From: Victor Julien Date: Fri, 16 Mar 2018 13:42:58 +0000 (+0100) Subject: smb: suppress notice messages X-Git-Tag: suricata-4.1.0-beta1~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3291%2Fhead;p=thirdparty%2Fsuricata.git smb: suppress notice messages --- diff --git a/rust/src/smb/auth.rs b/rust/src/smb/auth.rs index 4d9c898429..006b08cfbb 100644 --- a/rust/src/smb/auth.rs +++ b/rust/src/smb/auth.rs @@ -173,10 +173,10 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option "1.2.840.113554.1.2.2.3" => { SCLogDebug!("krb5-user-to-user-mech"); }, "1.3.6.1.4.1.311.2.2.10" => { SCLogDebug!("NTLMSSP"); have_ntlmssp = true; }, "1.3.6.1.4.1.311.2.2.30" => { SCLogDebug!("NegoEx"); }, - _ => { SCLogNotice!("unexpected OID {:?}", oid); }, + _ => { SCLogDebug!("unexpected OID {:?}", oid); }, } }, - _ => { SCLogNotice!("expected OID, got {:?}", se); }, + _ => { SCLogDebug!("expected OID, got {:?}", se); }, } } }, diff --git a/rust/src/smb/dcerpc.rs b/rust/src/smb/dcerpc.rs index d944369793..9a3303f6e2 100644 --- a/rust/src/smb/dcerpc.rs +++ b/rust/src/smb/dcerpc.rs @@ -415,7 +415,7 @@ fn smb_read_dcerpc_record_error(state: &mut SMBState, true }, None => { - SCLogNotice!("NOT found"); + SCLogDebug!("NOT found"); false }, }; @@ -453,7 +453,7 @@ pub fn smb_read_dcerpc_record<'b>(state: &mut SMBState, let mut malformed = false; if data.len() == 0 { - SCLogNotice!("weird: no DCERPC data"); // TODO + SCLogDebug!("weird: no DCERPC data"); // TODO // TODO set event? return false; @@ -499,7 +499,7 @@ pub fn smb_read_dcerpc_record<'b>(state: &mut SMBState, let tx = match state.get_dcerpc_tx(&hdr, &vercmd, dcer.call_id) { Some(tx) => tx, None => { - SCLogNotice!("no tx"); + SCLogDebug!("no tx"); return false; }, }; diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs index 698e2c7d43..70854d23ab 100644 --- a/rust/src/smb/detect.rs +++ b/rust/src/smb/detect.rs @@ -117,7 +117,7 @@ pub extern "C" fn rs_smb_tx_get_dce_opnum(tx: &mut SMBTransaction, opnum: *mut libc::uint16_t) -> libc::uint8_t { - SCLogNotice!("rs_smb_tx_get_dce_opnum: start"); + SCLogDebug!("rs_smb_tx_get_dce_opnum: start"); match tx.type_data { Some(SMBTransactionTypeData::DCERPC(ref x)) => { if x.req_cmd == 1 { // REQUEST diff --git a/rust/src/smb/files.rs b/rust/src/smb/files.rs index 83a0ffd4bc..44fad98f2a 100644 --- a/rust/src/smb/files.rs +++ b/rust/src/smb/files.rs @@ -209,7 +209,7 @@ impl SMBState { } }, None => { - SCLogNotice!("not found for handle {:?}", file_handle); + SCLogDebug!("not found for handle {:?}", file_handle); 0 }, }; diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 5a57188c0b..bf0da44b11 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -392,7 +392,7 @@ impl SMBState { tx.request_done = true; tx.response_done = self.tc_trunc; // no response expected if tc is truncated - SCLogNotice!("SMB: TX RENAME created: ID {}", tx.id); + SCLogDebug!("SMB: TX RENAME created: ID {}", tx.id); self.transactions.push(tx); let tx_ref = self.transactions.last_mut(); return tx_ref.unwrap(); @@ -1053,7 +1053,7 @@ impl SMBState { Ok("samr") => ("samr", true), Err(_) => ("MALFORMED", false), Ok(&_) => { - SCLogNotice!("don't know {}", String::from_utf8_lossy(&n)); + SCLogDebug!("don't know {}", String::from_utf8_lossy(&n)); ("UNKNOWN", false) }, } @@ -1082,7 +1082,7 @@ impl SMBState { None => (false, 0), }; if last_done && id > 0 { - SCLogNotice!