aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output/tftp: Convert to JsonBuilder

Browse Source 
This commit converts the TFTP logging mechanisms to JsonBuilder.
pull/5133/head
Jeff Lucovsky 5 years ago committed by Victor Julien
parent 5ac8e41a13
commit 8c5c949cfa
2 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File

32
rust/src/tftp/log.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Open Information Security Foundation /* Copyright (C) 2017-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -17,19 +17,27 @@
// written by Clément Galland <clement.galland@epita.fr> // written by Clément Galland <clement.galland@epita.fr>
use crate::json::*; use crate::jsonbuilder::{JsonBuilder, JsonError};
use crate::tftp::tftp::*; use crate::tftp::tftp::TFTPTransaction;
#[no_mangle] fn tftp_log_request(tx: &mut TFTPTransaction,
pub extern "C" fn rs_tftp_log_json_request(tx: &mut TFTPTransaction) -> *mut JsonT jb: &mut JsonBuilder)
-> Result<(), JsonError>
{ {
let js = Json::object();
match tx.opcode { match tx.opcode {
1 => js.set_string("packet", "read"), 1 => jb.set_string("packet", "read")?,
2 => js.set_string("packet", "write"), 2 => jb.set_string("packet", "write")?,
_ => js.set_string("packet", "error") _ => jb.set_string("packet", "error")?
}; };
js.set_string("file", tx.filename.as_str()); jb.set_string("file", tx.filename.as_str())?;
js.set_string("mode", tx.mode.as_str()); jb.set_string("mode", tx.mode.as_str())?;
js.unwrap() Ok(())
}
#[no_mangle]
pub extern "C" fn rs_tftp_log_json_request(tx: &mut TFTPTransaction,
jb: &mut JsonBuilder)
-> bool
{
tftp_log_request(tx, jb).is_ok()
} }

21
src/output-json-tftp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Open Information Security Foundation /* Copyright (C) 2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -67,27 +67,26 @@ static int JsonTFTPLogger(ThreadVars *tv, void *thread_data,
{ {
LogTFTPLogThread *thread = thread_data; LogTFTPLogThread *thread = thread_data;
json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "tftp", NULL); JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "tftp", NULL);
if (unlikely(js == NULL)) { if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
json_t *tftpjs = rs_tftp_log_json_request(tx); jb_open_object(jb, "tftp");
if (unlikely(tftpjs == NULL)) { if (unlikely(!rs_tftp_log_json_request(tx, jb))) {
goto error; goto error;
} }
jb_close(jb);
json_object_set_new(js, "tftp", tftpjs); EveAddCommonOptions(&thread->tftplog_ctx->cfg, p, f, jb);
JsonAddCommonOptions(&thread->tftplog_ctx->cfg, p, f, js);
MemBufferReset(thread->buffer); MemBufferReset(thread->buffer);
OutputJSONBuffer(js, thread->tftplog_ctx->file_ctx, &thread->buffer); OutputJsonBuilderBuffer(jb, thread->tftplog_ctx->file_ctx, &thread->buffer);
json_decref(js); jb_free(jb);
return TM_ECODE_OK; return TM_ECODE_OK;
error: error:
json_decref(js); jb_free(jb);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

Write Preview
Loading…
Cancel
Save