From: Tom Peters (thopeter) Date: Fri, 6 Apr 2018 19:09:30 +0000 (-0400) Subject: Merge pull request #1174 in SNORT/snort3 from debug_network_inspectors to master X-Git-Tag: 3.0.0-245~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40a13dc04e938242a00d3eebcca26ae85397fc0f;p=thirdparty%2Fsnort3.git Merge pull request #1174 in SNORT/snort3 from debug_network_inspectors to master Squashed commit of the following: commit 78f5d5bf7d36f4da2a9382c7db6bc65210a7a41f Author: Nihal Desai Date: Mon Apr 2 16:59:22 2018 -0400 debug: Remove debug messages from appid, arp_spoof, and perf_monitor --- diff --git a/src/main/snort_debug.h b/src/main/snort_debug.h index 659521de4..538847f8f 100644 --- a/src/main/snort_debug.h +++ b/src/main/snort_debug.h @@ -61,16 +61,13 @@ #define DEBUG_STREAM_STATE 0x0000000400000000LL #define DEBUG_STREAM_PAF 0x0000000800000000LL #define DEBUG_ASN1 0x0000002000000000LL -#define DEBUG_SIP 0x0000100000000000LL #define DEBUG_CODEC 0x0001000000000000LL -#define DEBUG_INSPECTOR 0x0002000000000000LL #define DEBUG_IPS_ACTION 0x0004000000000000LL #define DEBUG_IPS_OPTION 0x0008000000000000LL #define DEBUG_MPSE 0x0010000000000000LL #define DEBUG_SO_RULE 0x0020000000000000LL #define DEBUG_LOGGER 0x0040000000000000LL -#define DEBUG_APPID 0x0400000000000000LL #ifdef PIGLET #define DEBUG_PIGLET 0x0800000000000000LL diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index 91d520c0f..fc5c678e8 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -35,7 +35,6 @@ #include "log/messages.h" #include "log/unified2.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "target_based/snort_protocols.h" #include "utils/util_cstring.h" @@ -274,8 +273,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa if (config_file == nullptr) return; - DebugFormat(DEBUG_APPID, "Loading configuration file %s\n", path); - while (fgets(buf, sizeof(buf), config_file) != nullptr) { char* context; @@ -320,9 +317,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa } else { - DebugFormat(DEBUG_APPID, - "AppId: setting max thirdparty inspection flow depth to %d packets.\n", - max_tp_flow_depth); config->max_tp_flow_depth = max_tp_flow_depth; } } @@ -330,62 +324,40 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa { if (!(strcasecmp(conf_val, "enabled"))) { - DebugMessage(DEBUG_APPID, - "AppId: TCP probes will be analyzed by NAVL.\n"); - config->tp_allow_probes = 1; } } else if (!(strcasecmp(conf_key, "tp_client_app"))) { - DebugFormat(DEBUG_APPID, - "AppId: if thirdparty reports app %d, we will use it as a client.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_TP_CLIENT); } else if (!(strcasecmp(conf_key, "ssl_reinspect"))) { - DebugFormat(DEBUG_APPID, - "AppId: adding app %d to list of SSL apps that get more granular inspection.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT); } else if (!(strcasecmp(conf_key, "disable_safe_search"))) { if (!(strcasecmp(conf_val, "disabled"))) { - DebugMessage(DEBUG_APPID, "AppId: disabling safe search enforcement.\n"); config->safe_search_enabled = false; } } else if (!(strcasecmp(conf_key, "ssl_squelch"))) { - DebugFormat(DEBUG_APPID, - "AppId: adding app %d to list of SSL apps that may open a second SSL connection.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH); } else if (!(strcasecmp(conf_key, "defer_to_thirdparty"))) { - DebugFormat(DEBUG_APPID, - "AppId: adding app %d to list of apps where we should take thirdparty ID over the NDE's.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_DEFER); } else if (!(strcasecmp(conf_key, "defer_payload_to_thirdparty"))) { - DebugFormat(DEBUG_APPID, - "AppId: adding app %d to list of apps where we should take " - "thirdparty payload ID over the NDE's.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_DEFER_PAYLOAD); } else if (!(strcasecmp(conf_key, "chp_userid"))) { if (!(strcasecmp(conf_val, "disabled"))) { - DebugMessage(DEBUG_APPID, - "AppId: HTTP UserID collection disabled.\n"); config->chp_userid_disabled = true; continue; } @@ -394,8 +366,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa { if (!(strcasecmp(conf_val, "disabled"))) { - DebugMessage(DEBUG_APPID, - "AppId: HTTP Body header reading disabled.\n"); config->chp_body_collection_disabled = 1; continue; } @@ -404,7 +374,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa { if (!(strcasecmp(conf_val, "disabled"))) { - DebugMessage(DEBUG_APPID, "AppId: FTP userID disabled.\n"); config->ftp_userid_disabled = 1; continue; } @@ -424,8 +393,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa uint8_t temp_val; temp_val = strtol(conf_val, nullptr, 10); set_app_info_priority (temp_appid, temp_val); - DebugFormat(DEBUG_APPID,"AppId: %d Setting priority bit %d .\n", - temp_appid, temp_val); } else if (!