aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve: refactor CreateEveHeaderWithTx to include common options

Browse Source
pull/6006/head
Jason Ish 4 years ago
parent 06ba611667
commit 2d78afe4b0
9 changed files with 31 additions and 100 deletions
Show Stats Download Patch File Download Diff File

5
src/output-json-anomaly.c
Unescape Escape View File

@ -172,9 +172,8 @@ static int AnomalyAppLayerDecoderEventJson(JsonAnomalyLogThread *aft,
JsonBuilder *js;
if (tx_id != TX_ID_UNUSED) {
js = CreateEveHeaderWithTxId(p, LOG_DIR_PACKET,
ANOMALY_EVENT_TYPE, NULL, tx_id);
EveAddCommonOptions(&aft->json_output_ctx->eve_ctx->cfg, p, p->flow, js);
js = CreateEveHeaderWithTxId(p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, tx_id,
aft->json_output_ctx->eve_ctx);
} else {
js = CreateEveHeader(
p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, aft->json_output_ctx->eve_ctx);

5
src/output-json-email-common.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2014 Open Information Security Foundation
/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -25,10 +25,9 @@
#define __OUTPUT_JSON_EMAIL_COMMON_H__
typedef struct OutputJsonEmailCtx_ {
LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
uint64_t fields;/** Store fields */
OutputJsonCommonSettings cfg;
OutputJsonCtx *eve_ctx;
} OutputJsonEmailCtx;
typedef struct JsonEmailLogThread_ {

14
src/output-json-ftp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation
/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -49,8 +49,7 @@
#include "output-json-ftp.h"
typedef struct LogFTPFileCtx_ {
LogFileCtx *file_ctx;
OutputJsonCommonSettings cfg;
OutputJsonCtx *eve_ctx;
} LogFTPFileCtx;
typedef struct LogFTPLogThread_ {
@ -161,9 +160,9 @@ static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
LogFTPLogThread *thread = thread_data;
LogFTPFileCtx *ftp_ctx = thread->ftplog_ctx;
JsonBuilder *jb = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, event_type, NULL, tx_id);
JsonBuilder *jb = CreateEveHeaderWithTxId(
p, LOG_DIR_FLOW, event_type, NULL, tx_id, thread->ftplog_ctx->eve_ctx);
if (likely(jb)) {
EveAddCommonOptions(&ftp_ctx->cfg, p, f, jb);
jb_open_object(jb, event_type);
if (f->alproto == ALPROTO_FTPDATA) {
EveFTPDataAddMetadata(f, jb);
@ -205,8 +204,7 @@ static OutputInitResult OutputFTPLogInitSub(ConfNode *conf,
if (unlikely(ftplog_ctx == NULL)) {
return result;
}
ftplog_ctx->file_ctx = ajt->file_ctx;
ftplog_ctx->cfg = ajt->cfg;
ftplog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
@ -244,7 +242,7 @@ static TmEcode JsonFTPLogThreadInit(ThreadVars *t, const void *initdata, void **
}
thread->ftplog_ctx = ((OutputCtx *)initdata)->data;
thread->file_ctx = LogFileEnsureExists(thread->ftplog_ctx->file_ctx, t->id);
thread->file_ctx = LogFileEnsureExists(thread->ftplog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}

14
src/output-json-http.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2020 Open Information Security Foundation
/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -56,12 +56,11 @@
#include "util-byte.h"
typedef struct LogHttpFileCtx_ {
LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
uint64_t fields;/** Store fields */
HttpXFFCfg *xff_cfg;
HttpXFFCfg *parent_xff_cfg;
OutputJsonCommonSettings cfg;
OutputJsonCtx *eve_ctx;
} LogHttpFileCtx;
typedef struct JsonHttpLogThread_ {
@ -484,10 +483,10 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
htp_tx_t *tx = txptr;
JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "http", NULL, tx_id);
JsonBuilder *js = CreateEveHeaderWithTxId(
p, LOG_DIR_FLOW, "http", NULL, tx_id, jhl->httplog_ctx->eve_ctx);
if (unlikely(js == NULL))
return TM_ECODE_OK;
EveAddCommonOptions(&jhl->httplog_ctx->cfg, p, f, js);
SCLogDebug("got a HTTP request and now logging !!");
@ -567,9 +566,8 @@ static OutputInitResult OutputHttpLogInitSub(ConfNode *conf, OutputCtx *parent_c
return result;
}
http_ctx->file_ctx = ojc->file_ctx;
http_ctx->flags = LOG_HTTP_DEFAULT;
http_ctx->cfg = ojc->cfg;
http_ctx->eve_ctx = ojc;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
@ -656,7 +654,7 @@ static TmEcode JsonHttpLogThreadInit(ThreadVars *t, const void *initdata, void *
goto error_exit;
}
aft->file_ctx = LogFileEnsureExists(aft->httplog_ctx->file_ctx, t->id);
aft->file_ctx = LogFileEnsureExists(aft->httplog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}

