aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Introduce packet logging output API

Browse Source 
This patch introduces a new API for outputs that log based on the
packet, such as alert outputs. In converts fast-log to the new API.

The API gets rid of the concept of each logger being a thread module,
but instead there is one thread module that runs all packet loggers.
Through the registration function OutputRegisterPacketModule a log
module can register itself to be considered for each packet.

Each logger registers itself to this new API with 2 functions and the
OutputCtx object that was already used in the old implementation.
The function pointers are:

LogFunc:       the log function

ConditionFunc: this function is called before the LogFunc and only
               if this returns TRUE the LogFunc is called.

For a simple alert logger like fast-log, the condition function will
simply return TRUE if p->alerts.cnt > 0.
pull/797/head
Victor Julien 12 years ago
parent 3474c36b54
commit d43ac9ae98
9 changed files with 387 additions and 153 deletions
Show Stats Download Patch File Download Diff File

1
src/Makefile.am
Unescape Escape View File

@ -214,6 +214,7 @@ log-httplog.c log-httplog.h \
log-pcap.c log-pcap.h \
log-tlslog.c log-tlslog.h \
output.c output.h \
output-packet.c output-packet.h \
packet-queue.c packet-queue.h \
pkt-var.c pkt-var.h \
reputation.c reputation.h \

