const GenericVar *gv = p->flow->flowvar;
uint16_t i;
while (gv != NULL) {
- if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
+ if (gv->type == DETECT_FLOWBITS) {
+ FlowBit *fb = (FlowBit *)gv;
+ const char *fbname = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
+ if (fbname) {
+ MemBufferWriteString(aft->buffer, "FLOWBIT: %s\n",
+ fbname);
+ }
+ } else if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
FlowVar *fv = (FlowVar *) gv;
if (fv->datatype == FLOWVAR_TYPE_STR) {
}
}
-/**
- * \brief Function to log the FlowBits in to alert-debug.log
- *
- * \param aft Pointer to AltertDebugLog Thread
- * \param p Pointer to the packet
- *
- * \todo const Packet ptr, requires us to change the
- * debuglog_flowbits_names logic.
- */
-static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p)
-{
- int i;
- for (i = 0; i < p->debuglog_flowbits_names_len; i++) {
- if (p->debuglog_flowbits_names[i] != NULL) {
- MemBufferWriteString(aft->buffer, "FLOWBIT: %s\n",
- p->debuglog_flowbits_names[i]);
- }
- }
-
- SCFree(p->debuglog_flowbits_names);
- p->debuglog_flowbits_names = NULL;
- p->debuglog_flowbits_names_len = 0;
-
- return;
-}
-
/**
* \brief Function to log the PktVars in to alert-debug.log
*
applayer ? "TRUE" : "FALSE",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p);
- AlertDebugLogFlowBits(aft, (Packet *)p); /* < no const */
}
AlertDebugLogPktVars(aft, p);
/** data linktype in host order */
int datalink;
- /* used to hold flowbits only if debuglog is enabled */
- int debuglog_flowbits_names_len;
- const char **debuglog_flowbits_names;
-
/* tunnel/encapsulation handling */
struct Packet_ *root; /* in case of tunnel this is a ptr
* to the 'real' packet, the one we
}
#endif
-static void AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(Packet *p, DetectEngineCtx *de_ctx)
-{
-#define MALLOC_JUMP 5
-
- int i = 0;
-
- GenericVar *gv = p->flow->flowvar;
-
- while (gv != NULL) {
- i++;
- gv = gv->next;
- }
- if (i == 0)
- return;
-
- p->debuglog_flowbits_names_len = i;
-
- p->debuglog_flowbits_names = SCMalloc(sizeof(char *) *
- p->debuglog_flowbits_names_len);
- if (p->debuglog_flowbits_names == NULL) {
- return;
- }
- memset(p->debuglog_flowbits_names, 0,
- sizeof(char *) * p->debuglog_flowbits_names_len);
-
- i = 0;
- gv = p->flow->flowvar;
- while (gv != NULL) {
- if (gv->type != DETECT_FLOWBITS) {
- gv = gv->next;
- continue;
- }
-
- FlowBit *fb = (FlowBit *) gv;
- const char *name = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
- if (name != NULL) {
- p->debuglog_flowbits_names[i] = SCStrdup(name);
- if (p->debuglog_flowbits_names[i] == NULL) {
- return;
- }
- i++;
- }
-
- if (i == p->debuglog_flowbits_names_len) {
- p->debuglog_flowbits_names_len += MALLOC_JUMP;
- const char **names = SCRealloc(p->debuglog_flowbits_names,
- sizeof(char *) *
- p->debuglog_flowbits_names_len);
- if (names == NULL) {
- SCFree(p->debuglog_flowbits_names);
- p->debuglog_flowbits_names = NULL;
- p->debuglog_flowbits_names_len = 0;
- return;
- }
- p->debuglog_flowbits_names = names;
- memset(p->debuglog_flowbits_names +
- p->debuglog_flowbits_names_len - MALLOC_JUMP,
- 0, sizeof(char *) * MALLOC_JUMP);
- }
-
- gv = gv->next;
- }
-
- return;
-}
-
static inline void
DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask)
{
* up again for the next packet. Also return any stream chunk we processed
* to the pool. */
if (p->flags & PKT_HAS_FLOW) {
- if (debuglog_enabled) {
- if (p->alerts.cnt > 0) {
- AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(p, de_ctx);
- }
- }
-
/* HACK: prevent the wrong sgh (or NULL) from being stored in the
* flow's sgh pointers */
if (PKT_IS_ICMPV4(p) && ICMPV4_DEST_UNREACH_IS_VALID(p)) {
projects / thirdparty / suricata.git / commitdiff
