From 55680afb1c03c58767fdf02e7292dc8b9538c7dd Mon Sep 17 00:00:00 2001 From: "Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco)" Date: Mon, 12 May 2025 09:29:52 +0000 Subject: [PATCH] Pull request #4723: Include input file name to DAQ error message Merge in SNORT/snort3 from ~OSHUMEIK/snort3:daq_err_message to master Squashed commit of the following: commit 885f662a13d1cb47d10cc4556690429d84ae06d2 Author: Oleksii Shumeiko Date: Tue May 6 13:52:33 2025 +0300 analyzer: print DAQ input specification next to its message --- src/main/analyzer.cc | 3 ++- src/main/test/distill_verdict_stubs.h | 1 + src/packet_io/sfdaq_instance.cc | 30 +++++++++++++++++---------- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 16a4c9d60..fb2bc13a6 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -967,7 +967,8 @@ void Analyzer::analyze() if (rstat == DAQ_RSTAT_NOBUF) ErrorMessage("Exhausted the DAQ message pool!\n"); else if (rstat == DAQ_RSTAT_ERROR) - ErrorMessage("Error receiving message from the DAQ instance: %s\n", daq_instance->get_error()); + ErrorMessage("Error receiving message from the DAQ instance (%s): %s\n", + daq_instance->get_input_spec(), daq_instance->get_error()); // Implicitly handled: // DAQ_RSTAT_EOF - File readback completed, job well done; let's get out of here. // DAQ_RSTAT_INVALID - This really shouldn't happen. diff --git a/src/main/test/distill_verdict_stubs.h b/src/main/test/distill_verdict_stubs.h index 81a1a4469..ed1a4e5f7 100644 --- a/src/main/test/distill_verdict_stubs.h +++ b/src/main/test/distill_verdict_stubs.h @@ -158,6 +158,7 @@ void SFDAQInstance::reload() { } bool SFDAQInstance::start() { return false; } bool SFDAQInstance::stop() { return false; } const char* SFDAQInstance::get_error() { return nullptr; } +const char* SFDAQInstance::get_input_spec() const { return nullptr; } bool SFDAQInstance::interrupt() { return false; } int SFDAQInstance::inject(DAQ_Msg_h, int, const uint8_t*, uint32_t) { return -1; } DAQ_RecvStatus SFDAQInstance::receive_messages(unsigned) { return DAQ_RSTAT_ERROR; } diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc index 0a3145b82..ff8af1328 100644 --- a/src/packet_io/sfdaq_instance.cc +++ b/src/packet_io/sfdaq_instance.cc @@ -79,19 +79,20 @@ bool SFDAQInstance::init(DAQ_Config_h daqcfg, const std::string& bpf_string) daq_config_set_instance_id(daqcfg, instance_id); if ((rval = daq_instance_instantiate(daqcfg, &instance, buf, sizeof(buf))) != DAQ_SUCCESS) { - ErrorMessage("Couldn't construct a DAQ instance: %s (%d)\n", buf, rval); + ErrorMessage("Couldn't construct a DAQ instance (%s): %s (%d)\n", + input_spec.c_str(), buf, rval); return false; } if (!DAQ_ValidateInstance(instance)) - FatalError("DAQ configuration incompatible with intended operation.\n"); + FatalError("DAQ configuration incompatible with intended operation, DAQ instance (%s).\n", input_spec.c_str()); if (!bpf_string.empty()) { rval = daq_instance_set_filter(instance, bpf_string.c_str()); if (rval != DAQ_SUCCESS) - FatalError("Couldn't set DAQ instance BPF filter to '%s': %s (%d)\n", - bpf_string.c_str(), daq_instance_get_error(instance), rval); + FatalError("Couldn't set DAQ instance (%s) BPF filter to '%s': %s (%d)\n", + input_spec.c_str(), bpf_string.c_str(), daq_instance_get_error(instance), rval); } return true; @@ -158,7 +159,8 @@ bool SFDAQInstance::start() int rval = daq_instance_start(instance); if (rval != DAQ_SUCCESS) { - ErrorMessage("Couldn't start DAQ instance: %s (%d)\n", daq_instance_get_error(instance), rval); + ErrorMessage("Couldn't start DAQ instance (%s): %s (%d)\n", + input_spec.c_str(), daq_instance_get_error(instance), rval); return false; } @@ -166,7 +168,8 @@ bool SFDAQInstance::start() rval = daq_instance_get_msg_pool_info(instance, &mpool_info); if (rval != DAQ_SUCCESS) { - ErrorMessage("Couldn't query DAQ message pool info: %s (%d)\n", daq_instance_get_error(instance), rval); + ErrorMessage("Couldn't query DAQ message pool info (%s): %s (%d)\n", + input_spec.c_str(), daq_instance_get_error(instance), rval); stop(); return false; } @@ -175,8 +178,10 @@ bool SFDAQInstance::start() assert(pool_size == pool_available); if (SnortConfig::log_verbose()) { - LogMessage("Instance %d daq pool size: %d\n", get_instance_id(), pool_size); - LogMessage("Instance %d daq batch size: %d\n", get_instance_id(), batch_size); + LogMessage("DAQ instance (%s) %d daq pool size: %d\n", + input_spec.c_str(), get_instance_id(), pool_size); + LogMessage("DAQ instance (%s) %d daq batch size: %d\n", + input_spec.c_str(), get_instance_id(), batch_size); } dlt = daq_instance_get_datalink_type(instance); get_tunnel_capabilities(); @@ -269,7 +274,8 @@ bool SFDAQInstance::stop() int rval = daq_instance_stop(instance); if (rval != DAQ_SUCCESS) - LogMessage("Couldn't stop DAQ instance: %s (%d)\n", daq_instance_get_error(instance), rval); + LogMessage("Couldn't stop DAQ instance (%s): %s (%d)\n", + input_spec.c_str(), daq_instance_get_error(instance), rval); return (rval == DAQ_SUCCESS); } @@ -282,7 +288,8 @@ int SFDAQInstance::inject(DAQ_Msg_h msg, int rev, const uint8_t* buf, uint32_t l int rval = daq_instance_inject_relative(instance, msg, buf, len, rev); #ifdef DEBUG_MSGS if (rval != DAQ_SUCCESS) - LogMessage("Couldn't inject on DAQ instance: %s (%d)\n", daq_instance_get_error(instance), rval); + LogMessage("Couldn't inject on DAQ instance (%s): %s (%d)\n", + input_spec.c_str(), daq_instance_get_error(instance), rval); #endif return rval; } @@ -298,7 +305,8 @@ const DAQ_Stats_t* SFDAQInstance::get_stats() { int rval = daq_instance_get_stats(instance, &daq_instance_stats); if (rval != DAQ_SUCCESS) - LogMessage("Couldn't query DAQ stats: %s (%d)\n", daq_instance_get_error(instance), rval); + LogMessage("Couldn't query DAQ instance (%s) stats: %s (%d)\n", + input_spec.c_str(), daq_instance_get_error(instance), rval); } return &daq_instance_stats; -- 2.47.2