184
src/alert-fastlog.c
Unescape Escape View File

@ -71,34 +71,19 @@ void AlertFastLogExitPrintStats(ThreadVars *, void *);
void AlertFastLogRegisterTests(void);
static void AlertFastLogDeInitCtx(OutputCtx *);
int AlertFastLogCondition(ThreadVars *tv, const Packet *p);
int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p);
void TmModuleAlertFastLogRegister (void) {
tmm_modules[TMM_ALERTFASTLOG].name = MODULE_NAME;
tmm_modules[TMM_ALERTFASTLOG].ThreadInit = AlertFastLogThreadInit;
tmm_modules[TMM_ALERTFASTLOG].Func = AlertFastLog;
tmm_modules[TMM_ALERTFASTLOG].ThreadExitPrintStats = AlertFastLogExitPrintStats;
tmm_modules[TMM_ALERTFASTLOG].ThreadDeinit = AlertFastLogThreadDeinit;
tmm_modules[TMM_ALERTFASTLOG].RegisterTests = AlertFastLogRegisterTests;
tmm_modules[TMM_ALERTFASTLOG].cap_flags = 0;
OutputRegisterModule(MODULE_NAME, "fast", AlertFastLogInitCtx);
}
void TmModuleAlertFastLogIPv4Register (void) {
tmm_modules[TMM_ALERTFASTLOG4].name = "AlertFastLogIPv4";
tmm_modules[TMM_ALERTFASTLOG4].ThreadInit = AlertFastLogThreadInit;
tmm_modules[TMM_ALERTFASTLOG4].Func = AlertFastLogIPv4;
tmm_modules[TMM_ALERTFASTLOG4].ThreadExitPrintStats = AlertFastLogExitPrintStats;
tmm_modules[TMM_ALERTFASTLOG4].ThreadDeinit = AlertFastLogThreadDeinit;
tmm_modules[TMM_ALERTFASTLOG4].RegisterTests = NULL;
}
void TmModuleAlertFastLogIPv6Register (void) {
tmm_modules[TMM_ALERTFASTLOG6].name = "AlertFastLogIPv6";
tmm_modules[TMM_ALERTFASTLOG6].ThreadInit = AlertFastLogThreadInit;
tmm_modules[TMM_ALERTFASTLOG6].Func = AlertFastLogIPv6;
tmm_modules[TMM_ALERTFASTLOG6].ThreadExitPrintStats = AlertFastLogExitPrintStats;
tmm_modules[TMM_ALERTFASTLOG6].ThreadDeinit = AlertFastLogThreadDeinit;
tmm_modules[TMM_ALERTFASTLOG6].RegisterTests = NULL;
OutputRegisterPacketModule(MODULE_NAME, "fast",
AlertFastLogInitCtx, AlertFastLogger, AlertFastLogCondition);
}
typedef struct AlertFastLogThread_ {
@ -106,75 +91,34 @@ typedef struct AlertFastLogThread_ {
LogFileCtx* file_ctx;
} AlertFastLogThread;
TmEcode AlertFastLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
AlertFastLogThread *aft = (AlertFastLogThread *)data;
int i;
char timebuf[64];
char *action = "";
extern uint8_t engine_mode;
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
char srcip[16], dstip[16];
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
for (i = 0; i < p->alerts.cnt; i++) {
PacketAlert *pa = &p->alerts.alerts[i];
if (unlikely(pa->s == NULL)) {
continue;
}
if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
}
char proto[16] = "";
if (SCProtoNameValid(IPV4_GET_IPPROTO(p)) == TRUE) {
strlcpy(proto, known_proto[IPV4_GET_IPPROTO(p)], sizeof(proto));
} else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IPV4_GET_IPPROTO(p));
}
SCMutexLock(&aft->file_ctx->fp_mutex);
fprintf(aft->file_ctx->fp, "%s %s[**] [%" PRIu32 ":%" PRIu32 ":%"
PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
" {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "\n", timebuf, action,
pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio,
proto, srcip, p->sp, dstip, p->dp);
fflush(aft->file_ctx->fp);
aft->file_ctx->alerts++;
SCMutexUnlock(&aft->file_ctx->fp_mutex);
}
return TM_ECODE_OK;
int AlertFastLogCondition(ThreadVars *tv, const Packet *p) {
return (p->alerts.cnt ? TRUE : FALSE);
}
TmEcode AlertFastLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p)
{
AlertFastLogThread *aft = (AlertFastLogThread *)data;
int i;
char timebuf[64];
char *action = "";
extern uint8_t engine_mode;
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
int decoder_event = 0;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
if (PKT_IS_IPV4(p)) {
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
} else if (PKT_IS_IPV6(p)) {
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
} else {
decoder_event = 1;
}
for (i = 0; i < p->alerts.cnt; i++) {
PacketAlert *pa = &p->alerts.alerts[i];
const PacketAlert *pa = &p->alerts.alerts[i];
if (unlikely(pa->s == NULL)) {
continue;
}
@ -186,67 +130,33 @@ TmEcode AlertFastLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
}
char proto[16] = "";
if (SCProtoNameValid(IP_GET_IPPROTO(p)) == TRUE) {
strlcpy(proto, known_proto[IP_GET_IPPROTO(p)], sizeof(proto));
} else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
}
SCMutexLock(&aft->file_ctx->fp_mutex);
fprintf(aft->file_ctx->fp, "%s %s[**] [%" PRIu32 ":%" PRIu32 ":%"
PRIu32 "] %s [**] [Classification: %s] [Priority: %"
PRIu32 "] {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "\n", timebuf,
action, pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg,
pa->s->prio, proto, srcip, p->sp,
dstip, p->dp);
fflush(aft->file_ctx->fp);
aft->file_ctx->alerts++;
SCMutexUnlock(&aft->file_ctx->fp_mutex);
}
return TM_ECODE_OK;
}
TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
AlertFastLogThread *aft = (AlertFastLogThread *)data;
int i;
char timebuf[64];
char *action = "";
extern uint8_t engine_mode;
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
for (i = 0; i < p->alerts.cnt; i++) {
PacketAlert *pa = &p->alerts.alerts[i];
if (unlikely(pa->s == NULL)) {
continue;
}
if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
if (likely(decoder_event == 0)) {
if (SCProtoNameValid(IP_GET_IPPROTO(p)) == TRUE) {
strlcpy(proto, known_proto[IP_GET_IPPROTO(p)], sizeof(proto));
} else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
}
}
SCMutexLock(&aft->file_ctx->fp_mutex);
fprintf(aft->file_ctx->fp, "%s %s[**] [%" PRIu32 ":%" PRIu32
":%" PRIu32 "] %s [**] [Classification: %s] [Priority: "
"%" PRIu32 "] [**] [Raw pkt: ", timebuf, action, pa->s->gid,
pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio);
PrintRawLineHexFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);
if (p->pcap_cnt != 0) {
fprintf(aft->file_ctx->fp, "] [pcap file packet: %"PRIu64"]\n", p->pcap_cnt);
if (likely(decoder_event == 0)) {
fprintf(aft->file_ctx->fp, "%s %s[**] [%" PRIu32 ":%" PRIu32 ":%"
PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
" {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "\n", timebuf, action,
pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio,
proto, srcip, p->sp, dstip, p->dp);
} else {
fprintf(aft->file_ctx->fp, "]\n");
fprintf(aft->file_ctx->fp, "%s %s[**] [%" PRIu32 ":%" PRIu32
":%" PRIu32 "] %s [**] [Classification: %s] [Priority: "
"%" PRIu32 "] [**] [Raw pkt: ", timebuf, action, pa->s->gid,
pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio);
PrintRawLineHexFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);
if (p->pcap_cnt != 0) {
fprintf(aft->file_ctx->fp, "] [pcap file packet: %"PRIu64"]\n", p->pcap_cnt);
} else {
fprintf(aft->file_ctx->fp, "]\n");
}
}
fflush(aft->file_ctx->fp);
aft->file_ctx->alerts++;
SCMutexUnlock(&aft->file_ctx->fp_mutex);
@ -255,18 +165,6 @@ TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQu
return TM_ECODE_OK;
}
TmEcode AlertFastLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
if (PKT_IS_IPV4(p)) {
return AlertFastLogIPv4(tv, p, data, pq, postpq);
} else if (PKT_IS_IPV6(p)) {
return AlertFastLogIPv6(tv, p, data, pq, postpq);
} else if (p->events.cnt > 0) {
return AlertFastLogDecoderEvent(tv, p, data, pq, postpq);
}
return TM_ECODE_OK;
}
TmEcode AlertFastLogThreadInit(ThreadVars *t, void *initdata, void **data)
{

