#include "managers/inspector_manager.h"
#include "managers/mpse_manager.h"
#include "packet_io/active.h"
+#include "packet_tracer/packet_tracer.h"
#include "parser/parser.h"
#include "profiler/profiler_defs.h"
#include "protocols/packet.h"
{
log_events(p);
+ if ( PacketTracer::is_daq_activated() )
+ populate_trace_data();
+
if ( p->active )
{
if ( p->active->session_was_blocked() and ( p->active->keep_pruned_flow() or
if ( !all_disabled(p) )
{
+ if ( PacketTracer::is_daq_activated() )
+ PacketTracer::pt_timer_start();
+
if ( detect(p, true) )
return false; // don't finish out offloaded packets
}
THREAD_LOCAL ProfileStats mpsePerfStats;
THREAD_LOCAL ProfileStats rulePerfStats;
+#define CONTEXT_LEN 1024
+static THREAD_LOCAL char tr_context[CONTEXT_LEN];
+static THREAD_LOCAL uint32_t tr_len = 0;
+
static void fp_immediate(Packet*);
static void fp_immediate(MpseGroup*, Packet*, const uint8_t*, unsigned);
+void populate_trace_data()
+{
+ if ( tr_len > 0 )
+ {
+ tr_context[tr_len-1] = ' ';
+ PacketTracer::daq_log("IPS+%" PRId64"++%s$",
+ TO_NSECS(pt_timer->get()),
+ tr_context);
+
+ tr_len = 0;
+ tr_context[0] = '\0';
+ }
+}
+
static inline void init_match_info(const IpsContext* c)
{
for ( unsigned i = 0; i < c->conf->num_rule_types; i++ )
otn->sigInfo.rev, act.c_str());
}
+ if ( PacketTracer::is_daq_activated() )
+ {
+ std::string act = Actions::get_string(action);
+ tr_len += snprintf(tr_context+tr_len, sizeof(tr_context) - tr_len,
+ "gid:%u, sid:%u, rev:%u, action:%s, msg:%s\n",
+ otn->sigInfo.gid, otn->sigInfo.sid,
+ otn->sigInfo.rev, act.c_str(),
+ otn->sigInfo.message.c_str());
+ }
+
// rule option actions are queued here (eg replace)
otn_trigger_actions(otn, p);
int fpLogEvent(const RuleTreeNode*, const OptTreeNode*, snort::Packet*);
bool fp_eval_rtn(RuleTreeNode*, snort::Packet*, int check_ports);
int fp_eval_option(void*, Cursor&, snort::Packet*);
+void populate_trace_data();
#define MAX_NUM_RULE_TYPES 16 // max number of allowed rule types
projects / thirdparty / snort3.git / commitdiff