(strcasecmp(conf_key, "referred_appId"))) { @@ -448,9 +415,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa sizeof(referred_app_list) - referred_app_index, "%d ", id); set_app_info_flags(id, APPINFO_FLAG_REFERRED); } - DebugFormat(DEBUG_APPID, - "AppId: adding appIds to list of referred web apps: %s\n", - referred_app_list); } } else if (!(strcasecmp(conf_key, "rtmp_max_packets"))) @@ -471,9 +435,6 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa } else if (!(strcasecmp(conf_key, "ignore_thirdparty_appid"))) { - DebugFormat(DEBUG_APPID, - "AppId: adding app %d to list of ignore thirdparty apps.\n", - atoi(conf_val)); set_app_info_flags(atoi(conf_val), APPINFO_FLAG_IGNORE); } else if (!(strcasecmp(conf_key, "http2_detection"))) @@ -485,12 +446,10 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa // ports. if (!(strcasecmp(conf_val, "disabled"))) { - DebugMessage(DEBUG_APPID, "AppId: disabling internal HTTP/2 detection.\n"); config->http2_detection_enabled = false; } else if (!(strcasecmp(conf_val, "enabled"))) { - DebugMessage(DEBUG_APPID, "AppId: enabling internal HTTP/2 detection.\n"); config->http2_detection_enabled = true; } else diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 143a1d9a0..9fe2ac951 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -35,7 +35,6 @@ #include "appid_utils/network_set.h" #include "appid_utils/ip_funcs.h" #endif -#include "main/snort_debug.h" #include "main/snort_config.h" #include "log/messages.h" #include "utils/util.h" @@ -295,8 +294,6 @@ void AppIdConfig::configure_analysis_networks(char* toklist[], uint32_t flag) six = ias6->range_max; NetworkSetManager::ntoh_ipv6(&six); inet_ntop(AF_INET6, (struct in6_addr*)&six, max_ip, sizeof(max_ip)); - DebugFormat(DEBUG_APPID, "Adding %s-%s (0x%08X) with zone %d\n", min_ip, max_ip, - ias6->addr_flags, zone); if (zone >= 0) { if (!(my_net_list = net_list_by_zone[zone])) @@ -348,8 +345,6 @@ void AppIdConfig::configure_analysis_networks(char* toklist[], uint32_t flag) else zone = -1; ias->addr_flags |= flag; - DebugFormat(DEBUG_APPID, "Adding 0x%08X-0x%08X (0x%08X) with zone %d\n", - ias->range_min, ias->range_max, ias->addr_flags, zone); if (zone >= 0) { if (!(my_net_list = net_list_by_zone[zone])) @@ -645,7 +640,6 @@ int AppIdConfig::load_analysis_config(const char* config_file, int reload, int i if (!config_file || (!config_file[0])) { char addrString[sizeof("0.0.0.0/0")]; - DebugMessage(DEBUG_APPID, "Defaulting to monitoring all Snort traffic for AppID.\n"); toklist[1] = nullptr; toklist[0] = addrString; strcpy(addrString,"0.0.0.0/0"); @@ -658,7 +652,6 @@ int AppIdConfig::load_analysis_config(const char* config_file, int reload, int i } else { - DebugFormat(DEBUG_APPID, "Loading configuration file: %s", config_file); FILE* fp; if (!(fp = fopen(config_file, "r"))) @@ -701,7 +694,6 @@ int AppIdConfig::load_analysis_config(const char* config_file, int reload, int i { char* instance_toklist[2]; char addrString[sizeof("0.0.0.0/0")]; - DebugMessage(DEBUG_APPID, "Defaulting to monitoring all Snort traffic for AppID.\n"); instance_toklist[0] = addrString; instance_toklist[1] = nullptr; strcpy(addrString,"0.0.0.0/0"); @@ -734,8 +726,6 @@ int AppIdConfig::load_analysis_config(const char* config_file, int reload, int i void AppIdConfig::set_safe_search_enforcement(bool enabled) { - DEBUG_WRAP(DebugFormat(DEBUG_APPID, - " Safe Search Enforcement enabled = %d.\n", enabled); ); mod_config->safe_search_enabled = enabled; } diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index fd5b1ae9c..1011090f9 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -40,6 +40,8 @@ using namespace snort; using namespace std; +Trace TRACE_NAME(appid_module); + //------------------------------------------------------------------------- // appid module //------------------------------------------------------------------------- @@ -182,7 +184,7 @@ static const RuleMap appid_rules[] = #endif AppIdModule::AppIdModule() : - Module(MOD_NAME, MOD_HELP, s_params) + Module(MOD_NAME, MOD_HELP, s_params, false, &TRACE_NAME(appid_module)) { config = nullptr; } @@ -204,7 +206,7 @@ const AppIdModuleConfig* AppIdModule::get_data() return temp; } -bool AppIdModule::set(const char*, Value& v, SnortConfig*) +bool AppIdModule::set(const char* fqn, Value& v, SnortConfig* c) { #ifdef USE_RNA_CONFIG if ( v.is("conf") ) @@ -234,7 +236,7 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("log_all_sessions") ) config->log_all_sessions = v.get_bool(); else - return false; + return Module::set(fqn, v, c); return true; } diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 94ea6ba83..dad5114bf 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -30,6 +30,8 @@ extern THREAD_LOCAL snort::ProfileStats appidPerfStats; +extern Trace TRACE_NAME(appid_module); + #define MOD_NAME "appid" #define