output: add new tx logger to log at certain condition

Some loggers needs certain conditions to be met before logging. This enables us to use conditions on the tx logger.
10 years ago · 77cc03505b
parent 663273a31e
commit 77cc03505b
5 changed files with 101 additions and 25 deletions
--- a/src/output-tx.c
+++ b/src/output-tx.c
@ -47,6 +47,7 @@ typedef struct OutputLoggerThreadData_ {
 typedef struct OutputTxLogger_ {
    AppProto alproto;
    TxLogger LogFunc;
+    TxLoggerCondition LogCondition;
    OutputCtx *output_ctx;
    struct OutputTxLogger_ *next;
    const char *name;
@ -60,7 +61,7 @@ static OutputTxLogger *list = NULL;

 int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc,
                           OutputCtx *output_ctx, int tc_log_progress,
-                           int ts_log_progress)
+                           int ts_log_progress, TxLoggerCondition LogCondition)
 {
    int module_id = TmModuleGetIdByName(name);
    if (module_id < 0)
@ -73,6 +74,7 @@ int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc,

    op->alproto = alproto;
    op->LogFunc = LogFunc;
+    op->LogCondition = LogCondition;
    op->output_ctx = output_ctx;
    op->name = name;
    op->module_id = (TmmId) module_id;
@ -182,16 +184,25 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data, PacketQ

                if (!(AppLayerParserStateIssetFlag(f->alparser,
                                                   APP_LAYER_PARSER_EOF))) {
-                    if (tx_progress_tc < logger->tc_log_progress) {
-                        SCLogDebug("progress not far enough, not logging");
-                        logger_not_logged = 1;
-                        goto next;
-                    }
-
-                    if (tx_progress_ts < logger->ts_log_progress) {
-                        SCLogDebug("progress not far enough, not logging");
-                        logger_not_logged = 1;
-                        goto next;
+                    if (logger->LogCondition) {
+                        int r = logger->LogCondition(tv, p, alstate, tx, tx_id);
+                        if (r == FALSE) {
+                            SCLogDebug("conditions not met, not logging");
+                            logger_not_logged = 1;
+                            goto next;
+                        }
+                    } else {
+                        if (tx_progress_tc < logger->tc_log_progress) {
+                            SCLogDebug("progress not far enough, not logging");
+                            logger_not_logged = 1;
+                            goto next;
+                        }
+
+                        if (tx_progress_ts < logger->ts_log_progress) {
+                            SCLogDebug("progress not far enough, not logging");
+                            logger_not_logged = 1;
+                            goto next;
+                        }
                    }
                }

--- a/src/output-tx.h
+++ b/src/output-tx.h
@ -34,10 +34,11 @@ typedef int (*TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f
 /** packet logger condition function pointer type,
 *  must return true for packets that should be logged
 */
-//typedef int (*TxLogCondition)(ThreadVars *, const Packet *);
+typedef int (*TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id);

 int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc,
-        OutputCtx *, int tc_log_progress, int ts_log_progress);
+        OutputCtx *, int tc_log_progress, int ts_log_progress,
+        TxLoggerCondition LogCondition);

 void TmModuleTxLoggerRegister (void);

--- a/src/output.c
+++ b/src/output.c
@ -150,16 +150,17 @@ error:
 }

 /**
- * \brief Register a tx output module with progress.
+ * \brief Wrapper function for tx output modules.
 *
 * This function will register an output module so it can be
 * configured with the configuration file.
 *
 * \retval Returns 0 on success, -1 on failure.
 */
-void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name,
+void OutputRegisterTxModuleWrapper(const char *name, const char *conf_name,
        OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
-        TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress)
+        TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress,
+        TxLoggerCondition TxLogCondition)
 {
    if (unlikely(TxLogFunc == NULL)) {
        goto error;
@ -174,6 +175,7 @@ void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name,
    module->conf_name = conf_name;
    module->InitFunc = InitFunc;
    module->TxLogFunc = TxLogFunc;
+    module->TxLogCondition = TxLogCondition;
    module->alproto = alproto;
    module->tc_log_progress = tc_log_progress;
    module->ts_log_progress = ts_log_progress;
@ -186,10 +188,11 @@ error:
    exit(EXIT_FAILURE);
 }

