aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

address most initial JSON pull request comments

Browse Source
pull/802/head
Tom DeCanio 12 years ago committed by Victor Julien
parent 55df2d5cdb
commit a3d86594dc
6 changed files with 198 additions and 149 deletions
Show Stats Download Patch File Download Diff File

37
src/output-dnslog.c
Unescape Escape View File

@ -37,6 +37,7 @@
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-mem.h"
#include "output.h" #include "output.h"
#include "output-dnslog.h" #include "output-dnslog.h"
@ -90,14 +91,14 @@ static void LogQuery(AlertJsonThread *aft, json_t *js, DNSTransaction *tx, DNSQu
SCLogDebug("got a DNS request and now logging !!"); SCLogDebug("got a DNS request and now logging !!");
/* reset */
MemBufferReset(buffer);
json_t *djs = json_object(); json_t *djs = json_object();
if (djs == NULL) { if (djs == NULL) {
return; return;
} }
/* reset */
MemBufferReset(buffer);
/* type */ /* type */
json_object_set_new(djs, "type", json_string("query")); json_object_set_new(djs, "type", json_string("query"));
@ -106,11 +107,10 @@ static void LogQuery(AlertJsonThread *aft, json_t *js, DNSTransaction *tx, DNSQu
/* query */ /* query */
char *c; char *c;
json_object_set_new(djs, "query", c = SCStrndup((char *)((char *)entry + sizeof(DNSQueryEntry)), entry->len);
json_string(c = strndup( json_object_set_new(djs, "query", json_string(c));
(char *)((char *)entry + sizeof(DNSQueryEntry)), if (c != NULL)
entry->len))); SCFree(c);
if (c) free(c);
/* name */ /* name */
char record[16] = ""; char record[16] = "";
@ -138,11 +138,12 @@ static void AppendAnswer(json_t *djs, DNSTransaction *tx, DNSAnswerEntry *entry)
/* query */ /* query */
if (entry->fqdn_len > 0) { if (entry->fqdn_len > 0) {
char *c; char *c;
json_object_set_new(js, "query", c = SCStrndup((char *)((char *)entry + sizeof(DNSAnswerEntry)),
json_string(c = strndup( entry->fqdn_len);
(char *)((char *)entry + sizeof(DNSAnswerEntry)), json_object_set_new(js, "query", json_string(c));
entry->fqdn_len))); if (c != NULL) {
if (c) free(c); SCFree(c);
}
} }
/* name */ /* name */
@ -174,14 +175,14 @@ static void LogAnswers(AlertJsonThread *aft, json_t *js, DNSTransaction *tx) {
SCLogDebug("got a DNS response and now logging !!"); SCLogDebug("got a DNS response and now logging !!");
/* reset */
MemBufferReset(buffer);
json_t *djs = json_array(); json_t *djs = json_array();
if (djs == NULL) { if (djs == NULL) {
return; return;
} }
/* reset */
MemBufferReset(buffer);
if (tx->no_such_name) { if (tx->no_such_name) {
AppendAnswer(djs, tx, NULL); AppendAnswer(djs, tx, NULL);
} }
@ -253,10 +254,10 @@ static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQue
DNSQueryEntry *query = NULL; DNSQueryEntry *query = NULL;
TAILQ_FOREACH(query, &tx->query_list, next) { TAILQ_FOREACH(query, &tx->query_list, next) {
LogQuery(aft, js, /*timebuf, dstip, srcip, dp, sp, proto_s,*/ tx, query); LogQuery(aft, js, tx, query);
} }
LogAnswers(aft, js, /*timebuf, srcip, dstip, sp, dp, proto_s,*/ tx); LogAnswers(aft, js, tx);
SCLogDebug("calling AppLayerTransactionUpdateLoggedId"); SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
AppLayerTransactionUpdateLogId(ALPROTO_DNS_UDP, p->flow); AppLayerTransactionUpdateLogId(ALPROTO_DNS_UDP, p->flow);

