From ba6d807a6efc23a2229926d97aed5498f3b1a06c Mon Sep 17 00:00:00 2001 From: Gerardo Iglesias Galvan Date: Mon, 1 Feb 2010 17:01:05 +0100 Subject: [PATCH] Improve information about errors on signature failure --- src/detect-ack.c | 3 ++- src/detect-bytejump.c | 20 +++++++++---------- src/detect-bytetest.c | 16 +++++++-------- src/detect-classtype.c | 14 ++++++------- src/detect-content.c | 6 ++++-- src/detect-csum.c | 29 ++++++++++++++------------- src/detect-dce-iface.c | 2 +- src/detect-dce-opnum.c | 8 ++++---- src/detect-decode-event.c | 10 +++++++--- src/detect-distance.c | 4 ++-- src/detect-fast-pattern.c | 4 ++-- src/detect-flags.c | 10 +++++----- src/detect-flow.c | 41 ++++++++++++++++++++------------------- src/detect-flowbits.c | 16 +++++++-------- src/detect-flowint.c | 20 ++++++++++--------- src/detect-flowvar.c | 12 ++++++------ src/detect-fragbits.c | 13 +++++++++---- src/detect-gid.c | 9 +++++---- src/detect-icmp-id.c | 4 ++-- src/detect-icode.c | 8 ++++---- src/detect-id.c | 18 ++++++++--------- src/detect-ipopts.c | 9 ++++++--- src/detect-ipproto.c | 16 +++++++-------- src/detect-isdataat.c | 22 +++++++++++---------- src/detect-itype.c | 8 ++++---- src/detect-msg.c | 2 +- src/detect-noalert.c | 3 ++- src/detect-nocase.c | 4 +++- src/detect-parse.c | 10 +++++----- src/detect-pcre.c | 25 ++++++++++++------------ src/detect-pktvar.c | 12 ++++++------ src/detect-priority.c | 8 ++++---- src/detect-rawbytes.c | 8 +++++--- src/detect-rpc.c | 16 +++++++-------- src/detect-seq.c | 3 ++- src/detect-stream_size.c | 15 +++++++------- src/detect-threshold.c | 14 ++++++++----- src/detect-tls-version.c | 11 ++++++----- src/detect-ttl.c | 14 ++++++------- src/detect-window.c | 11 ++++++----- src/util-error.c | 7 +++++++ src/util-error.h | 4 ++++ 42 files changed, 267 insertions(+), 222 deletions(-) diff --git a/src/detect-ack.c b/src/detect-ack.c index 41a415d8f9..c34a0839e8 100644 --- a/src/detect-ack.c +++ b/src/detect-ack.c @@ -20,6 +20,7 @@ #include "util-byte.h" #include "util-unittest.h" +#include "util-debug.h" static int DetectAckSetup(DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr); @@ -84,7 +85,7 @@ static int DetectAckSetup(DetectEngineCtx *de_ctx, Signature *s, data = malloc(sizeof(DetectAckData)); if (data == NULL) { - printf("DetectAckSetup: malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 68ac1b5fb1..4e48016472 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -249,7 +249,7 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr) /* Initialize the data */ data = malloc(sizeof(DetectBytejumpData)); if (data == NULL) { - SCLogError(SC_ERR_MEM_ALLOC,"malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC,"malloc failed %s", strerror(errno)); goto error; } data->base = DETECT_BYTEJUMP_BASE_UNSET; @@ -264,13 +264,13 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr) /* Number of bytes */ if (ByteExtractStringUint32(&nbytes, 10, strlen(args[0]), args[0]) <= 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed number of bytes: %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", optstr); goto error; } /* Offset */ if (ByteExtractStringInt32(&data->offset, 0, strlen(args[1]), args[1]) <= 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed offset: %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed offset: %s", optstr); goto error; } @@ -303,7 +303,7 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr) strlen(args[i]) - 11, args[i] + 11) <= 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed multiplier: %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed multiplier: %s", optstr); goto error; } } else if (strncasecmp("post_offset ", args[i], 12) == 0) { @@ -311,11 +311,11 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr) strlen(args[i]) - 12, args[i] + 12) <= 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Malformed post_offset: %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed post_offset: %s", optstr); goto error; } } else { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Unknown option: \"%s\"", args[i]); + SCLogError(SC_ERR_INVALID_VALUE, "Unknown option: \"%s\"", args[i]); goto error; } } @@ -329,18 +329,18 @@ DetectBytejumpData *DetectBytejumpParse(char *optstr) * "01777777777777777777777" = 0xffffffffffffffff */ if (nbytes > 23) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot test more than 23 bytes " + SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 23 bytes " "with \"string\": %s", optstr); goto error; } } else { if (nbytes > 8) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot test more than 8 bytes " - "without \"string\": %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 8 bytes " + "without \"string\": %s\n", optstr); goto error; } if (data->base != DETECT_BYTEJUMP_BASE_UNSET) { - SCLogError(SC_ERR_INVALID_SIGNATURE,"Cannot use a base " + SCLogError(SC_ERR_INVALID_VALUE, "Cannot use a base " "without \"string\": %s", optstr); goto error; } diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 433880b326..7845e943df 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -242,7 +242,7 @@ DetectBytetestData *DetectBytetestParse(char *optstr) /* Number of bytes */ if (ByteExtractStringUint32(&nbytes, 10, 0, args[0]) <= 0) { - SCLogDebug("Malformed number of bytes: %s", str_ptr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed number of bytes: %s", str_ptr); goto error; } @@ -264,19 +264,19 @@ DetectBytetestData *DetectBytetestParse(char *optstr) } else if (strcmp("^", args[2]) == 0) { data->op |= DETECT_BYTETEST_OP_OR; } else { - // XXX Error + SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator"); goto error; } /* Value */ if (ByteExtractStringUint64(&data->value, 0, 0, args[3]) <= 0) { - SCLogDebug("Malformed value: %s", str_ptr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed value: %s", str_ptr); goto error; } /* Offset */ if (ByteExtractStringInt32(&data->offset, 0, 0, args[4]) <= 0) { - SCLogDebug(" Malformed offset: %s", str_ptr); + SCLogError(SC_ERR_INVALID_VALUE, " Malformed offset: %s", str_ptr); goto error; } @@ -301,7 +301,7 @@ DetectBytetestData *DetectBytetestParse(char *optstr) } else if (strcasecmp("little", args[i]) == 0) { data->flags |= DETECT_BYTETEST_LITTLE; } else { - SCLogDebug("Unknown option: \"%s\"", args[i]); + SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown value: \"%s\"", args[i]); goto error; } } @@ -315,18 +315,18 @@ DetectBytetestData *DetectBytetestParse(char *optstr) * "01777777777777777777777" = 0xffffffffffffffff */ if (nbytes > 23) { - SCLogDebug("Cannot test more than 23 bytes with \"string\": %s", + SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 23 bytes with \"string\": %s", optstr); goto error; } } else { if (nbytes > 8) { - SCLogDebug("Cannot test more than 8 bytes without \"string\": %s", + SCLogError(SC_ERR_INVALID_VALUE, "Cannot test more than 8 bytes without \"string\": %s", optstr); goto