alert-debug: print flowbit names from VarNameStore

8 years ago · e95a0c1344
parent 22f3205664
commit e95a0c1344
3 changed files with 8 additions and 104 deletions
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@ -78,7 +78,14 @@ static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, const Packet *p)
    const GenericVar *gv = p->flow->flowvar;
    uint16_t i;
    while (gv != NULL) {
-        if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
+        if (gv->type == DETECT_FLOWBITS) {
+            FlowBit *fb = (FlowBit *)gv;
+            const char *fbname = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
+            if (fbname) {
+                MemBufferWriteString(aft->buffer, "FLOWBIT:           %s\n",
+                        fbname);
+            }
+        } else if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
            FlowVar *fv = (FlowVar *) gv;

            if (fv->datatype == FLOWVAR_TYPE_STR) {
@ -102,32 +109,6 @@ static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, const Packet *p)
    }
 }

-/**
- *  \brief Function to log the FlowBits in to alert-debug.log
- *
- *  \param aft Pointer to AltertDebugLog Thread
- *  \param p Pointer to the packet
- *
- *  \todo const Packet ptr, requires us to change the
- *        debuglog_flowbits_names logic.
- */
-static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p)
-{
-    int i;
-    for (i = 0; i < p->debuglog_flowbits_names_len; i++) {
-        if (p->debuglog_flowbits_names[i] != NULL) {
-            MemBufferWriteString(aft->buffer, "FLOWBIT:           %s\n",
-                                 p->debuglog_flowbits_names[i]);
-        }
-    }
-
-    SCFree(p->debuglog_flowbits_names);
-    p->debuglog_flowbits_names = NULL;
-    p->debuglog_flowbits_names_len = 0;
-
-    return;
-}
-
 /**
 *  \brief Function to log the PktVars in to alert-debug.log
 *
@ -237,7 +218,6 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da
                             applayer ? "TRUE" : "FALSE",
                             (p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
        AlertDebugLogFlowVars(aft, p);
-        AlertDebugLogFlowBits(aft, (Packet *)p); /* < no const */
    }

    AlertDebugLogPktVars(aft, p);
--- a/src/decode.h
+++ b/src/decode.h
@ -552,10 +552,6 @@ typedef struct Packet_
    /** data linktype in host order */
    int datalink;

-    /* used to hold flowbits only if debuglog is enabled */
-    int debuglog_flowbits_names_len;
-    const char **debuglog_flowbits_names;
-
    /* tunnel/encapsulation handling */
    struct Packet_ *root; /* in case of tunnel this is a ptr
                           * to the 'real' packet, the one we
--- a/src/detect.c
+++ b/src/detect.c
@ -856,72 +856,6 @@ static void DebugInspectIds(Packet *p, Flow *f, StreamMsg *smsg)
 }
 #endif

-static void AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(Packet *p, DetectEngineCtx *de_ctx)
-{
-#define MALLOC_JUMP 5
-
-    int i = 0;
-
-    GenericVar *gv = p->flow->flowvar;
-
-    while (gv != NULL) {
-        i++;
-        gv = gv->next;
-    }
-    if (i == 0)
-        return;
-
-    p->debuglog_flowbits_names_len = i;
-
-    p->debuglog_flowbits_names = SCMalloc(sizeof(char *) *
-                                          p->debuglog_flowbits_names_len);
-    if (p->debuglog_flowbits_names == NULL) {
-        return;
-    }
-    memset(p->debuglog_flowbits_names, 0,
-           sizeof(char *) * p->debuglog_flowbits_names_len);
-
-    i = 0;
-    gv = p->flow->flowvar;
-    while (gv != NULL) {
-        if (gv->type != DETECT_FLOWBITS) {
-            gv = gv->next;
-            continue;
-        }
-
-        FlowBit *fb = (FlowBit *) gv;
-        const char *name = VarNameStoreLookupById(fb->idx, VAR_TYPE_FLOW_BIT);
-        if (name != NULL) {
-            p->debuglog_flowbits_names[i] = SCStrdup(name);
-            if (p->debuglog_flowbits_names[i] == NULL) {
-                return;
-            }
-            i++;
-        }
-
-        if (i == p->debuglog_flowbits_names_len) {
-            p->debuglog_flowbits_names_len += MALLOC_JUMP;
-            const char **names = SCRealloc(p->debuglog_flowbits_names,
-                                                   sizeof(char *) *
-                                                   p->debuglog_flowbits_names_len);
-            if (names == NULL) {
-                SCFree(p->debuglog_flowbits_names);
-                p->debuglog_flowbits_names = NULL;
-                p->debuglog_flowbits_names_len = 0;
-                return;
-            }
-            p->debuglog_flowbits_names = names;
-            memset(p->debuglog_flowbits_names +
-                   p->debuglog_flowbits_names_len - MALLOC_JUMP,
-                   0, sizeof(char *) * MALLOC_JUMP);
-        }
-
-        gv = gv->next;
-    }
-
-    return;
-}
-
 static inline void
 DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask)
 {
@ -1582,12 +1516,6 @@ end:
     * up again for the next packet. Also return any stream chunk we processed
     * to the pool. */
    if (p->flags & PKT_HAS_FLOW) {
-        if (debuglog_enabled) {
-            if (p->alerts.cnt > 0) {
-                AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(p, de_ctx);
-            }
-        }
-
        /* HACK: prevent the wrong sgh (or NULL) from being stored in the
         * flow's sgh pointers */
        if (PKT_IS_ICMPV4(p) && ICMPV4_DEST_UNREACH_IS_VALID(p)) {