From: Bhagya Tholpady (bbantwal) Date: Tue, 10 Nov 2020 11:39:49 +0000 (+0000) Subject: Merge pull request #2588 in SNORT/snort3 from ~OSHUMEIK/snort3:trace_refactor to... X-Git-Tag: 3.0.3-5~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c06af44d814c5175dacf534903cdb261678f448b;p=thirdparty%2Fsnort3.git Merge pull request #2588 in SNORT/snort3 from ~OSHUMEIK/snort3:trace_refactor to master Squashed commit of the following: commit 2f992d73028bc9d9f803856790ffb59a085c725a Author: Oleksii Shumeiko Date: Tue Oct 27 14:35:20 2020 +0200 trace: add missing packet information to some of the messages --- diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc index b5eb8a4b7..2a12018a9 100644 --- a/src/actions/act_react.cc +++ b/src/actions/act_react.cc @@ -167,7 +167,7 @@ private: InjectionReturnStatus status = PayloadInjector::inject_http_payload(p, control); #ifdef DEBUG_MSGS if (status != INJECTION_SUCCESS) - debug_logf(react_trace, nullptr, "Injection error: %s\n", + debug_logf(react_trace, p, "Injection error: %s\n", PayloadInjector::get_err_string(status)); #else UNUSED(status); diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index 7fe2ac525..a9effa7e0 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -332,7 +332,7 @@ static int detection_option_tree_evaluate(detection_option_tree_root_t* root, Cursor c(eval_data.p); int rval = 0; - debug_log(detection_trace, TRACE_RULE_EVAL, nullptr, "Starting tree eval\n"); + debug_log(detection_trace, TRACE_RULE_EVAL, eval_data.p, "Starting tree eval\n"); for ( int i = 0; i < root->num_children; ++i ) { diff --git a/src/detection/tag.cc b/src/detection/tag.cc index 6364511b0..bc46e2c00 100644 --- a/src/detection/tag.cc +++ b/src/detection/tag.cc @@ -123,9 +123,9 @@ static TagNode* TagAlloc(XHash*); static void TagFree(XHash*, TagNode*); static int PruneTagCache(uint32_t, int); static int PruneTime(XHash* tree, uint32_t thetime); -static void TagSession(Packet*, TagData*, uint32_t, uint16_t, void*); -static void TagHost(Packet*, TagData*, uint32_t, uint16_t, void*); -static void AddTagNode(Packet*, TagData*, int, uint32_t, uint16_t, void*); +static void TagSession(const Packet*, TagData*, uint32_t, uint16_t, void*); +static void TagHost(const Packet*, TagData*, uint32_t, uint16_t, void*); +static void AddTagNode(const Packet*, TagData*, int, uint32_t, uint16_t, void*); static inline void SwapTag(TagNode*); class TagSessionCache : public XHash @@ -298,12 +298,12 @@ void CleanupTag() delete host_tag_cache; } -static void TagSession(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list) +static void TagSession(const Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list) { AddTagNode(p, tag, TAG_SESSION, time, event_id, log_list); } -static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list) +static void TagHost(const Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list) { int mode; @@ -323,14 +323,14 @@ static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, v AddTagNode(p, tag, mode, time, event_id, log_list); } -static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, +static void AddTagNode(const Packet* p, TagData* tag, int mode, uint32_t now, uint16_t event_id, void* log_list) { TagNode* idx; /* index pointer */ TagNode* returned; XHash* tag_cache_ptr = nullptr; - debug_log(detection_trace, TRACE_TAG, nullptr, "Adding new Tag Head\n"); + debug_log(detection_trace, TRACE_TAG, p, "Adding new Tag Head\n"); if ( tag->tag_metric & TAG_METRIC_SESSION ) { @@ -630,7 +630,7 @@ static int PruneTime(XHash* tree, uint32_t thetime) return pruned; } -void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id) +void SetTags(const Packet* p, const OptTreeNode* otn, uint16_t event_id) { if (otn != nullptr && otn->tag != nullptr) { diff --git a/src/detection/tag.h b/src/detection/tag.h index 204f40d3b..b5885a941 100644 --- a/src/detection/tag.h +++ b/src/detection/tag.h @@ -62,7 +62,7 @@ struct TagData void InitTag(); void CleanupTag(); int CheckTagList(snort::Packet*, Event&, void**); -void SetTags(snort::Packet*, const OptTreeNode*, uint16_t); +void SetTags(const snort::Packet*, const OptTreeNode*, uint16_t); #endif diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc index 21479ba79..46fc35939 100644 --- a/src/network_inspectors/rna/rna_logger.cc +++ b/src/network_inspectors/rna/rna_logger.cc @@ -46,7 +46,7 @@ using namespace snort; #ifdef DEBUG_MSGS -static inline void rna_logger_message(const RnaLoggerEvent& rle) +static inline void rna_logger_message(const RnaLoggerEvent& rle, const Packet* p) { char macbuf[19] = { '\0' }; if ( rle.mac ) @@ -59,51 +59,51 @@ static inline void rna_logger_message(const RnaLoggerEvent& rle) SfIpString ipbuf; ip.set(rle.ip); // using this instead of packet's ip to support ARP if ( rle.mac ) - debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, mac %s, ip %s\n", + debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, mac %s, ip %s\n", rle.type, rle.subtype, macbuf, ip.ntop(ipbuf)); else - debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, ip %s\n", + debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, ip %s\n", rle.type, rle.subtype, ip.ntop(ipbuf)); if ( rle.hc ) { if ( rle.hc->version[0] != '\0' ) - debug_logf(rna_trace, nullptr, + debug_logf(rna_trace, p, "RNA client log: client %u, service %u, version %s\n", rle.hc->id, rle.hc->service, rle.hc->version); else - debug_logf(rna_trace, nullptr, "RNA client log: client %u, service %u\n", + debug_logf(rna_trace, p, "RNA client log: client %u, service %u\n", rle.hc->id, rle.hc->service); } if ( rle.ha ) { - debug_logf(rna_trace, nullptr, + debug_logf(rna_trace, p, "RNA Service Info log: appid: %d proto %u, port: %u\n", rle.ha->appid, (uint32_t)rle.ha->proto, rle.ha->port); for ( auto& s: rle.ha->info ) { if ( s.vendor[0] != '\0' ) - debug_logf(rna_trace, nullptr, "RNA Service Info log: vendor: %s\n", + debug_logf(rna_trace, p, "RNA Service Info log: vendor: %s\n", s.vendor); if ( s.version[0] != '\0' ) - debug_logf(rna_trace, nullptr, "RNA Service Info log: version: %s\n", + debug_logf(rna_trace, p, "RNA Service Info log: version: %s\n", s.version); } if ( rle.type == RNA_EVENT_CHANGE and rle.subtype == CHANGE_BANNER_UPDATE ) - debug_logf(rna_trace, nullptr, "RNA Banner log: true\n"); + debug_logf(rna_trace, p, "RNA Banner log: true\n"); } if ( rle.user ) { if ( rle.user and *rle.user ) - debug_logf(rna_trace, nullptr, + debug_logf(rna_trace, p, "RNA user login: service %u, user name %s\n", rle.appid, rle.user); } } else - debug_logf(rna_trace, nullptr, "RNA log: type %u, subtype %u, mac %s\n", + debug_logf(rna_trace, p, "RNA log: type %u, subtype %u, mac %s\n", rle.type, rle.subtype, macbuf); } #endif @@ -189,7 +189,7 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_ EventManager::call_loggers(nullptr, const_cast(p), "RNA", &rle); #ifdef DEBUG_MSGS - rna_logger_message(rle); + rna_logger_message(rle, p); #endif return true; } diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index 2768f6710..10584f9ca 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -381,13 +381,13 @@ void Dce2Smb::eval(Packet* p) { //1st packet of flow in smb1 session, create smb1 session and flowdata dce2_smb_sess = dce2_create_new_smb_session(p, &config); - debug_logf(dce_smb_trace, nullptr, "smb1 session created\n"); + debug_logf(dce_smb_trace, p, "smb1 session created\n"); } else if (DCE2_SMB_VERSION_2 == smb_version) { //1st packet of flow in smb2 session, create smb2 session and flowdata dce2_smb2_sess = dce2_create_new_smb2_session(p, &config); - debug_logf(dce_smb_trace, nullptr, "smb2 session created\n"); + debug_logf(dce_smb_trace, p, "smb2 session created\n"); } else { @@ -395,7 +395,7 @@ void Dce2Smb::eval(Packet* p) //This means there is no flow data and this is not an SMB packet //if it is a TCP packet for smb data, the flow must have been //already identified with version. - debug_logf(dce_smb_trace, nullptr, "non-smb packet detected\n"); + debug_logf(dce_smb_trace, p, "non-smb packet detected\n"); return; } } diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc index 3f55341b7..229a2f973 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2.cc @@ -215,7 +215,8 @@ static void DCE2_Smb2Inspect(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, uint64_t sid = Smb2Sid(smb_hdr); uint32_t tid = Smb2Tid(smb_hdr); - debug_logf(dce_smb_trace, nullptr, "%s : mid %" PRIu64 " sid %" PRIu64 " tid %" PRIu32 "\n", + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s : mid %" PRIu64 " sid %" PRIu64 " tid %" PRIu32 "\n", (command <= SMB2_COM_OPLOCK_BREAK ? smb2_command_string[command] : "unknown"), mid, sid, tid); switch (command) @@ -311,7 +312,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd) if (data_len < sizeof(NbssHdr) + SMB2_HEADER_LENGTH) { dce2_smb_stats.v2_hdr_err++; - debug_logf(dce_smb_trace, nullptr, "Header error with data length %d\n",data_len); + debug_logf(dce_smb_trace, p, "Header error with data length %d\n",data_len); return; } @@ -338,7 +339,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd) { dce_alert(GID_DCE2, DCE2_SMB_BAD_NEXT_COMMAND_OFFSET, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); - debug_logf(dce_smb_trace, nullptr, "bad next command offset\n"); + debug_logf(dce_smb_trace, p, "bad next command offset\n"); dce2_smb_stats.v2_bad_next_cmd_offset++; return; } @@ -351,7 +352,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd) if (compound_request_index > DCE2_ScSmbMaxCompound((dce2SmbProtoConf*)ssd->sd.config)) { dce2_smb_stats.v2_cmpnd_req_lt_crossed++; - debug_logf(dce_smb_trace, nullptr, "compound req limit reached %" PRIu8 "\n", + debug_logf(dce_smb_trace, p, "compound req limit reached %" PRIu8 "\n", compound_request_index); return; } @@ -361,7 +362,7 @@ void DCE2_Smb2Process(DCE2_Smb2SsnData* ssd) else if ( ssd->ftracker_tcp and (ssd->ftracker_tcp->smb2_pdu_state == DCE2_SMB_PDU_STATE__RAW_DATA)) { - debug_logf(dce_smb_trace, nullptr, + debug_logf(dce_smb_trace, p, "raw data file_name_hash %" PRIu64 " fid %" PRIu64 " dir %s\n", ssd->ftracker_tcp->file_name_hash, ssd->ftracker_tcp->file_id, ssd->ftracker_tcp->upload ? "upload" : "download"); diff --git a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc index 63959731c..fb7d395f4 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc @@ -39,8 +39,8 @@ using namespace snort; { \ if ((smb_data + (strcuture_size)) > end) \ { \ - debug_logf(dce_smb_trace, nullptr, "%s : smb data beyond end detected\n",\ - smb2_command_string[cmd]); \ + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), \ + "%s : smb data beyond end detected\n", smb2_command_string[cmd]); \ counter ++; \ return; \ } \ @@ -63,7 +63,8 @@ static inline FileContext* get_smb_file_context(uint64_t file_id, uint64_t static void DCE2_Smb2CleanFtrackerTcpRef(DCE2_Smb2SessionTracker* str, uint64_t file_id) { - debug_logf(dce_smb_trace, nullptr, "updating conn for fid %" PRIu64 "\n", file_id); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "updating conn for fid %" PRIu64 "\n", file_id); auto all_conn_trackers = str->conn_trackers.get_all_entry(); for ( auto& h : all_conn_trackers ) { @@ -105,7 +106,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data, ssd->ftracker_tcp->bytes_processed += detection_size; FileDirection dir = ssd->ftracker_tcp->upload ? FILE_UPLOAD : FILE_DOWNLOAD; - debug_logf(dce_smb_trace, nullptr, "file_process fid %" PRIu64 " data_size %" PRIu32 "" + debug_logf(dce_smb_trace, p, "file_process fid %" PRIu64 " data_size %" PRIu32 "" " offset %" PRIu64 " bytes processed %" PRIu64 "\n", ssd->ftracker_tcp->file_id, data_size, ssd->ftracker_tcp->file_offset, ssd->ftracker_tcp->bytes_processed); @@ -115,7 +116,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data, ssd->ftracker_tcp->bytes_processed > ssd->ftracker_tcp->file_size) ) { dce2_smb_stats.v2_extra_file_data_err++; - debug_logf(dce_smb_trace, nullptr, "extra file data\n"); + debug_logf(dce_smb_trace, p, "extra file data\n"); DCE2_Smb2TreeTracker* ttr = ssd->ftracker_tcp->ttr; uint64_t file_id = ssd->ftracker_tcp->file_id; @@ -128,7 +129,7 @@ bool DCE2_Smb2ProcessFileData(DCE2_Smb2SsnData* ssd, const uint8_t* file_data, if (!file_flows->file_process(p, ssd->ftracker_tcp->file_name_hash, file_data, data_size, ssd->ftracker_tcp->file_offset, dir, ssd->ftracker_tcp->file_id)) { - debug_logf(dce_smb_trace, nullptr, "file_process completed\n"); + debug_logf(dce_smb_trace, p, "file_process completed\n"); DCE2_Smb2TreeTracker* ttr = ssd->ftracker_tcp->ttr; uint64_t file_id = ssd->ftracker_tcp->file_id; @@ -150,8 +151,8 @@ void DCE2_Smb2Setup(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, const uint64_ if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr)) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n", - smb2_command_string[SMB2_COM_SESSION_SETUP]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: error\n", smb2_command_string[SMB2_COM_SESSION_SETUP]); dce2_smb_stats.v2_setup_err_resp++; } else if (structure_size == SMB2_SETUP_RESPONSE_STRUC_SIZE) @@ -163,8 +164,8 @@ void DCE2_Smb2Setup(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, const uint64_ } else if (structure_size != SMB2_SETUP_REQUEST_STRUC_SIZE) { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_SESSION_SETUP]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_SESSION_SETUP]); dce2_smb_stats.v2_setup_inv_str_sz++; } } @@ -190,15 +191,15 @@ void DCE2_Smb2TreeConnect(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (!DCE2_Smb2InsertTid(ssd, tid, ((const Smb2TreeConnectResponseHdr*)smb_data)->share_type, str)) { - debug_logf(dce_smb_trace, nullptr, "%s: ignored %d\n", - smb2_command_string[SMB2_COM_TREE_CONNECT], tid); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: ignored %d\n", smb2_command_string[SMB2_COM_TREE_CONNECT], tid); dce2_smb_stats.v2_tree_cnct_ignored++; } } else if (structure_size != SMB2_TREE_CONNECT_REQUEST_STRUC_SIZE) { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_TREE_CONNECT]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_TREE_CONNECT]); dce2_smb_stats.v2_tree_cnct_inv_str_sz++; } } @@ -219,8 +220,8 @@ void DCE2_Smb2TreeDisconnect(DCE2_Smb2SsnData*, const uint8_t* smb_data, } else { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_TREE_DISCONNECT]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_TREE_DISCONNECT]); dce2_smb_stats.v2_tree_discn_inv_str_sz++; } } @@ -243,8 +244,8 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd, if (file_data >= end) { dce2_smb_stats.v2_crt_inv_file_data++; - debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file data seen\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: invalid file data seen\n", smb2_command_string[SMB2_COM_CREATE]); return; } @@ -252,7 +253,8 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd, if (!size or (file_data + size > end)) { dce2_smb_stats.v2_crt_inv_file_data++; - debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file data seen with size %" PRIu16 "\n", + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: invalid file data seen with size %" PRIu16 "\n", smb2_command_string[SMB2_COM_CREATE], size); return; @@ -271,16 +273,16 @@ static void DCE2_Smb2CreateRequest(DCE2_Smb2SsnData* ssd, } else { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_CREATE]); dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); } } else { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: name_offset %" PRIu16 "\n", - smb2_command_string[SMB2_COM_CREATE], name_offset); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: name_offset %" PRIu16 "\n", smb2_command_string[SMB2_COM_CREATE], name_offset); dce2_smb_stats.v2_crt_req_hdr_err++; } } @@ -318,7 +320,8 @@ static void DCE2_Smb2CreateResponse(DCE2_Smb2SsnData*, FileContext* file = get_smb_file_context(ftracker->file_name_hash, fileId_persistent, true); - debug_logf(dce_smb_trace, nullptr, "%s_RESP: file size %" PRIu64 " fid %" PRIu64 "" + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: file size %" PRIu64 " fid %" PRIu64 "" "file_name_hash %" PRIu64 " file context %s\n", smb2_command_string[SMB2_COM_CREATE], file_size, fileId_persistent, ftracker->file_name_hash, (file ? "found" : "not found")); @@ -361,8 +364,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, ttr->removeRtracker(mid); dce2_smb_stats.v2_crt_err_resp++; - debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: error\n", smb2_command_string[SMB2_COM_CREATE]); } // Using structure size to decide whether it is response or request else if (structure_size == SMB2_CREATE_REQUEST_STRUC_SIZE) @@ -373,21 +376,21 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (!ttr) { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: mid stream session detected\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: mid stream session detected\n", smb2_command_string[SMB2_COM_CREATE]); ttr = DCE2_Smb2InsertTid(ssd, tid, SMB2_SHARE_TYPE_DISK, str); if (!ttr) { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: insert tree tracker failed\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: insert tree tracker failed\n", smb2_command_string[SMB2_COM_CREATE]); return; } } else if (SMB2_SHARE_TYPE_DISK != ttr->get_share_type()) { dce2_smb_stats.v2_crt_req_ipc++; - debug_logf(dce_smb_trace, nullptr, "%s_REQ: ignored for ipc share\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: ignored for ipc share\n", smb2_command_string[SMB2_COM_CREATE]); return; } DCE2_Smb2CreateRequest(ssd, (const Smb2CreateRequestHdr*)smb_data, end, str, ttr, mid); @@ -400,8 +403,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (!ttr) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: tree tracker missing\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: tree tracker missing\n", smb2_command_string[SMB2_COM_CREATE]); dce2_smb_stats.v2_crt_tree_trkr_misng++; return; } @@ -409,8 +412,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, DCE2_Smb2RequestTracker* rtr = ttr->findRtracker(mid); if (!rtr) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: req tracker missing\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: req tracker missing\n", smb2_command_string[SMB2_COM_CREATE]); dce2_smb_stats.v2_crt_rtrkr_misng++; return; } @@ -421,8 +424,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (((const Smb2CreateResponseHdr*)smb_data)->file_attributes & SMB2_CREATE_RESPONSE_DIRECTORY) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: not processing for directory\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: not processing for directory\n", smb2_command_string[SMB2_COM_CREATE]); ttr->removeRtracker(mid); DCE2_Smb2CleanFtrackerTcpRef(str, fileId_persistent); ttr->removeFtracker(fileId_persistent); @@ -435,8 +438,8 @@ void DCE2_Smb2Create(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } else { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_CREATE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_CREATE]); dce2_smb_stats.v2_crt_inv_str_sz++; } } @@ -453,8 +456,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr)) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n", - smb2_command_string[SMB2_COM_CLOSE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: error\n", smb2_command_string[SMB2_COM_CLOSE]); dce2_smb_stats.v2_cls_err_resp++; } // Using structure size to decide whether it is response or request @@ -470,7 +473,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, if (!ftracker) { dce2_smb_stats.v2_cls_req_ftrkr_misng++; - debug_logf(dce_smb_trace, nullptr, "%s_REQ: ftracker missing %" PRIu64 "\n", + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: ftracker missing %" PRIu64 "\n", smb2_command_string[SMB2_COM_CLOSE], fileId_persistent); return; } @@ -500,8 +504,8 @@ void DCE2_Smb2CloseCmd(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } else if (structure_size != SMB2_CLOSE_RESPONSE_STRUC_SIZE) { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_CLOSE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_CLOSE]); dce2_smb_stats.v2_cls_inv_str_sz++; } } @@ -517,8 +521,8 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr, // Using structure size to decide whether it is response or request if (structure_size == SMB2_ERROR_RESPONSE_STRUC_SIZE and Smb2Error(smb_hdr)) { - debug_logf(dce_smb_trace, nullptr, "%s: error resp\n", - smb2_command_string[SMB2_COM_SET_INFO]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: error resp\n", smb2_command_string[SMB2_COM_SET_INFO]); dce2_smb_stats.v2_stinf_err_resp++; } else if (structure_size == SMB2_SET_INFO_REQUEST_STRUC_SIZE) @@ -541,7 +545,7 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr, ftracker->file_size = file_size; FileContext* file = get_smb_file_context(ftracker->file_name_hash, fileId_persistent); - debug_logf(dce_smb_trace, nullptr, + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), "%s_REQ: set file size %" PRIu64 " fid %" PRIu64 " file context %s\n", smb2_command_string[SMB2_COM_SET_INFO], file_size, fileId_persistent, file ? "found" : "not found"); @@ -553,21 +557,21 @@ void DCE2_Smb2SetInfo(DCE2_Smb2SsnData*, const Smb2Hdr* smb_hdr, else { dce2_smb_stats.v2_stinf_req_ftrkr_misng++; - debug_logf(dce_smb_trace, nullptr,"%s_REQ: ftracker missing\n", - smb2_command_string[SMB2_COM_SET_INFO]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: ftracker missing\n", smb2_command_string[SMB2_COM_SET_INFO]); } } else { - debug_logf(dce_smb_trace, nullptr,"%s_REQ: header error\n", - smb2_command_string[SMB2_COM_SET_INFO]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: header error\n", smb2_command_string[SMB2_COM_SET_INFO]); dce2_smb_stats.v2_stinf_req_hdr_err++; } } else if (structure_size != SMB2_SET_INFO_RESPONSE_STRUC_SIZE) { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_SET_INFO]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_SET_INFO]); dce2_smb_stats.v2_stinf_inv_str_sz++; } } @@ -594,8 +598,8 @@ static void DCE2_Smb2ReadRequest(DCE2_Smb2SsnData* ssd, } else { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n", - smb2_command_string[SMB2_COM_READ]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_READ]); dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); return; @@ -610,8 +614,8 @@ static void DCE2_Smb2ReadRequest(DCE2_Smb2SsnData* ssd, if (ftracker->file_size and (offset > ftracker->file_size)) { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: invalid file offset\n", - smb2_command_string[SMB2_COM_READ]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: invalid file offset\n", smb2_command_string[SMB2_COM_READ]); dce_alert(GID_DCE2, DCE2_SMB_INVALID_FILE_OFFSET, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); } @@ -633,16 +637,16 @@ static void DCE2_Smb2ReadResponse(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, request = ttr->findRtracker(message_id); if (!request) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: request tracker missing\n", - smb2_command_string[SMB2_COM_READ]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: request tracker missing\n", smb2_command_string[SMB2_COM_READ]); dce2_smb_stats.v2_read_rtrkr_misng++; return; } data_offset = alignedNtohs((const uint16_t*)(&(smb_read_hdr->data_offset))); if (data_offset + (const uint8_t*)smb_hdr > end) { - debug_logf(dce_smb_trace, nullptr, "%s_RESP: bad offset\n", - smb2_command_string[SMB2_COM_READ]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: bad offset\n", smb2_command_string[SMB2_COM_READ]); dce_alert(GID_DCE2, DCE2_SMB_BAD_OFF, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); } @@ -685,8 +689,8 @@ void DCE2_Smb2Read(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } ttr->removeRtracker(mid); dce2_smb_stats.v2_read_err_resp++; - debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: error\n", smb2_command_string[SMB2_COM_WRITE]); } // Using structure size to decide whether it is response or request else if (structure_size == SMB2_READ_REQUEST_STRUC_SIZE) @@ -707,8 +711,8 @@ void DCE2_Smb2Read(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, else { dce2_smb_stats.v2_read_inv_str_sz++; - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_WRITE]); } } @@ -738,8 +742,8 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } else { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: max req exceeded\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: max req exceeded\n", smb2_command_string[SMB2_COM_WRITE]); dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); return; @@ -748,8 +752,8 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, data_offset = alignedNtohs((const uint16_t*)(&(smb_write_hdr->data_offset))); if (data_offset + (const uint8_t*)smb_hdr > end) { - debug_logf(dce_smb_trace, nullptr, "%s_REQ: bad offset\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_REQ: bad offset\n", smb2_command_string[SMB2_COM_WRITE]); dce_alert(GID_DCE2, DCE2_SMB_BAD_OFF, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); } @@ -802,8 +806,8 @@ void DCE2_Smb2Write(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } ttr->removeRtracker(mid); dce2_smb_stats.v2_wrt_err_resp++; - debug_logf(dce_smb_trace, nullptr, "%s_RESP: error\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s_RESP: error\n", smb2_command_string[SMB2_COM_WRITE]); } // Using structure size to decide whether it is response or request else if (structure_size == SMB2_WRITE_REQUEST_STRUC_SIZE) @@ -820,8 +824,8 @@ void DCE2_Smb2Write(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr, } else { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_WRITE]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_WRITE]); dce2_smb_stats.v2_wrt_inv_str_sz++; } } @@ -844,8 +848,8 @@ void DCE2_Smb2Logoff(DCE2_Smb2SsnData* ssd, const uint8_t* smb_data, } else { - debug_logf(dce_smb_trace, nullptr, "%s: invalid struct