Merge pull request #1188 in SNORT/snort3 from debug_specific_dir to master

Squashed commit of the following:

commit 4a9b44279dfa69da6c982b6101678224d5ea9216
Author: Nihal Desai <nihdesai@cisco.com>
Date:   Wed Apr 11 16:33:56 2018 -0400

    debug: Remove debug messages from detection and ips_options

diff --git a/src/detection/detect.cc b/src/detection/detect.cc
index 9c9cdcd1686f706ec3ce1cf8f528db0c3c647339..10be0ef272ecdea4dde00b72fdf3215b096a1b69 100644 (file)
--- a/src/detection/detect.cc
+++ b/src/detection/detect.cc
@@ -33,7 +33,6 @@
 #include "events/event.h"
 #include "latency/packet_latency.h"
 #include "main/snort_config.h"
-#include "main/snort_debug.h"
 #include "managers/event_manager.h"
 #include "managers/inspector_manager.h"
 #include "packet_io/active.h"
@@ -134,13 +133,9 @@ void check_tags(Packet* p)
     if ( DetectionEngine::get_check_tags() and !(p->packet_flags & PKT_REBUILT_STREAM) )
     {
         void* listhead = nullptr;
-        DebugMessage(DEBUG_FLOW, "calling CheckTagList\n");
 
         if (CheckTagList(p, event, &listhead))
         {
-            DebugMessage(DEBUG_FLOW, "Matching tag node found, "
-                "calling log functions\n");
-
             /* if we find a match, we want to send the packet to the
              * logging mechanism
              */

diff --git a/src/detection/detect_trace.h b/src/detection/detect_trace.h
index ca91df7d2f0473c518c892cc547a9ca2c9681535..925289cb99e2773be8d19e59c22febb709e58361 100644 (file)
--- a/src/detection/detect_trace.h
+++ b/src/detection/detect_trace.h
@@ -43,6 +43,8 @@ enum
     TRACE_RULE_VARS = 0x10,
     TRACE_FP_SEARCH = 0x20,
     TRACE_PKT_DETECTION = 0x40,
+    TRACE_OPTION_TREE = 0x80,
+    TRACE_TAG = 0x100,
 };
 
 void clear_trace_cursor_info();

diff --git a/src/detection/detection_options.cc b/src/detection/detection_options.cc
index 4d8a00bd80299dcd8c8e70e1cc5cd9c4013e7c28..9d1e5ea31685c0447931e5ade1c2f5888d820cca 100644 (file)
--- a/src/detection/detection_options.cc
+++ b/src/detection/detection_options.cc
@@ -300,7 +300,7 @@ static XHash* DetectionTreeHashTableNew()
 
 void print_option_tree(detection_option_tree_node_t* node, int level)
 {
-#ifdef DEBUG_OPTION_TREE
+#ifdef DEBUG_MSGS
     char buf[32];
     const char* opt;
 
@@ -314,8 +314,8 @@ void print_option_tree(detection_option_tree_node_t* node, int level)
         opt = buf;
     }
 
-    DebugFormatNoFileLine(DEBUG_DETECT, "%3d %3d  %p %*s\n",
-        level, node->num_children, node->option_data, level + strlen(opt), opt);
+    trace_logf(detection, TRACE_OPTION_TREE, "%3d %3d  %p %*s\n",
+        level, node->num_children, node->option_data, (int)(level + strlen(opt)), opt);
 
     for ( int i=0; i<node->num_children; i++ )
         print_option_tree(node->children[i], level+1);
@@ -438,9 +438,6 @@ int detection_option_node_evaluate(
                 if (sig_info.num_services && check_ports)
                 {
                     // none of the services match
-                    DebugFormat(DEBUG_DETECT,
-                        "[**] SID %u not matched because of service mismatch (%d!=%d [**]\n",
-                        sig_info.sid, snort_protocol_id, sig_info.services[0].snort_protocol_id);
                     trace_logf(detection, TRACE_RULE_EVAL,
                         "SID %u not matched because of service mismatch %d!=%d \n",
                         sig_info.sid, snort_protocol_id, sig_info.services[0].snort_protocol_id);

diff --git a/src/detection/detection_options.h b/src/detection/detection_options.h
index 76b9dfb1c369943fc7320ff1f6a0d84260574225..1f6d4ade26d6826b0d41c9c9e1d2aa9133d797c1 100644 (file)
--- a/src/detection/detection_options.h
+++ b/src/detection/detection_options.h
@@ -36,6 +36,9 @@
 #include "detection/rule_option_types.h"
 #include "time/clock_defs.h"
 
+#include "main/snort_debug.h"
+extern Trace TRACE_NAME(detection);
+
 namespace snort
 {
 struct Packet;

diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index dfb75728f615fb4d124be9b6f4c534bab5b4998f..5e25059fb6313b018685facf3075e4905986f06c 100644 (file)
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -307,14 +307,8 @@ int fpEvalRTN(RuleTreeNode* rtn, Packet* p, int check_ports)
 
     // FIXIT-L maybe add a port test here ...
 
