Merge pull request #2588 in SNORT/snort3 from ~OSHUMEIK/snort3:trace_refactor to...

author Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>

Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)

committer Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>

Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)
author Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)
committer Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)
diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc

index b5eb8a4b7aa373e7fb943862464bc0051d02b0ca..2a12018a9a588c66e55eb6590caeb9cd281f50ca 100644 (file)
--- a/src/actions/act_react.cc
+++ b/src/actions/act_react.cc
@@ -167,7 +167,7 @@ private:
          InjectionReturnStatus status = PayloadInjector::inject_http_payload(p, control);
  #ifdef DEBUG_MSGS
          if (status != INJECTION_SUCCESS)
-            debug_logf(react_trace, nullptr, "Injection error: %s\n",
+            debug_logf(react_trace, p, "Injection error: %s\n",
                  PayloadInjector::get_err_string(status));
  #else
          UNUSED(status);
diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc

index 7fe2ac525035d4c86be77eeab6e99a0e91081a74..a9effa7e0c2f9c314e154600fc25a8b496b80e51 100644 (file)
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -332,7 +332,7 @@ static int detection_option_tree_evaluate(detection_option_tree_root_t* root,
      Cursor c(eval_data.p);
      int rval = 0;
  
-    debug_log(detection_trace, TRACE_RULE_EVAL, nullptr, "Starting tree eval\n");
+    debug_log(detection_trace, TRACE_RULE_EVAL, eval_data.p, "Starting tree eval\n");
  
      for ( int i = 0; i < root->num_children; ++i )
      {
diff --git a/src/detection/tag.cc b/src/detection/tag.cc

index 6364511b0ce83a5831d90af22ce641765593165e..bc46e2c00590959e99beecbe3ddd27e3d52b9de4 100644 (file)
--- a/src/detection/tag.cc
+++ b/src/detection/tag.cc
@@ -123,9 +123,9 @@ static TagNode* TagAlloc(XHash*);
  static void TagFree(XHash*, TagNode*);
  static int PruneTagCache(uint32_t, int);
  static int PruneTime(XHash* tree, uint32_t thetime);
-static void TagSession(Packet*, TagData*, uint32_t, uint16_t, void*);
-static void TagHost(Packet*, TagData*, uint32_t, uint16_t, void*);
-static void AddTagNode(Packet*, TagData*, int, uint32_t, uint16_t, void*);
+static void TagSession(const Packet*, TagData*, uint32_t, uint16_t, void*);
+static void TagHost(const Packet*, TagData*, uint32_t, uint16_t, void*);
+static void AddTagNode(const Packet*, TagData*, int, uint32_t, uint16_t, void*);
  static inline void SwapTag(TagNode*);
  
  class TagSessionCache : public XHash
@@ -298,12 +298,12 @@ void CleanupTag()
      delete host_tag_cache;
  }
  
-static void TagSession(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list)
+static void TagSession(const Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list)
  {
      AddTagNode(p, tag, TAG_SESSION, time, event_id, log_list);
  }
  
-static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list)
+static void TagHost(const Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list)
  {
      int mode;
  
@@ -323,14 +323,14 @@ static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, v
      AddTagNode(p, tag, mode, time, event_id, log_list);
  }
  
-static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
+static void AddTagNode(const Packet* p, TagData* tag, int mode, uint32_t now,
      uint16_t event_id, void* log_list)
  {
      TagNode* idx;  /* index pointer */
      TagNode* returned;
      XHash* tag_cache_ptr = nullptr;
  
-    debug_log(detection_trace, TRACE_TAG, nullptr, "Adding new Tag Head\n");
+    debug_log(detection_trace, TRACE_TAG, p, "Adding new Tag Head\n");
  
      if ( tag->tag_metric & TAG_METRIC_SESSION )
      {
@@ -630,7 +630,7 @@ static int PruneTime(XHash* tree, uint32_t thetime)
      return pruned;
  }
  
-void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id)
+void SetTags(const Packet* p, const OptTreeNode* otn, uint16_t event_id)
  {
      if (otn != nullptr && otn->tag != nullptr)
      {
diff --git a/src/detection/tag.h b/src/detection/tag.h

index 204f40d3b51da84cdf64c42541eb989e339a8402..b5885a941d01cf4882a2f3fd2c43eb62cfb48fde 100644 (file)
--- a/src/detection/tag.h
+++ b/src/detection/tag.h
@@ -62,7 +62,7 @@ struct TagData
  void InitTag();
  void CleanupTag();
  int CheckTagList(snort::Packet*, Event&, void**);
-void SetTags(snort::Packet*, const OptTreeNode*, uint16_t);
+void SetTags(const snort::Packet*, const OptTreeNode*, uint16_t);
  
  #endif
  
diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc

index 21479ba790e2eae252bcf12e8502d5d1e70e6950..46fc35939abb16b6ad04027759caf59014b3e135 100644 (file)
--- a/src/network_inspectors/rna/rna_logger.cc
+++ b/src/network_inspectors/rna/rna_logger.cc
@@ -46,7 +46,7 @@
  using namespace snort;
  
