From: Mats Klepsland Date: Thu, 12 May 2016 06:14:52 +0000 (+0200) Subject: tlsstore: use TxLogger X-Git-Tag: suricata-3.1RC1~153 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed33f5f14859b6bbe2b290ee5351e9a445e1a9aa;p=thirdparty%2Fsuricata.git tlsstore: use TxLogger --- diff --git a/src/app-layer-ssl.h b/src/app-layer-ssl.h index d42f3c535d..991b4c2bdd 100644 --- a/src/app-layer-ssl.h +++ b/src/app-layer-ssl.h @@ -93,9 +93,6 @@ enum { /* flag to indicate that handshake is done */ #define SSL_AL_FLAG_HANDSHAKE_DONE 0x80000 -/* flags for file storage */ -#define SSL_AL_FLAG_STATE_STORED 0x40000 - /* config flags */ #define SSL_TLS_LOG_PEM (1 << 0) diff --git a/src/log-tlsstore.c b/src/log-tlsstore.c index afb6e4a039..a572a627ac 100644 --- a/src/log-tlsstore.c +++ b/src/log-tlsstore.c @@ -244,7 +244,8 @@ end_fp: * \brief Condition function for TLS logger * \retval bool true or false -- log now? */ -static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p) +static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p, void *state, + void *tx, uint64_t tx_id) { if (p->flow == NULL) { return FALSE; @@ -254,57 +255,39 @@ static int LogTlsStoreCondition(ThreadVars *tv, const Packet *p) return FALSE; } - FLOWLOCK_RDLOCK(p->flow); - uint16_t proto = FlowGetAppProtocol(p->flow); - if (proto != ALPROTO_TLS) - goto dontlog; - - SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow); + SSLState *ssl_state = (SSLState *)state; if (ssl_state == NULL) { SCLogDebug("no tls state, so no request logging"); goto dontlog; } - /* we only log the state once if we don't have to write - * the cert due to tls.store keyword. */ - if (!(ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) && - (ssl_state->flags & SSL_AL_FLAG_STATE_STORED)) + if ((ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) == 0) goto dontlog; if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL) goto dontlog; - FLOWLOCK_UNLOCK(p->flow); return TRUE; dontlog: - FLOWLOCK_UNLOCK(p->flow); return FALSE; } -static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p) +static int LogTlsStoreLogger(ThreadVars *tv, void *thread_data, const Packet *p, + Flow *f, void *state, void *tx, uint64_t tx_id) { LogTlsStoreLogThread *aft = (LogTlsStoreLogThread *)thread_data; int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6; - /* check if we have TLS state or not */ - FLOWLOCK_WRLOCK(p->flow); - uint16_t proto = FlowGetAppProtocol(p->flow); - if (proto != ALPROTO_TLS) - goto end; - SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow); + SSLState *ssl_state = (SSLState *)state; if (unlikely(ssl_state == NULL)) { - goto end; + return 0; } if (ssl_state->server_connp.cert_log_flag & SSL_TLS_LOG_PEM) { LogTlsLogPem(aft, p, ssl_state, ipproto); } - /* we only store the state once */ - ssl_state->flags |= SSL_AL_FLAG_STATE_STORED; -end: - FLOWLOCK_UNLOCK(p->flow); return 0; } @@ -415,6 +398,9 @@ static OutputCtx *LogTlsStoreLogInitCtx(ConfNode *conf) SCLogInfo("storing certs in %s", tls_logfile_base_dir); + /* enable the logger for the app layer */ + AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); + SCReturnPtr(output_ctx, "OutputCtx"); } @@ -430,8 +416,9 @@ void TmModuleLogTlsStoreRegister (void) tmm_modules[TMM_TLSSTORE].flags = TM_FLAG_LOGAPI_TM; tmm_modules[TMM_TLSSTORE].priority = 10; - OutputRegisterPacketModule(MODULE_NAME, "tls-store", LogTlsStoreLogInitCtx, - LogTlsStoreLogger, LogTlsStoreCondition); + OutputRegisterTxModuleWithCondition(MODULE_NAME, "tls-store", + LogTlsStoreLogInitCtx, ALPROTO_TLS, LogTlsStoreLogger, + LogTlsStoreCondition); SC_ATOMIC_INIT(cert_id);