From: Bhumika Sachdeva (bsachdev) Date: Fri, 17 Jan 2025 18:56:09 +0000 (+0000) Subject: Pull request #4545: Optimisation of appid logs and trace message X-Git-Tag: 3.6.2.0~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea7b8899ae73688ac42906ba8b6e4d4df2fdc65f;p=thirdparty%2Fsnort3.git Pull request #4545: Optimisation of appid logs and trace message Merge in SNORT/snort3 from ~BSACHDEV/snort3:optimised_trace to master Squashed commit of the following: commit 5b14ff256e76a688485e5c0467989aa0cbbeecdc Author: bsachdev Date: Wed Jul 17 12:18:46 2024 -0400 appid: optimised appid logs and trace --- diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index cbc9e0f3e..50711dc6c 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -107,7 +107,7 @@ bool AppInfoManager::add_entry_to_app_info_name_table(const char* app_name, app_info_name_table[app_name] = entry; else { - appid_log(nullptr, TRACE_WARNING_LEVEL, "App name, \"%s\" is a duplicate entry will be " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "App name, \"%s\" is a duplicate entry will be " "shared by each detector.\n", app_name); added = false; } @@ -173,7 +173,7 @@ AppInfoTableEntry* AppInfoManager::add_dynamic_app_entry(const char* app_name) { if (!app_name || strlen(app_name) >= MAX_EVENT_APPNAME_LEN) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Appname invalid or too long: %s\n", app_name); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Appname invalid or too long: %s\n", app_name); return nullptr; } @@ -207,14 +207,14 @@ void AppInfoManager::cleanup_appid_info_table() void AppInfoManager::dump_app_info_table() { - appid_log(nullptr, TRACE_INFO_LEVEL, "Cisco provided detectors:\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Cisco provided detectors:\n"); for (auto& kv: app_info_table) - appid_log(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId, + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId, (kv.second->flags & APPINFO_FLAG_ACTIVE) ? "active" : "inactive"); - appid_log(nullptr, TRACE_INFO_LEVEL, "User provided detectors:\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "User provided detectors:\n"); for (auto& kv: custom_app_info_table) - appid_log(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId, + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\t%d\t%s\n", kv.second->app_name, kv.second->appId, (kv.second->flags & APPINFO_FLAG_ACTIVE) ? "active" : "inactive"); } @@ -398,7 +398,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) else if (!(strcasecmp(conf_key, "bittorrent_aggressiveness"))) { int aggressiveness = atoi(conf_val); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: bittorrent_aggressiveness %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: bittorrent_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { @@ -407,29 +407,29 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER_PAYLOAD); odp_ctxt.max_tp_flow_depth = 25; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: " "host_port_app_cache_lookup_interval %d\n", odp_ctxt.host_port_app_cache_lookup_interval); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: recheck_for_portservice_appid " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: recheck_for_portservice_appid " "enabled\n"); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", APP_ID_BITTORRENT); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", APP_ID_BITTORRENT); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { odp_ctxt.allow_port_wildcard_host_cache = true; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " "enabled\n"); } } else if (!(strcasecmp(conf_key, "ultrasurf_aggressiveness"))) { int aggressiveness = atoi(conf_val); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: ultrasurf_aggressiveness %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: ultrasurf_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { @@ -437,26 +437,26 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER_PAYLOAD); odp_ctxt.max_tp_flow_depth = 25; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl " "enabled\n"); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", APP_ID_ULTRASURF); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", APP_ID_ULTRASURF); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { odp_ctxt.allow_port_wildcard_host_cache = true; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " "enabled\n"); } } else if (!(strcasecmp(conf_key, "psiphon_aggressiveness"))) { int aggressiveness = atoi(conf_val); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: psiphon_aggressiveness %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: psiphon_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { @@ -464,19 +464,19 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER_PAYLOAD); odp_ctxt.max_tp_flow_depth = 25; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: check_host_cache_unknown_ssl " "enabled\n"); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_to_thirdparty %d\n", APP_ID_PSIPHON); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: defer_payload_to_thirdparty %d\n", APP_ID_PSIPHON); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { odp_ctxt.allow_port_wildcard_host_cache = true; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: allow_port_wildcard_host_cache " "enabled\n"); } } @@ -532,7 +532,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) uint64_t max_bytes_before_service_fail = atoi(conf_val); if (max_bytes_before_service_fail < MIN_MAX_BYTES_BEFORE_SERVICE_FAIL) { - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " "max_bytes_before_service_fail %" PRIu64 ", must be greater than %u.\n", max_bytes_before_service_fail, MIN_MAX_BYTES_BEFORE_SERVICE_FAIL); } @@ -546,7 +546,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) uint16_t max_packet_before_service_fail = atoi(conf_val); if (max_packet_before_service_fail < MIN_MAX_PKTS_BEFORE_SERVICE_FAIL) { - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " "max_packet_before_service_fail %" PRIu16 ", must be greater than %u.\n", max_packet_before_service_fail, MIN_MAX_PKTS_BEFORE_SERVICE_FAIL); } @@ -561,7 +561,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) if (max_packet_service_fail_ignore_bytes < MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES) { - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: invalid " "max_packet_service_fail_ignore_bytes %" PRIu16 ", must be greater than " "%u.\n", max_packet_service_fail_ignore_bytes, MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES); @@ -722,10 +722,10 @@ void AppInfoManager::dump_appid_configurations(const std::string& file_path) con if (!conf_file.is_open()) return; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId: Configuration file %s\n", file_path.c_str()); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId: Configuration file %s\n", file_path.c_str()); std::string line; while (getline(conf_file, line)) - appid_log(nullptr, TRACE_INFO_LEVEL, "%s\n", line.c_str()); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s\n", line.c_str()); conf_file.close(); } @@ -769,7 +769,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config, const char* token = strtok_r(buf, CONF_SEPARATORS, &context); if (!token) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read id for AppId\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read id for AppId\n"); continue; } app_id = strtol(token, nullptr, 10); @@ -777,7 +777,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config, token = strtok_r(nullptr, CONF_SEPARATORS, &context); if (!token) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read app_name. Line %s\n", buf); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read app_name. Line %s\n", buf); continue; } app_name = snort_strdup(token); @@ -785,7 +785,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config, token = strtok_r(nullptr, CONF_SEPARATORS, &context); if (!token) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read service id for AppId\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read service id for AppId\n"); snort_free(app_name); continue; } @@ -794,7 +794,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config, token = strtok_r(nullptr, CONF_SEPARATORS, &context); if (!token) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read client id for AppId\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read client id for AppId\n"); snort_free(app_name); continue; } @@ -803,7 +803,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config, token = strtok_r(nullptr, CONF_SEPARATORS, &context); if (!token) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not read payload id for AppId\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not read payload id for AppId\n"); snort_free(app_name); continue; } diff --git a/src/network_inspectors/appid/appid_cip_event_handler.cc b/src/network_inspectors/appid/appid_cip_event_handler.cc index 660651d92..fa9d9e4ed 100644 --- a/src/network_inspectors/appid/appid_cip_event_handler.cc +++ b/src/network_inspectors/appid/appid_cip_event_handler.cc @@ -104,7 +104,7 @@ void CipEventHandler::handle(DataEvent& event, Flow* flow) const char* app_name_service = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(APP_ID_CIP); const char* app_name_payload = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id); - appid_log(p, TRACE_DEBUG_LEVEL, "CIP event handler service %s (%d) and payload %s (%d) are detected\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "CIP event handler service %s (%d) and payload %s (%d) are detected\n", app_name_service, APP_ID_CIP, app_name_payload, payload_id); } diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 9bbc238e6..aebbbe915 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -202,30 +202,30 @@ unsigned OdpContext::get_pattern_count() void OdpContext::dump_appid_config() { - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting %s\n", (dns_host_reporting ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled %s\n", (referred_appId_disabled ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting %s\n", (mdns_user_reporting ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled %s\n", (chp_userid_disabled ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime %s\n", (is_host_port_app_cache_runtime ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache %s\n", (check_host_port_app_cache ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl %s\n", (check_host_cache_unknown_ssl ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled %s\n", (ftp_userid_disabled ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled %s\n", (chp_body_collection_disabled ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max %d\n", chp_body_collection_max); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets %d\n", rtmp_max_packets); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth %d\n", max_tp_flow_depth); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes %s\n", (tp_allow_probes ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval %d\n", host_port_app_cache_lookup_interval); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range %d\n", host_port_app_cache_lookup_range); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache %s\n", (allow_port_wildcard_host_cache ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid %s\n", (recheck_for_portservice_appid ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail %" PRIu64" \n", max_bytes_before_service_fail); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail %" PRIu16" \n", max_packet_before_service_fail); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client %s\n", (eve_http_client ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: appid_cpu_profiler %s\n", (appid_cpu_profiler ? "True" : "False")); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: brute_force_inprocess_threshold %" PRId8" \n", brute_force_inprocess_threshold); - appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: failed_state_expiration_secs %" PRId32" \n", failed_state_expiration_secs); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting %s\n", (dns_host_reporting ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled %s\n", (referred_appId_disabled ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting %s\n", (mdns_user_reporting ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled %s\n", (chp_userid_disabled ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime %s\n", (is_host_port_app_cache_runtime ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache %s\n", (check_host_port_app_cache ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl %s\n", (check_host_cache_unknown_ssl ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled %s\n", (ftp_userid_disabled ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled %s\n", (chp_body_collection_disabled ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max %d\n", chp_body_collection_max); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets %d\n", rtmp_max_packets); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth %d\n", max_tp_flow_depth); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes %s\n", (tp_allow_probes ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval %d\n", host_port_app_cache_lookup_interval); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range %d\n", host_port_app_cache_lookup_range); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache %s\n", (allow_port_wildcard_host_cache ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid %s\n", (recheck_for_portservice_appid ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail %" PRIu64" \n", max_bytes_before_service_fail); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail %" PRIu16" \n", max_packet_before_service_fail); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client %s\n", (eve_http_client ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: appid_cpu_profiler %s\n", (appid_cpu_profiler ? "True" : "False")); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: brute_force_inprocess_threshold %" PRId8" \n", brute_force_inprocess_threshold); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: failed_state_expiration_secs %" PRId32" \n", failed_state_expiration_secs); } bool OdpContext::is_appid_cpu_profiler_running() @@ -284,7 +284,7 @@ void OdpContext::set_client_and_service_detectors() Pop3ClientDetector* c_pop = (Pop3ClientDetector*) client_disco_mgr.get_client_detector("pop3"); if (!s_pop or !c_pop) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize pop3 detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize pop3 detector\n"); return; } s_pop->set_client_detector(c_pop); @@ -294,7 +294,7 @@ void OdpContext::set_client_and_service_detectors() KerberosClientDetector* c_krb = (KerberosClientDetector*) client_disco_mgr.get_client_detector("kerberos"); if (!s_krb or !c_krb) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize kerberos detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize kerberos detector\n"); return; } s_krb->set_client_detector(c_krb); @@ -304,7 +304,7 @@ void OdpContext::set_client_and_service_detectors() SmtpClientDetector* c_smtp = (SmtpClientDetector*) client_disco_mgr.get_client_detector("SMTP"); if (!s_smtp or !c_smtp) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize smtp detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize smtp detector\n"); return; } s_smtp->set_client_detector(c_smtp); @@ -313,7 +313,7 @@ void OdpContext::set_client_and_service_detectors() ImapClientDetector* c_imap = (ImapClientDetector*) client_disco_mgr.get_client_detector("IMAP"); if (!s_imap or !c_imap) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize imap detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize imap detector\n"); return; } s_imap->set_client_detector(c_imap); @@ -323,7 +323,7 @@ SipServiceDetector* OdpContext::get_sip_service_detector() { SipServiceDetector* s_sip = (SipServiceDetector*) service_disco_mgr.get_service_detector("sip"); if (!s_sip) - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip service detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip service detector\n"); return s_sip; } @@ -331,7 +331,7 @@ SipUdpClientDetector* OdpContext::get_sip_client_detector() { SipUdpClientDetector* c_sip = (SipUdpClientDetector*) client_disco_mgr.get_client_detector("SIP"); if (!c_sip) - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip client detector\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: failed to initialize sip client detector\n"); return c_sip; } @@ -342,7 +342,7 @@ void OdpContext::add_port_service_id(IpProtocol proto, uint16_t port, AppId appi else if (proto == IpProtocol::UDP) udp_port_only[port] = appid; else - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: invalid port service for proto %d port %d app %d\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: invalid port service for proto %d port %d app %d\n", static_cast(proto), port, appid); } diff --git a/src/network_inspectors/appid/appid_cpu_profile_table.cc b/src/network_inspectors/appid/appid_cpu_profile_table.cc index b5e97b5a4..6d03837b2 100644 --- a/src/network_inspectors/appid/appid_cpu_profile_table.cc +++ b/src/network_inspectors/appid/appid_cpu_profile_table.cc @@ -73,7 +73,7 @@ static void print_log(ControlConn* ctrlcon, AppidCPUProfilerOutputType output_ty LogRespond(ctrlcon, "%s", buffer.data()); break; case OUPUT_LOGFILE: - appid_log(nullptr, level, "%s", buffer.data()); + APPID_LOG(nullptr, level, "%s", buffer.data()); break; default: break; @@ -234,7 +234,7 @@ void AppidCPUProfilingManager::stats_bucket_insert(AppId appid, const char* app_ { if (!processed_packets or !processing_time) { - appid_log(nullptr, TRACE_INFO_LEVEL, "appid: processed packets/time are NULL for appid : %d , app_name : %s , processing time :%lu \n", appid, app_name, processing_time); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: processed packets/time are NULL for appid : %d , app_name : %s , processing time :%lu \n", appid, app_name, processing_time); return; } diff --git a/src/network_inspectors/appid/appid_debug.cc b/src/network_inspectors/appid/appid_debug.cc index 7f027f7a9..009c12c73 100644 --- a/src/network_inspectors/appid/appid_debug.cc +++ b/src/network_inspectors/appid/appid_debug.cc @@ -39,7 +39,7 @@ using namespace snort; THREAD_LOCAL AppIdDebug* appidDebug = nullptr; -void appid_log(const Packet* p, const uint8_t log_level, const char* format, ...) +inline void appid_log(const Packet* p, const uint8_t log_level, const char* format, ...) { va_list args; va_start(args, format); @@ -226,7 +226,7 @@ void AppIdDebug::set_constraints(const char *desc, info.sip.ntop(sipstr, sizeof(sipstr)); info.dip.ntop(dipstr, sizeof(dipstr)); - appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu and tenants:%s\n", desc, + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu and tenants:%s\n", desc, sipstr, info.sport, dipstr, info.dport, static_cast(info.protocol), int_vector_to_str(info.tenants).c_str()); @@ -234,7 +234,7 @@ void AppIdDebug::set_constraints(const char *desc, } else { - appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s disabled\n", desc); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Debugging %s disabled\n", desc); enabled = false; active = false; } diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h index dc6ad2859..be6fdac4b 100644 --- a/src/network_inspectors/appid/appid_debug.h +++ b/src/network_inspectors/appid/appid_debug.h @@ -32,6 +32,8 @@ #include "protocols/protocol_ids.h" #include "sfip/sf_ip.h" +extern THREAD_LOCAL bool appid_trace_enabled; + class AppIdSession; namespace snort { @@ -43,6 +45,12 @@ namespace snort void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...); +#define APPID_LOG(pkt, log_level, ...) do { \ + if ((log_level > 2) || (appidDebug and appidDebug->is_active()) || (appid_trace_enabled)) { \ + appid_log(pkt, log_level, __VA_ARGS__); \ + } \ +} while(0) + struct AppIdDebugSessionConstraints { snort::SfIp sip; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 030ac2646..61a23fcc2 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -101,7 +101,7 @@ void AppIdDiscovery::register_detector(const std::string& name, AppIdDetector* c else if (proto == IpProtocol::UDP) udp_detectors[name] = cd; else - appid_log(nullptr, TRACE_ERROR_LEVEL, "Detector %s has unsupported protocol %u\n", name.c_str(), (unsigned)proto); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Detector %s has unsupported protocol %u\n", name.c_str(), (unsigned)proto); } void AppIdDiscovery::add_pattern_data(AppIdDetector* detector, SearchTool& st, int position, const @@ -255,16 +255,16 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM) { asd->flags |= APPID_SESSION_MID; - appid_log(p, TRACE_DEBUG_LEVEL, "New AppId mid-stream session\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId mid-stream session\n"); } else - appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session\n"); } else if (!asd->get_session_flags(APPID_SESSION_MID) and (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)) { asd->flags |= APPID_SESSION_MID; - appid_log(p, TRACE_DEBUG_LEVEL, "AppId mid-stream session\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "AppId mid-stream session\n"); } if (!asd->get_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED)) @@ -313,7 +313,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec const char *app_name = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id()); - appid_log(p, TRACE_DEBUG_LEVEL, "Ignoring connection with service %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Ignoring connection with service %s (%d)\n", app_name ? app_name : "unknown", asd->get_service_id()); return false; @@ -339,7 +339,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec (p->dsize and !(p->packet_flags & (PKT_STREAM_ORDER_OK | PKT_REBUILT_STREAM)))) { asd->set_session_flags(APPID_SESSION_OOO | APPID_SESSION_OOO_CHECK_TP); - appid_log(p, TRACE_DEBUG_LEVEL, "Packet out-of-order, %s%sflow\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Packet out-of-order, %s%sflow\n", (p->packet_flags & PKT_STREAM_ORDER_BAD) ? "bad " : "not-ok ", asd->get_session_flags(APPID_SESSION_MID) ? "mid-stream " : ""); @@ -359,7 +359,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec { asd->set_service_id(asd->expected_external_app_id, odp_ctxt); } - appid_log(p, TRACE_DEBUG_LEVEL, "stopped service/client discovery\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "stopped service/client discovery\n"); } } else @@ -394,7 +394,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec if (fdpd and (fdpd == asd->session_packet_count)) { p->flow->set_proxied(); - appid_log(p, TRACE_DEBUG_LEVEL, "Marked the flow as decrypted at packet number %lu\n", (long unsigned)fdpd); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Marked the flow as decrypted at packet number %lu\n", (long unsigned)fdpd); } #endif @@ -428,7 +428,7 @@ void AppIdDiscovery::do_port_based_discovery(Packet* p, AppIdSession& asd, IpPro asd.set_port_service_id(id); AppId ps_id = asd.get_port_service_id(); const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); - appid_log(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from port\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from port\n", app_name ? app_name : "unknown", asd.get_port_service_id()); } asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE); @@ -659,7 +659,7 @@ bool AppIdDiscovery::detect_on_first_pkt(Packet* p, AppIdSession& asd, break; } asd.set_session_flags(APPID_SESSION_FIRST_PKT_CACHE_MATCHED); - appid_log(p, TRACE_DEBUG_LEVEL, "Host cache match found on first packet, service: %s(%d), " + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Host cache match found on first packet, service: %s(%d), " "client: %s(%d), payload: %s(%d), reinspect: %s \n", (service_app_name ? service_app_name : ""), service_id, (client_app_name ? client_app_name : ""), client_id, @@ -703,7 +703,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { asd.misc_app_id = misc_id = id; const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id); - appid_log(p, TRACE_DEBUG_LEVEL, "Outer protocol service %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Outer protocol service %s (%d)\n", app_name ? app_name : "unknown", asd.misc_app_id); } } @@ -720,7 +720,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto asd.service_disco_state = APPID_DISCO_STATE_FINISHED; AppId ps_id = asd.get_port_service_id(); const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); - appid_log(p, TRACE_DEBUG_LEVEL, "Protocol service %s (%d) from protocol\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Protocol service %s (%d) from protocol\n", app_name ? app_name : "unknown", ps_id); } asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE); @@ -803,7 +803,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto service_id = id; asd.set_port_service_id(id); const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(id); - appid_log(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from length\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Port service %s (%d) from length\n", app_name ? app_name : "unknown", id); asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE); } @@ -868,7 +868,7 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, if (!asd.is_tp_appid_done()) { asd.tpsession->set_state(TP_STATE_TERMINATED); - appid_log(p, TRACE_DEBUG_LEVEL, "Stopped 3rd party detection\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Stopped 3rd party detection\n"); } } diff --git a/src/network_inspectors/appid/appid_eve_process_event_handler.cc b/src/network_inspectors/appid/appid_eve_process_event_handler.cc index ab316c9f2..fb6075a58 100644 --- a/src/network_inspectors/appid/appid_eve_process_event_handler.cc +++ b/src/network_inspectors/appid/appid_eve_process_event_handler.cc @@ -53,7 +53,7 @@ void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow) if (appidDebug->is_enabled()) appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions); - appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at mercury event\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at mercury event\n"); } if (!asd->get_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED)) @@ -147,5 +147,5 @@ void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow) debug_str += "]"; } - appid_log(p, TRACE_DEBUG_LEVEL, "%s\n", debug_str.c_str()); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s\n", debug_str.c_str()); } diff --git a/src/network_inspectors/appid/appid_ha.cc b/src/network_inspectors/appid/appid_ha.cc index a61b77ed7..b16661efa 100644 --- a/src/network_inspectors/appid/appid_ha.cc +++ b/src/network_inspectors/appid/appid_ha.cc @@ -55,7 +55,7 @@ static AppIdSession* create_appid_session(Flow& flow, const FlowKey* key, #endif ); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n"); flow.set_flow_data(asd); asd->flow = &flow; @@ -83,7 +83,7 @@ bool AppIdHAAppsClient::consume(Flow*& flow, const FlowKey* key, HAMessage& msg, appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions); Packet* p = CURRENT_PACKET; - appid_log(p, TRACE_DEBUG_LEVEL, "high-avail - Consuming app data - flags 0x%x, service %d, " + APPID_LOG(p, TRACE_DEBUG_LEVEL, "high-avail - Consuming app data - flags 0x%x, service %d, " "client %d, payload %d, misc %d, referred %d, client_inferred_service %d, " "port_service %d, tp_app %d, tp_payload %d\n", appHA->flags, appHA->appId[APPID_HA_APP_SERVICE], @@ -115,7 +115,7 @@ bool AppIdHAAppsClient::consume(Flow*& flow, const FlowKey* key, HAMessage& msg, const TPLibHandler* tph = TPLibHandler::get(); TpAppIdCreateSession tpsf = tph->tpsession_factory(); if ( !