  #ifdef DEBUG_MSGS
-static inline void rna_logger_message(const RnaLoggerEvent& rle)
+static inline void rna_logger_message(const RnaLoggerEvent& rle, const Packet* p)
  {
      char macbuf[19] = { '\0' };
      if ( rle.mac )
@@ -59,51 +59,51 @@ static inline void rna_logger_message(const RnaLoggerEvent& rle)
          SfIpString ipbuf;
          ip.set(rle.ip); // using this instead of packet's ip to support ARP
          if ( rle.mac )
-            debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, mac %s, ip %s\n",
+            debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, mac %s, ip %s\n",
                  rle.type, rle.subtype, macbuf, ip.ntop(ipbuf));
          else
-            debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, ip %s\n",
+            debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, ip %s\n",
                  rle.type, rle.subtype, ip.ntop(ipbuf));
  
          if ( rle.hc )
          {
              if ( rle.hc->version[0] != '\0' )
-                debug_logf(rna_trace, nullptr,
+                debug_logf(rna_trace, p,
                      "RNA client log: client %u, service %u, version %s\n",
                      rle.hc->id, rle.hc->service, rle.hc->version);
              else
-                debug_logf(rna_trace, nullptr, "RNA client log: client %u, service %u\n",
+                debug_logf(rna_trace, p, "RNA client log: client %u, service %u\n",
                      rle.hc->id, rle.hc->service);
          }
          if ( rle.ha )
          {
-            debug_logf(rna_trace, nullptr,
+            debug_logf(rna_trace, p,
                  "RNA Service Info log: appid: %d proto %u, port: %u\n",
                  rle.ha->appid, (uint32_t)rle.ha->proto, rle.ha->port);
  
              for ( auto& s: rle.ha->info )
              {
                  if ( s.vendor[0] != '\0' )
-                    debug_logf(rna_trace, nullptr, "RNA Service Info log: vendor: %s\n",
+                    debug_logf(rna_trace, p, "RNA Service Info log: vendor: %s\n",
                          s.vendor);
  
                  if ( s.version[0] != '\0' )
-                    debug_logf(rna_trace, nullptr, "RNA Service Info log: version: %s\n",
+                    debug_logf(rna_trace, p, "RNA Service Info log: version: %s\n",
                          s.version);
              }
              if ( rle.type == RNA_EVENT_CHANGE and rle.subtype == CHANGE_BANNER_UPDATE )
-                debug_logf(rna_trace, nullptr, "RNA Banner log: true\n");
+                debug_logf(rna_trace, p, "RNA Banner log: true\n");
          }
  
          if ( rle.user )
          {
              if ( rle.user and *rle.user )
-                debug_logf(rna_trace, nullptr,
+                debug_logf(rna_trace, p,
                      "RNA user login: service %u, user name %s\n", rle.appid, rle.user);
          }
      }
      else
-        debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, mac %s\n",
+        debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, mac %s\n",
              rle.type, rle.subtype, macbuf);
  }
  #endif
@@ -189,7 +189,7 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_
      EventManager::call_loggers(nullptr, const_cast<Packet*>(p), "RNA", &rle);
  
  #ifdef DEBUG_MSGS
-    rna_logger_message(rle);
+    rna_logger_message(rle, p);
  #endif
      return true;
  }
diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc

index 2768f6710271ec93a608673b034dd98022c52612..10584f9ca9506832ad0cf3a93ec341d7f28a8971 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb.cc
@@ -381,13 +381,13 @@ void Dce2Smb::eval(Packet* p)
          {
              //1st packet of flow in smb1 session, create smb1 session and flowdata
              dce2_smb_sess = dce2_create_new_smb_session(p, &config);
-            debug_logf(dce_smb_trace, nullptr, "smb1 session created\n");
+            debug_logf(dce_smb_trace, p, "smb1 session created\n");
          }
          else if (DCE2_SMB_VERSION_2 == smb_version)
          {
              //1st packet of flow in smb2 session, create smb2 session and flowdata
              dce2_smb2_sess = dce2_create_new_smb2_session(p, &config);
-            debug_logf(dce_smb_trace, nullptr, "smb2 session created\n");
+            debug_logf(dce_smb_trace, p, "smb2 session created\n");
          }
          else
          {
@@ -395,7 +395,7 @@ void Dce2Smb::eval(Packet* p)
              //This means there is no flow data and this is not an SMB packet
              //if it is a TCP packet for smb data, the flow must have been
              //already identified with version.
-            debug_logf(dce_smb_trace, nullptr, "non-smb packet detected\n");
+            debug_logf(dce_smb_trace, p, "non-smb packet detected\n");
              return;
          }
      }
diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc

index 3f55341b77d22f3f4cd26153603fc8b21ebbfb54..229a2f973b6eb09844300044607936cd2cd21e48 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2.cc
@@ -215,7 +215,8 @@ static void DCE2_Smb2Inspect(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      uint64_t sid = Smb2Sid(smb_hdr);
      uint32_t tid = Smb2Tid(smb_hdr);
  