error; } if (data->base != DETECT_BYTETEST_BASE_UNSET) { - SCLogDebug("Cannot use a base without \"string\": %s", optstr); + SCLogError(SC_ERR_INVALID_VALUE, "Cannot use a base without \"string\": %s", optstr); goto error; } } diff --git a/src/detect-classtype.c b/src/detect-classtype.c index 4166009f81..0fd380adca 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -43,14 +43,14 @@ void DetectClasstypeRegister(void) regex = pcre_compile(DETECT_CLASSTYPE_REGEX, opts, &eb, &eo, NULL); if (regex == NULL) { - SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s", + SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", DETECT_CLASSTYPE_REGEX, eo, eb); goto end; } regex_study = pcre_study(regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto end; } @@ -76,20 +76,20 @@ static inline const char *DetectClasstypeParseRawString(char *rawstr) if (rawstr[0] == '\"' && rawstr[strlen(rawstr) - 1] == '\"') { if ( (rawstr = strdup(rawstr + 1)) == NULL) { SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); - exit(EXIT_FAILURE); + goto end; } rawstr[strlen(rawstr) - 1] = '\0'; } ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30); if (ret < 0) { - SCLogWarning(SC_ERR_INVALID_SIGNATURE, "Invalid Classtype in Signature"); + SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature"); goto end; } ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &ct_name); if (ret < 0) { - SCLogInfo("pcre_get_substring() failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto end; } @@ -138,14 +138,14 @@ int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, SCClassConfClasstype *ct = NULL; if ( (parsed_ct_name = DetectClasstypeParseRawString(rawstr)) == NULL) { - SCLogDebug("Error parsing classtype argument supplied with the " + SCLogError(SC_ERR_PCRE_PARSE, "Error parsing classtype argument supplied with the " "classtype keyword"); goto error; } ct = DetectClasstypeGetClasstypeInfo(parsed_ct_name, de_ctx); if (ct == NULL) { - SCLogDebug("Unknown Classtype: \"%s\". Invalidating the Signature", + SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown Classtype: \"%s\". Invalidating the Signature", parsed_ct_name); goto error; } diff --git a/src/detect-content.c b/src/detect-content.c index bb9ebe7e49..dc99dbbdf2 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -587,8 +587,10 @@ DetectContentData *DetectContentParse (char *contentstr) uint16_t pos = 0; uint16_t slen = 0; - if ((temp = strdup(contentstr)) == NULL) + if ((temp = strdup(contentstr)) == NULL) { + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); goto error; + } if (strlen(temp) == 0) { free(temp); @@ -597,7 +599,7 @@ DetectContentData *DetectContentParse (char *contentstr) cd = malloc(sizeof(DetectContentData)); if (cd == NULL) { - printf("DetectContentParse malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } memset(cd, 0, sizeof(DetectContentData)); diff --git a/src/detect-csum.c b/src/detect-csum.c index 0ac717d592..b20f87a77a 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -12,6 +12,7 @@ #include "detect-csum.h" #include "util-unittest.h" +#include "util-debug.h" /* prototypes for the "ipv4-csum" rule keyword */ int DetectIPV4CsumMatch(ThreadVars *, DetectEngineThreadCtx *, Packet *, @@ -242,8 +243,8 @@ int DetectIPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_IPV4_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -339,8 +340,8 @@ int DetectTCPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_TCPV4_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -436,8 +437,8 @@ int DetectTCPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_TCPV6_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -533,8 +534,8 @@ int DetectUDPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_UDPV4_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -630,8 +631,8 @@ int DetectUDPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_UDPV6_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -726,8 +727,8 @@ int DetectICMPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_ICMPV4_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); @@ -822,8 +823,8 @@ int DetectICMPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, sm->type = DETECT_ICMPV6_CSUM; if ( (cd = malloc(sizeof(DetectCsumData))) == NULL) { - printf("Error allocating memory\n"); - exit(0); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); + goto error; } memset(cd, 0, sizeof(DetectCsumData)); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index c7107a6c0e..e49549893b 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -94,7 +94,7 @@ static inline DetectDceIfaceData *DetectDceIfaceArgParse(const char *arg) ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2) { - SCLogDebug("pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); goto error; } diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 5321c2f232..3375270e8f 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -51,14 +51,14 @@ void DetectDceOpnumRegister(void) parse_regex = pcre_compile(DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -119,7 +119,7 @@ static inline DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg) ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2) { - SCLogDebug("pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); goto error; } @@ -137,7 +137,7 @@ static inline DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg) if ( (dup_str = strdup(pcre_sub_str)) == NULL) { SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); - exit(EXIT_FAILURE); + goto error; } /* free the substring */ diff --git a/src/detect-decode-event.c b/src/detect-decode-event.c index d9372a42bd..2ca2cc2ea7 100644 --- a/src/detect-decode-event.c +++ b/src/detect-decode-event.c @@ -10,6 +10,8 @@ #include "flow-var.h" #include "decode-events.h" +#include "util-debug.h" + /* Need to get the DEvents[] array */ #define DETECT_EVENTS @@ -43,14 +45,14 @@ void DetectDecodeEventRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s\n", eb); goto error; } return; @@ -101,6 +103,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr) ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; } @@ -108,6 +111,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr) res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, &str_ptr); if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } @@ -123,7 +127,7 @@ DetectDecodeEventData *DetectDecodeEventParse (char *rawstr) de = malloc(sizeof(DetectDecodeEventData)); if (de == NULL) { - printf("DetectDecodeEventSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "Malloc failed"); goto error; } diff --git a/src/detect-distance.c b/src/detect-distance.c index 39d29f7610..cb2529b063 100644 --- a/src/detect-distance.c +++ b/src/detect-distance.c @@ -52,7 +52,7 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha DetectContentData *cd = (DetectContentData *)pm->ctx; if (cd == NULL) { - printf("DetectDistanceSetup: Unknown previous keyword!