(asd->tpsession = tpsf(*asd->get_tp_appid_ctxt())) ) - appid_log(p, TRACE_ERROR_LEVEL, "appid: Could not allocate asd.tpsession data in consume"); + APPID_LOG(p, TRACE_ERROR_LEVEL, "appid: Could not allocate asd.tpsession data in consume"); else { asd->tpsession->set_state(TP_STATE_HA); @@ -209,7 +209,7 @@ bool AppIdHAAppsClient::produce(Flow& flow, HAMessage& msg) appHA->appId[APPID_HA_APP_TP] = asd->get_tp_app_id(); appHA->appId[APPID_HA_APP_TP_PAYLOAD] = asd->get_tp_payload_app_id(); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing app data - flags 0x%x, service %d, client %d, " + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing app data - flags 0x%x, service %d, client %d, " "payload %d, misc %d, referred %d, client_inferred_service %d, port_service %d, " "tp_app %d, tp_payload %d\n", appHA->flags, appHA->appId[APPID_HA_APP_SERVICE], @@ -242,7 +242,7 @@ bool AppIdHAHttpClient::consume(Flow*& flow, const FlowKey* key, HAMessage& msg, if (appidDebug->is_enabled()) appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming HTTP data - URL %s, host %s\n", + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming HTTP data - URL %s, host %s\n", appHA->url, appHA->host); if (!asd) @@ -305,7 +305,7 @@ bool AppIdHAHttpClient::produce(Flow& flow, HAMessage& msg) else appHA->host[0] = '\0'; - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing HTTP data - URL %s, host %s\n", + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing HTTP data - URL %s, host %s\n", appHA->url, appHA->host); msg.advance_cursor(sizeof(AppIdSessionHAHttp)); @@ -330,7 +330,7 @@ bool AppIdHATlsHostClient::consume(Flow*& flow, const FlowKey* key, HAMessage& m if (appidDebug->is_enabled()) appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming TLS host - %s\n", appHA->tls_host); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Consuming TLS host - %s\n", appHA->tls_host); if (!asd) asd = create_appid_session(*flow, key, *inspector); @@ -361,7 +361,7 @@ bool AppIdHATlsHostClient::produce(Flow& flow, HAMessage& msg) memcpy(appHA->tls_host, tls_host, length); appHA->tls_host[length] = '\0'; - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing TLS host - %s\n", appHA->tls_host); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - Producing TLS host - %s\n", appHA->tls_host); msg.advance_cursor(sizeof(AppIdSessionHATlsHost)); return true; diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc index 541f72f17..ea68b63cf 100644 --- a/src/network_inspectors/appid/appid_http_event_handler.cc +++ b/src/network_inspectors/appid/appid_http_event_handler.cc @@ -65,7 +65,7 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions); is_debug_active = true; } - appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at HTTP event\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at HTTP event\n"); } else if ( asd->get_odp_ctxt_version() != pkt_thread_odp_ctxt->get_version() ) return; // Skip detection for sessions using old odp context after odp reload @@ -93,7 +93,7 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) if (appidDebug->is_enabled() and !is_debug_active) appidDebug->activate(flow, asd, config.log_all_sessions); - appid_log(p, TRACE_DEBUG_LEVEL, "Processing HTTP metadata from HTTP Inspector for stream %" PRId64 "\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Processing HTTP metadata from HTTP Inspector for stream %" PRId64 "\n", http_event->get_httpx_stream_id()); asd->set_session_flags(APPID_SESSION_HTTP_SESSION); diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index cca26b618..b4ceb39d7 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -451,7 +451,7 @@ void AppIdHttpSession::set_client(AppId app_id, AppidChangeBits& change_bits, } const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is client %s (%d)\n", + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is client %s (%d)\n", type, app_name ? app_name : "unknown", app_id); } @@ -472,9 +472,9 @@ void AppIdHttpSession::set_payload(AppId app_id, AppidChangeBits& change_bits, const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); if (app_id == APP_ID_UNKNOWN) - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Payload is Unknown (%d)\n", app_id); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Payload is Unknown (%d)\n", app_id); else - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is payload %s (%d)\n", type, + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is payload %s (%d)\n", type, app_name ? app_name : "unknown", app_id); } @@ -489,7 +489,7 @@ void AppIdHttpSession::set_referred_payload(AppId app_id, AppidChangeBits& chang change_bits.set(APPID_REFERRED_BIT); const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "URL is referred %s (%d)\n", app_name ? app_name : "unknown", app_id); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "URL is referred %s (%d)\n", app_name ? app_name : "unknown", app_id); } int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, @@ -521,7 +521,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, constexpr auto RESPONSE_CODE_LENGTH = 3; if (response_code->size() != RESPONSE_CODE_LENGTH) { - appid_log(p, TRACE_DEBUG_LEVEL, "Bad http response code.\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Bad http response code.\n"); asd.reset_session_data(change_bits); return 0; } @@ -532,7 +532,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, set_session_flags(APPID_SESSION_RESPONSE_CODE_CHECKED); /* didn't receive response code in first X packets. Stop processing this session */ asd.reset_session_data(change_bits); - appid_log(p, TRACE_DEBUG_LEVEL, "No response code received\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No response code received\n"); return 0; } #endif @@ -608,7 +608,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and asd.get_service_id() != service_id) { const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); - appid_log(p, TRACE_DEBUG_LEVEL, "User Agent is service %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "User Agent is service %s (%d)\n", app_name ? app_name : "unknown", service_id); } asd.set_service_appid_data(service_id, change_bits); @@ -649,7 +649,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, { asd.set_service_appid_data(app_id, change_bits, version); const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); - appid_log(p, TRACE_DEBUG_LEVEL, "X service %s (%d)\n", app_name ? app_name : "unknown", app_id); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "X service %s (%d)\n", app_name ? app_name : "unknown", app_id); } } asd.scan_flags &= ~SCAN_HTTP_XWORKINGWITH_FLAG; @@ -694,7 +694,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP) { const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); - appid_log(p, TRACE_DEBUG_LEVEL, "URL is service %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "URL is service %s (%d)\n", app_name ? app_name : "unknown", service_id); } asd.set_service_appid_data(service_id, change_bits); @@ -908,9 +908,9 @@ void AppIdHttpSession::print_field(HttpFieldIds id, const std::string* field) } if (httpx_stream_id >= 0) - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s is %s\n", + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s is %s\n", httpx_stream_id, field_name.c_str(), field->c_str()); - else - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is %s\n", field_name.c_str(), field->c_str()); + else + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is %s\n", field_name.c_str(), field->c_str()); } diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 64bbe8dc1..426f8cf16 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -135,10 +135,10 @@ bool AppIdInspector::configure(SnortConfig* sc) { #endif if ( prev_maxrss == -1 or getrusage(RUSAGE_SELF, &ru) == -1 ) - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: fetching memory usage failed\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: fetching memory usage failed\n"); else - appid_log(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss); - appid_log(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", ctxt.get_odp_ctxt().get_pattern_count()); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", ctxt.get_odp_ctxt().get_pattern_count()); #ifdef REG_TEST } #endif diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 573dcf5ae..8fe9f1408 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -43,6 +43,7 @@ #include "src/main.h" #include "target_based/host_attributes.h" #include "trace/trace.h" +#include "trace/trace_api.h" #include "utils/util.h" #include "app_info_table.h" @@ -56,7 +57,7 @@ using namespace snort; using namespace std; THREAD_LOCAL const Trace* appid_trace = nullptr; - +THREAD_LOCAL bool appid_trace_enabled = false; //------------------------------------------------------------------------- // appid module //------------------------------------------------------------------------- @@ -164,7 +165,7 @@ public: ACThirdPartyAppIdContextSwap(AppIdInspector& inspector, ControlConn* conn) : AnalyzerCommand(conn), inspector(inspector) { - appid_log(nullptr, TRACE_INFO_LEVEL, "== swapping third-party configuration\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== swapping third-party configuration\n"); } ~ACThirdPartyAppIdContextSwap() override; @@ -179,7 +180,7 @@ bool ACThirdPartyAppIdContextSwap::execute(Analyzer&, void**) pkt_thread_tp_appid_ctxt = inspector.get_ctxt().get_tp_appid_ctxt(); pkt_thread_tp_appid_ctxt->tinit(); ThirdPartyAppIdContext::set_tp_reload_in_progress(false); - appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party context swap in progress\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party context swap in progress\n"); return true; } @@ -189,7 +190,7 @@ ACThirdPartyAppIdContextSwap::~ACThirdPartyAppIdContextSwap() std::string file_path = ctxt.get_tp_appid_ctxt()->get_user_config(); ctxt.get_odp_ctxt().get_app_info_mgr().dump_appid_configurations(file_path); log_message("== reload third-party complete\n"); - appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party configuration swap complete\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party configuration swap complete\n"); ReloadTracker::end(ctrlcon, true); } @@ -218,12 +219,12 @@ bool ACThirdPartyAppIdContextUnload::execute(Analyzer& ac, void**) reload_in_progress = pkt_thread_tp_appid_ctxt->tfini(); if (reload_in_progress) { - appid_log(nullptr, TRACE_INFO_LEVEL, "== rescheduling third-party context unload\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== rescheduling third-party context unload\n"); return false; } pkt_thread_tp_appid_ctxt = nullptr; - appid_log(nullptr, TRACE_INFO_LEVEL, "== third-party context unload in progress\n"); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "== third-party context unload in progress\n"); return true; } @@ -305,7 +306,7 @@ static int enable_debug(lua_State* L) if (sipstr) { if (constraints.sip.set(sipstr) != SFIP_SUCCESS) - appid_log(nullptr, TRACE_INFO_LEVEL, "Invalid source IP address provided: %s\n", sipstr); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Invalid source IP address provided: %s\n", sipstr); else if (constraints.sip.is_set()) constraints.sip_flag = true; } @@ -313,7 +314,7 @@ static int enable_debug(lua_State* L) if (dipstr) { if (constraints.dip.set(dipstr) != SFIP_SUCCESS) - appid_log(nullptr, TRACE_INFO_LEVEL, "Invalid destination IP address provided: %s\n", dipstr); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Invalid destination IP address provided: %s\n", dipstr); else if (constraints.dip.is_set()) constraints.dip_flag = true; } @@ -522,8 +523,8 @@ static int reload_detectors(lua_State* L) { #endif getrusage(RUSAGE_SELF, &ru); - appid_log(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss); - appid_log(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", odp_ctxt.get_pattern_count()); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: MaxRss diff: %li\n", ru.ru_maxrss - prev_maxrss); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "appid: patterns loaded: %u\n", odp_ctxt.get_pattern_count()); #ifdef REG_TEST } #endif @@ -592,7 +593,10 @@ AppIdModule::~AppIdModule() } void AppIdModule::set_trace(const Trace* trace) const -{ appid_trace = trace; } +{ + appid_trace = trace; + appid_trace_enabled = trace_enabled(appid_trace, DEFAULT_TRACE_OPTION_ID); +} const TraceOption* AppIdModule::get_trace_options() const { @@ -600,8 +604,6 @@ const TraceOption* AppIdModule::get_trace_options() const return &appid_trace_options; } - - snort::ProfileStats* AppIdModule::get_profile( unsigned i, const char*& name, const char*& parent) const { diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 6fcf5bc20..cfc246c4d 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -42,6 +42,7 @@ class Trace; extern THREAD_LOCAL snort::ProfileStats appid_perf_stats; extern THREAD_LOCAL snort::ProfileStats tp_appid_perf_stats; extern THREAD_LOCAL const snort::Trace* appid_trace; +extern THREAD_LOCAL bool appid_trace_enabled; #define MOD_NAME "appid" #define MOD_HELP "application and service identification" diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc index 2bd77928e..49a2e4121 100644 --- a/src/network_inspectors/appid/appid_peg_counts.cc +++ b/src/network_inspectors/appid/appid_peg_counts.cc @@ -93,7 +93,7 @@ public: { if (!peg_ids) { - appid_log(nullptr, TRACE_WARNING_LEVEL, "AppId peg counts thread created with no ids\n"); + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "AppId peg counts thread created with no ids\n"); peg_ids = std::make_shared(); } } diff --git a/src/network_inspectors/appid/appid_service_event_handler.cc b/src/network_inspectors/appid/appid_service_event_handler.cc index 2ea9ffdf1..f3a5523ad 100644 --- a/src/network_inspectors/appid/appid_service_event_handler.cc +++ b/src/network_inspectors/appid/appid_service_event_handler.cc @@ -61,7 +61,7 @@ void AppIdServiceEventHandler::handle(DataEvent&, Flow* flow) inspector, *pkt_thread_odp_ctxt); if (appidDebug->is_enabled()) appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions); - appid_log(p, TRACE_DEBUG_LEVEL, "New AppId session at service event\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "New AppId session at service event\n"); } else if (asd->get_odp_ctxt_version() != pkt_thread_odp_ctxt->get_version()) return; // Skip detection for sessions using old odp context after odp reload @@ -72,11 +72,11 @@ void AppIdServiceEventHandler::handle(DataEvent&, Flow* flow) if (!asd->has_no_service_candidate()) { - appid_log(p, TRACE_DEBUG_LEVEL, "No service inspector\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service inspector\n"); return; } - appid_log(p, TRACE_DEBUG_LEVEL, "No service candidate and no inspector\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service candidate and no inspector\n"); const SfIp* service_ip; uint16_t port; diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index bb82f2569..fcdfd2806 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -232,7 +232,7 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S if (type == PktType::NONE) { - appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow - invalid protocol %u\n", + APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow - invalid protocol %u\n", (unsigned)proto); return nullptr; } @@ -260,7 +260,7 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S { sfip_ntop(cliIp, src_ip, sizeof(src_ip)); sfip_ntop(srvIp, dst_ip, sizeof(dst_ip)); - appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow for %s-%u -> %s-%u %u\n", + APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Failed to create a related flow for %s-%u -> %s-%u %u\n", src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto); delete asd; asd = nullptr; @@ -269,7 +269,7 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S { sfip_ntop(cliIp, src_ip, sizeof(src_ip)); sfip_ntop(srvIp, dst_ip, sizeof(dst_ip)); - appid_log(ctrlPkt, TRACE_DEBUG_LEVEL, "Related flow created for %s-%u -> %s-%u %u\n", + APPID_LOG(ctrlPkt, TRACE_DEBUG_LEVEL, "Related flow created for %s-%u -> %s-%u %u\n", src_ip, (unsigned)cliPort, dst_ip, (unsigned)srvPort, (unsigned)proto); asd->in_expected_cache = true; } @@ -414,7 +414,7 @@ void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits, } reinit_session_data(change_bits, curr_tp_appid_ctxt); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSL decryption is available, restarting app detection\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSL decryption is available, restarting app detection\n"); // APPID_SESSION_ENCRYPTED is set upon receiving a command which upgrades the session to // SSL. Next packet after the command will have encrypted traffic. In the case of a @@ -434,7 +434,7 @@ void AppIdSession::check_tunnel_detection_restart() if (!hsession or !hsession->get_tunnel()) return; - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Found HTTP Tunnel, restarting app Detection\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Found HTTP Tunnel, restarting app Detection\n"); if (odp_ctxt.is_appid_cpu_profiler_running()) { @@ -575,7 +575,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits) if (tsession->get_tls_handshake_done() and api.payload.get_id() == APP_ID_NONE) { - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "End of SSL/TLS handshake detected with no payloadAppId, " + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "End of SSL/TLS handshake detected with no payloadAppId, " "so setting to unknown\n"); api.payload.set_id(APP_ID_UNKNOWN); } @@ -1247,8 +1247,8 @@ void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, const Packe std::string str; change_bits_to_string(change_bits, str); if (is_httpx) - appid_log(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s for HTTPX stream index %u\n", + APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s for HTTPX stream index %u\n", str.c_str(), httpx_stream_index); else - appid_log(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s\n", str.c_str()); + APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Published event for changes: %s\n", str.c_str()); } diff --git a/src/network_inspectors/appid/appid_ssh_event_handler.cc b/src/network_inspectors/appid/appid_ssh_event_handler.cc index 87d3fb51d..6fac38344 100644 --- a/src/network_inspectors/appid/appid_ssh_event_handler.cc +++ b/src/network_inspectors/appid/appid_ssh_event_handler.cc @@ -63,7 +63,7 @@ static bool handle_protocol(SshEvent& event, SshAppIdInfo* fd) size_t version_len = (size_t)(version_end - version_begin); fd->version.assign(version_begin, version_len); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler read SSH version string with vendor %s and version %s\n", + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler read SSH version string with vendor %s and version %s\n", fd->vendor.c_str(), fd->version.c_str()); return true; @@ -89,12 +89,12 @@ static void client_success(const SshAppIdInfo& fd, AppIdSession& asd, AppidChang if (table.has_pattern(fd.vendor)) { client_id = table.get_appid(fd.vendor); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler identified client with AppId %u\n", client_id); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler identified client with AppId %u\n", client_id); } else { client_id = APP_ID_SSH; - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler client detected, but vendor not recognized\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler client detected, but vendor not recognized\n"); } asd.set_client_id(client_id); @@ -138,7 +138,7 @@ static void handle_success(SshEventFlowData& data, const SshEvent& event, service_success(data.service_info, *event.get_packet(), asd, change_bits); client_success(data.client_info, asd, change_bits); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler service detected\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "SSH event handler service detected\n"); } @@ -174,7 +174,7 @@ void SshEventHandler::handle(DataEvent& event, Flow* flow) if (data and data->failed) { - appid_log(p, TRACE_DEBUG_LEVEL, "SSH detection failed, ignoring event\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH detection failed, ignoring event\n"); return; } @@ -204,14 +204,14 @@ void SshEventHandler::handle(DataEvent& event, Flow* flow) if ( asd->get_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL) and ((ssh_event.get_direction() == PKT_FROM_CLIENT) or data->client_info.vendor.size()) ) { - appid_log(p, TRACE_DEBUG_LEVEL, "Early detection of SSH\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Early detection of SSH\n"); handle_success(*data, ssh_event, *asd, change_bits); asd->publish_appid_event(change_bits, *ssh_event.get_packet()); asd->clear_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL); } } else - appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received unsupported protocol %s\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received unsupported protocol %s\n", ssh_event.get_version_str().c_str()); break; @@ -220,17 +220,17 @@ void SshEventHandler::handle(DataEvent& event, Flow* flow) switch (ssh_event.get_validation_result()) { case SSH_VALID_KEXINIT: - appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received valid key exchange\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received valid key exchange\n"); fd->finished = true; break; case SSH_INVALID_KEXINIT: - appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid key exchange\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid key exchange\n"); handle_failure(*asd, *data); break; case SSH_INVALID_VERSION: - appid_log(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid version\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSH event handler received invalid version\n"); handle_failure(*asd, *data); break; diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index febbde921..c38390872 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -268,7 +268,7 @@ void ClientDiscovery::exec_client_detectors(AppIdSession& asd, Packet* p, { AppIdDiscoveryArgs disco_args(p->data, p->dsize, direction, asd, p, change_bits); ret = asd.client_detector->validate(disco_args); - appid_log(p, TRACE_DEBUG_LEVEL, "%s client detector returned %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s client detector returned %s (%d)\n", asd.client_detector->get_log_name().c_str(), asd.client_detector->get_code_string((APPID_STATUS_CODE)ret), ret); } @@ -278,7 +278,7 @@ void ClientDiscovery::exec_client_detectors(AppIdSession& asd, Packet* p, { AppIdDiscoveryArgs disco_args(p->data, p->dsize, direction, asd, p, change_bits); int result = kv->second->validate(disco_args); - appid_log(p, TRACE_DEBUG_LEVEL, "%s client candidate returned %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s client candidate returned %s (%d)\n", kv->second->get_log_name().c_str(), kv->second->get_code_string((APPID_STATUS_CODE)result), result); diff --git a/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc index 29c9d075c..f976d9c6d 100644 --- a/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc +++ b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc @@ -45,7 +45,7 @@ void EveCaPatternMatchers::add_eve_ca_pattern(AppId app_id, const string& patter if (match != eve_ca_load_list.end()) { if ((*match)->app_id != app_id) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - process name '%s' for client app %d is already " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - process name '%s' for client app %d is already " "mapped to client app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id, (*match)->app_id); } @@ -118,7 +118,7 @@ void EveCaPatternMatchers::finalize_patterns() AppIdInspector* inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true); if (inspector and inspector->get_ctxt().config.log_eve_process_client_mappings) - appid_log(nullptr, TRACE_INFO_LEVEL, "Adding EVE Client App pattern %d %s %d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Adding EVE Client App pattern %d %s %d\n", p->app_id, p->pattern.c_str(), p->confidence); #endif } diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index c073a30d7..3675370e2 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -447,7 +447,7 @@ void SipEventHandler::service_handler(SipEvent& sip_event, AppIdSession& asd, asd.set_session_flags(APPID_SESSION_CONTINUE); service->add_service(change_bits, asd, sip_event.get_packet(), direction, APP_ID_SIP, ss->vendor[0] ? ss->vendor : nullptr); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Sip service detected. Setting APPID_SESSION_CONTINUE flag\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Sip service detected. Setting APPID_SESSION_CONTINUE flag\n"); } } } diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index f877d6681..bab1042ad 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -1689,7 +1689,7 @@ uint32_t HttpPatternMatchers::parse_multiple_http_patterns(const char* pattern, for (unsigned i = 0; i <= partNum; i++) snort_free((void*)parts[i].pattern); - appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to allocate memory"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to allocate memory"); return 0; } partNum++; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index 8fe6b1b0a..e8f14a689 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -30,6 +30,7 @@ #include "trace/trace.h" #include "utils/util.h" +//#include "appid_module.h" #include "appid_debug.h" #include "appid_types.h" #include "appid_utils/sf_mlmp.h" @@ -103,13 +104,13 @@ struct DetectorHTTPPattern { if( !pat ) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "HTTP pattern string is null."); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "HTTP pattern string is null."); return false; } if (seq < SINGLE || seq > USER_AGENT_HEADER) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid HTTP DHP Sequence."); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid HTTP DHP Sequence."); return false; } diff --git a/src/network_inspectors/appid/host_port_app_cache.cc b/src/network_inspectors/appid/host_port_app_cache.cc index 1b9db1941..1228370be 100644 --- a/src/network_inspectors/appid/host_port_app_cache.cc +++ b/src/network_inspectors/appid/host_port_app_cache.cc @@ -235,7 +235,7 @@ void HostPortCache::dump() HostPortVal hv = kv.second; inet_ntop(AF_INET6, &hk.ip, inet_buffer, sizeof(inet_buffer)); - appid_log(nullptr, TRACE_INFO_LEVEL, "\tip=%s, \tport %d, \tip_proto %u, \ttype=%u, \tappId=%d\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "\tip=%s, \tport %d, \tip_proto %u, \ttype=%u, \tappId=%d\n", inet_buffer, hk.port, (unsigned)hk.proto, hv.type, hv.appId); } } diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 4fe3fe95a..26f5073c3 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -154,7 +154,7 @@ static inline int toipprotocol(lua_State *L, int index, if (tmp_proto > (unsigned)IpProtocol::RESERVED) { if (print_err) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol value %u\n", tmp_proto); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol value %u\n", tmp_proto); return -1; } @@ -208,7 +208,7 @@ static int service_init(lua_State* L) } } - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator/fini to non-function\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator/fini to non-function\n", ud->sd->get_name().c_str()); lua_pop(L, 1); return 0; @@ -319,20 +319,20 @@ static int detector_log_message(lua_State* L) switch (level) { case LUA_LOG_CRITICAL: - appid_log(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_ERR: - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_WARN: - appid_log(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_NOTICE: case LUA_LOG_INFO: - appid_log(nullptr, TRACE_INFO_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_TRACE: @@ -356,27 +356,27 @@ static int detector_log_snort_message(lua_State* L) switch (level) { case LUA_LOG_CRITICAL: - appid_log(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_ERR: - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_WARN: - appid_log(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "%s:%s\n", name.c_str(), message); break; case LUA_LOG_NOTICE: case LUA_LOG_INFO: if ( !appidDebug or !appidDebug->is_enabled() ) return 0; - appid_log(nullptr, TRACE_INFO_LEVEL, "AppIdDbg %s:%s\n", name.c_str(), message); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppIdDbg %s:%s\n", name.c_str(), message); break; case LUA_LOG_TRACE: auto curr_packet = (Analyzer::get_local_analyzer() and snort::DetectionEngine::get_context()) ? snort::DetectionEngine::get_current_packet() : nullptr; - appid_log(curr_packet, TRACE_DEBUG_LEVEL, curr_packet ? "%s:%s\n" : "AppIdDbg %s:%s\n", name.c_str(), message); + APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL, curr_packet ? "%s:%s\n" : "AppIdDbg %s:%s\n", name.c_str(), message); break; } @@ -553,7 +553,7 @@ static int service_set_validator(lua_State* L) lua_getfield(L, -1, pValidator); if (!lua_isfunction(L, -1)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator to non-function\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: attempted setting validator to non-function\n", ud->sd->get_name().c_str()); lua_pop(L, 1); @@ -746,7 +746,7 @@ static int detector_get_pcre_groups(lua_State* L) if (re == nullptr) { pcre2_get_error_message(errorcode, error, 128); - appid_log(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE compilation failed at offset %d: %s\n", erroffset, error); + APPID_LOG(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE compilation failed at offset %d: %s\n", erroffset, error); return 0; } @@ -771,12 +771,12 @@ static int detector_get_pcre_groups(lua_State* L) { /*overflow of matches */ rc = OVECCOUNT / 3; - appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "ovector only has room for %d captured substrings\n", rc - 1); + APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "ovector only has room for %d captured substrings\n", rc - 1); } if (!lua_checkstack(L, rc)) { - appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Cannot grow Lua stack by %d slots to hold " + APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Cannot grow Lua stack by %d slots to hold " "PCRE matches\n", rc); return 0; } @@ -792,7 +792,7 @@ static int detector_get_pcre_groups(lua_State* L) { // log errors except no matches if (rc != PCRE2_ERROR_NOMATCH) - appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE regular expression group match failed. rc: %d\n", rc); + APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE regular expression group match failed. rc: %d\n", rc); rc = 0; } @@ -819,7 +819,7 @@ static int detector_get_substr(lua_State* L) unsigned int substr_len = lua_tonumber(L, 3); if (offset + substr_len > lsd->ldp.size) { - appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Requested substr end offset %d is greater than data size %d\n", + APPID_LOG(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Requested substr end offset %d is greater than data size %d\n", offset + substr_len, lsd->ldp.size); return 0; } @@ -1151,7 +1151,7 @@ static int add_alpn_to_service_mapping(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid alpn service string: appid %u.\n", appid); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid alpn service string: appid %u.\n", appid); return 0; } const std::string service_name(tmp_string); @@ -1187,7 +1187,7 @@ static int add_process_to_client_mapping(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name string: appid %u.\n", appid); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name string: appid %u.\n", appid); return 0; } const std::string process_name(tmp_string); @@ -1218,7 +1218,7 @@ static int add_process_to_client_mapping_regex(lua_State* L) const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config; if (!MpseManager::is_regex_capable(fp->get_search_api())){ - appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " "regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1231,7 +1231,7 @@ static int add_process_to_client_mapping_regex(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name regex string: appid %u.\n", appid); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid eve process_name regex string: appid %u.\n", appid); return 0; } const std::string process_name(tmp_string); @@ -1287,7 +1287,7 @@ static int detector_add_http_pattern(lua_State* L) enum httpPatternType pat_type = (enum httpPatternType)lua_tointeger(L, ++index); if (pat_type < HTTP_PAYLOAD or pat_type > HTTP_URL) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1304,7 +1304,7 @@ static int detector_add_http_pattern(lua_State* L) const uint8_t* pattern_str = (const uint8_t*)lua_tolstring(L, ++index, &pattern_size); if (!pattern_str or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1341,7 +1341,7 @@ static int detector_add_ssl_cert_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1364,7 +1364,7 @@ static int detector_add_ssl_cert_regex_pattern(lua_State* L) const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config; if (!MpseManager::is_regex_capable(fp->get_search_api())){ - appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " "regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1377,7 +1377,7 @@ static int detector_add_ssl_cert_regex_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host regex pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL Host regex pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1407,7 +1407,7 @@ static int detector_add_ssl_cname_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1430,7 +1430,7 @@ static int detector_add_ssl_cname_regex_pattern(lua_State* L) const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config; if (!MpseManager::is_regex_capable(fp->get_search_api())){ - appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " "regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1444,7 +1444,7 @@ static int detector_add_ssl_cname_regex_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN regex pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSL CN regex pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -1475,7 +1475,7 @@ static int detector_add_dns_host_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &pattern_size); if (!tmp_string or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid DNS Host pattern string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid DNS Host pattern string.\n"); return 0; } @@ -1511,7 +1511,7 @@ static int detector_add_host_first_pkt_application(lua_State* L) if (!cidr_str or !ipaddr_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: No IP address provided\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: No IP address provided\n"); return 0; } @@ -1519,7 +1519,7 @@ static int detector_add_host_first_pkt_application(lua_State* L) { if (!convert_string_to_address(cidr_str, &ip_address)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", cidr_str); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", cidr_str); return 0; } } @@ -1537,7 +1537,7 @@ static int detector_add_host_first_pkt_application(lua_State* L) if (!netip_str or !convert_string_to_address(netip_str, &ip_address)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", netip_str); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IP address: %s\n", netip_str); return 0; } @@ -1548,14 +1548,14 @@ static int detector_add_host_first_pkt_application(lua_State* L) { if (bits < 0 or bits > 32) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv4 prefix range: %d\n", bits); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv4 prefix range: %d\n", bits); return 0; } } else if (strchr(netip_str, ':')) { if (bits < 0 or bits > 128) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv6 prefix range: %d\n", bits); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid IPv6 prefix range: %d\n", bits); return 0; } } @@ -1582,7 +1582,7 @@ static int detector_add_host_first_pkt_application(lua_State* L) } else { - appid_log(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid prefix bit: %s\n", tokens[1].c_str()); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "First packet API: Invalid prefix bit: %s\n", tokens[1].c_str()); return 0; } } @@ -1598,7 +1598,7 @@ static int detector_add_host_first_pkt_application(lua_State* L) if (!ud->get_odp_ctxt().host_first_pkt_add( sc, &ip_address, netmask_parsed ? netmask32 : nullptr, (uint16_t)port, proto, protocol_appid, client_appid, web_appid, reinspect)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call first pkt add\n", __func__); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call first pkt add\n", __func__); return 0; } @@ -1620,7 +1620,7 @@ static int detector_add_host_port_application(lua_State* L) const char* ip_str= lua_tolstring(L, ++index, &ipaddr_size); if (!ip_str or !ipaddr_size or !convert_string_to_address(ip_str, &ip_address)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s: Invalid IP address: %s\n", __func__, ip_str); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s: Invalid IP address: %s\n", __func__, ip_str); return 0; } @@ -1634,7 +1634,7 @@ static int detector_add_host_port_application(lua_State* L) lua_pop(L, 1); if (!ud->get_odp_ctxt().host_port_cache_add( sc, &ip_address, (uint16_t)port, proto, type, app_id)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call\n", __func__); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "%s:Failed to backend call\n", __func__); return 0; } @@ -1674,7 +1674,7 @@ static int detector_add_host_port_dynamic(lua_State* L) if (added) { AppIdSession::incr_inferred_svcs_ver(); - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Added hostPortCache entry ip=%s, port %d, ip_proto %u, " + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Added hostPortCache entry ip=%s, port %d, ip_proto %u, " "type=%u, appId=%d\n", ip_str, port, (unsigned)proto, type, appid); } @@ -1695,7 +1695,7 @@ static int detector_add_content_type_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &stringSize); if (!tmp_string or !stringSize) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP Header string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP Header string.\n"); return 0; } uint8_t* pattern = (uint8_t*)snort_strdup(tmp_string); @@ -1725,7 +1725,7 @@ static int detector_add_ssh_client_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &string_size); if (!tmp_string || !string_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSH Client string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid SSH Client string.\n"); return 0; } std::string pattern(tmp_string); @@ -1758,7 +1758,7 @@ static int register_callback(lua_State* L, LuaObject& ud, AppInfoFlags flag) { if (entry->flags & flag) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", app_id); return 1; } @@ -1766,7 +1766,7 @@ static int register_callback(lua_State* L, LuaObject& ud, AppInfoFlags flag) } else { - appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback cannot be registered for invalid app %d\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback cannot be registered for invalid app %d\n", app_id); return 1; } @@ -1779,7 +1779,7 @@ static int register_callback(lua_State* L, LuaObject& ud, AppInfoFlags flag) if (!odp_thread_local_ctxt->insert_cb_detector(app_id, &ud)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", app_id); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: detector callback already registered for app %d\n", app_id); return 1; } } @@ -1815,7 +1815,7 @@ static int detector_callback(const uint8_t* data, uint16_t size, AppidSessionDir // when an ODP detector triggers the detector callback to be called, there are some elements // in the stack. Checking here to make sure the number of elements is not too many if (lua_gettop(my_lua_state) > 20) - appid_log(&p, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector callback\n", + APPID_LOG(&p, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector callback\n", lua_gettop(my_lua_state)); const string& cb_fn_name = ud.get_cb_fn_name(); @@ -1833,7 +1833,7 @@ static int detector_callback(const uint8_t* data, uint16_t size, AppidSessionDir lua_getfield(my_lua_state, -1, cb_fn_name.c_str()); if (lua_pcall(my_lua_state, 0, 1, 0)) { - appid_log(&p, TRACE_ERROR_LEVEL, "Detector %s: Error validating %s\n", detector_name, + APPID_LOG(&p, TRACE_ERROR_LEVEL, "Detector %s: Error validating %s\n", detector_name, lua_tostring(my_lua_state, -1)); ud.lsd.ldp.pkt = nullptr; lua_settop(my_lua_state, 0); @@ -1846,7 +1846,7 @@ static int detector_callback(const uint8_t* data, uint16_t size, AppidSessionDir // retrieve result if (!lua_isnumber(my_lua_state, -1)) { - appid_log(&p, TRACE_ERROR_LEVEL, "Detector %s: Validator returned non-numeric value\n", detector_name); + APPID_LOG(&p, TRACE_ERROR_LEVEL, "Detector %s: Validator returned non-numeric value\n", detector_name); ud.lsd.ldp.pkt = nullptr; lua_settop(my_lua_state, 0); return -10; @@ -1880,7 +1880,7 @@ void check_detector_callback(const Packet& p, AppIdSession& asd, AppidSessionDir ud->set_running(true); int ret = detector_callback(p.data, p.dsize, dir, asd, p, *ud, change_bits); - appid_log(&p, TRACE_DEBUG_LEVEL, "%s detector callback returned %d\n", + APPID_LOG(&p, TRACE_DEBUG_LEVEL, "%s detector callback returned %d\n", ud->get_detector()->get_name().empty() ? "UKNOWN" : ud->get_detector()->get_name().c_str(), ret); ud->set_running(false); } @@ -1895,7 +1895,7 @@ static int create_chp_application(AppId appIdInstance, unsigned app_type_flags, if (CHP_glossary->emplace(appIdInstance, new_app).second == false) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Failed to add CHP for appId %d, instance %d", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Failed to add CHP for appId %d, instance %d", CHP_APPIDINSTANCE_TO_ID(appIdInstance), CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance)); delete new_app; return -1; @@ -1922,7 +1922,7 @@ static int detector_chp_create_application(lua_State* L) // We only want one of these for each appId. if (CHP_glossary->find(appIdInstance) != CHP_glossary->end()) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Attempt to add more than one CHP for appId %d - " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Attempt to add more than one CHP for appId %d - " "use CHPMultiCreateApp.