aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dns-log: remove, not supported now that Rust is required

Browse Source 
The non-json line based DNS log is not supported with Rust only
builds and has been scheduled for removal in Suricata 5.0.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2297
pull/3801/head
Jason Ish 6 years ago committed by Victor Julien
parent 75a018ead2
commit 78b82ce6a5
5 changed files with 2 additions and 416 deletions
Show Stats Download Patch File Download Diff File

1
src/Makefile.am
Unescape Escape View File

@ -286,7 +286,6 @@ ippair-bit.c ippair-bit.h \
ippair-queue.c ippair-queue.h \
ippair-storage.c ippair-storage.h \
ippair-timeout.c ippair-timeout.h \
log-dnslog.c log-dnslog.h \
log-droplog.c log-droplog.h \
log-filestore.c log-filestore.h \
log-cf-common.c log-cf-common.h \

380
src/log-dnslog.c
Unescape Escape View File

@ -1,380 +0,0 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Implements dns logging portion of the engine.
*/
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "log-dnslog.h"
#include "app-layer-dns-common.h"
#include "app-layer-dns-udp.h"
#include "app-layer.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "util-time.h"
#ifndef HAVE_RUST
#define DEFAULT_LOG_FILENAME "dns.log"
#define MODULE_NAME "LogDnsLog"
#define OUTPUT_BUFFER_SIZE 65535
/* we can do query logging as well, but it's disabled for now as the
* TX id handling doesn't expect it */
#define QUERY 0
typedef struct LogDnsFileCtx_ {
LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
} LogDnsFileCtx;
typedef struct LogDnsLogThread_ {
LogDnsFileCtx *dnslog_ctx;
/** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
uint32_t dns_cnt;
MemBuffer *buffer;
} LogDnsLogThread;
static void LogQuery(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, DNSTransaction *tx, DNSQueryEntry *entry)
{
LogDnsFileCtx *hlog = aft->dnslog_ctx;
SCLogDebug("got a DNS request and now logging !!");
/* reset */
MemBufferReset(aft->buffer);
/* time & tx */
MemBufferWriteString(aft->buffer,
"%s [**] Query TX %04x [**] ", timebuf, tx->tx_id);
/* query */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)((uint8_t *)entry + sizeof(DNSQueryEntry)),
entry->len);
char record[16] = "";
DNSCreateTypeString(entry->type, record, sizeof(record));
MemBufferWriteString(aft->buffer,
" [**] %s [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
record, srcip, sp, dstip, dp);
hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
}
static void LogAnswer(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, DNSTransaction *tx, DNSAnswerEntry *entry)
{
LogDnsFileCtx *hlog = aft->dnslog_ctx;
SCLogDebug("got a DNS response and now logging !!");
/* reset */
MemBufferReset(aft->buffer);
/* time & tx*/
MemBufferWriteString(aft->buffer,
"%s [**] Response TX %04x [**] ", timebuf, tx->tx_id);
if (entry == NULL) {
if (tx->rcode) {
char rcode[16] = "";
DNSCreateRcodeString(tx->rcode, rcode, sizeof(rcode));
MemBufferWriteString(aft->buffer, "%s", rcode);
} else if (tx->recursion_desired) {
MemBufferWriteString(aft->buffer, "Recursion Desired");
}
} else {
/* query */
if (entry->fqdn_len > 0) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)((uint8_t *)entry + sizeof(DNSAnswerEntry)),
entry->fqdn_len);
} else {
MemBufferWriteString(aft->buffer, "<no data>");
}
char record[16] = "";
DNSCreateTypeString(entry->type, record, sizeof(record));
MemBufferWriteString(aft->buffer,
" [**] %s [**] TTL %u [**] ", record, entry->ttl);
uint8_t *ptr = (uint8_t *)((uint8_t *)entry + sizeof(DNSAnswerEntry) + entry->fqdn_len);
if (entry->type == DNS_RECORD_TYPE_A && entry->data_len == 4) {
char a[16] = "";
PrintInet(AF_INET, (const void *)ptr, a, sizeof(a));
MemBufferWriteString(aft->buffer, "%s", a);
} else if (entry->type == DNS_RECORD_TYPE_AAAA && entry->data_len == 16) {
char a[46];
PrintInet(AF_INET6, (const void *)ptr, a, sizeof(a));
MemBufferWriteString(aft->buffer, "%s", a);
} else if (entry->data_len == 0) {
MemBufferWriteString(aft->buffer, "<no data>");
} else {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, ptr, entry->data_len);
}
}
/* ip/tcp header info */
MemBufferWriteString(aft->buffer,
" [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
srcip, sp, dstip, dp);
hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
}
static int LogDnsLogger(ThreadVars *tv, void *data, const Packet *p,
Flow *f, void *state, void *tx, uint64_t tx_id, uint8_t direction)
{
LogDnsLogThread *aft = (LogDnsLogThread *)data;
DNSTransaction *dns_tx = (DNSTransaction *)tx;
SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt);
char timebuf[64];
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
int ipproto = 0;
if (PKT_IS_IPV4(p))
ipproto = AF_INET;
else if (PKT_IS_IPV6(p))
ipproto = AF_INET6;
char srcip[46], dstip[46];
Port sp, dp;
if ((PKT_IS_TOCLIENT(p))) {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->sp;
dp = p->dp;
} else {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->dp;
dp = p->sp;
}
if (direction == STREAM_TOSERVER) {
DNSQueryEntry *query = NULL;
TAILQ_FOREACH(query, &dns_tx->query_list, next) {
LogQuery(aft, timebuf, dstip, srcip, dp, sp, dns_tx, query);
}
} else if (direction == STREAM_TOCLIENT) {
if (dns_tx->rcode)
LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL);
if (dns_tx->recursion_desired)
LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL);
DNSAnswerEntry *entry = NULL;
TAILQ_FOREACH(entry, &dns_tx->answer_list, next) {
LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry);
}
entry = NULL;
TAILQ_FOREACH(entry, &dns_tx->authority_list, next) {
LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry);
}
}
aft->dns_cnt++;
end:
return 0;
}
static int LogDnsRequestLogger(ThreadVars *tv, void *data, const Packet *p,
Flow *f, void *state, void *tx, uint64_t tx_id)
{
return LogDnsLogger(tv, data, p, f, state, tx, tx_id, STREAM_TOSERVER);
}
static int LogDnsResponseLogger(ThreadVars *tv, void *data, const Packet *p,
Flow *f, void *state, void *tx, uint64_t tx_id)
{
return LogDnsLogger(tv, data, p, f, state, tx, tx_id, STREAM_TOCLIENT);
}
static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
{
LogDnsLogThread *aft = SCMalloc(sizeof(LogDnsLogThread));
if (unlikely(aft == NULL))
return TM_ECODE_FAILED;
memset(aft, 0, sizeof(LogDnsLogThread));
if(initdata == NULL)
{
SCLogDebug("Error getting context for LogDNSLog. \"initdata\" argument NULL");
SCFree(aft);
return TM_ECODE_FAILED;
}
aft->buffer = MemBufferCreateNew(OUTPUT_BUFFER_SIZE);
if (aft->buffer == NULL) {
SCFree(aft);
return TM_ECODE_FAILED;
}
/* Use the Ouptut Context (file pointer and mutex) */
aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
*data = (void *)aft;
return TM_ECODE_OK;
}
static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
{
LogDnsLogThread *aft = (LogDnsLogThread *)data;
if (aft == NULL) {
return TM_ECODE_OK;
}
MemBufferFree(aft->buffer);
/* clear memory */
memset(aft, 0, sizeof(LogDnsLogThread));
SCFree(aft);
return TM_ECODE_OK;
}
static void LogDnsLogExitPrintStats(ThreadVars *tv, void *data)
{
LogDnsLogThread *aft = (LogDnsLogThread *)data;
if (aft == NULL) {
return;
}
SCLogInfo("DNS logger logged %" PRIu32 " transactions", aft->dns_cnt);
}
static void LogDnsLogDeInitCtx(OutputCtx *output_ctx)
{
LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
LogFileFreeCtx(dnslog_ctx->file_ctx);
SCFree(dnslog_ctx);
SCFree(output_ctx);
}
/** \brief Create a new dns log LogFileCtx.
* \param conf Pointer to ConfNode containing this loggers configuration.
* \return NULL if failure, LogFileCtx* to the file_ctx if succesful
* */
static OutputInitResult LogDnsLogInitCtx(ConfNode *conf)
{
OutputInitResult result = { NULL, false };
LogFileCtx* file_ctx = LogFileNewCtx();
if(file_ctx == NULL) {
SCLogError(SC_ERR_DNS_LOG_GENERIC, "couldn't create new file_ctx");
return result;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
LogFileFreeCtx(file_ctx);
return result;
}
LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
if (unlikely(dnslog_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return result;
}
memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
dnslog_ctx->file_ctx = file_ctx;
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
SCFree(dnslog_ctx);
return result;
}
output_ctx->data = dnslog_ctx;
output_ctx->DeInit = LogDnsLogDeInitCtx;
SCLogDebug("DNS log output initialized");
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
result.ctx = output_ctx;
result.ok = true;
return result;
}
#endif /* !HAVE_RUST */
void LogDnsLogRegister (void)
{
#ifndef HAVE_RUST
/* Request logger. */
OutputRegisterTxModuleWithProgress(LOGGER_DNS_TS, MODULE_NAME, "dns-log",
LogDnsLogInitCtx, ALPROTO_DNS, LogDnsRequestLogger, 0, 1,
LogDnsLogThreadInit, LogDnsLogThreadDeinit, LogDnsLogExitPrintStats);
/* Response logger. */
OutputRegisterTxModuleWithProgress(LOGGER_DNS_TC, MODULE_NAME, "dns-log",
LogDnsLogInitCtx, ALPROTO_DNS, LogDnsResponseLogger, 1, 1,
LogDnsLogThreadInit, LogDnsLogThreadDeinit, LogDnsLogExitPrintStats);
/* enable the logger for the app layer */
SCLogDebug("registered %s", MODULE_NAME);
#endif /* !HAVE_RUST */
}

