ssh/eve: convert to jsonbuilder

rust/src/ssh/logger.rs

@@ -16,49 +16,36 @@
  */
 
 use super::ssh::SSHTransaction;
-use crate::json::*;
+use crate::jsonbuilder::{JsonBuilder, JsonError};
 
-fn log_ssh(tx: &SSHTransaction) -> Option<Json> {
+fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError> {
     if tx.cli_hdr.protover.len() == 0 && tx.srv_hdr.protover.len() == 0 {
-        return None;
+        return Ok(false);
     }
-    let js = Json::object();
     if tx.cli_hdr.protover.len() > 0 {
-        let cjs = Json::object();
-        cjs.set_string_from_bytes(
-            "proto_version",
-            &tx.cli_hdr.protover,
-        );
+        js.open_object("client")?;
+        js.set_string_from_bytes("proto_version", &tx.cli_hdr.protover)?;
         if tx.cli_hdr.swver.len() > 0 {
-            cjs.set_string_from_bytes(
-                "software_version",
-                &tx.cli_hdr.swver,
-            );
+            js.set_string_from_bytes("software_version", &tx.cli_hdr.swver)?;
         }
-        js.set("client", cjs);
+        js.close()?;
     }
     if tx.srv_hdr.protover.len() > 0 {
-        let sjs = Json::object();
-        sjs.set_string_from_bytes(
-            "proto_version",
-            &tx.srv_hdr.protover,
-        );
+        js.open_object("server")?;
+        js.set_string_from_bytes("proto_version", &tx.srv_hdr.protover)?;
         if tx.srv_hdr.swver.len() > 0 {
-            sjs.set_string_from_bytes(
-                "software_version",
-                &tx.srv_hdr.swver,
-            );
+            js.set_string_from_bytes("software_version", &tx.srv_hdr.swver)?;
         }
-        js.set("server", sjs);
+        js.close()?;
     }
-    return Some(js);
+    return Ok(true);
 }
 
 #[no_mangle]
-pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void) -> *mut JsonT {
+pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void, js: &mut JsonBuilder) -> bool {
     let tx = cast_pointer!(tx, SSHTransaction);
-    match log_ssh(tx) {
-        Some(js) => js.unwrap(),
-        None => std::ptr::null_mut(),
+    if let Ok(x) = log_ssh(tx, js) {
+        return x;
     }
+    return false;
 }

src/output-json-alert.c

@@ -146,13 +146,15 @@ static void AlertJsonSsh(const Flow *f, JsonBuilder *js)
 {
     void *ssh_state = FlowGetAppState(f);
     if (ssh_state) {
+        JsonBuilderMark mark = { 0, 0, 0 };
         void *tx_ptr = rs_ssh_state_get_tx(ssh_state, 0);
-        json_t *tjs = rs_ssh_log_json(tx_ptr);
-        if (unlikely(tjs == NULL))
-            return;
-
-        jb_set_jsont(js, "ssh", tjs);
-        json_decref(tjs);
+        jb_get_mark(js, &mark);
+        jb_open_object(js, "ssh");
+        if (rs_ssh_log_json(tx_ptr, js)) {
+            jb_close(js);
+        } else {
+            jb_restore_mark(js, &mark);
+        }
     }
 
     return;

src/output-json-ssh.c

@@ -75,26 +75,24 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p,
         return 0;
     }
 
-    json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "ssh", NULL);
+    JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id);
     if (unlikely(js == NULL))
         return 0;
 
-    JsonAddCommonOptions(&ssh_ctx->cfg, p, f, js);
+    EveAddCommonOptions(&ssh_ctx->cfg, p, f, js);
 
     /* reset */
     MemBufferReset(aft->buffer);
 
-    json_t *tjs = rs_ssh_log_json(txptr);
-    if (unlikely(tjs == NULL)) {
-        free(js);
-        return 0;
+    jb_open_object(js, "ssh");
+    if (!rs_ssh_log_json(txptr, js)) {
+        goto end;
     }
-    json_object_set_new(js, "ssh", tjs);
-
-    OutputJSONBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
-    json_object_clear(js);
-    json_decref(js);
+    jb_close(js);
+    OutputJsonBuilderBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
 
+end:
+    jb_free(js);
     return 0;
 }