1 /*
2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 **
4 ** This program is free software; you can redistribute it and/or modify
5 ** it under the terms of the GNU General Public License Version 2 as
6 ** published by the Free Software Foundation. You may not use, modify or
7 ** distribute this program under any other version of the GNU General
8 ** Public License.
9 **
10 ** This program is distributed in the hope that it will be useful,
11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 ** GNU General Public License for more details.
14 **
15 ** You should have received a copy of the GNU General Public License
16 ** along with this program; if not, write to the Free Software
17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 **
19 ** DESCRIPTION:
20 ** Enables packet tracing to log verdicts from preprocessors.
21 */
22
23 #include <stdbool.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include "sf_types.h"
27 #include "decode.h"
28 #include "util.h"
29 #include "session_api.h"
30 #include "active.h"
31 #include "pkt_tracer.h"
32 #include "preprocessors/Session/session_common.h"
33
34 Verdict_Reason verdict_reason = VERDICT_REASON_NO_BLOCK; // preproc# causing a packet drop
35 volatile int pkt_trace_cli_flag; // set by message socket
36 bool pkt_trace_enabled; // set by pktTracerDebugCheck
37 char trace_line[MAX_TRACE_LINE]; // used by preproc to write a trace
38
39 #define MAX_TRACE_SIZE 2048
40 #define DEBUG_SESSION_ID_SIZE (39+1+5+4+39+1+5+1+3+1+1+1+2+1+10+1+1+1+10+1)
41 typedef struct _DebugSessionConstraints
42 {
43 uint16_t trace_version;
44 struct in6_addr sip;
45 int sip_flag;
46 struct in6_addr dip;
47 int dip_flag;
48 uint16_t sport;
49 uint16_t dport;
50 uint8_t protocol;
51 } DebugSessionConstraints;
52
53 static bool alreadySentTrace;
54 static bool pkt_trace_enabled_by_lina;
55 static bool pkt_trace_enabled_by_clish_bk;
56 static bool pkt_trace_enabled_by_clish;
57 static DebugSessionConstraints pkt_tracer_debug_info;
58 static char pkt_tracer_debug_session[DEBUG_SESSION_ID_SIZE];
59 static char pkt_tracer_debug_session_bk[DEBUG_SESSION_ID_SIZE];
60 static char pktTraceData[MAX_TRACE_SIZE];
61 static uint32_t pktTraceDataLen = 0;
62 static bool first_trace_line = true;
63 static bool trace_line_info_received = false;
64 static bool trace_line_appid_received = false;
65
66 // Handling the special case when SSL blocks a packet before snort gets it
67 static bool snort_received_packet = false;
68 static bool ssl_callback_before_snort = false;
69
debugParse(const char * desc,const uint8_t * data,uint32_t length,volatile int * debug_flag,DebugSessionConstraints * info)70 static inline void debugParse(const char *desc, const uint8_t *data, uint32_t length,
71 volatile int *debug_flag, DebugSessionConstraints *info)
72 {
73 *debug_flag = 0;
74 memset(info, 0, sizeof(*info));
75 do
76 {
77 if (length >= sizeof(info->trace_version))
78 {
79 memcpy(&info->trace_version, data, sizeof(info->trace_version));
80 length -= sizeof(info->trace_version);
81 data += sizeof(info->trace_version);
82 if (info->trace_version != 1) // 'system support trace' version 1 takes five tuples as input
83 break;
84 }
85 else
86 break;
87
88 if (length >= sizeof(info->protocol))
89 {
90 info->protocol = *data;
91 length -= sizeof(info->protocol);
92 data += sizeof(info->protocol);
93 }
94 else
95 break;
96
97 if (length >= sizeof(info->sip))
98 {
99
100 memcpy(&info->sip, data, sizeof(info->sip));
101 if (info->sip.s6_addr32[1] || info->sip.s6_addr32[2] || info->sip.s6_addr32[3])
102 info->sip_flag = 1;
