From: Mats Klepsland Date: Thu, 12 May 2016 06:11:53 +0000 (+0200) Subject: output: add new tx logger to log at certain condition X-Git-Tag: suricata-3.1RC1~154 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77cc03505b3e59c73e359c71ffa9f696bb3eb8d9;p=thirdparty%2Fsuricata.git output: add new tx logger to log at certain condition Some loggers needs certain conditions to be met before logging. This enables us to use conditions on the tx logger. --- diff --git a/src/output-tx.c b/src/output-tx.c index 79b8963259..e94e418897 100644 --- a/src/output-tx.c +++ b/src/output-tx.c @@ -47,6 +47,7 @@ typedef struct OutputLoggerThreadData_ { typedef struct OutputTxLogger_ { AppProto alproto; TxLogger LogFunc; + TxLoggerCondition LogCondition; OutputCtx *output_ctx; struct OutputTxLogger_ *next; const char *name; @@ -60,7 +61,7 @@ static OutputTxLogger *list = NULL; int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc, OutputCtx *output_ctx, int tc_log_progress, - int ts_log_progress) + int ts_log_progress, TxLoggerCondition LogCondition) { int module_id = TmModuleGetIdByName(name); if (module_id < 0) @@ -73,6 +74,7 @@ int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc, op->alproto = alproto; op->LogFunc = LogFunc; + op->LogCondition = LogCondition; op->output_ctx = output_ctx; op->name = name; op->module_id = (TmmId) module_id; @@ -182,16 +184,25 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data, PacketQ if (!(AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF))) { - if (tx_progress_tc < logger->tc_log_progress) { - SCLogDebug("progress not far enough, not logging"); - logger_not_logged = 1; - goto next; - } - - if (tx_progress_ts < logger->ts_log_progress) { - SCLogDebug("progress not far enough, not logging"); - logger_not_logged = 1; - goto next; + if (logger->LogCondition) { + int r = logger->LogCondition(tv, p, alstate, tx, tx_id); + if (r == FALSE) { + SCLogDebug("conditions not met, not logging"); + logger_not_logged = 1; + goto next; + } + } else { + if (tx_progress_tc < logger->tc_log_progress) { + SCLogDebug("progress not far enough, not logging"); + logger_not_logged = 1; + goto next; + } + + if (tx_progress_ts < logger->ts_log_progress) { + SCLogDebug("progress not far enough, not logging"); + logger_not_logged = 1; + goto next; + } } } diff --git a/src/output-tx.h b/src/output-tx.h index e8e8163d89..e73c305ce6 100644 --- a/src/output-tx.h +++ b/src/output-tx.h @@ -34,10 +34,11 @@ typedef int (*TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f /** packet logger condition function pointer type, * must return true for packets that should be logged */ -//typedef int (*TxLogCondition)(ThreadVars *, const Packet *); +typedef int (*TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id); int OutputRegisterTxLogger(const char *name, AppProto alproto, TxLogger LogFunc, - OutputCtx *, int tc_log_progress, int ts_log_progress); + OutputCtx *, int tc_log_progress, int ts_log_progress, + TxLoggerCondition LogCondition); void TmModuleTxLoggerRegister (void); diff --git a/src/output.c b/src/output.c index 6a9ab3a6a3..e0f86ae0fd 100644 --- a/src/output.c +++ b/src/output.c @@ -150,16 +150,17 @@ error: } /** - * \brief Register a tx output module with progress. + * \brief Wrapper function for tx output modules. * * This function will register an output module so it can be * configured with the configuration file. * * \retval Returns 0 on success, -1 on failure. */ -void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name, +void OutputRegisterTxModuleWrapper(const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, - TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress) + TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, + TxLoggerCondition TxLogCondition) { if (unlikely(TxLogFunc == NULL)) { goto error; @@ -174,6 +175,7 @@ void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name, module->conf_name = conf_name; module->InitFunc = InitFunc; module->TxLogFunc = TxLogFunc; + module->TxLogCondition = TxLogCondition; module->alproto = alproto; module->tc_log_progress = tc_log_progress; module->ts_log_progress = ts_log_progress; @@ -186,10 +188,11 @@ error: exit(EXIT_FAILURE); } -void OutputRegisterTxSubModuleWithProgress(const char *parent_name, +void OutputRegisterTxSubModuleWrapper(const char *parent_name, const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc, - int tc_log_progress, int ts_log_progress) + int tc_log_progress, int ts_log_progress, + TxLoggerCondition TxLogCondition) { if (unlikely(TxLogFunc == NULL)) { goto error; @@ -205,6 +208,7 @@ void