From: Eric Leblond <eric@regit.org>
Date: Wed, 22 Apr 2015 12:41:20 +0000 (+0200)
Subject: output-json-smtp: output RCPT TO fields
X-Git-Tag: suricata-3.0RC1~129
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f3979cc814a35a63ba7aca8582551439bd5ab59;p=thirdparty%2Fsuricata.git

output-json-smtp: output RCPT TO fields

This patch uses an array to output the RCPT TO fields to the
JSON message.
---

diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c
index 43ac93d542..9ebebca7e4 100644
--- a/src/output-json-smtp.c
+++ b/src/output-json-smtp.c
@@ -58,6 +58,7 @@ static json_t *JsonSmtpDataLogger(ThreadVars *tv, void *thread_data, const Packe
 {
     json_t *sjs = json_object();
     SMTPTransaction *tx = vtx;
+    SMTPString *rcptto_str;
     if (sjs == NULL) {
         return NULL;
     }
@@ -69,6 +70,15 @@ static json_t *JsonSmtpDataLogger(ThreadVars *tv, void *thread_data, const Packe
         json_object_set_new(sjs, "mail_from",
                             json_string((const char *)tx->mail_from));
     }
+    if (!TAILQ_EMPTY(&tx->rcpt_to_list)) {
+        json_t *js_rcptto = json_array();
+        if (likely(js_rcptto != NULL)) {
+            TAILQ_FOREACH(rcptto_str, &tx->rcpt_to_list, next) {
+                json_array_append_new(js_rcptto, json_string((char *)rcptto_str->str));
+            }
+            json_object_set_new(sjs, "rcpt_to", js_rcptto);
+        }
+    }
 
     return sjs;
 }