rfb/eve: convert to jsonbuilder

6 years ago · 36d687580a
parent 49f7dc93bd
commit 36d687580a
4 changed files with 67 additions and 66 deletions
--- a/rust/src/rfb/logger.rs
+++ b/rust/src/rfb/logger.rs
@ -19,102 +19,103 @@

 use std;
 use std::fmt::Write;
-use crate::json::*;
 use super::rfb::{RFBState, RFBTransaction};
+use crate::jsonbuilder::{JsonBuilder, JsonError};

-fn log_rfb(tx: &RFBTransaction) -> Option<Json> {
-    let js = Json::object();
+fn log_rfb(tx: &RFBTransaction, js: &mut JsonBuilder) -> Result<(), JsonError> {
+    js.open_object("rfb")?;

    // Protocol version
    if let Some(tx_spv) = &tx.tc_server_protocol_version {
-        let spv = Json::object();
-        spv.set_string("major", &tx_spv.major);
-        spv.set_string("minor", &tx_spv.minor);
-        js.set("server_protocol_version", spv);
+        js.open_object("server_protocol_version")?;
+        js.set_string("major", &tx_spv.major)?;
+        js.set_string("minor", &tx_spv.minor)?;
+        js.close()?;
    }
    if let Some(tx_cpv) = &tx.ts_client_protocol_version {
-        let cpv = Json::object();
-        cpv.set_string("major", &tx_cpv.major);
-        cpv.set_string("minor", &tx_cpv.minor);
-        js.set("client_protocol_version", cpv);
+        js.open_object("client_protocol_version")?;
+        js.set_string("major", &tx_cpv.major)?;
+        js.set_string("minor", &tx_cpv.minor)?;
+        js.close()?;
    }

    // Authentication
-    let auth = Json::object();
+    js.open_object("authentication")?;
    if let Some(chosen_security_type) = tx.chosen_security_type {
-        auth.set_integer("security_type", chosen_security_type as u64);
+        js.set_uint("security_type", chosen_security_type as u64)?;
    }
    match tx.chosen_security_type {
        Some(2) => {
-            let vncauth = Json::object();
+            js.open_object("vnc")?;
            if let Some(ref sc) = tx.tc_vnc_challenge {
                let mut s = String::new();
                for &byte in &sc.secret[..] {
                    write!(&mut s, "{:02x}", byte).expect("Unable to write");
                }
-                vncauth.set_string("challenge", &s);
+                js.set_string("challenge", &s)?;
            }
            if let Some(ref sr) = tx.ts_vnc_response {
                let mut s = String::new();
                for &byte in &sr.secret[..] {
                    write!(&mut s, "{:02x}", byte).expect("Unable to write");
                }
-                vncauth.set_string("response", &s);
+                js.set_string("response", &s)?;
            }
-            auth.set("vnc", vncauth);
+            js.close()?;
        }
        _ => ()
    }
    if let Some(security_result) = &tx.tc_security_result {
-        match security_result.status {
-            0 => auth.set_string("security_result", "OK"),
-            1 => auth.set_string("security-result", "FAIL"),
-            2 => auth.set_string("security_result", "TOOMANY"),
-            _ => auth.set_string("security_result",
-                    &format!("UNKNOWN ({})", security_result.status)),
-        }
+        let _ = match security_result.status {
+            0 => js.set_string("security_result", "OK")?,
+            1 => js.set_string("security-result", "FAIL")?,
+            2 => js.set_string("security_result", "TOOMANY")?,
+            _ => js.set_string("security_result",
+                    &format!("UNKNOWN ({})", security_result.status))?,
+        };
    }
-    js.set("authentication", auth);
+    js.close()?; // Close authentication.

    if let Some(ref reason) = tx.tc_failure_reason {
-        js.set_string("server_security_failure_reason", &reason.reason_string);
+        js.set_string("server_security_failure_reason", &reason.reason_string)?;
    }

    // Client/Server init
    if let Some(s) = &tx.ts_client_init {
-        js.set_boolean("screen_shared", s.shared != 0);
+        js.set_bool("screen_shared", s.shared != 0)?;
    }
    if let Some(tc_server_init) = &tx.tc_server_init {
-        let fb = Json::object();
-        fb.set_integer("width", tc_server_init.width as u64);
-        fb.set_integer("height", tc_server_init.height as u64);
-        fb.set_string_from_bytes("name", &tc_server_init.name);
+        js.open_object("framebuffer")?;
+        js.set_uint("width", tc_server_init.width as u64)?;
+        js.set_uint("height", tc_server_init.height as u64)?;
+        js.set_string_from_bytes("name", &tc_server_init.name)?;

