From: Bhargava Jandhyala (bjandhya) Date: Fri, 7 May 2021 08:13:32 +0000 (+0000) Subject: Merge pull request #2837 in SNORT/snort3 from ~AJMANDAD/snort3:trace_file_module... X-Git-Tag: 3.1.5.0~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=677b5497e93ae4bb1d9648da90eedb52f7f5423e;p=thirdparty%2Fsnort3.git Merge pull request #2837 in SNORT/snort3 from ~AJMANDAD/snort3:trace_file_module to master Squashed commit of the following: commit 4c5715c8e5785fe12a92218dfe44981a002deeb3 Author: Ajay Mandadi Date: Thu Apr 8 04:11:07 2021 -0400 packet_tracer: file daq trace log Signed-off-by: Ajay Mandadi --- diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc index c61155336..a9a644bbe 100644 --- a/src/file_api/file_flows.cc +++ b/src/file_api/file_flows.cc @@ -33,6 +33,7 @@ #include "log/messages.h" #include "main/snort_config.h" #include "managers/inspector_manager.h" +#include "packet_tracer/packet_tracer.h" #include "protocols/packet.h" #include "file_cache.h" @@ -67,6 +68,23 @@ namespace snort } } +static void populate_trace_data(FileContext* context) +{ + std::stringstream ss; + context->print_file_name(ss); + std::string file_name = ss.str(); + + PacketTracer::daq_log("file+%" PRId64"++File Type[%s]/File ID[%lu] with name[%s] and size[%lu] detected." + "File sha is [%s], with verdict[%s]$", + TO_NSECS(pt_timer->get()), + file_type_name(context->get_file_type()).c_str(), + context->get_file_id(), + file_name.c_str(), + context->get_file_size(), + (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): "null"), + VerdictName[context->verdict].c_str()); +} + void FileFlows::handle_retransmit(Packet* p) { if (file_policy == nullptr) @@ -283,6 +301,9 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da if (!context) return false; + if (PacketTracer::is_daq_activated()) + PacketTracer::pt_timer_start(); + if (!cacheable) context->set_not_cacheable(); @@ -300,6 +321,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da { context->processing_complete = true; remove_processed_file_context(multi_file_processing_id); + if (PacketTracer::is_daq_activated()) + populate_trace_data(context); return false; } @@ -315,6 +338,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da file_policy); if (context->processing_complete) remove_processed_file_context(multi_file_processing_id); + if (PacketTracer::is_daq_activated()) + populate_trace_data(context); return continue_processing; } } @@ -322,6 +347,8 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da continue_processing = context->process(p, file_data, data_size, offset, file_policy, position); if (context->processing_complete) remove_processed_file_context(multi_file_processing_id); + if (PacketTracer::is_daq_activated()) + populate_trace_data(context); return continue_processing; } @@ -342,12 +369,18 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size, if (position == SNORT_FILE_POSITION_UNKNOWN) return false; + if (PacketTracer::is_daq_activated()) + PacketTracer::pt_timer_start(); + context = find_main_file_context(position, direction, file_index); set_current_file_context(context); context->set_signature_state(gen_signature); - return context->process(p, file_data, data_size, position, file_policy); + bool file_process_ret = context->process(p, file_data, data_size, position, file_policy); + if (PacketTracer::is_daq_activated()) + populate_trace_data(context); + return file_process_ret; } /* diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 991e3151b..fcd3d4850 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -759,7 +759,8 @@ void FileContext::print_file_name(std::ostream& log) char* outbuf = get_UTF8_fname(&fname_len); const char* fname = (outbuf != nullptr) ? outbuf : file_name.c_str(); - log << "File name: "; + if (!PacketTracer::is_daq_activated()) + log << "File name: "; size_t pos = 0; while (pos < fname_len) @@ -786,7 +787,9 @@ void FileContext::print_file_name(std::ostream& log) log << "|" << std::dec; } } - log << std::endl; + + if (!PacketTracer::is_daq_activated()) + log << std::endl; if (outbuf) snort_free(outbuf); diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index 46c04a570..8476ee945 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -33,6 +33,9 @@ #define SNORT_FILE_TYPE_UNKNOWN UINT16_MAX #define SNORT_FILE_TYPE_CONTINUE 0 +const std::string VerdictName[] = +{"Unknown", "Log", "Stop", "Block", "Reset", "Pending", "Stop Capture", "INVALID"}; + class FileConfig; class FileSegments; diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc index fd2e9e3bf..ada718e8e 100644 --- a/src/file_api/file_log.cc +++ b/src/file_api/file_log.cc @@ -51,9 +51,6 @@ struct FileLogStats static THREAD_LOCAL FileLogStats fl_stats; -static const std::string VerdictName[] = -{"Unknown", "Log", "Stop", "Block", "Reset", "Pending", "Stop Capture", "INVALID"}; - static const PegInfo fl_pegs[] = { { CountType::SUM, "total_events", "total file events" },