From: Michael Altizer (mialtize) Date: Fri, 8 May 2020 17:31:11 +0000 (+0000) Subject: Merge pull request #2165 in SNORT/snort3 from ~SVLASIUK/snort3:trace_module to master X-Git-Tag: 3.0.1-4~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3af1606b12ab58c26dc144049ef4370efeac250c;p=thirdparty%2Fsnort3.git Merge pull request #2165 in SNORT/snort3 from ~SVLASIUK/snort3:trace_module to master Squashed commit of the following: commit 64ec8e2b940ab8815d8061f9a50ee6e82de3c435 Author: Serhii Vlasiuk Date: Thu Apr 2 13:10:17 2020 +0300 trace: move module trace configuration into the trace module. Instead of trace configuration being distributed amongst the individual module configurations, all module trace topic and level configuration is now centralized within the trace module. --- diff --git a/src/codecs/codec_module.cc b/src/codecs/codec_module.cc index f619e3870..bd188fdc7 100644 --- a/src/codecs/codec_module.cc +++ b/src/codecs/codec_module.cc @@ -23,25 +23,29 @@ #include "codecs/codec_module.h" -#include "main/snort_debug.h" +#include "trace/trace.h" using namespace snort; #define codec_module_help \ "general decoder rules" -static const char s_module_name[] = "decode"; +#define s_name "decode" -Trace decode_trace(s_module_name); +THREAD_LOCAL const Trace* decode_trace = nullptr; static const Parameter s_params[] = {{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }}; -CodecModule::CodecModule() : Module(s_module_name, codec_module_help, s_params, false, &decode_trace) +CodecModule::CodecModule() : BaseCodecModule(s_name, codec_module_help, s_params) { } -bool CodecModule::set(const char* fqn, Value& v, SnortConfig* sc) +void CodecModule::set_trace(const Trace* trace) const +{ decode_trace = trace; } + +const TraceOption* CodecModule::get_trace_options() const { - return Module::set(fqn, v, sc); + static const TraceOption codec_trace_options(nullptr, 0, nullptr); + return &codec_trace_options; } static const RuleMap general_decode_rules[] = diff --git a/src/codecs/codec_module.h b/src/codecs/codec_module.h index a180c0984..1c39e9d2e 100644 --- a/src/codecs/codec_module.h +++ b/src/codecs/codec_module.h @@ -24,9 +24,15 @@ #include #include "framework/module.h" -#include "main/snort_debug.h" #include "main/snort_types.h" +namespace snort +{ +class Trace; +} + +extern THREAD_LOCAL const snort::Trace* decode_trace; + namespace snort { constexpr int GID_DECODE = 116; @@ -221,29 +227,33 @@ enum CodecSid : uint32_t // module //------------------------------------------------------------------------- -class SO_PUBLIC CodecModule : public Module +class BaseCodecModule : public Module { public: - CodecModule(); - CodecModule(const char* s, const char* h) : Module(s, h) + BaseCodecModule(const char* s, const char* h) : Module(s, h) { } - CodecModule(const char* s, const char* h, const Parameter* p, bool is_list = false) + BaseCodecModule(const char* s, const char* h, const Parameter* p, bool is_list = false) : Module(s, h, p, is_list) { } unsigned get_gid() const override { return GID_DECODE; } - const RuleMap* get_rules() const override; - Usage get_usage() const override { return CONTEXT; } +}; + +class SO_PUBLIC CodecModule : public BaseCodecModule +{ +public: + CodecModule(); + + const RuleMap* get_rules() const override; - bool set(const char*, snort::Value&, snort::SnortConfig*) override; + void set_trace(const Trace*) const override; + const TraceOption* get_trace_options() const override; }; } -extern snort::Trace decode_trace; - #endif diff --git a/src/codecs/ip/cd_auth.cc b/src/codecs/ip/cd_auth.cc index 7f8662842..ce449d9ec 100644 --- a/src/codecs/ip/cd_auth.cc +++ b/src/codecs/ip/cd_auth.cc @@ -39,10 +39,10 @@ static const RuleMap auth_rules[] = { 0, nullptr } }; -class AuthModule : public CodecModule +class AuthModule : public BaseCodecModule { public: - AuthModule() : CodecModule(CD_AUTH_NAME, CD_AUTH_HELP) { } + AuthModule() : BaseCodecModule(CD_AUTH_NAME, CD_AUTH_HELP) { } const RuleMap* get_rules() const override { return auth_rules; } diff --git a/src/codecs/ip/cd_esp.cc b/src/codecs/ip/cd_esp.cc index 843cebba9..d2e1add93 100644 --- a/src/codecs/ip/cd_esp.cc +++ b/src/codecs/ip/cd_esp.cc @@ -47,10 +47,10 @@ static const Parameter esp_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -class EspModule : public CodecModule +class EspModule : public BaseCodecModule { public: - EspModule() : CodecModule(CD_ESP_NAME, CD_ESP_HELP, esp_params) { } + EspModule() : BaseCodecModule(CD_ESP_NAME, CD_ESP_HELP, esp_params) { } const RuleMap* get_rules() const override { return esp_rules; } diff --git a/src/codecs/ip/cd_gre.cc b/src/codecs/ip/cd_gre.cc index 41f0e4da9..407b6bd0a 100644 --- a/src/codecs/ip/cd_gre.cc +++ b/src/codecs/ip/cd_gre.cc @@ -53,10 +53,10 @@ static const RuleMap gre_rules[] = { 0, nullptr } }; -class GreModule : public CodecModule +class GreModule : public BaseCodecModule { public: - GreModule() : CodecModule(CD_GRE_NAME, CD_GRE_HELP) { } + GreModule() : BaseCodecModule(CD_GRE_NAME, CD_GRE_HELP) { } const RuleMap* get_rules() const override { return gre_rules; } diff --git a/src/codecs/ip/cd_icmp4.cc b/src/codecs/ip/cd_icmp4.cc index 57ae178d0..5c3e73eb6 100644 --- a/src/codecs/ip/cd_icmp4.cc +++ b/src/codecs/ip/cd_icmp4.cc @@ -90,10 +90,10 @@ static const RuleMap icmp4_rules[] = { 0, nullptr } }; -class Icmp4Module : public CodecModule +class Icmp4Module : public BaseCodecModule { public: - Icmp4Module() : CodecModule(CD_ICMP4_NAME, CD_ICMP4_HELP) { } + Icmp4Module() : BaseCodecModule(CD_ICMP4_NAME, CD_ICMP4_HELP) { } const RuleMap* get_rules() const override { return icmp4_rules; } diff --git a/src/codecs/ip/cd_icmp6.cc b/src/codecs/ip/cd_icmp6.cc index 515f4fd7d..20dbd9a5b 100644 --- a/src/codecs/ip/cd_icmp6.cc +++ b/src/codecs/ip/cd_icmp6.cc @@ -81,10 +81,10 @@ static const RuleMap icmp6_rules[] = { 0, nullptr } }; -class Icmp6Module : public CodecModule +class Icmp6Module : public BaseCodecModule { public: - Icmp6Module() : CodecModule(CD_ICMP6_NAME, CD_ICMP6_HELP) { } + Icmp6Module() : BaseCodecModule(CD_ICMP6_NAME, CD_ICMP6_HELP) { } const RuleMap* get_rules() const override { return icmp6_rules; } diff --git a/src/codecs/ip/cd_igmp.cc b/src/codecs/ip/cd_igmp.cc index cd98736d1..5dad1ee7b 100644 --- a/src/codecs/ip/cd_igmp.cc +++ b/src/codecs/ip/cd_igmp.cc @@ -37,10 +37,10 @@ static const RuleMap igmp_rules[] = { 0, nullptr } }; -class IgmpModule : public CodecModule +class IgmpModule : public BaseCodecModule { public: - IgmpModule() : CodecModule(CD_IGMP_NAME, CD_IGMP_HELP) { } + IgmpModule() : BaseCodecModule(CD_IGMP_NAME, CD_IGMP_HELP) { } const RuleMap* get_rules() const override { return igmp_rules; } diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index bc96a6e09..525f1cf0d 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -91,10 +91,10 @@ static const RuleMap ipv4_rules[] = { 0, nullptr } }; -class Ipv4Module : public CodecModule +class Ipv4Module : public BaseCodecModule { public: - Ipv4Module() : CodecModule(CD_IPV4_NAME, CD_IPV4_HELP) { } + Ipv4Module() : BaseCodecModule(CD_IPV4_NAME, CD_IPV4_HELP) { } const RuleMap* get_rules() const override { return ipv4_rules; } diff --git a/src/codecs/ip/cd_ipv6.cc b/src/codecs/ip/cd_ipv6.cc index 4aac146c5..f1f8432d4 100644 --- a/src/codecs/ip/cd_ipv6.cc +++ b/src/codecs/ip/cd_ipv6.cc @@ -75,10 +75,10 @@ static const RuleMap ipv6_rules[] = { 0, nullptr } }; -class Ipv6Module : public CodecModule +class Ipv6Module : public BaseCodecModule { public: - Ipv6Module() : CodecModule(CD_IPV6_NAME, CD_IPV6_HELP) { } + Ipv6Module() : BaseCodecModule(CD_IPV6_NAME, CD_IPV6_HELP) { } const RuleMap* get_rules() const override { return ipv6_rules; } diff --git a/src/codecs/ip/cd_pgm.cc b/src/codecs/ip/cd_pgm.cc index c71a8a7ce..a4e495596 100644 --- a/src/codecs/ip/cd_pgm.cc +++ b/src/codecs/ip/cd_pgm.cc @@ -40,10 +40,10 @@ static const RuleMap pgm_rules[] = { 0, nullptr } }; -class PgmModule : public CodecModule +class PgmModule : public BaseCodecModule { public: - PgmModule() : CodecModule(CD_PGM_NAME, CD_PGM_HELP) { } + PgmModule() : BaseCodecModule(CD_PGM_NAME, CD_PGM_HELP) { } const RuleMap* get_rules() const override { return pgm_rules; } diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index 6e43611c9..4bdcde167 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -96,10 +96,10 @@ static const RuleMap tcp_rules[] = { 0, nullptr } }; -class TcpModule : public CodecModule +class TcpModule : public BaseCodecModule { public: - TcpModule() : CodecModule(CD_TCP_NAME, CD_TCP_HELP) { } + TcpModule() : BaseCodecModule(CD_TCP_NAME, CD_TCP_HELP) { } const RuleMap* get_rules() const override { return tcp_rules; } diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 333051de3..8443a82ad 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -137,10 +137,10 @@ private: bool vxlan_decode = true; }; -class UdpModule : public CodecModule +class UdpModule : public BaseCodecModule { public: - UdpModule() : CodecModule(CD_UDP_NAME, CD_UDP_HELP, udp_params) + UdpModule() : BaseCodecModule(CD_UDP_NAME, CD_UDP_HELP, udp_params) { config = nullptr; } @@ -172,6 +172,7 @@ public: config = nullptr; return tmp; } + private: UdpCodecConfig* config; }; diff --git a/src/codecs/link/cd_arp.cc b/src/codecs/link/cd_arp.cc index 3cedb3823..d387ea587 100644 --- a/src/codecs/link/cd_arp.cc +++ b/src/codecs/link/cd_arp.cc @@ -39,10 +39,10 @@ static const RuleMap arp_rules[] = { 0, nullptr } }; -class ArpModule : public CodecModule +class ArpModule : public BaseCodecModule { public: - ArpModule() : CodecModule(CD_ARP_NAME, CD_ARP_HELP) { } + ArpModule() : BaseCodecModule(CD_ARP_NAME, CD_ARP_HELP) { } const RuleMap* get_rules() const override { return arp_rules; } diff --git a/src/codecs/link/cd_ciscometadata.cc b/src/codecs/link/cd_ciscometadata.cc index 55e46d1ea..f7d8f9c87 100644 --- a/src/codecs/link/cd_ciscometadata.cc +++ b/src/codecs/link/cd_ciscometadata.cc @@ -64,10 +64,10 @@ struct CiscoMetaDataStats }; static THREAD_LOCAL CiscoMetaDataStats ciscometadata_stats; -class CiscoMetaDataModule : public CodecModule +class CiscoMetaDataModule : public BaseCodecModule { public: - CiscoMetaDataModule() : CodecModule(CD_CISCOMETADATA_NAME, CD_CISCOMETADATA_HELP) { } + CiscoMetaDataModule() : BaseCodecModule(CD_CISCOMETADATA_NAME, CD_CISCOMETADATA_HELP) { } const RuleMap* get_rules() const override { return ciscometadata_rules; } diff --git a/src/codecs/link/cd_erspan2.cc b/src/codecs/link/cd_erspan2.cc index f746c5839..54abe21c6 100644 --- a/src/codecs/link/cd_erspan2.cc +++ b/src/codecs/link/cd_erspan2.cc @@ -38,10 +38,10 @@ static const RuleMap erspan2_rules[] = { 0, nullptr } }; -class Erspan2Module : public CodecModule +class Erspan2Module : public BaseCodecModule { public: - Erspan2Module() : CodecModule(CD_ERSPAN2_NAME, CD_ERSPAN2_HELP) { } + Erspan2Module() : BaseCodecModule(CD_ERSPAN2_NAME, CD_ERSPAN2_HELP) { } const RuleMap* get_rules() const override { return erspan2_rules; } diff --git a/src/codecs/link/cd_erspan3.cc b/src/codecs/link/cd_erspan3.cc index a7bc44c8f..e10d03ab3 100644 --- a/src/codecs/link/cd_erspan3.cc +++ b/src/codecs/link/cd_erspan3.cc @@ -37,10 +37,10 @@ static const RuleMap erspan3_rules[] = { 0, nullptr } }; -class Erspan3Module : public CodecModule +class Erspan3Module : public BaseCodecModule { public: - Erspan3Module() : CodecModule(CD_ERSPAN3_NAME, CD_ERSPAN3_HELP) { } + Erspan3Module() : BaseCodecModule(CD_ERSPAN3_NAME, CD_ERSPAN3_HELP) { } const RuleMap* get_rules() const override { return erspan3_rules; } diff --git a/src/codecs/link/cd_fabricpath.cc b/src/codecs/link/cd_fabricpath.cc index 1b351f750..423e748b9 100644 --- a/src/codecs/link/cd_fabricpath.cc +++ b/src/codecs/link/cd_fabricpath.cc @@ -37,10 +37,10 @@ static const RuleMap fabricpath_rules[] = { 0, nullptr } }; -class FabricPathModule : public CodecModule +class FabricPathModule : public BaseCodecModule { public: - FabricPathModule() : CodecModule(CD_FABRICPATH_NAME, CD_FABRICPATH_HELP) { } + FabricPathModule() : BaseCodecModule(CD_FABRICPATH_NAME, CD_FABRICPATH_HELP) { } const RuleMap* get_rules() const override { return fabricpath_rules; } diff --git a/src/codecs/link/cd_mpls.cc b/src/codecs/link/cd_mpls.cc index 1655555cb..8acf8b171 100644 --- a/src/codecs/link/cd_mpls.cc +++ b/src/codecs/link/cd_mpls.cc @@ -78,10 +78,10 @@ struct MplsStats }; static THREAD_LOCAL MplsStats mpls_stats; -class MplsModule : public CodecModule +class MplsModule : public BaseCodecModule { public: - MplsModule() : CodecModule(CD_MPLS_NAME, CD_MPLS_HELP, mpls_params) { } + MplsModule() : BaseCodecModule(CD_MPLS_NAME, CD_MPLS_HELP, mpls_params) { } const RuleMap* get_rules() const override { return mpls_rules; } diff --git a/src/codecs/link/cd_pppoe.cc b/src/codecs/link/cd_pppoe.cc index 8205546f8..e2dc212c1 100644 --- a/src/codecs/link/cd_pppoe.cc +++ b/src/codecs/link/cd_pppoe.cc @@ -63,10 +63,10 @@ static const RuleMap pppoe_rules[] = #define pppoe_help \ "support for point-to-point protocol over ethernet" -class PPPoEModule : public CodecModule +class PPPoEModule : public BaseCodecModule { public: - PPPoEModule() : CodecModule(CD_PPPOE_NAME, pppoe_help) { } + PPPoEModule() : BaseCodecModule(CD_PPPOE_NAME, pppoe_help) { } const RuleMap* get_rules() const override { return pppoe_rules; } diff --git a/src/codecs/link/cd_vlan.cc b/src/codecs/link/cd_vlan.cc index c58bf3c4d..045a8c30c 100644 --- a/src/codecs/link/cd_vlan.cc +++ b/src/codecs/link/cd_vlan.cc @@ -41,10 +41,10 @@ static const RuleMap vlan_rules[] = { 0, nullptr } }; -class VlanModule : public CodecModule +class VlanModule : public BaseCodecModule { public: - VlanModule() : CodecModule(CD_VLAN_NAME, CD_VLAN_HELP) { } + VlanModule() : BaseCodecModule(CD_VLAN_NAME, CD_VLAN_HELP) { } const RuleMap* get_rules() const override { return vlan_rules; } diff --git a/src/codecs/misc/cd_gtp.cc b/src/codecs/misc/cd_gtp.cc index 50302aa2c..ae9961c65 100644 --- a/src/codecs/misc/cd_gtp.cc +++ b/src/codecs/misc/cd_gtp.cc @@ -40,10 +40,10 @@ static const RuleMap gtp_rules[] = { 0, nullptr } }; -class GtpModule : public CodecModule +class GtpModule : public BaseCodecModule { public: - GtpModule() : CodecModule(CD_GTP_NAME, CD_GTP_HELP) { } + GtpModule() : BaseCodecModule(CD_GTP_NAME, CD_GTP_HELP) { } const RuleMap* get_rules() const override { return gtp_rules; } diff --git a/src/codecs/misc/cd_llc.cc b/src/codecs/misc/cd_llc.cc index cbaaf2a24..c83c22b4c 100644 --- a/src/codecs/misc/cd_llc.cc +++ b/src/codecs/misc/cd_llc.cc @@ -39,10 +39,10 @@ static const RuleMap llc_rules[] = { 0, nullptr } }; -class LlcModule : public CodecModule +class LlcModule : public BaseCodecModule { public: - LlcModule() : CodecModule(LLC_NAME, LLC_HELP) {} + LlcModule() : BaseCodecModule(LLC_NAME, LLC_HELP) {} const RuleMap* get_rules() const override { return llc_rules; } diff --git a/src/codecs/root/cd_eth.cc b/src/codecs/root/cd_eth.cc index 9f0e16ef7..4a722dd4c 100644 --- a/src/codecs/root/cd_eth.cc +++ b/src/codecs/root/cd_eth.cc @@ -45,10 +45,10 @@ static const RuleMap eth_rules[] = { 0, nullptr } }; -class EthModule : public CodecModule +class EthModule : public BaseCodecModule { public: - EthModule() : CodecModule(CD_ETH_NAME, CD_ETH_HELP) { } + EthModule() : BaseCodecModule(CD_ETH_NAME, CD_ETH_HELP) { } const RuleMap* get_rules() const override { return eth_rules; } diff --git a/src/connectors/file_connector/test/file_connector_module_test.cc b/src/connectors/file_connector/test/file_connector_module_test.cc index c69d0af4c..caf39c67e 100644 --- a/src/connectors/file_connector/test/file_connector_module_test.cc +++ b/src/connectors/file_connector/test/file_connector_module_test.cc @@ -26,8 +26,6 @@ #include "connectors/file_connector/file_connector_module.h" #include "profiler/profiler.h" -#include "main/snort_debug.h" - #include #include @@ -45,12 +43,6 @@ char* snort_strdup(const char* s) { return strdup(s); } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - TEST_GROUP(file_connector_module) { }; diff --git a/src/connectors/file_connector/test/file_connector_test.cc b/src/connectors/file_connector/test/file_connector_test.cc index 825d2c648..313f5a3d6 100644 --- a/src/connectors/file_connector/test/file_connector_test.cc +++ b/src/connectors/file_connector/test/file_connector_test.cc @@ -26,8 +26,6 @@ #include "connectors/file_connector/file_connector.h" #include "connectors/file_connector/file_connector_module.h" -#include "main/snort_debug.h" - #include #include @@ -59,12 +57,6 @@ const char* get_instance_file(std::string& file, const char* name) { file += name; return nullptr; } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - FileConnectorModule::FileConnectorModule() : Module("FC", "FC Help", nullptr) { } diff --git a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc index 45b384c91..cb3653485 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc @@ -26,8 +26,6 @@ #include "connectors/tcp_connector/tcp_connector_module.h" #include "profiler/profiler.h" -#include "main/snort_debug.h" - #include #include @@ -45,12 +43,6 @@ char* snort_strdup(const char* s) { return strdup(s); } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - TEST_GROUP(tcp_connector_module) { }; diff --git a/src/connectors/tcp_connector/test/tcp_connector_test.cc b/src/connectors/tcp_connector/test/tcp_connector_test.cc index b144f50d2..af9576284 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_test.cc @@ -31,8 +31,6 @@ #include #include -#include "main/snort_debug.h" - #include #include @@ -170,12 +168,6 @@ static void set_normal_status() s_rec_return_zero = false; } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - TcpConnectorModule::TcpConnectorModule() : Module("TCPC", "TCPC Help", nullptr) { } diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc index 686be66bf..58e3b5459 100644 --- a/src/detection/context_switcher.cc +++ b/src/detection/context_switcher.cc @@ -30,7 +30,6 @@ #include "packet_io/active.h" #include "utils/stats.h" -#include "detection_module.h" #include "detect_trace.h" #include "ips_context.h" #include "ips_context_data.h" @@ -72,6 +71,7 @@ void ContextSwitcher::start() assert(!c->has_callbacks()); c->context_num = ++global_context_num; + debug_logf(detection_trace, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::start %" PRIu64 " (i=%zu, b=%zu)\n", get_packet_number(), c->context_num, idle.size(), busy.size()); diff --git a/src/detection/detect_trace.cc b/src/detection/detect_trace.cc index 3ddc3af78..e12c8ee7e 100644 --- a/src/detection/detect_trace.cc +++ b/src/detection/detect_trace.cc @@ -25,7 +25,6 @@ #include "detect_trace.h" #include "log/log.h" -#include "main/snort_debug.h" #include "main/thread.h" #include "protocols/packet.h" #include "utils/stats.h" @@ -96,7 +95,7 @@ void print_pattern(const PatternMatchData* pmd) void dump_buffer(const uint8_t* buff, unsigned len, Packet* p) { - if ( !detection_trace.enabled(TRACE_BUFFER) ) + if ( !trace_enabled(detection_trace, TRACE_BUFFER) ) return; if (len == 0) @@ -125,10 +124,10 @@ void node_eval_trace(const detection_option_tree_node_t* node, const Cursor& cur "Reached leaf, cursor name %s, cursor position %u\n", name, pos); } - if ( !detection_trace.enabled(TRACE_BUFFER) ) + if ( !trace_enabled(detection_trace, TRACE_BUFFER) ) return; - if ( detection_trace.enabled(TRACE_BUFFER, 5) ) + if ( trace_enabled(detection_trace, TRACE_BUFFER, 5) ) dump_buffer(cursor.buffer() + pos, cursor.length(), p); else if ((pos != cursor_pos) || strcmp(cursor_name, name)) { diff --git a/src/detection/detect_trace.h b/src/detection/detect_trace.h index af4b09097..1f3527d76 100644 --- a/src/detection/detect_trace.h +++ b/src/detection/detect_trace.h @@ -25,14 +25,15 @@ #include "framework/cursor.h" #include "main/snort_types.h" +#include "main/thread.h" namespace snort { struct Packet; -struct Trace; +class Trace; } -extern snort::Trace detection_trace; +extern THREAD_LOCAL const snort::Trace* detection_trace; struct detection_option_tree_node_t; struct PatternMatchData; diff --git a/src/detection/detection_module.cc b/src/detection/detection_module.cc index e97ba5847..bb561e614 100644 --- a/src/detection/detection_module.cc +++ b/src/detection/detection_module.cc @@ -30,59 +30,28 @@ #include "log/messages.h" #include "main/snort_config.h" #include "main/thread_config.h" +#include "trace/trace.h" #include "detect_trace.h" using namespace snort; -static const char s_module_name[] = "detection"; +THREAD_LOCAL const Trace* detection_trace = nullptr; -/* *INDENT-OFF* */ // Uncrustify handles this section incorrectly. -static const Parameter detection_module_trace_values[] = +static const TraceOption detection_trace_options[] = { - { "all", Parameter::PT_INT, "0:255", "0", "enable detection module trace logging options" }, - - { "detect_engine", Parameter::PT_INT, "0:255", "0", "enable detection engine trace logging" }, - - { "rule_eval", Parameter::PT_INT, "0:255", "0", "enable rule evaluation trace logging" }, - - { "buffer", Parameter::PT_INT, "0:255", "0", "enable buffer trace logging" }, - - { "rule_vars", Parameter::PT_INT, "0:255", "0", "enable rule variables trace logging" }, - - { "fp_search", Parameter::PT_INT, "0:255", "0", "enable fast pattern search trace logging" }, - - { "pkt_detect", Parameter::PT_INT, "0:255", "0", "enable packet detection trace logging" }, - - { "opt_tree", Parameter::PT_INT, "0:255", "0", "enable tree option trace logging" }, - - { "tag", Parameter::PT_INT, "0:255", "0", "enable tag trace logging" }, - - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; - -static const Parameter detection_module_trace[] = -{ - { "trace", Parameter::PT_TABLE, detection_module_trace_values, nullptr, "trace config for detection module" }, - - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } + { "detect_engine", TRACE_DETECTION_ENGINE, "enable detection engine trace logging" }, + { "rule_eval", TRACE_RULE_EVAL, "enable rule evaluation trace logging" }, + { "buffer", TRACE_BUFFER, "enable buffer trace logging" }, + { "rule_vars", TRACE_RULE_VARS, "enable rule variables trace logging" }, + { "fp_search", TRACE_FP_SEARCH, "enable fast pattern search trace logging" }, + { "pkt_detect", TRACE_PKT_DETECTION, "enable packet detection trace logging" }, + { "opt_tree", TRACE_OPTION_TREE, "enable tree option trace logging" }, + { "tag", TRACE_TAG, "enable tag trace logging" }, + + { nullptr, 0, nullptr } }; -static const TraceOptionString detection_trace_options[] = -{ - { "detect_engine", TRACE_DETECTION_ENGINE }, - { "rule_eval", TRACE_RULE_EVAL }, - { "buffer", TRACE_BUFFER }, - { "rule_vars", TRACE_RULE_VARS }, - { "fp_search", TRACE_FP_SEARCH }, - { "pkt_detect", TRACE_PKT_DETECTION }, - { "opt_tree", TRACE_OPTION_TREE }, - { "tag", TRACE_TAG } -}; - -Trace detection_trace(s_module_name, detection_trace_options, - (sizeof(detection_trace_options) / sizeof(TraceOptionString))); - static const Parameter detection_params[] = { { "asn1", Parameter::PT_INT, "0:65535", "0", @@ -132,10 +101,17 @@ static const Parameter detection_params[] = #define detection_help \ "configure general IPS rule processing parameters" -DetectionModule::DetectionModule() : Module(s_module_name, detection_help, - detection_params, false, &detection_trace, detection_module_trace) +#define s_name "detection" + +DetectionModule::DetectionModule() : Module(s_name, detection_help, detection_params) { } +void DetectionModule::set_trace(const Trace* trace) const +{ detection_trace = trace; } + +const TraceOption* DetectionModule::get_trace_options() const +{ return detection_trace_options; } + bool DetectionModule::end(const char*, int, SnortConfig* sc) { if ( sc->offload_threads and ThreadConfig::get_instance_max() != 1 ) @@ -144,7 +120,7 @@ bool DetectionModule::end(const char*, int, SnortConfig* sc) return true; } -bool DetectionModule::set(const char* fqn, Value& v, SnortConfig* sc) +bool DetectionModule::set(const char*, Value& v, SnortConfig* sc) { if ( v.is("asn1") ) sc->asn1_mem = v.get_uint16(); @@ -216,8 +192,6 @@ bool DetectionModule::set(const char* fqn, Value& v, SnortConfig* sc) else if ( v.is("enable_address_anomaly_checks") ) sc->address_anomaly_check_enabled = v.get_bool(); - else - return Module::set(fqn, v, sc); return true; } diff --git a/src/detection/detection_module.h b/src/detection/detection_module.h index 996b3caa4..0bd782ca5 100644 --- a/src/detection/detection_module.h +++ b/src/detection/detection_module.h @@ -42,6 +42,9 @@ public: Usage get_usage() const override { return GLOBAL; } + + void set_trace(const Trace*) const override; + const TraceOption* get_trace_options() const override; }; } diff --git a/src/detection/detection_options.cc b/src/detection/detection_options.cc index 5c8dd15d1..3a04febb6 100644 --- a/src/detection/detection_options.cc +++ b/src/detection/detection_options.cc @@ -46,7 +46,6 @@ #include "latency/rule_latency_state.h" #include "log/messages.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "main/thread_config.h" #include "managers/ips_manager.h" #include "parser/parser.h" @@ -562,7 +561,7 @@ int detection_option_node_evaluate( GetVarValueByIndex(&(tmp_byte_extract_vars[i]), (int8_t)i); } #ifdef DEBUG_MSGS - if ( detection_trace.enabled(TRACE_RULE_VARS) ) + if ( trace_enabled(detection_trace, TRACE_RULE_VARS) ) { char var_buf[100]; std::string rule_vars; diff --git a/src/detection/tag.cc b/src/detection/tag.cc index dc6d1f2ee..caa3c0758 100644 --- a/src/detection/tag.cc +++ b/src/detection/tag.cc @@ -30,6 +30,7 @@ #include "hash/xhash.h" #include "log/messages.h" #include "main/snort_config.h" +#include "main/snort_debug.h" #include "parser/parser.h" #include "protocols/packet.h" #include "sfip/sf_ip.h" diff --git a/src/detection/tag.h b/src/detection/tag.h index 0edf6609e..204f40d3b 100644 --- a/src/detection/tag.h +++ b/src/detection/tag.h @@ -29,8 +29,6 @@ #include -#include "main/snort_debug.h" - namespace snort { struct Packet; diff --git a/src/file_api/file_mempool.h b/src/file_api/file_mempool.h index 39cbae14f..9a2f04c39 100644 --- a/src/file_api/file_mempool.h +++ b/src/file_api/file_mempool.h @@ -30,8 +30,6 @@ #include -#include "main/snort_debug.h" - #include "circular_buffer.h" #define FILE_MEM_SUCCESS 0 // FIXIT-RC use bool diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc index 759987293..4be31f067 100644 --- a/src/flow/test/flow_test.cc +++ b/src/flow/test/flow_test.cc @@ -30,7 +30,6 @@ #include "framework/inspector.h" #include "framework/data_bus.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "memory/memory_cap.h" #include "protocols/ip.h" #include "protocols/layer.h" diff --git a/src/framework/module.cc b/src/framework/module.cc index ec5b390e8..582abfcad 100644 --- a/src/framework/module.cc +++ b/src/framework/module.cc @@ -23,19 +23,12 @@ #include "module.h" -using namespace snort; - -static const Parameter default_trace[] = -{ - { "all", Parameter::PT_INT, "0:255", "0", "enable traces in module" }, +#include "trace/trace.h" - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; +using namespace snort; -static const Parameter default_trace_params[] = +static const Parameter null_params[] = { - { "trace", Parameter::PT_TABLE, default_trace, nullptr, "trace config" }, - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -55,53 +48,23 @@ std::string Command::get_arg_list() const return args; } -void Module::reset_trace() -{ - if ( trace ) - trace->reset(); -} - void Module::init(const char* s, const char* h) { name = s; help = h; - params = &default_trace_params[(sizeof(default_trace_params) / sizeof(Parameter)) - 1]; - default_params = params; list = false; num_counts = -1; + params = null_params; } Module::Module(const char* s, const char* h) { init(s, h); } -Module::Module(const char* s, const char* h, const Parameter* p, bool is_list, Trace* t, - const Parameter* module_trace_param) +Module::Module(const char* s, const char* h, const Parameter* p, bool is_list) { init(s, h); list = is_list; - trace = t; params = p; - - // FIXIT-L: This will not be valid after adding more default options - if ( t ) - { - if ( module_trace_param ) - { - default_params = module_trace_param; - } - else - { - default_params = default_trace_params; - } - } -} - -bool Module::set(const char* fqn, Value& v, SnortConfig*) -{ - if ( strstr(fqn, ".trace.") ) - return trace and trace->set(v); - - return false; } void Module::sum_stats(bool accumulate_now_stats) @@ -214,12 +177,6 @@ bool Module::verified_end(const char* fqn, int idx, SnortConfig* c) return end(fqn, idx, c); } -void Module::enable_trace() -{ - if ( trace ) - trace->enable(); -} - namespace snort { const PegInfo simple_pegs[] = diff --git a/src/framework/module.h b/src/framework/module.h index fcf64a415..4908b4415 100644 --- a/src/framework/module.h +++ b/src/framework/module.h @@ -45,7 +45,6 @@ #include "framework/counts.h" #include "framework/parameter.h" #include "framework/value.h" -#include "main/snort_debug.h" #include "main/snort_types.h" #include "utils/stats.h" @@ -54,8 +53,10 @@ struct lua_State; namespace snort { class ModuleManager; +class Trace; struct ProfileStats; struct SnortConfig; +struct TraceOption; using LuaCFunction = int(*)(lua_State*); @@ -90,7 +91,13 @@ public: virtual bool end(const char*, int, SnortConfig*) { return true; } - virtual bool set(const char*, Value&, SnortConfig*); + virtual bool set(const char*, Value&, SnortConfig*) + { return true; } + + virtual void set_trace(const Trace*) const { } + + virtual const TraceOption* get_trace_options() const + { return nullptr; } // used to match parameters with $var names like for rule_state virtual bool matches(const char* /*param_name*/, std::string& /*lua_name*/) @@ -125,9 +132,6 @@ public: const Parameter* get_parameters() const { return params; } - const Parameter* get_default_parameters() const - { return default_params; } - virtual const Command* get_commands() const { return nullptr; } @@ -187,13 +191,12 @@ public: virtual Usage get_usage() const { return CONTEXT; } - void enable_trace(); - void reset_trace(); - protected: Module(const char* name, const char* help); - Module(const char* name, const char* help, const Parameter*, - bool is_list = false, Trace* = nullptr, const Parameter* = nullptr); + Module(const char* name, const char* help, const Parameter*, bool is_list = false); + + void set_params(const Parameter* p) + { params = p; } private: friend ModuleManager; @@ -206,10 +209,8 @@ private: const char* help; const Parameter* params; - const Parameter* default_params = nullptr; bool list; int table_level = 0; - Trace* trace = nullptr; void set_peg_count(int index, PegCount value) { diff --git a/src/framework/parameter.cc b/src/framework/parameter.cc index e266be180..2471b7f1a 100644 --- a/src/framework/parameter.cc +++ b/src/framework/parameter.cc @@ -510,16 +510,6 @@ const char* Parameter::get_string() const return deflt ? deflt : ""; } -const Parameter* Parameter::find(const Parameter* p, const Parameter* d, const char* s) -{ - auto ret = find(p, s); - - if ( !ret ) - ret = find(d, s); - - return ret; -} - const Parameter* Parameter::find(const Parameter* p, const char* s) { if ( !p ) diff --git a/src/framework/parameter.h b/src/framework/parameter.h index 493c8a4b0..bfe8a5f81 100644 --- a/src/framework/parameter.h +++ b/src/framework/parameter.h @@ -92,7 +92,6 @@ struct SO_PUBLIC Parameter double get_number() const; const char* get_string() const; - static const Parameter* find(const Parameter*, const Parameter*, const char*); static const