103 else if (info->sip.s6_addr32[0])
104 {
105 info->sip.s6_addr32[3] = info->sip.s6_addr32[0];
106 info->sip.s6_addr32[0] = 0;
107 info->sip.s6_addr16[5] = 0xFFFF;
108 info->sip_flag = 1;
109 }
110 length -= sizeof(info->sip);
111 data += sizeof(info->sip);
112 }
113 else
114 break;
115
116 if (length >= sizeof(info->sport))
117 {
118 memcpy(&info->sport, data, sizeof(info->sport));
119 length -= sizeof(info->sport);
120 data += sizeof(info->sport);
121 }
122 else
123 break;
124
125 if (length >= sizeof(info->dip))
126 {
127 memcpy(&info->dip, data, sizeof(info->dip));
128 if (info->dip.s6_addr32[1] || info->dip.s6_addr32[2] || info->dip.s6_addr32[3])
129 info->dip_flag = 1;
130 else if (info->dip.s6_addr32[0])
131 {
132 info->dip.s6_addr32[3] = info->dip.s6_addr32[0];
133 info->dip.s6_addr32[0] = 0;
134 info->dip.s6_addr16[5] = 0xFFFF;
135 info->dip_flag = 1;
136 }
137 length -= sizeof(info->dip);
138 data += sizeof(info->dip);
139 }
140 else
141 break;
142
143 if (length >= sizeof(info->dport))
144 {
145 memcpy(&info->dport, data, sizeof(info->dport));
146 length -= sizeof(info->dport);
147 data += sizeof(info->dport);
148 }
149 else
150 break;
151 } while (0);
152
153 if (info->protocol || info->sip_flag || info->sport || info->dip_flag || info->dport)
154 {
155 int saf;
156 int daf;
157 char sipstr[INET6_ADDRSTRLEN];
158 char dipstr[INET6_ADDRSTRLEN];
159
160 if (!info->sip.s6_addr32[0] && !info->sip.s6_addr32[0] && !info->sip.s6_addr16[4] &&
161 info->sip.s6_addr16[5] == 0xFFFF)
162 {
163 saf = AF_INET;
164 }
165 else
166 saf = AF_INET6;
167 if (!info->dip.s6_addr32[0] && !info->dip.s6_addr32[0] && !info->dip.s6_addr16[4] &&
168 info->dip.s6_addr16[5] == 0xFFFF)
169 {
170 daf = AF_INET;
171 }
172 else
173 daf = AF_INET6;
174 if (!info->sip_flag)
175 saf = daf;
176 if (!info->dip_flag)
177 daf = saf;
178 sipstr[0] = 0;
179 inet_ntop(saf, saf == AF_INET ? &info->sip.s6_addr32[3] : info->sip.s6_addr32, sipstr, sizeof(sipstr));
180 dipstr[0] = 0;
181 inet_ntop(daf, daf == AF_INET ? &info->dip.s6_addr32[3] : info->dip.s6_addr32, dipstr, sizeof(dipstr));
182 LogMessage("Debugging %s with %s-%u and %s-%u %u\n", desc,
183 sipstr, (unsigned)info->sport,
184 dipstr, (unsigned)info->dport,
185 (unsigned)info->protocol);
186 *debug_flag = 1;
187 }
188 else
189 LogMessage("Debugging %s disabled\n", desc);
190 }
191
DebugPktTracer(uint16_t type,const uint8_t * data,uint32_t length,void ** new_context,char * statusBuf,int statusBuf_len)192 int DebugPktTracer(uint16_t type, const uint8_t *data, uint32_t length, void **new_context,
193 char* statusBuf, int statusBuf_len)
194 {
195 debugParse("packet-tracer", data, length, &pkt_trace_cli_flag, &pkt_tracer_debug_info);
196 return 0;
197 }
198
pktTracerDebugCheck(Packet * p)199 bool pktTracerDebugCheck(Packet* p)
200 {
201 #if defined(HAVE_DAQ_EXT_MODFLOW) && defined(HAVE_DAQ_PKT_TRACE)
202 if (p && p->pkth && p->pkth->flags & DAQ_PKT_FLAG_TRACE_ENABLED)
203 {
204 pkt_trace_enabled_by_lina = true;
205 }
206 else
207 pkt_trace_enabled_by_lina = false;
208 #else
209 pkt_trace_enabled_by_lina = false;
210 #endif
211 pkt_trace_enabled_by_clish = false;
212
213 if (!pkt_trace_cli_flag || !p || !(p->iph_api))
214 return pkt_trace_enabled_by_lina;
215
216 sfaddr_t *src = GET_SRC_IP(p);
217 sfaddr_t *dst = GET_DST_IP(p);
218 uint16_t sport = p->sp;
219 uint16_t dport = p->dp;
220 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
221 uint16_t sAsId = DAQ_GetSourceAddressSpaceID(p->pkth);
222 uint16_t dAsId = DAQ_GetDestinationAddressSpaceID(p->pkth);
223 #endif
224