size\n", - smb2_command_string[SMB2_COM_LOGOFF]); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "%s: invalid struct size\n", smb2_command_string[SMB2_COM_LOGOFF]); dce2_smb_stats.v2_logoff_inv_str_sz++; } } diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc index 0666ca1bd..6f35b45ab 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc @@ -80,7 +80,8 @@ DCE2_Smb2TreeTracker* DCE2_Smb2InsertTid(DCE2_Smb2SsnData* ssd, const uint32_t t if (share_type == SMB2_SHARE_TYPE_DISK and ssd->max_file_depth == -1 and DCE2_ScSmbFileDepth((dce2SmbProtoConf*)ssd->sd.config) == -1) { - debug_logf(dce_smb_trace, nullptr, "Not inserting TID (%u) because it's " + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "Not inserting TID (%u) because it's " "not IPC and not inspecting normal file data.\n", tid); return nullptr; } diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc index 17df814d7..8652394ae 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc @@ -528,7 +528,8 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, if (DCE2_SsnIsWindowsPolicy(&ssd->sd) && ssd->cur_rtracker->ftracker->fp_byte_mode) { - debug_log(dce_smb_trace, nullptr, "Pipe is in byte mode - TRANS_TRANSACT_NMPIPE won't work\n"); + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "Pipe is in byte mode - TRANS_TRANSACT_NMPIPE won't work\n"); return DCE2_RET__ERROR; } data_params = DCE2_SMB_TRANS__DATA; @@ -588,7 +589,8 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, && (DCE2_SmbTransactionGetName(nb_ptr, nb_len, byte_count, SmbUnicode(smb_hdr)) != DCE2_RET__SUCCESS)) { - debug_log(dce_smb_trace, nullptr, "Failed to validate pipe name for Samba.\n"); + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "Failed to validate pipe name for Samba.\n"); return DCE2_RET__ERROR; } break; @@ -1071,7 +1073,8 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoIsRequest(com_info) && !DCE2_SmbIsTransactionComplete(ttracker)) { - debug_log(dce_smb_trace, nullptr, "Got new transaction request " + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "Got new transaction request " "that matches an in progress transaction - not inspecting.\n"); return DCE2_RET__ERROR; } @@ -1080,7 +1083,8 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoIsRequest(com_info) && (DCE2_ComInfoWordCount(com_info) != 16)) { - debug_log(dce_smb_trace, nullptr, "\\PIPE\\LANMAN request - not inspecting\n"); + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "\\PIPE\\LANMAN request - not inspecting\n"); return DCE2_RET__IGNORE; } @@ -1192,7 +1196,8 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoIsRequest(com_info) && !DCE2_SmbIsTransactionComplete(ttracker)) { - debug_log(dce_smb_trace, nullptr, "Got new transaction request " + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "Got new transaction request " "that matches an in progress transaction - not inspecting.\n"); return DCE2_RET__ERROR; } @@ -1450,7 +1455,8 @@ DCE2_Ret DCE2_SmbNtTransact(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoIsRequest(com_info) && !DCE2_SmbIsTransactionComplete(ttracker)) { - debug_log(dce_smb_trace, nullptr, "Got new transaction request " + debug_log(dce_smb_trace, DetectionEngine::get_current_packet(), + "Got new transaction request " "that matches an in progress transaction - not inspecting.\n"); return DCE2_RET__ERROR; } diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc index 08f26cfcf..8062c6d65 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc @@ -839,7 +839,8 @@ void DCE2_SmbInsertTid(DCE2_SmbSsnData* ssd, if ( !is_ipc and ssd->max_file_depth == -1 and DCE2_ScSmbFileDepth((dce2SmbProtoConf*)ssd->sd.config) == -1 ) { - debug_logf(dce_smb_trace, nullptr, "Not inserting TID (%hu) " + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "Not inserting TID (%hu) " "because it's not IPC and not inspecting normal file data.