-    DebugFormat(DEBUG_DETECT, "[*] Rule Head %p\n", (void*)rtn);
-
     if (!rtn->rule_func->RuleHeadFunc(p, rtn, rtn->rule_func, check_ports))
     {
-        DebugMessage(DEBUG_DETECT,
-            "   => Header check failed, checking next node\n");
-        DebugMessage(DEBUG_DETECT,
-            "   => returned from next node check\n");
         return 0;
     }
 
@@ -1113,10 +1107,6 @@ static inline void fpEvalHeaderTcp(Packet* p, OtnxMatchData* omd)
     if ( !prmFindRuleGroupTcp(SnortConfig::get_conf()->prmTcpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) )
         return;
 
-    DebugFormat(DEBUG_ATTRIBUTE,
-        "fpEvalHeaderTcp: sport=%d, dport=%d, src:%p, dst:%p, any:%p\n",
-        p->ptrs.sp,p->ptrs.dp,(void*)src,(void*)dst,(void*)any);
-
     if ( dst )
         fpEvalHeaderSW(dst, p, 1, 0, 0, omd);
 
@@ -1134,10 +1124,6 @@ static inline void fpEvalHeaderUdp(Packet* p, OtnxMatchData* omd)
     if ( !prmFindRuleGroupUdp(SnortConfig::get_conf()->prmUdpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) )
         return;
 
-    DebugFormat(DEBUG_ATTRIBUTE,
-        "fpEvalHeaderUdp: sport=%d, dport=%d, src:%p, dst:%p, any:%p\n",
-        p->ptrs.sp,p->ptrs.dp,(void*)src,(void*)dst,(void*)any);
-
     if ( dst )
         fpEvalHeaderSW(dst, p, 1, 0, 0, omd);
 
@@ -1154,30 +1140,19 @@ static inline bool fpEvalHeaderSvc(Packet* p, OtnxMatchData* omd, SnortProtocolI
 
     SnortProtocolId snort_protocol_id = p->get_snort_protocol_id();
 
-    DebugFormat(DEBUG_ATTRIBUTE, "snort_protocol_id=%hu\n", snort_protocol_id);
-
     if (snort_protocol_id != UNKNOWN_PROTOCOL_ID and snort_protocol_id != INVALID_PROTOCOL_ID)
     {
         if (p->is_from_server()) /* to cli */
         {
-            DebugMessage(DEBUG_ATTRIBUTE, "pkt_from_server\n");
-
             svc = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, false, snort_protocol_id);
             file = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, false, SNORT_PROTO_FILE);
         }
 
         if (p->is_from_client()) /* to srv */
         {
-            DebugMessage(DEBUG_ATTRIBUTE, "pkt_from_client\n");
-
             svc = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, true, snort_protocol_id);
             file = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, true, SNORT_PROTO_FILE);
         }
-
-        DebugFormat(DEBUG_ATTRIBUTE,
-            "fpEvalHeaderSvc:targetbased-ordinal-lookup: "
-            "sport=%d, dport=%d, snort_protocol_id=%hu, proto_id=%d, src:%p, "
-            "file:%p\n",p->ptrs.sp,p->ptrs.dp,snort_protocol_id,proto_id,(void*)svc,(void*)file);
     }
     // FIXIT-P put alert service rules with file data fp in alert file group and
     // verify ports and service during rule eval to avoid searching file data 2x.

diff --git a/src/detection/rtn_checks.cc b/src/detection/rtn_checks.cc
index 982c2e951d675addbe4b0753c91ed70c2cd7345b..144a5cc831c3f9a44ceef77def050eb4fd1b0f86 100644 (file)
--- a/src/detection/rtn_checks.cc
+++ b/src/detection/rtn_checks.cc
@@ -30,7 +30,6 @@
 #include "rtn_checks.h"
 
 #include "framework/ips_option.h"
-#include "main/snort_debug.h"
 #include "ports/port_object.h"
 #include "protocols/packet.h"
 #include "sfip/sf_ip.h"
@@ -57,15 +56,12 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
     int except_port_flag = 0;        /* port exception flag set */
     int ip_match = 0;                /* flag to indicate addr match made */
 
-    DebugMessage(DEBUG_DETECT, "CheckAddrPort: ");
     /* set up the packet particulars */
     if (mode & CHECK_SRC_IP)
     {
         pkt_addr = p->ptrs.ip_api.get_src();
         pkt_port = p->ptrs.sp;
 
-        DebugMessage(DEBUG_DETECT,"SRC ");
-
         if (mode & INVERSE)
         {
             global_except_addr_flag = flags & EXCEPT_DST_IP;
@@ -84,8 +80,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
         pkt_addr = p->ptrs.ip_api.get_dst();
         pkt_port = p->ptrs.dp;
 
-        DebugMessage(DEBUG_DETECT, "DST ");
-
         if (mode & INVERSE)
         {
             global_except_addr_flag = flags & EXCEPT_SRC_IP;
@@ -100,9 +94,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
         }
     }
 
-    DEBUG_WRAP( SfIpString ip_str; )
-    DebugFormat(DEBUG_DETECT, "addr %s, port %d ", pkt_addr->ntop(ip_str), pkt_port);
-
     if (!rule_addr)
         goto bail;
 
@@ -113,7 +104,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
     }
     else
     {
-        DebugMessage(DEBUG_DETECT, ", global exception flag set");
         /* global exception flag is up, we can't match on *any*
          * of the source addresses
          */
@@ -127,18 +117,12 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
 bail:
     if (!ip_match)
     {
-        DebugMessage(DEBUG_DETECT, ", no address match,  "
-            "packet rejected\n");
         return 0;
     }
 
