extern "C" {
pub fn SCPluginRegisterAppLayer(arg1: *mut SCAppLayerPlugin) -> ::std::os::raw::c_int;
}
+#[repr(u32)]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum SCOutputJsonLogDirection {
+ LOG_DIR_PACKET = 0,
+ LOG_DIR_FLOW = 1,
+ LOG_DIR_FLOW_TOCLIENT = 2,
+ LOG_DIR_FLOW_TOSERVER = 3,
+}
+pub type EveJsonSimpleTxLogFunc = ::std::option::Option<
+ unsafe extern "C" fn(
+ arg1: *const ::std::os::raw::c_void,
+ arg2: *mut ::std::os::raw::c_void,
+ ) -> bool,
+>;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EveJsonSimpleAppLayerLogger {
+ pub LogTx: EveJsonSimpleTxLogFunc,
+ pub name: *const ::std::os::raw::c_char,
+}
+extern "C" {
+ pub fn SCEveJsonSimpleGetLogger(alproto: AppProto) -> *mut EveJsonSimpleAppLayerLogger;
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EveJsonTxLoggerRegistrationData {
+ pub confname: *const ::std::os::raw::c_char,
+ pub logname: *const ::std::os::raw::c_char,
+ pub alproto: AppProto,
+ pub dir: u8,
+ pub LogTx: EveJsonSimpleTxLogFunc,
+}
+extern "C" {
+ pub fn SCOutputEvePreRegisterLogger(
+ reg_data: EveJsonTxLoggerRegistrationData,
+ ) -> ::std::os::raw::c_int;
+}
#[doc = " Structure of a configuration parameter."]
#[repr(C)]
#[derive(Debug, Copy, Clone)]
output-eve-syslog.h \
output-lua.h \
output-packet.h \
+ output-eve-bindgen.h \
output-stats.h \
output-streaming.h \
output-tx.h \
#include "app-layer-protos.h"
#include "suricata-plugin.h"
+#include "output-eve-bindgen.h"
#include "conf.h"
--- /dev/null
+/* Copyright (C) 2025 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * This file contains definitions that should be made available
+ * to rust via bindgen.
+ *
+ */
+
+#ifndef SURICATA_OUTPUT_PUBLIC_H
+#define SURICATA_OUTPUT_PUBLIC_H
+
+#include "app-layer-protos.h"
+
+typedef enum SCOutputJsonLogDirection {
+ LOG_DIR_PACKET = 0,
+ LOG_DIR_FLOW,
+ LOG_DIR_FLOW_TOCLIENT,
+ LOG_DIR_FLOW_TOSERVER,
+} SCOutputJsonLogDirection;
+
+typedef bool (*EveJsonSimpleTxLogFunc)(const void *, void *);
+
+typedef struct EveJsonSimpleAppLayerLogger {
+ EveJsonSimpleTxLogFunc LogTx;
+ const char *name;
+} EveJsonSimpleAppLayerLogger;
+
+EveJsonSimpleAppLayerLogger *SCEveJsonSimpleGetLogger(AppProto alproto);
+
+typedef struct EveJsonTxLoggerRegistrationData {
+ const char *confname;
+ const char *logname;
+ AppProto alproto;
+ uint8_t dir;
+ EveJsonSimpleTxLogFunc LogTx;
+} EveJsonTxLoggerRegistrationData;
+
+int SCOutputEvePreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data);
+
+#endif /* ! SURICATA_OUTPUT_PUBLIC_H */
const uint64_t tx_id, const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg,
OutputJsonCtx *eve_ctx)
{
- enum OutputJsonLogDirection fdir = LOG_DIR_FLOW;
+ enum SCOutputJsonLogDirection fdir = LOG_DIR_FLOW;
switch(dir) {
case STREAM_TOCLIENT:
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
LogMQTTLogThread *thread = thread_data;
- enum OutputJsonLogDirection dir;
+ enum SCOutputJsonLogDirection dir;
if (SCMqttTxIsToClient((MQTTTransaction *)tx)) {
dir = LOG_DIR_FLOW_TOCLIENT;
static void OutputJsonDeInitCtx(OutputCtx *);
static void CreateEveCommunityFlowId(SCJsonBuilder *js, const Flow *f, const uint16_t seed);
static int CreateJSONEther(
- SCJsonBuilder *parent, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir);
+ SCJsonBuilder *parent, const Packet *p, const Flow *f, enum SCOutputJsonLogDirection dir);
static const char *TRAFFIC_ID_PREFIX = "traffic/id/";
static const char *TRAFFIC_LABEL_PREFIX = "traffic/label/";
}
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
- SCJsonBuilder *js, enum OutputJsonLogDirection dir)
+ SCJsonBuilder *js, enum SCOutputJsonLogDirection dir)
{
if (cfg->include_metadata) {
EveAddMetadata(p, f, js);
JB_SET_TRUE(js, "cwr");
}
-void JsonAddrInfoInit(const Packet *p, enum OutputJsonLogDirection dir, JsonAddrInfo *addr)
+void JsonAddrInfoInit(const Packet *p, enum SCOutputJsonLogDirection dir, JsonAddrInfo *addr)
{
char srcip[46] = {0}, dstip[46] = {0};
Port sp, dp;
}
static int CreateJSONEther(
- SCJsonBuilder *js, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir)
+ SCJsonBuilder *js, const Packet *p, const Flow *f, enum SCOutputJsonLogDirection dir)
{
if (p != NULL) {
/* this is a packet context, so we need to add scalar fields */
