aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output/flow: Improve protocol output handling

Browse Source 
This commit improves handling of the protocol label by removing an
unnecessary copy.

Additionally, unknown protocol values are no longer zero-padded.
pull/5146/head
Jeff Lucovsky 6 years ago committed by Victor Julien
parent 5776a98f67
commit a06a706078
2 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File

15
src/output-json-flow.c
Unescape Escape View File

@ -102,13 +102,6 @@ static JsonBuilder *CreateEveHeaderFromFlow(const Flow *f, const char *event_typ
dp = f->sp;
}
char proto[16];
if (SCProtoNameValid(f->proto) == TRUE) {
strlcpy(proto, known_proto[f->proto], sizeof(proto));
} else {
snprintf(proto, sizeof(proto), "%03" PRIu32, f->proto);
}
/* time */
jb_set_string(jb, "timestamp", timebuf);
@ -160,7 +153,15 @@ static JsonBuilder *CreateEveHeaderFromFlow(const Flow *f, const char *event_typ
jb_set_uint(jb, "dest_port", dp);
break;
}
if (SCProtoNameValid(f->proto)) {
jb_set_string(jb, "proto", known_proto[f->proto]);
} else {
char proto[4];
snprintf(proto, sizeof(proto), "%"PRIu8"", f->proto);
jb_set_string(jb, "proto", proto);
}
switch (f->proto) {
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:

17
src/output-json-netflow.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2014 Open Information Security Foundation
/* Copyright (C) 2014-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -106,13 +106,6 @@ static JsonBuilder *CreateEveHeaderFromFlow(const Flow *f, const char *event_typ
dp = f->sp;
}
char proto[16];
if (SCProtoNameValid(f->proto) == TRUE) {
strlcpy(proto, known_proto[f->proto], sizeof(proto));
} else {
snprintf(proto, sizeof(proto), "%03" PRIu32, f->proto);
}
/* time */
jb_set_string(js, "timestamp", timebuf);
@ -164,7 +157,15 @@ static JsonBuilder *CreateEveHeaderFromFlow(const Flow *f, const char *event_typ
jb_set_uint(js, "dest_port", dp);
break;
}
if (SCProtoNameValid(f->proto)) {
jb_set_string(js, "proto", known_proto[f->proto]);
} else {
char proto[4];
snprintf(proto, sizeof(proto), "%"PRIu8"", f->proto);
jb_set_string(js, "proto", proto);
}
switch (f->proto) {
case IPPROTO_ICMP:
case IPPROTO_ICMPV6: {

Write Preview
Loading…
Cancel
Save