225 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
226 uint32_t cid = GET_OUTER_IPH_PROTOID(p, pkth);
227 #endif
228
229 uint8_t protocol = GET_IPH_PROTO(p);
230 switch (protocol)
231 {
232 case IPPROTO_TCP:
233 case IPPROTO_UDP:
234 break;
235 case IPPROTO_ICMP:
236 if (sport == ICMP_ECHOREPLY)
237 {
238 dport = ICMP_ECHO; /* Treat ICMP echo reply the same as request */
239 sport = 0;
240 }
241 else /* otherwise, every ICMP type gets different key */
242 dport = 0;
243 break;
244 case IPPROTO_ICMPV6:
245 if (sport == ICMP6_REPLY)
246 {
247 dport = ICMP6_ECHO; /* Treat ICMPv6 echo reply the same as request */
248 sport = 0;
249 }
250 else /* otherwise, every ICMP type gets different key */
251 dport = 0;
252 break;
253 default:
254 sport = dport = 0;
255 break;
256 }
257
258 if ((!pkt_tracer_debug_info.protocol || pkt_tracer_debug_info.protocol == protocol) &&
259 (((!pkt_tracer_debug_info.sport || pkt_tracer_debug_info.sport == sport) &&
260 (!pkt_tracer_debug_info.sip_flag || memcmp(&pkt_tracer_debug_info.sip, src, sizeof(pkt_tracer_debug_info.sip)) == 0) &&
261 (!pkt_tracer_debug_info.dport || pkt_tracer_debug_info.dport == dport) &&
262 (!pkt_tracer_debug_info.dip_flag || memcmp(&pkt_tracer_debug_info.dip, dst, sizeof(pkt_tracer_debug_info.dip)) == 0)) ||
263 ((!pkt_tracer_debug_info.sport || pkt_tracer_debug_info.sport == dport) &&
264 (!pkt_tracer_debug_info.sip_flag || memcmp(&pkt_tracer_debug_info.sip, dst, sizeof(pkt_tracer_debug_info.sip)) == 0) &&
265 (!pkt_tracer_debug_info.dport || pkt_tracer_debug_info.dport == sport) &&
266 (!pkt_tracer_debug_info.dip_flag || memcmp(&pkt_tracer_debug_info.dip, src, sizeof(pkt_tracer_debug_info.dip)) == 0))))
267 {
268 int af;
269 const struct in6_addr* sip = (const struct in6_addr*)src;
270 const struct in6_addr* dip = (const struct in6_addr*)dst;
271 unsigned offset;
272 char sipstr[INET6_ADDRSTRLEN];
273 char dipstr[INET6_ADDRSTRLEN];
274
275 sipstr[0] = 0;
276 if (sip->s6_addr32[0] || sip->s6_addr32[1] || sip->s6_addr16[4] || (sip->s6_addr16[5] && sip->s6_addr16[5] != 0xFFFF))
277 {
278 af = AF_INET6;
279 offset = 0;
280 }
281 else
282 {
283 af = AF_INET;
284 offset = 12;
285 }
286 inet_ntop(af, &sip->s6_addr[offset], sipstr, sizeof(sipstr));
287 dipstr[0] = 0;
288 if (dip->s6_addr32[0] || dip->s6_addr32[1] || dip->s6_addr16[4] || (dip->s6_addr16[5] && dip->s6_addr16[5] != 0xFFFF))
289 {
290 af = AF_INET6;
291 offset = 0;
292 }
293 else
294 {
295 af = AF_INET;
296 offset = 12;
297 }
298 inet_ntop(af, &dip->s6_addr[offset], dipstr, sizeof(dipstr));
299 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
300 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
301 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u AS %u-%u CID %u",
302 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)protocol,
303 sAsId, dAsId, (unsigned)cid);
304 #else
305 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u CID %u",
306 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)protocol, (unsigned)cid);
307 #endif
308 #else /* No Carrier id */
309 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
310 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u AS %u-%u",
311 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)protocol,
312 sAsId, dAsId);
313 #else
314 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u",
315 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)protocol);
316 #endif
317 #endif
318 pkt_trace_enabled_by_clish = true;
319 return true;
320 }
321 return pkt_trace_enabled_by_lina;
322 }
323
