From 6c36824d69d70aa6be8cb6c4c33f914477a8aa7a Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 14 Jan 2014 16:20:27 +0100 Subject: [PATCH] alert-pcapinfo: convert to packet logger API Convert pcap-info to use the packet logger API. --- src/alert-pcapinfo.c | 61 +++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/src/alert-pcapinfo.c b/src/alert-pcapinfo.c index e31bd37a55..37435de0c0 100644 --- a/src/alert-pcapinfo.c +++ b/src/alert-pcapinfo.c @@ -69,33 +69,6 @@ typedef struct AlertPcapInfoThread_ { LogFileCtx* file_ctx; } AlertPcapInfoThread; -static TmEcode AlertPcapInfo (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) -{ - AlertPcapInfoThread *aft = (AlertPcapInfoThread *)data; - int i; - - - /* logging is useless if we don't have pcap number */ - if ((p->pcap_cnt != 0) && (p->alerts.cnt > 0)) { - SCMutexLock(&aft->file_ctx->fp_mutex); - /* only count logged alert */ - aft->file_ctx->alerts += p->alerts.cnt; - for (i = 0; i < p->alerts.cnt; i++) { - PacketAlert *pa = &p->alerts.alerts[i]; - - fprintf(aft->file_ctx->fp, "%" PRIu64 ":%" PRIu32 ":%" PRIu32 ":%d:%d:%d:%d:0:0:%s\n", - p->pcap_cnt, pa->s->gid, pa->s->id, pa->s->rev, - pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH|PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0, - p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0, - p->flowflags & FLOW_PKT_TOCLIENT ? 1 : 0, - pa->s->msg); - } - SCMutexUnlock(&aft->file_ctx->fp_mutex); - } - - return TM_ECODE_OK; -} - static TmEcode AlertPcapInfoThreadInit(ThreadVars *t, void *initdata, void **data) { AlertPcapInfoThread *aft = SCMalloc(sizeof(AlertPcapInfoThread)); @@ -213,14 +186,44 @@ static OutputCtx *AlertPcapInfoInitCtx(ConfNode *conf) return output_ctx; } +static int AlertPcapInfoCondition(ThreadVars *tv, const Packet *p) { + return ((p->pcap_cnt != 0 && p->alerts.cnt > 0) ? TRUE : FALSE); +} + +static int AlertPcapInfoLogger(ThreadVars *tv, void *thread_data, const Packet *p) { + AlertPcapInfoThread *aft = (AlertPcapInfoThread *)thread_data; + int i; + + /* logging is useless if we don't have pcap number */ + if ((p->pcap_cnt != 0) && (p->alerts.cnt > 0)) { + SCMutexLock(&aft->file_ctx->fp_mutex); + /* only count logged alert */ + aft->file_ctx->alerts += p->alerts.cnt; + for (i = 0; i < p->alerts.cnt; i++) { + const PacketAlert *pa = &p->alerts.alerts[i]; + + fprintf(aft->file_ctx->fp, "%" PRIu64 ":%" PRIu32 ":%" PRIu32 ":%d:%d:%d:%d:0:0:%s\n", + p->pcap_cnt, pa->s->gid, pa->s->id, pa->s->rev, + pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH|PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0, + p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0, + p->flowflags & FLOW_PKT_TOCLIENT ? 1 : 0, + pa->s->msg); + } + SCMutexUnlock(&aft->file_ctx->fp_mutex); + } + + return 0; +} + void TmModuleAlertPcapInfoRegister (void) { tmm_modules[TMM_ALERTPCAPINFO].name = MODULE_NAME; tmm_modules[TMM_ALERTPCAPINFO].ThreadInit = AlertPcapInfoThreadInit; - tmm_modules[TMM_ALERTPCAPINFO].Func = AlertPcapInfo; + tmm_modules[TMM_ALERTPCAPINFO].Func = NULL; tmm_modules[TMM_ALERTPCAPINFO].ThreadExitPrintStats = AlertPcapInfoExitPrintStats; tmm_modules[TMM_ALERTPCAPINFO].ThreadDeinit = AlertPcapInfoThreadDeinit; tmm_modules[TMM_ALERTPCAPINFO].RegisterTests = NULL; tmm_modules[TMM_ALERTPCAPINFO].cap_flags = 0; - OutputRegisterModule(MODULE_NAME, "pcap-info", AlertPcapInfoInitCtx); + OutputRegisterPacketModule(MODULE_NAME, "pcap-info", + AlertPcapInfoInitCtx, AlertPcapInfoLogger, AlertPcapInfoCondition); }