88
src/output-httplog.c
Unescape Escape View File

@ -98,10 +98,11 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
/* hostname */ /* hostname */
if (tx->request_hostname != NULL) if (tx->request_hostname != NULL)
{ {
json_object_set_new(hjs, "hostname", c = SCStrndup((char *)bstr_ptr(tx->request_hostname),
json_string(c = strndup((char *)bstr_ptr(tx->request_hostname), bstr_len(tx->request_hostname));
bstr_len(tx->request_hostname)))); json_object_set_new(hjs, "hostname", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} else { } else {
json_object_set_new(hjs, "hostname", json_string("<hostname unknown>")); json_object_set_new(hjs, "hostname", json_string("<hostname unknown>"));
} }
@ -109,10 +110,11 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
/* uri */ /* uri */
if (tx->request_uri != NULL) if (tx->request_uri != NULL)
{ {
json_object_set_new(hjs, "uri", c = SCStrndup((char *)bstr_ptr(tx->request_uri),
json_string(c = strndup((char *)bstr_ptr(tx->request_uri), bstr_len(tx->request_uri));
bstr_len(tx->request_uri)))); json_object_set_new(hjs, "uri", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
/* user agent */ /* user agent */
@ -121,10 +123,11 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
h_user_agent = htp_table_get_c(tx->request_headers, "user-agent"); h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
} }
if (h_user_agent != NULL) { if (h_user_agent != NULL) {
json_object_set_new(hjs, "user-agent", c = SCStrndup((char *)bstr_ptr(h_user_agent->value),
json_string(c = strndup((char *)bstr_ptr(h_user_agent->value), bstr_len(h_user_agent->value));
bstr_len(h_user_agent->value)))); json_object_set_new(hjs, "user-agent", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} else { } else {
json_object_set_new(hjs, "user-agent", json_string("<useragent unknown>")); json_object_set_new(hjs, "user-agent", json_string("<useragent unknown>"));
} }
@ -135,10 +138,11 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
h_x_forwarded_for = htp_table_get_c(tx->request_headers, "x-forwarded-for"); h_x_forwarded_for = htp_table_get_c(tx->request_headers, "x-forwarded-for");
} }
if (h_x_forwarded_for != NULL) { if (h_x_forwarded_for != NULL) {
json_object_set_new(hjs, "xff", c = SCStrndup((char *)bstr_ptr(h_x_forwarded_for->value),
json_string(c = strndup((char *)bstr_ptr(h_x_forwarded_for->value), bstr_len(h_x_forwarded_for->value));
bstr_len(h_x_forwarded_for->value)))); json_object_set_new(hjs, "xff", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
/* content-type */ /* content-type */
@ -148,12 +152,13 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
} }
if (h_content_type != NULL) { if (h_content_type != NULL) {
char *p; char *p;
c = strndup((char *)bstr_ptr(h_content_type->value), c = SCStrndup((char *)bstr_ptr(h_content_type->value),
bstr_len(h_content_type->value)); bstr_len(h_content_type->value));
p = strchrnul(c, ';'); p = strchrnul(c, ';');
*p = '\0'; *p = '\0';
json_object_set_new(hjs, "content-type", json_string(c)); json_object_set_new(hjs, "content-type", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
if (http_ctx->flags & LOG_HTTP_EXTENDED) { if (http_ctx->flags & LOG_HTTP_EXTENDED) {
@ -163,41 +168,46 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
h_referer = htp_table_get_c(tx->request_headers, "referer"); h_referer = htp_table_get_c(tx->request_headers, "referer");
} }
if (h_referer != NULL) { if (h_referer != NULL) {
json_object_set_new(hjs, "referer", c = SCStrndup((char *)bstr_ptr(h_referer->value),
json_string(c = strndup((char *)bstr_ptr(h_referer->value), bstr_len(h_referer->value));
bstr_len(h_referer->value)))); json_object_set_new(hjs, "referer", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
/* method */ /* method */
if (tx->request_method != NULL) { if (tx->request_method != NULL) {
json_object_set_new(hjs, "method", c = SCStrndup((char *)bstr_ptr(tx->request_method),
json_string(c = strndup((char *)bstr_ptr(tx->request_method), bstr_len(tx->request_method));
bstr_len(tx->request_method)))); json_object_set_new(hjs, "method", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
/* protocol */ /* protocol */
if (tx->request_protocol != NULL) { if (tx->request_protocol != NULL) {
json_object_set_new(hjs, "protocol", c = SCStrndup((char *)bstr_ptr(tx->request_protocol),
json_string(c = strndup((char *)bstr_ptr(tx->request_protocol), bstr_len(tx->request_protocol));
bstr_len(tx->request_protocol)))); json_object_set_new(hjs, "protocol", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
/* response status */ /* response status */
if (tx->response_status != NULL) { if (tx->response_status != NULL) {
json_object_set_new(hjs, "status", c = SCStrndup((char *)bstr_ptr(tx->response_status),
json_string(c = strndup((char *)bstr_ptr(tx->response_status), bstr_len(tx->response_status));
bstr_len(tx->response_status)))); json_object_set_new(hjs, "status", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
htp_header_t *h_location = htp_table_get_c(tx->response_headers, "location"); htp_header_t *h_location = htp_table_get_c(tx->response_headers, "location");
if (h_location != NULL) { if (h_location != NULL) {
json_object_set_new(hjs, "redirect", c = SCStrndup((char *)bstr_ptr(h_location->value),
json_string(c = strndup((char *)bstr_ptr(h_location->value), bstr_len(h_location->value));
bstr_len(h_location->value)))); json_object_set_new(hjs, "redirect", json_string(c));
if (c) free(c); if (c != NULL)
SCFree(c);
} }
} }