-void OutputRegisterTxSubModuleWithProgress(const char *parent_name,
+void OutputRegisterTxSubModuleWrapper(const char *parent_name,
        const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *,
        OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc,
-        int tc_log_progress, int ts_log_progress)
+        int tc_log_progress, int ts_log_progress,
+        TxLoggerCondition TxLogCondition)
 {
    if (unlikely(TxLogFunc == NULL)) {
        goto error;
@ -205,6 +208,7 @@ void OutputRegisterTxSubModuleWithProgress(const char *parent_name,
    module->parent_name = parent_name;
    module->InitSubFunc = InitFunc;
    module->TxLogFunc = TxLogFunc;
+    module->TxLogCondition = TxLogCondition;
    module->alproto = alproto;
    module->tc_log_progress = tc_log_progress;
    module->ts_log_progress = ts_log_progress;
@ -217,6 +221,59 @@ error:
    exit(EXIT_FAILURE);
 }

+/**
+ * \brief Register a tx output module with condition.
+ *
+ * This function will register an output module so it can be
+ * configured with the configuration file.
+ *
+ * \retval Returns 0 on success, -1 on failure.
+ */
+void OutputRegisterTxModuleWithCondition(const char *name, const char *conf_name,
+        OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
+        TxLogger TxLogFunc, TxLoggerCondition TxLogCondition)
+{
+    OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto,
+                                  TxLogFunc, 0, 0, TxLogCondition);
+}
+
+void OutputRegisterTxSubModuleWithCondition(const char *parent_name,
+        const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *,
+        OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc,
+        TxLoggerCondition TxLogCondition)
+{
+    OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name, InitFunc,
+                                     alproto, TxLogFunc, 0, 0,
+                                     TxLogCondition);
+}
+
+/**
+ * \brief Register a tx output module with progress.
+ *
+ * This function will register an output module so it can be
+ * configured with the configuration file.
+ *
+ * \retval Returns 0 on success, -1 on failure.
+ */
+void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name,
+        OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
+        TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress)
+{
+    OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto,
+                                  TxLogFunc, tc_log_progress, ts_log_progress,
+                                  NULL);
+}
+
+void OutputRegisterTxSubModuleWithProgress(const char *parent_name,
+        const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *,
+        OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc,
+        int tc_log_progress, int ts_log_progress)
+{
+    OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name, InitFunc,
+                                     alproto, TxLogFunc, tc_log_progress,
+                                     ts_log_progress, NULL);
+}
+
 /**
 * \brief Register a tx output module.
 *
@ -230,9 +287,8 @@ OutputRegisterTxModule(const char *name, const char *conf_name,
    OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
    TxLogger TxLogFunc)
 {
-    /* wrapper function */
-    OutputRegisterTxModuleWithProgress(name, conf_name, InitFunc, alproto,
-                                       TxLogFunc, 0, 0);
+    OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto,
+                                  TxLogFunc, 0, 0, NULL);
 }

 void
@ -240,9 +296,8 @@ OutputRegisterTxSubModule(const char *parent_name, const char *name,
    const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *parent_ctx),
    AppProto alproto, TxLogger TxLogFunc)
 {
-    /* wrapper function */
-    OutputRegisterTxSubModuleWithProgress(parent_name, name, conf_name,
-                                          InitFunc, alproto, TxLogFunc, 0, 0);
+    OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name,
+                                     InitFunc, alproto, TxLogFunc, 0, 0, NULL);
 }

 /**
--- a/src/output.h
+++ b/src/output.h
@ -48,6 +48,7 @@ typedef struct OutputModule_ {
    PacketLogger PacketLogFunc;
    PacketLogCondition PacketConditionFunc;
    TxLogger TxLogFunc;
+    TxLoggerCondition TxLogCondition;
    FileLogger FileLogFunc;
    FiledataLogger FiledataLogFunc;
    FlowLogger FlowLogFunc;
@ -77,6 +78,14 @@ void OutputRegisterTxSubModule(const char *parent_name, const char *name,
    const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *parent_ctx),
    AppProto alproto, TxLogger TxLogFunc);

+void OutputRegisterTxModuleWithCondition(const char *name, const char *conf_name,
+        OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
+        TxLogger TxLogFunc, TxLoggerCondition TxLogCondition);
+void OutputRegisterTxSubModuleWithCondition(const char *parent_name,
+        const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *,
+        OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc,
+        TxLoggerCondition TxLogCondition);
+
 void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name,
    OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto,
    TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress);
--- a/src/runmodes.c
+++ b/src/runmodes.c
@ -618,7 +618,7 @@ static void SetupOutput(const char *name, OutputModule *module, OutputCtx *outpu
        SCLogDebug("%s is a tx logger", module->name);
        OutputRegisterTxLogger(module->name, module->alproto,
                module->TxLogFunc, output_ctx, module->tc_log_progress,
-                module->ts_log_progress);
+                module->ts_log_progress, module->TxLogCondition);

        /* need one instance of the tx logger module */
        if (tx_logger_module == NULL) {