More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.

remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent bcc5bbef93
commit 968d8df12b

@ -23,6 +23,8 @@
#include "util-unittest.h"
#include "util-debug.h"
#define DEFAULT_LOG_FILENAME "alert-debug.log"
int AlertDebuglog (ThreadVars *, Packet *, void *, PacketQueue *);
@ -217,6 +219,6 @@ void AlertDebuglogExitPrintStats(ThreadVars *tv, void *data) {
return;
}
printf(" - (%s) Alerts %" PRIu32 ".\n", tv->name, aft->alerts);
SCLogInfo("(%s) Alerts %" PRIu32 "", tv->name, aft->alerts);
}

@ -237,17 +237,13 @@ static uint16_t PerfRegisterQualifiedCounter(char *cname, char *tm_name,
PerfCounter *pc = NULL;
if (cname == NULL || tm_name == NULL || pctx == NULL) {
#ifdef DEBUG
printf("counter name, tm name null or PerfContext NULL\n");
#endif
SCLogDebug("counter name, tm name null or PerfContext NULL");
return 0;
}
/* (TYPE_MAX - 1) because we still haven't implemented TYPE_STR */
if ((type >= (TYPE_MAX - 1)) || (type < 0)) {
#ifdef DEBUG
printf("Error: Counters of type %" PRId32 " can't be registered\n", type);
#endif
return 0;
}
@ -414,16 +410,12 @@ int PerfCounterDisplay(uint16_t id, PerfContext *pctx, int disp)
*/
inline void PerfCounterIncr(uint16_t id, PerfCounterArray *pca)
{
if (!pca) {
#ifdef DEBUG
printf("counterarray is NULL\n");
#endif
if (pca == NULL) {
SCLogDebug("counterarray is NULL");
return;
}
if ((id < 1) || (id > pca->size)) {
#ifdef DEBUG
printf("counter doesn't exist\n");
#endif
SCLogDebug("counter doesn't exist");
return;
}
@ -645,9 +637,7 @@ int PerfAddToClubbedTMTable(char *tm_name, PerfContext *pctx)
int i = 0;
if (tm_name == NULL || pctx == NULL) {
#ifdef DEBUG
printf("Supplied argument(s) to PerfAddToClubbedTMTable NULL\n");
#endif
SCLogDebug("supplied argument(s) to PerfAddToClubbedTMTable NULL");
return 0;
}
@ -733,30 +723,22 @@ PerfCounterArray * PerfGetCounterArrayRange(uint16_t s_id, uint16_t e_id,
uint32_t i = 0;
if (pctx == NULL) {
#ifdef DEBUG
printf("pctx is NULL\n");
#endif
SCLogDebug("pctx is NULL");
return NULL;
}
if (s_id < 1 || e_id < 1 || s_id > e_id) {
#ifdef DEBUG
printf("error with the counter ids\n");
#endif
SCLogDebug("error with the counter ids");
return NULL;
}
if (e_id > pctx->curr_id) {
#ifdef DEBUG
printf("end id is greater than the max id for this tv\n");
#endif
SCLogDebug("end id is greater than the max id for this tv");
return NULL;
}
if (pctx == NULL) {
#ifdef DEBUG
printf("perfcontext is NULL\n");
#endif
SCLogDebug("perfcontext is NULL");
return NULL;
}

@ -10,6 +10,7 @@
#include "decode-gre.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* \brief Function to decode GRE packets
@ -31,9 +32,8 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
if(p->greh == NULL)
return;
#ifdef DEBUG
printf("DecodeGRE: p %p pkt %p GRE protocol %04x Len: %d GRE version %x\n", p, pkt, GRE_GET_PROTO(p->greh), len,GRE_GET_VERSION(p->greh));
#endif
SCLogDebug("p %p pkt %p GRE protocol %04x Len: %d GRE version %x",
p, pkt, GRE_GET_PROTO(p->greh), len,GRE_GET_VERSION(p->greh));
switch (GRE_GET_VERSION(p->greh))
{

