From: Eric Leblond <eric@regit.org>
Date: Mon, 14 Sep 2015 09:39:19 +0000 (+0200)
Subject: json-smtp: add tx_id param to metadata generation
X-Git-Tag: suricata-3.0RC1~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9b602fc0f243b4ed42e70aa2cf7f8a0060613d8;p=thirdparty%2Fsuricata.git

json-smtp: add tx_id param to metadata generation

In all metadata generation contexts we know the tx_id so we better
used it to log the correct transaction and not an other one.
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 61780075f5..b5c624e2b2 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -246,7 +246,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 
                 /* http alert */
                 if (proto == ALPROTO_SMTP) {
-                    hjs = JsonSMTPAddMetadata(p->flow);
+                    hjs = JsonSMTPAddMetadata(p->flow, pa->tx_id);
                     if (hjs)
                         json_object_set_new(js, "smtp", hjs);
                 }
diff --git a/src/output-json-file.c b/src/output-json-file.c
index 615ae596e8..09ee967907 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -99,7 +99,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
                 json_object_set_new(js, "http", hjs);
             break;
         case ALPROTO_SMTP:
-            hjs = JsonSMTPAddMetadata(p->flow);
+            hjs = JsonSMTPAddMetadata(p->flow, ff->txid);
             if (hjs)
                 json_object_set_new(js, "smtp", hjs);
             hjs = JsonEmailAddMetadata(p->flow);
diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c
index dd9d60d90a..be5275de17 100644
--- a/src/output-json-smtp.c
+++ b/src/output-json-smtp.c
@@ -117,11 +117,10 @@ static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
 
 }
 
-json_t *JsonSMTPAddMetadata(const Flow *f)
+json_t *JsonSMTPAddMetadata(const Flow *f, uint64_t tx_id)
 {
     SMTPState *smtp_state = (SMTPState *)FlowGetAppState(f);
     if (smtp_state) {
-        uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser);
         SMTPTransaction *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_SMTP, smtp_state, tx_id);
 
         if (tx) {
diff --git a/src/output-json-smtp.h b/src/output-json-smtp.h
index 5b3233abca..2f79d99201 100644
--- a/src/output-json-smtp.h
+++ b/src/output-json-smtp.h
@@ -26,7 +26,7 @@
 
 void TmModuleJsonSmtpLogRegister (void);
 #ifdef HAVE_LIBJANSSON
-json_t *JsonSMTPAddMetadata(const Flow *f);
+json_t *JsonSMTPAddMetadata(const Flow *f, uint64_t tx_id);
 #endif
 
 #endif /* __OUTPUT_JSON_SMTP_H__ */