email-json: move email fields to email section

This patch changes the way smtp message are written. It is using the "email" key to store the email related fields. This will allow to do the same search through SMTP and IMAP if we implement this last one.
11 years ago · 5c26a2f2c8
parent 77302e5d51
commit 5c26a2f2c8
3 changed files with 25 additions and 30 deletions
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@ -56,12 +56,11 @@
 #include <jansson.h>
 /* JSON format logging */
-static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id)
+TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id)
 {
    SMTPState *smtp_state;
    MimeDecParseState *mime_state;
    MimeDecEntity *entity;
    char *protos = NULL;
    json_t *sjs = json_object();
    if (sjs == NULL) {
@ -80,7 +79,6 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packe
            SMTPTransaction *tx = vtx;
            mime_state = tx->mime_state;
            entity = tx->msg_tail;
            protos = "smtp";
            SCLogDebug("lets go mime_state %p, entity %p, state_flag %u", mime_state, entity, mime_state ? mime_state->state_flag : 0);
            break;
        default:
@ -229,7 +227,7 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packe
            } else {
                json_decref(js_url);
            }
-            json_object_set_new(js, protos, sjs);
+            json_object_set_new(js, "email", sjs);
 //            FLOWLOCK_UNLOCK(p->flow);
            SCReturnInt(TM_ECODE_OK);
@ -240,27 +238,4 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packe
    SCReturnInt(TM_ECODE_DONE);
 }
 int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) {
    SCEnter();
    JsonEmailLogThread *jhl = (JsonEmailLogThread *)thread_data;
    MemBuffer *buffer = (MemBuffer *)jhl->buffer;
    json_t *js = CreateJSONHeader((Packet *)p, 1, "smtp");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;
    /* reset */
    MemBufferReset(buffer);
    if (JsonEmailLogJson(jhl, js, p, f, state, tx, tx_id) == TM_ECODE_OK) {
        OutputJSONBuffer(js, jhl->emaillog_ctx->file_ctx, buffer);
    }
    json_object_del(js, "smtp");
    json_object_clear(js);
    json_decref(js);
    SCReturnInt(TM_ECODE_OK);
 }
 #endif
--- a/src/output-json-email-common.h
+++ b/src/output-json-email-common.h
@ -35,6 +35,8 @@ typedef struct JsonEmailLogThread_ {
    MemBuffer *buffer;
 } JsonEmailLogThread;
-int JsonEmailLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id);
+#ifdef HAVE_LIBJANSSON
 TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id);
 #endif
 #endif /* __OUTPUT_JSON_EMAIL_COMMON_H__ */
--- a/src/output-json-smtp.c
+++ b/src/output-json-smtp.c
@ -57,8 +57,26 @@
 static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
 {
    SCEnter();
-    int r = JsonEmailLogger(tv, thread_data, p, f, state, tx, tx_id);
+    JsonEmailLogThread *jhl = (JsonEmailLogThread *)thread_data;
-    SCReturnInt(r);
+    MemBuffer *buffer = (MemBuffer *)jhl->buffer;
    json_t *js = CreateJSONHeader((Packet *)p, 1, "smtp");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;
    /* reset */
    MemBufferReset(buffer);
    if (JsonEmailLogJson(jhl, js, p, f, state, tx, tx_id) == TM_ECODE_OK) {
        OutputJSONBuffer(js, jhl->emaillog_ctx->file_ctx, buffer);
    }
    json_object_del(js, "smtp");
    json_object_clear(js);
    json_decref(js);
    SCReturnInt(TM_ECODE_OK);
 }
 static void OutputSmtpLogDeInitCtx(OutputCtx *output_ctx)