From: Tom Peters (thopeter) Date: Tue, 17 Apr 2018 15:09:27 +0000 (-0400) Subject: Merge pull request #1188 in SNORT/snort3 from debug_specific_dir to master X-Git-Tag: 3.0.0-245~42 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc5921a1aac3f006bc5e56fd01bb9f0d35b7678c;p=thirdparty%2Fsnort3.git Merge pull request #1188 in SNORT/snort3 from debug_specific_dir to master Squashed commit of the following: commit 4a9b44279dfa69da6c982b6101678224d5ea9216 Author: Nihal Desai Date: Wed Apr 11 16:33:56 2018 -0400 debug: Remove debug messages from detection and ips_options --- diff --git a/src/detection/detect.cc b/src/detection/detect.cc index 9c9cdcd16..10be0ef27 100644 --- a/src/detection/detect.cc +++ b/src/detection/detect.cc @@ -33,7 +33,6 @@ #include "events/event.h" #include "latency/packet_latency.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "managers/event_manager.h" #include "managers/inspector_manager.h" #include "packet_io/active.h" @@ -134,13 +133,9 @@ void check_tags(Packet* p) if ( DetectionEngine::get_check_tags() and !(p->packet_flags & PKT_REBUILT_STREAM) ) { void* listhead = nullptr; - DebugMessage(DEBUG_FLOW, "calling CheckTagList\n"); if (CheckTagList(p, event, &listhead)) { - DebugMessage(DEBUG_FLOW, "Matching tag node found, " - "calling log functions\n"); - /* if we find a match, we want to send the packet to the * logging mechanism */ diff --git a/src/detection/detect_trace.h b/src/detection/detect_trace.h index ca91df7d2..925289cb9 100644 --- a/src/detection/detect_trace.h +++ b/src/detection/detect_trace.h @@ -43,6 +43,8 @@ enum TRACE_RULE_VARS = 0x10, TRACE_FP_SEARCH = 0x20, TRACE_PKT_DETECTION = 0x40, + TRACE_OPTION_TREE = 0x80, + TRACE_TAG = 0x100, }; void clear_trace_cursor_info(); diff --git a/src/detection/detection_options.cc b/src/detection/detection_options.cc index 4d8a00bd8..9d1e5ea31 100644 --- a/src/detection/detection_options.cc +++ b/src/detection/detection_options.cc @@ -300,7 +300,7 @@ static XHash* DetectionTreeHashTableNew() void print_option_tree(detection_option_tree_node_t* node, int level) { -#ifdef DEBUG_OPTION_TREE +#ifdef DEBUG_MSGS char buf[32]; const char* opt; @@ -314,8 +314,8 @@ void print_option_tree(detection_option_tree_node_t* node, int level) opt = buf; } - DebugFormatNoFileLine(DEBUG_DETECT, "%3d %3d %p %*s\n", - level, node->num_children, node->option_data, level + strlen(opt), opt); + trace_logf(detection, TRACE_OPTION_TREE, "%3d %3d %p %*s\n", + level, node->num_children, node->option_data, (int)(level + strlen(opt)), opt); for ( int i=0; inum_children; i++ ) print_option_tree(node->children[i], level+1); @@ -438,9 +438,6 @@ int detection_option_node_evaluate( if (sig_info.num_services && check_ports) { // none of the services match - DebugFormat(DEBUG_DETECT, - "[**] SID %u not matched because of service mismatch (%d!=%d [**]\n", - sig_info.sid, snort_protocol_id, sig_info.services[0].snort_protocol_id); trace_logf(detection, TRACE_RULE_EVAL, "SID %u not matched because of service mismatch %d!=%d \n", sig_info.sid, snort_protocol_id, sig_info.services[0].snort_protocol_id); diff --git a/src/detection/detection_options.h b/src/detection/detection_options.h index 76b9dfb1c..1f6d4ade2 100644 --- a/src/detection/detection_options.h +++ b/src/detection/detection_options.h @@ -36,6 +36,9 @@ #include "detection/rule_option_types.h" #include "time/clock_defs.h" +#include "main/snort_debug.h" +extern Trace TRACE_NAME(detection); + namespace snort { struct Packet; diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index dfb75728f..5e25059fb 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -307,14 +307,8 @@ int fpEvalRTN(RuleTreeNode* rtn, Packet* p, int check_ports) // FIXIT-L maybe add a port test here ... - DebugFormat(DEBUG_DETECT, "[*] Rule Head %p\n", (void*)rtn); - if (!rtn->rule_func->RuleHeadFunc(p, rtn, rtn->rule_func, check_ports)) { - DebugMessage(DEBUG_DETECT, - " => Header