Parameter* find(const Parameter*, const char*); // 0-based; -1 if not found; list is | delimited diff --git a/src/host_tracker/test/host_cache_module_test.cc b/src/host_tracker/test/host_cache_module_test.cc index e048064c0..4f1a5a94a 100644 --- a/src/host_tracker/test/host_cache_module_test.cc +++ b/src/host_tracker/test/host_cache_module_test.cc @@ -67,12 +67,6 @@ extern "C" const char* luaL_optlstring(lua_State*, int, const char*, size_t*) { return nullptr; } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/host_tracker/test/host_tracker_module_test.cc b/src/host_tracker/test/host_tracker_module_test.cc index c69cc8435..ad74160c9 100644 --- a/src/host_tracker/test/host_tracker_module_test.cc +++ b/src/host_tracker/test/host_tracker_module_test.cc @@ -42,12 +42,6 @@ char* snort_strdup(const char* s) time_t packet_time() { return 0; } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - // Fake show_stats to avoid bringing in a ton of dependencies. void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/ips_options/test/ips_regex_test.cc b/src/ips_options/test/ips_regex_test.cc index 6962a362d..b3d5e45da 100644 --- a/src/ips_options/test/ips_regex_test.cc +++ b/src/ips_options/test/ips_regex_test.cc @@ -98,12 +98,6 @@ extern const BaseApi* ips_regex; Cursor::Cursor(Packet* p) { set("pkt_data", p->data, p->dsize); } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/latency/latency_config.h b/src/latency/latency_config.h index c580c4495..3607cff74 100644 --- a/src/latency/latency_config.h +++ b/src/latency/latency_config.h @@ -21,17 +21,20 @@ #ifndef LATENCY_CONFIG_H #define LATENCY_CONFIG_H -#include "main/snort_debug.h" - #include "packet_latency_config.h" #include "rule_latency_config.h" +namespace snort +{ +class Trace; +} + +extern THREAD_LOCAL const snort::Trace* latency_trace; + struct LatencyConfig { PacketLatencyConfig packet_latency; RuleLatencyConfig rule_latency; }; -extern snort::Trace latency_trace; - #endif diff --git a/src/latency/latency_module.cc b/src/latency/latency_module.cc index e0ea9c789..0007dccf6 100644 --- a/src/latency/latency_module.cc +++ b/src/latency/latency_module.cc @@ -27,6 +27,7 @@ #include #include "main/snort_config.h" +#include "trace/trace.h" #include "latency_config.h" #include "latency_rules.h" @@ -34,6 +35,8 @@ using namespace snort; +THREAD_LOCAL const Trace* latency_trace = nullptr; + // ----------------------------------------------------------------------------- // latency attributes // ----------------------------------------------------------------------------- @@ -42,8 +45,6 @@ using namespace snort; #define s_help \ "packet and rule latency monitoring and control" -Trace latency_trace(s_name); - static const Parameter s_packet_params[] = { { "max_time", Parameter::PT_INT, "0:max53", "500", @@ -170,10 +171,18 @@ static inline bool latency_set(Value& v, RuleLatencyConfig& config) return true; } -LatencyModule::LatencyModule() : - Module(s_name, s_help, s_params, false, &latency_trace) +LatencyModule::LatencyModule() : Module(s_name, s_help, s_params) { } +void LatencyModule::set_trace(const Trace* trace) const +{ latency_trace = trace; } + +const TraceOption* LatencyModule::get_trace_options() const +{ + static const TraceOption latency_trace_options(nullptr, 0, nullptr); + return &latency_trace_options; +} + bool LatencyModule::set(const char* fqn, Value& v, SnortConfig* sc) { const char* slp = "latency.packet"; @@ -185,7 +194,7 @@ bool LatencyModule::set(const char* fqn, Value& v, SnortConfig* sc) else if ( !strncmp(fqn, slr, strlen(slr)) ) return latency_set(v, sc->latency->rule_latency); - return Module::set(fqn, v, sc); + return true; } const RuleMap* LatencyModule::get_rules() const diff --git a/src/latency/latency_module.h b/src/latency/latency_module.h index 26589eb71..8e16390e9 100644 --- a/src/latency/latency_module.h +++ b/src/latency/latency_module.h @@ -38,6 +38,9 @@ public: Usage get_usage() const override { return CONTEXT; } + + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; }; #endif diff --git a/src/latency/packet_latency.cc b/src/latency/packet_latency.cc index 93611f81f..4c5e66170 100644 --- a/src/latency/packet_latency.cc +++ b/src/latency/packet_latency.cc @@ -27,6 +27,7 @@ #include "detection/detection_engine.h" #include "log/messages.h" #include "main/snort_config.h" +#include "main/snort_debug.h" #include "protocols/packet.h" #include "utils/stats.h" diff --git a/src/main.cc b/src/main.cc index 566f32314..4b81d2f44 100644 --- a/src/main.cc +++ b/src/main.cc @@ -51,6 +51,7 @@ #include "packet_io/trough.h" #include "target_based/host_attributes.h" #include "time/periodic.h" +#include "trace/trace_api.h" #include "utils/util.h" #include "utils/safec.h" @@ -373,6 +374,7 @@ int main_reload_config(lua_State* L) PluginManager::reload_so_plugins_cleanup(sc); SnortConfig::set_conf(sc); + TraceApi::thread_reinit(sc); proc_stats.conf_reloads++; bool from_shell = ( L != nullptr ); diff --git a/src/main/CMakeLists.txt b/src/main/CMakeLists.txt index 1ae5531e9..d1d61cd96 100644 --- a/src/main/CMakeLists.txt +++ b/src/main/CMakeLists.txt @@ -6,7 +6,6 @@ set (INCLUDES snort_debug.h snort_types.h thread.h - trace.h ) if ( ENABLE_SHELL ) @@ -42,7 +41,6 @@ add_library (main OBJECT thread.cc thread_config.h thread_config.cc - trace.cc ${INCLUDES} ${SHELL_SOURCES} ) diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 80ba6d6cf..5c4a7b66c 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -63,7 +63,7 @@ #include "side_channel/side_channel.h" #include "stream/stream.h" #include "time/packet_time.h" -#include "trace/trace_log_api.h" +#include "trace/trace_api.h" #include "utils/stats.h" #include "analyzer_command.h" @@ -594,7 +594,8 @@ void Analyzer::init_unprivileged() // This should be called as soon as possible // to handle all trace log messages - TraceLogApi::thread_init(sc); + TraceApi::thread_init(sc); + CodecManager::thread_init(sc); // this depends on instantiated daq capabilities @@ -627,6 +628,7 @@ void Analyzer::reinit(SnortConfig* sc) { InspectorManager::thread_reinit(sc); ActionManager::thread_reinit(sc); + TraceApi::thread_reinit(sc); } void Analyzer::term() @@ -682,7 +684,7 @@ void Analyzer::term() sfthreshold_free(); RateFilter_Cleanup(); - TraceLogApi::thread_term(); + TraceApi::thread_term(); } Analyzer::Analyzer(SFDAQInstance* instance, unsigned i, const char* s, uint64_t msg_cnt) diff --git a/src/main/modules.cc b/src/main/modules.cc index bae2a1b5c..8ecf11bd3 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -1964,7 +1964,6 @@ void module_init() ModuleManager::add_module(new RuleStateModule); ModuleManager::add_module(new SearchEngineModule); ModuleManager::add_module(new SFDAQModule); - ModuleManager::add_module(new TraceModule); // these could but prolly shouldn't be policy specific // or should be broken into policy and non-policy parts @@ -1995,4 +1994,6 @@ void module_init() ModuleManager::add_module(new HostsModule); ModuleManager::add_module(new HostTrackerModule); ModuleManager::add_module(new HostCacheModule); + // The TraceModule must be added last so that it can properly generate its Parameter table + ModuleManager::add_module(new TraceModule); } diff --git a/src/main/modules.h b/src/main/modules.h index 4f4f0e019..d3aa388ed 100644 --- a/src/main/modules.h +++ b/src/main/modules.h @@ -25,7 +25,6 @@ // ideally, modules.cc would be refactored into several files. #include "framework/counts.h" -#include "main/snort_debug.h" #include "main/thread.h" diff --git a/src/main/snort.cc b/src/main/snort.cc index b26265a45..02e6da721 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -67,7 +67,7 @@ #include "stream/stream_inspectors.h" #include "target_based/host_attributes.h" #include "time/periodic.h" -#include "trace/trace_log_api.h" +#include "trace/trace_api.h" #include "utils/util.h" #ifdef PIGLET @@ -134,9 +134,12 @@ void Snort::init(int argc, char** argv) SideChannelManager::pre_config_init(); - ModuleManager::init(); ScriptManager::load_scripts(snort_cmd_line_conf->script_paths); PluginManager::load_plugins(snort_cmd_line_conf->plugin_path); + + /* load_plugins() must be called before init() so that + TraceModule can properly generate its Parameter table */ + ModuleManager::init(); ModuleManager::load_params(); FileService::init(); @@ -152,7 +155,7 @@ void Snort::init(int argc, char** argv) // This call must be immediately after "SnortConfig::set_conf(sc)" // since the first trace call may happen somewhere after this point - TraceLogApi::thread_init(sc); + TraceApi::thread_init(sc); PluginManager::load_so_plugins(sc); @@ -340,8 +343,8 @@ void Snort::term() LogMessage("%s Snort exiting\n", get_prompt()); // This call must be before SnortConfig cleanup - // since the "TraceLogApi::thread_term()" uses SnortConfig - TraceLogApi::thread_term(); + // since the "TraceApi::thread_term()" uses SnortConfig + TraceApi::thread_term(); /* free allocated memory */ if (SnortConfig::get_conf() == snort_cmd_line_conf) @@ -460,7 +463,6 @@ SnortConfig* Snort::get_reload_config(const char* fname, const char* plugin_path } PluginManager::reload_so_plugins(plugin_path, sc); - sc->setup(); #ifdef SHELL diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index 7e3bb90fd..fb86664e6 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -177,6 +177,7 @@ void SnortConfig::init(const SnortConfig* const other_conf, ProtocolReference* p memset(evalOrder, 0, sizeof(evalOrder)); proto_ref = new ProtocolReference(protocol_reference); so_rules = new SoRules; + trace_config = new TraceConfig; } else { @@ -262,11 +263,10 @@ SnortConfig::~SnortConfig() delete[] state; delete thread_config; + delete trace_config; delete ha_config; delete global_dbus; - delete trace_config; - delete profiler; delete latency; delete memory; @@ -461,6 +461,7 @@ void SnortConfig::merge(SnortConfig* cmd_line) assert(!state); num_slots = offload_threads + ThreadConfig::get_instance_max(); state = new std::vector[num_slots]; + trace_config->merge_cmd_line(cmd_line->trace_config); } bool SnortConfig::verify() diff --git a/src/main/snort_config.h b/src/main/snort_config.h index a6abd4dc8..f58c5d72a 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -412,9 +412,6 @@ public: ThreadConfig* thread_config; HighAvailabilityConfig* ha_config = nullptr; - - //------------------------------------------------------ - TraceConfig* trace_config = nullptr; //------------------------------------------------------ diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc index d48ec727a..3327e59cd 100644 --- a/src/main/snort_debug.cc +++ b/src/main/snort_debug.cc @@ -26,7 +26,7 @@ #include -#include "trace/trace_log_api.h" +#include "trace/trace_api.h" #include "utils/safec.h" #define STD_BUF_SIZE 1024 @@ -46,7 +46,7 @@ void trace_vprintf(const char* name, TraceLevel log_level, void trace_vprintf(const char* name, TraceLevel log_level, const char* trace_option, const char* fmt, va_list ap) { - trace_vprintf(name, log_level, trace_option, fmt, ap); + trace_vprintf(name, log_level, trace_option, fmt, ap); } } @@ -55,6 +55,8 @@ void trace_vprintf(const char* name, TraceLevel log_level, #ifdef DEBUG_MSGS +#include "framework/module.h" + using namespace snort; //stringify the expansion of the macro @@ -83,20 +85,20 @@ TEST_CASE("macros", "[trace]") TestCase cases[] = { { - sx(debug_log(1, testing, "my message")), - "trace_print(1, testing, \"my message\")" + sx(debug_log(1, test_trace, "my message")), + "trace_print(1, test_trace, \"my message\")" }, { - sx(debug_log(testing, my_flags, "my message")), - "trace_print(testing, my_flags, \"my message\")" + sx(debug_log(test_trace, my_flags, "my message")), + "trace_print(test_trace, my_flags, \"my message\")" }, { - sx(debug_logf(1, testing, "%s %s", "my", "message")), - "trace_printf(1, testing, \"%s %s\", \"my\", \"message\")" + sx(debug_logf(1, test_trace, "%s %s", "my", "message")), + "trace_printf(1, test_trace, \"%s %s\", \"my\", \"message\")" }, { - sx(debug_logf(testing, my_flags, "%s %s", "my", "message")), - "trace_printf(testing, my_flags, \"%s %s\", \"my\", \"message\")" + sx(debug_logf(test_trace, my_flags, "%s %s", "my", "message")), + "trace_printf(test_trace, my_flags, \"%s %s\", \"my\", \"message\")" } }; @@ -110,214 +112,138 @@ TEST_CASE("macros", "[trace]") #undef trace_printf //These templates expand to replace the default expansion of trace_vprintf. -//This custom expansion replaces log_func (expands to TraceLogApi::log()) +//This custom expansion replaces log_func (expands to TraceApi::log()) //with test_log for capturing what would be passed to the console. #define trace_print trace_print> #define trace_printf trace_printf> -enum +class TraceTestModule : public Module { - TEST_TRACE_OPTION1 = 0, - TEST_TRACE_OPTION2, - TEST_TRACE_OPTION3, - TEST_TRACE_OPTION4, - TEST_TRACE_OPTION5, -}; +public: + TraceTestModule(const char* name, const TraceOption* trace_options) : + Module(name, "trace_test_help"), test_trace_options(trace_options) + { } -const TraceOptionString test_trace_values[] = -{ - { "option1", TEST_TRACE_OPTION1 }, - { "option2", TEST_TRACE_OPTION2 }, - { "option3", TEST_TRACE_OPTION3 }, - { "option4", TEST_TRACE_OPTION4 }, - { "option5", TEST_TRACE_OPTION5 }, + virtual const TraceOption* get_trace_options() const + { return test_trace_options; } + +private: + const TraceOption* test_trace_options; }; -TEST_CASE("Trace logging", "[trace]") +TEST_CASE("debug_log, debug_logf", "[trace]") { - SECTION("trace all=0") + enum { - Trace test("test"); - - Parameter p("all", Parameter::PT_INT, "0:255", "0", "enable traces in module"); - Value trace_val((double)0); - trace_val.set(&p); - - test.set(trace_val); + TEST_TRACE_OPTION1 = 0, + TEST_TRACE_OPTION2, + TEST_TRACE_OPTION3, + TEST_TRACE_OPTION4, + TEST_TRACE_OPTION5, + }; - testing_dump[0] = '\0'; - debug_log(test, "my message"); - CHECK( testing_dump[0] == '\0' ); - } - SECTION("debug_log") - { - Trace test("test"); - - Parameter p("all", Parameter::PT_INT, "0:255", "0", "enable traces in module"); - Value trace_val((double)1); - trace_val.set(&p); - - test.set(trace_val); - - testing_dump[0] = '\0'; - debug_log(test, "my message"); - CHECK( !strcmp(testing_dump, "test:all:1: my message") ); - - Parameter p_all("all", Parameter::PT_INT, "0:255", "0", "p_all"); - Parameter p1("option1", Parameter::PT_INT, "0:255", "0", "p1"); - Parameter p2("option3", Parameter::PT_INT, "0:255", "0", "p2"); - Value trace_val1("trace"); - - Trace testing_opt("testing_opt", test_trace_values, - (sizeof(test_trace_values) / sizeof(TraceOptionString))); - - // set log_level = 1 for TEST_TRACE_OPTION1 - trace_val1.set(&p1); - trace_val1.set_enum(1); - testing_opt.set(trace_val1); - - // set log_level = 5 for TEST_TRACE_OPTION3 - trace_val1.set(&p2); - trace_val1.set_enum(5); - testing_opt.set(trace_val1); - - // set log_level = 2 for TEST_TRACE_OPTION2, TEST_TRACE_OPTION4, TEST_TRACE_OPTION5 - trace_val1.set(&p_all); - trace_val1.set_enum(2); - testing_opt.set(trace_val1); - - testing_dump[0] = '\0'; - debug_log(testing_opt, TEST_TRACE_OPTION1, "my other masked message"); - CHECK( !strcmp(testing_dump, "testing_opt:option1:1: my other masked message") ); - - testing_dump[0] = '\0'; - debug_log(3, testing_opt, TEST_TRACE_OPTION2, "log option2 message"); - CHECK( testing_dump[0] == '\0' ); - - testing_dump[0] = '\0'; - debug_log(testing_opt, TEST_TRACE_OPTION2, "log option2 message"); - CHECK( !strcmp(testing_dump, "testing_opt:option2:1: log option2 message") ); - - testing_dump[0] = '\0'; - debug_log(6, testing_opt, TEST_TRACE_OPTION3, "log option3 message"); - CHECK( testing_dump[0] == '\0' ); - - testing_dump[0] = '\0'; - debug_log(3, testing_opt, TEST_TRACE_OPTION3, "log option3 message"); - CHECK( !strcmp(testing_dump, "testing_opt:option3:3: log option3 message") ); - - testing_dump[0] = '\0'; - debug_log(2, testing_opt, TEST_TRACE_OPTION4, "log option4 message"); - CHECK( !strcmp(testing_dump, "testing_opt:option4:2: log option4 message") ); - - testing_dump[0] = '\0'; - debug_log(4, testing_opt, TEST_TRACE_OPTION5, "log option5 message"); - CHECK( testing_dump[0] == '\0' ); - } - SECTION("debug_logf") - { - Trace test("test"); - - Parameter p("all", Parameter::PT_INT, "0:255", "0", "enable traces in module"); - Value trace_val((double)1); - trace_val.set(&p); - test.set(trace_val); - - testing_dump[0] = '\0'; - debug_logf(test, "%s %s", "my", "message"); - CHECK( !strcmp(testing_dump, "test:all:1: my message") ); - - Parameter p_all("all", Parameter::PT_INT, "0:255", "0", "p_all"); - Parameter p1("option1", Parameter::PT_INT, "0:255", "0", "p1"); - Parameter p2("option3", Parameter::PT_INT, "0:255", "0", "p2"); - Value trace_val1("trace"); - - Trace testing_opt("testing_opt", test_trace_values, - (sizeof(test_trace_values) / sizeof(TraceOptionString))); - - // set log_level = 1 for TEST_TRACE_OPTION1 - trace_val1.set(&p1); - trace_val1.set_enum(1); - testing_opt.set(trace_val1); - - // set log_level = 5 for TEST_TRACE_OPTION3 - trace_val1.set(&p2); - trace_val1.set_enum(5); - testing_opt.set(trace_val1); - - // set log_level = 3 for TEST_TRACE_OPTION2, TEST_TRACE_OPTION4, TEST_TRACE_OPTION5 - trace_val1.set(&p_all); - trace_val1.set_enum(3); - testing_opt.set(trace_val1); - - testing_dump[0] = '\0'; - debug_logf(testing_opt, TEST_TRACE_OPTION1, "%s %s %s", "log", "option1", "message"); - CHECK( !strcmp(testing_dump, "testing_opt:option1:1: log option1 message") ); - - testing_dump[0] = '\0'; - debug_logf(testing_opt, TEST_TRACE_OPTION2, "%s %s %s", "log", "option2", "message"); - CHECK( !strcmp(testing_dump, "testing_opt:option2:1: log option2 message") ); - - testing_dump[0] = '\0'; - debug_logf(4, testing_opt, TEST_TRACE_OPTION2, "%s %s %s", "log", "option2", "message"); - CHECK( testing_dump[0] == '\0' ); - - testing_dump[0] = '\0'; - debug_logf(3, testing_opt, TEST_TRACE_OPTION3, "%s %s %s", "log", "option3", "message"); - CHECK( !strcmp(testing_dump, "testing_opt:option3:3: log option3 message") ); - - testing_dump[0] = '\0'; - debug_logf(6, testing_opt, TEST_TRACE_OPTION3, "%s %s %s", "log", "option3", "message"); - CHECK( testing_dump[0] == '\0' ); - - testing_dump[0] = '\0'; - debug_logf(2, testing_opt, TEST_TRACE_OPTION4, "%s %s %s", "log", "option4", "message"); - CHECK( !strcmp(testing_dump, "testing_opt:option4:2: log option4 message") ); - - testing_dump[0] = '\0'; - debug_logf(4, testing_opt, TEST_TRACE_OPTION5, "%s %s %s", "log", "option5", "message"); - CHECK( testing_dump[0] == '\0' ); - } - SECTION("safety") + const TraceOption test_trace_values[] = { - Trace test("test"); + { "option1", TEST_TRACE_OPTION1, "help_option1" }, + { "option2", TEST_TRACE_OPTION2, "help_option2" }, + { "option3", TEST_TRACE_OPTION3, "help_option3" }, + { "option4", TEST_TRACE_OPTION4, "help_option4" }, + { "option5", TEST_TRACE_OPTION5, "help_option5" }, - Parameter p("all", Parameter::PT_INT, "0:255", "0", "enable traces in module"); - Value trace_val((double)1); - trace_val.set(&p); - - test.set(trace_val); - - char message[STD_BUF_SIZE + 1]; - - for( int i = 0; i < STD_BUF_SIZE; i++ ) - message[i] = 'A'; - message[STD_BUF_SIZE] = '\0'; - - testing_dump[0] = '\0'; - debug_log(test, message); - CHECK( (strlen(testing_dump) == STD_BUF_SIZE - 1) ); - - Trace testing_opt("testing_opt", test_trace_values, - (sizeof(test_trace_values) / sizeof(TraceOptionString))); - - Parameter p1("option3", Parameter::PT_INT, "0:255", "0", "p1"); - Value trace_val1("trace"); - trace_val1.set(&p1); - trace_val1.set_enum(5); - testing_opt.set(trace_val1); - - testing_dump[0] = '\0'; - debug_log(3, testing_opt, TEST_TRACE_OPTION3, message); - CHECK( (strlen(testing_dump) == STD_BUF_SIZE - 1) ); + { nullptr, 0, nullptr }, + }; - testing_dump[0] = '\0'; - debug_log(6, testing_opt, TEST_TRACE_OPTION3, message); - CHECK( (strlen(testing_dump) == 0) ); - } + TraceOption test_trace_options(nullptr, 0, nullptr); + TraceTestModule trace_test_module("test_module", &test_trace_options); + Trace test_trace(trace_test_module); + + TraceTestModule trace_test_module_opt("test_opt_module", test_trace_values); + Trace test_opt_trace(trace_test_module_opt); + + test_trace.set("all", 0); + + testing_dump[0] = '\0'; + debug_log(&test_trace, "my message"); + CHECK( testing_dump[0] == '\0' ); + + test_trace.set("all", 1); + test_opt_trace.set("option1", 1); + test_opt_trace.set("option2", 2); + test_opt_trace.set("option3", 3); + test_opt_trace.set("option4", 2); + test_opt_trace.set("option5", 2); + + char message[STD_BUF_SIZE + 1]; + for( int i = 0; i < STD_BUF_SIZE; i++ ) + message[i] = 'A'; + message[STD_BUF_SIZE] = '\0'; + + testing_dump[0] = '\0'; + debug_log(&test_trace, message); + CHECK( (strlen(testing_dump) == STD_BUF_SIZE - 1) ); + + testing_dump[0] = '\0'; + debug_log(3, &test_opt_trace, TEST_TRACE_OPTION3, message); + CHECK( (strlen(testing_dump) == STD_BUF_SIZE - 1) ); + + testing_dump[0] = '\0'; + debug_log(6, &test_opt_trace, TEST_TRACE_OPTION3, message); + CHECK( (strlen(testing_dump) == 0) ); + + testing_dump[0] = '\0'; + debug_log(&test_trace, "my message"); + CHECK( !strcmp(testing_dump, "test_module:all:1: my message") ); + + testing_dump[0] = '\0'; + debug_logf(&test_trace, "%s %s", "my", "message"); + CHECK( !strcmp(testing_dump, "test_module:all:1: my message") ); + + testing_dump[0] = '\0'; + debug_log(&test_opt_trace, TEST_TRACE_OPTION1, "log option1 message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option1:1: log option1 message") ); + + testing_dump[0] = '\0'; + debug_logf(&test_opt_trace, TEST_TRACE_OPTION1, "%s %s %s", "log", "option1", "message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option1:1: log option1 message") ); + + testing_dump[0] = '\0'; + debug_log(3, &test_opt_trace, TEST_TRACE_OPTION2, "log option2 message"); + CHECK( testing_dump[0] == '\0' ); + + testing_dump[0] = '\0'; + debug_log(&test_opt_trace, TEST_TRACE_OPTION2, "log option2 message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option2:1: log option2 message") ); + + testing_dump[0] = '\0'; + debug_logf(&test_opt_trace, TEST_TRACE_OPTION2, "%s %s %s", "log", "option2", "message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option2:1: log option2 message") ); + + testing_dump[0] = '\0'; + debug_log(6, &test_opt_trace, TEST_TRACE_OPTION3, "log option3 message"); + CHECK( testing_dump[0] == '\0' ); + + testing_dump[0] = '\0'; + debug_log(3, &test_opt_trace, TEST_TRACE_OPTION3, "log option3 message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option3:3: log option3 message") ); + + testing_dump[0] = '\0'; + debug_logf(3, &test_opt_trace, TEST_TRACE_OPTION3, "%s %s %s", "log", "option3", "message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option3:3: log option3 message") ); + + testing_dump[0] = '\0'; + debug_log(2, &test_opt_trace, TEST_TRACE_OPTION4, "log option4 message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option4:2: log option4 message") ); + + testing_dump[0] = '\0'; + debug_logf(2, &test_opt_trace, TEST_TRACE_OPTION4, "%s %s %s", "log", "option4", "message"); + CHECK( !strcmp(testing_dump, "test_opt_module:option4:2: log option4 message") ); + + testing_dump[0] = '\0'; + debug_log(4, &test_opt_trace, TEST_TRACE_OPTION5, "log option5 message"); + CHECK( testing_dump[0] == '\0' ); } -#endif // DEBUG_MSGS +#endif // DEBUG_MSGS -#endif // UNIT_TEST +#endif // UNIT_TEST diff --git a/src/main/snort_debug.h b/src/main/snort_debug.h index 8069b3d22..af7457731 100644 --- a/src/main/snort_debug.h +++ b/src/main/snort_debug.h @@ -27,8 +27,13 @@ #include -#include "main/snort_types.h" -#include "main/trace.h" +#include "trace/trace.h" + +static inline bool trace_enabled(const snort::Trace* trace, + TraceOptionID trace_option_id, TraceLevel log_level = DEFAULT_TRACE_LOG_LEVEL) +{ + return trace && trace->enabled(trace_option_id, log_level); +} namespace snort { @@ -39,106 +44,107 @@ SO_PUBLIC void trace_vprintf(const char* name, TraceLevel log_level, using trace_func = void(const char*, TraceLevel, const char*, const char*, va_list); template -static inline void trace_printf(TraceLevel log_level, const snort::Trace& trace, - TraceOption trace_option, const char* fmt, ...) __attribute__((format (printf, 4, 5))); +static inline void trace_printf(TraceLevel log_level, const snort::Trace* trace, + TraceOptionID trace_option_id, const char* fmt, ...) __attribute__((format (printf, 4, 5))); template -static inline void trace_printf(TraceLevel log_level, const snort::Trace& trace, - TraceOption trace_option, const char* fmt, ...) +static inline void trace_printf(TraceLevel log_level, const snort::Trace* trace, + TraceOptionID trace_option_id, const char* fmt, ...) { - if ( !trace.enabled(trace_option, log_level) ) + if ( !trace_enabled(trace, trace_option_id, log_level) ) return; va_list ap; va_start(ap, fmt); - const char* trace_option_name = trace.option_name(trace_option); - trace_vprintf(trace.module_name(), log_level, trace_option_name, fmt, ap); + const char* trace_option_name = trace->option_name(trace_option_id); + trace_vprintf(trace->module_name(), log_level, trace_option_name, fmt, ap); va_end(ap); } template -static inline void trace_printf(TraceLevel log_level, const snort::Trace& trace, +static inline void trace_printf(TraceLevel log_level, const snort::Trace* trace, const char* fmt, ...) __attribute__((format (printf, 3, 4))); template -static inline void trace_printf(TraceLevel log_level, const snort::Trace& trace, +static inline void trace_printf(TraceLevel log_level, const snort::Trace* trace, const char* fmt, ...) { - if ( !trace.enabled(DEFAULT_TRACE_OPTION, log_level) ) + if ( !trace_enabled(trace, DEFAULT_TRACE_OPTION_ID, log_level) ) return; va_list ap; va_start(ap, fmt); - const char* trace_option_name = trace.option_name(DEFAULT_TRACE_OPTION); - trace_vprintf(trace.module_name(), log_level, trace_option_name, fmt, ap); + const char* trace_option_name = trace->option_name(DEFAULT_TRACE_OPTION_ID); + trace_vprintf(trace->module_name(), log_level, trace_option_name, fmt, ap); va_end(ap); } template -static inline void trace_printf(const snort::Trace& trace, - TraceOption trace_option, const char* fmt, ...) __attribute__((format (printf, 3, 4))); +static inline void trace_printf(const snort::Trace* trace, + TraceOptionID trace_option_id, const char* fmt, ...) __attribute__((format (printf, 3, 4))); template -static inline void trace_printf(const snort::Trace& trace, - TraceOption trace_option, const char* fmt, ...) +static inline void trace_printf(const snort::Trace* trace, + TraceOptionID trace_option_id, const char* fmt, ...) { - if ( !trace.enabled(trace_option) ) + if ( !trace_enabled(trace, trace_option_id) ) return; va_list ap; va_start(ap, fmt); - const char* trace_option_name = trace.option_name(trace_option); - trace_vprintf(trace.module_name(), DEFAULT_LOG_LEVEL, trace_option_name, fmt, ap); + const char* trace_option_name = trace->option_name(trace_option_id); + trace_vprintf(trace->module_name(), DEFAULT_TRACE_LOG_LEVEL, trace_option_name, fmt, ap); va_end(ap); } template -static inline void trace_printf(const snort::Trace& trace, +static inline void trace_printf(const snort::Trace* trace, const char* fmt, ...) __attribute__((format (printf, 2, 3))); template -static inline void trace_printf(const snort::Trace& trace, const char* fmt, ...) +static inline void trace_printf(const snort::Trace* trace, const char* fmt, ...) { - if ( !trace.enabled(DEFAULT_TRACE_OPTION) ) + if ( !trace_enabled(trace, DEFAULT_TRACE_OPTION_ID) ) return; va_list ap; va_start(ap, fmt); - const char* trace_option_name = trace.option_name(DEFAULT_TRACE_OPTION); - trace_vprintf(trace.module_name(), DEFAULT_LOG_LEVEL, trace_option_name, fmt, ap); + const char* trace_option_name = trace->option_name(DEFAULT_TRACE_OPTION_ID); + trace_vprintf(trace->module_name(), DEFAULT_TRACE_LOG_LEVEL, trace_option_name, fmt, ap); va_end(ap); } template -static inline void trace_print(TraceLevel log_level, const snort::Trace& trace, - TraceOption trace_option, const char* msg) +static inline void trace_print(TraceLevel log_level, const snort::Trace* trace, + TraceOptionID trace_option_id, const char* msg) { - trace_printf(log_level, trace, trace_option, "%s", msg); + trace_printf(log_level, trace, trace_option_id, "%s", msg); } template -static inline void trace_print(const snort::Trace& trace, TraceOption trace_option, const char* msg) +static inline void trace_print(const snort::Trace* trace, + TraceOptionID trace_option_id, const char* msg) { - trace_printf(trace, trace_option, "%s", msg); + trace_printf(trace, trace_option_id, "%s", msg); } template -static inline void trace_print(TraceLevel log_level, const snort::Trace& trace, +static inline void trace_print(TraceLevel log_level, const snort::Trace* trace, const char* msg) { trace_printf(log_level, trace, "%s", msg); } template -static inline void trace_print(const snort::Trace& trace, const char* msg) +static inline void trace_print(const snort::Trace* trace, const char* msg) { trace_printf(trace, "%s", msg); } diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc index 9163fc6f4..a7c9a0890 100644 --- a/src/main/snort_module.cc +++ b/src/main/snort_module.cc @@ -38,6 +38,7 @@ #include "parser/parser.h" #include "parser/parse_utils.h" #include "parser/vars.h" +#include "trace/trace_config.h" #ifdef UNIT_TEST #include "catch/unit_test.h" @@ -606,12 +607,12 @@ static const Parameter s_params[] = "command line configuration" #endif -Trace snort_trace(s_name); +THREAD_LOCAL const Trace* snort_trace = nullptr; class SnortModule : public Module { public: - SnortModule() : Module(s_name, s_help, s_params, false, &snort_trace) + SnortModule() : Module(s_name, s_help, s_params) { } #ifdef SHELL @@ -640,10 +641,22 @@ public: Usage get_usage() const override { return GLOBAL; } + void set_trace(const Trace*) const override; + const TraceOption* get_trace_options() const override; + private: SFDAQModuleConfig* module_config; }; +void SnortModule::set_trace(const Trace* trace) const +{ snort_trace = trace; } + +const TraceOption* SnortModule::get_trace_options() const +{ + static const TraceOption snort_trace_options(nullptr, 0, nullptr); + return &snort_trace_options; +} + bool SnortModule::begin(const char* fqn, int, SnortConfig*) { if (!strcmp(fqn, "snort")) @@ -1084,7 +1097,7 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc) x2s(v.get_string()); else if (v.is("--trace")) - Module::enable_trace(); + sc->trace_config->enable_trace_snort(); return true; } diff --git a/src/main/snort_module.h b/src/main/snort_module.h index b1781c833..11e12a545 100644 --- a/src/main/snort_module.h +++ b/src/main/snort_module.h @@ -24,14 +24,16 @@ // the snort module is for handling command line args, // shell commands, and basic application stats -#include "main/snort_debug.h" +#include "main/thread.h" namespace snort { class Module; +class Trace; } -extern snort::Trace snort_trace; +extern THREAD_LOCAL const snort::Trace* snort_trace; + snort::Module* get_snort_module(); #endif diff --git a/src/main/trace.cc b/src/main/trace.cc deleted file mode 100644 index 8bd5e2f49..000000000 --- a/src/main/trace.cc +++ /dev/null @@ -1,179 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- -// trace.cc author Serhii Vlasiuk - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "trace.h" - -using namespace snort; - -static const TraceOptionString default_trace_option[] = -{ - { "all", DEFAULT_TRACE_OPTION } -}; -static const