MOD_HELP "application and service identification" diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc index edff4c83a..0e8191893 100644 --- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc +++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc @@ -25,12 +25,9 @@ #include "sf_mlmp.h" -#include "main/snort_debug.h" #include "search_engines/search_tool.h" #include "utils/util.h" -#define _MLMP_DEBUG 0 - struct tPatternNode { tMlmpPattern pattern; @@ -79,7 +76,6 @@ struct tMatchedPatternList static int compareMlmpPatterns(const void* p1, const void* p2); static int createTreesRecusively(tMlmpTree* root); static void destroyTreesRecursively(tMlmpTree* root); -static void dumpTreesRecursively(tMlmpTree* root); static int addPatternRecursively(tMlmpTree* root, const tMlmpPattern* inputPatternList, void* metaData, uint32_t level); static tPatternNode* urlPatternSelector(const tMatchedPatternList* matchList, const @@ -177,10 +173,6 @@ void mlmpDestroy(tMlmpTree* root) destroyTreesRecursively(root); } -void mlmpDump(tMlmpTree* root) -{ - dumpTreesRecursively(root); -} /**tMlmpPattern comparator: compares patterns based on pattern, patternSize. This will * result in alphabetical order. Notice that patternId is ignored here. @@ -268,47 +260,6 @@ static void destroyTreesRecursively(tMlmpTree* rootNode) snort_free(rootNode); } -static void dumpTreesRecursively(tMlmpTree* rootNode) -{ -#ifdef DEBUG - uint32_t prefixSize = 4 * (rootNode->level) + 2; - - if (prefixSize > 40) - prefixSize = 40; - - char prefix[41]; - memset(prefix, ' ', prefixSize); - prefix[prefixSize] = '\0'; -#endif - - for (tPatternPrimaryNode* primaryPatternNode = rootNode->patternList; - primaryPatternNode; - primaryPatternNode = primaryPatternNode->nextPrimaryNode) - { - DebugFormat(DEBUG_APPID, "%s%u. Primary id %u. partTotal %u, Data %p\n", prefix, - rootNode->level+1, - primaryPatternNode->patternNode.patternId, - primaryPatternNode->patternNode.partTotal, - primaryPatternNode->patternNode.userData); - - for (tPatternNode* ddPatternNode = &primaryPatternNode->patternNode; - ddPatternNode; - ddPatternNode = ddPatternNode->nextPattern) - { - DebugFormat(DEBUG_APPID, "%s\t part %u/%u: Pattern %s, size %u\n", prefix, - ddPatternNode->partNum, - ddPatternNode->partTotal, - (const char*)ddPatternNode->pattern.pattern, - (uint32_t)ddPatternNode->pattern.patternSize); - } - - if (primaryPatternNode->nextLevelMatcher) - { - dumpTreesRecursively(primaryPatternNode->nextLevelMatcher); - } - } -} - /*compares multipart patterns, and orders then according to . Comparing multi-parts alphanumerically does not make sense. */ static int compareMlmpPatternList(const tPatternNode* p1, const tPatternNode* p2) @@ -332,27 +283,6 @@ static tPatternNode* patternSelector(const tMatchedPatternList* patternMatchList patternId = 0; patternSize = maxPatternSize = 0; -#if _MLMP_DEBUG - tPatternNode* ddPatternNode; - DebugMessage(DEBUG_APPID, "\tMatches found -------------------\n"); for (tmpList = - patternMatchList; - tmpList; - tmpList = tmpList->next) - { - ddPatternNode = tmpList->patternNode; - { - DebugFormat(DEBUG_APPID, - "\t\tid %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n", - ddPatternNode->patternId, - ddPatternNode->pattern.pattern, - (uint32_t)ddPatternNode->pattern.patternSize, - ddPatternNode->partNum, - ddPatternNode->partTotal, - ddPatternNode->userData); - } - } -#endif - for (tmpList = patternMatchList; tmpList; tmpList = tmpList->next) @@ -394,23 +324,6 @@ static tPatternNode* patternSelector(const tMatchedPatternList* patternMatchList } } -#if _MLMP_DEBUG - if (bestNode) - { - ddPatternNode = bestNode; - { - DebugFormat(DEBUG_APPID, - "\t\tSELECTED Id %d, pattern %s, size %u, partNum %u, partTotal %u, userData %p\n", - ddPatternNode->patternId, - ddPatternNode->pattern.pattern, - (uint32_t)ddPatternNode->pattern.patternSize, - ddPatternNode->partNum, - ddPatternNode->partTotal, - ddPatternNode->userData); - } - } - DebugMessage(DEBUG_APPID, "\tMatches end -------------------\n"); -#endif return bestNode; } @@ -436,17 +349,6 @@ static int patternMatcherCallback(void* id, void*, int match_end_pos, void* data /*sort matches by patternId, and then by partId or pattern// */ -#if _MLMP_DEBUG - DebugFormat(DEBUG_APPID, - "\tCallback id %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n", - target->patternId, - target->pattern.pattern, - (uint32_t)target->pattern.patternSize, - target->partNum, - target->partTotal, - target->userData); -#endif - for (prevNode = nullptr, tmpList = *matchList; tmpList; prevNode = tmpList, tmpList = tmpList->next) diff --git a/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc b/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc index 69952654b..8e3addced 100644 --- a/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc +++ b/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc @@ -28,7 +28,6 @@ #include "app_info_table.h" #include "application_ids.h" -#include "main/snort_debug.h" #include "protocols/packet.h" #include "utils/sflsq.h" #include "utils/util.h" diff --git a/src/network_inspectors/appid/client_plugins/client_app_msn.cc b/src/network_inspectors/appid/client_plugins/client_app_msn.cc index 409ba608e..8a6f845a8 100644 --- a/src/network_inspectors/appid/client_plugins/client_app_msn.cc +++ b/src/network_inspectors/appid/client_plugins/client_app_msn.cc @@ -23,7 +23,6 @@ #include "config.h" #endif -#include "main/snort_debug.h" #include "client_app_msn.h" diff --git a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc index 9da4e463d..8d8099740 100644 --- a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc +++ b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc @@ -25,7 +25,6 @@ #include "client_app_rtp.h" -#include "main/snort_debug.h" #include "protocols/packet.h" #include "utils/sflsq.h" #include "utils/util.h" diff --git a/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc b/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc index deb340644..237590cf1 100644 --- a/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc +++ b/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc @@ -25,7 +25,6 @@ #include "client_app_timbuktu.h" -#include "main/snort_debug.h" #include "protocols/packet.h" #include "utils/sflsq.h" #include "utils/util.h" diff --git a/src/network_inspectors/appid/client_plugins/client_detector.cc b/src/network_inspectors/appid/client_plugins/client_detector.cc index 66d368e37..b12d04915 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.cc +++ b/src/network_inspectors/appid/client_plugins/client_detector.cc @@ -30,7 +30,6 @@ #include "appid_session.h" #include "lua_detector_api.h" #include "protocols/packet.h" -#include "main/snort_debug.h" #include "log/messages.h" static THREAD_LOCAL unsigned client_module_index = 0; @@ -57,8 +56,6 @@ void ClientDetector::register_appid(AppId appId, unsigned extractsInfo) extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER); if (!extractsInfo) { - DebugFormat(DEBUG_LOG, - "Ignoring direct client application without info for AppId: %d", appId); return; } diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc index 41ab5f64d..323003db2 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc @@ -28,7 +28,6 @@ #include "app_info_table.h" #include "application_ids.h" -#include "main/snort_debug.h" #include "protocols/packet.h" enum KerberosState @@ -133,8 +132,6 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ krbs->pos++; break; case KRB_STATE_APP: - DebugFormat(DEBUG_APPID,"%p Type %d (%02X)\n", - (void*)&asd, *s & (~ASN_1_TYPE_MASK), *s); if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT)) return KRB_FAILED; krbs->msg_type = *s & (~ASN_1_TYPE_MASK); @@ -211,7 +208,6 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ krbs->pos++; break; case KRB_STATE_ERROR_VALUE: - DebugFormat(DEBUG_APPID,"%p Error %hhu\n", (void*)&asd, *s); if (krbs->msg_len <= 1) { krbs->flags |= KRB_FLAG_SERVICE_DETECTED; @@ -223,13 +219,11 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ if (*s == KDC_ERR_PREAUTH_FAILED) { - DebugFormat(DEBUG_APPID,"%p unAuthorized\n", (void*)&asd); krbs->flags |= KRB_FLAG_AUTH_FAILED; } krbs->state = KRB_STATE_FIELD; break; case KRB_STATE_FIELD: - DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s); if (krbs->msg_len < 2 || *s <= krbs->tag || (*s & ASN_1_TYPE_MASK) != 0xa0) return KRB_FAILED; krbs->tag = *s; @@ -350,7 +344,6 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ { if (krbs->pos) { - DebugFormat(DEBUG_APPID,"%p Name %u\n", (void*)&asd, krbs->pos); krbs->cname[krbs->pos] = 0; krbs->flags |= KRB_FLAG_USER_DETECTED; } @@ -413,7 +406,6 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ if (krbs->msg_len <= 1) { /*end of server response message */ - DebugFormat(DEBUG_APPID,"%p Valid\n", (void*)&asd); if (krbs->flags & KRB_FLAG_SERVICE_DETECTED) if (!asd.is_service_detected() && pkt) krb_service_detector->add_service(asd, pkt, dir, APP_ID_KERBEROS, @@ -509,7 +501,6 @@ int KerberosServiceDetector::validate(AppIdDiscoveryArgs& args) if (krb_walk_server_packet(&fd->svr_state, s, end, args.asd, args.pkt, args.dir, fd->clnt_state.cname) == KRB_FAILED) { - DebugFormat(DEBUG_APPID,"%p Failed\n", (void*)&args.asd); if (!args.asd.is_service_detected()) { fail_service(args.asd, args.pkt, args.dir); @@ -576,8 +567,6 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t krbs->pos++; break; case KRB_STATE_APP: - DebugFormat(DEBUG_APPID,"%p Type %d (%02X)\n", - (void*)&asd, *s & (~ASN_1_TYPE_MASK), *s); if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT)) return