From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 16 Jan 2025 07:53:34 +0000 (+0100)
Subject: output: plugins can log flow or packet direction
X-Git-Tag: suricata-8.0.0-beta1~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=243d14cda20dfe01be0ee9a856d07381bc7a0940;p=thirdparty%2Fsuricata.git

output: plugins can log flow or packet direction
---

diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs
index 529b59bc91..90dd86c093 100644
--- a/rust/sys/src/sys.rs
+++ b/rust/sys/src/sys.rs
@@ -123,6 +123,7 @@ pub struct SCAppLayerPlugin_ {
     pub KeywordsRegister: ::std::option::Option<unsafe extern "C" fn()>,
     pub logname: *const ::std::os::raw::c_char,
     pub confname: *const ::std::os::raw::c_char,
+    pub dir: u8,
     pub Logger: ::std::option::Option<
         unsafe extern "C" fn(
             tx: *const ::std::os::raw::c_void,
diff --git a/src/output.c b/src/output.c
index 80ac2ed245..2877353bcf 100644
--- a/src/output.c
+++ b/src/output.c
@@ -994,6 +994,15 @@ int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
     return 0;
 }
 
+static TxLogger JsonLoggerFromDir(uint8_t dir)
+{
+    if (dir == LOG_DIR_PACKET) {
+        return JsonGenericDirPacketLogger;
+    }
+    BUG_ON(dir != LOG_DIR_FLOW);
+    return JsonGenericDirFlowLogger;
+}
+
 /**
  * \brief Register all non-root logging modules.
  */
@@ -1154,8 +1163,8 @@ void OutputRegisterLoggers(void)
     for (size_t i = 0; i < preregistered_loggers_nb; i++) {
         OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", preregistered_loggers[i].logname,
                 preregistered_loggers[i].confname, OutputJsonLogInitSub,
-                preregistered_loggers[i].alproto, JsonGenericDirFlowLogger, JsonLogThreadInit,
-                JsonLogThreadDeinit);
+                preregistered_loggers[i].alproto, JsonLoggerFromDir(preregistered_loggers[i].dir),
+                JsonLogThreadInit, JsonLogThreadDeinit);
         SCLogDebug(
                 "%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto));
         RegisterSimpleJsonApplayerLogger(
diff --git a/src/output.h b/src/output.h
index 75d3f58498..0720a459eb 100644
--- a/src/output.h
+++ b/src/output.h
@@ -185,6 +185,7 @@ typedef struct EveJsonTxLoggerRegistrationData {
     const char *confname;
     const char *logname;
     AppProto alproto;
+    uint8_t dir;
     EveJsonSimpleTxLogFunc LogTx;
 } EveJsonTxLoggerRegistrationData;
 
diff --git a/src/suricata-plugin.h b/src/suricata-plugin.h
index 7c51fef633..612596b875 100644
--- a/src/suricata-plugin.h
+++ b/src/suricata-plugin.h
@@ -68,6 +68,7 @@ typedef struct SCAppLayerPlugin_ {
     void (*KeywordsRegister)(void);
     const char *logname;
     const char *confname;
+    uint8_t dir;
     bool (*Logger)(const void *tx, void *jb);
 } SCAppLayerPlugin;
 
diff --git a/src/util-plugin.c b/src/util-plugin.c
index a5cf1070f7..5254e6b275 100644
--- a/src/util-plugin.c
+++ b/src/util-plugin.c
@@ -179,6 +179,7 @@ int SCPluginRegisterAppLayer(SCAppLayerPlugin *plugin)
             .confname = plugin->confname,
             .logname = plugin->logname,
             .alproto = alproto,
+            .dir = plugin->dir,
             .LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger,
         };
         if (OutputPreRegisterLogger(reg_data) != 0) {