\n"); + SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous keyword!"); if (dubbed) free(str); return -1; } @@ -84,7 +84,7 @@ int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha DetectUricontentData *cd = (DetectUricontentData *)pm->ctx; cd->flags |= DETECT_URICONTENT_DISTANCE_NEXT; } else { - printf("DetectDistanceSetup: Unknown previous-previous keyword!\n"); + SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!"); goto error; } diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 7fbf89b3fd..0ab940ac86 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -54,7 +54,7 @@ int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, } if (m == NULL) { - SCLogWarning(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside the " + SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside the " "rule, without any preceding keywords"); return -1; } @@ -62,7 +62,7 @@ int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, if (m->type != DETECT_CONTENT) { m = SigMatchGetLastSM(s, DETECT_CONTENT); if (m == NULL) { - SCLogWarning(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside " + SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside " "the rule, without a content context. Please use a " "content keyword before using fast pattern"); return -1; diff --git a/src/detect-flags.c b/src/detect-flags.c index ca52d5f710..9be7f54373 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -56,14 +56,14 @@ void DetectFlagsRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -160,7 +160,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr) ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { - SCLogDebug("pcre match failed"); + SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed"); goto error; } @@ -168,7 +168,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr) res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr); if (res < 0) { - SCLogDebug("pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } @@ -182,7 +182,7 @@ static DetectFlagsData *DetectFlagsParse (char *rawstr) de = malloc(sizeof(DetectFlagsData)); if (de == NULL) { - printf("DetectFlagsSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-flow.c b/src/detect-flow.c index d693347e43..9faf467302 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -16,6 +16,7 @@ #include "detect-flow.h" #include "util-unittest.h" +#include "util-debug.h" /** * \brief Regex for parsing our flow options @@ -48,14 +49,14 @@ void DetectFlowRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -124,14 +125,14 @@ DetectFlowData *DetectFlowParse (char *flowstr) ret = pcre_exec(parse_regex, parse_regex_study, flowstr, strlen(flowstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { - //printf("DetectFlowParse: parse error, ret %" PRId32 ", string %s\n", ret, flowstr); + SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr); goto error; } if (ret > 1) { const char *str_ptr; res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectFlowParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; @@ -139,7 +140,7 @@ DetectFlowData *DetectFlowParse (char *flowstr) if (ret > 2) { res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectFlowParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; @@ -147,7 +148,7 @@ DetectFlowData *DetectFlowParse (char *flowstr) if (ret > 3) { res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { - printf("DetectFlowParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; @@ -156,7 +157,7 @@ DetectFlowData *DetectFlowParse (char *flowstr) fd = malloc(sizeof(DetectFlowData)); if (fd == NULL) { - printf("DetectFlowParse malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } fd->flags = 0; @@ -168,60 +169,60 @@ DetectFlowData *DetectFlowParse (char *flowstr) /* inspect our options and set the flags */ if (strcasecmp(args[i], "established") == 0) { if (fd->flags & FLOW_PKT_ESTABLISHED) { - //printf("DetectFlowParse error FLOW_PKT_ESTABLISHED flag is already set \n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_ESTABLISHED flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_STATELESS) { - //printf("DetectFlowParse error cannot set established, FLOW_PKT_STATELESS already set \n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS already set"); goto error; } fd->flags |= FLOW_PKT_ESTABLISHED; } else if (strcasecmp(args[i], "stateless") == 0) { if (fd->flags & FLOW_PKT_STATELESS) { - //printf("DetectFlowParse error FLOW_PKT_STATELESS flag is already set \n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "FLOW_PKT_STATELESS flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_ESTABLISHED) { - //printf("DetectFlowParse error cannot set FLOW_PKT_STATELESS, FLOW_PKT_ESTABLISHED already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_STATELESS, FLOW_PKT_ESTABLISHED already set"); goto error; } fd->flags |= FLOW_PKT_STATELESS; } else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) { if (fd->flags & FLOW_PKT_TOCLIENT) { - //printf("DetectFlowParse error cannot set FLOW_PKT_TOCLIENT flag is already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOCLIENT flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_TOSERVER) { - //printf("DetectFlowParse error cannot set to_client, FLOW_PKT_TOSERVER already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, FLOW_PKT_TOSERVER already set"); goto error; } fd->flags |= FLOW_PKT_TOCLIENT; } else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){ if (fd->flags & FLOW_PKT_TOSERVER) { - //printf("DetectFlowParse error cannot set FLOW_PKT_TOSERVER flag is already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set FLOW_PKT_TOSERVER flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_TOCLIENT) { - //printf("DetectFlowParse error cannot set to_server, FLOW_PKT_TO_CLIENT flag already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, FLOW_PKT_TO_CLIENT flag already set"); goto error; } fd->flags |= FLOW_PKT_TOSERVER; } else if (strcasecmp(args[i], "stream_only") == 0) { if (fd->flags & FLOW_PKT_STREAMONLY) { - //printf("DetectFlowParse error cannot set stream_only flag is already set \n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set stream_only flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_NOSTREAM) { - //printf("DetectFlowParse error cannot set stream_only flag, FLOW_PKT_NOSTREAM already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set stream_only flag, FLOW_PKT_NOSTREAM already set"); goto error; } fd->flags |= FLOW_PKT_STREAMONLY; } else if (strcasecmp(args[i], "no_stream") == 0) { if (fd->flags & FLOW_PKT_NOSTREAM) { - //printf("DetectFlowParse error cannot set no_stream flag is already set \n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag is already set"); goto error; } else if (fd->flags & FLOW_PKT_STREAMONLY) { - //printf("DetectFlowParse error cannot set no_stream flag, FLOW_PKT_STREAMONLY already set\n"); + SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, FLOW_PKT_STREAMONLY already set"); goto error; } fd->flags |= FLOW_PKT_NOSTREAM; } else { - //printf("invalid flow option %s\n",args[i]); + SCLogError(SC_ERR_INVALID_VALUE, "invalid flow option \"%s\"", args[i]); goto error; } diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index a82903163b..e4d5f143b2 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -46,14 +46,14 @@ void DetectFlowbitsRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -126,7 +126,7 @@ int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p case DETECT_FLOWBITS_CMD_TOGGLE: return DetectFlowbitMatchToggle(p,fd); default: - printf("ERROR: DetectFlowbitMatch unknown cmd %" PRIu32 "\n", fd->cmd); + SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", fd->cmd); return 0; } @@ -145,14 +145,14 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2 && ret != 3) { - printf("ERROR: \"%s\" is not a valid setting for flowbits.