From: Pranav Bhalerao (prbhaler) <prbhaler@cisco.com>
Date: Wed, 24 Mar 2021 06:41:50 +0000 (+0000)
Subject: Merge pull request #2805 in SNORT/snort3 from ~KRPRAJAP/snort3:pinhole_serv to master
X-Git-Tag: 3.1.3.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=feebdef1c85006f8653dcead65f15a53208bf237;p=thirdparty%2Fsnort3.git

Merge pull request #2805 in SNORT/snort3 from ~KRPRAJAP/snort3:pinhole_serv to master

Squashed commit of the following:

commit ffc93030a0477fd864452bd5a01efeeef7e0f6e3
Author: Krithika Prajapathi <krprajap@cisco.com>
Date:   Mon Mar 22 01:10:09 2021 -0400

    log: pinhole serviceability
---

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index ea301b849..27578c65a 100644
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -26,6 +26,7 @@
 #include "detection/ips_context.h"
 #include "hash/zhash.h"
 #include "packet_io/sfdaq_instance.h"
+#include "packet_tracer/packet_tracer.h"
 #include "protocols/packet.h"
 #include "protocols/vlan.h"
 #include "pub_sub/expect_events.h"
@@ -381,8 +382,19 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro
         last = nullptr;
         /* Only add TCP and UDP expected flows for now via the DAQ module. */
         if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_instance)
+        {
+            if (PacketTracer::is_active())
+            {
+                SfIpString sipstr;
+                SfIpString dipstr;
+                cliIP->ntop(sipstr, sizeof(sipstr));
+                srvIP->ntop(dipstr, sizeof(dipstr));
+                PacketTracer::log("Create expected channel request sent with %s -> %s %hu %hhu\n",
+                        dipstr, sipstr, srvPort, static_cast<uint8_t>(ip_proto));
+            }
             ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort,
                     ip_proto, 1000, 0);
+        }
     }
 
     bool new_expect_flow = false;