KRB_FAILED; krbs->msg_type = *s & (~ASN_1_TYPE_MASK); @@ -644,7 +633,6 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t krbs->tag = 0xa2; break; case KRB_STATE_FIELD: - DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s); if (krbs->msg_len < 2 || *s <= krbs->tag || (*s & ASN_1_TYPE_MASK) != 0xa0) return KRB_FAILED; krbs->tag = *s; @@ -668,7 +656,6 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t { if (krbs->msg_len <= 1) { - DebugFormat(DEBUG_APPID,"%p Valid\n", (void*)&asd); if (!krbs->added) { add_app(asd, APP_ID_KERBEROS, APP_ID_KERBEROS, krbs->ver); @@ -700,7 +687,6 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t break; case KRB_STATE_FIELD_LEVEL2: - DebugFormat(DEBUG_APPID,"%p Tag %02X\n", (void*)&asd, *s); if (krbs->msg_len <= 1) { krbs->state = KRB_STATE_APP; @@ -815,7 +801,6 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t { if (krbs->pos) { - DebugFormat(DEBUG_APPID,"%p Name %u\n", (void*)&asd, krbs->pos); krbs->cname[krbs->pos] = 0; } if (krbs->msg_len <= 1) @@ -921,7 +906,6 @@ int KerberosClientDetector::validate(AppIdDiscoveryArgs& args) { if (krb_walk_client_packet(&fd->clnt_state, s, end, args.asd) == KRB_FAILED) { - DebugFormat(DEBUG_APPID,"%p Failed\n", (void*)&args.asd); args.asd.set_client_detected(); args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); return APPID_SUCCESS; @@ -930,7 +914,6 @@ int KerberosClientDetector::validate(AppIdDiscoveryArgs& args) else if (krb_walk_server_packet(&fd->svr_state, s, end, args.asd, nullptr, args.dir, fd->clnt_state.cname) == KRB_FAILED) { - DebugFormat(DEBUG_APPID,"%p Server Failed\n", (void*)&args.asd); args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); } return APPID_INPROCESS; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index a46a4ca0d..84f2bdf2a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -27,10 +27,10 @@ #include "app_info_table.h" #include "log/messages.h" -#include "main/snort_debug.h" #include "protocols/packet.h" #include "search_engines/search_tool.h" + static THREAD_LOCAL PatternServiceDetector* service_pattern_detector; static THREAD_LOCAL PatternClientDetector* client_pattern_detector; @@ -38,12 +38,12 @@ static void dumpPatterns(const char* name, PatternService* pList) { UNUSED(name); - DebugFormat(DEBUG_LOG,"Adding pattern for \"%s\"\n", name); + trace_logf(appid_module,"Adding pattern for \"%s\"\n", name); for (PatternService* ps = pList; ps; ps = ps->next) for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) if (pattern->data && pattern->length) { - DebugFormat(DEBUG_LOG,"\t\t%s, %u\n",pattern->data, pattern->length); + trace_logf(appid_module,"\t\t%s, %u\n",pattern->data, pattern->length); } } @@ -330,14 +330,12 @@ void PatternServiceDetector::register_service_patterns() { if (ps->proto == IpProtocol::TCP) { - DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length); handler->register_tcp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); register_pattern(&tcp_pattern_matcher, pattern); } else { - DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length); handler->register_udp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); register_pattern(&udp_pattern_matcher, pattern); @@ -604,14 +602,12 @@ void PatternClientDetector::register_client_patterns() { if (ps->proto == IpProtocol::TCP) { - DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length); handler->register_tcp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); register_pattern(&tcp_pattern_matcher, pattern); } else { - DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length); handler->register_udp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); register_pattern(&udp_pattern_matcher, pattern); diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h index a140b3415..2ddc52102 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h @@ -26,6 +26,9 @@ #include "client_plugins/client_detector.h" #include "service_plugins/service_detector.h" +#include "main/snort_debug.h" +extern Trace TRACE_NAME(appid_module); + namespace snort { class SearchTool; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 486ced25b..d4d42d84f 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -367,9 +367,6 @@ void SipServiceDetector::addFutureRtpFlows(SipEvent& event, AppIdSession& asd) if ( !session_a || !session_b ) return; - DebugFormat(DEBUG_SIP, "Adding future media sessions ID: %u and %u\n", - session_b->get_id(), session_b->get_id()); - session_a->begin_media_data(); session_b->begin_media_data(); @@ -378,12 +375,6 @@ void SipServiceDetector::addFutureRtpFlows(SipEvent& event, AppIdSession& asd) while ( media_a && media_b ) { - DEBUG_WRAP( snort::SfIpString