@ -312,14 +312,15 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
p->IPV4_OPTS_CNT = 0;
#ifdef DEBUG
printf("DecodeIPV4Options\n");
{
if (SCLogDebugEnabled()) {
uint16_t i;
printf("IPV4OPTS: { ");
char buf[256] = "";
int offset = 0;
for (i = 0; i < len; i++) {
printf("%02" PRIx8 " ", pkt[i]);
offset += snprintf(buf + offset, (sizeof(buf) - offset), "%02" PRIx8 " ", pkt[i]);
}
printf("}\n");
SCLogDebug("IPV4OPTS: { %s}", buf);
}
#endif
@ -334,20 +335,12 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
/* single byte options */
if (*pkt == IPV4_OPT_EOL) {
/** \todo What if more data exist after EOL (possible covert channel or data leakage)? */
#ifdef DEBUG
printf("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "\n",
*pkt,
(len - plen),
(len - 1));
#endif
SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "",
*pkt, (len - plen), (len - 1));
break;
} else if (*pkt == IPV4_OPT_NOP) {
#ifdef DEBUG
printf("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "\n",
*pkt,
(len - plen),
(len - 1));
#endif
SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "",
*pkt, (len - plen), (len - 1));
pkt++;
plen--;
@ -373,13 +366,9 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
else
p->IPV4_OPTS[p->IPV4_OPTS_CNT].data = NULL;
#ifdef DEBUG
printf("IPV4OPT %" PRIu16 " len %" PRIu16 " @ %" PRIu16 "/%" PRIu16 "\n",
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type,
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len,
(len - plen),
(len - 1));
#endif
SCLogDebug("IPV4OPT %" PRIu16 " len %" PRIu16 " @ %" PRIu16 "/%" PRIu16 "",
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type, p->IPV4_OPTS[p->IPV4_OPTS_CNT].len,
(len - plen), (len - 1));
/* we already know that the total options len is valid,
* so here the len of the specific option must be bad.
@ -486,11 +475,9 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
p->ip4vars.o_rtralt = &p->IPV4_OPTS[p->IPV4_OPTS_CNT];
break;
default:
#ifdef DEBUG
printf("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8 "\n",
SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8 "",
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type,
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len);
#endif
DECODER_SET_EVENT(p,IPV4_OPT_INVALID);
/* Warn - we can keep going */
break;

@ -9,6 +9,7 @@
#include "flow.h"
#include "util-unittest.h"
#include "util-debug.h"
void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
@ -23,9 +24,8 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
if(p->ppph == NULL)
return;
#ifdef DEBUG
printf("DecodePPP: p %p pkt %p PPP protocol %04x Len: %" PRId32 "\n", p, pkt, ntohs(p->ppph->protocol), len);
#endif
SCLogDebug("p %p pkt %p PPP protocol %04x Len: %" PRId32 "",
p, pkt, ntohs(p->ppph->protocol), len);
switch (ntohs(p->ppph->protocol))
{
@ -92,9 +92,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
break;
default:
#ifdef DEBUG
printf("Unknown PPP protocol: %" PRIx32 "\n",ntohs(p->ppph->protocol));
#endif
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
return;
}

@ -15,6 +15,7 @@
#include "decode-events.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* \brief Main decoding function for PPPOE Discovery packets
@ -47,9 +48,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
break;
default:
#ifdef DEBUG
printf("Unknown PPPOE code: %" PRIx32 "\n",ntohs(p->pppoedh->pppoe_code));
#endif
SCLogDebug("unknown PPPOE code: %" PRIx32 "",ntohs(p->pppoedh->pppoe_code));
DECODER_SET_EVENT(p,PPPOE_WRONG_CODE);
}
@ -62,9 +61,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
uint16_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ;
if (pppoe_length>packet_length) {
#ifdef DEBUG
printf("Malformed PPPOE tags\n");
#endif
SCLogDebug("malformed PPPOE tags");
DECODER_SET_EVENT(p,PPPOE_MALFORMED_TAGS);
}
@ -73,9 +70,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
tag_type = ntohs(pppoedt->pppoe_tag_type);
tag_length = ntohs(pppoedt->pppoe_tag_length);
#ifdef DEBUG
printf ("PPPoE Tag type %x, length %u\n", tag_type, tag_length);
#endif
SCLogDebug ("PPPoE Tag type %x, length %u", tag_type, tag_length);
if (pppoe_length >= 4+tag_length) {
pppoe_length -= (4 + tag_length);
@ -110,10 +105,8 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
if (p->pppoesh == NULL)
return;
#ifdef DEBUG
printf("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "\n",
SCLogDebug("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "",
p->pppoesh->pppoe_version, p->pppoesh->pppoe_type, p->pppoesh->pppoe_code, ntohs(p->pppoesh->session_id), ntohs(p->pppoesh->pppoe_length));
#endif
/* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */
@ -185,9 +178,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
break;
default:
#ifdef DEBUG
printf("Unknown PPP protocol: %" PRIx32 "\n",ntohs(p->ppph->protocol));
#endif
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
return;
}

@ -12,6 +12,7 @@
#include "util-byte.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* \brief Regex for parsing our options
@ -159,11 +160,10 @@ int DetectBytejumpMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
#ifdef DEBUG
{
if (SCLogDebugEnabled()) {
uint8_t *sptr = (data->flags & DETECT_BYTEJUMP_BEGIN) ? p->payload
: ptr;
printf("DetectBytejumpMatch: Jumping %" PRId64 " bytes "
"from %p (%08x) to %p (%08x)\n",
SCLogDebug("jumping %" PRId64 " bytes from %p (%08x) to %p (%08x)",
val, sptr, (int)(sptr - p->payload),
jumpptr, (int)(jumpptr - p->payload));
}

