output/json-alert: add sip metadata

author Giuseppe Longo <giuseppe@glongo.it>

Sun, 24 Feb 2019 18:16:09 +0000 (19:16 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 17 Sep 2019 08:42:20 +0000 (10:42 +0200)
author Giuseppe Longo <giuseppe@glongo.it>
Sun, 24 Feb 2019 18:16:09 +0000 (19:16 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 17 Sep 2019 08:42:20 +0000 (10:42 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index 6b6626e8db0a3e7f556a96b80f148cae03c06d71..f6e0d6a8ce2e2fe592092e8fba338c3397219e17 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -67,6 +67,7 @@
  #include "output-json-nfs.h"
  #include "output-json-smb.h"
  #include "output-json-flow.h"
+#include "output-json-sip.h"
  
  #include "util-byte.h"
  #include "util-privs.h"
@@ -473,6 +474,10 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                  hjs = JsonSMBAddMetadata(p->flow, pa->tx_id);
                  if (hjs)
                      json_object_set_new(js, "smb", hjs);
+            } else if (proto == ALPROTO_SIP) {
+                hjs = JsonSIPAddMetadata(p->flow, pa->tx_id);
+                if (hjs)
+                    json_object_set_new(js, "sip", hjs);
              }
  #endif
              if (proto == ALPROTO_FTPDATA) {
diff --git a/src/output-json-sip.c b/src/output-json-sip.c

index 796614cbe5ad8c2ea79fece891691ebf0251c036..ab1ddce315c94286e346f801317a7274b4d72d93 100644 (file)
--- a/src/output-json-sip.c
+++ b/src/output-json-sip.c
@@ -62,6 +62,19 @@ typedef struct LogSIPLogThread_ {
      MemBuffer          *buffer;
  } LogSIPLogThread;
  
+json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id)
+{
+    SIPState *state = FlowGetAppState(f);
+    if (state) {
+        SIPTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_SIP, state, tx_id);
+        if (tx) {
+            return rs_sip_log_json(state, tx);
+        }
+    }
+
+    return NULL;
+}
+
  static int JsonSIPLogger(ThreadVars *tv, void *thread_data,
      const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
  {
diff --git a/src/output-json-sip.h b/src/output-json-sip.h

index 0d2c53fa50dfc5f8cce7199112f5ad07a646170b..1cfde6c4bec233f2ab32b211592238efc605a26f 100644 (file)
--- a/src/output-json-sip.h
+++ b/src/output-json-sip.h
@@ -26,4 +26,8 @@
  
  void JsonSIPLogRegister(void);
  
+#ifdef HAVE_LIBJANSSON
+json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id);
+#endif /* HAVE_LIBJANSSON */
+
  #endif /* __OUTPUT_JSON_SIP_H__ */
author	Giuseppe Longo <giuseppe@glongo.it>
	Sun, 24 Feb 2019 18:16:09 +0000 (19:16 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 17 Sep 2019 08:42:20 +0000 (10:42 +0200)
src/output-json-alert.c		patch \| blob \| blame \| history
src/output-json-sip.c		patch \| blob \| blame \| history
src/output-json-sip.h		patch \| blob \| blame \| history