aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dnp3/eve: convert to jsonbuilder (non generated code)

Browse Source 
First step of converting DNP3 to JsonBuilder by first converting
the non-generated code.
pull/5169/head
Jason Ish 5 years ago committed by Victor Julien
parent 4976afd96a
commit ccc057fdc9
3 changed files with 107 additions and 183 deletions
Show Stats Download Patch File Download Diff File

31
src/output-json-alert.c
Unescape Escape View File

@ -167,27 +167,30 @@ static void AlertJsonDnp3(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
DNP3Transaction *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_DNP3, DNP3Transaction *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_DNP3,
dnp3_state, tx_id); dnp3_state, tx_id);
if (tx) { if (tx) {
json_t *dnp3js = json_object(); JsonBuilderMark mark = { 0, 0, 0 };
if (likely(dnp3js != NULL)) { jb_get_mark(js, &mark);
bool logged = false;
jb_open_object(js, "dnp3");
if (tx->has_request && tx->request_done) { if (tx->has_request && tx->request_done) {
json_t *request = JsonDNP3LogRequest(tx); jb_open_object(js, "request");
if (request != NULL) { JsonDNP3LogRequest(js, tx);
json_object_set_new(dnp3js, "request", request); jb_close(js);
} logged = true;
} }
if (tx->has_response && tx->response_done) { if (tx->has_response && tx->response_done) {
json_t *response = JsonDNP3LogResponse(tx); jb_open_object(js, "response");
if (response != NULL) { JsonDNP3LogResponse(js, tx);
json_object_set_new(dnp3js, "response", response); jb_close(js);
} logged = true;
} }
jb_set_jsont(js, "dnp3", dnp3js); if (logged) {
json_decref(dnp3js); /* Close dnp3 object. */
jb_close(js);
} else {
jb_restore_mark(js, &mark);
} }
} }
} }
return;
} }
static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js) static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js)

