SCMutexUnlock(&aft->file_ctx->fp_mutex);
}
-static int LogFileLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff)
+static int LogFileLogger(ThreadVars *tv, void *thread_data, const Packet *p,
+ const File *ff, uint8_t dir)
{
SCEnter();
LogFileLogThread *aft = (LogFileLogThread *)thread_data;
}
static int LogFilestoreLogger(ThreadVars *tv, void *thread_data, const Packet *p,
- File *ff, const uint8_t *data, uint32_t data_len, uint8_t flags)
+ File *ff, const uint8_t *data, uint32_t data_len, uint8_t flags, uint8_t dir)
{
SCEnter();
LogFilestoreLogThread *aft = (LogFilestoreLogThread *)thread_data;
static void OutputFileLogFfc(ThreadVars *tv,
OutputLoggerThreadData *op_thread_data,
Packet *p,
- FileContainer *ffc, const bool file_close, const bool file_trunc)
+ FileContainer *ffc, const bool file_close, const bool file_trunc,
+ uint8_t dir)
{
SCLogDebug("ffc %p", ffc);
if (ffc != NULL) {
SCLogDebug("logger %p", logger);
PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
- logger->LogFunc(tv, store->thread_data, (const Packet *)p, (const File *)ff);
+ logger->LogFunc(tv, store->thread_data, (const Packet *)p, (const File *)ff, dir);
PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
file_logged = true;
FileContainer *ffc_tc = AppLayerParserGetFiles(p->proto, f->alproto,
f->alstate, STREAM_TOCLIENT);
- OutputFileLogFfc(tv, op_thread_data, p, ffc_ts, file_close_ts, file_trunc);
- OutputFileLogFfc(tv, op_thread_data, p, ffc_tc, file_close_tc, file_trunc);
+ OutputFileLogFfc(tv, op_thread_data, p, ffc_ts, file_close_ts, file_trunc, STREAM_TOSERVER);
+ OutputFileLogFfc(tv, op_thread_data, p, ffc_tc, file_close_tc, file_trunc, STREAM_TOCLIENT);
return TM_ECODE_OK;
}
#include "util-file.h"
/** packet logger function pointer type */
-typedef int (*FileLogger)(ThreadVars *, void *thread_data, const Packet *, const File *);
+typedef int (*FileLogger)(ThreadVars *, void *thread_data, const Packet *,
+ const File *, uint8_t direction);
/** packet logger condition function pointer type,
* must return true for packets that should be logged
static int CallLoggers(ThreadVars *tv, OutputLoggerThreadStore *store_list,
Packet *p, File *ff,
- const uint8_t *data, uint32_t data_len, uint8_t flags)
+ const uint8_t *data, uint32_t data_len, uint8_t flags, uint8_t dir)
{
OutputFiledataLogger *logger = list;
OutputLoggerThreadStore *store = store_list;
SCLogDebug("logger %p", logger);
PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
- logger->LogFunc(tv, store->thread_data, (const Packet *)p, ff, data, data_len, flags);
+ logger->LogFunc(tv, store->thread_data, (const Packet *)p, ff, data, data_len, flags, dir);
PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
file_logged = 1;
static void OutputFiledataLogFfc(ThreadVars *tv, OutputLoggerThreadStore *store,
Packet *p, FileContainer *ffc, const uint8_t call_flags,
- const bool file_close, const bool file_trunc)
+ const bool file_close, const bool file_trunc, const uint8_t dir)
{
if (ffc != NULL) {
File *ff;
if (ff->state < FILE_STATE_CLOSED) {
FileCloseFilePtr(ff, NULL, 0, FILE_TRUNCATED);
}
- CallLoggers(tv, store, p, ff, NULL, 0, OUTPUT_FILEDATA_FLAG_CLOSE);
+ CallLoggers(tv, store, p, ff, NULL, 0, OUTPUT_FILEDATA_FLAG_CLOSE, dir);
ff->flags |= FILE_STORED;
continue;
}
&data, &data_len,
ff->content_stored);
- const int file_logged = CallLoggers(tv, store, p, ff, data, data_len, file_flags);
+ const int file_logged = CallLoggers(tv, store, p, ff, data, data_len, file_flags, dir);
if (file_logged) {
ff->content_stored += data_len;
FileContainer *ffc_tc = AppLayerParserGetFiles(p->proto, f->alproto,
f->alstate, STREAM_TOCLIENT);
SCLogDebug("ffc_ts %p", ffc_ts);
- OutputFiledataLogFfc(tv, store, p, ffc_ts, STREAM_TOSERVER, file_close_ts, file_trunc);
+ OutputFiledataLogFfc(tv, store, p, ffc_ts, STREAM_TOSERVER, file_close_ts, file_trunc, STREAM_TOSERVER);
SCLogDebug("ffc_tc %p", ffc_tc);
- OutputFiledataLogFfc(tv, store, p, ffc_tc, STREAM_TOCLIENT, file_close_tc, file_trunc);
+ OutputFiledataLogFfc(tv, store, p, ffc_tc, STREAM_TOCLIENT, file_close_tc, file_trunc, STREAM_TOCLIENT);
return TM_ECODE_OK;
}
/** filedata logger function pointer type */
typedef int (*FiledataLogger)(ThreadVars *, void *thread_data, const Packet *,
- File *, const uint8_t *, uint32_t, uint8_t);
+ File *, const uint8_t *, uint32_t, uint8_t, uint8_t dir);
/** packet logger condition function pointer type,
* must return true for packets that should be logged
static void OutputFilestoreFinalizeFiles(ThreadVars *tv,
const OutputFilestoreLogThread *oft, const OutputFilestoreCtx *ctx,
- const Packet *p, File *ff) {
+ const Packet *p, File *ff, uint8_t dir) {
/* Stringify the SHA256 which will be used in the final
* filename. */