@ -12,6 +12,8 @@
#include "util-byte.h"
#include "util-unittest.h"
#include "util-debug.h"
/**
* \brief Regex for parsing our options
@ -120,11 +122,9 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
"bytes of string data: %d\n", data->nbytes, extbytes);
return -1;
}
#ifdef DEBUG
printf("DetectBytetestMatch: Comparing base %d "
"string 0x%" PRIx64 " %s%c 0x%" PRIx64 "\n",
SCLogDebug("comparing base %d string 0x%" PRIx64 " %s%c 0x%" PRIx64 "",
data->base, val, (neg ? "!" : ""), data->op, data->value);
#endif /* DEBUG */
}
else {
int endianness = (data->flags & DETECT_BYTETEST_LITTLE) ? BYTE_LITTLE_ENDIAN : BYTE_BIG_ENDIAN;
@ -135,11 +135,8 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
return -1;
}
#ifdef DEBUG
printf("DetectBytetestMatch: Comparing numeric 0x%" PRIx64
" %s%c 0x%" PRIx64 "\n",
SCLogDebug("comparing numeric 0x%" PRIx64 " %s%c 0x%" PRIx64 "",
val, (neg ? "!" : ""), data->op, data->value);
#endif /* DEBUG */
}
@ -178,15 +175,11 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
/* A successful match depends on negation */
if ((!neg && match) || (neg && !match)) {
#ifdef DEBUG
printf("DetectBytetestMatch: MATCH\n");
#endif /* DEBUG */
SCLogDebug("MATCH");
return 1;
}
#ifdef DEBUG
printf("DetectBytetestMatch: NO MATCH\n");
#endif /* DEBUG */
SCLogDebug("NO MATCH");
return 0;
}

@ -22,6 +22,8 @@
#include "detect-engine-address-ipv6.h"
#include "detect-engine-port.h"
#include "util-debug.h"
//#define DEBUG
int DetectAddressSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
@ -594,9 +596,7 @@ int DetectAddressGroupSetup(DetectAddressGroupsHead *gh, char *s) {
DetectAddressData *ad = NULL;
int r = 0;
#ifdef DEBUG
printf("DetectAddressGroupSetup: gh %p, s %s\n", gh, s);
#endif
SCLogDebug("gh %p, s %s", gh, s);
/* parse the address */
ad = DetectAddressParse(s);
@ -740,9 +740,7 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* check if the negated list covers the entire ip space. If so
the user screwed up the rules/vars. */
if (DetectAddressGroupIsCompleteIPSpace(ghn) == 1) {
#ifdef DEBUG
printf("DetectAddressGroupMergeNot: complete IP space negated\n");
#endif
goto error;
}
@ -794,13 +792,13 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* step 2: pull the address blocks that match our 'not' blocks */
for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
#ifdef DEBUG
printf("DetectAddressGroupMergeNot: ag %p ", ag); DetectAddressDataPrint(ag->ad); printf("\n");
#endif
SCLogDebug("ag %p", ag);
DetectAddressDataPrint(ag->ad);
for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
#ifdef DEBUG
printf("DetectAddressGroupMergeNot: ag2 %p ", ag2); DetectAddressDataPrint(ag2->ad); printf("\n");
#endif
SCLogDebug("ag2 %p", ag2);
DetectAddressDataPrint(ag2->ad);
r = DetectAddressCmp(ag->ad,ag2->ad);
if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
if (ag2->prev == NULL) {
@ -849,9 +847,7 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* if the result is that we have no addresses we return error */
if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
#ifdef DEBUG
printf("DetectAddressGroupMergeNot: no addresses left after merge\n");
#endif
printf("no addresses left after merging addresses and not-addresses\n");
goto error;
}
@ -864,9 +860,7 @@ error:
int DetectAddressGroupParse(DetectAddressGroupsHead *gh, char *str) {
int r;
#ifdef DEBUG
printf("DetectAddressGroupParse: gh %p, str %s\n", gh, str);
#endif
SCLogDebug("gh %p, str %s", gh, str);
DetectAddressGroupsHead *ghn = DetectAddressGroupsHeadInit();
if (ghn == NULL) {
@ -1261,24 +1255,24 @@ void DetectAddressDataPrint(DetectAddressData *ad) {
printf("ANY");
} else if (ad->family == AF_INET) {
struct in_addr in;
char s[16];
char ip[16], mask[16];
memcpy(&in, &ad->ip[0], sizeof(in));
inet_ntop(AF_INET, &in, s, sizeof(s));
printf("%s/", s);
inet_ntop(AF_INET, &in, ip, sizeof(ip));
memcpy(&in, &ad->ip2[0], sizeof(in));
inet_ntop(AF_INET, &in, s, sizeof(s));
printf("%s", s);
inet_ntop(AF_INET, &in, mask, sizeof(mask));
SCLogDebug("%s/%s", ip, mask);
} else if (ad->family == AF_INET6) {
struct in6_addr in6;
char s[66];
char ip[66], mask[66];
memcpy(&in6, &ad->ip, sizeof(in6));
inet_ntop(AF_INET6, &in6, s, sizeof(s));
printf("%s/", s);
inet_ntop(AF_INET6, &in6, ip, sizeof(ip));
memcpy(&in6, &ad->ip2, sizeof(in6));
inet_ntop(AF_INET6, &in6, s, sizeof(s));
printf("%s", s);
inet_ntop(AF_INET6, &in6, mask, sizeof(mask));
SCLogDebug("%s/%s", ip, mask);
}
}