247
src/output-json-dnp3.c
Unescape Escape View File

@ -55,64 +55,38 @@ typedef struct LogDNP3LogThread_ {
MemBuffer *buffer; MemBuffer *buffer;
} LogDNP3LogThread; } LogDNP3LogThread;
static json_t *JsonDNP3LogLinkControl(uint8_t lc) static void JsonDNP3LogLinkControl(JsonBuilder *js, uint8_t lc)
{ {
json_t *lcjs = json_object(); jb_set_bool(js, "dir", DNP3_LINK_DIR(lc));
if (unlikely(lcjs == NULL)) { jb_set_bool(js, "pri", DNP3_LINK_PRI(lc));
return NULL; jb_set_bool(js, "fcb", DNP3_LINK_FCB(lc));
} jb_set_bool(js, "fcv", DNP3_LINK_FCV(lc));
jb_set_uint(js, "function_code", DNP3_LINK_FC(lc));
json_object_set_new(lcjs, "dir", json_boolean(DNP3_LINK_DIR(lc)));
json_object_set_new(lcjs, "pri", json_boolean(DNP3_LINK_PRI(lc)));
json_object_set_new(lcjs, "fcb", json_boolean(DNP3_LINK_FCB(lc)));
json_object_set_new(lcjs, "fcv", json_boolean(DNP3_LINK_FCV(lc)));
json_object_set_new(lcjs, "function_code", json_integer(DNP3_LINK_FC(lc)));
return lcjs;
} }
static json_t *JsonDNP3LogIin(uint16_t iin) static void JsonDNP3LogIin(JsonBuilder *js, uint16_t iin)
{ {
json_t *iinjs = json_object(); jb_open_array(js, "indicators");
if (unlikely(iinjs == NULL)) {
return NULL;
}
json_t *indicators = json_array();
if (unlikely(indicators == NULL)) {
json_decref(iinjs);
return NULL;
}
if (iin) { if (iin) {
int mapping = 0; int mapping = 0;
do { do {
if (iin & DNP3IndicatorsMap[mapping].value) { if (iin & DNP3IndicatorsMap[mapping].value) {
json_array_append_new(indicators, jb_append_string(js, DNP3IndicatorsMap[mapping].name);
json_string(DNP3IndicatorsMap[mapping].name));
} }
mapping++; mapping++;
} while (DNP3IndicatorsMap[mapping].name != NULL); } while (DNP3IndicatorsMap[mapping].name != NULL);
} }
json_object_set_new(iinjs, "indicators", indicators); jb_close(js);
return iinjs;
} }
static json_t *JsonDNP3LogApplicationControl(uint8_t ac) static void JsonDNP3LogApplicationControl(JsonBuilder *js, uint8_t ac)
{ {
json_t *acjs = json_object(); jb_set_bool(js, "fir", DNP3_APP_FIR(ac));
if (unlikely(acjs == NULL)) { jb_set_bool(js, "fin", DNP3_APP_FIN(ac));
return NULL; jb_set_bool(js, "con", DNP3_APP_CON(ac));
} jb_set_bool(js, "uns", DNP3_APP_UNS(ac));
jb_set_uint(js, "sequence", DNP3_APP_SEQ(ac));
json_object_set_new(acjs, "fir", json_boolean(DNP3_APP_FIR(ac)));
json_object_set_new(acjs, "fin", json_boolean(DNP3_APP_FIN(ac)));
json_object_set_new(acjs, "con", json_boolean(DNP3_APP_CON(ac)));
json_object_set_new(acjs, "uns", json_boolean(DNP3_APP_UNS(ac)));
json_object_set_new(acjs, "sequence", json_integer(DNP3_APP_SEQ(ac)));
return acjs;
} }
/** /**
@ -152,150 +126,100 @@ static json_t *JsonDNP3LogObjectItems(DNP3Object *object)
* \brief Log the application layer objects. * \brief Log the application layer objects.
* *
* \param objects A list of DNP3 objects. * \param objects A list of DNP3 objects.
* * \param jb A JsonBuilder instance with an open array.
* \retval a json_t pointer containing the logged DNP3 objects.
*/ */
static json_t *JsonDNP3LogObjects(DNP3ObjectList *objects) static void JsonDNP3LogObjects(JsonBuilder *js, DNP3ObjectList *objects)
{ {
DNP3Object *object; DNP3Object *object;
json_t *js = json_array();
if (unlikely(js == NULL)) {
return NULL;
}
TAILQ_FOREACH(object, objects, next) { TAILQ_FOREACH(object, objects, next) {
json_t *objs = json_object(); jb_start_object(js);
if (unlikely(objs == NULL)) { jb_set_uint(js, "group", object->group);
goto error; jb_set_uint(js, "variation", object->variation);
} jb_set_uint(js, "qualifier", object->qualifier);
json_object_set_new(objs, "group", json_integer(object->group)); jb_set_uint(js, "prefix_code", object->prefix_code);
json_object_set_new(objs, "variation", jb_set_uint(js, "range_code", object->range_code);
json_integer(object->variation)); jb_set_uint(js, "start", object->start);