174
src/output-json.c
Unescape Escape View File

@ -70,43 +70,43 @@
* *
*/ */
TmEcode AlertJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
TmEcode AlertJsonThreadInit(ThreadVars *, void *, void **); TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **);
TmEcode AlertJsonThreadDeinit(ThreadVars *, void *); TmEcode OutputJsonThreadDeinit(ThreadVars *, void *);
int AlertJsonOpenFileCtx(LogFileCtx *, char *); int OutputJsonOpenFileCtx(LogFileCtx *, char *);
void AlertJsonRegisterTests(void); void OutputJsonRegisterTests(void);
void TmModuleAlertJsonRegister (void) { void TmModuleOutputJsonRegister (void) {
tmm_modules[TMM_OUTPUTJSON].name = "AlertJSON"; tmm_modules[TMM_OUTPUTJSON].name = "OutputJSON";
tmm_modules[TMM_OUTPUTJSON].ThreadInit = AlertJsonThreadInit; tmm_modules[TMM_OUTPUTJSON].ThreadInit = OutputJsonThreadInit;
tmm_modules[TMM_OUTPUTJSON].Func = AlertJson; tmm_modules[TMM_OUTPUTJSON].Func = OutputJson;
tmm_modules[TMM_OUTPUTJSON].ThreadDeinit = AlertJsonThreadDeinit; tmm_modules[TMM_OUTPUTJSON].ThreadDeinit = OutputJsonThreadDeinit;
tmm_modules[TMM_OUTPUTJSON].RegisterTests = AlertJsonRegisterTests; tmm_modules[TMM_OUTPUTJSON].RegisterTests = OutputJsonRegisterTests;
} }
OutputCtx *AlertJsonInitCtx(ConfNode *conf) OutputCtx *OutputJsonInitCtx(ConfNode *conf)
{ {
SCLogDebug("Can't init JSON output - JSON support was disabled during build."); SCLogDebug("Can't init JSON output - JSON support was disabled during build.");
return NULL; return NULL;
} }
TmEcode AlertJsonThreadInit(ThreadVars *t, void *initdata, void **data) TmEcode OutputJsonThreadInit(ThreadVars *t, void *initdata, void **data)
{ {
SCLogDebug("Can't init JSON output thread - JSON support was disabled during build."); SCLogDebug("Can't init JSON output thread - JSON support was disabled during build.");
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
TmEcode AlertJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode OutputJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{ {
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonThreadDeinit(ThreadVars *t, void *data) TmEcode OutputJsonThreadDeinit(ThreadVars *t, void *data)
{ {
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
void AlertJsonRegisterTests (void) void OutputJsonRegisterTests (void)
{ {
} }
@ -118,7 +118,7 @@ void AlertJsonRegisterTests (void)
#define DEFAULT_ALERT_SYSLOG_FACILITY_STR "local0" #define DEFAULT_ALERT_SYSLOG_FACILITY_STR "local0"
#define DEFAULT_ALERT_SYSLOG_FACILITY LOG_LOCAL0 #define DEFAULT_ALERT_SYSLOG_FACILITY LOG_LOCAL0
#define DEFAULT_ALERT_SYSLOG_LEVEL LOG_INFO #define DEFAULT_ALERT_SYSLOG_LEVEL LOG_INFO
#define MODULE_NAME "AlertJSON" #define MODULE_NAME "OutputJSON"
#define OUTPUT_BUFFER_SIZE 65535 #define OUTPUT_BUFFER_SIZE 65535
@ -127,25 +127,25 @@ extern uint8_t engine_mode;
static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL; static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL;
#endif /* OS_WIN32 */ #endif /* OS_WIN32 */
