diff --git a/rust/src/ssh/logger.rs b/rust/src/ssh/logger.rs index 000d7afb7c..0ddc7fffdf 100644 --- a/rust/src/ssh/logger.rs +++ b/rust/src/ssh/logger.rs @@ -16,49 +16,36 @@ */ use super::ssh::SSHTransaction; -use crate::json::*; +use crate::jsonbuilder::{JsonBuilder, JsonError}; -fn log_ssh(tx: &SSHTransaction) -> Option { +fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result { if tx.cli_hdr.protover.len() == 0 && tx.srv_hdr.protover.len() == 0 { - return None; + return Ok(false); } - let js = Json::object(); if tx.cli_hdr.protover.len() > 0 { - let cjs = Json::object(); - cjs.set_string_from_bytes( - "proto_version", - &tx.cli_hdr.protover, - ); + js.open_object("client")?; + js.set_string_from_bytes("proto_version", &tx.cli_hdr.protover)?; if tx.cli_hdr.swver.len() > 0 { - cjs.set_string_from_bytes( - "software_version", - &tx.cli_hdr.swver, - ); + js.set_string_from_bytes("software_version", &tx.cli_hdr.swver)?; } - js.set("client", cjs); + js.close()?; } if tx.srv_hdr.protover.len() > 0 { - let sjs = Json::object(); - sjs.set_string_from_bytes( - "proto_version", - &tx.srv_hdr.protover, - ); + js.open_object("server")?; + js.set_string_from_bytes("proto_version", &tx.srv_hdr.protover)?; if tx.srv_hdr.swver.len() > 0 { - sjs.set_string_from_bytes( - "software_version", - &tx.srv_hdr.swver, - ); + js.set_string_from_bytes("software_version", &tx.srv_hdr.swver)?; } - js.set("server", sjs); + js.close()?; } - return Some(js); + return Ok(true); } #[no_mangle] -pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void) -> *mut JsonT { +pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void, js: &mut JsonBuilder) -> bool { let tx = cast_pointer!(tx, SSHTransaction); - match log_ssh(tx) { - Some(js) => js.unwrap(), - None => std::ptr::null_mut(), + if let Ok(x) = log_ssh(tx, js) { + return x; } + return false; } diff --git a/src/output-json-alert.c b/src/output-json-alert.c index f6c938dfc8..d4bde83059 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -146,13 +146,15 @@ static void AlertJsonSsh(const Flow *f, JsonBuilder *js) { void *ssh_state = FlowGetAppState(f); if (ssh_state) { + JsonBuilderMark mark = { 0, 0, 0 }; void *tx_ptr = rs_ssh_state_get_tx(ssh_state, 0); - json_t *tjs = rs_ssh_log_json(tx_ptr); - if (unlikely(tjs == NULL)) - return; - - jb_set_jsont(js, "ssh", tjs); - json_decref(tjs); + jb_get_mark(js, &mark); + jb_open_object(js, "ssh"); + if (rs_ssh_log_json(tx_ptr, js)) { + jb_close(js); + } else { + jb_restore_mark(js, &mark); + } } return; diff --git a/src/output-json-ssh.c b/src/output-json-ssh.c index fb66d059f8..5519c56741 100644 --- a/src/output-json-ssh.c +++ b/src/output-json-ssh.c @@ -75,26 +75,24 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p, return 0; } - json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "ssh", NULL); + JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id); if (unlikely(js == NULL)) return 0; - JsonAddCommonOptions(&ssh_ctx->cfg, p, f, js); + EveAddCommonOptions(&ssh_ctx->cfg, p, f, js); /* reset */ MemBufferReset(aft->buffer); - json_t *tjs = rs_ssh_log_json(txptr); - if (unlikely(tjs == NULL)) { - free(js); - return 0; + jb_open_object(js, "ssh"); + if (!rs_ssh_log_json(txptr, js)) { + goto end; } - json_object_set_new(js, "ssh", tjs); - - OutputJSONBuffer(js, ssh_ctx->file_ctx, &aft->buffer); - json_object_clear(js); - json_decref(js); + jb_close(js); + OutputJsonBuilderBuffer(js, ssh_ctx->file_ctx, &aft->buffer); +end: + jb_free(js); return 0; }