output: plugins can log flow or packet direction

7 months ago · 243d14cda2
parent 850bd72399
commit 243d14cda2
5 changed files with 15 additions and 2 deletions
--- a/rust/sys/src/sys.rs
+++ b/rust/sys/src/sys.rs
@ -123,6 +123,7 @@ pub struct SCAppLayerPlugin_ {
    pub KeywordsRegister: ::std::option::Option<unsafe extern "C" fn()>,
    pub logname: *const ::std::os::raw::c_char,
    pub confname: *const ::std::os::raw::c_char,
+    pub dir: u8,
    pub Logger: ::std::option::Option<
        unsafe extern "C" fn(
            tx: *const ::std::os::raw::c_void,
--- a/src/output.c
+++ b/src/output.c
@ -994,6 +994,15 @@ int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
    return 0;
 }

+static TxLogger JsonLoggerFromDir(uint8_t dir)
+{
+    if (dir == LOG_DIR_PACKET) {
+        return JsonGenericDirPacketLogger;
+    }
+    BUG_ON(dir != LOG_DIR_FLOW);
+    return JsonGenericDirFlowLogger;
+}
+
 /**
 * \brief Register all non-root logging modules.
 */
@ -1154,8 +1163,8 @@ void OutputRegisterLoggers(void)
    for (size_t i = 0; i < preregistered_loggers_nb; i++) {
        OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", preregistered_loggers[i].logname,
                preregistered_loggers[i].confname, OutputJsonLogInitSub,
-                preregistered_loggers[i].alproto, JsonGenericDirFlowLogger, JsonLogThreadInit,
-                JsonLogThreadDeinit);
+                preregistered_loggers[i].alproto, JsonLoggerFromDir(preregistered_loggers[i].dir),
+                JsonLogThreadInit, JsonLogThreadDeinit);
        SCLogDebug(
                "%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto));
        RegisterSimpleJsonApplayerLogger(
--- a/src/output.h
+++ b/src/output.h
@ -185,6 +185,7 @@ typedef struct EveJsonTxLoggerRegistrationData {
    const char *confname;
    const char *logname;
    AppProto alproto;
+    uint8_t dir;
    EveJsonSimpleTxLogFunc LogTx;
 } EveJsonTxLoggerRegistrationData;

--- a/src/suricata-plugin.h
+++ b/src/suricata-plugin.h
@ -68,6 +68,7 @@ typedef struct SCAppLayerPlugin_ {
    void (*KeywordsRegister)(void);
    const char *logname;
    const char *confname;
+    uint8_t dir;
    bool (*Logger)(const void *tx, void *jb);
 } SCAppLayerPlugin;

--- a/src/util-plugin.c
+++ b/src/util-plugin.c
@ -179,6 +179,7 @@ int SCPluginRegisterAppLayer(SCAppLayerPlugin *plugin)
            .confname = plugin->confname,
            .logname = plugin->logname,
            .alproto = alproto,
+            .dir = plugin->dir,
            .LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger,
        };
        if (OutputPreRegisterLogger(reg_data) != 0) {