-    debug_logf(dce_smb_trace, nullptr, "%s : mid %" PRIu64 " sid %" PRIu64 " tid %" PRIu32 "\n",
+    debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+        "%s : mid %" PRIu64 " sid %" PRIu64 " tid %" PRIu32 "\n",
          (command <= SMB2_COM_OPLOCK_BREAK ? smb2_command_string[command] : "unknown"),
          mid, sid, tid);
      switch (command)
@@ -311,7 +312,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd)
      if (data_len < sizeof(NbssHdr) + SMB2_HEADER_LENGTH)
      {
          dce2_smb_stats.v2_hdr_err++;
-        debug_logf(dce_smb_trace, nullptr, "Header error with data length %d\n",data_len);
+        debug_logf(dce_smb_trace, p, "Header error with data length %d\n",data_len);
          return;
      }
  
@@ -338,7 +339,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd)
              {
                  dce_alert(GID_DCE2, DCE2_SMB_BAD_NEXT_COMMAND_OFFSET,
                      (dce2CommonStats*)&dce2_smb_stats, ssd->sd);
-                debug_logf(dce_smb_trace, nullptr, "bad next command offset\n");
+                debug_logf(dce_smb_trace, p, "bad next command offset\n");
                  dce2_smb_stats.v2_bad_next_cmd_offset++;
                  return;
              }
@@ -351,7 +352,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd)
              if (compound_request_index > DCE2_ScSmbMaxCompound((dce2SmbProtoConf*)ssd->sd.config))
              {
                  dce2_smb_stats.v2_cmpnd_req_lt_crossed++;
-                debug_logf(dce_smb_trace, nullptr, "compound req limit reached %" PRIu8 "\n",
+                debug_logf(dce_smb_trace, p, "compound req limit reached %" PRIu8 "\n",
                      compound_request_index);
                  return;
              }
@@ -361,7 +362,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd)
      else if ( ssd->ftracker_tcp and (ssd->ftracker_tcp->smb2_pdu_state ==
          DCE2_SMB_PDU_STATE__RAW_DATA))
      {
-        debug_logf(dce_smb_trace, nullptr,
+        debug_logf(dce_smb_trace, p,
              "raw data file_name_hash %" PRIu64 " fid %" PRIu64 " dir %s\n",
              ssd->ftracker_tcp->file_name_hash, ssd->ftracker_tcp->file_id,
              ssd->ftracker_tcp->upload ? "upload" : "download");
diff --git a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc

index 63959731c1ded6796fd5de040195421c064bc598..fb7d395f451a2bb4dfbd11acc3e3a588f6ae090b 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
@@ -39,8 +39,8 @@ using namespace snort;
      { \
          if ((smb_data + (strcuture_size)) > end) \
          { \
-            debug_logf(dce_smb_trace, nullptr, "%s : smb data beyond end detected\n",\
-                smb2_command_string[cmd]); \
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), \
+                "%s : smb data beyond end detected\n", smb2_command_string[cmd]); \
              counter ++; \
              return; \
          } \
@@ -63,7 +63,8 @@ static inline FileContext* get_smb_file_context(uint64_t file_id, uint64_t
  
  static void DCE2_Smb2CleanFtrackerTcpRef(DCE2_Smb2SessionTracker* str, uint64_t file_id)
  {
-    debug_logf(dce_smb_trace, nullptr, "updating conn for fid %" PRIu64 "\n", file_id);
+    debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+        "updating conn for fid %" PRIu64 "\n", file_id);
      auto all_conn_trackers = str->conn_trackers.get_all_entry();
      for ( auto& h : all_conn_trackers )
      {
@@ -105,7 +106,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data,
      ssd->ftracker_tcp->bytes_processed += detection_size;
      FileDirection dir = ssd->ftracker_tcp->upload ? FILE_UPLOAD : FILE_DOWNLOAD;
  
-    debug_logf(dce_smb_trace, nullptr, "file_process fid %" PRIu64 " data_size %" PRIu32 ""
+    debug_logf(dce_smb_trace, p, "file_process fid %" PRIu64 " data_size %" PRIu32 ""
          " offset %" PRIu64 " bytes processed %" PRIu64 "\n", ssd->ftracker_tcp->file_id,
          data_size, ssd->ftracker_tcp->file_offset, ssd->ftracker_tcp->bytes_processed);
  
@@ -115,7 +116,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data,
          ssd->ftracker_tcp->bytes_processed > ssd->ftracker_tcp->file_size) )
      {
          dce2_smb_stats.v2_extra_file_data_err++;
-        debug_logf(dce_smb_trace, nullptr, "extra file data\n");
+        debug_logf(dce_smb_trace, p, "extra file data\n");
  
          DCE2_Smb2TreeTracker* ttr = ssd->ftracker_tcp->ttr;
          uint64_t file_id = ssd->ftracker_tcp->file_id;
@@ -128,7 +129,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data,
      if (!file_flows->file_process(p, ssd->ftracker_tcp->file_name_hash, file_data, data_size,
          ssd->ftracker_tcp->file_offset, dir, ssd->ftracker_tcp->file_id))
      {
-        debug_logf(dce_smb_trace, nullptr, "file_process completed\n");
+        debug_logf(dce_smb_trace, p, "file_process completed\n");
  