check failed, checking next node\n"); - DebugMessage(DEBUG_DETECT, - " => returned from next node check\n"); return 0; } @@ -1113,10 +1107,6 @@ static inline void fpEvalHeaderTcp(Packet* p, OtnxMatchData* omd) if ( !prmFindRuleGroupTcp(SnortConfig::get_conf()->prmTcpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) return; - DebugFormat(DEBUG_ATTRIBUTE, - "fpEvalHeaderTcp: sport=%d, dport=%d, src:%p, dst:%p, any:%p\n", - p->ptrs.sp,p->ptrs.dp,(void*)src,(void*)dst,(void*)any); - if ( dst ) fpEvalHeaderSW(dst, p, 1, 0, 0, omd); @@ -1134,10 +1124,6 @@ static inline void fpEvalHeaderUdp(Packet* p, OtnxMatchData* omd) if ( !prmFindRuleGroupUdp(SnortConfig::get_conf()->prmUdpRTNX, p->ptrs.dp, p->ptrs.sp, &src, &dst, &any) ) return; - DebugFormat(DEBUG_ATTRIBUTE, - "fpEvalHeaderUdp: sport=%d, dport=%d, src:%p, dst:%p, any:%p\n", - p->ptrs.sp,p->ptrs.dp,(void*)src,(void*)dst,(void*)any); - if ( dst ) fpEvalHeaderSW(dst, p, 1, 0, 0, omd); @@ -1154,30 +1140,19 @@ static inline bool fpEvalHeaderSvc(Packet* p, OtnxMatchData* omd, SnortProtocolI SnortProtocolId snort_protocol_id = p->get_snort_protocol_id(); - DebugFormat(DEBUG_ATTRIBUTE, "snort_protocol_id=%hu\n", snort_protocol_id); - if (snort_protocol_id != UNKNOWN_PROTOCOL_ID and snort_protocol_id != INVALID_PROTOCOL_ID) { if (p->is_from_server()) /* to cli */ { - DebugMessage(DEBUG_ATTRIBUTE, "pkt_from_server\n"); - svc = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, false, snort_protocol_id); file = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, false, SNORT_PROTO_FILE); } if (p->is_from_client()) /* to srv */ { - DebugMessage(DEBUG_ATTRIBUTE, "pkt_from_client\n"); - svc = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, true, snort_protocol_id); file = SnortConfig::get_conf()->sopgTable->get_port_group(proto_id, true, SNORT_PROTO_FILE); } - - DebugFormat(DEBUG_ATTRIBUTE, - "fpEvalHeaderSvc:targetbased-ordinal-lookup: " - "sport=%d, dport=%d, snort_protocol_id=%hu, proto_id=%d, src:%p, " - "file:%p\n",p->ptrs.sp,p->ptrs.dp,snort_protocol_id,proto_id,(void*)svc,(void*)file); } // FIXIT-P put alert service rules with file data fp in alert file group and // verify ports and service during rule eval to avoid searching file data 2x. diff --git a/src/detection/rtn_checks.cc b/src/detection/rtn_checks.cc index 982c2e951..144a5cc83 100644 --- a/src/detection/rtn_checks.cc +++ b/src/detection/rtn_checks.cc @@ -30,7 +30,6 @@ #include "rtn_checks.h" #include "framework/ips_option.h" -#include "main/snort_debug.h" #include "ports/port_object.h" #include "protocols/packet.h" #include "sfip/sf_ip.h" @@ -57,15 +56,12 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p, int except_port_flag = 0; /* port exception flag set */ int ip_match = 0; /* flag to indicate addr match made */ - DebugMessage(DEBUG_DETECT, "CheckAddrPort: "); /* set up the packet particulars */ if (mode & CHECK_SRC_IP) { pkt_addr = p->ptrs.ip_api.get_src(); pkt_port = p->ptrs.sp; - DebugMessage(DEBUG_DETECT,"SRC "); - if (mode & INVERSE) { global_except_addr_flag = flags & EXCEPT_DST_IP; @@ -84,8 +80,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p, pkt_addr = p->ptrs.ip_api.get_dst(); pkt_port = p->ptrs.dp; - DebugMessage(DEBUG_DETECT, "DST "); - if (mode & INVERSE) { global_except_addr_flag = flags & EXCEPT_SRC_IP; @@ -100,9 +94,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p, } } - DEBUG_WRAP( SfIpString ip_str; ) - DebugFormat(DEBUG_DETECT, "addr %s, port %d ", pkt_addr->ntop(ip_str), pkt_port); - if (!rule_addr) goto bail; @@ -113,7 +104,6 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p, } else { - DebugMessage(DEBUG_DETECT, ", global exception flag set"); /* global exception flag is up, we can't match on *any* * of the source addresses */ @@ -127,18 +117,12 @@ static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p, bail: if (!ip_match) { - DebugMessage(DEBUG_DETECT, ", no