324 // Get name-string from DAQ_Verdict (must sync with DAQ_Verdict defined at daq_common.h)
getVerdictStr(DAQ_Verdict vd)325 static char* getVerdictStr(DAQ_Verdict vd)
326 {
327 static char* vName[] = {"PASS", "BLOCK", "REPLACE", "WHITELIST", "BLACKLIST",
328 "IGNORE", "RETRY", "Error in reading verdict!"};
329
330 if (vd > MAX_DAQ_VERDICT)
331 vd = MAX_DAQ_VERDICT;
332 return vName[vd];
333 }
334
335 // Get name-string from Verdict_Reason (must sync with Verdict_Reason defined at sf_dynamic_common.h)
getModuleStr(Verdict_Reason module)336 static char* getModuleStr(Verdict_Reason module)
337 {
338 static char* mName[] = {"Packet Information", "Session String", "None", "a module", "DAQ Retry", "Snort",
339 "AppID", "SSL", "Firewall", "Captive Portal", "Safe Search", "SI", "Prefilter", "FTP",
340 "Stream", "Session", "Defragmentation", "Snort React", "Snort Response", "SI/Reputation",
341 "X-Link2State", "Back Orifice", "SMB", "File Process", "IPS", "Snort - Fast-Block"};
342
343 if (module >= MAX_VERDICT_REASON)
344 module = VERDICT_REASON_UNKNOWN;
345 return mName[module];
346 }
347
348 // If enabled by Lina, add trace_line to pktTraceData buffer, else print to /var/log/message
addPktTraceData(int reason,int traceLen)349 void addPktTraceData(int reason, int traceLen)
350 {
351 Verdict_Reason module = (Verdict_Reason) reason;
352 if (!snort_received_packet && module == VERDICT_REASON_SFSSL)
353 ssl_callback_before_snort = true; // used in addPktTraceInfo on receiving packet by snort
354 else if (module == VERDICT_REASON_INFO)
355 {
356 if (trace_line_info_received) return; // records only one packet info trace
357 else trace_line_info_received = true;
358 }
359 else if (module == VERDICT_REASON_APPID)
360 {
361 if (trace_line_appid_received) return; // records only one appid trace
362 else trace_line_appid_received = true;
363 }
364 else if (module > VERDICT_REASON_NO_BLOCK &&
365 (verdict_reason == VERDICT_REASON_NO_BLOCK || module == VERDICT_REASON_SI))
366 verdict_reason = module; // records the first blocking module and any subsequent blocking from SI
367
368 if (traceLen <= 0) return;
369
370 if (pkt_trace_enabled_by_clish) // tracing enabled by 'system support tracer'
371 {
372 if (first_trace_line)
373 {
374 first_trace_line = false;
375 LogMessage("PktTracerDbg \n"); // empty line
376 }
377 LogMessage("PktTracerDbg %s %s\n", pkt_tracer_debug_session, trace_line);
378 }
379 if (pkt_trace_enabled_by_lina) // tracing enabled by Lina flag
380 {
381 if (pktTraceDataLen + traceLen >= MAX_TRACE_SIZE)
382 {
383 LogMessage("Packet trace buffer is full; logging skipped!\n");
384 return;
385 }
386 strncat(pktTraceData, trace_line, traceLen);
387 pktTraceDataLen += traceLen;
388 pktTraceData[MAX_TRACE_SIZE-1] = '\0';
389 }
390 }
391
392 // Writes pktTraceData buffer into PDTS or /var/log/message
writePktTraceData(DAQ_Verdict verdict,unsigned int napId,unsigned int ipsId,const Packet * p)393 void writePktTraceData(DAQ_Verdict verdict, unsigned int napId, unsigned int ipsId, const Packet* p)
394 {
395 uint32_t snortId = (snort_conf->event_log_id >> 16);
396 alreadySentTrace = false;
397
398 if (p->packet_flags & PKT_FAST_BLOCK)
399 verdict_reason = VERDICT_REASON_FASTBLOCK;
400
401 if (pkt_trace_enabled_by_clish)
402 {
403 LogMessage("PktTracerDbg %s Snort id %u, NAP id %u, IPS id %u, Verdict %s\n",
404 pkt_tracer_debug_session, snortId, napId, ipsId, getVerdictStr(verdict));
405 if (verdict_reason != VERDICT_REASON_NO_BLOCK)
406 LogMessage("PktTracerDbg %s ===> Blocked by %s\n", pkt_tracer_debug_session, getModuleStr(verdict_reason));
