eve/nfs: log nfs version

9 years ago · aff576b524
parent 0d79181d78
commit aff576b524
3 changed files with 18 additions and 6 deletions
--- a/rust/src/nfs/log.rs
+++ b/rust/src/nfs/log.rs
@ -76,9 +76,10 @@ fn nfs_file_object(tx: &NFSTransaction) -> Json
    return js;
 }

-fn nfs_common_header(tx: &NFSTransaction) -> Json
+fn nfs_common_header(state: &NFSState, tx: &NFSTransaction) -> Json
 {
    let js = Json::object();
+    js.set_integer("version", state.nfs_version as u64);
    js.set_string("procedure", &nfs3_procedure_string(tx.procedure));
    let file_name = String::from_utf8_lossy(&tx.file_name);
    js.set_string("filename", &file_name);
@ -88,17 +89,17 @@ fn nfs_common_header(tx: &NFSTransaction) -> Json
 }

 #[no_mangle]
-pub extern "C" fn rs_nfs_log_json_request(tx: &mut NFSTransaction) -> *mut JsonT
+pub extern "C" fn rs_nfs_log_json_request(state: &mut NFSState, tx: &mut NFSTransaction) -> *mut JsonT
 {
-    let js = nfs_common_header(tx);
+    let js = nfs_common_header(state, tx);
    js.set_string("type", "request");
    return js.unwrap();
 }

 #[no_mangle]
-pub extern "C" fn rs_nfs_log_json_response(tx: &mut NFSTransaction) -> *mut JsonT
+pub extern "C" fn rs_nfs_log_json_response(state: &mut NFSState, tx: &mut NFSTransaction) -> *mut JsonT
 {
-    let js = nfs_common_header(tx);
+    let js = nfs_common_header(state, tx);
    js.set_string("type", "response");

    js.set_string("status", &nfs3_status_string(tx.nfs_response_status));
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@ -299,6 +299,8 @@ pub struct NFSState {

    is_udp: bool,

+    pub nfs_version: u16,
+
    /// tx counter for assigning incrementing id's to tx's
    tx_id: u64,

@ -329,6 +331,7 @@ impl NFSState {
            ts_gap:false,
            tc_gap:false,
            is_udp:false,
+            nfs_version:0,
            tx_id:0,
            de_state_count:0,
            //ts_txs_updated:false,
@ -452,6 +455,10 @@ impl NFSState {
        let mut xidmap = NFSRequestXidMap::new(r.progver, r.procedure, 0);
        let mut aux_file_name = Vec::new();

+        if self.nfs_version == 0 {
+            self.nfs_version = r.progver as u16;
+        }
+
        if r.procedure == NFSPROC3_LOOKUP {
            self.process_request_record_lookup(r, &mut xidmap);

@ -965,6 +972,10 @@ impl NFSState {
            },
        }

+        if self.nfs_version == 0 {
+            self.nfs_version = xidmap.progver as u16;
+        }
+
        match xidmap.progver {
            3 => {
                SCLogDebug!("NFSv3 reply record");
--- a/src/output-json-nfs.c
+++ b/src/output-json-nfs.c
@ -83,7 +83,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
    }
    json_object_set_new(js, "rpc", rpcjs);

-    nfsjs = rs_nfs_log_json_response(tx);
+    nfsjs = rs_nfs_log_json_response(state, tx);
    if (unlikely(nfsjs == NULL)) {
        goto error;
    }