\n", rawstr); + SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowbits.", rawstr); return -1; } const char *str_ptr; res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } fb_cmd_str = (char *)str_ptr; @@ -160,7 +160,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char if (ret == 3) { res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } fb_name = (char *)str_ptr; @@ -179,7 +179,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char } else if (strcmp(fb_cmd_str,"toggle") == 0) { fb_cmd = DETECT_FLOWBITS_CMD_TOGGLE; } else { - printf("ERROR: flowbits action \"%s\" is not supported.\n", fb_cmd_str); + SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str); goto error; } @@ -201,7 +201,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char cd = malloc(sizeof(DetectFlowbitsData)); if (cd == NULL) { - printf("DetectFlowbitsSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowbitsSetup malloc failed"); goto error; } diff --git a/src/detect-flowint.c b/src/detect-flowint.c index e5f9a24e2a..06705f320c 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -48,14 +48,14 @@ void DetectFlowintRegister(void) parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -214,14 +214,14 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 4) { - SCLogDebug("ERROR: \"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); + SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); return NULL; } /* Get our flowint varname */ res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectFlowintParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return NULL; } varname =(char *) str_ptr; @@ -229,7 +229,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, res = pcre_get_substring((char *) rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - SCLogDebug("DetectFlowintParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return NULL; } @@ -258,12 +258,14 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, if (strcmp("notset", str_ptr) == 0) modifier = FLOWINT_MODIFIER_NOTSET; - if (modifier == FLOWINT_MODIFIER_UNKNOWN) + if (modifier == FLOWINT_MODIFIER_UNKNOWN) { + SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown modifier"); goto error; + } sfd = malloc(sizeof(DetectFlowintData)); if (sfd == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowintSetup malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -273,7 +275,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, &str_ptr); varval =(char *) str_ptr; if (res < 0 || strcmp(varval,"") == 0) { - SCLogDebug("DetectFlowintParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); free(sfd); return NULL; } @@ -282,7 +284,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, *(it should be a value or another var) */ str = strdup(varval); if (str == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "DetectFlowintSetup malloc from strdup failed"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc from strdup failed"); goto error; } diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 6e3e154054..1af93d24cd 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -35,14 +35,14 @@ void DetectFlowvarRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -93,14 +93,14 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { - printf("ERROR: \"%s\" is not a valid setting for flowvar.\n", rawstr); + SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr); return -1; } const char *str_ptr; res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } varname = (char *)str_ptr; @@ -108,7 +108,7 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char if (ret > 2) { res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } varcontent = (char *)str_ptr; @@ -130,7 +130,7 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char cd = malloc(sizeof(DetectFlowvarData)); if (cd == NULL) { - printf("DetectFlowvarSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 729fb967c3..beedc7b53c 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -13,6 +13,7 @@ #include "detect-fragbits.h" #include "util-unittest.h" +#include "util-debug.h" /** * Regex @@ -54,14 +55,14 @@ void DetectFragBitsRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -143,6 +144,7 @@ static DetectFragBitsData *DetectFragBitsParse (char *rawstr) ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; } @@ -151,18 +153,21 @@ static DetectFragBitsData *DetectFragBitsParse (char *rawstr) res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr); if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[i] = (char *)str_ptr; } - if(args[1] == NULL) + if(args[1] == NULL) { + SCLogError(SC_ERR_INVALID_VALUE, "invalid value"); goto error; + } de = malloc(sizeof(DetectFragBitsData)); if (de == NULL) { - printf("DetectFragBitsSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); goto error; } diff --git a/src/detect-gid.c b/src/detect-gid.c index 2c15be2f75..7d6e58abba 100644 --- a/src/detect-gid.c +++ b/src/detect-gid.c @@ -13,6 +13,7 @@ #include "detect-gid.h" #include "util-unittest.h" +#include "util-debug.h" #define PARSE_REGEX "[0-9]+" @@ -39,14 +40,14 @@ void DetectGidRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -74,14 +75,14 @@ static uint32_t DetectGidParse (char *rawstr) uint32_t rc; ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); - if (ret < 1) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); return -1; } res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 0, &str_ptr); - if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index ea45fe1fa3..90a345010d 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -44,13 +44,13 @@ void DetectIcmpIdRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; diff --git a/src/detect-icode.c b/src/detect-icode.c index 24b021c229..6488ed3474 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -56,7 +56,7 @@ void DetectICodeRegister (void) { parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -125,7 +125,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) { ret = pcre_exec(parse_regex, parse_regex_study, icodestr, strlen(icodestr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { - SCLogError(SC_ERR_PCRE_MATCH, "DetectICodeParse: parse error"); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr); goto error; } @@ -134,7 +134,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) { for (i = 1; i < ret; i++) { res = pcre_get_substring((char *)icodestr, ov, MAX_SUBSTRINGS, i, &str_ptr); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "DetectICodeParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[i-1] = (char *)str_ptr; @@ -153,7 +153,7 @@ DetectICodeData *DetectICodeParse(char *icodestr) { if (strlen(args[0]) != 0) { /* we have a third part ("<> y"), therefore it's invalid */ if (args[2] != NULL) { - SCLogInfo("icode: invalid value"); + SCLogError(SC_ERR_INVALID_VALUE, "icode: invalid value"); goto error; } /* we have only a comparison ("<", ">") */ diff --git a/src/detect-id.c b/src/detect-id.c index 1f3cf51dc6..d814512b5a 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -52,18 +52,18 @@ void DetectIdRegister (void) { int eo; int opts = 0; - SCLogDebug("detect-id: Registering id rule option\n"); + SCLogDebug("registering id rule option"); parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s\n", + SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -125,8 +125,8 @@ DetectIdData *DetectIdParse (char *idstr) ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { - SCLogDebug("detect-id: invalid id option. The id option value must be" - " in the range %u - %u\n", + SCLogError(SC_ERR_PCRE_MATCH, "invalid id option. The id option value must be" + " in the range %u - %u", DETECT_IPID_MIN, DETECT_IPID_MAX); goto error; } @@ -139,14 +139,14 @@ DetectIdData *DetectIdParse (char *idstr) res = pcre_get_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectIdParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } /* We have a correct id option */ id_d = malloc(sizeof(DetectIdData)); if (id_d == NULL) { - SCLogDebug("DetectIdParse malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -163,8 +163,8 @@ DetectIdData *DetectIdParse (char *idstr) temp = atoi((char *)tmp_str); if (temp > DETECT_IPID_MAX) { - SCLogDebug("detect-id: \"id\" option must be in " - "the range %u - %u\n", + SCLogError(SC_ERR_INVALID_VALUE, "\"id\" option must be in " + "the range %u - %u", DETECT_IPID_MIN, DETECT_IPID_MAX); free(orig); diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index fea7dafe92..be8d89af1b 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -11,6 +11,8 @@ #include "flow-var.h" #include "decode-events.h" +#include "util-debug.h" + /* Need to get the DIpOpts[] array */ #define DETECT_EVENTS @@ -44,14 +46,14 @@ void DetectIpOptsRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -122,6 +124,7 @@ DetectIpOptsData *DetectIpOptsParse (char *rawstr) ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; } @@ -137,7 +140,7 @@ DetectIpOptsData *DetectIpOptsParse (char *rawstr) de = malloc(sizeof(DetectIpOptsData)); if (de == NULL) { - printf("DetectIpOptsSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index 0b37c3c8fa..0865e4c528 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -57,14 +57,14 @@ void DetectIPProtoRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("DetectIPProtoRegister: pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("DetectIPProtoRegister: pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -96,16 +96,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) ret = pcre_exec(parse_regex, parse_regex_study, optstr, strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { - printf("DetectIPProtoParse: parse error, ret %" PRId32 - ", string %s\n", ret, optstr); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, optstr); goto error; } for (i = 0; i < (ret - 1); i++) { res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS, i + 1, &str_ptr); if (res < 0) { - printf("DetectIPProtoParse: pcre_get_substring failed " - "for arg %d\n", i + 1); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[i] = (char *)str_ptr; @@ -114,7 +112,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) /* Initialize the data */ data = malloc(sizeof(DetectIPProtoData)); if (data == NULL) { - printf("DetectIPProtoParse: malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory"); goto error; } data->op = DETECT_IPPROTO_OP_EQ; @@ -129,14 +127,14 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) if (!isdigit(*(args[1]))) { struct protoent *pent = getprotobyname(args[1]); if (pent == NULL) { - printf("DetectIPProtoParse: Malformed protocol name: %s\n", str_ptr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed protocol name: %s", str_ptr); goto error; } data->proto = (uint8_t)pent->p_proto; } else { if (ByteExtractStringUint8(&data->proto, 10, 0, args[1]) <= 0) { - printf("DetectIPProtoParse: Malformed protocol number: %s\n", str_ptr); + SCLogError(SC_ERR_INVALID_VALUE, "Malformed protocol number: %s", str_ptr); goto error; } } diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index 76700c6722..bcaeef72e0 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -53,13 +53,13 @@ void DetectIsdataatRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -119,6 +119,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; } @@ -126,7 +127,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) const char *str_ptr; res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectIsdataatParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; @@ -135,7 +136,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) if (ret > 2) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectIsdataatParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; @@ -143,7 +144,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) if (ret > 3) { res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { - printf("DetectIsdataatParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; @@ -151,7 +152,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) idad = malloc(sizeof(DetectIsdataatData)); if (idad == NULL) { - printf("DetectIsdataatParse malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -161,7 +162,7 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr) if (args[0] != NULL) { if (ByteExtractStringUint16(&idad->dataat, 10, strlen(args[0]), args[0]) < 0 ) { - printf("detect-isdataat: DetectIsdataatParse: isdataat out of range\n"); + SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range"); free(idad); idad=NULL; goto error; @@ -221,7 +222,8 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha SCLogDebug("set it in the last parsed content because it is relative to that content match"); if( m == NULL ) { - printf("detect-isdataat: No previous content, the flag 'relative' cant be used without content\n"); + SCLogError(SC_ERR_INVALID_SIGNATURE, "No previous content, the flag " + "'relative' cant be used without content"); goto error; } else { SigMatch *pm = NULL; @@ -229,13 +231,13 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha * SigMatch (it can be the same as this one) */ pm = DetectContentFindPrevApplicableSM(m); if (pm == NULL) { - printf("DetectIsdataatSetup: Unknown previous keyword!