size_t default_trace_size = (sizeof(default_trace_option) / sizeof(TraceOptionString)); - -Trace::Trace(const char* name, const TraceOptionString* trace_options, size_t size) -{ - assert(trace_options); - mod_name = name; - options = trace_options; - option_levels.resize(size, 0); - config_options.resize(size, false); -} - -Trace::Trace(const char* name) -{ - mod_name = name; - options = default_trace_option; - option_levels.resize(default_trace_size, 0); - config_options.resize(default_trace_size, false); -} - -bool Trace::set(const snort::Value& v) -{ - size_t size = option_levels.size(); - if ( v.is("all") ) - { - for ( size_t index = 0; index < size; ++index ) - if ( !config_options[index] ) - option_levels[index] = v.get_uint8(); - return true; - } - - for ( size_t index = 0; index < size; ++index ) - { - if ( v.is(option_name(index)) ) - { - TraceOption trace_option = options[index].option; - - option_levels[trace_option] = v.get_uint8(); - config_options[trace_option] = true; - return true; - } - } - return false; -} - -void Trace::reset() -{ - std::fill(option_levels.begin(), option_levels.end(), 0); - std::fill(config_options.begin(), config_options.end(), false); -} - -void Trace::enable() -{ - option_levels[DEFAULT_TRACE_OPTION] = DEFAULT_LOG_LEVEL; -} - -#ifdef UNIT_TEST - -#include - -//------------------------------------------------------------------------- -// Set trace option tests -//------------------------------------------------------------------------- - - -#define LOG_LEVEL_TEST 1 - -TEST_CASE("Trace - single trace value", "[trace]") -{ - Trace test_trace("test"); - - Parameter p("all", Parameter::PT_INT, "0:255", "0", "enabling traces in module"); - Value trace_val((double)1); - trace_val.set(&p); - - bool result = test_trace.set(trace_val); - CHECK( result == true ); - CHECK( test_trace.option_levels[DEFAULT_TRACE_OPTION] == LOG_LEVEL_TEST ); -} - -TEST_CASE("Trace - multiple trace values", "[trace]") -{ - enum - { - TEST_TRACE_DETECTION_ENGINE = 0, - TEST_TRACE_RULE_VARS, - TEST_TRACE_OPTION_TREE, - TEST_TRACE_TAG, - }; - const TraceOptionString test_trace_values[] = - { - { "detect_engine", TEST_TRACE_DETECTION_ENGINE }, - { "rule_vars", TEST_TRACE_RULE_VARS }, - { "opt_tree", TEST_TRACE_OPTION_TREE }, - { "tag", TEST_TRACE_TAG } - }; - - Trace test_trace("test", test_trace_values, - (sizeof(test_trace_values) / sizeof(TraceOptionString))); - - Parameter p1("detect_engine", Parameter::PT_INT, "0:255", "0", "p1"); - Parameter p2("rule_vars", Parameter::PT_INT, "0:255", "0", "p2"); - Parameter p3("opt_tree", Parameter::PT_INT, "0:255", "0", "p3"); - Parameter p4("tag", Parameter::PT_INT, "0:255", "0", "p4"); - Value trace_val("trace"); - trace_val.set(&p1); - trace_val.set_enum(1); - - bool result = test_trace.set(trace_val); - CHECK( result == true ); - CHECK( test_trace.option_levels[TEST_TRACE_DETECTION_ENGINE] == LOG_LEVEL_TEST ); - - trace_val.set(&p2); - result = test_trace.set(trace_val); - CHECK( result == true ); - CHECK( test_trace.option_levels[TEST_TRACE_DETECTION_ENGINE] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_RULE_VARS] == LOG_LEVEL_TEST ); - - trace_val.set(&p3); - result = test_trace.set(trace_val); - CHECK( result == true ); - CHECK( test_trace.option_levels[TEST_TRACE_DETECTION_ENGINE] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_RULE_VARS] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_OPTION_TREE] == LOG_LEVEL_TEST ); - - trace_val.set(&p4); - result = test_trace.set(trace_val); - CHECK( result == true ); - CHECK( test_trace.option_levels[TEST_TRACE_DETECTION_ENGINE] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_RULE_VARS] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_OPTION_TREE] == LOG_LEVEL_TEST ); - CHECK( test_trace.option_levels[TEST_TRACE_TAG] == LOG_LEVEL_TEST ); -} - -TEST_CASE("Trace - incorrect trace value", "[trace]") -{ - Trace test_trace("test"); - Parameter p("test", Parameter::PT_INT, "0:255", "0", "p"); - Value trace_val("trace"); - trace_val.set(&p); - trace_val.set_enum(1); - - bool result = test_trace.set(trace_val); - CHECK( result == false ); - CHECK( test_trace.option_levels[DEFAULT_TRACE_OPTION] == TraceLevel(0) ); -} - -#endif // UNIT_TEST - diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 36b818fde..85540579e 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -512,9 +512,6 @@ static bool set_value(const char* fqn, Value& v) // now we must traverse the mod params to get the leaf string s = fqn; p = get_params(s, mod, mod->get_parameters()); - - if ( !p ) - p = get_params(s, mod, mod->get_default_parameters()); } if ( !p ) @@ -567,7 +564,6 @@ static bool begin(Module* m, const Parameter* p, const char* s, int idx, int dep // Module::(verified_)begin() will be called for top-level tables, lists, and list items only if ( top_level(s) ) { - m->reset_trace(); if ( !m->verified_begin(s, idx, s_config) ) return false; // don't set list defaults @@ -758,9 +754,6 @@ SO_PUBLIC bool open_table(const char* s, int idx) std::string sfqn = s; p = get_params(sfqn, m, m->get_parameters(), idx); - if ( !p ) - p = get_params(sfqn, m, m->get_default_parameters(), idx); - if ( !p ) { ParseError("can't find %s", s); @@ -1062,10 +1055,7 @@ void ModuleManager::show_module(const char* name) cout << endl << "Usage: " << mod_use(m->get_usage()) << endl; const Parameter* params = m->get_parameters(); - const Parameter* def_params = m->get_default_parameters(); - - if ( ( params and params->type < Parameter::PT_MAX ) || - ( def_params and def_params->type < Parameter::PT_MAX ) ) + if ( params and params->type < Parameter::PT_MAX ) { cout << endl << "Configuration: " << endl << endl; show_configs(name, true); @@ -1165,11 +1155,6 @@ void ModuleManager::show_configs(const char* pfx, bool exact) dump_field(s, pfx, m->params); } - s = m->name; - - if ( m->default_params ) - dump_table(s, pfx, m->default_params); - if ( !pfx ) cout << endl; @@ -1484,11 +1469,6 @@ void ModuleManager::load_params() { load_field(s, m->params); } - - s = m->name; - - if ( m->default_params ) - load_table(s, m->default_params); } } diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index e9cce524b..0035a99ea 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -35,6 +35,7 @@ #include "main/thread_config.h" #include "managers/inspector_manager.h" #include "profiler/profiler.h" +#include "trace/trace.h" #include "utils/util.h" #include "app_info_table.h" @@ -46,7 +47,7 @@ using namespace snort; using namespace std; -Trace appid_module_trace(MOD_NAME); +THREAD_LOCAL const Trace* appid_trace = nullptr; //------------------------------------------------------------------------- // appid module @@ -250,8 +251,7 @@ static const PegInfo appid_pegs[] = { CountType::END, nullptr, nullptr }, }; -AppIdModule::AppIdModule() : - Module(MOD_NAME, MOD_HELP, s_params, false, &appid_module_trace) +AppIdModule::AppIdModule() : Module(MOD_NAME, MOD_HELP, s_params) { config = nullptr; } @@ -261,6 +261,15 @@ AppIdModule::~AppIdModule() AppIdPegCounts::cleanup_peg_info(); } +void AppIdModule::set_trace(const Trace* trace) const +{ appid_trace = trace; } + +const TraceOption* AppIdModule::get_trace_options() const +{ + static const TraceOption appid_trace_options(nullptr, 0, nullptr); + return &appid_trace_options; +} + ProfileStats* AppIdModule::get_profile() const { return &appid_perf_stats; @@ -273,7 +282,7 @@ const AppIdConfig* AppIdModule::get_data() return temp; } -bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c) +bool AppIdModule::set(const char*, Value& v, SnortConfig*) { // FIXIT-L: DECRYPT_DEBUG - Move this to ssl-module #ifdef REG_TEST @@ -303,8 +312,6 @@ bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c) config->list_odp_detectors = v.get_bool(); else if ( v.is("log_all_sessions") ) config->log_all_sessions = v.get_bool(); - else - return Module::set(fqn, v, c); return true; } diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 323fec56c..d2197f8ad 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -31,9 +31,13 @@ #include "appid_config.h" #include "appid_pegs.h" -extern THREAD_LOCAL snort::ProfileStats appid_perf_stats; +namespace snort +{ +class Trace; +} -extern snort::Trace appid_module_trace; +extern THREAD_LOCAL snort::ProfileStats appid_perf_stats; +extern THREAD_LOCAL const snort::Trace* appid_trace; #define MOD_NAME "appid" #define MOD_HELP "application and service identification" @@ -86,6 +90,9 @@ public: void sum_stats(bool) override; void show_dynamic_stats() override; + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: AppIdConfig* config; AppIdReloadTuner appid_rrt; diff --git a/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h b/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h index c5a4aff60..437195bbc 100644 --- a/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h +++ b/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h @@ -65,7 +65,6 @@ PegCount Module::get_global_count(char const*) const { return 0; } void Module::show_interval_stats(std::vector >&, FILE*) {} void Module::show_stats(){} void Module::sum_stats(bool ){} -bool Module::set(const char*, Value&, SnortConfig*){ return false;} void Module::reset_stats() {} } diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index 021657b48..962a4a435 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -26,6 +26,7 @@ #include "detector_pattern.h" #include "log/messages.h" +#include "main/snort_debug.h" #include "managers/inspector_manager.h" #include "protocols/packet.h" #include "search_engines/search_tool.h" @@ -39,12 +40,12 @@ static void dump_patterns(const char* name, PatternService* pList) { UNUSED(name); - debug_logf(appid_module_trace, "Adding pattern for \"%s\"\n", name); + debug_logf(appid_trace, "Adding pattern for \"%s\"\n", name); for (PatternService* ps = pList; ps; ps = ps->next) for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) if (pattern->data && pattern->length) { - debug_logf(appid_module_trace, "\t\t%s, %u\n",pattern->data, pattern->length); + debug_logf(appid_trace, "\t\t%s, %u\n",pattern->data, pattern->length); } } diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h index b4449713b..696a2e2cf 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h @@ -26,8 +26,6 @@ #include "client_plugins/client_detector.h" #include "service_plugins/service_detector.h" -#include "main/snort_debug.h" - namespace snort { class SearchTool; diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 1f594dfb2..ee874d50b 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -142,6 +142,9 @@ snort::ProfileStats* AppIdModule::get_profile() const return nullptr; } +void AppIdModule::set_trace(const Trace*) const { } +const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } + // Stubs for inspectors unsigned AppIdSession::inspector_id = 0; AppIdConfig stub_config; diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index a57f43e4e..1705c02d4 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -69,12 +69,6 @@ DnsPatternMatchers::~DnsPatternMatchers() { } SipPatternMatchers::~SipPatternMatchers() { } SslPatternMatchers::~SslPatternMatchers() { } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - TEST_GROUP(http_url_patterns_tests) { void setup() override diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index d6c4eec87..aefacc26e 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -29,6 +29,7 @@ #include #include "log/messages.h" +#include "main/snort_debug.h" #include "main/snort_types.h" #include "profiler/profiler.h" #include "protocols/packet.h" @@ -300,7 +301,7 @@ static int detector_log_message(lua_State* L) break; case LUA_LOG_TRACE: - debug_logf(appid_module_trace, "%s:%s\n", name.c_str(), message); + debug_logf(appid_trace, "%s:%s\n", name.c_str(), message); break; default: diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h index baa67f72f..d29e7ae01 100644 --- a/src/network_inspectors/appid/lua_detector_api.h +++ b/src/network_inspectors/appid/lua_detector_api.h @@ -31,8 +31,6 @@ #include "client_plugins/client_detector.h" #include "service_plugins/service_detector.h" -#include "main/snort_debug.h" - namespace snort { struct Packet; diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.cc b/src/network_inspectors/appid/service_plugins/service_netbios.cc index 812b8a77f..ffe1f16c4 100644 --- a/src/network_inspectors/appid/service_plugins/service_netbios.cc +++ b/src/network_inspectors/appid/service_plugins/service_netbios.cc @@ -77,8 +77,6 @@ enum NBSSState #define NBDGM_ERROR_CODE_MIN 0x82 #define NBDGM_ERROR_CODE_MAX 0x84 -#define min(x,y) ((x)<(y) ? (x) : (y)) - #define FINGERPRINT_UDP_FLAGS_XENIX 0x00000800 #define FINGERPRINT_UDP_FLAGS_NT 0x00001000 #define FINGERPRINT_UDP_FLAGS_MASK (FINGERPRINT_UDP_FLAGS_XENIX | FINGERPRINT_UDP_FLAGS_NT) @@ -862,7 +860,7 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args) } else if (tmp >= 4 && nd->length >= 4 && !(*((const uint32_t*)data)) && - dcerpc_validate(data+4, ((int)min(tmp, nd->length)) - 4) > 0) + dcerpc_validate(data+4, ((int)std::min(tmp, nd->length)) - 4) > 0) { nd->serviceAppId = APP_ID_DCE_RPC; nd->miscAppId = APP_ID_NETBIOS_SSN; @@ -924,7 +922,7 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args) } else if (tmp >= 4 && nd->length >= 4 && !(*((const uint32_t*)data)) && - !(dcerpc_validate(data+4, ((int)min(tmp, nd->length)) - 4) > 0)) + !(dcerpc_validate(data+4, ((int)std::min(tmp, nd->length)) - 4) > 0)) { nd->serviceAppId = APP_ID_DCE_RPC; nd->miscAppId = APP_ID_NETBIOS_SSN; diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index 391a053c3..de9eb8c5d 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -68,13 +68,12 @@ public: SO_PUBLIC static Inspector* get_inspector(const char*, bool, SnortConfig*) {return nullptr;} }; Module::Module(const char*, const char*) {} -Module::Module(const char*, const char*, const Parameter*, bool, Trace*, const Parameter*) +Module::Module(const char*, const char*, const Parameter*, bool) {} PegCount Module::get_global_count(char const*) const { return 0; } void Module::show_interval_stats(std::vector >&, FILE*) {} void Module::show_stats(){} void Module::sum_stats(bool ){} -bool Module::set(const char*, Value&, SnortConfig*){ return false;} void Module::reset_stats() {} } @@ -163,6 +162,9 @@ PegCount* AppIdModule::get_counts() const return nullptr; } +void AppIdModule::set_trace(const Trace*) const { } +const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } + // Stubs for inspectors unsigned AppIdSession::inspector_id = 0; AppIdConfig stub_config; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index d3c4fd671..c8e0dd172 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -56,7 +56,6 @@ class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; } // Stubs for module Module::Module(char const*, char const*) {} -bool Module::set(const char*, Value&, SnortConfig*) { return true; } void Module::sum_stats(bool) {} void Module::show_interval_stats(std::vector&, FILE*) {} void Module::show_stats() {} @@ -148,6 +147,8 @@ const Command* AppIdModule::get_commands() const { return nullptr; } const PegInfo* AppIdModule::get_pegs() const { return nullptr; } PegCount* AppIdModule::get_counts() const { return nullptr; } ProfileStats* AppIdModule::get_profile() const { return nullptr; } +void AppIdModule::set_trace(const Trace*) const { } +const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } // Stubs for config static AppIdConfig app_config; diff --git a/src/network_inspectors/appid/test/appid_mock_inspector.h b/src/network_inspectors/appid/test/appid_mock_inspector.h index 2452a89c1..9d30adce6 100644 --- a/src/network_inspectors/appid/test/appid_mock_inspector.h +++ b/src/network_inspectors/appid/test/appid_mock_inspector.h @@ -38,7 +38,6 @@ bool Inspector::get_buf(const char*, Packet*, InspectionBuffer&) { return true; class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; } Module::Module(char const*, char const*) {} -bool Module::set(const char*, Value&, SnortConfig*) { return true; } void Module::sum_stats(bool) {} void Module::show_interval_stats(std::vector >&, FILE*) {} void Module::show_stats() {} @@ -58,6 +57,8 @@ const snort::Command* AppIdModule::get_commands() const { return nullptr; } const PegInfo* AppIdModule::get_pegs() const { return nullptr; } PegCount* AppIdModule::get_counts() const { return nullptr; } snort::ProfileStats* AppIdModule::get_profile() const { return nullptr; } +void AppIdModule::set_trace(const Trace*) const { } +const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } AppIdInspector::AppIdInspector(AppIdModule& ) { } AppIdInspector::~AppIdInspector() { } diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index 350b86bd3..350a4b16b 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -29,7 +29,6 @@ #include "tp_lib_handler.h" #include "appid_config.h" -#include "main/snort_debug.h" #include "log_message_mock.h" #include diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index 7d70d9133..0d31e465d 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -30,6 +30,7 @@ #include "detection/detection_engine.h" #include "log/text_log.h" #include "main/snort_config.h" +#include "main/snort_debug.h" #include "packet_io/active.h" #include "packet_io/sfdaq.h" #include "profiler/profiler_defs.h" diff --git a/src/search_engines/test/hyperscan_test.cc b/src/search_engines/test/hyperscan_test.cc index c27035d1a..3458e1b03 100644 --- a/src/search_engines/test/hyperscan_test.cc +++ b/src/search_engines/test/hyperscan_test.cc @@ -29,7 +29,6 @@ #include "framework/mpse.h" #include "framework/mpse_batch.h" #include "main/snort_config.h" -#include "main/trace.h" #include "utils/stats.h" // must appear after snort_config.h to avoid broken c++ map include @@ -134,12 +133,6 @@ unsigned get_instance_id() } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc index cbf463e8c..9b5075d3a 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2.cc @@ -28,6 +28,7 @@ #include "detection/detection_util.h" #include "file_api/file_flows.h" #include "file_api/file_service.h" +#include "main/snort_debug.h" #include "utils/util.h" #include "dce_smb_module.h" diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index f07307c09..f3f0cc253 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -26,6 +26,7 @@ #include "log/messages.h" #include "main/snort_config.h" +#include "trace/trace.h" #include "utils/util.h" #include "dce_smb.h" @@ -33,7 +34,7 @@ using namespace snort; using namespace std; -Trace dce_smb_trace(DCE2_SMB_NAME); +THREAD_LOCAL const Trace* dce_smb_trace = nullptr; static const PegInfo dce2_smb_pegs[] = { @@ -213,7 +214,7 @@ static std::string get_shares(DCE2_List* shares) return cmds; } -Dce2SmbModule::Dce2SmbModule() : Module(DCE2_SMB_NAME, DCE2_SMB_HELP, s_params, false, &dce_smb_trace) +Dce2SmbModule::Dce2SmbModule() : Module(DCE2_SMB_NAME, DCE2_SMB_HELP, s_params) { memset(&config, 0, sizeof(config)); } @@ -226,6 +227,15 @@ Dce2SmbModule::~Dce2SmbModule() } } +void Dce2SmbModule::set_trace(const Trace* trace) const +{ dce_smb_trace = trace; } + +const TraceOption* Dce2SmbModule::get_trace_options() const +{ + static const TraceOption dce_smb_trace_options(nullptr, 0, nullptr); + return &dce_smb_trace_options; +} + const RuleMap* Dce2SmbModule::get_rules() const { return dce2_smb_rules; @@ -376,7 +386,7 @@ static bool set_smb_invalid_shares(dce2SmbProtoConf& config, Value& v) return(true); } -bool Dce2SmbModule::set(const char* fqn, Value& v, SnortConfig* c) +bool Dce2SmbModule::set(const char*, Value& v, SnortConfig*) { if (dce2_set_co_config(v,config.common)) return true; @@ -405,9 +415,6 @@ bool Dce2SmbModule::set(const char* fqn, Value& v, SnortConfig* c) else if ( v.is("smb_legacy_mode")) config.legacy_mode = v.get_bool(); - else - return Module::set(fqn, v, c); - return true; } diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h index 1b9141528..86e0061ea 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.h +++ b/src/service_inspectors/dce_rpc/dce_smb_module.h @@ -27,9 +27,12 @@ namespace snort { +class Trace; struct SnortConfig; } +extern THREAD_LOCAL const snort::Trace* dce_smb_trace; + #define DCE2_VALID_SMB_VERSION_FLAG_V1 1 #define DCE2_VALID_SMB_VERSION_FLAG_V2 2 @@ -61,8 +64,6 @@ struct dce2SmbProtoConf bool legacy_mode; }; -extern snort::Trace dce_smb_trace; - class Dce2SmbModule : public snort::Module { public: @@ -83,6 +84,9 @@ public: Usage get_usage() const override { return INSPECT; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: dce2SmbProtoConf config; }; diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc index a8ab1a138..33e0fffb6 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc @@ -30,6 +30,8 @@ #include "dce_smb_module.h" #include "dce_smb_transaction_utils.h" +#include "main/snort_debug.h" + using namespace snort; #define DCE2_SMB_TRANS__NONE 0x00 diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc index e370a2f70..fab99ac0a 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc @@ -29,6 +29,7 @@ #include "detection/detection_util.h" #include "file_api/file_api.h" #include "main/snort.h" +#include "main/snort_debug.h" #include "packet_io/active.h" #include "utils/util.h" diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.cc b/src/service_inspectors/dce_rpc/dce_udp_module.cc index cd649f742..8f32459d6 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_module.cc @@ -25,13 +25,14 @@ #include "dce_udp_module.h" #include "log/messages.h" +#include "trace/trace.h" #include "dce_udp.h" using namespace snort; using namespace std; -Trace dce_udp_trace(DCE2_UDP_NAME); +THREAD_LOCAL const Trace* dce_udp_trace = nullptr; static const Parameter s_params[] = { @@ -84,8 +85,16 @@ static const PegInfo dce2_udp_pegs[] = { CountType::END, nullptr, nullptr } }; -Dce2UdpModule::Dce2UdpModule() : Module(DCE2_UDP_NAME, DCE2_UDP_HELP, s_params, false, &dce_udp_trace) +Dce2UdpModule::Dce2UdpModule() : Module(DCE2_UDP_NAME, DCE2_UDP_HELP, s_params) +{ } + +void Dce2UdpModule::set_trace(const Trace* trace) const +{ dce_udp_trace = trace; } + +const TraceOption* Dce2UdpModule::get_trace_options() const { + static const TraceOption dce_udp_trace_options(nullptr, 0, nullptr); + return &dce_udp_trace_options; } const RuleMap* Dce2UdpModule::get_rules() const @@ -108,12 +117,9 @@ ProfileStats* Dce2UdpModule::get_profile() const return &dce2_udp_pstat_main; } -bool Dce2UdpModule::set(const char* fqn, Value& v, SnortConfig* c) +bool Dce2UdpModule::set(const char*, Value& v, SnortConfig*) { - if (dce2_set_common_config(v,config.common)) - return true; - else - return Module::set(fqn, v, c); + return dce2_set_common_config(v,config.common); } void Dce2UdpModule::get_data(dce2UdpProtoConf& dce2_udp_config) diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.h b/src/service_inspectors/dce_rpc/dce_udp_module.h index d44a05bbe..4c953ec46 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.h +++ b/src/service_inspectors/dce_rpc/dce_udp_module.h @@ -24,6 +24,14 @@ #include "dce_common.h" #include "framework/module.h" +namespace snort +{ +class Trace; +struct SnortConfig; +} + +extern THREAD_LOCAL const snort::Trace* dce_udp_trace; + #define DCE2_CL_BAD_MAJOR_VERSION 40 #define DCE2_CL_BAD_PDU_TYPE 41 #define DCE2_CL_DATA_LT_HDR 42 @@ -34,18 +42,11 @@ #define DCE2_CL_DATA_LT_HDR_STR "connection-less DCE/RPC - data length less than header size" #define DCE2_CL_BAD_SEQ_NUM_STR "connection-less DCE/RPC - bad sequence number" -namespace snort -{ -struct SnortConfig; -} - struct dce2UdpProtoConf { dce2CommonProtoConf common; }; -extern snort::Trace dce_udp_trace; - class Dce2UdpModule : public snort::Module { public: @@ -65,6 +66,9 @@ public: Usage get_usage() const override { return INSPECT; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: dce2UdpProtoConf config; }; diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 25e09d839..27bc1a360 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -26,6 +26,7 @@ #include "detection/detect.h" #include "file_api/file_service.h" +#include "main/snort_debug.h" #include "protocols/packet.h" #include "utils/util.h" #include "packet_io/active.h" diff --git a/src/service_inspectors/gtp/gtp_module.cc b/src/service_inspectors/gtp/gtp_module.cc index 79fd04783..664ef61f9 100644 --- a/src/service_inspectors/gtp/gtp_module.cc +++ b/src/service_inspectors/gtp/gtp_module.cc @@ -27,12 +27,13 @@ #include #include "profiler/profiler.h" +#include "trace/trace.h" #include "gtp.h" using namespace snort; -Trace gtp_inspect_trace(GTP_NAME); +THREAD_LOCAL const Trace* gtp_inspect_trace = nullptr; THREAD_LOCAL ProfileStats gtp_inspect_prof; @@ -124,11 +125,19 @@ static const Parameter gtp_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -GtpInspectModule::GtpInspectModule() : - Module(GTP_NAME, GTP_HELP, gtp_params, true, >p_inspect_trace) +GtpInspectModule::GtpInspectModule() : Module(GTP_NAME, GTP_HELP, gtp_params, true) { } -bool GtpInspectModule::set(const char* fqn, Value& v, SnortConfig* c) +void GtpInspectModule::set_trace(const Trace* trace) const +{ gtp_inspect_trace = trace; } + +const TraceOption* GtpInspectModule::get_trace_options() const +{ + static const TraceOption gtp_inspect_trace_options(nullptr, 0, nullptr); + return >p_inspect_trace_options; +} + +bool GtpInspectModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("version") ) stuff.version = v.get_uint8(); @@ -142,9 +151,6 @@ bool GtpInspectModule::set(const char* fqn, Value& v, SnortConfig* c) else if ( v.is("name") ) stuff.name = v.get_string(); - else - return Module::set(fqn, v, c); - return true; } diff --git a/src/service_inspectors/gtp/gtp_module.h b/src/service_inspectors/gtp/gtp_module.h index 3152b2d46..5a568fda3 100644 --- a/src/service_inspectors/gtp/gtp_module.h +++ b/src/service_inspectors/gtp/gtp_module.h @@ -22,7 +22,6 @@ #define GTP_MODULE_H #include "framework/module.h" -#include "main/snort_debug.h" #define GID_GTP 143 @@ -34,8 +33,13 @@ #define GTP_NAME "gtp_inspect" #define GTP_HELP "gtp control channel inspection" +namespace snort +{ +class Trace; +} + extern THREAD_LOCAL snort::ProfileStats gtp_inspect_prof; -extern snort::Trace gtp_inspect_trace; +extern THREAD_LOCAL const snort::Trace* gtp_inspect_trace; struct GtpStuff { @@ -68,6 +72,9 @@ public: Usage get_usage() const override { return INSPECT; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + public: GtpStuff stuff; std::vector temp; diff --git a/src/service_inspectors/gtp/gtp_parser.cc b/src/service_inspectors/gtp/gtp_parser.cc index c576e4005..4d50137c1 100644 --- a/src/service_inspectors/gtp/gtp_parser.cc +++ b/src/service_inspectors/gtp/gtp_parser.cc @@ -31,6 +31,7 @@ #include "detection/detection_engine.h" #include "events/event_queue.h" #include "log/messages.h" +#include "main/snort_debug.h" #include "utils/util_cstring.h" #include "gtp.h" diff --git a/src/service_inspectors/http_inspect/test/http_module_test.cc b/src/service_inspectors/http_inspect/test/http_module_test.cc index 1c47d0cf9..f5f1e86ce 100644 --- a/src/service_inspectors/http_inspect/test/http_module_test.cc +++ b/src/service_inspectors/http_inspect/test/http_module_test.cc @@ -47,12 +47,6 @@ void Value::get_bits(std::bitset<256ul>&) const {} int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc index 69e20f6e4..5d095a146 100644 --- a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc +++ b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc @@ -42,12 +42,6 @@ void Value::get_bits(std::bitset<256ul>&) const {} int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; } } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/service_inspectors/wizard/wiz_module.cc b/src/service_inspectors/wizard/wiz_module.cc index 2106c384e..da4828a1b 100644 --- a/src/service_inspectors/wizard/wiz_module.cc +++ b/src/service_inspectors/wizard/wiz_module.cc @@ -24,13 +24,15 @@ #include "wiz_module.h" +#include "trace/trace.h" + #include "curses.h" #include "magic.h" using namespace snort; using namespace std; -Trace wizard_trace(WIZ_NAME); +THREAD_LOCAL const Trace* wizard_trace = nullptr; //------------------------------------------------------------------------- // wizard module @@ -106,7 +108,7 @@ static const Parameter s_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -WizardModule::WizardModule() : Module(WIZ_NAME, WIZ_HELP, s_params, false, &wizard_trace) +WizardModule::WizardModule() : Module(WIZ_NAME, WIZ_HELP, s_params) { c2s_hexes = nullptr; s2c_hexes = nullptr; @@ -126,10 +128,19 @@ WizardModule::~WizardModule() delete curses; } +void WizardModule::set_trace(const Trace* trace) const +{ wizard_trace = trace; } + +const TraceOption* WizardModule::get_trace_options() const +{ + static const TraceOption wizard_trace_options(nullptr, 0, nullptr); + return &wizard_trace_options; +} + ProfileStats* WizardModule::get_profile() const { return &wizPerfStats; } -bool WizardModule::set(const char* fqn, Value& v, SnortConfig* sc) +bool WizardModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("service") ) service = v.get_string(); @@ -150,9 +161,6 @@ bool WizardModule::set(const char* fqn, Value& v, SnortConfig* sc) else if ( v.is("curses") ) curses->add_curse(v.get_string()); - else - return Module::set(fqn, v, sc); - return true; } diff --git a/src/service_inspectors/wizard/wiz_module.h b/src/service_inspectors/wizard/wiz_module.h index f3c7d68ab..26ca6ba6f 100644 --- a/src/service_inspectors/wizard/wiz_module.h +++ b/src/service_inspectors/wizard/wiz_module.h @@ -28,9 +28,15 @@ #define WIZ_NAME "wizard" #define WIZ_HELP "inspector that implements port-independent protocol identification" +namespace snort +{ +class Trace; +} + extern const PegInfo wiz_pegs[]; extern THREAD_LOCAL struct WizStats tstats; extern THREAD_LOCAL snort::ProfileStats wizPerfStats; +extern THREAD_LOCAL const snort::Trace* wizard_trace; class MagicBook; class CurseBook; @@ -55,6 +61,9 @@ public: Usage get_usage() const override { return INSPECT; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: void add_spells(MagicBook*, std::string&); @@ -73,7 +82,5 @@ private: CurseBook* curses; }; -extern snort::Trace wizard_trace; - #endif diff --git a/src/service_inspectors/wizard/wizard.cc b/src/service_inspectors/wizard/wizard.cc index 72a378230..7c35cedcc 100644 --- a/src/service_inspectors/wizard/wizard.cc +++ b/src/service_inspectors/wizard/wizard.cc @@ -23,6 +23,7 @@ #include "flow/flow.h" #include "log/messages.h" +#include "main/snort_debug.h" #include "profiler/profiler.h" #include "protocols/packet.h" #include "stream/stream_splitter.h" diff --git a/src/side_channel/test/side_channel_module_test.cc b/src/side_channel/test/side_channel_module_test.cc index e12dfe54c..76e2a71f9 100644 --- a/src/side_channel/test/side_channel_module_test.cc +++ b/src/side_channel/test/side_channel_module_test.cc @@ -27,7 +27,6 @@ #include "side_channel/side_channel_module.h" #include "log/messages.h" -#include "main/snort_debug.h" #include "profiler/profiler.h" #include @@ -56,12 +55,6 @@ void SideChannelManager::instantiate(const SCConnectors*, const PortBitSet* port port_1_set = ports->test(1); } -Trace::Trace(const char*, const TraceOptionString*, size_t) {} -Trace::Trace(const char*) {} -bool Trace::set(const snort::Value&) { return true; } -void Trace::reset() {} -void Trace::enable() {} - void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/side_channel/test/side_channel_test.cc b/src/side_channel/test/side_channel_test.cc index 5ddbbe9fe..acefe8d74 100644 --- a/src/side_channel/test/side_channel_test.cc +++ b/src/side_channel/test/side_channel_test.cc @@ -26,7 +26,6 @@ #include "side_channel/side_channel.h" #include "log/messages.h" -#include "main/snort_debug.h" #include "managers/connector_manager.h" #include diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc index ecd7850b8..0a7df8a8e 100644 --- a/src/stream/base/stream_module.cc +++ b/src/stream/base/stream_module.cc @@ -28,16 +28,17 @@ #include "log/messages.h" #include "main/snort.