aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output/ikev2: Convert to JsonBuilder

Browse Source 
Convert the IKEV2 Json logging to use JsonBuilder.
pull/5139/head
Jeff Lucovsky 5 years ago committed by Victor Julien
parent 1e8ac7dadb
commit d5bb41011c
2 changed files with 46 additions and 37 deletions
Show Stats Download Patch File Download Diff File

62
rust/src/ikev2/log.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2018 Open Information Security Foundation /* Copyright (C) 2018-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -17,41 +17,51 @@
// written by Pierre Chifflier <chifflier@wzdftpd.net> // written by Pierre Chifflier <chifflier@wzdftpd.net>
use crate::json::*; use crate::jsonbuilder::{JsonBuilder, JsonError};
use crate::ikev2::ikev2::{IKEV2State,IKEV2Transaction}; use crate::ikev2::ikev2::{IKEV2State,IKEV2Transaction};
use crate::ikev2::ipsec_parser::IKEV2_FLAG_INITIATOR; use crate::ikev2::ipsec_parser::IKEV2_FLAG_INITIATOR;
#[no_mangle] fn ikev2_log_response(state: &mut IKEV2State,
pub extern "C" fn rs_ikev2_log_json_response(state: &mut IKEV2State, tx: &mut IKEV2Transaction) -> *mut JsonT tx: &mut IKEV2Transaction,
jb: &mut JsonBuilder)
-> Result<(), JsonError>
{ {
let js = Json::object(); jb.set_uint("version_major", tx.hdr.maj_ver as u64)?;
js.set_integer("version_major", tx.hdr.maj_ver as u64); jb.set_uint("version_minor", tx.hdr.min_ver as u64)?;
js.set_integer("version_minor", tx.hdr.min_ver as u64); jb.set_uint("exchange_type", tx.hdr.exch_type.0 as u64)?;
js.set_integer("exchange_type", tx.hdr.exch_type.0 as u64); jb.set_uint("message_id", tx.hdr.msg_id as u64)?;
js.set_integer("message_id", tx.hdr.msg_id as u64); jb.set_string("init_spi", &format!("{:016x}", tx.hdr.init_spi))?;
js.set_string("init_spi", &format!("{:016x}", tx.hdr.init_spi)); jb.set_string("resp_spi", &format!("{:016x}", tx.hdr.resp_spi))?;
js.set_string("resp_spi", &format!("{:016x}", tx.hdr.resp_spi));
if tx.hdr.flags & IKEV2_FLAG_INITIATOR != 0 { if tx.hdr.flags & IKEV2_FLAG_INITIATOR != 0 {
js.set_string("role", &"initiator"); jb.set_string("role", &"initiator")?;
} else { } else {
js.set_string("role", &"responder"); jb.set_string("role", &"responder")?;
js.set_string("alg_enc", &format!("{:?}", state.alg_enc)); jb.set_string("alg_enc", &format!("{:?}", state.alg_enc))?;
js.set_string("alg_auth", &format!("{:?}", state.alg_auth)); jb.set_string("alg_auth", &format!("{:?}", state.alg_auth))?;
js.set_string("alg_prf", &format!("{:?}", state.alg_prf)); jb.set_string("alg_prf", &format!("{:?}", state.alg_prf))?;
js.set_string("alg_dh", &format!("{:?}", state.alg_dh)); jb.set_string("alg_dh", &format!("{:?}", state.alg_dh))?;
js.set_string("alg_esn", &format!("{:?}", state.alg_esn)); jb.set_string("alg_esn", &format!("{:?}", state.alg_esn))?;
} }
js.set_integer("errors", tx.errors as u64); jb.set_uint("errors", tx.errors as u64)?;
let jsa = Json::array(); jb.open_array("payload")?;
for payload in tx.payload_types.iter() { for payload in tx.payload_types.iter() {
jsa.array_append_string(&format!("{:?}", payload)); jb.append_string(&format!("{:?}", payload))?;
} }
js.set("payload", jsa); jb.close()?;
let jsa = Json::array(); jb.open_array("notify")?;
for notify in tx.notify_types.iter() { for notify in tx.notify_types.iter() {
jsa.array_append_string(&format!("{:?}", notify)); jb.append_string(&format!("{:?}", notify))?;
} }
js.set("notify", jsa); jb.close()?;
return js.unwrap(); Ok(())
}
#[no_mangle]
pub extern "C" fn rs_ikev2_log_json_response(state: &mut IKEV2State,
tx: &mut IKEV2Transaction,
jb: &mut JsonBuilder)
-> bool
{
ikev2_log_response(state, tx, jb).is_ok()
} }

21
src/output-json-ikev2.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2018 Open Information Security Foundation /* Copyright (C) 2018-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -64,29 +64,28 @@ static int JsonIKEv2Logger(ThreadVars *tv, void *thread_data,
{ {
IKEV2Transaction *ikev2tx = tx; IKEV2Transaction *ikev2tx = tx;
LogIKEv2LogThread *thread = thread_data; LogIKEv2LogThread *thread = thread_data;
json_t *js, *ikev2js;
js = CreateJSONHeader((Packet *)p, LOG_DIR_PACKET, "ikev2", NULL); JsonBuilder *jb = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "ikev2", NULL);
if (unlikely(js == NULL)) { if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
JsonAddCommonOptions(&thread->ikev2log_ctx->cfg, p, f, js); EveAddCommonOptions(&thread->ikev2log_ctx->cfg, p, f, jb);
ikev2js = rs_ikev2_log_json_response(state, ikev2tx); jb_open_object(jb, "ikev2");
if (unlikely(ikev2js == NULL)) { if (unlikely(!rs_ikev2_log_json_response(state, ikev2tx, jb))) {
goto error; goto error;
} }
json_object_set_new(js, "ikev2", ikev2js); jb_close(jb);
MemBufferReset(thread->buffer); MemBufferReset(thread->buffer);
OutputJSONBuffer(js, thread->ikev2log_ctx->file_ctx, &thread->buffer); OutputJsonBuilderBuffer(jb, thread->ikev2log_ctx->file_ctx, &thread->buffer);
json_decref(js); jb_free(jb);
return TM_ECODE_OK; return TM_ECODE_OK;
error: error:
json_decref(js); jb_free(jb);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

Write Preview
Loading…
Cancel
Save