72
src/output-json-http2.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation
/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -54,8 +54,7 @@
#define MODULE_NAME "LogHttp2Log"
typedef struct OutputHttp2Ctx_ {
LogFileCtx *file_ctx;
OutputJsonCommonSettings cfg;
OutputJsonCtx *eve_ctx;
} OutputHttp2Ctx;
@ -82,18 +81,16 @@ static int JsonHttp2Logger(ThreadVars *tv, void *thread_data, const Packet *p,
Flow *f, void *state, void *txptr, uint64_t tx_id)
{
JsonHttp2LogThread *aft = (JsonHttp2LogThread *)thread_data;
OutputHttp2Ctx *http2_ctx = aft->http2log_ctx;
if (unlikely(state == NULL)) {
return 0;
}
JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "http", NULL, tx_id);
JsonBuilder *js = CreateEveHeaderWithTxId(
p, LOG_DIR_FLOW, "http", NULL, tx_id, aft->http2log_ctx->eve_ctx);
if (unlikely(js == NULL))
return 0;
EveAddCommonOptions(&http2_ctx->cfg, p, f, js);
/* reset */
MemBufferReset(aft->buffer);
@ -122,7 +119,7 @@ static TmEcode JsonHttp2LogThreadInit(ThreadVars *t, const void *initdata, void
/* Use the Output Context (file pointer and mutex) */
aft->http2log_ctx = ((OutputCtx *)initdata)->data;
aft->file_ctx = LogFileEnsureExists(aft->http2log_ctx->file_ctx, t->id);
aft->file_ctx = LogFileEnsureExists(aft->http2log_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
@ -158,55 +155,6 @@ static TmEcode JsonHttp2LogThreadDeinit(ThreadVars *t, void *data)
return TM_ECODE_OK;
}
static void OutputHttp2LogDeinit(OutputCtx *output_ctx)
{
OutputHttp2Ctx *http2_ctx = output_ctx->data;
LogFileCtx *logfile_ctx = http2_ctx->file_ctx;
LogFileFreeCtx(logfile_ctx);
SCFree(http2_ctx);
SCFree(output_ctx);
}
#define DEFAULT_LOG_FILENAME "http2.json"
static OutputInitResult OutputHttp2LogInit(ConfNode *conf)
{
OutputInitResult result = { NULL, false };
LogFileCtx *file_ctx = LogFileNewCtx();
if(file_ctx == NULL) {
SCLogError(SC_ERR_HTTP2_LOG_GENERIC, "couldn't create new file_ctx");
return result;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
LogFileFreeCtx(file_ctx);
return result;
}
OutputHttp2Ctx *http2_ctx = SCMalloc(sizeof(OutputHttp2Ctx));
if (unlikely(http2_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return result;
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
SCFree(http2_ctx);
return result;
}
http2_ctx->file_ctx = file_ctx;
output_ctx->data = http2_ctx;
output_ctx->DeInit = OutputHttp2LogDeinit;
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
result.ctx = output_ctx;
result.ok = true;
return result;
}
static void OutputHttp2LogDeinitSub(OutputCtx *output_ctx)
{
OutputHttp2Ctx *http2_ctx = output_ctx->data;
@ -229,8 +177,7 @@ static OutputInitResult OutputHttp2LogInitSub(ConfNode *conf, OutputCtx *parent_
return result;
}
http2_ctx->file_ctx = ojc->file_ctx;
http2_ctx->cfg = ojc->cfg;
http2_ctx->eve_ctx = ojc;
output_ctx->data = http2_ctx;
output_ctx->DeInit = OutputHttp2LogDeinitSub;
@ -244,13 +191,6 @@ static OutputInitResult OutputHttp2LogInitSub(ConfNode *conf, OutputCtx *parent_
void JsonHttp2LogRegister (void)
{
/* register as separate module */
OutputRegisterTxModuleWithProgress(LOGGER_JSON_HTTP2,
MODULE_NAME, "http2-json-log",
OutputHttp2LogInit, ALPROTO_HTTP2, JsonHttp2Logger,
HTTP2StateClosed, HTTP2StateClosed,
JsonHttp2LogThreadInit, JsonHttp2LogThreadDeinit, NULL);
/* also register as child of eve-log */
OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_HTTP2,
"eve-log", MODULE_NAME, "eve-log.http2",

11
src/output-json-smtp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2020 Open Information Security Foundation
/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -76,10 +76,10 @@ static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
SCEnter();
JsonEmailLogThread *jhl = (JsonEmailLogThread *)thread_data;
JsonBuilder *jb = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "smtp", NULL, tx_id);
JsonBuilder *jb = CreateEveHeaderWithTxId(
p, LOG_DIR_FLOW, "smtp", NULL, tx_id, jhl->emaillog_ctx->eve_ctx);
if (unlikely(jb == NULL))
return TM_ECODE_OK;
EveAddCommonOptions(&jhl->emaillog_ctx->cfg, p, f, jb);
/* reset */
MemBufferReset(jhl->buffer);
@ -137,8 +137,7 @@ static OutputInitResult OutputSmtpLogInitSub(ConfNode *conf, OutputCtx *parent_c
return result;
}
email_ctx->file_ctx = ojc->file_ctx;
email_ctx->cfg = ojc->cfg;
email_ctx->eve_ctx = ojc;
OutputEmailInitConf(conf, email_ctx);
@ -172,7 +171,7 @@ static TmEcode JsonSmtpLogThreadInit(ThreadVars *t, const void *initdata, void *
goto error_exit;
}
aft->file_ctx = LogFileEnsureExists(aft->emaillog_ctx->file_ctx, t->id);
aft->file_ctx = LogFileEnsureExists(aft->emaillog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}

4
src/output-json-ssh.c
Unescape Escape View File

@ -62,12 +62,10 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p,
return 0;
}
JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id);
JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id, thread->ctx);
if (unlikely(js == NULL))
return 0;
EveAddCommonOptions(&thread->ctx->cfg, p, f, js);
/* reset */
MemBufferReset(thread->buffer);

4
src/output-json.c
Unescape Escape View File

@ -917,9 +917,9 @@ JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
}
JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id)
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx)
{
JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, NULL);
JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, eve_ctx);
if (unlikely(js == NULL))
return NULL;

2
src/output-json.h
Unescape Escape View File

@ -101,7 +101,7 @@ void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length);
JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx);
JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id);
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx);
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer);
OutputInitResult OutputJsonInitCtx(ConfNode *);

Write Preview
Loading…
Cancel
Save