From 36644907f52811980a355dd8c2614cebdf8cab98 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 16 May 2019 17:10:56 -0700
Subject: [PATCH] app-layer/logging Add TX packet logging support

Add transactional logging support for packet based loggers, like
the anomaly logger.
---
 src/app-layer-parser.c |  3 +--
 src/output-tx.c        | 31 +++++++++++++++++++------------
 src/output.c           |  2 +-
 src/runmodes.c         |  5 ++++-
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 39069eb151..3c8eab42b9 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1044,8 +1044,7 @@ int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
                                                    uint8_t direction)
 {
     SCEnter();
-    int r = 0;
-    r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
+    int r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
                 StateGetProgressCompletionStatus(direction);
     SCReturnInt(r);
 }
diff --git a/src/output-tx.c b/src/output-tx.c
index aef0f87815..68044db10d 100644
--- a/src/output-tx.c
+++ b/src/output-tx.c
@@ -72,7 +72,7 @@ int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
                            ThreadDeinitFunc ThreadDeinit,
                            void (*ThreadExitPrintStats)(ThreadVars *, void *))
 {
-    if (!(AppLayerParserIsTxAware(alproto))) {
+    if (alproto != ALPROTO_UNKNOWN && !(AppLayerParserIsTxAware(alproto))) {
         SCLogNotice("%s logger not enabled: protocol %s is disabled",
             name, AppProtoToString(alproto));
         return -1;
@@ -93,7 +93,9 @@ int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
     op->ThreadDeinit = ThreadDeinit;
     op->ThreadExitPrintStats = ThreadExitPrintStats;
 
-    if (tc_log_progress < 0) {
+    if (alproto == ALPROTO_UNKNOWN) {
+        op->tc_log_progress = 0;
+    } else if (tc_log_progress < 0) {
         op->tc_log_progress =
             AppLayerParserGetStateProgressCompletionStatus(alproto,
                                                            STREAM_TOCLIENT);
@@ -101,7 +103,9 @@ int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
         op->tc_log_progress = tc_log_progress;
     }
 
-    if (ts_log_progress < 0) {
+    if (alproto == ALPROTO_UNKNOWN) {
+        op->ts_log_progress = 0;
+    } else if (ts_log_progress < 0) {
         op->ts_log_progress =
             AppLayerParserGetStateProgressCompletionStatus(alproto,
                                                            STREAM_TOSERVER);
@@ -200,13 +204,15 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
         while (logger && store) {
             DEBUG_VALIDATE_BUG_ON(logger->LogFunc == NULL);
 
-            SCLogDebug("logger %p, LogCondition %p, ts_log_progress %d "
-                    "tc_log_progress %d", logger, logger->LogCondition,
+            SCLogDebug("logger %p, Alproto %d LogCondition %p, ts_log_progress %d "
+                    "tc_log_progress %d", logger, logger->alproto, logger->LogCondition,
                     logger->ts_log_progress, logger->tc_log_progress);
-            if (logger->alproto == alproto &&
-                (tx_logged_old & (1<<logger->logger_id)) == 0)
-            {
-                SCLogDebug("alproto match, logging tx_id %"PRIu64, tx_id);
+            /* always invoke "wild card" tx loggers */
+            if (logger->alproto == ALPROTO_UNKNOWN ||
+                (logger->alproto == alproto &&
+                 (tx_logged_old & (1<<logger->logger_id)) == 0)) {
+
+                SCLogDebug("alproto match %d, logging tx_id %"PRIu64, logger->alproto, tx_id);
 
                 if (!(AppLayerParserStateIssetFlag(f->alparser,
                                                    APP_LAYER_PARSER_EOF))) {
@@ -229,13 +235,14 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
                     }
                 }
 
-                SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id,
-                    logger->logger_id);
+                SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id, logger->logger_id);
                 PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
                 logger->LogFunc(tv, store->thread_data, p, f, alstate, tx, tx_id);
                 PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
 
-                tx_logged |= (1<<logger->logger_id);
+                if (alproto != ALPROTO_UNKNOWN) {
+                    tx_logged |= (1<<logger->logger_id);
+                }
             }
 
 next_logger:
diff --git a/src/output.c b/src/output.c
index 154319ac10..a735fd74cb 100644
--- a/src/output.c
+++ b/src/output.c
@@ -308,7 +308,7 @@ static void OutputRegisterTxSubModuleWrapper(LoggerId id, const char *parent_nam
     module->ThreadExitPrintStats = ThreadExitPrintStats;
     TAILQ_INSERT_TAIL(&output_modules, module, entries);
 
-    SCLogDebug("Tx logger \"%s\" registered.", name);
+    SCLogDebug("Tx logger for alproto %d \"%s\" registered.", alproto, name);
     return;
 error:
     SCLogError(SC_ERR_FATAL, "Fatal error encountered. Exiting...");
diff --git a/src/runmodes.c b/src/runmodes.c
index 95f8f38686..6485222f60 100644
--- a/src/runmodes.c
+++ b/src/runmodes.c
@@ -588,7 +588,10 @@ static void SetupOutput(const char *name, OutputModule *module, OutputCtx *outpu
                 module->ts_log_progress, module->TxLogCondition,
                 module->ThreadInit, module->ThreadDeinit,
                 module->ThreadExitPrintStats);
-        logger_bits[module->alproto] |= (1<<module->logger_id);
+        /* Not used with wild card loggers */
+        if (module->alproto != ALPROTO_UNKNOWN) {
+            logger_bits[module->alproto] |= (1<<module->logger_id);
+        }
     } else if (module->FiledataLogFunc) {
         SCLogDebug("%s is a filedata logger", module->name);
         OutputRegisterFiledataLogger(module->logger_id, module->name,