407 }
408 #if defined(HAVE_DAQ_EXT_MODFLOW) && defined(HAVE_DAQ_PKT_TRACE)
409 if (pkt_trace_enabled_by_lina)
410 {
411 int len;
412 if (pktTraceDataLen >= MAX_TRACE_SIZE)
413 len = 0;
414 else if (verdict_reason == VERDICT_REASON_NO_BLOCK)
415 len = snprintf(pktTraceData+pktTraceDataLen, MAX_TRACE_SIZE - pktTraceDataLen, "Snort id %u, NAP id %u, IPS id %u, Verdict %s\n",
416 snortId, napId, ipsId, getVerdictStr(verdict));
417 else
418 len = snprintf(pktTraceData+pktTraceDataLen, MAX_TRACE_SIZE - pktTraceDataLen, "Snort id %u, NAP id %u, IPS id %u, Verdict %s, %s %s\n",
419 snortId, napId, ipsId, getVerdictStr(verdict), "Blocked by", getModuleStr(verdict_reason));
420 if (len > 0)
421 {
422 pktTraceDataLen += len;
423 if (pktTraceDataLen >= MAX_TRACE_SIZE)
424 pktTraceDataLen = MAX_TRACE_SIZE-1;
425 pktTraceData[MAX_TRACE_SIZE-1] = '\0';
426 }
427 // Send to DAQ
428 DAQ_ModFlow_t mod;
429 DAQ_ModFlowPktTrace_t mod_tr;
430 mod_tr.vreason = (uint8_t) verdict_reason;
431 mod_tr.pkt_trace_data_len = pktTraceDataLen+1; // accounting '\0'
432 mod_tr.pkt_trace_data = (uint8_t *) pktTraceData;
433 mod.type = DAQ_MODFLOW_TYPE_PKT_TRACE;
434 mod.length = sizeof(DAQ_ModFlowPktTrace_t);
435 mod.value = (void *) &mod_tr;
436 DAQ_ModifyFlow(p->pkth, &mod);
437 if (pkt_trace_enabled_by_clish) // troubleshooting message in CLISH
438 LogMessage("PktTracerDbg Trace buffer and verdict reason are sent to DAQ\n");
439 if (verdict_reason != VERDICT_REASON_NO_BLOCK)
440 alreadySentTrace = true;
441 }
442 #endif
443
444 // re-initialize after writing each packet trace
445 pktTraceData[0] = '\0';
446 pktTraceDataLen = 0;
447 trace_line_info_received = false;
448 trace_line_appid_received = false;
449 first_trace_line = true;
450 snort_received_packet = false;
451 ssl_callback_before_snort = false;
452 }
453
addPktTraceInfo(void * packet)454 void addPktTraceInfo(void *packet)
455 {
456 Packet* p = (Packet *) packet;
457
458 snort_received_packet = true;
459 if (ssl_callback_before_snort) // special case
460 {
461 verdict_reason = VERDICT_REASON_SFSSL;
462 ssl_callback_before_snort = false;
463 }
464
465 if (IsTCP(p))
466 {
467 if (p->tcph->th_flags & TH_ACK)
468 {
469 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
470 "Packet: TCP%s%s, ACK%s%s, seq %lu, ack %lu\n",
471 PacketIsRebuilt(p)? " rebuilt" : "",
472 p->tcph->th_flags & TH_SYN? ", SYN" : "",
473 p->tcph->th_flags & TH_RST? ", RST" : "",
474 p->tcph->th_flags & TH_FIN? ", FIN" : "",
475 (unsigned long) ntohl(p->tcph->th_seq),
476 (unsigned long) ntohl(p->tcph->th_ack)));
477 }
478 else
479 {
480 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
481 "Packet: TCP%s%s%s%s, seq %lu\n",
482 PacketIsRebuilt(p)? " rebuilt" : "",
483 p->tcph->th_flags & TH_SYN? ", SYN" : "",
484 p->tcph->th_flags & TH_RST? ", RST" : "",
485 p->tcph->th_flags & TH_FIN? ", FIN" : "",
486 (unsigned long) ntohl(p->tcph->th_seq)));
487 }
488 }
489 else if (IsUDP(p))
490 {
491 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
492 "Packet: UDP\n"));
493 }
494 else if (IsICMP(p))
495 {
496 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
497 "Packet: ICMP\n"));
498 }
499 else if (IsIP(p))
500 {
501 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
502 "Packet: IP\n"));
503 }
504 else
505 {
506 addPktTraceData(VERDICT_REASON_INFO, snprintf(trace_line, MAX_TRACE_LINE,
507 "Packet: not IP/TCP/UDP/ICMP\n"));
508 }
509 }
510
getPktTraceActMsg()511 const char* getPktTraceActMsg()
512 {
513 static const char* msg[] = {"drop", "would drop", "can't drop"};
514
515 if (Active_PacketWasDropped())