@ -20,6 +20,8 @@
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
#include "util-debug.h"
//#define DEBUG
int DetectPortSetupTmp (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
@ -185,23 +187,24 @@ int DetectPortInsertCopy(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort
return DetectPortInsert(de_ctx, head, copy);
}
//#define DBG
/* function for inserting a port group oject. This also makes sure
* SigGroupContainer lists are handled correctly.
/** \brief function for inserting a port group object. This also makes sure
* SigGroupContainer lists are handled correctly.
*
* returncodes
* -1: error
* 0: not inserted, memory of new is freed
* 1: inserted
* \retval -1 error
* \retval 0 not inserted, memory of new is freed
* \retval 1 inserted
* */
int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new) {
if (new == NULL)
return 0;
#ifdef DBG
printf("DetectPortInsert: head %p, new %p\n", head, new);
printf("DetectPortInsert: inserting (sig %" PRIu32 ") ", new->sh ? new->sh->sig_cnt : 0); DetectPortPrint(new); printf("\n");
DetectPortPrintList(*head);
#ifdef DEBUG
SCLogDebug("head %p, new %p", head, new);
SCLogDebug("inserting (sig %" PRIu32 ")", new->sh ? new->sh->sig_cnt : 0);
if (SCLogDebugEnabled()) {
DetectPortPrint(new);
DetectPortPrintList(*head);
}
#endif
/* see if it already exists or overlaps with existing ag's */
@ -210,21 +213,18 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
int r = 0;
for (cur = *head; cur != NULL; cur = cur->next) {
// printf("DetectPortInsert: cur %p ",cur); DetectPortPrint(cur); printf("\n");
// DetectPortPrintList(cur);
// printf("DetectPortInsert: cur end ========\n");
r = DetectPortCmp(new,cur);
if (r == PORT_ER) {
printf("PORT_ER DetectPortCmp compared:\n");
DetectPortPrint(new); printf(" vs. ");
DetectPortPrint(cur); printf("\n");
SCLogDebug("PORT_ER DetectPortCmp compared:");
if (SCLogDebugEnabled()) {
DetectPortPrint(new);
DetectPortPrint(cur);
}
goto error;
}
/* if so, handle that */
if (r == PORT_EQ) {
#ifdef DBG
printf("DetectPortInsert: PORT_EQ %p %p\n", cur, new);
#endif
SCLogDebug("PORT_EQ %p %p", cur, new);
/* exact overlap/match */
if (cur != new) {
SigGroupHeadCopySigs(de_ctx,new->sh,&cur->sh);
@ -234,34 +234,21 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
}
return 1;
} else if (r == PORT_GT) {
#ifdef DBG
printf("DetectPortInsert: PORT_GT (cur->next %p)\n", cur->next);
#endif
SCLogDebug("PORT_GT (cur->next %p)", cur->next);
/* only add it now if we are bigger than the last
* group. Otherwise we'll handle it later. */
if (cur->next == NULL) {
#ifdef DBG
printf("DetectPortInsert: adding GT\n");
#endif
SCLogDebug("adding GT");
/* put in the list */
new->prev = cur;
cur->next = new;
/*
printf("DetectPortInsert: cur %p ",cur); DetectPortPrint(cur); printf("\n");
DetectPortPrintList(cur);
printf("DetectPortInsert: cur end ========\n");
printf("DetectPortInsert: new %p ",new); DetectPortPrint(new); printf("\n");
DetectPortPrintList(new);
printf("DetectPortInsert: new end ========\n");
*/
return 1;
} else {
//printf("cur->next "); DetectPortPrint(cur->next); printf("\n");
}
} else if (r == PORT_LT) {
#ifdef DBG
printf("DetectPortInsert: PORT_LT\n");
#endif
SCLogDebug("PORT_LT");
/* see if we need to insert the ag anywhere */
/* put in the list */
if (cur->prev != NULL)
@ -280,9 +267,7 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
* lets handle the more complex ones now */
} else if (r == PORT_ES) {
#ifdef DBG
printf("DetectPortInsert: PORT_ES\n");
#endif
SCLogDebug("PORT_ES");
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
@ -290,16 +275,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new);
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C (%p) ",c); DetectPortPrint(c); printf("\n");
#endif
SCLogDebug("inserting C (%p)",c);
if (SCLogDebugEnabled()) {
DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c);
}
return 1;
} else if (r == PORT_EB) {
#ifdef DBG
printf("DetectPortInsert: PORT_EB\n");
#endif
SCLogDebug("PORT_EB");
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
@ -307,16 +291,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new);
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
SCLogDebug("inserting C");
if (SCLogDebugEnabled()) {
DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c);
}
return 1;
} else if (r == PORT_LE) {
#ifdef DBG
printf("DetectPortInsert: PORT_LE\n");
#endif
SCLogDebug("PORT_LE");
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
@ -324,16 +307,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new);
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
SCLogDebug("inserting C");
if (SCLogDebugEnabled()) {
DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c);
}
return 1;
} else if (r == PORT_GE) {
#ifdef DBG
printf("DetectPortInsert: PORT_GE\n");
#endif
SCLogDebug("PORT_GE");
DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1)
@ -341,9 +323,10 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new);
if (c != NULL) {
#ifdef DBG
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n");