29
src/log-dnslog.h
Unescape Escape View File

@ -1,29 +0,0 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __LOG_DNSLOG_H__
#define __LOG_DNSLOG_H__
void LogDnsLogRegister(void);
#endif /* __LOG_DNSLOG_H__ */

4
src/output.c
Unescape Escape View File

@ -53,7 +53,6 @@
#include "output-json-drop.h"
#include "log-httplog.h"
#include "output-json-http.h"
#include "log-dnslog.h"
#include "output-json-dns.h"
#include "log-tlslog.h"
#include "log-tlsstore.h"
@ -1072,8 +1071,7 @@ void OutputRegisterLoggers(void)
JsonFileLogRegister();
LogFilestoreRegister();
OutputFilestoreRegister();
/* dns log */
LogDnsLogRegister();
/* dns */
JsonDnsLogRegister();
/* tcp streaming data */
LogTcpDataLogRegister();

4
src/runmodes.c
Unescape Escape View File

@ -800,11 +800,9 @@ void RunModeInitializeOutputs(void)
continue;
#endif
} else if (strcmp(output->val, "dns-log") == 0) {
#ifdef HAVE_RUST
SCLogWarning(SC_ERR_NOT_SUPPORTED,
"dns-log is not available when Rust is enabled.");
"dns-log is not longer available as of Suricata 5.0");
continue;
#endif
} else if (strcmp(output->val, "tls-log") == 0) {
tls_log_enabled = 1;
}

Write Preview
Loading…
Cancel
Save