214
src/output-packet.c
Unescape Escape View File

@ -0,0 +1,214 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Packet Logger Output registration functions
*/
#include "suricata-common.h"
#include "tm-modules.h"
#include "output-packet.h"
typedef struct OutputLoggerThreadStore_ {
void *thread_data;
struct OutputLoggerThreadStore_ *next;
} OutputLoggerThreadStore;
/** per thread data for this module, contains a list of per thread
* data for the packet loggers. */
typedef struct OutputLoggerThreadData_ {
OutputLoggerThreadStore *store;
} OutputLoggerThreadData;
/* logger instance, a module + a output ctx,
* it's perfectly valid that have multiple instances of the same
* log module (e.g. fast.log) with different output ctx'. */
typedef struct OutputPacketLogger_ {
PacketLogger LogFunc;
PacketLogCondition ConditionFunc;
OutputCtx *output_ctx;
struct OutputPacketLogger_ *next;
const char *name;
} OutputPacketLogger;
static OutputPacketLogger *list = NULL;
int OutputRegisterPacketLogger(char *name, PacketLogger LogFunc, PacketLogCondition ConditionFunc, OutputCtx *output_ctx) {
OutputPacketLogger *op = SCMalloc(sizeof(*op));
if (op == NULL)
return -1;
memset(op, 0x00, sizeof(*op));
op->LogFunc = LogFunc;
op->ConditionFunc = ConditionFunc;
op->output_ctx = output_ctx;
op->name = SCStrdup(name);
if (op->name == NULL) {
SCFree(op);
return -1;
}
if (list == NULL)
list = op;
else {
OutputPacketLogger *t = list;
while (t->next)
t = t->next;
t->next = op;
}
SCLogDebug("OutputRegisterPacketLogger happy");
return 0;
}
static TmEcode OutputPacketLog(ThreadVars *tv, Packet *p, void *thread_data, PacketQueue *pq, PacketQueue *postpq) {
BUG_ON(thread_data == NULL);
BUG_ON(list == NULL);
OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
OutputPacketLogger *logger = list;
OutputLoggerThreadStore *store = op_thread_data->store;
BUG_ON(logger == NULL && store != NULL);
BUG_ON(logger != NULL && store == NULL);
BUG_ON(logger == NULL && store == NULL);
while (logger && store) {
BUG_ON(logger->LogFunc == NULL || logger->ConditionFunc == NULL);
if ((logger->ConditionFunc(tv, (const Packet *)p)) == TRUE) {
logger->LogFunc(tv, store->thread_data, (const Packet *)p);
}
logger = logger->next;
store = store->next;
BUG_ON(logger == NULL && store != NULL);
BUG_ON(logger != NULL && store == NULL);
}
return TM_ECODE_OK;
}
/** \brief thread init for the packet logger
* This will run the thread init functions for the individual registered
* loggers */
static TmEcode OutputPacketLogThreadInit(ThreadVars *tv, void *initdata, void **data) {
OutputLoggerThreadData *td = SCMalloc(sizeof(*td));
if (td == NULL)
return TM_ECODE_FAILED;
memset(td, 0x00, sizeof(*td));
*data = (void *)td;
SCLogDebug("OutputPacketLogThreadInit happy (*data %p)", *data);
OutputPacketLogger *logger = list;
while (logger) {
TmModule *tm_module = TmModuleGetByName((char *)logger->name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"TmModuleGetByName for %s failed", logger->name);
exit(EXIT_FAILURE);
}
if (tm_module->ThreadInit) {
void *retptr = NULL;
if (tm_module->ThreadInit(tv, (void *)logger->output_ctx, &retptr) == TM_ECODE_OK) {
OutputLoggerThreadStore *ts = SCMalloc(sizeof(*ts));
/* todo */ BUG_ON(ts == NULL);
memset(ts, 0x00, sizeof(*ts));
/* store thread handle */
ts->thread_data = retptr;
if (td->store == NULL) {
td->store = ts;
} else {
OutputLoggerThreadStore *tmp = td->store;
while (tmp->next != NULL)
tmp = tmp->next;
tmp->next = ts;
}
SCLogDebug("%s is now set up", logger->name);
}
}
logger = logger->next;
}
return TM_ECODE_OK;
}
static TmEcode OutputPacketLogThreadDeinit(ThreadVars *tv, void *thread_data) {
OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
OutputLoggerThreadStore *store = op_thread_data->store;
OutputPacketLogger *logger = list;
while (logger && store) {
TmModule *tm_module = TmModuleGetByName((char *)logger->name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"TmModuleGetByName for %s failed", logger->name);
exit(EXIT_FAILURE);
}
if (tm_module->ThreadDeinit) {
tm_module->ThreadDeinit(tv, store->thread_data);
}
logger = logger->next;
store = store->next;
}
return TM_ECODE_OK;
}
static void OutputPacketLogExitPrintStats(ThreadVars *tv, void *thread_data) {
OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
OutputLoggerThreadStore *store = op_thread_data->store;
OutputPacketLogger *logger = list;
while (logger && store) {
TmModule *tm_module = TmModuleGetByName((char *)logger->name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"TmModuleGetByName for %s failed", logger->name);
exit(EXIT_FAILURE);
}
if (tm_module->ThreadExitPrintStats) {
tm_module->ThreadExitPrintStats(tv, store->thread_data);
}
logger = logger->next;
store = store->next;
}
}
void TmModulePacketLoggerRegister (void) {
tmm_modules[TMM_PACKETLOGGER].name = "__packet_logger__";
tmm_modules[TMM_PACKETLOGGER].ThreadInit = OutputPacketLogThreadInit;
tmm_modules[TMM_PACKETLOGGER].Func = OutputPacketLog;
tmm_modules[TMM_PACKETLOGGER].ThreadExitPrintStats = OutputPacketLogExitPrintStats;
tmm_modules[TMM_PACKETLOGGER].ThreadDeinit = OutputPacketLogThreadDeinit;
tmm_modules[TMM_PACKETLOGGER].cap_flags = 0;
}