\n"); + SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous keyword!"); return -1; } cd = (DetectContentData *)pm->ctx; if (cd == NULL) { - printf("DetectIsdataatSetup: Unknown previous keyword!\n"); + SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous keyword!"); return -1; } diff --git a/src/detect-itype.c b/src/detect-itype.c index ae460261fe..42ca09727e 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -56,7 +56,7 @@ void DetectITypeRegister (void) { parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -125,7 +125,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) { ret = pcre_exec(parse_regex, parse_regex_study, itypestr, strlen(itypestr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { - SCLogError(SC_ERR_PCRE_MATCH, "DetectITypeParse: parse error"); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr); goto error; } @@ -134,7 +134,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) { for (i = 1; i < ret; i++) { res = pcre_get_substring((char *)itypestr, ov, MAX_SUBSTRINGS, i, &str_ptr); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "DetectITypeParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[i-1] = (char *)str_ptr; @@ -153,7 +153,7 @@ DetectITypeData *DetectITypeParse(char *itypestr) { if (strlen(args[0]) != 0) { /* we have a third part ("<> y"), therefore it's invalid */ if (args[2] != NULL) { - SCLogInfo("itype: invalid value"); + SCLogError(SC_ERR_INVALID_VALUE, "itype: invalid value"); goto error; } /* we have only a comparison ("<", ">") */ diff --git a/src/detect-msg.c b/src/detect-msg.c index 8ca78ab4cd..61110e7453 100644 --- a/src/detect-msg.c +++ b/src/detect-msg.c @@ -40,7 +40,7 @@ int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *ms str[strlen(msgstr)-3] = '\0'; //printf("DetectMsgSetup: format hack applied: \'%s\'\n", str); } else { - printf("DetectMsgSetup: format error \'%s\'\n", msgstr); + SCLogError(SC_ERR_INVALID_VALUE, "format error \'%s\'", msgstr); goto error; } diff --git a/src/detect-noalert.c b/src/detect-noalert.c index 02fe4aa1c3..1505dc87c6 100644 --- a/src/detect-noalert.c +++ b/src/detect-noalert.c @@ -2,6 +2,7 @@ #include "suricata-common.h" #include "detect.h" +#include "util-debug.h" int DetectNoalertSetup (DetectEngineCtx *, Signature *, SigMatch *, char *); @@ -18,7 +19,7 @@ void DetectNoalertRegister (void) { int DetectNoalertSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr) { if (nullstr != NULL) { - printf("DetectNoalertSetup: nocase has no value\n"); + SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value"); return -1; } diff --git a/src/detect-nocase.c b/src/detect-nocase.c index 3541b78576..6ec9b04e04 100644 --- a/src/detect-nocase.c +++ b/src/detect-nocase.c @@ -9,6 +9,8 @@ #include "detect-uricontent.h" #include "detect-pcre.h" +#include "util-debug.h" + int DetectNocaseSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *depthstr); void DetectNocaseRegister (void) { @@ -27,7 +29,7 @@ int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char int ret = 0; if (nullstr != NULL) { - printf("DetectNocaseSetup: nocase has no value\n"); + SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value"); return -1; } diff --git a/src/detect-parse.c b/src/detect-parse.c index 96234d4c0f..3de59cd076 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -189,14 +189,14 @@ void SigParsePrepare(void) { config_pcre = pcre_compile(regexstr, opts, &eb, &eo, NULL); if(config_pcre == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb); exit(1); } config_pcre_extra = pcre_study(config_pcre, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); exit(1); } @@ -206,14 +206,14 @@ void SigParsePrepare(void) { option_pcre = pcre_compile(regexstr, opts, &eb, &eo, NULL); if(option_pcre == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb); exit(1); } option_pcre_extra = pcre_study(option_pcre, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); exit(1); } } @@ -236,7 +236,7 @@ int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *op * 4: keyword w value, more options coming */ if (ret != 2 && ret != 3 && ret != 4) { - printf("pcre_exec failed: ret %" PRId32 ", optstr \"%s\"\n", ret, optstr); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec failed: ret %" PRId32 ", optstr \"%s\"", ret, optstr); goto error; } diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 0606248336..f08783bf58 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -73,14 +73,14 @@ void DetectPcreRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -88,14 +88,14 @@ void DetectPcreRegister (void) { parse_capture_regex = pcre_compile(PARSE_CAPTURE_REGEX, opts, &eb, &eo, NULL); if(parse_capture_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_CAPTURE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb); goto error; } parse_capture_regex_study = pcre_study(parse_capture_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -251,6 +251,7 @@ DetectPcreData *DetectPcreParse (char *regexstr) ret = pcre_exec(parse_regex, parse_regex_study, regexstr+pos, slen-pos, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 0) { + SCLogError(SC_ERR_PCRE_MATCH, "parse error"); goto error; } @@ -258,7 +259,7 @@ DetectPcreData *DetectPcreParse (char *regexstr) const char *str_ptr; res = pcre_get_substring((char *)regexstr+pos, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectPcreParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return NULL; } re = (char *)str_ptr; @@ -266,7 +267,7 @@ DetectPcreData *DetectPcreParse (char *regexstr) if (ret > 2) { res = pcre_get_substring((char *)regexstr+pos, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectPcreParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return NULL; } op_ptr = op = (char *)str_ptr; @@ -276,7 +277,7 @@ DetectPcreData *DetectPcreParse (char *regexstr) pd = malloc(sizeof(DetectPcreData)); if (pd == NULL) { - printf("DetectPcreParse: malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } memset(pd, 0, sizeof(DetectPcreData)); @@ -325,7 +326,7 @@ DetectPcreData *DetectPcreParse (char *regexstr) pd->flags |= DETECT_PCRE_MATCH_LIMIT; break; default: - printf("DetectPcreParse: unknown regex modifier '%c'\n", *op); + SCLogError(SC_ERR_UNKNOWN_REGEX_MOD, "unknown regex modifier '%c'", *op); goto error; } op++; @@ -336,13 +337,13 @@ DetectPcreData *DetectPcreParse (char *regexstr) pd->re = pcre_compile(re, opts, &eb, &eo, NULL); if(pd->re == NULL) { - printf("DetectPcreParse: pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", regexstr, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", regexstr, eo, eb); goto error; } pd->sd = pcre_study(pd->re, 0, &eb); if(eb != NULL) { - printf("DetectPcreParse: pcre study failed : %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed : %s", eb); goto error; } @@ -406,12 +407,12 @@ DetectPcreData *DetectPcreParseCapture(char *regexstr, DetectEngineCtx *de_ctx, if (ret > 1) { res = pcre_get_substring((char *)regexstr, ov, MAX_SUBSTRINGS, 1, &type_str_ptr); if (res < 0) { - printf("DetectPcreParseCapture: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } res = pcre_get_substring((char *)regexstr, ov, MAX_SUBSTRINGS, 2, &capture_str_ptr); if (res < 0) { - printf("DetectPcreParseCapture: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } } diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 6eaa250c6e..22a5456fdd 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -34,14 +34,14 @@ void DetectPktvarRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -86,7 +86,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { - printf("ERROR: \"%s\" is not a valid setting for pktvar.