Merge pull request #2837 in SNORT/snort3 from ~AJMANDAD/snort3:trace_file_module...

Squashed commit of the following:

commit 4c5715c8e5785fe12a92218dfe44981a002deeb3
Author: Ajay Mandadi <ajmandad@cisco.com>
Date:   Thu Apr 8 04:11:07 2021 -0400

    packet_tracer: file daq trace log

    Signed-off-by: Ajay Mandadi <ajmandad@cisco.com>

diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc
index c611553365071ed8f03a00a968bd505bef20f491..a9a644bbec8a4e88169210002e1531e7dfe2487f 100644 (file)
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -33,6 +33,7 @@
 #include "log/messages.h"
 #include "main/snort_config.h"
 #include "managers/inspector_manager.h"
+#include "packet_tracer/packet_tracer.h"
 #include "protocols/packet.h"
 
 #include "file_cache.h"
@@ -67,6 +68,23 @@ namespace snort
     }
 }
 
+static void populate_trace_data(FileContext* context)
+{
+    std::stringstream ss;
+    context->print_file_name(ss);
+    std::string file_name = ss.str();
+
+    PacketTracer::daq_log("file+%" PRId64"++File Type[%s]/File ID[%lu] with name[%s] and size[%lu] detected."
+                "File sha is [%s], with verdict[%s]$",
+                TO_NSECS(pt_timer->get()),
+                file_type_name(context->get_file_type()).c_str(),
+                context->get_file_id(),
+                file_name.c_str(),
+                context->get_file_size(),
+                (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): "null"),
+                VerdictName[context->verdict].c_str());
+}
+
 void FileFlows::handle_retransmit(Packet* p)
 {
     if (file_policy == nullptr)
@@ -283,6 +301,9 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da
     if (!context)
         return false;
 
+    if (PacketTracer::is_daq_activated())
+        PacketTracer::pt_timer_start();
+
     if (!cacheable)
         context->set_not_cacheable();
 
@@ -300,6 +321,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da
     {
         context->processing_complete = true;
         remove_processed_file_context(multi_file_processing_id);
+        if (PacketTracer::is_daq_activated())
+            populate_trace_data(context);
         return false;
     }
 
@@ -315,6 +338,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da
                     file_policy);
             if (context->processing_complete)
                 remove_processed_file_context(multi_file_processing_id);
+            if (PacketTracer::is_daq_activated())
+                populate_trace_data(context);
             return continue_processing;
         }
     }
@@ -322,6 +347,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da
     continue_processing = context->process(p, file_data, data_size, offset, file_policy, position);
     if (context->processing_complete)
         remove_processed_file_context(multi_file_processing_id);
+    if (PacketTracer::is_daq_activated())
+        populate_trace_data(context);
     return continue_processing;
 }
 
@@ -342,12 +369,18 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size,
     if (position == SNORT_FILE_POSITION_UNKNOWN)
         return false;
 
+    if (PacketTracer::is_daq_activated())
+        PacketTracer::pt_timer_start();
+
     context = find_main_file_context(position, direction, file_index);
 
     set_current_file_context(context);
 
     context->set_signature_state(gen_signature);
-    return context->process(p, file_data, data_size, position, file_policy);
+    bool file_process_ret = context->process(p, file_data, data_size, position, file_policy);
+    if (PacketTracer::is_daq_activated())
+        populate_trace_data(context);
+    return file_process_ret;
 }
 
 /*

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 991e3151b0a015bd8309260d125e1bb26af707fb..fcd3d48500383e07c95200f914bc1e8429f679b4 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -759,7 +759,8 @@ void FileContext::print_file_name(std::ostream& log)
     char* outbuf = get_UTF8_fname(&fname_len);
     const char* fname  = (outbuf != nullptr) ? outbuf : file_name.c_str();
 
-    log << "File name: ";
+    if (!PacketTracer::is_daq_activated())
+       log << "File name: ";
 
     size_t pos = 0;
     while (pos < fname_len)
@@ -786,7 +787,9 @@ void FileContext::print_file_name(std::ostream& log)
             log << "|" << std::dec;
         }
     }
-    log << std::endl;
+
+    if (!PacketTracer::is_daq_activated())
+       log << std::endl;
 
     if (outbuf)
         snort_free(outbuf);

diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h
index 46c04a5703c8bf550debe4611c08ae094e473a56..8476ee9459cc371e83ab7eab735d057682c87434 100644 (file)
--- a/src/file_api/file_lib.h
+++ b/src/file_api/file_lib.h
@@ -33,6 +33,9 @@
 #define SNORT_FILE_TYPE_UNKNOWN          UINT16_MAX
 #define SNORT_FILE_TYPE_CONTINUE         0
 
+const std::string VerdictName[] =
+{"Unknown", "Log", "Stop", "Block", "Reset", "Pending", "Stop Capture", "INVALID"};
+
 class FileConfig;
 class FileSegments;
 

diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc
index fd2e9e3bf906bfa83f9dbb63b2c63fa243049402..ada718e8e12cd7bb0b8b35160c4e0834f57dd4ae 100644 (file)
--- a/src/file_api/file_log.cc
+++ b/src/file_api/file_log.cc
@@ -51,9 +51,6 @@ struct FileLogStats
 
 static THREAD_LOCAL FileLogStats fl_stats;
 
-static const std::string VerdictName[] =
-{"Unknown", "Log", "Stop", "Block", "Reset", "Pending", "Stop Capture", "INVALID"};
-
 static const PegInfo fl_pegs[] =
 {
     { CountType::SUM, "total_events", "total file events" },