt, args.dir);
krbs->pos++;
break;
case KRB_STATE_APP:
- DebugFormat(DEBUG_APPID,"%p Type %d (%02X)\n",
- (void*)&asd, *s & (~ASN_1_TYPE_MASK), *s);
if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT))
return KRB_FAILED;
krbs->msg_type = *s & (~ASN_1_TYPE_MASK);
krbs->tag = 0xa2;
break;
case KRB_STATE_FIELD:
- DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s);
if (krbs->msg_len < 2 || *s <= krbs->tag || (*s & ASN_1_TYPE_MASK) != 0xa0)
return KRB_FAILED;
krbs->tag = *s;
{
if (krbs->msg_len <= 1)
{
- DebugFormat(DEBUG_APPID,"%p Valid\n", (void*)&asd);
if (!krbs->added)
{
add_app(asd, APP_ID_KERBEROS, APP_ID_KERBEROS, krbs->ver);
break;
case KRB_STATE_FIELD_LEVEL2:
- DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s);
if (krbs->msg_len <= 1)
{
krbs->state = KRB_STATE_APP;
{
if (krbs->pos)
{
- DebugFormat(DEBUG_APPID,"%p Name %u\n", (void*)&asd, krbs->pos);
krbs->cname[krbs->pos] = 0;
}
if (krbs->msg_len <= 1)
{
if (krb_walk_client_packet(&fd->clnt_state, s, end, args.asd) == KRB_FAILED)
{
- DebugFormat(DEBUG_APPID,"%p Failed\n", (void*)&args.asd);
args.asd.set_client_detected();
args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
return APPID_SUCCESS;
else if (krb_walk_server_packet(&fd->svr_state, s, end, args.asd, nullptr, args.dir,
fd->clnt_state.cname) == KRB_FAILED)
{
- DebugFormat(DEBUG_APPID,"%p Server Failed\n", (void*)&args.asd);
args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
}
return APPID_INPROCESS;
#include "app_info_table.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "search_engines/search_tool.h"
+
static THREAD_LOCAL PatternServiceDetector* service_pattern_detector;
static THREAD_LOCAL PatternClientDetector* client_pattern_detector;
{
UNUSED(name);
- DebugFormat(DEBUG_LOG,"Adding pattern for \"%s\"\n", name);
+ trace_logf(appid_module,"Adding pattern for \"%s\"\n", name);
for (PatternService* ps = pList; ps; ps = ps->next)
for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next)
if (pattern->data && pattern->length)
{
- DebugFormat(DEBUG_LOG,"\t\t%s, %u\n",pattern->data, pattern->length);
+ trace_logf(appid_module,"\t\t%s, %u\n",pattern->data, pattern->length);
}
}
{
if (ps->proto == IpProtocol::TCP)
{
- DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
handler->register_tcp_pattern(this, pattern->data, pattern->length,
pattern->offset, 0);
register_pattern(&tcp_pattern_matcher, pattern);
}
else
{
- DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
handler->register_udp_pattern(this, pattern->data, pattern->length,
pattern->offset, 0);
register_pattern(&udp_pattern_matcher, pattern);
{
if (ps->proto == IpProtocol::TCP)
{
- DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
handler->register_tcp_pattern(this, pattern->data, pattern->length,
pattern->offset, 0);
register_pattern(&tcp_pattern_matcher, pattern);
}
else
{
- DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
handler->register_udp_pattern(this, pattern->data, pattern->length,
pattern->offset, 0);
register_pattern(&udp_pattern_matcher, pattern);
#include "client_plugins/client_detector.h"
#include "service_plugins/service_detector.h"
+#include "main/snort_debug.h"
+extern Trace TRACE_NAME(appid_module);
+
namespace snort
{
class SearchTool;
if ( !session_a || !session_b )
return;
- DebugFormat(DEBUG_SIP, "Adding future media sessions ID: %u and %u\n",
- session_b->get_id(), session_b->get_id());
-
session_a->begin_media_data();
session_b->begin_media_data();
while ( media_a && media_b )
{
- DEBUG_WRAP( snort::SfIpString ip_str; )
- DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %hu\n",
- media_a->get_address()->ntop(ip_str), media_a->get_port());
- DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %hu\n",
- media_b->get_address()->ntop(ip_str), media_b->get_port());
-
createRtpFlow(asd, event.get_packet(), media_a->get_address(), media_a->get_port(),
media_b->get_address(), media_b->get_port(), IpProtocol::UDP, APP_ID_RTP);
createRtpFlow(asd, event.get_packet(), media_b->get_address(), media_b->get_port(),
void WarningMessage(const char*,...) {}
void LogMessage(const char*,...) {}
void ParseWarning(WarningGroup, const char*, ...) {}
-#ifdef DEBUG_MSGS
-void Debug::print(const char*, int, uint64_t, const char*, ...) {}
-#endif
namespace snort
{
#include "detector_plugins/detector_pattern.h"
