Merge pull request #2805 in SNORT/snort3 from ~KRPRAJAP/snort3:pinhole_serv to master

Squashed commit of the following:

commit ffc93030a0477fd864452bd5a01efeeef7e0f6e3
Author: Krithika Prajapathi <krprajap@cisco.com>
Date:   Mon Mar 22 01:10:09 2021 -0400

    log: pinhole serviceability

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index ea301b84993b6630eb8b24f7e18aee0ea21305de..27578c65a8a92c38ccabcd17ce7cf77a02f06963 100644 (file)
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -26,6 +26,7 @@
 #include "detection/ips_context.h"
 #include "hash/zhash.h"
 #include "packet_io/sfdaq_instance.h"
+#include "packet_tracer/packet_tracer.h"
 #include "protocols/packet.h"
 #include "protocols/vlan.h"
 #include "pub_sub/expect_events.h"
@@ -381,8 +382,19 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro
         last = nullptr;
         /* Only add TCP and UDP expected flows for now via the DAQ module. */
         if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_instance)
+        {
+            if (PacketTracer::is_active())
+            {
+                SfIpString sipstr;
+                SfIpString dipstr;
+                cliIP->ntop(sipstr, sizeof(sipstr));
+                srvIP->ntop(dipstr, sizeof(dipstr));
+                PacketTracer::log("Create expected channel request sent with %s -> %s %hu %hhu\n",
+                        dipstr, sipstr, srvPort, static_cast<uint8_t>(ip_proto));
+            }
             ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort,
                     ip_proto, 1000, 0);
+        }
     }
 
     bool new_expect_flow = false;