From: Victor Julien <victor@inliniac.net>
Date: Fri, 16 Jun 2017 18:35:33 +0000 (+0200)
Subject: nfs: add to fileinfo events
X-Git-Tag: suricata-4.0.0-rc1~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8dae2e0938b8d657083c54d2bf574e8130b2c52;p=thirdparty%2Fsuricata.git

nfs: add to fileinfo events
---

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index 0be7acdcdb..650f2324a2 100644
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -721,7 +721,7 @@ impl NFSState {
         tx.type_data = Some(NFSTransactionTypeData::FILE(NFSTransactionFile::new()));
         match tx.type_data {
             Some(NFSTransactionTypeData::FILE(ref mut d)) => {
-                d.file_tracker.tx_id = tx.id;
+                d.file_tracker.tx_id = tx.id - 1;
             },
             _ => { },
         }
diff --git a/src/output-json-file.c b/src/output-json-file.c
index 842a3d208e..0b7fbaa983 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -60,6 +60,7 @@
 #include "output-json-http.h"
 #include "output-json-smtp.h"
 #include "output-json-email-common.h"
+#include "output-json-nfs.h"
 
 #include "app-layer-htp.h"
 #include "util-memcmp.h"
@@ -105,6 +106,16 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
             if (hjs)
                 json_object_set_new(js, "email", hjs);
             break;
+#ifdef HAVE_RUST
+        case ALPROTO_NFS:
+            hjs = JsonNFSAddMetadataRPC(p->flow, ff->txid);
+            if (hjs)
+                json_object_set_new(js, "rpc", hjs);
+            hjs = JsonNFSAddMetadata(p->flow, ff->txid);
+            if (hjs)
+                json_object_set_new(js, "nfs", hjs);
+            break;
+#endif
     }
 
     json_object_set_new(js, "app_proto",
diff --git a/src/output-json-nfs.c b/src/output-json-nfs.c
index 070c279d59..2515605964 100644
--- a/src/output-json-nfs.c
+++ b/src/output-json-nfs.c
@@ -62,6 +62,32 @@ typedef struct LogNFSLogThread_ {
     MemBuffer          *buffer;
 } LogNFSLogThread;
 
+json_t *JsonNFSAddMetadataRPC(const Flow *f, uint64_t tx_id)
+{
+    NFSState *state = FlowGetAppState(f);
+    if (state) {
+        NFSTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_NFS, state, tx_id);
+        if (tx) {
+            return rs_rpc_log_json_response(tx);
+        }
+    }
+
+    return NULL;
+}
+
+json_t *JsonNFSAddMetadata(const Flow *f, uint64_t tx_id)
+{
+    NFSState *state = FlowGetAppState(f);
+    if (state) {
+        NFSTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_NFS, state, tx_id);
+        if (tx) {
+            return rs_nfs_log_json_response(state, tx);
+        }
+    }
+
+    return NULL;
+}
+
 static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
     const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
 {
diff --git a/src/output-json-nfs.h b/src/output-json-nfs.h
index 93e17510c5..a70a510d56 100644
--- a/src/output-json-nfs.h
+++ b/src/output-json-nfs.h
@@ -25,5 +25,8 @@
 #define __OUTPUT_JSON_NFS_H__
 
 void JsonNFSLogRegister(void);
-
+#ifdef HAVE_RUST
+json_t *JsonNFSAddMetadataRPC(const Flow *f, uint64_t tx_id);
+json_t *JsonNFSAddMetadata(const Flow *f, uint64_t tx_id);
+#endif /* HAVE_RUST */
 #endif /* __OUTPUT_JSON_NFS_H__ */