516 return msg[0];
517 else if (Active_PacketWouldBeDropped())
518 return msg[1];
519 else return msg[2];
520 }
521
522 #if defined(HAVE_DAQ_EXT_MODFLOW) && defined(HAVE_DAQ_VERDICT_REASON)
sendReason(const Packet * p)523 void sendReason(const Packet* p)
524 {
525 if (alreadySentTrace) // already sent verdict reason with trace data
526 {
527 alreadySentTrace = false;
528 return;
529 }
530 DAQ_ModFlow_t mod;
531 mod.type = DAQ_MODFLOW_TYPE_VER_REASON;
532 mod.length = sizeof(uint8_t);
533 mod.value = (void*)&verdict_reason;
534 DAQ_ModifyFlow(p->pkth, &mod);
535 if (pkt_trace_enabled_by_clish) // troubleshooting message in CLISH
536 LogMessage("PktTracerDbg Verdict reason is sent to DAQ\n");
537 }
538 #endif
539
SavePktTrace()540 void SavePktTrace()
541 {
542 pkt_trace_enabled_by_clish_bk = pkt_trace_enabled_by_clish;
543 if( pkt_trace_enabled_by_clish )
544 memcpy(pkt_tracer_debug_session_bk, pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE);
545 }
546
RestorePktTrace()547 void RestorePktTrace()
548 {
549 pkt_trace_enabled_by_clish = pkt_trace_enabled_by_clish_bk;
550 if(pkt_trace_enabled_by_clish)
551 memcpy(pkt_tracer_debug_session, pkt_tracer_debug_session_bk, DEBUG_SESSION_ID_SIZE);
552 }
553
554
pktTracerDebugCheckSsn(void * ssn)555 bool pktTracerDebugCheckSsn(void* ssn)
556 {
557 char sipstr[INET6_ADDRSTRLEN];
558 char dipstr[INET6_ADDRSTRLEN];
559 SessionControlBlock *scb = ( SessionControlBlock * ) ssn;
560 pkt_trace_enabled_by_clish = false;
561
562 if (!pkt_trace_cli_flag || !scb)
563 return false;
564
565 if ((!pkt_tracer_debug_info.protocol || pkt_tracer_debug_info.protocol == scb->protocol) &&
566 (((!pkt_tracer_debug_info.sport || pkt_tracer_debug_info.sport == ntohs(scb->client_port)) &&
567 (!pkt_tracer_debug_info.sip_flag || memcmp(&pkt_tracer_debug_info.sip, &scb->client_ip.ip, sizeof(pkt_tracer_debug_info.sip)) == 0) &&
568 (!pkt_tracer_debug_info.dport || pkt_tracer_debug_info.dport == ntohs(scb->server_port)) &&
569 (!pkt_tracer_debug_info.dip_flag || memcmp(&pkt_tracer_debug_info.dip, &scb->server_ip.ip, sizeof(pkt_tracer_debug_info.dip)) == 0))))
570 {
571
572 sfip_ntop(&scb->client_ip, sipstr, sizeof(sipstr));
573 sfip_ntop(&scb->server_ip, dipstr, sizeof(dipstr));
574 uint16_t sport = ntohs(scb->client_port);
575 uint16_t dport = ntohs(scb->server_port);
576 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
577 uint32_t cid = scb->key->carrierId;
578 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
579 uint16_t sAsId = scb->key->addressSpaceId_l;
580 uint16_t dAsId = scb->key->addressSpaceId_h;
581
582 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u AS %u-%u CID %u",
583 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)scb->protocol,
584 sAsId, dAsId, cid);
585 #else
586 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u CID %u",
587 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)scb->protocol, cid);
588 #endif
589 #else /* No Carrier id */
590 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
591 uint16_t sAsId = scb->key->addressSpaceId_l;
592 uint16_t dAsId = scb->key->addressSpaceId_h;
593
594 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u AS %u-%u",
595 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)scb->protocol,
596 sAsId, dAsId);
597 #else
598 snprintf(pkt_tracer_debug_session, DEBUG_SESSION_ID_SIZE, "%s-%u - %s-%u %u",
599 sipstr, (unsigned)sport, dipstr, (unsigned)dport, (unsigned)scb->protocol);
600 #endif
601 #endif
602 pkt_trace_enabled_by_clish = true;
603 return true;
604 }
605 return false;
606 }
607