TmEcode AlertJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
TmEcode AlertJsonIPv4(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode AlertJsonIPv4(ThreadVars *, Packet *, void *);
TmEcode AlertJsonIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode AlertJsonIPv6(ThreadVars *, Packet *, void *);
TmEcode AlertJsonThreadInit(ThreadVars *, void *, void **); TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **);
TmEcode AlertJsonThreadDeinit(ThreadVars *, void *); TmEcode OutputJsonThreadDeinit(ThreadVars *, void *);
void AlertJsonExitPrintStats(ThreadVars *, void *); void OutputJsonExitPrintStats(ThreadVars *, void *);
void AlertJsonRegisterTests(void); void OutputJsonRegisterTests(void);
static void AlertJsonDeInitCtx(OutputCtx *); static void OutputJsonDeInitCtx(OutputCtx *);
void TmModuleAlertJsonRegister (void) { void TmModuleOutputJsonRegister (void) {
tmm_modules[TMM_OUTPUTJSON].name = MODULE_NAME; tmm_modules[TMM_OUTPUTJSON].name = MODULE_NAME;
tmm_modules[TMM_OUTPUTJSON].ThreadInit = AlertJsonThreadInit; tmm_modules[TMM_OUTPUTJSON].ThreadInit = OutputJsonThreadInit;
tmm_modules[TMM_OUTPUTJSON].Func = AlertJson; tmm_modules[TMM_OUTPUTJSON].Func = OutputJson;
tmm_modules[TMM_OUTPUTJSON].ThreadExitPrintStats = AlertJsonExitPrintStats; tmm_modules[TMM_OUTPUTJSON].ThreadExitPrintStats = OutputJsonExitPrintStats;
tmm_modules[TMM_OUTPUTJSON].ThreadDeinit = AlertJsonThreadDeinit; tmm_modules[TMM_OUTPUTJSON].ThreadDeinit = OutputJsonThreadDeinit;
tmm_modules[TMM_OUTPUTJSON].RegisterTests = AlertJsonRegisterTests; tmm_modules[TMM_OUTPUTJSON].RegisterTests = OutputJsonRegisterTests;
tmm_modules[TMM_OUTPUTJSON].cap_flags = 0; tmm_modules[TMM_OUTPUTJSON].cap_flags = 0;
OutputRegisterModule(MODULE_NAME, "eve-log", AlertJsonInitCtx); OutputRegisterModule(MODULE_NAME, "eve-log", OutputJsonInitCtx);
/* enable the logger for the app layer */ /* enable the logger for the app layer */
AppLayerRegisterLogger(ALPROTO_DNS_UDP); AppLayerRegisterLogger(ALPROTO_DNS_UDP);
@ -157,11 +157,11 @@ void TmModuleAlertJsonRegister (void) {
/* Default Sensor ID value */ /* Default Sensor ID value */
static int64_t sensor_id = -1; /* -1 = not defined */ static int64_t sensor_id = -1; /* -1 = not defined */
enum json_output { ALERT_FILE, enum JsonOutput { ALERT_FILE,
ALERT_SYSLOG, ALERT_SYSLOG,
ALERT_UNIX_DGRAM, ALERT_UNIX_DGRAM,
ALERT_UNIX_STREAM }; ALERT_UNIX_STREAM };
static enum json_output json_out = ALERT_FILE; static enum JsonOutput json_out = ALERT_FILE;
#define OUTPUT_ALERTS (1<<0) #define OUTPUT_ALERTS (1<<0)
#define OUTPUT_DNS (1<<1) #define OUTPUT_DNS (1<<1)
@ -170,12 +170,12 @@ static enum json_output json_out = ALERT_FILE;
#define OUTPUT_HTTP (1<<4) #define OUTPUT_HTTP (1<<4)
#define OUTPUT_TLS (1<<5) #define OUTPUT_TLS (1<<5)
static uint32_t outputFlags = 0; static uint32_t output_flags = 0;
enum json_format { COMPACT, INDENT }; enum JsonFormat { COMPACT, INDENT };
