From: Victor Julien Date: Tue, 9 Oct 2018 12:08:56 +0000 (+0200) Subject: eve/json: handle common options in central function X-Git-Tag: suricata-4.1.0-rc2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e956b484c5993ded904bc35fbb1b6c17ece9b2e2;p=thirdparty%2Fsuricata.git eve/json: handle common options in central function --- diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 081a9a1925..697c9603ac 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -424,9 +424,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) if (unlikely(js == NULL)) return TM_ECODE_OK; - if (json_output_ctx->cfg.include_metadata) { - JsonAddMetadata(p, p->flow, js); - } + JsonAddCommonOptions(&json_output_ctx->cfg, p, p->flow, js); for (i = 0; i < p->alerts.cnt; i++) { const PacketAlert *pa = &p->alerts.alerts[i]; diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 6b415627e3..0e6d799ce3 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -316,9 +316,9 @@ static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data, if (unlikely(js == NULL)) { return TM_ECODE_OK; } - if (thread->dnp3log_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + + JsonAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js); + json_t *dnp3js = JsonDNP3LogRequest(tx); if (dnp3js != NULL) { json_object_set_new(js, "dnp3", dnp3js); @@ -345,9 +345,9 @@ static int JsonDNP3LoggerToClient(ThreadVars *tv, void *thread_data, if (unlikely(js == NULL)) { return TM_ECODE_OK; } - if (thread->dnp3log_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + + JsonAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js); + json_t *dnp3js = JsonDNP3LogResponse(tx); if (dnp3js != NULL) { json_object_set_new(js, "dnp3", dnp3js); diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 507fb9325b..c963eec73a 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -1029,9 +1029,8 @@ static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data, if (unlikely(js == NULL)) { return TM_ECODE_OK; } - if (dnslog_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js); + json_t *dns = rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags); if (unlikely(dns == NULL)) { json_decref(js); @@ -1049,9 +1048,8 @@ static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data, js = CreateJSONHeader(p, LOG_DIR_PACKET, "dns"); if (unlikely(js == NULL)) return TM_ECODE_OK; - if (dnslog_ctx->include_metadata) { - JsonAddMetadata(p, f, js); - } + + JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js); LogQuery(td, js, tx, tx_id, query); @@ -1078,9 +1076,7 @@ static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data, if (unlikely(js == NULL)) return TM_ECODE_OK; - if (dnslog_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js); #if HAVE_RUST if (td->dnslog_ctx->version == DNS_VERSION_2) { diff --git a/src/output-json-drop.c b/src/output-json-drop.c index 87382e9420..48b05688d6 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -93,9 +93,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) if (unlikely(js == NULL)) return TM_ECODE_OK; - if (drop_ctx->cfg.include_metadata) { - JsonAddMetadata(p, p->flow, js); - } + JsonAddCommonOptions(&drop_ctx->cfg, p, p->flow, js); json_t *djs = json_object(); if (unlikely(djs == NULL)) { diff --git a/src/output-json-flow.c b/src/output-json-flow.c index 7f28d0ef9b..d5a34a22b2 100644 --- a/src/output-json-flow.c +++ b/src/output-json-flow.c @@ -277,9 +277,7 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f) json_object_set_new(js, "flow", hjs); - if (flow_ctx->cfg.include_metadata) { - JsonAddMetadata(NULL, f, js); - } + JsonAddCommonOptions(&flow_ctx->cfg, NULL, f, js); /* TCP */ if (f->proto == IPPROTO_TCP) { diff --git a/src/output-json-http.c b/src/output-json-http.c index 6fa33a3232..b4898ab656 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -471,9 +471,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl if (unlikely(js == NULL)) return TM_ECODE_OK; - if (jhl->httplog_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&jhl->httplog_ctx->cfg, p, f, js); SCLogDebug("got a HTTP request and now logging !!"); diff --git a/src/output-json-ikev2.c b/src/output-json-ikev2.c index dcce48681b..b0e5ec484c 100644 --- a/src/output-json-ikev2.c +++ b/src/output-json-ikev2.c @@ -75,9 +75,7 @@ static int JsonIKEv2Logger(ThreadVars *tv, void *thread_data, return TM_ECODE_FAILED; } - if (thread->ikev2log_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&thread->ikev2log_ctx->cfg, p, f, js); ikev2js = rs_ikev2_log_json_response(state, ikev2tx); if (unlikely(ikev2js == NULL)) { diff --git a/src/output-json-krb5.c b/src/output-json-krb5.c index 02424571d3..62c18114cb 100644 --- a/src/output-json-krb5.c +++ b/src/output-json-krb5.c @@ -75,9 +75,7 @@ static int JsonKRB5Logger(ThreadVars *tv, void *thread_data, return TM_ECODE_FAILED; } - if (thread->krb5log_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&thread->krb5log_ctx->cfg, p, f, js); krb5js = rs_krb5_log_json_response(state, krb5tx); if (unlikely(krb5js == NULL)) { diff --git a/src/output-json-metadata.c b/src/output-json-metadata.c index de918d3ea1..c90e1f98f4 100644 --- a/src/output-json-metadata.c +++ b/src/output-json-metadata.c @@ -71,6 +71,7 @@ typedef struct MetadataJsonOutputCtx_ { LogFileCtx* file_ctx; + OutputJsonCommonSettings