-    DebugMessage(DEBUG_DETECT, ", addresses accepted");
-
     /* if the any port flag is up, we're all done (success) */
     if (any_port_flag)
     {
-        DebugMessage(DEBUG_DETECT, ", any port match, "
-            "packet accepted\n");
         return 1;
     }
 
@@ -153,26 +137,19 @@ bail:
         /* if the exception flag isn't up, fail */
         if (!except_port_flag)
         {
-            DebugMessage(DEBUG_DETECT, ", port mismatch,  "
-                "packet rejected\n");
             return 0;
         }
-        DebugMessage(DEBUG_DETECT, ", port mismatch exception");
     }
     else
     {
         /* if the exception flag is up, fail */
         if (except_port_flag)
         {
-            DebugMessage(DEBUG_DETECT,
-                ", port match exception,  packet rejected\n");
             return 0;
         }
-        DebugMessage(DEBUG_DETECT, ", ports match");
     }
 
     /* ports and address match */
-    DebugMessage(DEBUG_DETECT, ", packet accepted!\n");
     return 1;
 }
 
@@ -182,78 +159,44 @@ bail:
 int CheckBidirectional(Packet* p, RuleTreeNode* rtn_idx,
     RuleFpList*, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT, "Checking bidirectional rule...\n");
-
     if (CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p,
         rtn_idx->flags, CHECK_SRC_IP | (check_ports ? CHECK_SRC_PORT : 0)))
     {
-        DebugMessage(DEBUG_DETECT, "   Src->Src check passed\n");
         if (!CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p,
             rtn_idx->flags, CHECK_DST_IP | (check_ports ? CHECK_DST_PORT : 0)))
         {
-            DebugMessage(DEBUG_DETECT,
-                "   Dst->Dst check failed, checking inverse combination\n");
             if (CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p,
                 rtn_idx->flags, (CHECK_SRC_IP | INVERSE | (check_ports ? CHECK_SRC_PORT : 0))))
             {
-                DebugMessage(DEBUG_DETECT,
-                    "   Inverse Dst->Src check passed\n");
                 if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p,
                     rtn_idx->flags, (CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0))))
                 {
-                    DebugMessage(DEBUG_DETECT,
-                        "   Inverse Src->Dst check failed\n");
                     return 0;
                 }
-                else
-                {
-                    DebugMessage(DEBUG_DETECT, "Inverse addr/port match\n");
-                }
             }
             else
             {
-                DebugMessage(DEBUG_DETECT, "   Inverse Dst->Src check failed,"
-                    " trying next rule\n");
                 return 0;
             }
         }
-        else
-        {
-            DebugMessage(DEBUG_DETECT, "dest IP/port match\n");
-        }
     }
     else
     {
-        DebugMessage(DEBUG_DETECT,
-            "   Src->Src check failed, trying inverse test\n");
         if (CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p,
             rtn_idx->flags, CHECK_SRC_IP | INVERSE | (check_ports ? CHECK_SRC_PORT : 0)))
         {
-            DebugMessage(DEBUG_DETECT,
-                "   Dst->Src check passed\n");
-
             if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p,
                 rtn_idx->flags, CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0)))
             {
-                DebugMessage(DEBUG_DETECT,
-                    "   Src->Dst check failed\n");
                 return 0;
             }
-            else
-            {
-                DebugMessage(DEBUG_DETECT,
-                    "Inverse addr/port match\n");
-            }
         }
         else
         {
-            DebugMessage(DEBUG_DETECT,"   Inverse test failed, "
-                "testing next rule...\n");
             return 0;
         }
     }
 
-    DebugMessage(DEBUG_DETECT,"   Bidirectional success!\n");
     return 1;
 }
 
@@ -272,8 +215,6 @@ int CheckBidirectional(Packet* p, RuleTreeNode* rtn_idx,
  ***************************************************************************/
 int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT,"CheckSrcIPEqual: ");
-
     if (!(rtn_idx->flags & EXCEPT_SRC_IP))
     {
         if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) )
@@ -287,16 +228,12 @@ int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_
         /* global exception flag is up, we can't match on *any*
          * of the source addresses
          */
-        DebugMessage(DEBUG_DETECT,"  global exception flag, \n");
-
         if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) )
             return 0;
 
         return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
     }
 
-    DebugMessage(DEBUG_DETECT,"  Mismatch on SIP\n");
-
     /* return 0 on a failed test */
     return 0;
 }
@@ -316,8 +253,6 @@ int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_
  ***************************************************************************/
 int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT, "CheckDstIPEqual: ");
-
     if (!(rtn_idx->flags & EXCEPT_DST_IP))
     {
         if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) )
@@ -330,8 +265,6 @@ int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_
     {
         /* global exception flag is up, we can't match on *any*
          * of the source addresses */
-        DebugMessage(DEBUG_DETECT,"  global exception flag, \n");
-
         if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) )
             return 0;
 