ip_str; ) - DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %hu\n", - media_a->get_address()->ntop(ip_str), media_a->get_port()); - DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %hu\n", - media_b->get_address()->ntop(ip_str), media_b->get_port()); - createRtpFlow(asd, event.get_packet(), media_a->get_address(), media_a->get_port(), media_b->get_address(), media_b->get_port(), IpProtocol::UDP, APP_ID_RTP); createRtpFlow(asd, event.get_packet(), media_b->get_address(), media_b->get_port(), diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 608bfeca1..f2dd7609c 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -25,9 +25,6 @@ void ErrorMessage(const char*,...) {} void WarningMessage(const char*,...) {} void LogMessage(const char*,...) {} void ParseWarning(WarningGroup, const char*, ...) {} -#ifdef DEBUG_MSGS -void Debug::print(const char*, int, uint64_t, const char*, ...) {} -#endif namespace snort { diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index f3ebe1180..4a5ca4898 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -45,7 +45,6 @@ #include "detector_plugins/detector_pattern.h" #include "hash/xhash.h" #include "log/messages.h" -#include "main/snort_debug.h" #include "main/snort_types.h" #include "profiler/profiler.h" #include "protocols/packet.h" @@ -61,7 +60,7 @@ enum LuaLogLevels LUA_LOG_WARN = 2, LUA_LOG_NOTICE = 3, LUA_LOG_INFO = 4, - LUA_LOG_DEBUG = 5, + LUA_LOG_TRACE = 5, }; ProfileStats luaDetectorsPerfStats; @@ -259,8 +258,8 @@ static int detector_log_message(lua_State* L) LogMessage("%s:%s\n", name.c_str(), message); break; - case LUA_LOG_DEBUG: - DebugFormat(DEBUG_APPID, "%s:%s\n", name.c_str(), message); + case LUA_LOG_TRACE: + trace_logf(appid_module, "%s:%s\n", name.c_str(), message); break; default: @@ -2352,8 +2351,6 @@ int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) } lua_getglobal(my_lua_state, validateFn); - DebugFormat(DEBUG_APPID, "lua detector %s validating: Lua Memory usage %d\n", - package_info.name.c_str(), lua_gc(my_lua_state, LUA_GCCOUNT, 0)); if ( lua_pcall(my_lua_state, 0, 1, 0) ) { @@ -2379,7 +2376,6 @@ int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) int rc = lua_tonumber(my_lua_state, -1); lua_pop(my_lua_state, 1); - DebugFormat(DEBUG_APPID, "lua detector %s: status: %d\n", package_info.name.c_str(), rc); ldp.pkt = nullptr; return rc; } diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h index f07cb07cf..36f7f3e20 100644 --- a/src/network_inspectors/appid/lua_detector_api.h +++ b/src/network_inspectors/appid/lua_detector_api.h @@ -30,6 +30,9 @@ #include "client_plugins/client_detector.h" #include "service_plugins/service_detector.h" +#include "main/snort_debug.h" +extern Trace TRACE_NAME(appid_module); + namespace snort { struct Packet; diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 0e4cda85d..4a603b732 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -35,7 +35,6 @@ #include "lua_detector_api.h" #include "lua_detector_flow_api.h" #include "detector_plugins/detector_http.h" -#include "main/snort_debug.h" #include "utils/util.h" #include "utils/sflsq.h" #include "log/messages.h" @@ -224,10 +223,6 @@ static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers) numTrackers); } } - else - { - DebugMessage(DEBUG_LOG, "hostServiceTrackerModule.setHostServiceTrackerSize not found"); - } lua_pop(L, 1); @@ -243,10 +238,6 @@ static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers) ErrorMessage("error setting tracker size"); } } - else - { - DebugMessage(DEBUG_LOG, "flowTrackerModule.setFlowTrackerSize not found"); - } lua_pop(L, 1); } @@ -342,7 +333,6 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom) allocated_detectors.push_front(detector); num_lua_detectors++; - DebugFormat(DEBUG_LOG,"Loaded detector %s\n", detectorName); } void LuaDetectorManager::load_lua_detectors(const char* path, bool isCustom) diff --git a/src/network_inspectors/appid/service_plugins/service_detector.cc b/src/network_inspectors/appid/service_plugins/service_detector.cc index b5cdbc9d9..0d8438789 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.cc +++ b/src/network_inspectors/appid/service_plugins/service_detector.cc @@ -31,7 +31,6 @@ #include "lua_detector_api.h" #include "protocols/packet.h" -#include "main/snort_debug.h" #include "log/messages.h" #include "sfip/sf_ip.h" @@ -60,10 +59,7 @@ void ServiceDetector::register_appid(AppId appId, unsigned extractsInfo) } extractsInfo &= (APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_SERVICE_UDP_REVERSED); if (!extractsInfo) - { - DebugFormat(DEBUG_APPID, "Ignoring direct service without info for AppId %d\n", appId); return; - } pEntry->service_detector = this; pEntry->flags |= extractsInfo; } diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index 11fb05c8e..c2b0eaa4a 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -40,7 +40,6 @@ using namespace snort; -/*#define