#include "hash/xhash.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "main/snort_types.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
LUA_LOG_WARN = 2,
LUA_LOG_NOTICE = 3,
LUA_LOG_INFO = 4,
- LUA_LOG_DEBUG = 5,
+ LUA_LOG_TRACE = 5,
};
ProfileStats luaDetectorsPerfStats;
LogMessage("%s:%s\n", name.c_str(), message);
break;
- case LUA_LOG_DEBUG:
- DebugFormat(DEBUG_APPID, "%s:%s\n", name.c_str(), message);
+ case LUA_LOG_TRACE:
+ trace_logf(appid_module, "%s:%s\n", name.c_str(), message);
break;
default:
}
lua_getglobal(my_lua_state, validateFn);
- DebugFormat(DEBUG_APPID, "lua detector %s validating: Lua Memory usage %d\n",
- package_info.name.c_str(), lua_gc(my_lua_state, LUA_GCCOUNT, 0));
if ( lua_pcall(my_lua_state, 0, 1, 0) )
{
int rc = lua_tonumber(my_lua_state, -1);
lua_pop(my_lua_state, 1);
- DebugFormat(DEBUG_APPID, "lua detector %s: status: %d\n", package_info.name.c_str(), rc);
ldp.pkt = nullptr;
return rc;
}
#include "client_plugins/client_detector.h"
#include "service_plugins/service_detector.h"
+#include "main/snort_debug.h"
+extern Trace TRACE_NAME(appid_module);
+
namespace snort
{
struct Packet;
#include "lua_detector_api.h"
#include "lua_detector_flow_api.h"
#include "detector_plugins/detector_http.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
#include "utils/sflsq.h"
#include "log/messages.h"
numTrackers);
}
}
- else
- {
- DebugMessage(DEBUG_LOG, "hostServiceTrackerModule.setHostServiceTrackerSize not found");
- }
lua_pop(L, 1);
ErrorMessage("error setting tracker size");
}
}
- else
- {
- DebugMessage(DEBUG_LOG, "flowTrackerModule.setFlowTrackerSize not found");
- }
lua_pop(L, 1);
}
allocated_detectors.push_front(detector);
num_lua_detectors++;
- DebugFormat(DEBUG_LOG,"Loaded detector %s\n", detectorName);
}
void LuaDetectorManager::load_lua_detectors(const char* path, bool isCustom)
#include "lua_detector_api.h"
#include "protocols/packet.h"
-#include "main/snort_debug.h"
#include "log/messages.h"
#include "sfip/sf_ip.h"
}
extractsInfo &= (APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_SERVICE_UDP_REVERSED);
if (!extractsInfo)
- {
- DebugFormat(DEBUG_APPID, "Ignoring direct service without info for AppId %d\n", appId);
return;
- }
pEntry->service_detector = this;
pEntry->flags |= extractsInfo;
}
using namespace snort;
-/*#define APPID_DEBUG_RPC 1 */
enum RPCState
{
rd->xid = 0xFFFFFFFF;
}
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "Begin %u -> %u %u %d state %d\n", pkt->src_port, pkt->dst_port,
- args.asd.proto, dir, rd->state);
-#endif
-
rval = validate_packet(data, size, dir, args.asd, pkt, rd, &pname, &program);
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "End %u -> %u %u %d state %d rval %d\n", pkt->src_port, pkt->dst_port,
- args.asd.proto, dir, rd->state, rval);
-#endif
-
done:
switch (rval)
{
{
if (rd->tcpsize[dir] & RPC_TCP_FRAG_MASK)
{
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "V Begin %u -> %u %u %d state %d\n",
- pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state);
-#endif
ret = validate_packet(rd->tcpdata[dir], rd->tcppos[dir], dir, args.asd,
pkt, rd, &pname, &program);
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "V End %u -> %u %u %d state %d rval %d\n",
- pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state, ret);
-#endif
if (retval == -1)
retval = ret;
{
if (rd->tcpsize[dir] & RPC_TCP_FRAG_MASK)
{
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "P Begin %u -> %u %u %d state %d\n", pkt->src_port,
- pkt->dst_port, args.asd.proto, dir, rd->state);
-#endif
ret = validate_packet(rd->tcpdata[dir], rd->tcppos[dir], dir, args.asd, pkt,
rd, &pname, &program);
-#ifdef APPID_DEBUG_RPC
- fprintf(SF_DEBUG_FILE, "P End %u -> %u %u %d state %d rval %d\n",
- pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state, ret);
-#endif
if (retval == -1)
retval = ret;
#include "app_info_table.h"
#include "application_ids.h"
-#include "main/snort_debug.h"
#define SSH_PORT 22
#include "appid_session.h"
#include "application_ids.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
#define TELNET_COUNT_THRESHOLD 3
void LogMessage(const char*,...) { }
void ParseWarning(WarningGroup, const char*, ...) { }
-#ifdef DEBUG_MSGS
-void Debug::print(const char*, int, uint64_t, const char*, ...) { }
-#endif
-
const char* UT_TEST_APP_NAME_001 = "ut_app_001";
const char* UT_TEST_APP_NAME_002 = "ut_app_002";
const char* UT_TEST_APP_NAME_TOO_LONG =