#endif
SCLogDebug("inserting C");
if (SCLogDebugEnabled()) {
DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c);
}
return 1;
@ -352,9 +335,7 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
/* head is NULL, so get a group and set head to it */
} else {
#ifdef DBG
printf("DetectPortInsert: Setting new head\n");
#endif
SCLogDebug("setting new head %p", new);
*head = new;
}
@ -800,9 +781,9 @@ void DetectPortPrint(DetectPort *dp) {
return;
if (dp->flags & PORT_FLAG_ANY) {
printf("ANY");
SCLogDebug("ANY");
} else {
printf("%" PRIu32 "-%" PRIu32, dp->port, dp->port2);
SCLogDebug("%" PRIu32 "-%" PRIu32 "", dp->port, dp->port2);
}
}
@ -851,9 +832,7 @@ static int DetectPortParseInsertString(DetectPort **head, char *s) {
DetectPort *ad = NULL;
int r = 0;
#ifdef DEBUG
printf("DetectPortParseInsertString: head %p, *head %p, s %s\n", head, *head, s);
#endif
SCLogDebug("head %p, *head %p, s %s", head, *head, s);
/* parse the address */
ad = PortParse(s);
@ -912,9 +891,7 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
size_t size = strlen(s);
char address[1024] = "";
#ifdef DEBUG
printf("DetectPortParseDo: head %p, *head %p\n", head, *head);
#endif
SCLogDebug("head %p, *head %p", head, *head);
for (i = 0, x = 0; i < size && x < sizeof(address); i++) {
address[x] = s[i];
@ -922,10 +899,10 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
if (s[i] == ':') {
range = 1;
} else if (range == 1 && s[i] == '!') {
#ifdef DEBUG
}
if (range == 1 && s[i] == '!') {
printf("Can't have a negated value in a range.\n");
#endif
return -1;
} else if (!o_set && s[i] == '!') {
n_set = 1;
@ -937,21 +914,23 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
}
depth++;
} else if (s[i] == ']') {
range = 0;
if (depth == 1) {
address[x-1] = '\0';
SCLogDebug("%s", address);
x = 0;
DetectPortParseDo(head,nhead,address,negate ? negate : n_set);
n_set = 0;
}
depth--;
} else if (depth == 0 && s[i] == ',') {
range = 0;
} else if (depth == 0 && s[i] == ',') {
if (o_set == 1) {
o_set = 0;
} else {
address[x-1] = '\0';
SCLogDebug("%s", address);
if (negate == 0 && n_set == 0) {
DetectPortParseInsertString(head,address);
} else {
@ -960,9 +939,12 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
n_set = 0;
}
x = 0;
range = 0;
} else if (depth == 0 && i == size-1) {
range = 0;
address[x] = '\0';
SCLogDebug("%s", address);
x = 0;
if (negate == 0 && n_set == 0) {
@ -1032,9 +1014,7 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
* we have a pure not thingy. In that case we add a 0:65535
* first. */
if (*head == NULL && *nhead != NULL) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: inserting 0:65535 into head\n");
#endif
SCLogDebug("inserting 0:65535 into head");
r = DetectPortParseInsertString(head,"0:65535");
if (r < 0) {
goto error;
@ -1057,13 +1037,13 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
/* step 2: pull the address blocks that match our 'not' blocks */
for (ag = *nhead; ag != NULL; ag = ag->next) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: ag %p ", ag); DetectPortPrint(ag); printf("\n");
#endif
SCLogDebug("ag %p", ag);
DetectPortPrint(ag);
for (ag2 = *head; ag2 != NULL; ) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: ag2 %p ", ag2); DetectPortPrint(ag2); printf("\n");
#endif
SCLogDebug("ag2 %p", ag2);
DetectPortPrint(ag2);
r = DetectPortCmp(ag,ag2);
if (r == PORT_EQ || r == PORT_EB) { /* XXX more ??? */
if (ag2->prev == NULL) {
@ -1086,15 +1066,12 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
}
for (ag2 = *head; ag2 != NULL; ag2 = ag2->next) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: ag2 %p ", ag2); DetectPortPrint(ag2); printf("\n");
#endif
SCLogDebug("ag2 %p", ag2);
DetectPortPrint(ag2);
}
if (*head == NULL) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: no ports left after merge\n");
#endif
goto error;
}
@ -1106,9 +1083,7 @@ error:
int DetectPortParse(DetectPort **head, char *str) {
int r;
#ifdef DEBUG
printf("DetectPortParse: str %s\n", str);
#endif
SCLogDebug("str %s", str);
/* negate port list */
DetectPort *nhead = NULL;
@ -1118,9 +1093,7 @@ int DetectPortParse(DetectPort **head, char *str) {
goto error;
}
#ifdef DEBUG
printf("DetectPortParse: head %p %p, nhead %p\n", head, *head, nhead);
#endif
SCLogDebug("head %p %p, nhead %p", head, *head, nhead);
/* merge the 'not' address groups */
if (DetectPortParseMergeNotPorts(head,&nhead) < 0) {
@ -1446,6 +1419,26 @@ end:
return result;
}
int PortTestParse09 (void) {
DetectPort *dd = NULL;
int result = 0;
int r = DetectPortParse(&dd,"1024:");
if (r != 0)
goto end;
if (dd == NULL)
goto end;
if (dd->port != 1024 || dd->port2 != 0xffff)
goto end;
DetectPortCleanupList(dd);
result = 1;
end:
return result;
}
void DetectPortTests(void) {
UtRegisterTest("PortTestParse01", PortTestParse01, 1);
@ -1456,5 +1449,6 @@ void DetectPortTests(void) {
UtRegisterTest("PortTestParse06", PortTestParse06, 1);
UtRegisterTest("PortTestParse07", PortTestParse07, 1);
UtRegisterTest("PortTestParse08", PortTestParse08, 1);
UtRegisterTest("PortTestParse09", PortTestParse09, 1);
}

