Fixed stream handling Fixed some coding style issues

12 years ago · ffac6b71e2
parent ab58ee2676
commit ffac6b71e2
2 changed files with 47 additions and 46 deletions
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -76,11 +76,11 @@ typedef struct JsonAlertLogThread_ {
 * so we can report them in JSON output. */
 static int AlertJsonPrintStreamSegmentCallback(const Packet *p, void *data, uint8_t *buf, uint32_t buflen)
 {
-	MemBuffer *payload = (MemBuffer *)data;
+    MemBuffer *payload = (MemBuffer *)data;

-	PrintStringsToBuffer(payload->buffer, &payload->offset, payload->size,
+    PrintStringsToBuffer(payload->buffer, &payload->offset, payload->size,
                         buf, buflen);
-	return 1;
+    return 1;
 }

 /** Handle the case where no JSON support is compiled in.
@ -132,51 +132,50 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
        /* alert */
        json_object_set_new(js, "alert", ajs);

-	/* payload */
-	if (aft->file_ctx->flags & LOG_JSON_PAYLOAD)
-	{
-		/* Is this a stream?  If so, pack part of it into the payload field */
-		if (pa->flags & PACKET_ALERT_FLAG_STREAM_MATCH && PKT_IS_TCP(p) && p->flow != NULL && p->flow->protoctx != NULL)
-		{
-			uint8_t flag;
+        /* payload */
+        if (aft->file_ctx->flags & LOG_JSON_PAYLOAD) {
+                int stream = (p->proto == IPPROTO_TCP) ?
+                             (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ?
+                             1 : 0) : 0;
+                /* Is this a stream?  If so, pack part of it into the payload field */
+                if (stream) {
+                    uint8_t flag;

 #define JSON_STREAM_BUFFER_SIZE 4096
-			MemBuffer *payload = MemBufferCreateNew(JSON_STREAM_BUFFER_SIZE);
-			MemBufferReset(payload);
-
-			if (p->flowflags & FLOW_PKT_TOSERVER) {
-				flag = FLOW_PKT_TOCLIENT;
-			} else {
-				flag = FLOW_PKT_TOSERVER;
-			}
-
-			StreamSegmentForEach((const Packet *)p, flag,
-				AlertJsonPrintStreamSegmentCallback,
-				(void *)payload);
-			json_object_set_new(js, "payload", json_string((char *)payload->buffer));
-			json_object_set_new(js, "stream", json_integer(1));
-		}
-		/* This is a single packet and not a stream */
-		else
-		{
-			char payload[p->payload_len + 1];
-			uint32_t offset = 0;
-			PrintStringsToBuffer((uint8_t *)payload, &offset, p->payload_len + 1,
-					 p->payload, p->payload_len);
-			json_object_set_new(js, "payload", json_string(payload));
-			json_object_set_new(js, "stream", json_integer(0));
-		}
-	}
-
-	/* base64-encoded full packet */
-	if (aft->file_ctx->flags & LOG_JSON_PACKET)
-	{
-		unsigned long len = GET_PKT_LEN(p) * 2;
-		unsigned char encoded_packet[len];
-		Base64Encode((unsigned char*) GET_PKT_DATA(p), GET_PKT_LEN(p), encoded_packet, &len);
-		json_object_set_new(js, "packet", json_string((char *)encoded_packet));
-	}
+                    MemBuffer *payload = MemBufferCreateNew(JSON_STREAM_BUFFER_SIZE);
+                    MemBufferReset(payload);
+
+                    if (p->flowflags & FLOW_PKT_TOSERVER) {
+                        flag = FLOW_PKT_TOCLIENT;
+                    } else {
+                        flag = FLOW_PKT_TOSERVER;
+                    }
+
+                    StreamSegmentForEach((const Packet *)p, flag,
+                                        AlertJsonPrintStreamSegmentCallback,
+                                        (void *)payload);
+                    json_object_set_new(js, "payload",
+                                        json_string((char *)payload->buffer));
+                    json_object_set_new(js, "stream", json_integer(1));
+                } else {
+                    /* This is a single packet and not a stream */
+                    char payload[p->payload_len + 1];
+                    uint32_t offset = 0;
+                    PrintStringsToBuffer((uint8_t *)payload, &offset,
+                                         p->payload_len + 1,
+                                         p->payload, p->payload_len);
+                    json_object_set_new(js, "payload", json_string(payload));
+                    json_object_set_new(js, "stream", json_integer(0));
+                }
+        }

+        /* base64-encoded full packet */
+        if (aft->file_ctx->flags & LOG_JSON_PACKET) {
+            unsigned long len = GET_PKT_LEN(p) * 2;
+            unsigned char encoded_packet[len];
+            Base64Encode((unsigned char*) GET_PKT_DATA(p), GET_PKT_LEN(p), encoded_packet, &len);
+            json_object_set_new(js, "packet", json_string((char *)encoded_packet));
+        }

        OutputJSONBuffer(js, aft->file_ctx, aft->buffer);
        json_object_del(js, "alert");
--- a/src/util-print.c
+++ b/src/util-print.c
@ -222,7 +222,9 @@ void PrintStringsToBuffer(uint8_t *dst_buf, uint32_t *dst_buf_offset_ptr, uint32
    for (ch = 0; ch < src_buf_len; ch++) {
        PrintBufferData((char *)dst_buf, dst_buf_offset_ptr, dst_buf_size,
                        "%c",
-                        isprint((uint8_t)src_buf[ch]) || src_buf[ch] == '\n' || src_buf[ch] == '\r' ? (uint8_t)src_buf[ch] : '.');
+                        (isprint((uint8_t)src_buf[ch]) ||
+                        src_buf[ch] == '\n' ||
+                        src_buf[ch] == '\r') ? (uint8_t)src_buf[ch] : '.');
    }

    return;