Field global_field;
-#ifdef DEBUG_MSGS
-void Debug::print(const char*, int, uint64_t, const char*, ...) { }
-#endif
-
void ErrorMessage(const char*,...) { }
void WarningMessage(const char*,...) { }
void LogMessage(const char*,...) { }
#include <dlfcn.h>
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "stream/stream.h"
return 0;
}
- DEBUG_WRAP(DebugFormat(DEBUG_APPID, "Found 3rd party AppID module (%s).\n",
- tp_module->module_name ? tp_module->module_name : ""); );
module_handle = handle;
thirdparty_appid_module = tp_module;
return 0;
// _dpd.loadAllLibs(thirdparty_appid_dir, LoadCallback);
if (thirdparty_appid_module == nullptr)
{
- DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"); );
return;
}
-
memset(&thirdpartyConfig, 0, sizeof(thirdpartyConfig));
thirdpartyConfig.chp_body_collection_max = config->chp_body_collection_max;
thirdpartyConfig.ftp_userid_disabled = config->ftp_userid_disabled;
thirdparty_appid_module = nullptr;
return;
}
-
- DEBUG_WRAP(DebugFormat(DEBUG_APPID,
- "3rd party AppID module loaded and initialized OK (%s).\n",
- thirdparty_appid_module->module_name ? thirdparty_appid_module->module_name : ""); );
}
void ThirdPartyAppIDReconfigure()
if (thirdparty_appid_module == nullptr)
{
- DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"); );
return;
}
ErrorMessage("Unable to reconfigure 3rd party AppID module (%d)!\n", ret);
return;
}
-
- DEBUG_WRAP(DebugFormat(DEBUG_APPID, "3rd party AppID module reconfigured OK (%s).\n",
- thirdparty_appid_module->module_name ? thirdparty_appid_module->module_name : ""); );
}
void ThirdPartyAppIDFini()
module_handle = nullptr;
thirdparty_appid_module = nullptr;
- DEBUG_WRAP(DebugMessage(DEBUG_APPID,
- "3rd party AppID module finalized and unloaded OK.\n"); );
}
}
return nullptr;
}
-#ifdef DEBUG_MSGS
-static void PrintIPMacEntryList(IPMacEntryList& ipmel)
-{
- if ( ipmel.empty() )
- return;
-
- LogMessage("Arpspoof IPMacEntry List");
- LogMessage(" Size: %zu\n", ipmel.size());
-
- for ( auto p : ipmel )
- {
- SfIp in;
- in.set(&p.ipv4_addr, AF_INET);
- SfIpString ip_str;
- LogMessage(" %s -> ", in.ntop(ip_str));
-
- for (int i = 0; i < 6; i++)
- {
- LogMessage("%02x", p.mac_addr[i]);
- if (i != 5)
- LogMessage(":");
- }
- LogMessage("\n");
- }
-}
-
-#endif
-
//-------------------------------------------------------------------------
// class stuff
//-------------------------------------------------------------------------
{
LogMessage("arpspoof configured\n");
-#ifdef DEBUG_MSGS
- if ( Debug::enabled(DEBUG_INSPECTOR) )
- PrintIPMacEntryList(config->ipmel);
-#endif
}
void ArpSpoof::eval(Packet* p)
if (memcmp((const u_char*)dst_mac_addr, (const u_char*)bcast, 6) != 0)
{
DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_UNICAST_ARP_REQUEST);
- DebugMessage(DEBUG_INSPECTOR, "MODNAME: Unicast request\n");
}
else if (memcmp((const u_char*)src_mac_addr,
(const u_char*)ah->arp_sha, 6) != 0)
{
DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC);
- DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch request\n");
}
break;
case ARPOP_REPLY:
(const u_char*)ah->arp_sha, 6) != 0)
{
DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC);
- DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch reply src\n");
}
else if (memcmp((const u_char*)dst_mac_addr,
(const u_char*)ah->arp_tha, 6) != 0)
{
DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_DST);
- DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch reply dst\n");
}
break;
}
IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32);
if ( ipme )
{
- DebugFormat(DEBUG_INSPECTOR,
- "MODNAME: LookupIPMacEntryByIP returned %p\n", (void*)ipme);
-
auto cmp_ether_src = memcmp(src_mac_addr, ipme->mac_addr, 6);
auto cmp_arp_sha = memcmp(ah->arp_sha, ipme->mac_addr, 6);
if ( cmp_ether_src || cmp_arp_sha )
{
DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK);
- DebugMessage(DEBUG_INSPECTOR, "MODNAME: Attempted ARP cache overwrite attack\n");
}
}
- else
- {
- DebugMessage(DEBUG_INSPECTOR,
- "MODNAME: LookupIPMacEntryByIp returned NULL\n");
- }
}
//-------------------------------------------------------------------------
if (!node)
{
- DEBUG_WRAP(DebugMessage(DEBUG_STREAM,
- "Key/Value pair didn't exist in the flow stats table and we couldn't add it!\n");
- );
return nullptr;
}
memset(node->data, 0, sizeof(FlowStateValue));
projects / thirdparty / snort3.git / commitdiff