address match, " - "packet rejected\n"); return 0; } - DebugMessage(DEBUG_DETECT, ", addresses accepted"); - /* if the any port flag is up, we're all done (success) */ if (any_port_flag) { - DebugMessage(DEBUG_DETECT, ", any port match, " - "packet accepted\n"); return 1; } @@ -153,26 +137,19 @@ bail: /* if the exception flag isn't up, fail */ if (!except_port_flag) { - DebugMessage(DEBUG_DETECT, ", port mismatch, " - "packet rejected\n"); return 0; } - DebugMessage(DEBUG_DETECT, ", port mismatch exception"); } else { /* if the exception flag is up, fail */ if (except_port_flag) { - DebugMessage(DEBUG_DETECT, - ", port match exception, packet rejected\n"); return 0; } - DebugMessage(DEBUG_DETECT, ", ports match"); } /* ports and address match */ - DebugMessage(DEBUG_DETECT, ", packet accepted!\n"); return 1; } @@ -182,78 +159,44 @@ bail: int CheckBidirectional(Packet* p, RuleTreeNode* rtn_idx, RuleFpList*, int check_ports) { - DebugMessage(DEBUG_DETECT, "Checking bidirectional rule...\n"); - if (CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p, rtn_idx->flags, CHECK_SRC_IP | (check_ports ? CHECK_SRC_PORT : 0))) { - DebugMessage(DEBUG_DETECT, " Src->Src check passed\n"); if (!CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p, rtn_idx->flags, CHECK_DST_IP | (check_ports ? CHECK_DST_PORT : 0))) { - DebugMessage(DEBUG_DETECT, - " Dst->Dst check failed, checking inverse combination\n"); if (CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p, rtn_idx->flags, (CHECK_SRC_IP | INVERSE | (check_ports ? CHECK_SRC_PORT : 0)))) { - DebugMessage(DEBUG_DETECT, - " Inverse Dst->Src check passed\n"); if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p, rtn_idx->flags, (CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0)))) { - DebugMessage(DEBUG_DETECT, - " Inverse Src->Dst check failed\n"); return 0; } - else - { - DebugMessage(DEBUG_DETECT, "Inverse addr/port match\n"); - } } else { - DebugMessage(DEBUG_DETECT, " Inverse Dst->Src check failed," - " trying next rule\n"); return 0; } } - else - { - DebugMessage(DEBUG_DETECT, "dest IP/port match\n"); - } } else { - DebugMessage(DEBUG_DETECT, - " Src->Src check failed, trying inverse test\n"); if (CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p, rtn_idx->flags, CHECK_SRC_IP | INVERSE | (check_ports ? CHECK_SRC_PORT : 0))) { - DebugMessage(DEBUG_DETECT, - " Dst->Src check passed\n"); - if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p, rtn_idx->flags, CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0))) { - DebugMessage(DEBUG_DETECT, - " Src->Dst check failed\n"); return 0; } - else - { - DebugMessage(DEBUG_DETECT, - "Inverse addr/port match\n"); - } } else { - DebugMessage(DEBUG_DETECT," Inverse test failed, " - "testing next rule...\n"); return 0; } } - DebugMessage(DEBUG_DETECT," Bidirectional success!\n"); return 1; } @@ -272,8 +215,6 @@ int CheckBidirectional(Packet* p, RuleTreeNode* rtn_idx, ***************************************************************************/ int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT,"CheckSrcIPEqual: "); - if (!(rtn_idx->flags & EXCEPT_SRC_IP)) { if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) ) @@ -287,16 +228,12 @@ int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ /* global exception flag is up, we can't match on *any* * of the source addresses */ - DebugMessage(DEBUG_DETECT," global exception flag, \n"); - if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) ) return 0; return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports); } - DebugMessage(DEBUG_DETECT," Mismatch on SIP\n"); - /* return 0 on a failed test */ return 0; } @@ -316,8 +253,6 @@ int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ ***************************************************************************/ int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT, "CheckDstIPEqual: "); - if (!