return 0;
}
-SCJsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
+SCJsonBuilder *CreateEveHeader(const Packet *p, enum SCOutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
{
char timebuf[64];
return js;
}
-SCJsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
+SCJsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum SCOutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx)
{
SCJsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, eve_ctx);
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "output.h"
+#include "output-eve-bindgen.h"
#include "app-layer-htp-xff.h"
void OutputJsonRegister(void);
-enum OutputJsonLogDirection {
- LOG_DIR_PACKET = 0,
- LOG_DIR_FLOW,
- LOG_DIR_FLOW_TOCLIENT,
- LOG_DIR_FLOW_TOSERVER,
-};
-
#define JSON_ADDR_LEN 46
#define JSON_PROTO_LEN 16
extern const JsonAddrInfo json_addr_info_zero;
-void JsonAddrInfoInit(const Packet *p, enum OutputJsonLogDirection dir,
- JsonAddrInfo *addr);
+void JsonAddrInfoInit(const Packet *p, enum SCOutputJsonLogDirection dir, JsonAddrInfo *addr);
/* Suggested output buffer size */
#define JSON_OUTPUT_BUFFER_SIZE 65535
void EveFileInfo(SCJsonBuilder *js, const File *file, const uint64_t tx_id, const uint16_t flags);
void EveTcpFlags(uint8_t flags, SCJsonBuilder *js);
void EvePacket(const Packet *p, SCJsonBuilder *js, uint32_t max_length);
-SCJsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
+SCJsonBuilder *CreateEveHeader(const Packet *p, enum SCOutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx);
-SCJsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
+SCJsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum SCOutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx);
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
void OutputJsonBuilderBuffer(
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
- SCJsonBuilder *js, enum OutputJsonLogDirection dir);
+ SCJsonBuilder *js, enum SCOutputJsonLogDirection dir);
int OutputJsonLogFlush(ThreadVars *tv, void *thread_data, const Packet *p);
void EveAddMetadata(const Packet *p, const Flow *f, SCJsonBuilder *js);
#include "util-error.h"
#include "util-debug.h"
#include "output.h"
+#include "output-eve-bindgen.h"
#include "alert-fastlog.h"
#include "alert-debuglog.h"
FatalError("Failed to allocate simple_json_applayer_loggers");
}
// ALPROTO_HTTP1 special: uses some options flags
- RegisterSimpleJsonApplayerLogger(ALPROTO_FTP, EveFTPLogCommand, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_FTP, (EveJsonSimpleTxLogFunc)EveFTPLogCommand, NULL);
// ALPROTO_SMTP special: uses state
- RegisterSimpleJsonApplayerLogger(ALPROTO_TLS, JsonTlsLogJSONExtended, NULL);
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_TLS, (EveJsonSimpleTxLogFunc)JsonTlsLogJSONExtended, NULL);
// no cast here but done in rust for SSHTransaction
- RegisterSimpleJsonApplayerLogger(ALPROTO_SSH, SCSshLogJson, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_SSH, (EveJsonSimpleTxLogFunc)SCSshLogJson, NULL);
// ALPROTO_SMB special: uses state
// ALPROTO_DCERPC special: uses state
- RegisterSimpleJsonApplayerLogger(ALPROTO_DNS, AlertJsonDns, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_DNS, (EveJsonSimpleTxLogFunc)AlertJsonDns, NULL);
// either need a cast here or in rust for ModbusTransaction, done here
RegisterSimpleJsonApplayerLogger(
ALPROTO_MODBUS, (EveJsonSimpleTxLogFunc)rs_modbus_to_json, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_ENIP, SCEnipLoggerLog, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_DNP3, AlertJsonDnp3, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_ENIP, (EveJsonSimpleTxLogFunc)SCEnipLoggerLog, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_DNP3, (EveJsonSimpleTxLogFunc)AlertJsonDnp3, NULL);
// ALPROTO_NFS special: uses state
// underscore instead of dash for ftp_data
- RegisterSimpleJsonApplayerLogger(ALPROTO_FTPDATA, EveFTPDataAddMetadata, "ftp_data");
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_FTPDATA, (EveJsonSimpleTxLogFunc)EveFTPDataAddMetadata, "ftp_data");
RegisterSimpleJsonApplayerLogger(
ALPROTO_TFTP, (EveJsonSimpleTxLogFunc)rs_tftp_log_json_request, NULL);
// ALPROTO_IKE special: uses state
RegisterSimpleJsonApplayerLogger(
