From 7ca43e7e1fe9d019439442e02bdf27c1d041bed9 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 5 Jun 2023 17:04:04 +0200 Subject: [PATCH] output/snmp: log version from tx and not the one from state If a SNMP flow starts with a V2 version transaction, then there is a V3i version transaction, we will now log V3 for the second transaction --- rust/src/snmp/log.rs | 10 +++++----- src/output-json-alert.c | 2 +- src/output-json-snmp.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/src/snmp/log.rs b/rust/src/snmp/log.rs index e37bbba30c..83414816c4 100644 --- a/rust/src/snmp/log.rs +++ b/rust/src/snmp/log.rs @@ -18,7 +18,7 @@ // written by Pierre Chifflier use crate::jsonbuilder::{JsonBuilder, JsonError}; -use crate::snmp::snmp::{SNMPState,SNMPTransaction}; +use crate::snmp::snmp::SNMPTransaction; use crate::snmp::snmp_parser::{NetworkAddress,PduType}; use std::borrow::Cow; @@ -37,9 +37,9 @@ fn str_of_pdu_type(t:&PduType) -> Cow { } } -fn snmp_log_response(jsb: &mut JsonBuilder, state: &mut SNMPState, tx: &mut SNMPTransaction) -> Result<(), JsonError> +fn snmp_log_response(jsb: &mut JsonBuilder, tx: &mut SNMPTransaction) -> Result<(), JsonError> { - jsb.set_uint("version", state.version as u64)?; + jsb.set_uint("version", tx.version as u64)?; if tx.encrypted { jsb.set_string("pdu_type", "encrypted")?; } else { @@ -75,7 +75,7 @@ fn snmp_log_response(jsb: &mut JsonBuilder, state: &mut SNMPState, tx: &mut SNMP } #[no_mangle] -pub extern "C" fn rs_snmp_log_json_response(jsb: &mut JsonBuilder, state: &mut SNMPState, tx: &mut SNMPTransaction) -> bool +pub extern "C" fn rs_snmp_log_json_response(jsb: &mut JsonBuilder, tx: &mut SNMPTransaction) -> bool { - snmp_log_response(jsb, state, tx).is_ok() + snmp_log_response(jsb, tx).is_ok() } diff --git a/src/output-json-alert.c b/src/output-json-alert.c index d7918e81ff..472e6f98cd 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -253,7 +253,7 @@ static void AlertJsonSNMP(const Flow *f, const uint64_t tx_id, JsonBuilder *js) tx_id); if (tx != NULL) { jb_open_object(js, "snmp"); - rs_snmp_log_json_response(js, snmp_state, tx); + rs_snmp_log_json_response(js, tx); jb_close(js); } } diff --git a/src/output-json-snmp.c b/src/output-json-snmp.c index facf50770a..27545b6f69 100644 --- a/src/output-json-snmp.c +++ b/src/output-json-snmp.c @@ -60,7 +60,7 @@ static int JsonSNMPLogger(ThreadVars *tv, void *thread_data, } jb_open_object(jb, "snmp"); - if (!rs_snmp_log_json_response(jb, state, snmptx)) { + if (!rs_snmp_log_json_response(jb, snmptx)) { goto error; } jb_close(jb);