(rtn_idx->flags & EXCEPT_DST_IP)) { if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) ) @@ -330,8 +265,6 @@ int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ { /* global exception flag is up, we can't match on *any* * of the source addresses */ - DebugMessage(DEBUG_DETECT," global exception flag, \n"); - if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) ) return 0; @@ -344,8 +277,6 @@ int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ int CheckSrcPortEqual(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT,"CheckSrcPortEqual: "); - /* Check if attributes provided match earlier */ if (check_ports == 0) { @@ -353,22 +284,14 @@ int CheckSrcPortEqual(Packet* p, RuleTreeNode* rtn_idx, } if ( PortObjectHasPort(rtn_idx->src_portobject,p->ptrs.sp) ) { - DebugMessage(DEBUG_DETECT, " SP match!\n"); return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports); } - else - { - DebugMessage(DEBUG_DETECT, " SP mismatch!\n"); - } - return 0; } int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT,"CheckSrcPortNotEq: "); - /* Check if attributes provided match earlier */ if (check_ports == 0) { @@ -376,13 +299,8 @@ int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx, } if ( !PortObjectHasPort(rtn_idx->src_portobject,p->ptrs.sp) ) { - DebugMessage(DEBUG_DETECT, " !SP match!\n"); return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports); } - else - { - DebugMessage(DEBUG_DETECT, " !SP mismatch!\n"); - } return 0; } @@ -390,8 +308,6 @@ int CheckSrcPortNotEq(Packet* p, RuleTreeNode* rtn_idx, int CheckDstPortEqual(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT,"CheckDstPortEqual: "); - /* Check if attributes provided match earlier */ if (check_ports == 0) { @@ -399,21 +315,14 @@ int CheckDstPortEqual(Packet* p, RuleTreeNode* rtn_idx, } if ( PortObjectHasPort(rtn_idx->dst_portobject,p->ptrs.dp) ) { - DebugMessage(DEBUG_DETECT, " DP match!\n"); return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports); } - else - { - DebugMessage(DEBUG_DETECT," DP mismatch!\n"); - } return 0; } int CheckDstPortNotEq(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports) { - DebugMessage(DEBUG_DETECT,"CheckDstPortNotEq: "); - /* Check if attributes provided match earlier */ if (check_ports == 0) { @@ -421,13 +330,8 @@ int CheckDstPortNotEq(Packet* p, RuleTreeNode* rtn_idx, } if ( !PortObjectHasPort(rtn_idx->dst_portobject,p->ptrs.dp) ) { - DebugMessage(DEBUG_DETECT, " !DP match!\n"); return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports); } - else - { - DebugMessage(DEBUG_DETECT," !DP mismatch!\n"); - } return 0; } diff --git a/src/detection/tag.cc b/src/detection/tag.cc index 5de7efc2e..96b240747 100644 --- a/src/detection/tag.cc +++ b/src/detection/tag.cc @@ -29,7 +29,6 @@ #include "hash/xhash.h" #include "log/messages.h" #include "main/snort_config.h" -#include "main/snort_debug.h" #include "parser/parser.h" #include "protocols/packet.h" #include "sfip/sf_ip.h" @@ -38,6 +37,8 @@ #include "treenodes.h" +#include "detect_trace.h" + using namespace snort; /* D E F I N E S **************************************************/ @@ -304,8 +305,6 @@ void CleanupTag() static void TagSession(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, void* log_list) { - DebugMessage(DEBUG_FLOW, "TAGGING SESSION\n"); - AddTagNode(p, tag, TAG_SESSION, time, event_id, log_list); } @@ -313,8 +312,6 @@ static void TagHost(Packet* p, TagData* tag, uint32_t time, uint16_t event_id, v { int mode; - DebugMessage(DEBUG_FLOW, "TAGGING HOST\n"); - switch (tag->tag_direction) { case TAG_HOST_DST: @@ -338,7 +335,7 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, TagNode* returned; XHash* tag_cache_ptr = nullptr; - DebugMessage(DEBUG_FLOW, "Adding new Tag Head\n"); + trace_logf(detection, TRACE_TAG, "Adding new Tag Head\n"); if ( tag->tag_metric & TAG_METRIC_SESSION ) { @@ -353,12 +350,10 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, } if (mode == TAG_SESSION) { - DebugMessage(DEBUG_FLOW,"Session Tag!