          DCE2_Smb2TreeTracker* ttr = ssd->ftracker_tcp->ttr;
          uint64_t file_id = ssd->ftracker_tcp->file_id;
@@ -150,8 +151,8 @@ void DCE2_Smb2Setup(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, const uint64_
  
      if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr))
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n",
-            smb2_command_string[SMB2_COM_SESSION_SETUP]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: error\n", smb2_command_string[SMB2_COM_SESSION_SETUP]);
          dce2_smb_stats.v2_setup_err_resp++;
      }
      else if (structure_size == SMB2_SETUP_RESPONSE_STRUC_SIZE)
@@ -163,8 +164,8 @@ void DCE2_Smb2Setup(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, const uint64_
      }
      else if (structure_size != SMB2_SETUP_REQUEST_STRUC_SIZE)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_SESSION_SETUP]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_SESSION_SETUP]);
          dce2_smb_stats.v2_setup_inv_str_sz++;
      }
  }
@@ -190,15 +191,15 @@ void DCE2_Smb2TreeConnect(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          if (!DCE2_Smb2InsertTid(ssd, tid,
              ((const Smb2TreeConnectResponseHdr*)smb_data)->share_type, str))
          {
-            debug_logf(dce_smb_trace, nullptr, "%s: ignored %d\n",
-                smb2_command_string[SMB2_COM_TREE_CONNECT], tid);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s: ignored %d\n", smb2_command_string[SMB2_COM_TREE_CONNECT], tid);
              dce2_smb_stats.v2_tree_cnct_ignored++;
          }
      }
      else if (structure_size != SMB2_TREE_CONNECT_REQUEST_STRUC_SIZE)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_TREE_CONNECT]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_TREE_CONNECT]);
          dce2_smb_stats.v2_tree_cnct_inv_str_sz++;
      }
  }
@@ -219,8 +220,8 @@ void DCE2_Smb2TreeDisconnect(DCE2_Smb2SsnData*, const uint8_t* smb_data,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_TREE_DISCONNECT]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_TREE_DISCONNECT]);
          dce2_smb_stats.v2_tree_discn_inv_str_sz++;
      }
  }
@@ -243,8 +244,8 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd,
          if (file_data >= end)
          {
              dce2_smb_stats.v2_crt_inv_file_data++;
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file data seen\n",
-                smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: invalid file data seen\n", smb2_command_string[SMB2_COM_CREATE]);
              return;
          }
  
@@ -252,7 +253,8 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd,
          if (!size or (file_data + size > end))
          {
              dce2_smb_stats.v2_crt_inv_file_data++;
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file data seen with size %" PRIu16 "\n",
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: invalid file data seen with size %" PRIu16 "\n",
                  smb2_command_string[SMB2_COM_CREATE], size);
  
              return;
@@ -271,16 +273,16 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd,
          }
          else
          {
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n",
-                smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_CREATE]);
              dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats,
                  ssd->sd);
          }
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_REQ: name_offset %" PRIu16 "\n",
-            smb2_command_string[SMB2_COM_CREATE], name_offset);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_REQ: name_offset %" PRIu16 "\n", smb2_command_string[SMB2_COM_CREATE], name_offset);
          dce2_smb_stats.v2_crt_req_hdr_err++;
      }
  }
@@ -318,7 +320,8 @@ static void DCE2_Smb2CreateResponse(DCE2_Smb2SsnData*,
          FileContext* file = get_smb_file_context(ftracker->file_name_hash, fileId_persistent,
              true);
  
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: file size %" PRIu64 " fid %" PRIu64 ""
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: file size %" PRIu64 " fid %" PRIu64 ""
              "file_name_hash %" PRIu64 " file context %s\n", smb2_command_string[SMB2_COM_CREATE],
              file_size, fileId_persistent, ftracker->file_name_hash, (file ? "found" : "not found"));
  
@@ -361,8 +364,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
              ttr->removeRtracker(mid);
  
          dce2_smb_stats.v2_crt_err_resp++;
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n",
-            smb2_command_string[SMB2_COM_CREATE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: error\n", smb2_command_string[SMB2_COM_CREATE]);
      }
      // Using structure size to decide whether it is response or request
      else if (structure_size == SMB2_CREATE_REQUEST_STRUC_SIZE)
@@ -373,21 +376,21 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
  
          if (!ttr)
          {
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: mid stream session detected\n",
-                smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: mid stream session detected\n", smb2_command_string[SMB2_COM_CREATE]);
              ttr = DCE2_Smb2InsertTid(ssd, tid, SMB2_SHARE_TYPE_DISK, str);
              if (!ttr)
              {
-                debug_logf(dce_smb_trace, nullptr, "%s_REQ: insert tree tracker failed\n",
-                    smb2_command_string[SMB2_COM_CREATE]);
+                debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                    "%s_REQ: insert tree tracker failed\n", smb2_command_string[SMB2_COM_CREATE]);
                  return;
              }
          }
          else if (SMB2_SHARE_TYPE_DISK != ttr->get_share_type())
          {
              dce2_smb_stats.v2_crt_req_ipc++;
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: ignored for ipc share\n",
-                smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: ignored for ipc share\n", smb2_command_string[SMB2_COM_CREATE]);
              return;
          }
          DCE2_Smb2CreateRequest(ssd, (const Smb2CreateRequestHdr*)smb_data, end, str, ttr, mid);
@@ -400,8 +403,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
  