static enum json_format format = COMPACT; static enum JsonFormat format = COMPACT;
json_t *CreateJSONHeader(Packet *p, int direction_sensative) json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
{ {
char timebuf[64]; char timebuf[64];
char srcip[46], dstip[46]; char srcip[46], dstip[46];
@ -189,7 +189,7 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
srcip[0] = '\0'; srcip[0] = '\0';
dstip[0] = '\0'; dstip[0] = '\0';
if (direction_sensative) { if (direction_sensitive) {
if ((PKT_IS_TOCLIENT(p))) { if ((PKT_IS_TOCLIENT(p))) {
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
@ -223,11 +223,11 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
dp = p->dp; dp = p->dp;
} }
char proto[16] = ""; char proto[16];
if (SCProtoNameValid(IPV4_GET_IPPROTO(p)) == TRUE) { if (SCProtoNameValid(IP_GET_IPPROTO(p)) == TRUE) {
strlcpy(proto, known_proto[IPV4_GET_IPPROTO(p)], sizeof(proto)); strlcpy(proto, known_proto[IP_GET_IPPROTO(p)], sizeof(proto));
} else { } else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IPV4_GET_IPPROTO(p)); snprintf(proto, sizeof(proto), "%03" PRIu32, IP_GET_IPPROTO(p));
} }
/* time & tx */ /* time & tx */
@ -246,23 +246,23 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
if (p->vlan_idx > 0) { if (p->vlan_idx > 0) {
json_t *js_vlan; json_t *js_vlan;
switch (p->vlan_idx) { switch (p->vlan_idx) {
case 1: case 1:
json_object_set_new(js, "vlan", json_object_set_new(js, "vlan",
json_integer(ntohs(GET_VLAN_ID(p->vlanh[0])))); json_integer(ntohs(GET_VLAN_ID(p->vlanh[0]))));
break; break;
case 2: case 2:
js_vlan = json_array(); js_vlan = json_array();
if (unlikely(js != NULL)) { if (unlikely(js != NULL)) {
json_array_append_new(js_vlan, json_array_append_new(js_vlan,
json_integer(ntohs(GET_VLAN_ID(p->vlanh[0])))); json_integer(ntohs(GET_VLAN_ID(p->vlanh[0]))));
json_array_append_new(js_vlan, json_array_append_new(js_vlan,
json_integer(ntohs(GET_VLAN_ID(p->vlanh[1])))); json_integer(ntohs(GET_VLAN_ID(p->vlanh[1]))));
json_object_set_new(js, "vlan", js_vlan); json_object_set_new(js, "vlan", js_vlan);
} }
break; break;
default: default:
/* shouldn't get here */ /* shouldn't get here */
break; break;
} }
} }
@ -338,7 +338,7 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count)
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer; MemBuffer *buffer = (MemBuffer *)aft->buffer;
@ -394,7 +394,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer; MemBuffer *buffer = (MemBuffer *)aft->buffer;
@ -450,7 +450,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer; MemBuffer *buffer = (MemBuffer *)aft->buffer;
@ -521,43 +521,43 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode OutputJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{ {
if (outputFlags & OUTPUT_ALERTS) { if (output_flags & OUTPUT_ALERTS) {
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {
AlertJsonIPv4(tv, p, data, pq, postpq); AlertJsonIPv4(tv, p, data);
} else if (PKT_IS_IPV6(p)) { } else if (PKT_IS_IPV6(p)) {