@@ -344,8 +277,6 @@ int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_
 int CheckSrcPortEqual(Packet* p, RuleTreeNode* rtn_idx,
     RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT,"CheckSrcPortEqual: ");
-
     /* Check if attributes provided match earlier */
     if (check_ports == 0)
     {
@@ -353,22 +284,14 @@ int CheckSrcPortEqual(Packet* p, RuleTreeNode* rtn_idx,
     }
     if ( PortObjectHasPort(rtn_idx->src_portobject,p->ptrs.sp) )
     {
-        DebugMessage(DEBUG_DETECT, "  SP match!\n");
         return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
     }
-    else
-    {
-        DebugMessage(DEBUG_DETECT, "   SP mismatch!\n");
-    }
-
     return 0;
 }
 
 int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
     RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT,"CheckSrcPortNotEq: ");
-
     /* Check if attributes provided match earlier */
     if (check_ports == 0)
     {
@@ -376,13 +299,8 @@ int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
     }
     if ( !PortObjectHasPort(rtn_idx->src_portobject,p->ptrs.sp) )
     {
-        DebugMessage(DEBUG_DETECT, "  !SP match!\n");
         return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
     }
-    else
-    {
-        DebugMessage(DEBUG_DETECT, "  !SP mismatch!\n");
-    }
 
     return 0;
 }
@@ -390,8 +308,6 @@ int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
 int CheckDstPortEqual(Packet* p, RuleTreeNode* rtn_idx,
     RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT,"CheckDstPortEqual: ");
-
     /* Check if attributes provided match earlier */
     if (check_ports == 0)
     {
@@ -399,21 +315,14 @@ int CheckDstPortEqual(Packet* p, RuleTreeNode* rtn_idx,
     }
     if ( PortObjectHasPort(rtn_idx->dst_portobject,p->ptrs.dp) )
     {
-        DebugMessage(DEBUG_DETECT, " DP match!\n");
         return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
     }
-    else
-    {
-        DebugMessage(DEBUG_DETECT," DP mismatch!\n");
-    }
     return 0;
 }
 
 int CheckDstPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
     RuleFpList* fp_list, int check_ports)
 {
-    DebugMessage(DEBUG_DETECT,"CheckDstPortNotEq: ");
-
     /* Check if attributes provided match earlier */
     if (check_ports == 0)
     {
@@ -421,13 +330,8 @@ int CheckDstPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
     }
     if ( !PortObjectHasPort(rtn_idx->dst_portobject,p->ptrs.dp) )
     {
-        DebugMessage(DEBUG_DETECT, " !DP match!\n");
         return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
     }
-    else
-    {
-        DebugMessage(DEBUG_DETECT," !DP mismatch!\n");
-    }
 
     return 0;
 }

diff --git a/src/detection/tag.cc b/src/detection/tag.cc
index 5de7efc2e30d216f0c3cab67ba65cf02ae016232..96b2407474149ec3a9d20a7c5853140a36abec02 100644 (file)
--- a/src/detection/tag.cc
+++ b/src/detection/tag.cc
@@ -29,7 +29,6 @@
 #include "hash/xhash.h"
 #include "log/messages.h"
 #include "main/snort_config.h"
-#include "main/snort_debug.h"
 #include "parser/parser.h"
 #include "protocols/packet.h"
 #include "sfip/sf_ip.h"
@@ -38,6 +37,8 @@
 
 #include "treenodes.h"
 
+#include "detect_trace.h"
+
 using namespace snort;
 
 /*  D E F I N E S  **************************************************/
@@ -304,8 +305,6 @@ void CleanupTag()
 
 static void TagSession(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list)
 {
-    DebugMessage(DEBUG_FLOW, "TAGGING SESSION\n");
-
     AddTagNode(p, tag, TAG_SESSION, time, event_id, log_list);
 }
 
@@ -313,8 +312,6 @@ static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, v
 {
     int mode;
 
-    DebugMessage(DEBUG_FLOW, "TAGGING HOST\n");
-
     switch (tag->tag_direction)
     {
     case TAG_HOST_DST:
@@ -338,7 +335,7 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
     TagNode* returned;
     XHash* tag_cache_ptr = nullptr;
 
-    DebugMessage(DEBUG_FLOW, "Adding new Tag Head\n");
+    trace_logf(detection, TRACE_TAG, "Adding new Tag Head\n");
 
     if ( tag->tag_metric & TAG_METRIC_SESSION )
     {
@@ -353,12 +350,10 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
     }
     if (mode == TAG_SESSION)
     {
-        DebugMessage(DEBUG_FLOW,"Session Tag!\n");
         tag_cache_ptr = ssn_tag_cache_ptr;
     }
     else
     {
-        DebugMessage(DEBUG_FLOW,"Host Tag!\n");
         tag_cache_ptr = host_tag_cache_ptr;
     }
     idx = TagAlloc(tag_cache_ptr);
@@ -408,7 +403,6 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
 
     if (returned == nullptr)
     {
-        DebugMessage(DEBUG_FLOW,"Looking the other way!!\n");
         SwapTag(idx);
         returned = (TagNode*)xhash_find(tag_cache_ptr, idx);
         SwapTag(idx);
@@ -416,8 +410,6 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
 
     if (returned == nullptr)
     {
-        DebugMessage(DEBUG_FLOW,"Inserting a New Tag!\n");
-
         /* if we're supposed to be tagging the other side, swap it
            around -- Lawrence Reed */
         if (mode == TAG_HOST_DST)
@@ -427,17 +419,12 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
 
         if (xhash_add(tag_cache_ptr, idx, idx) != XHASH_OK)
         {
-            DebugMessage(DEBUG_FLOW,
-                "xhash_add failed, that's going to "
-                "make life difficult\n");
             TagFree(tag_cache_ptr, idx);
             return;
         }
     }
     else
     {
-        DebugMessage(DEBUG_FLOW,"Existing Tag found!\n");
-
         if (idx->metric & TAG_METRIC_SECONDS)
             returned->seconds = idx->seconds;
         else
@@ -463,15 +450,9 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
 
     if(p == nullptr || !p->ptrs.ip_api.is_ip())
     {
-        DebugMessage(DEBUG_FLOW, "bailing from CheckTagList, p->iph == NULL\n");
         return 0;
     }
 
