Added parsing and utilization of yaml defined payload buffer value.

author maxtors <moe.andreas@gmail.com>

Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)

committer maxtors <moe.andreas@gmail.com>

Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)
author maxtors <moe.andreas@gmail.com>
Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)
committer maxtors <moe.andreas@gmail.com>
Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index bd8f93e9a6375abf1fe85c1c76d113aa8aa4e2d0..a54d66a2b0b9b24c6c971b755a0670ae96c9c702 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -35,6 +35,7 @@
  #include "threadvars.h"
  #include "util-debug.h"
  
+#include "util-misc.h"
  #include "util-unittest.h"
  #include "util-unittest-helper.h"
  
@@ -83,6 +84,7 @@
  typedef struct AlertJsonOutputCtx_ {
      LogFileCtx* file_ctx;
      uint8_t flags;
+    uint32_t payload_buffer_size;
      HttpXFFCfg *xff_cfg;
  } AlertJsonOutputCtx;
  
@@ -285,7 +287,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                                      (void *)payload);
  
                  if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
-                    unsigned long len = JSON_STREAM_BUFFER_SIZE * 2;
+                    unsigned long len = json_output_ctx->payload_buffer_size * 2;
                      uint8_t encoded[len];
                      Base64Encode(payload->buffer, payload->offset, encoded, &len);
                      json_object_set_new(js, "payload", json_string((char *)encoded));
@@ -479,17 +481,17 @@ static TmEcode JsonAlertLogThreadInit(ThreadVars *t, void *initdata, void **data
          return TM_ECODE_FAILED;
      }
  
-    aft->payload_buffer = MemBufferCreateNew(JSON_STREAM_BUFFER_SIZE);
-    if (aft->payload_buffer == NULL) {
-        SCFree(aft);
-        return TM_ECODE_FAILED;
-    }
-
      /** Use the Output Context (file pointer and mutex) */
      AlertJsonOutputCtx *json_output_ctx = ((OutputCtx *)initdata)->data;
      aft->file_ctx = json_output_ctx->file_ctx;
      aft->json_output_ctx = json_output_ctx;
  
+    aft->payload_buffer = MemBufferCreateNew(json_output_ctx->payload_buffer_size);
+    if (aft->payload_buffer == NULL) {
+        SCFree(aft);
+        return TM_ECODE_FAILED;
+    }
+    
      *data = (void *)aft;
      return TM_ECODE_OK;
  }
@@ -556,8 +558,11 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
  
      json_output_ctx->xff_cfg = xff_cfg;
  
+    uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;
+
      if (conf != NULL) {
          const char *payload = ConfNodeLookupChildValue(conf, "payload");
+        const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");
          const char *packet  = ConfNodeLookupChildValue(conf, "packet");
          const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");
          const char *http = ConfNodeLookupChildValue(conf, "http");
@@ -595,12 +600,24 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
                  json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;
              }
          }
+        if (payload_buffer_value != NULL) {
+            uint32_t value;
+            if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {
+                SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing "
+                           "payload-buffer-size - %s. Killing engine",
+                           payload_buffer_value);
+                exit(EXIT_FAILURE);
+            } else {
+                payload_buffer_size = value;
+            }
+        }
          if (packet != NULL) {
              if (ConfValIsTrue(packet)) {
                  json_output_ctx->flags |= LOG_JSON_PACKET;
              }
          }
  
+       json_output_ctx->payload_buffer_size = payload_buffer_size;
          HttpXFFGetCfg(conf, xff_cfg);
      }
  }
diff --git a/src/util-error.c b/src/util-error.c

index 3706789b2bfa5aacd91394ba14ea5c0739cb2ec8..ea1d74d9d08976b42c68bf548adca4eba4893e7e 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -317,6 +317,7 @@ const char * SCErrorToString(SCError err)
          CASE_CODE (SC_ERR_DEPRECATED_CONF);
          CASE_CODE (SC_WARN_FASTER_CAPTURE_AVAILABLE);
          CASE_CODE (SC_WARN_POOR_RULE);
+        CASE_CODE (SC_ERR_ALERT_PAYLOAD_BUFFER);
      }
  
      return "UNKNOWN_ERROR";
diff --git a/src/util-error.h b/src/util-error.h

index 1e9ef4f0260c469cbe2d16209c23c5fb204f54aa..00eadd09b3840ca5e290240904b8d1ea40720251 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -307,6 +307,7 @@ typedef enum {
      SC_ERR_DEPRECATED_CONF, /**< Deprecated configuration parameter. */
      SC_WARN_FASTER_CAPTURE_AVAILABLE,
      SC_WARN_POOR_RULE,
+    SC_ERR_ALERT_PAYLOAD_BUFFER,
  } SCError;
  
  const char *SCErrorToString(SCError);
author	maxtors <moe.andreas@gmail.com>
	Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)
committer	maxtors <moe.andreas@gmail.com>
	Fri, 22 Apr 2016 18:15:21 +0000 (20:15 +0200)
src/output-json-alert.c		patch \| blob \| blame \| history
src/util-error.c		patch \| blob \| blame \| history
src/util-error.h		patch \| blob \| blame \| history