@ -14,6 +14,7 @@
#include "detect-pcre.h"
#include "util-unittest.h"
#include "util-debug.h"
#define DETECT_FLOWVAR_NOT_USED 1
#define DETECT_FLOWVAR_TYPE_READ 2
@ -783,7 +784,7 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
int i = 0;
printf("Ordering Signatures in memory\n");
SCLogInfo("ordering signatures in memory");
sig = de_ctx->sig_list;
while (sig != NULL) {
@ -824,10 +825,8 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
}
#ifndef UNITTESTS
printf("SCSigOrderSignatures: Total Signatures reordered by the sigordering"
"module: %d\n", i);
SCLogInfo("total signatures reordered by the sigordering module: %d", i);
#endif
return;
}
@ -844,7 +843,7 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
*/
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
{
printf("Registering Signature Ordering functions\n");
SCLogDebug("registering signature ordering functions");
SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByAction);
SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByFlowbits);

@ -11,6 +11,7 @@
#include "detect-flowvar.h"
#include "util-binsearch.h"
#include "util-var-name.h"
#include "util-debug.h"
#define PARSE_REGEX "(.*),(.*)"
static pcre *parse_regex;
@ -157,9 +158,6 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF;
#ifdef DEBUG
printf("Binstr %" PRIX32 "\n", c);
#endif
binpos = 0;
str[x] = c;
x++;
@ -175,11 +173,13 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
}
#ifdef DEBUG
for (i = 0; i < x; i++) {
if (isprint(str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]);
if (SCLogDebugEnabled()) {
for (i = 0; i < x; i++) {
if (isprint(str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]);
}
printf("\n");
}
printf("\n");
#endif
if (converted)

@ -571,6 +571,26 @@ end:
return result;
}
int SigParseTest03 (void) {
int result = 1;
Signature *sig = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
sig = SigInit(de_ctx, "alert tcp 1.2.3.4 1024: -> !1.2.3.4 1024: (msg:\"SigParseTest03\"; sid:1;)");
if (sig == NULL) {
result = 0;
goto end;
}
SigFree(sig);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
/**
* \test check that we don't allow invalid negation options
*/
@ -745,9 +765,6 @@ static int SigParseTestNegation07 (void) {
end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
//printf("%s\n", result?"ok":"fail");
//exit(1);
return result;
}
@ -755,6 +772,7 @@ end:
void SigParseRegisterTests(void) {
UtRegisterTest("SigParseTest01", SigParseTest01, 1);
UtRegisterTest("SigParseTest02", SigParseTest02, 1);
UtRegisterTest("SigParseTest03", SigParseTest03, 1);
UtRegisterTest("SigParseTestNegation01", SigParseTestNegation01, 1);
UtRegisterTest("SigParseTestNegation02", SigParseTestNegation02, 1);
UtRegisterTest("SigParseTestNegation03", SigParseTestNegation03, 1);

