add ICMP type and code support to JSON log

diff --git a/src/alert-json.c b/src/alert-json.c
index 22a6fc28903117a46d019820121903d3684dfa70..d3d41bfbb794ec63cd40b8f69903ac4130401029 100644 (file)
--- a/src/alert-json.c
+++ b/src/alert-json.c
@@ -259,10 +259,44 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
 
     /* tuple */
     json_object_set_new(js, "srcip", json_string(srcip));
-    json_object_set_new(js, "sp", json_integer(sp));
+    switch(p->proto) {
+        case IPPROTO_ICMP:
+            break;
+        case IPPROTO_UDP:
+        case IPPROTO_TCP:
+        case IPPROTO_SCTP:
+            json_object_set_new(js, "sp", json_integer(sp));
+            break;
+    }
     json_object_set_new(js, "dstip", json_string(dstip));
-    json_object_set_new(js, "dp", json_integer(dp));
+    switch(p->proto) {
+        case IPPROTO_ICMP:
+            break;
+        case IPPROTO_UDP:
+        case IPPROTO_TCP:
+        case IPPROTO_SCTP:
+            json_object_set_new(js, "dp", json_integer(dp));
+            break;
+    }
     json_object_set_new(js, "proto", json_string(proto));
+    switch (p->proto) {
+        case IPPROTO_ICMP:
+            if (p->icmpv4h) {
+                json_object_set_new(js, "icmp_type",
+                                    json_integer(p->icmpv4h->type));
+                json_object_set_new(js, "icmp_code",
+                                    json_integer(p->icmpv4h->code));
+            }
+            break;
+        case IPPROTO_ICMPV6:
+            if (p->icmpv6h) {
+                json_object_set_new(js, "icmp_type",
+                                    json_integer(p->icmpv6h->type));
+                json_object_set_new(js, "icmp_code",
+                                    json_integer(p->icmpv6h->code));
+            }
+            break;
+    }
 
     return js;
 }
@@ -318,7 +352,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
 
         json_t *ajs = json_object();
         if (ajs == NULL) {
-            free(js);
+            json_decref(js);
             return TM_ECODE_OK;
         }
 
@@ -339,7 +373,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
         json_object_del(js, "alert");
     }
     json_object_clear(js);
-    free(js);
+    json_decref(js);
 
     return TM_ECODE_OK;
 }
@@ -374,7 +408,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
 
         json_t *ajs = json_object();
         if (ajs == NULL) {
-            free(js);
+            json_decref(js);
             return TM_ECODE_OK;
         }
 
@@ -395,7 +429,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
         json_object_del(js, "alert");
     }
     json_object_clear(js);
-    free(js);
+    json_decref(js);
 
     return TM_ECODE_OK;
 }
@@ -437,7 +471,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue
 
         json_t *ajs = json_object();
         if (ajs == NULL) {
-            free(js);
+            json_decref(js);
             return TM_ECODE_OK;
         }
 
@@ -465,7 +499,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue
         json_object_set_new(js, "alert", ajs);
         OutputJSON(js, aft, &aft->file_ctx->alerts);
         json_object_clear(js);
-        free(js);
+        json_decref(js);
     }
 
     return TM_ECODE_OK;

diff --git a/src/output-dnslog.c b/src/output-dnslog.c
index 61b2e1c6a9a25e9236cc519a64d9d44bad016c4d..2e4d27e27fd71987a18dbbd0f4b1433f62be7ac0 100644 (file)
--- a/src/output-dnslog.c
+++ b/src/output-dnslog.c
@@ -95,7 +95,6 @@ static void LogQuery(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*char
 
     json_t *djs = json_object();
     if (djs == NULL) {
-        free(js);
         return;
     }
 
@@ -180,7 +179,6 @@ static void LogAnswers(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*ch
 
     json_t *djs = json_array();
     if (djs == NULL) {
-        free(js);
         return;
     }
 
@@ -270,6 +268,7 @@ static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQue
             AppLayerTransactionUpdateLogId(ALPROTO_DNS_UDP, p->flow);
         }
     }
+    json_decref(js);
 
 end:
     FLOWLOCK_UNLOCK(p->flow);

diff --git a/src/output-httplog.c b/src/output-httplog.c
index fd86bd60ecbfd3f2d67d9005c78e8cabf48bfe49..e3d2b1b9cdd562555e33f7e50916712ef3a6eedf 100644 (file)
--- a/src/output-httplog.c
+++ b/src/output-httplog.c
@@ -344,7 +344,6 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx /*, ch
     OutputHttpCtx *http_ctx = aft->http_ctx->data;
     json_t *hjs = json_object();
     if (hjs == NULL) {
-        free(js);
         return;
     }
 
@@ -602,7 +601,7 @@ static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQu
         AppLayerTransactionUpdateLogId(ALPROTO_HTTP, p->flow);
     }
     json_object_clear(js);
-    free(js);
+    json_decref(js);
 
 end:
     FLOWLOCK_UNLOCK(p->flow);