ALPROTO_KRB5, (EveJsonSimpleTxLogFunc)rs_krb5_log_json_response, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_QUIC, rs_quic_to_json, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_QUIC, (EveJsonSimpleTxLogFunc)rs_quic_to_json, NULL);
// ALPROTO_DHCP TODO missing
RegisterSimpleJsonApplayerLogger(
ALPROTO_SNMP, (EveJsonSimpleTxLogFunc)SCSnmpLogJsonResponse, NULL);
RegisterSimpleJsonApplayerLogger(ALPROTO_SIP, (EveJsonSimpleTxLogFunc)rs_sip_log_json, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_RFB, rs_rfb_logger_log, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_MQTT, JsonMQTTAddMetadata, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_PGSQL, JsonPgsqlAddMetadata, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_WEBSOCKET, rs_websocket_logger_log, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_LDAP, rs_ldap_logger_log, NULL);
- RegisterSimpleJsonApplayerLogger(ALPROTO_DOH2, AlertJsonDoh2, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_RFB, (EveJsonSimpleTxLogFunc)rs_rfb_logger_log, NULL);
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_MQTT, (EveJsonSimpleTxLogFunc)JsonMQTTAddMetadata, NULL);
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_PGSQL, (EveJsonSimpleTxLogFunc)JsonPgsqlAddMetadata, NULL);
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_WEBSOCKET, (EveJsonSimpleTxLogFunc)rs_websocket_logger_log, NULL);
+ RegisterSimpleJsonApplayerLogger(
+ ALPROTO_LDAP, (EveJsonSimpleTxLogFunc)rs_ldap_logger_log, NULL);
+ RegisterSimpleJsonApplayerLogger(ALPROTO_DOH2, (EveJsonSimpleTxLogFunc)AlertJsonDoh2, NULL);
RegisterSimpleJsonApplayerLogger(
ALPROTO_TEMPLATE, (EveJsonSimpleTxLogFunc)rs_template_logger_log, NULL);
RegisterSimpleJsonApplayerLogger(ALPROTO_RDP, (EveJsonSimpleTxLogFunc)SCRdpToJson, NULL);
// special case : http2 is logged in http object
- RegisterSimpleJsonApplayerLogger(ALPROTO_HTTP2, rs_http2_log_json, "http");
- // underscore instead of dash for bittorrent_dht
RegisterSimpleJsonApplayerLogger(
- ALPROTO_BITTORRENT_DHT, SCBittorrentDhtLogger, "bittorrent_dht");
+ ALPROTO_HTTP2, (EveJsonSimpleTxLogFunc)rs_http2_log_json, "http");
+ // underscore instead of dash for bittorrent_dht
+ RegisterSimpleJsonApplayerLogger(ALPROTO_BITTORRENT_DHT,
+ (EveJsonSimpleTxLogFunc)SCBittorrentDhtLogger, "bittorrent_dht");
OutputPacketLoggerRegister();
OutputFiledataLoggerRegister();
// When an app-layer plugin is loaded, it wants to register its logger
// But the plugin is loaded before loggers can register
// The preregistration data will later be used by OutputRegisterLoggers
-int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
+int SCOutputEvePreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
{
if (preregistered_loggers_nb == preregistered_loggers_cap) {
void *tmp = SCRealloc(
JsonLogThreadInit, JsonLogThreadDeinit);
SCLogDebug(
"%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto));
- RegisterSimpleJsonApplayerLogger(
- preregistered_loggers[i].alproto, preregistered_loggers[i].LogTx, NULL);
+ RegisterSimpleJsonApplayerLogger(preregistered_loggers[i].alproto,
+ (EveJsonSimpleTxLogFunc)preregistered_loggers[i].LogTx, NULL);
}
}
void OutputSetupActiveLoggers(void);
void OutputClearActiveLoggers(void);
-typedef bool (*EveJsonSimpleTxLogFunc)(void *, struct SCJsonBuilder *);
-
-typedef struct EveJsonSimpleAppLayerLogger {
- EveJsonSimpleTxLogFunc LogTx;
- const char *name;
-} EveJsonSimpleAppLayerLogger;
-
-EveJsonSimpleAppLayerLogger *SCEveJsonSimpleGetLogger(AppProto alproto);
-
-typedef struct EveJsonTxLoggerRegistrationData {
- const char *confname;
- const char *logname;
- AppProto alproto;
- uint8_t dir;
- EveJsonSimpleTxLogFunc LogTx;
-} EveJsonTxLoggerRegistrationData;
-
-int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data);
-
#endif /* ! SURICATA_OUTPUT_H */
#include "app-layer-parser.h"
#include "detect-engine-register.h"
#include "output.h"
+#include "output-eve-bindgen.h"
#include <dlfcn.h>
.logname = plugin->logname,
.alproto = alproto,
.dir = plugin->dir,
- .LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger,
+ .LogTx = plugin->Logger,
};
- if (OutputPreRegisterLogger(reg_data) != 0) {
+ if (SCOutputEvePreRegisterLogger(reg_data) != 0) {
return 1;
}
}
projects / thirdparty / suricata.git / commitdiff