cfg; } MetadataJsonOutputCtx; typedef struct JsonMetadataLogThread_ { @@ -86,7 +87,7 @@ static int MetadataJson(ThreadVars *tv, JsonMetadataLogThread *aft, const Packet if (unlikely(js == NULL)) return TM_ECODE_OK; - JsonAddMetadata(p, p->flow, js); + JsonAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js); OutputJSONBuffer(js, aft->file_ctx, &aft->json_buffer); json_object_del(js, "metadata"); json_object_clear(js); @@ -214,6 +215,7 @@ static OutputInitResult JsonMetadataLogInitCtx(ConfNode *conf) memset(json_output_ctx, 0, sizeof(MetadataJsonOutputCtx)); json_output_ctx->file_ctx = logfile_ctx; + json_output_ctx->cfg.include_metadata = true; output_ctx->data = json_output_ctx; output_ctx->DeInit = JsonMetadataLogDeInitCtx; @@ -245,6 +247,9 @@ static OutputInitResult JsonMetadataLogInitCtxSub(ConfNode *conf, OutputCtx *par memset(json_output_ctx, 0, sizeof(MetadataJsonOutputCtx)); json_output_ctx->file_ctx = ajt->file_ctx; + json_output_ctx->cfg = ajt->cfg; + /* override config setting as this logger is about metadata */ + json_output_ctx->cfg.include_metadata = true; output_ctx->data = json_output_ctx; output_ctx->DeInit = JsonMetadataLogDeInitCtxSub; diff --git a/src/output-json-netflow.c b/src/output-json-netflow.c index 1437f70109..13bc7a6024 100644 --- a/src/output-json-netflow.c +++ b/src/output-json-netflow.c @@ -313,9 +313,7 @@ static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f) if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToServer(jhl, js, f); - if (netflow_ctx->cfg.include_metadata) { - JsonAddMetadata(NULL, f, js); - } + JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); @@ -329,9 +327,7 @@ static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f) if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToClient(jhl, js, f); - if (netflow_ctx->cfg.include_metadata) { - JsonAddMetadata(NULL, f, js); - } + JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); diff --git a/src/output-json-nfs.c b/src/output-json-nfs.c index 67adfdc1b2..5274adc581 100644 --- a/src/output-json-nfs.c +++ b/src/output-json-nfs.c @@ -91,9 +91,7 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data, return TM_ECODE_FAILED; } - if (thread->ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&thread->ctx->cfg, p, f, js); json_t *rpcjs = rs_rpc_log_json_response(tx); if (unlikely(rpcjs == NULL)) { diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index 4bbfc93226..b8079ab012 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -95,9 +95,7 @@ static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl /* reset */ MemBufferReset(jhl->buffer); - if (jhl->emaillog_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&jhl->emaillog_ctx->cfg, p, f, js); json_t *sjs = JsonSmtpDataLogger(f, state, tx, tx_id); if (sjs) { diff --git a/src/output-json-ssh.c b/src/output-json-ssh.c index 7ed4843713..c174eabfb3 100644 --- a/src/output-json-ssh.c +++ b/src/output-json-ssh.c @@ -109,9 +109,7 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p, if (unlikely(js == NULL)) return 0; - if (ssh_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&ssh_ctx->cfg, p, f, js); json_t *tjs = json_object(); if (tjs == NULL) { diff --git a/src/output-json-tls.c b/src/output-json-tls.c index 1081034a2b..9284f79f14 100644 --- a/src/output-json-tls.c +++ b/src/output-json-tls.c @@ -382,9 +382,7 @@ static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p, return 0; } - if (tls_ctx->cfg.include_metadata) { - JsonAddMetadata(p, f, js); - } + JsonAddCommonOptions(&tls_ctx->cfg, p, f, js); json_t *tjs = json_object(); if (tjs == NULL) { diff --git a/src/output-json.c b/src/output-json.c index d4bedf6db0..87bcec30b6 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -364,7 +364,7 @@ static void JsonAddFlowVars(const Flow *f, json_t *js_root, json_t **js_traffic) /** * \brief Add top-level metadata to the eve json object. */ -void JsonAddMetadata(const Packet *p, const Flow *f, json_t *js) +static void JsonAddMetadata(const Packet *p, const Flow *f, json_t *js) { if ((p && p->pktvar) || (f && f->flowvar)) { json_t *js_vars = json_object(); @@ -385,6 +385,14 @@ void JsonAddMetadata(const Packet *p, const Flow *f, json_t *js) } } +void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg, + const Packet *p, const Flow *f, json_t *js) +{ + if (cfg->include_metadata) { + JsonAddMetadata(p, f, js); + } +} + /** \brief jsonify tcp flags field * Only add 'true' fields in an attempt to keep things reasonably compact. */ diff --git a/src/output-json.h b/src/output-json.h index 134bee88af..140ab65cc0 100644 --- a/src/output-json.h +++ b/src/output-json.h @@ -50,7 +50,6 @@ typedef struct OutputJSONMemBufferWrapper_ { int OutputJSONMemBufferCallback(const char *str, size_t size, void *data); -void JsonAddMetadata(const Packet *p, const Flow *f, json_t *js); void CreateJSONFlowId(json_t *js, const Flow *f); void JsonTcpFlags(uint8_t flags, json_t *js); void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *); @@ -88,6 +87,9 @@ json_t *SCJsonBool(int val); json_t *SCJsonString(const char *val); void SCJsonDecref(json_t *js); +void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg, + const Packet *p, const Flow *f, json_t *js); + #endif /* HAVE_LIBJANSSON */ #endif /* __OUTPUT_JSON_H__ */