From: Victor Julien Date: Tue, 21 Nov 2023 13:24:12 +0000 (+0100) Subject: eve/frames: pass membuffer to API X-Git-Tag: suricata-8.0.0-beta1~1618 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a205583269eaec92fae05026f32fc2cd748c0bb5;p=thirdparty%2Fsuricata.git eve/frames: pass membuffer to API In preparation of stream logging changes. --- diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 7f1968912c..85b409a84c 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -404,7 +404,8 @@ static void AlertAddFiles(const Packet *p, JsonBuilder *jb, const uint64_t tx_id } } -static void AlertAddFrame(const Packet *p, JsonBuilder *jb, const int64_t frame_id) +static void AlertAddFrame( + const Packet *p, const int64_t frame_id, JsonBuilder *jb, MemBuffer *buffer) { if (p->flow == NULL || (p->proto == IPPROTO_TCP && p->flow->protoctx == NULL)) return; @@ -426,7 +427,7 @@ static void AlertAddFrame(const Packet *p, JsonBuilder *jb, const int64_t frame_ } Frame *frame = FrameGetById(frames, frame_id); if (frame != NULL) { - FrameJsonLogOneFrame(IPPROTO_TCP, frame, p->flow, stream, p, jb); + FrameJsonLogOneFrame(IPPROTO_TCP, frame, p->flow, stream, p, jb, buffer); } } else if (p->proto == IPPROTO_UDP) { if (PKT_IS_TOSERVER(p)) { @@ -436,7 +437,7 @@ static void AlertAddFrame(const Packet *p, JsonBuilder *jb, const int64_t frame_ } Frame *frame = FrameGetById(frames, frame_id); if (frame != NULL) { - FrameJsonLogOneFrame(IPPROTO_UDP, frame, p->flow, NULL, p, jb); + FrameJsonLogOneFrame(IPPROTO_UDP, frame, p->flow, NULL, p, jb, buffer); } } } @@ -672,7 +673,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) } if (pa->flags & PACKET_ALERT_FLAG_FRAME) { - AlertAddFrame(p, jb, pa->frame_id); + AlertAddFrame(p, pa->frame_id, jb, aft->payload_buffer); } /* base64-encoded full packet */ diff --git a/src/output-json-frame.c b/src/output-json-frame.c index 3bccdc6b2f..6c96ed927a 100644 --- a/src/output-json-frame.c +++ b/src/output-json-frame.c @@ -224,7 +224,7 @@ static void FrameAddPayloadUDP(JsonBuilder *js, const Packet *p, const Frame *fr * \note ipproto argument is passed to assist static code analyzers */ void FrameJsonLogOneFrame(const uint8_t ipproto, const Frame *frame, const Flow *f, - const TcpStream *stream, const Packet *p, JsonBuilder *jb) + const TcpStream *stream, const Packet *p, JsonBuilder *jb, MemBuffer *buffer) { DEBUG_VALIDATE_BUG_ON(ipproto != p->proto); DEBUG_VALIDATE_BUG_ON(ipproto != f->proto); @@ -287,7 +287,7 @@ static int FrameJsonUdp( return TM_ECODE_OK; jb_set_string(jb, "app_proto", AppProtoToString(f->alproto)); - FrameJsonLogOneFrame(IPPROTO_UDP, frame, p->flow, NULL, p, jb); + FrameJsonLogOneFrame(IPPROTO_UDP, frame, p->flow, NULL, p, jb, aft->payload_buffer); OutputJsonBuilderBuffer(jb, aft->ctx); jb_free(jb); frame->flags |= FRAME_FLAG_LOGGED; @@ -359,7 +359,7 @@ static int FrameJson(ThreadVars *tv, JsonFrameLogThread *aft, const Packet *p) return TM_ECODE_OK; jb_set_string(jb, "app_proto", AppProtoToString(p->flow->alproto)); - FrameJsonLogOneFrame(IPPROTO_TCP, frame, p->flow, stream, p, jb); + FrameJsonLogOneFrame(IPPROTO_TCP, frame, p->flow, stream, p, jb, aft->payload_buffer); OutputJsonBuilderBuffer(jb, aft->ctx); jb_free(jb); frame->flags |= FRAME_FLAG_LOGGED; diff --git a/src/output-json-frame.h b/src/output-json-frame.h index c6883f2626..a3867ff8f7 100644 --- a/src/output-json-frame.h +++ b/src/output-json-frame.h @@ -31,7 +31,7 @@ #include "stream-tcp-private.h" void FrameJsonLogOneFrame(const uint8_t ipproto, const Frame *frame, const Flow *f, - const TcpStream *stream, const Packet *p, JsonBuilder *jb); + const TcpStream *stream, const Packet *p, JsonBuilder *jb, MemBuffer *); void JsonFrameLogRegister(void); #endif /* SURICATA_OUTPUT_JSON_FRAME_H */