* \brief Condition function for TLS logger
* \retval bool true or false -- log now?
*/
-static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p)
+static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p, void *state,
+ void *tx, uint64_t tx_id)
{
if (p->flow == NULL) {
return FALSE;
return FALSE;
}
- FLOWLOCK_RDLOCK(p->flow);
- uint16_t proto = FlowGetAppProtocol(p->flow);
- if (proto != ALPROTO_TLS)
- goto dontlog;
-
- SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
+ SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, so no request logging");
goto dontlog;
}
- /* we only log the state once if we don't have to write
- * the cert due to tls.store keyword. */
- if (!(ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) &&
- (ssl_state->flags & SSL_AL_FLAG_STATE_STORED))
+ if ((ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) == 0)
goto dontlog;
if (ssl_state->server_connp.cert0_issuerdn == NULL ||
ssl_state->server_connp.cert0_subject == NULL)
goto dontlog;
- FLOWLOCK_UNLOCK(p->flow);
return TRUE;
dontlog:
- FLOWLOCK_UNLOCK(p->flow);
return FALSE;
}
-static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p)
+static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p,
+ Flow *f, void *state, void *tx, uint64_t tx_id)
{
LogTlsStoreLogThread *aft = (LogTlsStoreLogThread *)thread_data;
int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
- /* check if we have TLS state or not */
- FLOWLOCK_WRLOCK(p->flow);
- uint16_t proto = FlowGetAppProtocol(p->flow);
- if (proto != ALPROTO_TLS)
- goto end;
- SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
+ SSLState *ssl_state = (SSLState *)state;
if (unlikely(ssl_state == NULL)) {
- goto end;
+ return 0;
}
if (ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) {
LogTlsLogPem(aft, p, ssl_state, ipproto);
}
- /* we only store the state once */
- ssl_state->flags |= SSL_AL_FLAG_STATE_STORED;
-end:
- FLOWLOCK_UNLOCK(p->flow);
return 0;
}
SCLogInfo("storing certs in %s", tls_logfile_base_dir);
+ /* enable the logger for the app layer */
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
+
SCReturnPtr(output_ctx, "OutputCtx");
}
tmm_modules[TMM_TLSSTORE].flags = TM_FLAG_LOGAPI_TM;
tmm_modules[TMM_TLSSTORE].priority = 10;
- OutputRegisterPacketModule(MODULE_NAME, "tls-store", LogTlsStoreLogInitCtx,
- LogTlsStoreLogger, LogTlsStoreCondition);
+ OutputRegisterTxModuleWithCondition(MODULE_NAME, "tls-store",
+ LogTlsStoreLogInitCtx, ALPROTO_TLS, LogTlsStoreLogger,
+ LogTlsStoreCondition);
SC_ATOMIC_INIT(cert_id);
projects / people / ms / suricata.git / commitdiff