-    DebugFormat(DEBUG_FLOW,"Host Tags Active: %u   Session Tags Active: %u\n",
-        xhash_count(host_tag_cache_ptr), xhash_count(ssn_tag_cache_ptr));
-
-    DebugMessage(DEBUG_FLOW, "[*] Checking session tag list (forward)...\n");
-
     idx.key.sip.set(*p->ptrs.ip_api.get_src());
     idx.key.dip.set(*p->ptrs.ip_api.get_dst());
     idx.key.sp = p->ptrs.sp;
@@ -487,14 +468,10 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
         idx.key.dp = p->ptrs.sp;
         idx.key.sp = p->ptrs.dp;
 
-        DebugMessage(DEBUG_FLOW, "   Checking session tag list (reverse)...\n");
         returned = (TagNode*)xhash_find(ssn_tag_cache_ptr, &idx);
 
         if (returned == nullptr)
         {
-            DebugMessage(DEBUG_FLOW, "   Checking host tag list "
-                "(forward)...\n");
-
             returned = (TagNode*)xhash_find(host_tag_cache_ptr, &idx);
 
             if (returned == nullptr)
@@ -510,26 +487,21 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
 
             if (returned != nullptr)
             {
-                DebugMessage(DEBUG_FLOW,"   [*!*] Found host node\n");
                 taglist = host_tag_cache_ptr;
             }
         }
         else
         {
-            DebugMessage(DEBUG_FLOW,"   [*!*] Found session node\n");
             taglist = ssn_tag_cache_ptr;
         }
     }
     else
     {
-        DebugMessage(DEBUG_FLOW,"   [*!*] Found session node\n");
         taglist = ssn_tag_cache_ptr;
     }
 
     if (returned != nullptr)
     {
-        DebugMessage(DEBUG_FLOW, "    ! Found tag node !\n");
-
         returned->last_access = p->pkth->ts.tv_sec;
         returned->pkt_count++;
 
@@ -588,9 +560,6 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
 
         if ( !returned->metric )
         {
-            DebugMessage(DEBUG_FLOW,
-                "    Prune condition met for tag, removing from list\n");
-
             if (xhash_remove(taglist, returned) != XHASH_OK)
             {
                 LogMessage("WARNING: failed to remove tagNode from hash.\n");
@@ -600,8 +569,6 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
 
     if ( (u_int)(p->pkth->ts.tv_sec) > last_prune_time + TAG_PRUNE_QUANTUM )
     {
-        DebugMessage(DEBUG_FLOW,
-            "Exceeded Prune Quantum, pruning tag trees\n");
         PruneTagCache(p->pkth->ts.tv_sec, 0);
         last_prune_time = p->pkth->ts.tv_sec;
     }
@@ -683,8 +650,6 @@ static int PruneTime(XHash* tree, uint32_t thetime)
 
 void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id)
 {
-    DebugMessage(DEBUG_FLOW, "Setting tags\n");
-
     if (otn != nullptr && otn->tag != nullptr)
     {
         if (otn->tag->tag_type != 0)
@@ -692,23 +657,12 @@ void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id)
             RuleTreeNode* rtn = getRuntimeRtnFromOtn(otn);
             void* log_list = rtn ? rtn->listhead : nullptr;
 
-            DEBUG_WRAP( SfIpString ip_str; )
             switch (otn->tag->tag_type)
             {
             case TAG_SESSION:
-                DebugMessage(DEBUG_FLOW,"Setting session tag:\n");
-                DebugFormat(DEBUG_FLOW,"SIP: %s  SP: %d   ",
-                    p->ptrs.ip_api.get_src()->ntop(ip_str), p->ptrs.sp);
-                DebugFormat(DEBUG_FLOW,"DIP: %s  DP: %d\n",
-                    p->ptrs.ip_api.get_dst()->ntop(ip_str), p->ptrs.dp);
                 TagSession(p, otn->tag, p->pkth->ts.tv_sec, event_id, log_list);
                 break;
             case TAG_HOST:
-                DebugMessage(DEBUG_FLOW,"Setting host tag:\n");
-                DebugFormat(DEBUG_FLOW,"SIP: %s  SP: %d   ",
-                    p->ptrs.ip_api.get_src()->ntop(ip_str), p->ptrs.sp);
-                DebugFormat(DEBUG_FLOW, "DIP: %s  DP: %d\n",
-                    p->ptrs.ip_api.get_dst()->ntop(ip_str), p->ptrs.dp);
                 TagHost(p, otn->tag, p->pkth->ts.tv_sec, event_id, log_list);
                 break;
 

diff --git a/src/detection/tag.h b/src/detection/tag.h
index 2fc782cf72986f3c661ce95ffbaebcd6ffac2057..2a935cae473163b742656b883b44d86df3b1bf16 100644 (file)
--- a/src/detection/tag.h
+++ b/src/detection/tag.h
@@ -29,6 +29,9 @@
 
 #include <cstdint>
 
+#include "main/snort_debug.h"
+extern Trace TRACE_NAME(detection);
+
 namespace snort
 {
 struct Packet;