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "stream/flush_bucket.h" +#include "trace/trace.h" using namespace snort; using namespace std; +THREAD_LOCAL const Trace* stream_trace = nullptr; + //------------------------------------------------------------------------- // stream module //------------------------------------------------------------------------- -Trace stream_trace(MOD_NAME); #define FLOW_TYPE_PARAMS(name, idle, weight) \ static const Parameter name[] = \ @@ -101,10 +102,18 @@ static const RuleMap stream_rules[] = static const char* const flow_type_names[] = { "none", "ip_cache", "tcp_cache", "udp_cache", "icmp_cache", "user_cache", "file_cache", "max"}; -StreamModule::StreamModule() : - Module(MOD_NAME, MOD_HELP, s_params, false, &stream_trace) +StreamModule::StreamModule() : Module(MOD_NAME, MOD_HELP, s_params) { } +void StreamModule::set_trace(const Trace* trace) const +{ stream_trace = trace; } + +const TraceOption* StreamModule::get_trace_options() const +{ + static const TraceOption stream_trace_options(nullptr, 0, nullptr); + return &stream_trace_options; +} + const PegInfo* StreamModule::get_pegs() const { return base_pegs; } @@ -172,14 +181,12 @@ bool StreamModule::set(const char* fqn, Value& v, SnortConfig* c) else if ( strstr(fqn, "file_cache") ) type = PktType::FILE; else - return Module::set(fqn, v, c); + return false; if ( v.is("idle_timeout") ) config.flow_cache_cfg.proto[to_utype(type)].nominal_timeout = v.get_uint32(); else if ( v.is("cap_weight") ) config.flow_cache_cfg.proto[to_utype(type)].cap_weight = v.get_uint16(); - else - return false; return true; } diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h index 016d37d00..671103f31 100644 --- a/src/stream/base/stream_module.h +++ b/src/stream/base/stream_module.h @@ -27,18 +27,19 @@ #include "flow/flow_control.h" #include "framework/module.h" -extern THREAD_LOCAL snort::ProfileStats s5PerfStats; -extern THREAD_LOCAL class FlowControl* flow_con; - namespace snort { +class Trace; struct SnortConfig; } +extern THREAD_LOCAL snort::ProfileStats s5PerfStats; +extern THREAD_LOCAL class FlowControl* flow_con; +extern THREAD_LOCAL const snort::Trace* stream_trace; + //------------------------------------------------------------------------- // stream module //------------------------------------------------------------------------- -extern snort::Trace stream_trace; #define MOD_NAME "stream" #define MOD_HELP "common flow tracking" @@ -128,6 +129,9 @@ public: Usage get_usage() const override { return GLOBAL; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: StreamModuleConfig config; StreamReloadResourceManager reload_resource_manager; diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index 24ac736ce..38b235e79 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -75,6 +75,7 @@ #include "log/messages.h" #include "main/analyzer.h" #include "main/snort_config.h" +#include "main/snort_debug.h" #include "memory/memory_cap.h" #include "packet_io/active.h" #include "packet_io/sfdaq_config.h" diff --git a/src/stream/ip/ip_module.cc b/src/stream/ip/ip_module.cc index 662c29849..895a5d835 100644 --- a/src/stream/ip/ip_module.cc +++ b/src/stream/ip/ip_module.cc @@ -26,10 +26,13 @@ #include "ip_session.h" #include "stream_ip.h" +#include "trace/trace.h" using namespace snort; using namespace std; +THREAD_LOCAL const Trace* stream_ip_trace = nullptr; + #define DEFRAG_IPOPTIONS_STR \ "inconsistent IP options on fragmented packets" @@ -81,8 +84,6 @@ FragEngine::FragEngine() // stream_ip module //------------------------------------------------------------------------- -Trace stream_ip_trace(MOD_NAME); - static const RuleMap stream_ip_rules[] = { { DEFRAG_IPOPTIONS, DEFRAG_IPOPTIONS_STR }, @@ -123,9 +124,10 @@ static const Parameter s_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -StreamIpModule::StreamIpModule() : - Module(MOD_NAME, MOD_HELP, s_params, false, &stream_ip_trace) -{ config = nullptr; } +StreamIpModule::StreamIpModule() : Module(MOD_NAME, MOD_HELP, s_params) +{ + config = nullptr; +} StreamIpModule::~StreamIpModule() { @@ -133,6 +135,15 @@ StreamIpModule::~StreamIpModule() delete config; } +void StreamIpModule::set_trace(const Trace* trace) const +{ stream_ip_trace = trace; } + +const TraceOption* StreamIpModule::get_trace_options() const +{ + static const TraceOption stream_ip_trace_options(nullptr, 0, nullptr); + return &stream_ip_trace_options; +} + const RuleMap* StreamIpModule::get_rules() const { return stream_ip_rules; } @@ -146,7 +157,7 @@ StreamIpConfig* StreamIpModule::get_data() return temp; } -bool StreamIpModule::set(const char* f, Value& v, SnortConfig* c) +bool StreamIpModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("max_frags") ) config->frag_engine.max_frags = v.get_uint32(); @@ -169,8 +180,6 @@ bool StreamIpModule::set(const char* f, Value& v, SnortConfig* c) config->session_timeout = v.get_uint32(); config->frag_engine.frag_timeout = v.get_uint32(); } - else - return Module::set(f, v, c); return true; } diff --git a/src/stream/ip/ip_module.h b/src/stream/ip/ip_module.h index bebf45abe..b1f26214f 100644 --- a/src/stream/ip/ip_module.h +++ b/src/stream/ip/ip_module.h @@ -23,13 +23,15 @@ #include "flow/session.h" #include "framework/module.h" -#include "main/snort_debug.h" namespace snort { +class Trace; struct SnortConfig; } +extern THREAD_LOCAL const snort::Trace* stream_ip_trace; + #define GLOBAL_KEYWORD "defrag" #define ENGINE_KEYWORD "defrag_engine" @@ -83,7 +85,6 @@ struct IpStats extern const PegInfo ip_pegs[]; extern THREAD_LOCAL snort::ProfileStats ip_perf_stats; -extern snort::Trace stream_ip_trace; //------------------------------------------------------------------------- // stream_ip module @@ -115,6 +116,9 @@ public: Usage get_usage() const override { return INSPECT; } + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: StreamIpConfig* config; }; diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 15df7c81c..2f96dd37d 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -32,6 +32,7 @@ #include "flow/prune_stats.h" #include "main/snort.h" #include "main/snort_config.h" +#include "main/snort_debug.h" #include "packet_io/active.h" #include "protocols/vlan.h" #include "stream/base/stream_module.h" diff --git a/src/stream/tcp/tcp_segment_node.h b/src/stream/tcp/tcp_segment_node.h index 14602f5bc..92aa3f611 100644 --- a/src/stream/tcp/tcp_segment_node.h +++ b/src/stream/tcp/tcp_segment_node.h @@ -22,8 +22,6 @@ #ifndef TCP_SEGMENT_H #define TCP_SEGMENT_H -#include "main/snort_debug.h" - #include "tcp_segment_descriptor.h" #include "tcp_defs.h" diff --git a/src/stream/user/user_module.cc b/src/stream/user/user_module.cc index 1d54be688..e5f109920 100644 --- a/src/stream/user/user_module.cc +++ b/src/stream/user/user_module.cc @@ -24,11 +24,12 @@ #include "user_module.h" #include "stream_user.h" +#include "trace/trace.h" using namespace snort; using namespace std; -Trace stream_user_trace(MOD_NAME); +THREAD_LOCAL const Trace* stream_user_trace = nullptr; //------------------------------------------------------------------------- // stream_user module @@ -42,8 +43,7 @@ static const Parameter s_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -StreamUserModule::StreamUserModule() : - Module(MOD_NAME, MOD_HELP, s_params, false, &stream_user_trace) +StreamUserModule::StreamUserModule() : Module(MOD_NAME, MOD_HELP, s_params) { config = nullptr; } @@ -61,14 +61,20 @@ StreamUserConfig* StreamUserModule::get_data() return temp; } -bool StreamUserModule::set(const char* fqn, Value& v, SnortConfig* sc) +void StreamUserModule::set_trace(const Trace* trace) const +{ stream_user_trace = trace; } + +const TraceOption* StreamUserModule::get_trace_options() const +{ + static const TraceOption stream_user_trace_options(nullptr, 0, nullptr); + return &stream_user_trace_options; +} + +bool StreamUserModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("session_timeout") ) config->session_timeout = v.get_uint32(); - else - return Module::set(fqn, v, sc); - return true; } diff --git a/src/stream/user/user_module.h b/src/stream/user/user_module.h index cc4c46296..f42f235b0 100644 --- a/src/stream/user/user_module.h +++ b/src/stream/user/user_module.h @@ -24,13 +24,13 @@ namespace snort { +class Trace; struct SnortConfig; } +extern THREAD_LOCAL const snort::Trace* stream_user_trace; extern THREAD_LOCAL snort::ProfileStats user_perf_stats; -extern snort::Trace stream_user_trace; - //------------------------------------------------------------------------- // stream_user module //------------------------------------------------------------------------- @@ -54,6 +54,9 @@ public: StreamUserConfig* get_data(); + void set_trace(const snort::Trace*) const override; + const snort::TraceOption* get_trace_options() const override; + private: StreamUserConfig* config; }; diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc index 73094beb3..961f08927 100644 --- a/src/stream/user/user_session.cc +++ b/src/stream/user/user_session.cc @@ -26,6 +26,7 @@ #include "detection/detection_engine.h" #include "detection/rules.h" #include "main/analyzer.h" +#include "main/snort_debug.h" #include "memory/memory_cap.h" #include "profiler/profiler_defs.h" #include "protocols/packet.h" diff --git a/src/target_based/test/proto_ref_test.cc b/src/target_based/test/proto_ref_test.cc index 251ceed8e..f6a421728 100644 --- a/src/target_based/test/proto_ref_test.cc +++ b/src/target_based/test/proto_ref_test.cc @@ -25,7 +25,6 @@ #include #include "main/snort_config.h" -#include "main/snort_debug.h" #include "target_based/snort_protocols.h" #include diff --git a/src/trace/CMakeLists.txt b/src/trace/CMakeLists.txt index adbb81c21..da956f98a 100644 --- a/src/trace/CMakeLists.txt +++ b/src/trace/CMakeLists.txt @@ -1,16 +1,32 @@ +set ( INCLUDES + trace.h + trace_api.h +) set ( TRACE_SOURCES + trace.cc + trace_api.cc trace_config.cc trace_config.h trace_log.cc trace_log.h - trace_log_api.cc - trace_log_api.h trace_log_base.h trace_module.cc trace_module.h + ${INCLUDES} ) add_library ( trace OBJECT ${TRACE_SOURCES} ) + +install ( FILES ${INCLUDES} + DESTINATION "${INCLUDE_INSTALL_PATH}/trace" +) + +add_catch_test( trace_test + NO_TEST_SOURCE + SOURCES + trace.cc +) + diff --git a/src/trace/dev_notes.txt b/src/trace/dev_notes.txt index 962fdfa57..5e866f632 100644 --- a/src/trace/dev_notes.txt +++ b/src/trace/dev_notes.txt @@ -20,46 +20,50 @@ This directory contains the trace logger framework. * TraceConfig - This is a class that handles a pointer to TraceLoggerFactory and used by TraceLogApi as - a global access point. Pointer to TraceConfig is placed into SnortConfig. It will be - overwritten during reloading and new TraceLoggerFactory pointer will be used by TraceLogApi - since that point. + This is a class that contains pointer on TraceLoggerFactory object and Trace list. + By default all Traces are off. TraceModule fills Traces from configuration. TraceConfig placed into "trace_config.h". * TraceModule - This module provides configuration for trace logs. The main goal of TraceModule - is to create a concrete logger factory based on the configuration, init/reload TraceConfig - pointer and move it into SnortConfig. + This module provides configuration for trace logs: + output - create a concrete logger factory based on the output value (stdout/syslog). + modules - set modules trace level verbosity. This is a built-in module (from coreinit.lua) The module placed into "trace_module.h/trace_module.cc". -* TraceLogApi + TraceModule ctor should be called after all existed modules due to TraceModule + dynamic params restriction. - TraceLogApi is a facade API class used to init/term trace logger framework and make logs - per each thread. TraceLogger is encapsulated in TraceLogApi. This, in a couple with - the TraceConfig, is a single common entry point to trace logger framework. +* TraceApi - TraceLogApi placed into "trace_log_api.h/trace_log_api.cc" + TraceApi is a facade API class used to init/reinit/term thread-local trace logger and module's + trace pointers. + + TraceApi placed into "trace_api.h/trace_api.cc" + +* Trace + + This class encapsulates trace verbosity functionality. * Configuration override By default, the factory will be initialized based on Snort run mode (stdout or syslog). - But this can be explicitly overwritten in TraceModule's configuration to specify which - kind of logger to use. + But this can be explicitly overwritten in TraceModule's configuration to specify + which kind of logger to use. Changes will be applied in case of reloading too. * External dependencies - Include TraceLogApi header somewhere in the code where it needs to make trace logs. - Make sure that TraceLogApi::thread_init()/thread_term() are provided for thread where - TraceLogApi::log() is going used. + Include TraceApi header somewhere in the code where it needs to make trace logs. + Make sure that TraceApi::thread_init()/thread_term() are provided for thread where + TraceApi::log() is going used. - TraceConfig should be configured and moved into SnortConfig before TraceLogApi init. + TraceConfig should be configured in SnortConfig before TraceApi init. To create specific TraceLogger/TraceLoggerFactory pair just inherit base classes placed into "trace_log_base.h" and init TraceConfig with a new factory during configuration. diff --git a/src/trace/trace.cc b/src/trace/trace.cc new file mode 100644 index 000000000..d6ddf07c2 --- /dev/null +++ b/src/trace/trace.cc @@ -0,0 +1,167 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// trace.cc author Serhii Vlasiuk + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "trace.h" + +#include "framework/module.h" + +using namespace snort; + +static const TraceOption s_default_trace_options[] = +{ + { DEFAULT_TRACE_OPTION_NAME, DEFAULT_TRACE_OPTION_ID, "default trace options" }, + + { nullptr, 0, nullptr } +}; + +Trace::Trace(const Module& m) : module(m) +{ + mod_name = module.get_name(); + const snort::TraceOption* trace_options = module.get_trace_options(); + options = ( trace_options->name ) ? trace_options : s_default_trace_options; + + size_t options_size = 0; + trace_options = options; + while ( trace_options->name ) + { + ++options_size; + ++trace_options; + } + option_levels.resize(options_size, 0); +} + +bool Trace::set(const std::string& trace_option_name, uint8_t trace_level) +{ + size_t size = option_levels.size(); + for ( size_t index = 0; index < size; ++index ) + { + if ( trace_option_name == option_name(index) ) + { + option_levels[options[index].id] = trace_level; + return true; + } + } + return false; +} + +void Trace::set_module_trace() const +{ + module.set_trace(this); +} + +#ifdef CATCH_TEST_BUILD + +#include "catch/catch.hpp" + +Module::Module(const char* s, const char* h) : name(s), help(h) +{} +Module::Module(const char*, const char*, const Parameter*, bool) +{} +PegCount Module::get_global_count(char const*) const { return 0; } +void Module::show_interval_stats(std::vector >&, FILE*) {} +void Module::show_stats(){} +void Module::sum_stats(bool ){} +void Module::reset_stats() {} + +class TraceTestModule : public Module +{ +public: + TraceTestModule(const char* name, const