OutputRegisterTxSubModuleWithProgress(const char *parent_name, module->parent_name = parent_name; module->InitSubFunc = InitFunc; module->TxLogFunc = TxLogFunc; + module->TxLogCondition = TxLogCondition; module->alproto = alproto; module->tc_log_progress = tc_log_progress; module->ts_log_progress = ts_log_progress; @@ -217,6 +221,59 @@ error: exit(EXIT_FAILURE); } +/** + * \brief Register a tx output module with condition. + * + * This function will register an output module so it can be + * configured with the configuration file. + * + * \retval Returns 0 on success, -1 on failure. + */ +void OutputRegisterTxModuleWithCondition(const char *name, const char *conf_name, + OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, + TxLogger TxLogFunc, TxLoggerCondition TxLogCondition) +{ + OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto, + TxLogFunc, 0, 0, TxLogCondition); +} + +void OutputRegisterTxSubModuleWithCondition(const char *parent_name, + const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, + OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc, + TxLoggerCondition TxLogCondition) +{ + OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name, InitFunc, + alproto, TxLogFunc, 0, 0, + TxLogCondition); +} + +/** + * \brief Register a tx output module with progress. + * + * This function will register an output module so it can be + * configured with the configuration file. + * + * \retval Returns 0 on success, -1 on failure. + */ +void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name, + OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, + TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress) +{ + OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto, + TxLogFunc, tc_log_progress, ts_log_progress, + NULL); +} + +void OutputRegisterTxSubModuleWithProgress(const char *parent_name, + const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, + OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc, + int tc_log_progress, int ts_log_progress) +{ + OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name, InitFunc, + alproto, TxLogFunc, tc_log_progress, + ts_log_progress, NULL); +} + /** * \brief Register a tx output module. * @@ -230,9 +287,8 @@ OutputRegisterTxModule(const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, TxLogger TxLogFunc) { - /* wrapper function */ - OutputRegisterTxModuleWithProgress(name, conf_name, InitFunc, alproto, - TxLogFunc, 0, 0); + OutputRegisterTxModuleWrapper(name, conf_name, InitFunc, alproto, + TxLogFunc, 0, 0, NULL); } void @@ -240,9 +296,8 @@ OutputRegisterTxSubModule(const char *parent_name, const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc) { - /* wrapper function */ - OutputRegisterTxSubModuleWithProgress(parent_name, name, conf_name, - InitFunc, alproto, TxLogFunc, 0, 0); + OutputRegisterTxSubModuleWrapper(parent_name, name, conf_name, + InitFunc, alproto, TxLogFunc, 0, 0, NULL); } /** diff --git a/src/output.h b/src/output.h index 85ae932527..91d8bd2708 100644 --- a/src/output.h +++ b/src/output.h @@ -48,6 +48,7 @@ typedef struct OutputModule_ { PacketLogger PacketLogFunc; PacketLogCondition PacketConditionFunc; TxLogger TxLogFunc; + TxLoggerCondition TxLogCondition; FileLogger FileLogFunc; FiledataLogger FiledataLogFunc; FlowLogger FlowLogFunc; @@ -77,6 +78,14 @@ void OutputRegisterTxSubModule(const char *parent_name, const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc); +void OutputRegisterTxModuleWithCondition(const char *name, const char *conf_name, + OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, + TxLogger TxLogFunc, TxLoggerCondition TxLogCondition); +void OutputRegisterTxSubModuleWithCondition(const char *parent_name, + const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *, + OutputCtx *parent_ctx), AppProto alproto, TxLogger TxLogFunc, + TxLoggerCondition TxLogCondition); + void OutputRegisterTxModuleWithProgress(const char *name, const char *conf_name, OutputCtx *(*InitFunc)(ConfNode *), AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress); diff --git a/src/runmodes.c b/src/runmodes.c index e0154a1f55..fa920cec1c 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -618,7 +618,7 @@ static void SetupOutput(const char *name, OutputModule *module, OutputCtx *outpu SCLogDebug("%s is a tx logger", module->name); OutputRegisterTxLogger(module->name, module->alproto, module->TxLogFunc, output_ctx, module->tc_log_progress, - module->ts_log_progress); + module->ts_log_progress, module->TxLogCondition); /* need one instance of the tx logger module */ if (tx_logger_module == NULL) {