From 15eb4b292d304a5c155a3d7cdc9a69927d7652d2 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 5 Dec 2013 18:35:27 +0100
Subject: [PATCH] TX logging API: convert HTTP log

Convert the HTTP log to the new TX logging API.
---
 src/log-httplog.c | 200 ++++++++++++++--------------------------------
 src/suricata.c    |   2 -
 2 files changed, 58 insertions(+), 144 deletions(-)

diff --git a/src/log-httplog.c b/src/log-httplog.c
index 8d8a930701..c466fe097c 100644
--- a/src/log-httplog.c
+++ b/src/log-httplog.c
@@ -56,42 +56,23 @@
 
 #define OUTPUT_BUFFER_SIZE 65535
 
-TmEcode LogHttpLog (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-TmEcode LogHttpLogIPv4(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-TmEcode LogHttpLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
 TmEcode LogHttpLogThreadInit(ThreadVars *, void *, void **);
 TmEcode LogHttpLogThreadDeinit(ThreadVars *, void *);
 void LogHttpLogExitPrintStats(ThreadVars *, void *);
 static void LogHttpLogDeInitCtx(OutputCtx *);
 
+int LogHttpLogger(ThreadVars *tv, void *thread_data, const Packet *, Flow *f, void *state, void *tx, uint64_t tx_id);
+
 void TmModuleLogHttpLogRegister (void) {
     tmm_modules[TMM_LOGHTTPLOG].name = MODULE_NAME;
     tmm_modules[TMM_LOGHTTPLOG].ThreadInit = LogHttpLogThreadInit;
-    tmm_modules[TMM_LOGHTTPLOG].Func = LogHttpLog;
     tmm_modules[TMM_LOGHTTPLOG].ThreadExitPrintStats = LogHttpLogExitPrintStats;
     tmm_modules[TMM_LOGHTTPLOG].ThreadDeinit = LogHttpLogThreadDeinit;
     tmm_modules[TMM_LOGHTTPLOG].RegisterTests = NULL;
     tmm_modules[TMM_LOGHTTPLOG].cap_flags = 0;
 
-    OutputRegisterModule(MODULE_NAME, "http-log", LogHttpLogInitCtx);
-}
-
-void TmModuleLogHttpLogIPv4Register (void) {
-    tmm_modules[TMM_LOGHTTPLOG4].name = "LogHttpLogIPv4";
-    tmm_modules[TMM_LOGHTTPLOG4].ThreadInit = LogHttpLogThreadInit;
-    tmm_modules[TMM_LOGHTTPLOG4].Func = LogHttpLogIPv4;
-    tmm_modules[TMM_LOGHTTPLOG4].ThreadExitPrintStats = LogHttpLogExitPrintStats;
-    tmm_modules[TMM_LOGHTTPLOG4].ThreadDeinit = LogHttpLogThreadDeinit;
-    tmm_modules[TMM_LOGHTTPLOG4].RegisterTests = NULL;
-}
-
-void TmModuleLogHttpLogIPv6Register (void) {
-    tmm_modules[TMM_LOGHTTPLOG6].name = "LogHttpLogIPv6";
-    tmm_modules[TMM_LOGHTTPLOG6].ThreadInit = LogHttpLogThreadInit;
-    tmm_modules[TMM_LOGHTTPLOG6].Func = LogHttpLogIPv6;
-    tmm_modules[TMM_LOGHTTPLOG6].ThreadExitPrintStats = LogHttpLogExitPrintStats;
-    tmm_modules[TMM_LOGHTTPLOG6].ThreadDeinit = LogHttpLogThreadDeinit;
-    tmm_modules[TMM_LOGHTTPLOG6].RegisterTests = NULL;
+    OutputRegisterTxModule(MODULE_NAME, "http-log", LogHttpLogInitCtx,
+            ALPROTO_HTTP, LogHttpLogger);
 }
 
 #define LOG_HTTP_MAXN_NODES 64
@@ -423,44 +404,15 @@ static void LogHttpLogExtended(LogHttpLogThread *aft, htp_tx_t *tx)
     MemBufferWriteString(aft->buffer, " [**] %"PRIuMAX" bytes", (uintmax_t)tx->response_message_len);
 }
 
