From: Victor Julien Date: Fri, 30 Nov 2018 10:37:46 +0000 (+0100) Subject: rust/nfs: improve debug output X-Git-Tag: suricata-4.1.1~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27f87567ca161ee948550f1c6193194e9ea93feb;p=thirdparty%2Fsuricata.git rust/nfs: improve debug output --- diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 7498a50a67..2df5f01a9c 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -403,11 +403,11 @@ impl NFSState { SCLogDebug!("get_tx_by_xid: tx_xid={}", tx_xid); for tx in &mut self.transactions { if !tx.is_file_tx && tx.xid == tx_xid { - SCLogDebug!("Found NFS TX with ID {} XID {}", tx.id, tx.xid); + SCLogDebug!("Found NFS TX with ID {} XID {:04X}", tx.id, tx.xid); return Some(tx); } } - SCLogDebug!("Failed to find NFS TX with XID {}", tx_xid); + SCLogDebug!("Failed to find NFS TX with XID {:04X}", tx_xid); return None; } @@ -457,7 +457,7 @@ impl NFSState { mytx.file_handle = resp_handle.to_vec(); } - SCLogDebug!("process_reply_record: tx ID {} XID {} REQUEST {} RESPONSE {}", + SCLogDebug!("process_reply_record: tx ID {} XID {:04X} REQUEST {} RESPONSE {}", mytx.id, mytx.xid, mytx.request_done, mytx.response_done); }, None => { @@ -540,7 +540,7 @@ impl NFSState { direction == tx.file_tx_direction && tx.file_handle == fh { - SCLogDebug!("Found NFS file TX with ID {} XID {}", tx.id, tx.xid); + SCLogDebug!("Found NFS file TX with ID {} XID {:04X}", tx.id, tx.xid); let (files, flags) = self.files.get(direction); return Some((tx, files, flags)); } @@ -630,7 +630,7 @@ impl NFSState { match self.requestmap.remove(&r.hdr.xid) { Some(p) => { xidmap = p; }, _ => { - SCLogDebug!("REPLY: xid {} NOT FOUND. GAPS? TS:{} TC:{}", + SCLogDebug!("REPLY: xid {:04X} NOT FOUND. GAPS? TS:{} TC:{}", r.hdr.xid, self.ts_ssn_gap, self.tc_ssn_gap); // TODO we might be able to try to infer from the size + data @@ -638,6 +638,8 @@ impl NFSState { return 0; }, } + SCLogDebug!("process_reply_record: removed xid {:04X} from requestmap", + r.hdr.xid); if self.nfs_version == 0 { self.nfs_version = xidmap.progver as u16; @@ -680,7 +682,7 @@ impl NFSState { } else { self.tc_chunk_xid }; - SCLogDebug!("chunk left {}, input {}", chunk_left, data.len()); + SCLogDebug!("filetracker_update: chunk left {}, input {} chunk_xid {:04X}", chunk_left, data.len(), xid); let file_handle; // we have the data that we expect @@ -887,8 +889,9 @@ impl NFSState { self.tc_chunk_left = (reply.count as u32 + fill_bytes) - reply.data.len() as u32; } - SCLogDebug!("REPLY {} to procedure {} blob size {} / {}: chunk_left {}", - r.hdr.xid, NFSPROC3_READ, r.prog_data.len(), reply.count, self.tc_chunk_left); + SCLogDebug!("REPLY {} to procedure {} blob size {} / {}: chunk_left {} chunk_xid {:04X}", + r.hdr.xid, NFSPROC3_READ, r.prog_data.len(), reply.count, self.tc_chunk_left, + self.tc_chunk_xid); 0 } @@ -910,6 +913,7 @@ impl NFSState { } pub fn parse_tcp_data_ts_gap<'b>(&mut self, gap_size: u32) -> u32 { + SCLogDebug!("parse_tcp_data_ts_gap ({})", gap_size); if self.tcp_buffer_ts.len() > 0 { self.tcp_buffer_ts.clear(); } @@ -921,10 +925,12 @@ impl NFSState { } self.ts_ssn_gap = true; self.ts_gap = true; + SCLogDebug!("parse_tcp_data_ts_gap ({}) done", gap_size); return 0 } pub fn parse_tcp_data_tc_gap<'b>(&mut self, gap_size: u32) -> u32 { + SCLogDebug!("parse_tcp_data_tc_gap ({})", gap_size); if self.tcp_buffer_tc.len() > 0 { self.tcp_buffer_tc.clear(); } @@ -936,6 +942,7 @@ impl NFSState { } self.tc_ssn_gap = true; self.tc_gap = true; + SCLogDebug!("parse_tcp_data_tc_gap ({}) done", gap_size); return 0 }