From 2b9ef8752738815ee070ac69de05adbfd2f2a787 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 27 Oct 2014 23:59:49 +0100 Subject: [PATCH] smtp: convert logger to tx logger Move from packet logger to tx logger. --- src/output-json-email-common.c | 36 ++++++++++--------------- src/output-json-email-common.h | 2 +- src/output-json-smtp.c | 49 ++++++---------------------------- 3 files changed, 23 insertions(+), 64 deletions(-) diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c index 019cc9436b..5b1e19f419 100644 --- a/src/output-json-email-common.c +++ b/src/output-json-email-common.c @@ -56,50 +56,39 @@ #include /* JSON format logging */ -static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, - json_t *js, - const Packet *p) +static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id) { SMTPState *smtp_state; MimeDecParseState *mime_state; MimeDecEntity *entity; char *protos = NULL; - /* no flow, no smtp state */ - if (p->flow == NULL) { - SCReturnInt(TM_ECODE_FAILED); - } - json_t *sjs = json_object(); if (sjs == NULL) { SCReturnInt(TM_ECODE_FAILED); } /* check if we have SMTP state or not */ - FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */ AppProto proto = FlowGetAppProtocol(p->flow); switch (proto) { case ALPROTO_SMTP: - smtp_state = (SMTPState *)FlowGetAppState(p->flow); + smtp_state = (SMTPState *)state; if (smtp_state == NULL) { SCLogDebug("no smtp state, so no request logging"); - FLOWLOCK_UNLOCK(p->flow); SCReturnInt(TM_ECODE_FAILED); } - mime_state = smtp_state->mime_state; - entity = smtp_state->msg_tail; + SMTPTransaction *tx = vtx; + mime_state = tx->mime_state; + entity = tx->msg_tail; protos = "smtp"; + SCLogDebug("lets go mime_state %p, entity %p, state_flag %u", mime_state, entity, mime_state ? mime_state->state_flag : 0); break; default: /* don't know how we got here */ - FLOWLOCK_UNLOCK(p->flow); SCReturnInt(TM_ECODE_FAILED); } - if ((mime_state != NULL) && - (mime_state->state_flag == PARSE_DONE)) { - + if ((mime_state != NULL)) { if (entity == NULL) { - FLOWLOCK_UNLOCK(p->flow); SCReturnInt(TM_ECODE_FAILED); } @@ -176,6 +165,9 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, entity->header_flags |= HDR_IS_LOGGED; + if (mime_state->stack == NULL || mime_state->stack->top == NULL || mime_state->stack->top->data == NULL) + SCReturnInt(TM_ECODE_OK); + entity = (MimeDecEntity *)mime_state->stack->top->data; int attch_cnt = 0; int url_cnt = 0; @@ -233,16 +225,16 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, } json_object_set_new(js, protos, sjs); - FLOWLOCK_UNLOCK(p->flow); +// FLOWLOCK_UNLOCK(p->flow); SCReturnInt(TM_ECODE_OK); } } - FLOWLOCK_UNLOCK(p->flow); +// FLOWLOCK_UNLOCK(p->flow); SCReturnInt(TM_ECODE_DONE); } -int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p) { +int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) { SCEnter(); JsonEmailLogThread *jhl = (JsonEmailLogThread *)thread_data; MemBuffer *buffer = (MemBuffer *)jhl->buffer; @@ -254,7 +246,7 @@ int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p) { /* reset */ MemBufferReset(buffer); - if (JsonEmailLogJson(jhl, js, p) == TM_ECODE_OK) { + if (JsonEmailLogJson(jhl, js, p, f, state, tx, tx_id) == TM_ECODE_OK) { OutputJSONBuffer(js, jhl->emaillog_ctx->file_ctx, buffer); } json_object_del(js, "smtp"); diff --git a/src/output-json-email-common.h b/src/output-json-email-common.h index b073d932b5..7a95954c77 100644 --- a/src/output-json-email-common.h +++ b/src/output-json-email-common.h @@ -35,6 +35,6 @@ typedef struct JsonEmailLogThread_ { MemBuffer *buffer; } JsonEmailLogThread; -int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p); +int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id); #endif /* __OUTPUT_JSON_EMAIL_COMMON_H__ */ diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index 10b307b93e..f541ff891f 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -54,10 +54,10 @@ #ifdef HAVE_LIBJANSSON #include -static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p) +static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) { SCEnter(); - int r = JsonEmailLogger(tv, thread_data, p); + int r = JsonEmailLogger(tv, thread_data, p, f, state, tx, tx_id); SCReturnInt(r); } @@ -187,37 +187,6 @@ static TmEcode JsonSmtpLogThreadDeinit(ThreadVars *t, void *data) return TM_ECODE_OK; } -/** \internal - * \brief Condition function for SMTP logger - * \retval bool true or false -- log now? - */ -static int JsonSmtpCondition(ThreadVars *tv, const Packet *p) { - if (p->flow == NULL) { - return FALSE; - } - - if (!(PKT_IS_TCP(p))) { - return FALSE; - } - - FLOWLOCK_RDLOCK(p->flow); - uint16_t proto = FlowGetAppProtocol(p->flow); - if (proto != ALPROTO_SMTP) - goto dontlog; - - SMTPState *smtp_state = (SMTPState *)FlowGetAppState(p->flow); - if (smtp_state == NULL) { - SCLogDebug("no smtp state, so no request logging"); - goto dontlog; - } - - FLOWLOCK_UNLOCK(p->flow); - return TRUE; -dontlog: - FLOWLOCK_UNLOCK(p->flow); - return FALSE; -} - void TmModuleJsonSmtpLogRegister (void) { tmm_modules[TMM_JSONSMTPLOG].name = "JsonSmtpLog"; tmm_modules[TMM_JSONSMTPLOG].ThreadInit = JsonSmtpLogThreadInit; @@ -227,17 +196,15 @@ void TmModuleJsonSmtpLogRegister (void) { tmm_modules[TMM_JSONSMTPLOG].flags = TM_FLAG_LOGAPI_TM; /* register as separate module */ - OutputRegisterPacketModule("JsonSmtpLog", "smtp-json-log", - OutputSmtpLogInit, - JsonSmtpLogger, - JsonSmtpCondition); + OutputRegisterTxModule("JsonSmtpLog", "smtp-json-log", + OutputSmtpLogInit, ALPROTO_SMTP, + JsonSmtpLogger); /* also register as child of eve-log */ - OutputRegisterPacketSubModule("eve-log", "JsonSmtpLog", + OutputRegisterTxSubModule("eve-log", "JsonSmtpLog", "eve-log.smtp", - OutputSmtpLogInitSub, - JsonSmtpLogger, - JsonSmtpCondition); + OutputSmtpLogInitSub, ALPROTO_SMTP, + JsonSmtpLogger); } #else