From: Victor Julien Date: Thu, 4 Jul 2013 15:59:16 +0000 (+0200) Subject: Print pkt src to alert-debug log X-Git-Tag: suricata-2.0beta1~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4a0050b9ead661d64425451cc48267ff3093cf6c;p=thirdparty%2Fsuricata.git Print pkt src to alert-debug log --- diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index f3f5f74896..86a4692d0e 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -197,6 +197,7 @@ TmEcode AlertDebugLogger(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, AlertDebugLogThread *aft = (AlertDebugLogThread *)data; int i; char timebuf[64]; + const char *pkt_src_str = NULL; if (p->alerts.cnt == 0) return TM_ECODE_OK; @@ -210,6 +211,8 @@ TmEcode AlertDebugLogger(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, if (p->pcap_cnt > 0) { MemBufferWriteString(aft->buffer, "PCAP PKT NUM: %"PRIu64"\n", p->pcap_cnt); } + pkt_src_str = PktSrcToString(p->pkt_src); + MemBufferWriteString(aft->buffer, "PKT SRC: %s\n", pkt_src_str); char srcip[46], dstip[46]; if (PKT_IS_IPV4(p)) { @@ -354,6 +357,7 @@ TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQ AlertDebugLogThread *aft = (AlertDebugLogThread *)data; int i; char timebuf[64]; + const char *pkt_src_str = NULL; if (p->alerts.cnt == 0) return TM_ECODE_OK; @@ -369,6 +373,8 @@ TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQ MemBufferWriteString(aft->buffer, "PCAP PKT NUM: %"PRIu64"\n", p->pcap_cnt); } + pkt_src_str = PktSrcToString(p->pkt_src); + MemBufferWriteString(aft->buffer, "PKT SRC: %s\n", pkt_src_str); MemBufferWriteString(aft->buffer, "ALERT CNT: %" PRIu32 "\n", p->alerts.cnt); diff --git a/src/decode.c b/src/decode.c index 4f1c57b4f6..4a574ac064 100644 --- a/src/decode.c +++ b/src/decode.c @@ -432,6 +432,40 @@ inline int PacketSetData(Packet *p, uint8_t *pktdata, int pktlen) return 0; } +const char *PktSrcToString(enum PktSrcEnum pkt_src) { + char *pkt_src_str = ""; + switch (pkt_src) { + case PKT_SRC_WIRE: + pkt_src_str = "wire/pcap"; + break; + case PKT_SRC_DECODER_GRE: + pkt_src_str = "gre tunnel"; + break; + case PKT_SRC_DECODER_IPV4: + pkt_src_str = "ipv4 tunnel"; + break; + case PKT_SRC_DECODER_IPV6: + pkt_src_str = "ipv6 tunnel"; + break; + case PKT_SRC_DECODER_TEREDO: + pkt_src_str = "teredo tunnel"; + break; + case PKT_SRC_DEFRAG: + pkt_src_str = "defrag"; + break; + case PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO: + pkt_src_str = "stream"; + break; + case PKT_SRC_FFR_V2: + pkt_src_str = "stream (flow timeout)"; + break; + case PKT_SRC_FFR_SHUTDOWN: + pkt_src_str = "stream (engine shutdown)"; + break; + } + return pkt_src_str; +} + /** * @} */ diff --git a/src/decode.h b/src/decode.h index c747eb2914..bf1f34a834 100644 --- a/src/decode.h +++ b/src/decode.h @@ -43,7 +43,7 @@ typedef enum { CHECKSUM_VALIDATION_KERNEL, } ChecksumValidationMode; -enum { +enum PktSrcEnum { PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, @@ -779,6 +779,7 @@ Packet *PacketGetFromAlloc(void); int PacketCopyData(Packet *p, uint8_t *pktdata, int pktlen); int PacketSetData(Packet *p, uint8_t *pktdata, int pktlen); int PacketCopyDataOffset(Packet *p, int offset, uint8_t *data, int datalen); +const char *PktSrcToString(enum PktSrcEnum pkt_src); DecodeThreadVars *DecodeThreadVarsAlloc();