          if (!ttr)
          {
-            debug_logf(dce_smb_trace, nullptr, "%s_RESP: tree tracker missing\n",
-                 smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                 "%s_RESP: tree tracker missing\n", smb2_command_string[SMB2_COM_CREATE]);
              dce2_smb_stats.v2_crt_tree_trkr_misng++;
              return;
          }
@@ -409,8 +412,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          DCE2_Smb2RequestTracker* rtr = ttr->findRtracker(mid);
          if (!rtr)
          {
-            debug_logf(dce_smb_trace, nullptr, "%s_RESP: req tracker missing\n",
-                 smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                 "%s_RESP: req tracker missing\n", smb2_command_string[SMB2_COM_CREATE]);
              dce2_smb_stats.v2_crt_rtrkr_misng++;
              return;
          }
@@ -421,8 +424,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          if (((const Smb2CreateResponseHdr*)smb_data)->file_attributes &
              SMB2_CREATE_RESPONSE_DIRECTORY)
          {
-            debug_logf(dce_smb_trace, nullptr, "%s_RESP: not processing for directory\n",
-                 smb2_command_string[SMB2_COM_CREATE]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                 "%s_RESP: not processing for directory\n", smb2_command_string[SMB2_COM_CREATE]);
              ttr->removeRtracker(mid);
              DCE2_Smb2CleanFtrackerTcpRef(str, fileId_persistent);
              ttr->removeFtracker(fileId_persistent);
@@ -435,8 +438,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_CREATE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_CREATE]);
          dce2_smb_stats.v2_crt_inv_str_sz++;
      }
  }
@@ -453,8 +456,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
  
      if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr))
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n",
-            smb2_command_string[SMB2_COM_CLOSE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: error\n", smb2_command_string[SMB2_COM_CLOSE]);
          dce2_smb_stats.v2_cls_err_resp++;
      }
      // Using structure size to decide whether it is response or request
@@ -470,7 +473,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          if (!ftracker)
          {
              dce2_smb_stats.v2_cls_req_ftrkr_misng++;
-            debug_logf(dce_smb_trace, nullptr, "%s_REQ: ftracker missing %" PRIu64 "\n",
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: ftracker missing %" PRIu64 "\n",
                  smb2_command_string[SMB2_COM_CLOSE], fileId_persistent);
              return;
          }
@@ -500,8 +504,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      }
      else if (structure_size != SMB2_CLOSE_RESPONSE_STRUC_SIZE)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_CLOSE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_CLOSE]);
          dce2_smb_stats.v2_cls_inv_str_sz++;
      }
  }
@@ -517,8 +521,8 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr,
      // Using structure size to decide whether it is response or request
      if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr))
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: error resp\n",
-            smb2_command_string[SMB2_COM_SET_INFO]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: error resp\n", smb2_command_string[SMB2_COM_SET_INFO]);
          dce2_smb_stats.v2_stinf_err_resp++;
      }
      else if (structure_size == SMB2_SET_INFO_REQUEST_STRUC_SIZE)
@@ -541,7 +545,7 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr,
                  ftracker->file_size = file_size;
                  FileContext* file = get_smb_file_context(ftracker->file_name_hash,
                      fileId_persistent);
-                debug_logf(dce_smb_trace, nullptr,
+                debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
                      "%s_REQ: set file size %" PRIu64 " fid %" PRIu64 " file context %s\n",
                      smb2_command_string[SMB2_COM_SET_INFO], file_size, fileId_persistent,
                      file ? "found" : "not found");
@@ -553,21 +557,21 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr,
              else
              {
                  dce2_smb_stats.v2_stinf_req_ftrkr_misng++;
-                debug_logf(dce_smb_trace, nullptr,"%s_REQ: ftracker missing\n",
-                    smb2_command_string[SMB2_COM_SET_INFO]);
+                debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                    "%s_REQ: ftracker missing\n", smb2_command_string[SMB2_COM_SET_INFO]);
              }
          }
          else
          {
-            debug_logf(dce_smb_trace, nullptr,"%s_REQ: header error\n",
-                smb2_command_string[SMB2_COM_SET_INFO]);
+            debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "%s_REQ: header error\n", smb2_command_string[SMB2_COM_SET_INFO]);
              dce2_smb_stats.v2_stinf_req_hdr_err++;
          }
      }
      else if (structure_size != SMB2_SET_INFO_RESPONSE_STRUC_SIZE)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_SET_INFO]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_SET_INFO]);
          dce2_smb_stats.v2_stinf_inv_str_sz++;
      }
  }
@@ -594,8 +598,8 @@ static void DCE2_Smb2ReadRequest(DCE2_Smb2SsnData* ssd,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n",
-            smb2_command_string[SMB2_COM_READ]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_READ]);
          dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats,
              ssd->sd);
          return;
@@ -610,8 +614,8 @@ static void DCE2_Smb2ReadRequest(DCE2_Smb2SsnData* ssd,
  
