output: plugins can log flow or packet direction

diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs
index 529b59bc91ccfe0ecd60f7a5ebaa05bc7215fb95..90dd86c093133125b1dde67f0589799e335b41e8 100644 (file)
--- a/rust/sys/src/sys.rs
+++ b/rust/sys/src/sys.rs
@@ -123,6 +123,7 @@ pub struct SCAppLayerPlugin_ {
     pub KeywordsRegister: ::std::option::Option<unsafe extern "C" fn()>,
     pub logname: *const ::std::os::raw::c_char,
     pub confname: *const ::std::os::raw::c_char,
+    pub dir: u8,
     pub Logger: ::std::option::Option<
         unsafe extern "C" fn(
             tx: *const ::std::os::raw::c_void,

diff --git a/src/output.c b/src/output.c
index 80ac2ed245abe3c14b7665485c1e2b3006bb57ab..2877353bcff0ddd6b5a85c70d50693138b4d6a2c 100644 (file)
--- a/src/output.c
+++ b/src/output.c
@@ -994,6 +994,15 @@ int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
     return 0;
 }
 
+static TxLogger JsonLoggerFromDir(uint8_t dir)
+{
+    if (dir == LOG_DIR_PACKET) {
+        return JsonGenericDirPacketLogger;
+    }
+    BUG_ON(dir != LOG_DIR_FLOW);
+    return JsonGenericDirFlowLogger;
+}
+
 /**
  * \brief Register all non-root logging modules.
  */
@@ -1154,8 +1163,8 @@ void OutputRegisterLoggers(void)
     for (size_t i = 0; i < preregistered_loggers_nb; i++) {
         OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", preregistered_loggers[i].logname,
                 preregistered_loggers[i].confname, OutputJsonLogInitSub,
-                preregistered_loggers[i].alproto, JsonGenericDirFlowLogger, JsonLogThreadInit,
-                JsonLogThreadDeinit);
+                preregistered_loggers[i].alproto, JsonLoggerFromDir(preregistered_loggers[i].dir),
+                JsonLogThreadInit, JsonLogThreadDeinit);
         SCLogDebug(
                 "%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto));
         RegisterSimpleJsonApplayerLogger(

diff --git a/src/output.h b/src/output.h
index 75d3f5849893de66da513beb5b35865910194da6..0720a459ebf3041b65dbf61b66886f52de065e69 100644 (file)
--- a/src/output.h
+++ b/src/output.h
@@ -185,6 +185,7 @@ typedef struct EveJsonTxLoggerRegistrationData {
     const char *confname;
     const char *logname;
     AppProto alproto;
+    uint8_t dir;
     EveJsonSimpleTxLogFunc LogTx;
 } EveJsonTxLoggerRegistrationData;
 

diff --git a/src/suricata-plugin.h b/src/suricata-plugin.h
index 7c51fef6330a0c887891e0f0721a44a3925848d7..612596b875c68a02a9a5948dd9fc75b6b80fc4fd 100644 (file)
--- a/src/suricata-plugin.h
+++ b/src/suricata-plugin.h
@@ -68,6 +68,7 @@ typedef struct SCAppLayerPlugin_ {
     void (*KeywordsRegister)(void);
     const char *logname;
     const char *confname;
+    uint8_t dir;
     bool (*Logger)(const void *tx, void *jb);
 } SCAppLayerPlugin;
 

diff --git a/src/util-plugin.c b/src/util-plugin.c
index a5cf1070f7ba7388ec48458df0ae85ff57d4c2f9..5254e6b275dc5fff47602c8c7df198ce3d7daa16 100644 (file)
--- a/src/util-plugin.c
+++ b/src/util-plugin.c
@@ -179,6 +179,7 @@ int SCPluginRegisterAppLayer(SCAppLayerPlugin *plugin)
             .confname = plugin->confname,
             .logname = plugin->logname,
             .alproto = alproto,
+            .dir = plugin->dir,
             .LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger,
         };
         if (OutputPreRegisterLogger(reg_data) != 0) {