AlertJsonIPv6(tv, p, data, pq, postpq); AlertJsonIPv6(tv, p, data);
} else if (p->events.cnt > 0) { } else if (p->events.cnt > 0) {
AlertJsonDecoderEvent(tv, p, data, pq, postpq); AlertJsonDecoderEvent(tv, p, data);
} }
} }
if (outputFlags & OUTPUT_DNS) { if (output_flags & OUTPUT_DNS) {
OutputDnsLog(tv, p, data, pq, postpq); OutputDnsLog(tv, p, data, pq, postpq);
} }
if (outputFlags & OUTPUT_DROP) { if (output_flags & OUTPUT_DROP) {
OutputDropLog(tv, p, data, pq, postpq); OutputDropLog(tv, p, data, pq, postpq);
} }
if (outputFlags & OUTPUT_FILES) { if (output_flags & OUTPUT_FILES) {
OutputFileLog(tv, p, data, pq, postpq); OutputFileLog(tv, p, data, pq, postpq);
} }
if (outputFlags & OUTPUT_HTTP) { if (output_flags & OUTPUT_HTTP) {
OutputHttpLog(tv, p, data, pq, postpq); OutputHttpLog(tv, p, data, pq, postpq);
} }
if (outputFlags & OUTPUT_TLS) { if (output_flags & OUTPUT_TLS) {
OutputTlsLog(tv, p, data, pq, postpq); OutputTlsLog(tv, p, data, pq, postpq);
} }
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonThreadInit(ThreadVars *t, void *initdata, void **data) TmEcode OutputJsonThreadInit(ThreadVars *t, void *initdata, void **data)
{ {
AlertJsonThread *aft = SCMalloc(sizeof(AlertJsonThread)); AlertJsonThread *aft = SCMalloc(sizeof(AlertJsonThread));
if (unlikely(aft == NULL)) if (unlikely(aft == NULL))
@ -587,7 +587,7 @@ TmEcode AlertJsonThreadInit(ThreadVars *t, void *initdata, void **data)
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonThreadDeinit(ThreadVars *t, void *data) TmEcode OutputJsonThreadDeinit(ThreadVars *t, void *data)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
if (aft == NULL) { if (aft == NULL) {
@ -598,7 +598,7 @@ TmEcode AlertJsonThreadDeinit(ThreadVars *t, void *data)
return TM_ECODE_OK; return TM_ECODE_OK;
} }
void AlertJsonExitPrintStats(ThreadVars *tv, void *data) { void OutputJsonExitPrintStats(ThreadVars *tv, void *data) {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
if (aft == NULL) { if (aft == NULL) {
return; return;
@ -613,7 +613,7 @@ void AlertJsonExitPrintStats(ThreadVars *tv, void *data) {
* \param conf The configuration node for this output. * \param conf The configuration node for this output.
* \return A LogFileCtx pointer on success, NULL on failure. * \return A LogFileCtx pointer on success, NULL on failure.
*/ */
OutputCtx *AlertJsonInitCtx(ConfNode *conf) OutputCtx *OutputJsonInitCtx(ConfNode *conf)
{ {
OutputJsonCtx *json_ctx = SCCalloc(1, sizeof(OutputJsonCtx));; OutputJsonCtx *json_ctx = SCCalloc(1, sizeof(OutputJsonCtx));;
if (unlikely(json_ctx == NULL)) { if (unlikely(json_ctx == NULL)) {
@ -633,7 +633,7 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
return NULL; return NULL;
output_ctx->data = json_ctx; output_ctx->data = json_ctx;
output_ctx->DeInit = AlertJsonDeInitCtx; output_ctx->DeInit = OutputJsonDeInitCtx;
if (conf) { if (conf) {
const char *output_s = ConfNodeLookupChildValue(conf, "type"); const char *output_s = ConfNodeLookupChildValue(conf, "type");