-static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
-                            PacketQueue *postpq, int ipproto)
+static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, void *data, const Packet *p, Flow *f, HtpState *htp_state, htp_tx_t *tx, uint64_t tx_id, int ipproto)
 {
     SCEnter();
 
-    uint64_t tx_id = 0;
-    uint64_t total_txs = 0;
-    htp_tx_t *tx = NULL;
-    HtpState *htp_state = NULL;
-    int tx_progress = 0;
-    int tx_progress_done_value_ts = 0;
-    int tx_progress_done_value_tc = 0;
     LogHttpLogThread *aft = (LogHttpLogThread *)data;
     LogHttpFileCtx *hlog = aft->httplog_ctx;
     char timebuf[64];
 
-    /* no flow, no htp state */
-    if (p->flow == NULL) {
-        SCReturnInt(TM_ECODE_OK);
-    }
-
     /* check if we have HTTP state or not */
-    FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */
-    uint16_t proto = FlowGetAppProtocol(p->flow);
-    if (proto != ALPROTO_HTTP)
-        goto end;
-
-    htp_state = (HtpState *)FlowGetAppState(p->flow);
-    if (htp_state == NULL) {
-        SCLogDebug("no http state, so no request logging");
-        goto end;
-    }
-
-    total_txs = AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state);
-    tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser);
-    tx_progress_done_value_ts = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER);
-    tx_progress_done_value_tc = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOCLIENT);
-
     CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
 
     char srcip[46], dstip[46];
@@ -497,121 +449,85 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, Packet
         dp = p->sp;
     }
 
-    for (; tx_id < total_txs; tx_id++)
-    {
-        tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, tx_id);
-        if (tx == NULL) {
-            SCLogDebug("tx is NULL not logging !!");
-            continue;
-        }
+    SCLogDebug("got a HTTP request and now logging !!");
 
-        if (!AppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF)) {
-            tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER);
-            if (tx_progress < tx_progress_done_value_ts)
-                break;
+    /* reset */
+    MemBufferReset(aft->buffer);
 
-            tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT);
-            if (tx_progress < tx_progress_done_value_tc)
-                break;
+    if (hlog->flags & LOG_HTTP_CUSTOM) {
+        LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
+    } else {
+        /* time */
+        MemBufferWriteString(aft->buffer, "%s ", timebuf);
+
+        /* hostname */
+        if (tx->request_hostname != NULL) {
+            PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
+                    (uint8_t *)bstr_ptr(tx->request_hostname),
+                    bstr_len(tx->request_hostname));
+        } else {
+            MemBufferWriteString(aft->buffer, "<hostname unknown>");
         }
+        MemBufferWriteString(aft->buffer, " [**] ");
 
-        SCLogDebug("got a HTTP request and now logging !!");
-
-        /* reset */
-        MemBufferReset(aft->buffer);
+        /* uri */
+        if (tx->request_uri != NULL) {
+            PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
+                    (uint8_t *)bstr_ptr(tx->request_uri),
+                    bstr_len(tx->request_uri));
+        }
+        MemBufferWriteString(aft->buffer, " [**] ");
 