      if (ftracker->file_size and (offset > ftracker->file_size))
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file offset\n",
-            smb2_command_string[SMB2_COM_READ]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_REQ: invalid file offset\n", smb2_command_string[SMB2_COM_READ]);
          dce_alert(GID_DCE2, DCE2_SMB_INVALID_FILE_OFFSET, (dce2CommonStats*)&dce2_smb_stats,
              ssd->sd);
      }
@@ -633,16 +637,16 @@ static void DCE2_Smb2ReadResponse(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      request = ttr->findRtracker(message_id);
      if (!request)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: request tracker missing\n",
-            smb2_command_string[SMB2_COM_READ]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: request tracker missing\n", smb2_command_string[SMB2_COM_READ]);
          dce2_smb_stats.v2_read_rtrkr_misng++;
          return;
      }
      data_offset = alignedNtohs((const uint16_t*)(&(smb_read_hdr->data_offset)));
      if (data_offset + (const uint8_t*)smb_hdr > end)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: bad offset\n",
-            smb2_command_string[SMB2_COM_READ]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: bad offset\n", smb2_command_string[SMB2_COM_READ]);
          dce_alert(GID_DCE2, DCE2_SMB_BAD_OFF, (dce2CommonStats*)&dce2_smb_stats, ssd->sd);
      }
  
@@ -685,8 +689,8 @@ void DCE2_Smb2Read(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          }
          ttr->removeRtracker(mid);
          dce2_smb_stats.v2_read_err_resp++;
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: error\n", smb2_command_string[SMB2_COM_WRITE]);
      }
      // Using structure size to decide whether it is response or request
      else if (structure_size == SMB2_READ_REQUEST_STRUC_SIZE)
@@ -707,8 +711,8 @@ void DCE2_Smb2Read(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      else
      {
          dce2_smb_stats.v2_read_inv_str_sz++;
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_WRITE]);
      }
  }
  
@@ -738,8 +742,8 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_WRITE]);
          dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats,
              ssd->sd);
          return;
@@ -748,8 +752,8 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      data_offset = alignedNtohs((const uint16_t*)(&(smb_write_hdr->data_offset)));
      if (data_offset + (const uint8_t*)smb_hdr > end)
      {
-        debug_logf(dce_smb_trace, nullptr, "%s_REQ: bad offset\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_REQ: bad offset\n", smb2_command_string[SMB2_COM_WRITE]);
          dce_alert(GID_DCE2, DCE2_SMB_BAD_OFF, (dce2CommonStats*)&dce2_smb_stats, ssd->sd);
      }
  
@@ -802,8 +806,8 @@ void DCE2_Smb2Write(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
          }
          ttr->removeRtracker(mid);
          dce2_smb_stats.v2_wrt_err_resp++;
-        debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s_RESP: error\n", smb2_command_string[SMB2_COM_WRITE]);
      }
      // Using structure size to decide whether it is response or request
      else if (structure_size == SMB2_WRITE_REQUEST_STRUC_SIZE)
@@ -820,8 +824,8 @@ void DCE2_Smb2Write(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_WRITE]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_WRITE]);
          dce2_smb_stats.v2_wrt_inv_str_sz++;
      }
  }
@@ -844,8 +848,8 @@ void DCE2_Smb2Logoff(DCE2_Smb2SsnData* ssd, const uint8_t* smb_data,
      }
      else
      {
-        debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n",
-            smb2_command_string[SMB2_COM_LOGOFF]);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "%s: invalid struct size\n", smb2_command_string[SMB2_COM_LOGOFF]);
          dce2_smb_stats.v2_logoff_inv_str_sz++;
      }
  }
diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc

index 0666ca1bd1c358214bf6da94836eca1bc0a35ce8..6f35b45ab876a0fa89ebe670cc09d9e70573414d 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc
@@ -80,7 +80,8 @@ DCE2_Smb2TreeTracker* DCE2_Smb2InsertTid(DCE2_Smb2SsnData* ssd, const uint32_t t
      if (share_type == SMB2_SHARE_TYPE_DISK and
          ssd->max_file_depth == -1 and DCE2_ScSmbFileDepth((dce2SmbProtoConf*)ssd->sd.config) == -1)
      {
-        debug_logf(dce_smb_trace, nullptr, "Not inserting TID (%u) because it's "
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Not inserting TID (%u) because it's "
              "not IPC and not inspecting normal file data.\n", tid);
          return nullptr;
      }
diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc

index 17df814d7515180f0511e1b1b900b4a36130322b..8652394ae3b3b08ecbe21978acc6084936befd71 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc
@@ -528,7 +528,8 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd,
              if (DCE2_SsnIsWindowsPolicy(&ssd->sd)
                  && ssd->cur_rtracker->ftracker->fp_byte_mode)
              {
-                debug_log(dce_smb_trace, nullptr, "Pipe is in byte mode - TRANS_TRANSACT_NMPIPE won't work\n");
+                debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+                    "Pipe is in byte mode - TRANS_TRANSACT_NMPIPE won't work\n");
                  return DCE2_RET__ERROR;
              }
              data_params = DCE2_SMB_TRANS__DATA;
@@ -588,7 +589,8 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd,
              && (DCE2_SmbTransactionGetName(nb_ptr, nb_len,
              byte_count, SmbUnicode(smb_hdr)) != DCE2_RET__SUCCESS))
          {
-            debug_log(dce_smb_trace, nullptr, "Failed to validate pipe name for Samba.\n");
+            debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+                "Failed to validate pipe name for Samba.\n");
              return DCE2_RET__ERROR;
          }
          break;
@@ -1071,7 +1073,8 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
      if (DCE2_ComInfoIsRequest(com_info)
          && !DCE2_SmbIsTransactionComplete(ttracker))
      {
-        debug_log(dce_smb_trace, nullptr, "Got new transaction request "
+        debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Got new transaction request "
              "that matches an in progress transaction - not inspecting.\n");
          return DCE2_RET__ERROR;
      }
@@ -1080,7 +1083,8 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
      if (DCE2_ComInfoIsRequest(com_info)
          && (DCE2_ComInfoWordCount(com_info) != 16))
      {
-        debug_log(dce_smb_trace, nullptr, "\\PIPE\\LANMAN request - not inspecting\n");
+        debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "\\PIPE\\LANMAN request - not inspecting\n");
          return DCE2_RET__IGNORE;
      }
  
@@ -1192,7 +1196,8 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
      if (DCE2_ComInfoIsRequest(com_info)
          && !DCE2_SmbIsTransactionComplete(ttracker))
      {
-        debug_log(dce_smb_trace, nullptr, "Got new transaction request "
+        debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Got new transaction request "
              "that matches an in progress transaction - not inspecting.\n");
          return DCE2_RET__ERROR;
      }
@@ -1450,7 +1455,8 @@ DCE2_Ret DCE2_SmbNtTransact(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
      if (DCE2_ComInfoIsRequest(com_info)
          && !DCE2_SmbIsTransactionComplete(ttracker))
      {
-        debug_log(dce_smb_trace, nullptr, "Got new transaction request "
+        debug_log(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Got new transaction request "
              "that matches an in progress transaction - not inspecting.\n");
          return DCE2_RET__ERROR;
      }
diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc

index 08f26cfcf4457f6980347c27445142c95772248e..8062c6d65d37ce7f4c7dfb046758889f87b1f0b6 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc
@@ -839,7 +839,8 @@ void DCE2_SmbInsertTid(DCE2_SmbSsnData* ssd,
      if ( !is_ipc and
          ssd->max_file_depth == -1 and DCE2_ScSmbFileDepth((dce2SmbProtoConf*)ssd->sd.config) == -1 )
      {
-        debug_logf(dce_smb_trace, nullptr, "Not inserting TID (%hu) "
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Not inserting TID (%hu) "
              "because it's not IPC and not inspecting normal file data.\n", tid);
          return;
      }
@@ -1547,7 +1548,7 @@ static DCE2_Ret DCE2_SmbFileAPIProcess(DCE2_SmbSsnData* ssd,
      if (!file_flows->file_process(p, data_ptr, (int)data_len, position, upload,
          DCE2_SmbIsVerdictSuspend(upload, position)))
      {
-        debug_logf(dce_smb_trace, nullptr, "File API returned FAILURE for (0x%02X) %s\n",
+        debug_logf(dce_smb_trace, p, "File API returned FAILURE for (0x%02X) %s\n",
              ftracker->fid_v1, upload ? "UPLOAD" : "DOWNLOAD");
  
          // Failure.  Abort tracking this file under file API
diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc

index 8777d867f88ef00947a75177fdf1b28db38624d9..d8da1ca69e91c96270a2815633e1f564b3a10b44 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -805,8 +805,8 @@ static void DCE2_SmbProcessCommand(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr
          com_info.cmd_size = 0;
          com_info.byte_count = 0;
          DCE2_SmbCheckCommand(ssd, smb_hdr, smb_com, nb_ptr, nb_len, com_info);
-        debug_logf(dce_smb_trace, nullptr, "Processing command: %s (0x%02X)\n",
-            get_smb_com_string(smb_com), smb_com);
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Processing command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com);
  
          // Note that even if the command shouldn't be processed, some of
          // the command functions need to know and do cleanup or some other
@@ -830,8 +830,8 @@ static void DCE2_SmbProcessCommand(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr
          if (smb_com2 == SMB_COM_NO_ANDX_COMMAND)
              break;
  
-        debug_logf(dce_smb_trace, nullptr, "Chained SMB command: %s\n", get_smb_com_string(
-            smb_com2));
+        debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+            "Chained SMB command: %s\n", get_smb_com_string(smb_com2));
  
          num_chained++;
          if (DCE2_ScSmbMaxChain((dce2SmbProtoConf*)ssd->sd.config) &&
@@ -1032,8 +1032,8 @@ static DCE2_SmbRequestTracker* DCE2_SmbInspect(DCE2_SmbSsnData* ssd, const SmbNt
  {
      int smb_com = SmbCom(smb_hdr);
  