TraceOption* trace_options) : + Module(name, "trace_test_help"), test_trace_options(trace_options) + { } + + virtual const TraceOption* get_trace_options() const + { return test_trace_options; } + +private: + const TraceOption* test_trace_options; +}; + +TEST_CASE("default option", "[Trace]") +{ + TraceOption test_trace_options(nullptr, 0, nullptr); + TraceTestModule trace_test_module("test_trace_module", &test_trace_options); + Trace trace(trace_test_module); + + bool result = trace.set(DEFAULT_TRACE_OPTION_NAME, DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == true); + CHECK(trace.enabled(DEFAULT_TRACE_OPTION_ID)); +} + +TEST_CASE("multiple options", "[Trace]") +{ + enum + { + TEST_TRACE_OPTION1 = 0, + TEST_TRACE_OPTION2, + TEST_TRACE_OPTION3, + TEST_TRACE_OPTION4, + }; + const TraceOption trace_values[] = + { + { "option1", TEST_TRACE_OPTION1, "help_option1" }, + { "option2", TEST_TRACE_OPTION2, "help_option2" }, + { "option3", TEST_TRACE_OPTION3, "help_option3" }, + { "option4", TEST_TRACE_OPTION4, "help_option4" }, + + { nullptr, 0, nullptr }, + }; + + TraceTestModule trace_test_module("test_trace_module", trace_values); + Trace trace(trace_test_module); + + bool result = trace.set("option1", DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == true); + CHECK(trace.enabled(TEST_TRACE_OPTION1)); + + result = trace.set("option2", DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == true); + CHECK(trace.enabled(TEST_TRACE_OPTION1)); + CHECK(trace.enabled(TEST_TRACE_OPTION2)); + + result = trace.set("option3", DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == true); + CHECK(trace.enabled(TEST_TRACE_OPTION1)); + CHECK(trace.enabled(TEST_TRACE_OPTION2)); + CHECK(trace.enabled(TEST_TRACE_OPTION3)); + + result = trace.set("option4", DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == true); + CHECK(trace.enabled(TEST_TRACE_OPTION1)); + CHECK(trace.enabled(TEST_TRACE_OPTION2)); + CHECK(trace.enabled(TEST_TRACE_OPTION3)); + CHECK(trace.enabled(TEST_TRACE_OPTION4)); +} + +TEST_CASE("invalid option", "[Trace]") +{ + TraceOption test_trace_options(nullptr, 0, nullptr); + TraceTestModule trace_test_module("test_trace_module", &test_trace_options); + Trace trace(trace_test_module); + + bool result = trace.set("invalid_option", DEFAULT_TRACE_LOG_LEVEL); + CHECK(result == false); +} + +#endif + diff --git a/src/main/trace.h b/src/trace/trace.h similarity index 54% rename from src/main/trace.h rename to src/trace/trace.h index b8e5e4359..454d01d11 100644 --- a/src/main/trace.h +++ b/src/trace/trace.h @@ -21,56 +21,70 @@ #define TRACE_H #include +#include #include -#include "framework/value.h" -#include "main/snort_types.h" +#include "main/thread.h" -#define DEFAULT_TRACE_OPTION 0 -#define DEFAULT_LOG_LEVEL 1 +#define DEFAULT_TRACE_LOG_LEVEL 1 +#define DEFAULT_TRACE_OPTION_ID 0 +#define DEFAULT_TRACE_OPTION_NAME "all" -typedef uint8_t TraceOption; -typedef uint8_t TraceLevel; +namespace snort +{ +class Trace; +} +using TraceOptionID = uint8_t; +using TraceLevel = uint8_t; +using Traces = std::vector; +using ConfigTraceOptions = std::map; +using ModulesConfigTraceOptions = std::map; -struct TraceOptionString +namespace snort { - const char* alias; - TraceOption option; -}; +class Module; -namespace snort +struct TraceOption { -struct SO_PUBLIC Trace + TraceOption(const char* n, TraceOptionID tid, const char* h) : + name(n), id(tid), help(h) {} + + const char* name; + TraceOptionID id; + const char* help; +}; + +class Trace { - Trace(const char*, const TraceOptionString*, size_t); - Trace(const char*); - ~Trace() = default; +public: + Trace(const Module& m); - bool set(const snort::Value&); - void reset(); - void enable(); + bool set(const std::string& option_name, uint8_t option_level); + void set_module_trace() const; const char* module_name() const - { return mod_name; } + { return mod_name.c_str(); } const char* option_name(size_t index) const { assert(index < option_levels.size()); - return options[index].alias; + return options[index].name; } - bool enabled(TraceOption trace_option, TraceLevel log_level = DEFAULT_LOG_LEVEL) const + bool enabled(TraceOptionID trace_option_id, TraceLevel log_level = DEFAULT_TRACE_LOG_LEVEL) const { - assert(trace_option < option_levels.size()); - return option_levels[trace_option] >= log_level; + assert(trace_option_id < option_levels.size()); + return option_levels[trace_option_id] >= log_level; } - const TraceOptionString* options; +private: + std::string mod_name; + const TraceOption* options; + const Module& module; std::vector option_levels; - std::vector config_options; - const char* mod_name; }; } #endif + diff --git a/src/trace/trace_log_api.cc b/src/trace/trace_api.cc similarity index 75% rename from src/trace/trace_log_api.cc rename to src/trace/trace_api.cc index b3023c4b5..40b6abb5e 100644 --- a/src/trace/trace_log_api.cc +++ b/src/trace/trace_api.cc @@ -15,13 +15,13 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// trace_log_api.cc author Oleksandr Serhiienko +// trace_api.cc author Oleksandr Serhiienko #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "trace_log_api.h" +#include "trace_api.h" #include "main/snort_config.h" #include "main/thread.h" @@ -33,22 +33,28 @@ using namespace snort; static THREAD_LOCAL TraceLogger* g_trace_logger = nullptr; -void TraceLogApi::thread_init(SnortConfig* sc) +void TraceApi::thread_init(SnortConfig* sc) { - if ( sc->trace_config and sc->trace_config->logger_factory ) + if ( sc->trace_config->logger_factory ) g_trace_logger = sc->trace_config->logger_factory->instantiate(); + + sc->trace_config->setup_module_trace(); } -void TraceLogApi::thread_term() +void TraceApi::thread_term() { delete g_trace_logger; g_trace_logger = nullptr; } -void TraceLogApi::log(const char* log_msg, const char* name, +void TraceApi::thread_reinit(SnortConfig* sc) +{ + sc->trace_config->setup_module_trace(); +} + +void TraceApi::log(const char* log_msg, const char* name, uint8_t log_level, const char* trace_option) { - if ( g_trace_logger ) - g_trace_logger->log(log_msg, name, log_level, trace_option); + g_trace_logger->log(log_msg, name, log_level, trace_option); } diff --git a/src/trace/trace_log_api.h b/src/trace/trace_api.h similarity index 87% rename from src/trace/trace_log_api.h rename to src/trace/trace_api.h index afde50873..06268b8cc 100644 --- a/src/trace/trace_log_api.h +++ b/src/trace/trace_api.h @@ -15,10 +15,10 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// trace_log_api.h author Oleksandr Serhiienko +// trace_api.h author Oleksandr Serhiienko -#ifndef TRACE_LOG_API_H -#define TRACE_LOG_API_H +#ifndef TRACE_API_H +#define TRACE_API_H #include @@ -26,10 +26,11 @@ namespace snort { struct SnortConfig; -class TraceLogApi +class TraceApi { public: static void thread_init(SnortConfig* sc); + static void thread_reinit(SnortConfig* sc); static void thread_term(); static void log(const char* log_msg, const char* name, @@ -37,5 +38,5 @@ public: }; } -#endif // TRACE_LOG_API_H +#endif // TRACE_API_H diff --git a/src/trace/trace_config.cc b/src/trace/trace_config.cc index f280607f3..46b35f542 100644 --- a/src/trace/trace_config.cc +++ b/src/trace/trace_config.cc @@ -23,10 +23,54 @@ #include "trace_config.h" +#include + +#include "framework/module.h" +#include "managers/module_manager.h" + #include "trace_log_base.h" -using namespace snort; +TraceConfig::TraceConfig() +{ + auto modules = snort::ModuleManager::get_all_modules(); + for ( auto* module : modules ) + { + if ( module->get_trace_options() ) + traces.emplace_back(*module); + } +} TraceConfig::~TraceConfig() -{ delete logger_factory; } +{ + delete logger_factory; + logger_factory = nullptr; +} + +bool TraceConfig::set_trace(const std::string& module_name, const std::string& trace_option_name, + uint8_t trace_level) +{ + for ( auto& trace : traces ) + { + if ( strcmp(trace.module_name(), module_name.c_str()) == 0 ) + return trace.set(trace_option_name, trace_level); + } + return false; +} + +void TraceConfig::setup_module_trace() const +{ + for ( const auto& trace : traces ) + trace.set_module_trace(); +} + +void TraceConfig::enable_trace_snort() +{ trace_snort_enabled = true; } + +void TraceConfig::merge_cmd_line(TraceConfig* trace_config) +{ + trace_snort_enabled = trace_config->trace_snort_enabled; + + if ( trace_snort_enabled ) + set_trace("snort", DEFAULT_TRACE_OPTION_NAME, DEFAULT_TRACE_LOG_LEVEL); +} diff --git a/src/trace/trace_config.h b/src/trace/trace_config.h index ea8be458f..8142dd400 100644 --- a/src/trace/trace_config.h +++ b/src/trace/trace_config.h @@ -20,6 +20,8 @@ #ifndef TRACE_CONFIG_H #define TRACE_CONFIG_H +#include "trace.h" + namespace snort { class TraceLoggerFactory; @@ -28,10 +30,20 @@ class TraceLoggerFactory; class TraceConfig { public: - TraceConfig() = default; + TraceConfig(); ~TraceConfig(); + void enable_trace_snort(); + void setup_module_trace() const; + void merge_cmd_line(TraceConfig*); + bool set_trace(const std::string& module_name, + const std::string& trace_option_name, uint8_t trace_level); + snort::TraceLoggerFactory* logger_factory = nullptr; + +private: + bool trace_snort_enabled = false; + Traces traces; }; #endif // TRACE_CONFIG_H diff --git a/src/trace/trace_module.cc b/src/trace/trace_module.cc index ef7c23e1b..a496bf408 100644 --- a/src/trace/trace_module.cc +++ b/src/trace/trace_module.cc @@ -26,38 +26,78 @@ #include #include "main/snort_config.h" +#include "managers/module_manager.h" #include "trace_config.h" #include "trace_log.h" using namespace snort; -static const Parameter trace_params[] = +#define trace_help "configure trace log messages" +#define s_name "trace" + +TraceModule::TraceModule() : Module(s_name, trace_help) { - { "output", Parameter::PT_ENUM, "stdout | syslog", nullptr, - "output method for trace log messages" }, + generate_params(); +} + +void TraceModule::generate_params() +{ + auto modules = snort::ModuleManager::get_all_modules(); + for ( const auto* module : modules ) + { + const TraceOption* trace_options = module->get_trace_options(); + if ( trace_options && strcmp(module->get_name(), "snort") != 0 ) + { + auto& module_trace_options = configured_trace_options[module->get_name()]; + std::string module_trace_help(module->get_name()); + module_trace_help += " module trace options"; + modules_help.emplace_back(module_trace_help); - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; + module_ranges.emplace_back(); + auto& module_range = module_ranges.back(); -#define trace_help \ - "configure trace log messages" + module_range.emplace_back(DEFAULT_TRACE_OPTION_NAME, Parameter::PT_INT, "0:255", nullptr, + "enable all trace options"); -TraceModule::TraceModule() : Module("trace", trace_help, trace_params, false) -{ } + if ( !trace_options->name ) + module_trace_options[DEFAULT_TRACE_OPTION_NAME] = false; -TraceModule::~TraceModule() -{ - delete t_config; + while ( trace_options->name ) + { + module_range.emplace_back(trace_options->name, + Parameter::PT_INT, "0:255", nullptr, trace_options->help); + + module_trace_options[trace_options->name] = false; + ++trace_options; + } + + module_range.emplace_back(nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr); + + modules_params.emplace_back(module->get_name(), Parameter::PT_TABLE, module_range.data(), + nullptr, modules_help.back().c_str()); + } + } + + modules_params.emplace_back(nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr); + + const static Parameter trace_params[] = + { + { "modules", Parameter::PT_TABLE, modules_params.data(), nullptr, "modules trace option" }, + + { "output", Parameter::PT_ENUM, "stdout | syslog", nullptr, + "output method for trace log messages" }, + + { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } + }; + + set_params(trace_params); } bool TraceModule::begin(const char* fqn, int, SnortConfig* sc) { if ( !strcmp(fqn, "trace") ) { - assert(!t_config); - t_config = new TraceConfig(); - // Init default output type based on Snort run-mode if ( sc->test_mode() ) log_output_type = OUTPUT_TYPE_NO_INIT; @@ -65,12 +105,21 @@ bool TraceModule::begin(const char* fqn, int, SnortConfig* sc) log_output_type = OUTPUT_TYPE_SYSLOG; else log_output_type = OUTPUT_TYPE_STDOUT; + + reset_configured_trace_options(); } return true; } -bool TraceModule::set(const char*, Value& v, SnortConfig* sc) +void TraceModule::reset_configured_trace_options() +{ + for ( auto& module_trace_options : configured_trace_options ) + for ( auto& trace_options : module_trace_options.second ) + trace_options.second = false; +} + +bool TraceModule::set(const char* fqn, Value& v, SnortConfig* sc) { if ( v.is("output") ) { @@ -91,6 +140,25 @@ bool TraceModule::set(const char*, Value& v, SnortConfig* sc) return true; } + else if ( strstr(fqn, "trace.modules.") == fqn ) + { + std::string module_name = find_module(fqn); + if ( strcmp(v.get_name(), DEFAULT_TRACE_OPTION_NAME) == 0 ) + { + const auto& trace_options = configured_trace_options[module_name]; + for ( const auto& trace_option : trace_options ) + if ( !trace_option.second ) + sc->trace_config->set_trace(module_name, trace_option.first, v.get_uint8()); + + return true; + } + else + { + bool res = sc->trace_config->set_trace(module_name, v.get_name(), v.get_uint8()); + configured_trace_options[module_name][v.get_name()] = res; + return res; + } + } return false; } @@ -102,21 +170,17 @@ bool TraceModule::end(const char* fqn, int, SnortConfig* sc) switch ( log_output_type ) { case OUTPUT_TYPE_STDOUT: - t_config->logger_factory = new StdoutLoggerFactory(); + sc->trace_config->logger_factory = new StdoutLoggerFactory(); break; case OUTPUT_TYPE_SYSLOG: - t_config->logger_factory = new SyslogLoggerFactory(); + sc->trace_config->logger_factory = new SyslogLoggerFactory(); break; case OUTPUT_TYPE_NO_INIT: - t_config->logger_factory = nullptr; + sc->trace_config->logger_factory = nullptr; + default: break; } - delete sc->trace_config; - - sc->trace_config = t_config; - t_config = nullptr; - // "output=syslog" config override case // do not closelog() here since it will be closed in Snort::clean_exit() if ( !sc->log_syslog() and log_output_type == OUTPUT_TYPE_SYSLOG @@ -130,3 +194,19 @@ bool TraceModule::end(const char* fqn, int, SnortConfig* sc) return true; } +std::string TraceModule::find_module(const char* fqn) const +{ + std::string module_name; + const std::string config_name(fqn); + const std::string pattern = "trace.modules."; + size_t start_pos = config_name.find(pattern); + if ( start_pos != std::string::npos ) + { + start_pos += pattern.size(); + size_t end_pos = config_name.find(".", start_pos); + if ( end_pos != std::string::npos ) + module_name = config_name.substr(start_pos, end_pos - start_pos); + } + return module_name; +} + diff --git a/src/trace/trace_module.h b/src/trace/trace_module.h index 0dca7da9b..d99f57c2d 100644 --- a/src/trace/trace_module.h +++ b/src/trace/trace_module.h @@ -20,9 +20,9 @@ #ifndef TRACE_MODULE_H #define TRACE_MODULE_H -#include "framework/module.h" +#include -class TraceConfig; +#include "framework/module.h" class TraceModule : public snort::Module { @@ -36,7 +36,6 @@ private: public: TraceModule(); - ~TraceModule() override; bool begin(const char*, int, snort::SnortConfig*) override; bool set(const char*, snort::Value&, snort::SnortConfig*) override; @@ -45,10 +44,19 @@ public: Usage get_usage() const override { return GLOBAL; } +private: + std::string find_module(const char* config_name) const; + void generate_params(); + void reset_configured_trace_options(); + private: OutputType log_output_type = OUTPUT_TYPE_NO_INIT; - TraceConfig* t_config = nullptr; bool local_syslog = false; + std::vector modules_params; + std::vector> module_ranges; + std::vector modules_help; + std::map> configured_trace_options; + }; #endif // TRACE_MODULE_H