aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nfs: use common json output structures

Browse Source
pull/3504/head
Victor Julien 6 years ago
parent 04edc7cb6c
commit 116c03cf17
1 changed files with 9 additions and 91 deletions
Show Stats Download Patch File Download Diff File

100
src/output-json-nfs.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2015 Open Information Security Foundation /* Copyright (C) 2015-2018 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -51,18 +51,6 @@
#include "rust.h" #include "rust.h"
#include "rust-nfs-log-gen.h" #include "rust-nfs-log-gen.h"
typedef struct LogNFSFileCtx_ {
LogFileCtx *file_ctx;
uint32_t flags;
bool include_metadata;
} LogNFSFileCtx;
typedef struct LogNFSLogThread_ {
LogNFSFileCtx *nfslog_ctx;
uint32_t count;
MemBuffer *buffer;
} LogNFSLogThread;
json_t *JsonNFSAddMetadataRPC(const Flow *f, uint64_t tx_id) json_t *JsonNFSAddMetadataRPC(const Flow *f, uint64_t tx_id)
{ {
NFSState *state = FlowGetAppState(f); NFSState *state = FlowGetAppState(f);
@ -93,7 +81,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{ {
NFSTransaction *nfstx = tx; NFSTransaction *nfstx = tx;
LogNFSLogThread *thread = thread_data; OutputJsonThreadCtx *thread = thread_data;
if (rs_nfs_tx_logging_is_filtered(state, nfstx)) if (rs_nfs_tx_logging_is_filtered(state, nfstx))
return TM_ECODE_OK; return TM_ECODE_OK;
@ -103,7 +91,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
if (thread->nfslog_ctx->include_metadata) { if (thread->ctx->include_metadata) {
JsonAddMetadata(p, f, js); JsonAddMetadata(p, f, js);
} }
@ -120,7 +108,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
json_object_set_new(js, "nfs", nfsjs); json_object_set_new(js, "nfs", nfsjs);
MemBufferReset(thread->buffer); MemBufferReset(thread->buffer);
OutputJSONBuffer(js, thread->nfslog_ctx->file_ctx, &thread->buffer); OutputJSONBuffer(js, thread->ctx->file_ctx, &thread->buffer);
json_decref(js); json_decref(js);
return TM_ECODE_OK; return TM_ECODE_OK;
@ -130,91 +118,21 @@ error:
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
static void OutputNFSLogDeInitCtxSub(OutputCtx *output_ctx) static OutputInitResult NFSLogInitSub(ConfNode *conf,
{
LogNFSFileCtx *nfslog_ctx = (LogNFSFileCtx *)output_ctx->data;
SCFree(nfslog_ctx);
SCFree(output_ctx);
}
static OutputInitResult OutputNFSLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx) OutputCtx *parent_ctx)
{ {
OutputInitResult result = { NULL, false };
OutputJsonCtx *ajt = parent_ctx->data;
LogNFSFileCtx *nfslog_ctx = SCCalloc(1, sizeof(*nfslog_ctx));
if (unlikely(nfslog_ctx == NULL)) {
return result;
}
nfslog_ctx->file_ctx = ajt->file_ctx;
nfslog_ctx->include_metadata = ajt->include_metadata;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
SCFree(nfslog_ctx);
return result;
}
output_ctx->data = nfslog_ctx;
output_ctx->DeInit = OutputNFSLogDeInitCtxSub;
SCLogDebug("NFS log sub-module initialized.");
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS); AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS); AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
return OutputJsonLogInitSub(conf, parent_ctx);
result.ctx = output_ctx;
result.ok = true;
return result;
}
#define OUTPUT_BUFFER_SIZE 65535
static TmEcode JsonNFSLogThreadInit(ThreadVars *t, const void *initdata, void **data)
{
LogNFSLogThread *thread = SCCalloc(1, sizeof(*thread));
if (unlikely(thread == NULL)) {
return TM_ECODE_FAILED;
}
if (initdata == NULL) {
SCLogDebug("Error getting context for EveLogNFS. \"initdata\" is NULL.");
SCFree(thread);
return TM_ECODE_FAILED;
}
thread->buffer = MemBufferCreateNew(OUTPUT_BUFFER_SIZE);
if (unlikely(thread->buffer == NULL)) {
SCFree(thread);
return TM_ECODE_FAILED;
}
thread->nfslog_ctx = ((OutputCtx *)initdata)->data;
*data = (void *)thread;
return TM_ECODE_OK;
}
static TmEcode JsonNFSLogThreadDeinit(ThreadVars *t, void *data)
{
LogNFSLogThread *thread = (LogNFSLogThread *)data;
if (thread == NULL) {
return TM_ECODE_OK;
}
if (thread->buffer != NULL) {
MemBufferFree(thread->buffer);
}
SCFree(thread);
return TM_ECODE_OK;
} }
void JsonNFSLogRegister(void) void JsonNFSLogRegister(void)
{ {
/* Register as an eve sub-module. */ /* Register as an eve sub-module. */
OutputRegisterTxSubModule(LOGGER_JSON_NFS, "eve-log", "JsonNFSLog", OutputRegisterTxSubModule(LOGGER_JSON_NFS, "eve-log", "JsonNFSLog",
"eve-log.nfs", OutputNFSLogInitSub, ALPROTO_NFS, "eve-log.nfs", NFSLogInitSub, ALPROTO_NFS,
JsonNFSLogger, JsonNFSLogThreadInit, JsonNFSLogger, JsonLogThreadInit,
JsonNFSLogThreadDeinit, NULL); JsonLogThreadDeinit, NULL);
SCLogDebug("NFS JSON logger registered."); SCLogDebug("NFS JSON logger registered.");
} }

Write Preview
Loading…
Cancel
Save