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index ae3c2170e820af885636a3f1ed770fc62fc6be5d..6971e82b96de4b813dfc4651604483fcde06bfbd 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -153,9 +153,6 @@ void FlowControl::timeout_flows(time_t cur_time)
 
 void FlowControl::preemptive_cleanup()
 {
-    DebugFormat(DEBUG_FLOW, "doing preemptive cleanup for packet of type %u",
-            (unsigned) last_pkt_type);
-
     // FIXIT-H is there a possibility of this looping forever?
     while ( memory::MemoryCap::over_threshold() )
     {

diff --git a/src/ips_options/asn1_detect.cc b/src/ips_options/asn1_detect.cc
index f9ad1dc37c9b3e4713d49a6477d31addb97274f3..0819d5f4b6b823b75941b3b435ae8e6152e072da 100644 (file)
--- a/src/ips_options/asn1_detect.cc
+++ b/src/ips_options/asn1_detect.cc
@@ -55,7 +55,6 @@
 
 #include "asn1_detect.h"
 
-#include "main/snort_debug.h"
 #include "utils/snort_bounds.h"
 
 #include "asn1_util.h"
@@ -327,8 +326,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin
     case REL_OFFSET:
         if (!rel_ptr)
         {
-            DebugMessage(DEBUG_ASN1, "[*] No rel_ptr for "
-                "relative offset, so we are bailing.\n");
             return 0;
         }
 
@@ -340,8 +337,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin
         */
         if (!inBounds(start, end + 1, rel_ptr))
         {
-            DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds "
-                "check failed for rel_ptr.\n");
             return 0;
         }
 
@@ -349,8 +344,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin
 
         if (!inBounds(start, end, offset))
         {
-            DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds "
-                "check failed rel_ptr+offset.\n");
             return 0;
         }
 
@@ -362,8 +355,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin
 
         if (!inBounds(start, end, offset))
         {
-            DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds "
-                "check failed.\n");
             return 0;
         }
 
@@ -379,8 +370,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin
     iRet = asn1_decode(offset, size, &asn1);
     if (iRet && !asn1)
     {
-        DebugMessage(DEBUG_ASN1, "[*] ASN.1 decode failed "
-            "miserably.\n");
         return 0;
     }
 

diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc
index 7ca473daa6cb6dcb4fbf60f2742353a4db78a73c..6a4cc32a267fdcf035534a9f39cd99e0605254e9 100644 (file)
--- a/src/ips_options/ips_byte_test.cc
+++ b/src/ips_options/ips_byte_test.cc
@@ -199,9 +199,6 @@ static inline bool byte_test_check(uint32_t op, uint32_t val, uint32_t cmp, bool
 
     if ( not_flag )
     {
-        DebugMessage(DEBUG_PATTERN_MATCH,
-            "checking for not success...flag\n");
-
         success = !success;
     }
 
@@ -338,9 +335,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p)
             endian, btd->bytes_to_compare,
             start_ptr, c.buffer(), c.endo(), &value))
             return NO_MATCH;
-#ifdef DEBUG_MSGS
-        payload_bytes_grabbed = (int)btd->bytes_to_compare;
-#endif
     }
     else
     {
@@ -354,9 +348,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p)
 
         if ( payload_bytes_grabbed < 0 )
         {
-            DebugMessage(DEBUG_PATTERN_MATCH,
-                "String Extraction Failed\n");
-
             return NO_MATCH;
         }
     }
@@ -371,10 +362,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p)
         }
     }
 
-    DebugFormat(DEBUG_PATTERN_MATCH,
-        "Grabbed %d bytes at offset %d, value = 0x%08X(%u)\n",
-        payload_bytes_grabbed, btd->offset, value, value);
-
     if ( byte_test_check(btd->opcode, value, cmp_value, btd->not_flag) )
         return MATCH;
 

diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc
index 9f13f533d2161f767e602d08485a8537dad813a3..e45a83a6fbbb1c61818c171c88a96dd47f194397 100644 (file)
--- a/src/ips_options/ips_content.cc
+++ b/src/ips_options/ips_content.cc
@@ -378,8 +378,6 @@ static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c)
 {
     Profile profile(contentPerfStats);
 
-    DebugMessage(DEBUG_PATTERN_MATCH, "CheckPatternANDMatch: ");
-
     int found = uniSearchReal(idx, c);
 
     if ( found == -1 )
@@ -397,12 +395,10 @@ static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c)
 
     if ( found )
     {
-        DebugMessage(DEBUG_PATTERN_MATCH, "Pattern match found\n");
         return IpsOption::MATCH;
     }
     else
     {
-        DebugMessage(DEBUG_PATTERN_MATCH, "Pattern match failed\n");
         return IpsOption::NO_MATCH;
     }
 }
@@ -490,7 +486,6 @@ static void parse_offset(ContentData* cd, const char* data)
         }
     }
 
-    DebugFormat(DEBUG_PARSER, "Pattern offset = %d\n", cd->pmd.offset);
 }
 
 static void parse_depth(ContentData* cd, const char* data)
@@ -530,7 +525,6 @@ static void parse_depth(ContentData* cd, const char* data)
         }
     }
 
-    DebugFormat(DEBUG_PATTERN_MATCH, "Pattern depth = %d\n", cd->pmd.depth);
 }
 
 static void parse_distance(ContentData* cd, const char* data)
@@ -600,7 +594,6 @@ static void parse_within(ContentData* cd, const char* data)
         }
     }
 