json_object_set_new(objs, "qualifier", json_integer(object->qualifier)); jb_set_uint(js, "stop", object->stop);
json_object_set_new(objs, "prefix_code", jb_set_uint(js, "count", object->count);
json_integer(object->prefix_code));
json_object_set_new(objs, "range_code",
json_integer(object->range_code));
json_object_set_new(objs, "start", json_integer(object->start));
json_object_set_new(objs, "stop", json_integer(object->stop));
json_object_set_new(objs, "count", json_integer(object->count));
if (object->points != NULL && !TAILQ_EMPTY(object->points)) { if (object->points != NULL && !TAILQ_EMPTY(object->points)) {
json_t *points = JsonDNP3LogObjectItems(object); json_t *points = JsonDNP3LogObjectItems(object);
if (points != NULL) { if (points != NULL) {
json_object_set_new(objs, "points", points); jb_set_jsont(js, "points", points);
json_decref(points);
} }
} }
json_array_append_new(js, objs); jb_close(js);
} }
return js;
error:
json_decref(js);
return NULL;
} }
json_t *JsonDNP3LogRequest(DNP3Transaction *dnp3tx) void JsonDNP3LogRequest(JsonBuilder *js, DNP3Transaction *dnp3tx)
{ {
json_t *dnp3js = json_object(); JB_SET_STRING(js, "type", "request");
if (dnp3js == NULL) {
return NULL;;
}
json_object_set_new(dnp3js, "type", json_string("request"));
json_t *lcjs = JsonDNP3LogLinkControl(dnp3tx->request_lh.control); jb_open_object(js, "control");
if (lcjs != NULL) { JsonDNP3LogLinkControl(js, dnp3tx->request_lh.control);
json_object_set_new(dnp3js, "control", lcjs); jb_close(js);
}
json_object_set_new(dnp3js, "src", json_integer(dnp3tx->request_lh.src)); jb_set_uint(js, "src", dnp3tx->request_lh.src);
json_object_set_new(dnp3js, "dst", json_integer(dnp3tx->request_lh.dst)); jb_set_uint(js, "dst", dnp3tx->request_lh.dst);
/* DNP3 application layer. */ jb_open_object(js, "application");
json_t *al = json_object();
if (al == NULL) {
goto error;
}
json_object_set_new(dnp3js, "application", al);
json_t *acjs = JsonDNP3LogApplicationControl(dnp3tx->request_ah.control); jb_open_object(js, "control");
if (acjs != NULL) { JsonDNP3LogApplicationControl(js, dnp3tx->request_ah.control);
json_object_set_new(al, "control", acjs); jb_close(js);
}
json_object_set_new(al, "function_code", jb_set_uint(js, "function_code", dnp3tx->request_ah.function_code);
json_integer(dnp3tx->request_ah.function_code));
json_t *objects = JsonDNP3LogObjects(&dnp3tx->request_objects); jb_open_array(js, "objects");
if (objects != NULL) { JsonDNP3LogObjects(js, &dnp3tx->request_objects);
json_object_set_new(al, "objects", objects); jb_close(js);
}
json_object_set_new(al, "complete",
json_boolean(dnp3tx->request_complete));
return dnp3js; jb_set_bool(js, "complete", dnp3tx->request_complete);
error: /* Close application. */
json_decref(dnp3js); jb_close(js);
return NULL;
} }
json_t *JsonDNP3LogResponse(DNP3Transaction *dnp3tx) void JsonDNP3LogResponse(JsonBuilder *js, DNP3Transaction *dnp3tx)
{ {
json_t *dnp3js = json_object();
if (dnp3js == NULL) {
return NULL;
}
if (dnp3tx->response_ah.function_code == DNP3_APP_FC_UNSOLICITED_RESP) { if (dnp3tx->response_ah.function_code == DNP3_APP_FC_UNSOLICITED_RESP) {
json_object_set_new(dnp3js, "type", JB_SET_STRING(js, "type", "unsolicited_response");
json_string("unsolicited_response"));
} }
else { else {
json_object_set_new(dnp3js, "type", json_string("response")); JB_SET_STRING(js, "type", "response");
} }
json_t *lcjs = JsonDNP3LogLinkControl(dnp3tx->response_lh.control); jb_open_object(js, "control");
if (lcjs != NULL) { JsonDNP3LogLinkControl(js, dnp3tx->response_lh.control);
json_object_set_new(dnp3js, "control", lcjs); jb_close(js);
}
json_object_set_new(dnp3js, "src", json_integer(dnp3tx->response_lh.src)); jb_set_uint(js, "src", dnp3tx->response_lh.src);
json_object_set_new(dnp3js, "dst", json_integer(dnp3tx->response_lh.dst)); jb_set_uint(js, "dst", dnp3tx->response_lh.dst);