char sha256string[(SHA256_LENGTH * 2) + 1];
snprintf(js_metadata_filename, sizeof(js_metadata_filename),
"%s.%"PRIuMAX".%u.json", final_filename,
(uintmax_t)p->ts.tv_sec, ff->file_store_id);
- json_t *js_fileinfo = JsonBuildFileInfoRecord(p, ff, true);
+ json_t *js_fileinfo = JsonBuildFileInfoRecord(p, ff, true, dir);
if (likely(js_fileinfo != NULL)) {
json_dump_file(js_fileinfo, js_metadata_filename, 0);
json_decref(js_fileinfo);
static int OutputFilestoreLogger(ThreadVars *tv, void *thread_data,
const Packet *p, File *ff, const uint8_t *data, uint32_t data_len,
- uint8_t flags)
+ uint8_t flags, uint8_t dir)
{
SCEnter();
OutputFilestoreLogThread *aft = (OutputFilestoreLogThread *)thread_data;
ff->fd = -1;
SC_ATOMIC_SUB(filestore_open_file_cnt, 1);
}
- OutputFilestoreFinalizeFiles(tv, aft, ctx, p, ff);
+ OutputFilestoreFinalizeFiles(tv, aft, ctx, p, ff, dir);
}
return 0;
#include "util-time.h"
#include "util-buffer.h"
#include "util-byte.h"
+#include "util-validate.h"
#include "log-file.h"
#include "util-logopenfile.h"
} JsonFileLogThread;
json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff,
- const bool stored)
+ const bool stored, uint8_t dir)
{
- json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "fileinfo");
json_t *hjs = NULL;
+ enum OutputJsonLogDirection fdir = LOG_DIR_FLOW;
+
+ switch(dir) {
+ case STREAM_TOCLIENT:
+ fdir = LOG_DIR_FLOW_TOCLIENT;
+ break;
+ case STREAM_TOSERVER:
+ fdir = LOG_DIR_FLOW_TOSERVER;
+ break;
+ default:
+ DEBUG_VALIDATE_BUG_ON(1);
+ break;
+ }
+
+ json_t *js = CreateJSONHeader(p, fdir, "fileinfo");
if (unlikely(js == NULL))
return NULL;
* \internal
* \brief Write meta data on a single line json record
*/
-static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
+static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p,
+ const File *ff, uint32_t dir)
{
json_t *js = JsonBuildFileInfoRecord(p, ff,
- ff->flags & FILE_STORED ? true : false);
+ ff->flags & FILE_STORED ? true : false, dir);
if (unlikely(js == NULL)) {
return;
}
json_decref(js);
}
-static int JsonFileLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff)
+static int JsonFileLogger(ThreadVars *tv, void *thread_data, const Packet *p,
+ const File *ff, uint8_t dir)
{
SCEnter();
JsonFileLogThread *aft = (JsonFileLogThread *)thread_data;
SCLogDebug("ff %p", ff);
- FileWriteJsonRecord(aft, p, ff);
+ FileWriteJsonRecord(aft, p, ff, dir);
return 0;
}
#ifdef HAVE_LIBJANSSON
json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff,
- const bool stored);
+ const bool stored, uint8_t dir);
#endif
#endif /* __OUTPUT_JSON_FILE_H__ */
dstip[0] = '\0';
switch (dir) {
+ case LOG_DIR_PACKET:
+ if (PKT_IS_IPV4(p)) {
+ PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p),
+ dstip, sizeof(dstip));
+ } else if (PKT_IS_IPV6(p)) {
+ PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p),
+ dstip, sizeof(dstip));
+ }
+ sp = p->sp;
+ dp = p->dp;
+ break;
case LOG_DIR_FLOW:
+ case LOG_DIR_FLOW_TOSERVER:
if ((PKT_IS_TOSERVER(p))) {
if (PKT_IS_IPV4(p)) {
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p),
dp = p->sp;
}
break;
- case LOG_DIR_PACKET:
- if (PKT_IS_IPV4(p)) {
- PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p),
- srcip, sizeof(srcip));
- PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p),
- dstip, sizeof(dstip));
- } else if (PKT_IS_IPV6(p)) {
- PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p),
- srcip, sizeof(srcip));
- PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p),
- dstip, sizeof(dstip));
+ case LOG_DIR_FLOW_TOCLIENT:
+ if ((PKT_IS_TOCLIENT(p))) {
+ if (PKT_IS_IPV4(p)) {
+ PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p),
+ dstip, sizeof(dstip));
+ } else if (PKT_IS_IPV6(p)) {
+ PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p),
+ dstip, sizeof(dstip));
+ }
+ sp = p->sp;
+ dp = p->dp;
+ } else {
+ if (PKT_IS_IPV4(p)) {
+ PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p),
+ dstip, sizeof(dstip));
+ } else if (PKT_IS_IPV6(p)) {
+ PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p),
+ srcip, sizeof(srcip));
+ PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p),
+ dstip, sizeof(dstip));
+ }
+ sp = p->dp;
+ dp = p->sp;
}
- sp = p->sp;
- dp = p->dp;
break;
default:
DEBUG_VALIDATE_BUG_ON(1);
enum OutputJsonLogDirection {
LOG_DIR_PACKET = 0,
LOG_DIR_FLOW,
+ LOG_DIR_FLOW_TOCLIENT,
+ LOG_DIR_FLOW_TOSERVER,
};
/* helper struct for OutputJSONMemBufferCallback */
*
* NOTE p->flow is locked at this point
*/
-static int LuaFileLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff)
+static int LuaFileLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff, uint8_t dir)
{
SCEnter();
LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data;
projects / thirdparty / suricata.git / commitdiff