-    debug_logf(dce_smb_trace, nullptr, "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com),
-        smb_com);
+    debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
+        "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com);
  
      if (smb_com_funcs[smb_com] == nullptr)
      {
@@ -1621,7 +1621,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd)
                  if (!DCE2_GcIsLegacyMode((dce2SmbProtoConf*)ssd->sd.config))
                  {
                      // Upgrade connection to SMBv2
-                    debug_log(dce_smb_trace, nullptr, "upgrading to smb2 session\n");
+                    debug_log(dce_smb_trace, p, "upgrading to smb2 session\n");
                      dce2SmbProtoConf* config = (dce2SmbProtoConf*)ssd->sd.config;
                      Dce2SmbFlowData* fd = (Dce2SmbFlowData*)p->flow->get_flow_data(
                          Dce2SmbFlowData::inspector_id);
@@ -1640,7 +1640,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd)
              rtracker = DCE2_SmbInspect(ssd, smb_hdr);
              if (rtracker == nullptr)
              {
-                debug_log(dce_smb_trace, nullptr, "Not inspecting SMB packet.\n");
+                debug_log(dce_smb_trace, p, "Not inspecting SMB packet.\n");
  
                  if (DCE2_BufferIsEmpty(*seg_buf))
                  {
diff --git a/src/service_inspectors/gtp/gtp.cc b/src/service_inspectors/gtp/gtp.cc

index 04f855181f8ce230b537e9db2b9d070374ff77f3..c6da65d5e6f49c37e65f7a3f7f72d1f3b02df680 100644 (file)
--- a/src/service_inspectors/gtp/gtp.cc
+++ b/src/service_inspectors/gtp/gtp.cc
@@ -26,9 +26,11 @@
  
  #include "gtp.h"
  
+#include "main/snort_debug.h"
  #include "protocols/packet.h"
  
  #include "gtp_inspect.h"
+#include "gtp_module.h"
  
  using namespace snort;
  
@@ -51,6 +53,7 @@ static inline int GTP_Process(const GTPConfig& config, Packet* p, GTP_Roptions*
       * Using msg_id avoids initializing info_elements for every message
       * Tabled based info_elements improves information element search performance */
      gtpMsg.msg_id = ++msg_id;
+    debug_logf(gtp_inspect_trace, p, "message id: %lu\n", gtpMsg.msg_id);
  
      int status = gtp_parse(config, &gtpMsg, gtp_buff, p->dsize);
  
diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc

index 8f508bd2ff877f992179151b7666f2bb54a1c682..15d0b76437ec8245a066a2a19623b8bf9646158c 100644 (file)
--- a/src/stream/ip/ip_defrag.cc
+++ b/src/stream/ip/ip_defrag.cc
@@ -624,7 +624,7 @@ static void FragRebuild(FragTracker* ft, Packet* p)
       */
      for ( Fragment* frag = ft->fraglist; frag; frag = frag->next )
      {
-        debug_logf(stream_ip_trace, nullptr,
+        debug_logf(stream_ip_trace, p,
              "   frag: %p\n"
              "   frag->data: %p\n"
              "   frag->offset: %d\n"
@@ -702,7 +702,7 @@ static void FragRebuild(FragTracker* ft, Packet* p)
      /*
       * process the packet through the detection engine
       */
-    debug_log(stream_ip_trace, nullptr, "Processing rebuilt packet:\n");
+    debug_log(stream_ip_trace, p, "Processing rebuilt packet:\n");
  
      ip_stats.reassembles++;
      ip_stats.reassembled_bytes += dpkt->pktlen;
@@ -721,7 +721,7 @@ static void FragRebuild(FragTracker* ft, Packet* p)
      Analyzer::get_local_analyzer()->process_rebuilt_packet(dpkt, dpkt->pkth, dpkt->pkt, dpkt->pktlen);
      de.set_encode_packet(nullptr);
  
-    debug_log(stream_ip_trace, nullptr, "Done with rebuilt packet, marking rebuilt...\n");
+    debug_log(stream_ip_trace, p, "Done with rebuilt packet, marking rebuilt...\n");
  
      ft->frag_flags |= FRAG_REBUILT;
  }
author	Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
	Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)
committer	Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
	Tue, 10 Nov 2020 11:39:49 +0000 (11:39 +0000)
src/actions/act_react.cc		patch \| blob \| blame \| history
src/detection/fp_detect.cc		patch \| blob \| blame \| history
src/detection/tag.cc		patch \| blob \| blame \| history
src/detection/tag.h		patch \| blob \| blame \| history
src/network_inspectors/rna/rna_logger.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb2.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb2_commands.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb2_utils.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_transaction.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_utils.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/smb_message.cc		patch \| blob \| blame \| history
src/service_inspectors/gtp/gtp.cc		patch \| blob \| blame \| history
src/stream/ip/ip_defrag.cc		patch \| blob \| blame \| history