\n", appId); return 0; } @@ -1941,7 +1941,7 @@ static inline int get_chp_pattern_type(lua_State* L, int index, HttpFieldIds* pa *pattern_type = (HttpFieldIds)lua_tointeger(L, index); if (*pattern_type >= NUM_HTTP_FIELDS) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action pattern type.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action pattern type.\n"); return -1; } return 0; @@ -1957,7 +1957,7 @@ static inline int get_chp_pattern_data_and_size(lua_State* L, int index, char** // non-empty pattern required if (!tmp_string or !*pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action PATTERN string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid CHP Action PATTERN string.\n"); return -1; } *pattern_data = snort_strdup(tmp_string); @@ -1969,7 +1969,7 @@ static inline int get_chp_action_type(lua_State* L, int index, ActionType& actio action_type = (ActionType)lua_tointeger(L, index); if (action_type < NO_ACTION or action_type > MAX_ACTION_TYPE) { - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: Unsupported CHP Action type: %d, " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: Unsupported CHP Action type: %d, " "possible version mismatch.\n", action_type); return -1; } @@ -2010,7 +2010,7 @@ static int add_chp_pattern_action(AppId appIdInstance, int isKeyPattern, HttpFie auto chp_entry = CHP_glossary->find(appIdInstance); if (chp_entry == CHP_glossary->end() or !chp_entry->second) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid attempt to add a CHP action for " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid attempt to add a CHP action for " "unknown appId %d, instance %d. - pattern:\"%s\" - action \"%s\"\n", CHP_APPIDINSTANCE_TO_ID(appIdInstance), CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance), patternData, optionalActionData ? optionalActionData : ""); snort_free(patternData); @@ -2133,7 +2133,7 @@ static int detector_create_chp_multi_application(lua_State* L) // We only want a maximum of these for each appId. if (instance == CHP_APPID_INSTANCE_MAX) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Attempt to create more than %d CHP for appId %d", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Attempt to create more than %d CHP for appId %d", CHP_APPID_INSTANCE_MAX, appId); return 0; } @@ -2260,7 +2260,7 @@ static int detector_add_length_app_cache(lua_State* L) or ((sequence_cnt == 0) or (sequence_cnt > LENGTH_SEQUENCE_CNT_MAX)) or ((sequence_str == nullptr) or (strlen(sequence_str) == 0))) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid input (%d,%u,%u,\"%s\")!", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid input (%d,%u,%u,\"%s\")!", appId, (unsigned)proto, (unsigned)sequence_cnt, sequence_str ? sequence_str : ""); lua_pushnumber(L, -1); return 1; @@ -2284,7 +2284,7 @@ static int detector_add_length_app_cache(lua_State* L) length_sequence.sequence[i].direction = APP_ID_FROM_RESPONDER; break; default: - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", sequence_str); lua_pushnumber(L, -1); return 1; @@ -2293,7 +2293,7 @@ static int detector_add_length_app_cache(lua_State* L) if (*str_ptr != '/') { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", sequence_str); lua_pushnumber(L, -1); return 1; @@ -2304,7 +2304,7 @@ static int detector_add_length_app_cache(lua_State* L) if (length == 0) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", sequence_str); lua_pushnumber(L, -1); return 1; @@ -2320,7 +2320,7 @@ static int detector_add_length_app_cache(lua_State* L) if ((!last_one and (*str_ptr != ',')) or (last_one and (*str_ptr != 0))) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Invalid sequence string (\"%s\")!", sequence_str); lua_pushnumber(L, -1); return 1; @@ -2330,7 +2330,7 @@ static int detector_add_length_app_cache(lua_State* L) if (!ud->get_odp_ctxt().length_cache_add(length_sequence, appId)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Could not add entry to cache!"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "LuaDetectorApi:Could not add entry to cache!"); lua_pushnumber(L, -1); return 1; } @@ -2361,7 +2361,7 @@ static int detector_add_url_application(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size); if (!tmp_string or !host_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); return 0; } @@ -2374,7 +2374,7 @@ static int detector_add_url_application(lua_State* L) tmp_string = lua_tolstring(L, ++index, &path_pattern_size); if (!tmp_string or !path_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; " "client_id %u; payload %u.\n", service_id, client_id, payload_id); snort_free(host_pattern); return 0; @@ -2388,7 +2388,7 @@ static int detector_add_url_application(lua_State* L) tmp_string = lua_tolstring(L, ++index, &schemePatternSize); if (!tmp_string or !schemePatternSize) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; " "client_id %u; payload %u.\n", service_id, client_id, payload_id); snort_free(path_pattern); snort_free(host_pattern); @@ -2441,7 +2441,7 @@ static int detector_add_url_application_regex(lua_State* L) const FastPatternConfig* const fp = SnortConfig::get_conf()->fast_pattern_config; if (!MpseManager::is_regex_capable(fp->get_search_api())){ - appid_log(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "WARNING: appid: Regex patterns require usage of " "regex capable search engine like hyperscan in %s\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -2461,7 +2461,7 @@ static int detector_add_url_application_regex(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size); if (!tmp_string or !host_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host regex pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host regex pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); return 0; } @@ -2474,7 +2474,7 @@ static int detector_add_url_application_regex(lua_State* L) tmp_string = lua_tolstring(L, ++index, &path_pattern_size); if (!tmp_string or !path_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path regex pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path regex pattern string: service_id %u; " "client_id %u; payload %u.\n", service_id, client_id, payload_id); snort_free(host_pattern); return 0; @@ -2488,7 +2488,7 @@ static int detector_add_url_application_regex(lua_State* L) tmp_string = lua_tolstring(L, ++index, &schemePatternSize); if (!tmp_string or !schemePatternSize) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme regex pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme regex pattern string: service_id %u; " "client_id %u; payload %u.\n", service_id, client_id, payload_id); snort_free(path_pattern); snort_free(host_pattern); @@ -2552,7 +2552,7 @@ static int detector_add_rtmp_url(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size); if (!tmp_string or !host_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP host pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP host pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); return 0; } @@ -2563,7 +2563,7 @@ static int detector_add_rtmp_url(lua_State* L) tmp_string = lua_tolstring(L, ++index, &path_pattern_size); if (!tmp_string or !path_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP path pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP path pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); snort_free(host_pattern); return 0; @@ -2575,7 +2575,7 @@ static int detector_add_rtmp_url(lua_State* L) tmp_string = lua_tolstring(L, ++index, &schemePatternSize); if (!tmp_string or !schemePatternSize) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP scheme pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid RTMP scheme pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); snort_free(path_pattern); snort_free(host_pattern); @@ -2637,7 +2637,7 @@ static int detector_add_sip_user_agent(lua_State* L) const char* client_version = lua_tostring(L, ++index); if (!client_version) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n"); return 0; } @@ -2646,7 +2646,7 @@ static int detector_add_sip_user_agent(lua_State* L) const char* ua_pattern = lua_tolstring(L, ++index, &ua_len); if (!ua_pattern or !ua_len) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip ua pattern string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip ua pattern string.\n"); return 0; } @@ -2672,7 +2672,7 @@ static int create_custom_application(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &appNameLen); if (!tmp_string or !appNameLen) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid appName string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid appName string.\n"); lua_pushnumber(L, APP_ID_NONE); return 1; /*number of results */ } @@ -2758,7 +2758,7 @@ static int add_http_pattern(lua_State* L) enum httpPatternType pat_type = (enum httpPatternType)lua_tointeger(L, ++index); if (pat_type < HTTP_PAYLOAD or pat_type > HTTP_URL) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern type in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -2773,7 +2773,7 @@ static int add_http_pattern(lua_State* L) const uint8_t* pattern_str = (const uint8_t*)lua_tolstring(L, ++index, &pattern_size); if (!pattern_str or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid HTTP pattern string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -2812,7 +2812,7 @@ static int add_url_pattern(lua_State* L) const char* tmp_string = lua_tolstring(L, ++index, &host_pattern_size); if (!tmp_string or !host_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid host pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); return 0; } @@ -2824,7 +2824,7 @@ static int add_url_pattern(lua_State* L) tmp_string = lua_tolstring(L, ++index, &path_pattern_size); if (!tmp_string or !path_pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid path pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); snort_free(host_pattern); return 0; @@ -2837,7 +2837,7 @@ static int add_url_pattern(lua_State* L) tmp_string = lua_tolstring(L, ++index, &schemePatternSize); if (!tmp_string or !schemePatternSize) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid scheme pattern string: service_id %u; " "client_id %u; payload_id %u.\n", service_id, client_id, payload_id); snort_free(path_pattern); snort_free(host_pattern); @@ -2906,7 +2906,7 @@ static int add_port_pattern_client(lua_State* L) if (appid <= APP_ID_NONE or !pattern or !pattern_size or (protocol != IpProtocol::TCP and protocol != IpProtocol::UDP)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternClient() - Invalid input in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternClient() - Invalid input in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -2964,7 +2964,7 @@ static int add_port_pattern_service(lua_State* L) if (appid <= APP_ID_NONE or !pattern or !pattern_size or (protocol != IpProtocol::TCP and protocol != IpProtocol::UDP)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternService() - Invalid input in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: addPortPatternService() - Invalid input in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -2999,7 +2999,7 @@ static int detector_add_sip_server(lua_State* L) const char* client_version = lua_tostring(L, ++index); if (!client_version) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip client version string.\n"); return 0; } @@ -3008,7 +3008,7 @@ static int detector_add_sip_server(lua_State* L) const char* server_pattern = lua_tolstring(L, ++index, &pattern_size); if (!server_pattern or !pattern_size) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip server pattern string.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid sip server pattern string.\n"); return 0; } @@ -3332,14 +3332,14 @@ static int get_user_detector_data_item(lua_State *L) const char* table = lua_tostring(L, 2); if (!table) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data table string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data table string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } const char* key = lua_tostring(L, 3); if (!key) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data key string in %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "appid: Invalid detector data key string in %s.