From e95a0c13447a2241a7f4e34c0c080bc6c421b02c Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 21 Oct 2016 18:19:14 +0200
Subject: [PATCH] alert-debug: print flowbit names from VarNameStore

---
 src/alert-debuglog.c | 36 +++++-----------------
 src/decode.h         |  4 ---
 src/detect.c         | 72 --------------------------------------------
 3 files changed, 8 insertions(+), 104 deletions(-)

diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index 267b8eb811..0ffbaa91f7 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -78,7 +78,14 @@ static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, const Packet *p)
     const GenericVar *gv = p->flow->flowvar;
     uint16_t i;
     while (gv != NULL) {
-        if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
+        if (gv->type == DETECT_FLOWBITS) {
+            FlowBit *fb = (FlowBit *)gv;
+            const char *fbname = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
+            if (fbname) {
+                MemBufferWriteString(aft->buffer, "FLOWBIT:           %s\n",
+                        fbname);
+            }
+        } else if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
             FlowVar *fv = (FlowVar *) gv;
 
             if (fv->datatype == FLOWVAR_TYPE_STR) {
@@ -102,32 +109,6 @@ static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, const Packet *p)
     }
 }
 
-/**
- *  \brief Function to log the FlowBits in to alert-debug.log
- *
- *  \param aft Pointer to AltertDebugLog Thread
- *  \param p Pointer to the packet
- *
- *  \todo const Packet ptr, requires us to change the
- *        debuglog_flowbits_names logic.
- */
-static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p)
-{
-    int i;
-    for (i = 0; i < p->debuglog_flowbits_names_len; i++) {
-        if (p->debuglog_flowbits_names[i] != NULL) {
-            MemBufferWriteString(aft->buffer, "FLOWBIT:           %s\n",
-                                 p->debuglog_flowbits_names[i]);
-        }
-    }
-
-    SCFree(p->debuglog_flowbits_names);
-    p->debuglog_flowbits_names = NULL;
-    p->debuglog_flowbits_names_len = 0;
-
-    return;
-}
-
 /**
  *  \brief Function to log the PktVars in to alert-debug.log
  *
@@ -237,7 +218,6 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da
                              applayer ? "TRUE" : "FALSE",
                              (p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
         AlertDebugLogFlowVars(aft, p);
-        AlertDebugLogFlowBits(aft, (Packet *)p); /* < no const */
     }
 
     AlertDebugLogPktVars(aft, p);
diff --git a/src/decode.h b/src/decode.h
index d11b1cf931..d034df0c24 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -552,10 +552,6 @@ typedef struct Packet_
     /** data linktype in host order */
     int datalink;
 
-    /* used to hold flowbits only if debuglog is enabled */
-    int debuglog_flowbits_names_len;
-    const char **debuglog_flowbits_names;
-
     /* tunnel/encapsulation handling */
     struct Packet_ *root; /* in case of tunnel this is a ptr
                            * to the 'real' packet, the one we
diff --git a/src/detect.c b/src/detect.c
index bbfa9ab94b..a3441cefcf 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -856,72 +856,6 @@ static void DebugInspectIds(Packet *p, Flow *f, StreamMsg *smsg)
 }
 #endif
 
-static void AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(Packet *p, DetectEngineCtx *de_ctx)
-{
-#define MALLOC_JUMP 5
-
-    int i = 0;
-
-    GenericVar *gv = p->flow->flowvar;
-
-    while (gv != NULL) {
-        i++;
-        gv = gv->next;
-    }
-    if (i == 0)
-        return;
-
-    p->debuglog_flowbits_names_len = i;
-
-    p->debuglog_flowbits_names = SCMalloc(sizeof(char *) *
-                                          p->debuglog_flowbits_names_len);
-    if (p->debuglog_flowbits_names == NULL) {
-        return;
-    }
-    memset(p->debuglog_flowbits_names, 0,
-           sizeof(char *) * p->debuglog_flowbits_names_len);
-
-    i = 0;
-    gv = p->flow->flowvar;
-    while (gv != NULL) {
-        if (gv->type != DETECT_FLOWBITS) {
-            gv = gv->next;
-            continue;
-        }
-
-        FlowBit *fb = (FlowBit *) gv;
-        const char *name = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
-        if (name != NULL) {
-            p->debuglog_flowbits_names[i] = SCStrdup(name);
-            if (p->debuglog_flowbits_names[i] == NULL) {
-                return;
-            }
-            i++;
-        }
-
-        if (i == p->debuglog_flowbits_names_len) {
-            p->debuglog_flowbits_names_len += MALLOC_JUMP;
-            const char **names = SCRealloc(p->debuglog_flowbits_names,
-                                                   sizeof(char *) *
-                                                   p->debuglog_flowbits_names_len);
-            if (names == NULL) {
-                SCFree(p->debuglog_flowbits_names);
-                p->debuglog_flowbits_names = NULL;
-                p->debuglog_flowbits_names_len = 0;
-                return;
-            }
-            p->debuglog_flowbits_names = names;
-            memset(p->debuglog_flowbits_names +
-                   p->debuglog_flowbits_names_len - MALLOC_JUMP,
-                   0, sizeof(char *) * MALLOC_JUMP);
-        }
-
-        gv = gv->next;
-    }
-
-    return;
-}
-
 static inline void
 DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask)
 {
@@ -1582,12 +1516,6 @@ end:
      * up again for the next packet. Also return any stream chunk we processed
      * to the pool. */
     if (p->flags & PKT_HAS_FLOW) {
-        if (debuglog_enabled) {
-            if (p->alerts.cnt > 0) {
-                AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(p, de_ctx);
-            }
-        }
-
         /* HACK: prevent the wrong sgh (or NULL) from being stored in the
          * flow's sgh pointers */
         if (PKT_IS_ICMPV4(p) && ICMPV4_DEST_UNREACH_IS_VALID(p)) {