@ -722,38 +722,38 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
TAILQ_FOREACH(output, &outputs->head, next) { TAILQ_FOREACH(output, &outputs->head, next) {
if (strcmp(output->val, "alert") == 0) { if (strcmp(output->val, "alert") == 0) {
SCLogDebug("Enabling alert output"); SCLogDebug("Enabling alert output");
outputFlags |= OUTPUT_ALERTS; output_flags |= OUTPUT_ALERTS;
continue; continue;
} }
if (strcmp(output->val, "dns") == 0) { if (strcmp(output->val, "dns") == 0) {
SCLogDebug("Enabling DNS output"); SCLogDebug("Enabling DNS output");
outputFlags |= OUTPUT_DNS; output_flags |= OUTPUT_DNS;
continue; continue;
} }
if (strcmp(output->val, "drop") == 0) { if (strcmp(output->val, "drop") == 0) {
SCLogDebug("Enabling drop output"); SCLogDebug("Enabling drop output");
outputFlags |= OUTPUT_DROP; output_flags |= OUTPUT_DROP;
continue; continue;
} }
if (strcmp(output->val, "files") == 0) { if (strcmp(output->val, "files") == 0) {
SCLogDebug("Enabling files output"); SCLogDebug("Enabling files output");
ConfNode *child = ConfNodeLookupChild(output, "files"); ConfNode *child = ConfNodeLookupChild(output, "files");
json_ctx->files_ctx = OutputFileLogInit(child); json_ctx->files_ctx = OutputFileLogInit(child);
outputFlags |= OUTPUT_FILES; output_flags |= OUTPUT_FILES;
continue; continue;
} }
if (strcmp(output->val, "http") == 0) { if (strcmp(output->val, "http") == 0) {
SCLogDebug("Enabling HTTP output"); SCLogDebug("Enabling HTTP output");
ConfNode *child = ConfNodeLookupChild(output, "http"); ConfNode *child = ConfNodeLookupChild(output, "http");
json_ctx->http_ctx = OutputHttpLogInit(child); json_ctx->http_ctx = OutputHttpLogInit(child);
outputFlags |= OUTPUT_HTTP; output_flags |= OUTPUT_HTTP;
continue; continue;
} }
if (strcmp(output->val, "tls") == 0) { if (strcmp(output->val, "tls") == 0) {
SCLogDebug("Enabling TLS output"); SCLogDebug("Enabling TLS output");
ConfNode *child = ConfNodeLookupChild(output, "tls"); ConfNode *child = ConfNodeLookupChild(output, "tls");
json_ctx->tls_ctx = OutputTlsLogInit(child); json_ctx->tls_ctx = OutputTlsLogInit(child);
outputFlags |= OUTPUT_TLS; output_flags |= OUTPUT_TLS;
continue; continue;
} }
} }
@ -763,7 +763,7 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
return output_ctx; return output_ctx;
} }
static void AlertJsonDeInitCtx(OutputCtx *output_ctx) static void OutputJsonDeInitCtx(OutputCtx *output_ctx)
{ {
OutputJsonCtx *json_ctx = (OutputJsonCtx *)output_ctx->data; OutputJsonCtx *json_ctx = (OutputJsonCtx *)output_ctx->data;
LogFileCtx *logfile_ctx = json_ctx->file_ctx; LogFileCtx *logfile_ctx = json_ctx->file_ctx;
@ -780,7 +780,7 @@ static void AlertJsonDeInitCtx(OutputCtx *output_ctx)
/** /**
* \brief This function registers unit tests for AlertFastLog API. * \brief This function registers unit tests for AlertFastLog API.
*/ */
void AlertJsonRegisterTests(void) void OutputJsonRegisterTests(void)
{ {
#ifdef UNITTESTS #ifdef UNITTESTS

