|
|
|
|
@ -244,7 +244,8 @@ end_fp:
|
|
|
|
|
* \brief Condition function for TLS logger
|
|
|
|
|
* \retval bool true or false -- log now?
|
|
|
|
|
*/
|
|
|
|
|
static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p)
|
|
|
|
|
static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p, void *state,
|
|
|
|
|
void *tx, uint64_t tx_id)
|
|
|
|
|
{
|
|
|
|
|
if (p->flow == NULL) {
|
|
|
|
|
return FALSE;
|
|
|
|
|
@ -254,57 +255,39 @@ static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p)
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FLOWLOCK_RDLOCK(p->flow);
|
|
|
|
|
uint16_t proto = FlowGetAppProtocol(p->flow);
|
|
|
|
|
if (proto != ALPROTO_TLS)
|
|
|
|
|
goto dontlog;
|
|
|
|
|
|
|
|
|
|
SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
|
|
|
|
|
SSLState *ssl_state = (SSLState *)state;
|
|
|
|
|
if (ssl_state == NULL) {
|
|
|
|
|
SCLogDebug("no tls state, so no request logging");
|
|
|
|
|
goto dontlog;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* we only log the state once if we don't have to write
|
|
|
|
|
* the cert due to tls.store keyword. */
|
|
|
|
|
if (!(ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) &&
|
|
|
|
|
(ssl_state->flags & SSL_AL_FLAG_STATE_STORED))
|
|
|
|
|
if ((ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) == 0)
|
|
|
|
|
goto dontlog;
|
|
|
|
|
|
|
|
|
|
if (ssl_state->server_connp.cert0_issuerdn == NULL ||
|
|
|
|
|
ssl_state->server_connp.cert0_subject == NULL)
|
|
|
|
|
goto dontlog;
|
|
|
|
|
|
|
|
|
|
FLOWLOCK_UNLOCK(p->flow);
|
|
|
|
|
return TRUE;
|
|
|
|
|
dontlog:
|
|
|
|
|
FLOWLOCK_UNLOCK(p->flow);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p)
|
|
|
|
|
static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p,
|
|
|
|
|
Flow *f, void *state, void *tx, uint64_t tx_id)
|
|
|
|
|
{
|
|
|
|
|
LogTlsStoreLogThread *aft = (LogTlsStoreLogThread *)thread_data;
|
|
|
|
|
int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
|
|
|
|
|
/* check if we have TLS state or not */
|
|
|
|
|
FLOWLOCK_WRLOCK(p->flow);
|
|
|
|
|
uint16_t proto = FlowGetAppProtocol(p->flow);
|
|
|
|
|
if (proto != ALPROTO_TLS)
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
|
|
|
|
|
SSLState *ssl_state = (SSLState *)state;
|
|
|
|
|
if (unlikely(ssl_state == NULL)) {
|
|
|
|
|
goto end;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) {
|
|
|
|
|
LogTlsLogPem(aft, p, ssl_state, ipproto);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* we only store the state once */
|
|
|
|
|
ssl_state->flags |= SSL_AL_FLAG_STATE_STORED;
|
|
|
|
|
end:
|
|
|
|
|
FLOWLOCK_UNLOCK(p->flow);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -415,6 +398,9 @@ static OutputCtx *LogTlsStoreLogInitCtx(ConfNode *conf)
|
|
|
|
|
|
|
|
|
|
SCLogInfo("storing certs in %s", tls_logfile_base_dir);
|
|
|
|
|
|
|
|
|
|
/* enable the logger for the app layer */
|
|
|
|
|
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
|
|
|
|
|
|
|
|
|
SCReturnPtr(output_ctx, "OutputCtx");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -430,8 +416,9 @@ void TmModuleLogTlsStoreRegister (void)
|
|
|
|
|
tmm_modules[TMM_TLSSTORE].flags = TM_FLAG_LOGAPI_TM;
|
|
|
|
|
tmm_modules[TMM_TLSSTORE].priority = 10;
|
|
|
|
|
|
|
|
|
|
OutputRegisterPacketModule(MODULE_NAME, "tls-store", LogTlsStoreLogInitCtx,
|
|
|
|
|
LogTlsStoreLogger, LogTlsStoreCondition);
|
|
|
|
|
OutputRegisterTxModuleWithCondition(MODULE_NAME, "tls-store",
|
|
|
|
|
LogTlsStoreLogInitCtx, ALPROTO_TLS, LogTlsStoreLogger,
|
|
|
|
|
LogTlsStoreCondition);
|
|
|
|
|
|
|
|
|
|
SC_ATOMIC_INIT(cert_id);
|
|
|
|
|
|
|
|
|
|
|
Mats Klepsland
10 years ago
committed by
Victor Julien