@ -9,6 +9,7 @@
#include "pkt-var.h"
#include "detect-pktvar.h"
#include "util-binsearch.h"
#include "util-debug.h"
#define PARSE_REGEX "(.*),(.*)"
static pcre *parse_regex;
@ -105,9 +106,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
varcontent = (char *)str_ptr;
}
#ifdef DEBUG
printf("DetectPktvarSetup: varname %s, varcontent %s\n", varname, varcontent);
#endif
SCLogDebug("varname %s, varcontent %s", varname, varcontent);
if (varcontent[0] == '\"' && varcontent[strlen(varcontent)-1] == '\"') {
str = strdup(varcontent+1);
@ -154,9 +153,6 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF;
#ifdef DEBUG
printf("Binstr %" PRIX32 "\n", c);
#endif
binpos = 0;
str[x] = c;
x++;
@ -172,11 +168,13 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
}
}
#ifdef DEBUG
if (SCLogDebugEnabled()) {
for (i = 0; i < x; i++) {
if (isprint(str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]);
}
printf("\n");
}
#endif
if (converted)

@ -18,6 +18,8 @@
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#define DEFAULT_LOG_FILENAME "http.log"
int LogHttplog (ThreadVars *, Packet *, void *, PacketQueue *);
@ -211,6 +213,6 @@ void LogHttplogExitPrintStats(ThreadVars *tv, void *data) {
return;
}
printf(" - (%s) HTTP requests %" PRIu32 ".\n", tv->name, aft->uri_cnt);
SCLogInfo("(%s) HTTP requests %" PRIu32 "", tv->name, aft->uri_cnt);
}

@ -133,7 +133,7 @@ int ReceivePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
}
if (TmThreadsCheckFlag(tv, THV_KILL) || TmThreadsCheckFlag(tv, THV_PAUSE)) {
printf("ReceivePcap: interrupted.\n");
SCLogInfo("pcap packet reading interrupted");
return 0;
}
}
@ -231,7 +231,7 @@ int ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
ptv->tv = tv;
printf("ReceivePcapThreadInit: using interface %s\n", (char *)initdata);
SCLogInfo("using interface %s", (char *)initdata);
char errbuf[PCAP_ERRBUF_SIZE] = "";
ptv->pcap_handle = pcap_open_live((char *)initdata, LIBPCAP_SNAPLEN,
@ -256,7 +256,7 @@ int ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
void ReceivePcapThreadExitStats(ThreadVars *tv, void *data) {
PcapThreadVars *ptv = (PcapThreadVars *)data;
printf(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".\n", tv->name, ptv->pkts, ptv->bytes);
SCLogInfo("(%s) Packets %" PRIu32 ", bytes %" PRIu64 "", tv->name, ptv->pkts, ptv->bytes);
return;
}

@ -24,7 +24,6 @@
#include "util-pool.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-debug.h"
#include "stream-tcp.h"
#include "stream-tcp-private.h"
@ -34,6 +33,7 @@
#include "app-layer-detect-proto.h"
#include "util-debug.h"
//#define DEBUG
#ifdef DEBUG
@ -1549,20 +1549,21 @@ static int StreamTcpCheckStreamContents(uint8_t *stream_policy, uint16_t sp_size
uint8_t j;
#ifdef DEBUG
TcpSegment *temp1;
printf("check stream !!\n");
for (temp1 = stream->seg_list; temp1 != NULL; temp1 = temp1->next)
PrintRawDataFp(stdout, temp1->payload, temp1->payload_len);
if (SCLogDebugEnabled()) {
TcpSegment *temp1;
for (temp1 = stream->seg_list; temp1 != NULL; temp1 = temp1->next)
PrintRawDataFp(stdout, temp1->payload, temp1->payload_len);
PrintRawDataFp(stdout, stream_policy, sp_size);
PrintRawDataFp(stdout, stream_policy, sp_size);
}
#endif
for (temp = stream->seg_list; temp != NULL; temp = temp->next) {
j = 0;
for (; j < temp->payload_len; j++) {
#ifdef DEBUG
printf("i is %" PRIu32 " and len is %" PRIu32 " stream %" PRIx32 " and temp is %" PRIx32 "\n", i, temp->payload_len, stream_policy[i], temp->payload[j]);
#endif
SCLogDebug("i %"PRIu16", len %"PRIu32", stream %"PRIx32" and temp is %"PRIx8"",
i, temp->payload_len, stream_policy[i], temp->payload[j]);
if (stream_policy[i] == temp->payload[j]) {
i++;
continue;
@ -1618,14 +1619,12 @@ static int StreamTcpCheckQueue (uint8_t *stream_contents, StreamMsgQueue *q, uin
break;
}
#ifdef DEBUG
printf("Gap is %" PRIu32"\n", msg->gap.gap_size);
#endif
SCLogDebug("gap is %" PRIu32"", msg->gap.gap_size);
j = 0;
for (; j < msg->data.data_len; j++) {
#ifdef DEBUG
printf("i is %" PRIu32 " and len is %" PRIu32 " and temp is %" PRIx32 "\n", i, msg->data.data_len, msg->data.data[j]);
#endif
SCLogDebug("i is %" PRIu32 " and len is %" PRIu32 " and temp is %" PRIx32 "", i, msg->data.data_len, msg->data.data[j]);
if (stream_contents[i] == msg->data.data[j]) {
i++;
continue;

