uint32_t toggle_sids_idx;
uint32_t toggle_sids_size;
};
-#ifdef PROFILING
+
+extern int rule_engine_analysis_set;
static void DetectFlowbitsAnalyzeDump(const DetectEngineCtx *de_ctx,
struct FBAnalyze *array, uint32_t elements);
-#endif
int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
{
}
SCFree(varname);
}
-#ifdef PROFILING
- DetectFlowbitsAnalyzeDump(de_ctx, array, array_size);
-#endif
+
+ if (rule_engine_analysis_set) {
+ DetectFlowbitsAnalyzeDump(de_ctx, array, array_size);
+ }
end:
for (uint32_t i = 0; i < array_size; i++) {
return 0;
}
-#ifdef PROFILING
-#include "output-json.h"
-#include "util-buffer.h"
SCMutex g_flowbits_dump_write_m = SCMUTEX_INITIALIZER;
static void DetectFlowbitsAnalyzeDump(const DetectEngineCtx *de_ctx,
struct FBAnalyze *array, uint32_t elements)
{
- json_t *js = json_object();
+ JsonBuilder *js = jb_new_object();
if (js == NULL)
return;
- json_t *js_array = json_array();
- uint32_t x;
- for (x = 0; x < elements; x++)
- {
+ jb_open_array(js, "flowbits");
+ for (uint32_t x = 0; x < elements; x++) {
char *varname = VarNameStoreSetupLookup(x, VAR_TYPE_FLOW_BIT);
if (varname == NULL)
continue;
const struct FBAnalyze *e = &array[x];
- json_t *js_fb = json_object();
- if (unlikely(js_fb != NULL)) {
- json_object_set_new(js_fb, "name", json_string(varname));
- json_object_set_new(js_fb, "internal_id", json_integer(x));
- json_object_set_new(js_fb, "set_cnt", json_integer(e->cnts[DETECT_FLOWBITS_CMD_SET]));
- json_object_set_new(js_fb, "unset_cnt", json_integer(e->cnts[DETECT_FLOWBITS_CMD_UNSET]));
- json_object_set_new(js_fb, "toggle_cnt", json_integer(e->cnts[DETECT_FLOWBITS_CMD_TOGGLE]));
- json_object_set_new(js_fb, "isset_cnt", json_integer(e->cnts[DETECT_FLOWBITS_CMD_ISSET]));
- json_object_set_new(js_fb, "isnotset_cnt", json_integer(e->cnts[DETECT_FLOWBITS_CMD_ISNOTSET]));
-
- // sets
- if (e->cnts[DETECT_FLOWBITS_CMD_SET]) {
- json_t *js_set_array = json_array();
- if (js_set_array) {
- for(uint32_t i = 0; i < e->set_sids_idx; i++) {
- const Signature *s = de_ctx->sig_array[e->set_sids[i]];
- json_array_append_new(js_set_array, json_integer(s->id));
- }
- json_object_set_new(js_fb, "sets", js_set_array);
- }
+ jb_start_object(js);
+ jb_set_string(js, "name", varname);
+ jb_set_uint(js, "internal_id", x);
+ jb_set_uint(js, "set_cnt", e->cnts[DETECT_FLOWBITS_CMD_SET]);
+ jb_set_uint(js, "unset_cnt", e->cnts[DETECT_FLOWBITS_CMD_UNSET]);
+ jb_set_uint(js, "toggle_cnt", e->cnts[DETECT_FLOWBITS_CMD_TOGGLE]);
+ jb_set_uint(js, "isset_cnt", e->cnts[DETECT_FLOWBITS_CMD_ISSET]);
+ jb_set_uint(js, "isnotset_cnt", e->cnts[DETECT_FLOWBITS_CMD_ISNOTSET]);
+
+ // sets
+ if (e->cnts[DETECT_FLOWBITS_CMD_SET]) {
+ jb_open_array(js, "sets");
+ for (uint32_t i = 0; i < e->set_sids_idx; i++) {
+ const Signature *s = de_ctx->sig_array[e->set_sids[i]];
+ jb_append_uint(js, s->id);
}
- // gets
- if (e->cnts[DETECT_FLOWBITS_CMD_ISSET]) {
- json_t *js_isset_array = json_array();
- if (js_isset_array) {
- for(uint32_t i = 0; i < e->isset_sids_idx; i++) {
- const Signature *s = de_ctx->sig_array[e->isset_sids[i]];
- json_array_append_new(js_isset_array, json_integer(s->id));
- }
- json_object_set_new(js_fb, "isset", js_isset_array);
- }
+ jb_close(js);
+ }
+ // gets
+ if (e->cnts[DETECT_FLOWBITS_CMD_ISSET]) {
+ jb_open_array(js, "isset");
+ for (uint32_t i = 0; i < e->isset_sids_idx; i++) {
+ const Signature *s = de_ctx->sig_array[e->isset_sids[i]];
+ jb_append_uint(js, s->id);
}
- // isnotset