("check_gap_resync2: TX {} is done post-GAP, mark all older ones complete", id); + SCLogDebug!("check_gap_resync2: TX {} is done post-GAP, mark all older ones complete", id); self.ts_ssn_gap = false; self.tc_ssn_gap = false; self.close_non_file_txs(prior_max_id); diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs index c33a91ee18..df59686dee 100644 --- a/rust/src/smb/smb1.rs +++ b/rust/src/smb/smb1.rs @@ -693,7 +693,7 @@ pub fn get_service_for_nameslice(nameslice: &[u8]) -> (&'static str, bool) Ok("\\PIPE\\") => ("PIPE", true), // TODO not sure if this is true Err(_) => ("MALFORMED", false), Ok(&_) => { - SCLogNotice!("don't know \"{}\"", String::from_utf8_lossy(&name)); + SCLogDebug!("don't know \"{}\"", String::from_utf8_lossy(&name)); ("UNKNOWN", false) }, } @@ -885,7 +885,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) let (offset, file_fid) = match state.ssn2vecoffset_map.remove(&fid_key) { Some(o) => (o.offset, o.guid), None => { - SCLogNotice!("SMBv1 READ response: reply to unknown request: left {} {:?}", + SCLogDebug!("SMBv1 READ response: reply to unknown request: left {} {:?}", rd.len - rd.data.len() as u32, rd); state.skip_tc = rd.len - rd.data.len() as u32; return; diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index 3c2cd9142e..7d7b17f353 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -333,7 +333,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let found = match state.get_negotiate_tx(2) { Some(_) => { - SCLogNotice!("WEIRD, should not have NEGOTIATE tx!"); + SCLogDebug!("WEIRD, should not have NEGOTIATE tx!"); true }, None => { false }, @@ -536,7 +536,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let file_guid = match state.ssn2vecoffset_map.remove(&guid_key) { Some(o) => o.guid, _ => { - SCLogNotice!("SMBv2 READ response: reply to unknown request"); + SCLogDebug!("SMBv2 READ response: reply to unknown request"); Vec::new() }, }; @@ -558,7 +558,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) } false } else { - SCLogNotice!("SMBv2 READ: status {}", &smb_ntstatus_string(r.nt_status)); + SCLogDebug!("SMBv2 READ: status {}", &smb_ntstatus_string(r.nt_status)); false } }, @@ -721,7 +721,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) true }, _ => { - SCLogNotice!("no tx found for {:?}", r); + SCLogDebug!("no tx found for {:?}", r); false }, }; diff --git a/rust/src/smb/smb2_ioctl.rs b/rust/src/smb/smb2_ioctl.rs index 7685d22123..f06941648d 100644 --- a/rust/src/smb/smb2_ioctl.rs +++ b/rust/src/smb/smb2_ioctl.rs @@ -101,7 +101,7 @@ pub fn smb2_ioctl_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let hdr = SMBCommonHdr::new(SMBHDR_TYPE_HEADER, r.session_id, 0, r.message_id); let vercmd = SMBVerCmdStat::new2_with_ntstatus(SMB2_COMMAND_IOCTL, r.nt_status); - SCLogNotice!("TODO passing empty GUID"); + SCLogDebug!("TODO passing empty GUID"); smb_read_dcerpc_record(state, vercmd, hdr, &[],rd.data); } else { let tx_key = SMBCommonHdr::new(SMBHDR_TYPE_HEADER, diff --git a/rust/src/smb/smb2_session.rs b/rust/src/smb/smb2_session.rs index 5c4b26fa46..61f9fb7f56 100644 --- a/rust/src/smb/smb2_session.rs +++ b/rust/src/smb/smb2_session.rs @@ -76,7 +76,7 @@ pub fn smb2_session_setup_response(state: &mut SMBState, r: &Smb2Record) SCLogDebug!("smb2_session_setup_response: tx {:?}", tx); }, None => { - SCLogNotice!("smb2_session_setup_response: tx not found for {:?}", r); + SCLogDebug!("smb2_session_setup_response: tx not found for {:?}", r); }, } }