*/
use super::ssh::SSHTransaction;
-use crate::json::*;
+use crate::jsonbuilder::{JsonBuilder, JsonError};
-fn log_ssh(tx: &SSHTransaction) -> Option<Json> {
+fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError> {
if tx.cli_hdr.protover.len() == 0 && tx.srv_hdr.protover.len() == 0 {
- return None;
+ return Ok(false);
}
- let js = Json::object();
if tx.cli_hdr.protover.len() > 0 {
- let cjs = Json::object();
- cjs.set_string_from_bytes(
- "proto_version",
- &tx.cli_hdr.protover,
- );
+ js.open_object("client")?;
+ js.set_string_from_bytes("proto_version", &tx.cli_hdr.protover)?;
if tx.cli_hdr.swver.len() > 0 {
- cjs.set_string_from_bytes(
- "software_version",
- &tx.cli_hdr.swver,
- );
+ js.set_string_from_bytes("software_version", &tx.cli_hdr.swver)?;
}
- js.set("client", cjs);
+ js.close()?;
}
if tx.srv_hdr.protover.len() > 0 {
- let sjs = Json::object();
- sjs.set_string_from_bytes(
- "proto_version",
- &tx.srv_hdr.protover,
- );
+ js.open_object("server")?;
+ js.set_string_from_bytes("proto_version", &tx.srv_hdr.protover)?;
if tx.srv_hdr.swver.len() > 0 {
- sjs.set_string_from_bytes(
- "software_version",
- &tx.srv_hdr.swver,
- );
+ js.set_string_from_bytes("software_version", &tx.srv_hdr.swver)?;
}
- js.set("server", sjs);
+ js.close()?;
}
- return Some(js);
+ return Ok(true);
}
#[no_mangle]
-pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void) -> *mut JsonT {
+pub extern "C" fn rs_ssh_log_json(tx: *mut std::os::raw::c_void, js: &mut JsonBuilder) -> bool {
let tx = cast_pointer!(tx, SSHTransaction);
- match log_ssh(tx) {
- Some(js) => js.unwrap(),
- None => std::ptr::null_mut(),
+ if let Ok(x) = log_ssh(tx, js) {
+ return x;
}
+ return false;
}
{
void *ssh_state = FlowGetAppState(f);
if (ssh_state) {
+ JsonBuilderMark mark = { 0, 0, 0 };
void *tx_ptr = rs_ssh_state_get_tx(ssh_state, 0);
- json_t *tjs = rs_ssh_log_json(tx_ptr);
- if (unlikely(tjs == NULL))
- return;
-
- jb_set_jsont(js, "ssh", tjs);
- json_decref(tjs);
+ jb_get_mark(js, &mark);
+ jb_open_object(js, "ssh");
+ if (rs_ssh_log_json(tx_ptr, js)) {
+ jb_close(js);
+ } else {
+ jb_restore_mark(js, &mark);
+ }
}
return;
return 0;
}
- json_t *js = CreateJSONHeader(p, LOG_DIR_FLOW, "ssh", NULL);
+ JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id);
if (unlikely(js == NULL))
return 0;
- JsonAddCommonOptions(&ssh_ctx->cfg, p, f, js);
+ EveAddCommonOptions(&ssh_ctx->cfg, p, f, js);
/* reset */
MemBufferReset(aft->buffer);
- json_t *tjs = rs_ssh_log_json(txptr);
- if (unlikely(tjs == NULL)) {
- free(js);
- return 0;
+ jb_open_object(js, "ssh");
+ if (!rs_ssh_log_json(txptr, js)) {
+ goto end;
}
- json_object_set_new(js, "ssh", tjs);
-
- OutputJSONBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
- json_object_clear(js);
- json_decref(js);
+ jb_close(js);
+ OutputJsonBuilderBuffer(js, ssh_ctx->file_ctx, &aft->buffer);
+end:
+ jb_free(js);
return 0;
}
projects / thirdparty / suricata.git / commitdiff