-        let pfj = Json::object();
-        pfj.set_integer("bits_per_pixel", tc_server_init.pixel_format.bits_per_pixel as u64);
-        pfj.set_integer("depth", tc_server_init.pixel_format.depth as u64);
-        pfj.set_boolean("big_endian", tc_server_init.pixel_format.big_endian_flag != 0);
-        pfj.set_boolean("true_color", tc_server_init.pixel_format.true_colour_flag != 0);
-        pfj.set_integer("red_max", tc_server_init.pixel_format.red_max as u64);
-        pfj.set_integer("green_max", tc_server_init.pixel_format.green_max as u64);
-        pfj.set_integer("blue_max", tc_server_init.pixel_format.blue_max as u64);
-        pfj.set_integer("red_shift", tc_server_init.pixel_format.red_shift as u64);
-        pfj.set_integer("green_shift", tc_server_init.pixel_format.green_shift as u64);
-        pfj.set_integer("blue_shift", tc_server_init.pixel_format.blue_shift as u64);
-        pfj.set_integer("depth", tc_server_init.pixel_format.depth as u64);
-        fb.set("pixel_format", pfj);
+        js.open_object("pixel_format")?;
+        js.set_uint("bits_per_pixel", tc_server_init.pixel_format.bits_per_pixel as u64)?;
+        js.set_uint("depth", tc_server_init.pixel_format.depth as u64)?;
+        js.set_bool("big_endian", tc_server_init.pixel_format.big_endian_flag != 0)?;
+        js.set_bool("true_color", tc_server_init.pixel_format.true_colour_flag != 0)?;
+        js.set_uint("red_max", tc_server_init.pixel_format.red_max as u64)?;
+        js.set_uint("green_max", tc_server_init.pixel_format.green_max as u64)?;
+        js.set_uint("blue_max", tc_server_init.pixel_format.blue_max as u64)?;
+        js.set_uint("red_shift", tc_server_init.pixel_format.red_shift as u64)?;
+        js.set_uint("green_shift", tc_server_init.pixel_format.green_shift as u64)?;
+        js.set_uint("blue_shift", tc_server_init.pixel_format.blue_shift as u64)?;
+        js.set_uint("depth", tc_server_init.pixel_format.depth as u64)?;
+        js.close()?;

-        js.set("framebuffer", fb);
+        js.close()?;
    }

-    return Some(js);
+    js.close()?;
+
+    return Ok(());
 }

 #[no_mangle]
-pub extern "C" fn rs_rfb_logger_log(_state: &mut RFBState, tx: *mut std::os::raw::c_void) -> *mut JsonT {
+pub extern "C" fn rs_rfb_logger_log(_state: &mut RFBState,
+                                    tx: *mut std::os::raw::c_void,
+                                    js: &mut JsonBuilder) -> bool {
    let tx = cast_pointer!(tx, RFBTransaction);
-    match log_rfb(tx) {
-        Some(js) => js.unwrap(),
-        None => std::ptr::null_mut(),
-    }
+    log_rfb(tx, js).is_ok()
 }
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -532,11 +532,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                case ALPROTO_SIP:
                    JsonSIPAddMetadata(jb, p->flow, pa->tx_id);
                    break;
-                case ALPROTO_RFB:
-                    hjs = JsonRFBAddMetadata(p->flow, pa->tx_id);
-                    if (hjs)
-                        jb_set_jsont(jb, "rfb", hjs);
+                case ALPROTO_RFB: {
+                    jb_get_mark(jb, &mark);
+                    if (!JsonRFBAddMetadata(p->flow, pa->tx_id, jb)) {
+                        jb_restore_mark(jb, &mark);
+                    }
                    break;
+                }
                case ALPROTO_FTPDATA:
                    hjs = JsonFTPDataAddMetadata(p->flow);
                    if (hjs) {
--- a/src/output-json-rfb.c
+++ b/src/output-json-rfb.c
@ -57,17 +57,17 @@ typedef struct LogRFBLogThread_ {
    MemBuffer          *buffer;
 } LogRFBLogThread;

-json_t *JsonRFBAddMetadata(const Flow *f, uint64_t tx_id)
+bool JsonRFBAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *js)
 {
    RFBState *state = FlowGetAppState(f);
    if (state) {
        RFBTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_RFB, state, tx_id);
        if (tx) {
-            return rs_rfb_logger_log(state, tx);
+            return rs_rfb_logger_log(state, tx, js);
        }
    }

-    return NULL;
+    return false;
 }

 static int JsonRFBLogger(ThreadVars *tv, void *thread_data,
@ -75,25 +75,23 @@ static int JsonRFBLogger(ThreadVars *tv, void *thread_data,
 {
    LogRFBLogThread *thread = thread_data;

-    json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "rfb", NULL);
+    JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "rfb", NULL);
    if (unlikely(js == NULL)) {
        return TM_ECODE_FAILED;
    }

-    json_t *rfb_js = rs_rfb_logger_log(NULL, tx);
-    if (unlikely(rfb_js == NULL)) {
+    if (!rs_rfb_logger_log(NULL, tx, js)) {
        goto error;
    }
-    json_object_set_new(js, "rfb", rfb_js);

    MemBufferReset(thread->buffer);
-    OutputJSONBuffer(js, thread->rfblog_ctx->file_ctx, &thread->buffer);
-    json_decref(js);
+    OutputJsonBuilderBuffer(js, thread->rfblog_ctx->file_ctx, &thread->buffer);
+    jb_free(js);

    return TM_ECODE_OK;

 error:
-    json_decref(js);
+    jb_free(js);
    return TM_ECODE_FAILED;
 }

--- a/src/output-json-rfb.h
+++ b/src/output-json-rfb.h
@ -26,6 +26,6 @@

 void JsonRFBLogRegister(void);

-json_t *JsonRFBAddMetadata(const Flow *f, uint64_t tx_id);
+bool JsonRFBAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *js);

 #endif /* __OUTPUT_JSON_RFB_H__ */