@ -1502,7 +1502,7 @@ void StreamTcpExitPrintStats(ThreadVars *tv, void *data) {
return;
}
printf(" - (%s) Packets %" PRIu64 ".\n", tv->name, stt->pkts);
SCLogInfo("(%s) Packets %" PRIu64 "", tv->name, stt->pkts);
}
/**

@ -397,7 +397,7 @@ SCError SCLogMessage(SCLogLevel log_level, char **msg, const char *file,
}
temp_fmt++;
}
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN, "%s - ", substr);
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN, "%s", substr);
if (cw < 0)
goto error;
@ -813,7 +813,7 @@ static inline void SCLogSetOPFilter(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
}
#ifdef DEBUG
printf("SCLogSetOPFilter: filter %s\n", filter ? filter : "no filter");
printf("SCLogSetOPFilter: filter: %s\n", filter ? filter : "<no filter>");
#endif
return;

@ -168,46 +168,48 @@ extern int sc_log_module_cleaned;
#define SCLog(x, ...) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \
char _sc_log_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *_sc_log_temp = _sc_log_msg; \
if ( !( \
(sc_log_global_log_level >= x) && \
SCLogMessage(x, &temp, \
SCLogMessage(x, &_sc_log_temp, \
__FILE__, \
__LINE__, \
__FUNCTION__) \
== SC_OK) ) \
{ } else { \
snprintf(temp, \
snprintf(_sc_log_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \
(_sc_log_msg - _sc_log_temp)), \
__VA_ARGS__); \
SCLogOutputBuffer(x, msg); \
SCLogOutputBuffer(x, _sc_log_msg); \
} \
} while(0)
#define SCLogErr(x, err, ...) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \
char _sc_log_err_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *_sc_log_err_temp = _sc_log_err_msg; \
if ( !( \
(sc_log_global_log_level >= x) && \
SCLogMessage(x, &temp, \
SCLogMessage(x, &_sc_log_err_temp,\
__FILE__, \
__LINE__, \
__FUNCTION__) \
== SC_OK) ) \
{ } else { \
temp = temp + snprintf(temp, \
_sc_log_err_temp = \
_sc_log_err_temp + \
snprintf(_sc_log_err_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \
(_sc_log_err_msg - _sc_log_err_temp)), \
"[ERRCODE: %s(%d)] - ", \
SCErrorToString(err), \
err); \
snprintf(temp, \
snprintf(_sc_log_err_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \
(_sc_log_err_msg - _sc_log_err_temp)), \
__VA_ARGS__); \
SCLogOutputBuffer(x, msg); \
SCLogOutputBuffer(x, _sc_log_err_msg); \
} \
} while(0)
@ -316,18 +318,19 @@ extern int sc_log_module_cleaned;
* \retval f An argument can be supplied, although it is not used
*/
#define SCEnter(f) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \
char _sc_enter_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *_sc_enter_temp = _sc_enter_msg; \
if (sc_log_global_log_level >= SC_LOG_DEBUG &&\
SCLogCheckFDFilterEntry(__FUNCTION__) && \
SCLogMessage(SC_LOG_DEBUG, &temp, \
SCLogMessage(SC_LOG_DEBUG, &_sc_enter_temp, \
__FILE__, \
__LINE__, \
__FUNCTION__) == SC_OK) { \
snprintf(temp, (SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \
snprintf(_sc_enter_temp, (SC_LOG_MAX_LOG_MSG_LEN - \
(_sc_enter_msg - _sc_enter_temp)), \
"%s", "Entering ... >>"); \
SCLogOutputBuffer(SC_LOG_DEBUG, msg); \
SCLogOutputBuffer(SC_LOG_DEBUG, \
_sc_enter_msg); \
} \
} while(0)

Loading…
Cancel
Save