aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ssh/eve: convert to jsonbuilder

Browse Source
pull/5059/head
Philippe Antoine 5 years ago committed by Victor Julien
parent 5e4aa5b851
commit baf5f52f22
3 changed files with 33 additions and 46 deletions
Show Stats Download Patch File Download Diff File

45
rust/src/ssh/logger.rs
Unescape Escape View File

@ -16,49 +16,36 @@
*/ */
use super::ssh::SSHTransaction; use super::ssh::SSHTransaction;
use crate::json::*; use crate::jsonbuilder::{JsonBuilder, JsonError};
fn log_ssh(tx: &SSHTransaction) -> Option<Json> { fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError> {
if tx.cli_hdr.protover.len() == 0 && tx.srv_hdr.protover.len() == 0 { if tx.cli_hdr.protover.len() == 0 && tx.srv_hdr.protover.len() == 0 {
return None; return Ok(false);
} }
let js = Json::object();
if tx.cli_hdr.protover.len() > 0 { if tx.cli_hdr.protover.len() > 0 {
let cjs = Json::object(); js.open_object("client")?;
cjs.set_string_from_bytes( js.set_string_from_bytes("proto_version", &tx.cli_hdr.protover)?;
"proto_version",
&tx.cli_hdr.protover,
);
if tx.cli_hdr.swver.len() > 0 { if tx.cli_hdr.swver.len() > 0 {
cjs.set_string_from_bytes( js.set_string_from_bytes("software_version", &tx.cli_hdr.swver)?;
"software_version",
&tx.cli_hdr.swver,
);
} }
js.set("client", cjs); js.close()?;
} }
if tx.srv_hdr.protover.len() > 0 { if tx.srv_hdr.protover.len() > 0 {
let sjs = Json::object(); js.open_object("server")?;
sjs.set_string_from_bytes( js.set_string_from_bytes("proto_version", &tx.srv_hdr.protover)?;
"proto_version",
&tx.srv_hdr.protover,
);
if tx.srv_hdr.swver.len() > 0 { if tx.srv_hdr.swver.len() > 0 {
sjs.set_string_from_bytes( js.set_string_from_bytes("software_version", &tx.srv_hdr.swver)?;
"software_version",
&tx.srv_hdr.swver,
);
} }
js.set("server", sjs); js.close()?;
} }
return Some(js); return Ok(true);
} }
#[no_mangle] #[no_mangle]
pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void) -> *mut JsonT { pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void, js: &mut JsonBuilder) -> bool {
let tx = cast_pointer!(tx, SSHTransaction); let tx = cast_pointer!(tx, SSHTransaction);
match log_ssh(tx) { if let Ok(x) = log_ssh(tx, js) {
Some(js) => js.unwrap(), return x;
None => std::ptr::null_mut(),
} }
return false;
} }

14
src/output-json-alert.c
Unescape Escape View File

@ -146,13 +146,15 @@ static void AlertJsonSsh(const Flow *f, JsonBuilder *js)
{ {
void *ssh_state = FlowGetAppState(f); void *ssh_state = FlowGetAppState(f);
if (ssh_state) { if (ssh_state) {
JsonBuilderMark mark = { 0, 0, 0 };
void *tx_ptr = rs_ssh_state_get_tx(ssh_state, 0); void *tx_ptr = rs_ssh_state_get_tx(ssh_state, 0);
json_t *tjs = rs_ssh_log_json(tx_ptr); jb_get_mark(js, &mark);
if (unlikely(tjs == NULL)) jb_open_object(js, "ssh");
return; if (rs_ssh_log_json(tx_ptr, js)) {
jb_close(js);
jb_set_jsont(js, "ssh", tjs); } else {
json_decref(tjs); jb_restore_mark(js, &mark);
}
} }
return; return;

20
src/output-json-ssh.c
Unescape Escape View File

@ -75,26 +75,24 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p,
return 0; return 0;
} }
json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "ssh", NULL); JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id);
if (unlikely(js == NULL)) if (unlikely(js == NULL))
return 0; return 0;
JsonAddCommonOptions(&ssh_ctx->cfg, p, f, js); EveAddCommonOptions(&ssh_ctx->cfg, p, f, js);
/* reset */ /* reset */
MemBufferReset(aft->buffer); MemBufferReset(aft->buffer);
json_t *tjs = rs_ssh_log_json(txptr); jb_open_object(js, "ssh");
if (unlikely(tjs == NULL)) { if (!rs_ssh_log_json(txptr, js)) {
free(js); goto end;
return 0;
} }
json_object_set_new(js, "ssh", tjs); jb_close(js);
OutputJsonBuilderBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
OutputJSONBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
json_object_clear(js);
json_decref(js);
end:
jb_free(js);
return 0; return 0;
} }

Write Preview
Loading…
Cancel
Save