APPID_DEBUG_RPC 1 */ enum RPCState { @@ -482,18 +481,8 @@ int RpcServiceDetector::rpc_udp_validate(AppIdDiscoveryArgs& args) rd->xid = 0xFFFFFFFF; } -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "Begin %u -> %u %u %d state %d\n", pkt->src_port, pkt->dst_port, - args.asd.proto, dir, rd->state); -#endif - rval = validate_packet(data, size, dir, args.asd, pkt, rd, &pname, &program); -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "End %u -> %u %u %d state %d rval %d\n", pkt->src_port, pkt->dst_port, - args.asd.proto, dir, rd->state, rval); -#endif - done: switch (rval) { @@ -731,18 +720,10 @@ int RpcServiceDetector::rpc_tcp_validate(AppIdDiscoveryArgs& args) { if (rd->tcpsize[dir] & RPC_TCP_FRAG_MASK) { -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "V Begin %u -> %u %u %d state %d\n", - pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state); -#endif ret = validate_packet(rd->tcpdata[dir], rd->tcppos[dir], dir, args.asd, pkt, rd, &pname, &program); -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "V End %u -> %u %u %d state %d rval %d\n", - pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state, ret); -#endif if (retval == -1) retval = ret; @@ -810,18 +791,10 @@ int RpcServiceDetector::rpc_tcp_validate(AppIdDiscoveryArgs& args) { if (rd->tcpsize[dir] & RPC_TCP_FRAG_MASK) { -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "P Begin %u -> %u %u %d state %d\n", pkt->src_port, - pkt->dst_port, args.asd.proto, dir, rd->state); -#endif ret = validate_packet(rd->tcpdata[dir], rd->tcppos[dir], dir, args.asd, pkt, rd, &pname, &program); -#ifdef APPID_DEBUG_RPC - fprintf(SF_DEBUG_FILE, "P End %u -> %u %u %d state %d rval %d\n", - pkt->src_port, pkt->dst_port, args.asd.proto, dir, rd->state, ret); -#endif if (retval == -1) retval = ret; diff --git a/src/network_inspectors/appid/service_plugins/service_ssh.cc b/src/network_inspectors/appid/service_plugins/service_ssh.cc index f47307fd4..af6d31436 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssh.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssh.cc @@ -27,7 +27,6 @@ #include "app_info_table.h" #include "application_ids.h" -#include "main/snort_debug.h" #define SSH_PORT 22 diff --git a/src/network_inspectors/appid/service_plugins/service_telnet.cc b/src/network_inspectors/appid/service_plugins/service_telnet.cc index ca0d181ec..e811cac40 100644 --- a/src/network_inspectors/appid/service_plugins/service_telnet.cc +++ b/src/network_inspectors/appid/service_plugins/service_telnet.cc @@ -35,7 +35,6 @@ #include "appid_session.h" #include "application_ids.h" -#include "main/snort_debug.h" #include "utils/util.h" #define TELNET_COUNT_THRESHOLD 3 diff --git a/src/network_inspectors/appid/test/app_info_table_test.cc b/src/network_inspectors/appid/test/app_info_table_test.cc index 4e11ff94b..0d3d59856 100644 --- a/src/network_inspectors/appid/test/app_info_table_test.cc +++ b/src/network_inspectors/appid/test/app_info_table_test.cc @@ -46,10 +46,6 @@ void WarningMessage(const char*,...) { } void LogMessage(const char*,...) { } void ParseWarning(WarningGroup, const char*, ...) { } -#ifdef DEBUG_MSGS -void Debug::print(const char*, int, uint64_t, const char*, ...) { } -#endif - const char* UT_TEST_APP_NAME_001 = "ut_app_001"; const char* UT_TEST_APP_NAME_002 = "ut_app_002"; const char* UT_TEST_APP_NAME_TOO_LONG = diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 0b0daff13..e58e6b131 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -52,10 +52,6 @@ void Field::set(int32_t length, const uint8_t* start, bool own_the_buffer_) Field global_field; -#ifdef DEBUG_MSGS -void Debug::print(const char*, int, uint64_t, const char*, ...) { } -#endif - void ErrorMessage(const char*,...) { } void WarningMessage(const char*,...) { } void LogMessage(const char*,...) { } diff --git a/src/network_inspectors/appid/thirdparty_appid_utils.cc b/src/network_inspectors/appid/thirdparty_appid_utils.cc index 124d1b5bc..add725b44 100644 --- a/src/network_inspectors/appid/thirdparty_appid_utils.cc +++ b/src/network_inspectors/appid/thirdparty_appid_utils.cc @@ -28,7 +28,6 @@ #include #include "log/messages.h" -#include "main/snort_debug.h" #include "profiler/profiler.h" #include "protocols/packet.h" #include "stream/stream.h" @@ -108,8 +107,6 @@ static int LoadCallback(const char* const path, int /* indent */) return 0; } - DEBUG_WRAP(DebugFormat(DEBUG_APPID, "Found 3rd party AppID module (%s).