\n"); tag_cache_ptr = ssn_tag_cache_ptr; } else { - DebugMessage(DEBUG_FLOW,"Host Tag!\n"); tag_cache_ptr = host_tag_cache_ptr; } idx = TagAlloc(tag_cache_ptr); @@ -408,7 +403,6 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, if (returned == nullptr) { - DebugMessage(DEBUG_FLOW,"Looking the other way!!\n"); SwapTag(idx); returned = (TagNode*)xhash_find(tag_cache_ptr, idx); SwapTag(idx); @@ -416,8 +410,6 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, if (returned == nullptr) { - DebugMessage(DEBUG_FLOW,"Inserting a New Tag!\n"); - /* if we're supposed to be tagging the other side, swap it around -- Lawrence Reed */ if (mode == TAG_HOST_DST) @@ -427,17 +419,12 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now, if (xhash_add(tag_cache_ptr, idx, idx) != XHASH_OK) { - DebugMessage(DEBUG_FLOW, - "xhash_add failed, that's going to " - "make life difficult\n"); TagFree(tag_cache_ptr, idx); return; } } else { - DebugMessage(DEBUG_FLOW,"Existing Tag found!\n"); - if (idx->metric & TAG_METRIC_SECONDS) returned->seconds = idx->seconds; else @@ -463,15 +450,9 @@ int CheckTagList(Packet* p, Event& event, void** log_list) if(p == nullptr || !p->ptrs.ip_api.is_ip()) { - DebugMessage(DEBUG_FLOW, "bailing from CheckTagList, p->iph == NULL\n"); return 0; } - DebugFormat(DEBUG_FLOW,"Host Tags Active: %u Session Tags Active: %u\n", - xhash_count(host_tag_cache_ptr), xhash_count(ssn_tag_cache_ptr)); - - DebugMessage(DEBUG_FLOW, "[*] Checking session tag list (forward)...\n"); - idx.key.sip.set(*p->ptrs.ip_api.get_src()); idx.key.dip.set(*p->ptrs.ip_api.get_dst()); idx.key.sp = p->ptrs.sp; @@ -487,14 +468,10 @@ int CheckTagList(Packet* p, Event& event, void** log_list) idx.key.dp = p->ptrs.sp; idx.key.sp = p->ptrs.dp; - DebugMessage(DEBUG_FLOW, " Checking session tag list (reverse)...\n"); returned = (TagNode*)xhash_find(ssn_tag_cache_ptr, &idx); if (returned == nullptr) { - DebugMessage(DEBUG_FLOW, " Checking host tag list " - "(forward)...\n"); - returned = (TagNode*)xhash_find(host_tag_cache_ptr, &idx); if (returned == nullptr) @@ -510,26 +487,21 @@ int CheckTagList(Packet* p, Event& event, void** log_list) if (returned != nullptr) { - DebugMessage(DEBUG_FLOW," [*!*] Found host node\n"); taglist = host_tag_cache_ptr; } } else { - DebugMessage(DEBUG_FLOW," [*!*] Found session node\n"); taglist = ssn_tag_cache_ptr; } } else { - DebugMessage(DEBUG_FLOW," [*!*] Found session node\n"); taglist = ssn_tag_cache_ptr; } if (returned != nullptr) { - DebugMessage(DEBUG_FLOW, " ! Found tag node !\n"); - returned->last_access = p->pkth->ts.tv_sec; returned->pkt_count++; @@ -588,9 +560,6 @@ int CheckTagList(Packet* p, Event& event, void** log_list) if ( !returned->metric ) { - DebugMessage(DEBUG_FLOW, - " Prune condition met for tag, removing from list\n"); - if (xhash_remove(taglist, returned) != XHASH_OK) { LogMessage("WARNING: failed to remove tagNode from hash.\n"); @@ -600,8 +569,6 @@ int CheckTagList(Packet* p, Event& event, void** log_list) if ( (u_int)(p->pkth->ts.tv_sec) > last_prune_time + TAG_PRUNE_QUANTUM ) { - DebugMessage(DEBUG_FLOW, - "Exceeded Prune Quantum, pruning tag trees\n"); PruneTagCache(p->pkth->ts.tv_sec, 0); last_prune_time = p->pkth->ts.tv_sec; } @@ -683,8 +650,6 @@ static int PruneTime(XHash* tree, uint32_t thetime) void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id) { - DebugMessage(DEBUG_FLOW, "Setting tags\n"); - if (otn != nullptr && otn->tag != nullptr) { if (otn->tag->tag_type != 0) @@ -692,23 +657,12 @@ void SetTags(Packet* p, const OptTreeNode* otn, uint16_t event_id) RuleTreeNode* rtn = getRuntimeRtnFromOtn(otn); void* log_list = rtn ? rtn->listhead : nullptr; - DEBUG_WRAP( SfIpString ip_str; ) switch (otn->tag->tag_type) { case TAG_SESSION: - DebugMessage(DEBUG_FLOW,"Setting session tag:\n"); - DebugFormat(DEBUG_FLOW,"SIP: %s SP: %d ", - p->ptrs.ip_api.get_src()->ntop(ip_str), p->ptrs.sp); - DebugFormat(DEBUG_FLOW,"DIP: %s DP: %d\n", - p->ptrs.ip_api.get_dst()->ntop(ip_str), p->ptrs.dp); TagSession(p, otn->tag, p->pkth->ts.tv_sec, event_id, log_list); break; case TAG_HOST: - DebugMessage(DEBUG_FLOW,"Setting host tag:\n"); - DebugFormat(DEBUG_FLOW,"SIP: %s SP: %d ", - p->ptrs.ip_api.get_src()->ntop(ip_str), p->ptrs.sp); - DebugFormat(DEBUG_FLOW, "DIP: %s DP: %d\n", - p->ptrs.ip_api.get_dst()->ntop(ip_str), p->ptrs.dp); TagHost(p, otn->tag, p->pkth->ts.tv_sec, event_id, log_list); break; diff --git a/src/detection/tag.h b/src/detection/tag.h index 2fc782cf7..2a935cae4 100644 --- a/src/detection/tag.h +++ b/src/detection/tag.h @@ -29,6 +29,9 @@ #include +#include "main/snort_debug.h" +extern Trace TRACE_NAME(detection); + namespace snort { struct Packet; diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index ae3c2170e..6971e82b9 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -153,9 +153,6 @@ void FlowControl::timeout_flows(time_t cur_time) void FlowControl::preemptive_cleanup() { - DebugFormat(DEBUG_FLOW, "doing preemptive cleanup for packet of type %u", - (unsigned) last_pkt_type); - // FIXIT-H is there a possibility of this looping forever? while ( memory::MemoryCap::over_threshold() ) { diff --git a/src/ips_options/asn1_detect.cc b/src/ips_options/asn1_detect.cc index f9ad1dc37..0819d5f4b 100644 --- a/src/ips_options/asn1_detect.cc +++ b/src/ips_options/asn1_detect.cc @@ -55,7 +55,6 @@ #include "asn1_detect.h" -#include "main/snort_debug.h" #include "utils/snort_bounds.h" #include "asn1_util.h" @@ -327,8 +326,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin case REL_OFFSET: if (!rel_ptr) { - DebugMessage(DEBUG_ASN1, "[*] No rel_ptr for " - "relative offset, so we are bailing.\n"); return 0; } @@ -340,8 +337,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin */ if (!inBounds(start, end + 1, rel_ptr)) { - DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds " - "check failed for rel_ptr.\n"); return 0; } @@ -349,8 +344,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin if (!inBounds(start, end, offset)) { - DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds " - "check failed rel_ptr+offset.\n"); return 0; } @@ -362,8 +355,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin if (!inBounds(start, end, offset)) { - DebugMessage(DEBUG_ASN1, "[*] ASN.1 bounds " - "check failed.\n"); return 0; } @@ -379,8 +370,6 @@ int Asn1DoDetect(const uint8_t* data, uint16_t dsize, ASN1_CTXT* ctxt, const uin iRet = asn1_decode(offset, size, &asn1); if (iRet && !asn1) { - DebugMessage(DEBUG_ASN1, "[*] ASN.1 decode failed " - "miserably.\n"); return 0; } diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc index 7ca473daa..6a4cc32a2 100644 --- a/src/ips_options/ips_byte_test.cc +++ b/src/ips_options/ips_byte_test.cc @@ -199,9 +199,6 @@ static inline bool byte_test_check(uint32_t op, uint32_t val, uint32_t cmp, bool if ( not_flag ) { - DebugMessage(DEBUG_PATTERN_MATCH, - "checking for not success...flag\n"); - success = !success; } @@ -338,9 +335,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p) endian, btd->bytes_to_compare, start_ptr, c.buffer(), c.endo(), &value)) return NO_MATCH; -#ifdef DEBUG_MSGS - payload_bytes_grabbed = (int)btd->bytes_to_compare; -#endif } else { @@ -354,9 +348,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p) if ( payload_bytes_grabbed < 0 ) { - DebugMessage(DEBUG_PATTERN_MATCH, - "String Extraction Failed\n"); - return NO_MATCH; } } @@ -371,10 +362,6 @@ IpsOption::EvalStatus ByteTestOption::eval(Cursor& c, Packet* p) } } - DebugFormat(DEBUG_PATTERN_MATCH, - "Grabbed %d bytes at offset %d, value = 0x%08X(%u)\n", - payload_bytes_grabbed, btd->offset, value, value); - if ( byte_test_check(btd->opcode, value, cmp_value, btd->not_flag) ) return MATCH; diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc index 9f13f533d..e45a83a6f 100644 --- a/src/ips_options/ips_content.cc +++ b/src/ips_options/ips_content.cc @@ -378,8 +378,6 @@ static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c) { Profile profile(contentPerfStats); - DebugMessage(DEBUG_PATTERN_MATCH, "CheckPatternANDMatch: "); - int found = uniSearchReal(idx, c); if ( found == -1 ) @@ -397,12 +395,10 @@ static IpsOption::EvalStatus CheckANDPatternMatch(ContentData* idx, Cursor& c) if ( found ) { - DebugMessage(DEBUG_PATTERN_MATCH, "Pattern match found\n"); return IpsOption::MATCH; } else { - DebugMessage(DEBUG_PATTERN_MATCH, "Pattern match failed\n"); return IpsOption::NO_MATCH; } } @@ -490,7 +486,6 @@ static void parse_offset(ContentData* cd, const char* data) } } - DebugFormat(DEBUG_PARSER, "Pattern offset = %d\n", cd->pmd.offset); } static void parse_depth(ContentData* cd, const char* data) @@ -530,7 +525,6 @@ static void parse_depth(ContentData* cd, const char* data) } } - DebugFormat(DEBUG_PATTERN_MATCH, "Pattern depth = %d\n", cd->pmd.depth); } static void parse_distance(ContentData* cd, const char* data) @@ -600,7 +594,6 @@ static void parse_within(ContentData* cd, const char* data) } } - DebugFormat(DEBUG_PATTERN_MATCH, "Pattern within = %d\n", cd->pmd.depth); cd->pmd.set_relative(); } diff --git a/src/ips_options/ips_cvs.cc b/src/ips_options/ips_cvs.cc index e678c1161..650fcaeb2 100644 --- a/src/ips_options/ips_cvs.cc +++ b/src/ips_options/ips_cvs.cc @@ -186,13 +186,6 @@ static int CvsDecode(const uint8_t* data, uint16_t data_len, if (command.cmd_str == nullptr) return CVS_NO_ALERT; - DebugFormat(DEBUG_IPS_OPTION, "CVS command\n" - " command: %.*s\n" - "argument: %.*s\n", - command.cmd_str_len, (const char*)command.cmd_str, - command.cmd_arg == nullptr ? 4 : command.cmd_arg_len, - command.cmd_arg == nullptr ? "none" : (const char*)command.cmd_arg); - switch (cvs_rule_option->type) { case CVS_INVALID_ENTRY: diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc index 49332962f..c9af1a28d 100644 --- a/src/ips_options/ips_flags.cc +++ b/src/ips_options/ips_flags.cc @@ -126,62 +126,38 @@ IpsOption::EvalStatus TcpFlagOption::eval(Cursor&, Packet* p) TcpFlagCheckData* flagptr = &config; u_char tcp_flags = p->ptrs.tcph->th_flags & (0xFF ^ flagptr->tcp_mask); - DebugMessage(DEBUG_IPS_OPTION, " CheckTcpFlags: "); - switch ((flagptr->mode)) { case M_NORMAL: if (flagptr->tcp_flags == tcp_flags) /* only these set */ { - DebugMessage(DEBUG_IPS_OPTION,"Got TCP [default] flag match!\n"); return MATCH; } - else - { - DebugMessage(DEBUG_IPS_OPTION,"No match\n"); - } break; case M_ALL: /* all set */ if ((flagptr->tcp_flags & tcp_flags) == flagptr->tcp_flags) { - DebugMessage(DEBUG_IPS_OPTION, "Got TCP [ALL] flag match!\n"); return MATCH; } - else - { - DebugMessage(DEBUG_IPS_OPTION,"No match\n"); - } break; case M_NOT: if ((flagptr->tcp_flags & tcp_flags) == 0) /* none set */ { - DebugMessage(DEBUG_IPS_OPTION,"Got TCP [NOT] flag match!\n"); return MATCH; } - else - { - DebugMessage(DEBUG_IPS_OPTION, "No match\n"); - } break; case M_ANY: if ((flagptr->tcp_flags & tcp_flags) != 0) /* something set */ { - DebugMessage(DEBUG_IPS_OPTION,"Got TCP [ANY] flag match!\n"); return MATCH; } - else - { - DebugMessage(DEBUG_IPS_OPTION,"No match\n"); - } break; default: /* Should never see this */ - DebugMessage(DEBUG_IPS_OPTION, "TCP flag check went to default case" - " for some silly reason\n"); break; } diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index 21e40abed..02516ce20 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -633,8 +633,6 @@ static void processFlowbits( return; } - DebugFormat(DEBUG_FLOWBITS, "%s tag id parsing %s\n", s_name, flowbits_names); - flowbits_name = snort_strdup(flowbits_names); if (nullptr != strchr(flowbits_name, '|')) @@ -799,23 +797,6 @@ static FLOWBITS_GRP* getFlowBitGroup(char* groupName) return flowbits_grp; } -#ifdef DEBUG_MSGS -static void printOutFlowbits(FLOWBITS_OP* flowbits) -{ - DebugFormat(DEBUG_FLOWBITS, "%s: type = %d\n", s_name, flowbits->type); - DebugFormat(DEBUG_FLOWBITS, "%s: name = %s\n", s_name, flowbits->name); - DebugFormat(DEBUG_FLOWBITS, "%s: eval = %d\n", s_name, flowbits->eval); - DebugFormat(DEBUG_FLOWBITS, "%s: num_ids = %d\n", s_name, flowbits->num_ids); - DebugFormat(DEBUG_FLOWBITS, "%s: grp_id = %u\n", s_name, flowbits->group_id); - DebugFormat(DEBUG_FLOWBITS, "%s: group_name = %s\n", s_name, flowbits->group); - - for (int i = 0; i < flowbits->num_ids; i++) - { - DebugFormat(DEBUG_FLOWBITS, "%s: value = %d\n", s_name, flowbits->ids[i]); - } -} -#endif - static void processFlowBitsWithGroup(char* flowbitsName, char* groupName, FLOWBITS_OP* flowbits) { FLOWBITS_GRP* flowbits_grp; @@ -829,7 +810,6 @@ static void processFlowBitsWithGroup(char* flowbitsName, char* groupName, FLOWBI flowbits->group_id = flowbits_grp->group_id; } validateFlowbitsSyntax(flowbits); - DEBUG_WRAP(printOutFlowbits(flowbits)); if ( flowbits->group ) op_list.push_front(flowbits); diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc index 09bf62960..e956026e6 100644 --- a/src/ips_options/ips_ip_proto.cc +++ b/src/ips_options/ips_ip_proto.cc @@ -112,7 +112,6 @@ IpsOption::EvalStatus IpProtoOption::eval(Cursor&, Packet* p) if (!p->has_ip()) { - DebugMessage(DEBUG_IPS_OPTION,"Not IP\n"); return NO_MATCH; } diff --git a/src/ips_options/ips_ipopts.cc b/src/ips_options/ips_ipopts.cc index 775aab0e4..c3655e105 100644 --- a/src/ips_options/ips_ipopts.cc +++ b/src/ips_options/ips_ipopts.cc @@ -111,7 +111,6 @@ IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p) if ((config.any_flag == 1) && (option_len > 0)) { - DebugMessage(DEBUG_IPS_OPTION, "Matched any ip options!\n"); return MATCH; } @@ -119,10 +118,6 @@ IpsOption::EvalStatus IpOptOption::eval(Cursor&, Packet* p) for ( const ip::IpOptions& opt : iter) { - DebugFormat(DEBUG_IPS_OPTION, "testing pkt(%d):rule(%d)\n", - static_cast(config.ip_option), - static_cast(opt.code)); - if (config.ip_option == opt.code) return MATCH; diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index ef9c9ccfb..cef9dd67e 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -258,7 +258,6 @@ static void pcre_parse(const char* data, PcreData* pcre_data) } /* now compile the re */ - DebugFormat(DEBUG_PATTERN_MATCH, "pcre: compiling %s\n", re); pcre_data->re = pcre_compile(re, compile_flags, &error, &erroffset, nullptr); if (pcre_data->re == nullptr) @@ -408,7 +407,6 @@ static bool pcre_search( } else { - DebugFormat(DEBUG_PATTERN_MATCH, "pcre_exec error : %d \n", result); return false; } diff --git a/src/main/snort_debug.h b/src/main/snort_debug.h index 538847f8f..ddd214496 100644 --- a/src/main/snort_debug.h +++ b/src/main/snort_debug.h @@ -34,16 +34,12 @@ #define DEBUG_BUILTIN "SNORT_DEBUG" #define DEBUG_INIT 0x0000000000000001LL -#define DEBUG_PARSER 0x0000000000000002LL #define DEBUG_PORTLISTS 0x0000000000000004LL #define DEBUG_ATTRIBUTE 0x0000000000000008LL #define DEBUG_DECODE 0x0000000000000010LL #define DEBUG_CONFIGRULES 0x0000000000000020LL -#define DEBUG_DETECT 0x0000000000000040LL #define DEBUG_PATTERN_MATCH 0x0000000000000080LL -#define DEBUG_FLOW 0x0000000000000100LL #define DEBUG_LOG 0x0000000000000200LL -#define DEBUG_FLOWBITS 0x0000000000000400LL #define DEBUG_FILE 0x0000000000000800LL #define DEBUG_MEMORY 0x0000000000001000LL // FIXIT-L latency doesn't use any debug messages @@ -60,11 +56,9 @@ #define DEBUG_STREAM 0x0000000200000000LL #define DEBUG_STREAM_STATE 0x0000000400000000LL #define DEBUG_STREAM_PAF 0x0000000800000000LL -#define DEBUG_ASN1 0x0000002000000000LL #define DEBUG_CODEC 0x0001000000000000LL #define DEBUG_IPS_ACTION 0x0004000000000000LL -#define DEBUG_IPS_OPTION 0x0008000000000000LL #define DEBUG_MPSE 0x0010000000000000LL #define DEBUG_SO_RULE 0x0020000000000000LL #define DEBUG_LOGGER 0x0040000000000000LL