-    DebugFormat(DEBUG_PATTERN_MATCH, "Pattern within = %d\n", cd->pmd.depth);
 
     cd->pmd.set_relative();
 }

diff --git a/src/ips_options/ips_cvs.cc b/src/ips_options/ips_cvs.cc
index e678c1161bc90a06908ae136ab92ce86394e405e..650fcaeb256fdcdd0a67cd673489c887f6ee1e58 100644 (file)
--- a/src/ips_options/ips_cvs.cc
+++ b/src/ips_options/ips_cvs.cc
@@ -186,13 +186,6 @@ static int CvsDecode(const uint8_t* data, uint16_t data_len,
         if (command.cmd_str == nullptr)
             return CVS_NO_ALERT;
 
-        DebugFormat(DEBUG_IPS_OPTION, "CVS command\n"
-            " command: %.*s\n"
-            "argument: %.*s\n",
-            command.cmd_str_len, (const char*)command.cmd_str,
-            command.cmd_arg == nullptr ? 4 : command.cmd_arg_len,
-            command.cmd_arg == nullptr ? "none" : (const char*)command.cmd_arg);
-
         switch (cvs_rule_option->type)
         {
         case CVS_INVALID_ENTRY:

diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc
index 49332962f2eb9ed52e5ce5b2e41ff353858c12c1..c9af1a28d0fab006ac19899f293ba5c50d714c6b 100644 (file)
--- a/src/ips_options/ips_flags.cc
+++ b/src/ips_options/ips_flags.cc
@@ -126,62 +126,38 @@ IpsOption::EvalStatus TcpFlagOption::eval(Cursor&, Packet* p)
     TcpFlagCheckData* flagptr = &config;
     u_char tcp_flags = p->ptrs.tcph->th_flags & (0xFF ^ flagptr->tcp_mask);
 
-    DebugMessage(DEBUG_IPS_OPTION, "           <!!> CheckTcpFlags: ");
-
     switch ((flagptr->mode))
     {
     case M_NORMAL:
         if (flagptr->tcp_flags == tcp_flags)    /* only these set */
         {
-            DebugMessage(DEBUG_IPS_OPTION,"Got TCP [default] flag match!\n");
             return MATCH;
         }
-        else
-        {
-            DebugMessage(DEBUG_IPS_OPTION,"No match\n");
-        }
         break;
 
     case M_ALL:
         /* all set */
         if ((flagptr->tcp_flags & tcp_flags) == flagptr->tcp_flags)
         {
-            DebugMessage(DEBUG_IPS_OPTION, "Got TCP [ALL] flag match!\n");
             return MATCH;
         }
-        else
-        {
-            DebugMessage(DEBUG_IPS_OPTION,"No match\n");
-        }
         break;
 
     case M_NOT:
         if ((flagptr->tcp_flags & tcp_flags) == 0)     /* none set */
         {
-            DebugMessage(DEBUG_IPS_OPTION,"Got TCP [NOT] flag match!\n");
             return MATCH;
         }
-        else
-        {
-            DebugMessage(DEBUG_IPS_OPTION, "No match\n");
-        }
         break;
 
     case M_ANY:
         if ((flagptr->tcp_flags & tcp_flags) != 0)     /* something set */
         {
-            DebugMessage(DEBUG_IPS_OPTION,"Got TCP [ANY] flag match!\n");
             return MATCH;
         }
-        else
-        {
-            DebugMessage(DEBUG_IPS_OPTION,"No match\n");
-        }
         break;
 
     default:      /* Should never see this */
-        DebugMessage(DEBUG_IPS_OPTION, "TCP flag check went to default case"
-            " for some silly reason\n");
         break;
     }
 

diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc
index 21e40abed16c2904e47e6b54385b7d092dc5bd85..02516ce205b8df1c6b96d94967c05fe9202f99f3 100644 (file)
--- a/src/ips_options/ips_flowbits.cc
+++ b/src/ips_options/ips_flowbits.cc
@@ -633,8 +633,6 @@ static void processFlowbits(
         return;
     }
 
-    DebugFormat(DEBUG_FLOWBITS, "%s tag id parsing %s\n", s_name, flowbits_names);
-
     flowbits_name = snort_strdup(flowbits_names);
 
     if (nullptr != strchr(flowbits_name, '|'))
@@ -799,23 +797,6 @@ static FLOWBITS_GRP* getFlowBitGroup(char* groupName)
     return flowbits_grp;
 }
 
-#ifdef DEBUG_MSGS
-static void printOutFlowbits(FLOWBITS_OP* flowbits)
-{
-    DebugFormat(DEBUG_FLOWBITS, "%s: type = %d\n", s_name, flowbits->type);
-    DebugFormat(DEBUG_FLOWBITS, "%s: name = %s\n", s_name, flowbits->name);
-    DebugFormat(DEBUG_FLOWBITS, "%s: eval = %d\n", s_name, flowbits->eval);
-    DebugFormat(DEBUG_FLOWBITS, "%s: num_ids = %d\n", s_name, flowbits->num_ids);
-    DebugFormat(DEBUG_FLOWBITS, "%s: grp_id = %u\n", s_name, flowbits->group_id);
-    DebugFormat(DEBUG_FLOWBITS, "%s: group_name = %s\n", s_name, flowbits->group);
-
-    for (int i = 0; i < flowbits->num_ids; i++)
-    {
-        DebugFormat(DEBUG_FLOWBITS, "%s: value = %d\n", s_name, flowbits->ids[i]);
-    }
-}
-#endif
-
 static void processFlowBitsWithGroup(char* flowbitsName, char* groupName, FLOWBITS_OP* flowbits)
 {
     FLOWBITS_GRP* flowbits_grp;
@@ -829,7 +810,6 @@ static void processFlowBitsWithGroup(char* flowbitsName, char* groupName, FLOWBI
         flowbits->group_id = flowbits_grp->group_id;
     }
     validateFlowbitsSyntax(flowbits);
-    DEBUG_WRAP(printOutFlowbits(flowbits));
 
