From: Giuseppe Longo <giuseppe@glongo.it>
Date: Sun, 24 Feb 2019 18:16:09 +0000 (+0100)
Subject: output/json-alert: add sip metadata
X-Git-Tag: suricata-5.0.0-rc1~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c88559dc7257c67c41ccbfde0052aa10855c8169;p=thirdparty%2Fsuricata.git

output/json-alert: add sip metadata

Put SIP information to alert event.
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 6b6626e8db..f6e0d6a8ce 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -67,6 +67,7 @@
 #include "output-json-nfs.h"
 #include "output-json-smb.h"
 #include "output-json-flow.h"
+#include "output-json-sip.h"
 
 #include "util-byte.h"
 #include "util-privs.h"
@@ -473,6 +474,10 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                 hjs = JsonSMBAddMetadata(p->flow, pa->tx_id);
                 if (hjs)
                     json_object_set_new(js, "smb", hjs);
+            } else if (proto == ALPROTO_SIP) {
+                hjs = JsonSIPAddMetadata(p->flow, pa->tx_id);
+                if (hjs)
+                    json_object_set_new(js, "sip", hjs);
             }
 #endif
             if (proto == ALPROTO_FTPDATA) {
diff --git a/src/output-json-sip.c b/src/output-json-sip.c
index 796614cbe5..ab1ddce315 100644
--- a/src/output-json-sip.c
+++ b/src/output-json-sip.c
@@ -62,6 +62,19 @@ typedef struct LogSIPLogThread_ {
     MemBuffer          *buffer;
 } LogSIPLogThread;
 
+json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id)
+{
+    SIPState *state = FlowGetAppState(f);
+    if (state) {
+        SIPTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_SIP, state, tx_id);
+        if (tx) {
+            return rs_sip_log_json(state, tx);
+        }
+    }
+
+    return NULL;
+}
+
 static int JsonSIPLogger(ThreadVars *tv, void *thread_data,
     const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
 {
diff --git a/src/output-json-sip.h b/src/output-json-sip.h
index 0d2c53fa50..1cfde6c4be 100644
--- a/src/output-json-sip.h
+++ b/src/output-json-sip.h
@@ -26,4 +26,8 @@
 
 void JsonSIPLogRegister(void);
 
+#ifdef HAVE_LIBJANSSON
+json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id);
+#endif /* HAVE_LIBJANSSON */
+
 #endif /* __OUTPUT_JSON_SIP_H__ */