diff --git a/src/alert-json.c b/src/alert-json.c index 22a6fc2890..d3d41bfbb7 100644 --- a/src/alert-json.c +++ b/src/alert-json.c @@ -259,10 +259,44 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative) /* tuple */ json_object_set_new(js, "srcip", json_string(srcip)); - json_object_set_new(js, "sp", json_integer(sp)); + switch(p->proto) { + case IPPROTO_ICMP: + break; + case IPPROTO_UDP: + case IPPROTO_TCP: + case IPPROTO_SCTP: + json_object_set_new(js, "sp", json_integer(sp)); + break; + } json_object_set_new(js, "dstip", json_string(dstip)); - json_object_set_new(js, "dp", json_integer(dp)); + switch(p->proto) { + case IPPROTO_ICMP: + break; + case IPPROTO_UDP: + case IPPROTO_TCP: + case IPPROTO_SCTP: + json_object_set_new(js, "dp", json_integer(dp)); + break; + } json_object_set_new(js, "proto", json_string(proto)); + switch (p->proto) { + case IPPROTO_ICMP: + if (p->icmpv4h) { + json_object_set_new(js, "icmp_type", + json_integer(p->icmpv4h->type)); + json_object_set_new(js, "icmp_code", + json_integer(p->icmpv4h->code)); + } + break; + case IPPROTO_ICMPV6: + if (p->icmpv6h) { + json_object_set_new(js, "icmp_type", + json_integer(p->icmpv6h->type)); + json_object_set_new(js, "icmp_code", + json_integer(p->icmpv6h->code)); + } + break; + } return js; } @@ -318,7 +352,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa json_t *ajs = json_object(); if (ajs == NULL) { - free(js); + json_decref(js); return TM_ECODE_OK; } @@ -339,7 +373,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa json_object_del(js, "alert"); } json_object_clear(js); - free(js); + json_decref(js); return TM_ECODE_OK; } @@ -374,7 +408,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa json_t *ajs = json_object(); if (ajs == NULL) { - free(js); + json_decref(js); return TM_ECODE_OK; } @@ -395,7 +429,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa json_object_del(js, "alert"); } json_object_clear(js); - free(js); + json_decref(js); return TM_ECODE_OK; } @@ -437,7 +471,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue json_t *ajs = json_object(); if (ajs == NULL) { - free(js); + json_decref(js); return TM_ECODE_OK; } @@ -465,7 +499,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue json_object_set_new(js, "alert", ajs); OutputJSON(js, aft, &aft->file_ctx->alerts); json_object_clear(js); - free(js); + json_decref(js); } return TM_ECODE_OK; diff --git a/src/output-dnslog.c b/src/output-dnslog.c index 61b2e1c6a9..2e4d27e27f 100644 --- a/src/output-dnslog.c +++ b/src/output-dnslog.c @@ -95,7 +95,6 @@ static void LogQuery(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*char json_t *djs = json_object(); if (djs == NULL) { - free(js); return; } @@ -180,7 +179,6 @@ static void LogAnswers(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*ch json_t *djs = json_array(); if (djs == NULL) { - free(js); return; } @@ -270,6 +268,7 @@ static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQue AppLayerTransactionUpdateLogId(ALPROTO_DNS_UDP, p->flow); } } + json_decref(js); end: FLOWLOCK_UNLOCK(p->flow); diff --git a/src/output-httplog.c b/src/output-httplog.c index fd86bd60ec..e3d2b1b9cd 100644 --- a/src/output-httplog.c +++ b/src/output-httplog.c @@ -344,7 +344,6 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx /*, ch OutputHttpCtx *http_ctx = aft->http_ctx->data; json_t *hjs = json_object(); if (hjs == NULL) { - free(js); return; } @@ -602,7 +601,7 @@ static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQu AppLayerTransactionUpdateLogId(ALPROTO_HTTP, p->flow); } json_object_clear(js); - free(js); + json_decref(js); end: FLOWLOCK_UNLOCK(p->flow);