\n", tid); return; } @@ -1547,7 +1548,7 @@ static DCE2_Ret DCE2_SmbFileAPIProcess(DCE2_SmbSsnData* ssd, if (!file_flows->file_process(p, data_ptr, (int)data_len, position, upload, DCE2_SmbIsVerdictSuspend(upload, position))) { - debug_logf(dce_smb_trace, nullptr, "File API returned FAILURE for (0x%02X) %s\n", + debug_logf(dce_smb_trace, p, "File API returned FAILURE for (0x%02X) %s\n", ftracker->fid_v1, upload ? "UPLOAD" : "DOWNLOAD"); // Failure. Abort tracking this file under file API diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 8777d867f..d8da1ca69 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -805,8 +805,8 @@ static void DCE2_SmbProcessCommand(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr com_info.cmd_size = 0; com_info.byte_count = 0; DCE2_SmbCheckCommand(ssd, smb_hdr, smb_com, nb_ptr, nb_len, com_info); - debug_logf(dce_smb_trace, nullptr, "Processing command: %s (0x%02X)\n", - get_smb_com_string(smb_com), smb_com); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "Processing command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com); // Note that even if the command shouldn't be processed, some of // the command functions need to know and do cleanup or some other @@ -830,8 +830,8 @@ static void DCE2_SmbProcessCommand(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr if (smb_com2 == SMB_COM_NO_ANDX_COMMAND) break; - debug_logf(dce_smb_trace, nullptr, "Chained SMB command: %s\n", get_smb_com_string( - smb_com2)); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "Chained SMB command: %s\n", get_smb_com_string(smb_com2)); num_chained++; if (DCE2_ScSmbMaxChain((dce2SmbProtoConf*)ssd->sd.config) && @@ -1032,8 +1032,8 @@ static DCE2_SmbRequestTracker* DCE2_SmbInspect(DCE2_SmbSsnData* ssd, const SmbNt { int smb_com = SmbCom(smb_hdr); - debug_logf(dce_smb_trace, nullptr, "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com), - smb_com); + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), + "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com); if (smb_com_funcs[smb_com] == nullptr) { @@ -1621,7 +1621,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) if (!DCE2_GcIsLegacyMode((dce2SmbProtoConf*)ssd->sd.config)) { // Upgrade connection to SMBv2 - debug_log(dce_smb_trace, nullptr, "upgrading to smb2 session\n"); + debug_log(dce_smb_trace, p, "upgrading to smb2 session\n"); dce2SmbProtoConf* config = (dce2SmbProtoConf*)ssd->sd.config; Dce2SmbFlowData* fd = (Dce2SmbFlowData*)p->flow->get_flow_data( Dce2SmbFlowData::inspector_id); @@ -1640,7 +1640,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) rtracker = DCE2_SmbInspect(ssd, smb_hdr); if (rtracker == nullptr) { - debug_log(dce_smb_trace, nullptr, "Not inspecting SMB packet.\n"); + debug_log(dce_smb_trace, p, "Not inspecting SMB packet.\n"); if (DCE2_BufferIsEmpty(*seg_buf)) { diff --git a/src/service_inspectors/gtp/gtp.cc b/src/service_inspectors/gtp/gtp.cc index 04f855181..c6da65d5e 100644 --- a/src/service_inspectors/gtp/gtp.cc +++ b/src/service_inspectors/gtp/gtp.cc @@ -26,9 +26,11 @@ #include "gtp.h" +#include "main/snort_debug.h" #include "protocols/packet.h" #include "gtp_inspect.h" +#include "gtp_module.h" using namespace snort; @@ -51,6 +53,7 @@ static inline int GTP_Process(const GTPConfig& config, Packet* p, GTP_Roptions* * Using msg_id avoids initializing info_elements for every message * Tabled based info_elements improves information element search performance */ gtpMsg.msg_id = ++msg_id; + debug_logf(gtp_inspect_trace, p, "message id: %lu\n", gtpMsg.msg_id); int status = gtp_parse(config, >pMsg, gtp_buff, p->dsize); diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index 8f508bd2f..15d0b7643 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -624,7 +624,7 @@ static void FragRebuild(FragTracker* ft, Packet* p) */ for ( Fragment* frag = ft->fraglist; frag; frag = frag->next ) { - debug_logf(stream_ip_trace, nullptr, + debug_logf(stream_ip_trace, p, " frag: %p\n" " frag->data: %p\n" " frag->offset: %d\n" @@ -702,7 +702,7 @@ static void FragRebuild(FragTracker* ft, Packet* p) /* * process the packet through the detection engine */ - debug_log(stream_ip_trace, nullptr, "Processing rebuilt packet:\n"); + debug_log(stream_ip_trace, p, "Processing rebuilt packet:\n"); ip_stats.reassembles++; ip_stats.reassembled_bytes += dpkt->pktlen; @@ -721,7 +721,7 @@ static void FragRebuild(FragTracker* ft, Packet* p) Analyzer::get_local_analyzer()->process_rebuilt_packet(dpkt, dpkt->pkth, dpkt->pkt, dpkt->pktlen); de.set_encode_packet(nullptr); - debug_log(stream_ip_trace, nullptr, "Done with rebuilt packet, marking rebuilt...\n"); + debug_log(stream_ip_trace, p, "Done with rebuilt packet, marking rebuilt...\n"); ft->frag_flags |= FRAG_REBUILT; }