From: Victor Julien <victor@inliniac.net>
Date: Thu, 22 May 2014 10:36:45 +0000 (+0200)
Subject: json: add tcp flags to json utility function
X-Git-Tag: suricata-2.1beta1~48
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eaf01449e341ac53f633e26677cc1ad03d6bd4a5;p=thirdparty%2Fsuricata.git

json: add tcp flags to json utility function

Turns a flags bitfield into a set of json bools.
---

diff --git a/src/output-json.c b/src/output-json.c
index 547f0ac3d4..3fd5500066 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -147,6 +147,28 @@ static enum JsonOutput json_out = ALERT_FILE;
 
 static enum JsonFormat format = COMPACT;
 
+/** \brief jsonify tcp flags field
+ *  Only add 'true' fields in an attempt to keep things reasonably compact.
+ */
+void JsonTcpFlags(uint8_t flags, json_t *js) {
+    if (flags & TH_SYN)
+        json_object_set_new(js, "syn", json_true());
+    if (flags & TH_FIN)
+        json_object_set_new(js, "fin", json_true());
+    if (flags & TH_RST)
+        json_object_set_new(js, "rst", json_true());
+    if (flags & TH_PUSH)
+        json_object_set_new(js, "psh", json_true());
+    if (flags & TH_ACK)
+        json_object_set_new(js, "ack", json_true());
+    if (flags & TH_URG)
+        json_object_set_new(js, "urg", json_true());
+    if (flags & TH_ECN)
+        json_object_set_new(js, "ecn", json_true());
+    if (flags & TH_CWR)
+        json_object_set_new(js, "cwr", json_true());
+}
+
 json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
 {
     char timebuf[64];
diff --git a/src/output-json.h b/src/output-json.h
index 4a42f1e532..418c9de1b8 100644
--- a/src/output-json.h
+++ b/src/output-json.h
@@ -32,6 +32,7 @@ void TmModuleOutputJsonRegister (void);
 #include "util-buffer.h"
 #include "util-logopenfile.h"
 
+void JsonTcpFlags(uint8_t flags, json_t *js);
 json_t *CreateJSONHeader(Packet *p, int direction_sensative, char *event_type);
 TmEcode OutputJSON(json_t *js, void *data, uint64_t *count);
 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer *buffer);