\n", rawstr); + SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr); return -1; } @@ -94,7 +94,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char const char *str_ptr; res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } varname = (char *)str_ptr; @@ -102,7 +102,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char if (ret > 2) { res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectPcreSetup: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } varcontent = (char *)str_ptr; @@ -124,7 +124,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char cd = malloc(sizeof(DetectPktvarData)); if (cd == NULL) { - printf("DetectPktvarSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-priority.c b/src/detect-priority.c index 1dbbee320e..972b1df54d 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -37,14 +37,14 @@ void DetectPriorityRegister (void) regex = pcre_compile(DETECT_PRIORITY_REGEX, opts, &eb, &eo, NULL); if (regex == NULL) { - SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s", + SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", DETECT_PRIORITY_REGEX, eo, eb); goto end; } regex_study = pcre_study(regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto end; } @@ -62,14 +62,14 @@ int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30); if (ret < 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid Priority in Signature " + SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature " "- %s", rawstr); return -1; } ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &prio_str); if (ret < 0) { - SCLogInfo("pcre_get_substring() failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); return -1; } diff --git a/src/detect-rawbytes.c b/src/detect-rawbytes.c index 38ea421134..93658238c4 100644 --- a/src/detect-rawbytes.c +++ b/src/detect-rawbytes.c @@ -9,6 +9,8 @@ #include "detect-content.h" #include "detect-pcre.h" +#include "util-debug.h" + int DetectRawbytesSetup (DetectEngineCtx *, Signature *, SigMatch *, char *); void DetectRawbytesRegister (void) { @@ -27,7 +29,7 @@ int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha //printf("DetectRawbytesSetup: s->match:%p,m:%p\n", s->match, m); if (nullstr != NULL) { - printf("DetectRawbytesSetup: nocase has no value\n"); + SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value"); return -1; } @@ -44,10 +46,10 @@ int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, cha //printf("DetectRawbytesSetup: set nocase for previous content\n"); cd->flags |= DETECT_CONTENT_RAWBYTES; } else { - printf("DetectRawbytesSetup: Unknown previous keyword!\n"); + SCLogDebug("Unknown previous keyword!"); } } else { - printf("DetectRawbytesSetup: No previous match!\n"); + SCLogDebug("No previous match!"); } return 0; diff --git a/src/detect-rpc.c b/src/detect-rpc.c index 743a202a03..a277caefc0 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -52,14 +52,14 @@ void DetectRpcRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -150,14 +150,14 @@ DetectRpcData *DetectRpcParse (char *rpcstr) ret = pcre_exec(parse_regex, parse_regex_study, rpcstr, strlen(rpcstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { - SCLogDebug("DetectRpcParse: parse error, ret %" PRId32 ", string %s", ret, rpcstr); + SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr); goto error; } if (ret > 1) { const char *str_ptr; res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectRpcParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; @@ -165,7 +165,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr) if (ret > 2) { res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - SCLogDebug("DetectRpcParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; @@ -173,7 +173,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr) if (ret > 3) { res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { - SCLogDebug("DetectRpcParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; @@ -182,7 +182,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr) rd = malloc(sizeof(DetectRpcData)); if (rd == NULL) { - SCLogError(SC_ERR_MEM_ALLOC ,"DetectRpcParse malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC ,"malloc failed"); goto error; } rd->flags = 0; @@ -221,7 +221,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr) break; } } else { - SCLogDebug("invalid rpc option %s",args[i]); + SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]); goto error; } } diff --git a/src/detect-seq.c b/src/detect-seq.c index 20971b6813..46b735074b 100644 --- a/src/detect-seq.c +++ b/src/detect-seq.c @@ -21,6 +21,7 @@ #include "util-byte.h" #include "util-unittest.h" #include "util-unittest-helper.h" +#include "util-debug.h" static int DetectSeqSetup(DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr); @@ -85,7 +86,7 @@ static int DetectSeqSetup (DetectEngineCtx *de_ctx, Signature *s, data = malloc(sizeof(DetectSeqData)); if (data == NULL) { - printf("DetectSeqSetup: malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index 203353b97b..653b9d73ca 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -45,13 +45,13 @@ void DetectStreamSizeRegister(void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -182,7 +182,7 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) { ret = pcre_exec(parse_regex, parse_regex_study, streamstr, strlen(streamstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret != 4) { - SCLogDebug("DetectStreamSizeSetup: parse error, ret %" PRId32 "", ret); + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr); goto error; } @@ -190,28 +190,28 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) { res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } arg = (char *)str_ptr; res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } mode = (char *)str_ptr; res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { - SCLogDebug("DetectStreamSizeSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } value = (char *)str_ptr; sd = malloc(sizeof(DetectStreamSizeData)); if (sd == NULL) { - SCLogDebug("DetectStreamSizeSetup malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } sd->ssize = 0; @@ -227,6 +227,7 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) { else if (strcmp("!