if (unlikely(jb == NULL))
return TM_ECODE_OK;
NetFlowLogEveToServer(jb, f);
- EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb);
+ EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb, LOG_DIR_FLOW_TOSERVER);
OutputJsonBuilderBuffer(jb, jhl);
jb_free(jb);
if (unlikely(jb == NULL))
return TM_ECODE_OK;
NetFlowLogEveToClient(jb, f);
- EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb);
+ EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb, LOG_DIR_FLOW_TOCLIENT);
OutputJsonBuilderBuffer(jb, jhl);
jb_free(jb);
}
static void OutputJsonDeInitCtx(OutputCtx *);
static void CreateEveCommunityFlowId(JsonBuilder *js, const Flow *f, const uint16_t seed);
-static int CreateJSONEther(JsonBuilder *parent, const Packet *p, const Flow *f);
+static int CreateJSONEther(
+ JsonBuilder *parent, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir);
static const char *TRAFFIC_ID_PREFIX = "traffic/id/";
static const char *TRAFFIC_LABEL_PREFIX = "traffic/label/";
}
}
-void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
- const Packet *p, const Flow *f, JsonBuilder *js)
+void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
+ JsonBuilder *js, enum OutputJsonLogDirection dir)
{
if (cfg->include_metadata) {
EveAddMetadata(p, f, js);
}
if (cfg->include_ethernet) {
- CreateJSONEther(js, p, f);
+ CreateJSONEther(js, p, f, dir);
}
if (cfg->include_community_id && f != NULL) {
CreateEveCommunityFlowId(js, f, cfg->community_id_seed);
return 0;
}
-static int CreateJSONEther(JsonBuilder *js, const Packet *p, const Flow *f)
+static int CreateJSONEther(
+ JsonBuilder *js, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir)
{
if (p != NULL) {
/* this is a packet context, so we need to add scalar fields */
if (PacketIsEthernet(p)) {
const EthernetHdr *ethh = PacketGetEthernet(p);
jb_open_object(js, "ether");
- const uint8_t *src = ethh->eth_src;
- const uint8_t *dst = ethh->eth_dst;
+ const uint8_t *src;
+ const uint8_t *dst;
+ switch (dir) {
+ case LOG_DIR_FLOW_TOSERVER:
+ // fallthrough
+ case LOG_DIR_FLOW:
+ if (PKT_IS_TOCLIENT(p)) {
+ src = ethh->eth_dst;
+ dst = ethh->eth_src;
+ } else {
+ src = ethh->eth_src;
+ dst = ethh->eth_dst;
+ }
+ break;
+ case LOG_DIR_FLOW_TOCLIENT:
+ if (PKT_IS_TOSERVER(p)) {
+ src = ethh->eth_dst;
+ dst = ethh->eth_src;
+ } else {
+ src = ethh->eth_src;
+ dst = ethh->eth_dst;
+ }
+ break;
+ case LOG_DIR_PACKET:
+ default:
+ src = ethh->eth_src;
+ dst = ethh->eth_dst;
+ break;
+ }
JSONFormatAndAddMACAddr(js, "src_mac", src, false);
JSONFormatAndAddMACAddr(js, "dest_mac", dst, false);
jb_close(js);
}
jb_close(info.dst);
jb_close(info.src);
- jb_set_object(js, "dest_macs", info.dst);
- jb_set_object(js, "src_macs", info.src);
+ /* case is handling netflow too so may need to revert */
+ if (dir == LOG_DIR_FLOW_TOCLIENT) {
+ jb_set_object(js, "dest_macs", info.src);
+ jb_set_object(js, "src_macs", info.dst);
+ } else {
+ DEBUG_VALIDATE_BUG_ON(dir != LOG_DIR_FLOW_TOSERVER && dir != LOG_DIR_FLOW);
+ jb_set_object(js, "dest_macs", info.dst);
+ jb_set_object(js, "src_macs", info.src);
+ }
jb_free(info.dst);
jb_free(info.src);
jb_close(js);
jb_set_string(js, "pkt_src", PktSrcToString(p->pkt_src));
if (eve_ctx != NULL) {
- EveAddCommonOptions(&eve_ctx->cfg, p, f, js);
+ EveAddCommonOptions(&eve_ctx->cfg, p, f, js, dir);
}
return js;
TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
-void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
- const Packet *p, const Flow *f, JsonBuilder *js);
+void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
+ JsonBuilder *js, enum OutputJsonLogDirection dir);
void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js);
int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
projects / thirdparty / suricata.git / commitdiff