44
src/output-packet.h
Unescape Escape View File

@ -0,0 +1,44 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Packet Logger Output registration functions
*/
#ifndef __OUTPUT_PACKET_H__
#define __OUTPUT_PACKET_H__
#include "decode.h"
/** packet logger function pointer type */
typedef int (*PacketLogger)(ThreadVars *, void *thread_data, const Packet *);
/** packet logger condition function pointer type,
* must return true for packets that should be logged
*/
typedef int (*PacketLogCondition)(ThreadVars *, const Packet *);
int OutputRegisterPacketLogger(char *name, PacketLogger LogFunc,
PacketLogCondition ConditionFunc, OutputCtx *);
void TmModulePacketLoggerRegister (void);
#endif /* __OUTPUT_PACKET_H__ */

40
src/output.c
Unescape Escape View File

@ -68,6 +68,46 @@ error:
exit(EXIT_FAILURE);
}
/**
* \brief Register a packet output module.
*
* This function will register an output module so it can be
* configured with the configuration file.
*
* \retval Returns 0 on success, -1 on failure.
*/
void
OutputRegisterPacketModule(char *name, char *conf_name,
OutputCtx *(*InitFunc)(ConfNode *),
PacketLogger PacketLogFunc, PacketLogCondition PacketConditionFunc)
{
if (unlikely(PacketLogFunc == NULL || PacketConditionFunc == NULL)) {
goto error;
}
OutputModule *module = SCCalloc(1, sizeof(*module));
if (unlikely(module == NULL)) {
goto error;
}
module->name = SCStrdup(name);
if (unlikely(module->name == NULL))
goto error;
module->conf_name = SCStrdup(conf_name);
if (unlikely(module->conf_name == NULL))
goto error;
module->InitFunc = InitFunc;
module->PacketLogFunc = PacketLogFunc;
module->PacketConditionFunc = PacketConditionFunc;
TAILQ_INSERT_TAIL(&output_modules, module, entries);
SCLogDebug("Packet logger \"%s\" registered.", name);
return;
error:
SCLogError(SC_ERR_FATAL, "Fatal error encountered. Exiting...");
exit(EXIT_FAILURE);
}
/**
* \brief Get an output module by name.
*