=", mode)) sd->mode = DETECTSSIZE_NEQ; else if (mode[0] == '=') sd->mode = DETECTSSIZE_EQ; else { + SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator"); goto error; } diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 688f1628ca..3cfa8873be 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -45,14 +45,14 @@ void DetectThresholdRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } @@ -112,12 +112,14 @@ static DetectThresholdData *DetectThresholdParse (char *rawstr) ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); - if (ret < 5) + if (ret < 5) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; + } de = malloc(sizeof(DetectThresholdData)); if (de == NULL) { - printf("DetectThresholdSetup malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -127,8 +129,10 @@ static DetectThresholdData *DetectThresholdParse (char *rawstr) res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr); - if (res < 0) + if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; + } args[i] = (char *)str_ptr; diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index af2e923f6c..d8b31fe37c 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -61,14 +61,14 @@ void DetectTlsVersionRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("Compile of \"%s\" failed at offset %" PRId32 ": %s", + SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -137,7 +137,7 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str) ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { - SCLogDebug("invalid tls.version option"); + SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option"); goto error; } @@ -147,14 +147,14 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str) char *tmp_str; res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectTlsVersionParse: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } /* We have a correct id option */ tls = malloc(sizeof(DetectTlsVersionData)); if (tls == NULL) { - SCLogDebug("DetectTlsVersionParse malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -174,6 +174,7 @@ DetectTlsVersionData *DetectTlsVersionParse (char *str) } else if (strcmp("1.2", tmp_str) == 0) { temp = TLS_VERSION_12; } else { + SCLogError(SC_ERR_INVALID_VALUE, "Invalid value"); goto error; } diff --git a/src/detect-ttl.c b/src/detect-ttl.c index de1820f14e..f0e9c20bfa 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -43,13 +43,13 @@ void DetectTtlRegister(void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -119,14 +119,14 @@ DetectTtlData *DetectTtlParse (char *ttlstr) { ret = pcre_exec(parse_regex, parse_regex_study, ttlstr, strlen(ttlstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 4) { - SCLogDebug("DetectTtlSetup: parse error, ret %" PRId32 "", ret); + SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; } const char *str_ptr; res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - SCLogDebug("DetectTtlSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } arg1 = (char *) str_ptr; @@ -134,7 +134,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) { res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - SCLogDebug("DetectTtlSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } arg2 = (char *) str_ptr; @@ -142,7 +142,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) { res = pcre_get_substring((char *) ttlstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { - SCLogDebug("DetectTtlSetup: pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } arg3 = (char *) str_ptr; @@ -150,7 +150,7 @@ DetectTtlData *DetectTtlParse (char *ttlstr) { ttld = malloc(sizeof (DetectTtlData)); if (ttld == NULL) { - SCLogDebug("DetectTtlSetup malloc failed"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } ttld->ttl1 = 0; diff --git a/src/detect-window.c b/src/detect-window.c index f69538041b..9761bdb99b 100644 --- a/src/detect-window.c +++ b/src/detect-window.c @@ -53,14 +53,14 @@ void DetectWindowRegister (void) { parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); if(parse_regex == NULL) { - printf("pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); + SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); goto error; } parse_regex_study = pcre_study(parse_regex, 0, &eb); if(eb != NULL) { - printf("pcre study failed: %s\n", eb); + SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); goto error; } return; @@ -114,12 +114,13 @@ DetectWindowData *DetectWindowParse(char *windowstr) { ret = pcre_exec(parse_regex, parse_regex_study, windowstr, strlen(windowstr), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { + SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr); goto error; } wd = malloc(sizeof(DetectWindowData)); if (wd == NULL) { - printf("DetectWindowParse malloc failed\n"); + SCLogError(SC_ERR_MEM_ALLOC, "malloc failed"); goto error; } @@ -128,7 +129,7 @@ DetectWindowData *DetectWindowParse(char *windowstr) { const char *str_ptr; res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { - printf("DetectWindowParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; @@ -141,7 +142,7 @@ DetectWindowData *DetectWindowParse(char *windowstr) { if (ret > 2) { res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { - printf("DetectWindowParse: pcre_get_substring failed\n"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } diff --git a/src/util-error.c b/src/util-error.c index 7efea5e4a1..72ee54e1ce 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -71,8 +71,11 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_DEPTH_MISSING_CONTENT); CASE_CODE (SC_ERR_OFFSET_MISSING_CONTENT); CASE_CODE (SC_ERR_NO_URICONTENT_NEGATION); + CASE_CODE (SC_ERR_HASH_TABLE_INIT); + CASE_CODE (SC_ERR_STAT); CASE_CODE (SC_ERR_LOGDIR_CONFIG); CASE_CODE (SC_ERR_LOGDIR_CMDLINE); + CASE_CODE (SC_ERR_RADIX_TREE_GENERIC); CASE_CODE (SC_ERR_MISSING_QUOTE); CASE_CODE (SC_ERR_UNKNOWN_PROTOCOL); CASE_CODE (SC_ERR_UNKNOWN_RUN_MODE); @@ -88,6 +91,10 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_BPF); CASE_CODE (SC_ERR_PCAP_DISPATCH); CASE_CODE (SC_ERR_MISSING_CONFIG_PARAM); + CASE_CODE (SC_ERR_UNKNOWN_VALUE); + CASE_CODE (SC_ERR_INVALID_VALUE); + CASE_CODE (SC_ERR_UNKNOWN_REGEX_MOD); + CASE_CODE (SC_ERR_INVALID_OPERATOR); default: return "UNKNOWN_ERROR"; } diff --git a/src/util-error.h b/src/util-error.h index 760b6a39d1..dc032bc59a 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -110,6 +110,10 @@ typedef enum { SC_ERR_BPF, SC_ERR_PCAP_DISPATCH, SC_ERR_BYTE_EXTRACT_FAILED, + SC_ERR_UNKNOWN_VALUE, + SC_ERR_INVALID_VALUE, + SC_ERR_UNKNOWN_REGEX_MOD, + SC_ERR_INVALID_OPERATOR, } SCError; const char *SCErrorToString(SCError);