\n", ud->get_detector()->get_name().c_str()); return 0; } @@ -3558,7 +3558,7 @@ int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) auto my_lua_state = odp_thread_local_ctxt->get_lua_state(); if (!my_lua_state) { - appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: no LUA state\n", package_info.name.c_str()); + APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: no LUA state\n", package_info.name.c_str()); lua_settop(my_lua_state, 0); return APPID_ENULL; } @@ -3587,7 +3587,7 @@ int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) // Runtime Lua errors are suppressed in production code since detectors are written for // efficiency and with defensive minimum checks. Errors are dealt as exceptions // that don't impact processing by other detectors or future packets by the same detector. - appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: error validating %s\n", + APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: error validating %s\n", package_info.name.c_str(), lua_tostring(my_lua_state, -1)); ldp.pkt = nullptr; odp_thread_local_ctxt->free_detector_flow(); @@ -3601,7 +3601,7 @@ int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) /* retrieve result */ if (!lua_isnumber(my_lua_state, -1)) { - appid_log(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: returned non-numeric value\n", + APPID_LOG(args.pkt, TRACE_ERROR_LEVEL, "lua detector %s: returned non-numeric value\n", package_info.name.c_str()); ldp.pkt = nullptr; lua_settop(my_lua_state, 0); @@ -3695,7 +3695,7 @@ int LuaServiceDetector::validate(AppIdDiscoveryArgs& args) { auto my_lua_state = odp_thread_local_ctxt->get_lua_state(); if (lua_gettop(my_lua_state)) - appid_log(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before service validate\n", + APPID_LOG(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before service validate\n", lua_gettop(my_lua_state)); std::string name = this->name + "_"; @@ -3771,7 +3771,7 @@ int LuaClientDetector::validate(AppIdDiscoveryArgs& args) { auto my_lua_state = odp_thread_local_ctxt->get_lua_state(); if (lua_gettop(my_lua_state)) - appid_log(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before client validate\n", + APPID_LOG(args.pkt, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before client validate\n", lua_gettop(my_lua_state)); std::string name = this->name + "_"; diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index a463db44f..ec9bcf547 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -171,7 +171,7 @@ static void scan_and_print_odp_version(const char* app_detector_dir) if (line.find(OPEN_DETECTOR_PACKAGE_VERSION) == 0) { line = line.substr(strlen(OPEN_DETECTOR_PACKAGE_VERSION)); - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Open Detector Package(ODP) Version: %s\n", line.c_str()); + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Open Detector Package(ODP) Version: %s\n", line.c_str()); break; } } @@ -184,10 +184,10 @@ LuaDetectorManager::LuaDetectorManager(AppIdContext& ctxt, bool is_control) : ct if (!L) { if (is_control) - appid_log(nullptr, TRACE_CRITICAL_LEVEL, + APPID_LOG(nullptr, TRACE_CRITICAL_LEVEL, "Error - appid: can not create new luaState, control instance\n"); else - appid_log(nullptr, TRACE_ERROR_LEVEL, + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not create new luaState, instance=%u\n", get_instance_id()); } } @@ -197,7 +197,7 @@ LuaDetectorManager::~LuaDetectorManager() if (L) { if (lua_gettop(L)) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector unload\n", + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector unload\n", lua_gettop(L)); for ( auto& lua_object : allocated_objects ) @@ -213,7 +213,7 @@ LuaDetectorManager::~LuaDetectorManager() if ( lua_pcall(L, 1, 1, 0) ) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not cleanup the %s client app element: %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not cleanup the %s client app element: %s\n", lsd->package_info.name.c_str(), lua_tostring(L, -1)); } } @@ -274,7 +274,7 @@ static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers) { lua_pushinteger (L, numTrackers); if (lua_pcall(L, 1, 0, 0) != 0 and init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: activating lua detector. " + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: activating lua detector. " "Setting tracker size to %u failed.\n", numTrackers); } } @@ -290,7 +290,7 @@ static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers) { lua_pushinteger (L, numTrackers); if (lua_pcall(L, 1, 0, 0) != 0 and init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: setting tracker size\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: setting tracker size\n"); } } @@ -334,7 +334,7 @@ LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, int c = detector_file.peek(); detector_file.close(); if (c != EOF) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo table from %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo table from %s\n", detector_name); } if (!lua_isnil(L, -1)) // pop DetectorPackageInfo index if it was pushed @@ -345,7 +345,7 @@ LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, if (!get_lua_field(L, -1, "name", log_name)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'name' from %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'name' from %s\n", detector_name); lua_pop(L, 1); return nullptr; @@ -354,7 +354,7 @@ LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, if (!get_lua_field(L, -1, "proto", proto)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'proto' from %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field 'proto' from %s\n", detector_name); lua_pop(L, 1); return nullptr; @@ -377,7 +377,7 @@ LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt()); } else if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field" + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not read DetectorPackageInfo field" " 'client' or 'server' from %s\n", detector_name); lua_pop(L, 1); // pop server table @@ -402,7 +402,7 @@ bool LuaDetectorManager::load_detector(char* detector_filename, bool is_custom, if (luaL_loadbuffer(L, buf.c_str(), buf.length(), detector_filename)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1)); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1)); lua_pop(L, 1); return false; } @@ -412,14 +412,14 @@ bool LuaDetectorManager::load_detector(char* detector_filename, bool is_custom, if (luaL_loadfile(L, detector_filename)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1)); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector, %s\n", lua_tostring(L, -1)); lua_pop(L, 1); return false; } if (lua_dump(L, dump, &buf)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not compile Lua detector, %s\n", lua_tostring(L, -1)); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not compile Lua detector, %s\n", lua_tostring(L, -1)); lua_pop(L, 1); return false; } @@ -448,7 +448,7 @@ bool LuaDetectorManager::load_detector(char* detector_filename, bool is_custom, lua_setfenv(L, -2); if (lua_pcall(L, 0, 0, 0)) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not set env of Lua detector %s : %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not set env of Lua detector %s : %s\n", detector_filename, lua_tostring(L, -1)); lua_pop(L, 1); return false; @@ -465,7 +465,7 @@ bool LuaDetectorManager::load_detector(char* detector_filename, bool is_custom, void LuaDetectorManager::activate_lua_detectors(const SnortConfig* sc) { if (lua_gettop(L)) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector activate\n", + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector activate\n", lua_gettop(L)); uint32_t lua_tracker_size = compute_lua_tracker_size(MAX_MEMORY_FOR_LUA_DETECTORS, allocated_objects.size()); @@ -478,7 +478,7 @@ void LuaDetectorManager::activate_lua_detectors(const SnortConfig* sc) if (!lua_isfunction(L, -1)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load DetectorInit function from %s\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load DetectorInit function from %s\n", (*lo)->get_detector()->get_name().c_str()); if (!(*lo)->get_detector()->is_custom_detector()) num_odp_detectors--; @@ -500,7 +500,7 @@ void LuaDetectorManager::activate_lua_detectors(const SnortConfig* sc) if (lua_pcall(L, 2, 1, 0)) { if (init(L)) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not run DetectorInit, %s\n", lua_tostring(L, -1)); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not run DetectorInit, %s\n", lua_tostring(L, -1)); if (!(*lo)->get_detector()->is_custom_detector()) num_odp_detectors--; lua_settop(L, 0); @@ -528,7 +528,7 @@ void ControlLuaDetectorManager::process_detector_file(char* detector_file_path, } if (size > MAX_LUA_DETECTOR_FILE_SIZE) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector %s : \ + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not load Lua detector %s : \ size exceeded maximum limit\n", detector_file_path); file.close(); return; @@ -579,14 +579,14 @@ void ControlLuaDetectorManager::load_lua_detectors(const char* path, bool is_cus std::ifstream file(required_lua_detectors); if (!file) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not open required lua detectors list file %s\n", required_lua_detectors); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Error - appid: can not open required lua detectors list file %s\n", required_lua_detectors); } else { std::string line; int lua_top = lua_gettop(L); if (lua_top) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", lua_top); + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", lua_top); while (std::getline(file, line)) { std::string full_path = std::string(path) + "/" + line; @@ -603,7 +603,7 @@ void ControlLuaDetectorManager::load_lua_detectors(const char* path, bool is_cus if (rval == 0 ) { if (lua_gettop(L)) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: leak of %d lua stack elements before detector load\n", lua_gettop(L)); for (unsigned n = 0; n < globs.gl_pathc; n++) @@ -669,7 +669,7 @@ void ControlLuaDetectorManager::list_lua_detectors() int memory_used_by_lua = lua_gc(L, LUA_GCCOUNT, 0); #endif - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: control instance, odp detectors %zu, custom detectors %zu," + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: control instance, odp detectors %zu, custom detectors %zu," " total memory %d kb\n", num_odp_detectors, (allocated_objects.size() - num_odp_detectors), memory_used_by_lua); } @@ -700,7 +700,7 @@ void PacketLuaDetectorManager::list_lua_detectors() int memory_used_by_lua = lua_gc(L, LUA_GCCOUNT, 0); #endif - appid_log(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: instance %u, odp detectors %zu, custom detectors %zu," + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "AppId Lua-Detector Stats: instance %u, odp detectors %zu, custom detectors %zu," " total memory %d kb\n", get_instance_id(), num_odp_detectors, (allocated_objects.size() - num_odp_detectors), memory_used_by_lua); } diff --git a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc index 5be483617..cedc15197 100644 --- a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc +++ b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc @@ -43,7 +43,7 @@ void AlpnPatternMatchers::add_alpn_pattern(AppId app_id, const string& pattern_s if (match != alpn_load_list.end()) { if ((*match)->app_id != app_id) - appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - alpn '%s' for service app %d is already " + APPID_LOG(nullptr, TRACE_WARNING_LEVEL, "appid: detector %s - alpn '%s' for service app %d is already " "mapped to service app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id, (*match)->app_id); } @@ -108,7 +108,7 @@ void AlpnPatternMatchers::finalize_patterns() AppIdInspector* inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true); if (inspector and inspector->get_ctxt().config.log_alpn_service_mappings) - appid_log(nullptr, TRACE_INFO_LEVEL, "Adding ALPN service App pattern %d %s\n", + APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Adding ALPN service App pattern %d %s\n", p->app_id, p->pattern.c_str()); #endif } diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index ceff934b5..21b43cc35 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -192,7 +192,7 @@ int ServiceDiscovery::add_service_port(AppIdDetector* detector, const ServiceDet } else { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol (%u) specified for service %s.\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Invalid protocol (%u) specified for service %s.\n", (unsigned)pp.proto, service->get_name().c_str()); return 0; } @@ -450,7 +450,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, if ( sds_state == ServiceState::FAILED ) { - appid_log(p, TRACE_DEBUG_LEVEL, "No service match, failed state\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service match, failed state\n"); fail_service(asd, p, dir, nullptr, sds); return APPID_NOMATCH; } @@ -484,7 +484,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, else if (ret == APPID_NOT_COMPATIBLE) got_incompatible_service = true; asd.service_search_state = SESSION_SERVICE_SEARCH_STATE::PENDING; - appid_log(p, TRACE_DEBUG_LEVEL, "%s service detector returned %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s service detector returned %s (%d)\n", asd.service_detector->get_log_name().c_str(), asd.service_detector->get_code_string((APPID_STATUS_CODE)ret), ret); } @@ -508,7 +508,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, int result; result = service->validate(args); - appid_log(p, TRACE_DEBUG_LEVEL, "%s service candidate returned %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "%s service candidate returned %s (%d)\n", service->get_log_name().c_str(), service->get_code_string((APPID_STATUS_CODE)result), result); if ( result == APPID_SUCCESS ) @@ -539,7 +539,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, if (asd.has_no_service_inspector() or (proto == IpProtocol::UDP)) got_fail_service = true; else if (!asd.service_detector and !asd.has_no_service_candidate()) - appid_log(p, TRACE_DEBUG_LEVEL, "No service candidate, wait for snort service inspection\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service candidate, wait for snort service inspection\n"); asd.set_no_service_candidate(); } @@ -564,7 +564,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, asd.is_decrypted(), true); // Don't log this if fail service is not due to empty list if (!(got_fail_service and asd.service_detector)) - appid_log(p, TRACE_DEBUG_LEVEL, "No service %s\n", got_fail_service ? "candidate" : "detector"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "No service %s\n", got_fail_service ? "candidate" : "detector"); got_fail_service = true; fail_service(asd, p, dir, nullptr, sds); ret = APPID_NOMATCH; @@ -671,7 +671,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, if ( entry && entry->service_detector && !