\n", - tp_module->module_name ? tp_module->module_name : ""); ); module_handle = handle; thirdparty_appid_module = tp_module; return 0; @@ -146,10 +143,8 @@ void ThirdPartyAppIDInit(const AppIdModuleConfig* config) // _dpd.loadAllLibs(thirdparty_appid_dir, LoadCallback); if (thirdparty_appid_module == nullptr) { - DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"); ); return; } - memset(&thirdpartyConfig, 0, sizeof(thirdpartyConfig)); thirdpartyConfig.chp_body_collection_max = config->chp_body_collection_max; thirdpartyConfig.ftp_userid_disabled = config->ftp_userid_disabled; @@ -179,10 +174,6 @@ void ThirdPartyAppIDInit(const AppIdModuleConfig* config) thirdparty_appid_module = nullptr; return; } - - DEBUG_WRAP(DebugFormat(DEBUG_APPID, - "3rd party AppID module loaded and initialized OK (%s).\n", - thirdparty_appid_module->module_name ? thirdparty_appid_module->module_name : ""); ); } void ThirdPartyAppIDReconfigure() @@ -191,7 +182,6 @@ void ThirdPartyAppIDReconfigure() if (thirdparty_appid_module == nullptr) { - DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"); ); return; } @@ -209,9 +199,6 @@ void ThirdPartyAppIDReconfigure() ErrorMessage("Unable to reconfigure 3rd party AppID module (%d)!\n", ret); return; } - - DEBUG_WRAP(DebugFormat(DEBUG_APPID, "3rd party AppID module reconfigured OK (%s).\n", - thirdparty_appid_module->module_name ? thirdparty_appid_module->module_name : ""); ); } void ThirdPartyAppIDFini() @@ -227,8 +214,6 @@ void ThirdPartyAppIDFini() module_handle = nullptr; thirdparty_appid_module = nullptr; - DEBUG_WRAP(DebugMessage(DEBUG_APPID, - "3rd party AppID module finalized and unloaded OK.\n"); ); } } diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc index cee342373..23ae2d686 100644 --- a/src/network_inspectors/arp_spoof/arp_spoof.cc +++ b/src/network_inspectors/arp_spoof/arp_spoof.cc @@ -104,34 +104,6 @@ static IPMacEntry* LookupIPMacEntryByIP( return nullptr; } -#ifdef DEBUG_MSGS -static void PrintIPMacEntryList(IPMacEntryList& ipmel) -{ - if ( ipmel.empty() ) - return; - - LogMessage("Arpspoof IPMacEntry List"); - LogMessage(" Size: %zu\n", ipmel.size()); - - for ( auto p : ipmel ) - { - SfIp in; - in.set(&p.ipv4_addr, AF_INET); - SfIpString ip_str; - LogMessage(" %s -> ", in.ntop(ip_str)); - - for (int i = 0; i < 6; i++) - { - LogMessage("%02x", p.mac_addr[i]); - if (i != 5) - LogMessage(":"); - } - LogMessage("\n"); - } -} - -#endif - //------------------------------------------------------------------------- // class stuff //------------------------------------------------------------------------- @@ -163,10 +135,6 @@ void ArpSpoof::show(SnortConfig*) { LogMessage("arpspoof configured\n"); -#ifdef DEBUG_MSGS - if ( Debug::enabled(DEBUG_INSPECTOR) ) - PrintIPMacEntryList(config->ipmel); -#endif } void ArpSpoof::eval(Packet* p) @@ -228,13 +196,11 @@ void ArpSpoof::eval(Packet* p) if (memcmp((const u_char*)dst_mac_addr, (const u_char*)bcast, 6) != 0) { DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_UNICAST_ARP_REQUEST); - DebugMessage(DEBUG_INSPECTOR, "MODNAME: Unicast request\n"); } else if (memcmp((const u_char*)src_mac_addr, (const u_char*)ah->arp_sha, 6) != 0) { DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC); - DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch request\n"); } break; case ARPOP_REPLY: @@ -242,13 +208,11 @@ void ArpSpoof::eval(Packet* p) (const u_char*)ah->arp_sha, 6) != 0) { DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC); - DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch reply src\n"); } else if (memcmp((const u_char*)dst_mac_addr, (const u_char*)ah->arp_tha, 6) != 0) { DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ETHERFRAME_ARP_MISMATCH_DST); - DebugMessage(DEBUG_INSPECTOR, "MODNAME: Ethernet/ARP mismatch reply dst\n"); } break; } @@ -260,9 +224,6 @@ void ArpSpoof::eval(Packet* p) IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32); if ( ipme ) { - DebugFormat(DEBUG_INSPECTOR, - "MODNAME: LookupIPMacEntryByIP returned %p\n", (void*)ipme); - auto cmp_ether_src = memcmp(src_mac_addr, ipme->mac_addr, 6); auto cmp_arp_sha = memcmp(ah->arp_sha, ipme->mac_addr, 6); @@ -271,14 +232,8 @@ void ArpSpoof::eval(Packet* p) if ( cmp_ether_src || cmp_arp_sha ) { DetectionEngine::queue_event(GID_ARP_SPOOF, ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK); - DebugMessage(DEBUG_INSPECTOR, "MODNAME: Attempted ARP cache overwrite attack\n"); } } - else - { - DebugMessage(DEBUG_INSPECTOR, - "MODNAME: LookupIPMacEntryByIp returned NULL\n"); - } } //------------------------------------------------------------------------- diff --git a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc index 2ea4ff8e5..da61cb4a8 100644 --- a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc +++ b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc @@ -63,9 +63,6 @@ FlowStateValue* FlowIPTracker::find_stats(const SfIp* src_addr, const SfIp* dst_ if (!node) { - DEBUG_WRAP(DebugMessage(DEBUG_STREAM, - "Key/Value pair didn't exist in the flow stats table and we couldn't add it!\n"); - ); return nullptr; } memset(node->data, 0, sizeof(FlowStateValue));