-        if (hlog->flags & LOG_HTTP_CUSTOM) {
-            LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
+        /* user agent */
+        htp_header_t *h_user_agent = NULL;
+        if (tx->request_headers != NULL) {
+            h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
+        }
+        if (h_user_agent != NULL) {
+            PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
+                    (uint8_t *)bstr_ptr(h_user_agent->value),
+                    bstr_len(h_user_agent->value));
         } else {
-            /* time */
-            MemBufferWriteString(aft->buffer, "%s ", timebuf);
-
-            /* hostname */
-            if (tx->request_hostname != NULL) {
-                PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
-                               (uint8_t *)bstr_ptr(tx->request_hostname),
-                               bstr_len(tx->request_hostname));
-            } else {
-                MemBufferWriteString(aft->buffer, "<hostname unknown>");
-            }
-            MemBufferWriteString(aft->buffer, " [**] ");
-
-            /* uri */
-            if (tx->request_uri != NULL) {
-                PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
-                               (uint8_t *)bstr_ptr(tx->request_uri),
-                               bstr_len(tx->request_uri));
-            }
-            MemBufferWriteString(aft->buffer, " [**] ");
-
-            /* user agent */
-            htp_header_t *h_user_agent = NULL;
-            if (tx->request_headers != NULL) {
-                h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
-            }
-            if (h_user_agent != NULL) {
-                PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
-                                (uint8_t *)bstr_ptr(h_user_agent->value),
-                                bstr_len(h_user_agent->value));
-            } else {
-                MemBufferWriteString(aft->buffer, "<useragent unknown>");
-            }
-            if (hlog->flags & LOG_HTTP_EXTENDED) {
-                LogHttpLogExtended(aft, tx);
-            }
-
-            /* ip/tcp header info */
-            MemBufferWriteString(aft->buffer,
-                                 " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
-                                 srcip, sp, dstip, dp);
+            MemBufferWriteString(aft->buffer, "<useragent unknown>");
+        }
+        if (hlog->flags & LOG_HTTP_EXTENDED) {
+            LogHttpLogExtended(aft, tx);
         }
 
-        aft->uri_cnt ++;
-
-        SCMutexLock(&hlog->file_ctx->fp_mutex);
-        (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp);
-        fflush(hlog->file_ctx->fp);
-        SCMutexUnlock(&hlog->file_ctx->fp_mutex);
-
-        AppLayerParserSetTransactionLogId(p->flow->alparser);
+        /* ip/tcp header info */
+        MemBufferWriteString(aft->buffer,
+                " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
+                srcip, sp, dstip, dp);
     }
 
-end:
-    FLOWLOCK_UNLOCK(p->flow);
-    SCReturnInt(TM_ECODE_OK);
+    aft->uri_cnt ++;
 
-}
+    SCMutexLock(&hlog->file_ctx->fp_mutex);
+    (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp);
+    fflush(hlog->file_ctx->fp);
+    SCMutexUnlock(&hlog->file_ctx->fp_mutex);
 
-TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
-{
-    return LogHttpLogIPWrapper(tv, p, data, pq, postpq, AF_INET);
-}
+end:
+    SCReturnInt(0);
 
-TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
-{
-    return LogHttpLogIPWrapper(tv, p, data, pq, postpq, AF_INET6);
 }
 
-TmEcode LogHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+int LogHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
 {
     SCEnter();
 
-    /* no flow, no htp state */
-    if (p->flow == NULL) {
-        SCReturnInt(TM_ECODE_OK);
-    }
-
     if (!(PKT_IS_TCP(p))) {
         SCReturnInt(TM_ECODE_OK);
     }
 
+    int r = 0;
     if (PKT_IS_IPV4(p)) {
-        SCReturnInt(LogHttpLogIPv4(tv, p, data, pq, postpq));
+        r = LogHttpLogIPWrapper(tv, thread_data, p, f, (HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET);
     } else if (PKT_IS_IPV6(p)) {
-        SCReturnInt(LogHttpLogIPv6(tv, p, data, pq, postpq));
+        r = LogHttpLogIPWrapper(tv, thread_data, p, f, (HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET6);
     }
 
-    SCReturnInt(TM_ECODE_OK);
+    SCReturnInt(r);
 }
 
 TmEcode LogHttpLogThreadInit(ThreadVars *t, void *initdata, void **data)
diff --git a/src/suricata.c b/src/suricata.c
index 9e273a03ea..d2e448240a 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -792,8 +792,6 @@ void RegisterAllModules()
     TmModuleLogDropLogRegister();
     /* http log */
     TmModuleLogHttpLogRegister();
-    TmModuleLogHttpLogIPv4Register();
-    TmModuleLogHttpLogIPv6Register();
     TmModuleLogTlsLogRegister();
     TmModuleLogTlsLogIPv4Register();
     TmModuleLogTlsLogIPv6Register();