6
src/output-json.h
Unescape Escape View File

@ -24,16 +24,14 @@
#ifndef __ALERT_JSON_H__ #ifndef __ALERT_JSON_H__
#define __ALERT_JSON_H__ #define __ALERT_JSON_H__
void TmModuleAlertJsonRegister (void); void TmModuleOutputJsonRegister (void);
#ifdef HAVE_LIBJANSSON #ifdef HAVE_LIBJANSSON
json_t *CreateJSONHeader(Packet *p, int direction_sensative); json_t *CreateJSONHeader(Packet *p, int direction_sensative);
TmEcode OutputJSON(json_t *js, void *data, uint64_t *count); TmEcode OutputJSON(json_t *js, void *data, uint64_t *count);
void TmModuleAlertJsonIPv4Register (void); OutputCtx *OutputJsonInitCtx(ConfNode *);
void TmModuleAlertJsonPv6Register (void);
OutputCtx *AlertJsonInitCtx(ConfNode *);
/* TODO: I think the following structures can be made private again */ /* TODO: I think the following structures can be made private again */
/* /*

2
src/suricata.c
Unescape Escape View File

@ -794,7 +794,7 @@ void RegisterAllModules()
/* drop log */ /* drop log */
TmModuleLogDropLogRegister(); TmModuleLogDropLogRegister();
/* json log */ /* json log */
TmModuleAlertJsonRegister(); TmModuleOutputJsonRegister();
/* http log */ /* http log */
TmModuleLogHttpLogRegister(); TmModuleLogHttpLogRegister();
TmModuleLogTlsLogRegister(); TmModuleLogTlsLogRegister();

40
src/util-mem.h
Unescape Escape View File

@ -161,6 +161,30 @@ SC_ATOMIC_EXTERN(unsigned int, engine_stage);
(void*)ptrmem; \ (void*)ptrmem; \
}) })
#define SCStrndup(a, maxlen) ({ \
char *ptrmem = NULL; \
extern size_t global_mem; \
extern uint8_t print_mem_flag; \
size_t len = strnlen((a), (maxlen)); \
\
ptrmem = strndup((a), (maxlen)); \
if (ptrmem == NULL) { \
SCLogError(SC_ERR_MEM_ALLOC, "SCStrndup failed: %s, while trying " \
"to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)len); \
if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\
SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \
exit(EXIT_FAILURE); \
} \
} \
\
global_mem += len; \
if (print_mem_flag == 1) { \
SCLogInfo("SCStrndup return at %p of size %"PRIuMAX, \
ptrmem, (uintmax_t)len); \
} \
(void*)ptrmem; \
})
#define SCFree(a) ({ \ #define SCFree(a) ({ \
extern uint8_t print_mem_flag; \ extern uint8_t print_mem_flag; \
if (print_mem_flag == 1) { \ if (print_mem_flag == 1) { \
@ -233,6 +257,22 @@ SC_ATOMIC_EXTERN(unsigned int, engine_stage);
(void*)ptrmem; \ (void*)ptrmem; \
}) })
#define SCStrndup(a, maxlen) ({ \
char *ptrmem = NULL; \
\
ptrmem = strndup((a), (maxlen)); \
if (ptrmem == NULL) { \
if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\
size_t len = strnlen((a), (maxlen)); \
SCLogError(SC_ERR_MEM_ALLOC, "SCStrdup failed: %s, while trying " \
"to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)len); \
SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \
exit(EXIT_FAILURE); \
} \
} \
(void*)ptrmem; \
})
#define SCFree(a) ({ \ #define SCFree(a) ({ \
free(a); \ free(a); \
}) })

Write Preview
Loading…
Cancel
Save