10
src/output.h
Unescape Escape View File

@ -30,15 +30,25 @@
#define DEFAULT_LOG_MODE_APPEND "yes"
#define DEFAULT_LOG_FILETYPE "regular"
#include "output-packet.h"
typedef struct OutputModule_ {
char *name;
char *conf_name;
OutputCtx *(*InitFunc)(ConfNode *);
PacketLogger PacketLogFunc;
PacketLogCondition PacketConditionFunc;
TAILQ_ENTRY(OutputModule_) entries;
} OutputModule;
void OutputRegisterModule(char *, char *, OutputCtx *(*)(ConfNode *));
void OutputRegisterPacketModule(char *name, char *conf_name,
OutputCtx *(*InitFunc)(ConfNode *),
PacketLogger LogFunc, PacketLogCondition ConditionFunc);
OutputModule *OutputGetModuleByConfName(char *name);
void OutputDeregisterAll(void);

41
src/runmodes.c
Unescape Escape View File

@ -423,6 +423,7 @@ void RunModeInitializeOutputs(void)
ConfNode *output, *output_config;
TmModule *tm_module;
TmModule *pkt_logger_module = NULL;
const char *enabled;
TAILQ_FOREACH(output, &outputs->head, next) {
@ -466,7 +467,6 @@ void RunModeInitializeOutputs(void)
"No output module named %s, ignoring", output->val);
continue;
}
OutputCtx *output_ctx = NULL;
if (module->InitFunc != NULL) {
output_ctx = module->InitFunc(output_config);
@ -485,12 +485,39 @@ void RunModeInitializeOutputs(void)
if (strcmp(tmm_modules[TMM_ALERTDEBUGLOG].name, tm_module->name) == 0)
debuglog_enabled = 1;
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (unlikely(runmode_output == NULL))
return;
runmode_output->tm_module = tm_module;
runmode_output->output_ctx = output_ctx;
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
if (module->PacketLogFunc) {
SCLogDebug("%s is a packet logger", module->name);
OutputRegisterPacketLogger(module->name, module->PacketLogFunc,
module->PacketConditionFunc, output_ctx);
/* need one instance of the packet logger module */
if (pkt_logger_module == NULL) {
pkt_logger_module = TmModuleGetByName("__packet_logger__");
if (pkt_logger_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"TmModuleGetByName for __packet_logger__ failed");
exit(EXIT_FAILURE);
}
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (unlikely(runmode_output == NULL))
return;
runmode_output->tm_module = pkt_logger_module;
runmode_output->output_ctx = NULL;
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
SCLogDebug("__packet_logger__ added");
}
} else {
SCLogDebug("%s is a regular logger", module->name);
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (unlikely(runmode_output == NULL))
return;
runmode_output->tm_module = tm_module;
runmode_output->output_ctx = output_ctx;
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
}
}
}

5
src/suricata.c
Unescape Escape View File

@ -151,6 +151,7 @@
#include "reputation.h"
#include "output.h"
#include "output-packet.h"
#include "util-privs.h"
#include "tmqh-packetpool.h"
@ -774,8 +775,6 @@ void RegisterAllModules()
/* fast log */
TmModuleAlertFastLogRegister();
TmModuleAlertFastLogIPv4Register();
TmModuleAlertFastLogIPv6Register();
/* debug log */
TmModuleAlertDebugLogRegister();
/* prelue log */
@ -804,7 +803,7 @@ void RegisterAllModules()
TmModuleLogFilestoreRegister();
/* dns log */
TmModuleLogDnsLogRegister();
/* cuda */
TmModulePacketLoggerRegister();
TmModuleDebugList();
}

1
src/tm-threads-common.h
Unescape Escape View File

@ -79,6 +79,7 @@ typedef enum {
#endif
TMM_RECEIVENAPATECH,
TMM_DECODENAPATECH,
TMM_PACKETLOGGER,
TMM_SIZE,
} TmmId;

Write Preview
Loading…
Cancel
Save