- if (e->cnts[DETECT_FLOWBITS_CMD_ISNOTSET]) {
- json_t *js_isnotset_array = json_array();
- if (js_isnotset_array) {
- for(uint32_t i = 0; i < e->isnotset_sids_idx; i++) {
- const Signature *s = de_ctx->sig_array[e->isnotset_sids[i]];
- json_array_append_new(js_isnotset_array, json_integer(s->id));
- }
- json_object_set_new(js_fb, "isnotset", js_isnotset_array);
- }
+ jb_close(js);
+ }
+ // isnotset
+ if (e->cnts[DETECT_FLOWBITS_CMD_ISNOTSET]) {
+ jb_open_array(js, "isnotset");
+ for (uint32_t i = 0; i < e->isnotset_sids_idx; i++) {
+ const Signature *s = de_ctx->sig_array[e->isnotset_sids[i]];
+ jb_append_uint(js, s->id);
}
- // unset
- if (e->cnts[DETECT_FLOWBITS_CMD_UNSET]) {
- json_t *js_unset_array = json_array();
- if (js_unset_array) {
- for(uint32_t i = 0; i < e->unset_sids_idx; i++) {
- const Signature *s = de_ctx->sig_array[e->unset_sids[i]];
- json_array_append_new(js_unset_array, json_integer(s->id));
- }
- json_object_set_new(js_fb, "unset", js_unset_array);
- }
+ jb_close(js);
+ }
+ // unset
+ if (e->cnts[DETECT_FLOWBITS_CMD_UNSET]) {
+ jb_open_array(js, "unset");
+ for (uint32_t i = 0; i < e->unset_sids_idx; i++) {
+ const Signature *s = de_ctx->sig_array[e->unset_sids[i]];
+ jb_append_uint(js, s->id);
}
- // toggle
- if (e->cnts[DETECT_FLOWBITS_CMD_TOGGLE]) {
- json_t *js_toggle_array = json_array();
- if (js_toggle_array) {
- for(uint32_t i = 0; i < e->toggle_sids_idx; i++) {
- const Signature *s = de_ctx->sig_array[e->toggle_sids[i]];
- json_array_append_new(js_toggle_array, json_integer(s->id));
- }
- json_object_set_new(js_fb, "toggle", js_toggle_array);
- }
+ jb_close(js);
+ }
+ // toggle
+ if (e->cnts[DETECT_FLOWBITS_CMD_TOGGLE]) {
+ jb_open_array(js, "toggle");
+ for (uint32_t i = 0; i < e->toggle_sids_idx; i++) {
+ const Signature *s = de_ctx->sig_array[e->toggle_sids[i]];
+ jb_append_uint(js, s->id);
}
-
- json_array_append_new(js_array, js_fb);
+ jb_close(js);
}
SCFree(varname);
+ jb_close(js);
}
-
- json_object_set_new(js, "flowbits", js_array);
+ jb_close(js); // array
+ jb_close(js); // object
const char *filename = "flowbits.json";
const char *log_dir = ConfigGetLogDirectory();
char log_path[PATH_MAX] = "";
snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, filename);
- MemBuffer *mbuf = NULL;
- mbuf = MemBufferCreateNew(4096);
- BUG_ON(mbuf == NULL);
-
- OutputJSONMemBufferWrapper wrapper = {
- .buffer = &mbuf,
- .expand_by = 4096,
- };
-
- int r = json_dump_callback(js, OutputJSONMemBufferCallback, &wrapper,
- JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
- JSON_ESCAPE_SLASH);
- if (r != 0) {
- SCLogWarning(SC_ERR_SOCKET, "unable to serialize JSON object");
- } else {
- MemBufferWriteString(mbuf, "\n");
- SCMutexLock(&g_flowbits_dump_write_m);
- FILE *fp = fopen(log_path, "w");
- if (fp != NULL) {
- MemBufferPrintToFPAsString(mbuf, fp);
- fclose(fp);
- }
- SCMutexUnlock(&g_flowbits_dump_write_m);
+ SCMutexLock(&g_flowbits_dump_write_m);
+ FILE *fp = fopen(log_path, "w");
+ if (fp != NULL) {
+ fwrite(jb_ptr(js), jb_len(js), 1, fp);
+ fprintf(fp, "\n");
+ fclose(fp);
}
+ SCMutexUnlock(&g_flowbits_dump_write_m);
- MemBufferFree(mbuf);
- json_object_clear(js);
- json_decref(js);
+ jb_free(js);
}
-#endif /* PROFILING */
#ifdef UNITTESTS
UtRegisterTest("FlowBitsTestSig10", FlowBitsTestSig10);
UtRegisterTest("FlowBitsTestSig11", FlowBitsTestSig11);
}
-#endif /* UNITTESTS */
\ No newline at end of file
+#endif /* UNITTESTS */
projects / thirdparty / suricata.git / commitdiff
