From: Victor Julien <victor@inliniac.net>
Date: Fri, 16 Jun 2017 06:09:48 +0000 (+0200)
Subject: eve/nfs: log nfs version
X-Git-Tag: suricata-4.0.0-rc1~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aff576b524a08cc4f77dc2662309614f56d708d1;p=thirdparty%2Fsuricata.git

eve/nfs: log nfs version
---

diff --git a/rust/src/nfs/log.rs b/rust/src/nfs/log.rs
index 2daef3a87a..5d2cb0ebc2 100644
--- a/rust/src/nfs/log.rs
+++ b/rust/src/nfs/log.rs
@@ -76,9 +76,10 @@ fn nfs_file_object(tx: &NFSTransaction) -> Json
     return js;
 }
 
-fn nfs_common_header(tx: &NFSTransaction) -> Json
+fn nfs_common_header(state: &NFSState, tx: &NFSTransaction) -> Json
 {
     let js = Json::object();
+    js.set_integer("version", state.nfs_version as u64);
     js.set_string("procedure", &nfs3_procedure_string(tx.procedure));
     let file_name = String::from_utf8_lossy(&tx.file_name);
     js.set_string("filename", &file_name);
@@ -88,17 +89,17 @@ fn nfs_common_header(tx: &NFSTransaction) -> Json
 }
 
 #[no_mangle]
-pub extern "C" fn rs_nfs_log_json_request(tx: &mut NFSTransaction) -> *mut JsonT
+pub extern "C" fn rs_nfs_log_json_request(state: &mut NFSState, tx: &mut NFSTransaction) -> *mut JsonT
 {
-    let js = nfs_common_header(tx);
+    let js = nfs_common_header(state, tx);
     js.set_string("type", "request");
     return js.unwrap();
 }
 
 #[no_mangle]
-pub extern "C" fn rs_nfs_log_json_response(tx: &mut NFSTransaction) -> *mut JsonT
+pub extern "C" fn rs_nfs_log_json_response(state: &mut NFSState, tx: &mut NFSTransaction) -> *mut JsonT
 {
-    let js = nfs_common_header(tx);
+    let js = nfs_common_header(state, tx);
     js.set_string("type", "response");
 
     js.set_string("status", &nfs3_status_string(tx.nfs_response_status));
diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index 107ef25058..729d5ef0ca 100644
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -299,6 +299,8 @@ pub struct NFSState {
 
     is_udp: bool,
 
+    pub nfs_version: u16,
+
     /// tx counter for assigning incrementing id's to tx's
     tx_id: u64,
 
@@ -329,6 +331,7 @@ impl NFSState {
             ts_gap:false,
             tc_gap:false,
             is_udp:false,
+            nfs_version:0,
             tx_id:0,
             de_state_count:0,
             //ts_txs_updated:false,
@@ -452,6 +455,10 @@ impl NFSState {
         let mut xidmap = NFSRequestXidMap::new(r.progver, r.procedure, 0);
         let mut aux_file_name = Vec::new();
 
+        if self.nfs_version == 0 {
+            self.nfs_version = r.progver as u16;
+        }
+
         if r.procedure == NFSPROC3_LOOKUP {
             self.process_request_record_lookup(r, &mut xidmap);
 
@@ -965,6 +972,10 @@ impl NFSState {
             },
         }
 
+        if self.nfs_version == 0 {
+            self.nfs_version = xidmap.progver as u16;
+        }
+
         match xidmap.progver {
             3 => {
                 SCLogDebug!("NFSv3 reply record");
diff --git a/src/output-json-nfs.c b/src/output-json-nfs.c
index 6ca9398d8e..070c279d59 100644
--- a/src/output-json-nfs.c
+++ b/src/output-json-nfs.c
@@ -83,7 +83,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
     }
     json_object_set_new(js, "rpc", rpcjs);
 
-    nfsjs = rs_nfs_log_json_response(tx);
+    nfsjs = rs_nfs_log_json_response(state, tx);
     if (unlikely(nfsjs == NULL)) {
         goto error;
     }