From: Lokesh Bevinamarad (lbevinam) <lbevinam@cisco.com>
Date: Thu, 1 Apr 2021 08:45:04 +0000 (+0000)
Subject: Merge pull request #2804 in SNORT/snort3 from ~SMULKA/snort3:appid_trace to master
X-Git-Tag: 3.1.4.0~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25aafdc121369b995867732bfc9d613c8f0f4531;p=thirdparty%2Fsnort3.git

Merge pull request #2804 in SNORT/snort3 from ~SMULKA/snort3:appid_trace to master

Squashed commit of the following:

commit 357d3b90982070f6f39dc65cff521af60aef4906
Author: smulka <smulka@cisco.com>
Date:   Mon Mar 22 01:51:28 2021 -0400

    packet_tracer: Appid daq trace log
---

diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc
index 7fc87c283..37abd1499 100644
--- a/src/network_inspectors/appid/appid_inspector.cc
+++ b/src/network_inspectors/appid/appid_inspector.cc
@@ -67,7 +67,7 @@ static void openssl_cleanup()
     CRYPTO_cleanup_all_ex_data();
 }
 
-static void add_appid_to_packet_trace(Flow& flow, const OdpContext& odp_context)
+static void populate_trace_data(Flow& flow, const OdpContext& odp_context)
 {
     AppIdSession* session = appid_api.get_appid_session(flow);
     // Skip sessions using old odp context after odp reload
@@ -92,6 +92,16 @@ static void add_appid_to_packet_trace(Flow& flow, const OdpContext& odp_context)
             (payload_app_name ? payload_app_name : ""), payload_id,
             (misc_name ? misc_name : ""), misc_id);
     }
+    if (PacketTracer::is_daq_activated())
+    {
+        PacketTracer::daq_log("AppID+%" PRId64"++service: %s(%d), "
+            "client: %s(%d), payload: %s(%d), misc: %s(%d)$",
+            TO_NSECS(pt_timer->get()),
+            (service_app_name ? service_app_name : ""), service_id,
+            (client_app_name ? client_app_name : ""), client_id,
+            (payload_app_name ? payload_app_name : ""), payload_id,
+            (misc_name ? misc_name : ""), misc_id);
+    }
 }
 
 AppIdInspector::AppIdInspector(AppIdModule& mod)
@@ -190,12 +200,16 @@ void AppIdInspector::eval(Packet* p)
     Profile profile(appid_perf_stats);
     appid_stats.packets++;
 
+
     if (p->flow)
     {
+        if (PacketTracer::is_daq_activated())
+             PacketTracer::pt_timer_start();
+
         AppIdDiscovery::do_application_discovery(p, *this, *pkt_thread_odp_ctxt, pkt_thread_tp_appid_ctxt);
         // FIXIT-L tag verdict reason as appid for daq
-        if (PacketTracer::is_active())
-            add_appid_to_packet_trace(*p->flow, *pkt_thread_odp_ctxt);
+        if (PacketTracer::is_active() || PacketTracer::is_daq_activated())
+            populate_trace_data(*p->flow, *pkt_thread_odp_ctxt);
     }
     else
         appid_stats.ignored_packets++;
diff --git a/src/network_inspectors/packet_tracer/packet_tracer.cc b/src/network_inspectors/packet_tracer/packet_tracer.cc
index a2c918c18..7d0634c27 100644
--- a/src/network_inspectors/packet_tracer/packet_tracer.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer.cc
@@ -257,6 +257,12 @@ void PacketTracer::activate(const Packet& p)
         s_pkt_trace->active = false;
 }
 
+void PacketTracer::pt_timer_start()
+{
+    pt_timer->reset();
+    pt_timer->start();
+}
+
 // -----------------------------------------------------------------------------
 // non-static functions
 // -----------------------------------------------------------------------------
diff --git a/src/network_inspectors/packet_tracer/packet_tracer.h b/src/network_inspectors/packet_tracer/packet_tracer.h
index 1b52d02bb..176463848 100644
--- a/src/network_inspectors/packet_tracer/packet_tracer.h
+++ b/src/network_inspectors/packet_tracer/packet_tracer.h
@@ -77,6 +77,7 @@ public:
     static SO_PUBLIC void log(TracerMute, const char* format, ...) __attribute__((format (printf, 2, 3)));
 
     static SO_PUBLIC void daq_log(const char* format, ...) __attribute__((format (printf, 1, 2)));
+    static SO_PUBLIC void pt_timer_start();
 
 protected: