From 4049c2f74c240b02e31495822ded4dab3a6ed7a4 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 5 Dec 2013 16:55:17 +0100
Subject: [PATCH] Packet logging API: convert unified2

Convert unified2 alert to new logging API.
---
 src/alert-debuglog.c       |  4 +--
 src/alert-fastlog.c        |  3 --
 src/alert-unified2-alert.c | 64 +++++++++++++++++++++-----------------
 src/stream-tcp.c           |  2 +-
 src/stream-tcp.h           |  2 +-
 src/stream.c               |  2 +-
 src/stream.h               |  4 +--
 7 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index 1072459756..9189dd31ac 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -168,7 +168,7 @@ static void AlertDebugLogPktVars(AlertDebugLogThread *aft, Packet *p)
 
 /** \todo doc
  * assume we have aft lock */
-static int AlertDebugPrintStreamSegmentCallback(Packet *p, void *data, uint8_t *buf, uint32_t buflen)
+static int AlertDebugPrintStreamSegmentCallback(const Packet *p, void *data, uint8_t *buf, uint32_t buflen)
 {
     AlertDebugLogThread *aft = (AlertDebugLogThread *)data;
 
@@ -332,7 +332,7 @@ TmEcode AlertDebugLogger(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
             } else {
                 flag = FLOW_PKT_TOSERVER;
             }
-            ret = StreamSegmentForEach(p, flag,
+            ret = StreamSegmentForEach((const Packet *)p, flag,
                                  AlertDebugPrintStreamSegmentCallback,
                                  (void *)aft);
             if (ret < 0) {
diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index 425c2794dd..e6be0be08d 100644
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -62,9 +62,6 @@
 
 #define MODULE_NAME "AlertFastLog"
 
-TmEcode AlertFastLog (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-TmEcode AlertFastLogIPv4(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-TmEcode AlertFastLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
 TmEcode AlertFastLogThreadInit(ThreadVars *, void *, void **);
 TmEcode AlertFastLogThreadDeinit(ThreadVars *, void *);
 void AlertFastLogExitPrintStats(ThreadVars *, void *);
diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index e8c56a8985..e7ea9566c9 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -233,27 +233,32 @@ typedef struct Unified2AlertThread_ {
 SC_ATOMIC_DECLARE(unsigned int, unified2_event_id);  /**< Atomic counter, to link relative event */
 
 /** prototypes */
-TmEcode Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
+//TmEcode Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
 TmEcode Unified2AlertThreadInit(ThreadVars *, void *, void **);
 TmEcode Unified2AlertThreadDeinit(ThreadVars *, void *);
-int Unified2IPv4TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
-int Unified2IPv6TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
-int Unified2PacketTypeAlert(Unified2AlertThread *, Packet *, uint32_t, int);
+static int Unified2IPv4TypeAlert(ThreadVars *, const Packet *, void *);
+static int Unified2IPv6TypeAlert(ThreadVars *, const Packet *, void *);
+static int Unified2PacketTypeAlert(Unified2AlertThread *, const Packet *, uint32_t, int);
 void Unified2RegisterTests();
 int Unified2AlertOpenFileCtx(LogFileCtx *, const char *);
 static void Unified2AlertDeInitCtx(OutputCtx *);
 
+int Unified2Condition(ThreadVars *tv, const Packet *p);
+int Unified2Logger(ThreadVars *tv, void *data, const Packet *p);
+
 #define MODULE_NAME "Unified2Alert"
 
 void TmModuleUnified2AlertRegister (void) {
     tmm_modules[TMM_ALERTUNIFIED2ALERT].name = MODULE_NAME;
     tmm_modules[TMM_ALERTUNIFIED2ALERT].ThreadInit = Unified2AlertThreadInit;
-    tmm_modules[TMM_ALERTUNIFIED2ALERT].Func = Unified2Alert;
+//    tmm_modules[TMM_ALERTUNIFIED2ALERT].Func = Unified2Alert;
     tmm_modules[TMM_ALERTUNIFIED2ALERT].ThreadDeinit = Unified2AlertThreadDeinit;
     tmm_modules[TMM_ALERTUNIFIED2ALERT].RegisterTests = Unified2RegisterTests;
     tmm_modules[TMM_ALERTUNIFIED2ALERT].cap_flags = 0;
 
-    OutputRegisterModule(MODULE_NAME, "unified2-alert", Unified2AlertInitCtx);
+    //OutputRegisterModule(MODULE_NAME, "unified2-alert", Unified2AlertInitCtx);
+    OutputRegisterPacketModule(MODULE_NAME, "unified2-alert",
+            Unified2AlertInitCtx, Unified2Logger, Unified2Condition);
 }
 
 /**
@@ -318,7 +323,7 @@ static int Unified2Write(Unified2AlertThread *aun)
     return 1;
 }
 
-static int GetXFFIPFromTx (Packet *p, uint64_t tx_id, char *xff_header, char *dstbuf, int dstbuflen)
+static int GetXFFIPFromTx (const Packet *p, uint64_t tx_id, char *xff_header, char *dstbuf, int dstbuflen)
 {
     uint8_t xff_chain[UNIFIED2_ALERT_XFF_CHAIN_MAXLEN];
     HtpState *htp_state = NULL;
@@ -375,7 +380,7 @@ static int GetXFFIPFromTx (Packet *p, uint64_t tx_id, char *xff_header, char *ds
  *  \retval 1 if the IP has been found and returned in dstbuf
  *  \retval 0 if the IP has not being found or error
  */
-static int GetXFFIP (Packet *p, char *xff_header, char *dstbuf, int dstbuflen)
+static int GetXFFIP (const Packet *p, char *xff_header, char *dstbuf, int dstbuflen)
 {
     HtpState *htp_state = NULL;
     uint64_t tx_id = 0;
@@ -397,21 +402,24 @@ end:
     return 0; // Not found
 }
 
+int Unified2Condition(ThreadVars *tv, const Packet *p) {
+    if (likely(p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)))
+        return FALSE;
+    return TRUE;
+}
+
 /**
  *  \brief Unified2 main entry function
  *
  *  \retval TM_ECODE_OK all is good
  *  \retval TM_ECODE_FAILED serious error
  */
-TmEcode Unified2Alert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+int Unified2Logger (ThreadVars *t, void *data, const Packet *p)
 {
     int ret = 0;
     Unified2AlertThread *aun = (Unified2AlertThread *)data;
     aun->xff_flags = UNIFIED2_ALERT_XFF_DISABLED;
 
-    if (likely(p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)))
-        return TM_ECODE_OK;
-
     /* overwrite mode can only work per u2 block, not per individual
      * alert. So we'll look for an XFF record once */
     if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_OVERWRITE) && p->flow != NULL) {
@@ -446,9 +454,9 @@ TmEcode Unified2Alert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, Pa
     }
 
     if (PKT_IS_IPV4(p)) {
-        ret = Unified2IPv4TypeAlert (t, p, data, pq);
+        ret = Unified2IPv4TypeAlert (t, p, data);
     } else if(PKT_IS_IPV6(p)) {
-        ret = Unified2IPv6TypeAlert (t, p, data, pq);
+        ret = Unified2IPv6TypeAlert (t, p, data);
     } else {
         /* we're only supporting IPv4 and IPv6 */
         return TM_ECODE_OK;
@@ -466,7 +474,7 @@ typedef struct _FakeIPv4Hdr {
     TCPHdr tcph;
 } FakeIPv4Hdr;
 
-static int Unified2ForgeFakeIPv4Header(FakeIPv4Hdr *fakehdr, Packet *p, int pkt_len, char invert)
+static int Unified2ForgeFakeIPv4Header(FakeIPv4Hdr *fakehdr, const Packet *p, int pkt_len, char invert)
 {
     fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl;
     fakehdr->ip4h.ip_proto = p->ip4h->ip_proto;
@@ -499,7 +507,7 @@ typedef struct _FakeIPv6Hdr {
 /**
  *  \param payload_len length of the payload
  */
-static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, Packet *p, int payload_len, char invert)
+static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, const Packet *p, int payload_len, char invert)
 {
     fakehdr->ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc;
     fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP;
@@ -525,7 +533,7 @@ static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, Packet *p, int payl
 /**
  * \brief Write a faked Packet in unified2 file for each stream segment.
  */
-static int Unified2PrintStreamSegmentCallback(Packet *p, void *data, uint8_t *buf, uint32_t buflen)
+static int Unified2PrintStreamSegmentCallback(const Packet *p, void *data, uint8_t *buf, uint32_t buflen)
 {
     int ret = 1;
     Unified2AlertThread *aun = (Unified2AlertThread *)data;
@@ -772,7 +780,7 @@ error:
  *  \retval 0 on succces
  *  \retval -1 on failure
  */
-int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, uint32_t event_id, int stream)
+static int Unified2PacketTypeAlert (Unified2AlertThread *aun, const Packet *p, uint32_t event_id, int stream)
 {
     int ret = 0;
 
@@ -872,18 +880,17 @@ int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, uint32_t event
  *  \param t Thread Variable containing  input/output queue, cpu affinity etc.
  *  \param p Packet struct used to decide for ipv4 or ipv6
  *  \param data Unified2 thread data.
- *  \param pq Packet queue
  *
  *  \retval 0 on succces
  *  \retval -1 on failure
  */
-int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq)
+static int Unified2IPv6TypeAlert (ThreadVars *t, const Packet *p, void *data)
 {
     Unified2AlertThread *aun = (Unified2AlertThread *)data;
     Unified2AlertFileHeader hdr;
     AlertIPv6Unified2 *phdr;
     AlertIPv6Unified2 gphdr;
-    PacketAlert *pa;
+    const PacketAlert *pa;
     int offset, length;
     int ret;
     unsigned int event_id;
@@ -1058,18 +1065,17 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
  *  \param t Thread Variable containing  input/output queue, cpu affinity etc.
  *  \param p Packet struct used to decide for ipv4 or ipv6
  *  \param data Unified2 thread data.
- *  \param pq Packet queue
  *  \retval 0 on succces
  *  \retval -1 on failure
  */
 
-int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
+static int Unified2IPv4TypeAlert (ThreadVars *tv, const Packet *p, void *data)
 {
     Unified2AlertThread *aun = (Unified2AlertThread *)data;
     Unified2AlertFileHeader hdr;
     AlertIPv4Unified2 *phdr;
     AlertIPv4Unified2 gphdr;
-    PacketAlert *pa;
+    const PacketAlert *pa;
     int offset, length;
     int ret;
     unsigned int event_id;
@@ -1571,7 +1577,7 @@ static int Unified2Test01 (void)   {
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
-    ret = Unified2Alert(&tv, p, data, &pq, NULL);
+    ret = Unified2Logger(&tv, data, p);
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
@@ -1660,7 +1666,7 @@ static int Unified2Test02 (void)   {
     if(ret == -1) {
         goto end;
     }
-    ret = Unified2Alert(&tv, p, data, &pq, NULL);
+    ret = Unified2Logger(&tv, data, p);
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
@@ -1756,7 +1762,7 @@ static int Unified2Test03 (void) {
     if(ret == -1) {
         goto end;
     }
-    ret = Unified2Alert(&tv, p, data, &pq, NULL);
+    ret = Unified2Logger(&tv, data, p);
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
@@ -1852,7 +1858,7 @@ static int Unified2Test04 (void)   {
     if(ret == -1) {
         goto end;
     }
-    ret = Unified2Alert(&tv, p, data, &pq, NULL);
+    ret = Unified2Logger(&tv, data, p);
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
@@ -1941,7 +1947,7 @@ static int Unified2Test05 (void)   {
     if(ret == -1) {
         goto end;
     }
-    ret = Unified2Alert(&tv, p, data, &pq, NULL);
+    ret = Unified2Logger(&tv, data, p);
     if(ret == TM_ECODE_FAILED) {
         goto end;
     }
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 1155d2449e..c0dc25bc90 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5394,7 +5394,7 @@ void StreamTcpPseudoPacketCreateStreamEndPacket(Packet *p, TcpSession *ssn, Pack
  * \return -1 in case of error, the number of segment in case of success
  *
  */
-int StreamTcpSegmentForEach(Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
+int StreamTcpSegmentForEach(const Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
 {
     TcpSession *ssn = NULL;
     TcpStream *stream = NULL;
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 97fad866fb..5124ff0416 100644
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -118,7 +118,7 @@ int StreamTcpCheckMemcap(uint64_t);
 
 Packet *StreamTcpPseudoSetup(Packet *, uint8_t *, uint32_t);
 
-int StreamTcpSegmentForEach(Packet *p, uint8_t flag,
+int StreamTcpSegmentForEach(const Packet *p, uint8_t flag,
                         StreamSegmentCallback CallbackFunc,
                         void *data);
 void StreamTcpReassembleConfigEnableOverlapCheck(void);
diff --git a/src/stream.c b/src/stream.c
index 4357a25f73..d6bc3877d9 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -249,7 +249,7 @@ void StreamMsgReturnListToPool(void *list) {
  *
  * \return -1 in case of error, the number of segment in case of success
  */
-int StreamSegmentForEach(Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
+int StreamSegmentForEach(const Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
 {
     switch(p->proto) {
         case IPPROTO_TCP:
diff --git a/src/stream.h b/src/stream.h
index 1e91f2d846..c8453c931c 100644
--- a/src/stream.h
+++ b/src/stream.h
@@ -73,8 +73,8 @@ uint16_t StreamMsgQueueGetMinChunkLen(uint8_t);
 
 void StreamMsgReturnListToPool(void *);
 
-typedef int (*StreamSegmentCallback)(Packet *, void *, uint8_t *, uint32_t);
-int StreamSegmentForEach(Packet *p, uint8_t flag,
+typedef int (*StreamSegmentCallback)(const Packet *, void *, uint8_t *, uint32_t);
+int StreamSegmentForEach(const Packet *p, uint8_t flag,
                       StreamSegmentCallback CallbackFunc,
                       void *data);