     if ( flowbits->group )
         op_list.push_front(flowbits);

diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc
index 09bf6296003ae22ebc5a683cb8b738f2b367840b..e956026e69e667f73532c1299b1423c664908c3c 100644 (file)
--- a/src/ips_options/ips_ip_proto.cc
+++ b/src/ips_options/ips_ip_proto.cc
@@ -112,7 +112,6 @@ IpsOption::EvalStatus IpProtoOption::eval(Cursor&, Packet* p)
 
     if (!p->has_ip())
     {
-        DebugMessage(DEBUG_IPS_OPTION,"Not IP\n");
         return NO_MATCH;
     }
 

diff --git a/src/ips_options/ips_ipopts.cc b/src/ips_options/ips_ipopts.cc
index 775aab0e43e75da821dafc67cf71d26956b40979..c3655e105597e3e1fb21ff2cba92ef2dbbefd7e3 100644 (file)
--- a/src/ips_options/ips_ipopts.cc
+++ b/src/ips_options/ips_ipopts.cc
@@ -111,7 +111,6 @@ IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p)
 
     if ((config.any_flag == 1) && (option_len > 0))
     {
-        DebugMessage(DEBUG_IPS_OPTION, "Matched any ip options!\n");
         return MATCH;
     }
 
@@ -119,10 +118,6 @@ IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p)
 
     for ( const ip::IpOptions& opt : iter)
     {
-        DebugFormat(DEBUG_IPS_OPTION, "testing pkt(%d):rule(%d)\n",
-            static_cast<int>(config.ip_option),
-            static_cast<int>(opt.code));
-
         if (config.ip_option == opt.code)
             return MATCH;
 

diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc
index ef9c9ccfb080dfb096b96dc7e67046fc3c82d94d..cef9dd67ea86ac039c1ebbd6b9c271be4511015e 100644 (file)
--- a/src/ips_options/ips_pcre.cc
+++ b/src/ips_options/ips_pcre.cc
@@ -258,7 +258,6 @@ static void pcre_parse(const char* data, PcreData* pcre_data)
     }
 
     /* now compile the re */
-    DebugFormat(DEBUG_PATTERN_MATCH, "pcre: compiling %s\n", re);
     pcre_data->re = pcre_compile(re, compile_flags, &error, &erroffset, nullptr);
 
     if (pcre_data->re == nullptr)
@@ -408,7 +407,6 @@ static bool pcre_search(
     }
     else
     {
-        DebugFormat(DEBUG_PATTERN_MATCH, "pcre_exec error : %d \n", result);
         return false;
     }
 

diff --git a/src/main/snort_debug.h b/src/main/snort_debug.h
index 538847f8f98ddec667e791a1b8ab0097e7ce2a46..ddd2144965e11ad4f41763432c46d2ba546c0a02 100644 (file)
--- a/src/main/snort_debug.h
+++ b/src/main/snort_debug.h
@@ -34,16 +34,12 @@
 #define DEBUG_BUILTIN "SNORT_DEBUG"
 
 #define DEBUG_INIT            0x0000000000000001LL
-#define DEBUG_PARSER          0x0000000000000002LL
 #define DEBUG_PORTLISTS       0x0000000000000004LL
 #define DEBUG_ATTRIBUTE       0x0000000000000008LL
 #define DEBUG_DECODE          0x0000000000000010LL
 #define DEBUG_CONFIGRULES     0x0000000000000020LL
-#define DEBUG_DETECT          0x0000000000000040LL
 #define DEBUG_PATTERN_MATCH   0x0000000000000080LL
-#define DEBUG_FLOW            0x0000000000000100LL
 #define DEBUG_LOG             0x0000000000000200LL
-#define DEBUG_FLOWBITS        0x0000000000000400LL
 #define DEBUG_FILE            0x0000000000000800LL
 #define DEBUG_MEMORY          0x0000000000001000LL
 // FIXIT-L latency doesn't use any debug messages
@@ -60,11 +56,9 @@
 #define DEBUG_STREAM          0x0000000200000000LL
 #define DEBUG_STREAM_STATE    0x0000000400000000LL
 #define DEBUG_STREAM_PAF      0x0000000800000000LL
-#define DEBUG_ASN1            0x0000002000000000LL
 
 #define DEBUG_CODEC           0x0001000000000000LL
 #define DEBUG_IPS_ACTION      0x0004000000000000LL
-#define DEBUG_IPS_OPTION      0x0008000000000000LL
 #define DEBUG_MPSE            0x0010000000000000LL
 #define DEBUG_SO_RULE         0x0020000000000000LL
 #define DEBUG_LOGGER          0x0040000000000000LL