(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL) ) { - appid_log(p, TRACE_DEBUG_LEVEL, "Stop service detection\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Stop service detection\n"); asd.stop_service_inspection(p, direction); } } diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc index 723a3a833..a4b41609e 100644 --- a/src/network_inspectors/appid/service_plugins/service_rexec.cc +++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc @@ -134,7 +134,7 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args) rd->state = REXEC_STATE_PORT; } // cppcheck-suppress nullPointerRedundantCheck - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "rexec state %d\n", rd->state); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "rexec state %d\n", rd->state); switch (rd->state) // cppcheck-suppress nullPointerRedundantCheck { diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc index a57405ba8..42c34d80d 100644 --- a/src/network_inspectors/appid/service_plugins/service_rshell.cc +++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc @@ -130,7 +130,7 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args) } // cppcheck-suppress nullPointerRedundantCheck - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "RSHELL state %d\n",rd->state); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "RSHELL state %d\n",rd->state); switch (rd->state) // cppcheck-suppress nullPointerRedundantCheck { diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index 17a6d091b..ecee96595 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -409,7 +409,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) if (snmp_verify_packet(&data, data+size, &pdu, &version)) { - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "SNMP payload verify failed\n"); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "SNMP payload verify failed\n"); if (args.asd.get_session_flags(APPID_SESSION_UDP_REVERSED)) { if (args.dir == APP_ID_FROM_RESPONDER) @@ -426,7 +426,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) } } - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "SNMP state %d\n", sd->state); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "SNMP state %d\n", sd->state); switch (sd->state) { diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc index 44c51d646..d5872ad23 100644 --- a/src/network_inspectors/appid/service_plugins/service_tftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc @@ -144,7 +144,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) data_add(args.asd, td, &snort_free); td->state = TFTP_STATE_CONNECTION; } - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP state %d\n", td->state); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP state %d\n", td->state); if (td->state == TFTP_STATE_CONNECTION && args.dir == APP_ID_FROM_RESPONDER) goto fail; @@ -215,10 +215,10 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) case TFTP_STATE_TRANSFER: if ((mode=tftp_verify_header(data, size, &block)) < 0) { - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n"); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n"); goto fail; } - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d and block %u\n", mode, (unsigned)block); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d and block %u\n", mode, (unsigned)block); if (mode == TFTP_STATE_ACK) { if (block != 0) @@ -255,11 +255,11 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) goto fail; else { - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n"); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP failed to verify\n"); goto bail; } } - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d\n", mode); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP mode %d\n", mode); if (mode == TFTP_STATE_ERROR) { td->state = TFTP_STATE_TRANSFER; @@ -267,7 +267,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) } if (args.dir == APP_ID_FROM_INITIATOR && mode != TFTP_STATE_DATA) { - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP bad mode\n"); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP bad mode\n"); goto bail; } if (args.dir == APP_ID_FROM_RESPONDER && mode != TFTP_STATE_ACK) @@ -315,7 +315,7 @@ inprocess: return APPID_INPROCESS; success: - appid_log(args.pkt, TRACE_DEBUG_LEVEL, "TFTP success\n"); + APPID_LOG(args.pkt, TRACE_DEBUG_LEVEL, "TFTP success\n"); return add_service(args.change_bits, args.asd, args.pkt, args.dir, APP_ID_TFTP); bail: diff --git a/src/network_inspectors/appid/service_state.cc b/src/network_inspectors/appid/service_state.cc index eebfda923..8dc43e046 100644 --- a/src/network_inspectors/appid/service_state.cc +++ b/src/network_inspectors/appid/service_state.cc @@ -78,7 +78,7 @@ ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtoco service = tcp_brute_force_mgr->current(); } - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more TCP detectors"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more TCP detectors"); } else if (proto == IpProtocol::UDP) { @@ -95,7 +95,7 @@ ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtoco service = udp_brute_force_mgr->current(); } - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more UDP detectors"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Brute-force state %s\n", service? "" : "failed - no more UDP detectors"); } else service = nullptr; @@ -305,7 +305,7 @@ void AppIdServiceState::remove(const SfIp* ip, IpProtocol proto, uint16_t port, ipstr[0] = 0; sfip_ntop(ip, ipstr, sizeof(ipstr)); - appid_log(CURRENT_PACKET, TRACE_ERROR_LEVEL, "Failed to remove from hash: %s:%u:%hu\n", ipstr, + APPID_LOG(CURRENT_PACKET, TRACE_ERROR_LEVEL, "Failed to remove from hash: %s:%u:%hu\n", ipstr, (unsigned)proto, port); } } diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 69d620f32..50a5ede9a 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -424,7 +424,7 @@ static inline void process_quic(AppIdSession& asd, if ( !asd.tsession->get_tls_host() and (field=attribute_data.quic_sni()) != nullptr ) { - appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Flow is QUIC\n"); + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "Flow is QUIC\n"); asd.tsession->set_tls_host(field->c_str(), field->size(), change_bits); if ( asd.get_service_id() <= APP_ID_NONE ) asd.set_service_appid_data(APP_ID_QUIC, change_bits); @@ -440,13 +440,13 @@ static inline void process_third_party_results(const Packet& p, AppIdSession& as if ( contains(proto_list, APP_ID_HTTP) ) { - appid_log(&p, TRACE_DEBUG_LEVEL, "Flow is HTTP\n"); + APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Flow is HTTP\n"); asd.set_session_flags(APPID_SESSION_HTTP_SESSION); } if ( contains(proto_list, APP_ID_SPDY) ) { - appid_log(&p, TRACE_DEBUG_LEVEL, "Flow is SPDY\n"); + APPID_LOG(&p, TRACE_DEBUG_LEVEL, "Flow is SPDY\n"); asd.set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_SPDY_SESSION); } @@ -501,7 +501,7 @@ static void set_tp_reinspect(AppIdSession& asd, const Packet* p, AppidSessionDir { asd.tp_reinspect_by_initiator = true; asd.set_session_flags(APPID_SESSION_APP_REINSPECT); - appid_log(p, TRACE_DEBUG_LEVEL, "3rd party allow reinspect http\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party allow reinspect http\n"); // If on reinspection, payload is found, a new record would be inserted for that // payload, only for the time and packets processed from this point onwards @@ -540,7 +540,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if ( p->ptrs.ip_api.tos() == 8 ) { asd.set_payload_id(APP_ID_SFTP); - appid_log(p, TRACE_DEBUG_LEVEL, "Payload is SFTP\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Payload is SFTP\n"); } return true; @@ -569,7 +569,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I TpAppIdCreateSession tpsf = tph->tpsession_factory(); if ( !(asd.tpsession = tpsf(tp_appid_ctxt)) ) { - appid_log(p, TRACE_ERROR_LEVEL, "Could not allocate asd.tpsession data"); + APPID_LOG(p, TRACE_ERROR_LEVEL, "Could not allocate asd.tpsession data"); return false; } } @@ -596,7 +596,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I } const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); - appid_log(p, TRACE_DEBUG_LEVEL, "3rd party returned %s (%d)\n", app_name ? app_name : "unknown", tp_app_id); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party returned %s (%d)\n", app_name ? app_name : "unknown", tp_app_id); process_third_party_results(*p, asd, tp_confidence, tp_proto_list, tp_attribute_data, change_bits); @@ -609,7 +609,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if (tp_app_id == APP_ID_SSH) { - appid_log(p, TRACE_DEBUG_LEVEL, "Setting the ignore and early detection flag\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "Setting the ignore and early detection flag\n"); asd.get_odp_ctxt().get_app_info_mgr().set_app_info_flags(tp_app_id, APPINFO_FLAG_IGNORE); asd.set_session_flags(APPID_SESSION_WAIT_FOR_EXTERNAL); asd.expected_external_app_id = tp_app_id; @@ -629,7 +629,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if ( app_info_flags & APPINFO_FLAG_IGNORE ) { - appid_log(p, TRACE_DEBUG_LEVEL, "3rd party ignored\n"); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "3rd party ignored\n"); if (asd.get_session_flags(APPID_SESSION_HTTP_SESSION)) tp_app_id = APP_ID_HTTP; @@ -716,7 +716,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.set_port_service_id(portAppId); const char *service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); const char *port_service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id()); - appid_log(p, TRACE_DEBUG_LEVEL, "SSL is service %s (%d), portServiceAppId %s (%d)\n", + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSL is service %s (%d), portServiceAppId %s (%d)\n", service_name ? service_name : "unknown", tp_app_id, port_service_name ? port_service_name : "unknown", asd.get_port_service_id()); } @@ -726,7 +726,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.set_tp_payload_app_id(*p, direction, tp_app_id, change_bits); tp_app_id = portAppId; const char *tp_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); - appid_log(p, TRACE_DEBUG_LEVEL, "SSL is %s (%d)\n", tp_app_name ? tp_app_name : "unknown", tp_app_id); + APPID_LOG(p, TRACE_DEBUG_LEVEL, "SSL is %s (%d)\n", tp_app_name ? tp_app_name : "unknown", tp_app_id); } snort_app_id = APP_ID_SSL; } diff --git a/src/network_inspectors/appid/tp_lib_handler.cc b/src/network_inspectors/appid/tp_lib_handler.cc index f8d17d33e..5023d9790 100644 --- a/src/network_inspectors/appid/tp_lib_handler.cc +++ b/src/network_inspectors/appid/tp_lib_handler.cc @@ -43,7 +43,7 @@ bool TPLibHandler::load_callback(const char* const path) self->tp_so_handle = dlopen(path, RTLD_NOW | RTLD_LOCAL); if (self->tp_so_handle == nullptr) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to load 3rd party AppID library: %s - %s\n", path, dlerror()); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to load 3rd party AppID library: %s - %s\n", path, dlerror()); return false; } @@ -69,7 +69,7 @@ bool TPLibHandler::load_callback(const char* const path) if (*(index->local_sym) == nullptr) { char* error; - appid_log(nullptr, TRACE_ERROR_LEVEL, "AppId: Failed to resolve symbol: %s %s\n", index->lib_sym, + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "AppId: Failed to resolve symbol: %s %s\n", index->lib_sym, (error = dlerror()) ? error : ""); dlclose(self->tp_so_handle); self->tp_so_handle = nullptr; @@ -108,7 +108,7 @@ ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& co ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config); if (tp_appid_ctxt == nullptr) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Failed to create third party appId context.\n"); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Failed to create third party appId context.\n"); dlclose(self->tp_so_handle); self->tp_so_handle = nullptr; return nullptr; @@ -117,7 +117,7 @@ ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& co if ( (tp_appid_ctxt->get_api_version() != THIRD_PARTY_APPID_API_VERSION) || (tp_appid_ctxt->module_name().empty()) ) { - appid_log(nullptr, TRACE_ERROR_LEVEL, "Ignoring incomplete 3rd party AppID module (%s, %u, %s)!\n", + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Ignoring incomplete 3rd party AppID module (%s, %u, %s)!\n", config.tp_appid_path.c_str(), tp_appid_ctxt->get_api_version(), tp_appid_ctxt->module_name().empty() ? "empty" : tp_appid_ctxt->module_name().c_str()); @@ -140,7 +140,7 @@ void TPLibHandler::tfini() ret = self->tp_appid_tfini(); if (ret != 0) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not terminate packet thread in 3rd party AppID module (%d)!\n", ret); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not terminate packet thread in 3rd party AppID module (%d)!\n", ret); } void TPLibHandler::pfini() @@ -153,7 +153,7 @@ void TPLibHandler::pfini() ret = self->tp_appid_pfini(); if (ret != 0) - appid_log(nullptr, TRACE_ERROR_LEVEL, "Could not terminate 3rd party AppID module (%d)!\n", ret); + APPID_LOG(nullptr, TRACE_ERROR_LEVEL, "Could not terminate 3rd party AppID module (%d)!\n", ret); AppIdContext::delete_tp_appid_ctxt(); diff --git a/src/network_inspectors/appid/user_data_map.cc b/src/network_inspectors/appid/user_data_map.cc index d700cbd21..7af2b1199 100644 --- a/src/network_inspectors/appid/user_data_map.cc +++ b/src/network_inspectors/appid/user_data_map.cc @@ -36,7 +36,7 @@ void UserDataMap::add_user_data(const std::string& table, const std::string& key { if (user_data_maps[table].find(key) != user_data_maps[table].end()) { - appid_log(nullptr, TRACE_WARNING_LEVEL,"ignoring duplicate key %s in table %s", + APPID_LOG(nullptr, TRACE_WARNING_LEVEL,"ignoring duplicate key %s in table %s", key.c_str(), table.c_str()); return; }