/* DNP3 application layer. */ jb_open_object(js, "application");
json_t *al = json_object();
if (al == NULL) {
goto error;
}
json_object_set_new(dnp3js, "application", al);
json_t *acjs = JsonDNP3LogApplicationControl(dnp3tx->response_ah.control); jb_open_object(js, "control");
if (acjs != NULL) { JsonDNP3LogApplicationControl(js, dnp3tx->response_ah.control);
json_object_set_new(al, "control", acjs); jb_close(js);
}
json_object_set_new(al, "function_code", jb_set_uint(js, "function_code", dnp3tx->response_ah.function_code);
json_integer(dnp3tx->response_ah.function_code));
json_t *iinjs = JsonDNP3LogIin(dnp3tx->response_iin.iin1 << 8 | jb_open_array(js, "objects");
dnp3tx->response_iin.iin2); JsonDNP3LogObjects(js, &dnp3tx->response_objects);
if (iinjs != NULL) { jb_close(js);
json_object_set_new(dnp3js, "iin", iinjs);
}
json_t *objects = JsonDNP3LogObjects(&dnp3tx->response_objects); jb_set_bool(js, "complete", dnp3tx->response_complete);
if (objects != NULL) {
json_object_set_new(al, "objects", objects);
}
json_object_set_new(al, "complete",
json_boolean(dnp3tx->response_complete));
return dnp3js; /* Close application. */
jb_close(js);
error: jb_open_object(js, "iin");
json_decref(dnp3js); JsonDNP3LogIin(js, dnp3tx->response_iin.iin1 << 8 | dnp3tx->response_iin.iin2);
return NULL; jb_close(js);
} }
static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data, static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data,
@ -309,19 +233,18 @@ static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data,
MemBufferReset(buffer); MemBufferReset(buffer);
if (tx->has_request && tx->request_done) { if (tx->has_request && tx->request_done) {
json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "dnp3", NULL); JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL);
if (unlikely(js == NULL)) { if (unlikely(js == NULL)) {
return TM_ECODE_OK; return TM_ECODE_OK;
} }
JsonAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js); EveAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js);
json_t *dnp3js = JsonDNP3LogRequest(tx); jb_open_object(js, "dnp3");
if (dnp3js != NULL) { JsonDNP3LogRequest(js, tx);
json_object_set_new(js, "dnp3", dnp3js); jb_close(js);
OutputJSONBuffer(js, thread->dnp3log_ctx->file_ctx, &buffer); OutputJsonBuilderBuffer(js, thread->dnp3log_ctx->file_ctx, &buffer);
} jb_free(js);
json_decref(js);
} }
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
@ -338,19 +261,17 @@ static int JsonDNP3LoggerToClient(ThreadVars *tv, void *thread_data,
MemBufferReset(buffer); MemBufferReset(buffer);
if (tx->has_response && tx->response_done) { if (tx->has_response && tx->response_done) {
json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "dnp3", NULL); JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL);
if (unlikely(js == NULL)) { if (unlikely(js == NULL)) {
return TM_ECODE_OK; return TM_ECODE_OK;
} }
JsonAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js); EveAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js);
jb_open_object(js, "dnp3");
json_t *dnp3js = JsonDNP3LogResponse(tx); JsonDNP3LogResponse(js, tx);
if (dnp3js != NULL) { jb_close(js);
json_object_set_new(js, "dnp3", dnp3js); OutputJsonBuilderBuffer(js, thread->dnp3log_ctx->file_ctx, &buffer);
OutputJSONBuffer(js, thread->dnp3log_ctx->file_ctx, &buffer); jb_free(js);
}
json_decref(js);
} }
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);

4
src/output-json-dnp3.h
Unescape Escape View File

@ -20,8 +20,8 @@
#include "app-layer-dnp3.h" #include "app-layer-dnp3.h"
json_t *JsonDNP3LogRequest(DNP3Transaction *); void JsonDNP3LogRequest(JsonBuilder *js, DNP3Transaction *);
json_t *JsonDNP3LogResponse(DNP3Transaction *); void JsonDNP3LogResponse(JsonBuilder *js, DNP3Transaction *);
void JsonDNP3LogRegister(void); void JsonDNP3LogRegister(void);

Write Preview
Loading…
Cancel
Save